9780735627116f

William Stanek’s Windows Server 2008 Administrator’s Pocket Consultant, Second Edition (ISBN: 9780735627116, 720 pages), updated for R2, is now available.

Get fast facts to:

  • Set up server roles and deploy Windows Server 2008
  • Configure and maintain Active Directory
  • Create user and group accounts; control rights and permissions
  • Manage file systems, drives, and RAID arrays
  • Configure TCP/IP networking and DHCP and DNS clients and servers
  • Troubleshoot printers and print servers
  • Monitor and tune network performance
  • Prepare a disaster plan; back up and restore servers

    In this post we’d like to share some excerpts from the book.  First, from its Introduction (and then from Chapter 7, “Using Active Directory”):

    Introduction
    Welcome to Windows Server 2008 Administrator’s Pocket Consultant, Second
    Edition. Over the years, I’ve written about many different server technologies
    and products, but the one product I like writing about the most is Windows Server.
    From top to bottom, Windows Server 2008 Release 2 (R2) is substantially different
    from earlier releases of Windows Server. For starters, many of the core components
    of Windows Server 2008 R2 are built off the same code base as Windows 7 rather
    than Windows Vista. This means that you can apply much of what you know about
    Windows 7 to Windows Server 2008 R2. That’s good news, but you still need to
    learn how Windows Server 2008 R2 is different from previous releases of Windows
    Server, and while some of these differences are small, others are very important.

    Because I’ve written many top-selling Windows Server books, I was able to
    bring a unique perspective to this book—the kind of perspective you gain only
    after working with technologies for many years. Long before there was a product
    called Windows Server 2008 Release 2, I was working with the beta product. From
    these early beginnings, the final version of Windows Server 2008 R2 evolved until it
    became the finished product that is available today.

    As you’ve probably noticed, a great deal of information about Windows Server
    2008 R2 is available on the Web and in other printed books. You can find tutorials,
    reference sites, discussion groups, and more to make using Windows Server 2008 R2
    easier. However, the advantage of reading this book is that much of the information
    you need to learn about Windows Server 2008 R2 is organized in one place and presented
    in a straightforward and orderly fashion. This book has everything you need
    to customize Windows Server 2008 R2 installations, master Windows Server 2008 R2
    configurations, and maintain Windows Server 2008 R2 servers.

    In this book, I teach you how features work, why they work the way they do,
    and how to customize them to meet your needs. I also offer specific examples of
    how certain features can meet your needs, and how you can use other features to
    troubleshoot and resolve issues you might have. In addition, this book provides
    tips, best practices, and examples of how to optimize Windows Server 2008 R2. This
    book won’t just teach you how to configure Windows Server 2008 R2, it will teach
    you how to squeeze every last bit of power out of it and make the most from the
    features and options it includes.

    Unlike many other books about administering Windows Server 2008 R2, this
    book doesn’t focus on a specific user level. This isn’t a lightweight beginner book.
    Regardless of whether you are a beginning administrator or a seasoned professional,
    many of the concepts in this book will be valuable to you, and you can apply them
    to your Windows Server 2008 R2 installations.

    Who Is This Book For?
    Windows Server 2008 Administrator’s Pocket Consultant, Second Edition covers the
    Foundation, Standard, Enterprise, Web, Datacenter, and Itanium-based editions of
    Windows Server 2008 R2. The book is designed for the following readers:

    • Current Windows system administrators
    • Accomplished users who have some administrator responsibilities
    • Administrators upgrading to Windows Server 2008 R2 from previous versions
    • Administrators transferring from other platforms

    To pack in as much information as possible, I had to assume that you have basic
    networking skills and a basic understanding of Windows Server. With this in mind,
    I don’t devote entire chapters to explaining Windows Server architecture, Windows
    Server startup and shutdown, or why you want to use Windows Server. I do, however,
    cover Windows server configuration, Group Policy, security, auditing, data
    backup, system recovery, and much more.

    I also assume that you are fairly familiar with Windows commands and procedures
    as well as the Windows user interface. If you need help learning Windows basics, you
    should read other resources (many of which are available from Microsoft Press).
    Note This book has been completely updated for Windows Server 2008 R2. If
    you are using Windows Server 2008 RTM, features and procedures will vary slightly.
    However, you can still use this book to help you with Windows Server 2008 RTM.

    How This Book Is Organized
    Rome wasn’t built in a day, and this book wasn’t intended to be read in a day, in
    a week, or even in a month. Ideally, you’ll read this book at your own pace, a little
    each day as you work your way through all the features Windows Server 2008 R2
    has to offer. This book is organized into 20 chapters. The chapters are arranged in a
    logical order, taking you from planning and deployment tasks to configuration and
    maintenance tasks.

    Speed and ease of reference are essential parts of this hands-on guide. This
    book has an expanded table of contents and an extensive index for finding answers
    to problems quickly. Many other quick reference features have been added to the
    book as well, including quick step-by-step procedures, lists, tables with fast facts,
    and extensive cross references.

    As with all Pocket Consultants, Windows Server 2008 Administrator’s Pocket
    Consultant, Second Edition is designed to be a concise and easy-to-use resource
    for managing Windows servers. This is the readable resource guide that you’ll want
    on your desktop at all times. The book covers everything you need to perform the
    core administrative tasks for Windows servers. Because the focus is on giving you
    maximum value in a pocket-size guide, you don’t have to wade through hundreds of
    pages of extraneous information to find what you’re looking for. Instead, you’ll find
    exactly what you need to get the job done, and you’ll find it quickly.

    In short, the book is designed to be the one resource you turn to whenever
    you have questions regarding Windows Server administration. To this end, the
    book zeroes in on daily administration procedures, frequently performed tasks,
    documented examples, and options that are representative while not necessarily
    inclusive. One of my goals is to keep the content so concise that the book remains
    compact and easy to navigate while at the same time ensuring that it is packed with
    as much information as possible. This means you get a valuable resource guide that
    can help you quickly and easily perform common tasks, solve problems, and implement
    advanced Windows technologies.

    And here’s the excerpt from Chapter 7:

    Chapter 7
    Using Active Directory

    • Introducing Active Directory 211
    • Working with Domain Structures 215
    • Working with Active Directory Domains 221
    • Understanding the Directory Structure 227
    • Using the Active Directory Recycle Bin 233

    Active Directory Domain Services (AD DS) is an extensible and scalable directory
    service that you can use to efficiently manage network resources. As an
    administrator, you need to be deeply familiar with how Active Directory technology
    works, and that’s exactly what this chapter is about. If you haven’t worked
    with Active Directory technology before, you’ll notice immediately that the
    technology is fairly advanced and has many features. To help manage this complex
    technology, I’ll start with an overview of Active Directory and then explore its
    components.

    Introducing Active Directory
    Since Windows 2000, Active Directory has been the heart of Windows-based
    domains. Just about every administrative task you perform affects Active Directory
    in some way. Active Directory technology is based on standard Internet protocols
    and is designed to help you clearly define your network’s structure.

    Active Directory and DNS
    Active Directory uses Domain Name System (DNS). DNS is a standard Internet
    service that organizes groups of computers into domains. DNS domains are
    organized into a hierarchical structure. The DNS domain hierarchy is defined
    on an Internet-wide basis, and the different levels within the hierarchy identify
    computers, organizational domains, and top-level domains. DNS is also used to
    map host names, such as zeta.microsoft.com, to numeric TCP/IP addresses, such
    as 192.168.19.2. Through DNS, an Active Directory domain hierarchy can also be
    defined on an Internet-wide basis, or the domain hierarchy can be separate from the
    Internet and private.

    When you refer to computer resources in a DNS domain, you use a fully qualified
    domain name (FQDN), such as zeta.microsoft.com. Here, zeta represents the name
    of an individual computer, microsoft represents the organizational domain, and com
    is the top-level domain. Top-level domains (TLDs) are at the base of the DNS hierarchy.
    TLDs are organized geographically by using two-letter country codes, such as
    CA for Canada; by organization type, such as com for commercial organizations; and
    by function, such as mil for U.S. military installations.

    Normal domains, such as microsoft.com, are also referred to as parent domains
    because they’re the parents of an organizational structure. You can divide parent
    domains into subdomains, which you can then use for different offices, divisions,
    or geographic locations. For example, the FQDN for a computer at Microsoft’s
    Seattle office could be designated as jacob.seattle.microsoft.com. Here, jacob is the
    computer name, seattle is the subdomain, and microsoft.com is the parent domain.
    Another term for a subdomain is a child domain.

    DNS is an integral part of Active Directory technology—so much so that you
    must configure DNS on the network before you can install Active Directory. Working
    with DNS is covered in Chapter 20, “Optimizing DNS.”

    With Windows Server 2008 R2, you install Active Directory in a two-part process.
    First you use the Add Roles Wizard to add the Active Directory Domain Services role
    to the server. Then you run the Active Directory Installation Wizard (click Start, type
    dcpromo in the Search field, and then press Enter). If DNS isn’t already installed, you
    are prompted to install it. If no domain exists, the wizard helps you create a domain
    and configure Active Directory in the new domain. The wizard can also help you add
    child domains to existing domain structures. To verify that a domain controller is
    installed correctly, you can:

    • Check the Directory Service event log for errors.
    • Ensure that the SYSVOL folder is accessible to clients.
    • Verify that name resolution is working through DNS.
    • Verify the replication of changes to Active Directory.

    Note In the rest of this chapter, I’ll use the terms directory and domains to refer to
    Active Directory and Active Directory domains, respectively, except when I need to
    distinguish Active Directory structures from DNS or other types of directories.

    Read-Only Domain Controller Deployment
    As discussed in Chapter 1, “Windows Server 2008 R2 Administration Overview,”
    domain controllers running Windows Server 2008 R2 can be configured as readonly
    domain controllers (RODCs). When you install the DNS Server service on an
    RODC, the RODC can act as a read-only DNS (RODNS) server. In this configuration,
    the following conditions are true:

    • The RODC replicates the application directory partitions that DNS uses,
      including the ForestDNSZones and DomainDNSZones partitions. Clients can
      query an RODNS server for name resolution. However, the RODNS server
      does not support client updates directly because the RODNS server does not
      register resource records for any Active Directory–integrated zone that it
      hosts.
    • When a client attempts to update its DNS records, the server returns a referral.
      The client can then attempt to update against the DNS server that is
      provided in the referral. Through replication in the background, the RODNS
      server then attempts to retrieve the updated record from the DNS server
      that made the update. This replication request is only for the changed DNS
      record. The entire list of data changed in the zone or domain is not replicated
      during this special request.

    The first Windows Server 2008 R2 domain controller installed in a forest or
    domain cannot be an RODC. However, you can configure subsequent domain controllers
    as read-only. For planning purposes, keep the following in mind:

    • Prior to adding AD DS to a server that is running Windows Server 2008 R2 in
      a Windows Server 2003 or Windows 2000 Server forest, you must update the
      schema on the schema operations master in the forest by running adprep
      /forestprep.
    • Prior to adding AD DS to a server that is running Windows Server 2008 R2 in
      a Windows Server 2003 or Windows 2000 Server domain, you must update
      the infrastructure master in the domain by running adprep /domainprep
      /gpprep.
    • Prior to installing AD DS to create your first RODC in a forest, you must prepare
      the forest by running adprep /rodcprep.

    New Active Directory Features
    Active Directory Domain Service in Windows Server 2008 R2 has many new features
    that give administrators additional options for implementing and managing Active
    Directory. When you are using Windows Server 2008 R2 and have deployed the
    operating system on all domain controllers throughout the domains in your Active
    Directory forest, your domains can operate at the Windows Server 2008 R2 domain
    functional level, and the forest can operate at the Windows Server 2008 R2 forest
    functional level. These operating levels allow you to take advantage of Active Directory
    enhancements that improve manageability, performance, and supportability,
    including the following:

    • Active Directory Recycle Bin Allows administrators to undo the accidental
      deletion of Active Directory objects in much the same way as they can
      recover deleted files from the Windows Recycle Bin. For more information,
      see “Using the Active Directory Recycle Bin” later in this chapter.
    • Managed service accounts Introduces a special type of domain user
      account for managed services that reduces service outages and other issues
      by having Windows manage the account password and related Service Principal
      Names (SPNs) automatically. For more information, see “Implementing
      Managed Accounts” in Chapter 10.
    • Managed virtual accounts Introduces a special type of local computer
      account for managed services that provides the ability to access the network
      with a computer identity in a domain environment. For more information,
      see “Using Virtual Accounts” in Chapter 10.

    Real World Technically, you can use managed service accounts and managed
    virtual accounts in a mixed-mode domain environment. However, you must update
    the Active Directory schema for Windows Server 2008 R2 and you have to manually
    manage SPNs for managed service accounts.

    • Authentication Mechanism Assurance Improves the authentication process
      by allowing administrators to control resource access based on whether
      a user logs on using a certificate-based logon method. Thus, an administrator
      can specify that a user has one set of access permissions when logged on
      using a smart card and a different set of access permissions when not logged
      on using a smart card.

    Other improvements don’t require that you raise domain or forest functional
    levels, but they do require that you use Windows Server 2008 R2. These include:

    • Offline domain join Allows administrators to preprovision computer
      accounts in the domain to prepare operating systems for deployment. This
      allows computers to join a domain without having to contact a domain
      controller.
    • Active Directory module for Windows PowerShell Provides cmdlets for
      managing Active Directory when you are working with Windows PowerShell.
      A related option is on the Administrative Tools menu.
    • Active Directory Administrative Center Provides a task-orientated interface
      for managing Active Directory. A related option is on the Administrative
      Tools menu.
    • Active Directory Web Services Introduces a Web service interface for
      Active Directory domains.

    These features are discussed in more detail in Chapter 8, “Core Active Directory
    Administration.” Also keep in mind that you must prepare Active Directory schema
    for the Active Directory Recycle Bin. The preparation procedures are the same as
    those discussed for RODCs in the previous section.

     

    We hope you find this book very useful!