« previous entry | next entry »
Mar. 24th, 2006 | 10:05 am
posted by: null_variable in cptnotes
Windows 2003 Server & 2000
You can have three types of server when you set one up – a stand alone server, a member server, or domain controllers.
A stand alone server – if you set up a work group with a bunch of PCs, that’s a stand alone server. It’s not a member of any domain.
The triangle (Lesley’s diagram) is representative of a domain. Domains usually look very similar to names you see on the internet, because they’re based on that same name structure. In the domain, you’d have a couple roles your server could play. You could have it set up as a domain controller, which is the server that holds all of your user accounts, essentially. You can create user accounts and groups (security & distribution) with a domain controller. Distribution groups are groups of people or users that are used by applications (so programmers need to concern themselves with this. And what with us being programmers…you get the idea). The other thing about a domain controller is that it also holds the schema (database framework) and the global catalogue (subset of your database) for your entire domain, using Windows 2000 and 2003 server. If you take a domain controller out of your domain, you have no domain – you have a work group. In order to make a computer a domain controller, you run the command dcpromo.exe (domain controller promotion). If you join a domain but don’t make it a domain controller, it’ll be a member server.
With network professionals, we rarely use the term “stand alone” server, because “member server” is the generic term for a server that’s not a domain controller (FYI).
Those particular terms are common to 2003 and 2000 server.
USERS – local
There are no local users on a domain controller, other than that ones that a pre built into Windows (and we don’t care about those too much). On a member server, you can create both local and domain users.
Local -> are “locally” specific.
Domain -> are domain wide.
A local user is locally specific – they can log on to the local machine, and they log on with the criteria that you specified (and that criteria might be different for every machine in the whole domain).
If you have four PCs (one’s a server) as a workgroup, a workgroup has no central repository of user accounts…the only way you’d have a user account on each PC is if someone went to every PC and created your user on each machine. The user accounts and passwords are bound to each machine (that’s why they try to limit workgroups for 10 users; each of those passwords could be different!).
A domain controller, by default, will block out regular everyday users. It’ll allow administrators, etc. Since we’ve got Windows 2000 running on the machines downstairs, we can create users there that are unique to our network.
Local users are created locally. Domain users are created on the domain controller and they have domain wide abilities.
* User Profiles
User profiles contain information specific to your user account, stored on your PC (usually). Right click Start, Select “Explore All Users.” What’s in your user profiles? Things like desktop settings, favorites, subfolders, cookie information, etc. Of course, you must have admin writes on the machine to view all that information. You might also see a file called ntuser.dat, which is essentially coded information for your profile. You can also delete those profiles if you’ve got admin privileges.
You’ll only see local profiles on the machines downstairs that we’ve set up.
If you change it to ntuser.man, it’s a mandatory profile, and you’ll lose all your customized settings once you log off and on again.
Active Directory Directory Database (AD)
LDAP (lightweight directory access protocol) which came from the X.500 standards (which is wonderfully huge, but nobody uses it). It really is nothing more than a database (extensible database). Essentially, Active Directory is a database that holds all of the information about everything in your network, and the reason they switched to it is because the old way of networking was based on broadcast. It really opens up the door for us as developers to create programs that go to this database and retrieve information from it. AD is based on LDAP. LDAP uses DNS. DNS stands for domain name services. A DNS is how the internet is structures. Essentially, the DNS structure is that you have a root and some root servers (PS Lesley’s making a diagram) which know where all the other root servers are in the world (there are 13 or 14). Root servers hold information that point at the various domains there are in the world ie .gov, .net, .com, .edu, country codes, etc. The LDAP works using those kinds of names. FQDN = Fully Qualified Domain Name. A FQDN would be something like server1.ftp.eastcoast.microsoft.com. It can be up to 256 characters long. When you set up an AD domain, you need to set up a DNS server. You need a server that can take an FQDN like pc35.cpt.com and turn it into an IP address. That’s what DNS does. Microsoft ships with a DNS, no charge. Running the cdpromo.exe will also install AD if it’s the first Domain Controller.