Home Page Icon
Home Page
Table of Contents for
IX. Fault Tolerance Technologies
Close
IX. Fault Tolerance Technologies
by Alex Lewis, Michael Noel, Rand Morimoto
Microsoft Windows Server 2003 Unleashed, R2 Edition
Copyright
Dedication
About the Authors
Acknowledgments
We Want to Hear from You!
Introduction
I. Windows Server 2003 Overview
1. Windows Server 2003 Technology Primer
Windows Server 2003 Defined
Windows .NET Framework Versus Windows Server 2003
Understanding the Windows .NET Framework
Understanding the Core Windows Server 2003 Operating System
Choosing to Implement Windows Server 2003
Windows Server 2003 Core to an Active Directory Environment
Windows Server 2003 Running Built-in Application Server Functions
Windows Server 2003 Running Add-in Applications Server Functions
When Is the Right Time to Migrate?
Adding a Windows Server 2003 to an NT4 or Windows 2000 Environment
Migrating from Windows 2000 to Windows Server 2003
Migrating Directly from Windows NT4 to Windows Server 2003
Versions of Windows Server 2003
Windows Server 2003 Web Edition
Windows Server 2003 Standard Edition
Windows Server 2003 Enterprise Edition
Windows Server 2003 Datacenter Edition
Windows Server 2003 x64-bit Edition
What’s New in Windows Server 2003?
Visual Changes in Windows Server 2003
Customization and Programmability of the .NET Server Interface
Changes That Simplify Tasks
Drag-and-Drop Capabilities in Administrative Tools
Built-in Setup, Configuration, and Management Wizards
Improved Security
IPSec and Wireless Security Improvements
Microsoft Passport Support
Performance and Functionality Improvements
Global Catalog Caching on a Domain Controller
Fine-Tuning on Global Catalog Synchronization
Ability to Disable Compression on High-Speed Links
Increased Support for Standards
Support for IPv6
Support for XML Web Services
Support for IETF Security Standards
Ability to Delete Active Directory Schema Objects
Windows Server 2003 Benefits for Administration
File Server Resource Manager (FSRM)
Print Management Console (PMC)
Volume Shadow Copy
Online Backup of Open Files
User-Level Retrieval of Archived File Copies
Global Catalog Build from Media
IPSec NAT Traversal
Windows Server 2003 for Better User Services
File Management with Distributed File System
Redundancy and Fault Tolerance of Data with DFSR
Redundancy with Printer Queues
Benefits for Thin Client Terminal Services
Local Drive and Audio Redirection
Local Drive Redirection
Audio Redirection
Local Time Zone Support
Specifying Connection Type
Session Directory
Benefits for Improved Management
Automatic Server Recovery
Remote Installation Service for Servers
Out-of-Band Management
Extending the Directory Beyond Active Directory
Active Directory Federation Services (ADFS)
Active Directory in Application Mode (ADAM)
Identity Management for Unix (IdMU)
Going Beyond the Basic Features of Windows 2003 with Feature Packs
Group Policy Management Console
Software Update Service
Identity Integration Feature Pack
Directory Services Markup Language Services for Windows
Remote Control Add-on for Active Directory Users and Computers
Services for NetWare 5.03
Windows SharePoint Services
Windows Rights Management Services
Windows System Resource Manager
Extending the Capabilities of Windows 2003 with Downloadable Tools
Active Directory Migration Tool v2.0
Domain Rename
Application Compatibility Tools
Log Parser Tool
Microsoft Operations Manager Tools
File Replication Management Tools
Getting to Know Windows 2003 Resource Kit Tools
Getting Started with Windows Server 2003
Best Practices
2. Planning, Prototyping, Migrating, and Deploying Windows Server 2003 Best Practices
Determining the Scope of Your Project
Identifying the Business Goals and Objectives to Implement Windows Server 2003
High-Level Business Goals
Business Unit or Departmental Goals
Identifying the Technical Goals and Objectives to Implement Windows Server 2003
Defining the Scope of the Work
Determining the Time Frame for Implementation or Migration
Defining the Participants of the Design and Deployment Teams
The Discovery Phase: Understanding the Existing Environment
Understanding the Geographical Depth and Breadth
Managing Information Overload
The Design Phase: Documenting the Vision and the Plan
Collaboration Sessions: Making the Design Decisions
Organizing Information for a Structured Design Document
The Executive Summary
The Goals and Objectives
The Background
The Approach
The End State
The Budget Estimate
Windows Server 2003 Design Decisions
Agreeing on the Design
The Migration Planning Phase: Documenting the Process for Migration
Time for the Project Plan
Speed Versus Risk
Creating the Migration Document
The Executive Summary
The Goals and Objectives Section
The Roles and Responsibilities Section
The Approach Section
The Project Plan Section
The Budget Section
The Prototype Phase: Creating and Testing the Plan
How Do You Build the Lab?
Results of the Lab Testing Environment
The Pilot Phase: Validating the Plan to a Limited Number of Users
The First Server in the Pilot
Rolling Out the Pilot Phase
Quantity of Pilot Users
Application Complexity of Pilot Users
Role Complexity of Pilot Users
Geographical Diversity of Pilot Users
Fixing Problems in the Pilot Phase
Documenting the Results of the Pilot
The Migration/Implementation Phase: Conducting the Migration or Installation
Verifying End User Satisfaction
Supporting the New Windows Server 2003 Environment
Summary
Best Practices
The Discovery Phase
The Design Phase
The Migration Planning Phase
The Prototype Phase
The Pilot Phase
The Migration/Implementation Phase
3. Installing Windows Server 2003
Preplanning and Preparing a Server Installation
Verifying Minimum Hardware Requirements
Choosing a New Installation or an Upgrade
Should You Perform a New Installation?
Should You Upgrade an Existing Server?
Determining the Type of Server to Install
Gathering the Information Necessary to Proceed
Selecting the Computer Name
Name of the Workgroup or Domain
Network Protocol and IP Address of the Server
Backing Up Files
Setting Up the Windows Server 2003 Operating System
Formatting the Partition
Quick Formatting or Regular Formatting
FAT or NTFS
Customizing Regional and Language Options
Personalizing the Software
Inserting a Product Key
Using a Retail Media Activation Key
Using a Volume Media Activation Key
Selecting Licensing Modes
Per Server Licensing
Per Device Licensing
Setting Computer Name and Administrator Password
Choosing Your Computer Name
Selecting an Administrator Password
Modifying Date and Time Settings
Modifying Network Settings
Typical Settings
Custom Settings
Joining a Workgroup or Computer Domain
Completing the Installation
Logging In
Activating Windows Server 2003
Activating Windows over the Internet
Activating Windows Server 2003 by Telephone
Upgrading to Windows Server 2003
Backing Up the Server
Verifying System Compatibility
Checking the System Automatically
Performing Additional Tasks
Performing the Upgrade
Using Alternative Methods of Installation
Performing an Unattended Windows Server 2003 Installation
Deciding When to Use an Unattended Installation
Using the Improved Setup Manager
Preparing for an Unattended Installation
Creating an Unattended Installation Script
Sample unattend.txt File
Launching an Unattended Installation Script
Sample unattend.bat File
Installing Windows Server 2003 from an Image
Using Remote Installation Services
Improvements to Remote Installation Services
Client Requirements for RIS
Using the System Preparation Tool
Improvements to the System Preparation Tool
Using the Automated Deployment Services Tool
Installing Windows Server 2003 with Group Policy and Systems Management Server
Updating a Windows 2003 Server with a Service Pack
Installing the Service Pack
Slipstreaming the Service Pack into a New Installation Media
Preparing a System and Installing the Windows 2003 R2 Components
Preparing the Installation of Windows 2003 R2
Preparing a System Without Service Packs
Preparing a System with a Service Pack
Preparing Windows 2003 R2 from Windows 2003 R2 Media
Installing the Windows 2003 R2 Component Files
Installing Specific Windows 2003 R2 Components
Configuring the Individual Windows 2003 R2 Components
Summary
Best Practices
II. Windows Server 2003 Active Directory
4. Active Directory Primer
The Evolution of Directory Services
The Original Microsoft Directory Systems
Key Features of Active Directory
Understanding the Development of Active Directory
The Limitations of NT 4.0 Domains
Microsoft’s Adoption of Internet Standards
Active Directory’s Structure
The Active Directory Domain
Active Directory Domain Trees
Forests in Active Directory
Active Directory Authentication Modes
Functional Levels in Windows Server 2003 Active Directory
Active Directory’s Components
Understanding Active Directory’s X.500 Roots
The AD Schema
Schema Objects
Extending the Schema
Performing Schema Modifications Using the ADSIEdit Tool
Lightweight Directory Access Protocol
Distinguished Names in AD
Relative Distinguished Names
Multi-Master Replication with AD Domain Controllers
Global Catalog and Global Catalog Servers
Operations Master (OM) Roles
Domain Trusts
Transitive Trusts
Explicit Trusts
Organizational Units
Determining Domain Usage Versus OU Usage
The Role of Groups in an Active Directory Environment
Choosing Between OUs and Groups
Active Directory Replication
Sites, Site Links, and Site Link Bridgeheads
Originating Writes
The Role of DNS in Active Directory
DNS Namespace Concepts
Dynamic DNS
Comparing Standard DNS Zones and AD-Integrated DNS Zones
Understanding How AD DNS Works with Foreign DNS
Active Directory Security
Kerberos Authentication
Understanding Why Internet Information Server v6 Is Disabled by Default
Taking Additional Security Precautions
Active Directory Changes in Windows Server 2003
Active Directory in Application Mode (ADAM)
Additional Changes in Windows Server 2003
Summary
Best Practices
5. Designing a Windows Server 2003 Active Directory
Active Directory Domain Design
Domain Trusts
Transitive Trusts
Explicit Trusts
Shortcut Trusts
Cross-Forest Transitive Trusts
Choosing Your Domain Namespace
External (Published) Namespace
Internal Namespace
New Domain Design Features in Windows Server 2003
Choosing Your Domain Structure
Single Domain Model
Choosing the Single Domain Model
A Single Domain Real-World Design Example
Multiple Domain Model
When to Add Additional Domains
A Multiple Domain Real-World Design Example
Multiple Trees in a Single Forest Model
When to Deploy a Multiple Tree Domain Model
A Multiple Tree Domain Real-World Design Example
Federated Forests Design Model
Determining When to Choose Federated Forests
A Federated Forest Real-World Design Example
Peer-Root Domain Model
Determining When to Choose the Peer-Root Model
A Real-World Peer-Root Domain Design Example
Placeholder Domain Model
A Placeholder Domain Real-World Design Example
Special-Purpose Domain Design Models
A Special-Purpose Domain Real-World Design Example
Renaming an Active Directory Domain
Domain Rename Limitations
Domain Rename Prerequisites
Renaming a Domain
Step 1: List Current Forest Description
Step 2: Modify Forest Description with New Domain Name(s)
Step 3: Upload Rename Script to DCs
Step 4: Prepare DCs for Domain Rename
Step 5: Execute Domain Rename Procedure
Step 6: Post-Rename Tasks
Summary
Best Practices
6. Designing Organizational Unit and Group Structure
Defining Organizational Units in Active Directory
AD Groups
Group Types: Security or Distribution
Security Groups
Distribution Groups
Mail-Enabled Groups
Group Scope
Machine Local Groups
Domain Local Groups
Global Groups
Universal Groups
OU and Group Design
Starting an OU Design
Mapping the OU Design to an NT Resource Domain Layout
Overuse of OUs in Domain Design
OU Flexibility
Using OUs to Delegate Administration
Group Policies and OU Design
Understanding Group Design
Best Practice for Groups
Establishing Group Naming Standards
Group Nesting
Distribution Group Design
Sample Design Models
Business Function–Based Design
OU Design for a Business Function–Based Design
Group Design for a Business Function–Based Design
Geographical-Based Design
OU Design for a Geographical-Based Design
Group Design for a Geographical-Based Design
Summary
Best Practices
7. Active Directory Infrastructure
Understanding Active Directory Replication
Understanding the Role of Replication in Active Directory
Multimaster Topology Concepts
Update Sequence Numbers
Replication Collisions
Property Version Numbers
Connection Objects
Replication Latency
SMTP Versus IP Replication
Active Directory Sites
Windows Server 2003 Site Improvements
Associating Subnets with Sites
Using Site Links
Site Link Bridging
The Knowledge Consistency Checker and the Intersite Topology Generator
Detailing Site Cost
Preferred Site Link Bridgeheads
Planning Replication Topology
Mapping Site Design into Network Design
Establishing Sites
Choosing Between One Site or Many Sites
Associating Subnets with Sites
Determining Site Links and Site Link Costs
Choosing Replication Scheduling
Choosing SMTP or IP Replication
Encrypting SMTP Site Links
Windows Server 2003 Replication Enhancements
Domain Controller Promotion from Media
Identifying Linked-Value Replication/Universal Group Membership Caching
Removing Lingering Objects
Disabling Replication Compression
No Full Synchronization of Global Catalog with Schema Changes
Intersite Topology Generator Algorithm Improvements
Windows Server 2003 IPv6 Support
Defining the Structure of IPv6
Understanding IPv6 Addressing
Installing IPv6
Migrating to IPv6
Making the Leap to IPv6
Real-World Replication Designs
Hub-and-Spoke Replication Design
Decentralized Replication Design
Summary
Best Practices
8. Integrating Active Directory with Novell, Oracle, Unix, and NT4 Directories
Understanding and Using Services for Unix 3.5
The Development of Services for Unix
The Components of Services for Unix
Prerequisites for Services for Unix
Installing Services for Unix R2
Subsystem for Unix-Based Applications as a Component of Services for Unix
SUA Scripting
SUA Tools and Programming Languages
Sharing Files Between Unix NFS and Windows
Using Server for NFS
Deploying the NFS Client
Taking Advantage of User Synchronization in SFU
User Name Mapping
Synchronizing Passwords with IDMU
Adding NIS Users to Active Directory
Administrative Improvements in Services for Unix
Performing Remote Administration with Telnet Server and Client
Scripting with ActivePerl and SFU
Connecting Windows and NetWare Environments with Services for NetWare
Gateway Services for NetWare
Using Services for NetWare
Installing Services for NetWare 5.03
File and Print Services for NetWare
Microsoft Directory Synchronization Services
Migrating Using the File Migration Utility
Microsoft Identity Integration Server 2003
The History of MIIS
Presenting the Identity Integration Feature Pack (IIFP)
The SQL Server Database for MIIS
MIIS Terminology
MIIS Management Agents
Management Agent Run Profiles
Installing Microsoft Identity Integration Server 2003
Harnessing the Power and Potential of MIIS
Managing Identities with MIIS
Provisioning and Deprovisioning Accounts with MIIS
Summarizing MIIS 2003
Working with Active Directory Federation Services
Understanding the Key Components of ADFS
Installing the ADFS with Windows Server 2003 R2
Working with ADFS
Summary
Best Practices
III. Network Services
9. The Domain Name System
Inside the Domain Name System
The Need for DNS
DNS History
Framework for DNS
DNS Hierarchy
The DNS Namespace
Getting Started with DNS on Windows Server 2003
Installing DNS Using the Configure Your Server Wizard
Configuring DNS to Point to Itself
Understanding Resource Records
Start of Authority Records
Host (A) Records
Name Server (NS) Records
Service (SRV) Records
Mail Exchanger (MX) Records
Pointer (PTR) Records
Canonical Name (CNAME) Records
Other Records
DNS Zones
Forward Lookup Zones
Reverse Lookup Zones
Primary Zones
Secondary Zones
Stub Zones
Zone Transfers
Performing Full Zone Transfers
Initiating Incremental Zone Transfers
DNS Queries
Recursive Queries
Iterative Queries
Other DNS Components
Dynamic DNS
The Time to Live Value
Performing Secure Updates
Aging and Scavenging
Root Hints
Forwarders
Using WINS for Lookups
The Evolution of Microsoft DNS
Active Directory–Integrated Zones
Dynamic Updates
Unicode Character Support
DNS Changes in Windows Server 2003
DNS Is Stored in the Application Partition
Automatic Creation of DNS Zones
No “Island” Problem
Forest Root Zone for _msdcs Moved to Separate Zone
DNS in an Active Directory Environment
The Impact of DNS on Active Directory
Active Directory in Non-Microsoft DNS Implementations
Using Secondary Zones in an AD Environment
SRV Records and Site Resolution
Troubleshooting DNS
Using the DNS Event Viewer to Diagnose Problems
Using Performance Monitor to Monitor DNS
Client-Side Cache and HOST Resolution Problems
Using the NSLOOKUP Command-Line Utility
Using the IPCONFIG Command-Line Utility
Using the TRACERT Command-Line Utility
Using the DNSCMD Command-Line Utility
Summary
Best Practices
10. DHCP/WINS/Domain Controllers
Overview of the “Other” Network Services
Key Components of an Enterprise Network
Network Addressing
Name Resolution
Directory Integration
Outlining Network Services Changes in Windows Server 2003
Dynamic Host Configuration Protocol (DHCP)
Detailing the Need for DHCP
DHCP Predecessors: RARP and BOOTP
The DHCP Server Service
The DHCP Client Service
Automatic Private IP Addressing (APIPA)
DHCP Relay Agents
DHCP and Dynamic DNS
Installing DHCP and Creating New Scopes
DHCP Changes in Windows Server 2003
Automating DHCP Database Backup and Restore
DHCP Client Alternate Network Capability
DHCP Failover
The 50/50 Failover Approach for DHCP Fault Tolerance
The 80/20 Failover Approach to DHCP Fault Tolerance
The 100/100 Failover Approach to DHCP Fault Tolerance
Standby Scopes Approach
Clustering DHCP Servers
Advanced DHCP Concepts
DHCP Superscopes
DHCP Multicast Scopes
Delegating Administration of DHCP
Netsh Command-Line Utility
Performing DHCP Database Maintenance
DHCP Security
DHCP Authorization
DHCP and Domain Controller Security
The Windows Internet Naming Service
Legacy Microsoft NetBIOS Resolution
WINS and DNS Integration
Changes in Windows Server 2003 WINS
Installing and Configuring WINS
Installing WINS
Configuring Push/Pull Partners
WINS Replication
NetBIOS Client Resolution and the LMHOSTS File
Planning, Migrating, and Maintaining WINS
Designing a WINS Environment
Upgrading a WINS Environment
Maintaining the WINS Database
Global Catalog Domain Controller Placement
Understanding the Role of the Active Directory Global Catalog
Global Catalog/Domain Controller Placement
Universal Group Caching
Global Catalog and Domain Controller Placement
Summary
Best Practices
11. Internet Information Services v6
Improvements in IIS 6
Planning and Designing IIS
Determining Server Requirements
Determining Fault Tolerance Requirements
Installing and Upgrading IIS
Upgrading from Other Versions of IIS
Configuring IIS
Using the IIS Snap-in
Configuring Web Services
Creating a Web Site with IIS
Selecting Web Site Properties
Creating and Configuring a Virtual Directory
Configuring and Optimizing Applications
Application Isolation and Pooling
IIS 6 Process Recycling
Monitoring IIS Health
Application Performance
Application Options
Installing and Configuring FTP Services
Isolating FTP Users for Content Protection
Creating an FTP Site
FTP Properties Page
Examining Optional IIS Components
SMTP Services
NNTP Service
Indexing Internet Services
Securing IIS
Windows Server 2003 Security
Locking Down Web Service Extensions
IIS Authentication
Auditing Web Services
Using SSL Certificates
Configuring FTP Security Options
Securing FTP Transfer
Securing FTP Authentication
Other FTP Security Measures
Maintaining IIS
IIS Logging
Internet Explorer Enhanced Security Configuration for Servers
Summary
Best Practices
IV. Security
12. Server-Level Security
Defining Windows Server 2003 Security
Microsoft’s “Trustworthy Computing” Initiative
Common Language Runtime
The Layered Approach to Server Security
Deploying Physical Security
Restricting Physical Access
Restricting Login Access
Using the Run As Command for Administrative Access
Using Smartcards for Login Access
Securing Wireless Networks
Firewall Security
Hardening Server Security
Defining Server Roles
Securing a Server Using the Configure Your Server Wizard
Using Security Templates to Secure a Server
Shutting Off Unnecessary Services
File-Level Security
NT File System Security
Share-Level Security Versus NTFS Security
Auditing File Access
Encrypting Files with the Encrypting File Service
Additional Security Mechanisms
Antivirus Precautions
Deploying Backup Security
Using Windows Server Update Services
Understanding the Background of WSUS: Windows Update
Deploying the Automatic Updates Client
Understanding the Development of Windows Server Update Services
WSUS Prerequisites
Installing a Windows Server Update Services System
Setting WSUS Options
Synchronizing a WSUS Server
Approving WSUS Software Patches
Automatically Configuring Clients via Group Policy
Deploying Security Patches with WSUS
Summary
Best Practices
13. Transport-Level Security
Introduction to Transport-Level Security in Windows Server 2003
The Need for Transport-Level Security
Security Through Multiple Layers of Defense
Encryption Basics
Virtual Private Networks
VPN Tunnels
Tunneling Protocols
PPTP and L2TP Protocols
L2TP/IPSec Secure Protocol
Administering a VPN Using an Internet Authentication Service Server
Using Routing and Remote Access Service to Establish VPNs
Public Key Infrastructure
Private Key Versus Public Key Encryption
Certificates
Certificate Services in Windows Server 2003
Using Smartcards in a PKI Infrastructure
Encrypting File System
Integrating PKI with Non-Microsoft Kerberos Realms
Using IPSec Encryption with Windows Server 2003
The IPSec Principle
Key IPSec Functionality
IPSec NAT Transversal
Configuring Simple IPSec Between Servers in a Windows Server 2003 Domain
Viewing the IPSec Security Monitor
Establishing an IPSec Policy on the Server
Establishing an IPSec Policy on the Client
Verifying IPSec Functionality in Event Viewer
Summary
Best Practices
14. Windows Server 2003 Passports
The Benefits of Using .NET Passports
Installing and Configuring .NET Passports
Obtaining a PREP ID
Using the Passport Manager Administration Utility
Obtaining an Encryption Key
Building .NET Passport for Production
Working with .NET Passport Accounts
Converting Accounts
Using Site Accounts and .NET Passport
Creating Passport Accounts
Using Passports with Web-Based Applications
Using .NET Passports and Mobile Devices
Additional Layers of Security
.NET Passport Authentication
.NET Passport Cookies
Securing Communications
.NET Passport Policies
Fair Information Practices
Other Passport Services
.NET Passport for Kids
Passport Licensing
Summary
Best Practices
15. Security Policies and Tools
Security Policies
Policy Levels
Enterprise Policy Hierarchy
Issue-Specific Policy Hierarchy
Procedures and Checklists Policy Hierarchy
Roles and Responsibilities
Desktop Security Policy
Application Security Policy
Network Security Policy
Security Framework
Administrative Controls
Educating the Organization
Policy Enforcement
Employee Forms
IT Personnel Forms
Physical Controls
Technical Controls
Firewalls
Intrusion Detection System
Address-Based Restrictions
Authentication
Authorization
Base Installations
PKI
Monitoring Tools
Auditing Tools
Windows Server 2003 Security Policy Toolbox
Certificate Services
Security Configuration and Analysis
Microsoft Baseline Security Analyzer
Security Configuration Wizard
Windows Rights Management Services
Summary
Best Practices
V. Migrating to Windows Server 2003
16. Migrating from Windows NT4 to Windows Server 2003
Migration Paths to Windows Server 2003
Determining the Best Migration Path for Your Organization
Conducting an Inplace Upgrade
Migrating an Existing Windows NT4 Domain to a New Windows Server 2003 Forest
Consolidating Multiple Windows NT4 Domains to Active Directory
Preparing Windows NT4 Domains to Migrate to Windows Server 2003
Hardware and Software Compatibility
Reviewing Hardware and Software Requirements
Operating System Requirements
Server Hardware Requirements
Migrating Windows NT4 Volumes, Mirrors, and Stripe Sets
Mirrored Volumes
Volume Sets, Striped Sets, and Striped Sets with Parity
Installing and Configuring Services for Compatibility with Windows Server 2003
Preparing an NT 4.0 SAM Database
Performing an Inplace Upgrade
Upgrading the Windows NT4 Primary Domain Controller
Upgrading to Active Directory
Setting Forest Functionality Levels
Applying Security to the Directory Services Restore Mode
Migrating Backup Domain Controllers and Domain Member Servers
Starting the Domain Controller/Member Server Upgrade
Upgrading the Windows NT4 BDC to a Windows Server 2003 Domain Controller
Migrating Existing NT4 Domains to a New Windows Server 2003 Forest
Installing and Configuring a New Windows Server 2003 Forest and Domain
Configuring Domain Trust Between Windows NT4 and Windows Server 2003
Migrating Account and Resource Domains to Windows Server 2003 and Active Directory
Implication of Migrating Security Principles
Consolidating Windows NT4 Domains
Upgrading an Existing NT4 Domain to a New Active Directory Forest Root Domain
Restructuring Existing Account and Resource Domains to Active Directory
Using Microsoft Active Directory Migration Tool
Installing the Active Directory Migration Tool
Migrating Domain Accounts and Groups to Active Directory
Resolving Naming Conflicts
Migrating NT4 Groups into Active Directory
Migrating Computer Accounts to Active Directory
Migrating Service Accounts to Active Directory
Summary
Best Practices
17. Migrating from Windows 2000 to Windows Server 2003
Windows Server 2003 Migration Overview
Beginning the Migration Process
Identifying Migration Objectives
Establishing Migration Project Phases
Comparing the Inplace Upgrade Versus New Hardware Migration Methods
Identifying Migration Strategies: “Big Bang” Versus Slow Transition
Migration Options
Upgrading a Single Member Server
Verifying Hardware Compatibility
Verifying Application Readiness
Backing Up and Creating a Recovery Process
Upgrading a Standalone Server
Upgrading a Windows 2000 Active Directory Forest
Migrating Domain Controllers
Upgrading the AD Schema Using adprep
Upgrading Existing Domain Controllers
Replacing Existing Domain Controllers
Moving Operation Master Roles
Retiring Existing Windows 2000 Domain Controllers
Retiring “Ghost” Windows 2000 Domain Controllers
Upgrading Domain and Forest Functional Levels
Moving AD-Integrated DNS Zones to Application Partition
Upgrading Separate AD Forests to a Single Forest Using Mixed-Mode Domain Redirect
Prerequisites and Limitations of the Mixed-Mode Domain Redirect Procedure
Mixed-Mode Domain Redirect Procedure
Establishing a Temporary Windows 2000 Domain Controller
Moving Operations Master Roles and Demoting Existing Domain Controllers
Demoting Production Domain Controllers
Building a Temporary NT 4.0 Domain Controller
Retiring the Existing Forest
Promoting the Second Temporary Server to NT PDC
Promoting the NT PDC to Windows Server 2003 and Integrating with the Target Forest
Re-establishing Prior Domain Controllers and Moving OM Roles
Retiring the Temporary Domain Controller
Consolidating and Migrating Domains Using the Active Directory Migration Tool v2.0
Understanding ADMT v2.0 Functionality
Consolidating a Windows 2000 Domain to a Windows Server 2003 Domain Using ADMT v2.0
Using ADMT in a Lab Environment
ADMT v2.0 Installation Procedure
ADMT Domain Migration Prerequisites
Creating Two-Way Trusts Between Source and Target Domains
Assigning Proper Permissions on Source Domain and Source Domain Workstations
Creating Target OU Structure
Modifying Default Domain Policy on the Target Domain
Exporting Password Key Information
Installing a Password Migration DLL on the Source Domain
Setting Proper Registry Permissions on the Source Domain
Migrating Groups
Migrating User Accounts
Migrating Computer Accounts
Migrating Other Domain Functionality
Summary
Best Practices
18. Compatibility Testing for Windows Server 2003
The Importance of Compatibility Testing
Preparing for Compatibility Testing
Determining the Scope for Application Testing
Defining the Goals for Compatibility Testing
Timeframe for Testing
Budget for the Testing
Resources to Be Used
Extent of the Testing
Training Requirements During Testing
Documentation Required
Extent of User Community Involvement
Fate of the Testing Lab
Documenting the Compatibility Testing Plan
Researching Products and Applications
Taking Inventory of Network Systems
Taking Inventory of Applications on Existing Servers
Understanding the Differences Between Applications and Windows Services
Completing an Inventory Sheet per Application
Prioritizing the Applications on the List
Verifying Compatibility with Vendors
Tracking Sheets for Application Compatibility Research
Six States of Compatibility
Using a Windows Server 2003-Compatible Application
Requiring a Minor Update or Service Patch for Compatibility
Applications That Require a Version Upgrade for Compatibility
Handling an Incompatible Application That Will Remain “As Is”
Incompatible Applications That Won’t Be Used
Officially Incompatible Applications That Seem to Work Fine
Creating an Upgrade Decision Matrix
Assessing the Effects of the Compatibility Results on the Compatibility Testing Plan
Lab-Testing Existing Applications
Allocating and Configuring Hardware
Allocating and Configuring Windows Server 2003
Loading the Remaining Applications
Application Compatibility Testing Tool
Testing the Migration and Upgrade Process
Documenting the Results of the Compatibility Testing
Determining Whether a Prototype Phase Is Required
Summary
Best Practices
VI. Windows Server 2003 Administration and Management
19. Windows Server 2003 Administration
Defining the Administrative Model
The Centralized Administration Model
The Distributed Administration Model
The Mixed Administration Model
Examining Active Directory Site Administration
Site Components
Subnets
Site Links
Licensing Server (Per Site)
Site Group Policies
Configuring Sites
Creating a Site
Creating Site Subnets
Adding Domain Controllers to Sites
Configuring Licensing for the Enterprise
Configuring Server/Workstation Licensing Options
Adding Licenses
Establishing Site Links
Delegating Control at the Site Level
Examining Windows Server 2003 Active Directory Groups
Group Types
Distribution Groups
Security Groups
Group Scopes in Active Directory
Domain Local Groups
Global Groups
Universal Groups
Creating Groups
User Administration in a Single Domain
User Administration Across a Forest of Domains
Domain Functionality Level and Groups
Creating AD Groups
Populating Groups
Group Management
Handling User Administration
Understanding User Profiles
Examining Profile Types
Local Profile
Roaming Profile
Mandatory Profile
Default User Profile
Temporary Profile
All Users Profile
Template Profiles
Creating a Default Profile
Copying Profiles for the Default User Profile
Managing Users with Local Security and Group Policies
Viewing Policies with the Group Policy Object Editor
Creating New Group Policies
Configuring and Optimizing Group Policy
Block Policy Inheritance
The No Override Options
Troubleshooting Group Policy Applications
The Resultant Set of Policies MMC Snap-in
Managing Printers with Print Management Component
Installing the Print Management Component
Configuring the Print Management Component
Adding New Printers as Network Shared Resources
Using the Add Printer Option in Windows to Add a Local Printer
Using the Add Printer Option in Windows to Add a Network-Attached Printer
Using the Add Printer Option in the Print Management Component
Adding Print Servers to the Print Management Component
Using the Print Management Component
Performing General Printer Administration Tasks
Creating Custom Printer Filters
Summary
Best Practices
20. Windows Server 2003 System Registry
Windows Server 2003 Registry Architecture
Hives, Keys, and Subkeys
Registry Location and Storage
HKEY_LOCAL_MACHINE
The HARDWARE Subkey
The SAM Subkey
The SECURITY Subkey
The SOFTWARE Subkey
The SYSTEM Subkey
HKEY_CLASSES_ROOT
HKEY_CURRENT_CONFIG
HKEY_CURRENT_USER
HKEY_USERS
The Windows Server 2003 Registry Editor
Modifying Registry Entries
Adding a Key
Adding a Value
Changing a Value
Removing a Key or Value
Searching the Registry
Working with Favorites
Connecting to a Remote Registry
Protecting the Registry
Preventing Remote Access
Auditing the Registry
Analyzing Event Logs
Maintaining the Registry
Managing Registry Size
Keeping the Registry Fit
Cleaning the Registry
The Add/Remove Programs Applet
Windows Installer Cleanup Utility (MSICUU.EXE)
Windows Installer Zapper (MSIZAP.EXE)
Backing Up the Registry
Using Backup Utility
Using Automated System Recovery
Backing Up Individual Keys
Speeding Up Individual Key Backups
Restoring Individual Registry Keys
Summary
Best Practices
21. Windows Server 2003 Group Policies
Leveraging Group Policies
Using Computer Policies
Using User Policies
Understanding Group Policy Refresh Intervals
General Best Practices for Group Policy Deployment
The Fewer Policies, the Better: The “Less Is More” Approach
Knowing Resultant Set of Policies (RSoP)
Group Policy Order of Inheritance
Knowing the Impact of Slow Link Detection
Delegating GP Management Rights
Avoiding Cross-Domain Policy Assignments
Using Group Policy Naming Conventions
Understanding the Default Domain Policy
Understanding GP Inheritance and Application Order
Best Practices for Group Policy Inheritance
Understanding the Order in Which Group Policy Objects Are Applied
Modifying Group Policy Inheritance
Configuring Group Policy Loopback
Understanding the Effects of Slow Links on Group Policy
What Is the Effect of a Slow Link on a Site?
Determining Slow Link Speed
Configuring a Unique Slow Link Speed
Using Tools to Make Things Go Faster
Linking Group Policies
Configuring the Group Policy Snap-in
Disabling Configuration Settings
Viewing Group Policy Using the Show Configured Policies Only
Deleting Orphaned Group Policies
Automating Software Installations
Determining Whether a Push Was Successful
Enhancing Manageability with Group Policy Management Console
GPO Operations: Backup, Restore, Copy, and Import
Migrating Tables
Supporting Group Policy Management Across Forests
HTML Reporting Functionality and the Settings Tab
Linking WMI Filters
Searching the GPMC for Group Policies
Using Resultant Set of Policies in GPMC
Group Policy Modeling Using Resultant Set of Policy
Using RSoP Logging Mode to Discover Applied Policies
Understanding Windows Management Instrumentation
Using WMI Scripting
Using WMI Filters
Adding a New WMI Filter to a Group Policy Object
Importing to and Exporting from a Group Policy Object
Maximizing Security with Group Policy
Predefined Security Templates
Required Default Domain Group Policy Settings
Restricted Groups: Assigning Local Groups Through GP
Getting the Most Out of Folder Redirection
Creating a Folder for Each User Under the Root Path
Redirecting to Home Directory (My Documents)
Redirecting to a Special Path
Redirecting to the Local User Profile
Using Roaming Profiles
Other Useful Tools for Managing Group Policies
Using the gpupdate.exe Tool
Using the gpresult.exe Tool
Using the Group Policy Monitor Tool
Using the GPOTool.exe Tool
Using the FRSDiag.exe Tool
Using the Sonar.exe Tool
Using Administrative Templates
Policies Versus Preference
Using Microsoft Add-on GP Templates
Modifying Administrative Templates
Outlook Client Policy Options
Adding the Outlook Administrative Template
Assigning Group Policy Delegates
How to Delegate Rights over GPOs
Managing Group Policy Configurations
Defining Baseline Outlook Preferences
Email Options
Calendar Options
Contact Options
Managing the Look and Feel of the Outlook Client
Web Options Overview
Configuring and Applying Outlook Group Policy Settings
Customizing Administrative Group Policy Templates
Working with Group Policy Objects
Opening the Group Policy Snap-in
Editing a Group Policy Object
Creating a Group Policy Object
Deleting a Group Policy Object
Unlinking a Group Policy Object
Disabling a Group Policy Object
Working Within the Group Policy Snap-in Namespace
Using Computer and User Configurations
Working with Software Settings
Working with Windows Settings
Working with Security Settings
Leveraging Administrative Templates
Deploying Software Installations
Creating and Modifying Scripts
Summary
Best Practices
22. Windows Server 2003 Management and Maintenance Practices
Managing Windows Server 2003
Managing Based on Server Roles
File Servers
Print Servers
Web Servers
Messaging Servers
Terminal Servers
Domain Controllers
Auditing the Environment
Auditing Policies
Tracking Logon and Logoff Events
Monitoring Resource Access
Monitoring Files and Folders
Monitoring Printers
Managing Windows Server 2003 Remotely
Administrative Tools
Remote Desktop for Administration
Using the Remote Control Add-on for Active Directory Users and Computers
Using Telnet for Remote Access Management
WinRM for Remote Management
Identifying Security Risks
Tracking and Managing Licenses
Using Microsoft Operations Manager to Simplify Management
Employing Windows Server 2003 Maintenance Practices
Maintaining DHCP and WINS
Maintaining DNS Aging and Scavenging
Keeping Up with Service Packs and Updates
Windows Update
Software Update Services
Maintaining Consistency
Maintaining Windows Server 2003
Daily Maintenance
Checking Overall Server Functionality
Verifying That Backups Are Successful
Monitoring the Event Viewer
Weekly Maintenance
Checking Disk Space
Verifying Hardware
Checking Archive Event Logs
Running Disk Defragmenter
Running the Domain Controller Diagnostic Utility
Monthly Maintenance
Maintaining File System Integrity
Testing the UPS
Validating Backups
Updating Automated System Recovery Sets
Updating Documentation
Quarterly Maintenance
Checking Storage Limits
Changing Administrator Passwords
Maintaining the AD Database
MMC 3.0
Summary of Maintenance Tasks and Recommendations
Summary
Best Practices
23. Automating Tasks Using Windows Server 2003 Scripting
Scripting Overview
Documented Instruction Scripts
Server Management
Workstation Management
Scripts for User Configuration
Directory Administration Scripts
Advantages of Scripting
Introduction to VBScript
Visual Basic Script Options
Windows Scripting Host
Active Server Pages
Active Directory Scripting Overview
Active Directory Objects
Active Directory Services Interface
Working with Active Directory Objects
Discovering Object Properties
ADSI Edit MMC Snap-in
Discovering the Directory Name of a User Attribute
Active Directory Schema MMC Snap-in
Scripting User Management
Scripting User Creation
Populating Optional User Attributes
Populating User Attributes Using Variables
Scripting Exchange 2000 Properties for Active Directory
Collaborative Data Objects
Creating a User from File Data
Using Ldifde.exe or Csvde.exe
Connecting to Flat File Data Sources
Searching Active Directory
ActiveX Data Objects
Creating a Search Using ADO
Searching Using the Active Directory Users and Computers MMC Snap-in
Windows Server 2003 Scripting
Introducing Windows Management Instrumentation
Creating a Simple WMI Script
Leveraging Sample Scripts
Finding Orphaned Group Policies
Scanning for Installed Software Components
Checking Local Group Membership
Locating Domain Printers
Creating Users from Data in a CSV File
Checking Domain Servers for Volume Free Space
Summary
Best Practices
24. Documenting a Windows Server 2003 Environment
Benefits of Documentation
Knowledge Management
Financial Benefits
Baselining with Document Comparisons
Using Documentation for Troubleshooting Purposes
Design and Planning Documentation
Documenting the Design
Migration Documentation
Project Plans
Developing the Test Plan
Server Migration Procedures
Desktop Migration Procedures
User Migration Procedures
Checklists
Active Directory Infrastructure
Network Infrastructure
Documenting the WAN Infrastructure
Network Device Documentation
Configuration (As-Built) Documentation
Administration and Maintenance Documentation
Step-by-Step Procedure Documents
Policies
Documented Checklists
Procedural Documents
Disaster Recovery Documentation
Disaster Recovery Planning
Backup and Recovery
Monitoring and Performance Documentation
Failover
Change Management Procedures
Performance Documentation
Routine Reporting
Management-Level Reporting
Technical Reporting
Security Documentation
Change Control
Routine Reporting
Management-Level Reporting
Training Documentation
Technical Training
End-User Training
System Usage Policies
Summary
Best Practices
25. Integrating Microsoft Operations Manager with Windows Server 2003
What Is Microsoft Operations Manager?
How MOM Works
Processing Events and Performance Data
Generating Alerts and Responses
Outlining MOM Architecture
How MOM Stores Captured Data
The Role of the Data Access Server
The Consolidator Component
Determining the Role of Agents in System Monitoring
Creating Administrative Boundaries with Configuration Groups
How to Use MOM
Managing and Monitoring with MOM
Reporting from MOM
Using Performance Monitoring
Exploring Management Packs
Legacy Management Integration
Extended Management Packs
MOM Resource Kit Tools
MOM Component Requirements
Hardware Requirements
Determining Software Requirements
Identifying MOM Service Accounts
MOM Backup Considerations
Deploying MOM Agents
Advanced MOM Concepts
DCAM Versus D-DCAM Servers
Multiple Configuration Groups
Deploying Geographic-Based Configuration Groups
Deploying Political or Security-Based Configuration Groups
Sizing the MOM Database
Capacity Limits
Scaling MOM Environments
System Redundancy
MOM Security
Physically Securing MOM
Securing MOM Agents
Firewall Requirements
Service Account Security
Identifying Sample Designs of Successful MOM Implementations
Deploying a Single Server MOM Configuration
Deploying a Multiple MOM Server Configuration
Summary
Best Practices
VII. Remote and Mobile Technologies
26. Remote and Mobile Access
Windows Server 2003 Routing and Remote Access Features and Services
Point-to-Point Protocol Over Ethernet Dial-On-Demand
Background Intelligent Transfer Service Version 1.5
NAT Traversal Using Universal Plug and Play
Quarantine Policy Check
Routing and Remote Access Service Architecture
SNMP Agent for RRAS
Management Applications
Authentication, Authorization, and Accounting
Dynamic Interface Manager (Mprdim.dll)
Connection Manager
Telephony Application Programming Interface
IP Router Manager (Iprtmgr.dll)
IPX Router Manager (Ipxrtmgr.dll)
Unicast Routing Protocols
IP Multicast Routing Protocols
Route Table Manager (Rtm.dll)
Multicast Group Manager
IP Filtering Driver (Ipfltdrv.sys)
IP Unicast Forwarder
IP Multicast Forwarder
IPX Filtering Driver (Nwlnkflt.sys)
IPX Forwarder Driver (Nwlnkfwd.sys)
Virtual Private Networking in Windows 2003
Components Needed to Create a VPN Connection
The VPN Client
The VPN Server
Tunnel/VPN Connection
Internet/Intranet Infrastructure
Authentication Options to an RRAS System
Authentication Protocols for PPTP Connections
EAP-TLS Authentication Protocols
Authentication Protocols for L2TP/IPSec Connections
Choosing the Best Authentication Protocol
VPN Protocols
Tunneling Within a Windows Server 2003 Networking Environment
Point-to-Point Tunneling Protocol
Layer 2 Tunneling Protocol
IP Security
Choosing Between PPTP and L2TP/IPSec
Advantages of L2TP/IPSec Over PPTP
Advantages of PPTP Over L2TP/IPSec
Installing and Configuring Routing and Remote Access
Configuring Remote Access Clients
VPN Client Configuration
Connection Manager Client Dialer
Connection Manager Administration Kit
Connection Point Services
Single Sign-on
The Impact of NAT Traversal at Improving Remote Connectivity
RRAS Tools and Utilities
Routing and Remote Access MMC Snap-in
The Netsh Command-Line Tool
Authentication and Accounting Logging
Event Logging
Tracing
Leveraging the Capabilities of the Quarantine Policy Check Tool
How the Quarantine Policy Check Works
Quarantine Control Components and System Requirements
Installing the RQS.EXE Utility on an RRAS Server
Creating a Script File for Post-Connection Execution
Creating a Quarantine Connection Manager Profile
Launching the CM Profile on Remote Access Client Systems
Remote Access Scenarios
Remote Mobile and Home Users
Site-to-Site Connections
Summary
Best Practices
27. Windows Server 2003 Terminal Services
Why Implement Terminal Services?
Remote Desktop for Administration
Terminal Services for LAN Users
Terminal Services for Remote User Support
Terminal Services for Application Service Providers
How Terminal Services Works
Modes of Operation
Remote Desktop for Administration Mode
Terminal Server Mode
Client-Side Terminal Services
Remote Assistance
Remote Desktop Connection
Leveraging Terminal Services Features
Using Local Resource Redirection Functionality
Disk Drive Redirection
Printer Redirection
Local Time Zone Redirection
Using Session Directory Server
Granular Session Control
Terminal Server Console Access
Terminal Server Fault Tolerance
Planning for Terminal Services
Planning for Remote Desktop for Administration Mode
Planning for Terminal Server Mode
User Requirements
Antivirus on Terminal Services
Terminal Server Upgrades
Physical Placement of Terminal Servers
Planning for Hosted Applications
Networking Requirements
Terminal Server Fault Tolerance
Working with Terminal Server Licensing
Deploying Terminal Services
Enabling Remote Desktop for Administration
Enabling Remote Assistance
Installing Terminal Server Mode
Installing Applications for Terminal Server
Configuring Terminal Services
Local Security Policy Settings
Using the Computer Management Tool
Active Directory Users and Computers (Dsa.msc)
Terminal Services Configuration (Tscc.msc)
Server Settings
Connections
Group Policy for Terminal Server
Installing a Terminal Services License Server
Activating the Terminal Services License Server
Installing Client Access Licenses
Configuring the Licensing Type on a Terminal Server
Installing and Configuring Fault-Tolerant Terminal Services
Network Load Balancing Terminal Server
Configuring the Session Directory Server
Securing Terminal Services
Changing the RDP Port
Perimeter Protection Considerations
Securely Building Terminal Servers
Segmenting Resources
Securing Terminal Services with GPOs
Sizing and Optimizing Terminal Services Environments
Scaling Terminal Services
Adding Redundancy and Scalability to Session Directory
Optimizing Terminal Services Performance
Monitoring Terminal Server
Using Windows System Resource Manager to Control Resources
Supporting Terminal Services
Using the Terminal Server Manager
Managing the Command-Line Terminal Services
Managing Terminal Services Using WMI
Supporting and Enabling Terminal Server Users
Disabling Terminal Services
Remotely Managing a Terminal Session
Applying Service Packs and Updates
Performing Disaster Recovery on a Terminal Server
Accessing a Terminal Server
Accessing Terminal Services Using the 32-bit Windows RDP Client
Accessing Terminal Services Using the Web Client
Using the Remote Desktops MMC (Tsmmc.msc)
Remotely Connecting to a Terminal Server Console
Summary
Best Practices
VIII. Desktop Administration
28. Windows Server 2003 Administration Tools for Desktops
Examining Desktop Deployment Options
Manual Installation
Unattended Installations
Desktop Imaging
Remote Installation Services
Third-Party Imaging Software
Multicast Imaging Software
Using Remote Installation Services to Deploy System Images
Planning RIS Deployments
Installing RIS
Configuring RIS
Configuring DHCP for RIS Clients
Establishing Client Requirements
Creating Windows XP Images
Installing Desktop Software
Standardizing the Desktop
Minimizing Common Image Errors
Using the Windows XP Deployment Tools
Setup Manager
System Preparation Tool
Installing the Windows XP Deployment Tools
Creating a Custom Desktop Image for RIS
Creating an Unattended Installation
Managing Windows XP Installation Media and Image Versions
Updating Desktop Images
Updating Existing XP and 2000 Workstations
Deploying Service Packs
Deploying Hotfixes and Security Updates
Using Windows Automatic Update for System Updates
Choosing to Use Software Update Services for System Updates
Managing Desktop Applications
Managing Applications Using Group Policy
Group Policy Software Installation
Using Third-Party Application Packaging Software
Manually Installing Applications
Remote Installation Using Remote Desktop
Remote Installation Using Remote Assistance
Managing Windows XP Desktops Remotely
Using the Remote Control Add-on for Active Directory Users and Computers
Using the Remote Desktop Connection for Windows 2003
Summary
Best Practices
29. Group Policy Management for Network Clients
Leveraging the Power of Group Policy
Managing Group Policy
Understanding Policies and Preferences
Group Policy and Security Templates
Defining the Order of Application
Group Policy Refresh Intervals
Baseline Administration for Group Policy Deployment
Delegating Group Policy Management Rights
Working with Resultant Set of Policies
Managing Group Policy Inheritance
Group Policy Backup, Restore, Copy, and Import
General Recommendations for Managing Clients Through Group Policy
Keeping Group Policy Manageable
Managing Client Software Installations
Using Folder Redirection
Using Group Policy for System Updates and Patch Management
Deployment Options When Updating Network Clients
Deploying Client Updates
Pushing Client Updates
Determining the Success of a Push
Real-Life Scenarios of Group Policy Management
Working with Mobile Users
Managing Remote Users
Locking Down Workstations
Supporting Power Users
Providing a High Level of Security
Maintaining Administrator Workstations
Summary
Best Practices
IX. Fault Tolerance Technologies
30. File System Fault Tolerance
Examining Windows Server 2003 File System Services
Distributed File System
Distributed File System Replication
File Replication Service
Volume Shadow Copy Service
Remote Storage
Using Fault-Tolerant Disk Arrays
Disk Types
Basic Disks
Dynamic Disks
Disk Formatting
Managing Disks
Using the Disk Management MMC Snap-in
Using the Diskpart.exe Command-Line Utility
Creating Fault-Tolerant Volumes
Converting Basic Disks to Dynamic Disks
Creating Fault-Tolerant Disk Volumes Using Dynamic Disks
Managing File Share Access and Volume Usage
Managing File Shares
Client-Side Caching
Leveraging the Capabilities of File Server Resource Manager
Uses of File Server Resource Manager
Installing the File Server Resource Manager Component
Configuring User Storage Limits with File Server Resource Manager
Creating a Quota Template
Creating File Screens
Creating a File Screen Template
Generating Storage Reports from FSRM
Generating Reports in Real Time
Scheduling Reports to Be Generated on a Regular Basis
Monitoring Disks and Volumes
Managing Volume Usage with NTFS Quotas
Using the Performance Console to Monitor Disks and Volumes
Using the Fsutil.exe Command-Line Utility
Auditing File and Folder Security
Enabling Auditing for an NTFS Folder
Reading Audit Events Using the Event Viewer Security Event Log
Reviewing NTFS Volume Quota Usage
Working with Operating System Files: Fault Tolerance
Windows File Protection
Driver Signing
Windows Hardware Quality Lab
File Signature Verification (Sigverif.exe)
System File Checker (Sfc.exe)
Using the Distributed File System Replication
Benefits of DFSR
DFS Terminology
FRS Terminology
Planning a DFS Deployment
Configuring File Share and NTFS Permissions for DFS Root and Link Targets
Choosing a DFS Type
Standalone DFS Root
Domain DFS Root
Planning for Domain DFS and Replication
Initial Master
Using the File Replication Service
The Staging Folder
The Pre-Install Directory
Determining the Replication Topology
Hub-and-Spoke
Full Mesh
Ring
Custom
Replication Latency
Installing DFS
Creating the DFS Root File Share
Creating the DFS Root
Creating a DFS Link
Adding Additional Targets
Publishing DFS Roots in Active Directory
Best Practices for DFS Replication
Optimizing DFS
Prestaging a New DFS Replica
Managing and Troubleshooting DFS
Monitoring FRS Using the System Monitor
Monitoring FRS Using SONAR
Monitoring DFS Using the System Monitor
Taking a Target Offline for Maintenance
Disabling Replication for Extended Downtime
Event Logging for FRS
Backing Up DFS
Using the DFScmd.exe Utility
Handling Remote Storage
Remote Storage Best Practices
Installing Remote Storage
Configuring Remote Storage
Configuring the Backup Device
Allocating Removable Media for Remote Storage
Configuring a Volume for Remote Storage Management
Using the Volume Shadow Copy Service
Using VSS and Windows Server 2003 Backup
Configuring Shadow Copies
Recovering Data Using Shadow Copies
Managing Shadow Copies
Summary
Best Practices
31. System-Level Fault Tolerance (Clustering/Network Load Balancing)
Building Fault-Tolerant Systems
Using Uninterruptible Power Supplies
Choosing Networking Hardware for Fault Tolerance
Selecting Server Storage for Redundancy
Improving Application Reliability
Examining Windows Server 2003 Clustering Technologies
Reviewing Cluster Terminology
Active/Passive Clustering Mode
Active/Active Clustering Mode
Choosing the Right Clustering Technology
Microsoft Cluster Service
Using Network Load Balancing
Implementing Cluster Service
The Single-Quorum Device Cluster
The Single-Node Cluster
The Majority Node Set Cluster
An MNS Cluster Scenario
Choosing Applications for Cluster Service
Shared Storage Devices
Multipath I/O
Volume Shadow Copy for Shared Storage Volume
Single-Quorum Cluster Scalability
Installing Cluster Service
Working Through the Cluster Pre-Installation Checklist
Installing the First Node in the Cluster
Adding Additional Nodes to a Cluster
Managing Clusters
Cluster Administrator
The Cluster.exe Utility
Cluster Automation Server
Configuring Failover and Failback
Cluster Group Failover Configuration
Cluster Group Failback Configuration
Testing Clusters
Testing Cluster Group Manual Failover
Initiating Failure of a Cluster Resource
Initiating Cluster Node Network Failure
Maintaining Cluster Nodes
Pre-Maintenance Tasks
Post-Maintenance Tasks
Creating Additional Cluster Groups and Resources
Creating Groups
Creating New Resources
Changing the Cluster Service Account Password
Moving Cluster Groups
Removing a Node from a Cluster
Backing Up and Restoring Clusters
Cluster Node Backup Best Practices
Automated System Recovery Backup
Backing Up the Cluster Quorum
Backing Up the Cluster Node System State
Backing Up the Local Disks on a Cluster Node
Backing Up Shared Disks on a Cluster
Restoring a Single-Node Cluster When the Cluster Service Fails
Restoring a Single Node After a Complete Server Failure
Evicting and Rebuilding the Failed Node
Restoring the Failed Node Using the ASR Restore
Restoring an Entire Cluster to a Previous State
Restoring Cluster Nodes After a Cluster Failure
Upgrading Cluster Nodes
Rolling Upgrades
Last Node Rolling Upgrade
Installing Network Load Balancing Clusters
NLB Applications and Services
Creating Port Rules
Port Rules Filtering Mode and Affinity
The Single Host Mode
The Disable Port Range Mode
The Multiple Host Mode
Avoiding Switch Port Flooding
Using Cluster Operation Mode
Configuring Network Cards for NLB
Using the Network Load Balancing Manager to Create a Cluster
Adding Additional Nodes to an Existing NLB Cluster
Managing NLB Clusters
Backing Up and Restoring NLB Nodes
Performing Maintenance on a Cluster Node
Removing a Node from an NLB Cluster
Deleting the Entire Cluster
Summary
Best Practices
32. Backing Up a Windows Server 2003 Environment
Disaster Recovery Planning
Elements of a Disaster
Physical Site Disaster
Power Outage
Network Outage
Server Hardware Failures
Hard Drive Failure
Software Corruption
Discovery: Learning the Environment
Identifying the Different Services and Technologies
Identifying Single Points of Failure
Prioritizing the Environment
Identifying Bare Minimum Services
Creating the Disaster Recovery Solution
Getting Disaster Recovery Solutions Approved
Documenting the Enterprise
Server Configuration Documentation
The Server Build Document
Hardware Inventory
Network Configurations
WAN Connection
Router, Switch, and Firewall Configurations
Recovery Documentation
Updating Documentation
Developing a Backup Strategy
Creating a Master Account List
Assigning Tasks and Designating Team Members
Creating Regular Backup Procedures
Creating a Service-Level Agreement for Each Critical Service
Determining a Reasonable SLA
Determining Which Devices Need to Be Backed Up
Creating a Windows Server 2003 Boot Floppy
Backing Up the Windows Server 2003 Operating System and Services
Backing Up Boot and System Volumes
Backing Up Data Volumes
Backing Up Windows Server 2003 Services
Backing Up the System State
Using the Directory Services Restore Mode Password
Examining the Windows Server 2003 Backup Programs
Windows Server 2003 Backup Utility (ntbackup.exe)
Remote Storage
Volume Shadow Copy
Virtual Disk Service
Using the Windows Server 2003 Backup Utility (ntbackup.exe)
Modes of Operation
Advanced Mode
Automated System Recovery
Creating an ASR Backup
Tips on Using ASR
Using Remote Storage
Remote Storage Media Management
Using the Volume Shadow Copy Service
Configuring Shadow Copies
Volume Shadow Copy Best Practices
Limitations
Shadow Copy Management Using vssadmin.exe
Windows Server 2003 Service Backup Options
Disk Configuration (Software RAID Sets)
Certificate Services
Domain Name Service
Windows Internet Naming Service
Dynamic Host Configuration Protocol
Distributed File System
Internet Information Services
Backing Up the Remote Storage Service
Backing Up the Removable Storage Service
Media Management for Windows Server 2003 Backup and the Remote Storage Service
Media Pools
Free Pool
Remote Storage Pool
Imported Pool
Backup Pool
Custom Media Pools
Windows Server 2003 Startup Troubleshooting Utilities
Recovery Console
Emergency Management Services Console Redirection
Summary
Best Practices
33. Recovering from a Disaster
Validating Backup Data and Procedures
Documenting the Recovery
Including Test Restores in the Scheduled Maintenance
Isolating Failures
Using a Test Workstation
Configuring a Test User Account
Validating the Failure
Locating Application and Service Dependencies
Site Failure Recovery
Creating Redundant and Failover Sites
Planning for Site Failover
Creating the Failover Site
Failing Over Between Sites
Failing Back After Site Recovery
Providing Alternative Methods of Client Connectivity
Recovering from a Disk Failure
Hardware-Based RAID Array Failure
Re-creating the System Volume
Installing the Boot Volume
Regaining Data Volume Access
Resolving Boot Failure Problems
The Recovery Console
Recovering from a Complete Server Failure
Restoring Versus Rebuilding
Manually Recovering a Server
Restoring a Server Using a System State Restore
System State Restore
Restoring a System Using ASR Restore
Restoring the Boot Loader File
Resolving Windows Server 2003 Networking Services Errors
Repairing Certificate Services
Restoring the CA Private Key and CA Certificate
Restoring the CA Database
Re-establishing Dynamic Host Configuration Protocol
Windows Internet Naming Service
Recovering Domain Name System
Re-creating Windows Server 2003 File Services and Data
Recovering Data Using NTBackup.exe
Recovering Data with Volume Shadow Copy
Using Distributed File System Replication for File System Recovery
Restoring Internet Information Services
Recovering IIS Data and Logs
Re-establishing the Cluster Service
Resolving Windows Server 2003 Domain Controller Failure
Restoring Active Directory
Restoring the Active Directory Database
Active Directory Nonauthoritative Restore
Active Directory Authoritative Restore
Partial Active Directory Authoritative Restore
Rebuilding the Global Catalog
Restoring the SYSVOL Folder
Recovering the Removable Storage Database
Restoring Remote Storage Database
Recovering Data When Reparse Points Are Missing
Achieving 99.999% Uptime Using Windows Server 2003
Providing Redundant Domain Services
Summary
Best Practices
X. Problem Solving, Debugging, and Optimization
34. Logging and Debugging
Using the Task Manager for Logging and Debugging
Monitoring Applications
Monitoring Processes
Monitoring Performance
Monitoring Network Performance
Monitoring User Activity
Using the Event Viewer
Getting the Most out of the Event Viewer
Viewing Logs on Remote Servers
Event Filtering
Archiving Events
Customizing the Event Log
Understanding the Security Log
Auditing System Events Through Group Policies
System Monitoring
Performance Monitoring Tools
Terms Used in the Performance Monitoring Tools
The Performance Console
The System Monitor
Performance Logs and Alerts
Configuring Trace Logs
Common Log File System
Setting Baseline Values
Reducing Performance Monitoring Overhead
Important Objects to Monitor
Network Monitoring in Windows Server 2003
Understanding How Netmon Works
Installing Netmon
Capturing Frames Within Netmon
Using the Capture Filter
Using the Debugging Tools Available in Windows Server 2003
TCP/IP Tools
PING
Tracert
Pathping
Ipconfig
Arp
Netstat
NetDiag
DCDiag
Route
Nslookup
System Startup and Recovery
Memory-Related Debugging
The Software Error-Reporting Mechanism
Dr. Watson for Windows
Summary
Best Practices
35. Capacity Analysis and Performance Optimization
Defining Capacity Analysis
The Benefits of Capacity Analysis
Establishing Policy and Metric Baselines
Benchmark Baselines
Workload Characterization
Benchmarks
Using Capacity-Analysis Tools
Built-in Toolset
Task Manager
Network Monitor
The Performance Console
Third-Party Toolset
Monitoring System Performance
Key Elements to Monitor
Monitoring System Memory
Analyzing Processor Usage
Evaluating the Disk Subsystem
Monitoring the Network Subsystem
Optimizing Performance by Server Roles
Terminal Services Server
Domain Controllers
Monitoring AD
Monitoring DNS
Monitoring AD Replication
Using Server Performance Analyzer 2.0
Using the Windows System Resource Manager
Managing Patches
Automating Patch Management
Windows Automatic Update
Summary
Best Practices
XI. Integrated Windows Application Services
36. Windows SharePoint Services
The History of SharePoint Technologies
WSS’s Predecessor: SharePoint Team Services
Understanding the Original SharePoint Portal Server
Differences Between SharePoint Products
Microsoft’s Current SharePoint Technology Direction
Identifying the Need for Windows SharePoint Services
Changing Methodology from File Servers to a WSS Document Management Platform
Enabling Team Collaboration with WSS
Customizing WSS to Suit Organizational Needs
Installing Windows SharePoint Services
Outlining WSS Requirements
Hardware and Software
Detailing Pre-installation Steps
Updating and Patching a WSS Server
Performing a Windows SharePoint Services Installation
Exploring Basic Windows SharePoint Services Features
Creating a Shared Workspace from Microsoft Word
Working Within the Windows SharePoint Services Site
Understanding Document Libraries
Using Picture Libraries
Working with SharePoint Lists
Using SharePoint Discussions
Understanding Surveys
Exploring End User Features in WSS
Expanding Document Management Capabilities
Introducing Meeting Workspaces
Taking Advantage of Personal Sites
Integrating with Microsoft Office 2003
Personalizing Windows SharePoint Services
Taking Advantage of Lists
Improving on SharePoint Alerts
Exploring Additional New/Enhanced End User Features
Customizing and Developing WSS Sites
Using the Browser to Customize SharePoint
Development Enhancements for Site Templates
Improving on FrontPage 2003 Integration
Summary
Best Practices
37. Windows Media Services
Understanding Windows Media Services
System Requirements for Windows Media Services
Testing the Load on a Windows Media Server
Installing Windows Media Services
Configuring the Windows Media Services
Using Windows Media Services for Real-Time Live Broadcasts
Configuring a Server for Real-Time Live Broadcasts
Starting a Real-Time Live Broadcast
Broadcasting Stored Single Files
Configuring a Server for Single On-Demand Video Playback
Starting a Single File Publishing Point
Hosting a Directory of Videos for On-Demand Playback
Configuring a Server to Host a Directory of Videos for Playback
Starting a File from Within the Directory Publishing Point
Combining Multiple Files for a Combined Single Broadcast
Configuring a Server for Playlist Broadcasting of Multiple Files
Starting a Playlist from Within the Playlist Publishing Point
Understanding Windows Media Encoder
Understanding the Requirements for the Windows Media Encoder
Installing the Windows Media Encoder
Broadcasting a Live Event
Preparing for a Live Broadcast
Initiating a Live Broadcast
Capturing Audio or Video for Future Playback
Preparing for a Captured Session
Capturing a Session for Future Broadcast
Using Other Windows Media Encoder Options
Capturing Screen Content with the Windows Media Encoder Software
Converting Videos to Windows Media Video Format
Using Microsoft Producer for Sophisticated Presentations
Downloading and Installing Microsoft Producer
Using the Microsoft Producer Add-on
Summary
Best Practices
Appendix
License Agreement
Microsoft Software
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
29. Group Policy Management for Network Clients
Next
Next Chapter
30. File System Fault Tolerance
Part IX. Fault Tolerance Technologies
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset