Chapter 9: Enterprise Management


In Brief

Corporations spend millions of dollars a year on packaged applications and manpower to keep their computing environments running like finely tuned engines. Although most third-party solutions provide the tools to assist in enterprise management, they often come overloaded with fancy reporting features and are limited in actual functionality. And when you finally find a package that is really helpful in your administrative tasks , you'd be lucky to get the budget approval passed in this lifetime.

In this chapter, you will learn about all the important aspects of managing an enterprise environment, and how to maintain it without expensive third-party solutions. You will also learn how to accomplish most of your administrative tasks with simple scripts.

Understanding Windows 2000 Networks

The biggest advantage of a Windows 2000/2003 network as opposed to Windows NT is its restructuring and use of directory services. Windows 2000/2003 gives you several new ways to organize and centrally manage your network.

Trees and Forests

Windows 2000/2003 allows you to organize your domains into hierarchical groups called trees. Trees share a common schema, global catalog, replication information, and DNS namespace (for example, http://www. jesseweb .com). Once trees are established, you can organize your trees into hierarchical groups called forests. Forests also share a common schema, global catalog, and replication information, but do not share a common DNS namespace. This allows you to combine the resources of two completely separate Internet domains (for example, http://www.mydomain.com and http://www.yourdomain.com). Through trees and forests, Windows 2000 automatically establishes two-way trusts between all domains.

Objects

Windows 2000/2003 treats all resources as objects. These objects can consist of any of the various resources on a network, such as users, computers, printers, and shares. Each object contains its own set of attributes, functions, and properties as set by the schema. Whenever you access a resource, the schema sets which properties and features are presentable. For example, a user account has a lockout property but a share does not, as instructed by the schema.

Organizational Units

Windows 2000/2003 allows you to organize network objects into logical containers called Organizational Units (OUs). OUs can contain any network resource, such as accounts, groups, queues, shares, and even other OUs. Through OUs, you can delegate administration and assign permissions to the OU or the individual objects within. The most common use of organizational units is to organize company resources by department.

Global Catalog

Windows 2000/2003 stores information about the objects in a tree or forest in a common database, called a global catalog. Global catalog servers reduce network searches and object query time by processing these requests directly. The first domain controller within a forest stores the global catalog, and is called a global catalog server. You can assign additional global catalog servers to help network queries.

Warning  

Global catalog servers synchronize their information through replication. A large quantity of catalog servers can cripple a network with replication traffic.

ADSI

Active Directory Services Interfaces (ADSI), previously OLE Directory Services, is Microsoft's implementation of a directory service that organizes an enterprise into a tree-like structure. A directory service provides a standard, consistent method to manage and locate network resources. Directory services are actually databases that store information about all the resources on your network. Whenever a request for a network resource is made, the directory service interprets and processes the request. ADSI comes packaged with Windows 2000/ XP/2003 and is available as a free, separate download from Microsoft for Windows 9 x /NT.

The ADSI Process

When a script or application issues a call to ADSI, the call is first sent to the ADSI client, as shown in Figure 9.1. The ADSI client is included in all versions of Windows 2000/XP/2003 and is available as a download for Windows 9 x /NT systems. Do not confuse the ADSI client with the Active Directory Services Interface. The client is used to access a directory service, whereas the Active Directory Services Interface is the directory service itself.

click to expand
Figure 9.1: The ADSI process.
Note  

Windows 2000/2003 Server contains both the Active Directory Services Interfaces and the ADSI client.

Once the client receives the call, it passes it to the object model, called a router. The router interprets the request and passes it to the appropriate provider. The provider is then responsible to take the appropriate action based on the request.

Providers

ADSI provides a common interface to manage the network, regardless of directory service type. ADSI uses components called providers to communicate with other directory services. These providers are stored in DLL files and are loaded when ADSI is installed. The various providers included with ADSI are as follows :

  • IIS (Adsiis.dll) ”Provider for Internet Information Server

  • LDAP (Adsldp.dll, Adsldpc.dll, and Adsmext.dll) ”Provider for Windows 2000/2003 Server and other LDAP-compliant applications

  • NWCompat (Adsnw.dll) ”Provider to Netware Bindery servers

  • NDS (Adsnds.dll) ”Provider for Novell NDS servers

  • WinNT (Adsnt.dll) ”Provider for Windows NT domains and Windows 2000/2003 local resources

Note  

The provider names , specified in parentheses above, are case-sensitive.

The next section will give you a brief overview of the two main Windows providers: LDAP and WinNT.

The LDAP Provider

Lightweight Directory Access Protocol (LDAP) was developed in 1990 as a simple alternative to the complex X.500 directory standard. The LDAP provider is used to manage Windows 2000/2003 Active Directory servers, Exchange 5.5 or higher servers, Lotus Notes servers, Netscape directory servers, and other LDAP-compliant applications or servers. The basic syntax to bind to the LDAP provider is:

 Set  variable  = GetObject("LDAP:OU=  orgunit  , DC=  Domain  ") 

Here, variable is an arbitrary variable that you can use to access the LDAP provider; orgunit is the name of the organizational unit; and domain is the name of the domain you want to connect to.

Windows 2000/2003 uses Internet domain names, such as marketing. jesseweb.com . Each of the domain levels must be separated by commas and in descending hierarchy, as follows:

 Set  variable  = GetObject("LDAP:OU=  orgunit  , DC=marketing, DC=jesseweb, DC=com") 
Note  

The highlighted code above must be placed on one line.

With LDAP, you can avoid specifying domain names by binding to the directory tree directly:

 Set variable = GetObject("LDAP://rootDSE") 
The WinNT Provider

The WinNT provider is used to manage Windows NT domain resources and Windows 2000/2003 local resources. This provider is provided for backward compatibility with Windows NT domains and cannot access Windows 2000/2003 Internet domain names. The basic syntax to bind to the WinNT provider is:

 Set  variable  = GetObject("WinNT://  Domain  /  Computer  /  Object  ,  Class  ") 
Note  

The highlighted code above must be placed on one line.

Here, variable is an arbitrary variable that you can use to access the WinNT provider; domain is the name of the domain you want to connect to; computer is the name of the system to connect to; object is the object that you want to connect to; and class is the class type you want to connect to (for example, user, group , computer). Any parameters specified after the provider name, in this case WinNT: , are optional.

If you are working outside your domain or need to use a different account to access the domain, you must use the OpenDSObject function:

 Set  NTObj  = GetObject("WinNT:")  Set  variable  =  NTObj  .OpenDSObject("WinNT://  Domain  /  Server  /  Object, username  ,  password  , ADS_SECURE_CREDENTIALS")  
Note  

The highlighted code above must be placed on one line.

Here, password is the password of the username to connect with.




Windows Admin Scripting Little Black Book
Windows Admin Scripting Little Black Book (Little Black Books (Paraglyph Press))
ISBN: 1933097108
EAN: 2147483647
Year: 2004
Pages: 89

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net