CHAPTER 3

        ACTIVE DIRECTORY ADMINISTRATION TASKS 

                                            AND TOOLS

 

 

Lesson 1:  Active Directory Administration Tasks

 

The primary Windows 2000 Active directory administration tools are the Active Directory

administrative tools, Microsoft Management consoles and Task Scheduler.

 

Lesson Summary:

 

•   The Active Directory tasks include configuring Active Directory, administering users and groups,

securing network resources, administering Active Directory, administering the desktop computing

environment, securing Active Directory, managing Active Directory performance and installing

2000 remotely.

 

 

Lesson 2:  Active Directory Administrative Tools

 

You can use the standard consoles or using Microsoft Management Console MMC you can create

custom consoles that focus on single management tasks.

 

 

 

Active Directory Administrative Tools

 

The Active Directory administrative tools are installed automatically on computers configured as Windows

2000 domain controllers.  The administrative tools are also available with the optional Administrative Tools

package.  The following Active Directory standard administrative tools are available on the Administrative

Tools menu of all Windows 2000 domain controllers:

 

• Active Directory Domains and Trusts consoles
• Active Directory Sites and Services consoles
• Active Directory Users and Computers Consoles

 

 

 

 

 

 

 

=====================================================================

 

winads3.html                                                  PAGE 2                                                     2002/02/08

 

 

 

Active Directory Domains and Trusts Console

 

The Active Directory domains and Trusts console helps you manage trust relationships between domains. 

These domains can be windows 2000 domains in the same forest, Windows 2000 domains in different

forests, pre-Windows 2000 domains, and even Kerberos V5 realms.

 

 

Use Active Directory Domains and Trusts, you can

 

Provide interoperability with other domains by managing explicit domain trusts.

Change the mode of operation of a Windows 2000 domain from mixed to native mode.

Add and remove alternate user principal name (UPN) suffixes used to create user logon names.

Transfer the domain naming operations master role from one domain controller to another.

Provide information about domain management

 

 

Active Directory Sites and Services Console

 

You can provide information about the physical structure of your network by publishing sites to Active

Directory using the Active Directory Sites and Services console.  Active Directory uses this information

to determine how to replicate directory information and handle service requests.

 

 

Active Directory Users and Computers Console

 

The Active Directory Users and Computers console allows you to add, modify, delete and organize

Windows 2000 user accounts, computer accounts, security and distribution groups, and published

resources in your organization’s directory.  It also allows you to manage domain controllers and OUs.

 

 

Active Directory Schema Snap-in

 

 

This snap-in is not available by default on the Administrative Tools menu.  You must install it, and all

of the Windows 2000 Administration Tools, using Add/Remove Programs in the Control Panel. 

 

 

 

 

 

=====================================================================

 

winads3.html                                                  PAGE 3                                                     2002/02/08

 

 

 

**** UTILITIES DOS AND OTHER PAGE 65 ****

 

Command-line Tool: 

 

• ACLDIAG.EXE
• DFSUTIL.EXE
• DSACLS.EXE
• DSASTAT.EXE
• MOVETREE.EXE
• NETDOM.EXE
• NLTEST.EXE
• REPADMIN.EXE
• SDCHECK.EXE
• SIDwalker
• SHOWACCS.EXE
• SIDEWALK.EXE

 

 

Graphical User Interface Tool (GUI):

 

• LDP.EXE – administration tool, allows LDAP
• REPLMON.EXE – graphically displays replication topology

 

 

Microsoft Management Console snap-in:

 

• ADSI – view all objects in the directory including the schema.

 

 

The Microsoft Management Console (MMC)

 

The MMC is a tool used to create, save and open collections of administrative tools, which are called

console.  When you access the Active Directory administrative tools, you are accessing the MMC

for that tool.  The Active Directory Domains and Trusts, Active Directory Sites and Services, and

Active Directory Users and Computers administrative tools are each a console.

 

There are two types of MMCs:  preconfigured and custom.  Preconfigured MMCs contain commonly

used snap-ins. And they appear on the Administrative Tools menu.

 

 

 

=====================================================================

 

winads3.html                                                  PAGE 4                                                     2002/02/08

 

 

 

Preconfigured MMCs

 

Contain one or more snap-ins that provide the functionality to perform a related set of administrative

tasks.  Function in User mode.  Because preconfigured MMCs are in user mode, you cannot modify them,

save them, or add additional snap-ins.  Vary, depending on the operating system that the computer

is running and the installed Windows 2000 components.  Windows 2000 Server and Windows 2000

Professional have different preconfigured MMCs.

 

Might be added by Windows 2000 when you install additional components. 

 

*** See the list of preconfigured MMC  page 67 ****

 

 

Custom MMCs

 

You can use many of the preconfigured MMCs for administrative tasks.  However, there will be times

when you need to create your own custom MMCs.

Once created, you can do the following with them:

 

• Save the custom MMCs to use again.
• Distribute the custom MMCs to other administrators.
• Use the custom MMCs from any computer to centralize and unify administrative tasks.

 

Creating custom MMCs allows you to meet your administrative requirements by combining snap-ins

that you use to perform common administrative tasks. 

 

Consoles are saved as files and have an .msc extension.  All the settings for the snap-ins contained in the

console are saved and restored when the file is opened, even if the console file is opened on a different

computer or network.

 

 

Console Tree and Details Pane

 

Every MMC has a console tree.  A console tree displays the hierarchical organization of the snap-in

contained with an MMC.

 

The console tree organized snap-ins that are part of an MMC.  This allows you to easily locate a specific

snap-in.  Items that you add to the console tree appear under the console root.  The details pane lists the

contents of the active snap-in.

 

 

 

=====================================================================

 

winads3.html                                                  PAGE 5                                                     2002/02/08

 

 

 

Snap-ins

 

Snap-ins are applications that are designed to work in an MMC.  Use snap-ins to perform administrative

tasks.  There are two types of snap-ins:  standalone snap-ins and extension snap-ins.

 

 

Extension Snap-ins

 

Extension snap-ins are usually referred to simply as extensions.  The following are characteristics of

extensions:

 

Extensions are designed to work with one or more standalone snap-in, based on the function of the

standalone snap-in.  When you add an extension, Windows 2000 displays only extensions that are

compatible with the standalone snap-in.  When you add a snap-in to a console, MMC adds all

available extensions by default.   You can remove any extension from the snap-in.  You can add an

extension to multiple snap-ins.

 

Some standalone snap-ins can use extensions that provide additional functionality, for example,

Computer Management.  However, some snap-ins like Event Viewer can act as a snap-in or an

extension.

 

 

Author Mode

 

When you save an MMC in Author mode, you enable full access to all MMC functionality, which

includes modifying the MMC.  Save the MMC using Author mode to allow those using it to do the

following:

 

• Add or remove snap-ins.
• Create new windows
• View all portions of the console tree
• Save MMCs

 

NOTE:  By default, all new MMCs are saved in Author mode.

 

 

=====================================================================

 

winads3.html                                                  PAGE 6                                                     2002/02/08

 

 

 

 

User Mode

 

Usually, if you plan to distribute an MMC to other administrators, you save the MMC in User mode.

 

There are three types of user mode:  Full Access; Limited Access (Mulitple Windows); Limited

Access (Single Window).

 

 

Lesson Summary:

 

•   The Active Directory Users and Computers, console managers users, and Computers,

security groups and other objects in Active Directory.

•   The MMC is a tool used to create, save and open collections of administrative tools

called consoles.

•   You can create custom MMCs to perform a unique set of administrative tasks.
•   The two available console modes are Author mode and User mode.  When you set an

MMC to User mode, users cannot add snap-ins to, remove snap-ins from, or save the MMC.

 

 

 

Lesson 3:  Using Microsoft Management Consoles

 

 

To select preconfigured MMCs, Start/Programs/Administrative Tools OR Right click My Computer,

and select Manage.

 

 

 

Using MMCs for Remote Administration

 

When you create custom MMCs, you can set up a snap-in for remote administration.  Remote

administration allows you to perform administrative tasks from any location.  To perform remote

administration:

 

•   You can use snap-ins from computers running with different versions of Windows 2000.
•   You must use specific snap-ins designed for remote administration.  If the snap-in is

available for remote administration, Windows 2000 prompts you to choose the target computer to

administer.

 

=====================================================================

 

winads3.html                                                  PAGE 7                                                     2002/02/08

 

 

 

 

Lesson Summary:

 

•   You can create MMCs to perform a unique set of administrative tasks. 
•   The first console contained in the Event Viewer snap-in, which you used to determine the last time

your computer was started.

•   The second custom MMC you created contained the Computer Management snap-in.  After

you created a second customized console, you learned how to restrict the functionality of a

console by removing two of the extensions normally available with the Computer Management

snap-in.

•   You can also remotely administer MMC consoles.

 

 

Lesson 4:  Using Task Scheduler

 

Windows 2000 saves scheduled tasks in the Scheduled Tasks folder, which is in the Control Panel

folder in My computer on the Accessories, System Tools Menu.

 

To use the Task Scheduler to:

 

Run maintenance utilities at specific intervals

Run programs when there is less demand for computer resources

 

Setting up the Scheduler:

 

Control Panel/ Scheduled folder run once selection.  Then go into the Scheduled folder and select

Launch Disk Defragmenter, click the box that says to delete the task when done, set the time ahead

for 2 minutes, and you will see it come up on the screen again.  NOTE:  Does not actually make the

decisions for you, especially if the disk is already cleaned up and does not need defragmenting.

 

 

Lesson Summary:

 

•   Task Scheduler is used to schedule programs and batch files to run once, at regular intervals,

at specific times, or when certain operating system events occurs.

•   Scheduled Tasks can be run from the Control Panel, in the Scheduled Tasks folder.
•   Once you have scheduled a task to run, you can modify any of the options or advanced

features for the task, including the program to be run.

•  You can access Scheduled Tasks on another computer by browsing that computer’s

resources using My Network Places.  This allows you to move task files for maintenance

and then add them to a user’s computer as needed.