Lesson 3: Publishing Resources in Active Directory Directory Service

As an administrator, you need to be able to provide secure and selective publication of network resources to network users and make it easy for users to find information. Active Directory stores this information for rapid retrieval and integrates Windows 2000 security mechanisms to control access. This lesson explains how to publish resources in Active Directory.


After this lesson, you will be able to

  • Publish shared folders
  • Publish printers
  • Publish network services

Estimated lesson time: 10 minutes


Publishing Resources in Active Directory

Resources that can be published in the directory include objects such as users, computers, printers, folders, files, and network services.

Publishing Users and Computers

User and computer accounts are added to the directory using the Active Directory Users And Computers console. Information about the accounts that is useful for other network users is published automatically. Other information, such as account security information, is made available only to certain administrator groups.

Publishing Shared Resources

Publishing information about shared resources such as printers, folders, and files makes it easy for users to find these resources on the network. Windows 2000 network printers are automatically published in the directory when installed. Information about Windows NT printers and shared folders can be published in the directory using the Active Directory Users And Computers console.

Follow these steps to publish a shared folder:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users And Computers.
  2. In the console tree, double-click the Domain node.
  3. Right-click the container in which you want to add the shared folder, point to New, and click Shared Folder.
  4. In the New Object-Shared Folder dialog box, type the name of the folder in the Name box.
  5. In the Network Path box, type the universal naming convention (UNC) name (\\server\share\) that you want to publish in the directory, and then click OK.

    The shared folder appears in the directory in the container you selected.

Follow these steps to publish a Windows NT printer:

NOTE


The Windows NT printer must be installed before publishing in Active Directory. To install a Windows NT printer, click Start, point to Settings, and then click Printers.

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users And Computers.
  2. In the console tree, double-click the Domain node.
  3. In the console tree, right-click the container where you want to publish the printer, point to New, and then click Printer.

    In the New Object-Printer dialog box, type the UNC name that you want to publish in the directory in the Network Path Of The Pre-Windows 2000 Print Share box, and then click OK.

    The Windows NT printer appears in the directory in the folder you selected.

Publishing Network Services

Network-enabled services, such as Certificate Services, can be published in the directory so administrators can find and administer them using the Active Directory Sites And Services console. By publishing a service, rather than computers or servers, administrators can focus on managing the service regardless of which computer is providing the service or where the computer is located. Additional services or applications can be published in the directory using Active Directory programming interfaces.

The following sections describe some types of service information that may be useful to publish to the directory. The qualities that make a service appropriate for publishing may be better understood by understanding how Active Directory uses services.

Categories of Service Information

Binding and configuration information are the two types of information frequently published using Active Directory.

  • Binding information allows clients to connect to services that do not have well-known bindings and that conform to a service-centric model. By publishing the bindings for these kinds of services, Windows 2000 can automatically establish connections with services. Machine-centric services are typically handled on a service-by-service basis and should not be published to the directory.
  • Configuration information can be common across client applications. Publishing this information allows you to distribute current configuration information for these applications to all clients in the domain. The configuration information is accessed by client applications as needed. This eases the process of configuring applications for users and gives you more control over application behaviors.

Characteristics of Service Information

Service information that you publish to the directory is most effective if it has the following characteristics:

  • Useful to many clients. Information that is useful to a small set of clients or that is useful only in certain areas of the network should not be published. If not widely used, this information wastes network resources, since it is published to every domain controller in the domain.
  • Relatively stable and unchanging. Although there may be exceptions to this rule, it generally makes sense to publish only service information that changes less frequently than every two replication intervals. For intra-site replication, the maximum replication period is 15 minutes, and for inter-site replication, the maximum replication period is configured based on the replication interval of the site link used for the replication. Object properties that change more frequently create excessive demands on network resources. Property values may be out of date until updates are published, which can take as long as the maximum replication period. Consequently, having properties out of date for that period of time must not create unacceptable conditions. For example, some network services select a valid Transmission Control Protocol (TCP) port for use each time they are started. After selecting the port, the service updates Active Directory with this information, which is stored as the service connection point. Clients access the service connection point when they want to use the service, but if the new service connection point has not been replicated when the client requests it, the client receives an outdated port, rendering the service temporarily inaccessible.
  • Well-defined, reasonable properties. Information that is of a consistent form is easier for services to use. The information should be relatively small in size.

Example of Service Publication

The following sequence of steps is an example of service publication using Active Directory Sites and Services.

Follow these steps to set security permissions and delegate control of certificate templates:

  1. Log on to the system as an Administrator.
  2. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites And Services.
  3. In the console tree, click Active Directory Sites And Services.
  4. On the View menu, click Show Services node.
  5. In the console tree, click Active Directory Sites And Services, click Services, click Public Key Services, and click Certificate Templates.
  6. For each certificate template for which you want to set security permissions, double-click the certificate template in the details pane to open properties.
  7. On the Properties dialog box for the certificate template, click the Security tab and set the security permissions accordingly.
  8. Click OK.

    These changes apply only to certificate templates in the current domain.

Lesson Summary

In this lesson, you learned how to publish shared folders, printers, and network services in Active Directory.



MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 244

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net