Module 5: Enhancing File and Print Servers with Active Directory Contents Overview Multimedia: Concepts of Microsoft Windows 2000 Active Directory Introduction to Active Directory Enhancing File Servers with Active Directory 13 Enhancing Print Servers with Active Directory 20 Review 25 Information in this document is subject to change without notice The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted Complying with all applicable copyright laws is the responsibility of the user No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation If, however, your only means of access is electronic, permission to print one copy is hereby granted Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property  2000 Microsoft Corporation All rights reserved Microsoft, Active Directory, BackOffice, MS-DOS, PowerPoint, Visual Studio, Windows, Windows Media, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A and/or other countries The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted Other product and company names mentioned herein may be the trademarks of their respective owners Project Lead and Instructional Designer: Rick Selby Project Revision Leads: Red Johnston; Jaswinder Singh Lamba (NIIT [USA] Inc.) Revision Development: NIIT (USA) Inc Instructional Designers: Victoria Fodale (ComputerPREP, Inc); Barbara Pelletier (S&T OnSite) Program Manager: Rodney Miller Testing Leads: Sid Benavente, Keith Cotton Testing Developer: Greg Stemp (S&T OnSite) Courseware Test Engineers: Jeff Clark; Jim Toland (ComputerPREP, Inc) Graphic Artist: Julie Stone (Independent Contractor) Editing Manager: Lynette Skinner Editor: Kelly Baker (Write Stuff) Copy Editor: Kathy Toney (S&T Consulting) Online Program Manager: Debbi Conger Online Publications Manager: Arlo Emerson (Aquent Partners) Online Support: Eric Brandt (S&T OnSite) Multimedia Development: Kelly Renner (Entex) Compact Disc and Lab Testing: Data Dimensions, Inc Production Support: Irene Barnett (S&T Consulting) Manufacturing Manager: Rick Terek (S&T OnSite) Manufacturing Support: Laura King (S&T OnSite) Lead Product Manager, Development Services: Bo Galford Lead Product Manager: Gerry Lang Group Product Manager: Robert Stewart Simulations and interactive exercises were built by using Macromedia Authorware Module 5: Enhancing File and Print Servers with Active Directory iii Instructor Notes Presentation: 45 Minutes Lab: Minutes This module provides an introduction to the Active Directory™ directory service in Microsoft® Windows® 2000 It outlines the purpose and structure of Active Directory and also identifies the benefits of Active Directory integration with file and print servers At the end of this module, students will be able to: Describe the purpose and structure of Active Directory Integrate Active Directory with a file server Integrate Active Directory with a print server Materials and Preparation This section provides you with the materials and preparation needed to teach this module Materials To teach this module, you need the following materials: Microsoft PowerPoint® file 1594B_05.ppt Multimedia presentation, Concepts of Microsoft Windows 2000 Active Directory Preparation To prepare for this module, you should: Read all the materials for this module View the multimedia presentation iv Module 5: Enhancing File and Print Servers with Active Directory Module Strategy Use the following strategy to present this module: Introduction to Active Directory This topic provides an overview of Active Directory in Windows 2000 Show the multimedia presentation, Concepts of Microsoft Windows 2000 Active Directory, and briefly discuss the questions on the presentation Reinforce the key points of the presentation by explaining the purpose of Active Directory Describe the logical structure of Active Directory and how it provides more efficient organization of a network Identify the types of user accounts, the guidelines for naming user accounts, and how to create a user account Describe the purpose of groups, the types of groups that are stored in Active Directory, and the group scopes that are used to assign permissions to a group Finally, explain how to create groups in Active Directory Enhancing File Servers with Active Directory This topic provides information about the tasks that are necessary for integrating file servers with Active Directory Explain to students that they must publish shared folders in Active Directory to integrate a file server with Active Directory Describe the procedure for creating a fault-tolerant Distributed file system (Dfs) root to ensure that users have uninterrupted access to all shared folders Next, explain how to create additional replicas of a fault-tolerant Dfs root and multiple replicas of links to provide uninterrupted access to shared folders Finally, identify the steps that are necessary for configuring replication among links Enhancing Print Servers with Active Directory This topic provides information about the tasks that are necessary for integrating print servers with Active Directory Describe the process of publishing a printer in Active Directory Then, explain the guidelines for establishing printer locations in Active Directory, and the process for locating printers Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware This module does not include any labs, and as a result, there are no lab requirements for replication or customization Module 5: Enhancing File and Print Servers with Active Directory Overview Slide Objective To provide an overview of the module topics and objectives Lead-in In this module, you will learn about the purpose and structure of Active Directory, in addition to the benefits of Active Directory integration with file and print servers Introduction to Active Directory Enhancing File Servers with Active Directory Enhancing Print Servers with Active Directory The Active Directory™ directory service provides the structure necessary for organizing, managing, and controlling network resources efficiently in a Microsoft® Windows® 2000 network Active Directory also provides benefits to file and print servers by publishing shared folders and printers Publishing these resources in Active Directory enables users to locate them easily regardless of where they are located within the network At the end of this module, you will be able to: Describe the purpose and structure of Active Directory Integrate Active Directory with a file server Integrate Active Directory with a print server Module 5: Enhancing File and Print Servers with Active Directory Multimedia: Concepts of Microsoft Windows 2000 Active Directory Slide Objective To introduce the Concepts of Microsoft Windows 2000 Active Directory multimedia presentation Lead-in This multimedia presentation describes Windows 2000 Active Directory concepts Delivery Tip Ask students to read the questions in the student workbook and identify answers to the questions as they view the multimedia presentation After the presentation, review the questions and answers Start this presentation from the instructor computer To view the presentation, open the Web page on the Trainer Materials compact disc, click Multimedia Presentations, and then click the title of the presentation The estimated time to complete this presentation is seven minutes Tell students that a copy of the presentation is included on the Student Materials compact disc This multimedia presentation describes basic Active Directory concepts, including topics such as organizational units (OUs), trees, forests, Domain Name System (DNS) naming conventions, and sites As you view the presentation, try to answer the following questions: What is the function and purpose of an OU? An OU is a logical container that you use to organize resources You can use OUs to create a hierarchy that duplicates the structure of an organization or of an administrative model For what type of organization is a network of multiple domains useful? A network of multiple domains is useful for organizations that use a decentralized administrative model Multiple domains are also useful in multinational organizations that require local administration to be performed in different languages Module 5: Enhancing File and Print Servers with Active Directory If you add a domain named brazil as a first-level link in a tree named nwtraders.msft, what will the full DNS name of the new domain be? brazil.nwtraders.msft In what type of organization is it useful to divide a network into sites, and what benefit does this division provide? Sites are beneficial in organizations that have geographically separate locations that are connected by slow links Sites help reduce Active Directory traffic, such as workstation logon traffic and replication traffic Module 5: Enhancing File and Print Servers with Active Directory Introduction to Active Directory Slide Objective To describe how Active Directory organizes a network Lead-in Active Directory is the directory service for a Windows 2000 network It provides a consistent way to name, describe, locate, access, manage, and secure information about network resources Active Directory Structure Creating User Accounts Creating Groups Active Directory stores information about network objects and provides a hierarchical structure that makes it easier to organize domains and resources This makes it easier for users to locate network resources, such as files and printers Active Directory also organizes the directory into sections that permit storage of a very large number of objects As a result, Active Directory can expand as an organization grows This allows the network to grow from a single server network with a few hundred objects to a network with thousands of servers and millions of objects Note For more information about Active Directory, see Active Directory Architecture under Additional Reading on the Web page on the Student Materials compact disc Module 5: Enhancing File and Print Servers with Active Directory Active Directory Structure Slide Objective To illustrate the logical structure of Active Directory The Active Directory Structure Contains Domains, OUs, Trees, and Forests Lead-in Transitive Trust Relationships Are Established Between Domains You use the logical components of Active Directory to design a directory hierarchy Domain Domain Tree Domain Domain Forest OU OU OU OU Domain Domain Domain Domain OU OU Domain Domain Tree Domain Domain Delivery Tip Describe the logical structure of Active Directory and explain how its components provide more efficient organization of a network Domain Domain The logical structure of Active Directory is flexible and provides a method for designing a directory hierarchy that makes sense to both its users and to those who manage it Structural Components You can use the Active Directory structure components to organize your network more efficiently These components include: Domains A domain is a collection of computers defined by an administrator that share a common directory database The core unit of the logical structure in Active Directory is the domain Organizational Units (OUs) An OU is a container object that you use to organize objects within a domain An OU contains objects, such as user accounts, groups, computers, and other OUs Trees A tree consists of multiple Windows 2000 domains The first domain in a tree is called a root domain When you add a domain to an existing tree, the new domain is a child domain of an existing parent domain The name of the child domain is combined with the name of the parent domain to form its DNS name Therefore, domains in a tree form a contiguous namespace Forests A forest consists of a group of trees that not form a contiguous namespace By default, the name of the root tree, or the first tree that is created in the forest, is used to refer to a given forest Transitive trust relationships are automatically configured between domains in a tree, and between the trees in a forest Module 5: Enhancing File and Print Servers with Active Directory Trust Relationships A trust relationship, or trust, is established between domains to enable users in one domain to be authenticated by a domain controller in the other domain By default, all trust relationships between domains in a Windows 2000 forest are transitive Transitive trusts are always two-way, which means that both domains in a relationship trust each other The two domains in the trust relationship not bound Transitive trusts Therefore, transitive trusts flow upwards in a domain tree When a new child domain is created, a two-way, transitive trust is automatically created between the new child domain and the parent domain In a two-way transitive trust relationship, domain A trusts domain B, and domain B trusts domain A This means that users in one domain can be authenticated by a domain controller in another domain In a two-way transitive trust relationship, if domain A trusts domain B and domain B trusts domain C, then domain A automatically has a transitive trust relationship with domain C As a result, a transitive trust is automatically established between all domains in a tree or forest If a two-way transitive trust exists between two domains, you can assign permissions to the resources in one domain to user and group accounts in the other domain, and vice versa Active Directory also supports non-transitive trusts Most non-transitive trusts need to be explicitly created For example, if you want to allow an external business partner to have access to resources in a particular domain while working on a joint project, you can create a one-way, non-transitive trust between the internal and external domains Creating a one-way, non-transitive trust will enable users in the external domain to be authenticated by a domain controller in the internal domain A non-transitive trust does not flow to any other domain in the forest Note When you upgrade from Windows NT® to Windows 2000, existing trusts are retained Trusts between Windows NT domains and Windows 2000 domains are non-transitive Domain Modes Key Point The operating system on the domain controllers determines the mode that your domain can use By default, Active Directory domains run in a mode called mixed mode to provide support for domain controllers that are running either Windows 2000 or Windows NT You can operate your domain in mixed mode indefinitely, which allows you to upgrade domain controllers running Windows NT on a schedule that meets the needs of your organization If your network does not have any domain controllers running Windows NT, or when all of your domain controllers have been upgraded to Windows 2000, you can convert the domain from mixed mode to native mode 12 Module 5: Enhancing File and Print Servers with Active Directory Developing Group Strategies Assigning resource access in Windows 2000 is different than assigning resource access in Windows NT In Windows 2000, an administrator assigns resource access by: Organizing users based on administrative needs, such as their location and job responsibilities Then, creating a global group and adding user accounts to the group For example, creating a global group in an accounting department called Accounting and adding user accounts of all accountants to the group Identifying the resources or group of resources, such as related files, to which users need access, and then creating a domain local group or universal group for that resource or resource group Creating a domain local group when the resources are located in the same domain Creating a universal group when the resources are located in multiple domains For example, if you have a number of color printers located in domain A, create a domain local group for these printers called Domain Printers If some color printers are located in domain A and others are located in the domain B, create a universal group called All Printers Making all global groups members of a domain local group or universal group that has the required resource access permissions For example, adding the Accounting and Management global groups to the Domain Printers domain local group Adding the Sales global group to the All Printers universal group Assigning the required permissions to the domain local and universal groups For example, assigning the necessary permissions to the Domain Printers group to use the color printers in domain A Assigning the necessary permissions to the All Printers group to use the color printers in both domains (domain A and domain B) Creating a Group Delivery Tip Demonstrate the procedure for creating a group by using Active Directory Users and Computers Create groups in the Users folder or in a separate folder that you have created for groups You must delete groups when you no longer need them so that you not accidentally assign permissions to them Follow these steps to create a group: Open Active Directory Users and Computers Expand domain, where domain is the name of your domain Right-click Users, point to New, and then click Group In the New Object – Group dialog box, provide the options described in the following table Option Description Group name The name of the new group The name must be unique in the domain where you create the group Group name (pre-Windows 2000) The name used to support clients and servers from earlier versions of Windows Group scope The group scope Click Domain local, Global, or Universal Group type The group type Click Security or Distribution Module 5: Enhancing File and Print Servers with Active Directory Enhancing File Servers with Active Directory Slide Objective To highlight the tasks that are necessary for enhancing file servers with Active Directory Lead-in To enhance file server functionality with Active Directory, you must share file resources in a network by configuring and managing Dfs Publishing Shared Folders Creating a Domain Dfs Root Creating Additional Replicas for a Domain Dfs Root Configuring Multiple Replicas of Links You can enhance a file server by using Active Directory and creating a domain Dfs Information about shared folders is automatically published in Active Directory Publishing this information allows users to query Active Directory to locate shared folders Domain Dfs supports automatic replication of the Dfs topology 13 14 Module 5: Enhancing File and Print Servers with Active Directory Publishing Shared Folders Slide Objective To highlight the guidelines for publishing shared folders Manage Shared Folder Printer Lead-in After sharing a folder on a computer, you can publish the shared folder in Active Directory to allow users to locate file resources Locate Domain OU1 Dfs Shared Folder Administrator Administrator User User Publish Shared Folders That Can Be Accessed by UNC names Make a Shared Folder Accessible by First Sharing the Folder and Then Publishing it in Active Directory Use Active Directory Users and Computers to Publish a Shared Folder Add Description and Keywords to Shared Folder Objects to Facilitate Search Operations Use Active Directory Users and Computers to Locate Shared Folder Objects Delivery Tips Demonstrate how to publish a shared folder in Active Directory Demonstrate how to add a description and keywords to the published shared folder Show students some examples of meaningful descriptive words and keywords Key Points You can publish any shared folder in Active Directory that can be accessed by using a UNC name You can publish any shared folder in Active Directory that can be accessed by using a Universal Naming Convention (UNC) name A computer running Windows 2000 can use Active Directory to locate the object representing the shared folder and then connect to the shared folder You can publish shared folders in Active Directory by using Active Directory Users and Computers To make a shared folder accessible, you first share the folder, and then publish the shared folder in Active Directory To publish a shared folder: Open Active Directory Users and Computers Right-click the domain node where you want to publish the shared folder, point to New, and then click Shared Folder In the Name box, type the name of the folder In the Network Path (\\server\share) box, type the UNC name that you want to publish in Active Directory The UNC path is the complete Windows 2000 name of a network resource that conforms to the \\server_name\share_name syntax Adding Descriptions and Keywords to Shared Folders After you have published a shared folder, you can add a description and keywords to the shared folder objects to facilitate searching for them To add descriptions and keywords to shared folders: Open Active Directory Users and Computers Right-click the shared folder, and then click Properties In the Description box, type the description for the shared folder, and then click the Keywords button Type the keyword that will facilitate searching for this folder, click Add, and then click OK Module 5: Enhancing File and Print Servers with Active Directory 15 Locating Shared Folder Objects Delivery Tip Demonstrate the procedure for locating shared folder objects To locate a shared folder that has been published in Active Directory: Open Active Directory Users and Computers In the console tree, right-click the domain node, and then click Find In the Find Users, Computers, and Groups dialog box, click the Find list box, and then select Shared Folders In the Named box, type the name of the folder that you want to find Alternatively, type the keyword in the Keywords box Click Find Now The search results will appear in the Find Shared Folders dialog box 16 Module 5: Enhancing File and Print Servers with Active Directory Creating a Domain Dfs Root Slide Objective To outline the process for creating a domain Dfs root To To Create Create aa Domain Domain Dfs Dfs Root Root Lead-in Select Select the the New New Dfs Dfs Root RootOption Option Create a domain Dfs root to maintain the Dfs tree topology even if the server hosting the Dfs root goes offline Configure Configurethe the New New Dfs Dfs Root Root Wizard Wizard Options by Selecting: Options by Selecting: Select Selectthe the Dfs Dfs Root RootType Type Select the Host Select the Host Domain Domainfor for the the Dfs Dfs Root Root Specify Specifythe the Host HostServer Serverfor for the the Dfs Dfs Specify Specifythe the Dfs Dfs Root RootShare Share Name Namethe theDfs DfsRoot Root You can ensure that users have access to shared folders from a common location by setting up a Dfs root Domain Dfs root uses Active Directory and therefore supports automatic replication of the Dfs topology Creating a domain Dfs root ensures that the Dfs root can continue to function even when a server hosting the root fails The domain Dfs root is hosted on multiple servers when you create replicas on each server Delivery Tip Demonstrate the procedure for creating a fault-tolerant Dfs root Creating a domain Dfs root is similar to creating a stand-alone Dfs root To create a fault-tolerant Dfs root, perform the following steps: Click Start, point to Programs, point to Administrative Tools, and then click Distributed File System On the Action menu, click New Dfs Root Key Points Because changes to a faulttolerant Dfs tree are stored in Active Directory, you can always restore a Dfs tree topology if the server hosting the Dfs root goes offline for any reason Use the New Dfs Root wizard to create a domain Dfs root The following table describes the wizard options Option Description Select the Dfs Root Type Selects the Dfs root type To create a domain Dfs root, select Create a domain Dfs Select the Host Domain for the Dfs Root Selects the domain that stores the Dfs topology A domain can host multiple Dfs roots Specify the Host Server for the Dfs Specifies the first host server, which is the initial connection point for all resources in the Dfs tree A server can host only one Dfs root Specify the Dfs Root Share Selects the shared folder to host the Dfs root You can choose an existing shared folder or create a new shared folder Name the Dfs Root Provides the descriptive name for the Dfs root that Windows Explorer displays Module 5: Enhancing File and Print Servers with Active Directory 17 Creating Additional Replicas for a Domain Dfs Root Slide Objective To illustrate the concept of creating additional replicas for a domain Dfs root Server1 Hosting Dfs Root Sales Sales Data Data North Lead-in You create multiple replicas of a Dfs root so that if a client connection to one replica of a Dfs root fails, the Dfs client can connect to the other replica of the root East Active Directory Sales Sales Data Data North Server2 Hosting Dfs Root Key Point Additional root replica members need to be hosted on computers in the same domain East You can create additional replicas of a domain Dfs root (called root replicas) so that if a client connection to one replica of a Dfs root fails, the Dfs client can attempt a connection to the additional root The Dfs client cycles through the replicas until it finds an available replica Additional root replicas need to be hosted on computers in the same domain To create additional replicas for domain Dfs roots: Open Distributed File System Right-click the domain where you want to create the additional replica, and then click New Root Replica Use the New Dfs Root wizard to select the options for creating the additional replica Key Point Because Dfs is site-aware, computers running Windows 2000 attempt to connect to a replica of a Dfs root or link in their own sites before trying to connect to remote replicas Dfs is site-aware, which means that computers running Windows 2000 will first attempt to connect to a replica of a Dfs root or link in their own site, and if that fails, the clients will try to connect to a remote replica This optimizes network traffic as traffic due to file transfers is restricted the local network, instead files being transferred over on a WAN A Windows 2000 site includes all computers that are connected by a high-speed network You define a site to encompass one or more subnets 18 Module 5: Enhancing File and Print Servers with Active Directory Configuring Multiple Replicas of Links Slide Objective To illustrate the concept of creating multiple replicas of links Sales Sales Data Data Sales Sales Data Data Sales Sales Data Data North North Lead-in To enable fault tolerance, load balancing, uninterrupted access to shared folders, and distribution of requests across multiple servers, you can configure multiple replicas of a link Dfs Dfs Share Share Server1 East East North Server2 East Configure Multiple Replicas of a Link to Provide: Sales Sales Data Data Fault tolerance and load balancing Uninterrupted access to shared folders North Server3 East Delivery Tip Demonstrate how to create multiple replicas of links Key Points Configuring multiple replicas of a link creates fault tolerance and load balancing When one replica of a link becomes unavailable, Dfs clients automatically connect to the other replica to ensure uninterrupted access to shared folders A replica is another instance of a link Configuring multiple replicas of a link creates fault tolerance and load balancing When one replica of a link becomes unavailable (for example, because the computer hosting the replica is unavailable), Dfs clients automatically connect to the other replica This ensures uninterrupted access to shared folders In addition, when multiple clients connect to a link that has multiple replicas, these client requests are distributed across all of the servers hosting the replicas This load balancing ensures that users experience faster response times because multiple servers are simultaneously responding to client requests Creating Multiple Replicas To create multiple replicas, perform the following steps: Open Distributed File System Right-click the link for which you want to create a new replica, and then click New Replica In the Send the user to this shared folder box, type the UNC name of the shared folder that will host the replica of the Dfs link Select Automatic Replication if you want the File Replication Service (FRS) to automatically copy any changes that occur in any replica of the link to all other replicas Select Manual Replication if you not want changes to be copied Click OK Click the shared folder that hosts the newly created replica, click Enable, and then click OK Note Each link can have up to 32 replicas Module 5: Enhancing File and Print Servers with Active Directory 19 Configuring Replication Among Links Explain how to enable replication among links Key Point Configure replication among multiple replicas of a link after creating the replicas This keeps the contents of the replicas synchronized When you configure multiple replicas of the same link, you need to ensure that each replica contains the same data To keep the contents of the replicas synchronized as changes to one or more of the replicas occur, configure replication among multiple replicas of a link after creating them You can this by manually copying the files to all replicas of the link, or by using FRS to automatically replicate files among all replicas of the link To configure replication among links: Open Distributed File System Right-click the link for which you want to configure replication, and then click Replication Policy Select the member that you want to designate as the primary replica, and then click Set Master Select all members that will participate in replication, and then click Enable 20 Module 5: Enhancing File and Print Servers with Active Directory Enhancing Print Servers with Active Directory Slide Objective To highlight the tasks that are necessary for enhancing print servers with Active Directory Lead-in Publishing Printers Establishing Printer Locations in Active Directory To enhance print server functionality with Active Directory, you must publish printers and establish printer locations in Active Directory Active Directory self-catalogs information about all of the objects that it contains Active Directory then distributes this information throughout a network When you share printers across a network, Windows 2000 publishes the printers in Active Directory by default, which makes it easier for users to locate printers based on printer type, location, or both For example, users can search Active Directory for a color printer that is located near their office Module 5: Enhancing File and Print Servers with Active Directory 21 Publishing Printers Slide Objective To highlight the procedure for publishing and managing printers in Active Directory Manage Shared Folder Lead-in A computer running Windows 2000 that belongs to a domain automatically publishes all shared printers in Active Directory Locate Domain OU1 Printer Dfs Shared Folder Administrator Administrator User User Windows 2000 Automatically Publishes Shared Printers in Active Directory Organize Shared Printers by Placing Them in One OU When you install and share a printer on a computer running Windows 2000 that belongs to a domain, Windows 2000 automatically publishes the printer in Active Directory Windows 2000 creates a printer object as a child object of the folder in which you want to publish the printer If you install and share a printer on a computer that is not running Windows 2000, the printer is not automatically published in Active Directory However, you can publish these shared printers in Active Directory by performing the following steps: Open Active Directory Users and Computers Right-click the OU in which you want to publish the printer Point to New, and then click Printer Type the UNC name of the printer that you want to publish in Active Directory 22 Module 5: Enhancing File and Print Servers with Active Directory Establishing Printer Locations in Active Directory Slide Objective To highlight the requirements for printer location tracking Lead-in The printer location tracking feature stores printer locations in Active Directory Printer Printer Location Location Tracking Tracking Requirements Requirements Active ActiveDirectory DirectoryMust MustBe BeConfigured ConfiguredWith With More MoreThan ThanOne OneSite Siteor orMore MoreThan Than One OneSubnet Subnet Network NetworkIP IPAddressing AddressingScheme SchemeMust MustCorrespond Correspond to tothe thePhysical PhysicalLayout Layoutof ofYour YourOrganization Organization Windows Windows2000 2000Professional ProfessionalMust MustBe BeInstalled Installed on onClient ClientComputers Computers AASubnet SubnetObject ObjectMust MustBe BeCreated Createdfor forEach EachSite Site Naming NamingConventions ConventionsMust MustBe BeSet Setfor for Printer PrinterLocations Locations Location LocationTracking TrackingMust MustBe BeEnabled Enabledto to Locate LocatePrinters Printers Delivery Tip Describe the requirements for using the printer location tracking feature The printer location tracking feature in Windows 2000 helps users find hardware devices by storing their locations in Active Directory The location is displayed automatically for each printer when you enable the printer location tracking feature To use this feature, you must have: Active Directory configured with more than one site or more than one subnet A network Internet Protocol (IP) addressing scheme that corresponds to the physical layout of your organization Windows 2000 Professional installed on client computers A subnet object for each site Establishing a Naming Convention Delivery Tip Explain the rules for setting naming conventions for printer locations Users require simple and easy-to-recognize names that they can use when searching for printers Use the following rules to name a printer location: Location names are in the form name1/name2/name3 (for example, usa/denver/bldg5) You can only use the forward slash (/) as the dividing character A name can consist of any characters except for the forward slash (/) The maximum length of a name is 32 characters The maximum number of levels in a location name is 256 The maximum length of an entire location name is 260 characters Module 5: Enhancing File and Print Servers with Active Directory 23 Enabling Location Tracking To enable printer location tracking: Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services Create the sites and associate subnets to the sites Right-click a subnet, click Properties, and then click the Location tab Specify the location of the subnet as per the location naming convention, and then click OK Open Active Directory Users and Computers Right-click the required OU, click Properties, and then click the Group Policy tab Click New, specify a name for the new policy, and then press ENTER Select the new policy, and then click Edit Under Computer Configuration, double-click Administrative Templates 10 Click Printers, and then double-click the Pre-populate printer search location text option 11 Click Enabled, and then click OK 12 Click Start, point to Settings, and then click Printers 13 Right-click the printer for which you want to specify the location, and then click Properties 14 In the Location box, type the printer location 24 Module 5: Enhancing File and Print Servers with Active Directory Locating Shared Printers If location tracking is enabled, Windows 2000 Professional will determine a printer’s physical location based on the subnet identifier (ID) for the printer and the printer location information that you include in your search criteria When you perform a query to find all printers in your location, a list of printers that match your location is returned in the search results To locate printers in Active Directory: Open Active Directory Users and Computers In the console tree, right-click the domain node, and then click Find In the Find Users, Computers, and Groups dialog box, click the Find list box, and then select Printers On the Printers tab, type the name, location, or model number of the printer that you want to find You can also use the Features tab to locate a printer based upon features, such as whether the printer can print double-sided, or can print color documents Click Find Now The search results will appear in the Find Printers dialog box Note Without a directory service client, the location field is not automatically available for users running Windows 95 or Windows 98 However, they can still query the directory service for printers in a specific location if they type the exact location attribute in the location field Module 5: Enhancing File and Print Servers with Active Directory 25 Review Slide Objective To reinforce module objectives by reviewing key points Lead-in The review questions cover some of the key concepts taught in the module Introduction to Active Directory Enhancing File Servers with Active Directory Enhancing Print Servers with Active Directory What is the purpose of Active Directory in Windows 2000? Active Directory is the directory service for Windows 2000 Active Directory stores information about all objects that make up a Windows 2000 network, such as users, groups, and computers Active Directory provides the services that enable users to locate objects on the network and also provides services that allow administrators to manage a Windows 2000 network What are sites and domains, and how are they different from each other? A site is a combination of one or more IP subnets that are connected by a high-speed link A domain is a logical grouping of servers and other network resources under a single domain name A site is a component of the physical structure of Active Directory, and a domain is a component of the logical structure of Active Directory 26 Module 5: Enhancing File and Print Servers with Active Directory You need to give users access to product files on servers located all over the world Users need read-only access to these files, but constant access to the files is critical to your organization How can you ensure that the users get uninterrupted access to the files? Select all appropriate options a Create a domain Dfs root b Create a stand-alone Dfs root c Create a replica of the root on the same server d Create replicas of the root on the other domain controllers A and D are correct In A, domain Dfs uses Active Directory and therefore supports automatic replication of the Dfs topology In D, creating replicas of the Dfs root on other domain controllers ensures that the Dfs root can continue to function even when a server hosting the root fails Describe how Administrators can use Active Directory to help users find printers near their office? a Administrators should specify the location in the printer share names b Administrators should specify the location in the printer descriptions c Administrators should specify the location by using the printer location tracking feature d Administrators should specify the location as keywords C is correct The printer location tracking feature in Windows 2000 helps users find printers by storing their locations in Active Directory The location is displayed automatically for each printer when you enable the printer location tracking feature Users can also query Active Directory to locate printers near their office ... integration with file and print servers Introduction to Active Directory Enhancing File Servers with Active Directory Enhancing Print Servers with Active Directory The Active Directory? ?? directory service... structure of Active Directory Integrate Active Directory with a file server Integrate Active Directory with a print server 2 Module 5: Enhancing File and Print Servers with Active Directory Multimedia:... Enhancing File and Print Servers with Active Directory Enhancing File Servers with Active Directory Slide Objective To highlight the tasks that are necessary for enhancing file servers with Active Directory