Notes to prepare for Active Directory Certification (70-294)__Part IV

4. Configuring Sites and Managing Replications
**********************
The main purpose of a site is to physically group computers to optimize network traffic.
Two main roles, i.e., to facilitate authentication and to facilitate the replication of data between sites.

Each domain controller stores a copy of a specific part of the directory tree, called a directory partition. Also knows as a naming context. The copy of the directory partition is called a replica.

Active Directory replicated information intrasite and inter-site.

The KCC analyzes the replication topology within a site every 15 minutes.
When replication occurs between sites, one or more replicas in each site act as bridgeheads to another site in the topology. Bridgehead servers are the contact point for the exchange of directory information between sites.
**********************

Intersite Topology Generator (ISTG)

Site Link Transitivity

By default, all site links are transitive.
Site Link Transitivity is enabled or disabled by selecting the Bridge All Site Links check box in the Properties dialog box for either the IP or the SMTP intersite transport.
**********************
Creating Subnets

Each site must have at least one subnet, but a subnet can be assigned to only one site.

Designating a Site License Server

The License Logging service on each server in a site collects and replicates this licensing information to a centralized database on a server for the site called the site license server.
**********************
Site Links

Directory Service Remote Procedure Call (DS-RPC)
Inter-Site Management-Simple Mail Transport Protocol (ISM-SMTP)
Intrasite replication always uses RPC over IP while Intersite replication can use either RPC over IP or SMTP.
If you create the site link in the IP Container, it will use RPC over IP as its transport protocol. If you create the site link in the SMTP container, it will use SMTP as its transport protocol.

Site links are used by the KCC to determine replication paths between two sites and must be created manually. Connection objects actually connect domain controllers and are created by the KCC, though you can also manually create them if necessary.

The default site link cost in Windows Server 2003 assigns a link is 100.

The replication interval must be at least 15 and no more than 10,080 minutes (equal to one week).
**********************
Bridgehead Servers

A bridgehead server is a single domain controller in a site, the contact point, used for replication between sites.

You can specify multiple preferred bridgehead servers, but only one is active at any time in a single site.

**********************
Polling and pull replication
Notification and push replication

Notification and push replication are more efficient for intrasite replication.

The default intrasite replication schedule for manually created connection objects is four times per hour.
**********************
Universal Group Membership Caching Feature

The Universal Group Membership Caching feature allows a domain controller to process user logon requests without contacting a global catalog server when a global catalog server is unavailable.

The Universal Group Membership caching feature must be set for each site and requires a domain controller to run a Windows Server 2003 operating system.

By default, the universal group membership information contained in the cache of each domain controller is refreshed every eight hours.
**********************
Creating or Removing a Global Catalog

Global Catalogs can be created or removed using the Active Directory Sites and Services console.
**********************
Application Directory Partitions

Application directory partitions can contain any type of object, except security principals.
Members of Enterprise Admins group can manually create or manage application directory partitions using the Ntdsutil command line tool.
**********************
Security Descriptor Reference Domain

Every container and object on the network has a set of access control information attached to it. Known as a security descriptor.
**********************
Displaying Application Directory Partition Information

You can use Ntdsutil to list the domain controllers that are members of a particular replica set for an application directory partition.
**********************
Monitoring and Troubleshooting Replication

Windows Support Tools provides
Replmon.exe: Active Directory Replication Monitor
Repadmin.exe: Replication Diagnostics Tool
Dsastat.exe: Directory Services Utility
**********************
Replmon.exe must be installed on a computer running Windows Server 2003.
**********************
Common Active Directory Replication Problems

New Users are not recognized
Directory information is out of date
Service requests are not handled in a timely fashion
Domain controllers are unavailable
**********************
Administrating Users and Groups

A user account is a record that consists of all the information that defines a user to Windows Server 2003

In Windows Server 2003, authentication for domain users is based on user accounts stored in Active Directory.

Passwords can be up to 127 characters. Windows 9x, you should use a maximum of 14 characters because these operating systems support passwords of up to only 14 characters.
**********************
User Accounts Types

Three types of User accounts:
Local user account
Domain user account
Built In user account
**********************
Computer’s security database is called the local security database.
**********************
Built In user accounts:
Two commonly used built in accounts are Administrator and Guest

The purpose of the built-in Guest account is to provide users who do not have an account in the domain with the ability to log on and gain access to resources. By default, the Guest account is disabled.
**********************
You can rename and disable the Guest account, but you cannot delete it.
**********************

User Profiles and Home Folders

A user profile is a collection of folders and data that stores the user’s current desktop environment, application settings, and personal data.
**********************
There are four types of User profiles:
Local
Roaming
Mandatory
Temporary

Roaming user profiles are stored in a shared folder on the server.

A mandatory user profile is a read-only roaming profile that is stored in a shared folder on a server.
**********************
Creating User Profiles

To configure a user profile as mandatory, you must make it read-only by changing the name of the Ntuser.dat file to Ntuser.man.
**********************
Home Folders

A home folder is an additional folder that you can provide for users to store personal documents, and for older applications, it is sometimes the default folder for saving documents.
**********************
Unlocking User Accounts and Resetting Passwords

It is not possible to “lock” a user’s account; if you want to ensure that a user’s account is not accessible, you must disable the account.

**********************

No comments: