- Shopping Bag ( 0 items )
Microsoft's MCSE (Microsoft Certified Systems Engineer) candidates in the Windows 2000 track are required to pass five core exams and two elective exams. These exams are designed to provide a valid and reliable measure of competency for experienced IT professionals working in the typically complex computing environment of medium to large organizations.MCSE in a Nutshell: The Windows 2000 Exams is a comprehensive study guide and detailed quick reference that covers the following ...
Microsoft's MCSE (Microsoft Certified Systems Engineer) candidates in the Windows 2000 track are required to pass five core exams and two elective exams. These exams are designed to provide a valid and reliable measure of competency for experienced IT professionals working in the typically complex computing environment of medium to large organizations.MCSE in a Nutshell: The Windows 2000 Exams is a comprehensive study guide and detailed quick reference that covers the following exams:
The responsibilities of the Microsoft Certified Systems Engineer include installing, configuring, and troubleshooting network systems. "MCSE in a Nutshell: The Windows 2000 Exams" bridges the gap between real-world experience and the MCSE Exam requirements; readers won't just learn enough to pass the exams--they'll actually learn the technologies.
Active Directory replaces the Windows NT domain model. It is designed to simplify access to network resources by providing network administrators with the ability to add, modify, and remove both users and resources from a single, hierarchical database. There are many new concepts to learn, but if you keep in mind that its two main functions are to keep track of all the available network resources and to provide access only to authorized users, you'll have no trouble getting up to speed with Active Directory.
Active Directory is stored on Windows 2000 domain controllers. Only Windows 2000 Servers can be Windows 2000 domain controllers. One major change between Windows NT and Windows 2000 is that there are no primary or backup domain controllers on a Windows 2000 network. All Windows 2000 domain controllers are equal and replicate the Active Directory database using a virtual ring topology.
The following terms relating to Microsoft Active Directory will be useful in understanding how Active Directory works. A solid understanding of the vocabulary will help make an abstract concept like Active Directory a lot easier to grasp:
After you have at least one Windows 2000 Server up and running, you can get started with Active Directory. You'll need to do a bit of planning first. The best way to get started is to take an inventory of all the hardware and map out the physical network connections.
If all the network administration tasks are handled from one location, this process can be relatively simple. If you are configuring an Active Directory that spans multiple physical locations across WAN links, it will get quite complex.
IN THE REAL WORLDWhen planning a network, you should always take a methodical approach and document everything you've done. There will come a day when another administrator will have to figure out what you've done after you've gone on to bigger and better things. Just remember . . . some day that other administrator will be you.
Every Windows 2000 domain and its Active Directory can consist of millions of objects. Instead of adding new domains for each location, you should consider breaking down a single large domain into Organizational Units (OU), which are covered in detail later in this chapter.
There are a few cases where multiple domains would be a better solution. If two locations have different Internet domain names, they'll probably want to keep their identities separate on the private portions of their networks, too.
If you have slow WAN connections between physical locations or very strict security requirements in a certain location, you probably want to use separate domains to reduce replication and authentication traffic across those links. Otherwise, keep it as simple as possible by using one domain.
Microsoft recommends that you register at least one domain name for your network from an official naming organization, like Network Solutions. You can choose to register a single domain name for use inside and outside a firewall, or you can register two separate domain names. There are advantages and disadvantages to both methods.
If you choose to use the same domain for the private portion of your network as you do for your Internet presence, you have to be very careful not to allow access to your private data from the public Internet. With the sheer number of security holes in all network operating systems, including Windows 2000, this can be a serious issue. Because of the additional security concerns, it is generally more complex to successfully manage a domain using this naming scheme.
If you choose to use a different domain name inside your network than you use for your Internet presence, it is much easier to figure out whether a resource is public or private. This makes the security a bit easier to manage.
If you've just finished installing Windows 2000 Server on the first computer in the domain and the Configure Your Server window is displayed, choose the Active Directory Installation Wizard. Otherwise, you can open the Configure Your Server window by choosing it from the Start Programs Administrative Tools menu.
When you begin the installation with the Active Directory Installation Wizard, you'll have the choice of creating a new domain controller for a new domain or adding a domain controller to an existing domain.
If you choose to create a new domain controller, you'll have the choice of either starting a new tree or joining an existing tree as a subdomain. Active Directory requires a DNS server to function properly. The Active Directory Installation Wizard allows you to make the current computer the DNS server during the installation process. Following is a description of the steps involved in running the wizard:
There are a couple of quick tests to be sure that Active Directory and DNS are working. Look for the new domain you created in My Network Places. If you see your domain name, you should be okay. You can also look for your domain using the Active Directory Users and Computers MMC snap-in...