active directory для windows server 2003. Справочник администратора.pdf

. ., . I. Active Directory Windows Server 2003.

1. Active Director. 2. Active Directory. 3. Active Directory . 4. Active Directory .

II. Active Directory Windows Server 2003. 5. Active Directory. 6. Active Directory. 7. Active Directory.

III. Active Directory Windows Server 2003. 8. Active Directory. 9. Active Directory. 10. Active Directory. 11. . 12. . 13. .

IV. Active Directory Windows Server 2003. 14. Active Directory. 15. .

Active Directory Microsoft Windows Server2003, , Active Directory Windows Server 2003. Active Directory Microsoft Windows 2000. Active Directory, Windows 2000, Windows Server 2003, , . , Active Directory, , , ActiveDirectory . , , , Active Directory .

Active Directory Microsoft Windows Server 2003 , Active Directory. Active Directory Windows 2000, Active Directory . , Active Directory. , Active Directory, . , . I Active Directory . II , Active Directory . Active Directory , III , Active Directory, Active Directory . IV, , Active Directory. I, Active Directory Windows 2003, Active Directory Windows Server 2003. ActiveDirectory , Microsoft.Active Directory , , , - . , Active Directory . I, .

1, Active Directory, , Microsoft Windows 2000 Windows NT. Active Directory . , Windows Server 2003 , Windows 2000.

2, Active Directory, , Active Directory. Active Directory, ActiveDirectory, Active Directory, , .

3, Active Directory , Active Directory. Active Directory (DNS - Domain Name System),

DNS, Active Directory. DNS, Active Directory DNS, , DNS, , Active Directory.

4, Active Directory , Active Directory. , Active Directory, , Active Directory . Active Directory , , . Active Directory, Active Directory . II, Active Directory Windows Server 2003, . Active Directory . , , , (OU - Organizational Unit), , . Active Directory Windows Server2003 , Active Directory. , Active Directory Windows Server 2003, , Microsoft Windows NT 4. ActiveDirectory Windows Server 2003 Windows NT, . II .

5, Active Directory, , Active Directory. : Active Directory. , , , , OU.

6, Active Directory, , Active Directory. ActiveDirectory , .

7, Active Directory, , Microsoft Active Directory WindowsServer 2003. , Windows NT, Active Directory Windows 2000. , , Windows NT Active Directory Windows Server 2003, Active Directory Windows2000. Active Directory , . III, Active Directory Windows Server 2003, , . III : . , Active Directory, ActiveDirectory. . Active Directory , . . - , . III .

8, Active Directory, , Active Directory Windows Server 2003. Kerberos, Active Directory.

9, Active Directory, Active Directory, . Active Directory , . , Active Directory.

10, Active Directory, Active Directory: , . Active Directory Windows Server 2003 , inetOrgPerson, , .

11, , . , Active Directory, , , , .

12, , . . , . , , .

13, , . , , , , . , . , Active Directory . Active Directory. , - , . , , Active Directory . IV, Active Directory Windows Server 2003, .

14, Active Directory, , Active Directory, Active Directory . , ActiveDirectory.

15, , , Active Directory. ActiveDirectory , , .

, , Active Directory. Active Directory MicrosoftWindows Server 2003 - , , . , .

. , 5 , , , , 2. , (. 12), , 11.

, , . , , , .. , . . , , - , .. , . , . . . .. , . .. , . . , , . , .

I. Active Directory WindowsServer 2003Active Directory Microsoft Windows Server 2003 , Microsoft. Active Directory , , . , Active Directory , . . 1, Active Directory, , Active Directory Windows Server 2003. 1 2 , Active Directory. Active Directory (DNS - Domain Name System), 3 , DNS Active Directory. , , ActiveDirectory, , Active Directory . 4 , .

1. Active Directory Microsoft Windows Server 2003 , Microsoft - Active Directory. Microsoft Windows 2000, Active Directory, Windows Server 2003, , .. Windows Server 2003 Microsoft Windows Server 2003, Active Directory: Windows Server 2003, Standard Edition; Windows Server 2003, EnterpriseEdition; Windows Server 2003, Datacenter Edition. , Active Directory Windows Server 2003, . Active Directory , - , Windows Server 2003. Active Directory Active Directory, . , , Active Directory. .

MicrosoftActive Directory Microsoft Windows. Active Directory Windows Server 2000, Windows Server 2003.

Microsoft . , , , . -, , ( ) , .

LAN OS/2 MS-DOS1987 , Microsoft ( OS/2 MS-DOS), Microsoft LAN Manager. LAN Manager , , . . , .

Windows NT SAM Microsoft Windows NT 3.1 Advanced Server. Windows NT Server 32- Microsoft Windows for Workgroups, . Windows NT NOS (Network Operating System ) SAM (Security Accounts Management - ). , . , Windows NT. SAM Microsoft Windows NT NOS, Windows NT 3.5 Windows NT Server 4. SAM , - . Windows NT Windows NT. SAM , . SAM 40. , , 40000. , . , , . Windows NT 4 , , , . , . , , . , , . , : (single domain), (master domain), (multiple master domain, multimaster) (complete trust). 1-1.

. 1 -1. , Windows NT 4

. , Windows NT 4 , .. . , , , . , Windows NT . - , Windows NT, . SAM . , SAM, NOS. . , SAM , (UI - User Interface) Windows NT 4, UserManager For Domains ( ) Server Manager (). SAM Windows NT Windows-NOS. Microsoft Exchange Server.

Windows 2000 Active Directory SAM NOS, Exchange Server. Exchange Server, - ExchangeDirectory. Exchange Directory , . , Exchange Directory (LDAP) TCP/IP( ) . NOS- Windows, Microsoft Exchange Server . - Exchange Server , Exchange Server , ,

Exchange Server. Windows 2000. Active Directory, Exchange Server 4, Windows 2000. Active Directory SAM Microsoft. Windows NT 4SAM . ActiveDirectory Windows 2000 , . 70 , SAM 40 . , ActiveDirectory, . Active Directory , . Compaq Computer Corporation, Hewlett-Packard, . , , , , . Active Directory , , . , , . , , Active Directory. , Windows NT 4, (OU - organizational unit), Windows NT 4. 1-2 Windows 2000. Active Directory . Active Directory , LDAP .500. Active Directory . Active Directory, LDAP- , Active Directory Service Interface (ADSI) Edit Ldp.exe (LDAP-- Active Directory). Active Directory LDAP, . , , (GUI).

. 1 -2. Windows 2000

----- /..... \

/:::\CQntOSO.C0ITI

^ : .^ > ,

.------------------(----------------

Windows Server 2003 Active Directory , , Active Directory, Windows 2000, Windows Server 2003 Web Edition, Active Directory . Active Directory Windows Server 2003 , , . , , MS-DOS, LAN Manager, ActiveDirectory , . , Active Directory Windows Server 2003, .

Active Directory , Microsoft NOS . , , , NOS, . Windows Novell Netware, Intel, UNIX-, RISC ( ), Linux, , . NOS . . , , () , . , Active Directory: .500 LDAP.

.500 .500 (namespace) , ActiveDirectory. .500 , . . .500 (OID -Object Identifier), . Active Directory .500, Microsoft ( ) . (dotted), .. , (string). , .500 OID, 2.5.4.10, Organization-Name ( ) ( LDAP- - ). .500, . Active Directory .500, (OSI - Open SystemsInterconnection). :cn=Karen Friske, cn=Users, dc=Contoso, dc=com .500, Users() Contoso.com Karen Friske. Contoso. .500 , ( OU),

. .500 Request for Comments (RFC)1779, http://www.faqs.org/rfcs/rfcl779.html. .500 OID, (snap-in) ActiveDirectory Schema ( Active Directory), ADSI Edit ( ADSI). .500 OID Organization-Name, ADSI Edit : CN=Organization-Name. 1-3 attributelD ( .500) http://Organization-Name.

. 1 -3. Organization-Name, ADSI Edit

. , , , , . , (). , , , Active Directory Windows Server 2003. , . :

Windows, , , , , ;

Windows Novell, Intel NOS - . -, (IT), NOS. , , .Windows 2000 Active Directory, Windows Server 2003 Active Directory, Novell DirectoryServices Novel Netware 5 ;

(DNS) UNIX, DHCP (Dynamic Host ConfigurationProtocol - ), /

(firewall/proxy) NAT (Network Address Translation - ), RISC. ( ) - UNIX-. , , , , ; Linux , Intel RISC. Linux, , , , . Linux- , Windows- SMB (Server Message Block - ). , Windows-.

(LDAP) LDAP , ActiveDirectory Windows Server 2003. LDAP X.500/OSI. (API) LDAP Active Directory Windows Server 2003 Wldap32.dll. Active Directory , LDAP ADSI (Component Object Model ). LDAP TCP/IP , LDAP-. LDAP , Active Directory . LDAP , , :LDAP: // cn=Karen Friske, cn=Users, dc=Contoso, dc=com , LDAP- . LDAP- ( ) RFC 1777, http://www.faqs.org/rfcs/rfcl777.html. Active Directory, LDAP, LDAP- Ldp.exe, Suptools.msi, Support\Tools - Windows Server 2003. Ldp.exe, Active Directory UDP (User Datagram Protocol ) LD- , . ActiveDirectory, Ldp.exe, , Active Directory, UDP 389, , - . 1-4 Karen Friske, Ldp.exe.

. 1-4. Karen Friske, Ldp.exe

Active Directory : Active Directory?. Windows Server 2003, Active Directory . , Active Directory, Microsoft Exchange Server 2000.Exchange Server 2000 Active Directory , Active Directory, Exchange Server 2000. Active DirectoryWindows Server 2003.

Active Directory , . , , . , , Exchange Server 2000. , .

(forest - Active Directory) WindowsServer 2003 (UPN -User Principal Name), , [email protected]. , , . UPN Active Directory, Active Directory, .

Windows NT 4 SAM , . , DomainAdmins. , , , DomainAdmins. . , Active Directory

. Delegation Of Control Wizard () Active Directory, . , , , - .

, ActiveDirectory . Microsoft ( Microsoft Management Console). Active Directory . Active Directory Active Directory UsersAnd Computers (Active Directory: ), Active Directory Domains AndTrusts (Active Directory: ) Active Directory Sites And Services(Active Directory: ). , Windows Server 2003, , DHCP DNS.

Active Directory Windows Server 2003 . Windows Server 2003 . Windows Server 2003 Windows Server 2003: Kerberos v5 NT LAN Manager (NTLM). Kerberos , , Windows 2000 Professional MicrosoftWindows XP Professional. , (Windows NT 4, Microsoft Windows 98 ) NTLM. NTLM Windows XP Professional Windows 2000, , Windows NT 4, Windows 2000 Windows Server 2003. Active Directory Windows Server 2003. Windows Server2003, Active Directory , (SID - Security Identifier) , SID , . SID Active Directory. , , , .

, , , Active Directory , . , . Active Directory Active Directory, . , Active Directory, , , .

Active DirectoryWindows Server 2003 Active Directory, , , Active Directory Windows Server 2003. Windows Server2003. .

Active Directory Users AndComputers Active Directory Users And Computers (ActiveDirectory: ). Windows Server 2003 . , , . , , (Account Options: Password Never Expires - : ), , , . Active Directory Users And Computers . , , , , , .

Active Directory Windows Server 2003 , , . , , Active Directory Windows Server 2003. , Windows Server 2003.. Windows Server 2003, NOS, , Windows NT 4 Windows 2000. , , Windows 2000 ( Windows 2000 mixed). , Active Directory , , Windows Server 2003 Windows Server 2000. Active Directory, WindowsServer 2003 , .. , Windows 2000 Windows NT 4.. Active Directory Windows Server 2003 mixed-mode ( ) native-mode ( ) Windows2000. Windows Server 2003 Microsoft Active Directory, Active Directory. . . . 2-1 2-2.

Active Directory (GUID Globally Unique Identifier)

(SID - Security Identifier) . , , , Active Directory, , . IT-. , .

( )Active Directory . , , . Active Directory. Active Directory, DNS. Active Directory, DNS. , DNS , DNS-, DNS-- . , , .

, Active Directory. Windows 2000 ( ) , , . Active Directory Windows Server 2003 System State ( ) Windows Server2003. , , .

Windows Server 2003 , , , . - . , , - , integer( ). , , (string), , . . . , , , , .

Active Directory Windows Server 2003 , Windows 2000, . , ,

, . ( ), . , .

, Windows 2000 (native-mode), (GC - Global Catalog) . , . , - GC, Active Directory , . Windows Server 2003 , , GC. , GC-. , GC- , , .

Windows 2000 , , , . , , . Windows Server 2003 .

UI- (object picker) (UI), ActiveDirectory. , UI- , , . , . , . , , . , UI- , Active Directory.

, - (tombstone) , . - , , . , , -, Active Directory . , - , . , -, - ,

. , .

inetOrgPersonActive Directory Windows Server 2003 inetOrgPerson , RFC 2798, http://www.faqs.org/rfcs/rfc2798.html. Active Directory inetOrgPerson LDAP--, inetOrgPerson Active Directory Windows Server 2003.

, Microsoft , . Windows2000, NOS Windows Active Directory. , . , Active Directory, .

2. ActiveDirectory Active Directory Microsoft Windows Server 2003 : . Active Directory , , . Active Directory , ( , ) . , . Active Directory. Active Directory. , . .

Active Directory Active Directory , . ActiveDirectory , . Active Directory , . , . (operations master roles). , , (GC Global Catalog). Active Directory , .

Active Directory Ntds.dit . %SystemRoot%\NTDS, . , , , . Ntds.dit %SystemRoot%\ System32. - (, ) , Active Directory. MicrosoftWindows Server 2003, . Active Directory (Dcpromo.exe) Ntds.dit System32 NTDS. , NTDS, . , .

, Windows Server 2003, Active Directory, . , . (multimaster), . 4, . , Active Directory, , Active

Directory . (GC) (operations masters).

(GC). , (NC - NamingContext) . GC , NC. GC , Active Directory.. GC, . , GC, Active Directory Schema ( Active Directory), . GC, Replicate This AttributeTo The Global Catalog ( ) . isMemberOfPartialAttributeSet true(). , , . GC. , , . GC, Global Catalog Server ( ) Active Directory Sites And Services ( Active Directory). . GC , . 5 GC-, , , . , GC-. -, ActiveDirectory. GC , , , , . GC- ( ), GC- , , GC-, . , GC-, LDAP- (Lightweght DirectoryAccess Protocol ), 3268 ( GC-).-, GC- . , , GC-. , , , . ( , Microsoft Windows 2000 Windows Server2003. Windows Server 2003, - Active Directory , .) . , , , .. (GC). , , GC- .. Windows Server 2003 , Windows Server 2003 GC-. - , GC, , . GC-, ( 8 ). ,

GC-. , Active Directory: Sites And Services ( Active Directory) . NTDS Site Settings ( NTDS), Properties (). Properties Enable Universal Group MembershipCaching ( ), , . , GC.

Windows Server 2003 . , , . , . , mixed () Windows 2000; Windows 2000. 2-1 , .

. 2-1.

Windows 2000 mixed Windows NT 4, Windows 2000,() ( Windows Server 2003.)Windows 2000 native () Windows 2000, Windows Server 2003.

Windows Server 2003 interim Windows NT 4, Windows Server 2003.() Windows Server 2003.Windows Server 2003

2-2 , .

. 2-2.

Windows 2000 ( Windows NT 4, Windows 2000,) Windows Server 2003.

Windows Server 2003 interim Windows NT 4, Windows Server 2003.() Windows Server 2003.Windows Server 2003

Windows Server 2003, , Windows 2000 native WindowsServer 2003. , Windows 2000 native, Windows Server 2003, - Windows Server 2003. , () , . ., (GC) , , - (,[email protected]). GC

,

,

(UPN - User Principal Names), . , GC, , , .

Active Directory . , . , (authoritative) . , , ; FSMO (Flexible Single Master Operations ). Active Directory:

; ; RID; PDC (Primary Domain Controller ); . .

, . , .. . Active Directory , . , . . , .

, . , ( Schema Admins ) . , , . , . , ( ) . Active Directory Schema ( Active Directory) Ntdsutil. fSMORoleOwner .

, . , . , . , (RPC) , . Dcpromo.exe , Active Directory. . Dcpromo.exe , . , . Ntdsutil. ,

. Dcpromo.exe .

(RID) - . RID-, , , . (RID), (SID), . RID RID-. RID- RID- , RID- RID-. RID- , RID- . . RID- - , . RID- , , , RID- . RID- , , , RID-, . , RID- , .

PDC PDC , Windows Server 2003 , , Windows 2000. , Windows 2000 mixed (), Windows Server 2003 (PDC) (Microsoft Windows NT 4 3.51) (BDC Backup Domain Controller). PDC , BDC- (Domain Master Browser Service). PDC , , , , . , Windows 2000 native () Windows Server2003, PDC . , , PDC. , PDC, , PDC. PDC , .

. , , , , . . , .

, . .

: - Active Directory Schema; Active Directory Domains

And Trusts ( Active Directory); RID, PDC Active

Directory Users And Computers ( Active Directory). : . . . , , , , . . . 15.

, Active Directory. Active Directory, . , . , , , .

. , . . User (). , Active Directory, User. , . . , , . , User, organizationalPerson, User. , , , . , Active Directory , . , display Name, , -. . Active Directory . . . , Computer() User (), Computer , User. Computer , . Active Directory Schema . 2-1 Computer (). , User, organizationalPerson, .. , , , .

. 2-1. Computer (), Active Directory Schema

Active Directory , . Category 1 ( 1), . , , Active Directory . , , , , . , , Category 2 ( 2). , , Active Directory. Microsoft ExchangeServer 2000, Active Directory . , Active Directory, . , LDAP Data InterchangeFormat Directory Exchange (LDIFDE) Comma Separated Value Directory Exchange (CSVDE). , Active Directory Service Interfaces (ADSI) Microsoft Visual Basic. . LDIFDE CSVDE . ADSI ADSI Edit Microsoft Windows Platform (SDK), - http://www.microsoft.com/msdownload/platformsdk/sdkupdate.ac ADSI Platform SDK http://msdn.microsoft.com/library/default.asp?url=/library/ en-us/netdir/adsi/directory_services.asp. Windows Server 2003 Active Directory Schema. , Regsvr32 Schmmgmt.dll . Schema Admins (). , , , , , .. - Active Directory. , . Active Directory Schema User. .

1. Active Directory Schema ( Active Directory).2. Attributes () .3. Action () Create Attribute ( ).

4. Schema Object Creation ( ) Continue ().

5. Create New Attribute ( ) Identification ():

Common Name ( ); LDAP Display Name ( LDAP-); Unique X500 Object ID ( 500); Description ().

6. Syntax And Range ( ) : Syntax (); Minimum (); Maximum ().

7. , (Multi-Valued) . , , F1.

500 Object ID . , Active Directory (OID Object Identifier) , OID. , OID, (ISO InternationalStandards Organization) (ANSI - AmericanNational Standards Institute). OID, ., 1.2.840.. :

1 - ISO; 2-ANSI; 840 - ; , .

, . , Employee Start Date ( ), 1.2.840..12. OID Active Directory 1.2.840.113556.1.5.15. ISO, ANSI . 113556 ANSI Microsoft, 1 - Active Directory, 5 Active Directory, 15 - Contact (). Microsoft Windows Server 2000 Resource Kit OIDGen, OID OID. , . Microsoft OID. . http://msdn.microsoft.com/certification/ad-registration.asp. 2-2 Active Directory Schema ( ActiveDirectory).

. 2-2.

. , . , Active Directory Users And Computers ( Active Directory), , . , , . , , . Directory Services ( ) Platform SDK http:// msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/ad/extending_the_user_interface_for_directory_objects.asp.

, , . . , () . Windows Server 2003 , , . , . , , .. Category 2. Category 1 . , , . , . Category 2, isDefunct true (). , ADSI Edit ( ADSI) Active Directory Schema ( Active Directory). 2-3 , EmployeeStartDate, , . , . , , . , , . isDefunt false (). . / .

. 2-3. Active Directory Schema ( Active Directory)

Active Directory Active Directory , , Active Directory. , , . Active Directory :

; ; ; ; ; .

, , . 5 , (, ) . (, ) .

Active Directory , Active Directory . , . Active Directory (NC -naming contexts). Ldp.exe ADSI Edit (. 2-4).

. 2-4. Active Directory ADSI Edit

. , , : , Active Directory Users And Computers ( Active Directory). . , , .

, , , . . Exchange Server 2000, Microsoft Internet Security And Acceleration (ISA)Server ActiveDirectory, . ISA- , , ISA Active Directory. ISA-, , Active Directory. . , . , . , .

. , , Active Directory, . . , , . - , .

GC . , . GC GC-, . isMemberOf Partial Attributes et. true (), GC.

Active Directory Windows Server 2003 - . Active Directory , (DNS -Domain Name System). (integrated) Active Directory ForestDnsZones DomainDnsZones. Active Directory, . , , GC. , . , . , . , . , , . ActiveDirectory. , DNS- Contoso.com -dc=Configuration, dc=Contoso, dc=com. AppPartitionl Contoso.com, DNS- dc=AppPartitionl, dc=Contoso, dc=com. , , , . , AppPartitionl. , dc=AppPartition2, dc=AppPartitionl, dc=Contoso, dc=com. DNS-, . Contoso.com, DNS- dc=AppPartition, , .. DNS- . LDAP-, . LDAP, , . . Active Directory . DomainAdmins ( ) . , . , . Domain Admins , , . , . , . , , , . , ,

.. , . . Ntdsutil, . Windows Server 2003 Help And Support Center ( Windows Server2003). , , , Using application directory partitions msdn.microsoft.com. , , . Active Directory . . 4.

Active Directory. Active Directory , Windows Server 2003, . , - . , , ( ). Active Directory . , . Active Directory. , Contoso Contoso.com. (dedicated) (non-dedicated) . , , -, Active Directory. () . , , , Administrator() Domain Admins ( ). - , . - . 5. (peers) , . , . 2-5 , .

Contoso,com Fabrikam.com

. 2-5. Active Directory, , , , . Active Directory . , Contoso Contoso.com, NAmerica.Contoso.com Contoso, . , , , Sales.NAmerica.Contoso.com. 2-6 -- Contoso.

Sales.NAmerica.Contoso.com . 2-6.-

Contoso

, Active Directory , Active Directory . , . , , . , . ,

, . . DNS, . 3. , (forest root domain), . Contoso, Contoso.com, , , , Fabrikam.com. , Fabrikam, Fabrikam. 2-7 Contoso .

SaJes.NAmerica.Contoso.com

Sales. Europe.Fabrikam.. com .2-7. Contoso

. Active Directory. . :

. . , .

. , . , Active Directory (Echange Server 2000 ISA).

GC. . , UPN.

. (security groups). , . Schema Admins , , Enterprise Admins( ) , , . Enterprise Admins Administrators () .

. , . .

2-8 Contoso.

. , (, ) . , , Active Directory. , , . , :

; ; ;

.

. , , NAmerica.Contoso.com Contoso.com, NAmerica.Contoso.com Contoso.com. NAmerica.Contoso.com Contoso.com, . , Contoso.com - ( ), NAmerica.Contoso.com. - , (tree root). -- NAmerica.Contoso.com Contoso.com. - , , Contoso.com Fabrikam.com. . , . Contoso.com NAmerica.Contoso.com Europe.Contoso.com Contoso.com, , Europe.Contoso.com NAmerica.Contoso.com. NAmerica. Contoso.com , Europe.Contoso.com, . . NAmerica.Contoso.com Contoso.com, Contoso.com Fabrikam.com. NAmerica.Contoso.com Fabrikam.com .

, , . , , . - , . (shortcut trusts). , , . Contoso, 2-9.

Sales. Euro pe. Contoso. com Research. NAmerica.Con toso.com. 2-9. Contoso

Sales.Europe.Contoso.com Research.NAmerica.Contoso.com, Sales.Europe.Contoso.com , , . , . , Sales.Europe.Contoso.com Research.NAmerica.Contoso.com , . 2-10 . , , .( , ).

Windows Server 2003. . , , . , , UPN.

. , Forest 1 Forest2, Forest2 Forest3, Forestl Forest3.

, . , GC, . , .

. , .

2-11 Contoso.

Conlo50.com NWTrades.comV, HWTradersEu rope.Contoso.com N Ann e rica. Contoso.com Contoso

. 2-11. Contoso Contoso.com NWTraders.com,

(RealmTrusts). Windows Server 2003 Windows- Kerberos v5. Kerberos , - , Kerberos. Kerberos--, Kerberos v5. , .

Active Directory, , . , , , . , . Active Directory. Active Directory . , , . (IP), (LAN) (WAN), WAN-. , , . Windows Server 2003 .

. , , GC-. , , . , . , . ( 4 .)

. Windows Server 2003 , Windows 2000 Microsoft Windows XP Professional, , , . 3 , (SRV), . , DNS-. , . Windows 2000 native () Windows Server 2003, GC . GC-, . ( . 3.)

. , Windows NT 4 SP6a, Active Directory, Directory Services Client ( ), http://www.microsoft.com/ windows2000/server/evaluation/news/bulletins/ adextension.asp. , Windows 95 Windows 98, Directory Services Client - Windows Server 2000.

, . , , , . , (DFS -Distributed File System), . DFS , , DFS- , WAN-, .

Windows Server 2003 . ActiveDirectory Windows Server 2003, , Default First Site Name ( ), , . , IP. , Windows Server 2003, , , IP- . Active DirectorySites And Services (Active Directory: ). , . , , . , , - .. IP-, , Default First SiteName. , Windows Server 2003, . , Active Directory. , . 2-12 , Seattle : Contoso.com NAmerica.Contoso.com. NWTraders.com .

. . 3 DNS . 4 , . 5 Active Directory.

Active Directory Windows Server 2003 , . Active Directory, , , , , . (OU - Organizational Unit) , Active Directory. OU , , Active Directory. OU . . . . 2-13 OU Contoso.

Contoso.com

DenverOU

! __R&DOU ProductOU MarketingOU

OesiijnOUManufacturingQU. 2-13.

OU , : ; ;

SeattfeOU CalgaryOU

SalesOU

ProductOU___ I ___

; inetOrgPerson; ; ; ; .

. .

., OU. , , (, ). , , OU. OU. Windows Properties () . OU (ACL Access Control List), OU. OU ACL-. , , - ., Help Desk () OU, . HumanResources ( ) , OU, .

OU , . (, , ), OU Logon Locally ( ) OU. OU. , . OU, (group policy) . OU . Group PolicyObject Editor ( ) , . , , , . 2-3 , Group Policy Object Editor.

. 2-3.

Administrative ,templates , ( ) ,

, .

Security () ,

, , .

Software installation ( . ) Scripts () ,

, .

Folder redirection ( .) My Documents ( )

, , , .

OU. , (GPO Group PolicyObject), , , OU. . . , OU . OU . .

ActiveDirectory Windows Server 2003. , , . - Active Directory . Active Directory.

3. Active Directory Active Directory Microsoft Windows Server 2003 (DNS). DNS , Microsoft Windows2000 Microsoft Windows XP Professional , , Microsoft Exchange Server 2000, . , DNS , Windows Server 2003 . , Active Directory DNS Windows Server 2003. DNS . , Active Directory DNS, . DNS Windows Server 2003, Standard Edition; Windows Server 2003, EnterpriseEdition; Windows Server 2003, Datacenter Edition. Windows Server 2003 , Active Directory.. Windows Server 2003, Web Edition Active Directory.

DNSDNS . , , , , www.microsoft.com, IP-, 207.46.230.219. Web- Microsoft IP-. DNS . , , a DNS IP-.. Active Directory, DNS , . DNS, , - Microsoft http://msdn.microsoft.com/ library/en-us /dns/dns_concepts. asp.

DNS . 3-1 . (.). DNS, . , (generic) (com, edu, mil, net, org), (, uk, fr, br), (biz, info, pro ..), 2001 .

. 3-1. DNS

, . . . DNS-, . (FQDN Fully Qualified Domain Name), ,www.NAmerica.Contoso.com. FQDN - , DNS. , FQDN DNS, . (.), , . com , Contoso NAmerica. FQDN www - .

DNS , . , , , . , . DNS, . , DNS ( ) ( ). DNS- DNS. . . , , . DNS-cep-, . , , .DNS-, , , . , , .. , , . , , , DNS. , com, Contoso, . Contoso , Contoso.com. , DNS. , , , , DNS- . DNS- , (forwarders) , DNS- . .

DNS , IP- . (. . 3-1), , DNS ( ), - , -, www.NAmerica.Contoso.com. IP- .

1. - IP- DNS- ( DNS-

). : IP-, , , , .

2. DNS- , IP- . , , . , , DNS-, . DNS- IP-, www.NAmerica.Contoso.com.

3. , , . DNS- (referral). DNS- - IP-.

4. , Contoso.com. DNS- DNS- Contoso.com, DNS-, NAmerica.Contoso.com.

5. DNS- NAmerica.Contoso.com , DNS- IP- .

6. DNS- , -, IP- Web-.

7. www.NAmerica.Contoso.com.8. . DNS-

, . - DNS- , .

9. , DNS, (RR Resource Records). . DNS- Windows Server 2003. 3-1.

. 3-1. Windows Server2003

Start of Authority (SOA) - , , , (TTL Time to Live) (. . 3-2).Host (A) - IP-

. , DNS-cep- .

Mail Exchanger (MX) - - . -

. Name Server (NX)- . Pointer (PTR) - , IP-.

.

Canonical Name (CNAME) - . , Service Locator (SRV) IP-.- ,

. Active Directory SRV .

. 3-2. SOA Contoso.com

. 3-2 SOA DNS. DNS . , Webl.Contoso.com Webl.Contoso.com IN A192.168.1.100.

DNS-, DNS , DNS.

, , . , , DNS, . , Contoso.com. , DNS, .. . DNS- , DNS DNS-. DNS. DNS. DNS: . IP-. (). SOA NS, MX, CNAME SRV. , - DNS-, IP- . . , IP- , . SOA NS, - PTR. PTR

, . . . 3-1. . , IP- , , . , , IP- . , 192.168.1.0, L168.192.in-addr.arpa. in-addr.arpa DNS . , . (150.38.0.0), 38.150.in-addr.arpa.

(Primary Name Server) , ( - primary zone). , DNS- , - . , , .

(Secondary Name Server) , . . DNS , .. DNS . Request forComment 1995 ( ) , (incremental zone transfers), , . Request for Comment1996. , , . , SOA .. DNS- Windows Server 2003 , . (integrated) Active Directory, Active Directory.

- , (caching-only). , , . , . , DNS . , DNS- , . DNS-, ( -1 ). , DNS- .. DNS- Windows Server 2003, , , (caching-only) . , .

DNS, (zones ofauthority) (authoritative) .

. , DNS- Contoso.com, . DNS-. DNS- , 3-3. DNS-, Contoso.com. DNS1 Webl.Contoso.com, a DNS2-cepBep . DNS1, IP- Webl. DNS2 IP- Webl, , . DNS2 Contoso.com, DNS1. , , .

. , DNS-, , - DNS DNS ( . 3-3). DNS1 , DNS2 - . DNS2

DNS- , DNS1 SRV- Active Directory. (Contoso.com), . DNS-. DNS-, , , - -, . DNS- , , , , . DNS. , www.Contoso.com, , -, -. DNS1. , -.

Web1 .Contoso.com www.Contoso.com. 3-3. DNS-

DNS , . , , , Contoso.com, corn- , Contoso.com. (delegation records). , . , 3-4 , DNSl.Contoso.com Contoso.com. DNS2 DNS3 NAmerica.Contoso.com. DNS1 NAmerica.Contoso.com, . DNS1 , DNS2 DNS3 . DNS1, NAmerica.Contoso.com, .

DNS . DNS , DNS-. DNS- , . , DNS- Contoso.com. , Fabrikam.com(. . 3-1), DNS- Contoso.com - .

. (forwarder) - DNS-, DNS-, . , Contoso.com Fabrikam.com. DNS- Contoso , , . . DNS-, . IP-

. , DNS- , . DNS- , DNS-, .

. 3-4.

3-5. DNS- DNS-, -. DNS- , ,

IP-.

'

DNS 1

3 . 3-5.

, DNS- , , . DNS- Windows Server 2003, , . - , . DNS- DNS, , . , , .. , DNS- , Cache.dns, DNS-. DNS- , DNS-, . DNS- Windows Server 2003 , . , . , DNS-cep- , . DNS-, . , Do Not Use Recursion For This Domain (He ) Forwarders () Properties() DNS-. DNS- - , .

, DNS- , . , .. DNS Windows Server 2003 . .

DNS DNS , . RFC 2136 DNS-. RFC 2136 , DNS- , . DNS (DDNS). DNS- Windows Server 2003 DNS. Windows 2000 Windows XP Professional, Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003,Standard Edition; Windows Server 2003, Enterprise Edition Windows Server 2003, Datacenter Edition DNS. Windows 2000 WindowsServer 2003 SRV- DNS-, . DNS- Windows Server 2003 (DHCP). DHCP- Windows Server 2003 DNS- , Microsoft Windows 95, Microsoft Windows 98, MicrosoftWindows Me Microsoft Windows NT. DNS . - , DNS, , , DNS, . DNS Windows Server 2003 . Active Directory. , DNS-. Authenticated Users( ) DNS. , ACL (ACL - Access Control List) DNS-. DNS , DNS. , Active Directory Windows Server 2003 SRV- , DNS-Windows Server 2003.

DNS Active Directory Windows Server 2003Active Directory DNS. , Windows 2000 Windows XP Professional . DNS , Active Directory, . ,Exchange Server 2000 Active Directory, , Exchange Server 2000, , Exchange Server 2000.. , Windows 95, Windows 98, Windows Me Windows NT DNS Windows Server 2003. NetBIOS, Windows (WINS - Windows Internet Naming Service) - NetBIOS IP-. Windows Server 2003 , NetBIOS WINS.

DNS Locator DNS Locator ( DNS) Active Directory, DNS , . , .. Windows NT NetBIOS. NetBIOS Domainname WINS. , , . , . SRV Windows Server 2003 ,

Windows 2000 Windows XP Professional. SRV Windows Server 2003.

DNS, ActiveDirectory , Active Directory (service locator) SRV. SRV - DNS-, RFC 2782, TCP/IP-. , Active Directory, , SRV (. . 3-2). _ldap._tcp.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com

. 3-2. SRV

_tcpcontoso.com

600

(TTL -Time toLive) IN SRV 0

, . _kerberos, _kpassword _gc., . TCP (UDP). , .

( ).

DNS- . SRV.

. SRV- , , . . SRV- , , .

389 , . dc2.contoso.co , ,

m .

, , (LDAP) Contoso.com, dc2.contoso.com. Windows Server 2003 SRV- DNS. , .

contoso.com. 600 IN A 192.168.1.201_ldap._tcp.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com._ldap._tcp.Default-First-Site-Name._sites.contoso.com. 600 IN SRV 0 100 389dc2.contoso.com._ldap._tcp.pdc._msdcs.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com._ldap._tcp.gc._msdcs.contoso.com. 600 IN SRVO 100 3268 dc2.contoso.com._ldap._tcp. Default-First-Site-Name._sites._gc._msdcs.contoso.com. 600 IN SRV 0

_ldap

100

100 3268 dc2.contoso.com._ldap._tcp.64c228cd-5f07-4606-b843-d4fd114264b7.domains._msdcs.contoso.com.600 IN SRV 0 100 389 dc2.contoso.com.gc._msdcs.contoso.com. 600 IN A 192.168.1.201175170ad-0263-439f-bb4c-89eacc410ab1._msdcs.contoso.com. 600 IN CNAMEdc2.contoso.com._kerberos._tcp.dc._msdcs.contoso.com. 600 IN SRVO 100 88 dc2.contoso.com._kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.contoso.com. 600 INSRV 0 100 88 dc2.contoso.com._ldap._tcp.dc._msdcs.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com._ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.contoso.com. 600 IN SRV 0100 389 dc2.contoso.com._kerberos._tcp.contoso.com. 600 IN SRV 0 100 88 dc2.contoso.com._kerberos._tcp.Default-First-Site-Name._sites.contoso.com. 600 IN SRV 0 100 88dc2.contoso.com._gc._tcp.contoso.com. 600 IN SRV 0 100 3268 dc2.contoso.com._gc._tcp.Default-First-Site-Name._sites.contoso.com. 600 IN SRVO 100 3268dl2.contoso.com._kerberos._udp.contoso.com. 600 IN SRV 0 100 88 dc2.contoso.com._kpasswd._tcp.contoso.com. 600 IN SRV 0 100 464 dc2.contoso.com._kpasswd._udp.contoso.com. 600 IN SRV 0 100 464 dc2.contoso.com.DomainDnsZones.contoso.com. 600 IN A 192.168.1.201_ldap._tcp.DomainDnsZones.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com._ldap._lcp.Default-First-Site-Name._sites.DomainDnsZones.contoso.com. 600 INSRV 0 100 389 dc2.contoso.com.ForestDnsZones.contoso.com. 600 IN A 192.168.1.201_ldap._tcp.ForestDnsZones.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com._ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.contoso.com. 600 INSRV 0 100 389 dc2.contoso.com.

. Windows Server 2003, Netlogon.dns, %systemroot%\system32\config. DNS-, DNS. SRV- , SRV. :

_ldap Active Directory , LDAP-, , LDAP-. _ldap SRV LDAP , . Windows Server 2003 LDAP-;

_kerberos - Windows 2000 Windows XP Professional. SRV- _kerberos (KDC - Key Distribution Centers) . Windows Server 2003 KDC-;

_kpassword kerberos ( Windows Server 2003 kerberos);

_gc - , ActiveDirectory. ActiveDirectory.

SRV- , 3-2. Active Directory IP-, . , , , . , , . , , , . SRV- _msdcs, . , SRV, , Microsoft. , LDAP kerberos-cep- , Microsoft. SRV DNS. Windows Server 2003 (generic)

(, _ldap._tcp.contoso.com), , _msdcs. , Microsoft, .. Windows Server 2003 Windows 2000. : gc ( ), dc ( ) pdc ( ). (GUID -globally unique identifier) . GUID .. , - ForestDnsZones DomainDnsZones. .

Active Directory , Windows Server 2003, ( ) , . , , Windows 2000 Windows XP Professional, . , .

1. (RPC) , . RPC-, , , , Net Logon ( ).

2. (domain locator), API- DsGetDcName (), , 3-3.

. 3-3. DsGetDcName DsGetDcName DNS

DS_PDC_REQUIRED _ldap._tcp.pdc._msdcs.domainnameDS_GC_SERVER_REQUIRED _ldap._tcp.sitename._sites.gc.

_msdcs.Forestrootdomainname

DS_KDC_REQUIRED _kdc._tcp.sitename._sites.dc._msdcs.domainname

DS_ONLY_LDAP_NEEDED _ldap._tcp.sitename._sites._msdcs.domainname

. DsGetDcName sitename. , DS_PDC_REQUIRED, , . DNS- , . , DS_KDC_REQUIRED , _kdc._tcp.dc._msdcs.forestrootdomain. , , DNS. DomainGUID DsGetDcName (). _ldap._tcp.domainGUID.domains._msdcs.forestname. , .

3. DNS , . LDAP , UDP- 389 , . 0,1 , , . , .

4. , , , . , .

, , Active Directory, .

, Active Directory, . , , , . , ? -, Active Directory, . IP-, , . Active Directory, IP- IP- . , . . (, ), . DNS- , . IP- , , . . , Active Directory, .

Active Directory DNS Windows Server2003 (integrated zones) Active Directory. Active Directory .

DNS-, Active Directory. .

Active Directory. Active Directory, Active Directory. , , . , . Active Directory DNS.

DNS- . Active Directory DNS . , , . Active Directory DNS- , . DNS.

. Active Directory, , . , , Active Directory. Active Directory DNS Windows Server 2003, .. Active Directory ., , . DNS- , DNS , Windows Server 2003, DNS.

ActiveDirectory. Active Directory, DNS Active Directory(. . 3-6). Microsoft (MMC -Microsoft ManagementConsole) , Active Directory Users And Computers ( Active Directory) . Active Directory UsersAnd Computers ( Active Directory) View (), Advanced Features ( ). , System (), - Microsof tDNS. Active Directory .

. DNS

DNSWindows Server2003

, , ,

Active Directory

Windows 2000 Advanced Server. ; , (dedicated) (. . 3-7). .

3ontoso.com Fabticam.com TaiispinToys.com WingtipToys.cor. 3-7. Active Directory

, . , . , - Contoso.com Fabrikam.com, DNS- Contoso.

. 3-6. Active Directory

Fabrikam, , . DNS- Contoso DNS- Fabrikam, . TailspinToys.com . DNS Windows 2000 (. ), .

DNS .

DNS DNS-- , DNS , DNS . , DNS , .

. Windows Server 2003 . , (stub zones) .

DNS DNS, , Windows 2000. Windows Server 2003 , , DNS. (. ) DNS , Windows Server 2003.

(conditional forwarding) . Windows Server 2003 , . - , , . , . : DNS-cep- DNS, ., , , . . . , . , . , DNS . Windows Server 2003 DNS , DNS . DNS , , . , Contoso.com Fabrikam.com, DNS- Contoso.com. DNS- , , , . , . Fabrikam.com, DNS- Contoso.com DNS. Fabrikam.com, DNS Contoso.com, , -

, .. , DNS- , . DNS- , . Properties () DNS (. . 3-8). . DNS , DNS- DNS- . -, Forwarders (), DNS- , DNS-. , , , DNS, All Other DNS Domains ( DNS).

DNS- . -, , Fabrikam.com Europe.Fabrikam.com, Webl.Europe.Fabrikam.com, DNS- DNS- Europe.Fabrikam.com.

(stub zones) - DNS Windows Server 2003. . . IP- .

, , . , SOA, NS () , . . DNS- , . . DNS- . , , .. (. . 3-9). NAmerica.Contoso.com IP- SAmerica.Contoso.com DNS NAmerica. Contoso.com , .

. 3-8.

, . DNS Contoso.com , DNS- NAmerica. Contoso.com . IP- SAmerica.Contoso.com NAmerica. Contoso.com. NAmerica.Contoso.com DNS SAmerica. Contoso.com IP-, . , DNS- NAmerica. Contoso.com DNS . , SAmerica.Contoso.com. , , SAmerica. Contoso.com. . , . , . DNS . - DNS , DNS- , .

. , IP- . ,, ,

. , . Contoso.com, NAmerica.Contoso.com DNS Contoso.com. Contoso.com, . , . DNS Contoso.com , , . , New Zone Wizard ( ) DNS. Forward LookupZones ( ) Reverse Lookup Zones ( )) New Zone ( ). (. . 3-10).

NAmerica.Contoso.com SAmerica.Contoso.com. 3-9. DNS

. 3-10.

DNS, , .DNS Active Directory Windows Server 2003 DNS . DNS, , Active Directory . DomainDnsZones ForestDnsZones. ( Active Directory, ADSI Edit Ldp.exe; ADSI Edit 3-11.) . DomainDnsZones DNS, . ForestDnsZones DNS, . DNS , .. . DNS (. . 3-12) Zone Properties ( ) DNS. DNS.

All DNS Servers In The Active Directory Forest domainname (Ha DNS Active Directory). ForestDnsZones, DNS . _msdcs Active Directory.

. 3-11. DNS ADSI Edit

All DNS Servers In The Active Directory Domain domainname (Ha DNS Active Directory). DomamDnsZones, DNS, . , Active Directory, . All Domain Controllers In The Active Directory Domain domainname ( Active Directory).

, . ,

, DomamDnsZones , DNS.

All Domain Controllers Specified In The Scope Of The Following Application DirectoryPartition (

). , .

DNS , .

. DNS , DNS .

DNS , , .

DNS DNSCMD. DNS DNS Create Default Application Directory Partitions

( ). DNSCMD dnscmd DN S

servername/CreateBuiltin-DirectoryPartitions /forest. ForestDnsZones. DomainDnsZones, /domain

. Active Directory, Enterprise Admins

( ).. 3-12. DNS

. , DNS, DomainDnsZones , DNS. _msdcs , Active Directory , ForestDnsZones.

.

DNS Windows Server 2003. Windows Server 2003. DNS. , DNS , DNS Active Directory. , Active Directory SRV DNS, . , DNS Windows Server 2003.

4. Active Directory , Active Directory Microsoft Windows Server 2003, . . (WAN). , - . , , . , . , , . ActiveDirectory , . Active Directory. , , , .

Active Directory 2 , Active Directory . . , , . , . , , . , Active Directory. , MicrosoftWindows NT, Active Directory . Windows NT (PDC Primary Domain Controller) , . , (BDC Backup Domain Controllers). , . (, ) PDC, , . PDC , , , PDC. , PDC . , , BDC- PDC. ActiveDirectory , .. , PDC . , . , , . , . . 2 , Active Directory , . , . , Active Directory, , . ,

, , . , , . , .. , , . (store and forward). , , . , , , WAN-. . , , . , , , .

Active Directory WindowsServer 2003 Active Directory Windows Server 2003, , , Microsoft Windows 2000, .

, . Windows 2000 . . . , , . Active Directory Windows Server 2003 , , , .

, 5000 . Windows 2000 5000 - , . 5000 . , . Active Directory Windows Server 2003 , , .

. , (interim) Windows Server 2003. Windows Server 2003 , Windows Server 2003. Windows Server 2003 , , Windows Server 2003 Windows NT. . . 7.

. Active Directory Windows 2000, ActiveDirectory Windows Server 2003. . ActiveDirectory Windows Server 2003 .

. , . Active Directory Windows Server 2003 , . , - (bridgehead server) , , - , . , .

. , ADSI Edit Options () - (site link object) - (connection object).

, Options () ; , .

. Windows 2000 100 . , (Knowledge Consistency Checker ), . Active Directory Windows Server 2003 .

Active Directory , . , , . , . .. Microsoft Exchange Server 5.5 , . Active Directory Exchange Server 5.5.

,.. , . .

, ActiveDirectory. 15 , , . 3 , . 15 , . Windows 2000 Windows Server 2003 ( Resource Kits ). Windows Server 2003 , ADSI Edit.

. , . . .

, -. - , . (RPC). - , . , .

. ; .

. - Active Directory Sites AndServices ( Active Directory), (,

) ( Resource Kits ) Partition (), Windows Server 2003. .

, , - . .

, , . , , . , . , , . , , , .

10 - 15 , 32 . ,- .

. .

, , (IP) (SMTP). , , , .

, -. - ( ) , - . - .

, .

. Active Directory , , . , , , 5.

Active Directory Windows Server 2003 , , , . (replicationlatency). , . , , , 15 . 15 , . 15- , , , . , 45 . . , . ,

, -, - . - -, , , . 3 . , 3 . - , . . , 15 ( ). . , , 45 . WAN- , , .

, , , . Active Directory (urgent replication), . , , . , . .

. . (RID)

. (LSA - Local Security Authority),

, . . . . , PDC-. - . , , RPC- PDC--. PDC- . , , , , PDC-, , .

Active Directory . Active Directory. , , , .

(Knowledge ConsistencyChecker) (Knowledge Consistency Checker) , , . Active Directory ,

, , . , , . , . , , . 15 . ActiveDirectory Sites And Services ( Active Directory). , , NTDS Settings( NTDS) , All Tasks ( ), Check Replication Topology ( ).

(connection object), Active Directory. , . , , . , . pull () , pull-, - - . , .. Replication Monitor ( ) push () . pull-. ( , .) , , , . , , , . , , , . , . : , , .

, - , - . , , . , , 15 . ( 4-1.) , () (GUID). .

. 4-1.

, . , . . , . , . , , .

ActiveDirectory. (spanning tree), . , , , . , , . , . spanning tree . , . . Active Directory . , Active Directory . , , . , Active Directory . ActiveDirectory, KCC . . 4-2 .

. 4-2.

(. . 4-2), . , . , - . . -. , (hop). , . , 4-3 . , , , .

. , ., ,

. , 4-4. (. . 4-4) , . 4-1.

. 4-1. ,

, .

DCl.Contoso.com, DC2.Contoso.com,DC3.Contoso.com, DC4.Contoso.com.

. 4-3. ,

Contoso.com

DC5.Fabrikam.com, DC6.Fabrikam.com.

DCl.Contoso.com,DC4.Contoso.com,

DC5.Fabrikam.com. DC2.Contoso.com, DC6. Fabrikam.com.1.AppPartitionl

.

. 4-4. ,

. DNS (ForestDnsZones DomainDnsZones) . , 4-4 . 3 , , . 4-4 GC. GC . Replication Monitor( ). , - Windows Server 2003. , Suptools.msi Support\Tools- Windows Server 2003. , Run() replmon. 4-5 , .

Fabrikam.com (GC)

. 4-5.

- , , . , . , , . 4-5 DCl.Contoso.com DC4.Fabrikam.com. . , . Show ReplicationTopologies ( ). View (), ConnectionObjects Only ( ), Properties (). Inbound Replication Connections ( ) , , . 4-6, ( Fabrikam.com), . , , , .

. 4-6. ,

, . GC . , GC . GC , , isMemberOfPartialAttributesSet true (). , GC , GC. GC- GC- . 4-7 , ; . DCl.Contoso.com . GC- Contoso.com, GC- Contoso.com . Fabrikam.com , DCl.Contoso.com GC- Fabrikam.com DC2.Fabrikam.com. Fabrikam.com , DC2.Fabrikam.com DCl.Contoso.com. GC- DCl.Contoso.com.

4-8 GC . ,

GC-.DCl.Contoso.com

DC2.Contoso.com, DC4.Fabrikam.com DC6.NWTraders.com. DCl.Contoso.com. GC-

. 4-7.

. , GC GC .

, . , , - , . , . , , . , , . , , . , , , .

, , . (ISTG - Inter-Site Topology Generator) . ISTG- , ,

. ISTG . .

- (bridgehead server) , . - - . , .

- . -, .

ISTG , . ISTG , . , ISTG - . ISTG , -. -

. 4-8. GC-

- , . 4-9 , . . , , GC- . , , GC, . -, . - Contoso.com. - Fabrikam.com. , 4-9, DCl.Contoso.com DC6.Fabrikam.com GC-. , - GC- . , .. Active Directory. , . .

Active Directory.

. ,

, ,

, .

Active Directory, . - (originating update). , . - (replicated update). , , , . , , , ,

. 4-9.

. , Active Directory, . Active Directory :

Active Directory ; Active Directory ; .

, ;

Active Directory . , .

Active Directory . , , , .

, . , , 15 . , , . , . . Active Directory , . , , , . Active Directory (USN -update sequence number), (high-watermark value), (up-to-datenessvectors) (change stamps). .

, . (USN update sequence number) . , USN 5555, , , USN 5556. USN . (, , ), USN. USN . -, USN , . USN . -, USN uSNChanged . USN . . , , USN, 5556. USN, uSNChanged 5556. , , , USN uSNChanged 5557. USN 5556, USN . USN uSNChanged , . USN USN . ,

. , USN USN. , USN , . USN uSNChanged , USN , . USN , .

(high-watermark values) , . . - uSNChanged, . , uSNChanged . . . , - -. - - , uSNChanged.. .

(up-to-dateness vectors) , . , - . , DC1, USN, 5556. DC2, USN . , GUID DC1 . DC2 , , , , DC1, 5556. . - -, . - , -. , . , , , DC3, , DC1, DC2, DC3. DC3 DC2 , , , , DC1, USN 5556. 15 DC2 DC3, . DC3 DC2, . DC2 , DC3 DC1 USN. , , DC2 DC3 . , , . , - . , , , . , , . , ,

.

USN USN (update sequence number) , Windows Server 2003. USN , USN (time stamp) Repadmin. ( Repadmin .) repadmin/showmeta object distinguished name ( ) . uSNCreated uSNChanged ADSI Edit . Ldp.exe, , , Advanced (), Replication Metadata (-). USN (. . 4-10). , Show Attribute Meta-Data For Active Directory Object ( Active Directory). (credentials) Active Directory, . USN- . USN Active Directory Users AndComputers, Advanced Features ( ) View (), Object () Properties () . . , , - . , , , - , - .

. 4-10. - )

Replication Monitor (

, , (change stamp). , , . , . , ,

. . . ,

. , 1, . , 1. , .

. , . , , .

(Originating server). GUID , .

. , . , , . .

1. . . 3, - 4, 4.

2. . , .

3. GXJID . , GUID , . , , GUID. GUID , a GUID .

. , , . . -, . ( , , .) -, , , , , . , . , , Active Directory, . Active Directory , , . , .

, . , (OU) Accounting (). OU Accounting. , , Active Directory LostAndFound.

(relativedistinguished name) . , BDiaz OU Accounting, ,

, OU OU. , , , GUID, . , GUID, , GUID BDiaz#CNF:userGUID, (#) . , .

Active Directory , . , . - (tombstone). - , isDeleted true (), . , GUID, SID, USN , .- . , , , . - , - (tombstone lifetime). -, 60 , . - (garbage collection). , , 12 . 12 , -, . 1 , Active Directory Windows Server 2003 Active Directory. (lingering object) , , -. Repadmin. . - ADSI Edit Ldp.exe. CN=Directory Service,CN=WindowsNT,CN=Services,CN = Configuration, DC=ForestRootDomain. garbageCollPeriod tombstoneLifetime . .

Active Directory , , WAN-. , .

. , , - , . 5

. Active Directory,

. 2, Active Directory ,

. ActiveDirectory , ,

.

Active Directory, Default-First-Site-Name ( ). , . , . Active DirectorySites And Services ( Active Directory). , Sites (), New Site ( ). LinkName ( ) , . IP Active Directory. Subnets () Active Directory Sites And Services . , , GC-. , Servers () Move (). , . , , IP IP- . , .

Active Directory, , (SiteLinks). Active Directory DEFAULTIPSITELINK. , , . WAN- , . , . . - , . ISTG. ISTG. , ISTG , ActiveDirectory . .

(Cost) - , . , . , , .. . .

(Replication schedule) , . 24 . , .

(Replication interval) - , - - . 180 . . , 22:00 5:00 , - 3 .

(Replication transports). RPC IP, SMTP.

. . , .

, , , 4-11.

Active Directory Windows Server 2003 (transitive) . 4-11, Sitel Site2 Site4, a Site2

Site3 Site5. - , Sitel Site3 Site5.

, . , . ,

4-11, Sitel Site5: Site2, Site4. Site2 - 300 (100

+ 200), Site4 700 (500 + 200). , Site 2, .

,

., Site1 Site3 24:00 4:00( ) 60 (

Site2-Site3).. , - . , Sitel-Site2 2:00 6:00, Site2-Site3 22:00 1:00, Sitel Site3 . Sitel Site2, Site2 Site3. , , Site2 2:00, Site3 22:00.

(site link bridges). , , -. , , .. (-, , ). , ,

. 4-11.

, , . .

. 5 , .

, . , , ; , , . , , , Site1, Site2, Site4 Site5. , , - Sitel - Site5. Site2 Site3 , . Site3 Site2, . , Bridge All Site Links ( ) General () IP-Properties ( IP). IP Inter-Site Transports ( ) Active Directory Sites And Services. , , , .

Active Directory Windows Server 2003 . RPC IP .

RPC no IP. ,.. . RPC- (dynamic portmapping). RPC- RPC (RPCendpoint mapper port) (IP 135). , - .

. , , . , DWORD :HKEY_LO-CAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\ Parameters\TCP/IP Port. RPC no IP . RPC-

, , , .

. RPC IP Active Directory Sites And Services, , - . RPC no IP RPC, a RPC no IP IP. SMTP . SMTP

, . SMTP , .. . SMTP . -, SMTP , . SMTP , GC. , SMTP, SMTP (IIS) , SMTP . , Microsoft CertificateAuthority (MCA) ( ). SMTP, .

- , -. (ISTG - Inter-Site Topology Generator) - . , -, Replication Monitor( ). , , Show Bridgehead Servers ( -). -: , , . - Repadmin. repadmin/bridgeheads. , -. - , . - Active Directory Sites And Services, , Properties () (. .4-12). (preferred)- SMTP IP.

- , - , . , -, - , . , Contoso.com, Fabrikam.com, GC , , , . , ISTG ,

- . -, ISTG - . - ISTG -, .. , . - , ISTG -, , -. - , ISTG -,

. 4-12. -

-.. - , , . - , , .

, , Replication Monitor ( ). Suptools.msi Support\Tools - WindowsServer 2003. Replication Monitor, replmon. . Edit , . , Active Directory. , , ; ; . , . - Repadmin. Suptools.msi. , repadmin. Repadmin -, Replication Monitor, . Repadmin , . . Replication Monitor Repadmin, Help And Support Center ( ). Support Tasks ( ) Tools (), WindowsSupport Tools ( Windows). , , , . Help And Support Center. . -Event Viewer ( ). Directory Service ( ) , . , , , , . Performance() , , . , NTDS Performance. , , Active Directory.. Active Directory , , - DNS. DNS .

Active Directory Windows Server 2003 , . , . :

Active Directory , , , .

II. ActiveDirectory Windows Server 2003 I , Active Directory Microsoft Windows Server 2003. II Active Directory. Active Directory . , , (OU) , . 5 . Active Directory, . 6 , ActiveDirectory. , Active Directory Windows Server 2003, Microsoft Windows NT 4. Active Directory Windows Server 2003 Windows NT, 7.

5. ActiveDirectory Active Directory Microsoft Windows Server 2003 . Active Directory , . Active Directory . , . , , Active Directory Windows Server 2003. , , . , , , . . . , (OU) , .. Active Directory Windows Server 2003 Active Directory MicrosoftWindows 2000. Windows Server 2003 Windows2000, Active Directory . , Active Directory Windows 2000, Active Directory Microsoft Windows NT 4 .

, , - . - Active Directory , . , , . , , :

. . - ActiveDirectory Active Directory , . - , (IT), , . . , , . , , . , . , .

Active Directory Active Directory , . . . Active Directory, , . , . . (GC). GC

, .

. . , ActiveDirectory, , .

. . , .

. Microsoft Exchange Server 2000. Exchange Server 2000. Exchange Server 2000 , . (GAL - Global Address List) GC. Exchange Server 2000 . , . , . Active Directory , , , . .

. . , . , , . , , , , , , . , . .

. , . , , , Schema Admins( ). , , - Enterprise Admins ( ). Enterprise Admins Administrators() . . , Windows NT 4, .

. , .

. . , , , . , .

, , .

, , , - . , . - , . . , . . GC, , . Active Directory . , , ,, . , .

. , , . , .

. , - . .

. , , , .

, . .

. , , . ,

, .

. . , . . , , , , , , . , , . . , ,, . , - . , , , . , , , .

. . .

, . , , .

. - . GC- , , GC.

, , . . - , .

. - , . Active Directory , (, , ) ( , ..) , , OU. . , , Enterprise Admins( ) . , , , . , , .

Active Directory . , . OU OU. Active Directory . , . , Active Directory. Enterprise Admins Administrators . Domain Admins( ) Administrators . , , . , . , , . . , . (SID) , , Enterprise Admins, , , ., Directory Services Restore ( ), Active Directory , . , , , . , . , . , . . , . , , , . .

, . Domain Admins ( ), Administrators (), Server Operators( ) Backup Operators ( ). , , .

, .

, . , , . .

, , . , . Schema Admins ( ), Enterprise Admins( ) Domain Admins ( ) , , . , , ., Schema Admins , Schema Admins , . . , . , , , , , . . , .. , . , , .

. , . : (, , ). , . , , . , . , . , . , Active Directory. , Active Directory . , .

, . , , , . .

Active Directory . Active Directory.

. , Sysvol . ( , GC) , .

. . , , .

. . , , Kerberos, .

, . , . .

Active Directory Windows Server 2003 , Windows NT. - Windows NT Active Directory. , WindowsNT, Windows Server 2003. , Windows NT.

. Active Directory Active Directory , . , Active Directory, ActiveDirectory. Windows NT 4, Active Directory Windows Server 2003. Active Directory. , Active Directory, . , ActiveDirectory, . , , . , , . . Active Directory, Active Directory, ,

. , - . Active Directory: . , , , ,, . , , Active Directory . , , . , . , . OU

. Active Directory, . , , Active Directory . Windows NT , . Active Directory OU , . , , OU . . , . , . . Sysvol . , . . , .

, . .

. , , . ( ).

, . , .

, (SMTP), . , SMTP.

, Kerberos .

, . .

, .

. . . , ., , . - , .

, Active Directory , ( ). (dedicated root domain) -, . , , . 5-1. , , . - ActiveDirectory. ( Enterprise Admins Schema Admins) ( ). , , , , , . , , , .

, , . ,

. , .

.

. 5-1.

. , (generic) . , , . , , , . , . , . , . , . ,, Restricted Group ( ) Domain Security Policy ( ) . DNS , . - , DNS , .

, , DNS . , . - Windows NT, Windows Server 2003 . Windows NT, , , . . , . 5-2 , . Active Directory, . . Active Directory , Active Directory. , , Active Directory. . , Exchange Server 5.5. ExchangeServer 2000 Active Directory. , Exchange Server 5.5, , Exchange . 5-3 , Windows NT4.

:

^=2.

. 5-2. Windows NT

, . , . , , , . , , , , , , . , , , . , , , .

. , , .. .

, . 5-3. Windows NT 4 Active Directory Windows Server 2003

. , . , , , . . , GC . DNS DNS. (conditional forwarders) (stub zones) Windows Server 2003 . , , , , , (shortcut trusts) . . - Active Directory -, . - , . , , . , , , . , , 5-4. Asia.Fab-rikam.com Canada.NAmerica.Contoso.com Contoso.com, . NAmerica, Contoso, Fabrikam , , Asia. . , Canada Asia, Asia . . , . , , , .

. 5-4.

, . Windows Server 2003 , Windows Server 2003. , . , , . , , . - Active Directory (ADMT - Active Directory Migration Tool v.2) . ADMT /I386/ADMT - Windows Server 2003.

, Active Directory, . , .. , . , , . . .

. , Kerberos.

Group Policy ( ) . OU.

OU- . OU- OU OU.

. ( , ..), OU.

. , , . , .

DNS , DNS . Active DirectoryWindows Server 2003 DNS, DNS. , , Active Directory . DNS. DNS, , , DNS- Windows Server 2003 DNS.

DNS DNS DNS. DNS Active Directory DNS. DNS, DNS- Active Directory DNS WindowsServer 2003. Active Directory , DNS, , . DNS, .

DNS- , . , , .

, . .com, .net .org. .

DNS. DNS-, (DNS- Windows, BIND - Berkeley Internet Name Domain LucentVitalQIP). , DNS , .

DNS, Active Directory.

DNS , , , DNS , . , .

DNS , . DNS- . , 5-5 , Contoso Contoso.com , .

. 5-5. DNS. , , DNS . DNS- , , , ( DNS - DDNS). , , . , , SMTP, Web- . , DNS- . , . . SMTP (UPN) -. , , ( ). , DNS-. . DNS . DNS, DNS , . . , - , , , -.

.

., Contoso.com Contoso.net ADContoso.com (. . 5-6). . , , . , Contoso.com , Contoso.net, ADContoso.com AD.Contoso.com . AD.Contoso.com DNS, , .

. 5-6. , ,

, . , DNS . , DNS . , . , , , .

, DNS, DNS. DNS ( Windows NT), , Active Directory, . DNS , DNS . DNS , , , DNS. , (. . 5-7).

. 5-7. DNS DNS

. , , . , -, . ; , , , SMTP . , . , . , , . , Contoso Contoso.net Contoso.com . , . SMTP [email protected], - - Contoso.com. , UPN [email protected], .

5-7 , DNS . DNS-Contoso.com (authoritative) NAmerica.Contoso.com Europe.Contoso.com, Fabrikam.com. DNS- Fabrikam.com Contoso.com. , , , . DNS , DNS. . DNS Active Directory, ., Contoso Contoso.net , DNS- BIND DNS. Contoso.net Active Directory DNS ( , SRV- ). , DNS DNS-, Windows Server 2003. DNS-. DNS .. DNS . , DNS- DNS-. . , . , DNS- . DNS DNS- Active Directory. , Contoso Contoso.net DNS Active Directory, AD.Contoso.net (. . 5-8). DNS- AD.Contoso.net NAmerica.AD. Contoso.net Europe.AD.Contoso.net. DNS- DNS-, Contoso.net, DNS-. DNS- Active Directory, . DNS Active Directory . , Contoso AD.Contoso.net Active Directory (. . 5-9). DNS- Contoso.net AD.Contoso.net. DNS-AD.Contoso.net , DNS- Contoso.net. DNS, - , , DNS . , 5-10 , , , Contoso.net Fabrikam.net . Active Directory, , NWTraders.net. DNS- DNS .

. 5-8. DNS

. 5-9. DNS

DNS Active Directory. 5-10 AD.Contoso.net Active Directory NAmerica.AD.Contoso.net Europe.AD.Contoso.net AD.Fabrikam.net NWTraders.net, Active Directory.

. 5-10. DNS

DNS DNS. DNS UNIX DNS . DNS DNS- BIND, UNIX-. Windows NT NetBIOS Windows (WINS), DNS, Windows- DNS. ActiveDirectory Windows 2000 Windows Server 2003. 3 , WindowsServer 2003 DNS , . Active Directory DNS. DNS , Windows Server 2003. DNS Active Directory DNS. , BIND DNS. , DNS- Microsoft Active Directory DNS. , , . DNS - SRV. , , , DNS (, IP

DNS) (incremental) . BIND DNS, BIND 8.1.2 SRV . BIND 8.2.1 . BIND, DNS- BIND. ( DNS- Lucent VitalQIP, 5.2 BIND8.2.2.)

. DNS , DNS- Windows Server 2003 DNS- Microsoft, . DNS- BIND, DNS- , DNS Microsoft. , DNS Microsoft. : , DNS-. DNS- SRV, Active Directory Windows Server 2003 DNS. , DNS . , Active Directory. : DNS- , ActiveDirectory?. , , . , : DNS- ?. Windows Server 2003 , Active Directory. DNS- DNS. Active Directory .

DNS- BIND, - .

DNS DNS- Microsoft DNS- BIND .

, DNS- , , .

DNS Windows Server 2003 BIND DNS. DNS- BIND . , Contoso BIND

Contoso.com. Active Directory DNS- Windows Server 2003, .

Contoso Contoso.com DNS- Active Directory, DNS- Windows Server 2003 DNS BIND . DNS- Windows Server 2003

DNS- BIND.. DNS- BIND DNS- WindowsServer 2003 . DNS- , . Active Directory, DNS-BIND . ActiveDirectory . Contoso Active Directory, , , DNS- BIND. , Contoso.net DNS- Active Directory. DNS- Windows Server2003 Contoso.net, BIND -

Contoso.com. DNS- Windows Server 2003 DNS- BIND Contoso.com. Active Directory AD.Contoso.com . DNS- BIND Contoso.com , AD.Contoso.com DNS Windows Server2003. DNS Windows Server 2003 , DNS- BIND.. , DNS, DNS. DNS-, , : BIND WindowsServer 2003. DNS Windows Server 2003 DNS, DNS BIND Active Directory.

, OU . 2 , OU . .

Active Directory Windows NT , .. . , . OU Active Directory - . OU, . OU, . , . OU, (Group Policy), . , . , , OU, , OU . .

OU DNS. OU DNS. , OU=ManagersOU,OU=AdministrationOU,DC=Contoso, DC=Com. Contoso.com DNS--, LDAP- DNS OU.

. Group Policy ( ), OU, OU. .

0U . Active Directory, GC-. OU, Active Directory.

Active Directory, , OU . OU

Move () .

OU OU . .

. OU . , . , ., . OU . - OU. , OU, , . , OU . (IT). , -- . OU, 1-, .

OU, OU . , Windows NT Active Directory