Guide to MCSE 70-290, Enhanced

1-1

Chapter 1: Introduction to Windows Server 2003

Objectives
After reading the chapter and completing the exercises, students should be able to:

Differentiate between the different editions of Windows Server 2003

Explain Windows Server 2003 network models and server roles
Identify concepts relating to Windows Server 2003 network management and maintenance
Explain Windows Server 2003 Active Directory concepts

Teaching Tips
Windows Server 2003 Editions
1.
2.

Provide an overview of the four editions that are available to consumers. Cite the advantages and possible
disadvantages of each. Try giving multiple situations or scenarios to the class and have them discuss which
version might be best for the given situation.
It might be useful to have students research on the Internet different retail sites in order to find out where
the editions of the server software are available for purchase. Many students may not know where to obtain
such software. Direct them to a few popular sources. Also, have them take note of what the retail software
dealers advertise for each of the editions of the Windows Server 2003 operating system. Maybe there were
features, considered by the retailer to be important selling points, which were not given much attention in
this text.

Standard Edition
1.
2.
3.

Note that this edition is the most popular because it meets the everyday computing needs of most small to
medium organizations and can function as a departmental server in larger environments. Point out that this
is the logical upgrade path for companies currently running Windows 2000 Server.
Note that this edition is often used as a departmental file, print, or application server.
Go over the features that are present in this edition of the network operating system. Point out that this
edition can be used as a domain controller but that it does not support the Itanium platform or clustering.

Enterprise Edition
1.
2.

Make sure it is clear that this edition is geared for larger corporations or medium organizations with
mission-critical applications that require more features or performance than those available in the Standard
Edition.
Point out some of the differences between the Standard and Enterprise Editions, particularly that it provides
Itanium support, 8-way clustering, it can scale to 8 processors and it supports more RAM.

Guide to MCSE 70-290, Enhanced

1-2

Datacenter Edition
1.
2.
3.

One should make it clear that although this edition offers the highest levels of availability and reliability to
mission-critical applications over all other editions, this functionality comes at a cost. It is best suited for
large database and transaction processing systems.
Note that Datacenter Edition can only be obtained from original equipment manufacturers (OEMs).
Point out the major distinctions of this edition: 8 to 64 processors are possible, and up to 512 GB RAM.

Web Edition
1.
2.

Make sure that students understand that they cannot purchase this lower-cost version of the server software
and expect all of the features of any of the higher-cost editions. Make sure they understand that this
software is meant as a Web server only and cannot be used for such things as a domain controller.
Go through the list of services and features that are and are not supported by this edition.

Activity 1-1: Determining the Windows Server 2003 Edition

Installed on a Server
1.

This activity involves determining which edition of Windows Server 2003 is currently installed on a
computer system. Remind the students that different editions have different features and may have different
requirements for servicing. Therefore, this is an important activity. Network administrators should always
check what version of an operating system a computer is running before attempting to service it.

Windows Networking Concepts Overview

1.
2.

Explain to students that all network administrators need to be familiar with the two security models that can
be implemented with Windows Server 2003. Be sure to note that almost all larger organizations use the
domain model but that the workgroup model is often used in smaller organizations.
In addition to security models, there are three major roles that Windows Server 2003 can take within a
network. Note that the choice of role is a function of the security model and the types of tasks that the
server will handle.

Teaching

Make sure students understand the distinction between the workgroup and domain models and
among the standalone, member, and domain controller server roles. These concepts are central to
understanding this chapter.

Guide to MCSE 70-290, Enhanced

1-3

Workgroups
1.
2.

3.

In this section, the textbook describes the Windows workgroup model and how a Windows 2003 Server can
be used within the model. Note that the workgroup model doesnt explicitly require a server because the
member systems rely on a local database called the Security Accounts Manager database for authentication.
Discuss with students the advantages, such as simplicity, and the disadvantages, such as scalability, of this
model. Ask students to think about when it makes sense for individual users to manage their systems and
what security issues might arise. Give them a general rule that workgroups with more than 10 clients begin
to get unwieldy.
Note that when a Windows Server 2003 system is configured as part of a workgroup, it will be set up as a
standalone server.

Domains
1.
2.
3.

4.
5.

This section describes the second Windows security model, the Domain model. Note that this model relies
on centralized authentication and administration through a centralized database called Active Directory.
Although the concept of administration in the domain model is that it is centralized, make sure that students
understand that this does not necessarily mean that the database is physically centralized. It may be stored
on one or more computers configured as domain controllers.
Note that a domain controller in a Windows Server 2003 environment can be running under several
different Windows operating system versions, depending on functional levels required. Students may want
to look at the Windows Server 2003 Help and Support Center to get an idea of the different functional
levels.
Be sure that students understand that the domain model is the one normally recommended for systems of
more than 10 workstations.
Discuss the use of more than one domain controller within an environment to support fault tolerance and
load balancing.

Member Servers
1.
2.

3.

This section defines what a member server is and what services it might commonly provide.
Have students compare the figures that illustrate the Computer Name tab of the System Properties window
for a member server and for a workgroup member.
Note that any of the four editions of Windows Server 2003 can be configured as a member server in a
domain environment.

Domain Controllers
1.
2.
3.

This section describes what the role of a domain controller is. Note what services a domain controller must
provide.
Be sure to point out that a server in the role of a domain controller can also provide file, print, and other
services on a network. Ask students to describe what factors might go into deciding when a domain
controller might reasonably take on other services as well.
Note that a server can be configured as a domain controller using either the Active Directory Installation
Wizard or the Configure Your Server wizard.

Guide to MCSE 70-290, Enhanced

1-4

Activity 1-2: Determining the Domain or Workgroup

Membership of a Windows Server 2003 System
1.

In this activity, students will determine the domain or workgroup membership of the workstation they are
using. Remind them that determining and understanding the system properties of a workstation is a
necessary part of network administration.

Computer Accounts
1.
2.

Discuss what computer accounts provide and what Windows operating systems support them.
Note how computer accounts are represented and that they can be viewed using Administrative tools.

Activity 1-3: Viewing and Configuring Computer Account

Settings in Active Directory Users and Computers
1.

This activity shows students how to view computer account settings and properties using the Active
Directory Users and Computers administrative tool. Students will return to this tool later in the book as
well.

Quick Quiz
1.

What are the four editions of Windows 2003 Server?

Answer: Standard, Enterprise, Datacenter, and Web

2.

When is a Windows Server 2003 system deployed as a standalone server?

Answer: When it is configured as a member of a workgroup

3.

What is the name of the local account database that manages authentication on a workstation in a
workgroup?
Answer: The SAM (Security Accounts Manager) database

4.

What is the name of the centralized account database that manages authentication on a workstation in a
domain?
Answer: Active Directory

Network Management and Maintenance Overview

1.

This section provides an overview of the five broad categories of tasks that an administrator will need to
master for Microsoft exam 70-290, Managing and Maintaining a Microsoft Windows Server 2003
Environment. Each of these categories will be addressed in more detail in later chapters of the book.

Teaching

It might be useful to ask students what tasks they believe a network administrator would need to
perform before starting this section. They may be surprised at the breadth of tasks.

Guide to MCSE 70-290, Enhanced

1-5

Managing and Maintaining Physical and Logical Devices

1.
2.
3.

A network administrator will be responsible for installing hardware and software, configuring the network
for optimum performance, and recognizing and resolving problems that occur.
Ask students to name some hardware devices that might be required for a server installation. Once the
hardware is installed, what other steps might be necessary for an administrator to take?
Note that when managing server disks, an administrator will need to be familiar with what types of disks
are available and will need to know how to configure and maintain them. The administrator should be
familiar with fault tolerance techniques and with the various tools, utilities, and techniques needed for the
best possible performance of the network.

Managing Users, Computers, and Groups

1.
2.
3.
4.

5.

One of the primary tasks an administrator faces is the maintenance of user accounts. Remind students that
security is a huge concern in all organizations.
Windows Server 2003 Active Directory includes many tools and features to allow an administrator to
automate many account-related tasks for user and computer accounts.
A number of different types of groups and scopes can be supported and an administrator must be able to
maintain group accounts as well as individual user accounts.
Another administrator responsibility includes managing user desktop environments that, in Windows
Server 2003 environments, is done using user profiles.
As a preface to Activity 1-4, ask students what they think is the most common task that a network
administrator performs for user accounts, and give hints such as What is the most common problem you
have with your own accounts? to see if they can come up with resetting passwords on their own.

Activity 1-4: Resetting a Domain User Account Password Using

Active Directory Users and Computers
1.

This activity has students reset a user password using the Active Directory Users and Computers tool. In
this model of password resetting, the administrator supplies a temporary password and makes the user
change it during login. Describe the alternate model of simply changing the password. Remind students
that they will undoubtedly face this task at some point it is indeed a very common problem.

Managing and Maintaining Access to Resources

1.
2.
3.
4.

What is the primary reason for implementing a network? To allow users to share resources of course. Ask
students to name some resources that are very helpful to share.
The two most common methods of enabling sharing of resources are using the Windows Explore interface
the Computer Management administrative tool.
Note that there are two main methods of securing shared resources: 1) shared file permissions that apply
for access over a network; and 2) NTFS permissions that apply to all access attempts.
It is often desirable to centralize some software applications and make them available to users through a
service known as Terminal Services. An administrator must understand the security issues that permit
applications to be shared in this manner without opening the environment to potentially harmful
interactions.

Guide to MCSE 70-290, Enhanced

1-6

Managing and Maintaining a Server Environment

1.

2.
3.

This category covers a broad range of tasks that are important in the day-to-day ongoing operation of a
Windows Server 2003 environment. Two tools that are commonly used to monitor and troubleshoot an
environment are Event Viewer and System Monitor. Event Viewer is particularly important in gathering
information needed to diagnose problems when errors occur. In contrast, the System Monitor utility is used
to monitor and understand server performance.
Note that updates and patches are common and that the Windows Server 2003 administrator should be able
to install and maintain them. Administrators are also responsible for the often-unappreciated task of
maintaining disk quotas and for managing print queues and printer security.
There are several remote management tools that administrators need to be familiar with, such as the
Microsoft Management Console (MMC) that is the subject of the next activity. All of these tools and tasks
will be reviewed in detail in later chapters; it is only necessary to be aware of them at this point.

Activity 1-5: Creating a Custom Microsoft Management Console

1.

In this activity, a custom MMC is created. This is important because it allows commonly used tools to be
grouped together in a single, easily accessible console. Remind students that taking the time to set up a
console can save time and frustration over the long run.

Managing and Implementing Disaster Recovery

1.
2.
3.

Enforce the notion that disaster recovery is possible only when proper procedures are implemented and
followed before disaster occurs. Most students have had experiences where backup procedures (or the lack
thereof) had some impact on their lives; it might be interesting to share some stories.
Windows Server 2003 provides Windows Backup as the main backup resource. The administrator should
be familiar with different backup types, scheduling automatic backups for both users and system state, and
with restoring backed-up information.
Several new features are available on Windows Server 2003. One allows an administrator to write critical
configuration to a floppy disk and, when necessary, restore the operating system to the most current
configuration. A second feature allows users to restore previous versions of files without administrative
support.

Introduction to Windows Server 2003 Active Directory

1.
2.
3.

This section describes Active Directory, the native directory service included with Windows Server 2003
operating systems, and the services it provides.
Make sure that students understand the process of multimaster replication that is used by Active Directory
with multiple domain controllers.
Note that Active Directory uses the Domain Name Service (DNS) to maintain domain-naming structures
and locate network resources.

Active Directory Objects

1.

Discuss with students what an Active Direct Object represents and how it is stored in the directory
database. How would you locate information about an object from Active Directory?

Guide to MCSE 70-290, Enhanced

1-7

Active Directory Schema

1.
2.

This section defines and describes Active Directory schema and the two main definitions of the schema,
object classes and attributes.
Note that the Active Directory database stores and replicates the schema partition to all domain controllers
in the environment allows the network administrator to dynamically update and extend it.

Active Directory Logical Structure and Components

1.

This section describes the logical components that make up an Active Directory Structure. Note that it is
important to understand these components because network administrators must both design and administer
the logical structure of the network.

Domains and Organizational Units

1.
2.
3.
4.

An Active Directory domain is a structured organization of objects that share a common directory database.
Make sure that students understand the concepts of domain, domain controller, and the role that Active
Directory plays in maintaining the structure of the domain.
Within a domain, objects are placed in logical containers called Organizational Units (OUs). Discuss
possible logical divisions of objects such as departmental, geographic, etc.
Within an OU, it is possible to further refine permissions using Group Policy settings.
It is also possible to delegate administrative control over OUs and other very specific tasks.

Trees and Forests

1.
2.
3.

This section describes how to create multiple domains within an organization. Discuss with students some
different reasons for needing to do this.
Students must understand the concepts of trees, forest root domains, and the transitive trust relationship that
holds between child and parent domains.
Note that a forest is a collection of trees that do not share a contiguous DNS naming structure. Ask
students to consider situations in which it would make sense to create a forest structure. Ensure that
students understand that trees in a forest do share an Active Directory schema, an Enterprise Admins group,
and a global catalog.

Global Catalog
1.
2.

Discuss the four main functions of a global catalog and the types of attributes that would be available there.
Note that the first domain controller in a forest automatically becomes a global catalog server and that
others can be configured. Briefly mention Universal group caching as an alternate to global catalogs.

Active Directory Communications Standards

1.

This section discusses the Lightweight Directory Access Protocol (LDAP) that is used to query or update
the Active Directory Database directly. It defines the two main components of the naming paths used for
referring to objects within LDAP, distinguished names and relative distinguished names.

Guide to MCSE 70-290, Enhanced

1-8

Active Directory Physical Structure

1.

2.

3.

In this section, the physical rather than logical structure of an Active Directory database is discussed.
There are several important considerations that should be taken into account when designing this structure;
particularly the performance of replication requests and the effect this may have on overall network
performance. Ask students to consider what might happen if replication takes too long or if it happens too
frequently and extensively.
Important concepts to understand in physical configuration are Active Directory sites and site links. When
discussing sites, make sure that the problem of connection reliability is noted. Site links represent the
connections among sites while sites represent the actual subnets within the network. Attributes of site links
include replication availability, bandwidth costs, and replication frequency.
Discuss the process of replication (based on a change notification process) and the default settings for
change announcements within and between sites.

Teaching

Make sure students understand the distinction between the physical and logical structure of
Active Directory. The logical structure is used to organize network resources while the physical
structure is used to control network traffic.

Quick Quiz
1.

What naming convention does Active Directory use to maintain domain-naming structures and network
resources?
Answer: Domain Name Service (DNS)

2.

How many Active Directory schemas are there in a Windows Server 2003 environment with four domain
controllers?
Answer: One

3.

True or False: An Active Directory forest can consist of a single domain.

Answer: True

4.

When referring to objects stored within the Active Directory, what naming convention is followed?
Answer: Lightweight Directory Access Protocol (LDAP)

Guide to MCSE 70-290, Enhanced

1-9

Class Discussion Topics

1.

If you (as a network administrator) were asked to set up a new Windows Server 2003 environment, what would
be the first decision to make? What characteristics of the organization would you look at to help with the
decision?

2.

Under what circumstances would you consider setting up your network as a Windows workgroup? What
advantages and disadvantages would you encounter using this model?

3.

What does Disk Defragmenter do and how does it help with achieving optimal performance? What other tools
are available to keep performance problems to a minimum?

4.

What kinds of problems might be encountered when an Active Directory schema must be replicated across
domain controllers (or anytime databases must be replicated for that matter)? What other ways can you think of
to provide fault tolerance in databases?

Additional Projects
1.

Research some tools and utilities that could be added to a custom Microsoft Management Console (MMC).
What would your custom console be and why?

2.

Find and run the Event Viewer and System Monitor tools. What information did you find there? Do some
research to see what the information is and how to use it.

3.

Research the different types of backup and restore that various operating systems support. What are the
advantages and disadvantages of each? How important is a backup plan in an enterprise?

Solutions to Additional Projects

1.

Tools available as Snap-ins include: ActiveX Controls, Certificates, Event Viewer, and Removable Storage
Management. To see the complete list on your machine, use the directions given in Activity 1-5 to look at the
Snap-In list in the MMC. Some candidates that would be generally useful are Disk Defragmenter, Event
Viewer, Performance Logs and Alerts, and Local Users and Groups. Preference for particular tools and utilities
is something that will become apparent depending on the specific responsibilities that are required.

2.

The Event Viewer provides a set of Application, Security, and System logs that describe error events and
warnings, as well as security events such as log-ons. System Monitor is a real-time execution monitor that
describes current performance in terms of data being handled over time, data moving from memory to disk, and
pending disk requests. It can create logs and alerts to allow the administrator to see trends and be warned when
certain events occur.

Guide to MCSE 70-290, Enhanced

3.

1-10

Different types of backup include full, incremental, differential, copy backup, daily backup, volume shadow
copy and system state backups. Backup is one of the most important responsibilities that an administrator faces
because, once data loss occurs, it can be devastating in terms of time and intellectual effort. For example, an
organization could lose days or even months that had been spent working on a project. It is important to decide
on a schedule for backup that takes into account system load at various times, how often system state changes,
and how often data files change. The different types of backup mainly differ in how much information is stored
and how it affects files that are being used during the backup. The tradeoffs are, of course, in the amount of
information that must be copied and stored and the amount of time that it takes to do both backups and restores.
Generally, the faster the backup, the slower the restore and vice versa. For example, a full backup copies all
information while incremental backup copies only information that has changed. Therefore, a full backup takes
longer to do than an incremental backup. However, to restore all information, if youve done incremental
backups, it is necessary to go back to the last full backup, restore that, then restore all incrementals. If you did
only full backups, you could just restore the last one and it would take less time.