Beruflich Dokumente
Kultur Dokumente
Default Groups
•Carefully manage the default groups that provide administrative privileges, because these groups: •Typically have
broader privileges than are necessary for most delegated environments •Often apply protection to their members
Group Location
Enterprise Admins Users container of the forest root domain
Schema Admins Users container of the forest root domain
Administrators Built-in container of each domain
Domain Admins Users container of each domain
Server Operators Built-in container of each domain
Account Operators Built-in container of each domain
Backup Operators Built-in container of each domain
Print Operators Built-in container of each domain Cert Publishers Users container of each domain
Special Identities
•Special identities:
Are groups for which membership is controlled by the operating system
Can be used by the Windows Server operating system to provide access to resources:
Based on the type of authentication or connection
Not based on the user account
•Important special identities include:
Anonymous Logon Interactive
Authenticated Users Network
Everyone Creator Owner
Managing Groups
Lesson 3: Managing Computer Accounts
Specifying the Location of Computer Accounts
•Best practice is to create Organizational Units (OUs) for computer objects
Servers
Typically subdivided by server role
Client computers
Typically subdivided by region
•Divide OUs:
By administration
To facilitate configuration with Group Policy
Performing an Offline Domain Join
Offline Domain join can use to join computers to a Domain when they cannot contact a domain controller.
•Create a domain join file using:
djoin.exe /requestODJ /LoadFile <filepath> /WindowsPath <path to the Windows directory
of the offline image>
•Import the domain join file using:
djoin.exe /requestODJ /LoadFile <filepath> /WindowsPath <path to the Windows directory
of the offline image>
Descriptions of operators
-eq Equal to -ge Greater than or equal to
-gt Greater than -lt Less than
-ne Not equal to -like Uses wildcards for pattern matching
What Is a Socket?
A socket is a combination of an IP address, a transport protocol, and a port
IP Address 172 16 0 10
Subnet Mask 255 255 0 0
Network ID 172 16 0 0
Host ID 0 0 0 10
DHCP Relay Agent - listens for DHCP broadcasts from DHCP clients and then relays them to DHCP servers in different
subnets
DHCP Server Authorization - registers the DHCP Server service in the Active Directory domain to support DHCP
clients.
DHCP Database – is a dynamic database that contains configuration information such as:
•Scopes
•Address leases
•Reservations
Windows Server 2012 stores the DHCP database in the %Systemroot%\System32\Dhcp folder
The DHCP database files include:
•Dhcp.mdb •Res*.log
•Dhcp.tmp •J50.chk
•J50.log and J50*.log
DHCP statistics - collected at either the server level or the scope level
Common issues that can occur when you do not configure DHCP properly:
Address conflicts
Failure to obtain a DHCP address
Address obtained from an incorrect scope
DHCP database suffered data corruption or loss
DHCP server has exhausted its IP address pool
DNS zone - a specific portion of DNS namespace that contains DNS records
Zone types:
Forward lookup zone
Reverse lookup zone
Resource records in forward lookup zones include: •A, MX, SRV, NS, SOA, and CNAME
Resource records in reverse lookup zones include: •PTR
Split DNS
External ADI DNS servers host only records that are resolved from the outside: mail and web server
Internal DNS servers host domain computer records, plus mail and web server in a perimeter subnet
Forwarder - is a DNS server designated to resolve external or offsite DNS domain names
Conditional forwarding - forwards requests using a domain name condition
Dynamic Updates
1.The client sends an SOA query
2.The DNS server returns an SOA resource record
3.The client sends dynamic update request(s) to identify the primary DNS server
4.The DNS server responds that it can perform an update
5.The client sends unsecured update to the DNS server
6.If the zone permits only secure updates, the update is refused 8.The client sends a secured update to the DNS
server