To keep our certification program relevant, we continually review our exams and certifications to ensure they reflect the latest skills and Microsoft technologies and retire those that are no longer relevant. Our goal is to empower candidates to be on the leading edge of tech, in high demand cloud-based job roles, and we do this by providing certifications for critical job roles that help organizations with their digital transformations.
Exams scheduled to be retired in the next 12 months are listed here by date. This information is subject to change. These exams have been retired within the last year. See Chapter 2 for more information. Based on the business needs of an organization, a Windows Server computer can be configured in any of the above roles.
See Chapter 1 for more information. All of the trust configurations listed are possible. In general, you can accommodate your network infrastructure through the use of Active Directory sites. All of the other options should play a significant role when designing your OU structure.
See Chapter 4 for more information. ZAP files are used primarily to point to older pro- grams that do not use the Windows Installer. Printer and Shared Folder objects within the Active Directory can point to Windows NT 4 file and printer resources, as well as Win- dows resources. The number of sites in an Active Directory environment is inde- pendent of the domain organization.
An environment that consists of three domains may have one or more sites, based on the physical net- work setup. See Chapter 6 for more information. The purpose of auditing is to monitor and record actions taken by users.
Auditing will not prevent users from attempting to guess pass- words although it might discourage them from trying, if they are aware it is enabled. In order to allow this permission at the OU level, the systems administrator must create a Group Policy Object with the appropriate settings and link it to the OU.
Assuming that the default settings are left in place, the Group Pol- icy setting at the OU level will take effect.
See Chapter 10 for more information. Delegation is the process by which administrators can assign permissions on the objects within an OU. The name of the server and the name of the share make up the UNC information required to create a Shared Folder object. See Chap- ter 7 for more information. All of the options listed are benefits of using the Active Directory. One of the primary advantages of using prestaging is that systems administrators can distribute the load of installations between multiple RIS servers.
One of the major design goals for DNS was support for scalability. All of the features listed can be used to increase the performance of DNS. All of the above tools and scripting languages can be used to auto- mate common administrative tasks, such as the creation and manage- ment of user accounts. A page fault occurs when the operating system must retrieve infor- mation from disk instead of from RAM. If the number of page faults per second is high, then it is likely that the server would benefit from a RAM upgrade.
See Chapter 9 for more information. User accounts and groups are used for setting security permis- sions, while OUs are used for creating the organizational structure within the Active Directory. All of the roles listed are configured for each domain within the Active Directory forest. DNS does not allow for the use of more than one primary server per zone. By blocking policy inheritance on the OU, you can be sure that other settings defined at higher levels do not change the settings at the OU level.
However, this will only work if the No Override option is not set at the site level. The Windows Backup utility does not include an operation for weekly backups. Weekly backups can be performed, however, by using the scheduling functionality of the Backup utility.
All of the descriptions listed are characteristics that are common to domain controllers within a single site. Only Windows Server computers configured as domain con- trollers contain a copy of the Active Directory database.
The scope of Universal groups cannot be changed. The first step we would take would probably be to look for their name in the local phone book. As you can see, this is not an exact science! Part of the problem is due to the lack of a single central repository of phone number infor- mation. Clearly, this is a problem. That is, information is scattered throughout the organization, and finding what you need may take several phone calls and database searches. Furthermore, it is designed to increase capabil- ities while it decreases administration through the use of a hierarchical.
In order to reap the true benefits of this new technology, you must be willing to invest the time and effort to get it right. From end users to executive man- agement, the success of your directory services implementation will be based on input from the entire business.
All of these statements about the Active Directory are true. In fact, you could make your network more difficult to manage if you improperly implement Windows Once you have a good idea for the logical organization of your business and technical environment, however, you will have made much progress toward successfully installing and configuring the Active Directory.
Planning an entire directory services architecture that conforms to your business and technical requirements is beyond the scope of this book. The topic is considerably complex and requires a thorough understanding of all the ramifications for your organization. You must take into account, for example, business concerns, the geographic orga- nization of your company, and its technical infrastructure. It would be difficult to overemphasize the importance of plan- ning for Windows and the Active Directory.
Planning, however, is just one part of the process. Despite the underlying complexity of the Active Direc- tory and all of its features, Microsoft has gone to great lengths to ensure that implementation and management of the Active Directory are intuitive and straightforward, for no technology is useful if no one can figure out how to use it.
The emphasis will be on addressing why the entire idea of directory services came about and how it can be used to improve operations in your environment. The goal is to describe the framework on which the Active Directory is based. No specific exam objectives are covered in this chapter, but a basic under- standing of how the Active Directory is structured and why it was created are essential for performing well on the exam. However, the over- whelming majority of networks today run without any single unified direc- tory service.
Almost all companies—from small businesses to global enterprises—store information in various disconnected systems. For exam- ple, a company might record data about its employees in a human resources database while network accounts reside on a Windows NT 4 domain con- troller. Other information—such as security settings for applications— reside within various other systems.
The main reason for this disparity is that no single flexible data storage mechanism was available. But, implementing and managing many separate systems is a huge challenge for most organizations. In contrast to a peer-to-peer network, properly configured file and print servers allow users and systems administrators to make the most of their resources.
For many years, the realm of network and systems management was one that was controlled by administrators who often worked with cryptic com- mand-line interfaces. That is, only specialists normally managed information systems. Newer network operating systems such as Novell NetWare and Windows NT started bringing ease of administration into the network com- puting world so that network administration no longer needed to be a task delegated to only a few individuals.
For example, by bringing the intuitive graphical user interface GUI to the world of systems and network admin- istration, Windows NT 4 opened up the doors to simplifying management while still providing the types of security required by most businesses.
Windows NT Server and Workstation computers offered many benefits, including reliability, scalability, performance, and flexibility. In many cases, companies saw Windows NT 4 as a much more cost-effective solution than their existing client-server solutions.
Other benefits of Windows NT included its compatibility with a large installed base of current software products.
Application developers could, with a minimal amount of effort, develop programs that would run properly on various Windows-based plat- forms. The purpose of this introduction is to provide an overview of the functionality of Windows NT 4. For more details about the product, see www. A major design goal for the Windows NT 4 operating system was to pro- vide for a secure yet flexible network infrastructure. A few years ago, few technical and business professionals would have imagined that personal computers would make inroads into corporate server rooms and data cen- ters.
For many reasons, including cost-efficiency and price-performance ratios, they have done just that. With these characteristics in mind, we have set the stage for discussing the model used by Windows NT to organize users and secure resources and some of its shortcomings. However, like any technical solution, it has its limitations. First and foremost, questions regarding the scalability of its rudimentary directory ser- vices prevented some potential inroads into corporate data centers.
Win- dows NT uses the concept of a domain to organize users and secure resources. A Windows NT domain is essentially a centralized database of security information that allows for the management of network resources.
Domains are implemented through the use of Windows NT Server com- puters that function as domain controllers. All network security accounts are stored within a central database on the PDC. To improve performance and reliability. Although BDCs can help distribute the load of network logon requests and updates, there can be only one master copy of the accounts database. This primary copy resides on the PDC, and all user and security account changes must be recorded by this machine and transmitted to all other domain controllers.
Figure 1. In order to meet some of these design issues, several different Windows NT domain models have been used. In this scenario, user accounts are stored. The servers in these domains are responsible primarily for managing network accounts.
BDCs for these user domains are stored in various locations throughout the organization. These domains may be created and managed as needed by the organization itself and are often administered separately. In order for resources to be made available to users, each of the resource domains must trust the master domain s. The overall process places all users from the master domains into global groups. These global groups are then granted access to network resources in the resource domains.
Sales Corporate Resource Domains. The Windows NT domain model works well for small- to medium- sized organizations. It is able to accommodate several thousands of users fairly well, and a single domain can handle a reasonable number of resources. Above these guidelines, however, the network traffic required to keep domain controllers synchronized and the number of trust rela- tionships to manage can present a challenge to network and systems administrators.
As the numbers of users grow, it can get much more dif- ficult for the domains to accommodate large numbers of changes and network logon requests. The Limitations of Windows NT 4 The Windows NT 4 domain model has several limitations that hinder its scalability to larger and more complex environments.
Although multiple domains can be set up to ease administra- tion and network constraint issues, administering these domains quickly becomes quite complicated and management-intensive. For example, trust relationships between the domains can quickly grow out of control if not managed properly, and providing adequate bandwidth for keeping network accounts synchronized can be a costly burden on the network.
Domains, themselves, are flat entities used to organize and administer security information. They do not take into account the structure of busi- nesses and cannot be organized in a hierarchical fashion using subdomains for administrative purposes.
Therefore, systems administrators are forced to place users into groups. As groups cannot be nested that is, have sub- groups , it is not uncommon for many organizations to manage hundreds of groups within each domain. Setting permissions on resources such as file and print services can become an extremely tedious and error-prone process. As far as security is concerned, administration is often delegated to one or more users of the IT department.
These individuals have complete control over the domain controllers and resources within the domain itself. This poses several potential problems—both business and technical. As the distri- bution of administrator rights is extremely important, it would be best to assign permissions to certain areas of the business. However, the options available in the Windows NT operating system were either difficult to imple- ment or did not provide enough flexibility. All of this leads to a less-than-opti- mal configuration.
For example, security policies are often set to allow users far more permissions than they need to complete their jobs. If you have worked with Windows NT 4 domains in a medium- to large- sized environment, you are probably familiar with many of the issues related to the domain model.
Nevertheless, Windows NT 4 provides an excellent solution for many businesses and offers security, flexibility, and network management features unmatched by many of its competitors.
As with almost any technical solution, however, there are areas in which improvements can be made. The Benefits of the Active Directory M ost businesses have created an organizational structure in an attempt to better manage their environments. For example, companies often divide themselves into departments such as Sales, Marketing, and Engineer- ing , and individuals fill roles within these departments such as managers and staff.
The goal is to add constructs that help coordinate the various functions required for the success of the organization as a whole. In modern businesses, this involves planning for, implementing, and managing various network resources. Servers, workstations, and routers are common tools that are used to connect users with the information they need to do their jobs.
In all but the smallest environments, the effort required to manage each of these technological resources can be great. In its most basic definition, a directory is a repository that records informa- tion and makes it available to users.
User account management, secu- rity, and applications are just a few of these areas. The Active Directory is a data store that allows administrators to manage various types of information within a single distributed database, thus solving one of the problems we stated earlier.
This is no small task, but there are many features of this direc- tory services technology that allow it to meet the needs of organizations of any size. Through the use of various organizational components, a company can create a network management infrastructure that mirrors its business organization.
So, if a company has 10 major divisions, each of which has several departments, the directory services model can reflect. This structure can efficiently accommodate the physical and logical aspects of information resources such as databases, users, and computers. In addi- tion to the hierarchical organization of objects within the Active Direc- tory, the integration of network naming services with the Domain Name System DNS provides for the hierarchical naming and location of resources throughout the company and on the public Internet.
Extensible Schema One of the foremost concerns with any type of data- base is the difficulty encountered when trying to accommodate all types of information in one storage repository. In this case, extensibility means the ability to expand the directory schema. The schema is the actual structure of the database in terms of data types and location of the attributes. This is important because it allows applications to will know where particular pieces of information reside.
You cannot delete any portion of the schema, even the pieces that you may add. The information stored within the structure of the Active Directory can be expanded and customized through the use of various tools. This feature allows the Active Directory to adapt to special appli- cations and to store additional information as needed. It also allows all of the various areas within an organization or even between them to share data easily based on the structure of the Active Directory.
Centralized Data Storage All of the information within the Active Directory resides within a single, yet distributed, data repository.
This allows users and systems administrators to easily access the information they need from wherever they may be within the company. The benefits of the centralized data storage include reduced administration require- ments, less duplication, greater availability, and increased organization of data.
Replication If server performance and reliability were not concerns, it might make sense to store the entire Active Directory on a single server. In the real world, however, accessibility and cost constraints require the database to be replicated throughout the network. Active Directory pro- vides for this functionality. Through the use of replication technology,.
The ability to define sites allows systems and network administrators to limit the amount of traffic between remote sites while still ensuring adequate performance and usability. Reliable data syn- chronization allows for multimaster replication—that is, all domain controllers can update information stored within the Active Directory and can ensure its consistency at the same time.
Ease of Administration In order to accommodate various business models, the Active Directory can be configured for centralized or decen- tralized administration. This gives network and systems administrators the ability to delegate authority and responsibilities throughout the orga- nization while still maintaining security.
Furthermore, the tools and util- ities used to add, remove, and modify Active Directory objects are available from all Windows domain controllers. They allow for making companywide changes with just a few mouse clicks. Network Security Through the use of a single logon and various authen- tication and encryption mechanisms, the Active Directory can facilitate security throughout an entire enterprise. Through the process of delega- tion, higher-level security authorities can grant permissions to other administrators.
For ease of administration, objects in the Active Directory tree inherit permissions from their parent objects. Application developers can take advantage of many of these features to ensure that users are iden- tified uniquely and securely. Network administrators can create and update permissions as needed from within a single repository, thereby reducing chances of inaccurate or outdated configuration. Client Configuration Management One of the biggest struggles for sys- tems administrators comes with maintaining a network of heterogeneous systems and applications.
A fairly simple failure—such as a hard disk crash—can cause hours of work in reconfiguring and restoring a work- station or server. Hours of work can also be generated when users are forced to move between computers and they need to have all of their applications reinstalled and the necessary system settings updated.
New technologies integrated. The overall benefit is decreased downtime, a better end user experience, and reduced administration. Scalability and Performance Large organizations often have many users and large quantities of information to manage.
The Active Directory was designed with scalability in mind. Not only does it allow for storing up to millions of objects within a single domain, it also provides methods for distributing the necessary information between servers and locations. These features relieve much of the burden of designing a directory services infrastructure based on technical instead of business factors.
Searching Functionality One of the most important benefits of having all of your network resources stored in a single repository is the ability to perform accurate searches. Users often see network operating systems as extremely complicated because of the naming and location of resources.
For example, if we need to find a printer, we should not need to know the name of the domain or print server for that object. Using the Active Directory, users can quickly find information about other users or resources, such as printers and servers, through an intuitive querying interface.
For now, keep in mind the various challenges that the Active Directory was designed to address. The scope of this chapter is limited to introducing only the technical concepts on which the Active Directory is based. A schema usually defines the types of information that can be stored within a certain repository and special rules on how the informa- tion is to be organized. Within a relational database or Microsoft Excel spreadsheet, for example, we might define tables with columns and rows.
Similarly, the Active Directory schema specifies the types of information that are stored within a directory. By default, the schema supports information regarding user names, passwords, and permissions information. The schema itself also describes the structure of the information stored within the Active Directory data store.
The Active Directory data store, in turn, resides on one or more domain controllers that are deployed throughout the enterprise. Components and Mechanisms of the Active Directory In order to maintain the types of information required to support an entire organization, the Active Directory must provide for many different types of functionality.
These include the following: Data Store When you envision the Active Directory from a physical point of view, you probably imagine a set of files stored on the hard disk that contain all of the objects within it. The term data store is used to refer to the actual structure that contains the information stored within the Active Directory.
The data store is implemented as just that—a set of files that reside within the file system of a domain controller. This is the fun- damental structure of the Active Directory. The data store itself has a structure that describes the types of information it can contain. Within the data store, data about objects is recorded and made available to users.
Similarly, information about users, groups, and computers that are part of the domain are also recorded. Schema The Active Directory schema consists of rules on the types of information that can be stored within the directory.
The schema is made up of two types of objects: attributes and classes. Attributes define a single granular piece of information stored within the Active Directory. First Name and Last Name, for example, are considered attributes, which may contain the values of Bob and Smith.
Classes are objects that are defined as collections of attributes. It is important to understand that classes and attributes are defined inde- pendently and that any number of classes can use the same attributes.
For example, if we create an attribute called Nickname, this value could con- ceivably be used to describe a User class and a Computer class. By default, Microsoft has included several different schema objects. In order to sup- port custom data, however, applications developers can extend the schema by creating their own classes and attributes. The overall result of the schema is a centralized data store that can contain information about many different types of objects—including users, groups, computers, network devices, applications, and more.
Global Catalog The Global Catalog is a database that contains all of the information pertaining to objects within all domains in the Active Direc- tory environment. One of the potential problems with working in a multi— domain environment is that users in one domain may want to find objects stored in another domain, but they may not have any additional informa- tion about those objects. The purpose of the Global Catalog is to index information stored in the Active Directory so that it can be more quickly and easily searched.
In order to store and replicate all of this information, the Global Catalog can be distributed to servers within the network environment. That is, net- work and systems administrators must specify which servers within the Active Directory environment should contain copies of the Global Cata- log. This decision is usually made based on technical considerations such as network links and organizational considerations such as the number of users at each remote site.
You can think of the Global Catalog as a uni- versal phone book. Such an object would be quite large and bulky, but also very useful. Your goal as a systems administrator would be to find a balance between maintaining copies of the phone book and making potential users of the book travel long distances to use it.
This distribution of Global Catalog information allows for increased per- formance during companywide resource searches and can prevent excessive. Since the Global Catalog includes informa- tion about objects stored in all domains within the Active Directory envi- ronment, its management and location should be an important concern for network and systems administrators.
The Active Directory includes a search engine that can be queried by users to find information about objects stored within it. For example, if a member of the Human Resources department is looking for a color printer, they can easily query the Active Directory to find the one located closest to them.
Best of all, the query tools are already built into Windows operating systems and are only a few mouse clicks away. Replication Although it is theoretically possible to create a directory ser- vice that involves only one central computer, there are several problems with this configuration.
First, all of the data is stored on one machine. This server would be responsible for processing all of the logon requests and search queries associated with the objects that it contained. Although this scenario might work well for a small network, it would create a tre- mendous load on servers in larger environments. Furthermore, clients that are located on remote networks would experience slower response times due to the pace of network traffic.
Another drawback is that the entire directory would be stored in only one location. If this server became unavailable due to a failed power supply, for example , network authen- tication and other vital processes could not be carried out. To solve these problems, the Active Directory has been designed with a replication engine.
The purpose of replication is to distribute the data stored within the directory throughout the organization for increased availability, per- formance, and data protection. Systems administrators can tune replication to occur based on their physical network infrastructure and other constraints.
Each of these components must work together to ensure that the Active Directory remains accessible to all of the users that require it and to maintain the accuracy and consistency of its information. An Overview of Active Directory Domains In Windows Active Directory, a domain is a logical security boundary that allows for the creation, administration, and management of related resources. You can think of a domain as a logical division, such as a neigh- borhood within a city.
Although each neighborhood is part of a larger group of neighborhoods the city , it may carry on many of its functions indepen- dently of the others. For example, resources such as tennis courts and swim- ming pools may be made available only to members of the neighborhood, while resources such as electricity and water supplies would probably be shared between neighborhoods.
So, think of a domain as a grouping of objects that utilizes resources exclusive to its domain, but keep in mind that those resources can also be shared between domains.
Although the names and fundamental features are the same, Active Direc- tory domains vary greatly from those in Windows NT. As we mentioned ear- lier, an Active Directory domain can store many more objects than a Windows NT domain. Oracle Database 12c: The Complete Reference also contains a comprehensive appendix covering commands, keywords, features, and functions.
Oracle Database 12c the Complete Reference. Number of Reviews: 85 Rate this Product. It's the most affordable and effective way to prepare for the Windows Core Requirements exams. Chapter 1. Required Core Exams. Optional Core Exams. Elective Exams. Get it now.
0コメント