《MCSE Windows 2000 Directory Services Design考前辅导》PDF下载

  • 购买积分:19 如何计算积分?
  • 作  者:(美)J.Peter Bruzzese等
  • 出 版 社:北京:中国水利水电出版社
  • 出版年份:2001
  • ISBN:7980044584
  • 页数:675 页
图书介绍:

CHAPTER 1 WHAT IS A DIRECTORY SERVICE? 1

A Directory 2

Objects 3

Attributes 3

The Way Things Were 3

Advantages of a Directory Service 5

Example 1 6

Without a Directory Service 6

With a Directory Service 6

Example 2 6

Without a Directory Service 6

With a Directory Service 6

With a Directory Service 7

The Building Blocks of a Directory Service 7

Without a Directory Service 7

Example 3 7

Why Has It Not Been Done Sooner? 9

Banyan Systems Street Talk 9

Novell Directory Services(NDS) 9

What about Now? 10

Microsoft s Active Directory Service 10

Let s Get Technical 11

Chapter Summary 12

CHAPTER 2 ALL ROADS LEAD TO X.500 13

One Standard for All 14

The History of X.500 14

How It All Began 15

X.500-The Service, the Myth,the Legend 17

What Is a Hierarchical Structure? 18

Application Relationships 21

Container and Noncontainer Objects 22

Client Access Protocols:DAP and LDAP 24

Directory Access Protocol(DAP) 24

LDAP 26

The Innards of LDAP 28

How Does LDAP Really Work? 29

DSAs,DUAs,and DITs,Okay? 29

LDAp and Active Directory 30

Chapter Summary 31

Review Questions 31

Real-World Project 35

CHAPTER 3 THE FUNDAMENTALS OF ACTIVE DIRECTORY 37

Active Directory Strengths 38

The Way It Was 38

Simplified Administration 39

Security 40

Scalability 40

Extensibility 40

Open Standard Support 40

Interoperability 41

The Nitty Gritty on Addressing 41

Objects 41

Groups 42

Organizational Units 42

Domains 42

Trees 43

Sites 44

Forest 44

Global Catalog 46

Schema 46

Naming Conventions 46

Active Directory Services Interface 48

Chapter Summary 48

Review Questions 49

Real-World Project 53

CHAPTER 4 TCP/IP,WINS,AND DHCP 65

TCP/IP 67

A Bit of History 67

The Four Layers of TCP/IP 68

Transport Layer 70

TCP/IP Addressing Scheme 72

Application Layer 72

Assigning the TCP/IP Address 76

TCP/IP Utilities 76

Testing Your Configuration 77

DHCP 78

How DHCP Works 78

Step One:DHCPDISCOVER 80

Step Two:DHCPOFFER 81

Step Three:DHCPREQUEST 81

Step Four:DHCPACK 81

What If Something Goes Wrong 81

Automatic Private Addressing 81

Renewing and Releasing the Lease 82

Backing Up the DHCP Database 82

How Does WINS Work 83

Restoring the DHCP Database 83

WINS 83

WINS Name Registration Process 84

Renewing Your Registration 85

When the Client Is Done with the IP Address 86

Looking for Somebody on the Network 86

WINS Proxy Agent 86

Configuring WINS with the WINS Snap-In 87

Chapter Summary 88

Review Questions 90

Real-World Projects 93

CHAPTER 5 DEVELOPING A DOMAIN NAME SERVICE(DNS) NAMESPACE STRATEGY 99

What Existed before DNS? 100

Why Do We Use Uniform Resource Locators? 101

What Is DNS? 101

How Does DNS Functions? 102

The Root and Top Levels 102

DNS Naming Conventions 104

Zones 104

Name Servers 105

Types of Name Servers 105

Name Resolution 106

Recursive 107

Iterative 108

Caching 108

Forward and Reverse Lookup Zones 109

DNS Database Files 109

Start of Authority(SOA) 110

The Mail Exchange Record 112

The Host Record(A) 112

The Name Server(NS)Record 112

The CNAME Record 113

Other Important Files for DNS 113

Dynamic DNS! 114

DHCP and DDNS 115

The Internals of DDNS 116

Planning Your DNS Implementation 118

What s In a Name? 118

The Root of your Name 120

Are You In or Are You Out? 121

Two Distinct Namespaces 122

Single Namespace Implementation 123

Server Implementation 124

Creating Your Zones and Handling Replication 126

Chapter Summary 127

Review Questions 127

Real-World Projects 132

CHAPTER 6 DESIGNING AN ACTIVE EIRECTORY DOMAIN 137

Domains 139

Organizational Units 140

Designing an Organizational Unit Structure 142

Strategy 143

The Number of Levels 144

Domains or Organizational Units 145

Security 146

Security Identifier 147

Security Descriptor 147

Groups 148

International Company 149

Implementing a Domain Structure 149

Nationwide Company 151

A Small Company 152

Delegation of Administration 153

Centralized Administration Model 154

Distributed Administration Model 154

Combination 154

Common Organizational Unit Models 155

Geographic Model 155

Object Model 156

Cost Center Model 157

Project Model 157

Division or Business Unit Model 158

Administration Model 158

Hybrid Model 159

Chapter Summary 160

Review Questions 165

Real-World Projects 168

CHAPTER 7 DESIGNING A MULTIPLE DOMAIN STRUCTURE 173

Review of Single Domain Options 174

The Need for a Larger Tree 175

What Is a Domain Tree? 176

Transitive Trusts 177

Empty Root Domains 178

Forests 179

To Forest or Not to Forest? 179

Shortcut Trusts 180

Forest Points to Remember 181

Multiple Forests 181

The First Level 183

Design Considerations for Domain Architecture 183

The Root 183

The Second Level 184

Scenario Review 192

Scenario One 192

Scenario Two 193

Scenario Three 193

Scenario Four 194

Scenario Five 194

Chapter Summary 194

Review Questions 196

Real-World Projects 200

CHAPTER 8 GROUP POLICY IMPLEMENTATION 205

The User 206

Groups 206

Groups of NT 4 207

Types of Groups 207

Mixed Mode:The Slow Integration Process 209

Windows 2000 Security Groups in “Native Mode” 210

Domain Local Groups 210

Global Groups within Windows2000 211

Universal Groups 211

Group Conversions 212

Illustrating Local,Global,and Universal Groups 212

Groups and the Global Catalog 214

Planning Your Group Strategy 215

Group Placement 215

Name that Group 216

Delegate Administrative Control 216

Scenario One 218

Implementation Options Reviewed 218

Scenario Two 219

Group Policies 219

Profiles vs.Policies 220

System Policies of NT 4 221

GPOs,GPCs,and GPTs 222

How Group Policies Are Applied 225

The Default Application of Policy 226

Overriding and Blocking of Inheritance 226

Filtering Group Policies 228

Inner Workings of a Group Policy 229

Planning:The Key to Global Policies 233

Method of Group Policy Application 233

How Many Policies for the GPO? 235

Organizing Your Organizational Units 236

Minimize Block Policy and Override Features 237

Are You Counting Time,or Making Your Time Count? 238

Chapter Summary 238

Review Questions 239

Real-World Projects 244

CHAPTER 9 ACTIVE DIRECTORY REPLICATION 249

Multi-master vs.Singlemaster Replication 250

Replication or Synchronization? 252

LDAP Data Interchange Format(LDIF) 253

Comma Separated Variable Import/Export Utility(CSVDE.EXE) 253

Into the Heart of Replication 254

Automatic and Manual Topologies 256

Active Directory Architecture 257

Extensible Storage Engine(ESE) 258

From the Top,Down 258

Database Layer 259

The Directory Service Agent 259

Update Requests 260

Deleted Objects-Where Do They Go? 260

From Origination to Replication 261

Sequence Numbers:The Nightmare Begins 261

Preventing Unnecessary Replication 264

Up-To-Date Vector(UTD Vector) 264

High Watermark Vector 266

Collisions:They Will Occur 266

Replication Partitions 268

Special Masters 269

Inter-and Intra-Site Replication 270

Intra-Site Replication 271

Inter-Site Replication 272

Manual Modifications 273

Monitoring Your Replication Traffic 274

Network Monitor 274

Performance Monitor 275

Chapter Summary 277

Review Questions 279

Real-World Projects 283

CHAPTER 10 MANAGING SITE BOUNDARIES 285

Active Directory Sites 287

Logon Traffic 287

Distributed File System(DFS)Topology 288

File Replication Service(FRS) 288

Replication Traffic 288

Site Aware Applications 289

Replication Latency 290

Replication Efficiency 290

Replication Cost 290

The Different Types of Replication 291

Intra-Site Replication 291

Inter-Site Replication 293

Seeing If Active Directory Sites Are Necessary 294

Placing the Domain Controllers(DC) 295

Connectivity 296

Available Bandwidth 297

Replication Traffic 298

Transport 299

Site links 299

Member Sites 300

Cost 300

Frequency 300

Schedule 300

Site Link Bridges 301

Planning Inter-Site Replication Topology 302

Transports 303

Bridgehead Servers 304

Inter-Site Topology Generator 304

Least-Cost Spanning Tree 305

Placing Servers in Sites 305

Placing the Global Catalog(GC)Server 306

Placing the Operation Masters 307

Chapter Summary 310

Review Questions 313

Real-World Projects 316

CHAPTER 11 DESIGNING YOUR ACTIVE DIRECTORY INFRASTRUCTURE 323

A Functional Team 324

What Will the Team Handle? 325

What Roles Will the Team Members Play? 326

The Vision and the Scope 328

Vision 329

Scope 329

The Vision/Scope Document 329

Address Your Risks 330

Your Current Physical Infrastructure 330

Hardware and Software 331

Network Details 332

The Users within the Organization 333

Design Your Naming Strategy 334

Design Your Directory Service Infrastructure 334

The Goal 334

Design Your Domain(or Multiple Domain)Strategy 335

Design a Group Policy 337

Design Your Site Topology 337

Designing Your Schema 338

Planning for Growth 338

Delegation of Authority 339

Chapter Summary 341

Review Questions 343

Real-World Projects 348

CHAPTER 12 ACTIVE DIRECTORY SECURITY FEATURES 353

Kerberos 354

A Kerberos Transaction 355

Kerberos Vocabulary 356

Kerberos and Transitive Trusts 357

File Access Permissions 360

NT 4 Permissions 360

File Permissions under Windows 2000 363

Encrypting File System(EFS) 368

How Does EFS Work? 369

Security Policies 370

Password Policy 371

Account Lockout Policy 371

Audit Policy 372

User Rights Assignment 373

Security Options 374

Smart Cards 374

How Do Smart Cards Word? 375

IP Security(IPSec) 376

The IPSec Monitor 377

Active Directory Design and Security 378

Chapter Summary 379

Review Questions 381

Real-World Projects 384

CHAPTER 13 MONITORING,OPTIMIZING,AND TROUBLESHOOTING ACTIVE DIRECTORY 387

Performance Console 388

Performance Console and Replication 389

Task Manager 390

Network Monitor 390

Replication Monitor 391

NTDSUTIL 393

SECEDIT 394

NETDOM 395

DNSCMD 396

DSASTAT 396

Miscellaneous Tools 396

NETSVC 396

MOVETREE 397

The Right Tool for the Job 397

Advanced Startup Options 397

Recovery Console 399

Backup and Restore Active Directory 400

Active Directory Restoration 402

Chapter Summary 402

Review Questions 405

Real-World Projects 409

CHAPTER 14 SCHEMA:DESIGN AND MODIFICATION 413

What Is the Schema? 414

Objects 416

Object Classes 416

Attributes 417

Syntax 418

Object Identifiers(OIDs) 419

Object Classes and Attributes Defined in the Schema 419

Before Modifying the Schema 421

Static 422

Low-Latency 422

Transient 422

Modifying the Schema 422

Installing Software Applications 423

Scripting 423

Using the Active Directory Schema Manager 423

Who Can Modify the Schema? 424

Modifying a Class 425

Items in the Schema that Can Be Modified 425

Creating a New Class 426

Modifying an Attribute 427

Creating a New Attribute 428

Deactivating a Class or and Attribute 429

Indexing an Attribute 429

Replicating an Attribute to the Global Catalog 429

Once the Modification Is Made 430

System Checks on the Schema 430

Time Interval Before Changes Take Effect 431

Schema Replication 432

Chapter Summary 433

Review Questions 436

Real-World Projects 440

CHAPTER 15 DEPLOYING WINDOWS 2000 ACTIVE DIRECTORY 443

Evaluating the Organization 445

The Planning Team 445

The Vision and the Scope 447

Managing Risks 449

The Administrative Delegation Model 450

Physical Locations 453

The Current Business Practices 454

The Security Requirements 455

Future Growth of the Company 456

Existing Network Connections 457

Designing an Active Directory Structure 458

Delegation of Administrative Authority 458

Group Policies 459

The Domain Structure 460

Schema Policy 461

Site Topology 462

The Naming Strategy 462

Chapter Summary 463

Review Questions 466

Real-World Projects 470

CHAPTER 16 MIGRATING FROM WINDOWS NT 4 TO ACTIVE DIRECTORY 473

The Different Planning Phases of Migration 474

Designing the Active Directory Structure 475

Choose a Migration Path 475

Develop a Domain Upgrade or a Restructure Strategy 476

Plan the Deployment of the Migration Strategy 476

The Migration Path 477

Defining the Existing Domain Arrangement 477

What Will Be Achieved from the Migration? 481

The Active Directory Design 482

Evaluating the Migration Paths 482

The Domain Upgrade Strategy 485

How Many Forests Are in the Design? 486

What Is the Site Topology of the Design? 487

What Are the Security and Administration Plans in the Design? 489

The Current Operating System 490

The Recovery Plan 491

Domain Upgrade Order 492

Upgrading Domain Controllers 493

Mixed Mode or Native Mode? 494

Post-Upgrade Tasks 495

Restructuring Domains 497

Inter-Forest Restructuring 497

Intra-Forest Restructuring 501

Domain Restructure Tools 503

Chapter Summary 503

Review Questions 506

Real-World Projects 510

CHAPTER 17 ACTIVE DIRECTORY AND EXCHANGE SERVERS 513

Replication vs. Synchronization Revisited 514

The Active Directory Connector 515

Installing the Active Directory Connector 516

Connection Agreements with the ADC 517

Creating Connection Agreements 519

Putting Active Directory Connector to Work 530

Manage Your Objects Centrally 531

Troubleshoot Your Connector 533

Do You Need the ADC? 535

Planning Your ADC 535

Some Questions You Need to Resolve 536

A Review of the Scenario Models 538

Final Issues 541

Exchange 2000 541

Chapter Summary 542

Review Questions 543

Real-World Projects 547

CHAPTER 18 SAMPLE TEST 551

CHAPTER 19 ANSWER KEY 577

APPENDIX A ANSWERS TO REVIEW QUESTIONS 595

APPENDIX B RFCS FOR TCP/IP FOR WINDOWS 2000 629

APPENDIX C EXAM OBJECTIVES 631

GLOSSARY 635

INDEX 649