Windows Server 2008 Training Day -3 Vijay Bhalerao BCS, MCM, CISA, - - PowerPoint PPT Presentation

windows server 2008 training
SMART_READER_LITE
LIVE PREVIEW

Windows Server 2008 Training Day -3 Vijay Bhalerao BCS, MCM, CISA, - - PowerPoint PPT Presentation

Apr 10, 2023 102 likes •417 views

Windows Server 2008 Training Day -3 Vijay Bhalerao BCS, MCM, CISA, DCL,MCTS, ISO 27001 LA univijay2001@yahoo.com 1 Windows Server 2008- Day3 Domain Name Service (DNS), DNS zones and DHCP Various Server Roles and Features Operation

slide-1
SLIDE 1

Day -3

1

Vijay Bhalerao BCS, MCM, CISA, DCL,MCTS, ISO 27001 LA univijay2001@yahoo.com

Windows Server 2008 Training

slide-2
SLIDE 2

Windows Server 2008- Day3

Domain Name Service (DNS), DNS zones and DHCP Various Server Roles and Features Operation Masters RODC Troubleshooting AD, DNS and DHCP Windows Hyper-V

2

slide-3
SLIDE 3

Domain and Forest Functional Levels

 Determine the AD DS features available in a domain or forest  Restricts which Windows Server operating systems can be

run on domain controllers in the domain or forest Supported functional levels:

Domain

Supported Domain Controller Operating system Forests Windows 2000 Native Windows Server 2008 Windows Server 2003 Windows 2000 Windows 2000 Windows Server 2003 Windows server 2008 Windows Server 2003 Windows Server 2003 Windows Server 2008 Windows Server 2008 Windows Server 2008

3

slide-4
SLIDE 4

Active Directory Domain Services and DNS

Namespace Integration

Active Directory domain names must use DNS names

You can integrate an Active Directory domain name with the external name space by using:

 The same name space  A sub domain of the external

name space

Wood.com Wood.com Pine.Wood.com

slide-5
SLIDE 5

DNS Zone Records

 SOA – Start of Authority Resource record  Host (A) – Maps hostname to 32 bit IP  SRV– Service Location Record  NS – Name Server – Domain Name to DNS Authoritative server  Cname – Canonical Name (Alias)  MX – DNS Name to Mail Exchange Server

5

slide-6
SLIDE 6

What Are Service Locator Records?

SRV resource records allow DNS clients to locate TCP/IP-based

  • Services. SRV resource records are used when:

 A domain controller needs to replicate changes

 A client computer logs on to Active Directory  A user attempts to change his or her password  An administrator modifies Active Directory _ldap._tcp.contoso.msft 600 IN SRV 0 100 389 den dc1.contoso.msft protocol.service.name TTL class type priority weight port target SRV record syntax: Example of an SRV record

6

slide-7
SLIDE 7

Service Resource Locator Records

Locator initiates a call to Net Logon service

1

Net Logon uses the information and queries DNS

for SRV resource records

3

Net Logon tests connectivity to target servers

4

Locator collects information about the client

2

Domain controllers respond, indicating that they are operational

5

Net Logon returns the information to clients

6

7

slide-8
SLIDE 8

Integration of Service Locator Records and Active Directory Sites

Auranagbad Site Local DNS Server AUR-DC1 SAT-DC1 Satara Site

8

7.

slide-9
SLIDE 9

DNS Zones

9

 DNS Zone Types

  • Primary
  • Secondary
  • Stub

 Zone Ageing & Scavenging  Forward Lookup Zone - Hostname To IP address  Reverse Lookup Zone - IP Address To Hostname

slide-10
SLIDE 10

Active Directory Integrated Zones

Active Directory integrated zones store DNS zone data in the Active Directory database

 Replicates DNS zone information using Active Directory replication

 Supports multiple master DNS servers  Enhances security  Supports record aging and scavenging

10

Benefits of Active Directory integrated zones:

slide-11
SLIDE 11

Application Partitions in AD DS

 A DNS zone can be stored in the domain partition or in an application partition  Administrators can define the replication scope of custom application partitions  DomainDNSzones and forestDNSzones are default application partitions that store DNS-specific data

Domain Config Schema App1 App2 Domain Config Schema Domain Config Schema App1

The Active Directory database is divided into directory partitions, with each directory partition replicated to specific domain controllers

11

slide-12
SLIDE 12

Application Partition config. for DNS

To all domain controllers that are DNS servers in the Active Directory domain To all domain controllers in the replication scope for the application partition To all domain controllers that are DNS servers in the Active Directory forest To all domain controllers in the Active Directory domain

Domain Config Schema DomainDNSZone ForestDNSZones CustomApp

DNS information can be stored in a variety of application partitions

12

slide-13
SLIDE 13

Dynamic Updates

Client sends SOA query DNS server sends zone name and server IP address Client verifies existing registration DNS server responds by stating that registration does not exist Client sends dynamic update to DNS server

Resource Records DNS Server Windows Server 2008 Windows Vista Windows XP

1 3 4 2 5 1 2 3 4 5

13

slide-14
SLIDE 14

Secure Dynamic DNS Updates

A secure dynamic update is accepted only if the client has the proper credentials to make the update

Windows DNS Client Domain Controller with Active Directory Integrated DNS Zone Local DNS Server

14

slide-15
SLIDE 15

Dynamic Host Configuration Protocol

15

DHCP Server DHCP Client

Network topology where DHCP Client and server reside on the same LAN segment

Switch tch

slide-16
SLIDE 16

Dynamic Host Configuration Protocol

  • DHCP Process :

16

DHCP SERVER

slide-17
SLIDE 17

Important Server Roles & Features

Server Manager

17

slide-18
SLIDE 18

Server Roles

18

slide-19
SLIDE 19

Features

19

slide-20
SLIDE 20

Operations Master Roles

Role Description Schema Master

 One per forest  Performs all updates to the Active Directory schema

Domain Naming Master

 One per forest  Manages adding and removing all domains and

directory partitions RID Master

 One per domain  Allocates blocks of RIDs to each domain controller in

the domain PDC Emulator

 One per domain  Minimizes replication latency for password changes  Synchronizes time on all domain controllers in the domain

Infrastructure Master

 One per domain  Updates object references in its domain that point to the

  • bject in another domain
slide-21
SLIDE 21

Schema Master Domain Naming master RID Master PDC Emulator Infrastructure Master Forest wide Domain Wide

slide-22
SLIDE 22

Windows Time Service

Time synchronization is important because:

 User authentication includes a time stamp  Replication between domain controllers is time stamped

Windows Time service (W32Time)

provides network clock synchronization for domain controllers and client computers

Domain controllers PDC Emulator Client computers

In a Windows Server 2008 forest, the PDC Emulator is used to provide the authoritative time for all other computers

22

slide-23
SLIDE 23

Read-Only Domain Controller (RODC)

RODCs host read-only partitions of the Active Directory database, only accept replicated changes to Active Directory, and never initiate replication

RODCs:

 Cannot be configured as an operation master or replication

bridgehead

 Can be deployed on Windows 2008 core server for additional

security RODCs provides additional security for:

 Branch office

 If applications must run on a domain controller

RODC

slide-24
SLIDE 24

Read-Only Domain Controller Features

RODCs provide:

 Unidirectional replication

 Credential caching

 Administrative role separation  Read-only DNS  RODC filtered attribute set

24

– RODC

slide-25
SLIDE 25

Preparing to Install the RODC

Before installing an RODC:

 Ensure that the domain and forest is at a Windows Server 2003

functional level

 Ensure a writeable domain controller running Windows Server

2008 is available to replicate the domain partition

 Run ADPrep /rodcprep to enable the RODC to replicate DNS

partitions

 Run ADPrep /domainprep in all domains if the RODC will be a

global catalog server

25

slide-26
SLIDE 26

Password Replication Policies

 The password replication policy determines how the RODC performs

credential caching for authenticated user

 By default, the RODC does not cache any user credentials or computer

credentials  No credentials cached

 Enable credential caching on an RODC for specified accounts Options for configuring password replication policies:  Add users or groups to the Domain RODC Password Allowed group so

credentials are cached on all RODCs

26

slide-27
SLIDE 27

Read-Only DNS

 A feature supported on Read-Only Domain Controllers

 All application partitions containing DNS information are replicated to RODC

 DNS information required for Active Directory name resolution is available for

clients in the same site as the RODC  Changes are not allowed on the read-only DNS zone, which increases security

27

slide-28
SLIDE 28

Hyper-V

28

 Codenamed “Viridian”  Its hypervisor based Windows Server 2008 Platform that is included as a role  Consolidate workload into one Physical Server  Broad ranges of services, application & different Operating systems  One physical server can accommodate multiple OS

slide-29
SLIDE 29

Hyper-V Features

29

 Dynamic Memory  Live Migration  Hardware support for Hyper-V Virtual Machine  Management of Virtual Datacenters  Dynamic VM Storage  Various OS Supported  Virtual Machine Snapshot

slide-30
SLIDE 30

Hyper-V Benefits

30

 Power Saving  Increase Availability of Service  Improve Business Agility  Reduced Cost

slide-31
SLIDE 31

Questions & Answer