Learn AD in 15 Minutes a Week: Windows 2000 Network Environment Overview

Wednesday Apr 2nd 2003 by ServerWatch Staff
Share:

Jason Zandri's second article in the Learn Active Directory Design and Administration in 15 Minutes a Week provides an overview of the Windows peer-to-peer Network Environment and the Windows domain Network Environment.

by Jason Zandri
www.2000trainers.com


Welcome to the second installment of Learn Active Directory Design and Administration in 15 Minutes a Week, a weekly series aimed at current IT professionals preparing to write the new Windows Active Directory Design and Administration exams (70-219 and 70-217 respectively), as well as newcomers to the field who are trying to get a solid grasp on this new and emerging directory service from Microsoft.

This week I will begin my introduction to Active Directory Design and Administration by giving an overview of the Windows peer-to-peer Network Environment and the Windows domain Network Environment.

Windows 2000 Network Environment Overview

The Windows 2000 Active Directory is the directory service used in the Windows 2000 Server family as well as the upcoming .NET server, which stores information about all objects on a network that are available to the directory, and makes this information available to users with the proper permissions to access the objects using a single logon process. It provides network administrators with a single point of administration for all network objects.

Active Directory is currently available in the Windows 2000 Server family as well as the upcoming .NET server.

Currently there are three versions in the Windows 2000 Server family.


Windows 2000 Server

Minimum System Requirements for Windows 2000 Server

Computer/Processor 133 MHz or higher Pentium-compatible CPU
Memory 256 megabytes (MB) of RAM recommended minimum [128 MB minimum supported; 4 gigabytes (GB) maximum]
Hard Disk 2 GB hard disk with a minimum of 1.0 GB free space. (Additional free hard disk space is required if you are installing over a network.)
CPU Support Windows 2000 Server supports up to four CPUs on one machine


Windows 2000 Advanced Server

Minimum System Requirements for Windows 2000 Advanced Server

Computer/Processor 133 MHz or higher Pentium-compatible CPU
Memory 256 MB of RAM recommended minimum (128 MB minimum supported; 8 GB maximum)
Hard Disk 2 GB hard disk with a minimum of 1.0 GB free space. (Additional free hard disk space is required if you are installing over a network.)
CPU Support Windows 2000 Advanced Server supports up to eight CPUs on one machine


Windows 2000 Datacenter Server

Minimum System Requirements for Windows 2000 Datacenter Server

Computer 8-way capable or higher server (supports up to 32-way)*

* Note: Fault-tolerant system configurations are required to have at least 8 processors within the hardware solution
Processor Pentium III Xeon processors or higher
Memory 256 megabytes (MB) of RAM recommended
Hard Disk 2 gigabyte (GB) hard disk with a minimum of 1 GB free space. (Additional free hard disk space is required if you are installing over a network.)
Drive CD-ROM or DVD drive
Display VGA or higher resolution monitor


When you set up a Windows 2000 Network Environment, you can elect to set it up as a workgroup or as a domain. Windows 2000 Professional, Windows XP Professional and the Windows 2000 Server family can participate in either of these two network types. There are administrative differences between the two as well as advantages and disadvantages to both.

Windows Workgroups

Windows workgroups are a grouping of networked computers that share out their resources. Workgroups are often referred to as peer-to-peer networks because all computers in the workgroup share resources as equals without the presence of a dedicated server or a centralized database of user accounts. Each computer in the workgroup maintains a local security database. These systems may be Windows 2000 Professional, Windows XP Professional or from the Windows 2000 Server family. Each would have a local security database with a list of user accounts and their respective security information for the computer or server on which it resides. The administration of user accounts and resource security in a workgroup is said to be decentralized for this reason.

[NOTES FROM THE FIELD] - On peer-to-peer networks, servers running any level of Windows Server operating system that are not a member of a Windows 2000 domain are called stand-alone servers.

Windows 2000 Professional, Windows XP Professional and the Windows 2000 Server family can participate in a workgroup or as domain members. Windows NT4 Workstation, Windows NT4 Server, Windows NT4 Server Enterprise Edition as well as Windows NT4 Terminal Server can be included in these as well. For the purposes of concentrating on Active Directory discussion I will not refer to them often, but it's good to know that these down-level operating systems could be included as well.

When setting up, using and administering a peer-to-peer network, there are a number of advantages and disadvantages. Some disadvantages are:

Users need to have a user account on each system where they will need access to the local resources on that system. If the account is not set up the same on each machine (e.g. username and password) users would then need to remember what name and password combinations are required on which systems.

Changes made to user accounts must be made on each computer in the workgroup. A user that needs to update their password for access to files on workstation A and the printer on workstation B and the database on server DB would need to update the password at each resource. (Or the local admin of each resource would need to do it for the user.)

A workgroup becomes difficult to administer in environments with more than 10 local security databases.

[NOTES FROM THE FIELD] - On peer-to-peer networks, workstation level operating systems are limited to 10 concurrent connections by design, meaning, that once all ten connections are made, via logons, drive mappings, browsing the network, or printing to a printer, all additional connections will be refused, regardless of the user. Even a local administrator would not be allowed to make a network connection in this case.

Workstation level operating systems include Windows NT4 Workstation, Windows 2000 Professional and Windows XP Professional.

If a Windows Server level operating system is in use in a peer-to-peer environment, it will not limit the number of connections, as it does not have this connection limit design.

Windows peer-to-peer networks do have a couple of advantages as well.

Peer-to-peer networks do not require having the more expensive Windows Server family of operating system installed to hold centralized security information. If there are just a few users who need access to three or four systems, installing the more expensive operating system doesn't make sense.

A peer-to-peer workgroup is simple to design and implement and does not require the extensive planning and administration that goes into a domain. Also, each local system owner (hence, administrator) is in charge of their own resource. If there are just a few users who need access to three or four systems, making each local system owner responsible for their own resource and local accounts as opposed to one higher level administrator is usually more convenient in this scenario.

A peer-to-peer workgroup is only convenient for a limited number of systems.

Windows Domains

The Windows domain architecture is a group of networked Windows 2000 Servers that share a central directory database found on domain controllers. This single directory database contains user accounts and security information for the domain. This directory database is known simply as the directory and is the database portion of Active Directory.

The Windows Active Directory database resides on specialized Windows 2000 servers called domain controllers, and it is the domain controllers where all security-related aspects of the domain takes place. Security and administration are centralized on the domain controllers. While domain-level administration may be performed remotely from a Windows 2000 Professional or XP Professional workstation, it is still taking place in the directory on a domain controller somewhere in the environment.

There are a number of advantages and benefits of a Windows 2000 domain.

Domains allow for centralized administration because all user information is stored centrally on the domain controllers within the Active Directory. Any administrative changes that are made on any given domain controller are automatically replicated throughout the domain. This is called Multimaster Replication. Changes are made to any one of the domain partition copies on any one of the domain controllers, and then those changes would be sent to other domain controllers (replicated) within the domain.

Domains provide a single logon process for users to gain access to network resources for which they have permissions. Users can log on to one computer and use resources on another computer in the network as long as they have appropriate privileges for the resource.

[NOTES FROM THE FIELD] - On older domains, such as those from Windows NT4, users might authenticate to the local Windows NT4 Backup Domain Controller which might have been located locally onsite; however, any changes that needed to be made to an account, say for example a password change, had to take place on the single Windows NT4 Primary Domain Controller in the domain.

The loss of the single Windows NT4 Primary Domain Controller in the domain did not mean users could not log in to the domain. In fact, the whole idea of the local Windows NT4 Backup Domain Controller was to make life easier for remote locations as far as logons and scripting were concerned and to keep network traffic lower by taking logins out of the network loop and keep them local. The loss of the single Windows NT4 Primary Domain Controller in the domain meant that account changes (among other things) could not be performed because the writable copy of the SAM database was not available.

The Windows NT4 Primary Domain Controller had the only read write copy of the security account database in the Windows NT4 domain.

In Windows 2000 domains, the domain portion of the Active Directory database is a read write copy at each and every domain controller in the domain.


Well, that wraps up my Windows 2000 Network Environment Overview article. I hope you found it informative and will return for the next installment.

If you have any questions, comments or even constructive criticism, please feel free to drop me a note.

I want to write good, solid technical articles that appeal to a large range of readers and skill levels and I can only be sure of that through your feedback.

Next week, I plan to continue with my detailed Introduction to Active Directory column, describing the function of Active Directory and its physical and logical structure.

Until then, remember,


"Out of date virus software is only marginally better than none at all."
Jason Zandri

Share:
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved