WINDOWS 2003 SERVER ROLES

• File server
• Print server
• Application server
• Mail server
• Terminal Services server
• Streaming media server
• Remote Access/VPN server
• Domain controller
• Database server
• Web (IIS) server
• DNS server
• DHCP server
• WINS server
 Active Directory
• What is Active Directory?
– LDAP Directory Service
– Works with and requires DNS
– Incorporated into Windows 2000 and XP
– Centrally Managed
– Extensible
– Interoperable
 How Boot Files Function
BIOS reads the contents NTLDR switches back to 16-bit
1 of the MBR 5 mode, loads ntdetect.com

Boot sector program reads the NTLDR loads into memory,

2 root directory and loads 6 reads the resource map that
Windows 2003 Loader NTDETECT builds

NTLDR loads basic memory

NTLDR switches system back to
3 configuration and switches to 7 protected mode
32-bit mode (protected mode)

NTLDR reads boot.ini NTLDR starts run process for

4 and runs OS 8 NTOSKRNL
 Active Directory
• Password Replication
– Password changes can happen on any DC
– When a password is changed on a DC it pushes
that change immediately to the PDC Emulator
– Before a server actually rejects a bad password,
it contacts the PDC Emulator and verifies it there
– This makes sure that a password change does
not deny access
 Common DNS Problems
On Domain Members

• UserEnv 1000 unable to determine

computer name or username
– Q261007
• Group policies are not being applied
• Unable to resolve to Internet
• Unable to find and/or join domain
– Q247811
• Logon delay while preparing network
connections
 Common DNS Problems
On Domain Controller
• Registration or deregistration of DNS
records fails
– Q259277
• Replication between DCs fails because of
RPC error
– Q224544
• Terminal Services unable to find Licensing
server
– Q261110
 Common DNS Problems
On Domain Controller
• Unable to DCPROMO second DC because
of DNS lookup failure
• Unable to establish trust between domains
– Q224370
• DC fails to register SRV records because of
incorrect FQDN
• Unable to add DNS forwarders
– Q229840
• More than 15 IP address on DC
– Q261197
 Backup Types
• Backup types include:
– Normal backup
– Incremental backup
– Differential backup
– Daily backup
– Copy backup
• Normal/full backups All files that have been selected are backed up, regardless of the
setting of the archive attribute. When a file is backed up, the archive attribute is cleared.
If the file is later modified, this attribute is set, which indicates that the file needs to be
backed up.

• Copy backups All files that have been selected are backed up, regardless of the setting
of the archive attribute. Unlike a normal backup, the archive attribute on files isn't
modified. This allows you to perform other types of backups on the files at a later date.

• Differential backups Designed to create backup copies of files that have changed since
the last normal backup. The presence of the archive attribute indicates that the file has
been modified and only files with this attribute are backed up. However, the archive
attribute on files isn't modified. This allows you to perform other types of backups on the
files at a later date.

• Incremental backups Designed to create backups of files that have changed since the
most recent normal or incremental backup. The presence of the archive attribute
indicates that the file has been modified and only files with this attribute are backed up.
When a file is backed up, the archive attribute is cleared. If the file is later modified, this
attribute is set, which indicates that the file needs to be backed up.

• Daily backups Designed to back up files using the modification date on the file itself. If a
file has been modified on the same day as the backup, the file will be backed up. This
technique doesn't change the archive attributes of files.

• Archive attribute A file classification that indicates whether the file has been updated
since the last backup. A bit is set in the file directory to indicate the archive status. When
a file is created or saved, the bit is turned on. When it is backed up, the bit is turned off.
See file attribute
 Normal Backup
• Default type of backup performed by
Backup utility
• Backs up all selected files and folders and
clears the archive attribute on each
• This type of backup can be inefficient
because it does not take into account
whether files have changed
 Incremental Backup
• Backs up only files that have changed since last normal or incremental backup
• Clears the archive attributes of the files
• Reduces the size of backup jobs
• Restore process is more complicated
– Normal backup and all incremental backups must be restored in order
The incremental back up only those files that have been created or
changed since last incremental or normal backup. It also marks
the files as having been backed up. A combination of Normal
backups and Incremental backups is common, and also a very
good combination. It also requires the least amount if storage
space and is fast for backing up the data. The disadvantage of
this is that it’s time-consuming to recover files, simply because
you need the last normal backup set and all incremental backup
sets, which can be stored on several backup drives or tapes
Incremental Backup (continued)
 Differential Backup
• Backs up only files that have changed since last normal or incremental
backup
• Does not clear the archive attributes of those files
– A second differential backup will back up the same files since the
first backup is not recorded by the archive attributes
• Reduces the size of backup jobs compared to
normal backups but not incremental backups
• Restore process requires only the normal backup and the latest
differential backup
• because differential backups does not mark files as having been
backed up. A combination of differential backups and normal backups
is more time-consuming concerning the backup part then the
incremental + normal backups are. But on the other hand it is faster to
restore data because all you need is the last normal backup and the
last differential backup.
Differential Backup (continued)
When you back up or restore the System State data, all of the System
State data that is relevant to your computer is backed up or restored. You
cannot back up or restore individual components of the System State
data because of dependencies among the System State components.
However, you can restore the System State data to an alternate location.
If you do this, only the registry files, SYSVOL directory files, Cluster
database information files, and system boot files are restored to the
alternate location. Active Directory, the Certificate Services database,
and the COM+ Class Registration database are not restored if you
designate an alternate location when you restore the System State data.
Daily Backup and Copy Backup
• Daily Backup
– Backs up selected files or folders that were created or changed on the day of
the backup
– The archive attribute is not changed
– The daily backup copies all the files that you have selected that have been
modified on the day, without marking the files as having been backed up.

• Copy Backup
– Exactly the same as a normal backup but doesn’t change the archive attribute
– Intended as a backup that will not interrupt other backup procedures (perhaps
an archival copy)
– A copy backup copies all the files you have selected, but does not mark
the files as having been backed up. This backup type is useful when you
must backup single files between normal and incremental backups
because it does not affect these operations
 Using the Backup Utility

• Commonly used to back up critical data

and operating system files
• Can be used in two modes: Wizard mode
and Advanced mode
• Can be used to
– Back up System State data
– Restore Active Directory
– Access Automated System Restore feature
Using the Backup Utility
(continued)
 Activity 12-1: Backing Up Files
and Folders Using the Backup
Utility
• Objective: To explore the use of Windows
Server 2003 Backup utility for backing up
files and folders
• Start  All Programs  Accessories 
System Tools  Backup
• Use Advanced Mode to back up the
contents of a folder
Activity 12-1 (continued)
Activity 12-1 (continued)
 Activity 12-2: Restoring Files
and Folders Using the Backup
Utility
• Objective: To use Backup utility to restore
previously backed up files
• Start  Run  type ntbackup.exe 
Advanced Mode
• Follow directions to restore the files backed
up in Activity 12-1 to an alternate location
• Verify that the files have been restored
Activity 12-2 (continued)
 Scheduling Backups
• Backups can be scheduled to occur
without interaction from an administrator
• Can schedule backups daily, weekly,
monthly, predefined times, predefined
days
Scheduling Backups (continued)
 Activity 12-3: Scheduling
Backup Operations Using the
Backup Utility
• Objective: Use the Windows Server 2003
Backup utility to schedule a backup
• Open the Backup utility and use the Backup
and Restore Wizard
• Set the Schedule Job to Daily and select a
time
• Confirm that the backup has been scheduled
• Confirm that the backup occurs as scheduled
Activity 12-3 (continued)
 Backing Up and Restoring
System State Data
• System State data includes:
– Registry (always)
– COM+ Class Registration database (always)
– Boot files (always)
– Certificate Services database (if installed)
– Active Directory (on domain controllers)
– SYSVOL directory (on domain controllers)
– Cluster service (if part of a cluster)
– IIS Metadirectory (if IIS is installed)
– System files (always)
 Feature Highlights
• Active Directory Functional Levels
– Determines what OS DCs can run
• Forest
– Windows 2000 (NT/2000/2003) – Default
– Windows Server 2003 interim (NT/2003)
– Windows Server 2003 (2003)
• Domain
– Windows 2000 mixed (NT/2000/2003) – Default
– Windows 2000 native (2000/2003)
– Windows Server 2003 interim (NT/2003)
– Windows Server 2003 (2003)
– To raise forest functionality, you must be a member of
Enterprise Admins
– To raise domain functionality, you must be a member of
Domain Admins or Enterprise Admins
 Feature Highlights
• Group Policy
• Many new settings (as in Windows XP Pro)
• RSOP – Resultant Set of Policy
• Cross-Forest Support
• Modeling (calculate net effect of multiple GPOs)
• WMI Filters
• GPMC Coming Soon – Enables
– Backup and restore of Group Policy objects (GPOs)
– Import/export and copy/paste of GPOs
– Reporting of GPO settings and Resultant Set of Policy (RSoP) data
– Use of templates for managed configurations
– All GPMC operations to be scripted
– Management of all sites and domains and multiple forests
– Drag-and-Drop support
 TERMINAL SERVICES
TROUBLESHOOTING
• Terminal Services uses TCP and UDP
port number 3389.
• Users must belong to the Administrators
or Remote Desktop Users group.
 SECURING REMOTE
DESKTOP
• Change the default RDP port 3389
– HKEY_LOCAL_MACHINE\
• System\
– CurrentControlSet\
» Control\TerminalServer\WinStations\RDP-
Tcp\PortNumber
 INSTALLING AND
CONFIGURING REMOTE
DESKTOP CONNECTION
Remote Desktop Connection client software can be
installed from the following locations:
• The Windows Server 2003 distribution CD
• The
Systemroot\System32\Clients\Tsclient\Win
32 folder
 SUMMARY
• Local user accounts are stored on the local system and can
provide users with access only to local resources. Domain user
accounts are stored on Active Directory domain controllers and
can provide users with access to resources all over the network.
• User objects include the properties related to the individuals
they represent.
• A user object template is an object that is copied to produce
new users. If the template is not a “real” user, it should be
disabled. Only a subset of user properties is copied from
templates.
• Windows Server 2003 includes command-line tools that you can
use to create and manage Active Directory objects, including
Csvde.exe, Dsadd.exe, and Dsmod.exe.
• A user profile is a collection of folders and data that
make up the desktop environment for a specific user.
• Windows Server 2003 generates an individual user
profile for each person who logs on to the system. Local
user profiles are stored on the local drive, whereas a
roaming user profile is stored on a network server.
• A mandatory user profile is one that never changes,
providing the same desktop configuration each time the
user logs on.
• Auditing for authentication allows you to track logon
activity for the network.
• A group is an object that consists of a list of users.
• All permissions assigned to the group are inherited by its
members.
• The domain functional level determines which group
types and scopes you can use, which groups can be
nested, and which group conversions you can perform.
• Security groups can be assigned permissions, while
distribution groups are used for query containers, such
as e-mail distribution groups, and cannot be assigned
permissions to a resource.
• Domain local groups are used for assigning
permissions to resources. Global groups are
used for gathering together users with similar
resource requirements. Universal groups are
used primarily to grant access to related
resources in multiple domains.
• You can create domain groups in any
container or OU in the Active Directory tree.
 SUMMARY (continued)
• Group nesting refers to the ability to make
one group a member of another group.
• Command-line tools such as Dsadd.exe,
Dsmod.exe, and Dsget.exe allow you to
automate group management tasks.
 Volume Shadow Copy Technology

• This is a new technology in Windows Server 2003 that did not exist in Windows 2000
Server. This technology is used to create a copy of the original volume at the time a
backup is initiated. Data is then backed up from the shadow copy instead of the
original volume. By doing this, all activity such as file changes, will not affect the
backup, because it is using the shadow copy instead, which is not changed. So with
this new feature users can access files during a backup, files are not skipped
because they were in use, files open appears to be closed.
• You should use Volume Shadow Copy, but you can disable it. The only time when
you want to disable it is when you don’t have enough free disk space. As you can
imagine you need as much extra disk space as the file you will backup uses. This
consumption of disk space is however temporarily and will be free when the backup is
completed.
• If sufficient temporary disk space is not available Windows Server 2003 cannot
complete shadow copy and the backup will skip open files.
• To use this feature you must use NTFS as file system.
• Volume Shadow Copy does not mean that you from now on can backup when the
server usage is high. You should always backup when it’s low, for example at nights
and weekends.