28
Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment

new AD

Embed Size (px)

DESCRIPTION

Aktive Direktori

Citation preview

Page 1: new AD

Module 1

Introduction to Managing Microsoft®

Windows Server® 2008 Environment

Page 2: new AD

comparison between local user and domain user definition

In a workgroup:

• All computers are peers; no computer has control over another computer.

• Each computer has a set of user accounts. To use any computer in the workgroup, you must have an account on that computer.

• There are typically no more than ten to twenty computers.

• All computers must be on the same local network or subnet.

Page 3: new AD

In a domain:

• One or more computers are servers. Network administrators use servers to control the security and permissions for all computers on the domain. This makes it easy to make changes because the changes are automatically made to all computers.

• If you have a user account on the domain, you can log on to any computer on the domain without needing an account on that computer.

• There can be hundreds or thousands of computers.(unlimited)

• The computers can be on different local networks

Page 4: new AD

Module Overview

• Server Roles

• Overview of Active Directory

• Using Microsoft Windows Server 2008 Administrative Tools

• Using Remote Desktop for Administration

Page 5: new AD

Lesson 1: Server Roles

• Windows Server 2008 Editions

• What Are Server Roles?

• What Are the Windows Infrastructure Services Roles?

• What Are the Windows Application Platform Services Roles?

• What Are the Active Directory Server Roles?

• AD DS Integration with Other Active Directory Server Roles

• What Are Server Features?

• What Is Server Core?

Page 6: new AD

Windows Server 2008 Editions

The Windows Server 2008 editions are:

• Windows Web Server 2008

• Windows Server 2008 Standard

• Windows Server 2008 Standard without Hyper-V

• Windows Server 2008 Enterprise

• Windows Server 2008 Enterprise without Hyper-V

• Windows Server 2008 Datacenter

• Windows Server 2008 Datacenter without Hyper-V

Page 7: new AD

What Are Server Roles?

Server roles describe the primary server functionServer roles describe the primary server function

File ServicesFile ServicesDNS ServerDNS ServerActive Directory Domain ServicesActive Directory Domain Services

Print ServicesPrint Services Web Server IISWeb Server IIS

Page 8: new AD

•any role can be added to any server, but workload, performance, and hardware considerations are important when assigning roles to servers.

•Hint: One of the main reasons that server functionality is packaged as roles is the ability to provide effective security for each role

Page 9: new AD

What Are the Windows Infrastructure Services Roles?

Windows Infrastructures Services roles include:

• Active Directory Certificate Services

• DHCP Server

• DNS Server

• Fax Server

• File Services

• Hyper-V

• Network Policy and Access Services

• Print Services

• Terminal Services

• Windows Deployment Services

Page 10: new AD

What Are the Windows Application Platform Services Roles?

Windows Application Platform Services roles include:

• Application Server

• Web Server (IIS)

Page 11: new AD

What Are the Active Directory Server Roles?

Server Role Description

Active Directory Domain Services (AD DS)

A centralized directory for user and computer management and authentication for a Windows Server 2008 network

Active Directory Lightweight Directory Services (AD LDS)

An LDAP directory service that provides data storage and retrieval support for directory-enabled applications, without the requirement to deploy domains or domain controllers

Active Directory Certificate Services (AD CS)

A solution used to protect information stored in documents, e-mail messages, and Web sites from unauthorized viewing, modification, or use

Active Directory Rights Management Services (AD RMS)

An information-protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use

Active Directory Federation Services (AD FS)

A server role in Windows Server 2008 that provides Web SSO technologies to authenticate a user to multiple Web applications over the life of a single online session

Page 12: new AD

AD DS Integration with Other Active Directory Server Roles

• AD DS is the foundation for a functional network

• Most server roles depend on AD DS to provide user and resource information for the other server roles

• AD DS also provides authentication and authorization services

AD CS

AD RMS

AD FS

AD DS

Page 13: new AD

What Are Server Features?

Server features are supporting services that can be installedServer features are supporting services that can be installed

Examples of server features:

•BitLocker™ Drive Encryption

• Network Load Balancing

• Failover Clustering

•Windows PowerShell™

Page 14: new AD

What Is Server Core?

A Server Core is an installation of Windows Server 2008 that:

• Has minimal services

• Has no graphical interface

• Increases security

• Can be configured in a limited number of roles

Page 15: new AD

Lesson 2: Overview of Active Directory

• What Is Active Directory?

• Benefits of Active Directory

• What Is a Domain?

• What Is an Organizational Unit?

• What Is a Forest?

• What Is a Domain Controller?

• What is a Read-Only Domain Controller?

• Read-Only Domain Controller Features

Page 16: new AD

What Is Active Directory?

Active Directory:

• Is a central repository of network information

• Is organized into domains, trees, and forests

• Has multiple partitions:

– Domain

– Configuration

– Schema

Page 17: new AD

Benefits of Active Directory

Compared to a workgroup, the benefits of Active Directory include:

• Simplified security management

• Group Policy

• Extensibility

• Delegation of administration

Page 18: new AD

What Is a Domain?

A domain is a logical grouping of objects such as computer and user accountsA domain is a logical grouping of objects such as computer and user accounts

Computer accounts

User accounts

each computer and user account is part of a domain. Mention that accounts within domains can be organized into

organizational units (OU).

Page 19: new AD

What Is an Organizational Unit?

Computer Account

User Account

Organizational units in a domain

An OU is a container within a domain

An OU is a container within a domain

Page 20: new AD

What Is a Forest?

eu. nwtrader.

msft

nwtrader.msft

na. nwtrader.

msft

A forest is a collection of domains that trust each other

A forest is a collection of domains that trust each other

sales.contoso.

msft

Treecontoso.

msft

Global Catalog

Page 21: new AD

What Is a Domain Controller?

A domain controller:

• Holds a copy of Active Directory

• Responds to requests for Active Directory information

• Authenticates users to the network

• Is located by querying DNS

• Takes part in multi-master replication throughout the domain and forest

Page 22: new AD

What Is a Read-Only Domain Controller?

RODCs host read-only partitions of the AD DS database, only accept replicated changes to Active Directory, and never initiate replication

RODCs host read-only partitions of the AD DS database, only accept replicated changes to Active Directory, and never initiate replication

RODCs:

• Cannot hold operation master roles or be configured as replication bridgehead servers

• Can be deployed on servers running Windows Server 2008 Server core for additional security

RODCs provide:

•Additional security for branch office with limited physical security

• Additional security if applications must run on a domain controller

RODCRODC

Page 23: new AD

Read-Only Domain Controller Features

RODCs provide:

• Unidirectional replication

• Credential caching

• Administrative role separation

• Read-only DNS

• RODC filtered attribute set

Page 24: new AD

Lesson 3: Using Windows Server 2008 Administrative Tools

• Microsoft Management Console

• Server Manager

• Computer Management

• Device Manager

• Problem Reports and Solutions

• Common Administration Tasks

Page 25: new AD

Microsoft Management Console

The Microsoft Management Console (MMC):• Is a framework for developing administrative

tools• Uses snap-ins to provide functionality• Allows you to create custom consoles

The Microsoft Management Console (MMC):• Is a framework for developing administrative

tools• Uses snap-ins to provide functionality• Allows you to create custom consoles

Page 26: new AD

Server Manager

• Add or remove server roles

• Add or remove server features

• Monitor system events

• Manage devices

• Schedule tasks

• Manage local users and groups

• Configure Windows Firewall

• Configure storage

• Perform a backup

Server Manager is an MMC console with several snap-ins for managing your serverServer Manager is an MMC console with several snap-ins for managing your server

Page 27: new AD

Computer Management

Computer Management considerations:

•Does not include roles and features

• Includes many of the same snap-ins as Server Manager

•Can manage Routing and Remote Access

•Can manage shared folders

•Also included in previous version of Windows

Computer Management is an MMC console with several snap-ins for managing your serverComputer Management is an MMC console with several snap-ins for managing your server

Page 28: new AD

Device Manager

You can:

•View device status and information

•View device resources

•Configure device settings

•Enable and disable devices

•Update driver software

Device Manager is a snap-in that is used to view and manage hardware informationDevice Manager is a snap-in that is used to view and manage hardware information