|
|
 |
|
|
|
MCSE Microsoft® Windows® 2000 Directory Services Infrastructure Readiness Review; Exam 70-217
|
|
|
Author |
|
Jill Spealman
|
|
|
Pages |
272
|
|
Disk |
1 Companion CD(s)
|
|
Level |
All Levels
|
|
Published |
11/01/2000
|
|
ISBN |
9780735610002
|
|
ISBN-10 |
0-7356-1000-2
|
|
Price(USD) |
$24.99
To see this book's discounted price, select a reseller below.
|
|
|
|
|
|
|
|
|
Index
A
accounts
adding, to groups, 143
configuring, 126, 143–44
creating, 126, 143–44
ACLDIAG.EXE (ACL Diagnostics), 127, 158, 160
Active Directory. See also Active Directory Services Interface (ADSI); Users And Computers console
answers to questions, 14–20, 162–66
configuration management and, 75–77, 90–91, 111, 112–15
Domains And Trusts console, 3, 6
group policies and, 66
Installation Wizard, 1–2, 5, 10–11, 31
installing, 1–4, 5–6, 10–11, 31
integrated DNS zones, 27, 28, 31–32, 34–35, 43
managing, 125–30
monitoring, 125–30
optimizing, 125–30
questions, 8–13, 159–61
recommended reading, 3–4, 29–30, 128–29
RIS and, 111, 112–15
Schema snap-in, 3, 6
security and, 173–212
Sites And Services console, 2, 3, 6–9, 12, 131
suggested practices, 1–3, 126–27
Support Tools, 127
tested skills, 1–3, 126–27
troubleshooting, 1–4, 5–6
Active Directory Services Interface (ADSI), 128–29, 132. See also Active Directory
ActiveX controls, 61
Add/Remove Programs (Control Panel), 73, 78, 80
Administrative Templates, 50, 55, 65
basic description of, 61
troubleshooting, 62
ADSI (Active Directory Services Interface). See Active Directory Services Interface (ADSI)
alerts, 125, 127, 157
Allow column, 144
answer files, 98
Application Data folder, 89
applications, deploying, 73, 79–80
archiving, 174, 209, 211
attributes, 7, 131
auditing, 173–74, 187–92. See also audit policies
answers to questions, 211–12
basic description of, 178
configuring, 178, 187–88
domain controllers, 188–89, 190–92, 211
questions, 210–11
requirements for, 187
Auditing Entry For Lexmark Optra Color 1200n dialog box, 192
audit policies, 173, 177–78. See also auditing
basic description of, 178, 209
configuring, 188–90, 210
hackers and, 191
Audit Policy security area, 189, 190
authentication, 140, 141
authoritative restore, 21, 23
B
backups, 1, 4
answers to questions, 24–25
basic description of, 21–25
questions, 22–23
Backup Wizard, 1
batch files, 61, 66
Berkeley Internet Name Domain, 29
binding, 132
Block Policy Inheritance option, 56
boot
disks, 51, 98, 103
files, 21
bridgehead servers, 7, 168
Bypass Traverse Checking privilege, 184
C
Certificate Services database, 21
change notification, 127, 168
child objects, 126, 133
client computers
prestaging, 111
remote boot-enabled, 97
Client Installation Wizard (CIW), 97, 99, 102
COM+ Class Registration database, 21
comma-delimited file format, 174, 209, 211
Computer Configuration settings, 55, 61, 65
computers. See also Computer Configuration settings
client, 97, 111
prestaging, 111
remote boot-enabled, 97
searching for, in domains, 137
Computers container, 51
configuration management, 49–123. See also group policies
answers to questions, 58–59, 67–71, 81–87, 119–23
questions, 57, 63–66, 75–81, 112–19
recommended reading, 52–54
suggested practices, 50–51
security and, 100, 111–13
tested skills, 50–51
connection objects, 7, 132
containers
basic description of, 131, 133
Computers, 51
moving, 135
object management and, 127
Control Panel, 50, 61, 73, 78, 80
counter logs, 127, 157
Create All Child Objects permission, 132
D
database log files, 5, 11
databases, default locations of, 5, 11
DCPROMO, 5
default groups, 132
DEFAULTIPSITELINK link, 7
Delegation Of Control Wizard, 127, 133
Delete All Child Objects permission, 132
Desktop, 50, 61, 89
Desktop folder, 89
DHCP (Dynamic Configuration Protocol). See Dynamic Configuration Protocol (DHCP)
diagnostic tools
ACLDIAG.EXE (ACL Diagnostics), 127, 158, 160
DSACLS.EXE, 127, 158
DSASTAT.EXE (Active Directory Diagnostics Tool), 127, 158
LDP.EXE (Active Directory Administration Tool), 127, 158, 160
REPADMIN.EXE (Replication Diagnostics Tool), 127, 158, 160
Directory Engineer permissions, 145
Directory Services Restore Mode, 21
Disable The Command Prompt option, 66
Disk Quotas, 61
DNS (Domain Name System). See Domain Name System (DNS)
DNS.LOG trace file, 27, 29, 32
domain controllers, 5–7, 167
auditing, 188–89, 190–92, 211
change notification and, 168
locating, 6–7, 31
moving, 2, 7, 12, 131, 135
restore operations and, 21
security and, 182, 188–89
troubleshooting, 159, 160, 161
domain local groups, 132, 144–45
Domain Name System (DNS). See also Domain Name System (DNS) zones
answers to questions, 37–41
configuring, 2, 5, 27–48
group policies and, 61
installing, 27–48
lookup requests, 33
managing, 27–28, 43–48
monitoring, 27–28, 43–48
namespaces, 27, 31
questions, 33–36, 45–46
recommended reading, 29–30
server logs, 27, 29, 35, 44
servers, debug options for, 29, 32
servers, responsiveness of, verifying, 29
suggested practices, 28–29
tested skills, 28–29
trace logs, 27, 29, 32, 127, 157
troubleshooting, 27–28, 43–48
Domain Name System (DNS) zones, 27, 28
configuring, 33–34, 36, 44
creating, 36
creating records in, 33–34
delegation of, 28, 43, 44
division of namespaces into, 31
filenames for, 28
master copies of, 31
transferring, 31, 43–44, 45
types of, 31–32, 34–35
updating, 28, 33, 36
domain naming master role, 5–6, 12
Domain Naming tab, 134
Domains And Trusts console, 3, 6
DSACLS.EXE, 127, 158
DSASTAT.EXE (Active Directory Diagnostics Tool), 127, 158
Dynamic Configuration Protocol (DHCP), 49, 97, 99, 111, 115
dynamic updates, 32
E
event logs, 157, 174, 177, 182, 183. See also events
Event Log security area, 177
events. See also event logs; Event Viewer
auditing, 191–92
basic description of, 173, 178
monitoring/analyzing, 174, 209–12
types of, 174
Event Viewer, 27, 29, 44, 127. See also events
basic description of, 125, 157
troubleshooting domain controllers with, 159
viewing security logs with, 173, 209, 210
F
file extensions, 79, 80
File servers, 113
file systems, restoring, 23
File System security area, 177
File Transfer Protocol (FTP), 34
Find dialog box, 132
Find Printers dialog box, 126
Folder Redirection extension, 49, 51, 55, 89
answers to questions, 93–95
questions, 90–93
testing, 90
forests
object management and, 134, 135
operations master roles in, 5–6
forward lookup queries, 31
forward lookup zones, 28, 31, 33, 36
FrontPage (Microsoft). See Microsoft FrontPage
FTP (File Transfer Protocol). See File Transfer Protocol (FTP)
Full Control permission, 132, 141
full zone transfer, 44
G
General tab, 13, 28, 32
global catalogs, 7, 132, 160
global catalog servers, 3, 7, 10
global groups, 132
GPOs (group policy objects). See group policy objects (GPOs)
GPRESULT.EXE, 62
GPTOOL.EXE, 62
group policies. See also group policy objects (GPOs); Group Policy snap-in
Active Directory domain and, 66
answers to questions, 58–59, 81–87
basic description of, 55
disabling settings for, 50
implementing, 50, 55–60
managing network configuration with, 51, 89–96
managing software with, 50–51, 73–88
managing user environments with, 50, 61–72
questions, 57, 63–66
suggested practices, 50–51
tested skills, 50–51
troubleshooting, 55–60
group policy objects (GPOs), 173–74, 179–81, 179, 184, 187–90
basic description of, 55
creating, 55, 57
making changes to, 63–66, 63, 65
network configuration and, 89–96, 89
nonlocal, 55
Software Installation and, 75–80
suggested practices, 50–51
tested skills, 50–51
troubleshooting, 62
Group Policy snap-in, 50, 78–79, 174, 177–83, 190
adding, to an MMC, 57
basic description of, 178
problems, troubleshooting, 56
smart card systems and, 181
groups. See also group policies
adding accounts to, 143
creating, 126, 142, 144–45
default, 132
domain local, 132, 144–45
moving, 135
permissions and, 132
scope of, 126
types of, 126, 132
universal, 132, 135
H
hardware recommendations, 97, 134
Help (Windows 2000), 50–51, 174
histograms, 157
HKEY_CLASSES_ROOT key, 99
HKEY_CURRENT_USER key, 61, 65
HKEY_LOCAL_MACHINE key, 61, 65
home directories, 126, 132, 140–41
Host (A) resource record, 43
I
Images tab, 98
Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure exam, 28–29, 50, 126, 174
incremental zone transfer, 44
infrastructure master role, 6
Infrastructure tab, 134
inheritance, 133, 144
installation, 49–54, 99, 112–19. See also Microsoft Windows Installer; Remote Installation Services (RIS)
clean, 184–85
group policies and, 73–74
plans, 51–52
recommended reading, 3–4, 29–30
security and, 184–85
suggested practices, 1–3, 28–29
tested skills, 1–3, 28–29
Integrated Services Digital Network (ISDN), 9, 169
Internet Explorer browser, 61, 65
Internet Protocol (IP)
addresses, mapping, 33
addresses, provision of, through resource records, 31
DNS and, 28
level connectivity, verifying, 44–45
replication, 2, 6–7
security and, 177
subnets, 6
Internet Service Providers (ISPs), 168, 169
intersite replication, 6, 7, 127, 167
IP (Internet Protocol). See Internet Protocol (IP)
IP Security Policies On Active Directory security area, 177
ISDN (Integrated Services Digital Network). See Integrated Services Digital Network (ISDN)
Iseminger, David, 128
ISPs (Internet Service Providers). See Internet Service Providers (ISPs)
J
JScript, 61, 64, 66
K
KCC (Knowledge Consistency Checker). See Knowledge Consistency Checker (KCC)
Kerberos, 177
Knowledge Consistency Checker (KCC), 167
L
LDP.EXE (Active Directory Administration Tool), 127, 158, 160
Liu, Cricket, 29
Logging tab, 32
logon/logoff scripts, 55, 61, 66
logs. See also Event Viewer
archiving, 174, 209, 211
basic description of, 157, 178, 209
configuring, 182–83
counter logs, 127, 157
DNS.LOG, 27, 29, 32
event, 157, 174, 177, 182, 183
file size limits for, 182–83
filtering events in, 210
format of, 209, 211
overwrite protection for, 180
performance, 125, 127, 157
server, 27, 29, 35, 44
viewing, 125, 173, 209, 210
Loopback setting, 56
Lowe-Norris, Alistair G., 128
M
MCSE Training Kit: Microsoft Windows 2000 Active Directory Services, 3, 4, 29, 30
MCSE Training Kit: Microsoft Windows 2000 Server, 4
member servers
auditing, 190
demoting servers to, 134
moving, 7, 131
security and, 190, 210
Microsoft FrontPage, 79, 80
Microsoft Management Console (MMC), 57, 61
Microsoft NetMeeting, 61, 136
Microsoft Office, 76–77, 185
Microsoft Visual Basic Scripting Edition (VBScript), 61
Microsoft Windows 95, 75, 76
Microsoft Windows 98, 75, 190
Microsoft Windows 2000, 36, 173, 177, 184–87, 191. See also Microsoft Windows 2000 Server
configuration management and, 75–80, 97, 99–100, 103–4, 112–19
help system, 50–51, 174
object management and, 141–43
RIS and, 51, 97–110, 112–19
Microsoft Windows 2000 Server
configuration management and, 50, 62, 102
Resource Kit, 4, 29, 62
RIS and, 113
Support Tools, 125, 158
zone transfers and, 44
Microsoft Windows Components settings, 61, 65
Microsoft Windows Explorer, 61, 99
Microsoft Windows Installer, 61, 73, 76–78
Microsoft Windows NT, 36, 186, 190
configuration management and, 66, 75, 102–3, 113
object management and, 136
RIS and, 102–3, 113
Microsoft Windows Settings, 55
Microsoft Word, 80
MMC (Microsoft Management Console). See Microsoft Management Console (MMC)
modifications (transforms), 73
monitoring, performance
answers to questions, 162–66
basic description of, 125–30, 157–66
questions, 159–61
recommended reading, 128–29
suggested practices, 127
tested skills, 127
Move dialog box, 131
Move Server dialog box, 131
Move The Folder Contents option, 89
MOVETREE, 126, 131, 135, 136
MSDN Online Library, 126, 128
MS-DOS, 61
multimaster replication, 5
My Documents folder, 89–93
My Documents Properties dialog box, 91, 92
My Pictures folder, 51, 90, 92
N
Name Server (NS) resource record, 43
namespaces, 27, 31
native mode, 144
NETDIAG.EXE, 62
NETDOM, 131
NetMeeting. See Microsoft NetMeeting
network adapter cards, 97
Network settings, 61
New Delegation Wizard, 28, 43
New Object-Computer dialog box, 111
New Object-Group dialog box, 142
New Object-Printer dialog box, 131
New Object-Shared Folder dialog box, 132
New Object-Site Link Bridge dialog box, 9
New Object-User dialog box, 138, 139
New Zone Wizard, 28, 36
NLTEST.EXE, 127, 143, 158
non–Active Directory DNS zones, 27, 28
nonauthoritative restore, 21, 23
No Override option, 56, 66
NSLOOKUP, 27, 29, 44–45
NTDSUTIL, 21–23
O
object management. See also objects
answers to questions, 146–55
basic description of, 125–55
organizational units and, 127, 131, 133, 135–36, 144
questions, 134–45
recommended reading, 128–29
suggested practices, 126–27
tested skills, 126–27
objects. See also object management
basic description of, 131
child, 126, 133
connection, 7, 132
creating, 138–39
finding, 136
moving, 135
parent, 133
publishing, 131
restoring, 21–22
types of, identification of, 126
Office (Microsoft). See Microsoft Office
Open Files folder, 157
Operations Master dialog box, 134–35
operations master role, 5, 134
organizational units (OUs), 184, 186, 190–91
basic description of, 131
configuration management and, 51, 75–76, 78, 92, 99
creating, 3, 6, 13, 75
object management and, 127, 131, 133, 135–36, 144
recommended reading, 3–4
restore operations and, 22
RIS and, 51
security and, 51, 182
OU Properties dialog box, 13
OUs (organizational units). See organizational units (OUs)
P
parsing tools, 157
partitions, 7, 102–3
passwords, 133, 137–39, 177, 179, 191–92, 210
Performance Alerts, 125, 127, 157
performance counters, 157
Performance Logs, 125, 127, 157
Performance Logs And Alerts snap-in, 125
performance monitoring
answers to questions, 162–66
basic description of, 125–30, 157–66
questions, 159–61
recommended reading, 128–29
suggested practices, 127
tested skills, 127
performance objects, 157
Perl, 61
permissions. See also security
Active Directory objects and, 126, 127
applying, 132
assigning, 51, 141, 145
configuring, 141
GPOs and, 56
inheritance, 133, 144
removing, 141
RIS and, 111
security templates and, 177–78
special, 133
user, 126
PID (product identification) numbers. See product identification (PID) numbers
PING command, 44
Plug and Play, 99
Policy Removal options, 89
primary servers, 31
printers, 61, 113, 190, 192
locating, 126
publishing, 131, 136
Print servers, 113
processors, 97
product identification (PID) numbers, 102
properties, for users accounts, 126
Properties dialog box, 32, 209
Profile tab, 140–41
Security tab, 132–33
Zone Transfers tab, 28, 44
protocols. See also Internet Protocol (IP); Simple Mail Transfer Protocol (SMTP)
Dynamic Configuration Protocol (DHCP), 49, 97, 99, 111, 115
File Transfer Protocol (FTP), 34
Transmission Control Protocol/Internet Protocol (TCP/IP), 100, 99
public key certificates, 135
Public Key Policies security area, 177
PXE-based ROM, 97–100, 103
R
RAM (random access memory), 97
RBFG.EXE, 98, 100, 103
Read permission, 56, 132
reciprocal replication, 127, 168
Registry, 177–78, 182
configuration management and, 50, 65, 99
group policies and, 50, 61
HKEY_CLASSES_ROOT key, 99
HKEY_CURRENT_USER key, 61, 65
HKEY_LOCAL_MACHINE key, 61, 65
RIS and, 99
Registry Editor, 99
Registry security area, 177
relative ID master role, 6, 12
Remote Installation Preparation Wizard, 98, 104
Remote Installation Services (RIS)
answers to questions, 104–10, 119–23
basic description of, 55, 97
boot disks, 51, 97, 103
Client Installation options, 99
configuring, 51
deploying Windows 2000 by using, 51, 97–110
questions, 99–104, 112–19
security and, 51, 100, 111–13
servers, authorizing, 111
Setup Wizard, 112, 116, 118
Remote Installation Services Properties dialog box, 98
Remote OS Installation, 49, 51, 97
Remove option, 99
REPADMIN.EXE (Replication Diagnostics Tool), 127, 158, 160
replication, 2, 6–8
answers to questions, 170–72
availability, 7, 127, 168
basic description of, 167
diagnostic tools for, 127, 158, 160
of DNS data, managing, 28–29
frequency, 7, 127, 167
intersite, 6, 7, 127, 167
managing, 127
multimaster, 5
optimizing, 125
questions, 169–70
reciprocal, 127, 168
restore operations and, 21, 23
single-master, 5
SMTP, 2, 7, 8, 167, 169
topology, 160, 167
troubleshooting, 127, 159–61, 167–72
two-way, 127, 168, 169–70
urgent, 127
REPLMON.EXE (Active Directory Replication Monitor), 127, 158, 160
reserve lookup zones, 28
resource records, 28, 31
restore operations
answers to questions, 24–25
authoritative restore, 21, 23
basic description of, 21–25
nonauthoritative restore, 21, 23
questions, 22–23
types of, selecting, 22, 23
Restore Wizard, 21
Restricted Groups security area, 177
reverse lookup queries, 31
reverse lookup zones, 33, 36
RIPrep images, 51, 97, 99–100, 102–3, 111
RIS (Remote Installation Services). See Remote Installation Services (RIS)
roles
domain naming master role, 5–6, 12
infrastructure master role, 6
operations master role, 5, 134
relative ID master role, 6, 12
schema master role, 5–6, 13
ROM (read only memory), 97, 99, 100
S
schema master role, 5–6, 13
Schema snap-in, 3, 6
Schema tab, 134
scripts
logon/logoff, 55, 61, 66
moving, 135
startup/shutdown, 50, 55, 61, 66
writing, 132
Scripts extension, 61
SDCHECK.EXE (Security Descriptor Check Utility), 127, 158, 160
SDPs (software distribution points). See software distribution points (SDPs)
SearchApp, 78
SECEDIT, 184
secondary servers, 32
security, 131–33, 140, 143. See also permissions; security logs
answers to questions, 119–23, 193–208, 210
areas, supported by Windows 2000, 177
authentication, 140, 141
basic description of, 173–212
configuration, 173–208
diagnostic tools, 127, 158, 160
groups, 56
managing, 173–76
monitoring, 173–76
passwords, 133, 137–39, 177, 179, 191–92, 210
policy, 177
questions, 112–19, 179–93, 210–11
recommended reading, 175–76
RIS and, 51, 100, 111–13
suggested practices, 174
templates, 173–74, 177, 185–87
tested skills, 174
troubleshooting, 173–208
zone transfers and, 45–46
Security Configuration And Analysis tool, 173, 174, 178, 187
security logs. See also logs
archiving, 174, 209, 211
basic description of, 178, 209
configuring, 182–83
file size limits for, 182–83
filtering events in, 210
overwrite protection for, 180
viewing, 173, 174, 209, 210
Security Settings extension, 174, 177–79, 181
Security tab, 132–33
Security Templates console, 186
server logs, 27, 29, 35, 44
servers. See also member servers; Microsoft Windows 2000 Server
authorizing, 111
bridgehead, 7, 168
debug options for, 29, 32
global catalog, 3, 7, 10
member, 7, 131, 134, 190, 210
primary, 31
Print, 113
responsiveness of, verifying, 29
secondary, 32
security and, 184–85
site license, 6
upgrading, 184–85
services, publishing, 132, 136. See also Sites And Services console
Settings tab, 90
shared folders
basic description of, 132
creating, 141
listings for, viewing, 157, 161
object management and, 132
performance monitoring and, 157, 161
Shared Folders snap-in, 127, 157
Simple Mail Transfer Protocol (SMTP)
advantages of, 8
basic description of, 167
over-IP transport, 10
replication, 2, 7, 8, 167, 169
single-master replication, 5
site license servers, 6
site link bridges, 2, 7, 168
site links
attributes of, 7
basic description of, 6, 167
change notification and, 168
costs for, 9, 127, 167
creating, 6–7, 169
sites. See also Sites And Services console
associating existing subnets with, 2
creating, 6
default, 6
moving server objects between, 2
use of the term, 6
Sites And Services console, 2, 3, 6–9, 12, 131
Sites container, 6
smart card systems, 181
SMTP (Simple Mail Transfer Protocol). See Simple Mail Transfer Protocol (SMTP)
software distribution points (SDPs), 73, 75, 79
Software Installation extension, 51, 55, 73–87
Software Settings, 55
standard DNS zones, 27, 28, 31
standard primary zone, 31
standard secondary zones, 32
Start menu, 50, 61, 73, 89
Start Menu folder, 89
Start-of-Authority (SOA) resource record, 44
startup/shutdown scripts, 50, 55, 61, 66
subnets
associating existing, with sites, 2, 6, 8–9
sites and, relationship of, 6
synchronization, 36, 161. See also replication
System Monitor, 125, 127, 157
System Services security area, 177
System settings, 61
Systems Management Server, 77
System State data, restoring, 21
system volume
location of, 5
shared, default locations of, 11
SYSVOL directory, 21–22
T
T1 connections, 9, 10
tape backup, 23
Taskbar, 50, 61
Task Scheduler, 61
TCP/IP (Transmission Control Protocol/Internet Protocol). See Transmission Control Protocol/Internet Protocol (TCP/IP)
templates, 50, 55, 65, 173–74, 177, 185–87
basic description of, 61
troubleshooting, 62
text file format, 174, 209, 211
trace logs, 27, 29, 32, 127, 157
transforms (modifications), 73
Transmission Control Protocol/Internet Protocol (TCP/IP), 99, 100
Trojan horse attacks, 132
two-way replication, 127, 168, 169–70
U
UNC (universal naming convention). See universal naming convention (UNC)
universal groups, 132, 135
universal naming convention (UNC), 89
UNIX, 29
user. See also Users And Computers console
names, 191–92, 210
profiles, 89, 126, 135
rights, 177, 184
use of the term, 131
User1 Properties dialog box, 141, 144
User Configuration settings, 55, 61
User Rights Assignment area, 184
Users And Computers console, 3, 5–6, 111
creating accounts and, 143, 144
creating groups and, 142
object management and, 42–44, 126, 131–32, 136, 138–39
publishing printers and, 136
restricting workstations and, 139
RIS and, 97, 98
V
VBScript. See Microsoft Visual Basic Scripting Edition (VBScript)
W
wallpaper, 63
WANs (wide area networks), 170
Windows 95 (Microsoft). See Microsoft Windows 95
Windows 98. See Microsoft Windows 98
Windows 2000. See Microsoft Windows 2000
Windows NT. See Microsoft Windows NT
wizards
Active Directory Installation Wizard, 1–2, 5, 10–11, 31
Client Installation Wizard (CIW), 97, 99, 102
Delegation Of Control Wizard, 127, 133
New Delegation Wizard, 28, 43
New Zone Wizard, 28, 36
RIS Setup Wizard, 112, 116, 118
Remote Installation Preparation Wizard, 104
Restore Wizard, 21
Word (Microsoft). See Microsoft Word
workstations
moving, 131
object management and, 131, 139
restricting, 139
upgrading, 184–85
Write permissions, 56, 132
Z
.zap files, 80
zones. See Domain Name System (DNS) zones
Zone Transfers tab, 28, 44
Last Updated: Friday, July 6, 2001 |
