WINDOWS NT 4 ENTERPRISE QUE PLANNING ********* PLANNING OBJECTIVES ARE SELECTING RIGHT DIRECTORY SERVICES ARCHITECTURE SELECTING RIGHT DOMAIN MODEL SELECTING THE RIGHT DISK CONFIGURATIONS SELECTING THE RIGHT NETWORK PROTOCOLS SELECTING RIGHT DIRECTORY SERVICES ARCHITECTURE ************************************************ A LOGICAL GROUPING OF SERVERS AND CLIENTS IN NT IS CALLED A DOMAIN A SINGLE DOMAIN MAINTAINS ALL THE DIRECTORY DATABASE INFO IN THE SAM. DIRECTORY SERVICES MEANS ADMINSTERING ACCOUNTS BETWEEN DOMAINS AND LINKS BETWEEN DOMAINS. DIRECTORY SERVICES TRIES TO ENSURE 1.ONE USER ONE ACCOUNT 2.UNIVERSAL RESOURCE ACCESS 3.CENTRALIZED ADMINSITRATION 4.DIRECTROY SYNC THE PDC SAM HOLDS ALL USER ACCOUNTS AND ALL THE FIELDS COMPUTERR ACCOUNTS (SERVER MANAGER) LOCAL AND GLOBAL GROUPS MICROSOFT RECOMMENDS THAT ANY 1 SAM NOT TO EXCEED 40MB, OTHERWISE PERFORMANCE OF THE AM DATABASE WILL DECREASE. 1KB PER USER ACCOUNT .5K PER LOCAL GROUP .5K PER GLOBAL GROUP .5K PER COMPUTER ACCOUNT 1.ONE USER ONE ACCOUNT ********************** EACH USER IN YOUR NETWORK, IDEALLY SHOULD ONLY HAVE ONE ACCOUNT, ONE PASSWORD. IT IS EASIER FOR THE ADMIN AND ALSO FOR THE USER, TO REMEBER ONLY 1 USERNAME AND PASSWORD. 2.UNIVERSAL RESOURCE ACCESS **************************** WITH ONE ACCOUNT, IF THEY HAVE BEEN GIVEN PROPER PERMISSIONS, USER SHOULD BE ABLE TO ACCESS ALL RESOURCES, REGARDLESS OF THEIR LOCATION. URA, UNIVERSAL RESOURCE ACCESS IS A DIFFERENT IDEA, THAN UNC. UNC IS MICROSOFT'S NETWORKING SYNTAX. 3.CENTRALIZED ADMINISTRATION ****************************** CENTRALIZED ADMINISTRATION IS TO PUT ADMINISTRATION OF ALL ACCOUNTS AND RESOURCES AT ONE LOCATION. THE MORE THE ADMINISTRATION GETS DECENTRALIZED, THEMO RE YOU HAVE TO RUN AROUND WHEN FIXING PROBLEMS. 4.DIRECTORY SYNCHRONIZATION ***************************** THIS IS WHEN PDC'S AND BDC'S GET IN SYNC VIA THE DIRECTORY REPLICATION METHOD. TRUST RELATIONSHIPS ******************** A TRUST RELATIONSHIP IS A SECURED RPC LINK BETWEEN DOMAINS. TRUSTING DOMAIN RESOURCES ARE ACCESSED BY TRUSTED DOMAIN USERS. YOU CAN ACCESS RESOURCES IN ANOTHER DOMAIN, YOU CERTAINLY CANNOT LOGON TO THAT OTHER DOMAIN!! TRUSTED VERSUS TRUSTING ************************ . THE TRUSTED DOMAIN CONTAINS THE USER ACCOUNTS. THUS, THE TRUSTED DOMAIN IS CALLED THE "ACCOUNT DOMAIN." THE TRUSTING DOMAIN CONTAINS THE RESOURCES (PRINTERS FOLDERS FILES ETC) THUS, THE TRUSTING DOMAIN IS ALSO CALLED THE "RESOURCE DOMAIN." ARROWS POINT TO THE TRUSTED DOMAIN. ARROWS POINT OUT WHO YOU CAN TRUST. WHERE THE ARROW COMES FROM, IS THE TRUSTING ONE. PLANNING TRUST RELATIONSHIPS ****************************** TRUST RELATIONSHIPS CAN ONLY OCCUR BETWEEN NT SERVER DOMAINS. TRUSTS REQUIRE A VALID RPC CONNECTION BETWEEN PARTICIPATING DOMAINS AN EXISTING NETWORK CONNECTION BETWEEN THE DOMAINS MAY INTERFERE WITH THE TRUST. TRUSTS MUST BE SETUP BY ADMINISTRATORS ONLY USER ACCOUNTS IS THE TRUSTED DOMAIN RESOURCES IS THE RESOURCE DOMAIN NET USE * /D WILL TERMINATE ALL SESSIONS WITH ANY OTHER COMPUTERS!!! MAKING A TRUST RELATIONSHIP **************************** ADMINISTRATORS USE THE USER MANAGER FOR DOMAINS FROM PDCS TO MAKE A TRUST