Installing Active directory
Using Active Directory Administration Tools
Using Active Directory Administration Tools
The
powerful and flexible Active Directory administration tools that are included
with Windows Server 2003 simplify directory service administration.
Two
main tools are used to administer Active Directory:
■
Active Directory administrative consoles
■
Active Directory-specific tools in Windows Support Tools
Active Directory Administrative Consoles
- The Active Directory administrative consoles are installed automatically on computers configured as Windows Server 2003 domain controllers when Active Directory is installed.
- The following administrative consoles are available on the Administrative Tools menu of all Windows Server 2003 domain controllers:
1. Active Directory Domains And Trusts console
2. Active Directory Sites And Services console
3. Active Directory Users And Computers console
1.
Active
Directory Domains And Trusts console
The
Active Directory Domains And Trusts console provides the interface to manage
domains and manage trust relationships between forests and domains. Using
Active Directory Domains And Trusts, we can:
■ Provide interoperability with other
domains
■ Change the domain functional level
■ Change the forest functional level
from Windows 2000 to Windows Server
2003 functional level.
■ Add and remove alternate user
principal name (UPN) suffixes used to create user logon names.
■ Transfer the domain naming
operations master role from one domain controller to another.
2. Active
Directory Sites And Services console
- We provide information about the physical structure of your network by publishing sites to Active Directory using the Active Directory Sites And Services console.
- The main purpose of a site is to physically group computers to optimise network traffic. Sites have two main roles:
i. To facilitate authentication by
determining the nearest domain controllers when a user logs on from a
workstation.
ii. To facilitate replication of data
between sites
3. Active
Directory Users And Computers Console
The
Active Directory Users And Computers console allows you to add, modify,
delete, and organize the following:
- user accounts
- computer accounts
- security groups
- distribution groups
- Published resources.
It
also allows you to manage domain controllers and organizational units (OUs).
Active Directory Windows Support Tools
- Several tools that can be used to configure, manage, and debug Active Directory are available in the Windows Support Tools.
- The Windows Support Tools are included on the Windows Server 2003 CD in the \Support\Tools folder. These tools are intended for use by Microsoft support personnel and experienced users.
Examples of Windows Support Tools
|
Tool
|
Used to
|
|
Acldiag.exe (ACL Diagnostics)
|
Determine
whether a user has been granted or denied
access to an Active Directory object. It can also be used to reset
access control lists (ACLs) to their default state.
|
|
Adsiedit.msc (ADSI Edit)
|
Add,
delete, and move objects in the directory (including schema and configuration
naming contexts). Object attributes can be viewed, modified, and deleted.
|
|
Dcdiag.exe (Domain Controller
Diagnostics Tool)
|
Analyze
the state of domain controllers in a forest or enterprise and report any
problems. Note that Dcdiag.exe in Windows Server
2003
with SP1 includes a new DNS health check, and a new security check that can
detect security configurations that can cause replication to fail.
|
No comments:
Post a Comment