Slide 1
MODULE 1:INSTALLING OR UPGRADING TO WINDOWS
2000Overview:Preparing For Installation2:Installing windows 2000
Professional Compact Disc.3. Installing Windows 2000 Advance Server
from a Compact disc.4: Upgrading to Windows 2000 Professional5:
Upgrading to Windows 2000 Advance Server6: identifying Setup
Errors.Preparing For Installation:1: Determining Which Operating
System to Use.2: Identifying System Requirements3: Determining Disk
Partition Options4: Determining Which File System To Select5:
Determining Which Licensing Mode to Select6: Determining Whether to
Join A Workgroup or Domain7: Completing a
Pre-InstallationIdentifying System RequirementsCPUDISPLAYOTHER
DRIVESMEMORY
WINDOWS 2000PRO 64MBRECOMMANDWIN 2000 SER128 MB SUPPORT256
RECOMAND20 GBHARD DISK SPACEACCESSORIESNETWORKING
Determining Disk Partition OptionsCreate New Partition
Unpartitioned Hard DiskCreate New Partition onPartitioned Hard
DiskInstall On Existing PartitionDelete Existing Partition to Disk
Space AvailableDetermining Which File System To SelectNTFSFile and
Folder-Level Security File Compression Disk Quotas File
EncryptionFAT, FAT32 Supports Dual Boot Configurations No File And
Folder Level SecurityDetermining Which Licensing Mode to Select
EACH CLINET REUIRES A CALPER SEAT LICENSING
CALCALEACH CONNECTION REQIRES A CALPER SERVER
LICENSINGCALCALDetermining Whether to Join A Workgroup or
DomainSAMSAMSAMWorkgroupDomainSingle user AccountActive
DirectoryCompleting a Pre-InstallationDetermine the Operating
system to InstallVerify Hardware SupportedVerify That Hardware
Meets Minimum RequirementsVerify 2GB or More of available Disk
SpaceSelect File System for the Windows 2000 PartitionSelect
Licensing Mode for Windows 2000 Advance serverDetermine Domain or
WorkgroupCerate Domain Computer Account in The DomainCreate
Password for the Local Administrator Account
2:Installing windows 2000 Professional Compact Disc.Running the
Setup ProgramCompleting the Setup WizardInstalling network
ComponentsRunning the Setup ProgramStart The Computer from the
Compact Disc
Select To Install A New Copy of Windows 2000
Read and Accept The Licensing Agreement
Select the Partition on Which to Install
Select the File SystemCompleting the Setup Wizard Change
Regional Setting (If Necessary) Enter Your Name and Organization
Enter The Computer Name and Password For Local Administrator
Account Select Date And Time SettingInstalling network Components
Choose A Network Setting Provide a Workgroup or Domain Name Click
Finish to Restart the Computer Configure the Network ID for the
Computer3. Installing Windows 2000 Advance Server from a Compact
disc1: Running the Setup Program2: Completing the Setup Wizard3:
Installing Network Components4: Configuring the Server
Running the Setup Program Start the Computer from the Compact
DiscSelect To Install A New Copy of Windows 2000Read and Accept The
Licensing AgreementSelect the Partition on Which to InstallSelect
the Partition on Which to InstallSelect the File SystemCompleting
the Setup Wizard Change Regional Setting (If Necessary)
Enter Your Name and Organization
Select The Licensing ModeEnter The Computer Name and Password
For Local Administrator Account
Select Windows 2000 Optional ComponentsSelect Date And Time
SettingInstalling Network ComponentsChoose a Network SettingProvide
a Workgroup or Domain NameEnter Local Administrator Account
PasswordUpgrading to Windows 2000 ProfessionalIdentifying Client
Upgrade pathsUpgrading Clients Running Windows 95 0r Windows
98Upgrading Clients Running Windows NT Workstation 4.0Installing
the Directory Service ClientsIdentifying Client Upgrade
PathsWindows 95Windows 98Windows 2000ProfessionalWindows
NTWorkstation 3.5.1 o4 4.0Windows 2000ProfessionalWindows
Workgroup3.1Windows NTWorkstation 3.5.1 o4 4.0Windows
2000Professional
Upgradding Clients Running Windows 95 Or Win 98Windows 95
AndWindows 98Generate A Compatibility reportRun the Setup Program
to InstallWindows 2000 Specifying Update Packets Reviewing Upgrade
reportsWindows 2000Professional
Upgrading Clients Running Windows Nt Workstation 3.5.1 or
4.0Windows NTWorkstation 3.51 or 4.0Windows 2000Professional
Same Registry Same Application Support Same Device Support
Easiest Upgrade to Windows 200 Professional
Installing the Directory Services ClientThe Directory Services
Clients Allows ComputersRunning Windows 95, windows 98 That Cannot
Run Windows 200 To: Use Domain-Base Dfs Search Active Directory
Change Password or Any Domain Controller
5: Upgrading to Windows 2000 Advance Server Identifying Server
Upgrade Paths Backing Up Critical Data Files And SettingIdentifying
Server Upgrade PathsDomainControllersPDC Or BDCWin NT 3.5 or
4.0Domain ControlWin 2000MemberServerWin NTMember Server Win
2000Domain ControlWin 2000MemberServerWin 2000Win NT 3.5 or 4.0
Win NT 3.5OR 3.1Win Nt 3.1Or 3.5Backing Up Critical Data Files
And SettingPerform the Following Tasks to Back Up Critical FilesAnd
Setting: Fix Errors Listed In Event Viewer Back Up All Drives Back
Up Registry Update Emergency Repair Disk Remove Virus Scanners,
Third Party Network Services, Or Clients Software Disconnect Serial
Cables to UPS Reserve IRQs For Non-Plug And Play Isa Devices6:
identifying Setup Errors.ErrorMedia ErrorsErrorNon-Supported CD-ROM
DriveErrorInsufficient Disk SpaceErrorFailure of Dependency Service
To StartErrorInability To Connect to the Domain
ControllerErrorFailure of Windows 2000 to Install or StartModule
2:Creating And Managing 'User And AccountsOverview: Introduction to
User AccountsGuidelines For New User AccountsCreating Local Use
AccountsCreating And Configuring Domain user AccountsSetting
Propties for Domain User AccountsCustomizing for Setting With User
ProfilesBest PracticesIntroduction to User AccountsLocal User
Account Enable User to log on And Access Resources on a Specific
Reside in SamDomain User Accounts Enable Users To Perform
Administrative Tasks or join Access to Network Reside in Active
DirectoryAdministratorAnd GuestBuilt-in User Accounts Enable user
to perform Administrative Task or join Temporary Access To Network
Reside in Sam (Local Built-in Use Accounts) Reside In Active
Directory (Domain User Accounts)Guidelines For New User Accounts
Naming Conventions
Password Guidelines
Account OptionNaming Conventions: User Logon Names And Full
Names must be Unique. User Logon Name. Can Contain up to 20
Characters Can Include a Combination of Special Alphanumeric
Characters A Naming Convention Should. Accommodates Duplicate
employee Names Identifies temporary EmployeesPassword Guidelines
Assign a Password for the Administrator Account Determine Who Has
Control Over Password Educate User on How to Use Passwords Avoid
Obvious Associations, Such As a Family Name Use Long Passwords Use
a Combination Of Uppercase and Lowercase CharactersAccount Option
Set Logon Hours to Match Users Work Hours Specify the Computers
from Which a User Can Log On Domain Users can log on at any
computer in the Domain, By default Domain Users Can be restricted
to Specific Computers to increase Security Specify When a User
Account ExpiresCreating Local User AccountLocal User Account Are:
Created On Computers Running Windows 2000 Professional. Created in
Stand- Alone or Member Server Running Win 2000 Server or Win 2000
adv server. Reside in SAM
Creating And Configuring Domain user Accounts Installing Windows
2000 Administration Tools
Creating A Domain User Account
Setting Password Requirements
Managing User Data by Creating Home FoldersInstalling Windows
2000 Administration Tools Active Directory Domain And Trust Active
Directory Sites and Services Active Directory Users and Computers
Components Services Computer Management DHCP DNS Domain Controller
Security Policy Event Viewer Internet Services Manger Local
Security Policy Services Routing and Remote Access
Creating A Domain User Account
Setting Password requirments
Managing User Data by creating Home Folders
Home
User 1User 2User 3 Consider the following when You Create a home
Folder: Backup and Restore capability Sufficient space on the
server Sufficient space on user Computers Network performance To
create a home Folder:Create a shared folder on a serverAssign the
appropriate permissionProvide a Path for the user AccountSetting
Propties for Domain User Accounts Setting personal properties
Setting accounts properties
Specifying logon option
Coping domain user accounts
Creating user account templates Setting personal properties Add
personal information about users As store in active directory
use personal properties to search Active directory
Active directoryNetWorkSetting accounts properties
Specifying logon option
Copying Domain User AccountsCopying an Existing Domain User
Account to Simply the Process of creating a New Domain User
Account.
Domain User AccountUser 1Domain User AccountUser 2Copy
Domain User 1Domain User 2
Creating User account templatesCustomizing user Setting With
user Profiles User Profile types
creating roaming And Mandatory user Profiles User Profile
types
ModifyDisplayRegional Setting
Mouse
SoundUserProfile Default user Profile Serves as the bases for
all User profiles Local User Profiles Created the first time a user
logs on to a Computer
stored on a computers Local hard disk Roaming User profile
Created by the System Administrator Store on a Server Mandatory
user profile Created by the System Administrator Store on a
ServerDisplayRegional Setting
Mouse
Sound
Win 2000 ClientWin 2000 ClientWin 2000 ClientProfile
ServerCreating Roaming and mandatory roaming User ProfilesCreating
Roaming User ProfileCreate a Shared folder on the Server Specify
the shared Folder in Path InformationCreate a Mandatory user
profileCreate a shared Folder on the Server with aUser profile
folder insideSet up a configured roaming user ProfileRename
Ntuser.dat to ntuser.manModule 3:Managing Access to Resources By
Using GroupsOverview Introduction to Windows 2000 Groups
Implementing Groups In a Workgroup
Implementing Groups In a Domain
Best Practices
Introduction to Windows 2000 Groups
How Windows 2000 Groups Work
Groups in Workgroups And DomainHow Windows 2000 Groups
WorkPermissions AssignedOnce for a groupPermissions AssignedOnce
for Each User AccountGroupPermissionsPermissions UserPermissions
User Group Members Have the Rights and Permissions Granted to the
Group User can Be Members of Multiple Groups Groups And Computers
Can Also Be Members of Group
Groups in Workgroups And DomainSAM
MemberServerClientComputer
Domain Controller Created in Computers That are not Domain
Controllers Reside in SAM Used to Control Access to Resources for
the Computer Created on Domain Controller Reside in Active
Directory Used to Control Resources in the Domain
SAMImplementing Groups In a Workgroup
Local group
Built-in Local groups
the Strategy for using Local Groups in a Workgroup
Creating Local Groups
Local Groups: The Guidelines for a Local Groups: Use Local
groups on computers that do not belong to a Domain Use Local Groups
to control Access to resources and and who can perform System tasks
on the Local Computer Membership Rules for Local Groups: Local
groups can only contain local user account that are on the local
Computer Local Groups cannot be a member of any other group Members
of the Administration group or Account Operators Group on the Local
Computers can Create Local GroupsBuilt-in Local groupsBuilt-in
Groups Have a Predetermined set of rightsAnd they can not be
deleted
Built-in Local Groups: Members have rights to perform system
tasks
User accounts can be added Special Identities (Special Groups)
Organize users for system Use
Have automatic membership that cannot be ModifiedThe Strategy
for using Local Groups in a Workgroup
ALPALP
ALPALPAddAssignWin 2000professionalWin 2000professionalWin
2000professionalWin 2000Server
User AccountALocal
GroupLPermissionsPAddAddAddAssignAssignAssignWorkgroup Creating
Local GroupsComputer ManagementAction View TreeComputer
ManagementSystem toolsEvent ViewerSystem informationShared
FolderDevice MangerLocal User User Group
New GroupRefreshHelpNew GroupGroup
NameDescription:Members:AddRemoveCreateClose
Implementing groups In a Domain Group Types And Scopes
Built-in and Predefined groups in Domain
The Strategy for using groups in a Single Domain
Guidelines for Creating Domain Groups
Creating and Deleting Domain Groups
Group Types And ScopesGroup typesSecurity GroupsDistribution
Groups Used to assign Permission can be used As an e-main
Distribution List
Can not Used to assign Permissioncan be used As an e-main
Distribution List
Group ScopesGlobal groupDomain Local Group Universal groupUsed
to organize users who share Similar network access requirementsUsed
to Assign permissions to domainResources.Used to assign Permissions
to relatedResources in multiple DomainsBuilt-in and Predefined
groups in Domain Built-in Domain Local Groups Give user predefined
Rights and Permissions to Perform tasks: On Domain Controllers
In Active Directory Special Identities: Organize users for
System use
Membership in automatic and can cont be modified Predefined
Global groups give Administrators Control Of Domain Resources The
Strategy for using groups in a Single DomainA G DL P Strategy
forGroups in a Domain
User AccountGlobal GroupDomain Local groupAGDL
PAddAddGuidelines for Creating Domain Groups Determine Which
Group Scope To use
Determine Whether you Have Permissions to Create Groups
Determine the Name of the group Creating and Deleting Domain
Groups You are Active Directory Users And Computers to Create And
Delete Group When you Delete a Group Its: Right and Permission are
Removed
Members are not Deleted SID in Never Used Again
Group NameAdding Members to domain Groups
SelectAddModule 4:Managing Data ByUsing NTFSOverwiew:
Introduction to NTFS Permission
How Windows 2000 Applies NTFS Permissions
Using NTFS Permissions
Using Special NTFS Permissions
Compressing Data on an NTFS partition
Configuring Disk Quotas On NTFS Partitions
Securing Data By Using EFSINtroduction To NTFS
PermissionsUser1User2ReadACL
Group 1Full ControlUser 1ReadGroup 1Full Control
No Access
How Windows 2000 Applies NTFS Permissions Multiple NTFS
Permissions
NTFS Permissions Inheritance
Copying and Moving Files and Folders
Class Discussion: Apply NTFS PermissionsMultiple NTFS
Permissions NTFS Permissions Are Cumulative File Permission
override Folder Permission Deny Overrides Other Permission
Group BWrite
Group ADeny Write to File 2
User 1ReadRead/ Write
Folder AFile 1File 2NTFS PartitionNTFS Permissions
InheritanceNTFS Permissions Inheritance
Read/Write
Folder AFile 1Prevent Inheritance
Read/Write
Folder AFile 1Access to File 1No Access to File 1
Copying And Moving Files and FoldersNTFS PartitionD:\NTFS
PartitionC:\CopyMoveNTFS PartitionE:\Copy or Move All copying
inherits Permissions Only Moving to the Same Partition Retains
PermissionsClass Discussion:Applying NTFS Permissions
User group
User 1
Sales GroupUser Group 1 Write to Folder1
Sales Group Read to Folder 1Users Group Read to Folder 1
Sales Group Write to folder 22User Group Modify to folder 1 File
2 should only be Accessible to sales Group, and only for Read
access3
Folder 1File 1
Folder 2File 1 Using NTFS Permissions Granting NTFS
Permissions
Setting Permission Inheritance
Best Practices For Granting NTFS permissions Granting NTFS
Permissions
Setting Permission Inheritance
Best Practices For Granting NTFS permissions grant permissions
to Groups As Opposed to Users
Group resources to simplify Administration
Only Allow Users the Level of Access That they Require
Create Groups According to The Access that the Group Members
Require
Grant read & Execute Permissions for application Folders
grant Read & Execute and Write Permissions for data Folders
Using NTFS Permissions Introduction to Special NTFS Permissions
Granting Special NTFS Permissions Introduction to Special NTFS
Permissions
OwnerAdministrator------------------------------Permission
toChange Permissions& take ownership
User, GroupsChange PermissionsTake ownershipReadStandard
permissionsSpecial Access PermissionsRead DataRead AttributesRead
PermissionsRead extended attributes
Granting special NTFS Permissions
Compressing Data on an NTFS partition Introduction to Compressed
files and Folder
Compressing files and folders
Copying and Moving Compressed files and folder
Best practices for compressing dataFile AFile BNTFS Partition
Space Allocation Compression State Display Color Access to
Compressed Files Through Applications
Compressing files and folders
CopyInheritsANTFS PartitionCopy
RetainsBNTFS PartitionCopyCopy
InheritsNTFS PartitionNTFS PartitionCD Copying and Moving
Compressed files and folderBest practices for compressing data
Determine Which File Types to Compress
Do Not Compress Already Compressed files
Use different Display Colors For compressed files and
Folders
Compress static Data Rather Than Data That Changes
FrequentlyConfiguring Disk Quotas On NTFS Partitions Using Disk
Quotas
Setting Disk Quotas Using Disk Quotas Usage Calculation based on
file and folder ownership
Compression Ignored when Calculating Usage
Free Space for Applications Based on Quota Limit
Disk Quotas tracked for Each NTFS Partition Setting Disk
QuotasOptionDescriptionEnable Quota ManagementEnable Quota
ManagementDeny disk space to usersExceeding quota limitUser cannot
write to volume when they exceed theirHard disk space allocationDo
not limit disk usageNo hard disk space limit for usersSet warning
level toSpecify amount of disk space users can fill before Event is
loggedLimit disk space toSpecify amount of disk space user can
useQuota entriesAdd entries, delete entries, view properties for
entriesUser 1100 MBUser 2 35 MBNTFS Partition Securing Data By
Using EFS Introduction to EFS
Encrypting a Folder or File
Decrypting a Folder or File
Recovering an Encrypted Folder or file Introduction to EFS Key
features of EFS: Operates in the background
In Accessible Only to an Authorized User Provides built-in Data
Recovery Support
Requires at Least One Recovery Agent....
Encrypting a Folder or File
..................Encrypt ContentsTo Secure DataOpen File in
FolderWhen file is saved, It is encrypted byUsing file
encryptedKeys
File encrypted Keys areStored in the data decryption Field and
the Data recovery field In the file header
Decrypting a Folder or File.........EFS automatically
detectsEncryption And Locates User certificate and Assoc
tiedPrivate Key
.........Your Private Key isApplied to the DDF.........File
Content AppearsOn Screen In PlainText
Recovering an Encrypted Folder or file.........Owners Key is
Unavailable.........Recovery agent uses HisPrivate key to recover
file
Module 5:Configuring And Managing DisksOverview: Windows 2000
Disk Types
Creating partitions on basic Disk
Creating volumes on a dynamic disk
Performing Common disk Management Task
Best Practices Windows 2000 Disk TypesFDECBASIC DISKDYNAMIC
DISKBASIC DISKFEDCGFEDCORPRIMARYPARTITIONSEXTENDEDPARTITION
WITHLOGICAL DRIVES A Basic is the default storage medium for
Windows 2000 the Characteristics of Basic Disks Are That: It can
have up to Four partitions It is compatible with other types of
Disk storage The Partition types Are: Primary Extended Logical
DrivesDYNAMIC DISK A Dynamic Disk Can Include Noncontiguous space
on Any Available Disk There is No Limit on the number of volumes
per Disk
windows 2000 Stores disk configuration information on The
Dynamic diskSimple VolumeStriped VolumeSpanned VolumeMirrored
volRaid-5Creating partitions on basic Disk
Creating volumes on a dynamic disk upgrading from a Basic Disk
To a Dynamic Disk
Creating Simple Volumes
Extending Simple Volumes Upgrading from a Basic Disk To a
Dynamic Disk
BasicBasicDynamicSystem and Boot PartitionsPrimary and
extendedPartitions, and Logical DrivesVolume set ( Win NT
4.0)Stripe set (win NT 4.0)Mirror Set ( Win NT 4.0)Stripe Set with
Parity(Win NT 4.0)Simple VolumeSimple VolumeSpanned VolumeStriped
VolumeMirrored VolumeRAID-5 VolumeDynamicVolume Version To Revert
to a Basic Disk, All Data and Volume must be Removed Creating
Simple VolumesA SIMPLE VOLUME: Contains space on Single disk
Has Less Restrictions than a Basic Disk Partition
Can Use the NTFS, FAT, or FAT32 File system
Can Be Mirrored to Provide Fault Tolerance
Is Created by Using the Create Volume WizardPerforming Common
Disk Management tasks Repairing and deleting Partitions And
Volumes
Adding Disk
Managing drive Letters and Paths
Managing disks remotely
Defragmenting partitions Repairing and deleting Partitions And
Volumes
Repair a Disk WhenThe Partition orVolume is MarkedMissing Or
Offline Adding Disk
Adding Disk From other computers
Importing Incomplete volume Produces Status Message: Failed:
Incomplete volume Failed Redundancy
For Drive Letters You Can: Use Only 25 Letters Assign, remove or
Modify Drive Letters For Drive Paths You Can Have More Than 26
drives Mount and remove Mount Points You Can Change drive letters
to other Letters or Mount Points Managing drive Letters and
Paths
Managing disk Remotely Defragmenting partitions
Module: 6Introduction to Active DIrectoryin Windows
2000Overview: Introduction to Active Directory
Active Directory Structure
Active Directory physical structure
Methods for Administering A Windows 2000
NetworkIntroduction to Active Directory What is Active
Directory?
Active directory Objects
Active directory Schema
lightweight directory access protocol (LDAP) What is Active
Directory?
Directory Servicefunctionality Organize
Manage
ControlResourcesCentralized Management Single point of
Administration Full User access to directory Resources by a single
Logon Active directory ObjectsObjectsPrintersAttributesPrinter
NamePrinter Location
UsersAttributesFirst NameLast NameLogon nameActive
directoryPrintersPrinter1Printer2Printer3Users
Don HallSuzan FineAttributeValue Objects Represent Network
Resources
Attributes Store information About an Object Active directory
Schema ObjectsClass ExamplesComputers
UsersPrinters
Arrtibutes of UserMight contain:Account
expiresDepartmentDistinguished nameMiddle NameList of
AttributesAccount ExpiresDepartmentDistinguished nameDirect
ReportsDns Host NameOperating systemReps formMiddle Name
AttributesExamplesActive Directory Schema is: Dynamically
Available Dynamically Updateable Protected By DACLs
Lightweight directory Access Protocol (LDAP) LDAP provides a Way
to Communicate with Active Directory by Specifying Unique naming
Paths for Each Object in the Directory.
LDAP Naming Paths Include: Distinguished NamesCN= Suzan Fine OU=
Sales DC= Contoso DC= Msft Relative Distinguished NamesActive
Directory Logical Structure Domains
Organizational Units
Trees and Forest
Global catalog Domains A Domain is a Security Boundary A domain
Administrator can Administer only within the Domain, Unless
Explicitly granted Administration Rights In Other Domain A Domain
is a Unit of replication Domain Controllers in a Domain Participate
in Replication and contain a complete copy of the directory
information for their domain
Windows2000 DomainReplicationOrganizational UnitsNetwork
Administrative Model
SalesUsersComputersOrganizational structure
VancouverSales Repair Use OUs to group Objects into a Logical
Hierarchy that Best suits the Needs of your Organization Delegate
administrative control over the Objects within an OU by assigning
specific permissions to users and Groups Trees and Forest
Syed.ComAsia.syed.comAsia.syed.comTreeSyed.ComRootAsia.syed.comAsia.syed.comTwo-Way
Transitive trustForestTwo-Way Transitive trust Global catalogSubset
of theAttributes of all Objects
Global CatalogGlobal Catalog Server
DomainDomainDomainDomainDomainDomainQueriesGroup MembershipWhen
User Logs on
Active Directory physical structure Domain Controllers
SitesDomain ControllersDomain Controllers Participate in Active
Directory Replication Perform Single Master Operations Roles in a
Domain
ReplicationDomainDomainControllerDomainController
= A Writeable copy of the Active directory databaseSeattleLos
AngelesChicagoNew YorkSiteIpSubnetIpSubnetSites: Optimize
replication traffic
Enable Users to Log on to a Domain controller by Using A
reliable, High-speed connection Methods for Administering A Windows
2000 Network Using Active directory for centralized Management
Managing the User environment
Using Active directory for centralized Management
SearchDomainOU1OU2
User 1
User2Printer 1Active directory: Enables a Single Administrator
to centrally Mange Resources Allows Administrators to Easily Locate
Information Allows Administrators to group objects into Ous Uses
Group Policy to specify Policy-based setting
Computer Managing the User environment
Apply GroupPolicy OnceWindows 2000Enforces
continuallyOU1OU2OU3DomainUse Group Policy: Control and Lock Down
What user can Do Centrally Manage software installation, repairs,
Updates and removal Configure user data to follow Users Whether
they are Online or OfflineModule 7:Creating A Windows 2000
DomainOverview Introduction to Creating a Windows 2000 Domain
Installing Active Directory
The Active Directory Installation Process
Examining the Default Structure of Active Directory
Performing Post Active Directory Installing Tasks
Troubleshooting the Installation of Active Directory
Removing Active Directory
Best Practices Introduction to Creating a Windows 2000 Domain
Domains Are the Core Administrative Unit
The First Domain Created is the Root Domain of Entire Forest or
the Forest Root
Using The Active Directory Installation Wizard, you Can Create
Domain And Domain ControllersNew ForestFirst Domain Controller
Forest Root (First Domain)
Additional DomainController (Replica) Installing Active
Directory Preparing to Install Active Directory
Creating the First Domain
Adding a Replica Domain Controller
Using an Unattended Setup Script to Install Active Directory
Preparing to Install Active DirectoryActive Directory Installation
Requirements Computer Running Windows 2000 Server, Window 2000
Advance Server , Or 2000 Datacenter Server
Minimum Disk Space of 200 MB for Active Directory and 50 MB for
Log Files
Partition or Volume That is Formatted With The NTFS File
System
TCP/IP Installed And Configured to Use DNS
Appropriate Administrative Privileges For Creating a Domain in
An Existing Network Creating the First Domain Start the Active
Directory Installation Wizard Select The Domain Controller and
Domain Type Specify the Required Information
Domain, DNS, And NetBIOS Names Database, Log, and Shared System
Volume Locations Select To Weaken Permission Specify a Password to
use in Directory Services Restore Mode The Active Directory
Installation Wizard: Installs Active Directory Converts the
Computer to a Domain Controller Adding a Replica Domain Controller
Fault Tolerance Requires a Minimum of Two Domain Controllers in A
Single Domain
More than one Domain Controller in a Domain Also Ensure that a
single Domain Controller in Not Overloaded
Run Dcpromo to Add a Domain Controller to an Existing Domain
The Active Directory Installation Wizard: Converts the computer
to a domain controller
Replicates Active directory from an existing domain
ControllerUsing an Unattended Setup Script to Install Active
DirectoryAn answer File: Contains all of the parameters needed for
an unattended Session of Installing active directory contains only
the (dc install) section of the unattended setup parameters
file
Can be run After windows 2000 server setup has been completed
and a user has logged on to the computer
dcpromo /answer:Notepad (unattended) (dc install)Answer file The
Active Directory Installation Process configuring Parameters
Site Configuration
Directory services configuration
Services and Security configuration
Additional Active Directory Installation Operations configuring
ParametersChecks Performed By the Active DirectoryInstallation
Wizard Before Installing Active Directory Verifies User Interface
Parameters
Verifies NetBIOS Name And Server Name
Verifies TCP/IP Configuration
Validates the DNS and NetBIOS Domain Name
Verifies User Credentials
Verifies File Locations Site Configuration The Domain Controller
is Added to the Site that is Assoctied with its Subnet
The Server is Placed in the Default-First-site-Name Site if No
Subnet Object is Found
The Active Directory Installation Wizard Creates a server
Objects.
Directory services configurationDirectory Service Configuration
Operations Operations for All types of Installation creates the
Required Registry Set up performance counters for Active directory
Configures the server to automatically enroll for an x.509 Domain
Controller certificate Starts the Keyboards V5 Authentication
service Set the Local Security Authority (LSA) Policy Installs
shortcuts to Administration Tools in Active directory
Directory Partitions configuration Creates the Schema directory
Partition Create the configuration directory Partition Create the
domain directory Partition Services and Security
configurationConfiguration Services and Security Setting services
to start Automatically Remote Procedure Call (RPC) Locator Net
Logon KDC Intersite Messaging Distributed Link Tracking server
Windows Time Setting Security Sets Security for the directory
services and the file Replication folders
Configures default DACLs on the file and object in Active
directory
Configures default group Policy by using the security templates
Additional Active Directory Installation OperationsAdditional
Operations Sets Computer DNS root Domain Name
Determine whether the server computer is a members of the
Domain
Creates a Computer Account in the Domain Controllers OU
Applies the User-provide Password for the Administrator
Account
Creates a Cross-Reference Object in the Configuration
Controller
Add Shortcuts
Create the SYSVOL Folder
Create Schema And Configuration Contains
Examining the Default Structure of Active Directory
Hold the Default Win2000 Security groupsDefault Location for
Computer AccountsDefault Location for Domain ComputerAccountsHolds
Security IdentifyFrom external, trust DomainDefault Location of
user And Group Accounts Performing Post Active Directory Installing
Tasks Verifying the Active directory Installation
Implementing Active directory Integrated Zones
Securing Updates for Active Directory Integrated Zones
Changing The Domain Mode
Implementing An Organizational Unit Structure Verifying the
Active directory InstallationVerifying the Active directory
Installation Verify SRV Resource Records
Verify SYSVOL
Verify the Directory Database and Log Files
Verify the installation Results by Examining the Event Logs
SYSVOLDNSDatabaseAnd LogsFiles Implementing Active directory
Integrated Zones Use DNS to Integrate a DNS Zone with Active
Directory
Implement a Forward Lookup Zone
Implement a Reverse Lookup Zone
DNSServer Contoso.msftZoneDatabaseActive DirectoryIntegrated
Zone Securing Updates for Active Directory Integrated Zones Use DNS
to secure Update for Active directory Integrated Zones
Secure the Active directory Integrated Zones to Enable You to
control Access to Zones and Resource Records
ZoneDatabase
Client DNSServer Contoso.msftActive DirectoryIntegrated
ZoneSecure Update Changing The Domain Mode Active directory
Installs in Mixed Mode to Provide Support for Existing Domain
Controllers
Group Nesting and Universal Security groups Requires A Domain to
be in Native ModeDomain Controller (Win 2000)Domain Controller Win
NT 4.0AndMixed ModeDomain Controller (Win 2000 Only) Implementing
An Organizational Unit Structure Implement an OU Structure if You
Want To: Enhance Administrative Control Delegate Administrative
control over Network Resources
Group similar Network Resources under one OU Simplify Object
Administration, and control Visibility of Network Resources
Make Resources Administration More Efficient Create and OU in a
Domain or within Another OU by Using Active Directory Users and
Computers Troubleshooting the Installation of Active
DirectoryErrorAccess Denied While Creating or Adding Domain
ControllersErrorDNS or NetBIOS Domain Names are not
UniqueErrorDomain Cannot Be ContactedErrorInsufficient Disk Space
Removing Active Directory Remove Active Directory by: Using the
Active Directory Installation wizard
Providing Appropriate Administrative Credentials The Active
Directory Installation Wizard perform specific Removal Operations
Depending on the type of Domain
Provide Credentials: Enterprise admin group member Domain Admin
group MemberRemove Active DirectoryModule 8:Automating IP
AddressAssignment B Using DHCPOverview: Overview of DHCP
Installing the DHCP Service
Authorizing The DHCP Service
Creating and Configuring A Scope
Customizing DHCP Functionality
Configuring DHCP in A Routed Network
Supporting DHCP Overview of DHCP Manual vs. Automatic TCP/IP
Configuration
DHCP Operation
The DHCP Lease Generation Process
The DHCP Lease Renewal Process
Requirements for DHCP Servers and Clients Manual vs. Automatic
TCP/IP ConfigurationManual TCP/IP ConfigurationIP Address Entered
ManuallyOn Each Client ComputerPossibility of Entering InCorrect or
Invalid IP AddressIncorrect Configuration canLead to Communication
andNetwork ProblemsAdministrative Overload onNetworks where
computersAre Frequently MovedDisadvantagesAutomatic TCP/IP
ConfigurationadvantagesIP Address are SuppliedAutomatically to
Client ComputersEnsures that Clients AlwaysUse Correct
Configuration InformationElimination of common Source of Network
ProblemsClient Configuration UpdatedAutomatically to Reflect
Changes in Network Structure DHCP Operation
Non-DHCP Client: Static IP ConfigurationDHCP ServerIP Address
2IP Address 1DHCP Client:IP Configuration From DHCP ServerDHCP
Client:IP Configuration From DHCP ServerDHCPDatabaseIP Address 1IP
Address 2IP Address 3 The DHCP Lease Generation Process
DHCP ClientDHCP Servers1IP Lease Request23IP Lease OfferIP Lease
SelectionIP LeaseAcknowledgement4 The DHCP Lease Renewal
ProcessDHCP RequestSource IP Address= 192.168.0.77Dest. IP Address
= 192.168.0.108Requested IP Address= 192.168.0.77Hardware Address=
08004-------
DHCP ClientDHCP ServerDHCPCKSource IP Address=
192.168.0.108Dest. IP Address = 192.168.0.77Offered IP Address=
192.168.0.77Client Hardware Address= 08004---Subnet Mask =
255.255.255.0Length Of Lease= 8 DaysServer Identifier=
192.168.0.108DHCP Option: Router= 192.168.0.1 Requirements for DHCP
Servers and Clients DHCP Server Requirements (Windows 2000 Server)
The DHCP Service Static IP Address, Subnet Mask, Default Gateway
Range of Valid IP Address DHCP Clients Windows 2000 Professional or
Windows 2000 Server Windows NT Server or Workstation 3.51 Or later
Windows 95 or Windows 98 Windows for Workgroup 3.11, Running TCP/IP
Microsoft Network Client 3.0 for MS-DOS LAN Manger 2.2c
Non-Microsoft Operating System
Installing the DHCP Service Authorizing The DHCP Service
DHCP ServerDHCP ServerClientsDomain Controller/ DHCP ServerDHCP
ServicesChecks forAuthorization If authorized the Service starts
Properly
If unauthorized, the Service Logs an error and will not respond
to Clients Overview Of ScopesDHCP Server
IP Address Available Lease to client
ComputersScope192.168.1.0192.168.1.1192.168.1.2192.168.1.3192.168.1.4
Using the New Scope WizardYou Use the New Scope Wizard to:
Configure Scope Parameters
Change the Default Lease Duration
Activate a Scope Configuring a Scope with OptionsScope Options
Supported by DHCP Include: IP Address of a Router
IP Address of a DNS Server
DNS Domain Name
IP Address of WINS Server
Type of NetBIOS over TCP/IP Name Resolution Customizing the Use
of Scope OptionScope OptionsServer LevelScope LevelClass
LevelReserved Client Level
Reserving IP Address for Clients Computers Customizing DHCP
Functionality Using Option classes
Combining Scopes by Using Super Scopes
Issuing Multicast Address by Using Multicast Scopes Using Option
classes Vendor-Defined classes manage DHCP Options Identified by
Operating System vender Type
User-Defined Classed Manage DHCP Option With Common
Configuration RequirementsDHCP Server
Configuration AConfiguration BConfiguration CClient 1Client
2Client 3 Combining Scopes by Using Super ScopesSuper Scope AScope
1192.168.1.1192.168.1.254Scope 2192.168.2.1192.168.2.254DHCP
Server
192.168.1.1192.168.1.254192.168.2.1192.168.2.254 Issuing
Multicast Address by Using Multicast Scopes DHCP Server
Computer 2Computer 3Computer 4Computer 1Multicast GroupRequest
forMulticast addressMulticast addressAssigned Configuring DHCP in A
Routed Network Routed Network configuration Options
Using a DHCP Relay Agent Routed Network configuration
Options
DHCP ClientDHCPRelay AgentWindows 2000 ServerRouterRouterDHCP
ServerDHCP ClientNon RFCCompliantRFCCompliant
Using a DHCP Relay Agent
DHCP ClientDHCP Relay AgentSubnet 1RouterDHCP ServerSubnet 2
Supporting DHCP Monitoring the DHCP Server Services
Troubleshooting DHCP Database Problems
Removing A DHCP Server from service Monitoring the DHCP Server
ServicesWhen you Enable Logging, the DHCP Server Creates
Log Files Called DHCPSrvlog. The DHCP Server Stores
These Files in the DHCP Database Directory
DHCPDatabaseDhcp Srvlog
DHCPDatabaseStoreSystemroot\system32\dhcpStoreSystemroot\system32\dhcp\backup\jet\new
Troubleshooting DHCP Database Problems Removing A DHCP Server from
serviceBefore Removing a DHCP Server for Service Set short Lease
Durations For Clients
Ensure New Lease for Clients
Record Any Reserved Addresses
Large Address Pool In Other DHCP Servers
Transfer IP Address to the New ScopeModule 9:Implementing Name
ResolutionBy Using DNS Overview Of the DNS Query ProcessQuery
TypesIterative QueryRecursive QueryThe DNS Server return the Best
answerThat it can Provide With out help formOther serverThe DNS
server return a complete answerTo the query, not a pointer to
anotherDNS ServerLookup TypesForward LookupReverse LookupRequires
Name-to-Address resolutionRequires Address-to-Name resolution
Installing the DNS Server Service
IP Address can beProvide by a DHCPServer or
ManuallyConfigured
Configuring Name Resolution for Client Computers Creating Zones
Identifying Zone Types
Examining the zone File
Creating Lookup Zones Identifying Zone TypesChangePrimary
ZoneSecondary ZoneZone TransferStandard ZoneChangeChangeChangeZone
TransferActive directory Integrated zones Examining the Zone
FileResources Record in a zone file can contain a computers FQDN IP
Address AliasRecord@ NS casablanca.africa.nwtrades.msft.Casablanca
A 192.168.11.1Marrakech CNAME
casablanca.africa.nwtrades.msft.1.11.168.192. in-add.arpa. PTR
casablanca.africa.nwtrades.msft.
ZoneDatabase FileZoneDNS Server Creating Lookup Zones
Forward LookupIP Address for Khan.com ?
IP Address 192.168.1.50Reverse LookupName Of 192.168.1.50 ?Name
= khan.comDNS ServerDNS Server Configuring Standard Zones
Zone Transfer Process
Configuring Zone transfers
Creating A Sub domain
configuring Active directory Integrated Zones
Migrating zones to the windows 2000 DNS server Service
Configuring Zones Configuring Standard Zones You can Configure A
DNS Server to host standers primary Zones, Strand Secondary Zones,
or any Combination of Zones.
You can designate a primary server or a Secondary server as a
master server for a standers Secondary zoneAPrimary ZoneBSecondary
ZoneMaster DNS ServerDNS Server ACSecondary ZoneMaster DNS
ServerDNS Server ADNS Server ADNS Server BDNS Server C
ZoneInformation Zone Transfer Process A master DNS server send
Notification of zone Changes to The Secondary server or Servers
The Secondary server queries a master DNS Server for changes to
the zone FileDNS Server (Master)DNS ServerPrimary ZoneDatabase
FileSecondary ZoneDatabase FilenwtradersSupportTrainingZone 1
Configuring Zone transfers Creating A Sub domain Create a Sub
Domain to Better Organize you Namespace
Delegate Authority of a Sub Domain To Delegate Management of
Portions of the Namespace Delegate Administration tasks of
Maintaining on Large DNS
DatabaseOrg.Org.Com.Edu.Au.Microsoft.comTraining.microsoft.comTraining.microsoft.comRootTop-level
DomainSecond-level DomainSub Domain configuring Active directory
Integrated ZonesActive Directory Integrated zone Data Is Stored as
an Active directory Object Replicated as part of Domain
ReplicationDNS ServerNwtradres.msftActive Directory Integrated
zone
Active directory Migrating zones to the windows 2000 DNS server
ServiceFiles in the windows 2000 DNS server
serviceDomain_name.dnsThe forward Lookup file that is used
toTranslate Host Names to IP Addressz.y.x.w.in-addr.arpaThe Reverse
Lookup file that is used toTranslate IP Address to Host
NamesCache.dnsContains the required Host information forResolving
Names outside authoritative BootControl How the DNS Server service
Start configure a Root Zone on a DNS Server When: your Intranet is
not connected to the internet you are using a proxy to gain access
to the internetOrg.Com.Edu.Au.ComMicrosoft.comDelegate
Microsoft.comPrivate NetworkInternet Root domainCom.Delegate
Microsoft.com
Microsoft.com
Record forComMicrosoft.comRoot DomainProxyServerPrivate Network
Configuring DNS for Internal Use Integrating DNS and DHCP Overview
of Dynamic Update
Configuring Dynamic Updates
Securing Dynamic Updates Overview of Dynamic Update
Computer 1Request for IP AddressAssign IP AddressOf
192.168.120.133Dynamic UpdateDynamic UpdateComputer
1192.168.120.133DNS ServerZone databaseDHCP Server Configuring
Dynamic Updates Configure the DNS Server to Allow Dynamic
Updates
Configure the DHCP Server for Dynamic Updates
Configure windows 2000 Based clients Dynamic Updates Securing
Dynamic Updates
Active directoryIntegrated zoneSecureDynamic Update Maintaining
and troubleshooting DNS Servers Reducing Network traffic by Using
caching-Only Server
Maintaining DNS Zones
Monitoring DNS Servers
Verifying Resources Records by Using NSlookup
Troubleshooting Name Resolution Problems Reducing Network
traffic by Using caching-Only ServerCaching-Only Servers Perform
name Resolution on behalf of client computers and cache the
results
Can be used to reduce DNS-related traffic across a WAN
ClientClientClientCaching-Only ServersRemote OfficeDNS Server
SlowWan LinkCorporate Headquarters Maintaining DNS Zones
Monitoring DNS Servers
Verifying Resources Records by Using NSlookupUse Nslookup to
verify that the information contained in Resources records is
correct
Troubleshooting Name Resolution Problems Troubleshooting Name
Resolution Problems troubleshooting Name resolution on Clients
computers
Registering Client Computers
Troubleshooting Zone transfer ProblemsModule 10:Introduction
toISA Server 2000Overview: Introduction ISA Server
Using Caching
Using Firewalls
Deployment scenarios for ISA Server Introduction ISA Server ISA
Server Editions
Benefits of ISA Server
Installation Modes ISA Server Editions ISA Server Standard
Edition
ISA Server Enterprise edition Benefits of ISA
ServerAccelerationFast web access with a High performance
CacheSecuritySecure Internet connectivity a
MultilayeredFirewallManagementUnified Management with Integrated
AdministrationExtensibilityExtensible and open platform
Installation Modes Cache Mode
Firewall Mode
Integrated Mode
Features Available with Each Mode Using Caching The Caching
Process
Types of cachingCache The Caching ProcessISA ServerInternet2 GET
www.nwtraders.msftClient 1Client 2Cache1 GET www.nwtraders.msft4
GET www.nwtraders.msft3 Object is sent from internet
5 object is sent from cache
Types Of
CachingForwardCachingCacheInternetReverseCachingCacheInternetDistributedCachingInternal
NetworkWeb ServerInternal NetworkCacheCacheCacheInternet
Using Firewalls Firewall Overview
Bastion Host
Perimeter network with Three-Homed firewall
Perimeter Network with Back-to-Back Firewalls
Filters and Network Access Firewall Overview A firewall is:
Controlled point of access for all traffic that enters the
internet Network
A Controlled Point of Access for all Traffic that Leaves the
internet network Bastion HostInternetFirewallInternal Network
Perimeter network with Three-Homed firewallInternetPerimeter
NetworkInternal NetworkFirewall
Perimeter Network with Back-to-Back Firewalls
Internal FirewallExternalFirewall Filters and Network
AccessAccess PolicyAllowHttpAll destinationsStreaming
MediaStreaming MediaSTMPSTMPDNS IntrusionFirewallInternal
NetworkExternal Network Deployment scenarios for ISA Server Branch
Office/Small Business Cache Server
Branch Office/Small Business Firewall
Enterprise Cache
Enterprise Firewall Branch Office/Small Business Cache
ServerMain OfficeCacheBranch OfficeISA ServerCacheISA ServerSmall
businessInternet
Branch Office/Small Business FirewallInternetISA ServerActual
ConnectionBranch Office orSmall BusinessPerceived connection
Enterprise Cache ServerCacheCacheCacheInternetISA Server
ArrayCorporate Network
ISA ServerISA ServerPerimeter NetworkInternet Enterprise
Firewall
