Windows 2003 Server
Introduction to Windows Server 2003
At the end of this chapter you should be able to:
Windows 2003 Server Editions
Windows Server 2003 comes in four different flavors. Each one is has a place in the server world. Below is a table that breaks down information about each of the versions.
* If Itanium Processor is used.
This is the most popular because it meets the everyday needs of most small to medium organizations. It can act as a Domain Controller or as a member server providing file and print services.
This flavor of Windows Server 2003 is designed to meet the needs of larger organizations. It can be used to host mission critical applications that require more users accessing it and higher performance under the load. It can accomplish this by supporting clustering, more CPU's and RAM.
This is the most robust edition of Windows Server 2003, but it comes at a high cost. You can only receive this edition from an OEM when you purchase a server. It is supposed to provide the maximum amount of uptime.
This can only be used as a web server and other small networking tasks. It can not be a domain controller.
LAB ACTIVITY - Do the lab on page 7. (5 Minutes)
Windows Networking Concepts Overview
Windows Server 2003 can run in three modes, it can be a workgroup server, member server or domain controller. The last two require a Domain to run. Before we look at the three modes we will explore the difference between a Domain and a Workgroup.
A workgroup is a logical group of computers on which each contains a user/password database. This local database is known as the Security Accounts Manager (SAM) database. This means when a user logs into a computer they are authenticated by the local computer. If a user moves to another computer they will not be able to log in because an account for doesn't exist on the different computer. User management is decentralized.
Workgroups should only contain up to 10 computers but it is possible to have more. Workgroups usually only contain client OS's such as Windows XP, Windows 2000 Pro, or Windows 9x/ME. An actual server is not required which is an advantage. When a Windows Server 2003 server is a member of a workgroup it is known as a standalone server.
A domain is a logical group of computers that contains a centralized user/password database. In Windows Server 2003 this centralized database is known as Active Directory. We will learn that Active Directory is more then just a list of users and passwords. It is a multimaster model that allows a writable database to be placed on multiple servers known as Domain Controllers.
A Windows Server 2003 that has been joined to the domain (has a computer account on the domain) but is not configured as a Domain Controller is called a member server. It can provide other services to users such as file/print, DNS, DHCP, and web.
A Windows Server 2003 that is a member of the domain that contains a copy of Active Directory is called a Domain Controller (DC). The DCPROMO.EXE command can be used to either promote (install Active Directory) or demote (uninstall Active Directory) a server.
LAB ACTIVITY - Do the lab on page 12. (5 Minutes)
A computer that is joined to the domain will have a computer account in Active Directory. The account is used to authenticate the computer to the domain. In Active Directory a computer is represented by a computer object. Later you will learn how to create and manage these objects.
LAB ACTIVITY - Do the lab on page 13. (5 Minutes)
Network Management and Maintenance Overview
We will take a broad look at some tasks required to maintain an Active Directory environment.
Managing and Maintaining Physical and Logical Devices
You will be responsible for upgrading and maintaining the hardware in your server. This will include physically installing a component such as a network card or modem, and setting up the drivers for the device. With hard drives you will want to be aware of tools you can run to improve performance such as Disk Defragmenter. If redundancy is required you can use the software RAID which is included with Windows Server 2003.
Managing users, computers, and groups
Windows Server 2003 comes with all the tools to manage users, computer and groups. The most common tool is Active Directory Users and Computers. This will allow you to view different objects in Active Directory and view/modify their attributes. Command line tools are also included that allow for mass changes and the ability to make batch file's to do certain tasks. Also included is a scripting interface known as ADSI (Active Directory Services Interface) which allows you to write a program to attach to objects in Active Directory and view/modify properties.
LAB ACTIVITY - Do the lab on page 17. (10 Minutes)
Managing and maintaining access to resources
One of the main reasons people use networks is to share resources. You will be responsible for making sure resources are available to the correct users. Windows Server 2003 can run Terminal Services which allows the user to connect to the server and run applications in a virtual session. You will want to make sure the users permissions are set properly on the server so they can only get into the applications and data that they are supposed to.
Managing and maintaining a server environment
Use the tools built into Windows Server 2003 to monitor and maintain the server. Microsoft uses the MMC (Microsoft Management Console) to hold all the administrative tools. The MMC by itself is not an administrative tool. It allows you to add snap-ins that provide the functions you need. For example you open MMC and add the Event Viewer snap-in and now you can view information that has been written to the event viewer about the system. One of the advantages to the snap-in approach is that you can make custom snap-ins for lower level users. If you have a user that needs to reset passwords for one department you can make them an MMC in with the Active Directory Users and Computers snap-in that shows their users. Then give the user rights to reset passwords.
LAB ACTIVITY - Do the lab on page 20. (10 Minutes)
Managing and implementing disaster recovery
Users data is very important and you need to make sure that if there is a disaster that causes data loss you can recover with ease. Windows backup will help you with this task.
Automatic System Recovery allows you to create a floppy disk that contain all the server information that will make reinstalling the service real easy.
Shadow Copy will keep previous versions of files in a share so a user can "restore" a file themselves without going to tape.
Introduction to Windows Server 2003 Active Directory
Active Directory is stored on every Domain Controller in your domain. Each DC (Domain Controller) contains a writeable copy of the database and when changes are made on one they are replicated to all the others. This is call multimaster replication, and provides fault tolerance.
Active Directory Objects
Active directory is made up of objects and their attributes. For example, a user is a type of object in Active Directory, the object has attributes that define the object. First name, last name, full name, home phone, work phone, and title are examples of some of the attributes assigned to the user object.
Active Directory Schema
The schema defines all the objects and attributes in Active Directory. The Schema will determine what attributes a user object has associated with it. There is only one schema in an Active Directory structure. The schema is modifiable, if you wanted to add an attribute to the user object for spending limit you can.
Active Directory Logical Structure and Components
Active Directory can be organized using the following logical components:
Active Directory Communications Standards
Active Directory uses the Lightweight Directory Access Protocol (LDAP) for addressing it's objects. Every object in Active Directory can be broken down into a Distinguished Name (DN) and Relative Distinguished Name (RDN). Lets look at both for the Administrator account on our parent domain. The account is stored in the users container.
LAB ACTIVITY - Run this script on your domain controller to see the DN and RDN of your administrator account. (5 Minutes)
Active Directory Physical Structure
Since all Domain Controllers contain a writeable copy of the database you want to make sure changes are replicated quickly. But you also don't want to saturate a slow connection with replication information. Windows Server 2003 allows you to setup sites to define which subnets are connected with high speed connections and which are connected with slow WAN connections. Then Active Directory can determine when the best time and method to replicate the domain
Click Here to download the slides for this chapter