tailieuqtm(lt)

Ti li u tham kh o

Qu n tr m ng phin b n server 2003

Lu hnh n i b1

Ti li u tham kh o


BI BI 1GI I THI U V CI T WINDOWS SERVER 2003

Tm t tM c tiu Cc m c chnh Bi t p b t bu c Bi t p lm thmQu n tr

K t thc bi h c ny I. T ng quan v h h cung c p h c vin ki n Windows Server 2003. th c v h h cch th c ci ng i u hnh II. Chu n b ci t Server III. Ci t t IV. T Windows Server 2003, Server 2003.

i u hnh D a vo bi t p D a vo bi t p mn Qu n tr m ng mn Server m ng 2003. t. t Windows Windows Windows

Server 2003.

t Windows Server 2003 ng ha qu trnh ci

b ng tay v ci

2

Ti li u tham kh o


I. T NG QUAN V HNh chng ta bi t h h

H

I U HNH WINDOWS SERVER 2003

i u hnh Windows 2000 Server c 3 phin b n chnh l: Windows 2000 n khi h Server 2003 ra i th

Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server. V i m i phin b n Microsoft b sung cc tnh nng m r ng cho t ng lo i d ch v . Mircosoft cng d a trn tnh nng c a t ng phin b n phn lo i do c r t nhi u phin b n c a

h Server 2003 c tung ra th tr ng. Nhng 4 phin b n c s d ng r ng ri nh t l: Windows Server 2003 Standard Edition, Enterprise Edition, Datacenter Edition, Web Edition. So v i cc phin b n 2000 th h h - Kh nng k t chm cc Server RAM (hot swap). - Windows Server 2003 h tr h WinXP. - Tnh nng c b n c a Mail Server c tnh h p s n: mua Exchange s n vo Windows Server 2003 i v i cc cng ty nh khng chi ph xy d ng Mail Server th c th s d ng d ch v POP3 v SMTP tch h p lm m t h th ng mail n gi n ph c v cho cng ty. i u hnh WinXP t t hn nh: hi u c chnh sch nhm (group y cc tnh nng ch y trn policy) c thi t l p trong WinXP, c b cng c qu n tr m ng i u hnh Server phin b n 2003 c nh ng c tnh m i sau: t nng san s t i (Network Load Balancing Clusters) v ci

- Cung c p mi n ph h c s d li u thu g n MSDE (Mircosoft Database Engine) c c t xn t SQL Server 2000. Tuy MSDE khng c cng c qu n tr nhng n cng gip ch cho cc cng ty nh tri n khai c cc ng d ng lin quan mua b n SQL Server. - NAT Traversal h tr IPSec l m t c i ti n m i trn mi tr ng 2003 ny, n cho php cc my bn trong m ng n i b th c hi n cc k t n i peer-to-peer l cc thng tin c truy n gi a cc my ny c th n cc my bn ngoi Internet, c bi t c m ha hon ton. xa thng qua cng c Network ng n c s d li u m khng ph i t n chi ph nhi u

- B sung thm tnh nng NetBIOS over TCP/IP cho d ch v RRAS (Routing and Remote Access). Tnh nng ny cho php b n duy t cc my tnh trong m ng Neighborhood. - Phin b n Active Directory 1.1 ra i cho php chng ta y quy n gi a cc g c r ng v i nhau th i vi c backup d li u c a Active Directory cng d dng hn. - H tr t t hn cng tc qu n tr t xa do Windows 2003 c i ti n RDP (Remote Desktop Protocol) c th truy n trn ng truy n 40Kbps. Web Admin cng ra t xa thng qua m t d ch v Web m t cch tr c quan v d dng. - H tr mi tr ng qu n tr Server thng qua dng l nh phong ph hn - Cc Cluster NTFS c kch th c b t k khc v i Windows 2000 Server ch h tr 4KB. - Cho php t o nhi u g c DFS (Distributed File System) trn cng m t Server. i gip ng i dng qu n tr Server

II. CHU N B CIHo ch nh v chu n b Tr c khi ci

T WINDOWS SERVER 2003y l y u t quan tr ng quy t nh qu trnh ci c th ci t. t c trn tru hay khng. t thnh cng v b n c c ln k ho ch cho vi c nng c p

t, b n ph i bi t c nh ng g c n c

t t c nh ng thng tin c n thi t

cung c p cho qu trnh ci3

Ti li u tham kh o


ho c ci m i cc Server b n nn tham kh o cc h ng d n t Microsoft Windows Server 2003 Deployment Kit . Cc thng tin c n bi t tr c khi nng c p ho c ci m i h - Ph n c ng p ng c yu c u c a Windows Server 2003. - Lm sao bi t c ph n c ng c a h th ng c c Windows Server 2003 h tr hay khng. t m i v cch nng c p (upgrade). t no thch h p v i h th ng c a b n, ch ng h n nh chi n l c chia partition - i m khc bi t gi a cch ci - Nh ng l a ch n ci i u hnh:

a, v b n s s d ng h th ng t p tin no

1. Yu c u ph n c ngYu c u ph n c ng t i thi u v i Windows Server 2003 phin b n Standard * CPU speed: 133MHz (550MHz recommended) * RAM: 128MB (256MB recommended; 4GB maximum on Standard Server) * Disk space for setup: 1.5GB * CD-ROM drive: 12X * Super VGA capable of providing 800 x 600 resolution

2. Tng thch ph n c ngM t b c quan tr ng tr c khi nng c p ho c ci c a my tnh hi n t i c tng thch v i s n ph m h trang Web Catalog. N u ch y chng trnh ki m tra t \i386\winnt32 /checkupgradeonly. t m i Server c a b n l ki m tra xem ph n c ng i u hnh trong h Windows Server 2003. B n a CD, t i d u nh c l nh b n nh p:

c th lm vi c ny b ng cch ch y chng trnh ki m tra tng thch c s n trong a CD ho c t

3. Citr ng

t m i ho c nng c png t t, cc ng d ng v d li u quan i u hnh Server ng th i gi t ng d ng l i. y i u hnh u lu tr trn Server ny, nhng theo yu c u chng ta ph i nng c p h tm ih i u hnh r i sau c u hnh v ci

Trong m t s tr ng h p h th ng Server chng ta ang ho t

hi n t i thnh Windows Server 2003. Chng ta c n xem xt nn nng c p h l i cc ng d ng v d li u hay ci l v n c n xem xt v l a ch n cho h p l.

Cc i m c n xem xt khi nng c p: - V i nng c p (upgrade) th vi c c u hnh Server n gi n, cc thng tin c a b n c gi l i nh: ng i dng (users), c u hnh (settings), nhm (groups), quy n h th ng (rights), v quy n truy c p (permissions) - V i nng c p b n khng c n ci l i cc ng d ng, nhng n u c s thay c n backup d li u tr c khi nng c p. - Tr c khi nng c p b n c n xem h - Trong m t s tr ng h p i u hnh hi n t i c n m trong danh sch cc h i u hnh h tr nng c p thnh Windows Server 2003 khng ? c bi t nh b n c n nng c p m t my tnh ang lm ch c nng Domain Controller ho c nng c p m t my tnh ang c cc ph n m m quan tr ng th b n nn tham kh o thm thng tin h ng d n c a Microsoft ch a trong th m c \Docs trn a CD Windows Server 2003 Enterprise.4

il nv

a c ng th b n

Ti li u tham kh o


Cc h

i u hnh cho php nng c p thnh Windows Server 2003 Enterprise Edition:

- Windows NT Server 4.0 v i Service Pack 5 ho c l n hn. - Windows NT Server 4.0, Terminal Server Edition, v i Service Pack 5 ho c l n hn. - Windows NT Server 4.0, Enterprise Edition, v i Service Pack 5 ho c l n hn. - Windows 2000 Server. - Windows 2000 Advanced Server. - Windows Server 2003, Standard Edition.

4. Phn chiay u t sau:

aa v t l thnh cc partition logic. Khi chia partition, b n ph i quan tm cc i u hnh, cc

y l vi c phn chia

- L ng khng gian c n c p pht: b n ph i bi t c khng gian chi m d ng b i h chng trnh ng d ng, cc d li u c v s p pht sinh. - Partition system v boot: khi ci t Windows 2003 Server s c lu

hai v tr l partition ng nh, a. Theo m c

system v partition boot. Partition system l ni ch a cc t p tin gip cho vi c kh i Windows 2003 Server. Cc t p tin ny khng chi m nhi u khng gian partition active c a my tnh s boot l ni ch a cc t p tin c a h WINDOWS. Tuy nhin b n c th ch partition ny nh nh t l 1,5 GB. - C u hnh a i u hnh. Theo m c c ch n lm partition system, v n th ng l nh th m c khc trong qu trnh ci

a C:. Partition ngh

nh cc t p tin ny lu trong th m c t. Microsoft

c bi t: Windows 2003 Server h tr nhi u c u hnh a khc nhau. Cc l a ch n c nh chia partition tr c khi ci ci t, b n c th s d ng

th l volume simple, spanned, striped, mirrored ho c l RAID-5. - Ti n ch phn chia partition: n u b n C th ban nhi u chng trnh ti n ch khc nhau, ch ng h n nh FDISK ho c PowerQuest Partition Magic. u b n ch c n t o m t partition t Windows 2003 Server, sau s d ng cng c Disk Management t o thm cc partition khc.

5. Ch n h th ng t p tinB n c th ch n s d ng m t trong ba lo i h th ng t p tin sau: - FAT16 (file allocation table): l h th ng c s d ng ph bi n trn cc h Windows 3.x. C nh c i m l partition b gi i h n b o m t nh NTFS. - FAT32: c a ra nm 1996 theo b n Windows 95 OEM Service Release 2 (OSR2). C nhi u u i m hn FAT16 nh: h tr partition l n n 2TB; c cc tnh nng dung l i v s d ng khng gian a c ng hi u qu hn do gi m kch th c cluster. Tuy nhin FAT32 l i c nh c i m l khng cung c p cc tnh nng b o m t nh NTFS. - NTFS: l h th ng t p tin c s d ng trn cc h ch m t.5

i u hnh DOS v

kch th c 2GB v khng c cc tnh nng

i u hnh Windows NT, Windows 2000, c i m sau:

Windows 2003. Windows 2000, Windows 2003 s d ng NTFS phin b n 5. C cc

nh kh nng an ton cho t ng t p tin, th m c; nn d li u, tng khng gian lu tr ; c th ch

nh h n ng ch s d ng a cho t ng ng i dng; c th m ho cc t p tin, nng cao kh nng b o

Ti li u tham kh o


6. Ch n ch

s

d ng gi y phpgi y php sau y: gi y php ny, chng ta ph i xc nh s l ng gi y ng th i c a i s l ng k t n i gi y

B n ch n m t trong hai ch s l ng Client nh t php t i th i i m ci cc Client

- Per server licensing: l l a ch n t t nh t trong tr ng h p m ng ch c m t Server v ph c cho m t nh. Khi ch n ch th i u hnh. S l ng gi y php ty thu c vo s k t n i

n Server. Tuy nhin, trong qu trnh s d ng chng ta c th thay

ng th i cho ph h p v i tnh hnh hi n t i c a m ng. - Per Seat licensing: l l a ch n t t nh t trong tr ng h p m ng c nhi u Server. Trong ch php ny th m i Client ch c n m t gi y php duy nh t gi i h n s l ng k t n i ng th i n Server. truy xu t n t t c cc Server v khng

7. Ch n phng n k t n i m ng7.1 Cc giao th c k t n i m ng Windows 2003 m c nh ch ci m t giao th c TCP/IP, cn nh ng giao th c cn l i nh IPX, t sau n u c n thi t. Ring giao th c NetBEUI, Windows t m ch cung c p km theo a CD-ROM ci t AppleTalk l nh ng ty ch n c th ci

2003 khng a vo trong cc ty ch n ci

Windows 2003 v c lu trong th m c \VALUEADD\MSFT\NET\NETBEUI. 7.2 Thnh vin trong Workgroup ho c Domain N u my tnh c a b n n m trong m t m ng nh , phn tn ho c cc my tnh khng c n i m ng v i nhau, b n c th ch n cho my tnh lm thnh vin c a workgroup, n gi n b n ch c n cho bi t tn workgroup l xong. N u h th ng m ng c a b n lm vi c theo c ch qu n l t p trung, trn m ng c m t vi my Windows 2000 Server ho c Windows 2003 Server s d ng Active Directory th b n c th ch n cho my tnh tham gia domain ny. Trong tr ng h p ny, b n ph i cho bi t tn chnh xc c a domain cng v i ti kho n (g m c username v password) c a m t ng i dng c quy n b sung thm my tnh vo domain. V d nh ti kho n c a ng i qu n tr m ng (Administrator). Cc thi t l p v ngn ng v cc gi tr c c b . Windows 2003 Server h tr r t nhi u ngn ng , b n c th ch n ngn ng c a mnh n u c h tr . Cc gi tr local g m c h th ng s , n v ti n t , cch hi n th th i gian, ngy thng.

III. CI

T WINDOWS SERVER 2003

1. Giai o n PreinstallationSau khi ki m tra v ch c ch n r ng my c a mnh h i Server, b n ph i ch n m t trong cc cch sau y 1.1 Ci tt h i u hnh khc i u hnh v b n mu n nng c p ln Windows 2003 Server ho c ng b ng h i u hnh c s n ny, sau ng kp, u tin b n cho my tnh kh i b t cc i u ki n u qu trnh ci t. ci t Windows 2003

N u my tnh c a b n c m t h l b n mu n kh i Tu theo h ti n hnh qu trnh ci

t Windows 2003 Server.

i u hnh ang s d ng l g, b n c th s d ng hai l nh sau trong th m c I386:6

Ti li u tham kh o


- WINNT32.EXE n u l Windows 9x ho c Windows NT. - WINNT.EXE n u l h 1.2 Ci t tr c ti p t i u hnh khc. a CD Windows 2003 ng t a CD, b n ch c n tt t a CD vo ng a v kh i u tin l nh thi t b kh i

N u my tnh c a b n h tr tnh nng kh i a CDROM. Khi my tnh kh i nh ng h ng d n trn mn hnh 1.3 Ci

ng l i my tnh. Lu l b n ph i c u hnh CMOS Setup, ch ng ln th qu trnh ci ci t Windows 2003. m ng

ng thi hnh, sau lm theo

t Windows 2003 Server t

c th ci - Kh i

t theo ki u ny, b n ph i c m t Server phn ph i t p tin, ch a b ngu n ci nh ci t. t. i u hnh ang s d ng trn my.

t

Windows 2003 Server v chia s th m c ny. Sau ti n hnh theo cc b c sau: ng my tnh - K t n i vo my Server v truy c p vo th m c chia s ch a b ngu n ci - Thi hnh l nh WINNT.EXE ho c WINNT32.EXE tu theo h - Th c hi n theo h ng d n c a chng trnh ci t.

2. Giai o n Text-Based SetupTrong qu trnh ci t nn ch n cc thng tin h ng d n c th kh i ng t thanh tr ng thi. Giai o n Text-based setup di n ra m t s b c nh sau: (1) C u hnh BIOS c a my tnh (2) a a ci (3) Khi my kh i (4) N u my c (5) Trnh ci (6) Nh n Enter ng t a CD-ROM ng l i my. t Windows 2003 Server vo b t a CD-ROM v kh i t. a . t.

a CD-ROM s xu t hi n m t thng bo Press any key to continue u qu trnh ci ch Driver c a

yu c u nh n m t phm b t k

a SCSI th ph i nh n phm F6 b t u ci t.

t ti n hnh chp cc t p tin v driver c n thi t cho qu trnh ci

(7) Nh n phm F8 chng trnh ci

ch p nh n th a thu n b n quy n v ti p t c qu trnh ci t k t thc.

t. N u nh n ESC, th

7

Ti li u tham kh o


(8) Ch n m t vng tr ng trn

a v nh n phm C

t o m t Partition m i ch a h

i u hnh.

(9) Nh p vo kch th c c a Partition m i v nh n Enter.

(10) Ch n Partition v a t o v nh n Enter

ti p t c.

8

Ti li u tham kh o


(11) Ch n ki u h th ng t p tin (FAT hay NTFS)

nh d ng cho partition. Nh n Enter

ti p t c.

(12) Trnh ci

t s chp cc t p tin c a h

i u hnh vo partition ch n.

(13) Kh i

ng l i h th ng

b t

u giai o n Graphical Based. Trong khi kh i

ng, khng nh n

b t k phm no khi h th ng yu c u Press any key to continue

3. Giai o n Graphical-Based Setup(1) B t th ng. u giai o n Graphical, trnh ci t s ci driver cho cc thi t b m n tm th y trong h

9

Ti li u tham kh o


(2) T i h p tho i Regional and Language Options, cho php ch n cc ty ch n lin quan ng , s nh n Next m, n v ti n t , ti p t c. nh d ng ngy thng nm,.Sau khi thay

n ngn

i cc ty ch n ph h p,

(3) T i h p tho i Personalize Your Software, i n tn ng i s d ng v tn t ch c. Nh n Next.

10

Ti li u tham kh o


(4) T i h p tho i Your Product Key, i n vo 25 s CD-Key vo 5 tr ng bn d i. Nh n Next.

(5) T i h p tho i Licensing Mode, ch n ch tnh hnh th c t c a m i h th ng m ng.

b n quy n l Per Server ho c Per Seat ty thu c vo

(6) T i h p tho i Computer Name and Administrator Password, i n vo tn c a Server v Password c a ng i qu n tr (Administrator).

11

Ti li u tham kh o


(7) T i h p tho i Date and Time Settings, thay

i ngy, thng, v mi gi (Time zone) cho thch h p

(8) T i h p tho i Networking Settings, ch n Custom settings giao th c TCP/IP. Cc thng s ny c th thay

thay

i cc thng s t hon t t.

i l i sau khi qu trnh ci

(9) T i h p tho i Workgroup or Computer Domain, ty ch n gia nh p Server vo m t Workgroup hay m t Domain c s n. N u mu n gia nh p vo Domain th nh vo tn Domain vo bn d i.

(10) Sau khi chp

y

cc t p tin, qu trnh ci

t k t thc12

Ti li u tham kh o


IV. TN ub nd

NG HA QU TRNH CInh ci th

Tn t ng

i u hnh Windows 2003 Server trn nhi u my tnh, b n c th ng ho qu trnh ci

my v t tay th c hi n qu trnh ci

t nh h ng d n. Tuy nhin, ch c ch n cng vi c ny s v t s gip cng vi c c a tt ng. t

cng nhm chn v khng hi u qu . Lc ny vi c t

b n tr nn n gi n, hi u qu v t t n km hn. C nhi u phng php h tr vi c ci

Ch ng h n, b n c th s d ng phng php dng nh a (disk image) ho c phng php ci khng c n theo di (unattended installation) thng qua m t k ch b n (script) hay t p tin tr l i.

1. Gi i thi u k ch b n ciK ch b n ci nh: tn my, CD-Key,.

tth i t c th nh tr c. c hi u cc n i dung trong k ch b n th n ph i t o ra c cc k ch b n ci n qu trnh t t, c th dng ng ha ci

t l m t t p tin vn b n c n i dung tr l i tr c t t c cc cu h i m trnh ci trnh ci

c t o ra theo m t c u trc c quy

b t k chng trnh so n th o vn b n no, ch ng h n nh Notepad. Tuy nhin, k ch b n l m t t p tin c c u trc nn trong qu trnh so n th o c th x y ra cc sai st d n (setupmgr.exe) ng hi u qu hn. gip cho vi c t o ra k ch b n ci t khng di n ra theo mu n. Do , Microsoft t o ra m t ti n ch c tn l Setup Manager t c d dng hn. Sau khi c c k ch b n, s d ng k ch b n vo qu trnh ci tt c th s d ng Notepad thm, s a l i m t s thng tin

2. T

ng ha dng tham bi n dng l nht Windows 2003 Server, ngoi cch kh i ng v ci tr c ti p t a CD-ROM, i u hnh DOS, t.

Khi ti n hnh ci

cn c th dng m t trong hai l nh sau: winnt.exe dng v i cc my ang ch y h windows 3.x ho c Windows for workgroup; winnt32.exe khi my ang ch y h 9x, Windows NT ho c m i hn. Hai l nh trn c Sau y l c php ci ngha cc tham s : /s Ch r v tr /t H ng chng trnh ci ch /u Ci /s. /udf Ch nh tn c a Server v t p tin c s d li u ch a tn, cc thng tin t khng c n theo di v i m t t p tin tr l i t nh, trnh ci t t th m c t m vo m t nh. a v ci Windows vo t c a b ngu n ci t (th m c I386). ng d n ph i l d ng y t t 2 l nh trn: t trong th m c I386 c a a ci

i u hnh Windows

winnt [/s:[sourcepath]] [/t:[tempdrive]] [/u:[answer_file]] [/udf:id [,UDB_file]]

, v d : e:\i386

ho c \\server\i386. Gi tr m c

nh l th m c hi n hnh. a . N u khng

t s t xc

ng (k ch b n). N u s d ng /u th ph i s d ng

c trng cho m i my

(unattend.udf). winnt32 [/checkupgradeonly] [/s:sourcepath] [/tempdrive:drive_letter:] [/unattend[num]:[answer_file]] [/udf:id [,UDB_file]]13

Ti li u tham kh o


ngha c a cc tham s : /checkupgradeonly Ki m tra xem my c tng thch /tempdrive Tng t nh tham s /t /unattend Tng t nh tham s /u nng c p v ci t Windows 2003 Server hay khng?

3. S

d ng Setup Manager

t o ra t p tin tr l it khng c n t, m c t trong t p tin Deploy.Cab.

Setup Manager l m t ti n ch gip cho vi c t o cc t p tin tr l i s d ng trong ci theo di. Theo m c Windows 2003. T o t p tin tr l i t 2003. ng b ng Setup Manager: (1) Gi i nn t p tin Deploy.cab c lu trong th m c Support\Tools trn a ci nh, Setup Manager khng c ci Ch c th ch y ti n ch Setup Manager trn cc h

i u hnh Windows 2000, Windows XP,

t Windows

(2) Thi hnh t p tin Setupmgr.exe (3) H p tho i Setup Manager xu t hi n, nh n Next ti p t c.

14

Ti li u tham kh o


(4) Xu t hi n h p tho i New or Existing Answer File. H p tho i ny cho php b n ch m t t p tin s n c. B n ch n Create new v nh n Next.

nh t o ra

m t t p tin tr l i m i, m t t p tin tr l i ph n nh c u hnh c a my tnh hi n hnh ho c l ch nh s a

(5) Ti p theo l h p tho i Type of Setup. Ch n Unattended Setup v ch n Next.

15

Ti li u tham kh o


(6) Trong h p tho i Product, ch n h

i u hnh ci

t s d ng t p tin tr l i t

ng. Ch n

Windows Server 2003, Enterprise Edition, nh n Next.

(7) T i h p tho i User Interaction, ch n m c Fully Automated, nh n Next.

tng tc v i trnh ci

t c a ng i s d ng. Ch n

16

Ti li u tham kh o


(8) Xu t hi n h p tho i Distribution Share, ch n Setup from a CD, nh n Next.

(9) T i h p tho i License Agreement, nh d u vo I accept the terms of , nh n Next.

17

Ti li u tham kh o


(10) T i c a s Setup Manager, ch n m c Name and Organization. i n tn v t ch c s d ng h i u hnh. Nh n Next.

(11) Ch n m c Time Zone ch n mi gi (GMT+7:00) Bangkok, Hanoi, Jarkata. Nh n Next.

(12) T i m c Product Key, i n CD-Key vo trong 5 tr ng. Nh n Next.

18

Ti li u tham kh o


(13) T i m c Licensing Mode, ch n lo i b n quy n thch h p. Nh n Next.

(14) T i m c Computer Names, i n tn c a cc my d

nh ci

t. Nh n Next.

19

Ti li u tham kh o


(15) T i m c Administrator Password, nh p vo password c a ng i qu n tr . N u mu n m ha password th nh d u ch n vo m c Encrypt the Administrator password. Nh n Next.

(16) T i m c Network Component, c u hnh cc thng s cho giao th c TCP/IP v ci thm cc giao th c. Nh n Next.

20

Ti li u tham kh o


(17) T i m c Workgroup or Domain, gia nh p my vo Workgroup ho c Domain c s n. Nh n Next.

(18) Cu i cng, trong th m c ch i tn th cc t p tin l:

nh, Setup Manager s t o ra ba t p tin. N u b n khng thay

Unattend.txt: y l t p tin tr l i, ch a t t c cc cu tr l i m Setup Manager thu th p c Unattend.udb: y l t p tin c s d li u ch a tn cc my tnh s t o ra khi b n ch di. Unattend.bat: ch a dng l nh v i cc tham s mi tr ng ch nh v tr cc t p tin lin quan.21

c ci

t. T p tin ny ch

c

nh danh sch cc t p tin v c s d ng khi b n th c hi n ci

t khng c n theo

c thi t l p s n. T p tin ny cng thi t l p cc bi n

Ti li u tham kh o


4. S

d ng t p tin tr l is d ng cc t p tin c t o ra trong b c trn. B n c th th c hi n theo m t trong

C nhi u cch

hai cch d i y: 4.1 S d ng a CD Windows 2003 Server c th kh i S a t p tin Unattend.txt thnh WINNT.SIF v lu ln a m m. a a CD Windows 2003 Server v a m m trn vo CD l thi t b kh i ng u tin. Chng trnh ci WINNT.SIF trn a m m v ti n hnh ci 4.2 S d ng m t b ngu n ci Chuy n vo th m c I386. Tu theo h php sau: WINNT /s:e:\i386 /u:unattend.txt ho c WINNT32 /s:e:\i386 /unattend:unattend.txt N u chng trnh Setup Manager t o ra t p tin Unatend.UDB do b n nh p vo danh sch tn cc my tnh, v gi nh b n nh t tn my tnh ny l server01 th c php l nh s nh sau: WINNT /s:e:\i386 /u:unattend.txt /udf:server01,unattend.udf i u hnh ang s d ng m s d ng l nh WINNT.EXE ho c WINNT32.EXE theo c a, kh i ng l i my tnh, ng tm mb o a t trn a CD s t c t p tin ng c

t khng c n theo di.

t Windows 2003 Server t Windows 2003 Server.

Chp cc t p tin t o trong b c trn vo th m c I386 c a ngu n ci

22

Ti li u tham kh o


BI 2DOMAIN V CC V N XY D NG DOMAIN

Tm t tM c tiu Cc m c chnh Bi t p b t bu cmn Qu n tr

Bi t p lm thmmn 2003. Qu n tr

K t thc bi h c ny I. Cc m hnh m ng trong mi D a vo bi t p D a vo bi t p cung c p h c vin ki n tr ng Microsoft. th c v h th ng Active II. Active Directory. Directory trn Windows III. Ci Server 2003, cch t ch c, nng c p t o thnh Domain Controller Directory. Windows Server Windows Server

t v c u hnh Active 2003.

23

Ti li u tham kh o


I. CC M HNH M NG TRONG MI TR NG MICROSOFT 1. M hnh WorkgroupM hnh m ng workgroup cn g i l m hnh m ng peer-to-peer, l m hnh m trong cc my tnh c vai tr nh nhau c n i k t v i nhau. Cc d li u v ti nguyn c lu tr phn tn t i cc my c c b , cc my t qu n l ti nguyn c c b c a mnh. Trong h th ng m ng khng c my tnh chuyn cung c p d ch v v qu n l h th ng m ng. M hnh ny ch ph h p v i cc m ng nh , d i 10 my tnh v yu c u b o m t khng cao. ng th i trong m hnh m ng ny cc my tnh s d ng h i u hnh h tr a ng i dng lu tr thng tin ng i dng trong m t t p tin SAM (Security Accounts Manager) ngay chnh trn my tnh c c b . Thng tin ny bao g m: username (tn ng nh p), fullname, password, description T t nhin t p tin SAM ny c m ha nh m trnh ng i dng khc n c p m t kh u dng ng nh p my tnh cng do cc my tnh ny t ch ng th c. t n cng vo my tnh. Do thng tin ng i dng c lu tr c c b trn cc my tr m nn vi c ch ng th c ng i

2. M hnh DomainKhc v i m hnh Workgroup, m hnh Domain ho t ny s i u khi n ton b ho t ng theo c ch client-server, trong h th ng m ng ph i c t nh t m t my tnh lm ch c nng i u khi n vng (Domain Controller), my tnh ng c a h th ng m ng. Vi c ch ng th c ng i dng v qu n l ti nguyn m ng c t p trung l i t i cc Server trong mi n. M hnh ny c p d ng cho cc cng ty v a v l n. Trong m hnh Domain c a Windows Server 2003 th cc thng tin ng i dng c t p trung l i do d ch v Active Directory qu n l v c lu tr trn my tnh i u khi n vng (domain controller) v i tn t p tin l NTDS.DIT. T p tin c s d li u ny c xy d ng theo cng ngh tng t nh ph n m m Access c a Microsoft nn n c th lu tr hng tri u ng i dng, c i ti n hn so v i cng ngh c ch lu tr c kho ng 5 nghn ti kho n ng i dng. Do cc thng tin ng i dng c lu tr t p trung nn vi c ch ng th c ng i dng ng nh p vo m ng cng t p trung v do my i u khi n vng ch ng th c.

Hnh 2.1 : Cc b c ch ng th c khi ng i dng ng nh p24

Ti li u tham kh o


II. ACTIVE DIRECTORY 1. Gi i thi u Active DirectoryC th so snh Active Directory v i LANManager trn Windows NT 4.0. V cn b n, Active Directory l m t c s d li u c a cc ti nguyn trn m ng (cn g i l thng tin lin quan n cc i t ng) cng nh cc i t ng . Tuy v y, Active Directory khng ph i l m t khi ni m m i

b i Novell s d ng d ch v th m c (directory service) trong nhi u nm r i. M c d Windows NT 4.0 l m t h i u hnh m ng kh t t, nhng h i u hnh ny l i khng thch i v i cc h th ng m ng nh , cng c Network

h p trong cc h th ng m ng t m c x nghi p.

Neighboorhood kh ti n d ng, nhng khi dng trong h th ng m ng l n, vi c duy t v tm ki m trn m ng s l m t c m ng (v cng t hn n u b n khng bi t chnh xc tn c a my in ho c Server l g). Hn n a, v n c th qu n l c h th ng m ng l n nh v y, b n th ng ph i phn chia thnh ng d ng m i cho mi tr ng x nghi p. Lc ny, d ch v i t ng, ph c v m i tri u ng i nhi u domain v thi t l p cc m i quan h u quy n thch h p. Active Directory gi i quy t c cc nh v y v cung c p m t m c th m c trong m i domain c th lu tr hn m i tri u dng trong m i domain.

2. Ch c nng c a Active Directory- Lu gi m t danh sch t p trung cc tn ti kho n ng i dng, m t kh u tng ng v cc ti kho n my tnh. - Cung c p m t Server ng vai tr ch ng th c (authentication server) ho c Server qu n l ng nh p (logon Server), Server ny cn g i l domain controller (my i u khi n vng). - Duy tr m t b ng h ng d n ho c m t b ng ch m c (index) gip cc my tnh trong m ng c th d tm nhanh m t ti nguyn no trn cc my tnh khc trong vng. - Cho php chng ta t o ra nh ng ti kho n ng i dng v i nh ng m c quy n (rights) khc nhau nh: ton quy n trn h th ng m ng, ch c quy n backup d li u hay shutdown Server t xa - Cho php chng ta chia nh mi n c a mnh ra thnh cc mi n con (subdomain) hay cc n v t ch c OU (Organizational Unit). Sau chng ta c th qu n l t ng b ph n nh . y quy n cho cc qu n tr vin b ph n

3. Directory Services3.1 Gi i thi u Directory Services Directory Services (d ch v danh b ) l h th ng thng tin ch a trong NTDS.DIT v cc chng trnh qu n l, khai thc t p tin ny. D ch v danh b l m t d ch v c s lm n n t ng m t h th ng Active Directory. M t h th ng v i nh ng tnh nng v t tr i c a Microsoft. 3.2 Cc thnh ph n trong Directory Services u tin, b n ph i bi t c nh ng thnh ph n c u t o nn d ch v danh b l g? B n c th so snh d ch v danh b v i m t quy n s lu s a. Object ( i t ng)25

hnh thnh

i n tho i. C hai

u ch a danh sch c a nhi u i t ng .

i t ng

khc nhau cng nh cc thng tin v thu c tnh lin quan

n cc

Ti li u tham kh o


Trong h th ng c s d li u, danh b . b. Attribute (thu c tnh) M t thu c tnh m t m t m ng. Cc

i t ng bao g m cc my in, ng i dng m ng, cc server, cc my i t ng chnh l thnh t cn b n nh t c a d ch v

tr m, cc th m c dng chung, d ch v m ng,

i t ng. V d , m t kh u v tn l thu c tnh c a

i t ng ng i dng i t ng khc

i t ng khc nhau c danh sch thu c tnh khc nhau, tuy nhin, cc a ch IP.

nhau cng c th c m t s thu c tnh gi ng nhau. L y v d nh m t my in v m t my tr m c hai u c m t thu c tnh l M t schema r ng t t c cc Danh sch cc c. Schema (c u trc t ch c) nh ngha danh sch cc thu c tnh dng i t ng my in u c m t m t lo i i t ng no . V d , cho . c tnh i c. nh ngha b ng cc thu c tnh tn, lo i PDL v t c i t ng my in. Schema c i t ng c th s a nh ngha m t l p

i t ng ny hnh thnh nn schema cho l p

l tu bi n c, ngha l cc thu c tnh dng d. Container (v t ch a)

Ni tm l i Schema c th xem l m t danh b c a ci danh b Active Directory. V t ch a tng t v i khi ni m th m c trong Windows. M t th m c c th ch a cc t p tin v cc th m c khc. Trong Active Directory, m t v t ch a c th ch a cc V t ch a cng c cc thu c tnh nh no nh i t ng. C ba lo i v t ch a l: ph n sau. phn bi t gi a cc v tr c c b v cc v tr xa xi. V San Fransisco, m t chi nhnh t Denver v m t vn i t ng v cc v t ch a khc. i t ng m c d v t ch a khng th hi n m t th c th th t s

- Domain: khi ni m ny c trnh by chi ti t - Site: m t site l m t v tr. Site c dng d , cng ty XYZ c t ng hnh dinh phng i di n t th ng m ng ny c ba site. t

Portland k t n i v t ng hnh dinh b ng Dialup Networking. Nh v y h a vo ng i dng, nhm, my m

- OU (Organizational Unit): l m t lo i v t ch a m b n c th tnh v nh ng OU khc. M t OU khng th ch a cc

i t ng n m trong domain khc. Nh vi c gi m thi u s

m t OU c th ch a cc OU khc, b n c th xy d ng m t m hnh th b c c a cc v t ch a hnh ho c u trc c a m t t ch c bn trong m t domain. B n nn s d ng OU l ng domain c n ph i thi t l p trn h th ng.

e. Global Catalog- D ch v Global Catalog dng th nh v c xc nh v tr c a m t i t ng m ng i dng c c p quy n i t ng. 100ppm v c kh nng t driver cho my Seattle th sao? truy c p. Vi c tm ki m c th c hi n xa hn nh ng g c trong Windows NT v khng ch c i t ng b ng tn m c th b ng c nh ng thu c tnh c a - Gi s b n ph i in m t ti li u dy 50 trang thnh 1000 b n, ch c ch n b n s khng dng m t my in HP Laserjet 4L. B n s ph i tm m t my in chuyn d ng, in v i t c ng ti li u thnh quy n. Nh Global Catalog, b n tm ki m trn m ng m t my in v i cc thu c tnh nh v y v tm th y c m t my Xerox Docutech 6135. B n c th ci in v g i print job in gim.26

n my in. Nhng n u b n

Portland v my in th

Global Catalog s cung c p thng tin ny v b n c th g i email cho ch nhn c a my in, nh h

Ti li u tham kh o


- M t v d khc, gi s b n nh n c m t th tho i t m t ng i tn Betty Doe o n th tho i c a c ta b c t xn v b n khng th bi t c s dng Global Catalog ta. - Khi m t di chuy n i t ng c t o m i trong Active Directory, i t ng i n khu v c khc. tm thng tin v c ta nh tn, v nh b n c c s

b ph n k ton. i n tho i c a c

i n tho i c a c ta. B n c th

i t ng c gn m t con s phn bi t i t ng lun lun c nh cho d b n c

g i l GUID (Global Unique Identifier). GUID c a m t

4. Ki n trc c a Active Directory

Hnh 2.2 : Ki n trc Active Directory 4.1 Objects Tr c khi tm hi u khi ni m Object, chng ta ph i tm hi u tr c hai khi ni m Object classes v Attributes. Object classes l m t b n thi t k m u hay m t khun m u cho cc lo i Printer. Khi ni m th hai l Attributes, n c h pv im t tr i t ng c th . Nh v y Object l m t i t ng m b n c th t o ra trong Active Directory. C ba lo i object classes thng d ng l: User, Computer, nh ngha l t p cc gi tr ph h p v c k t i t ng duy nh t c nh ngha b i cc gi i t ng l: my in

c gn cho cc thu c tnh c a object classes. V d hnh sau minh h a hai

ColorPrinter1 v ng i dng KimYoshida.

27

Ti li u tham kh o


4.2 Organizational Units Organizational Unit hay OU l n v nh nh t trong h th ng AD, n c xem l m t v t ch a cc i t ng (Object) c dng s p x p cc i t ng khc nhau ph c v cho m c ch qu n tr c a nh ngha l m t ho c nhi u subnet k t n i b n. OU cng c thi t l p d a trn subnet IP v c

t t v i nhau. Vi c s d ng OU c hai cng d ng chnh sau: - Trao quy n ki m sot m t t p h p cc ti kho n ng i dng, my tnh hay cc thi t b m ng cho m t nhm ng i hay m t ph t qu n tr vin no (sub-administrator), t tr cho ng i qu n tr ton b h th ng. - Ki m sot v kha b t m t s ch c nng trn cc my tr m c a ng i dng trong OU thng qua vi c s d ng cc chng sau. i t ng chnh sch nhm (GPO), cc chnh sch nhm ny chng ta s tm hi u cc gi m b t cng tc qu n

4.3 Domain Domain l n v ch c nng nng c t c a c u trc logic Active Directory. N l phng ti n nhau t qui nh m t t p h p nh ng ng i dng, my tnh, ti nguyn chia s c nh ng qui t c b o m t gi ng gip cho vi c qu n l cc truy c p vo cc Server d dng hn. Domain p ng ba ch c nng chnh sau: - ng vai tr nh m t khu v c qu n tr (administrative boundary) cc nh ngha qu n tr cho cc sch b o m t, cc quan h y quy n v i cc domain khc. i t ng, l m t t p h p cc

i t ng chia s nh: c chung m t c s d li u th m c, cc chnh

28

Ti li u tham kh o


- Gip chng ta qu n l b o m t cc cc ti nguyn chia s .

- Cung c p cc Server d phng lm ch c nng i u khi n vng (domain controller), b o cc thng tin trn cc Server ny c c ng b v i nhau.

ng th i

m

29

Ti li u tham kh o


4.4 Domain Tree Domain Tree l c u trc bao g m nhi u domain c s p x p c c p b c theo c u trc hnh cy. Domain t o ra u tin c g i l domain root v n m g c c a cy th m c. T t c cc domain t o ra sau s n m bn d i domain root v c g i l domain con (child domain). Tn c a cc domain con ph i khc bi t nhau. Khi m t domain root v t nh t m t domain con c t o ra th hnh thnh m t cy domain. Khi ni m ny b n s th ng nghe th y khi lm vi c v i m t d ch v th m c. B n c th th y c u trc s c hnh dng c a m t cy khi c nhi u nhnh xu t hi n.

4.5 Forest Forest (r ng) c xy d ng trn m t ho c nhi u Domain Tree, ni cch khc Forest l t p h p cc Domain Tree c thi t l p quan h v y quy n cho nhau. V d gi s m t cng ty no , ch ng h n nh Microsoft, thu mua m t cng ty khc. Thng th ng, m i cng ty Tree ring v ti n qu n l, cc cy ny s u c m t h th ng Domain c h p nh t v i nhau b ng m t khi ni m l r ng.

Trong v d trn, cng ty mcmcse.com thu mua c techtutorials.com v xyzabc.com v hnh thnh r ng t g c mcmcse.com.30

Ti li u tham kh o


III. CI

T V C U HNH ACTIVE DIRECTORY

1. Nng c p Server thnh Domain Controller1.1 Gi i thi u M t khi ni m khng thay i t Windows NT 4.0 l domain. M t domain v n cn l trung tm c a m ng Windows 2000 v Windows 2003, tuy nhin l i c thi t l p khc i. Cc my i u khi n vng (domain controller DC) khng cn phn bi t l PDC (Primary Domain Controller) ho c l BDC (Backup Domain Controller). By gi , n gi n ch cn l DC. Theo m c Windows Server 2003 khi m i ci t u l Server DCPROMO chnh l Active Directory Installation Wizard v c dng thnh m t Server bnh th ng. Ch khi nng c p thnh DC. Tr c khi nng c p Server thnh Domain Controller, b n c n khai bo c bi t l ph i khai bo DNS Server c ng c l i th b n ch n ci t DNS t a ch chnh l c kh nng c u hnh d ch v DNS th b n nn ci y cc thng s TCP/IP, a ch IP c a Server c n nng c p. N u b n b n ch y chng nh, t t c cc my nng c p m t my i tn my tnh c l p (standalone server). Chng trnh

khng ph i l DC (Server Stand-alone) thnh m t my DC v ng c l i ging c p m t my DC i v i Windows Server 2003 th b n c th

t d ch v ny tr c khi nng c p Server, cn

ng trong qu trnh nng c p. C hai cch

trnh Active Directory Installation Wizard: b n dng ti n ch Manage Your Server trong Administrative Tools ho c nh p chu t vo Start \ Run, g l nh DCPROMO.

1.2 Cc b c ci

t ti p t c.

Ch n menu Start \ Run, nh p DCPROMO trong h p tho i Run, v nh n nt OK. Khi h p tho i Active Directory Installation Wizard xu t hi n. B n nh n Next

31

Ti li u tham kh o


Chng trnh xu t hi n h p tho i c nh bo: DOS, Windows 95 v WinNT SP3 tr v tr c s b lo i ra kh i mi n Active Directory d a trn Windows Server 2003. B n ch n Next ti p t c.

Trong h p tho i Domain Controller Type, ch n m c Domain Controller for a New Domain v nh n ch n Next. (N u b n mu n b sung my i u khi n vng vo m t domain c s n, b n s ch n Additional domain cotroller for an existing domain.)

32

Ti li u tham kh o


n y chng trnh cho php b n ch n m t trong ba l a ch n sau: ch n Domain in new forest n u b n mu n t o domain u tin trong m t r ng m i, ch n Child domain in an existing domain tree n u b n mu n t o ra m t domain con d a trn m t cy domain c s n, ch n Domain tree in an existing forest n u b n mu n t o ra m t cy domain m i trong m t r ng c s n.

33

Ti li u tham kh o


H p tho i New Domain Name yu c u b n tn DNS

y

c a domain m b n c n xy d ng.

H p tho i NetBIOS Domain Name, yu c u b n cho bi t tn domain theo chu n NetBIOS thch v i cc my Windows NT. Theo m c DNS, b n c th nh, tn Domain NetBIOS gi ng ph n nh. Ch n Next i sang tn khc ho c ch p nh n gi tr m c ti p t c.

tng

u c a tn Full

H p tho i Database and Log Locations cho php b n ch Directory v cc t p tin log. B n c th ch

nh v tr lu tr

database Active nh. Tuy

nh v tr khc ho c ch p nh n gi tr m c34

Ti li u tham kh o


nhin theo khuy n co c a cc nh qu n tr m ng th chng ta nn (transaction log) nh m tng hi u nng c a h th ng. B n ch n Next ti p t c.

t t p tin ch a thng tin giao d ch

m t a c ng v t l khc v i a c ng ch a c s d li u c a Active Directory

H p tho i Shared System Volume cho php b n ch ph i n m trn m t NTFS Volume. T t c d li u

nh v tr c a th m c SYSVOL. Th m c ny t trong th m c Sysvol ny s ct ng sao nh ho c ch

chp sang cc Domain Controller khc trong mi n. B n c th ch p nh n gi tr m c nh v tr khc, sau ch n Next ti p t c. (N u partition khng s d ng th y m t thng bo l i yu c u ph i i h th ng t p tin).

nh d ng NTFS, b n s

35

Ti li u tham kh o


DNS l d ch v phn gi i tn k t h p v i Active Directory Do h th ng Active Directory ho t

phn gi i tn cc my tnh trong mi n. t v c u hnh

ng c th trong mi n ph i c t nh t m t DNS Server

phn gi i mi n m chng ta c n thi t l p. Theo ng l thuy t th chng ta ph i ci ny nn chng ta ch p nh n cho h th ng t d ch v DNS t v c u hnh d ch v DNS. ng ci

d ch v DNS hon ch nh tr c khi nng c p Server, nhng do hi n t i cc b n cha h c v d ch v t d ch v ny. Chng ta s tm hi u chi ti t h th ng t ng ci bi sau. Trong h p tho i xu t hi n b n ch n l a ch n th hai

Trong h p tho i Permissions, b n ch n gi tr Permission Compatible with pre-Windows 2000 servers khi h th ng c cc Server phin b n tr c Windows 2000, ho c ch n Permissions compatible only with Windows 2000 servers or Windows Server 2003 khi h th ng c a b n ch ton cc Server Windows 2000 v Windows Server 2003.

36

Ti li u tham kh o


Trong h p tho i Directory Services Restore Mode Administrator Password, b n s ch kh u dng trong tr ng h p Server ph i kh i Nh n ch n Next ti p t c. ng vo ch

nh m t

Directory Services Restore Mode.

H p tho i Summary xu t hi n, trnh by t t c cc thng tin b n ch n. N u t t c b n nh n Next Back b t u th c hi n qu trnh ci quay l i cc b c tr c .

u chnh xc,

t, n u c thng tin khng chnh xc th b n ch n

37

Ti li u tham kh o


H p tho i Configuring Active Directory cho b n bi t qu trnh ci trnh ny s chi m nhi u th i gian. Chng trnh ci Windows Server 2003

t ang th c hi n nh ng g. Qu t

t cng yu c u b n cung c p ngu n ci

ti n hnh sao chp cc t p tin n u tm khng th y.

Sau khi qu trnh ci

t k t thc, h p tho i Completing the Active Directory Installation Wizard k t thc.

xu t hi n. B n nh n ch n Finish

Cu i cng, b n c yu c u ph i kh i B n nh n ch n nt Restart Now kh i

ng l i my th cc thng tin ci

tm ib t

u c hi u l c.

ng l i. Qu trnh thng c p k t thc.

2. Gia nh p my tr m vo Domain2.1 Gi i thi u

38

Ti li u tham kh o


M t my tr m gia nh p vo m t domain th c s l vi c t o ra m t m i quan h tin c y (trust relationship) gi a my tr m v i cc my Domain Controller trong vng. Sau khi thi t l p quan h tin c y th vi c ch ng th c ng i dng logon vo m ng trn my tr m ny s do cc my i u khi n vng m nhi m. Nhng ch vi c gia nh p m t my tr m vo mi n ph i c s ng nh p c c b ng c a ng i qu n tr m ng c p mi n v qu n tr vin c c b trn my tr m . Ni cch khc khi b n mu n gia nh p m t my tr m vo mi n, b n ph i vo my tr m v i vai tr l administrator, sau gia nh p vo mi n, h th ng s yu c u b n xc th c b ng m t ti kho n ng i dng c p mi n c quy n Add Workstation to Domain (b n c th dng tr c ti p ti kho n administrator c p mi n). 2.2 Cc b c ci ng nh p c c b administrator). Nh p ph i chu t trn bi u t ng My Computer, ch n Properties, h p tho i System Properties xu t hi n, trong Tab Computer Name, b n nh p chu t vo nt Change. H p tho i nh p li u xu t hi n b n nh p tn mi n c a m ng c n gia nh p vo m c Member of Domain. t vo my tr m v i vai tr ng i qu n tr (c th dng tr c ti p ti kho n

My tr m d a trn tn mi n m b n khai bo qu n tr .

tm

n Domain Controller g n nh t v xin gia

nh p vo m ng, Server s yu c u b n xc th c v i m t ti kho n ng i dng c p mi n c quy n

39

Ti li u tham kh o


Sau khi xc th c chnh xc v h th ng ch p nh n my tr m ny gia nh p vo mi n th h th ng xu t hi n thng bo thnh cng v yu c u b n reboot my l i ng nh p vo m ng. n y, b n th y h p tho i Log on to Windows m b n dng m i ngy c vi i u khc, l xu t hi n thm m c Log on to, v cho php b n ch n m t trong hai ph n l: NETCLASS, This Computer. B n ch n m c NETCLASS khi b n mu n ng nh p vo mi n, nh r ng lc ny b n ph i dng ti kho n ng i dng c p mi n. B n ch n m c This Computer khi b n mu n logon c c b vo my tr m no v nh dng ti kho n c c b c a my.

3. Xy d ng cc Domain Controller3.1 Gi i thi u

ng hnh

Domain Controller l my tnh i u khi n m i ho t

ng c a m ng n u my ny c s c th ton b trn th Windows

h th ng m ng b t li t. Do tnh nng quan tr ng ny nn trong m t h th ng m ng thng th ng chng ta ph i xy d ng t nh t hai my tnh Domain Controller. Nh trnh by Server 2003 khng cn phn bi t my Primary Domain Controller v Backup Domain Controller n a, m n xem hai my ny c vai tr ngang nhau, cng nhau tham gia ch ng th c ng i dng. Nh chng ta bi t, cng vi c ch ng th c ng nh p th ng c th c hi n vo vo m i bu i sng? m ng cng nhau ho t cn l i vng my i u khi n vng c t o operations). Ch m b o cc my i u khi n vng ny ho t ng chnh xc th chng ph i lin l c v trao i u gi m i bu i lm vi c, n u m ng c a b n ch c m t my i u khi n dng v 10.000 nhn vin th chuy n g s x y ra gi i quy t tr ng h p trn, Microsoft cho php cc my i u khi n vng trong ng ng th i, chia s cng vi c c a nhau, khi c m t my b s c th cc my

m nhi m lun cng vi c my ny. Do trong ti li u ny chng ti g i cc my ny l cc ng hnh. Nhng khi kh o st su v Active Directory th my i u khi n c bi t hn l FSMO (flexible single master of u tin v n c vai tr

thng tin v i nhau khi c cc thay xa ti kho n. Vi c trao

i v thng tin ng i dng nh: t o m i ti kho n, n cc server khc, t l nn

i m t kh u, n 10:1, o

i thng tin ny g i l Active Directory Replication.

c bi t cc server

Active Directory cho php nn d li u tr c khi g i

chng c th truy n trn cc ng truy n WAN ch m ch p.40

Ti li u tham kh o


Trong h th ng m ng my tnh c a chng ta n u t t c cc my i u khi n vng Server 2003 th chng ta nn chuy n mi n trong m ng ny sang c p 2003 (Windows Server 2003 functional level) Directory. 3.2 Cc b c ci t ho t

u l Windows

ng Windows Server

khai thc h t cc tnh nng m i c a Active

Ch n menu Start \ Run, nh p DCPROMO trong h p tho i Run, v nh n nt OK. Khi h p tho i Active Directory Installation Wizard xu t hi n. B n nh n Next ti p t c.

Chng trnh xu t hi n h p tho i c nh bo: DOS, Windows 95 v WinNT SP3 tr v tr c s b lo i ra kh i mi n Active Directory d a trn Windows Server 2003. B n ch n Next ti p t c.

41

Ti li u tham kh o


Trong h p tho i Domain Controller Type, ch n m c Additional domain cotroller for an existing domain v nh n ch n Next, v chng ta mu n b sung thm my i u khi n vng vo m t domain c s n.

Ti p theo h th ng yu c u b n xc th c b n ph i ng i qu n tr c p mi n th m i c quy n t o cc Domain Controller. B n nh p ti kho n ng i dng c quy n qu n tr vo h p tho i ny.

42

Ti li u tham kh o


Chng trnh yu c u b n nh p Full DNS Name c a mi n m b n c n t o thm Domain Controller.

Tng t nh qu trnh nng c p Server thnh Domain Controller trnh by theo chng ta ch m c Sysvol.

trn, cc b c ti p

nh th m c ch a c s d li u c a Active Directory, Transaction Log v th

H p tho i Summary xu t hi n, trnh by t t c cc thng tin b n ch n. N u t t c b n nh n Next Back b t u th c hi n qu trnh ci quay l i cc b c tr c .

u chnh xc,

t, n u c thng tin khng chnh xc th b n ch n

43

Ti li u tham kh o


n y h th ng s xy d ng m t Domain Controller m i v gi a hai Domain Controller ny.

ng b d li u Active Directory

Sau khi qu trnh ci

t k t thc, h p tho i Completing the Active Directory Installation Wizard k t thc.

xu t hi n. B n nh n ch n Finish

Cu i cng, b n c yu c u ph i kh i B n nh n ch n nt Restart Now ng hnh hon t t. kh i

ng l i my th cc thng tin ci

tm ib t

u c hi u l c.

ng l i. Qu trnh xy d ng thm m t Domain Controller

44

Ti li u tham kh o


4. Xy d ng SubdomainSau khi b n xy d ng Domain Controller m t g c c a r ng ho c Domain Tree th ng. u tin qu n l mi n, lc y Domain Controller ny l y b n c th t o thm cc subdomain cho h u tin, t

t o thm m t Domain Controller cho m t subdomain b n lm cc b c sau:

T i member server, b n cng ch y chng trnh Active Directory Installation Wizard, cc b c u b n cng ch n tng t nh ph n nng c p pha trn. Trong h p tho i Domain Controller Type, ch n m c Domain Controller for a New Domain v nh n ch n Next. (N u b n mu n b sung my i u khi n vng vo m t domain c s n, b n s ch n Additional domain cotroller for an existing domain.)

n y chng trnh cho php b n ch n m t trong ba l a ch n sau: ch n Domain in new forest n u b n mu n t o domain u tin trong m t r ng m i, ch n Child domain in an existing domain tree n u b n mu n t o ra m t domain con d a trn m t cy domain c s n, ch n Domain tree in an existing forest n u b n mu n t o ra m t cy domain m i trong m t r ng c s n. Trong tr ng h p ny b n c n t o m t Domain Controller cho m t Child domain, nn b n nh d u vo m c l a ch n th hai.

45

Ti li u tham kh o


t o m t child domain trong m t domain tree c s n, h th ng yu c u b n ph i xc nh n b n l ng i qu n tr c p domain tree. Trong h p tho i ny b n nh p ti kho n v m t kh u c a ng i qu n tr c p r ng v tn c a domain tree hi n t i.

Ti p theo b n nh p tn c a domain tree hi n ang c v tn c a child domain c n t o.

46

Ti li u tham kh o


Cc qu trnh ti p theo tng t nh qu trnh t o Domain Controller c a ph n trn. Cu i cng b n c th ki m tra cy DNS c a h th ng trn Server qu n l g c r ng c t o thm m t child domain khng, th ng. ng th i b n c th c u hnh thm d ch v DNS nh m ph c v t t hn cho h

5. Xy d ng Organizational UnitNh trnh by ph n l thuy t th OU l m t nhm ti kho n ng i dng, my tnh v ti nguyn a phng c bi t hn l thng qua OU chng ta c th p t cc gi i h n m ng c t o ra nh m m c ch d dng qu n l hn v y quy n cho cc qu n tr vin gi i quy t cc cng vi c n gi n. cc b c sau:47

ph n m m v gi i h n ph n c ng thng qua cc Group Policy. Mu n xy d ng m t OU b n lm theo

Ti li u tham kh o


Ch n menu Start \ Programs \ Administrative Tools \ Active Directory User and Computer, m chng trnh Active Directory User and Computer. Chng trnh m ra, b n nh p ph i chu t trn tn mi n v ch n New-Organizational Unit.

H p tho i xu t hi n, yu c u chng ta nh p tn OU c n t o, trong v d ny OU c n t o c tn l HocVien.

a cc my tr m gia nh p nh p m ng c n qu n l vo OU v a t o.

48

Ti li u tham kh o


Ti p theo b n a cc ti kho n ng i dng c n qu n l vo OU v a t o.

Sau khi a cc my tnh v ti kho n ng i dng vo OU, b c ti p theo l b n ch ra ng i no ho c nhm no s qu n l OU ny. B n nh p ph i chu t vo OU v a t o, ch n Properties, h p tho i xu t hi n, trong Tab Managed By, b n nh p chu t vo nt Change ny, trong v d ny chng ta ch n ti kho n Thanh qu n l OU. ch n ng i dng qu n l OU

49

Ti li u tham kh o


B c cu i cng ny r t quan tr ng, chng ta s tm hi u chi ti t t o m i m t GPO, sau nh p chu t vo nt Edit t o m t chnh sch c m khng cho php dng trong OU.

chng Group Policy, l thi t

l p cc Group Policy p d ng cho OU ny. B n vo Tab Group Policy, nh p chu t vo nt New hi u ch nh chnh sch. Trong v d ny chng ta a CD-ROM p d ng cho t t c cc ng i dng

50

Ti li u tham kh o


6. Cng c qu n tr cc

i t ng trong Active Directory

M t trong b n cng c qu n tr h th ng Active Directory th cng c Active Directory User and Computer l cng c quan tr ng nh t v chng ta s g p l i nhi u trong trong gio trnh ny, t ng b c ta s kh o st h t cc tnh nng trong cng c ny. Cng c ny c ch c nng t o v qu n l cc i t ng c b n c a h th ng Active Directory.

Theo hnh trn chng ta th y trong mi n netclass.edu.vn c cc m c sau: - Builtin: ch a cc nhm ng i dng c t o v - Computers: ch a cc my tr m m c nng ny nh ngha quy n s n.

nh ang l thnh vin c a mi n. B n cng c th dng tnh

ki m tra m t my tr m gia nh p vo mi n c thnh cng khng. ng trong ng hnh ki m tra vi c t o thm Domain Controller

- Domain Controllers: ch a cc i u khi n vng (Domain Controller) hi n ang ho t mi n. B n cng c th dng tnh nng ny c thnh cng khng. - ForeignSecurityPrincipals: l m t v t ch a m c - Users: ch a cc ti kho n ng i dng m c nh dnh cho cc

i t ng bn ngoi mi n ang

xem xt, t cc mi n thi t l p quan h tin c y (trusted domain). nh trn mi n.

51

Ti li u tham kh o


BI 3QU N L TI KHO N NG I DNG V NHM

Tm t tM c tiuK t thc bi h c ny cung I. c p h c vin ki n th c v

Cc m c chnh

Bi t p b t bu cmn Qu n tr Windows Server 2003.

Bi t p lm thmt p Qu n Windows Server 2003. mn tr

nh ngha ti kho n ng i dng v D a vo bi t p D a vo bi

ti kho n nhm.

ti kho n ng i dng, II. Ch ng th c v ki m sot truy c p. nhm, cc thu c tnh c a III. Cc ti kho n t o s n. ti kho n ng i dng, cc IV. Qu n l ti kho n ng i dng v nhm t o s n nhm c c b . V. Qu n l ti kho n ng i dng v nhm trn Active Directory.M c tiu Cc m c chnh Bi t p b t Bi t p lm bu c thm

52

Ti li u tham kh o


I.

NH NGHA TI KHO N NG I DNG V TI KHO N NHM

1. Ti kho n ng i dngTi kho n ng i dng (user account) l m t i t ng quan tr ng i di n cho ng i dng trn m ng, ng i dng c th ng nh p vo chng c phn bi t v i nhau thng qua chu i nh n d ng username. Chu i nh n d ng ny gip h th ng m ng phn bi t gi a ng i ny v ng i khc trn m ng t m ng v truy c p cc ti nguyn m ng m mnh c php. 1.1 Ti kho n ng i dng c c b Ti kho n ng i dng c c b (local user account) l ti kho n ng i dng c c c b v ch nh ngha trn my c php logon, truy c p cc ti nguyn trn my tnh c c b . N u mu n truy c p cc

ti nguyn trn m ng th ng i dng ny ph i ch ng th c l i v i my domain controller ho c my tnh ch a ti nguyn chia s . B n t o ti kho n ng i dng c c b v i cng c Local Users and Group trong Computer Management (COMPMGMT.MSC). Cc ti kho n c c b t o ra trn my stand-alone server, member server ho c cc my tr m SAM (Security Accounts Manager). T p tin \Windows\system32\config. u c lu tr trong t p tin c s d li u SAM ny c t trong th m c

1.2 Ti kho n ng i dng mi n Ti kho n ng i dng mi n (domain user account) l ti kho n ng i dng c ng th i v i ti kho n ny ng i dng c th truy c p nh ngha trn Active Directory v c php ng nh p (logon) vo m ng trn b t k my tr m no thu c vng. n cc ti nguyn trn m ng. B n t o ti kho n ng i dng mi n v i cng c Active Directory Users and Computer (DSA.MSC). Khc v i ti kho n ng i dng c c b , ti kho n ng i dng mi n khng ch a trong cc t p tin c s d li u SAM m ch a trong t p tin NTDS.DIT, theo m c \Windows\NTDS. nh th t p tin ny ch a trong th m c

53

Ti li u tham kh o


1.3 Yu c u v ti kho n ng i dng - M i username ph i t 1 nh ch hi u 20 k t ). - M i username l chu i duy nh t c a m i ng i dng c ngha l t t c tn c a ng i dng v nhm khng c trng nhau. - Username khng ch a cc k t sau: / \ [ ] : ; | = , + * ? < > - Trong m t username c th ch a cc k t c bi t bao g m: d u ch m cu, kho ng tr ng, d u g ch t trong n 20 k t (trn Windows Server 2003 th tn ng nh p c th di n 104 k t , tuy nhin khi ng nh p t cc my ci h i u hnh Windows NT 4.0 v tr c th m c

ngang, d u g ch d i. Tuy nhin, nn trnh cc kho ng tr ng v nh ng tn nh th ph i d u ngo c khi dng cc k ch b n hay dng l nh.

2. Ti kho n nhmTi kho n nhm (group account) l m t vi c qu n l chung cc dng c th i t ng i di n cho m t nhm ng i no , dng cho i t ng ng i dng. Vi c phn b cc ng i dng vo nhm gip chng ta

d dng c p quy n trn cc ti nguyn m ng nh th m c chia s , my in. Ch l ti kho n ng i ng nh p vo m ng nhng ti kho n nhm khng c php ng nh p m ch dng qu n l. Ti kho n nhm c chia lm hai lo i: nhm b o m t (security group) v nhm phn ph i (distribution group). 2.1 Nhm b o m t Nhm b o m t l lo i nhm c dng c p pht cc quy n h th ng (rights) v quy n truy c p u c ch nh cc SID. C (permission). Gi ng nh cc ti kho n ng i dng, cc nhm b o m t

ba lo i nhm b o m t chnh l: local, global v universal. Tuy nhin n u chng ta kh o st k th c th phn thnh b n lo i nh sau: local, domain local, global v universal.

54

Ti li u tham kh o


Local group (nhm c c b ) l lo i nhm c trn cc my stand-alone Server, member server, Win2K Pro hay WinXP. Cc nhm c c b ny ch c ngha v ph m vi ho t my ch a n thi. Domain local group (nhm c c b mi n) l lo i nhm c c b Directory chung v c sao chp c bi t v chng l local group nhng li u Active n m trn my Domain Controller. Cc my Domain Controller c m t c s d ng ngay t i trn

ng b v i nhau do m t local group trn m t Domain

Controller ny th cng s c m t trn cc Domain Controller anh em c a n, nh v y local group ny c m t trn mi n nn c g i v i ci tn nhm c c b mi n. Cc nhm trong m c Built-in c a Active Directory l cc domain local. Global group (nhm ton c c hay nhm ton m ng) l lo i nhm n m trong Active Directory v c t o trn cc Domain Controller. Chng dng c p pht nh ng quy n h th ng v quy n truy t vo trong m t nhm local c p v t qua nh ng ranh gi i c a m t mi n. M t nhm global c th cng vi c c a Global Catalog. Universal group (nhm ph qut) l lo i nhm c ch c nng gi ng nh global group nhng n dng c p quy n cho cc i t ng trn kh p cc mi n trong m t r ng v gi a cc mi n c thi t l p quan h tin c y v i nhau. Lo i nhm ny ti n l i hn hai nhm global group v local group v chng d dng l ng cc nhm vo nhau. Nhng ch l lo i nhm ny ch c th dng c khi h th ng c a b n ph i ho t ng ch Windows 2000 native functional level ho c Windows Server 2003 u ph i l Windows functional level c ngha l t t c cc my Domain Controller trong m ng Server 2003 ho c Windows 2000 Server. 2.2 Nhm phn ph i Nhm phn ph i l m t lo i nhm phi b o m t, khng c SID v khng xu t hi n trong cc ACL (Access Control List). Lo i nhm ny khng c dng b i cc nh qu n tr m c dng b i cc ph n m m v d ch v . Chng c dng 2.3 Qui t c gia nh p nhm - T t c cc nhm Domain local, Global, Universal - T t c cc nhm Domain local, Global, Universal - Nhm Global v Universal c th - Nhm Global c th t vo trong nhm Universal. u c th u c th t vo trong nhm Machine Local. t vo trong chnh lo i nhm c a mnh. phn ph i th (e-mail) ho c cc tin nh n (message). B n s g p l i lo i nhm ny khi lm vi c v i ph n m m MS Exchange.

c a cc server thnh vin trong mi n. Ch khi t o nhi u nhm global th c th lm tng t i tr ng

t vo trong nhm Domain local.

55

Ti li u tham kh o


II. CH NG TH C V KI M SOT TRUY C P 1. Cc giao th c ch ng th cCh ng th c trong Windows Server 2003 l quy trnh g m hai giai o n: ng nh p tng tc v ch ng th c m ng. Khi ng i dng ng nh p vng b ng tn v m t m, quy trnh ng nh p tng tc s ph chu n yu c u truy c p c a ng i dng. V i ti kho n c c b , thng tin ng nh p c ch ng th c c c b v ng i dng c c p quy n truy c p my tnh c c b . V i ti kho n mi n, thng tin ng nh p c ch ng th c trn Active Directory v ng i dng c quy n truy c p cc ti nguyn trn m ng. Nh v y v i ti kho n ng i dng mi n ta c th ch ng th c trn b t k my tnh no trong mi n. Windows 2003 h tr nhi u giao th c ch ng th c m ng, n i b t nh t l: - Kerberos V5: l giao th c chu n Internet dng ch ng th c ng i dng v h th ng. - NT LAN Manager (NTLM): l giao th c ch ng th c chnh c a Windows NT. - Secure Socket Layer/Transport Layer Security (SSL/TLS): l c ch ch ng th c chnh c dng khi truy c p vo my ph c v Web an ton.

2. S nh n di n b o m t SIDTuy h th ng Windows Server 2003 d a vo ti kho n ng i dng (user account) kho n c m t cc quy n h th ng (rights) v quy n truy c p (permission) nhng th c s bn trong h th ng m i ti c trng b i m t con s nh n d ng b o m t SID (Security Identifier). SID l thnh ng th i v i ti kho n v dng ring cho h n cc gi tr ny. SID bao g m ph n SID vng c ng thm ph n nh n d ng khng trng l p, c h th ng t o ra th ng x l, ng i dng khng quan tm t t c cc SID trong mi n

v i m t RID c a ng i dng khng trng l p. SID c d ng chu n S-1-5-21-D1-D2-D3-RID, khi u c cng gi tr D1, D2, D3, nhng gi tr RID l khc nhau. Hai m c ch chnh c a vi c h th ng s d ng SID l: - D dng thay i tn ti kho n ng i dng m cc quy n h th ng v quy n truy c p khng thay i.

- Khi xa m t ti kho n th SID c a ti kho n khng cn gi tr n a, n u chng ta c t o m t ti kho n m i cng tn v i ti kho n v a xa th cc quy n c cng khng s d ng c b i v khi t o ti kho n m i th gi tr SID c a ti kho n ny l m t gi tr m i

3. Ki m sot ho ttnh, cc ti nguyn m ng

ng truy c p c au c

i t ngi t ng, c ngha l ng i dng, nhm, my i t ng v c ki m sot ho t ng truy

Active Directory l d ch v ho t

ng d a trn cc

nh ngha d i d ng

c p d a vo b m t b o m t ACE. Ch c nng c a b m t b o m t bao g m: - Li t k ng i dng v nhm no c c p quy n truy c p nh r quy n truy c p cho ng i dng v nhm. i t ng. i t ng.

- Theo di cc s ki n x y ra trn nh r quy n s h u c a

i t ng.

Cc thng tin c a m t ho t

i t ng Active Directory trong b m t b o m t c xem l m c ki m sot

ng truy c p ACE (Access Control Entry). M t ACL (Access Control List) ch a nhi u ACE,

56

Ti li u tham kh o


n l danh sch t t c ng i dng v nhm c quy n truy c p

n

i t ng. ACL c

c tnh k th a,

c ngha l thnh vin c a m t nhm th c th a h ng cc quy n truy c p c p cho nhm ny.

III. CC TI KHO N T O S N 1. Ti kho n ng i dng t o s nTi kho n ng i dng t o s n (Built-in) l nh ng ti kho n ng i dng m khi ta ci Server 2003 th m c nhng v n c quy n v i vi c s n ny i tn (ch thao tc t Windows nh c t o ra. Ti kho n ny l h th ng nn chng ta khng c quy n xa i i tn trn nh ng ti kho n h th ng ph c t p m t cht so

i tn m t ti kho n bnh th ng do nh qu n tr t o ra). T t c cc ti kho n ng i dng t o u n m trong Container Users c a cng c Active Directory User and Computer. Sau y

l b ng m t cc ti kho n ng i dng c t o s n:

Tn ti kho n

M tAdministrator l m t ti kho n hi n t i. B n c th c bi t, c ton quy n trn my tnh t

t m t kh u cho ti kho n ny trong lc ci

Administrator

Windows Server 2003. Ti kho n ny c th thi hnh t t c cc tc v nh t o ti kho n ng i dng, nhm, qu n l cc t p tin h th ng v c u hnh my in Ti kho n Guest cho php ng i dng truy c p vo cc my tnh n u h

Guest

khng c m t ti kho n v m t m ring. M c v quy n, v d nh l ch L ti kho n

nh l ti kho n ny

khng c s d ng, n u c s d ng th thng th ng n b gi i h n c truy c p Internet ho c in n.

c bi t c dng cho d ch v ILS. ILS h tr cho cc c tnh nh: caller ID, video conferencing,

ILS_Anonymous_User

ng d ng i n tho i c cc c ci t.

conference calling, v faxing. Mu n s d ng ILS th d ch v IIS ph i

IUSR_computername

L ti kho n

c bi t c dng trong cc truy c p gi u tn trong d ch

v IIS trn my tnh c ci IIS. L ti kho n c bi t c dng cho IIS kh i ng cc ti n trnh c a cc

IWAM_computername

ng d ng trn my c ci IIS. L ti kho n c bi t c dng cho d ch v trung tm phn ph i kha

Krbtgt TSInternetUser

(Key Distribution Center) L ti kho n c bi t c dng cho Terminal Services.

57

Ti li u tham kh o


2. Ti kho n nhm Domain Local t o s nNhng chng ta th y trong cng c Active Directory User and Computers, container Users ch a nhm universal, nhm domain local v nhm global l do h th ng m c Nhng m t s nhm domain local c di chuy n sang cc OU khc, c bi t c nh quy nh tr c. t trong container Built-in, cc nhm ny khng nh tr c nh m c bi t ny.

ng th i n cng c gn m t s quy n c

ph c v cho cng tc qu n tr . B n cng ch r ng l khng c quy n xa cc nhm

Tn nhm

M tNhm ny m c nh c n nh s n t t c cc quy n h n cho nn thnh vin c a nhm ny c ton quy n trn h th ng m ng. Nhm Domain Admins v Enterprise Admins l thnh vin m c nh c a nhm Administrators. Thnh vin c a nhm ny c th thm, xa, s a c cc ti kho n ng i dng, ti kho n my v ti kho n nhm. Tuy nhin h khng c quy n xa, s a cc nhm trong container Built-in v OU.

Administrators

Account Operators

Nhm ny ch c trn cc Domain Controller v m c nh khng c thnh Domain Controllers vin no, thnh vin c a nhm c th ng nh p c c b vo cc Domain Controller nhng khng c quy n qu n tr cc chnh sch b o m t. Thnh vin c a nhm ny c quy n lu tr d phng (Backup) v ph c h i (Retore) h th ng t p tin. Trong tr ng h p h th ng t p tin l NTFS v h khng c gn quy n trn h th ng t p tin th thnh vin c a nhm ny ch c th truy c p h th ng t p tin thng qua cng c Backup. N u mu n truy c p tr c ti p th h ph i c gn quy n. L nhm b h n ch quy n truy c p cc ti nguyn trn m ng. Cc thnh vin nhm ny l ng i dng vng lai khng ph i l thnh vin c a m ng. M c nh cc ti kho n Guest b kha. Thnh vin c a nhm ny c quy n t o ra, qu n l v xa b cc my in dng chung trong Active Directory. i t ng

Backup Operators

Guests

Print Operator

Server Operators

Thnh vin c a nhm ny c th qu n tr cc my server trong mi n nh: ci t, qu n l my in, t o v qu n l th m c dng chung, backup d li u, nh d ng a, thay i gi M c nh m i ng i dng c t o u thu c nhm ny, nhm ny c quy n t i thi u c a m t ng i dng nn vi c truy c p r t h n ch . Nhm ny c dng h tr vi c sao chp danh b trong Directory Services, nhm ny khng c thnh vin m c nh. Thnh vin nhm ny c th t o ra cc quan h tin c y h ng vo cc r ng. Nhm ny khng c thnh vin m c nh.58

Users

Replicator Incoming Forest Trust Builders

n, m t chi u

Ti li u tham kh o


Tn nhmNetwork Configuration Operators Pre-Windows 2000 Compatible Access Remote Desktop User Performace Log Users Performace Monitor Users

M tThnh vin nhm ny c quy n s a Domain Controller trong mi n. i cc thng s TCP/IP trn cc my

Nhm ny c quy n truy c p n t t c cc ti kho n ng i dng v ti kho n nhm trong mi n, nh m h tr cho cc h th ng WinNT c. Thnh vin nhm ny c th ng nh p t xa vo cc Domain Controller trong mi n, nhm ny khng c thnh vin m c nh. Thnh vin nhm ny c quy n truy c p t xa ghi nh n l i nh ng gi tr v hi u nng c a cc my Domain Controller, nhm ny cng khng c thnh vin m c nh. Thnh vin nhm ny c kh nng gim st t xa cc my Domain Controller.

Ngoi ra cn m t s nhm khc nh DHCP Users, DHCP Administrators, DNS Administrators cc nhm ny ph c v ch y u cho cc d ch v , chng ta s tm hi u c th trong t ng d ch v cc bi sau. Ch theo m c nh hai nhm Domain Computers v Domain Controllers c dnh ring cho ti kho n my tnh, nhng b n v n c th a ti kho n ng i dng vo hai nhm ny.

3. Ti kho n nhm Global t o s n Tn nhm M tThnh vin c a nhm ny c th ton quy n qu n tr cc my tnh trong Domain Admins mi n v m c nh khi gia nh p vo mi n cc member server v cc my tr m (Win2K Pro, WinXP) a nhm Domain Admins l thnh vin c a nhm c c b Administrators trn cc my ny. Theo m c Domain Users nh m i ti kho n ng i dng trn mi n u l thnh vin c a

nhm ny. M c

nh nhm ny l thnh vin c a nhm c c b Users trn

cc my server thnh vin v my tr m. Group Policy Creator Owners Thnh vin nhm ny c quy n s a i chnh sch nhm c a mi n, theo m c

nh ti kho n administrator mi n l thnh vin c a nhm ny. y l m t nhm universal, thnh vin c a nhm ny c ton quy n trn t t

Enterprise Admins

c cc mi n trong r ng ang xt. Nhm ny ch xu t hi n trong mi n g c c a r ng thi. M c nh nhm ny l thnh vin c a nhm administrators trn cc Domain Controller trong r ng. Nhm universal ny cng ch xu t hi n trong mi n g c c a r ng, thnh vin

Schema Admins

c a nhm ny c th ch nh s a c u trc t Directory.59

ch c (schema) c a Active

Ti li u tham kh o


4. Cc nhm t o s ns n l: - Interactive: - Network: - Everyone: - System:

c bi ttrn, h th ng Windows Server 2003 cn c m t s nhm t o i t ng. ngha c a nhm c bi t ny

Ngoi cc nhm t o s n trnh by

t bi t, chng khng xu t hi n trn c a s c a cng c Active Directory User and Computer,

m chng ch xu t hi n trn cc ACL c a cc ti nguyn v

i di n cho nh ng ng i dng ang s d ng my t i ch . i di n cho t t c nh ng ng i dng ang n i k t m ng i di n cho t t c m i ng i dng. n m t my tnh khc.

i di n cho h

i u hnh.

- Creator owner:

i di n cho nh ng ng i t o ra, nh ng ng i s h u m t ti nguyn no nh: i di n cho nh ng ng i dng c h th ng xc th c, nhm ny c i di n cho m t ng i dng ng nh p vo h th ng m t cch n c danh,

th m c, t p tin, tc v in n (print job) - Authenticated users: - Anonymous logon: - Service: - Dialup: dng nh m t gi i php thay th an ton hn cho nhm everyone. ch ng h n m t ng i s d ng d ch v FTP. i di n cho m t ti kho n m ng nh p v i t cch nh m t d ch v . i di n cho nh ng ng i ang truy c p h th ng thng qua Dial-up Networking.

IV. QU N L TI KHO N NG I DNG V NHM C C B 1. Cng c qu n l ti kho n ng i dng c c bMu n t ch c v qu n l ng i dng c c b , ta dng cng c Local Users and Groups. V i cng c ny b n c th t o, xa, s a cc ti kho n ng i dng, cng nh thay truy c p n cng c Local Users and Groups: - Dng nh m t MMC (Microsoft Management Console) snap-in. - Dng thng qua cng c Computer Management. Cc b c dng chn Local Users and Groups snap-in vo trong MMC: m c a s MMC. i m t m. C hai phng th c

- Ch n Start \ Run, nh p vo h p tho i MMC v n phm Enter

60

Ti li u tham kh o


- Ch n Console \ Add/Remove Snap-in - Nh p chu t vo nt Add

m h p tho i Add/Remove Snap-in.

m h p tho i Add Standalone Snap-in.

- Ch n Local Users and Groups v nh p chu t vo nt Add. - H p tho i Choose Target Machine xu t hi n, ta ch n Local Computer v nh p chu t vo nt Finish tr l i h p tho i Add Standalone Snap-in. tr l i h p tho i Add/Remove Snap-in. - Nh p chu t vo nt Close hnh sau.

- Nh p chu t vo nt OK, ta s nhn th y Local Users and Groups snap-in chn vo MMC nh

Lu Console b ng cch ch n Console \ Save, sau ta nh p ng d n v tn file c n lu tr . l i cho vi c qu n tr sau ny ta c th lu console ngay trn Desktop. N u my tnh c a b n khng c c u hnh MMC th cch nhanh nh t

ti n

truy c p cng c Local Users

and Groups thng qua cng c Computer Management. Nh p ph i chu t vo My Computer v ch n Manage t pop-up menu v m c a s Computer Management. Trong m c System Tools, ta s nhn th y m c Local Users and Groups

Cch khc

truy c p

n cng c

Local Users and Groups l vo Start \ Programs \

Administrative Tools \ Computer Management.61

Ti li u tham kh o


2. Cc thao tc c b n trn ti kho n ng i dng c c b2.1 T o ti kho n m i Trong cng c Local Users and Groups, ta nh p ph i chu t vo Users v ch n New User, h p tho i New User hi n th b n nh p cc thng tin c n thi t vo, nhng quan tr ng nh t v b t bu c ph i c l m c Username.

2.2 Xa ti kho n B n nn xa ti kho n ng i dng, n u b n ch c r ng ti kho n ny khng bao gi c n dng l i n a. Mu n xa ti kho n ng i dng b n m cng c Local Users and Groups, ch n ti kho n ng i dng c n xa, nh p ph i chu t v ch n Delete ho c vo th c n Action \ Delete.

62

Ti li u tham kh o


Ch : khi ch n Delete th h th ng xu t hi n h p tho i h i b n mu n xa th t s khng v trnh tr ng h p b n xa nh m. B i v khi xa th ti kho n ng i dng ny khng th ph c h i c.

2.3 Kha ti kho n Khi m t ti kho n khng s d ng trong th i gian di b n nn kha l i v l do b o m t v an ton h th ng. N u b n xa ti kho n ny i th khng th ph c h i l i c do ta ch t m kha. Trong cng c Local Users and Groups, nh p i chu t vo ng i dng c n kha, h p tho i Properties c a ti kho n xu t hi n.

Trong Tab General, nh d u vo m c Account is disabled.

63

Ti li u tham kh o


2.4

i tn ti kho n i tn b t k m t ti kho n ng i dng no, ng th i b n cng c th i. Mu n thay i u ch nh cc i tn ti kho n i tn,

B n c th thay

thng tin c a ti kho n ng i dng thng qua ch c nng ny. Ch c nng ny c u i m l khi b n i tn ng i dng nhng SID c a ti kho n v n khng thay ng i dng b n m cng c Local Users and Groups, ch n ti kho n ng i dng c n thay nh p ph i chu t v ch n Rename. 2.5 Thay Mu n i m t kh u i m t m, nh p ph i chu t v ch n Reset password.

i m t m c a ng i dng b n m cng c Local Users and Groups, ch n ti kho n ng i

dng c n thay

V. QU N L TI KHO N NG I DNG V NHM TRN ACTIVE DIRECTORY 1. T o m i ti kho n ng i dngB n c th dng cng c Active Directory User and Computers trong Administrative Tools ngay trn my Domain Controller t o cc ti kho n ng i dng mi n. Cng c ny cho php b n qu n i u hnh Server nh l ti kho n ng i dng t xa th m ch trn cc my tr m khng ph i dng h

WinXP, Win2K Pro. Mu n th trn cc my tr m ny ph i ci thm b cng c Admin Pack. B cng c ny n m trn Server trong th m c \Windows\system32\ADMINPAK.MSI. T o m t ti kho n ng i dng trn Active Directory, ta lm cc b c sau: - Ch n Start \ Programs \ Administrative Tools \ Active Directory Users and Computers. - C a s Active Directory Users and Computers xu t hi n, b n nh p ph i chu t vo m c Users, ch n New \ User

H p tho i New Object-User xu t hi n nh hnh sau, b n nh p tn m t ng i dng, tn ti kho n logon vo m ng. Gi tr Full Name s t Name, nhng b n v n c th thay ng pht sinh khi b n nh p gi tr First Name v Last nh ngha i c. Ch : gi tr quan tr ng nh t v b t bu c ph i c l

logon name (username). Chu i ny l duy nh t cho m t ti kho n ng i dng theo nh

trn ph n l thuy t. Trong mi tr ng Windows 2000 v 2003, Microsoft a thm m t khi ni m64

Ti li u tham kh o


h u t UPN (Universal Principal Name), trong v d ny l @netclass.edu.vn. H u t UPN ny g n vo sau chu i username dng r ng ho c ch ng th c ny th tn username chng ta y t o thnh m t tn username y dng ch ng th c c p m t mi n khc c quan h tin c y v i mi n c a ng i dng , trong v d l [email protected]. Ngoi ra trong h p tho i ny cng cho php ti p t c.

t tn username c a ti kho n ng i dng ph c v cho h th ng c (pre-Windows 2000).

Sau khi vi c nh p cc thng tin hon thnh b n nh p chu t vo nt Next

H p tho i th hai xu t hi n, cho php b n nh p vo m t kh u (password) c a ti kho n ng i dng v nh d u vo cc l a ch n lin quan kh u l n ng nh p ti p theo. n ti kho n nh: cho php i m t kh u, yu c u ph i im t ph n u tin hay kha ti kho n. Cc l a ch n ny chng ta s tm hi u chi ti t

65

Ti li u tham kh o


H p tho i cu i cng xu t hi n v n hi n th cc thng tin c u hnh cho ng i dng. N u t t c cc thng tin chnh xc th b n nh p chu t vo nt Finish nh p chu t vo nt Back tr v cc h p tho i tr c. hon thnh, cn n u c n ch nh s a l i th

2. Cc thu c tnh c a ti kho n ng i dngMu n qu n l cc thu c tnh c a cc ti kho n ng i dng ta s d ng cng c Active Directory Users and Computers (b ng cch ch n Start \ Programs \ Administrative Tools \ Active Directory Users and Computers), sau ch n th m c Users v nh p i chu t vo ti kho n ng i dng c n kh o st. H p tho i Properties xu t hi n, trong h p tho i ny ch a 12 Tab chnh, ta s l n l t kh o st cc Tab ny. Ngoi ra b n c th gom nhm (dng hai phm Shift, Ctrl) v hi u ch nh thng tin c a nhi u ti kho n ng i dng cng m t lc.

2.1 Cc thng tin m r ng c a ng i dng66

Ti li u tham kh o


Tab General ch a cc thng tin chung c a ng i dng trn m ng m b n nh p trong lc t o ng i dng m i. ng th i b n c th nh p thm m t s thng tin nh: s i n tho i, a ch mail v trang a ch trang Web c nhn

Tab Address cho php b n c th khai bo chi ti t cc thng tin lin quan ng i dng nh: a ch ng, thnh ph , m vng, qu c gia

n

a ch c a ti kho n

67

Ti li u tham kh o


Tab Telephones cho php b n khai bo chi ti t cc s

i n tho i c a ti kho n ng i dng.

Tab Organization cho php b n khai bo cc thng tin ng i dng v : ch c nng c a cng ty, tn phng ban tr c thu c, tn cng ty

68

Ti li u tham kh o


2.2 Tab Account Tab Account cho php b n khai bo l i username, quy nh my tr m m ng i dng c th s d ng ng i dng, quy nh th i i m h t h n c a ti kho n nh gi logon vo m ng cho ng i dng, quy nh cc chnh sch ti kho n cho

vo m ng, quy

i u khi n gi logon vo m ng: b n nh p chu t vo nt Logon Hours, h p tho i Logon Hours xu t hi n. M c nh t t c m i ng i dng u c php truy c p vo m ng 24 gi m i ngy, trong t t c 7 ngy c a tu n. Khi m t ng i dng logon vo m ng th h th ng s ki m tra xem th i i m ny c n m trong kho ng th i gian cho php truy c p khng, n u khng ph h p th h th ng s khng cho vo m ng v thng bo l i Unable to log you on because of an account restriction. B n c th thay i quy nh gi logon b ng cch ch n vng th i gian c n thay i v nh p chu t vo nt l a ch n n th 6. Ch : i u ch nh i u Logon Permitted, n u ng c l i khng cho php th nh p chu t vo nt l a ch n Logon Denied. Sau y l hnh v d ch cho php ng i dng lm vi c t 7h sng m c nh ng i dng khng b logoff t ng khi h t gi n 5h chi u, t th 2 ng nh p nhng b n c th

ny t i m c Automatically Log Off Users When Logon Hours Expire trong Group Policy ph n Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Option. Ngoi ra b n cng c cch khc i u ch nh thng tin logoff ny b ng cch dng cng c Domain Security Policy ho c Local Security Policy ty theo b i c nh.

69

Ti li u tham kh o


Ch n l a my tr m c truy c p vo m ng: b n nh p chu t vo nt Log On To, b n s th y h p tho i Logon Workstations xu t hi n. H p tho i ny cho php b n ch t t t c cc my tnh trong m ng ho c gi i h n ng i dng ch dng ny ch tr c ch nh ng i dng c th logon c php logon t m t s my tnh

trong m ng. V d nh ng i qu n tr m ng lm vi c trong mi tr ng b o m t nn ti kho n ng i nh logon vo m ng t m t s my trnh tnh tr ng ng i dng gi d ng qu n nh my tnh m ng i dng c php logon vo m ng, b n nh p t n cng m ng. Mu n ch

tn my tnh vo m c Computer Name v sau nh p chu t vo nt Add.

70

Ti li u tham kh o


Tu ch nUser must change password at next logon

nghaNg i dng ph i thay i m t kh u l n ng nh p ng b ch n.

k ti p, sau m c ny s t

User cannot change password

N u c ch n th ngn khng cho ng i dng ty thay N u i m t kh u. c ch n th m t kh u c a ti kho n ny

Password never expires

khng bao gi h t h n. Ch p d ng ty ch n ny nh p t cc my Apple. N u c ch n th ti kho n ny t m th i b kha, khng s d ng c. Ty ch n ny c dng khi ng i dng ng nh p i v i ng i dng ng

Store password using reversible encryption

Account is disabled

Smart card is required for interactive login

vo m ng thng qua m t th thng minh (smart card), lc ng i dng khng nh p username v password m ch c n nh p vo m t s PIN. Ch p d ng cho cc ti kho n d ch v no c n

Account is trusted for delegation

ginh c quy n truy c p vo ti nguyn v i vai tr nh ng ti kho n ng i dng khc Dng ty ch n ny trn m t ti kho n khch vng

Account is sensitive and cannot be delegated

lai ho c t m c N u

m b o r ng ti kho n s khng

i di n b i m t ti kho n khc. c ch n th h th ng s h tr Data

Use DES encryption types for this account

Encryption Standard (DES) v i nhi u m c khc nhau. N u c ch n h th ng s cho php ti kho n ny

Do not require Kerberos preauthentication

dng m t ki u th c hi n giao th c Kerberos khc v i ki u c a Windows Server 2003.

M c cu i cng trong Tab ny l quy thng h t h n th 2.3 Tab Profile

nh th i gian h t h n c a m t ti kho n ng i dng. Trong m c

Account Expires, n u ta ch n Never th ti kho n ny khng b h t h n, n u ch n End of: ngy n ngy ny ti kho n ny b t m kha.

Tab Profile cho php b n khai bo ng d n t p tin logon script c t

n Profile c a ti kho n ng i dng hi n t i, khai bo

ng thi hnh khi ng i dng ng nh p hay khai bo home folder. Ch71

Ti li u tham kh o


cc ty ch n trong Tab Profile ny ch y u ph c v cho cc my tr m tr c Windows 2000, cn i v i cc my tr m t Win2K tr v sau nh: Win2K Pro, WinXP, Windows Server 2003 th chng ta c th c u hnh cc l a ch n ny trong Group Policy.

Tr c tin chng ta hy tm hi u khi ni m Profile. User Profiles l m t th m c ch a cc thng tin v mi tr ng c a Windows Server 2003 cho t ng ng i dng m ng. Profile ch a cc qui t ng chu t M c nh khi ng i dng ng nh p vo m ng, m t profile s c m cho ng i dng . N u l l n u tin th h s nh n c m t profile chu n. M t th m c c tn gi ng nh tn c a c t o trong th m c Documents and Settings. Th m c profile ng i nh v mn hnh Desktop, n i dung c a menu Start, ki u cch ph i mu s c, v tr s p x p cc icon, bi u

ng nh p

ng i dng ng nh p s lin k t th m c Profile:

dng c t o ch a m t t p tin ntuser.dat, t p tin ny c xem nh l m t th m c con ch a cc n cc bi u t ng n n c a ng i dng. Trong Windows Server 2003 c ba lo i

Local Profile: l profile c a ng i dng c lu trn my c c b v h t c u hnh trn profile . Roaming Profile: l lo i Profile c ch a trn m ng v ng i qu n tr m ng thm thng tin ng d n user profile vo trong thng tin ti kho n ng i dng, kho n ng i dng trn m ng. t ng duy tr m t b n sao c a ti

72

Ti li u tham kh o


Mandatory Profile: ng i qu n tr m ng thm thng tin ng d n user profile vo trong thng tin ti kho n ng i dng, sau chp m t profile c u hnh s n vo ng d n . Lc cc ng i dng dng chung profile ny v khng c quy n thay i profile . K ch b n ng nh p (logon script hay login script) l nh ng t p tin chng trnh c thi hnh m i khi ng i dng ng nh p vo h th ng, v i ch c nng l c u hnh mi tr ng lm vi c c a ng i dng v phn pht cho h nh ng ti nguyn m ng nh th dng nhi u ngn ng k ch b n Windows Scripting Host (WSH), VBScript, Jscript i v i Windows Server 2003 th c hai cch khai bo logon script l: khai bo trong thu c tnh c a ti kho n ng i dng thng qua cng c Active Directory User and Computers, khai bo thng qua Group Policy. Nhng ch trong c hai cch, cc t p tin script v m i t p tin c n thi t khc ph i c script t trong th m c chia s SYSVOL, n m trong \Windows\SYSVOL\sysvol, n u cc t p tin ny ph c v cho cc my ti n Win2K th ph i t trong th m c c p cc t p tin script thi hnh c b n nh a, my in ( c nh xa t Server). B n c t o ra logon script nh: l nh shell c a DOS/NT/Windows,

\Windows\Sysvol\sysvol\domainname\scripts. v m t t p tin logon script.

quy n cho cc ng i dng m ng c quy n Read v Excute trn cc t p tin ny. Sau y l m t v d

@echo off rem Taodia.bat Version 1.0 rem neu nguoi dung logon ngay tai server thi khong lam gi ca. if %computername%.== tvthanh. goto END rem xoa cac o dia anh xa dang ton tai net use h: /delete >nul net use j: /delete >nul rem anh xa o dia h va j net use h: \\tvthanh\users /yes >nul net use j: \\tvthanh\apps /yes >nul rem dong bo thoi gian voi Server net time \\tvthanh /set /yes :END Th m c c nhn (home folder hay home directory) l th m c dnh ring cho m i ti kho n ng i dng, gip ng i dng c th lu tr cc ti li u v t p tin ring, ch n chung ng th i y cng l th m c m c n (ch l cc th m c dng nh t i d u nh c l nh. Mu n t o m t th m c c nhn cho ng i dng th trong m c Connect b n a hi n th trn my tr m v ng d n m a ny c n nh x m b o chia s ). Trong v d ny b n ch th m c c nhn cho ti kho n Tuan l

\\server\tuan, nhng b n c th thay th tn ti kho n b ng bi n mi tr ng ng i dng nh: \\server\%username%. 2.4 Tab Member Of Tab Member Of cho php b n xem v c u hnh ti kho n ng i dng hi n t i l thnh vin c a nh ng nhm no. M t ti kho n ng i dng c th l thnh vin c a nhi u nhm khc nhau v n c th a h ng quy n c a t t c cc nhm ny. Mu n gia nh p vo nhm no b n nh p chu t vo nt Add, h p tho i ch n nhm s hi n ra.73

Ti li u tham kh o


Trong h p tho i ch n nhm, n u b n nh tn nhm th c th nh p tr c ti p tn nhm vo v sau nh p chu t vo nt Check Names ki m tra c chnh xc khng, b n c th nh p g n ng h th ng tm cc tn nhm c lin quan. y l tnh nng m i c a Windows Server 2003 trnh tnh tr ng tm ki m v hi n th h t t t c cc nhm hi n c trong h th ng. N u b n khng nh tn nhm th ch p nh n nh p chu t vo nt Advanced v Find Now tm h t t t c cc nhm

N u b n mu n ti kho n ng i dng hi n t i thot ra kh i m t nhm no th b n ch n nhm sau nh p chu t vo nt Remove.74

Ti li u tham kh o


2.5 Tab Dial-in Tab Dial-in cho php b n c u hnh quy n truy c p t xa c a ng i dng cho k t n i dial-in ho c VPN, chng ta s kh o st chi ti t chng Routing and Remote Access.

3. T o m i ti kho n nhmB n t o v qu n l ti kho n nhm trn Active Directory thng qua cng c Active Directory Users and Computers. Tr c khi t o nhm b n ph i xc nhm nh th no. Sau khi chu n b y nh lo i nhm c n t o, ph m vi ho t ng c a cc thng tin b n th c hi n cc b c sau: m

Ch n Start \ Programs \ Administrative Tools \ Active Directory Users and Computers cng c Active Directory Users and Computers ln. Nh p ph i chu t vo m c Users, ch n New trn pop-up menu v ch n Group.

H p tho i New Object Group xu t hi n, b n nh p tn nhm vo m c Group name, tr ng tn nhm cho cc h i u hnh tr c Windows 2000 (pre-Windows 2000) t ng pht sinh, b n c th hi u ch nh l i cho ph h p.

75

Ti li u tham kh o


Nh p chu t vo nt OK

hon t t v ng h p tho i.

4. Cc ti n ch dng l nh qu n l ti kho n ng i dng v ti kho n nhmSo v i Windows 2000 Server th Windows Server 2003 cung c p thm nhi u cng c dng l nh m nh m , c th c dng trong cc t p tin x l theo l (batch) ho c cc t p tin k ch b n (script) i i s user cho php chng ta ng qu n l ti kho n ng i dng nh thm, xa, s a. Windows 2003 cn h tr vi c nh p v xu t cc t ng t Active Directory. Hai ti n ch dsadd.exe v admod.exe v i nh p ho c xu t d li u 4.1 L nh net user Ch c nng: t o thm, hi u ch nh v hi n th thng tin c a cc ti kho n ng i dng. C php: net user [username [password | *] [options]] [/domain] net user username {password | *} /add [options] [/domain] net user username [/delete] [/domain] ngha cc tham s : - Khng tham s : dng hi n th danh sch c a t t c cc ti kho n ng i dng trn my tnh thm v ch nh s a ti kho n ng i dng trong Active Directory. Ti n ch csvde.exe c dng i t ng thng qua cc t p tin ki u CSV (comma-separated values). th i h th ng m i ny v n cn s d ng hai l nh net user v net group c a Windows 2000.

- [Username]: ch ra tn ti kho n ng i dng c n thm, xa, hi u ch nh ho c hi n th . Tn c a ti kho n ng i dng c th di - [Password]: n nh ho c thay n 20 k t . i m t m c a ti khon ng i dng. M t m t m ph i c chi u di nh trong chnh sch ti kho n ng i dng. Trong Windows 2000 n 127 k t , nhng trn h th ng Win9X th ch hi u c 1476

t i thi u b ng v i chi u di quy

th chi u di c a m t m c th di

Ti li u tham kh o


k t , do n u b n

t m t m di hn 14 k t th c th ti kho n ny khng th logon vo m ng

t my tr m dng Win9X. - [/domain]: cc tc v s th c hi n trn my i u khi n vng. Tham s ny ch p d ng cho Windows 2000 Server l primary domain controller ho c Windows 2000 Professional l thnh vin c a my Windows 2000 Server domain. - [/add]: thm m t ti kho n ng i dng vo trong c s d li u ti kho n ng i dng. - [/delete]: xa m t ti kho n ng i dng kh i c s d li u ti kho n ng i dng. - [/active:{no | yes}]: cho php ho c t m kha ti kho n ng i dng. N u ti kho n b kha th ng i dng khng th truy c p cc ti nguyn trn my tnh. M c nh l cho php (active). n 48 k t .

- [/comment:"text"]: cung c p m t v ti kho n ng i dng, m t ny c th di - [/countrycode:nnn]: ch nh m qu c gia v m vng. nh ngy h t hi u l c c a ti kho n ng i dng. y c a ng i dng.

- [/expires:{date | never}]: quy

- [/fullname:"name"]: khai bo tn

- [/homedir:path]: khai bo ng d n th m c c nhn c a ti kho n, ch ng d n ny t n t i. - [/passwordchg:{yes | no}]: ch c th . - [/passwordreq:{yes | no}]: ch m t m. - [/profilepath:[path]]: khai bo ng d n Profile c a ng i dng, n u khng h th ng s t t o m t profile chu n cho ng i dng l n logon u tin. - [/scriptpath:path]: khai bo ng d n v t p tin logon script. ng d n ny c th l ng d n tuy t i ho c ng d n tng i (v d : %systemroot%\System32\Repl\Import\Scripts). - [/times:{times | all}]: quy th trong tu n c nh m t ti kho n ng i dng ph i c m t m t m, m c nh l c nh ng i dng c th thay i m t m c a mnh khng, m c nh l

nh gi cho php ng i dng logon vo m ng hay my tnh c c b . Cc phn bi t n

i di n b i k t : M, T, W, Th, F, Sa, Su. Gi ta dng AM, PM

bu i sng ho c chi u. V d sau ch cho php ng i dng lm vi c trong gi hnh chnh t th 2 th 6: M,7AM-5PM; T,7AM-5PM; W,7AM-5PM; Th,7AM-5PM; F,7AM-5PM; - [/workstations:{computername[,...] | *}]: ch dng c th s d ng b t k my no 4.2 L nh net group

nh cc my tnh m ng i dng ny c th s d ng

logon vo m ng. N u /workstations khng c danh sch ho c danh sch l k t * th ng i vo m ng.

Ch c nng: t o m i thm, hi n th ho c hi u ch nh nhm ton c c trn Windows 2000 Server domains, l nh ny ch c hi u l c khi dng trn my Windows 2000 Server Domain Controllers

77

Ti li u tham kh o


C php: net group [groupname [/comment:"text"]] [/domain] net group groupname {/add [/comment:"text"] | /delete} [/domain] net group groupname username[ ...] {/add | /delete} [/domain] ngha cc tham s : - Khng tham s : dng - [Groupname]: ch hi n th tn c a Server v tn c a cc nhm trn Server .

nh tn nhn c n thm, m r ng ho c xa.

- [/comment:"text"]: thm thng tin m t cho m t nhm m i ho c c s n, n i dung ny c th di n 48 k t . - [/domain]: cc tc v s th c hi n trn my i u khi n vng. Tham s ny ch p d ng cho Windows 2000 Server l primary domain controller ho c Windows 2000 Professional l thnh vin c a my Windows 2000 Server domain. - [username[ ...]]: danh sch m t ho c nhi u ng i dng c n thm ho c xa ra kh i nhm, cc tn ny cch nhau b i kho ng tr ng. - [/add]: thm m t nhm ho c thm m t ng i dng vo nhm. - [/delete]: xa m t nhm ho c xa m t ng i dng kh i nhm. 4.3 L nh net localgroup Ch c nng: thm, hi n th ho c hi u ch nh nhm c c b . C php: net localgroup [groupname [/comment:"text"]] [/domain] net localgroup groupname {/add [/comment:"text"] | /delete} [/domain] net localgroup groupname name [ ...] {/add | /delete} [/domain] ngha cc tham s : - Khng tham s : dng hi n th tn server v tn cc nhm c c b trn my tnh hi n t i. - [Groupname]: ch nh tn nhm c n thm, m r ng ho c xa.

- [/comment:"text"]: thm thng tin m t cho m t nhm m i ho c c s n, n i dung ny c th di n 48 k t . - [/domain]: cc tc v s th c hi n trn my i u khi n vng. Tham s ny ch p d ng cho Windows 2000 Server l primary domain controller ho c Windows 2000 Professional l thnh vin c a my Windows 2000 Server domain. - [name [ ...]]: danh sch m t ho c nhi u tn ng i dng ho c tn nhm c n thm vo ho c xa kh i nhm c c b . Cc tn ny cch nhau b i kho ng tr ng. - [/add]: thm tn m t nhm ton c c ho c tn ng i dng vo nhm c c b . - [/delete]: xa tn m t nhm ton c c ho c tn ng i dng kh i nhm c c b .

78

Ti li u tham kh o


4.4 Cc l nh h tr d ch v Active Directory trong mi tr ng Windows Server 2003 Trn h th ng Windows Server 2003, Microsoft pht tri n thm m t s l nh nh m h tr t t hn cho d ch v Directory nh: dsadd, dsrm, dsmove, dsget, dsmod, dsquery. Cc l nh ny thao tc ch y u trn cc i t ng computer, contact, group, ou, user, quota - Dsadd: cho php b n thm m t computer, contact, group, ou ho c user vo trong d ch v Directory. - Dsrm: xa m t i t ng trong d ch v Directory. i t ng t v tr ny n v tr khc trong d ch v Directory. i t ng computer, contact, group, ou, server ho c - Dsmove: di chuy n m t

- Dsget: hi n th cc thng tin l a ch n c a m t user trong m t d ch v Directory.

- Dsmod: ch nh s a cc thng tin c a computer, contact, group, ou ho c user trong m t d ch v Director