1.21k likes | 1.86k Vues
Windows 2000 Basics Larry Passo MCSE+I, MCT, CCNA, CCDA Kevin Orbaker MCSE, MCT Windows 2000 Versions Windows 2000 Professional Windows 2000 Server Windows 2000 Advanced Server Windows 2000 Datacenter Server Windows 2000 Professional Up to 2 processors Up to 4GB RAM
E N D
Windows 2000 Basics Larry Passo MCSE+I, MCT, CCNA, CCDA Kevin Orbaker MCSE, MCT
Windows 2000 Versions • Windows 2000 Professional • Windows 2000 Server • Windows 2000 Advanced Server • Windows 2000 Datacenter Server
Windows 2000 Professional • Up to 2 processors • Up to 4GB RAM • Upgrade from 9x or NT 3.51/4.0 Workstation • Desktop performance
Windows 2000 Server • Up to 4 processors • Up to 4GB RAM • Active Directory • Terminal Services
Windows 2000 Advanced Server • Up to 8 processors • Up to 8GB RAM • Network Balancing • Load Balancing • Clustering
Windows 2000 Datacenter Server • Up to 32 processors • Up to 64GB RAM • OLTP (OnLine Transaction Processing) • OEM Versions Only
New Features • Plug and Play • Increased hardware support • Offline folders • Synchronization manager • IE 5.0
New Features • ACPI power management • FAT32 support • Hard Disk Defrag Utility
Security Features • Kerberos v5 • Encrypting File System (EFS) • IPSec • Smart Card support • Secondary logon service (Run As) • RADIUS (Remote Authentication Dial-In User Service)
Radius Terminology • Dialup clients • Radius clients • RAS • NAS • Radius servers
Management Features • Nested Like Groups (Native Mode Only) • MMC • Group Policies • Windows Scripting Host (WSH)
Management Features • Remote Installation Services • Remote Storage (automatic archiving) • Terminal Server • administrative installation • application installation
File Features • Distributed File System (Dfs) • Disk Quotas • Volume mount points • NTFS v5 • Inheritable permissions
Active Directory (AD) • Directory • Directory Service
Namespace • A group of names that are defined according to a defined naming method • NetBIOS • 15 Characters • Letters/Numbers/Special
Hierarchical Namespace • A multi-level namespace with rules that allow the namespace to be partitioned. • DNS • www.mycompany.com
Domain • A security boundary • A replication boundary • A logical concept
Tree • One or more domains • Contiguous hierarchical namespace
Forest • One or more trees • Non-contiguous namespace
Organizational Unit (OU) • An collection of objects in a domain that share common administration • Different OUs in the same domain may have different administrators • Have hierarchical structure
Site • One or more, well connected, IP subnets • Relates physical WAN infrastructure to logical domain structure • Fast and reliable
Object Distinct named set of attributes • User • Printer • File
Schema • Defines the structure of Active Directory • Object class • Attributes • Can be extended
Distinguished Name • The absolute address of an object • CN=JamesSmith,CN=Users,DC=Microsoft,DC=com • The JamesSmith user account in the microsoft.com domain
Relative Distinguished Name • The address of an object relative to any specific place in a forest • CN=JamesSmith,CN=Users • A user account that is located in the current domain
Domain Controller (DC) • Windows 2000 Server with AD • Contains information about all the objects in a domain • No more PDCs or BDCs
Global Catalog • A partial replica of every domain in AD (entire forest) • Knowledge of the existence of all objects but not all of the attributes of those objects • Global Catalog servers are also DCs
Group Types • Security Groups • Distribution Groups
Security Groups • Domain Local Group • Domain Global Group • Universal Group (native mode only) • Like groups may be nested in native mode
Lightweight Directory Access Protocol (LDAP) • A protocol used to access AD • The preferred access protocol • A simplified version of DAP from X.500
Changes to domain model • DNS and TCP/IP are now mandatory • Automatic, two-way, transitive trusts • Hierarchical
Delegate Management • Use OUs within a domain to delegate administrative control over objects • Users • Printers • Computers • OUs can take the place of multiple domains
Delegate management Accounting OU contains Printers located in accounting. Accountant Joe delegated printer management. CORP OPS MFG ACCT HR
Extending Schema • New types of objects and/or attributes can be created • Existing objects can be extended to include new attributes • Exchange 2000 extends AD • Forestprep • Setup
Testing Environment • Build it to your needs • Domain Model • Simulate site speeds • Global Catalog Servers • Replication traffic vs. Authentication traffic
Implementation and Migration Planning • Determine your migration path • In place upgrade vs. Parallel migration • Software validation • DNS naming definitions
Justification to Management • Why should you implement today? • Decrease TCO • Eliminate most reboots • Increased uptime • Shrinking Support for NT 4.0
Mixed Mode • Default configuration • Supports NT BDCs • All DC’s support Win9x/NT authentication • More Overhead
Native Mode • No support for NT 4.0 BDCs • Allows for legacy member servers and desktops • Increases functionality • Speed, Universal Groups, nesting of like groups • Conversion to native is one way
OU Design • OUs are defined within domains • Reflects organizational divisions • Designed to make logical organizations of the business model • Consider the implications of: • Inheritance of Group Policy • Inheritance of Security • OUs typically change from domain to domain
executive admin resources resources users users corporate computers temporary corporate computers temporary printers printers Example OU Design company.org
Domain Design • Single domain • Tree • Forest
Single Domain Advantages • Simple to implement • Effective for large and small organizations • Delegate administration with OUs • No trusts required • Can move objects between OUs
Single Domain Disadvantages • Can’t limit replication traffic • Single security policy
Multiple Domain company.org na.company.org euro.company.org asia.company.org
Multiple Domain Advantage • Unlimited scalability • Two-way transitive trusts • Can break up administrative through domains and OUs • Multiple security policies