70-294读书笔记
Chapter3 Installing and configuring Active Directory
Lesson 3 Verifying Active Directory Installation
1、Verifying Operation of the Directory Services Restore Mode Boot Option
To verify operation of the directory services restore mode boot option, complete the following steps:
1. Restart your computer and press F8 when you see the Boot menu.
2. On the Windows Advanced Options menu, use the arrow keys to select Directory Services Restore Mode, and then press Enter.
3. The Boot menu is displayed again, with the words “Directory Services Restore Mode” displayed in color at the bottom. Select the operating system installation that you want to start, and then press Enter. The computer restarts in directory services
restore mode. This can take a few minutes.
4. On the Welcome To Windows screen, press Ctrl+Alt+Delete. Log on to the local computer using the server’s Administrator account name (specified during server setup,这是在安装操作系统时设定的用户名) and directory services restore mode administrator password (specified during
Active Directory installation,这是在安装AD时设定的还原密码,并且可以修改). Click OK.
注意:You cannot use the name and password of the Active Directory administrator because Active Directory is offline and account verification cannot occur. Rather, the SAM database is used to control access to Active Directory on the local computer while Active Directory is offline.
5. In the Windows Is Running In Safe Mode warning message box, click OK to run the domain controller in safe mode.
6. To return to normal Active Directory operation, restart the computer.
Chater 4 Installing and Managing Domains, Trees, and Forests
Lesson 1 Creating Multiple Domains, Trees, and Forests
1、Creating Multiple Trees
A forest can have one or more trees. However, one tree per forest is considered ideal because it requires fewer administrative
activities. Although the recommended number of trees in a forest is one, you might need to define more than one tree if your organization has more than one DNS name.
2、Creating Multiple Forests
Because Windows Server 2003 domains in a forest share a single schema, configuration container, and global catalog, and are linked by two-way transitive trusts, you should strive to have only one forest for your organization. Ideally, the use of multiple forests should be temporary and reserved for situations such as a merger, acquisition, or partnership where two or more organizations must be joined. By defining multiple forests, you add substantial administrative and usability costs to your organization.
Lesson 2 Renaming and Restructuring Domains and Renaming Domain Controllers
1、Windows Server 2003 allows you to rename a domain(注意是修改域名)
2、Windows Server 2003 also allows you to restructure the hierarchy of domains in your forest so that a domain residing in one domain tree can be moved to another domain tree. Restructuring a forest allows you to move a domain anywhere within the forest it resides in (except the forest root domain); this includes the ability to move a domain so that it becomes the root of its own domain tree.
注意:
You can rename or restructure the domains in a forest only if all domain controllers in the forest are running Windows Server 2003, all domain functional levels in the forest have been raised to Windows Server 2003, and the forest functional level has been raised to Windows Server 2003.
执行以上两个操作需要用到名为:Rendom.exe的工具,The Rendom.exe utility can be found in the \Valueadd\Msft\Mgmt\Domren directory on the Windows Server 2003 CD-ROM.
A domain rename will affect every domain con-troller in your forest and is a thorough multi-step process that requires a detailed understanding of the operation. For detailed information about the domain rename function, see the Readme file found in the same directory.
3、Renaming a Domain Controller(注意是修改与控制器的计算机名)
You can rename a domain controller only if the domain functional level of the domain to which the domain controller is joined is set to Windows Server 2003.
You rename a domain controller by using the Netdom.exe: Windows Domain Manager command-line tool, included with the Windows Support Tools on the Windows Server 2003 Setup CD-ROM. You use the Netdom Computername command to manage the primary and alternate names for a computer.
The Windows Support Tools are included on the Windows Server 2003 CD in the \Sup-port\Tools folder. These tools are intended for use by Microsoft support personnel and experienced users.
Lesson 3 Verifying Active Directory Installation
1、Verifying Operation of the Directory Services Restore Mode Boot Option
To verify operation of the directory services restore mode boot option, complete the following steps:
1. Restart your computer and press F8 when you see the Boot menu.
2. On the Windows Advanced Options menu, use the arrow keys to select Directory Services Restore Mode, and then press Enter.
3. The Boot menu is displayed again, with the words “Directory Services Restore Mode” displayed in color at the bottom. Select the operating system installation that you want to start, and then press Enter. The computer restarts in directory services
restore mode. This can take a few minutes.
4. On the Welcome To Windows screen, press Ctrl+Alt+Delete. Log on to the local computer using the server’s Administrator account name (specified during server setup,这是在安装操作系统时设定的用户名) and directory services restore mode administrator password (specified during
Active Directory installation,这是在安装AD时设定的还原密码,并且可以修改). Click OK.
注意:You cannot use the name and password of the Active Directory administrator because Active Directory is offline and account verification cannot occur. Rather, the SAM database is used to control access to Active Directory on the local computer while Active Directory is offline.
5. In the Windows Is Running In Safe Mode warning message box, click OK to run the domain controller in safe mode.
6. To return to normal Active Directory operation, restart the computer.
Chater 4 Installing and Managing Domains, Trees, and Forests
Lesson 1 Creating Multiple Domains, Trees, and Forests
1、Creating Multiple Trees
A forest can have one or more trees. However, one tree per forest is considered ideal because it requires fewer administrative
activities. Although the recommended number of trees in a forest is one, you might need to define more than one tree if your organization has more than one DNS name.
2、Creating Multiple Forests
Because Windows Server 2003 domains in a forest share a single schema, configuration container, and global catalog, and are linked by two-way transitive trusts, you should strive to have only one forest for your organization. Ideally, the use of multiple forests should be temporary and reserved for situations such as a merger, acquisition, or partnership where two or more organizations must be joined. By defining multiple forests, you add substantial administrative and usability costs to your organization.
Lesson 2 Renaming and Restructuring Domains and Renaming Domain Controllers
1、Windows Server 2003 allows you to rename a domain(注意是修改域名)
2、Windows Server 2003 also allows you to restructure the hierarchy of domains in your forest so that a domain residing in one domain tree can be moved to another domain tree. Restructuring a forest allows you to move a domain anywhere within the forest it resides in (except the forest root domain); this includes the ability to move a domain so that it becomes the root of its own domain tree.
注意:
You can rename or restructure the domains in a forest only if all domain controllers in the forest are running Windows Server 2003, all domain functional levels in the forest have been raised to Windows Server 2003, and the forest functional level has been raised to Windows Server 2003.
执行以上两个操作需要用到名为:Rendom.exe的工具,The Rendom.exe utility can be found in the \Valueadd\Msft\Mgmt\Domren directory on the Windows Server 2003 CD-ROM.
A domain rename will affect every domain con-troller in your forest and is a thorough multi-step process that requires a detailed understanding of the operation. For detailed information about the domain rename function, see the Readme file found in the same directory.
3、Renaming a Domain Controller(注意是修改与控制器的计算机名)
You can rename a domain controller only if the domain functional level of the domain to which the domain controller is joined is set to Windows Server 2003.
You rename a domain controller by using the Netdom.exe: Windows Domain Manager command-line tool, included with the Windows Support Tools on the Windows Server 2003 Setup CD-ROM. You use the Netdom Computername command to manage the primary and alternate names for a computer.
The Windows Support Tools are included on the Windows Server 2003 CD in the \Sup-port\Tools folder. These tools are intended for use by Microsoft support personnel and experienced users.
