Windows 2003 Server

Chapter 1

Introduction to Windows Server 2003


Home | Chapters | Homework | Grades | Calendar | Forums | Syllabus

Forum Policy | Assignment Policy | E-Mail Mr Hull | FTP


Main | Chapter 1 | Chapter 2 | Chapter 3 | Chapter 4 | Chapter 5 | Chapter 6 | Chapter 7

Chapter 8 | Chapter 9 | Chapter 10 | Chapter 11 | Chapter 12 | Chapter 13 | Chapter 14


Summary

At the end of this chapter you should be able to:

  • Differentiate between the different editions of Windows Server 2003

  • Explain Windows Server 2003 network models and server roles

  • Identify concepts relating to Windows Server 2003 network management and maintenance

  • Explain Windows Server 2003 Active Directory concepts


Windows 2003 Server Editions

Windows Server 2003 comes in four different flavors.  Each one is has a place in the server world.  Below is a table that breaks down information about each of the versions.

Windows 2003 Standard Enterprise Datacenter Web
Min. CPU Speed 133 MHz 133 MHz / 733 MHz* 400 MHz / 733 MHz* 133 MHz
Rec. CPU Speed 550 MHz 733 MHz 733 MHz 550 MHz
Min. RAM 128 MB 128 MB 512 MB 128 MB
Rec. RAM 256 MB 256 MB 1.0 GB 256 MB
Max. RAM 4 GB 32 GB / 64 GB* 64 GB / 512 GB* 2 GB
Multi. CPU Support Up to 4 CPU's Up to 8 CPU's

Min of 8 CPU's

Max 32 / 64*

Up to 2 CPU's
Disk Space Needed 1.5 GB 1.5 GB / 2.0 GB* 1.5 GB / 2.0 GB* 1.5 GB
Clustering Support None Up to 8 nodes Up to 8 nodes None
Itanium Support None Yes Yes None
AD Support DC, MS DC, MS DC, MS MS

Support Upgrades

NT 4.0 Server (SP5), NT 4.0 TS Edition, 2000 Server

NT 4.0 Server (SP5), NT 4.0 TS Edition (SP5), NT 4.0 Enterprise Edition (SP5), 2000 Server, 2000 Advanced Server, 2003 Standard

Windows 2000 Datacenter Server

None

* If Itanium Processor is used. 

 

Standard Edition

This is the most popular because it meets the everyday needs of most small to medium organizations.  It can act as a Domain Controller or as a member server providing file and print services.

 

Enterprise Edition

This flavor of Windows Server 2003 is designed to meet the needs of larger organizations.  It can be used to host mission critical applications that require more users accessing it and higher performance under the load.  It can accomplish this by supporting clustering, more CPU's and RAM.

 

Datacenter Edition 

This is the most robust edition of Windows Server 2003, but it comes at a high cost.  You can only receive this edition from an OEM when you purchase a server.  It is supposed to provide the maximum amount of uptime.

 

Web Edition

This can only be used as a web server and other small networking tasks.  It can not be a domain controller.

 

LAB ACTIVITY - Do the lab on page 7. (5 Minutes)


Windows Networking Concepts Overview

Windows Server 2003 can run in three modes, it can be a workgroup server, member server or domain controller.  The last two require a Domain to run.  Before we look at the three modes we will explore the difference between a Domain and a Workgroup.

 

Workgroup

A workgroup is a logical group of computers on which each contains a user/password database.  This local database is known as the Security Accounts Manager (SAM) database.  This means when a user logs into a computer they are authenticated by the local computer.  If a user moves to another computer they will not be able to log in because an account for doesn't exist on the different computer.  User management is decentralized.

 

Workgroups should only contain up to 10 computers but it is possible to have more.  Workgroups usually only contain client OS's such as Windows XP, Windows 2000 Pro, or Windows 9x/ME.  An actual server is not required which is an advantage.  When a Windows Server 2003 server is a member of a workgroup it is known as a  standalone server.

 

Domain

A domain is a logical group of computers that contains a centralized user/password database.  In Windows Server 2003 this centralized database is known as Active Directory.  We will learn that Active Directory is more then just a list of users and passwords.  It is a multimaster model that allows a writable database to be placed on multiple servers known as Domain Controllers.

 

Member Servers

A Windows Server 2003 that has been joined to the domain (has a computer account on the domain) but is not configured as a Domain Controller is called a member server.  It can provide other services to users such as file/print, DNS, DHCP, and web.

 

Domain Controllers

A Windows Server 2003 that is a member of the domain that contains a copy of Active Directory is called a Domain Controller (DC).  The DCPROMO.EXE command can be used to either promote (install Active Directory) or demote (uninstall Active Directory) a server.

 

LAB ACTIVITY - Do the lab on page 12. (5 Minutes)

 

Computer Accounts

A computer that is joined to the domain will have a computer account in Active Directory.  The account is used to authenticate the computer to the domain.  In Active Directory a computer is represented by a computer object.  Later you will learn how to create and manage these objects.

 

LAB ACTIVITY - Do the lab on page 13. (5 Minutes)


Network Management and Maintenance Overview

We will take a broad look at some tasks required to maintain an Active Directory environment.

 

Managing and Maintaining Physical and Logical Devices

You will be responsible for upgrading and maintaining the hardware in your server.  This will include physically installing a component such as a network card or modem, and setting up the drivers for the device.  With hard drives you will want to be aware of tools you can run to improve performance such as Disk Defragmenter.  If redundancy is required you can use the software RAID which is included with Windows Server 2003.

 

Managing users, computers, and groups

Windows Server 2003 comes with all the tools to manage users, computer and groups.  The most common tool is Active Directory Users and Computers.  This will allow you to view different objects in Active Directory and view/modify their attributes.  Command line tools are also included that allow for mass changes and the ability to make batch file's to do certain tasks.  Also included is a scripting interface known as ADSI (Active Directory Services Interface)  which allows you to write a program to attach to objects in Active Directory and view/modify properties.

 

LAB ACTIVITY - Do the lab on page 17. (10 Minutes)

 

Managing and maintaining access to resources

One of the main reasons people use networks is to share resources.  You will be responsible for making sure resources are available to the correct users.  Windows Server 2003 can run Terminal Services which allows the user to connect to the server and run applications in a virtual session.  You will want to make sure the users permissions are set properly on the server so they can only get into the applications and data that they are supposed to.

 

Managing and maintaining a server environment

Use the tools built into Windows Server 2003 to monitor and maintain the server.  Microsoft uses the MMC (Microsoft Management Console) to hold all the administrative tools.  The MMC by itself is not an administrative tool.  It allows you to add snap-ins that provide the functions you need.  For example you open MMC and add the Event Viewer snap-in and now you can view information that has been written to the event viewer about the system.  One of the advantages to the snap-in approach is that you can make custom snap-ins for lower level users.  If you have a user that needs to reset passwords for one department you can make them an MMC in with the Active Directory Users and Computers snap-in that shows their users.  Then give the user rights to reset passwords.

 

LAB ACTIVITY - Do the lab on page 20. (10 Minutes)

 

Managing and implementing disaster recovery

Users data is very important and you need to make sure that if there is a disaster that causes data loss you can recover with ease.  Windows backup will help you with this task. 

Automatic System Recovery allows you to create a floppy disk that contain all the server information that will make reinstalling the service real easy. 

Shadow Copy will keep previous versions of files in a share so a user can "restore" a file themselves without going to tape.


Introduction to Windows Server 2003 Active Directory

Active Directory is stored on every Domain Controller in your domain.  Each DC (Domain Controller) contains a writeable copy of the database and when changes are made on one they are replicated to all the others.  This is call multimaster replication, and provides fault tolerance. 

 

Active Directory Objects

Active directory is made up of objects and their attributes.  For example, a user is a type of object in Active Directory, the object has attributes that define the object.  First name, last name, full name, home phone, work phone, and title are examples of some of the attributes assigned to the user object.

 

Active Directory Schema

The schema defines all the objects and attributes in Active Directory.  The Schema will determine what attributes a user object has associated with it.  There is only one schema in an Active Directory structure.  The schema is modifiable, if you wanted to add an attribute to the user object for spending limit you can.

 

Active Directory Logical Structure and Components

Active Directory can be organized using the following logical components:

  • Domain and Organizational Units

    • A Domain is a logical grouping of users, computers and groups.  Historically different domains were for different sites, or even different departments.  Windows Server 2003 still supports this but it is not recommended.  The main reason for multiple domains is if different account security settings are required.  For example, if you are in a school and you want teachers accounts be locked out after 3 tries but you want students to have 10 tries the only way you can do this is by setting up a teacher's domain and student's domain.

    • OU's (Organizational Units ) are logical structures used to group objects in a single domain.  Group Policies can be assigned to OU's.  You can also give someone administrative control over an OU so they can mange their OU and nothing above them.  We will learn more about Group Policies later on.

  • Trees and Forests

    • If multiple domains are needed then you can have a parent domain with child domains following the DNS namespace.  In our lab we have our parent domain (Dovercorp.net) and each of your servers are children domains. (Domain01.Dovercorp.net)  Each of our domains and this creates our tree.  If we had multiple trees they would make up our forest.  Each domain in a tree has a transitive trust with it's parent and each child.  You can also setup explicit trusts to connect two domains that aren't directly connected.

  • A Global Catalog

    • An index that contains a partial replica of the objects and attributes most frequently used through out the forest.  Below are four of the main functions as listed in the book.

      • To enable users to find Active Directory information from anywhere in the forest.

      • To provide universal group membership information to facilitate logging on to the network.  During the logon process in a multiple-domain environment, a global catalog server is contacted to provide universal group membership information.

      • To supply authentication services when a user from another domain logs on using a User Principle Name (UPN)

      • To respond to directory lookup requests from Exchange 2000 and other applications.  Global catalog servers also host the Exchange 2000 Global Address List (GAL)

Active Directory Communications Standards

Active Directory uses the Lightweight Directory Access Protocol (LDAP) for addressing it's objects.  Every object in Active Directory can be broken down into a Distinguished Name (DN) and Relative Distinguished Name (RDN).  Lets look at both for the Administrator account on our parent domain.  The account is stored in the users container.

  • DN = CN=Administrator,CN=Users,DC=Dovercorp,DC=net

  • RDN = CN=Administrator

LAB ACTIVITY - Run this script on your domain controller to see the DN and RDN of your administrator account. (5 Minutes)

 

Active Directory Physical Structure

Since all Domain Controllers contain a writeable copy of the database you want to make sure changes are replicated quickly.  But you also don't want to saturate a slow connection with replication information.  Windows Server 2003 allows you to setup sites to define which subnets are connected with high speed connections and which are connected with slow WAN connections.  Then Active Directory can determine when the best time and method to replicate the domain


More Information

 

Click Here to download the slides for this chapter

(NOTE: You must have PowerPoint or PowerPoint Viewer if you don't have  either Click Here to download PowerPoint Viewer.)


Home | Chapters | Homework | Grades | Calendar | Forums | Syllabus

Forum Policy | Assignment Policy | E-Mail Mr Hull | FTP