Windows Server 2008 Training Day -3 Vijay Bhalerao BCS, MCM, CISA, - PowerPoint PPT Presentation

Windows Server 2008 Training Day -3 Vijay Bhalerao BCS, MCM, CISA, DCL,MCTS, ISO 27001 LA univijay2001@yahoo.com 1

Windows Server 2008- Day3  Domain Name Service (DNS), DNS zones and DHCP  Various Server Roles and Features  Operation Masters  RODC  Troubleshooting AD, DNS and DHCP  Windows Hyper-V 2

Domain and Forest Functional Levels  Determine the AD DS features available in a domain or forest  Restricts which Windows Server operating systems can be run on domain controllers in the domain or forest Supported functional levels: Domain Supported Domain Forests Controller Operating system Windows 2000 Windows Server 2008 Windows 2000 Native Windows Server 2003 Windows 2000 Windows Server Windows server 2008 Windows Server 2003 Windows Server 2003 2003 Windows Server Windows Server 2008 Windows Server 2008 2008 3

Active Directory Domain Services and DNS Namespace Integration Active Directory domain names must use DNS names  The same name space You can integrate an Active Directory  A sub domain of the external domain name with name space the external name space by using: Wood.com Wood.com Pine.Wood.com

DNS Zone Records  SOA – Start of Authority Resource record  Host (A) – Maps hostname to 32 bit IP  SRV – Service Location Record  NS – Name Server – Domain Name to DNS Authoritative server  Cname – Canonical Name (Alias)  MX – DNS Name to Mail Exchange Server 5

What Are Service Locator Records? SRV resource records allow DNS clients to locate TCP/IP-based Services. SRV resource records are used when:  A domain controller needs to replicate changes  A client computer logs on to Active Directory  A user attempts to change his or her password  An administrator modifies Active Directory SRV record syntax: protocol.service.name TTL class type priority weight port target Example of an SRV record _ldap._tcp.contoso.msft 600 IN SRV 0 100 389 den dc1.contoso.msft 6

Service Resource Locator Records Locator initiates a call to Net Logon service 1 Locator collects information about the client 2 Net Logon uses the information and queries DNS 3 for SRV resource records Net Logon tests connectivity to target servers 4 Domain controllers respond, indicating that they 5 are operational Net Logon returns the information to clients 6 7

Integration of Service Locator Records and Active Directory Sites Local DNS Server 7 . AUR-DC1 SAT-DC1 Auranagbad Site Satara Site 8

DNS Zones  DNS Zone Types • Primary • Secondary • Stub  Zone Ageing & Scavenging  Forward Lookup Zone - Hostname To IP address  Reverse Lookup Zone - IP Address To Hostname 9

Active Directory Integrated Zones Active Directory integrated zones store DNS zone data in the Active Directory database Benefits of Active Directory integrated zones:  Replicates DNS zone information using Active Directory replication  Supports multiple master DNS servers  Enhances security  Supports record aging and scavenging 10

Application Partitions in AD DS The Active Directory database is divided into directory partitions, with each directory partition replicated to specific domain controllers  A DNS zone can be stored in the domain partition or in an application partition  Administrators can define the replication scope of custom application partitions  DomainDNSzones and forestDNSzones are default application partitions that store DNS-specific data Domain Domain Config Config Domain Schema Schema Config App1 App1 Schema App2 11

Application Partition config. for DNS DNS information can be stored in a variety of application partitions To all domain controllers in the Active Directory domain Domain To all domain controllers that are Config DNS servers in the Active Schema Directory domain DomainDNSZone To all domain controllers that are ForestDNSZones DNS servers in the Active CustomApp Directory forest To all domain controllers in the replication scope for the application partition 12

Dynamic Updates Client sends SOA query 1 DNS server sends zone Resource DNS Server 2 Records name and server IP address Client verifies existing 1 2 3 4 5 3 registration DNS server responds by stating that registration does 4 not exist Client sends dynamic 5 update to DNS server Windows Windows Windows Server Vista XP 2008 13

Secure Dynamic DNS Updates A secure dynamic update is accepted only if the client has the proper credentials to make the update Local DNS Server Windows DNS Client Domain Controller with Active Directory Integrated DNS Zone 14

Dynamic Host Configuration Protocol Network topology where DHCP Client and server reside on the same LAN segment DHCP Server DHCP Client Switch tch 15

Dynamic Host Configuration Protocol • DHCP Process : DHCP SERVER 16

Important Server Roles & Features Server Manager 17

Server Roles 18

Features 19

Operations Master Roles Role Description  One per forest Schema  Performs all updates to the Active Directory schema Master  One per forest Domain  Manages adding and removing all domains and Naming Master directory partitions  One per domain  Allocates blocks of RIDs to each domain controller in RID Master the domain  One per domain  Minimizes replication latency for password changes PDC Emulator  Synchronizes time on all domain controllers in the domain  One per domain Infrastructure  Updates object references in its domain that point to the Master object in another domain

Schema Master Forest wide Domain Naming master RID Master Domain Wide PDC Emulator Infrastructure Master

Windows Time Service Windows Time service (W32Time) provides network clock PDC Emulator synchronization for domain controllers and client computers In a Windows Server 2008 forest, the PDC Emulator is used to provide the authoritative time Domain controllers for all other computers Client computers Time synchronization is important because:  User authentication includes a time stamp  Replication between domain controllers is time stamped 22

Read-Only Domain Controller (RODC) RODCs host read-only partitions of the Active Directory database, only accept replicated changes to Active Directory, and never initiate replication RODC RODCs provides additional security for:  Branch office  If applications must run on a domain controller RODCs:  Cannot be configured as an operation master or replication bridgehead  Can be deployed on Windows 2008 core server for additional security

Read-Only Domain Controller Features RODCs provide:  Unidirectional replication  Credential caching  Administrative role separation  Read-only DNS  RODC filtered attribute set – RODC 24

Preparing to Install the RODC Before installing an RODC:  Ensure that the domain and forest is at a Windows Server 2003 functional level  Ensure a writeable domain controller running Windows Server 2008 is available to replicate the domain partition  Run ADPrep /rodcprep to enable the RODC to replicate DNS partitions  Run ADPrep /domainprep in all domains if the RODC will be a global catalog server 25

Password Replication Policies  The password replication policy determines how the RODC performs credential caching for authenticated user  By default, the RODC does not cache any user credentials or computer credentials Options for configuring password replication policies:  No credentials cached  Enable credential caching on an RODC for specified accounts  Add users or groups to the Domain RODC Password Allowed group so credentials are cached on all RODCs 26

Read-Only DNS  A feature supported on Read-Only Domain Controllers  All application partitions containing DNS information are replicated to RODC  DNS information required for Active Directory name resolution is available for clients in the same site as the RODC  Changes are not allowed on the read-only DNS zone, which increases security 27

Hyper-V  Codenamed “Viridian”  Its hypervisor based Windows Server 2008 Platform that is included as a role  Consolidate workload into one Physical Server  One physical server can accommodate multiple OS  Broad ranges of services, application & different Operating systems 28

Hyper-V Features  Dynamic Memory  Live Migration  Hardware support for Hyper-V Virtual Machine  Management of Virtual Datacenters  Dynamic VM Storage  Various OS Supported  Virtual Machine Snapshot 29

Hyper-V Benefits  Power Saving  Reduced Cost  Increase Availability of Service  Improve Business Agility 30

Questions & Answer