Running A 2003/2000-Based Active Directory
A guide to planning, installing, and running Active Directory-based networks with Windows Server 2003 Server and/or Windows 2000 Server
|“...the shortest path to Active Directory satori...”|
a two-day course by Mark Minasi, author of Mastering Windows 2000 Server and Mastering Windows Server 2003 from Sybex
This course explains and demonstrates to network techs and technical IT managers how to run an Active Directory-based network using Windows Server 2003 and Windows 2000 Server. It does that in several ways:
This course is heavily demonstration-driven, so you'll see fewer concepts and more "how to make it work" skills.
In this course, we assume that you've made the choice to go to Active Directory, or are in the process of moving to AD. We've found that building an AD and keeping it running boils down to a few basic things:
With that focus, we think we've zeroed in on what you'll need to know to respond to your network challenges. We'd like to do more, but many of you tell us that the boss won't let you go for more than two days so we're trying to do the best we can with that time!
"So Is This A Windows 2000 Server Class Or a Windows Server 2003 Class?"
The short answer is "both and neither," and here's why: it focuses specifically on Active Directory rather than Server. But it's both a 2000 Server and Server 2003 class because quite frankly the principles of running ADs are pretty much the same whether you're using 2000-based DCs, 2003-based DCs, or a combination of them. Don't misunderstand, there are AD-related differences between 2000 and 2003 (a bit over a dozen changes, all good), and this course highlights them. And if you want to bring this course in-house and want to focus entirely on 2000 or 2003, then we can do that. But we felt that today's IT budget realities necessitated covering both OSes in this class.
This course is a major revision of our "Mastering Windows 2000 Server" course that we ran successfully for over two years. Attendees to the previous course would see about 30 percent overlap in material between that course and this one. By "revised and updated," we mean several things.
First, we sharpened the focus to just Active Directory planning, implementation, operation, maintenance and troubleshooting. Second, because very few of you will have the luxury of (or the desire to) immediately upgrade to Server 2003, the course shows you how to attain AD health whether you're running 2000, 2003 or a mix. Third, the first class taught a lot of concepts simply because AD's newness required that we all understand basic concepts just to get started. But now it's time for fewer concepts and more skills -- good rock-solid, how-do-I-solve-this-problem kinds of skills. So you'll see a lot more step-by-steps in this class. And that's "see" those steps, not just hear them, as Mark drives the course demos with a network of five virtual computers running under VMWare. Advanced domain administration involves complex procedures, and one false step can mess up your network. These are the kind of things that you want to see done in a relaxed seminar atmosphere, than in the heat of battle.
Even if Server 2003 had not arrived, the class would still have required updating, as audiences have a higher level of background knowledge than they did a few years ago. Even audiences from organizations that haven't yet implemented 2000 or Active Directory tend to know that they can't get Active Directory to work without good DNS, or what an organizational unit is, or that 2000 incorporates Plug and Play. Leaving those kinds of things in the course, then, didn't make sense. Audiences are now more likely to need to know how to get that DNS running in an AD-optimal and AD-secure way, how to set up the OUs so as to give OU admins the power that they need. Thus, while this seminar introduces the "what's new" aspects of Server 2003, it also covers more in-depth topics that apply to both 2000 and 2003.
With this course, we don't have as much new conceptual ground to cover because of 2003's similarity to 2000. Where the NT 4 to 2000 shift was a major change, 2000-to-2003 is a nice "1.1" upgrade. That's another reason why we would be unable to honestly say "sure, this new class is all-2003, all-the-time," as there just plain aren't enough things that are new about 2003 to justify such a class.
With this revision we decided to remove some of the peripheral issues covered in the past class and focus on what we saw as the main issue -- making your domain run as smoothly and reliably as is possible, thus the AD focus.
You'll get the most out of this class if you already know the basics of Microsoft networking what a domain is, that 2000, XP and 2003 aren't really Windows but are actually NT, what an NTFS permission is, that sort of thing.
DNS is, of course, the naming system of the Internet you found our Web server by typing "www.minasi.com" into your browser, not "188.8.131.52." And thankfully it's also the naming system of Active Directory. AD doesn't can't work without DNS. In the NT 4 days, DNS was something of an afterthought in the Microsoft networking world. But in 2000-based networks, DNS is now a central repository of essential network information. Easily more than half of the logon failures you'll experience under AD stem from an incorrectly configured DNS server or client.
But you can't really set up a "normal" DNS system for Active Directory; instead, you'll typically set up a somewhat more complex DNS structure called a "split-brain" or "split-horizon" DNS system. This section shows you what you'll need to know to set up and maintain an AD-optimized split-brain system that avoids the most common DNS woes, including the "DNS island" problem. You'll also learn about what Server 2003's new stub zones and conditional forwarding are and when you'd use them.
2003 and 2000's "big show" is Active Directory. This section reviews its major components with an eye to monitoring and troubleshooting your AD.
Installing Active Directory is easiest in a world without any previously-existing networks: build an empty domain, start up Active Directory Users and Computers, and start entering account names. But networks are so ubiquitous nowadays that it's unlikely that you'll run into many new-from-the-ground-up networks. So our jobs are often to take users, computers, and other things from an old network and move them to the new Active Directory network. Sometimes that means moving from one version of the OS to another, as when we migrate from NT 4 to 2000 or 2003, upgrade from 2000 to 2003, or the like. But networks serve organizations of people, and organizations of people change due to re-organizations, mergers, or changes in management, and then it's our job to alter the network to reflect those changes. Sometimes a domain upgrade is no more difficult than shoving the Server CD into the drive clicking "Upgrade"... but not usually. This section explains and demonstrates how to migrate, modify, upgrade and rearrange your Active Directory structure with the least trouble and cost. Server 2003 provides a powerful but complex reorganization tool in the form of domain renaming, which can also re-arrange domains within a forest.
The important point is this: migration isn't
just something that you'll do once; domain reorganizations can be a nearly
annual event. This section introduces you to the tools you'll need to
accomplish successful migrations.
Once you've got an AD set up, you'll soon learn the Awful Truth.
Are you ready? Here it is: congratulations, you're now a database
Active Directory is a big database and running a domain sometimes means
keeping that database in good shape. In this section, you'll learn (and
see) how to handle the day-to-day maintenance (and the occasional recovery) of
an AD database.
Policies, as you've already read, can be complex. When they work, it's great. When they don't, well, then your clients will want to know why, and how quickly you can fix them! This essential section presents solid steps to troubleshooting group policies. It also highlights a terrific new tool that comes with Server 2003, the Resultant Set of Policies snap-in, and a free downloadable tool from Microsoft called Group Policy Management Console (GPMC).
There are hundreds of pre-built group policies in 2000, XP and 2003.
But you just know that the one you want isn't in there.
As we said earlier, there are tons of great Registry hacks out there. And you'll probably find that some of your favorites are embedded in many of the built-in group policies. But what about the Registry hacks that you really want to roll out in your network that don't have a group policy? Simple: build one. In this section, you'll see how to take any Registry entry and make it a group policy.
Most of a domain's information lives in its AD database, which automatically replicates between domain controllers. But domains store some vital info outside of the AD, in the Sysvol folders. This section describes what's in there, how it gets replicated, and what to do when the replication fails.
This is not an "exam cram" class. Our goal in this class is to help your network professionals acquire essential job-related skills rather than to focus on particular testing concepts. Don't misunderstand there's nothing wrong with exam-centric classes but this class isn't one of them. Its focus is to help your administrators plan for and learn to manage a 2000/2003-based network.
The class works from PowerPoint presentations. On-site clients are strongly urged to purchase Mastering Windows Server 2003 from Sybex for students. That's not necessary for public class students, as they receive the book as part of their course registration.
We offer this class as a public seminar about a half-dozen times a year; you can view the current schedule www.minasi.com/pubsems.htm. But you needn't wait Mark can come to your organization to teach it on-site. On-site classes offer you the flexibility to lengthen or shorten the class, add hands-on labs, modify the course's focus and zero in on your group's specific needs.
Please contact our office at (757) 426-1431 between 12 Noon-5 Eastern time or email Assistant@Minasi.com to discuss scheduling and fees.
Don't have enough people for a private class? Consider our volume discount for our public seminars. If you sign up 10 or more employees the per-seat rate drops from $1000 to $650. Find out more at www.minasi.com/pubsems.htm#bigdiscount.