Host Management active directory and domain services in windows server.pptx

Chapter Two Host Management 1

Active Directory Domain Services Active Directory is a directory service, and it is the role of a directory service to maintain information about enterprise resources, including users, groups, and computers . A directory service is the software system that stores, organizes and provides access to information in a directory. It helps administrators centralize creation of users and groups , and specify roles and access levels for IT resources across the company network. This greatly simplifies the task of administrators, as they save the effort of managing administration for multiple systems separately for each user. 2

Windows server Basic Terminology Domain Controllers Domain controllers (DCs) host perform the identity and access management in a Microsoft Windows enterprise. Any server that has AD(Active Directory) installed becomes a DC . In a domain one domain act as the primary domain controller while the other act as a backup domain controller. Functions of DC Store a complete copy of all the objects related to a single domain . It also maintains the change made to the objects and updates these changes on other DC in the same domain. Provides fault tolerance , Fault tolerance means if one DC is offline, another can provide all the required function to AD. Manage all user interaction within a domain, such as finding AD object and validating user authentication . 3

Cont … Active Directory enables you to configure a domain and a forest with a single domain controller . Roles Wizard in Server Manager is used to install Active Directory Domain Services (AD DS). Then the Active Directory Domain Services Installation Add Wizard is used to create the first DC in the forest . Additional domain controllers are used to, create a level of fault tolerance in the event any one DC fails, or provide authentication in remote sites. E.g.: DBU.com 4

Cont … Domain A domain is a core administrative unit of a network structure. It is a logical grouping of computers that share a common directory database and security system. Object stored in a domain are considered vital to network . These object are resources needed by network user to perform task. The object can be printer, document, database or user. A domain act as a security boundary and allow access to domain object . 5

Cont … Tree A tree is a hierarchical collection of one or more domain , which is created by adding one or more child domain to an existing parent domain . Child Domain You may want to create a child domain and then delegate the Domain Name System (DNS) namespace to a domain controller located in this child domain for any the following reasons: E.g. CS.DBU. com DBU.com IT.DBU.com CS.DBU.com First-year.CS.DBU.com 6

Cont … Understanding Active directory objects Active Directory is a directory service, to maintain information about enterprise resources, including users, groups, and computers . Resources are divided into OUs (organizational unit) to facilitate manageability and visibility—that is, they can make it easier to find objects A user requires an Active Directory user account to log on to a computer or to a domain. The account establishes an identity for the user ; the operating system then uses this identity to authenticate the user and to grant him or her authorization to access specific domain resources. 7

Cont …. Organizational units (OUs) are administrative containers within Active Directory that are used to collect objects that share common requirements for administration, configuration, or visibility. Groups are an important class of object because they are used to collect users, computers, and other groups to create a single point of management . The most straightforward and common use of a group is to grant permissions to a shared folder. Users in a domain often share many similar properties. For example, all sales representatives can belong to the same security groups, log on to the network during similar hours, and have home folders 8

Cont … Computer Similar with user object, computer are represented as account and object in AD. A computer also logs on to a domain . The computer object contains a name appended with a dollar sign , e,g COMP$, and password that is required when you join the computer to a domain. Each computer that need to access network resource must have a unique computer account in the network. Forest A forest is collection of one or more independent domain tree . 9

server installation Microsoft releases all of its operating systems in multiple editions, which provides consumers with varying price points and feature sets. Windows Server 2012 R2 Datacenter The Datacenter edition is designed for large and powerful servers with up to 64 processors and include fault-tolerance features such as hot-add processor support. Windows Server 2012 R2 Standard The Standard edition includes the full set of Windows Server 2012 R2 features and differs from the Datacenter edition only in the number of virtual machine (VM) instances permitted by the license . Windows Server 2012 R2 Essentials The Essentials edition includes nearly all the features in the Standard and Datacenter editions; it does not include Server Core , Hyper-V(virtualization techniques) , and Active Directory Federation Services . The Essentials edition is limited to one physical or virtual server instance and a maximum of 25 users 10

Cont … ■ Windows Server 2012 R2 Foundation The Foundation edition is a scaled-down version of the operating system; it is designed for small businesses that require only basic server features, such as file and print services and application support . No virtualization rights , and is limited to 15 users . Installation requirements If your computer does not meet the following hardware specifications, Windows Server 2012 R2 will not install correctly (or possibly at all): 1.4-GHz 64-bit processor 512 MB RAM 32 GB avalable disk space Super VGA (1024 x 768) or higher resolution monitor Keyboard and mouse (or other compatible pointing device) Internet access 11

Choosing installation options Windows Server 2012 R2 provides installation options that enable administrators to keep the unnecessary resources installed on a server to a minimum. Using Server Core Windows Server 2012 R2 includes an installation option that minimizes the user interface on a server. When you select the Windows Server Core installation option, you will install a stripped-down version of the operating system. There is no Start menu , no desktop Explorer shell, no Microsoft Management Console (MMC ), and virtually no graphical applications . All you see when you start the computer is a single window with a command promp t . 12

WHAT IS SERVER CORE? Server Core is not a separate product or edition. It is an installation option included with the Windows Server 2012 R2 Standard edition and the Windows Server 2012 R2 Datacenter edition . There are several advantages to running servers using Server Core: ■ Hardware resource conservation Server Core eliminates some of the most memory-intensive and processor-intensive elements. ■ Reduced disk space Server Core requires less disk space for the installed operating system elements, which maximizes the utilization of the server’s storage resources. 13

Cont … ■ Reduced patch frequency The graphical elements of Windows Server 2012 R2 are among the most frequently updated , so running Server Core reduces the number of updates that administrators must apply. Fewer updates also mean fewer server restarts and less downtime . ■ Reduced attack surface The less software there is running on the computer, the fewer entrance points for attackers to exploit. Server Core reduces the potential openings presented by the operating system, increasing its overall security. 14 FIGURE 1-1 The default Server Core interface

Window server 2012 installation(GUI) Start the computer then insert the window server 2012 installation DVD in to DVD drive. Reboot the computer, installation wizard appears as shown. 3. Click next button. The install windows wizard now contain an installation now button as shown . 4. Select the language for installation. 15 5. Click install now button to start installation of windows server 2012, then type your product key for activation .

Cont … 6 . Select window server edition and click next button 16 7. Select type of window server installation. (costume or upgrade)

Migrating roles In addition to installing server we can migrate a server from one to another. Migration is the preferred method of replacing an existing server with one running Windows Server 2012 R2. Unlike an in-place upgrade, a migration copies vital information from an existing server to a clean Windows Server 2012 R2 installation. By using the Windows Server Migration Tools and migration guides supplied with Windows Server 2012 R2, you can migrate data between servers under any of the following conditions: Between versions You can migrate data from any Windows Server version from Windows Server 2003 SP2 to Windows Server 2012 R2. This includes migrations from one server running Windows Server 2012 R2 to another. 17

Cont … ■ Between platforms You can migrate data from a 32-bit or 64-bit server to a 64-bit server running Windows Server 2012 R2. ■ Between editions You can migrate data between servers running different Windows Server editions(Data center to standard ). ■ Between physical and virtual instances You can migrate data from a physical server to a virtual one , or the reverse. ■ Between installation options You can migrate data from one server to another, even when one server is using the Server Core installation option and the other is using the Server with a GUI option . 18

Users and Group management Why Different Users? Users create data Privacy should be ensured Different privileges for different activities Administrators Regular Users Guests Why User Management? We must enforce policy based on the user or user role User management Creating, modifying and deleting users Granting and Revoking permissions to users 19

Users managing 20 Security policy should be in place T o define what to share and H ow to share it . Local User Management No user management server is used User accounts are created on the host itself Each host is responsible for managing its user Security policies are defined (and enforced) for the users created on the host Centralized User Management Dedicated server(s) manage user accounts User accounts are created on the server The server manages the users Security policy is defined on the server and is applied universally Specific Protocol – LDAP is used for communication between hosts and the server

Managing Users You can create user accounts manually or by writing scripts To create accounts manually, you use the Active Directory Users and Computers console To script a user account, you need to be familiar with at least one scripting language, such as VBScript or Jscript We can also cerate user account using power shell 21

Cont … It is very important to plan your user accounts before you actually create them Parameters you need to consider while planning Naming conventions Password requirements Account options Naming conventions A good naming convention makes it easy for users to remember their logon names Also provides for cases in which two users have the same name Password requirements Each user account will typically be assigned a password Passwords prevent unauthorized access to a domain or a computer 22

Cont … Account options It is also important to consider certain properties before you create user accounts Log On To option specifies the computers to which a user can log on Logon Hours section allows you to specify which hours of the day and days of the week a user can log on Account Expires section allows you to predefine when a user account will expire Active Directory Services Interfaces (ADSI) You can use ADSI to create scripts ADSI is a fully programmable automation object available for administrators You can also create user accounts in batches from a . csv or an . ldif file using the Csvde.exe or Ldifde.exe utilities 23

Cont …. Local user accounts If you have administrative rights, you can use the Local Users and Groups snap-in in the Computer Management console From this console, you can create, delete, or disable local user accounts on a local computer. 24 Local security database

Cont … Creating a Domain User Account You use a domain user account to log on to a domain and access network resources You use the Active Directory Users and Computers console to create domain user accounts. 25 Domain user account

Cont … Built-in user accounts are created by default during the installation of Windows Server. Administrator built-in user account Used to perform administrative tasks Creating and managing user accounts Setting account properties Assigning permissions to user accounts to access resources Used to gain access to network resources Built-in Guest account Used to give users access to resources for a short time Is disabled by default 26

Setting User Account Properties Every user account you create has a set of default properties you can configure Including personal information, logon settings, dial-in settings, and Terminal Services settings for a user The personal properties you define for a domain user account are useful when conducting user searches based on very specific information Logon settings are used to specify the logon hours for a user Dial-in settings for a user account are used to specify if and how a user can make a dial-connection from a remote location Terminal Services properties provide the ability to connect to a server from a remote location 27

Cont … You can save a lot of time by filling out the common fields shared between user accounts in a “ template” account A template account is a disabled account that is used as a model for creating other accounts After filling out the appropriate fields, you can right-click the account and select Copy to create a new account with most of your pre-defined fields already filled in 28

Maintaining User Accounts As a System/network administrator, you must maintain user accounts based on the needs of your organization Typical user account maintenance tasks Modifying user accounts Resetting passwords Unlocking user accounts You can modify user accounts in many ways Rename a user account Disable or enable a user account Delete a user account To modify user accounts, you need at least the Write permission for the user account 29

Cont … You can reset passwords when a user’s password expires before the user has a chance to change it In some cases, users might even forget their passwords You do not need to know the old password in order to reset a password After the administrator or the user sets a password for a user account, the password is not viewable to anyone, including the administrator Windows Server can lock user accounts for users who violate the account lockout policy In such cases, the user can either wait until the lockout period expires (usually 30 minutes), or contact an administrator to unlock the user account 30

Cont … To unlock a user account Open the Account tab on the Properties dialog box for the user account Clear the Account is locked out check box It is important to understand that the Account is locked out check box will be active only when the system has locked out a user account You cannot manually lock out a user account 31 Unlocking a locked out account

Cont … Moving accounts within a domain You move an account within a domain to change the OU or container in which the account is currently located This allows different delegated permissions and Group Policies to apply to the account Planning password policy You use Group Policy to set the Password policy for your network Passwords should be memorable to your users, yet be completely unrelated to them personally They should consist of uppercase and lowercase letters, numbers, and special characters The length of the password is also extremely important, as a longer password takes longer to hack using a dictionary or brute force techniques 32

Group management Because managing access to network resources using individual user accounts is unmanageable, you create group objects to manage large collections of users at one time. Group Types When you create a new group object by using Active Directory Users And Computers, you are given the choice of creating a distribution group or a security group. The most commonly used type of group in Active Directory is the security group . A security group is a security principal and can be used to assign permissions to network resources. A distribution group y ou can send mail to the whole group of users at one time, using distribution group. 33

Group management Group Scope In Windows Server Active Directory, you can create groups with three different scopes: Domain local , Global , and Universal. Nested groups are groups that are members of other groups. 34

Group scope Scope Group Membership Used to Domain local group User accounts from any domain in the forest Global groups or universal groups from any domain in the forest User accounts or global or universal groups from any domain in a trusted Forest Nested domain local groups from the local domain To assign access to resources only in the local domain Global group User accounts from the domain where the group is created Nested global groups from the same domain To assign access to resources in all domains in the forest, or between trusted forests Universal group User accounts from any domain in the forest Global groups from any domain in the forest Nested universal groups from any domain in the forest To assign access to resources in all domains in the forest or between trusted forests 35

Group types and scope Global Group Used to segregate objects based on business rules Replication Replicated to all domain controllers in the domain Membership Users and computers Other global group from the same domain only Availability Can be used by members of all domains in the forest Can be members of any domain local group or universal group in the forest or trusted domain

Domain Local groups Used to manage permissions to resources Replication Replicated to all domain controllers in the domain Membership Users, computers and global groups from any domain in the forest Universal group from any domain in the forest Availability Can be members of any other domain local groups or computer local groups

Universal groups Used to manage permissions to resources across multiple domains Replication Replicated to all domain controllers in the forest Membership Users, global groups and other universal groups from any domain in the forest Universal group from any domain in the forest Availability Can be members of a universal group or domain local groups anywhere in the forest

Host Management active directory and domain services in windows server.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Host Management active directory and domain services in windows server.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx