Transcript Microsoft Windows 2000 Server

IT:NETWORK:
MICROSOFT SERVER 2
Operation Roles and Multiple Domains
OPERATIONS TERMS
• Single-Master Replication
• NT 4.0 replication method
• Only the primary domain controller could right to the SAM
database
• Other domain controllers could only handle authentication
• Server 2003 Mixed-mode is single master
• Multi-master Replication
• Active Directory replication method
• Multiple DC’s can write to NTDS
NT 4.0 V. 2000/2003/2008
• NT 4.0: maintains SAM on the PDC and only
on the PDC.
• NT 4.0: only changes can be made on
PDC.
Windows Server: accounts are managed
through the directory through multimaster
replication. This is only available in Native
mode, not mixed mode, which supports
Single-Master
SERVER 2003/2008/2012
• With Active Directory, all DC’s are equal, although
some are more equal than others. They maintain the
FSMO roles (Flexible Single Master of Operations)…now
simply called Operations Masters
• FSMO pronounced PHIZZ-MO.
• Roles:
•
•
•
•
•
RID Master
Schema Master
Domain Naming Master
PDC Emulator
Infrastructure Master
• First DC maintains all 5.
SCHEMA MASTER
• Is the working structure of the AD
database. (think Access database with
many tables that have many fields)
• You can view the schema of AD by
running mmc.exe /a and Add/Remove
Snap-in->Active Directory Schema.
• Things that change the schema:
• Applications: Exchange Server, SQL Server
• Adds additional fields to support apps
DOMAIN NAMING MASTER
• Modified with the AD Domains and Trusts
Tool/Snap-in
• Handles Domain naming when
additional domains are brought into the
forest
• It’s the clearing house for domain names
and prevents duplicate domain names
to be brought in
RID MASTER
Relative ID
Is generated when SIDS are created, it is
the last 32 bits of the SID
•
•
All sids start out with S-1-5 and then appends
random numbers to the end a
•
•
1-b1-c1
INFRASTRUCTURE AND
PDC
• Infrastructure
• Speeds up the process of reflecting changes
across the domains.
• PDC
• Used for legacy (pre W2k) systems
• Knows the most up-to-date passwords
• When a password is changed, the DC’s
contact the PDC FSMO immediately
• Also used for account unlocks
TRANSFERRING ROLES
COMMAND LINE
• Command to find out who has what?
• Netdom query fsmo
• Command to manage roles
• NTDSUTIL
• Connect to servername
• Quit
• Transfer fsmotype master
• Or
• Seize fsmotype master
WHY IS THIS IMPORTANT
TO KNOW?
• Delegating the roles to other servers reduces the
possibility of the network going down in the event of a
failure on the first server.
• Your company may purchase new servers to function as
replica domain controllers, however the first domain
controller contains all the operations roles and does not
auto-magically nominate the new hardware to carry the
load.
• The roles would be transferred automatically if you retire
the first domain controller by performing a dcpromo to
demote the domain controller
• Yes, DCPROMO is used to demote a domain controller.
DESIGNING A DOMAIN
MODEL
• Your domain design is relative to the size of the
network.
• A small business typically will maintain a single
server/domain controller setup.
• Microsoft Small Business Server/Server Essentials
•
•
•
•
•
Domain Controller
Exchange Server
SQL Server
ForeFront Threat Management Gateway
Intranet
• Maximum of 50 license
DESIGNING A DOMAIN
MODEL
• Larger businesses (25+ clients)
• Secondary Domain Controllers should be introduced for
fault tolerance.
• FISMO roles should be delegated appropriately
• Larger Business with remote locations
• Active Directory Sites and Services
• Create site for remote location
• Domain Controllers can be placed at the remote locations
to help with authentication.
• Replication decisions have to be made based on the
connection speed between the sites.
• Must determine how dynamic the network is
• If the network does not change often, replication can be
scheduled at off peak time.
FOREST-WIDE TIME
SYNCHRONIZATION
• All DC’s should be within 5 minutes of each other.
• Kerberos fails if time sync is DC’s disagree on time
• Member servers and workstations synchronize to the DC
that logged them in.
• PDC Emulators between domains must agree on time
WINDOWS 8
SERVER 2012
• Overview
• Windows 8 OEMs
• Server 2012
• Server Management
• Active Directory Enhancements
• Storage
• Virtualization
OVERVIEW
• The Windows 8 interface has been “re-imagined”
• Tile based “live” apps.
• 2 UI’s
• Tile based interface for supported apps
• Desktop UI for traditional x86 apps
• Interface was designed to be “seamless” when
transitioning between Windows devices
• Less learning curve between desktop down to mobile
device
OVERVIEW
• Most management tools have been server focused
• Driving force behind 2012 is to centralize server
infrastructure management
• All servers are centrally managed on the Dashboard
• Windows 8 and Server 2012 share the same code base
OVERVIEW
• Microsoft has identified four key areas of
advancement:
•
•
•
•
Virtualization
Centralized management
Modern workforce
New app platform
DESKTOP OEMS
• Windows 8 RT—designed for mobility. Only runs built-in
apps or apps downloaded from Windows Store
• Windows 8—consumer based version. Does can not be
joined to domain
• Windows 8 Pro—Domain joinable, BitLocker, Hyper-V
• Windows 8 Enterprise--
WINDOWS 8 OEMS
• Features and system requirements:
• http://www.cdw.com/shop/search/softwaretitles/microsoft-windows-8.aspx
• http://windows.microsoft.com/en-US/windows/compare
SERVER 2012
• System Requirements
Minimum HD
32GB
Minimum Processor
1.4 Ghz
Minimum RAM
512MB
Peripheral Int. Devices
DVD-ROM, Internet
connection, Keyboard,
Mouse, SVGA Monitor
SERVER MANAGEMENT
• PowerShell
• No one really uses it to it’s capacity
• Server 2012 provides expandable pane to reveal
underlying PowerShell commands to accomplish certain
tasks.
• Copy/Paste code to use later for automation scripts
• Better command “autocomplete”
• More command-lets
• 200 in 2008 R2
• 2300 in Windows Server 2012
SERVER MANAGEMENT
• Server ManagerReimagined
ACTIVE DIRECTORY
ENHANCEMENTS
• Three goals in mind
• Active Directory (AD) needs to have virtualization that
simply works
• Must be simple to deploy
• Must be simple to manage
ACTIVE DIRECTORY
ENHANCEMENTS
• Virtualization that works
• Problems caused by AD
• Virtual Image restoration
• System thinks it from an earlier time (Time Traveler)
• Update Sequence Numbers are used to keep track of
replication of data between DCs.
• Replication issues can occur (time stamps all jacked up)
• Can cause an issue called USN rollback
• http://technet.microsoft.com/enus/library/virtual_active_directory_domain_controller_virtu
alization_hyperv(WS.10).aspx#usn_and_usn_rollback
ACTIVE DIRECTORY
ENHANCEMENTS
• Virtualization that works
• Server 2012 is “virtualization safe”
• A virtual DC is able to detect when snapshots are applied
or a virtual DC has been copied.
• Uses VM generation ID (gen ID)
• Works with Hyper-V and are currently working with other
vendors to make sure it works in those environments.
ACTIVE DIRECTORY
ENHANCEMENTS
• Domain Controller Cloning
• Deployment made easier by the gen ID technology
• Upgrades and DCPromo Made Simple
• Upgrade domains and forest entirely from Server
Manager
• No ADPREP/FORESTPREP/DOMAINPREP
• DCPromo was made easier with a troubleshooting
feature built in.
ACTIVE DIRECTORY
ENHANCEMENTS
• Administration Improvements
• Any administrative tasks in AD can be accomplished
using PowerShell
• 2002300 cmdlets!!!!
• Less building of scripts. Probably a cmdlet to do what you
want.
• AD Recyle Bin has been GUI-Ized
• ADAC has a hidden PowerShell panel that you can view to
see what are the equivalent PowerShell commands
ACTIVE DIRECTORY
ENHANCEMENTS
• Active Directory Product Activation
• Uses LDAP instead of RPC
• Still requires a KMS server
STORAGE
• Three primary improvements
• Storage pools and spaces
• CHKDSK
STORAGE
• Storage pools and spaces
• Storage pools are units of storage aggregation that
provide administration and isolation
• Storage spaces are give virtual disks performance,
resiliency, and simplified storage provisioning
• Use storage spaces to consolidate individual storage
devices rather than allocating logical drive mappings
STORAGE
• CHKDSK
• Two phases
• Online scan and corruption logging which checks for
defects behind the scenes
• Offline fixing phase that only corrects defects in drive data
• Results in an exponentially faster CHKDSK process
VIRTUALIZATION
• Hyper –V 3.0 Scalability
• Supports up to 160 logical processors
• 2 TB of RAM
• Guests can support up to 32 VCPU’s and 512GB Ram per
VM
• More cost effective alternative to VMWare
• VMWare private cloud comparable solutions can cost 5-16
times more than a Microsoft solution over 1-3 years.
• Microsoft licenses on a per processor basis which makes the
solutions more scalable and predictable