While each edition of Windows was targeted at a different market, they shared a core set of features, including many system utilities such as the Microsoft Management Console and standard system administration applications.
Support for people with disabilities has been improved over Windows NT 4. The Windows Server Family has additional features, including the ability to provide Active Directory services a hierarchical framework of resources , Distributed File System a file system that supports sharing of files and fault-redundant storage volumes.
Windows can be installed through either a manual or unattended installation. Unattended installations rely on the use of answer files to fill in installation information, and can be performed through a bootable CD using Microsoft Systems Management Server , by the System Preparation Tool. Microsoft marketed Windows as the most secure Windows version ever at the time; however, it became the target of a number of high-profile virus attacks such as Code Red and Nimda.
Beta 1 of NT 5. On October 27, , Microsoft announced that the name of the final version of the operating system would be Windows , a name which referred to its projected release date. Windows NT 5.
During development, there was a build for the Alpha which was abandoned some time after RC1 after Compaq announced they had dropped support for Windows NT on Alpha. From here, Microsoft issued three release candidates between July and November , and finally released the operating system to partners on December 12, The public could buy the full version of Windows on February 17, Three days before this event, which Microsoft advertised as "a standard in reliability," a leaked memo from Microsoft reported on by Mary Jo Foley revealed that Windows had "over 63, potential known defects.
However, Abraham Silberschatz et al. Much of this reliability came from maturity in the source code, extensive stress testing of the system, and automatic detection of many serious errors in drivers. Windows was first planned to replace both Windows 98 and Windows NT 4. However, that changed later. Instead, an updated version of Windows 98 called Windows 98 Second Edition was released in and Windows Me was released in late While Windows was designed for businesses, Windows Me was designed for home use.
Close to the release of Windows Service Pack 1, Microsoft released Windows Datacenter Server, targeted at large-scale computing systems with support for 32 processors, on September 29, Microsoft issued the following statement:.
As such, it is illegal to post it, make it available to others, download it or use it. Despite the warnings, the archive containing the leaked code spread widely on the file-sharing networks. On February 16, , an exploit "allegedly discovered by an individual studying the leaked source code" for certain versions of Microsoft Internet Explorer was reported. The most notable improvement from Windows NT 4.
Similar to Windows 9x , Windows supports automatic recognition of installed hardware, hardware resource allocation, loading of appropriate drivers, PnP APIs and device notification events. The addition of the kernel PnP Manager along with the Power Manager are two significant subsystems added in Windows Windows introduced version 3 print drivers user mode printer drivers. Driver Verifier was introduced to stress test and catch device driver bugs.
Windows introduces layered windows that allow for transparency, translucency and various transition effects like shadows, gradient fills and alpha blended GUI elements to top-level windows.
Menus support a new Fade transition effect. The Start Menu in Windows introduces personalized menus , expandable special folders and the ability to launch multiple programs without closing the menu by holding down the SHIFT key. A Re-sort button forces the entire Start Menu to be sorted by name. The Taskbar introduces support for balloon notifications which can also be used by application developers.
Windows Explorer has been enhanced in several ways in Windows This feature was abused by computer viruses that employed malicious scripts, Java applets, or ActiveX controls in folder template files as their infection vector. Other features new to Explorer include customizable toolbars, auto-complete in address bar and Run box, advanced file type association features and a Places bar in common dialogs. The "Web-style" folders view, with the left Explorer pane displaying details for the object currently selected, is turned on by default in Windows For certain file types, such as pictures and media files, the preview is also displayed in the left pane.
Until the dedicated interactive preview pane appeared in Windows Vista , Windows had been the only Windows release to feature an interactive media player as the previewer for sound and video files, enabled by default. However, such a previewer can be enabled in previous versions of Windows with the Windows Desktop Update installed through the use of folder customization templates. The default file tooltip displays file title, author, subject and comments; this metadata may be read from a special NTFS stream, if the file is on an NTFS volume, or from an OLE structured storage stream, if the file is a structured storage document.
All Microsoft Office documents since Office 4. File shortcuts can also store comments which are displayed as a tooltip when the mouse hovers over the shortcut. The shell introduces extensibility support through metadata handlers, icon overlay handlers and column handlers in Explorer Details view.
The right pane of Windows Explorer, which usually just lists files and folders, can also be customized. For example, the contents of the system folders aren't displayed by default, instead showing in the right pane a warning to the user that modifying the contents of the system folders could harm their computer. It's possible to define additional Explorer panes by using DIV elements in folder template files. This degree of customizability is new to Windows ; neither Windows 98 nor the Desktop Update could provide it.
The Indexing Service has also been integrated into the operating system and the search pane built into Explorer allows searching files indexed by its database. Windows supports disk quotas , which can be set via the "Quota" tab found in the hard disk properties dialog box. Microsoft released the version 3. Sparse files allow for the efficient storage of data sets that are very large yet contain many areas that only have zeros.
Reparse points allow the object manager to reset a file namespace lookup and let file system drivers implement changed functionality in a transparent manner. Volume mount points and directory junctions allow for a file to be transparently referred from one file or directory location to another.
It allows any folder or drive on an NTFS volume to be encrypted transparently by the user. To date, its encryption has not been compromised. EFS works by encrypting a file with a bulk symmetric key also known as the File Encryption Key, or FEK , which is used because it takes less time to encrypt and decrypt large amounts of data than if an asymmetric key cipher were used. The symmetric key used to encrypt the file is then encrypted with a public key associated with the user who encrypted the file, and this encrypted data is stored in the header of the encrypted file.
To decrypt the file, the file system uses the private key of the user to decrypt the symmetric key stored in the file header. It then uses the symmetric key to decrypt the file. Because this is done at the file system level, it is transparent to the user. For a user losing access to their key, support for recovery agents that can decrypt files is built in to EFS. A Recovery Agent is a user who is authorized by a public key recovery certificate to decrypt files belonging to other users using a special private key.
By default, local administrators are recovery agents however they can be customized using Group Policy.. Windows introduced the Logical Disk Manager and the diskpart command line tool for dynamic storage. All versions of Windows support three types of dynamic disk volumes along with basic disks : simple volumes , spanned volumes and striped volumes :.
In addition to these disk volumes, Windows Server , Windows Advanced Server , and Windows Datacenter Server support mirrored volumes and striped volumes with parity :. With Windows , Microsoft introduced the Windows 9x accessibility features for people with visual and auditory impairments and other disabilities into the NT-line of operating systems.
It also has support for many different locales. Windows included version 7. Microsoft published quarterly updates to DirectX 9. The majority of games written for versions of DirectX 9. Which of the following are valid roles for Windows Server computers?
Stand-alone server. Trust relationships cannot be configured as which of the following? Two-way and nontransitive E. Which of the following should play the least significant role in plan- ning an OU structure? Network infrastructure. Which of the following file extensions is used primarily for backwards compatibility with non-Windows Installer setup programs?
How can the Windows NT 4 file and printer resources be made available from within the Active Directory? A systems administrator can right-click the resource and select Publish. A systems administrator can create Printer and Shared Folder objects that point to these resources. The Active Directory Domains and Trusts tool can be used to make resources available. Only Windows resources can be accessed from within the Active Directory. An Active Directory environment consists of three domains.
What is the maximum number of sites that can be created for this environment? Which of the following statements regarding auditing and the Active Directory is false? Auditing prevents users from attempting to guess passwords.
Systems administrators should regularly review audit logs for sus- picious activity. Auditing information can be generated when users view specific information within the Active Directory. Auditing information can be generated when users modify specific information within the Active Directory.
All of the above. A systems administrator wants to allow a group of users to add Com- puter accounts to only a specific OU. What is the easiest way to grant only the required permissions? Delegate control of a User account. All other settings are left at their default. Which setting will be effective for objects within the OU? The process by which a higher-level security authority assigns permis- sions to other administrators is known as: A. Assignment D. What is the minimum amount of information needed to create a Shared Folder Active Directory object?
The name of the share. Ability to configure centralized and distributed administration D. Flexible replication.
A systems administrator plans to deploy 50 computers using RIS. There are two RIS servers on the network. They want to assign half of the client computers to receive images from one RIS server and the other half to receive images from the other RIS server. How can they accomplish this? Divide the computers into two different OUs, and use GPOs to specify to which server each client will be directed.
Use the Delegation of Control Wizard to assign permissions to half of the computers. Prestage the computers, and assign half of the computers to each RIS server. Nothing—the default behavior of RIS will ensure that load balanc- ing occurs. None of the above—the first RIS server to respond will provide the image files. Which of the following features of DNS can be used to improve performance? Caching-only servers. Active Directory Users and Computers. Active Directory Domains and Trusts C.
Active Directory Sites and Services. Which of the following tools can be used to automate the creation and management of User accounts? A systems administrator suspects that the amount of RAM in a domain controller is insufficient and that an upgrade is required.
Which of the following System Monitor counters would provide the most useful information regarding the upgrade? User accounts and groups B.
User accounts, groups, and OUs. Which of the following single master roles does not apply to each domain within an Active Directory forest? PDC Emulator Master. Which of the following types of server configurations cannot be used within a single DNS zone?
A single primary server with no secondary servers. No other GPOs have been created. Which option can a systems administrator use to ensure that the effective policy for objects within the OU is Enabled? Block Policy Inheritance on the OU. Which of the following is not a type of backup operation that is sup- ported by the Windows Backup utility?
Which of the following is generally not true regarding the domain con- trollers within a site? They are generally connected by a high-speed network. They may reside on different subnets. They are generally connected by reliable connections. Which of the following types of servers contain a copy of the Active Directory? Member server. When running in native mode, which of the following Group scope changes cannot be performed? Which of the following protocols may be used for intrasite replication?
Applications cannot be published to computers. See Chapter 11 for more information. The remaining roles apply at the domain level. See Chapter 5 for more information. All of the choices are valid types of Active Directory objects and can be created and managed using the Active Directory Users and Computers tool. See Chapter 7 for more information. Before beginning the installation of a domain controller, you should have all of the information listed.
See Chapter 3 for more information. Permissions and Security settings cannot be made on Distribution groups. Distribution groups are used only for the purpose of sending e-mail. See Chapter 8 for more information. All of the other configurations are supported although specific drivers from third-party manufacturers may be required.
See Chapter 12 for more information. See Chapter 2 for more information. Based on the business needs of an organization, a Windows Server computer can be configured in any of the above roles. See Chapter 1 for more information.
All of the trust configurations listed are possible. In general, you can accommodate your network infrastructure through the use of Active Directory sites. All of the other options should play a significant role when designing your OU structure. See Chapter 4 for more information.
ZAP files are used primarily to point to older pro- grams that do not use the Windows Installer. Printer and Shared Folder objects within the Active Directory can point to Windows NT 4 file and printer resources, as well as Win- dows resources.
The number of sites in an Active Directory environment is inde- pendent of the domain organization. An environment that consists of three domains may have one or more sites, based on the physical net- work setup. See Chapter 6 for more information. The purpose of auditing is to monitor and record actions taken by users. Auditing will not prevent users from attempting to guess pass- words although it might discourage them from trying, if they are aware it is enabled.
In order to allow this permission at the OU level, the systems administrator must create a Group Policy Object with the appropriate settings and link it to the OU. Assuming that the default settings are left in place, the Group Pol- icy setting at the OU level will take effect. See Chapter 10 for more information. Delegation is the process by which administrators can assign permissions on the objects within an OU.
The name of the server and the name of the share make up the UNC information required to create a Shared Folder object. See Chap- ter 7 for more information.
All of the options listed are benefits of using the Active Directory. One of the primary advantages of using prestaging is that systems administrators can distribute the load of installations between multiple RIS servers. One of the major design goals for DNS was support for scalability. All of the features listed can be used to increase the performance of DNS. All of the above tools and scripting languages can be used to auto- mate common administrative tasks, such as the creation and manage- ment of user accounts.
A page fault occurs when the operating system must retrieve infor- mation from disk instead of from RAM. If the number of page faults per second is high, then it is likely that the server would benefit from a RAM upgrade.
See Chapter 9 for more information. User accounts and groups are used for setting security permis- sions, while OUs are used for creating the organizational structure within the Active Directory. All of the roles listed are configured for each domain within the Active Directory forest. DNS does not allow for the use of more than one primary server per zone. By blocking policy inheritance on the OU, you can be sure that other settings defined at higher levels do not change the settings at the OU level.
However, this will only work if the No Override option is not set at the site level. The Windows Backup utility does not include an operation for weekly backups. Weekly backups can be performed, however, by using the scheduling functionality of the Backup utility. All of the descriptions listed are characteristics that are common to domain controllers within a single site.
Only Windows Server computers configured as domain con- trollers contain a copy of the Active Directory database. The scope of Universal groups cannot be changed. The first step we would take would probably be to look for their name in the local phone book. As you can see, this is not an exact science! Part of the problem is due to the lack of a single central repository of phone number infor- mation.
Clearly, this is a problem. That is, information is scattered throughout the organization, and finding what you need may take several phone calls and database searches. Furthermore, it is designed to increase capabil- ities while it decreases administration through the use of a hierarchical.
In order to reap the true benefits of this new technology, you must be willing to invest the time and effort to get it right. From end users to executive man- agement, the success of your directory services implementation will be based on input from the entire business. All of these statements about the Active Directory are true.
In fact, you could make your network more difficult to manage if you improperly implement Windows Once you have a good idea for the logical organization of your business and technical environment, however, you will have made much progress toward successfully installing and configuring the Active Directory. Planning an entire directory services architecture that conforms to your business and technical requirements is beyond the scope of this book. The topic is considerably complex and requires a thorough understanding of all the ramifications for your organization.
You must take into account, for example, business concerns, the geographic orga- nization of your company, and its technical infrastructure. It would be difficult to overemphasize the importance of plan- ning for Windows and the Active Directory. Planning, however, is just one part of the process.
Despite the underlying complexity of the Active Direc- tory and all of its features, Microsoft has gone to great lengths to ensure that implementation and management of the Active Directory are intuitive and straightforward, for no technology is useful if no one can figure out how to use it. The emphasis will be on addressing why the entire idea of directory services came about and how it can be used to improve operations in your environment.
The goal is to describe the framework on which the Active Directory is based. No specific exam objectives are covered in this chapter, but a basic under- standing of how the Active Directory is structured and why it was created are essential for performing well on the exam. However, the over- whelming majority of networks today run without any single unified direc- tory service. Almost all companies—from small businesses to global enterprises—store information in various disconnected systems.
For exam- ple, a company might record data about its employees in a human resources database while network accounts reside on a Windows NT 4 domain con- troller. Other information—such as security settings for applications— reside within various other systems.
The main reason for this disparity is that no single flexible data storage mechanism was available. But, implementing and managing many separate systems is a huge challenge for most organizations.
In contrast to a peer-to-peer network, properly configured file and print servers allow users and systems administrators to make the most of their resources. For many years, the realm of network and systems management was one that was controlled by administrators who often worked with cryptic com- mand-line interfaces. That is, only specialists normally managed information systems.
Newer network operating systems such as Novell NetWare and Windows NT started bringing ease of administration into the network com- puting world so that network administration no longer needed to be a task delegated to only a few individuals. For example, by bringing the intuitive graphical user interface GUI to the world of systems and network admin- istration, Windows NT 4 opened up the doors to simplifying management while still providing the types of security required by most businesses.
Windows NT Server and Workstation computers offered many benefits, including reliability, scalability, performance, and flexibility. In many cases, companies saw Windows NT 4 as a much more cost-effective solution than their existing client-server solutions. Other benefits of Windows NT included its compatibility with a large installed base of current software products. Application developers could, with a minimal amount of effort, develop programs that would run properly on various Windows-based plat- forms.
The purpose of this introduction is to provide an overview of the functionality of Windows NT 4. For more details about the product, see www. A major design goal for the Windows NT 4 operating system was to pro- vide for a secure yet flexible network infrastructure. A few years ago, few technical and business professionals would have imagined that personal computers would make inroads into corporate server rooms and data cen- ters. For many reasons, including cost-efficiency and price-performance ratios, they have done just that.
With these characteristics in mind, we have set the stage for discussing the model used by Windows NT to organize users and secure resources and some of its shortcomings. However, like any technical solution, it has its limitations. First and foremost, questions regarding the scalability of its rudimentary directory ser- vices prevented some potential inroads into corporate data centers.
Win- dows NT uses the concept of a domain to organize users and secure resources. A Windows NT domain is essentially a centralized database of security information that allows for the management of network resources.
Domains are implemented through the use of Windows NT Server com- puters that function as domain controllers. All network security accounts are stored within a central database on the PDC. To improve performance and reliability. Although BDCs can help distribute the load of network logon requests and updates, there can be only one master copy of the accounts database. This primary copy resides on the PDC, and all user and security account changes must be recorded by this machine and transmitted to all other domain controllers.
Figure 1. In order to meet some of these design issues, several different Windows NT domain models have been used. In this scenario, user accounts are stored. The servers in these domains are responsible primarily for managing network accounts. BDCs for these user domains are stored in various locations throughout the organization. These domains may be created and managed as needed by the organization itself and are often administered separately.
In order for resources to be made available to users, each of the resource domains must trust the master domain s. The overall process places all users from the master domains into global groups. These global groups are then granted access to network resources in the resource domains. Sales Corporate Resource Domains. The Windows NT domain model works well for small- to medium- sized organizations. It is able to accommodate several thousands of users fairly well, and a single domain can handle a reasonable number of resources.
Above these guidelines, however, the network traffic required to keep domain controllers synchronized and the number of trust rela- tionships to manage can present a challenge to network and systems administrators. As the numbers of users grow, it can get much more dif- ficult for the domains to accommodate large numbers of changes and network logon requests.
The Limitations of Windows NT 4 The Windows NT 4 domain model has several limitations that hinder its scalability to larger and more complex environments. Although multiple domains can be set up to ease administra- tion and network constraint issues, administering these domains quickly becomes quite complicated and management-intensive.
For example, trust relationships between the domains can quickly grow out of control if not managed properly, and providing adequate bandwidth for keeping network accounts synchronized can be a costly burden on the network. Domains, themselves, are flat entities used to organize and administer security information. They do not take into account the structure of busi- nesses and cannot be organized in a hierarchical fashion using subdomains for administrative purposes.
Therefore, systems administrators are forced to place users into groups. As groups cannot be nested that is, have sub- groups , it is not uncommon for many organizations to manage hundreds of groups within each domain. Setting permissions on resources such as file and print services can become an extremely tedious and error-prone process.
As far as security is concerned, administration is often delegated to one or more users of the IT department. These individuals have complete control over the domain controllers and resources within the domain itself. This poses several potential problems—both business and technical.
As the distri- bution of administrator rights is extremely important, it would be best to assign permissions to certain areas of the business. However, the options available in the Windows NT operating system were either difficult to imple- ment or did not provide enough flexibility.
All of this leads to a less-than-opti- mal configuration. For example, security policies are often set to allow users far more permissions than they need to complete their jobs.
If you have worked with Windows NT 4 domains in a medium- to large- sized environment, you are probably familiar with many of the issues related to the domain model. Nevertheless, Windows NT 4 provides an excellent solution for many businesses and offers security, flexibility, and network management features unmatched by many of its competitors.
As with almost any technical solution, however, there are areas in which improvements can be made. The Benefits of the Active Directory M ost businesses have created an organizational structure in an attempt to better manage their environments. For example, companies often divide themselves into departments such as Sales, Marketing, and Engineer- ing , and individuals fill roles within these departments such as managers and staff.
The goal is to add constructs that help coordinate the various functions required for the success of the organization as a whole. In modern businesses, this involves planning for, implementing, and managing various network resources. Servers, workstations, and routers are common tools that are used to connect users with the information they need to do their jobs. In all but the smallest environments, the effort required to manage each of these technological resources can be great.
In its most basic definition, a directory is a repository that records informa- tion and makes it available to users. User account management, secu- rity, and applications are just a few of these areas. The Active Directory is a data store that allows administrators to manage various types of information within a single distributed database, thus solving one of the problems we stated earlier.
This is no small task, but there are many features of this direc- tory services technology that allow it to meet the needs of organizations of any size.
Through the use of various organizational components, a company can create a network management infrastructure that mirrors its business organization. So, if a company has 10 major divisions, each of which has several departments, the directory services model can reflect. This structure can efficiently accommodate the physical and logical aspects of information resources such as databases, users, and computers.
In addi- tion to the hierarchical organization of objects within the Active Direc- tory, the integration of network naming services with the Domain Name System DNS provides for the hierarchical naming and location of resources throughout the company and on the public Internet. Extensible Schema One of the foremost concerns with any type of data- base is the difficulty encountered when trying to accommodate all types of information in one storage repository.
In this case, extensibility means the ability to expand the directory schema. The schema is the actual structure of the database in terms of data types and location of the attributes. This is important because it allows applications to will know where particular pieces of information reside.
You cannot delete any portion of the schema, even the pieces that you may add. The information stored within the structure of the Active Directory can be expanded and customized through the use of various tools. This feature allows the Active Directory to adapt to special appli- cations and to store additional information as needed. It also allows all of the various areas within an organization or even between them to share data easily based on the structure of the Active Directory.
Centralized Data Storage All of the information within the Active Directory resides within a single, yet distributed, data repository. This allows users and systems administrators to easily access the information they need from wherever they may be within the company.
The benefits of the centralized data storage include reduced administration require- ments, less duplication, greater availability, and increased organization of data. Replication If server performance and reliability were not concerns, it might make sense to store the entire Active Directory on a single server. In the real world, however, accessibility and cost constraints require the database to be replicated throughout the network.
Active Directory pro- vides for this functionality. Through the use of replication technology,. The ability to define sites allows systems and network administrators to limit the amount of traffic between remote sites while still ensuring adequate performance and usability.
Reliable data syn- chronization allows for multimaster replication—that is, all domain controllers can update information stored within the Active Directory and can ensure its consistency at the same time. Ease of Administration In order to accommodate various business models, the Active Directory can be configured for centralized or decen- tralized administration. This gives network and systems administrators the ability to delegate authority and responsibilities throughout the orga- nization while still maintaining security.
Furthermore, the tools and util- ities used to add, remove, and modify Active Directory objects are available from all Windows domain controllers. They allow for making companywide changes with just a few mouse clicks. Network Security Through the use of a single logon and various authen- tication and encryption mechanisms, the Active Directory can facilitate security throughout an entire enterprise. Through the process of delega- tion, higher-level security authorities can grant permissions to other administrators.
For ease of administration, objects in the Active Directory tree inherit permissions from their parent objects. Application developers can take advantage of many of these features to ensure that users are iden- tified uniquely and securely. Network administrators can create and update permissions as needed from within a single repository, thereby reducing chances of inaccurate or outdated configuration.
Client Configuration Management One of the biggest struggles for sys- tems administrators comes with maintaining a network of heterogeneous systems and applications. A fairly simple failure—such as a hard disk crash—can cause hours of work in reconfiguring and restoring a work- station or server. Hours of work can also be generated when users are forced to move between computers and they need to have all of their applications reinstalled and the necessary system settings updated.
New technologies integrated. The overall benefit is decreased downtime, a better end user experience, and reduced administration. Scalability and Performance Large organizations often have many users and large quantities of information to manage.
The Active Directory was designed with scalability in mind. Not only does it allow for storing up to millions of objects within a single domain, it also provides methods for distributing the necessary information between servers and locations. These features relieve much of the burden of designing a directory services infrastructure based on technical instead of business factors. Searching Functionality One of the most important benefits of having all of your network resources stored in a single repository is the ability to perform accurate searches.
Users often see network operating systems as extremely complicated because of the naming and location of resources.
For example, if we need to find a printer, we should not need to know the name of the domain or print server for that object. Using the Active Directory, users can quickly find information about other users or resources, such as printers and servers, through an intuitive querying interface. For now, keep in mind the various challenges that the Active Directory was designed to address. The scope of this chapter is limited to introducing only the technical concepts on which the Active Directory is based.
A schema usually defines the types of information that can be stored within a certain repository and special rules on how the informa- tion is to be organized. Within a relational database or Microsoft Excel spreadsheet, for example, we might define tables with columns and rows.
Similarly, the Active Directory schema specifies the types of information that are stored within a directory. By default, the schema supports information regarding user names, passwords, and permissions information. The schema itself also describes the structure of the information stored within the Active Directory data store.
The Active Directory data store, in turn, resides on one or more domain controllers that are deployed throughout the enterprise. Components and Mechanisms of the Active Directory In order to maintain the types of information required to support an entire organization, the Active Directory must provide for many different types of functionality. These include the following: Data Store When you envision the Active Directory from a physical point of view, you probably imagine a set of files stored on the hard disk that contain all of the objects within it.
The term data store is used to refer to the actual structure that contains the information stored within the Active Directory. The data store is implemented as just that—a set of files that reside within the file system of a domain controller. This is the fun- damental structure of the Active Directory.
The data store itself has a structure that describes the types of information it can contain. Within the data store, data about objects is recorded and made available to users. Similarly, information about users, groups, and computers that are part of the domain are also recorded. Schema The Active Directory schema consists of rules on the types of information that can be stored within the directory. The schema is made up of two types of objects: attributes and classes.
Attributes define a single granular piece of information stored within the Active Directory. First Name and Last Name, for example, are considered attributes, which may contain the values of Bob and Smith. Classes are objects that are defined as collections of attributes.
It is important to understand that classes and attributes are defined inde- pendently and that any number of classes can use the same attributes.
For example, if we create an attribute called Nickname, this value could con- ceivably be used to describe a User class and a Computer class. By default, Microsoft has included several different schema objects. In order to sup- port custom data, however, applications developers can extend the schema by creating their own classes and attributes. The overall result of the schema is a centralized data store that can contain information about many different types of objects—including users, groups, computers, network devices, applications, and more.
Global Catalog The Global Catalog is a database that contains all of the information pertaining to objects within all domains in the Active Direc- tory environment. One of the potential problems with working in a multi— domain environment is that users in one domain may want to find objects stored in another domain, but they may not have any additional informa- tion about those objects.
The purpose of the Global Catalog is to index information stored in the Active Directory so that it can be more quickly and easily searched.
In order to store and replicate all of this information, the Global Catalog can be distributed to servers within the network environment. That is, net- work and systems administrators must specify which servers within the Active Directory environment should contain copies of the Global Cata- log. This decision is usually made based on technical considerations such as network links and organizational considerations such as the number of users at each remote site. You can think of the Global Catalog as a uni- versal phone book.
Such an object would be quite large and bulky, but also very useful. Your goal as a systems administrator would be to find a balance between maintaining copies of the phone book and making potential users of the book travel long distances to use it. This distribution of Global Catalog information allows for increased per- formance during companywide resource searches and can prevent excessive. Since the Global Catalog includes informa- tion about objects stored in all domains within the Active Directory envi- ronment, its management and location should be an important concern for network and systems administrators.
The Active Directory includes a search engine that can be queried by users to find information about objects stored within it. For example, if a member of the Human Resources department is looking for a color printer, they can easily query the Active Directory to find the one located closest to them.
Best of all, the query tools are already built into Windows operating systems and are only a few mouse clicks away. Replication Although it is theoretically possible to create a directory ser- vice that involves only one central computer, there are several problems with this configuration. First, all of the data is stored on one machine. This server would be responsible for processing all of the logon requests and search queries associated with the objects that it contained. Although this scenario might work well for a small network, it would create a tre- mendous load on servers in larger environments.
Furthermore, clients that are located on remote networks would experience slower response times due to the pace of network traffic. Another drawback is that the entire directory would be stored in only one location.
If this server became unavailable due to a failed power supply, for example , network authen- tication and other vital processes could not be carried out. To solve these problems, the Active Directory has been designed with a replication engine. The purpose of replication is to distribute the data stored within the directory throughout the organization for increased availability, per- formance, and data protection. Systems administrators can tune replication to occur based on their physical network infrastructure and other constraints.
Each of these components must work together to ensure that the Active Directory remains accessible to all of the users that require it and to maintain the accuracy and consistency of its information.
An Overview of Active Directory Domains In Windows Active Directory, a domain is a logical security boundary that allows for the creation, administration, and management of related resources. You can think of a domain as a logical division, such as a neigh- borhood within a city. Although each neighborhood is part of a larger group of neighborhoods the city , it may carry on many of its functions indepen- dently of the others.
For example, resources such as tennis courts and swim- ming pools may be made available only to members of the neighborhood, while resources such as electricity and water supplies would probably be shared between neighborhoods. So, think of a domain as a grouping of objects that utilizes resources exclusive to its domain, but keep in mind that those resources can also be shared between domains. I am also a retired person desperate to have this program re-install on my PC and your help will mean a lot to me.
Welcome to Microsoft Community and thank you for providing us an opportunity to assist you. As per the issue description, it looks like you want to download and install Windows on the computer.
I would like to inform you that Microsoft has ended support for Windows You can refer to the link for more details on this information:. For further reference, you can refer to the link:. Was this reply helpful?
0コメント