How To Find Active Directory Site Name

Michael Cross , ... Thomas W. Shinder Dr. Technical Editor , in MCSE (Exam seventy-294) Study Guide, 2003

Graphical Administrative Tools/MMCs

A main administrative tool for managing Windows Server 2003 and Active Directory is the Microsoft Management Console (MMC).The MMC isn't a direction tool in itself, merely an interface that's used to load snap-ins that provide administrative functionality. Snap-ins provide a specific functionality, or a related set of functions. Because of the design of the MMC interface, you tin load several snap-ins into one panel, and create custom tools to deal with specific tasks. In addition, because these snap-ins run in the same surroundings, it becomes easier to larn how to apply these tools because yous don't have to learn a different interface for each.

MMCs can be started by opening pre-made consoles that are available under the Administrative Tools folder in the Windows Start menu. An empty MMC can exist started by using the Run command in the Windows Start menu. By typing MMC in the Run command in the Windows Showtime menu, an empty MMC volition start every bit shown in Effigy 1.fourteen.

The windows actualization in the MMC are interfaces with individual snap-ins or custom console files. Each kid window in the MMC has two panes. The left pane displays the panel tree, which is a hierarchical display of tools bachelor through the console. These can exist multiple snap-ins that have been loaded into the MMC and saved as a custom console. The right pane is called the detail pane, and provides commands and data relating to what is selected in the panel tree.

Y'all can add together snap-ins for specific tasks past clicking on the File menu and selecting Add/Remove Snap-in. When this is done, a new dialog box volition appear with 2 tabs: Standalone and Extensions.

The Standalone tab is used for standalone snap-ins, which are designed to run without whatever additional requirements. The Extensions tab is used to load a special type of snap-in, chosen an extension snap-in. These are used to add together additional functions to a standalone snap-in that's already been installed.

The Standalone tab is used to add or remove snap-ins from the console. As shown in Figure 1.xv, clicking the Add button on this tab will display a list of available standalone snap-ins. After selecting the one yous want to add, click the Add together button on this dialog. Clicking Shut will exit this screen, and return yous to the previous one, which will at present include your selected snap-ins in a list of ones to install in this console. Clicking OK confirms the selection, and installs them.

As you tin see past in Figure 1.15, there are 3 snap-ins available for Active Directory:

▪: Active Directory Users and Computers
▪: Active Directory Domains and Trusts
▪: Active Directory Sites and Services

While we'll talk over each of these in the sections that follow, it is of import to realize that these aren't the simply snap-ins that yous can use with Windows Server 2003.The MMC supplies these three snap-ins for use with Agile Directory, simply others are likewise bachelor for specific purposes and management tasks. Each has an individual functionality or set of related functions for administering Windows Server 2003 and Agile Directory.

Note

Note that although the three Active Directory-related snap-ins are available to be added to a custom MMC, each is already installed in a divide pre-configured MMC available through the Administrative Tools menu.

Because multiple snap-ins can be added and configured in the MMC, you lot can create custom consoles to perform specific tasks. Subsequently setting up a panel, you can salve it to a file that has the .msc extension. The panel can be saved in i of two modes: Authoring and User.

Authoring mode is used to provide full admission to the functions of an MMC console. When saved in this mode, users who open the console can add together and remove snap-ins, create new Windows, create Favorites and taskpads, view everything in the panel tree, and relieve consoles.

User manner is used to limit another user's ability to apply sure functions of the console.

If you were creating a console for users to perform a specific task, merely didn't want them to access other functions, then User mode would be platonic. In that location are 3 access levels for User mode:

▪: Full Admission The same as Author mode, except that snap-ins can't exist added or removed, console settings can't be inverse, and users can't create Favorites and taskpads.
▪: Limited Access, Multiple Windows Allows users to view parts of the panel tree that were visible when the panel was saved, and prohibits users from closing existing windows. Users tin can, however, create new windows.
▪: Limited Access, Unmarried Window Also allows users to access parts of the console tree that were visible when the console was saved, but prohibits users from creating new windows.

Test Day Tip

The examination will test you on your knowledge of Active Directory, and how to utilize the tools that come with Windows Server 2003. Recall that the MMC allows you to load snap-ins to perform specific tasks, and can as well be used to create custom consoles that provide limited functionality.

Active Directory Users and Computers

The Active Directory Users and Computers console is ane of the MMC snap-ins for employ with Active Directory. It allows you to administer user and computer accounts, groups, printers, OUs, contacts, and other objects stored in Active Directory. Using this tool, you can create, delete, modify, movement, organize, and set permissions on these objects.

Every bit shown in Figure 1.sixteen, when this tool is loaded, a node volition appear in the panel tree (left pane) showing the domain. Expanding this node volition show a number of containers that are created by default. While boosted containers can be created, the ones that appear here later on creating a DC are:

▪: Builtin
▪: Computers
▪: Domain Controllers
▪: Users

These containers store objects that can exist managed with this tool, and allow you to view and modify information related to these different objects.

The Builtin container holds groups that were created by Windows Server 2003, and can exist used to control access. You can add users to these Builtin groups to give them the ability to perform certain tasks. For example, rather than assuasive everyone in the Information technology department to use the same Administrator account, users can be added to the congenital-in Administrators group. This gives them the ability to administer Windows Server 2003, merely allows you to runway which person with this level of security performed certain tasks.

The Computers container is used to store calculator objects. These are (equally the proper name implies) computers running on the network that have joined the domain and have accounts created in Active Directory. The Computers container tin can too include accounts used by applications to access Active Directory.

The Domain Controllers container contains objects representing DCs that reside in the domain. The ones shown in this container are ones running Windows 2000 Server and Windows Server 2003. Earlier versions are not displayed.

The Users container is used to shop user accounts and groups. Users and Groups that appear in this container are ones that were created using awarding programming interfaces (APIs) that tin can employ Agile Directory, and ones that were created in Windows NT prior to upgrading.

Boosted containers can be displayed when Active Directory Users and Computers is running with Advanced Features activated. You can enable Advanced Features past clicking on the carte du jour particular with this name, establish in the View carte. When Avant-garde Features have been activated, LostAndFound and System containers are displayed in the left console tree.

The LostAndFound container is used to shop devious objects whose containers no longer exist. If an object is created at the same fourth dimension its container is deleted, or if it is moved to a location that'southward missing after replication, the object is placed in this container. This allows you to manage the lost object, and move it to a container that does exist.

The System container is used for organization settings. These are congenital-in settings for containers and objects used by Active Directory and Windows Server 2003.

Active Directory Domains and Trusts

The Active Directory Domains and Trusts console is used to manage domains and the trust relationships between them. As shown in Effigy i.17, the console tree of this tool includes a node for domains making upwardly the network. Past selecting the Active Directory Domains and Trusts node, a listing of domains will announced in the right pane. Using this tool, you can create, change, and delete trust relationships between domains, set the suffix for UPNs, and heighten domain and forest functional levels. This enables administrators to command how domains function, and how they interoperate.

Using the Active Directory Domains and Trusts console, you can create a variety of different types of trusts between domains and forests. Earlier, we discussed how parent and child domains and domain trees use a two-way transitive trust to share resources between domains. The two-way transitive trust means that both domains trust one some other, besides as whatever other domains with which they have similar trust relationships. In improver to this blazon of trust, additional trusts can be created:

▪: Shortcut trust
▪: Forest trust
▪: Realm trust
▪: External trust

A shortcut trust is transitive, and tin can be either one-style or two-way. This ways that either one domain can trust another but not vice versa, or both domains can trust each other. This type of trust is used to connect two domains in a wood, and is particularly useful when the domains are in different copse. By creating a shortcut, ane domain can connect with some other quickly, improving logon times between domains. Connection is quicker because, when 2 domains in unlike trees connect via the implicit trusts that exist past default, the trust path must get all the way up the tree to the root domain, across to the other tree's root domain, and back down the second tree. A shortcut trust, as its name indicates, creates a direct trust between the ii domains in different trees.

To illustrate this, let'south wait at the situation in Figure 1.xviii. If a user in DomainD wanted to use resources in Domain2, he or she would exist authenticating to a domain that is located in a unlike tree. Without a shortcut trust, the connection would go through DomainA, across the trust between the ii copse to Domain1, so to Domain2.With a shortcut trust, DomainD and Domain2 would have a directly trust between them that could be used for authentication. As we tin can also see in Figure 1.xviii, multiple shortcut trusts can exist, allowing users to be authenticated to other domains that they commonly need to access.

A woods trust is also transitive, and tin can be one-way or 2-fashion. Equally shown in Figure i.19, this blazon of trust is used to connect two unlike forests, so that users in each forest can use resources in the other. Using this type of trust, a user in a domain in i forest could be authenticated and access resources located in a domain that's in another forest. This allows different areas of the network to exist interconnected, even though they are separated by administrative boundaries.

A realm trust can be one-way or 2-fashion, and can as well be either transitive or nontransitive. Nontransitive means that the trust relationship doesn't extend beyond the two parties. For instance, let's say DomainA trusts DomainB, and DomainB trusts DomainC. Because the trust is nontransitive, DomainA and DomainC don't trust one some other considering in that location isn't a trust relationship between them. Equally shown in Figure one.xx, the realm trust is used when a human relationship needs to exist created between a Windows Server 2003 domain and a non-Windows realm that uses Kerberos version v (such equally one running UNIX).

The final type of trust that can be created is an external trust. An external trust is always nontransitive, and can be either ane-fashion or two-way. As shown in Effigy 1.21, this type of trust is used to create a relationship between a Windows Server 2003 domain and one running Windows NT 4.0. It can as well be used to connect ii domains that are in unlike forests, and don't accept a wood trust connecting them.

The Active Directory Domains and Trusts console is also used for raising domain and forest levels, which enables additional features in Active Directory. Raising domain and forest functional levels depends on what operating systems are running on servers, and is something nosotros discuss in greater detail later in this affiliate.

Examination Warning

The Agile Directory Domains and Trusts panel allows you to create different types of trust relationships to share information and resources between forests, domains, and non-Windows Server 2003 networks. You can create one- and two-mode transitive trusts, forest trusts, realm trusts, external trusts, and shortcut trusts. Each has a specific use, and cannot be used in all circumstances. Y'all should familiarize yourself with the use of each type of trust.

Active Directory Sites and Services

Earlier in this chapter, we discussed how sites correspond the physical structure of your network, and are important to replicating information in Active Directory. The Active Directory Sites and Services console is used to create and manage sites, and control how the directory is replicated within a site and between sites. Using this tool, you tin can specify connections between sites, and how they are to be used for replication.

As shown in Figure 1.22, the Active Directory Sites and Services console has a number of containers that provide information and functions on creating and maintaining sites. When a domain is first installed on a DC, a site object named Default-Offset-Site-Proper name is created. This container tin (and should) exist renamed to something that is meaningful to the business. Every bit mentioned earlier, additional sites can be created to improve replication between sites, or domains tin can be added to this existing site.

The Inter-Site Transports container is used to create and store site links. A site link is a connectedness between sites. Links created under the IP container use the Internet Protocol (IP) equally their send protocol, while those created under SMTP employ the Simple Mail Transfer Protocol (SMTP).

The Subnets container is used to create and store objects containing information about subnets on your network. Subnets are collections of neighboring computers that are subdivided inside the network, using a common network ID. Using the Subnets container, you can group different subnets together to build a site.

Now that nosotros've looked at the MMC, and the snap-ins used to manage Agile Directory, let's get a little hands-on experience. In Do 1.02, we'll see how the MMC is used to load the snap-ins we'll utilize in hereafter exercises.

Practice 1.02

Adding Snap-Ins to the Microsoft Management Console

1.: From the Run command in the Windows Get-go menu, blazon MMC, and click OK.
two.: When the MMC opens, click the Add/Remove Snap-in command on the File menu.
three.: When the Add/Remove Snap-in dialog box appears, dick the Standalone tab to select it. Click the Add button.
iv.: When the Add Standalone Snap-in appears, select Active Directory Domains and Trusts from the listing and then click the Add button. An entry for this snap-in should appear in the list in the Add/Remove Snap-in dialog box.
5.: Select Active Directory Sites and Services from the list and and then click the Add together push button. An entry for this snap-in should appear in the listing in the Add/Remove Snap-in dialog box.
6.: Select Active Directory Users and Computers from the list and then click the Add together push button. An entry for this snap-in should appear in the listing in the Add/Remove Snap-in dialog box.
7.: Click Shut to render to the previous screen. At this indicate, three entries should appear in the Add/Remove snap-in dialog box. Click OK to close the dialog.
8.: The console tree in the MMC should now comprise nodes for each snap-in. Aggrandize each snap-in and notice that they contain objects and data relating to the aspects each snap-in deals with.