1 active directory administration tasks and tools active directory administration tasks active...
TRANSCRIPT
![Page 1: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/1.jpg)
1
Active DirectoryAdministration Tasks And Tools
• Active Directory Administration Tasks
• Active Directory Administrative Tools
• Using Microsoft Management Consoles
• Using Task Scheduler
![Page 2: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/2.jpg)
2
Active Directory Administrative Tasks
Microsoft Windows 2000 Active Directory Administrative Tasks
![Page 3: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/3.jpg)
3
Administrative Categories
• Configuring Active Directory
• Administering users and groups
• Securing network resources
• Administering Active Directory
• Administering the desktop computing environment
• Securing Active Directory
• Managing Active Directory performance
• Installing Windows 2000 remotely
![Page 4: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/4.jpg)
4
Active Directory Administrative Tools
• Active Directory Administrative Tools
• Other Active Directory Administrative Tools
• The Microsoft Management Console (MMC)
• Console Tree and Details Pane
• Snap-Ins
• Console Options
• Author Mode
![Page 5: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/5.jpg)
5
Administrative Tools Menu
• Active Directory Domains and Trusts console
• Active Directory Sites and Services console
• Active Directory Users and Computers console
![Page 6: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/6.jpg)
6
Active Directory Domains and Trusts Console• Assists management of trust relationships between domains
• Windows 2000 domains in the same or different forests.• Pre-Windows 2000 domains.• Kerberos V5 realms.
• Use the Active Directory Domains and Trusts console to
• Provide interoperability with other domains by managing explicit domain trusts.
• Change the mode of operation of a Windows 2000 domain from mixed mode to native mode.
• Add and remove alternative user principal name (UPN) suffixes used to create user logon names.
• Transfer the domain naming operations master role from one domain controller to another.
• Provide information about domain management.
![Page 7: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/7.jpg)
7
Active Directory Sitesand Services Console
• Publish sites to Active Directory to provide information about the physical structure of a network.
• Active Directory uses this information to determine how to replicate directory information and handle service requests.
![Page 8: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/8.jpg)
8
Active Directory Usersand Computers Console
• Adds, modifies, deletes, and organizes Windows 2000 user accounts, computer accounts, security and distribution groups, and published resources in the organization’s directory
• Manages domain controllers and OUs
![Page 9: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/9.jpg)
9
Other Support Tools
• Active Directory Schema Snap-In
• Active Directory Support Tools
![Page 10: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/10.jpg)
10
Support Tools(MMC Snap-In)
• ADSI Edit
• Used to view all objects in the directory, modify objects, and set ACLs on objects.
• SIDwalker: Security Administration Tools
• Consists of three separate programs.• SHOWACCS.EXE and SIDWALK.EXE are command-
line tools for examining and changing access control entries.
• Security Migration Editor is an MMC snap-in tool for editing mapping between old and new security IDs (SIDs).
![Page 11: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/11.jpg)
11
Support Tools (GUI)
• LDP.EXE: Active Directory Administration Tool
• Allows LDAP operations to be performed against Active Directory
• REPLMON.EXE: Active Directory Replication Monitor
• Displays replication topology, monitors replication status, forces replication events, and recalculates knowledge consistency checker
![Page 12: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/12.jpg)
12
Support Tools(Command Line)
• ACLDIAG.EXE: ACL Diagnostics
• DFSUTIL.EXE: Distributed File System Utility
• DNSCMD.EXE: DNS Server Troubleshooting Tool
• DSACLS.EXE: View or modify the ACL of objects in Active Directory
• DSASTAT.EXE: Active Directory Diagnostic Tool
• MOVETREE.EXE: Active Directory Object Manager
• NETDOM.EXE: Windows 2000 Domain Manager
• NLTEST.EXE: Provides information about trusts and replication
• REPADMIN.EXE: Replication Diagnostics Tool
• SDCHECCK.EXE: Security Descriptor Check Utility
![Page 13: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/13.jpg)
13
Active Directory Service Interfaces (ADSI)
• Provides a simple, powerful, object-oriented interface to Active Directory
• Makes it easy for programmers and administrators to create programs utilizing directory services by using high-level tools without having to worry about the underlying differences between the different namespaces
• Fully programmable automation object for use by administrators
• Provides the ability to build or buy programs that give a single point of access to multiple directories in a network environment, whether those directories are based on LDAP or another protocol
![Page 14: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/14.jpg)
14
The Microsoft Management Console (MMC)
• Used to create, save, and open collections of administrative tools.
• Does not provide management functions itself, but is the program that hosts management applications called snap-ins.
• Uses snap-ins to perform one or more administrative tasks.
• Preconfigured MMCs contain commonly used snap-ins, which appear on the Administrative Tools menu.
• Custom MMCs are created to perform a unique set of administrative tasks.
• Preconfigured and custom MMCs can be used for remote administration.
![Page 15: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/15.jpg)
15
Preconfigured MMCs
• Contain one or more snap-ins that provide the functionality to perform a related set of administrative tasks.
• Function in User mode; unable to modify, save, or add additional snap-ins.
• Windows 2000 Server and Windows 2000 Professional have different preconfigured MMCs.
• Added by Windows 2000 when additional components are installed.
![Page 16: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/16.jpg)
16
Typical PreconfiguredMMCs are Available for
• Windows 2000 Professional, Windows 2000 Server stand-alone server, and Windows 2000 Server domain controllers
• Windows 2000 Server stand-alone server and domain controllers
• Windows 2000 Server domain controllers only
• Windows 2000 Professional and Windows 2000 Server stand-alone server
![Page 17: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/17.jpg)
17
Windows 2000 Professional, Windows 2000 Server Stand-Alone Server, and Windows 2000 Server Domain Controllers
• Component Services
• Computer Management
• Data Sources (ODBC)
• Event Viewer
• Performance
• Services
![Page 18: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/18.jpg)
18
Windows 2000 Server Stand-Alone Server and Domain Controllers
• Configure Your Server
• Distributed File System
• Internet Services Manager
• Licensing
• Routing and Remote Access
• Server Extensions Administrator
• Telnet Server Administration
![Page 19: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/19.jpg)
19
Domain Controllers Only
• Active Directory Domains and Trusts
• Active Directory Sites and Services
• Active Directory Users and Computers
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• Domain controller Security Policy
• Domain Security Policy
![Page 20: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/20.jpg)
20
Professional and Server Stand-Alone Server
Local Security Policy
![Page 21: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/21.jpg)
21
Sample MMC
![Page 22: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/22.jpg)
22
Snap-Ins and Extensions
![Page 23: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/23.jpg)
23
Stand-Alone Snap-Ins
• Usually referred to simply as snap-ins
• Used to perform Windows 2000 administrative tasks
• Provide one function or a related set of functions
![Page 24: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/24.jpg)
24
Extension Snap-Ins• Referred to simply as extensions.
• Provide additional administrative functionality to another snap-in.
• Designed to work with one or more stand-alone snap-ins.
• Windows 2000 displays only extensions that are compatible with the stand-alone snap-in and places them in the appropriate location.
• When a snap-in is added to a console, MMC adds all available extensions by default.
• Extensions can be added to multiple snap-ins.
• Some stand-alone snap-ins can use extensions that provide additional functionality.
• Some snap-ins can act as a snap-in or an extension.
![Page 25: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/25.jpg)
25
Console OptionsAuthor Mode
• Full access to all MMC functionality
• Adds or removes snap-ins
• Creates new windows
• Views all portions of the console tree
• Saves MMCs
![Page 26: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/26.jpg)
26
Console Options User Mode
• Users cannot add or remove snap-ins, or save the MMC.
• Three types of user modes allow different levels of access and functionality:
• Full Access• Limited Access, Multiple Windows• Limited Access, Single Window
![Page 27: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/27.jpg)
27
Using MMCs
• Using Preconfigured MMCs
• Using Custom MMCs
• Using MMCs for Remote Administration
• Practice: Using Microsoft Management Console
![Page 28: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/28.jpg)
28
Options on the MMC Console Menu
• New: Create a new custom MMC console
• Open: Use a saved MMC console
• Save or Save As: Use the MMC console later
• Add/Remove Snap-In: Add or remove one or more snap-ins and their associated extensions to or from an MMC console
• Options: Configure the console mode and create a custom MMC console
![Page 29: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/29.jpg)
29
Using MMCs forRemote Administration• Snap-in for remote administration can be set up when a
custom MMC is created.
• Remote administration allows administrative tasks to be performed from any location.
• The design of each snap-in dictates whether or not it can be used for remote administration.
• You must use specific snap-ins designed for remote administration.
• If the snap-in is available for remote administration, Windows 2000 prompts for the target computer to administer.
• The Windows 2000 Administration Tools Setup Wizard is simply a means for loading administrative tools to a remote machine.
![Page 30: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/30.jpg)
30
Using Task Scheduler
• Introduction to Task Scheduler
• Practice: Using Task Scheduler
![Page 31: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/31.jpg)
31
Scheduled Task Wizard
![Page 32: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/32.jpg)
32
Task Scheduler
• Scheduled tasks are saved in the Scheduled Tasks folder in the Control Panel folder in My Computer and on the Accessories, System Tools menu.
• Access scheduled tasks on another computer by browsing that computer’s resources using My Network Places; allows tasks to be moved from one computer to another.
• Use Task Scheduler to
• Run maintenance utilities at specific intervals.• Run programs when there is less demand for
computer resources.
![Page 33: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/33.jpg)
33
Scheduled Task Wizard Options
• Program to run: The applications to be scheduled
• Task name: A descriptive name for the task
• Frequency: How often Windows 2000 will perform the task
• Time and date: Start time and start date for the task to occur
• Name and password: User name and password; application will run under the security settings for this user account
• Advanced properties: Select this check box to display the Advanced Properties dialog box after clicking Finish
![Page 34: 1 Active Directory Administration Tasks And Tools Active Directory Administration Tasks Active Directory Administrative Tools Using Microsoft Management](https://reader036.vdocuments.us/reader036/viewer/2022062315/5697c02d1a28abf838cd96cf/html5/thumbnails/34.jpg)
34
Scheduled Task WizardAdvanced Properties
• Task: Change the scheduled task, add parameters, or change the user account
• Schedule: Set and display multiple schedules for the same task
• Settings: Set options that can delete or stop a task, start or stop a task based on idle or non-idle time, start or stop a task if a computer is running on batteries, and wake the computer to run a task
• Security: Change the list of users and groups that have permission to perform the task, or change the permissions for a specific user or group