1 / 32

Understanding Microsoft Server Operations: Roles, Domains, and Replication Methods

This guide provides an in-depth overview of Microsoft Server operations, focusing on Active Directory (AD) replication methods and domain controller (DC) roles. It covers the differences between single-master and multi-master replication, specifically in the context of NT 4.0 and Windows Server 2003/2008. Learn about Flexible Single Master Operations (FSMO) roles, their importance, and how to manage them effectively. Additionally, the document discusses domain model design for businesses of varying sizes, ensuring robust fault tolerance and synchronization practices for secure network operations.

franz
Télécharger la présentation

Understanding Microsoft Server Operations: Roles, Domains, and Replication Methods

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT:Network: Microsoft Server 2 Operation Roles and Multiple Domains

  2. Operations Terms • Single-Master Replication • NT 4.0 replication method • Only the primary domain controller could right to the SAM database • Other domain controllers could only handle authentication • Server 2003 Mixed-mode is single master • Multi-master Replication • Active Directory replication method • Multiple DC’s can write to NTDS

  3. NT 4.0 v. 2000/2003/2008 • NT 4.0: maintains SAM on the PDC and only on the PDC. • NT 4.0: only changes can be made on PDC. Windows Server: accounts are managed through the directory through multimaster replication. This is only available in Native mode, not mixed mode, which supports Single-Master

  4. Server 2003/2008/2012 • With Active Directory, all DC’s are equal, although some are more equal than others. They maintain the FSMO roles (Flexible Single Master of Operations)…now simply called Operations Masters • FSMO pronounced PHIZZ-MO. • Roles: • RID Master • Schema Master • Domain Naming Master • PDC Emulator • Infrastructure Master • First DC maintains all 5.

  5. Schema Master • Is the working structure of the AD database. (think Access database with many tables that have many fields) • You can view the schema of AD by running mmc.exe /a and Add/Remove Snap-in->Active Directory Schema. • Things that change the schema: • Applications: Exchange Server, SQL Server • Adds additional fields to support apps

  6. Domain Naming Master • Modified with the AD Domains and Trusts Tool/Snap-in • Handles Domain naming when additional domains are brought into the forest • It’s the clearing house for domain names and prevents duplicate domain names to be brought in

  7. RID Master • Relative ID • Is generated when SIDS are created, it is the last 32 bits of the SID • All sids start out with S-1-5 and then appends random numbers to the end a • 1-b1-c1

  8. Infrastructure and PDC • Infrastructure • Speeds up the process of reflecting changes across the domains. • PDC • Used for legacy (pre W2k) systems • Knows the most up-to-date passwords • When a password is changed, the DC’s contact the PDC FSMO immediately • Also used for account unlocks

  9. Transferring Roles command line • Command to find out who has what? • Netdom query fsmo • Command to manage roles • NTDSUTIL • Connect to servername • Quit • Transfer fsmotypemaster • Or • Seize fsmotypemaster

  10. Why is this important to know? • Delegating the roles to other servers reduces the possibility of the network going down in the event of a failure on the first server. • Your company may purchase new servers to function as replica domain controllers, however the first domain controller contains all the operations roles and does not auto-magically nominate the new hardware to carry the load. • The roles would be transferred automatically if you retire the first domain controller by performing a dcpromo to demote the domain controller • Yes, DCPROMO is used to demote a domain controller.

  11. Designing a Domain Model • Your domain design is relative to the size of the network. • A small business typically will maintain a single server/domain controller setup. • Microsoft Small Business Server/Server Essentials • Domain Controller • Exchange Server • SQL Server • ForeFront Threat Management Gateway • Intranet • Maximum of 50 license

  12. Designing a Domain Model • Larger businesses (25+ clients) • Secondary Domain Controllers should be introduced for fault tolerance. • FISMO roles should be delegated appropriately • Larger Business with remote locations • Active Directory Sites and Services • Create site for remote location • Domain Controllers can be placed at the remote locations to help with authentication. • Replication decisions have to be made based on the connection speed between the sites. • Must determine how dynamic the network is • If the network does not change often, replication can be scheduled at off peak time.

  13. Forest-wide Time Synchronization • All DC’s should be within 5 minutes of each other. • Kerberos fails if time sync is DC’s disagree on time • Member servers and workstations synchronize to the DC that logged them in. • PDC Emulators between domains must agree on time

  14. Windows 8 Server 2012 • Overview • Windows 8 OEMs • Server 2012 • Server Management • Active Directory Enhancements • Storage • Virtualization

  15. Overview • The Windows 8 interface has been “re-imagined” • Tile based “live” apps. • 2 UI’s • Tile based interface for supported apps • Desktop UI for traditional x86 apps • Interface was designed to be “seamless” when transitioning between Windows devices • Less learning curve between desktop down to mobile device

  16. Overview • Most management tools have been server focused • Driving force behind 2012 is to centralize server infrastructure management • All servers are centrally managed on the Dashboard • Windows 8 and Server 2012 share the same code base

  17. Overview • Microsoft has identified four key areas of advancement: • Virtualization • Centralized management • Modern workforce • New app platform

  18. Desktop OEMS • Windows 8 RT—designed for mobility. Only runs built-in apps or apps downloaded from Windows Store • Windows 8—consumer based version. Does can not be joined to domain • Windows 8 Pro—Domain joinable, BitLocker, Hyper-V • Windows 8 Enterprise--

  19. Windows 8 OEMS • Features and system requirements: • http://www.cdw.com/shop/search/software-titles/microsoft-windows-8.aspx • http://windows.microsoft.com/en-US/windows/compare

  20. Server 2012 • System Requirements

  21. Server Management • PowerShell • No one really uses it to it’s capacity • Server 2012 provides expandable pane to reveal underlying PowerShell commands to accomplish certain tasks. • Copy/Paste code to use later for automation scripts • Better command “autocomplete” • More command-lets • 200 in 2008 R2 • 2300 in Windows Server 2012

  22. Server Management • Server ManagerReimagined

  23. Active Directory Enhancements • Three goals in mind • Active Directory (AD) needs to have virtualization that simply works • Must be simple to deploy • Must be simple to manage

  24. Active Directory Enhancements • Virtualization that works • Problems caused by AD • Virtual Image restoration • System thinks it from an earlier time (Time Traveler) • Update Sequence Numbers are used to keep track of replication of data between DCs. • Replication issues can occur (time stamps all jacked up) • Can cause an issue called USN rollback • http://technet.microsoft.com/en-us/library/virtual_active_directory_domain_controller_virtualization_hyperv(WS.10).aspx#usn_and_usn_rollback

  25. Active Directory Enhancements • Virtualization that works • Server 2012 is “virtualization safe” • A virtual DC is able to detect when snapshots are applied or a virtual DC has been copied. • Uses VM generation ID (gen ID) • Works with Hyper-V and are currently working with other vendors to make sure it works in those environments.

  26. Active Directory Enhancements • Domain Controller Cloning • Deployment made easier by the gen ID technology • Upgrades and DCPromo Made Simple • Upgrade domains and forest entirely from Server Manager • No ADPREP/FORESTPREP/DOMAINPREP • DCPromo was made easier with a troubleshooting feature built in.

  27. Active Directory Enhancements • Administration Improvements • Any administrative tasks in AD can be accomplished using PowerShell • 2002300 cmdlets!!!! • Less building of scripts. Probably a cmdlet to do what you want. • AD Recyle Bin has been GUI-Ized • ADAC has a hidden PowerShell panel that you can view to see what are the equivalent PowerShell commands

  28. Active Directory Enhancements • Active Directory Product Activation • Uses LDAP instead of RPC • Still requires a KMS server

  29. Storage • Three primary improvements • Storage pools and spaces • CHKDSK

  30. Storage • Storage pools and spaces • Storage pools are units of storage aggregation that provide administration and isolation • Storage spaces are give virtual disks performance, resiliency, and simplified storage provisioning • Use storage spaces to consolidate individual storage devices rather than allocating logical drive mappings

  31. Storage • CHKDSK • Two phases • Online scan and corruption logging which checks for defects behind the scenes • Offline fixing phase that only corrects defects in drive data • Results in an exponentially faster CHKDSK process

  32. Virtualization • Hyper –V 3.0 Scalability • Supports up to 160 logical processors • 2 TB of RAM • Guests can support up to 32 VCPU’s and 512GB Ram per VM • More cost effective alternative to VMWare • VMWare private cloud comparable solutions can cost 5-16 times more than a Microsoft solution over 1-3 years. • Microsoft licenses on a per processor basis which makes the solutions more scalable and predictable

More Related