Windows Server 2008 (P1)
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (249.6 KB, 30 trang )
Windows
Server
®
2008
UNLEASHED
800 East 96th Street, Indianapolis, Indiana 46240 USA
Rand Morimoto, Ph.D., MCSE, CISSP
Michael Noel, MCSE+I, CISSP, MCSA, MVP
Omar Droubi, MCSE
Ross Mistry, MCTS, MCDBA, MCSE
Chris Amaris, MCSE, CISSP
Windows Server
®
2008 Unleashed
Copyright © 2008 by Sams Publishing
All rights reserved. No part of this book shall be reproduced, stored in a
retrieval system, or transmitted by any means, electronic, mechanical, photo-
copying, recording, or otherwise, without written permission from the publisher.
No patent liability is assumed with respect to the use of the information
contained herein. Although every precaution has been taken in the preparation
of this book, the publisher and author assume no responsibility for errors or
omissions. Nor is any liability assumed for damages resulting from the use of
the information contained herein.
ISBN-13: 978-0-672-32930-2
ISBN-10: 0-672-32930-1
Library of Congress Cataloging-in-Publication Data is on file
Printed in the United States of America
First Printing: February 2008
Trademarks
All terms mentioned in this book that are known to be trademarks or service
marks have been appropriately capitalized. Sams Publishing cannot attest to
the accuracy of this information. Use of a term in this book should not be
regarded as affecting the validity of any trademark or service mark.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate
as possible, but no warranty or fitness is implied. The information provided is
on an “as is” basis. The authors and the publisher shall have neither liability
nor responsibility to any person or entity with respect to any loss or damages
arising from the information contained in this book.
Bulk Sales
Sams Publishing offers excellent discounts on this book when ordered in quan-
tity for bulk purchases or special sales. For more information, please contact
U.S. Corporate and Government Sales
1-800-382-3419
For sales outside of the U.S., please contact
International Sales
Editor-in-Chief
Karen Gettman
Senior Acquisitions Editor
Neil Rowe
Development Editor
Mark Renfrow
Managing Editor
Gina Kanouse
Project Editor
Betsy Harris
Copy Editor
Karen Annett
Senior Indexer
Cheryl Lenser
Proofreader
Kathy Ruiz
Technical Editor
Jeff Guillet, MCSE:
Messaging, MCSA,
MCP+I, CISSP
Publishing Coordinator
Cindy Teeters
Book Designer
Gary Adair
Senior Compositor
Jake McFarland
Contributing Writers
Kimberly Amaris, PMP
Scott G. Chimner, CISSP,
MCSE, MCSA
Stefan Garaygay, MCSE
Jeff Guillet, MCSE:
Messaging, MCSA,
MCP+I, CISSP
Robert Jue, MCSE, MCDBA
Tyson Kopczynski, CISSP,
GSEC, GCIH, MCSE Security
Alec Minty, MCSE
Shirmattie Seenarine
Colin Spence, MCP
James V. Walker, MCP, MCSE
Chris Wallace, MCSA, MCSE
Contents at a Glance
Part I Windows Server 2008 Overview
1 Windows Server 2008 Technology Primer
............................................
3
2 Planning, Prototyping, Migrating, and Deploying Windows
Server 2008 Best Practices
................................................................
39
3 Installing Windows Server 2008 and Server Core
.................................
73
Part II Windows Server 2008 Active Directory
4 Active Directory Domain Services Primer
..........................................
105
5 Designing a Windows Server 2008 Active Directory
............................
139
6 Designing Organizational Unit and Group Structure
...........................
165
7 Active Directory Infrastructure
........................................................
185
8 Creating Federated Forests and Lightweight Directories
.......................
217
9 Integrating Active Directory in a UNIX Environment
.........................
235
Part III Networking Services
10 Domain Name System and IPv6
......................................................
251
11 DHCP/WINS/Domain Controllers
...................................................
297
12 Internet Information Services
.........................................................
331
Part IV Security
13 Sever-Level Security
......................................................................
375
14 Transport-Level Security
................................................................
399
15 Security Policies, Network Policy Server, and Network
Access Protection
..........................................................................
415
Part V Migrating to Windows Server 2008
16 Migrating from Windows 2000/2003 to Windows Server 2008
.............
439
17 Compatibility Testing for Windows Server 2008
.................................
473
Part VI Windows Server 2008 Administration and Management
18 Windows Server 2008 Administration
..............................................
499
19 Windows Server 2008 Group Policies and Policy Management
.............
533
20 Windows Server 2008 Management and Maintenance Practices
............
581
21 Automating Tasks Using PowerShell Scripting
...................................
639
22 Documenting a Windows Server 2008 Environment
...........................
685
23 Integrating Systems Center Operations Manager 2007 with
Windows Server 2008
....................................................................
715
Part VII Remote and Mobile Technologies
24 Server-to-Client Remote and Mobile Access
.......................................
737
25 Terminal Services
..........................................................................
783
Part VIII Desktop Administration
26 Windows Server 2008 Administration Tools for Desktops
....................
839
27 Group Policy Management for Network Clients
.................................
865
Part IX Fault Tolerance Technologies
28 File System Management and Fault Tolerance
....................................
935
29 System-Level Fault Tolerance (Clustering/Network Load Balancing)
......
993
30 Backing Up the Windows Server 2008 Environment
.........................
1043
31 Recovering from a Disaster
...........................................................
1077
Part X Optimizing, Tuning, Debugging, and Problem Solving
32 Optimizing Windows Server 2008 for Branch
Office Communications
...............................................................
1111
33 Logging and Debugging
...............................................................
1145
34 Capacity Analysis and Performance Optimization
............................
1189
Part XI Integrated Windows Application Services
35 Windows SharePoint Services 3.0
...................................................
1233
36 Windows Media Services
..............................................................
1281
37 Deploying and Using Windows Virtualization
.................................
1313
Index
........................................................................................
1339
Table of Contents
Introduction xlix
Part I Windows Server 2008 Overview
1 Windows Server 2008 Technology Primer 3
Windows Server 2008 Defined
...........................................................
3
Windows 2008 Under the Hood
.................................................
4
Windows Server 2008 as an Application Server
..............................
6
When Is the Right Time to Migrate?
...................................................
8
Adding a Windows Server 2008 System to a
Windows 2000/2003 Environment
............................................
8
Migrating from Windows 2000/2003 Active Directory to
Windows Server 2008 Active Directory
......................................
9
Versions of Windows Server 2008
.......................................................
9
Windows Server 2008, Standard Edition
.....................................
10
Windows Server 2008, Enterprise Edition
...................................
10
Windows Server 2008, Datacenter Edition
..................................
11
Windows Web Server 2008
.......................................................
11
Windows Server 2008 Server Core
.............................................
12
What’s New and What’s the Same About Windows Server 2008?
............
13
Visual Changes in Windows Server 2008
....................................
13
Continuation of the Forest and Domain Model
...........................
13
Changes That Simplify Tasks
....................................................
14
Increased Support for Standards
................................................
16
Changes in Active Directory
............................................................
16
Renaming Active Directory to Active Directory Domain Services
....
17
Renaming Active Directory in Application Mode to
Active Directory Lightweight Directory Service
..........................
17
Expansion of the Active Directory Federation Services
..................
17
Introducing the Read-Only Domain Controller
...........................
18
Windows Server 2008 Benefits for Administration
...............................
18
Improvements in the Group Policy Management
.........................
19
Introducing Performance and Reliability Monitoring Tools
............
20
Leveraging File Server Resource Manager
....................................
21
Introduction of Windows Deployment Services
...........................
21
Improvements in Security in Windows Server 2008
.............................
22
Enhancing the Windows Server 2008 Security Subsystem
..............
22
Transport Security Using IPSec and Certificate Services
.................
23
Security Policies, Policy Management, and Supporting
Tools for Policy Enforcement
..................................................
23
Improvements in Windows Server 2008 for Better
Branch Office Support
...................................................................
23
Read-Only Domain Controllers for the Branch Office
...................
24
BitLocker for Server Security
.....................................................
24
Distributed File System Replication
............................................
25
Improvements in Distributed Administration
..............................
26
Improvements for Thin Client Terminal Services
.................................
26
Improvements in RDP v6.x for Better Client Capabilities
..............
26
Terminal Services Web Access
...................................................
27
Terminal Services Gateway
.......................................................
28
Terminal Services Remote Programs
...........................................
28
Improvements in Clustering and Storage Area Network Support
.............
29
No Single Point of Failure in Clustering
.....................................
29
Stretched Clusters
...................................................................
30
Improved Support for Storage Area Networks
..............................
30
Improvements in Server Roles in Windows Server 2008
........................
30
Introducing Internet Information Services 7.0
.............................
30
Windows SharePoint Services
...................................................
31
Windows Rights Management Services
.......................................
31
Windows Server Virtualization
..................................................
32
Identifying Which Windows Server 2008 Service to Install or
Migrate to First
............................................................................
33
Windows Server 2008 Core to an Active Directory Environment
....
33
Windows Server 2008 Running Built-in Application
Server Functions
...................................................................
34
Windows Server 2008 Running Add-in Applications
Server Functions
...................................................................
36
2 Planning, Prototyping, Migrating, and Deploying Windows Server 2008
Best Practices 39
Determining the Scope of Your Project
..............................................
40
Identifying the Business Goals and Objectives to Implement Windows
Server 2008
.................................................................................
40
High-Level Business Goals
........................................................
41
Business Unit or Departmental Goals
.........................................
42
Identifying the Technical Goals and Objectives to Implement
Windows Server 2008
...................................................................
43
Defining the Scope of the Work
................................................
44
Determining the Time Frame for Implementation or Migration
......
46
Defining the Participants of the Design and Deployment Teams
.....
48
Windows Server 2008 Unleashed
vi
The Discovery Phase: Understanding the Existing Environment
.............
49
Understanding the Geographical Depth and Breadth
....................
51
Managing Information Overload
...............................................
52
The Design Phase: Documenting the Vision and the Plan
.....................
52
Collaboration Sessions: Making the Design Decisions
...................
53
Organizing Information for a Structured Design Document
...........
54
Windows Server 2008 Design Decisions
......................................
55
Agreeing on the Design
...........................................................
56
The Migration Planning Phase: Documenting the Process for
Migration
...................................................................................
57
Time for the Project Plan
.........................................................
57
Speed Versus Risk
...................................................................
58
Creating the Migration Document
............................................
59
The Prototype Phase: Creating and Testing the Plan
.............................
62
How Do You Build the Lab?
.....................................................
63
Results of the Lab Testing Environment
.....................................
63
The Pilot Phase: Validating the Plan to a Limited Number of Users
.........
64
The First Server in the Pilot
......................................................
65
Rolling Out the Pilot Phase
......................................................
66
Fixing Problems in the Pilot Phase
............................................
67
Documenting the Results of the Pilot
.........................................
67
The Migration/Implementation Phase: Conducting the Migration or
Installation
.................................................................................
67
Verifying End-User Satisfaction
.................................................
67
Supporting the New Windows Server 2008 Environment
..............
68
3 Installing Windows Server 2008 and Server Core 73
Preplanning and Preparing a Server Installation
..................................
73
Verifying Minimum Hardware Requirements
...............................
74
Choosing the Appropriate Windows Edition
...............................
75
Choosing a New Installation or an Upgrade
................................
75
Determining the Type of Server to Install
...................................
77
Gathering the Information Necessary to Proceed
.........................
77
Backing Up Files
.....................................................................
79
Installing a Clean Version of Windows Server 2008 Operating System
.....
79
1. Customizing the Language, Time, Currency, and Keyboard
Preferences
..........................................................................
80
2. The Install Now Page
...........................................................
80
3. Entering the Product Key
.....................................................
80
4. Selecting the Type of Operating System to Install
.....................
81
5. Accepting the Terms of the Windows Server 2008 License
..........
82
6. Selecting the Type of Windows Server 2008 Installation
............
82
Contents
vii
7. Selecting the Location for the Installation
...............................
82
8. Finalizing the Installation and Customizing the Configuration
...
83
Upgrading to Windows Server 2008
..................................................
88
Backing Up the Server
.............................................................
88
Verifying System Compatibility
................................................
89
Ensuring the Drivers Are Digitally Signed
...................................
89
Performing Additional Tasks
.....................................................
89
Performing the Upgrade
..........................................................
90
Understanding Server Core Installation
..............................................
93
Performing a Server Core Installation
.........................................
93
Managing and Configuring a Server Core Installation
..........................
95
Launching the Command Prompt in a Server Core Installation
......
95
Changing the Server Core Administrator’s Password
.....................
95
Changing the Server Core Machine Name
..................................
96
Assigning a Static IPV4 IP Address and DNS Settings
....................
96
Adding the Server Core System to a Domain
...............................
97
Server Core Roles and Feature Installations
.................................
97
Installing the Active Directory Domain Services Role
....................
99
Performing an Unattended Windows Server 2008 Installation
..............
100
Part II Windows Server 2008 Active Directory
4 Active Directory Domain Services Primer 105
Examining the Evolution of Directory Services
..................................
106
Reviewing the Original Microsoft Directory Systems
...................
106
Numbering the Key Features of Active Directory
Domain Services
.................................................................
107
Understanding the Development of AD DS
.......................................
107
Detailing Microsoft’s Adoption of Internet Standards
..................
108
Examining AD DS’s Structure
..........................................................
108
Understanding the AD DS Domain
..........................................
108
Describing AD DS Domain Trees
.............................................
109
Describing Forests in AD DS
...................................................
110
Numbering the AD DS Authentication Modes
...........................
110
Outlining Functional Levels in Windows Server 2008 AD DS
.......
110
Outlining AD DS’s Components
......................................................
111
Understanding AD DS’s X.500 Roots
........................................
111
Conceptualizing the AD DS Schema
.........................................
112
Defining the Lightweight Directory Access Protocol (LDAP)
.........
113
Detailing Multimaster Replication with AD DS
Domain Controllers
............................................................
114
Windows Server 2008 Unleashed
viii
Conceptualizing the Global Catalog and Global Catalog Servers
...
114
Numbering the Operations Master (OM) Roles
...........................
114
Understanding Domain Trusts
........................................................
116
Conceptualizing Transitive Trusts
............................................
116
Understanding Explicit Trusts
.................................................
116
Defining Organizational Units
........................................................
118
Determining Domain Usage Versus OU Usage
...........................
118
Outlining the Role of Groups in an AD DS Environment
....................
119
Choosing Between OUs and Groups
........................................
121
Explaining AD DS Replication
........................................................
121
Sites, Site Links, and Site Link Bridgeheads
................................
121
Understanding Originating Writes
...........................................
123
Outlining the Role of DNS in AD DS
................................................
123
Examining DNS Namespace Concepts
......................................
123
Comprehending Dynamic DNS
...............................................
124
Comparing Standard DNS Zones and AD-Integrated DNS Zones
...
125
Understanding How AD DS DNS Works with Foreign DNS
...........
125
Outlining AD DS Security
..............................................................
125
Understanding Kerberos Authentication
...................................
125
Taking Additional Security Precautions
.....................................
126
Outlining AD DS Changes in Windows Server 2008
...........................
126
Restarting AD DS on a Domain Controller
................................
126
Implementing Multiple Password Policies per Domain
................
127
Auditing Changes Made to AD Objects
.....................................
132
Reviewing Additional Active Directory Services
..........................
133
Examining Additional Windows Server 2008 AD DS
Improvements
....................................................................
134
Reviewing Legacy Windows Server 2003 Active Directory
Improvements
....................................................................
134
5 Designing a Windows Server 2008 Active Directory 139
Understanding AD DS Domain Design
.............................................
139
Examining Domain Trusts
......................................................
140
Choosing a Domain Namespace
......................................................
141
Choosing an External (Published) Namespace
...........................
141
Choosing an Internal Namespace
............................................
142
Examining Domain Design Features
................................................
142
Choosing a Domain Structure
.........................................................
143
Understanding the Single Domain Model
.........................................
144
Choosing the Single Domain Model
........................................
145
Exploring a Single Domain Real-World Design Example
..............
146
Contents
ix
Understanding the Multiple Domain Model
......................................
147
Choosing When to Add Additional Domains
.............................
148
Exploring a Multiple Domain Real-World Design Example
...........
149
Understanding the Multiple Trees in a Single Forest Model
..................
150
Choosing When to Deploy a Multiple Tree Domain Model
..........
150
Examining a Multiple Tree Domain Real-World Design Example
...
151
Understanding the Federated Forests Design Model
............................
151
Determining When to Choose Federated Forests
........................
153
Exploring a Federated Forests Real-World Design Example
...........
153
Understanding the Empty-Root Domain Model
.................................
154
Determining When to Choose the Empty-Root Model
................
156
Examining a Real-World Empty-Root Domain Design Example
.....
157
Understanding the Placeholder Domain Model
.................................
158
Examining a Placeholder Domain Real-World Design Example
.....
158
Understanding the Special-Purpose Domain Design Model
..................
159
Examining a Special-Purpose Domain Real-World
Design Example
..................................................................
160
Renaming an AD DS Domain
.........................................................
160
Domain Rename Limitations
..................................................
161
Outlining Domain Rename Prerequisites
..................................
161
Renaming a Domain
.............................................................
161
6 Designing Organizational Unit and Group Structure 165
Defining Organizational Units in AD DS
..........................................
166
Defining AD Groups
.....................................................................
168
Outlining Group Types: Security or Distribution
........................
168
Understanding Group Scope
...................................................
170
Examining OU and Group Design
...................................................
171
Starting an OU Design
...................................................................
172
Examining Overuse of OUs in Domain Design
...........................
173
OU Flexibility
......................................................................
173
Using OUs to Delegate Administration
.............................................
174
Group Policies and OU Design
........................................................
175
Understanding Group Design
.........................................................
177
Detailing Best Practice for Groups
............................................
177
Establishing Group Naming Standards
.....................................
178
Group Nesting
.....................................................................
178
Designing Distribution Groups
...............................................
178
Exploring Sample Design Models
....................................................
178
Examining a Business Function–Based Design
............................
178
Understanding Geographically Based Design
.............................
181
Windows Server 2008 Unleashed
x
7 Active Directory Infrastructure 185
Understanding AD DS Replication in Depth
......................................
185
Understanding the Role of Replication in AD DS
........................
186
Outlining Multimaster Topology Concepts
................................
186
Explaining Update Sequence Numbers (USNs)
...........................
186
Describing Replication Collisions
............................................
187
Understanding Property Version Numbers
................................
187
Describing Connection Objects
...............................................
188
Understanding Replication Latency
.........................................
189
Understanding Active Directory Sites
...............................................
190
Outlining Windows Server 2008 Site Improvements
...................
191
Associating Subnets with Sites
.................................................
191
Using Site Links
....................................................................
192
Defining Site Link Bridging
....................................................
194
Understanding the Knowledge Consistency Checker
(KCC) and the Intersite Topology Generator (ISTG)
..................
195
Detailing Site Cost
................................................................
195
Utilizing Preferred Site Link Bridgeheads
...................................
197
Deploying AD DS Domain Controllers on Server Core
................
197
Planning Replication Topology
.......................................................
198
Mapping Site Design into Network Design
................................
198
Establishing Sites
..................................................................
198
Choosing Between One Site or Many Sites
................................
199
Associating Subnets with Sites
.................................................
200
Determining Site Links and Site Link Costs
...............................
200
Choosing Replication Scheduling
............................................
200
Choosing SMTP or IP Replication
............................................
201
Windows Server 2008 Replication Enhancements
.......................
201
Domain Controller Promotion from Media
...............................
201
Identifying Linked-Value Replication/Universal Group
Membership Caching
..........................................................
202
Removing Lingering Objects
...................................................
203
Disabling Replication Compression
..........................................
203
Understanding How AD Avoids Full Synchronization of Global
Catalog with Schema Changes
..............................................
204
Intersite Topology Generator Algorithm Improvements
...............
204
Outlining Windows Server 2008 IPv6 Support
...................................
204
Defining the Structure of IPv6
................................................
205
Understanding IPv6 Addressing
...............................................
206
Migrating to IPv6
.................................................................
207
Making the Leap to IPv6
........................................................
207
Contents
xi
