Professional Documents
Culture Documents
DIRECTORY CONFIGURATION
Overview
To use a single server for the infrastructure in this guide, you need a
server with either two disk drives or a single disk drive with two
partitions. (Some step-by-step guides in this series require additional
servers or other equipment; those additions are addressed in the
specific guide.)
The first disk or partition holds Windows 2000 and the other files for
the common infrastructure, such as the Windows Installer packages
and application source files.
This installation procedure starts with making boot disks. You start the
installation after booting from these disks. This procedure is used for
these guides so that you can easily reconfigure the disk partitions.
Note: When you configure partitions and format drives, any data on
the server hard drive is destroyed.
You need four formatted disks and the Windows 2000 Server CD. On a
computer running a 32-bit version of the Windows operating system:
Windows 2000 Setup formats the partition and then copies the files
from the Windows 2000 Server CD to the hard drive. The computer
restarts, and the Windows 2000 Installation Program continues.
11. When you reach the Completing the Windows 2000 Setup
Wizard, remove the CD-ROM from the drive and click Finish.
The server restarts and the operating system loads from the hard
drive.
Dynamic Host Configuration Protocol (DHCP), Domain Name Service (DNS), and
DCPromo (the command-line tool that creates DNS and Active Directory) can be
installed manually or by using the Windows 2000 Configure Your Server Wizard.
This guide uses the wizard; the manual procedures are not covered here.
6. Click Next to run the wizard. When prompted, insert the Windows 2000
Server CD-ROM. When the wizard is finished, the machine reboots.
The Configure Your Server Wizard installs DNS and DHCP and configures DNS,
DHCP, and Active Directory. The default values set by the wizard are:
IP address: 10.10.1.1
Reskit.com is the Active Directory domain and DNS name, and reskit
is the down-level domain name.
16. After the disk or partition has been formatted, close the Disk
management snap-in.
Active Directory
Reskit has the DNS name reskit.com that was configured using the Configure Your
Server Wizard in the preceding section. Figure 4 below illustrates the sample Active
Directory structure.
Of most interest here are the Domain (reskit.com), and the Accounts, Headquarters,
Production, Marketing, Groups, Resources, Desktops, Laptops, and Servers
organizational units (OUs). These are represented by circles in Figure 4. OUs exist for
the delegation of administration and for the application of Group Policy and not to
simply mirror a business organization. Please see the Windows 2000 Deployment Guide
chapter, "Designing the Active Directory Structure," for an in-depth discussion on
creating an OU structure.
This section describes how to manually create the OUs, Users, and Security Groups
outlined in Appendix A of this document.
1. Click Start, point to Programs, then point to Administrative Tools, and click
Active Directory Users and Computers.
2. Click the + next to Reskit.com to expand it. Click Reskit.com itself to show its
contents in the right pane.
3. In the left pane, right-click Reskit.com, point to New, and click Organizational
Unit.
4. Type Accounts in the name box, and click OK.
5. Repeat steps 3 and 4 to create the Groups and Resources OUs. These three OUs
now show up in the right pane.
6. Click Accounts in the left pane. Its contents now display in the right pane (it is
empty to start).
7. Right-click Accounts, point to New, and click Organizational Unit.
8. Type Headquarters, and click OK.
9. Repeat steps 6 and 7 to create the Production and Marketing OUs under
Accounts. When you have finished, the OU structure should look like Figure 5
below:
Figure 5. Create Organizational Units
10. In the same way, create Desktops, Laptops, and Servers under the Resources OU.
11. Create the two security groups by right-clicking Groups, then pointing to New,
then clicking Group. The two groups to add are Management and Non-
management. The settings for each group should be Global and Security. Click
OK to create each group.
6. Click Next.
7. Click Next on the Password page to accept the defaults.
8. Click Finish. Teresa Atkinson now displays on the right-hand
screen, as a user under Reskit.com/Accounts/Headquarters.
9. Repeat steps 2 through 7, adding the names listed in Appendix A
for the Headquarters OU. When you are finished, the
Headquarters OU screen appears as illustrated in Figure 7 below.
Figure 7. User listing in the Headquarters OU
Important Notes
Logon Accounts
Sites on Network
Sites usually
correspond to a common physical (geographical) location on one or
more unique TCP subnets. This is because sites are used to organize
LAN and WAN segments to optimize network traffic patterns.
• Each domain must have its own domain controller to store the
domain directory containing account information for a domain.
• Windows 2000 does not use NT4 "Primary" and "Backup"
controllers. All domain controllers are equal with the Windows
2000 "multi-master" model.
• All changes made to one domain controller are replicated to all
other domain controllers on its domain.
Groups
Schema Objects
Each network resource (computer, drive share, printer,
etc.) exists as an object in an Active Directory schema,
which is like the data dictionary to a table.
o Object Name
o Object Identifier
o Syntax (for its data type: Boolean true/false, text mask,
etc.)
o Optional Range Limits
o Object Name
o Object Identifier
o "May Contain" Attribute
o "Must Contain" Attribute
o Parent Classes
o Auxiliary Classes
Containers
Schema Management
AD Schema Extensibility
enumprop
/ATTR:objectGuid,objectSid,distinguishedName
"LDAP://cn=administrator,cn=users,
dc=user5,dc=com"
CN=Common Name
DC=Domain Component
OU=Organizational Unit
Security Precautions
Domain Forests
Trusts
Permissions
Trees
Two methods: