Our MCSE 2003: Security+ Accelerated Certification Program is the
most effective, efficient way to learn how to successfully design,
plan, and implement a network infrastructure, Active Directory®
infrastructure, and client deployment on the Windows Server 2003
platform.
Daily lectures, labs, and review sessions are supplemented by a
combination of:
Features of Active Directory
Active Directory™
directory service is the Windows 2003 directory service. Active
Directory stores information about network objects and provides
a hierarchical structure that makes it easier to organize
domains and resources. This in turn makes it easier for users to
locate network resources, such as files
and printers.
Active Directory has many useful features:
-
Active Directory organizes the directory into sections that
permit storage of a very large number of objects. As a
result, Active Directory can expand as an organization
grows. This allows the network to grow from a network with a
single server and a few hundred objects to a network with
thousands of servers and millions of objects.
-
Active Directory provides a central repository for gathering
and distributing information about objects on a network,
including users, groups, and printers, and makes this
information easy to find and use.
-
Security is integrated with Active Directory through logon
authentication and access control to objects in the
directory. With a single network logon, administrators can
manage the directory data throughout their network, and
authorized network users can access resources anywhere on
the network.
Active Directory addresses the following organizational needs:
reduced total cost of ownership, flexible administration,
scalability, and simplified administration.
-
Reduced total cost of ownership
Total cost of ownership (TCO) refers to the actual cost of
owning a computer. This includes the costs of maintenance,
training, technical support, and upgrades to the hardware and
software. Active Directory helps reduce TCO by implementing
policies. Applying a policy within Active Directory allows you
to configure desktop environments and install applications from
a central location. This reduces the time it takes to configure
settings and install applications on each computer.
The organizational units into which a domain can be divided
reside in Active Directory. The organizational units allow you
to specify the users who will have administrative authority over
portions of your network.
Active Directory extends the features of previous Windows-based
directory services and is designed to work well in organizations
of any size.
-
Simplified administration
Active Directory provides customizable administrative tools that
simplify administration and make it easier to administer
resources throughout a network.
Windows 2003 features a mandatory logon process to validate the
identity of every user accessing the system. During the logon
process, Windows 2003 authenticates a user to verify the
identity of the user. This process ensures that only valid users
gain access to resources on a computer or the network. Logging
on provides the user with access to everything on the network
for which the user has been assigned the appropriate
permissions.
To gain access to resources in a Windows 2003 network, a user
needs a user account. A user account contains information about
a user, including the user’s name and password. If the computer
is a member of a domain, the user account enables a user to log
on to either the local computer or to the domain, but not to
both, and, with the appropriate permissions, to access network
resources. If the computer is a member of a workgroup, a user
account enables a user to log on to the local computer only,
since the user account exists only in the security database on
the local computer.
To log on to a Windows 2003 domain, a user provides a user
principal name. A user principal name consists of the user’s
logon name followed by the
@character
and a user principal name suffix. This suffix is usually the
domain where the account exists, such as nwtraders.msft. An
example of a user principal name is user@nwtraders.msft. The
default user principal name suffix for a user account is the
full domain name of the domain that contains the user account.