PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2004 by Microsoft Corporation All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Library of Congress Cataloging-in-Publication Data Spealman, Jill. MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure / Jill Spealman, Kurt Hudson, and Melissa Craft. p. cm. Includes index. ISBN 0-7356-1438-5 1. Electronic data processing personnel--Certification. 2. Microsoft software--Examinations--Study guides. 3. Directory services (Computer network technology)--Examinations--Study guides. 4. Microsoft Windows server. I. Title: Planning, implementing, and maintaining a Microsoft Windows Server 2003 Active Directory infrastructure. II. Hudson, Kurt. III. Microsoft Corporation. IV. Title. QA76.3S6453 2003 005.7'13769--dc21 2003056122 Printed and bound in the United States of America. 1 2 3 4 5 6 7 8 9 QWT 8 7 6 5 4 3 Distributed in Canada by H.B. Fenn and Company Ltd. A CIP catalogue record for this book is available from the British Library. Microsoft Press books are available through booksellers and distributors worldwide. For further informa tion about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send comments to [email protected]. Active Directory, IntelliMirror, Microsoft, Microsoft Press, MS-DOS, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Acquisitions Editor: Kathy Harding Project Editor: Julie Miller For nSight Publishing Services (www.nsightworks.com) Project Manager: Susan H. McClung Copyeditor: Melissa von Tschudi-Sutton Technical Editor: Thomas Keegan Desktop Publishing Specialist: Mary Beth McDaniel Proofreaders: Jan Cocker, Jolene Lehr, Indexer: Jack Lewis Katie O’Connell, Robert Saley Body Part No. X08-16602 About the Authors Jill Spealman, a technical writer and instructional designer, is the owner of Word- smith, Inc., a Chicago-area company that develops training materials. Jill has written six training and certification books for Microsoft Press on Microsoft Windows NT and Microsoft Windows 2000, and she has received national awards for these works from the Society for Technical Communication. She has 16 years of experience developing documentation and training, and has worked for Thomson NETG, Wallace, Waste Man agement, Rockwell FirstPoint Contact, GAB Robins, and National Forwarding. Kurt Hudson is an instructor, author, and consultant for computer technologies. In recent years, he has concentrated on the areas of computer networking, Active Direc tory, integrating UNIX and Microsoft Windows, and computer security. Kurt regularly teaches summer programs at Northern Arizona University in Flagstaff, Arizona. He also has taught several courses through Microsoft Research for several other universities, including the University of Colorado (Boulder), Texas A&M, Duke University—Fuqua College of Business, the University of Iowa, the University of California (San Diego), the University of Virginia, the University of North Carolina, Kansas State University (Manhat tan), Case Western Reserve University, and the University of Florida (Gainesville). Kurt has earned many technical certifications, including Microsoft Certified Systems Engineer (MCSE in Windows 2000, Windows NT 4.0+I, and Windows NT 3.51), Microsoft Certified Systems Administrator (MCSA), Cisco Certified Network Associate (CCNA), Certified Technical Trainer (CTT+), Security+, Network+, A+, and i-Net+. He also has a graduate degree in business management (Masters of Management) from Troy State University in Troy, Alabama. Further, he has written many books on com puter-related topics and contributed to numerous other publications. Melissa Craft (CCNA, MCNE, MCSE, Network+, CNE-3, CNE-4, CNE-GW, CNE-5, CCA) is the vice-president and CIO for Dane Holdings, Inc., a financial services corporation in Phoenix, Arizona, where she manages the Web development, LAN, and WAN for the company. During her career, Melissa has focused her expertise on developing enterprise- wide technology solutions and methodologies focused on client organizations. These technology solutions touch every part of a system’s lifecycle, from assessing the need, determining the return on investment, network design, testing, and implementation to operational management and strategic planning. In 1997, Melissa began writing maga zine articles on networking and the information technology industry. In 1998, Syngress hired Melissa to contribute to an MCSE certification guide. Since then, Melissa has con tinued to write about various technology and certification subjects. Melissa holds a bachelor’s degree from the University of Michigan and is a member of the IEEE, the Society of Women Engineers, and American Mensa, Ltd. Melissa currently resides in Glendale, Arizona, with her family, Dan, Justine, and Taylor. Contents at a Glance Learn at Your Own Pace Part 1 1 Introduction to Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3 2 Installing and Configuring Active Directory. . . . . . . . . . . . . . . . . . . . . . . . 2-1 3 Administering Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 4 Installing and Managing Domains, Trees, and Forests. . . . . . . . . . . . . . . 4-1 5 Configuring Sites and Managing Replication . . . . . . . . . . . . . . . . . . . . . . 5-1 6 Implementing an OU Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1 7 Administering User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1 8 Administering Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1 9 Administering Active Directory Objects . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1 10 Implementing Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1 11 Administering Group Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-1 12 Deploying Software with Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . .12-1 13 Administering Security with Group Policy. . . . . . . . . . . . . . . . . . . . . . . .13-1 14 Managing Active Directory Performance . . . . . . . . . . . . . . . . . . . . . . . .14-1 Prepare for the Exam Part 2 15 (cid:1) Planning and Implementing an Active Directory Infrastructure (1.0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15-3 16 (cid:1) Managing and Maintaining an Active Directory Infrastructure (2.0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16-1 17 (cid:1) Planning and Implementing User, Computer, and Group Strategies (3.0) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17-1 18 Planning and Implementing Group Policy (4.0) . . . . . . . . . . . . . . . . . . .18-1 19 Managing and Maintaining Group Policy (5.0) . . . . . . . . . . . . . . . . . . .19-1 Appendixes Part 3 A(cid:1) New Active Directory Directory Features in the Windows Server 2003 Family. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-1 B Active Directory Setup Answer File Parameters. . . . . . . . . . . . . . . . . . . .B-1 C User Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C-1 v Practices Configuring a Static IP Address and Preferred DNS Server . . . . . . . . . . . . . . . . . . . . . .2-14 Installing and Removing Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-31 Fixing a DNS Configuration and Installing Active Directory . . . . . . . . . . . . . . . . . . . . . .2-33 Verifying Active Directory Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-41 Using Active Directory Installation Troubleshooting Tools. . . . . . . . . . . . . . . . . . . . . . . .2-52 Viewing Active Directory Administration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-13 Customizing an MMC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-26 Backing Up Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-41 Restoring Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-53 Creating a Child Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-17 Renaming a Domain Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-22 Viewing and Transferring Operations Master Role Assignments . . . . . . . . . . . . . . . . . .4-38 Managing Trust Relationships. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-70 Configuring Sites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-21 Configuring Intersite Replication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-38 Monitoring and Troubleshooting Active Directory Replication . . . . . . . . . . . . . . . . . . . .5-69 Creating an OU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-13 Administering OUs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-22 Creating, Modifying, and Verifying Domain User Accounts. . . . . . . . . . . . . . . . . . . . . . .7-22 Managing User Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-37 Managing Home Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-41 Administering User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-46 Planning New Group Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-17 Creating and Administering Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-27 Using Run As to Start a Program as an Administrator. . . . . . . . . . . . . . . . . . . . . . . . . .8-33 Locating Objects in Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-10 Controlling Access to Active Directory Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-30 Implementing a GPO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-45 Generating RSoP Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-24 Managing Special Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-47 Deploying Software with Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-28 Implementing Audit Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-41 Administering the Security Log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-54 Managing Security Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-67 Using Security Configuration and Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-79 Using System Monitor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-17 Using Performance Logs And Alerts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-33 Tables 1-1. Active Directory Administration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-33 2-1. Netdiag Command Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-45 2-2. Dcdiag Command Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-47 2-3. Active Directory Installation and Removal Troubleshooting Scenarios. . . . . . . . . . 2-51 2-4. Graphic Design Institute Network Description . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-54 3-1. Features Enabled by Domain Functional Level. . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-6 3-2. Features Enabled by Forest Functional Level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-7 3-3. Active Directory–Specific Windows Support Tools . . . . . . . . . . . . . . . . . . . . . . . . .3-11 3-4. MMC User Mode Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-21 4-1. Netdom Trust Command Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-68 5-1. Intrasite and Intersite Replication Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-5 5-2. Reasons for Adding a Global Catalog and Their Consequences . . . . . . . . . . . . . . . 5-43 5-3. Repadmin Command Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-62 5-4. Dsastat Command Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-64 5-5. Active Directory Replication Troubleshooting Scenarios. . . . . . . . . . . . . . . . . . . . . 5-67 6-1. Dsmove Command Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-21 7-1. Domain User Account Naming Convention Considerations . . . . . . . . . . . . . . . . . . . 7-6 7-2. Strong Password Requirement Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8 7-3. User Name Options in the New Object–User Dialog Box. . . . . . . . . . . . . . . . . . . . .7-14 7-4. Password Options in the New Object–User Dialog Box. . . . . . . . . . . . . . . . . . . . . .7-16 7-5. Tabs in the Properties Dialog Box. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-18 7-6. Domain User Accounts for Exercise 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-22 7-7. Domain User Account Properties for Exercise 2. . . . . . . . . . . . . . . . . . . . . . . . . . .7-23 7-8. Settings Contained in a User Profile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-27 7-9. Sample Folders Contained in a User Profile Folder . . . . . . . . . . . . . . . . . . . . . . . .7-28 7-10. OUs of City Power & Light. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-49 8-1. Group Scope Membership Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-7 8-2. Default Groups in the Builtin Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-9 8-3. Default Groups in the Users Folder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-11 8-4. Commonly Used Special Identity Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-12 8-5. Commonly Used Built-In Local Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-14 8-6. Customer Service Division Employee Information . . . . . . . . . . . . . . . . . . . . . . . . .8-18 8-7. Employee Information Access Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-18 9-1. Common Object Types and Their Contents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-3 9-2. User Accounts for Practice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-10 9-3. Basic Standard Permissions and Type of Access Allowed . . . . . . . . . . . . . . . . . . . 9-16 9-4. Pages in the Delegation Of Control Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-35 10-1. Ways to Open the Group Policy Object Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-6 10.2. Windows Server 2003 Default Administrative Templates . . . . . . . . . . . . . . . . 10-14 10-3. Default GPO Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-33 10-4. Permissions for GPO Scopes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-41 10-5. Results of Your Investigation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-52 11-1. Software Settings RSoP Query Results Column Descriptions . . . . . . . . . . . . . . 11-16 11-2. Scripts RSoP Query Results Column Descriptions . . . . . . . . . . . . . . . . . . . . . . 11-16 11-3. Administrative Templates RSoP Query Results Tab Descriptions . . . . . . . . . . . 11-16 11-4. Gpresult Command Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-20 11-5. Default Locations for Special Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-30 11-6. Effects ofPolicy Removal Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-38 11-7. Group Policy Object Editor Console Troubleshooting Scenarios . . . . . . . . . . . . 11-54 11-8. Group Policy Settings Troubleshooting Scenarios . . . . . . . . . . . . . . . . . . . . . . . 11-55 11-9. Folder Redirection and Offline Files Troubleshooting Scenarios . . . . . . . . . . . . 11-56 12-1. Software Deployment Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-7 12-2. Strategies and Considerations for Deploying Software . . . . . . . . . . . . . . . . . . . 12-14 12-3. Software Deployment Troubleshooting Scenarios . . . . . . . . . . . . . . . . . . . . . . . 12-42 12-4. Wide World Importers Network Structure.. . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-47 13-1. Software Restriction Policies Troubleshooting Scenarios . . . . . . . . . . . . . . . . . 13-27 13-2. Event Categories in the Audit Policy Extension. . . . . . . . . . . . . . . . . . . . . . . . . 13-31 13-3. Some Active Directory Object Events and What Triggers Them . . . . . . . . . . . . 13-36 13-4. User Events and What Triggers Them . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-38 13-5. Results When the Apply These Auditing Entries To Objects And/ Or Containers Within This Container Only Check Box Is Cleared . . . . . . . . . . . . . . . . 13-39 13-6. Printer Events and What Triggers Them . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-40 13-7. Audit Policy Plan for Exercise 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-42 13-8. LogsMaintainedby Windows Server 2003. . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-46 13-9. Security Configuration and Analysis Troubleshooting Scenarios. . . . . . . . . . . . 13-78 14-1. Important Active Directory System Monitor Counters on the NTDS Performance Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-5 14-2. Important FileReplicaSet Counters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-8 14-3. Directory Service Log and System Monitor Troubleshooting Scenarios . . . . . . 14-15 14-4. Options in the Schedule Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-25 14-5. Options in the Action Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-30 14-6. Performance Logs And Alerts Troubleshooting Scenarios. . . . . . . . . . . . . . . . . 14-32 14-7. Some Registry Entries in the Diagnostics Subkey. . . . . . . . . . . . . . . . . . . . . . . 14-39 Troubleshooting Labs Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-56 Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-56 Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-72 Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-73 Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-26 Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-50 Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-37 Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-40 Chapter 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-52 Chapter 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-61 Chapter 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-49 Chapter 13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-83 Chapter 14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-46 Case Scenario Exercises Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-54 Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-55 Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-74 Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5-74 Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6-24 Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7-49 Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-35 Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9-41 Chapter 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-50 Chapter 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11-59 Chapter 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12-47 Chapter 13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13-82 Chapter 14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14-44 Contents About This Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxxi Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii About the CD-ROM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii Features of This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii Part 1: Learn at Your Own Pace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii Part 2: Prepare for the Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiv Informational Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxxiv Notational Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv Keyboard Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxv Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvi Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxxvi Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxxvi Setup Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxvii The Microsoft Certified Professional Program . . . . . . . . . . . . . . . . . . . . . . . . . . xl Certifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xl Requirements for Becoming a Microsoft Certified Professional . . . . . . . . . . . .xli Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xlii Evaluation Edition Software Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xliii Learn at Your Own Pace Part 1 1 Introduction to Active Directory Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-3 Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-3 Lesson 1: Active Directory Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-4 Understanding Directory Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-4 Why Have a Directory Service?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-5 The Windows Server 2003 Directory Service. . . . . . . . . . . . . . . . . . . . . . . .1-5 Active Directory Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-8 Active Directory Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-10 Catalog Services—The Global Catalog . . . . . . . . . . . . . . . . . . . . . . . . . . .1-17 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-19 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-20 Lesson 2: Understanding Active Directory Concepts and Administration Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-21 Replication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-21 Trust Relationships . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-25 Change and Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . .1-28 Group Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-29 DNS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-31 Object Naming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-31 Active Directory Administration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-33 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-34 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-35 Lesson 3: Planning the Active Directory Infrastructure Design. . . . . . . . . . . . . .1-36 What Is an Active Directory Infrastructure Design?. . . . . . . . . . . . . . . . . . .1-36 Design Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-37 The Design Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-38 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-41 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-42 Chapter Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-43 Exam Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-43 Key Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-43 Key Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-44 Questions and Answers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1-45 2 Installing and Configuring Active Directory Why This Chapter Matters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-1 Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-2 Lesson 1: Preparing for Active Directory Installation. . . . . . . . . . . . . . . . . . . . . .2-3 Active Directory Installation Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . .2-3 Determining the Domain Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-3 Determining the Domain Name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-9 Determining the Storage Location of the Database and Log Files . . . . . . . .2-11 Determining the Location of the Shared System Volume Folder. . . . . . . . . .2-11 Determining the DNS Configuration Method . . . . . . . . . . . . . . . . . . . . . . .2-11 Determining the DNS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-12 Practice: Configuring a Static IP Address and Preferred DNS Server . . . . . .2-14 Lesson Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-15 Lesson Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-16 Lesson 2: Installing and Removing Active Directory. . . . . . . . . . . . . . . . . . . . .2-17 Installing Active Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2-17 Removing Active Directory Services from a Domain Controller. . . . . . . . . . .2-30 Practice: Installing and Removing Active Directory . . . . . . . . . . . . . . . . . . .2-31