WINDOW SERVER 2003 EDITIONS

Edition of Windows server 2003 :-

 Small Business Server (SBS)

 Web edition
 Standard Edition
 Enterprises Edition
 Datacenter Edition

Small Business Server:-

Small Business Server is a low cost Edition designed for small organization. This edition
supports up to 75 users. It comes in two editions standard and premium.

Web Edition

Web edition is specially designed for web hosting companies. This edition supports up to 2 GB
RAM. This edition does support ADS.

Standard Edition

This is a perfect edition for small to medium business organization. Supports file and print
service and secure internet connectivity. Supports 4 way symmetric multi processing and 4 GM
RAM. Besides this it also supports distributed file system (DFS), Encrypting file services (EFS)
and shadow copies.

Enterprises Edition

Window Server 2003 enterprises edition is made for medium to big business organization. This
is full function server for organization. This edition supports 8-way symmetric multiprocessing
(8 Processor). 32 Bit support 32GB RAM and 64 bit version support 64GB RAM.

Datacenter Edition

Window Server 2003 datacenter is made for very big Business organization, where high security
and reliability is needed. This edition is the power house of window platform. This edition
supports the 32-way symmetric multi processing (64 processor) and 512GB RAM.

Window Server 2003 Features:-

 64 bit Processor Support (For Intel Iteninu).

 Maximum RAM Support.
 Maximum Symmetric Multiprocessing Support (SMP).
 Active Directory Service Support.
  Internet Connection Firewall.
 Remote Desktop.
 Service for UNIX.
 Internet Connection sharing.
 Distributed file system.
 Support IP V6.
 Internet Information Servers 6.0 has given.
 Domain Rename Facility.
 File System Support (FAT 16, FAT 32, NTFS).
 Network Type Support- 1. Workgroup Network. 2. Domain Network.
 Disk Quota Support.
 Recovery Console.

Windows Server 64-bit editions

Window Server 64 bit editions provide higher CPU clock speed and faster floating point
processor operation. 64 bit editions increase access speed to enormous memory address.

The64-bit editions do not support 16-bit Windows applications, real-mode applications, POSIX
applications, or print services for Apple Macintosh clients.

Pre – quest of ADS configuration active directory service

In our last article you learnt about the basic concept of ADS. In this article we will configure the
ADS service on server 2003.

Pre quest of Active directory services

 NTFS partition
 Manual ip configuration
 Connectivity of LAN
 CD of Server 2003 (ADS Configuration wizard require window files)
 Root partition (partition where you have installed server 2003) must be on NTFS

ADS configuration wizard store its installation files in NTDS folder and this folder must be
located on NTFS file system. Default file system of Server 2003 is NTFS unless you have
changed it during the installation. If you have changed the file system then you have to convert it
in NFTS before you start configuration of ADS.

To change file system from FAT to NTFS open command prompt and run following commands

c:\>convert c: /fs:ntfs
Replace c: with your installation drive latter
Reboot the system to take effect. After reboot verify that partition is successfully converted in
NTFS

To verify open my computer and select properties from right click

From properties screen you could verify that file system is converted in NTFS

Manual IP configuration

Server IP address cannot be set to dynamic. You need to set static IP address before starting the
configuration of ADS. To set the static IP address opens the properties of local area connection.
Now select the TCP/IP and click on properties and set the IP address.
Connectivity of LAN

Sever will check the connectivity of LAN card during the installation of ADS. An unplugged lan
card or disable lan card will fail the configuration of ADS. So check it before ADS
configurations. You can check its status from the properties of my network places

Alternatively you can examine it just by looking at the task bar. Image below show the working
LAN card
How to configure ADS Active Directory Service Step by Step Guide

In our earlier article we have finished all necessary pre-quest. In this article we would configure
ADS. ADS configuration wizard can be invoked by thee ways.

 By running DCPROMO.EXE command

 From Configure your server
 Manage your server

No matter which options you choose all three will launch same ADS configuration wizard. I will
show all methods

Configure your server / Manage your server

To launch manage your server wizard click on start button and select manage your server option

To launch configure your server wizard click on start button and select configure your server
wizard from administrator tools.

Now click on Add remove a role

Now server will check the pre-quest which we have completed in our last article. Wizard would
show error message if any of pre-quest is not properly configured.
Wizard will show a list of all tasks which can be configured. Select Domain Controller (Active
Directory)

It will show summary for ADS configuration wizard after checking all necessary services.

Click on next to launch ADS configuration wizard

Same wizard can be Launch directly by running DCPROMO.EXE command in run menu

On welcome screen click on next

This screen show that win95 or earlier version of win NT4.0 cannot be the clients of Server 2003
Click on Next
This is the first domain controller in our domain so select Domain controller for a new domain
and click on next

This is the first domain in first forest so select domain in new forest and click on next
Give the full FQDN name of server, we are using example.com for practice you can choose your
own
Wizard will automatically generate NetBIOS name of server don't change it.

ADS is installed in NTDS folder, don't change its default location.

Sysvols is a publically shared folder. It would be automatically share on all clients.

DNS is required by ADS for proper functioning Select second options install and configure DNS
on this computer
If you have any pre windows 2000 client in network then select
Permission compatible with pre windows 2000 server operating systems

If you don't have any pre windows 2000 server operating systems then select
Permissions compatible only with Windows 2000 or Windows 2003 operating systems for
greater security features
Now set directory services restore mode passwords. This is used when you restore directory or
remove ADS.
Click on next after review the summary of your selection if need change of any option go back
and change.

Now wizard will configure all the options you have selected
If you are running this wizard first time then it need to copy some files form Server 2003 CD,
Insert Server 2003 CD when it is asked
We will configure DNS server separately after ADS so skip it here to save time

Click on finish to complete the installation

System reboot is required in order to take place the installation of ADS

After reboot server is a domain controller. In our next article we will learn how to verify that
ADS is configured properly.

How To Verify the Installation of ADS and How to Remove ADS

In our last article we have configured ADS. In this tutorial I will guide you how to check ads
installation. ADS installation can be verify from three methods.

 My computer properties
 Login screen
 Administrator tools

My computer properties

To check wheatear ADS is installed or not on server, right click on my computer and select
properties, now select computer name tab.

If you see here workgroup options means ADS is not configured

If you see here Domain options means ADS is configured

In image below you can see the Domain name mean ADS is configured on this server
Login screen

Server is domain controller or not it can be verify on Login screen also.

If you see logon to: option on login screen mean ADS is configured on this server

Administrator tools

Most reliable testing of ADS is checking in administrator tools. If you see all three options listed
below in administrator tools means ADS is properly configured and functioning.

1. Active Directory Domains and Trusts

2. Active Directory Sites and Services
 3. Active Directory Users and Computers

Removing of ADS

We have tested ADS installation now we would remove ADS so you can learn how to remove
ADS.

 From configure your server wizard

 From manage your server wizard
 From DCPROMO.EXE

Choose any option it would launch same wizard for removing ADS.

To choose configure your server wizard click on start select administrator tools and click on
configure your server. This will launch configure your server window. Same windows can be
access by clicking on start button and select Manage your server.

Click on Add / remove a role

Select Domain controller from list and click on next that will launch ADS remove wizard.

Same wizard can be directly access by running DCPROMO commands in run menu

Click on next to welcome screen

A warning message will appear as this domain controller is the global catalog server click on ok
Check mark on the box of This server is the last domain controller in the domain

Now ADS will remove all DNS information store for this domain Click on next
Wizard will finally confirm you to delete all partitions. Tick mark on Delete all application
directory partitions on this domain controller.

Now set administrator password to login after the removal of ADS

Review all the option you have selected and click on next to remove ADS

Now wizard will start removing ADS it will take few minutes
Click on finish button to complete the wizard
A system reboot will require to take place click on restart now

Removing ADS form registry

Always use configuration wizard to remove ADS. Use registry method only when configuration
wizard fail to remove ADS.

To remove ADS form registry run regedit command in run box

Locate this key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions

In left pane double click on productType

Replace the default LanmanNT to ServerNT and exit from registry

A system reboot will require to take place Restart the system

After restart you will see logon to: option on login screen its normal just select local computer
and login. You can reconfigure ADS after login in local computer.
How to add or remove clients from domain network of server 2003

In a domain network a client is computer where actual works are done by users. All clients are
controlled by the server. In our previous article we have configured Server. Now we need client
computers so user can perform assigned task.

We assume that you have configured server before starting this process.

Pre-quest of client process

 ADS is configured on server 2003 and working

 DNS is configured on server 2003 and working
 Client computer is connected with Server.

Once you have completed necessary steps go on client computer and login form administrator
account.
Right click on My computer and Select Properties In properties click on change button from
Computer name tab

In open window select Domain form Member of radio select pane. And give our server name
that is Example.com. It will ask you to authenticate the joining. We will use default administrator
account of server as we haven't created special account for this purpose.
Give the username to administrator and server administrator’s password.

After few minute a welcome message will appear on screen click on it.

System reboot is required to take the effect. Restart the system

There are several way to confirm that system is client or not. You can confirm on login screen.
If you see the logon to options on login screen means system is the member of domain network.
If you don't found any logon to options here means system is the part of workgroup network.

After login you can check it in My computer properties. Select computer name tab in My
computer properties.

If you see workgroup here mean computer is the part of workgroup network.
If you see the domain here means computer is the part of domain network.

How to disjoin from domain network

We have successfully joined the client in domain. Now we would learn how to remove client
form domain. For practice we would remove the client which we have just added.

Login form local administrative account.

Right click on My computer and Select Properties In properties click on change button from
Computer name tab

In open window select WORKGROUP form Member of radio select pane. And give any name.
It will ask you to authenticate the disjoining. We will use default local administrator account.
Give the username to administrator and local administrator's password.

After few minute a welcome message will appear on screen click on it. System reboot is required
to take the effect. Restart the system

After reboot Verify disjoining process by any method given in above. Either by login screen or
my computer properties.
Administrator account can be used in LAB environments. But in a real company environments
using administrator account for joining or disjoining process create a huge security risk. Always
avoid using administrator account for this process. In our next article we will discuss that how
we can deploy other account for this process.

How to add clients in domain advance method used in Company Environments

Server side Configurations

In our last article we have added client in domain using default administrator account.
Administrator account can be used in LAB environment. But in a real company environment
using administrator account for joining or disjoining process create a huge security risk. Always
avoid using administrator account for this process. In this article for server side process we
would create a special user account.

For this article I assume that

 ADS is configured on server 2003 and working

 DNS is configured on server 2003 and working
 Client computer is connected with Server.

If you miss any of above see our previous articles.

On Server computer Login from administrative account and open Active directory users and
computers.

Right click on Users folder and select User form New options
In open window fill the user information and click on next

On password screen give password and remove tick mark from User must change password at
next login
On summary screen click on Finish button

Verify that you have successfully created user accounts

Now make this user the member of built in Domain Admins group
User must be show in the Member tab of Domain Admins group's properties

Now create a computer account for client computer. Right click on Computers folder And select
Computer from New options
Give client computer name [ Make sure you give exact same name which you have on client
computer, Check it before giving here on client computer ]

On managed screen Do not check on This is a managed computer Click on next

On next screen click on finish

Next step is to grant the access of add client in domain. To do this open domain controller
security policy
In left pane expand the local polices. In local polices select User Rights Assignment and in right
pane double click on Add workstation to domain

Now add administrators [group], administrator [Account], and Vinita[ User which you want to
grant the access]
Now refresh the group policy by running GPUPDATE commands in run

How to add clients in domain advance method used in company environments

client side configurations

This article extends the previous article. We have completed server side configuration.

Pre quest of this tutorial

 Create a user named Vinita

 Add user Vinita in Domain Admins group
 Create a computer account for this client
 Grant Add workstation to domain Rights to user Vinita

We have configured all these steps in our previous article.

On client computer login from administrator account.

Right click on My computer and Select Properties In properties click on Network ID button from
Computer name tab

On welcome screen click on next

On Connecting to network screen select This computer is part of a business network, and I use it
to connect to other computers at work

On next screen select My company uses a network with a domain

On network information screen click on next

On account and domain information screen give user name to Vinita and it's password [ user
account which we created in our previous article] set domain to Example.com [ Your domain
name ] and click on next.

Now it will search for computer account in ADS. [ We have created a computer account for this
computer in ADS in our last article. ] Click on yes
You can use this account to login in server form client computer. But we are not going to use this
account for login process. So select Do not add a user at this time and click on next

After few minute a welcome message will appear on screen click on it.

System reboot is required to take the effect. Restart the system

After reboot system will be the member of domain network. There are several way to confirm
the membership of domain which we already discussed in our previous article.
Microsoft Management Console

The MMC is a powerful framework for organizing and consolidating administrative snap-ins.
Microsoft Windows Server 2003 administrative tools, called snap−ins, enable you to manage
user accounts, modify computer software and service settings, install new hardware, and perform
many other tasks. The Microsoft Management Console (MMC) provides the framework within
which these snap-ins operate.

Click Start, and then select Run.

In the Open text box, type mmc and then click OK.

A blank MMC will appear.

Select the File menu, and then select Add/Remove Snap-In

The Add/Remove Snap-In dialog box appears with the Standalone tab active
There are two types of snap-ins, stand-alone and extension.

Stand-Alone Snap-Ins

Stand-alone snap-ins are provided by the developer of an application. All administrative tools for
Windows Server 2003, for example, are either single snap-in consoles or consoles with a
combination of snap-ins useful to a particular task.

Extension Snap-Ins

Extension snap-ins, or extensions, are designed to work with one or more stand-alone snap-ins.
When you add an extension, Windows Server 2003 places the extension into the appropriate
location within the stand-alone snap-in.

Click Add to display the Add Stand-alone Snap-In dialog box. Locate the snap-in you want to
add, and then click Add.
Many snap-ins prompt you to specify whether you wish to focus the snap-in on the local
computer or another computer on the network.
When you have added all the snap-ins you require, close the dialog boxes.

You could save MMC in two mode author mode and user mode, author mode is default mode To
change the mode click on file and select options
Type of User Mode Description

Author Mode

When you save a console in Author mode, which is the default, you enable full access to all of
the MMC functionality, including:
  Adding or removing snap-ins
 Creating windows
 Creating taskpad views and tasks
 Viewing portions of the console tree
 Changing the options on the console
 Saving the console

User Modes

you should choose the user mode If you plan to distribute an MMC with specific functions. By
default, consoles will be saved in the Administrative Tools folder in the users’ profile.

Full Access
Allows users to navigate between snap-ins, open windows, and access all portions of the console
tree.

Limited Access, Multiple Windows

Prevents users from opening new windows or accessing a portion of the console tree but allows
them to view multiple windows in the console.

Limited Access, Single Window

Prevents users from opening new windows or accessing a portion of the console tree and allows
them to view only one window in the console

To save the customized MMC, select the File menu and then select Save as

Default location of save is $windowInstallationPartition/Document and settings / $username/

Start Menu / Programs / Administrative Tools /
you could change it

After saving you would see a saved mmc console file

How to configure roaming profile, mandatory profile, in server 2003 xp
configuration

Profile is the user setting. A profile is associated with a user account and contains information
such as customized desktop settings, network and printer connections, and mail settings.
Whenever user first time login in any window computer, widow provide them default user
setting and create a folder of user name in Document and setting folder on windows partitions.
Any change made by user will save in this folder. Next time when user login on same computer,
window load this profile.

A local user profile is stored on a local computer's hard disk, and created automatically when
user login first time , if that user account does not already have a roaming profile in place.
Roaming profiles are stored on a network server in a location that is specified for a particular
user account. When you logon to the network for the first time with a particular user account that
has roaming enabled, a roaming profile is automatically created.

In short There are three types of profile.

Local profile :- Created and managed on local system. User is allowed to customize the profile.
All change will save locally.

Roaming Profile:- Created and managed on Server system in a shared folder. User is allowed to
customize the profile. All change will save on servers hard disk.

Mandatory profile : - Created and managed on Server system in a shared folder. User is not
allowed to customize the profile. If user made some change in any login session they will not
save on exit and he will get same default profile on his next login.

Pre quest of this tutorial

 A Server 2003 system with ADS and DNS Configured [ Check our previous articles for how to
configure ADS and DNS ]
 Two clients systems for testing of roaming profile [Check previous articles for how to make
client ]
 A user created in Active Directory User and Computers

We have configured all these steps in our previous article. If you have skipped previous article
then review it before going with this tutorial.
How to configure Roaming profile Server side configuration

Login from administrator account on server and create a folder named profile on any partition .
And Share it with Full Permission for Everyone

To avoid further error do also setting in offline tab. All data of profile folder is going to be save
on server so simple stop the offline availability of folder.
Click on Offline setting and select Files or program from the share will not be available offline

Now open this folder and create a folder named wallpaper in it.

Copy some bitmap images in this folder.

Now In Active directory user and computer

In properties click on profile tab and set profile path to \\ Server name \ Shared folder \ User
name.
In our example server name is server.example.com , shared folder is profile, and user is Vinita.
Replace these with your server name , shared folder name , and user name.

If DNS server is not configured on server then use the IP address of server instead the name of
server like this. \\30.0.0.1\profile\Vintia
When you click on apply and ok in profile tab of user properties. Server creates a folder for user
in shared folder.

Go again in shared folder which you recently created and check it weather is created or not.

It's all settings which you need to do on server.

Client side setting for remaining profile

Login from user on client1

Create folder and file on desktop for testing purpose. Change desktop background. To change
desktop background Right click on desktop and select properties. In properties select desktop and
click on Browse tab and select any background form the folder on Server where you have copied
.bmp image. [ Remember image should be saved on server in share folder and its format must be
in .bmp folder]
Okey we have created one file and folder on desktop and also changed the desktop background.

Now logoff from user and go on other system and login form same account
You will found same profile as you configured on client1. Whatever change you will make in
this profile would save on server and will be available on any computer where this user login.

How to make this profile to mandatory profile

To make this profile mandatory for Vinita user, login to Server and open profile folder. In profile
folder open Vinita folder and rename ntuser.dat file to ntuser.man
If you don't see file extension then click on Tools ==> Folder options ==> view and remove the
tick mark form the options Hide extensions for known file types.

Once roaming profile is converted in mandatory profile . User is no longer allowed to save the
change he made in profile. To test it login in any client system with user Vinita.

Now make any change in profile and logoff form computer. Go on other computer and you will
not find your previous setting.