Module 1: Introduction to Administering Accounts
and Resources
Overview
Multimedia: Introduction to Managing a Microsoft Windows Server 2003 Environment
The Windows Server 2003 Environment
Logging On to Windows Server 2003
Using the Run As Feature for Administration
Installing and Configuring Administrative Tools
Creating an Organizational Unit
Multimedia: Introduction to Managing a Microsoft Windows Server 2003 Environment
This presentation describes the tasks involved in administering accounts and resources and defines the concepts of Active Directory
Lesson: The Windows Server 2003 Environment
Computer Roles
The Windows Server 2003 Family
What Is a Directory Service?
Active Directory Terms
Classroom Setup Review
Computer Roles
Domain Controller
File Server
Print Server
DNS Server
Application Server
Terminal Server
The Windows Server 2003 Family
Sample Roles
Windows Server 2003
EditionUsage Scenario Web
server
File and infrastructure
server
Domain controller
Scalable, business-
critical applications
Web Application server
Small Business Server
Small business with one server
Standard Small business or department
Enterprise Medium or large organizations
Datacenter Large organizations
What Is a Directory Service?
Identifies resources
Provides a consistent way to: Name Describe Locate Access Manage Secure
Active Directory BenefitsActive Directory Benefits
DNS integrationDNS integration
ScalabilityScalability
Centralized managementCentralized management
Delegated administrationDelegated administration
Active Directory Terms
Forest
Contoso.msft
Domain
brisbane.au. nwtrader.msft
nwtrader.msft
au. nwtrader.msft
Tree
OUs in a domain
Sales.Contoso.msft
Classroom Setup Review
The virtual environment is configured as one Windows Server 2003 domain: Contoso.msft
Den-DC1 is the domain controller
Den-SRV1 is a member server and is used as a remote computer for student labs
Den-CL1 is a workstation running Windows XP Professional, Service Pack 2
Server computers are running Windows Server 2003, Enterprise Edition, Service Pack 1
Lesson: Logging On to Windows Server 2003
Multimedia: Logon and Authentication
Logon Dialog Box Options
What Are User Principal Names?
Practice: Logging On to Windows Server 2003
Multimedia: Logon and Authentication
This activity presents information about: Local logon process Domain logon process Secondary logon process Smart card logon process
Important points to look for: Difference between local and domain
authentication How to perform a secondary logon Contents of an access token
Logon Dialog Box Options
By default, Windows Server 2003 attempts to log the user on to the domain that the computer is a member of
Select the domainwhere the user account
is located
Select the domainwhere the user account
is located
What Are User Principal Names?
Provides an alternative logon method
Is unique within the forest
Example: [email protected]: [email protected]
Practice: Logging on to Windows Server 2003
In this practice, you will:
Log on to your workstation by using a local account
Attempt to access a network share by using a local account
Log on to your workstation by using a domain account
Attempt to access a network share by using a domain account
Lesson: Using the Run As Feature for Administration
What Is the Run As Feature?
Using the Run As Feature
What Is the Run As Feature?
Allows a user to run specific tools and programs at any workstation with different permissions than the user's current logon provides
Can be used in troubleshooting scenarios to perform administrative tasks at the client’s workstation without logging off the current user
Using the Run As Feature
The Run as feature can be invoked from a shortcut menu
A desktop shortcut can be configured to use the Run as feature
The Run as feature can be used from the command line
runas /user:domain\domainadmin "mmc %windir%\system32\compmgmt.msc" runas /user:domain\domainadmin "mmc %windir%\system32\compmgmt.msc"
Lesson: Installing and Configuring Administrative Tools
What Are Administrative Tools?
What Is MMC?
Practice: Configuring the Administrative Tools
Guidelines for Resolving Problems with Installing and Configuring Administrative Tools
What Are Administrative Tools?
Commonly used administrative tools:
Active Directory Users and Computers Active Directory Sites and Services Active Directory Domains and Trusts Computer Management DNS Remote Desktops
Install to perform remote administration
What Is MMC?
Snap-insSnap-ins
MMC hosts tools, called snap-ins, that perform administrative functionsMMC hosts tools, called snap-ins, that perform administrative functions
Practice: Configuring the Administrative Tools
In this practice, you will:
Create a custom MMC
Save the custom MMC
Guidelines for Resolving Problems with Installing and Configuring Administrative Tools
Symptom Cause Resolution
Cannot install the administrative tools
Insufficient permissions
You must have administrative permissions on the local computer
Incorrect operating system
You can install the Windows Server 2003 Administration Tools Pack only on supported operating systems
Broken links in Help files
Both server and client Help systems are required
You can install the Help files for Windows Server 2003
Administration Tools Pack
Lesson: Creating an Organizational Unit
Multimedia: The Organizational Unit Structure
What Is an Organizational Unit?
Organizational Unit Hierarchical Models
Names Associated with Organizational Units
Practice: Creating an Organizational Unit
Multimedia: The Organizational Unit Structure
This presentation explains:
How to use organizational units to group objects for more efficient management
The main purposes of an OU hierarchy
What Is an Organizational Unit?
Organizes objects in a domain
Allows you to delegate administrative control
Simplifies the management of commonly grouped resources
Organizational Unit Hierarchical Models
Function-Based Hierarchy
S
C M
S – SalesC – ConsultantsM - Marketing
Examples of Hybrid-Based Hierarchies
Function Organization
Location Function
Organization Location
Organization-Based Hierarchy
M
E R
M – ManufacturingE – EngineeringR - Research
Location-Based Hierarchy
N
F I
N – Norway F – FranceI – Indonesia
Names Associated with Organizational Units
Name Example
LDAP relative distinguished name
OU=MyOrganizationalUnit
LDAP distinguished name
OU=MyOrganizationalUnit, DC=microsoft, DC=com
Canonical name Microsoft.com/MyOrganizationalUnit
Practice: Creating an Organizational Unit
In this practice, you will:
Install the AdminPak tools
Use the runas command to launch the command line
Use the dsadd command and Active Directory Users and Computers to create organizational units
Lab: Creating Organizational Units
After completing this lab, you will be able to create organizational units