INTRODUCING MICROSOFT WINDOWS SERVER 2003

11

INTRODUCING MICROSOFT WINDOWS SERVER 2003

Chapter 1

Chapter 1: INTRODUCING MICROSOFT WINDOWS SERVER 2003 2

CHAPTER OVERVIEW

Identify the key differences among the Windows Server 2003 editions.

Install Windows Server 2003.

Identify the key structures and concepts of Active Directory.

Create a domain controller.

New features of Server 2003 Active Directory


WINDOWS SERVER 2003 EDITIONS

Web Edition

Standard Edition

Enterprise Edition

Datacenter Edition


SYSTEM REQUIREMENTS

WWeebb EEddiittiioonn

SSttaannddaarrdd EEddiittiioonn

EEnntteerrpprriissee EEddiittiioonn

DDaattaacceenntteerr EEddiittiioonn

Minimum processor speed

133 MHz 133 MHz 133 MHz 400 MHz


550 MHz 550 MHz 733 MHz 733 MHz

Minimum RAM 128 MB 128 MB 128 MB 512 MB

Recommended minimum RAM

256 MB 256 MB 256 MB 1 GB

Maximum RAM 2 GB 4 GB 32 GB 64 GB

Symmetric multiprocessing (SMP) support

Up to 2 processors

Up to 4 processors

Up to 8 processors

Up to 32 processors

Minimum disk space 1.5 GB 1.5 GB 1.5 GB 1.5 GB


WEB EDITION

Single-purpose Web server platform

Limit of 10 inbound SMB connections

Support for up to two processors and up to 2 GB of RAM


STANDARD EDITION

Designed as a departmental server or for smaller organizations

Multipurpose server platform

Supports up to four processors and 4 GB of RAM


ENTERPRISE EDITION

Server platform for medium- to large-sized businesses

Supports up to eight processors and 32 GB of RAM

Eight-node clustering support through Microsoft Clustering Services


DATACENTER EDITION

Designed for high-end, high-traffic application servers

Supports up to 32 processors and 64 GB of RAM

Does not include ICF or ICS


64-BIT EDITIONS

EEnntteerrpprriissee EEddiittiioonn

DDaattaacceenntteerr EEddiittiioonn


733 MHz 733 MHz

Maximum RAM 64 GB 512 GB

Symmetric multiprocessing (SMP) support

Up to 8 processors

Up to 64 processors

Minimum disk space

2 GB 2 GB


INSTALLING WINDOWS SERVER 2003


Server 2003 Deployment Methods

Manual Setup

Disk Imaging

Unattended Installation


Unattende.txt

;[Unattended] ;Method = Express|Custom ;NtUpgrade = Yes|No ;Win31Upgade = Yes|No ;TargetPath = *|<Path Name>|Manual ;OverwriteOemFilesOnUpgrade = Yes|No ;ConfirmHardware = Yes|No ;OEMPreinstall = Yes|No ;NoWaitAfterTextMode = (0 = stop, 1 = Reboot) ;NoWaitAfterGuiMode = (0 = stop, 1 = Reboot) ;FileSystem = ConvertNTFS|LeaveAlone ;ExtendOemPartition = (0 = no, 1 = Yes)


ACTIVATING WINDOWS SERVER 2003


Demo: Install Windows Server 2003

Launching setup

Setup settings


CONFIGURING WINDOWS SERVER 2003


SERVER ROLES

File server

Print server

Application server


SERVER ROLES (CONT.)

Mail server

Terminal Services server

Remote Access/VPN server

Domain contoller


SERVER ROLES (CONT.)

DNS server

DHCP server

Streaming media server

WINS server


AN ACTIVE DIRECTORY PRIMER

Standards-based, LDAP-compliant directory services system.

Hierarchical structure provides organizational and administrative benefits.

Directory services database can be distributed across multiple servers to provide fault tolerance and increase performance.


AN ACTIVE DIRECTORY PRIMER (CONT.)

Active Directory database is stored in the \WINDOWS\NTDS directory on each domain controller.

A repository for objects and resources, including user accounts, group accounts, computer accounts, and printers.

Each object has a set of properties that is also stored in Active Directory.

What Is a Directory Service?

A service that helps track and locate objects on a network A service that helps track and locate objects on a network

Active Directory Management

What Is a Directory Service?

A service that helps track and locate objects on a network A service that helps track and locate objects on a network

Active Directory Management

UsersUsersServicesServicesWorkstationsWorkstations FilesFiles

Active Directory Domains

CONTOSO.COM


Boundary of Authentication

CONTOSO.COM



Boundary of Policies

CONTOSO.COM



Boundary of Policies

Boundary of Replication

CONTOSO.COM

Active Directory Trees

CONTOSO.COM

US.CONTOSO.COM

OHIO.US.CONTOSO.COM

Active Directory Trees

CONTOSO.COM

US.CONTOSO.COM

SharedSchema

Configuration

Global CatalogOHIO.US.CONTOSO.COM

Transitive Trusts

CONTOSO.COM

US.CONTOSO.COM

UK.CONTOSO.COM

Transitive Trusts

CONTOSO.COM

US.CONTOSO.COM

UK.CONTOSO.COM

Active Directory Forests

US.CONTOSO.COM

FABRIKAM.COM

UK.FABRIKAM.COM

CONTOSO.COM

Schema

Configuration

Global

Catalog


DOMAINS AND DOMAIN CONTROLLERS

Domain Controller

Contoso.com

Domains:Provide administrative and security boundariesAllow resources to be grouped logicallyCan contain Organizational Units (OU's) to further organize resources


OBJECTS AND ATTRIBUTES

Objects Users, groups, printers, computers

Attributes Names, phone numbers, locations


CONTAINERS AND LEAVES

Containers Domains, organizational units (OUs), groups

Leaves Users, printers, computers


GROUP POLICY

Group policy objects Collections of hundreds of possible

configuration settings.

Can be applied to users, computers, and OUs.

Policy applied at one level can override policy applied at another level.


CREATE A DOMAIN CONTROLLER


Demo: CREATE A DOMAIN CONTROLLER

Running DCPROMO

Configuring AD settings

Domain & Forest Functional Levels

Choosing a functional level

Forest and domain levels

Raising functional levels

Domain Functional Levels

Domain Functional Level

Domain Controllers Supported

Windows 2000 Mixed (default)

Windows NT 4.0, 2000, 2003

Windows 2000 Native Windows 2000, 2003

Windows Server 2003 Windows Server 2003

Additional features are available in each higher level.Additional features are available in each higher level.

Forest Functional Levels

• Improved replication• Forest-to-forest trusts• Improved schema functionality

• Improved replication• Forest-to-forest trusts• Improved schema functionality

Domain Functional Level

Domain Controllers Supported

Windows 2000 (default)Windows NT 4.0, 2000, 2003

Windows Server 2003 Windows Server 2003

Domain Renaming and Restructuring

Fabrikam.com

Sales Engineering

Northwindtraders.com

Contoso

Contoso


Fabrikam.com

Sales Engineering

Move an existing domain to another tree


Contoso.com


Fabrikam.com

Sales Engineering

Create a new tree


New Domain Controller from Replica

• Back up system state from a DC• Back up system state from a DC

> NTBackup SystemState


• Back up system state from a DC• Restore to prospective new DC• Back up system state from a DC• Restore to prospective new DC


• Back up system state from a DC• Restore to prospective new DC• Decreases initial replication load

• Back up system state from a DC• Restore to prospective new DC• Decreases initial replication load

New Interface Features

Drag-and-drop administration

Sales

Management

New Interface Features

Drag-and-drop administration

Saved Queries

Sales

Management

120 days since last logon

Command-Line Tools

Tool Used For

DSAddAdds objects, such as users, group, OU, and so on

DSGet Displays attributes of an AD object

DSMod Modifies an existing AD object

DSMove Moves or renames an AD object

DSQuery Queries and lists AD objects

DSRM Deletes AD objects

Global Catalog Replication

us.contoso.com

europe.contoso.com

Windows 2000 Active Directory

Windows Server 2003 Active Directory

Global Catalog Replication

us.contoso.com

europe.contoso.com

What Is Group Policy?

• Manage user and computer environments• Manage user and computer environments• Enforce IT policies• Enforce IT policies

• Simplify administrative tasks• Simplify administrative tasks• Implement security settings• Implement security settings

Group Policy Management Console

MMC snap-in

Includes Group Policy Object Editor

Reporting and modeling

Supports cross-forest trusts

Group Policy Modeling and Results

Group Policy Modeling

Simulates GPOs on user or computer

Group Policy Results

Reports actual policy settings

Backing Up and Restoring GPOs



WMI Filter

Windows 2000 Windows XP

Windows XP

WMI Filtering

Domain Controlle

r

XP Professional only

WMI Filter

Windows 2000 Windows XP

Windows XP

WMI Filtering

Domain Controlle

r

XP Professional only

Software Restriction Policies


Application started



Application started

Hash Rule

Certificate Rule

Path Rule

Internet Zone Rule



Application started

Hash Rule

Certificate Rule

Path Rule

Internet Zone Rule



Application started

Hash Rule

Certificate Rule

Path Rule

Internet Zone Rule



Application started

Hash Rule

Certificate Rule

Path Rule

Internet Zone Rule

Managing Desktops

Managing Desktops

Managing Desktops

Managing Desktops

Managing Desktops

Local Folder

Managing Desktops

Shared Network Folder

Managing Desktops

Managing Desktops

Elevated privileges


SUMMARY

Windows Server 2003 is available in Web Edition, Standard Edition, Enterprise Edition, and Datacenter Edition.

The Manage Your Server page and the Configure Your Server Wizard make it easy to configure a Windows Server 2003 system to perform specific roles.

Active Directory is a domain-based enterprise directory service that consists of objects, which are themselves composed of attributes.

The Active Directory hierarchy is formed using forests, trees, domains, and organizational units. Permissions, rights, and group policy settings all flow downward in the hierarchy.

Documents

INTRODUCING MICROSOFT WINDOWS SERVER 2003