active directory для windows server 2003. Справочник администратора.pdf
TRANSCRIPT
-
. ., . I. Active Directory Windows Server 2003.
1. Active Director. 2. Active Directory. 3. Active Directory . 4. Active Directory .
II. Active Directory Windows Server 2003. 5. Active Directory. 6. Active Directory. 7. Active Directory.
III. Active Directory Windows Server 2003. 8. Active Directory. 9. Active Directory. 10. Active Directory. 11. . 12. . 13. .
IV. Active Directory Windows Server 2003. 14. Active Directory. 15. .
-
Active Directory Microsoft Windows Server2003, , Active Directory Windows Server 2003. Active Directory Microsoft Windows 2000. Active Directory, Windows 2000, Windows Server 2003, , . , Active Directory, , , ActiveDirectory . , , , Active Directory .
Active Directory Microsoft Windows Server 2003 , Active Directory. Active Directory Windows 2000, Active Directory . , Active Directory. , Active Directory, . , . I Active Directory . II , Active Directory . Active Directory , III , Active Directory, Active Directory . IV, , Active Directory. I, Active Directory Windows 2003, Active Directory Windows Server 2003. ActiveDirectory , Microsoft.Active Directory , , , - . , Active Directory . I, .
1, Active Directory, , Microsoft Windows 2000 Windows NT. Active Directory . , Windows Server 2003 , Windows 2000.
2, Active Directory, , Active Directory. Active Directory, ActiveDirectory, Active Directory, , .
3, Active Directory , Active Directory. Active Directory (DNS - Domain Name System),
-
DNS, Active Directory. DNS, Active Directory DNS, , DNS, , Active Directory.
4, Active Directory , Active Directory. , Active Directory, , Active Directory . Active Directory , , . Active Directory, Active Directory . II, Active Directory Windows Server 2003, . Active Directory . , , , (OU - Organizational Unit), , . Active Directory Windows Server2003 , Active Directory. , Active Directory Windows Server 2003, , Microsoft Windows NT 4. ActiveDirectory Windows Server 2003 Windows NT, . II .
5, Active Directory, , Active Directory. : Active Directory. , , , , OU.
6, Active Directory, , Active Directory. ActiveDirectory , .
7, Active Directory, , Microsoft Active Directory WindowsServer 2003. , Windows NT, Active Directory Windows 2000. , , Windows NT Active Directory Windows Server 2003, Active Directory Windows2000. Active Directory , . III, Active Directory Windows Server 2003, , . III : . , Active Directory, ActiveDirectory. . Active Directory , . . - , . III .
-
8, Active Directory, , Active Directory Windows Server 2003. Kerberos, Active Directory.
9, Active Directory, Active Directory, . Active Directory , . , Active Directory.
10, Active Directory, Active Directory: , . Active Directory Windows Server 2003 , inetOrgPerson, , .
11, , . , Active Directory, , , , .
12, , . . , . , , .
13, , . , , , , . , . , Active Directory . Active Directory. , - , . , , Active Directory . IV, Active Directory Windows Server 2003, .
14, Active Directory, , Active Directory, Active Directory . , ActiveDirectory.
15, , , Active Directory. ActiveDirectory , , .
, , Active Directory. Active Directory MicrosoftWindows Server 2003 - , , . , .
-
. , 5 , , , , 2. , (. 12), , 11.
, , . , , , .. , . . , , - , .. , . , . . . .. , . .. , . . , , . , .
-
I. Active Directory WindowsServer 2003Active Directory Microsoft Windows Server 2003 , Microsoft. Active Directory , , . , Active Directory , . . 1, Active Directory, , Active Directory Windows Server 2003. 1 2 , Active Directory. Active Directory (DNS - Domain Name System), 3 , DNS Active Directory. , , ActiveDirectory, , Active Directory . 4 , .
1. Active Directory Microsoft Windows Server 2003 , Microsoft - Active Directory. Microsoft Windows 2000, Active Directory, Windows Server 2003, , .. Windows Server 2003 Microsoft Windows Server 2003, Active Directory: Windows Server 2003, Standard Edition; Windows Server 2003, EnterpriseEdition; Windows Server 2003, Datacenter Edition. , Active Directory Windows Server 2003, . Active Directory , - , Windows Server 2003. Active Directory Active Directory, . , , Active Directory. .
MicrosoftActive Directory Microsoft Windows. Active Directory Windows Server 2000, Windows Server 2003.
-
Microsoft . , , , . -, , ( ) , .
LAN OS/2 MS-DOS1987 , Microsoft ( OS/2 MS-DOS), Microsoft LAN Manager. LAN Manager , , . . , .
Windows NT SAM Microsoft Windows NT 3.1 Advanced Server. Windows NT Server 32- Microsoft Windows for Workgroups, . Windows NT NOS (Network Operating System ) SAM (Security Accounts Management - ). , . , Windows NT. SAM Microsoft Windows NT NOS, Windows NT 3.5 Windows NT Server 4. SAM , - . Windows NT Windows NT. SAM , . SAM 40. , , 40000. , . , , . Windows NT 4 , , , . , . , , . , , . , : (single domain), (master domain), (multiple master domain, multimaster) (complete trust). 1-1.
-
. 1 -1. , Windows NT 4
. , Windows NT 4 , .. . , , , . , Windows NT . - , Windows NT, . SAM . , SAM, NOS. . , SAM , (UI - User Interface) Windows NT 4, UserManager For Domains ( ) Server Manager (). SAM Windows NT Windows-NOS. Microsoft Exchange Server.
Windows 2000 Active Directory SAM NOS, Exchange Server. Exchange Server, - ExchangeDirectory. Exchange Directory , . , Exchange Directory (LDAP) TCP/IP( ) . NOS- Windows, Microsoft Exchange Server . - Exchange Server , Exchange Server , ,
-
Exchange Server. Windows 2000. Active Directory, Exchange Server 4, Windows 2000. Active Directory SAM Microsoft. Windows NT 4SAM . ActiveDirectory Windows 2000 , . 70 , SAM 40 . , ActiveDirectory, . Active Directory , . Compaq Computer Corporation, Hewlett-Packard, . , , , , . Active Directory , , . , , . , , Active Directory. , Windows NT 4, (OU - organizational unit), Windows NT 4. 1-2 Windows 2000. Active Directory . Active Directory , LDAP .500. Active Directory . Active Directory, LDAP- , Active Directory Service Interface (ADSI) Edit Ldp.exe (LDAP-- Active Directory). Active Directory LDAP, . , , (GUI).
. 1 -2. Windows 2000
----- /..... \
/:::\CQntOSO.C0ITI
^ : .^ > ,
.------------------(----------------
-
Windows Server 2003 Active Directory , , Active Directory, Windows 2000, Windows Server 2003 Web Edition, Active Directory . Active Directory Windows Server 2003 , , . , , MS-DOS, LAN Manager, ActiveDirectory , . , Active Directory Windows Server 2003, .
Active Directory , Microsoft NOS . , , , NOS, . Windows Novell Netware, Intel, UNIX-, RISC ( ), Linux, , . NOS . . , , () , . , Active Directory: .500 LDAP.
.500 .500 (namespace) , ActiveDirectory. .500 , . . .500 (OID -Object Identifier), . Active Directory .500, Microsoft ( ) . (dotted), .. , (string). , .500 OID, 2.5.4.10, Organization-Name ( ) ( LDAP- - ). .500, . Active Directory .500, (OSI - Open SystemsInterconnection). :cn=Karen Friske, cn=Users, dc=Contoso, dc=com .500, Users() Contoso.com Karen Friske. Contoso. .500 , ( OU),
-
. .500 Request for Comments (RFC)1779, http://www.faqs.org/rfcs/rfcl779.html. .500 OID, (snap-in) ActiveDirectory Schema ( Active Directory), ADSI Edit ( ADSI). .500 OID Organization-Name, ADSI Edit : CN=Organization-Name. 1-3 attributelD ( .500) http://Organization-Name.
. 1 -3. Organization-Name, ADSI Edit
. , , , , . , (). , , , Active Directory Windows Server 2003. , . :
Windows, , , , , ;
Windows Novell, Intel NOS - . -, (IT), NOS. , , .Windows 2000 Active Directory, Windows Server 2003 Active Directory, Novell DirectoryServices Novel Netware 5 ;
(DNS) UNIX, DHCP (Dynamic Host ConfigurationProtocol - ), /
-
(firewall/proxy) NAT (Network Address Translation - ), RISC. ( ) - UNIX-. , , , , ; Linux , Intel RISC. Linux, , , , . Linux- , Windows- SMB (Server Message Block - ). , Windows-.
(LDAP) LDAP , ActiveDirectory Windows Server 2003. LDAP X.500/OSI. (API) LDAP Active Directory Windows Server 2003 Wldap32.dll. Active Directory , LDAP ADSI (Component Object Model ). LDAP TCP/IP , LDAP-. LDAP , Active Directory . LDAP , , :LDAP: // cn=Karen Friske, cn=Users, dc=Contoso, dc=com , LDAP- . LDAP- ( ) RFC 1777, http://www.faqs.org/rfcs/rfcl777.html. Active Directory, LDAP, LDAP- Ldp.exe, Suptools.msi, Support\Tools - Windows Server 2003. Ldp.exe, Active Directory UDP (User Datagram Protocol ) LD- , . ActiveDirectory, Ldp.exe, , Active Directory, UDP 389, , - . 1-4 Karen Friske, Ldp.exe.
-
. 1-4. Karen Friske, Ldp.exe
Active Directory : Active Directory?. Windows Server 2003, Active Directory . , Active Directory, Microsoft Exchange Server 2000.Exchange Server 2000 Active Directory , Active Directory, Exchange Server 2000. Active DirectoryWindows Server 2003.
Active Directory , . , , . , , Exchange Server 2000. , .
(forest - Active Directory) WindowsServer 2003 (UPN -User Principal Name), , [email protected]. , , . UPN Active Directory, Active Directory, .
Windows NT 4 SAM , . , DomainAdmins. , , , DomainAdmins. . , Active Directory
-
. Delegation Of Control Wizard () Active Directory, . , , , - .
, ActiveDirectory . Microsoft ( Microsoft Management Console). Active Directory . Active Directory Active Directory UsersAnd Computers (Active Directory: ), Active Directory Domains AndTrusts (Active Directory: ) Active Directory Sites And Services(Active Directory: ). , Windows Server 2003, , DHCP DNS.
Active Directory Windows Server 2003 . Windows Server 2003 . Windows Server 2003 Windows Server 2003: Kerberos v5 NT LAN Manager (NTLM). Kerberos , , Windows 2000 Professional MicrosoftWindows XP Professional. , (Windows NT 4, Microsoft Windows 98 ) NTLM. NTLM Windows XP Professional Windows 2000, , Windows NT 4, Windows 2000 Windows Server 2003. Active Directory Windows Server 2003. Windows Server2003, Active Directory , (SID - Security Identifier) , SID , . SID Active Directory. , , , .
, , , Active Directory , . , . Active Directory Active Directory, . , Active Directory, , , .
-
Active DirectoryWindows Server 2003 Active Directory, , , Active Directory Windows Server 2003. Windows Server2003. .
Active Directory Users AndComputers Active Directory Users And Computers (ActiveDirectory: ). Windows Server 2003 . , , . , , (Account Options: Password Never Expires - : ), , , . Active Directory Users And Computers . , , , , , .
Active Directory Windows Server 2003 , , . , , Active Directory Windows Server 2003. , Windows Server 2003.. Windows Server 2003, NOS, , Windows NT 4 Windows 2000. , , Windows 2000 ( Windows 2000 mixed). , Active Directory , , Windows Server 2003 Windows Server 2000. Active Directory, WindowsServer 2003 , .. , Windows 2000 Windows NT 4.. Active Directory Windows Server 2003 mixed-mode ( ) native-mode ( ) Windows2000. Windows Server 2003 Microsoft Active Directory, Active Directory. . . . 2-1 2-2.
Active Directory (GUID Globally Unique Identifier)
-
(SID - Security Identifier) . , , , Active Directory, , . IT-. , .
( )Active Directory . , , . Active Directory. Active Directory, DNS. Active Directory, DNS. , DNS , DNS-, DNS-- . , , .
, Active Directory. Windows 2000 ( ) , , . Active Directory Windows Server 2003 System State ( ) Windows Server2003. , , .
Windows Server 2003 , , , . - . , , - , integer( ). , , (string), , . . . , , , , .
Active Directory Windows Server 2003 , Windows 2000, . , ,
-
, . ( ), . , .
, Windows 2000 (native-mode), (GC - Global Catalog) . , . , - GC, Active Directory , . Windows Server 2003 , , GC. , GC-. , GC- , , .
Windows 2000 , , , . , , . Windows Server 2003 .
UI- (object picker) (UI), ActiveDirectory. , UI- , , . , . , . , , . , UI- , Active Directory.
, - (tombstone) , . - , , . , , -, Active Directory . , - , . , -, - ,
-
. , .
inetOrgPersonActive Directory Windows Server 2003 inetOrgPerson , RFC 2798, http://www.faqs.org/rfcs/rfc2798.html. Active Directory inetOrgPerson LDAP--, inetOrgPerson Active Directory Windows Server 2003.
, Microsoft , . Windows2000, NOS Windows Active Directory. , . , Active Directory, .
-
2. ActiveDirectory Active Directory Microsoft Windows Server 2003 : . Active Directory , , . Active Directory , ( , ) . , . Active Directory. Active Directory. , . .
Active Directory Active Directory , . ActiveDirectory , . Active Directory , . , . (operations master roles). , , (GC Global Catalog). Active Directory , .
Active Directory Ntds.dit . %SystemRoot%\NTDS, . , , , . Ntds.dit %SystemRoot%\ System32. - (, ) , Active Directory. MicrosoftWindows Server 2003, . Active Directory (Dcpromo.exe) Ntds.dit System32 NTDS. , NTDS, . , .
, Windows Server 2003, Active Directory, . , . (multimaster), . 4, . , Active Directory, , Active
-
Directory . (GC) (operations masters).
(GC). , (NC - NamingContext) . GC , NC. GC , Active Directory.. GC, . , GC, Active Directory Schema ( Active Directory), . GC, Replicate This AttributeTo The Global Catalog ( ) . isMemberOfPartialAttributeSet true(). , , . GC. , , . GC, Global Catalog Server ( ) Active Directory Sites And Services ( Active Directory). . GC , . 5 GC-, , , . , GC-. -, ActiveDirectory. GC , , , , . GC- ( ), GC- , , GC-, . , GC-, LDAP- (Lightweght DirectoryAccess Protocol ), 3268 ( GC-).-, GC- . , , GC-. , , , . ( , Microsoft Windows 2000 Windows Server2003. Windows Server 2003, - Active Directory , .) . , , , .. (GC). , , GC- .. Windows Server 2003 , Windows Server 2003 GC-. - , GC, , . GC-, ( 8 ). ,
-
GC-. , Active Directory: Sites And Services ( Active Directory) . NTDS Site Settings ( NTDS), Properties (). Properties Enable Universal Group MembershipCaching ( ), , . , GC.
Windows Server 2003 . , , . , . , mixed () Windows 2000; Windows 2000. 2-1 , .
. 2-1.
Windows 2000 mixed Windows NT 4, Windows 2000,() ( Windows Server 2003.)Windows 2000 native () Windows 2000, Windows Server 2003.
Windows Server 2003 interim Windows NT 4, Windows Server 2003.() Windows Server 2003.Windows Server 2003
2-2 , .
. 2-2.
Windows 2000 ( Windows NT 4, Windows 2000,) Windows Server 2003.
Windows Server 2003 interim Windows NT 4, Windows Server 2003.() Windows Server 2003.Windows Server 2003
Windows Server 2003, , Windows 2000 native WindowsServer 2003. , Windows 2000 native, Windows Server 2003, - Windows Server 2003. , () , . ., (GC) , , - (,[email protected]). GC
,
,
-
(UPN - User Principal Names), . , GC, , , .
Active Directory . , . , (authoritative) . , , ; FSMO (Flexible Single Master Operations ). Active Directory:
; ; RID; PDC (Primary Domain Controller ); . .
, . , .. . Active Directory , . , . . , .
, . , ( Schema Admins ) . , , . , . , ( ) . Active Directory Schema ( Active Directory) Ntdsutil. fSMORoleOwner .
, . , . , . , (RPC) , . Dcpromo.exe , Active Directory. . Dcpromo.exe , . , . Ntdsutil. ,
-
. Dcpromo.exe .
(RID) - . RID-, , , . (RID), (SID), . RID RID-. RID- RID- , RID- RID-. RID- , RID- . . RID- - , . RID- , , , RID- . RID- , , , RID-, . , RID- , .
PDC PDC , Windows Server 2003 , , Windows 2000. , Windows 2000 mixed (), Windows Server 2003 (PDC) (Microsoft Windows NT 4 3.51) (BDC Backup Domain Controller). PDC , BDC- (Domain Master Browser Service). PDC , , , , . , Windows 2000 native () Windows Server2003, PDC . , , PDC. , PDC, , PDC. PDC , .
. , , , , . . , .
, . .
-
: - Active Directory Schema; Active Directory Domains
And Trusts ( Active Directory); RID, PDC Active
Directory Users And Computers ( Active Directory). : . . . , , , , . . . 15.
, Active Directory. Active Directory, . , . , , , .
. , . . User (). , Active Directory, User. , . . , , . , User, organizationalPerson, User. , , , . , Active Directory , . , display Name, , -. . Active Directory . . . , Computer() User (), Computer , User. Computer , . Active Directory Schema . 2-1 Computer (). , User, organizationalPerson, .. , , , .
-
. 2-1. Computer (), Active Directory Schema
Active Directory , . Category 1 ( 1), . , , Active Directory . , , , , . , , Category 2 ( 2). , , Active Directory. Microsoft ExchangeServer 2000, Active Directory . , Active Directory, . , LDAP Data InterchangeFormat Directory Exchange (LDIFDE) Comma Separated Value Directory Exchange (CSVDE). , Active Directory Service Interfaces (ADSI) Microsoft Visual Basic. . LDIFDE CSVDE . ADSI ADSI Edit Microsoft Windows Platform (SDK), - http://www.microsoft.com/msdownload/platformsdk/sdkupdate.ac ADSI Platform SDK http://msdn.microsoft.com/library/default.asp?url=/library/ en-us/netdir/adsi/directory_services.asp. Windows Server 2003 Active Directory Schema. , Regsvr32 Schmmgmt.dll . Schema Admins (). , , , , , .. - Active Directory. , . Active Directory Schema User. .
1. Active Directory Schema ( Active Directory).2. Attributes () .3. Action () Create Attribute ( ).
-
4. Schema Object Creation ( ) Continue ().
5. Create New Attribute ( ) Identification ():
Common Name ( ); LDAP Display Name ( LDAP-); Unique X500 Object ID ( 500); Description ().
6. Syntax And Range ( ) : Syntax (); Minimum (); Maximum ().
7. , (Multi-Valued) . , , F1.
500 Object ID . , Active Directory (OID Object Identifier) , OID. , OID, (ISO InternationalStandards Organization) (ANSI - AmericanNational Standards Institute). OID, ., 1.2.840.. :
1 - ISO; 2-ANSI; 840 - ; , .
, . , Employee Start Date ( ), 1.2.840..12. OID Active Directory 1.2.840.113556.1.5.15. ISO, ANSI . 113556 ANSI Microsoft, 1 - Active Directory, 5 Active Directory, 15 - Contact (). Microsoft Windows Server 2000 Resource Kit OIDGen, OID OID. , . Microsoft OID. . http://msdn.microsoft.com/certification/ad-registration.asp. 2-2 Active Directory Schema ( ActiveDirectory).
-
. 2-2.
. , . , Active Directory Users And Computers ( Active Directory), , . , , . , , . Directory Services ( ) Platform SDK http:// msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/extending_the_user_interface_for_directory_objects.asp.
, , . . , () . Windows Server 2003 , , . , . , , .. Category 2. Category 1 . , , . , . Category 2, isDefunct true (). , ADSI Edit ( ADSI) Active Directory Schema ( Active Directory). 2-3 , EmployeeStartDate, , . , . , , . , , . isDefunt false (). . / .
-
. 2-3. Active Directory Schema ( Active Directory)
Active Directory Active Directory , , Active Directory. , , . Active Directory :
; ; ; ; ; .
, , . 5 , (, ) . (, ) .
Active Directory , Active Directory . , . Active Directory (NC -naming contexts). Ldp.exe ADSI Edit (. 2-4).
-
. 2-4. Active Directory ADSI Edit
. , , : , Active Directory Users And Computers ( Active Directory). . , , .
, , , . . Exchange Server 2000, Microsoft Internet Security And Acceleration (ISA)Server ActiveDirectory, . ISA- , , ISA Active Directory. ISA-, , Active Directory. . , . , . , .
. , , Active Directory, . . , , . - , .
-
GC . , . GC GC-, . isMemberOf Partial Attributes et. true (), GC.
Active Directory Windows Server 2003 - . Active Directory , (DNS -Domain Name System). (integrated) Active Directory ForestDnsZones DomainDnsZones. Active Directory, . , , GC. , . , . , . , . , , . ActiveDirectory. , DNS- Contoso.com -dc=Configuration, dc=Contoso, dc=com. AppPartitionl Contoso.com, DNS- dc=AppPartitionl, dc=Contoso, dc=com. , , , . , AppPartitionl. , dc=AppPartition2, dc=AppPartitionl, dc=Contoso, dc=com. DNS-, . Contoso.com, DNS- dc=AppPartition, , .. DNS- . LDAP-, . LDAP, , . . Active Directory . DomainAdmins ( ) . , . , . Domain Admins , , . , . , . , , , . , ,
-
.. , . . Ntdsutil, . Windows Server 2003 Help And Support Center ( Windows Server2003). , , , Using application directory partitions msdn.microsoft.com. , , . Active Directory . . 4.
Active Directory. Active Directory , Windows Server 2003, . , - . , , ( ). Active Directory . , . Active Directory. , Contoso Contoso.com. (dedicated) (non-dedicated) . , , -, Active Directory. () . , , , Administrator() Domain Admins ( ). - , . - . 5. (peers) , . , . 2-5 , .
Contoso,com Fabrikam.com
. 2-5. Active Directory, , , , . Active Directory . , Contoso Contoso.com, NAmerica.Contoso.com Contoso, . , , , Sales.NAmerica.Contoso.com. 2-6 -- Contoso.
-
Sales.NAmerica.Contoso.com . 2-6.-
Contoso
, Active Directory , Active Directory . , . , , . , . ,
, . . DNS, . 3. , (forest root domain), . Contoso, Contoso.com, , , , Fabrikam.com. , Fabrikam, Fabrikam. 2-7 Contoso .
SaJes.NAmerica.Contoso.com
Sales. Europe.Fabrikam.. com .2-7. Contoso
-
. Active Directory. . :
. . , .
. , . , Active Directory (Echange Server 2000 ISA).
GC. . , UPN.
. (security groups). , . Schema Admins , , Enterprise Admins( ) , , . Enterprise Admins Administrators () .
. , . .
2-8 Contoso.
. , (, ) . , , Active Directory. , , . , :
; ; ;
-
.
. , , NAmerica.Contoso.com Contoso.com, NAmerica.Contoso.com Contoso.com. NAmerica.Contoso.com Contoso.com, . , Contoso.com - ( ), NAmerica.Contoso.com. - , (tree root). -- NAmerica.Contoso.com Contoso.com. - , , Contoso.com Fabrikam.com. . , . Contoso.com NAmerica.Contoso.com Europe.Contoso.com Contoso.com, , Europe.Contoso.com NAmerica.Contoso.com. NAmerica. Contoso.com , Europe.Contoso.com, . . NAmerica.Contoso.com Contoso.com, Contoso.com Fabrikam.com. NAmerica.Contoso.com Fabrikam.com .
, , . , , . - , . (shortcut trusts). , , . Contoso, 2-9.
Sales. Euro pe. Contoso. com Research. NAmerica.Con toso.com. 2-9. Contoso
-
Sales.Europe.Contoso.com Research.NAmerica.Contoso.com, Sales.Europe.Contoso.com , , . , . , Sales.Europe.Contoso.com Research.NAmerica.Contoso.com , . 2-10 . , , .( , ).
Windows Server 2003. . , , . , , UPN.
. , Forest 1 Forest2, Forest2 Forest3, Forestl Forest3.
, . , GC, . , .
. , .
2-11 Contoso.
-
Conlo50.com NWTrades.comV, HWTradersEu rope.Contoso.com N Ann e rica. Contoso.com Contoso
. 2-11. Contoso Contoso.com NWTraders.com,
(RealmTrusts). Windows Server 2003 Windows- Kerberos v5. Kerberos , - , Kerberos. Kerberos--, Kerberos v5. , .
Active Directory, , . , , , . , . Active Directory. Active Directory . , , . (IP), (LAN) (WAN), WAN-. , , . Windows Server 2003 .
. , , GC-. , , . , . , . ( 4 .)
-
. Windows Server 2003 , Windows 2000 Microsoft Windows XP Professional, , , . 3 , (SRV), . , DNS-. , . Windows 2000 native () Windows Server 2003, GC . GC-, . ( . 3.)
. , Windows NT 4 SP6a, Active Directory, Directory Services Client ( ), http://www.microsoft.com/ windows2000/server/evaluation/news/bulletins/ adextension.asp. , Windows 95 Windows 98, Directory Services Client - Windows Server 2000.
, . , , , . , (DFS -Distributed File System), . DFS , , DFS- , WAN-, .
Windows Server 2003 . ActiveDirectory Windows Server 2003, , Default First Site Name ( ), , . , IP. , Windows Server 2003, , , IP- . Active DirectorySites And Services (Active Directory: ). , . , , . , , - .. IP-, , Default First SiteName. , Windows Server 2003, . , Active Directory. , . 2-12 , Seattle : Contoso.com NAmerica.Contoso.com. NWTraders.com .
-
. . 3 DNS . 4 , . 5 Active Directory.
Active Directory Windows Server 2003 , . Active Directory, , , , , . (OU - Organizational Unit) , Active Directory. OU , , Active Directory. OU . . . . 2-13 OU Contoso.
Contoso.com
DenverOU
! __R&DOU ProductOU MarketingOU
OesiijnOUManufacturingQU. 2-13.
OU , : ; ;
SeattfeOU CalgaryOU
SalesOU
ProductOU___ I ___
-
; inetOrgPerson; ; ; ; .
. .
., OU. , , (, ). , , OU. OU. Windows Properties () . OU (ACL Access Control List), OU. OU ACL-. , , - ., Help Desk () OU, . HumanResources ( ) , OU, .
OU , . (, , ), OU Logon Locally ( ) OU. OU. , . OU, (group policy) . OU . Group PolicyObject Editor ( ) , . , , , . 2-3 , Group Policy Object Editor.
-
. 2-3.
Administrative ,templates , ( ) ,
, .
Security () ,
, , .
Software installation ( . ) Scripts () ,
, .
Folder redirection ( .) My Documents ( )
, , , .
OU. , (GPO Group PolicyObject), , , OU. . . , OU . OU . .
ActiveDirectory Windows Server 2003. , , . - Active Directory . Active Directory.
-
3. Active Directory Active Directory Microsoft Windows Server 2003 (DNS). DNS , Microsoft Windows2000 Microsoft Windows XP Professional , , Microsoft Exchange Server 2000, . , DNS , Windows Server 2003 . , Active Directory DNS Windows Server 2003. DNS . , Active Directory DNS, . DNS Windows Server 2003, Standard Edition; Windows Server 2003, EnterpriseEdition; Windows Server 2003, Datacenter Edition. Windows Server 2003 , Active Directory.. Windows Server 2003, Web Edition Active Directory.
DNSDNS . , , , , www.microsoft.com, IP-, 207.46.230.219. Web- Microsoft IP-. DNS . , , a DNS IP-.. Active Directory, DNS , . DNS, , - Microsoft http://msdn.microsoft.com/ library/en-us /dns/dns_concepts. asp.
DNS . 3-1 . (.). DNS, . , (generic) (com, edu, mil, net, org), (, uk, fr, br), (biz, info, pro ..), 2001 .
. 3-1. DNS
-
, . . . DNS-, . (FQDN Fully Qualified Domain Name), ,www.NAmerica.Contoso.com. FQDN - , DNS. , FQDN DNS, . (.), , . com , Contoso NAmerica. FQDN www - .
DNS , . , , , . , . DNS, . , DNS ( ) ( ). DNS- DNS. . . , , . DNS-cep-, . , , .DNS-, , , . , , .. , , . , , , DNS. , com, Contoso, . Contoso , Contoso.com. , DNS. , , , , DNS- . DNS- , (forwarders) , DNS- . .
DNS , IP- . (. . 3-1), , DNS ( ), - , -, www.NAmerica.Contoso.com. IP- .
1. - IP- DNS- ( DNS-
-
). : IP-, , , , .
2. DNS- , IP- . , , . , , DNS-, . DNS- IP-, www.NAmerica.Contoso.com.
3. , , . DNS- (referral). DNS- - IP-.
4. , Contoso.com. DNS- DNS- Contoso.com, DNS-, NAmerica.Contoso.com.
5. DNS- NAmerica.Contoso.com , DNS- IP- .
6. DNS- , -, IP- Web-.
7. www.NAmerica.Contoso.com.8. . DNS-
, . - DNS- , .
9. , DNS, (RR Resource Records). . DNS- Windows Server 2003. 3-1.
. 3-1. Windows Server2003
Start of Authority (SOA) - , , , (TTL Time to Live) (. . 3-2).Host (A) - IP-
. , DNS-cep- .
Mail Exchanger (MX) - - . -
. Name Server (NX)- . Pointer (PTR) - , IP-.
.
-
Canonical Name (CNAME) - . , Service Locator (SRV) IP-.- ,
. Active Directory SRV .
. 3-2. SOA Contoso.com
. 3-2 SOA DNS. DNS . , Webl.Contoso.com Webl.Contoso.com IN A192.168.1.100.
DNS-, DNS , DNS.
, , . , , DNS, . , Contoso.com. , DNS, .. . DNS- , DNS DNS-. DNS. DNS. DNS: . IP-. (). SOA NS, MX, CNAME SRV. , - DNS-, IP- . . , IP- , . SOA NS, - PTR. PTR
-
, . . . 3-1. . , IP- , , . , , IP- . , 192.168.1.0, L168.192.in-addr.arpa. in-addr.arpa DNS . , . (150.38.0.0), 38.150.in-addr.arpa.
(Primary Name Server) , ( - primary zone). , DNS- , - . , , .
(Secondary Name Server) , . . DNS , .. DNS . Request forComment 1995 ( ) , (incremental zone transfers), , . Request for Comment1996. , , . , SOA .. DNS- Windows Server 2003 , . (integrated) Active Directory, Active Directory.
- , (caching-only). , , . , . , DNS . , DNS- , . DNS-, ( -1 ). , DNS- .. DNS- Windows Server 2003, , , (caching-only) . , .
DNS, (zones ofauthority) (authoritative) .
-
. , DNS- Contoso.com, . DNS-. DNS- , 3-3. DNS-, Contoso.com. DNS1 Webl.Contoso.com, a DNS2-cepBep . DNS1, IP- Webl. DNS2 IP- Webl, , . DNS2 Contoso.com, DNS1. , , .
. , DNS-, , - DNS DNS ( . 3-3). DNS1 , DNS2 - . DNS2
DNS- , DNS1 SRV- Active Directory. (Contoso.com), . DNS-. DNS-, , , - -, . DNS- , , , , . DNS. , www.Contoso.com, , -, -. DNS1. , -.
Web1 .Contoso.com www.Contoso.com. 3-3. DNS-
-
DNS , . , , , Contoso.com, corn- , Contoso.com. (delegation records). , . , 3-4 , DNSl.Contoso.com Contoso.com. DNS2 DNS3 NAmerica.Contoso.com. DNS1 NAmerica.Contoso.com, . DNS1 , DNS2 DNS3 . DNS1, NAmerica.Contoso.com, .
DNS . DNS , DNS-. DNS- , . , DNS- Contoso.com. , Fabrikam.com(. . 3-1), DNS- Contoso.com - .
. (forwarder) - DNS-, DNS-, . , Contoso.com Fabrikam.com. DNS- Contoso , , . . DNS-, . IP-
. , DNS- , . DNS- , DNS-, .
. 3-4.
-
3-5. DNS- DNS-, -. DNS- , ,
IP-.
'
DNS 1
3 . 3-5.
, DNS- , , . DNS- Windows Server 2003, , . - , . DNS- DNS, , . , , .. , DNS- , Cache.dns, DNS-. DNS- , DNS-, . DNS- Windows Server 2003 , . , . , DNS-cep- , . DNS-, . , Do Not Use Recursion For This Domain (He ) Forwarders () Properties() DNS-. DNS- - , .
-
, DNS- , . , .. DNS Windows Server 2003 . .
-
DNS DNS , . RFC 2136 DNS-. RFC 2136 , DNS- , . DNS (DDNS). DNS- Windows Server 2003 DNS. Windows 2000 Windows XP Professional, Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003,Standard Edition; Windows Server 2003, Enterprise Edition Windows Server 2003, Datacenter Edition DNS. Windows 2000 WindowsServer 2003 SRV- DNS-, . DNS- Windows Server 2003 (DHCP). DHCP- Windows Server 2003 DNS- , Microsoft Windows 95, Microsoft Windows 98, MicrosoftWindows Me Microsoft Windows NT. DNS . - , DNS, , , DNS, . DNS Windows Server 2003 . Active Directory. , DNS-. Authenticated Users( ) DNS. , ACL (ACL - Access Control List) DNS-. DNS , DNS. , Active Directory Windows Server 2003 SRV- , DNS-Windows Server 2003.
DNS Active Directory Windows Server 2003Active Directory DNS. , Windows 2000 Windows XP Professional . DNS , Active Directory, . ,Exchange Server 2000 Active Directory, , Exchange Server 2000, , Exchange Server 2000.. , Windows 95, Windows 98, Windows Me Windows NT DNS Windows Server 2003. NetBIOS, Windows (WINS - Windows Internet Naming Service) - NetBIOS IP-. Windows Server 2003 , NetBIOS WINS.
DNS Locator DNS Locator ( DNS) Active Directory, DNS , . , .. Windows NT NetBIOS. NetBIOS Domainname WINS. , , . , . SRV Windows Server 2003 ,
-
Windows 2000 Windows XP Professional. SRV Windows Server 2003.
DNS, ActiveDirectory , Active Directory (service locator) SRV. SRV - DNS-, RFC 2782, TCP/IP-. , Active Directory, , SRV (. . 3-2). _ldap._tcp.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com
. 3-2. SRV
_tcpcontoso.com
600
(TTL -Time toLive) IN SRV 0
, . _kerberos, _kpassword _gc., . TCP (UDP). , .
( ).
DNS- . SRV.
. SRV- , , . . SRV- , , .
389 , . dc2.contoso.co , ,
m .
, , (LDAP) Contoso.com, dc2.contoso.com. Windows Server 2003 SRV- DNS. , .
contoso.com. 600 IN A 192.168.1.201_ldap._tcp.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com._ldap._tcp.Default-First-Site-Name._sites.contoso.com. 600 IN SRV 0 100 389dc2.contoso.com._ldap._tcp.pdc._msdcs.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com._ldap._tcp.gc._msdcs.contoso.com. 600 IN SRVO 100 3268 dc2.contoso.com._ldap._tcp. Default-First-Site-Name._sites._gc._msdcs.contoso.com. 600 IN SRV 0
_ldap
100
-
100 3268 dc2.contoso.com._ldap._tcp.64c228cd-5f07-4606-b843-d4fd114264b7.domains._msdcs.contoso.com.600 IN SRV 0 100 389 dc2.contoso.com.gc._msdcs.contoso.com. 600 IN A 192.168.1.201175170ad-0263-439f-bb4c-89eacc410ab1._msdcs.contoso.com. 600 IN CNAMEdc2.contoso.com._kerberos._tcp.dc._msdcs.contoso.com. 600 IN SRVO 100 88 dc2.contoso.com._kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.contoso.com. 600 INSRV 0 100 88 dc2.contoso.com._ldap._tcp.dc._msdcs.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com._ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.contoso.com. 600 IN SRV 0100 389 dc2.contoso.com._kerberos._tcp.contoso.com. 600 IN SRV 0 100 88 dc2.contoso.com._kerberos._tcp.Default-First-Site-Name._sites.contoso.com. 600 IN SRV 0 100 88dc2.contoso.com._gc._tcp.contoso.com. 600 IN SRV 0 100 3268 dc2.contoso.com._gc._tcp.Default-First-Site-Name._sites.contoso.com. 600 IN SRVO 100 3268dl2.contoso.com._kerberos._udp.contoso.com. 600 IN SRV 0 100 88 dc2.contoso.com._kpasswd._tcp.contoso.com. 600 IN SRV 0 100 464 dc2.contoso.com._kpasswd._udp.contoso.com. 600 IN SRV 0 100 464 dc2.contoso.com.DomainDnsZones.contoso.com. 600 IN A 192.168.1.201_ldap._tcp.DomainDnsZones.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com._ldap._lcp.Default-First-Site-Name._sites.DomainDnsZones.contoso.com. 600 INSRV 0 100 389 dc2.contoso.com.ForestDnsZones.contoso.com. 600 IN A 192.168.1.201_ldap._tcp.ForestDnsZones.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com._ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.contoso.com. 600 INSRV 0 100 389 dc2.contoso.com.
. Windows Server 2003, Netlogon.dns, %systemroot%\system32\config. DNS-, DNS. SRV- , SRV. :
_ldap Active Directory , LDAP-, , LDAP-. _ldap SRV LDAP , . Windows Server 2003 LDAP-;
_kerberos - Windows 2000 Windows XP Professional. SRV- _kerberos (KDC - Key Distribution Centers) . Windows Server 2003 KDC-;
_kpassword kerberos ( Windows Server 2003 kerberos);
_gc - , ActiveDirectory. ActiveDirectory.
SRV- , 3-2. Active Directory IP-, . , , , . , , . , , , . SRV- _msdcs, . , SRV, , Microsoft. , LDAP kerberos-cep- , Microsoft. SRV DNS. Windows Server 2003 (generic)
-
(, _ldap._tcp.contoso.com), , _msdcs. , Microsoft, .. Windows Server 2003 Windows 2000. : gc ( ), dc ( ) pdc ( ). (GUID -globally unique identifier) . GUID .. , - ForestDnsZones DomainDnsZones. .
Active Directory , Windows Server 2003, ( ) , . , , Windows 2000 Windows XP Professional, . , .
1. (RPC) , . RPC-, , , , Net Logon ( ).
2. (domain locator), API- DsGetDcName (), , 3-3.
. 3-3. DsGetDcName DsGetDcName DNS
DS_PDC_REQUIRED _ldap._tcp.pdc._msdcs.domainnameDS_GC_SERVER_REQUIRED _ldap._tcp.sitename._sites.gc.
_msdcs.Forestrootdomainname
DS_KDC_REQUIRED _kdc._tcp.sitename._sites.dc._msdcs.domainname
DS_ONLY_LDAP_NEEDED _ldap._tcp.sitename._sites._msdcs.domainname
. DsGetDcName sitename. , DS_PDC_REQUIRED, , . DNS- , . , DS_KDC_REQUIRED , _kdc._tcp.dc._msdcs.forestrootdomain. , , DNS. DomainGUID DsGetDcName (). _ldap._tcp.domainGUID.domains._msdcs.forestname. , .
3. DNS , . LDAP , UDP- 389 , . 0,1 , , . , .
4. , , , . , .
, , Active Directory, .
-
, Active Directory, . , , , . , ? -, Active Directory, . IP-, , . Active Directory, IP- IP- . , . . (, ), . DNS- , . IP- , , . . , Active Directory, .
Active Directory DNS Windows Server2003 (integrated zones) Active Directory. Active Directory .
DNS-, Active Directory. .
Active Directory. Active Directory, Active Directory. , , . , . Active Directory DNS.
DNS- . Active Directory DNS . , , . Active Directory DNS- , . DNS.
. Active Directory, , . , , Active Directory. Active Directory DNS Windows Server 2003, .. Active Directory ., , . DNS- , DNS , Windows Server 2003, DNS.
-
ActiveDirectory. Active Directory, DNS Active Directory(. . 3-6). Microsoft (MMC -Microsoft ManagementConsole) , Active Directory Users And Computers ( Active Directory) . Active Directory UsersAnd Computers ( Active Directory) View (), Advanced Features ( ). , System (), - Microsof tDNS. Active Directory .
. DNS
DNSWindows Server2003
, , ,
Active Directory
Windows 2000 Advanced Server. ; , (dedicated) (. . 3-7). .
3ontoso.com Fabticam.com TaiispinToys.com WingtipToys.cor. 3-7. Active Directory
, . , . , - Contoso.com Fabrikam.com, DNS- Contoso.
. 3-6. Active Directory
-
Fabrikam, , . DNS- Contoso DNS- Fabrikam, . TailspinToys.com . DNS Windows 2000 (. ), .
DNS .
DNS DNS-- , DNS , DNS . , DNS , .
. Windows Server 2003 . , (stub zones) .
DNS DNS, , Windows 2000. Windows Server 2003 , , DNS. (. ) DNS , Windows Server 2003.
(conditional forwarding) . Windows Server 2003 , . - , , . , . : DNS-cep- DNS, ., , , . . . , . , . , DNS . Windows Server 2003 DNS , DNS . DNS , , . , Contoso.com Fabrikam.com, DNS- Contoso.com. DNS- , , , . , . Fabrikam.com, DNS- Contoso.com DNS. Fabrikam.com, DNS Contoso.com, , -
-
, .. , DNS- , . DNS- , . Properties () DNS (. . 3-8). . DNS , DNS- DNS- . -, Forwarders (), DNS- , DNS-. , , , DNS, All Other DNS Domains ( DNS).
DNS- . -, , Fabrikam.com Europe.Fabrikam.com, Webl.Europe.Fabrikam.com, DNS- DNS- Europe.Fabrikam.com.
(stub zones) - DNS Windows Server 2003. . . IP- .
, , . , SOA, NS () , . . DNS- , . . DNS- . , , .. (. . 3-9). NAmerica.Contoso.com IP- SAmerica.Contoso.com DNS NAmerica. Contoso.com , .
. 3-8.
-
, . DNS Contoso.com , DNS- NAmerica. Contoso.com . IP- SAmerica.Contoso.com NAmerica. Contoso.com. NAmerica.Contoso.com DNS SAmerica. Contoso.com IP-, . , DNS- NAmerica. Contoso.com DNS . , SAmerica.Contoso.com. , , SAmerica. Contoso.com. . , . , . DNS . - DNS , DNS- , .
. , IP- . ,, ,
. , . Contoso.com, NAmerica.Contoso.com DNS Contoso.com. Contoso.com, . , . DNS Contoso.com , , . , New Zone Wizard ( ) DNS. Forward LookupZones ( ) Reverse Lookup Zones ( )) New Zone ( ). (. . 3-10).
NAmerica.Contoso.com SAmerica.Contoso.com. 3-9. DNS
-
. 3-10.
DNS, , .DNS Active Directory Windows Server 2003 DNS . DNS, , Active Directory . DomainDnsZones ForestDnsZones. ( Active Directory, ADSI Edit Ldp.exe; ADSI Edit 3-11.) . DomainDnsZones DNS, . ForestDnsZones DNS, . DNS , .. . DNS (. . 3-12) Zone Properties ( ) DNS. DNS.
All DNS Servers In The Active Directory Forest domainname (Ha DNS Active Directory). ForestDnsZones, DNS . _msdcs Active Directory.
. 3-11. DNS ADSI Edit
All DNS Servers In The Active Directory Domain domainname (Ha DNS Active Directory). DomamDnsZones, DNS, . , Active Directory, . All Domain Controllers In The Active Directory Domain domainname ( Active Directory).
-
, . ,
, DomamDnsZones , DNS.
All Domain Controllers Specified In The Scope Of The Following Application DirectoryPartition (
). , .
DNS , .
. DNS , DNS .
DNS , , .
DNS DNSCMD. DNS DNS Create Default Application Directory Partitions
( ). DNSCMD dnscmd DN S
servername/CreateBuiltin-DirectoryPartitions /forest. ForestDnsZones. DomainDnsZones, /domain
. Active Directory, Enterprise Admins
( ).. 3-12. DNS
. , DNS, DomainDnsZones , DNS. _msdcs , Active Directory , ForestDnsZones.
.
DNS Windows Server 2003. Windows Server 2003. DNS. , DNS , DNS Active Directory. , Active Directory SRV DNS, . , DNS Windows Server 2003.
-
4. Active Directory , Active Directory Microsoft Windows Server 2003, . . (WAN). , - . , , . , . , , . ActiveDirectory , . Active Directory. , , , .
Active Directory 2 , Active Directory . . , , . , . , , . , Active Directory. , MicrosoftWindows NT, Active Directory . Windows NT (PDC Primary Domain Controller) , . , (BDC Backup Domain Controllers). , . (, ) PDC, , . PDC , , , PDC. , PDC . , , BDC- PDC. ActiveDirectory , .. , PDC . , . , , . , . . 2 , Active Directory , . , . , Active Directory, , . ,
-
, , . , , . , .. , , . (store and forward). , , . , , , WAN-. . , , . , , , .
Active Directory WindowsServer 2003 Active Directory Windows Server 2003, , , Microsoft Windows 2000, .
, . Windows 2000 . . . , , . Active Directory Windows Server 2003 , , , .
, 5000 . Windows 2000 5000 - , . 5000 . , . Active Directory Windows Server 2003 , , .
. , (interim) Windows Server 2003. Windows Server 2003 , Windows Server 2003. Windows Server 2003 , , Windows Server 2003 Windows NT. . . 7.
. Active Directory Windows 2000, ActiveDirectory Windows Server 2003. . ActiveDirectory Windows Server 2003 .
. , . Active Directory Windows Server 2003 , . , - (bridgehead server) , , - , . , .
. , ADSI Edit Options () - (site link object) - (connection object).
-
, Options () ; , .
. Windows 2000 100 . , (Knowledge Consistency Checker ), . Active Directory Windows Server 2003 .
Active Directory , . , , . , . .. Microsoft Exchange Server 5.5 , . Active Directory Exchange Server 5.5.
,.. , . .
, ActiveDirectory. 15 , , . 3 , . 15 , . Windows 2000 Windows Server 2003 ( Resource Kits ). Windows Server 2003 , ADSI Edit.
. , . . .
, -. - , . (RPC). - , . , .
. ; .
. - Active Directory Sites AndServices ( Active Directory), (,
-
) ( Resource Kits ) Partition (), Windows Server 2003. .
, , - . .
, , . , , . , . , , . , , , .
10 - 15 , 32 . ,- .
. .
, , (IP) (SMTP). , , , .
, -. - ( ) , - . - .
, .
. Active Directory , , . , , , 5.
Active Directory Windows Server 2003 , , , . (replicationlatency). , . , , , 15 . 15 , . 15- , , , . , 45 . . , . ,
-
, -, - . - -, , , . 3 . , 3 . - , . . , 15 ( ). . , , 45 . WAN- , , .
, , , . Active Directory (urgent replication), . , , . , . .
. . (RID)
. (LSA - Local Security Authority),
, . . . . , PDC-. - . , , RPC- PDC--. PDC- . , , , , PDC-, , .
Active Directory . Active Directory. , , , .
(Knowledge ConsistencyChecker) (Knowledge Consistency Checker) , , . Active Directory ,
-
, , . , , . , . , , . 15 . ActiveDirectory Sites And Services ( Active Directory). , , NTDS Settings( NTDS) , All Tasks ( ), Check Replication Topology ( ).
(connection object), Active Directory. , . , , . , . pull () , pull-, - - . , .. Replication Monitor ( ) push () . pull-. ( , .) , , , . , , , . , , , . , . : , , .
, - , - . , , . , , 15 . ( 4-1.) , () (GUID). .
-
. 4-1.
, . , . . , . , . , , .
ActiveDirectory. (spanning tree), . , , , . , , . , . spanning tree . , . . Active Directory . , Active Directory . , , . , Active Directory . ActiveDirectory, KCC . . 4-2 .
-
. 4-2.
(. . 4-2), . , . , - . . -. , (hop). , . , 4-3 . , , , .
. , ., ,
. , 4-4. (. . 4-4) , . 4-1.
. 4-1. ,
, .
DCl.Contoso.com, DC2.Contoso.com,DC3.Contoso.com, DC4.Contoso.com.
. 4-3. ,
Contoso.com
-
DC5.Fabrikam.com, DC6.Fabrikam.com.
DCl.Contoso.com,DC4.Contoso.com,
DC5.Fabrikam.com. DC2.Contoso.com, DC6. Fabrikam.com.1.AppPartitionl
.
. 4-4. ,
. DNS (ForestDnsZones DomainDnsZones) . , 4-4 . 3 , , . 4-4 GC. GC . Replication Monitor( ). , - Windows Server 2003. , Suptools.msi Support\Tools- Windows Server 2003. , Run() replmon. 4-5 , .
Fabrikam.com (GC)
-
. 4-5.
- , , . , . , , . 4-5 DCl.Contoso.com DC4.Fabrikam.com. . , . Show ReplicationTopologies ( ). View (), ConnectionObjects Only ( ), Properties (). Inbound Replication Connections ( ) , , . 4-6, ( Fabrikam.com), . , , , .
-
. 4-6. ,
, . GC . , GC . GC , , isMemberOfPartialAttributesSet true (). , GC , GC. GC- GC- . 4-7 , ; . DCl.Contoso.com . GC- Contoso.com, GC- Contoso.com . Fabrikam.com , DCl.Contoso.com GC- Fabrikam.com DC2.Fabrikam.com. Fabrikam.com , DC2.Fabrikam.com DCl.Contoso.com. GC- DCl.Contoso.com.
4-8 GC . ,
GC-.DCl.Contoso.com
DC2.Contoso.com, DC4.Fabrikam.com DC6.NWTraders.com. DCl.Contoso.com. GC-
. 4-7.
-
. , GC GC .
, . , , - , . , . , , . , , . , , . , , , .
, , . (ISTG - Inter-Site Topology Generator) . ISTG- , ,
. ISTG . .
- (bridgehead server) , . - - . , .
- . -, .
ISTG , . ISTG , . , ISTG - . ISTG , -. -
. 4-8. GC-
-
- , . 4-9 , . . , , GC- . , , GC, . -, . - Contoso.com. - Fabrikam.com. , 4-9, DCl.Contoso.com DC6.Fabrikam.com GC-. , - GC- . , .. Active Directory. , . .
Active Directory.
. ,
, ,
, .
Active Directory, . - (originating update). , . - (replicated update). , , , . , , , ,
. 4-9.
-
. , Active Directory, . Active Directory :
Active Directory ; Active Directory ; .
, ;
Active Directory . , .
Active Directory . , , , .
, . , , 15 . , , . , . . Active Directory , . , , , . Active Directory (USN -update sequence number), (high-watermark value), (up-to-datenessvectors) (change stamps). .
, . (USN update sequence number) . , USN 5555, , , USN 5556. USN . (, , ), USN. USN . -, USN , . USN . -, USN uSNChanged . USN . . , , USN, 5556. USN, uSNChanged 5556. , , , USN uSNChanged 5557. USN 5556, USN . USN uSNChanged , . USN USN . ,
-
. , USN USN. , USN , . USN uSNChanged , USN , . USN , .
(high-watermark values) , . . - uSNChanged, . , uSNChanged . . . , - -. - - , uSNChanged.. .
(up-to-dateness vectors) , . , - . , DC1, USN, 5556. DC2, USN . , GUID DC1 . DC2 , , , , DC1, 5556. . - -, . - , -. , . , , , DC3, , DC1, DC2, DC3. DC3 DC2 , , , , DC1, USN 5556. 15 DC2 DC3, . DC3 DC2, . DC2 , DC3 DC1 USN. , , DC2 DC3 . , , . , - . , , , . , , . , ,
-
.
USN USN (update sequence number) , Windows Server 2003. USN , USN (time stamp) Repadmin. ( Repadmin .) repadmin/showmeta object distinguished name ( ) . uSNCreated uSNChanged ADSI Edit . Ldp.exe, , , Advanced (), Replication Metadata (-). USN (. . 4-10). , Show Attribute Meta-Data For Active Directory Object ( Active Directory). (credentials) Active Directory, . USN- . USN Active Directory Users AndComputers, Advanced Features ( ) View (), Object () Properties () . . , , - . , , , - , - .
. 4-10. - )
Replication Monitor (
, , (change stamp). , , . , . , ,
-
. . . ,
. , 1, . , 1. , .
. , . , , .
(Originating server). GUID , .
. , . , , . .
1. . . 3, - 4, 4.
2. . , .
3. GXJID . , GUID , . , , GUID. GUID , a GUID .
. , , . . -, . ( , , .) -, , , , , . , . , , Active Directory, . Active Directory , , . , .
, . , (OU) Accounting (). OU Accounting. , , Active Directory LostAndFound.
(relativedistinguished name) . , BDiaz OU Accounting, ,
-
, OU OU. , , , GUID, . , GUID, , GUID BDiaz#CNF:userGUID, (#) . , .
Active Directory , . , . - (tombstone). - , isDeleted true (), . , GUID, SID, USN , .- . , , , . - , - (tombstone lifetime). -, 60 , . - (garbage collection). , , 12 . 12 , -, . 1 , Active Directory Windows Server 2003 Active Directory. (lingering object) , , -. Repadmin. . - ADSI Edit Ldp.exe. CN=Directory Service,CN=WindowsNT,CN=Services,CN = Configuration, DC=ForestRootDomain. garbageCollPeriod tombstoneLifetime . .
Active Directory , , WAN-. , .
. , , - , . 5
. Active Directory,
. 2, Active Directory ,
. ActiveDirectory , ,
.
-
Active Directory, Default-First-Site-Name ( ). , . , . Active DirectorySites And Services ( Active Directory). , Sites (), New Site ( ). LinkName ( ) , . IP Active Directory. Subnets () Active Directory Sites And Services . , , GC-. , Servers () Move (). , . , , IP IP- . , .
Active Directory, , (SiteLinks). Active Directory DEFAULTIPSITELINK. , , . WAN- , . , . . - , . ISTG. ISTG. , ISTG , ActiveDirectory . .
(Cost) - , . , . , , .. . .
(Replication schedule) , . 24 . , .
(Replication interval) - , - - . 180 . . , 22:00 5:00 , - 3 .
(Replication transports). RPC IP, SMTP.
-
. . , .
, , , 4-11.
Active Directory Windows Server 2003 (transitive) . 4-11, Sitel Site2 Site4, a Site2
Site3 Site5. - , Sitel Site3 Site5.
, . , . ,
4-11, Sitel Site5: Site2, Site4. Site2 - 300 (100
+ 200), Site4 700 (500 + 200). , Site 2, .
,
., Site1 Site3 24:00 4:00( ) 60 (
Site2-Site3).. , - . , Sitel-Site2 2:00 6:00, Site2-Site3 22:00 1:00, Sitel Site3 . Sitel Site2, Site2 Site3. , , Site2 2:00, Site3 22:00.
(site link bridges). , , -. , , .. (-, , ). , ,
. 4-11.
-
, , . .
. 5 , .
, . , , ; , , . , , , Site1, Site2, Site4 Site5. , , - Sitel - Site5. Site2 Site3 , . Site3 Site2, . , Bridge All Site Links ( ) General () IP-Properties ( IP). IP Inter-Site Transports ( ) Active Directory Sites And Services. , , , .
Active Directory Windows Server 2003 . RPC IP .
RPC no IP. ,.. . RPC- (dynamic portmapping). RPC- RPC (RPCendpoint mapper port) (IP 135). , - .
. , , . , DWORD :HKEY_LO-CAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\ Parameters\TCP/IP Port. RPC no IP . RPC-
, , , .
. RPC IP Active Directory Sites And Services, , - . RPC no IP RPC, a RPC no IP IP. SMTP . SMTP
, . SMTP , .. . SMTP . -, SMTP , . SMTP , GC. , SMTP, SMTP (IIS) , SMTP . , Microsoft CertificateAuthority (MCA) ( ). SMTP, .
-
- , -. (ISTG - Inter-Site Topology Generator) - . , -, Replication Monitor( ). , , Show Bridgehead Servers ( -). -: , , . - Repadmin. repadmin/bridgeheads. , -. - , . - Active Directory Sites And Services, , Properties () (. .4-12). (preferred)- SMTP IP.
- , - , . , -, - , . , Contoso.com, Fabrikam.com, GC , , , . , ISTG ,
- . -, ISTG - . - ISTG -, .. , . - , ISTG -, , -. - , ISTG -,
. 4-12. -
-
-.. - , , . - , , .
, , Replication Monitor ( ). Suptools.msi Support\Tools - WindowsServer 2003. Replication Monitor, replmon. . Edit , . , Active Directory. , , ; ; . , . - Repadmin. Suptools.msi. , repadmin. Repadmin -, Replication Monitor, . Repadmin , . . Replication Monitor Repadmin, Help And Support Center ( ). Support Tasks ( ) Tools (), WindowsSupport Tools ( Windows). , , , . Help And Support Center. . -Event Viewer ( ). Directory Service ( ) , . , , , , . Performance() , , . , NTDS Performance. , , Active Directory.. Active Directory , , - DNS. DNS .
Active Directory Windows Server 2003 , . , . :
-
Active Directory , , , .
-
II. ActiveDirectory Windows Server 2003 I , Active Directory Microsoft Windows Server 2003. II Active Directory. Active Directory . , , (OU) , . 5 . Active Directory, . 6 , ActiveDirectory. , Active Directory Windows Server 2003, Microsoft Windows NT 4. Active Directory Windows Server 2003 Windows NT, 7.
5. ActiveDirectory Active Directory Microsoft Windows Server 2003 . Active Directory , . Active Directory . , . , , Active Directory Windows Server 2003. , , . , , , . . . , (OU) , .. Active Directory Windows Server 2003 Active Directory MicrosoftWindows 2000. Windows Server 2003 Windows2000, Active Directory . , Active Directory Windows 2000, Active Directory Microsoft Windows NT 4 .
, , - . - Active Directory , . , , . , , :
-
. . - ActiveDirectory Active Directory , . - , (IT), , . . , , . , , . , . , .
Active Directory Active Directory , . . . Active Directory, , . , . . (GC). GC
, .
. . , ActiveDirectory, , .
. . , .
. Microsoft Exchange Server 2000. Exchange Server 2000. Exchange Server 2000 , . (GAL - Global Address List) GC. Exchange Server 2000 . , . , . Active Directory , , , . .
. . , . , , . , , , , , , . , . .
-
. , . , , , Schema Admins( ). , , - Enterprise Admins ( ). Enterprise Admins Administrators() . . , Windows NT 4, .
. , .
. . , , , . , .
, , .
, , , - . , . - , . . , . . GC, , . Active Directory . , , ,, . , .
. , , . , .
. , - . .
. , , , .
, . .
. , , . ,
-
, .
. . , . . , , , , , , . , , . . , ,, . , - . , , , . , , , .
. . .
, . , , .
. - . GC- , , GC.
, , . . - , .
. - , . Active Directory , (, , ) ( , ..) , , OU. . , , Enterprise Admins( ) . , , , . , , .
-
Active Directory . , . OU OU. Active Directory . , . , Active Directory. Enterprise Admins Administrators . Domain Admins( ) Administrators . , , . , . , , . . , . (SID) , , Enterprise Admins, , , ., Directory Services Restore ( ), Active Directory , . , , , . , . , . , . . , . , , , . .
, . Domain Admins ( ), Administrators (), Server Operators( ) Backup Operators ( ). , , .
, .
, . , , . .
-
, , . , . Schema Admins ( ), Enterprise Admins( ) Domain Admins ( ) , , . , , ., Schema Admins , Schema Admins , . . , . , , , , , . . , .. , . , , .
. , . : (, , ). , . , , . , . , . , . , Active Directory. , Active Directory . , .
, . , , , . .
-
Active Directory . Active Directory.
. , Sysvol . ( , GC) , .
. . , , .
. . , , Kerberos, .
, . , . .
Active Directory Windows Server 2003 , Windows NT. - Windows NT Active Directory. , WindowsNT, Windows Server 2003. , Windows NT.
. Active Directory Active Directory , . , Active Directory, ActiveDirectory. Windows NT 4, Active Directory Windows Server 2003. Active Directory. , Active Directory, . , ActiveDirectory, . , , . , , . . Active Directory, Active Directory, ,
-
. , - . Active Directory: . , , , ,, . , , Active Directory . , , . , . , . OU
. Active Directory, . , , Active Directory . Windows NT , . Active Directory OU , . , , OU . . , . , . . Sysvol . , . . , .
, . .
. , , . ( ).
, . , .
, (SMTP), . , SMTP.
, Kerberos .
-
, . .
, .
. . . , ., , . - , .
, Active Directory , ( ). (dedicated root domain) -, . , , . 5-1. , , . - ActiveDirectory. ( Enterprise Admins Schema Admins) ( ). , , , , , . , , , .
, , . ,
. , .
.
. 5-1.
-
. , (generic) . , , . , , , . , . , . , . , . ,, Restricted Group ( ) Domain Security Policy ( ) . DNS , . - , DNS , .
, , DNS . , . - Windows NT, Windows Server 2003 . Windows NT, , , . . , . 5-2 , . Active Directory, . . Active Directory , Active Directory. , , Active Directory. . , Exchange Server 5.5. ExchangeServer 2000 Active Directory. , Exchange Server 5.5, , Exchange . 5-3 , Windows NT4.
-
:
^=2.
. 5-2. Windows NT
, . , . , , , . , , , , , , . , , , . , , , .
. , , .. .
, . 5-3. Windows NT 4 Active Directory Windows Server 2003
-
. , . , , , . . , GC . DNS DNS. (conditional forwarders) (stub zones) Windows Server 2003 . , , , , , (shortcut trusts) . . - Active Directory -, . - , . , , . , , , . , , 5-4. Asia.Fab-rikam.com Canada.NAmerica.Contoso.com Contoso.com, . NAmerica, Contoso, Fabrikam , , Asia. . , Canada Asia, Asia . . , . , , , .
-
. 5-4.
, . Windows Server 2003 , Windows Server 2003. , . , , . , , . - Active Directory (ADMT - Active Directory Migration Tool v.2) . ADMT /I386/ADMT - Windows Server 2003.
, Active Directory, . , .. , . , , . . .
. , Kerberos.
-
Group Policy ( ) . OU.
OU- . OU- OU OU.
. ( , ..), OU.
. , , . , .
DNS , DNS . Active DirectoryWindows Server 2003 DNS, DNS. , , Active Directory . DNS. DNS, , , DNS- Windows Server 2003 DNS.
DNS DNS DNS. DNS Active Directory DNS. DNS, DNS- Active Directory DNS WindowsServer 2003. Active Directory , DNS, , . DNS, .
DNS- , . , , .
, . .com, .net .org. .
DNS. DNS-, (DNS- Windows, BIND - Berkeley Internet Name Domain LucentVitalQIP). , DNS , .
DNS, Active Directory.
-
DNS , , , DNS , . , .
DNS , . DNS- . , 5-5 , Contoso Contoso.com , .
. 5-5. DNS. , , DNS . DNS- , , , ( DNS - DDNS). , , . , , SMTP, Web- . , DNS- . , . . SMTP (UPN) -. , , ( ). , DNS-. . DNS . DNS, DNS , . . , - , , , -.
-
.
., Contoso.com Contoso.net ADContoso.com (. . 5-6). . , , . , Contoso.com , Contoso.net, ADContoso.com AD.Contoso.com . AD.Contoso.com DNS, , .
. 5-6. , ,
, . , DNS . , DNS . , . , , , .
, DNS, DNS. DNS ( Windows NT), , Active Directory, . DNS , DNS . DNS , , , DNS. , (. . 5-7).
-
. 5-7. DNS DNS
. , , . , -, . ; , , , SMTP . , . , . , , . , Contoso Contoso.net Contoso.com . , . SMTP [email protected], - - Contoso.com. , UPN [email protected], .
-
5-7 , DNS . DNS-Contoso.com (authoritative) NAmerica.Contoso.com Europe.Contoso.com, Fabrikam.com. DNS- Fabrikam.com Contoso.com. , , , . DNS , DNS. . DNS Active Directory, ., Contoso Contoso.net , DNS- BIND DNS. Contoso.net Active Directory DNS ( , SRV- ). , DNS DNS-, Windows Server 2003. DNS-. DNS .. DNS . , DNS- DNS-. . , . , DNS- . DNS DNS- Active Directory. , Contoso Contoso.net DNS Active Directory, AD.Contoso.net (. . 5-8). DNS- AD.Contoso.net NAmerica.AD. Contoso.net Europe.AD.Contoso.net. DNS- DNS-, Contoso.net, DNS-. DNS- Active Directory, . DNS Active Directory . , Contoso AD.Contoso.net Active Directory (. . 5-9). DNS- Contoso.net AD.Contoso.net. DNS-AD.Contoso.net , DNS- Contoso.net. DNS, - , , DNS . , 5-10 , , , Contoso.net Fabrikam.net . Active Directory, , NWTraders.net. DNS- DNS .
-
. 5-8. DNS
-
. 5-9. DNS
DNS Active Directory. 5-10 AD.Contoso.net Active Directory NAmerica.AD.Contoso.net Europe.AD.Contoso.net AD.Fabrikam.net NWTraders.net, Active Directory.
-
. 5-10. DNS
DNS DNS. DNS UNIX DNS . DNS DNS- BIND, UNIX-. Windows NT NetBIOS Windows (WINS), DNS, Windows- DNS. ActiveDirectory Windows 2000 Windows Server 2003. 3 , WindowsServer 2003 DNS , . Active Directory DNS. DNS , Windows Server 2003. DNS Active Directory DNS. , BIND DNS. , DNS- Microsoft Active Directory DNS. , , . DNS - SRV. , , , DNS (, IP
-
DNS) (incremental) . BIND DNS, BIND 8.1.2 SRV . BIND 8.2.1 . BIND, DNS- BIND. ( DNS- Lucent VitalQIP, 5.2 BIND8.2.2.)
. DNS , DNS- Windows Server 2003 DNS- Microsoft, . DNS- BIND, DNS- , DNS Microsoft. , DNS Microsoft. : , DNS-. DNS- SRV, Active Directory Windows Server 2003 DNS. , DNS . , Active Directory. : DNS- , ActiveDirectory?. , , . , : DNS- ?. Windows Server 2003 , Active Directory. DNS- DNS. Active Directory .
DNS- BIND, - .
DNS DNS- Microsoft DNS- BIND .
, DNS- , , .
DNS Windows Server 2003 BIND DNS. DNS- BIND . , Contoso BIND
Contoso.com. Active Directory DNS- Windows Server 2003, .
Contoso Contoso.com DNS- Active Directory, DNS- Windows Server 2003 DNS BIND . DNS- Windows Server 2003
DNS- BIND.. DNS- BIND DNS- WindowsServer 2003 . DNS- , . Active Directory, DNS-BIND . ActiveDirectory . Contoso Active Directory, , , DNS- BIND. , Contoso.net DNS- Active Directory. DNS- Windows Server2003 Contoso.net, BIND -
-
Contoso.com. DNS- Windows Server 2003 DNS- BIND Contoso.com. Active Directory AD.Contoso.com . DNS- BIND Contoso.com , AD.Contoso.com DNS Windows Server2003. DNS Windows Server 2003 , DNS- BIND.. , DNS, DNS. DNS-, , : BIND WindowsServer 2003. DNS Windows Server 2003 DNS, DNS BIND Active Directory.
, OU . 2 , OU . .
Active Directory Windows NT , .. . , . OU Active Directory - . OU, . OU, . , . OU, (Group Policy), . , . , , OU, , OU . .
OU DNS. OU DNS. , OU=ManagersOU,OU=AdministrationOU,DC=Contoso, DC=Com. Contoso.com DNS--, LDAP- DNS OU.
. Group Policy ( ), OU, OU. .
0U . Active Directory, GC-. OU, Active Directory.
Active Directory, , OU . OU
-
Move () .
OU OU . .
. OU . , . , ., . OU . - OU. , OU, , . , OU . (IT). , -- . OU, 1-, .
OU, OU . , Windows NT Active Directory