plik


ÿþCHAPTER INTRODUCTION TO ACTIVE DIRECTORY 1 1 ACTIVE DIRECTORY TECHNOLOGY If you have been in the computing and network information about real network objects such as users, environment at all during the past two years, you have shares, printers, applications, and so forth so that heard a thing or two about the Active Directory. Some of users can find the resources they need. Through the what you have heard is probably true a lot is probably Active Directory, users do not have to keep track of not. This book can help you make sense of it all and which server holds which resource, or where a master the Active Directory through a visual approach. particular printer resides. The Active Directory lists the But before you get into the details of installing and information, is completely searchable, and provides configuring the Active Directory, you need to know some users a standard folder interface so that they can find conceptual information so that it all makes sense. what they need on the network. Chapters 1, 2, and 3 show you the conceptual and The Active Directory is also designed to provide a single background information you need to know to point of administration for network administrators. implement, configure, and support the Active Directory. Instead of having to manage multiple servers that hold multiple resources, the administrator can find all the directory information located in the Active Directory, What is a directory? and that information can be replicated to all Windows The term directory has received a lot of use (and abuse!) 2000 domain controllers. Resource access, security in computing environments in the last several years. As permissions, and user and group accounts are all computing environments have become larger and more centrally located in one place. complex, the need to organize information so that network users can locate the information they need has become increasingly important. By definition, a directory Understanding the features of the Active Directory is an information storage location that uses a systematic The Active Directory contains many features and scheme, or namespace, to organize the information. A options, but you should understand the big picture and common example is the telephone book. All information design goals first. The following list explains the major in a telephone book is stored by city/region, last name, features and design goals of the Active Directory: and then first name. By referencing a particular name in a particular city/region, you can find that person s Scalability: The Active Directory is highly scalable, telephone number. The phone book uses a namespace in which means it can function in small networking that all names are organized in alphabetical order using environments or global corporations. The Active the last and first name. If the telephone book did not Directory supports multiple stores and can hold follow a namespace in other words, if some names more than one million objects per store. A store is a listed were by first name, some by last, some by major grouping of Active Directory objects and nicknames, and some by address you would never find the Active Directory even supports multiple stores. what you needed. Extensibility: The Active Directory is extensible, which means that you can customize it to meet the needs of an organization. What is the Active Directory? The Active Directory is Microsoft s answer to directory services. The Active Directory s purpose is to organize 4 I Security: The Active Directory is integrated with DNS and the Active Directory Windows 2000 security, allowing administrators Domain Name System (DNS) is the most widely used to control access to objects. directory namespace in the world. Each time you use Seamlessness: The Active Directory is seamlessly the Internet, you are finding URLs by using DNS. DNS integrated with the local network and the takes a Uniform Resource Locator (URL), such as intranet/Internet. www.microsoft.com, and resolves the URL into a TCP/IP address, such as 131.107.2.200, which is Open Standards: The Active Directory is based required for communication on the Internet. Because on open communication standards, which allow computers must have the TCP/IP address to integration and communication with other communicate, and users need the language-based directory services, such as Novell s NDS. names to communicate, the job of DNS is to resolve Backward Compatibility: Although Windows the two. 2000 operating systems make the most use of the Active Directory, the Active Directory also works The Active Directory is integrated with DNS, and the with earlier versions of Windows. This feature naming schemes used in the Active Directory are DNS allows the implementation of the Active names. For example, corp.com is a valid DNS name Directory to be taken one step at a time while and can also be used as a Windows 2000 domain still maintaining a functioning network. name. With DNS as the locator service in the Active Directory, the local area network (LAN) becomes more seamless with the Internet and an intranet. Corp.com Understanding domains and domain controllers can be an Internet name or a local area name, and Jwilliams@corp.comcan be both an Internet e- If you have worked with Windows NT at all, you mail address and a username in the local network. should be familiar with the concepts of domain and This structure enables you to find items on your domain controllers. A domain is a logical grouping of network in the same manner you find them on the users, computers, and resources. In actuality, the Internet. domain is a security boundary that enables administrators to control the resources in that domain Windows 2000 also supports Dynamic DNS (DDNS), a and keep unauthorized users out of the domain. The new addition to the DNS standard. DDNS can Active Directory is built through the domain. Domain dynamically update a DNS server with new or changed controllers are the servers that manage the domain. values, which had to be manually updated in the past. Primary domain controllers (PDC) and backup domain Because name records can be dynamically updated, no longer exist in Windows 2000; all the domain pure Windows 2000 networks no longer need to use controllers simply act as peers. Through trust Windows Internet Naming Service (WINS). In mixed relationships, the Active Directory is replicated using environments, however, WINS is used for backwards multimaster replication, which means that all domain compatibility with older versions of Windows. You can controllers are responsible for maintaining the Active learn all about WINS and DNS in Chapters 5 and 6. Directory and replicating changes to other domain controllers. You learn more about managing trusts in Windows 2000 later in this book. 5 UNDERSTANDING ACTIVE DIRECTORY CHAPTER INTRODUCTION TO ACTIVE DIRECTORY 1 1 Understanding LDAP a directory service and is not restricted to X.500 directories like DAP is. Another major difference is that DNS is the namespace used in the Active Directory, and LDAP is not a client-based service. The service runs on Lightweight Directory Access Protocol (LDAP) is how you the server and the information is returned to the client. access the Active Directory. The Active Directory is not an X.500 directory, but it supports the information model without requiring To understand LDAP, you need a brief history lesson. systems to implement the X.500 overhead. The result is The X.500 standard is a directory specification that an LDAP-based directory that supports high levels of introduced Directory Access Protocol (DAP) to read and interoperability. modify the directory database. DAP is an extensible protocol in that it can handle directory requests and LDAP is widely supported on the Internet. If you have changes, as well as directory security. However, DAP participated in newsgroups or searched the World Wide places much of the processing burden on the client Web with a search engine, you more than likely have computers and is considered to be a high overhead used LDAP. This open standard is directly supported in protocol. LDAP, which is not defined within the X.500 the Active Directory so that users can find the resources specification, was developed to overcome the they need. weaknesses of DAP. LDAP is an open standard, which means that it can be used by anyone wishing to develop 6 I THE STRUCTURE OF THE ACTIVE DIRECTORY he Active Directory is designed in a hierarchy Directory objects are users, groups, printers, shared structure, and before installing and folders, applications, databases, contacts, and so forth. Timplementing the Active Directory, you must Each of these objects represents something tangible on have a firm understanding of the structure as well as the network. the components that make up the Active Directory. Each object contains attributes. An attribute is a You may see these components as terms that you need quality that helps define the actual object. For to learn, but you must also know how these example, a user object could have attributes of a components or terms relate to each other and how username, actual name, and e-mail address. Attributes they fit into the hierarchy. for each kind of object are defined in the Active In this chapter, you begin with the smallest component Directory. The attributes define the object itself and in the hierarchy and work your way up to the top of enable users to search for the particular object. the hierarchy. This section gives you a complete view Technically attributes are called  metadata  which is of the Active Directory s structure. simply  data about data  and are a portion of the Active Directory  schema,  which defines what objects and object attributes can be stored in the Active Object Directory. An Active Directory object represents a physical object of some kind on the network. Common Active MicroFLOPPY Double Sided 720 K Active Directory Objects Users Apps Shares Groups AD3 AD3 PUSH POWER RESET COMPACT POWER RESET COMPACT AD3 AD3 Computers Databases Printers 7 UNDERSTANDING ACTIVE DIRECTORY CHAPTER INTRODUCTION TO ACTIVE DIRECTORY 1 1 Attributes OU Name - Comp3874 AD3 AD3 PUSH Role - Workstation User POWER RESET COMPACT POWER RESET COMPACT AD3 AD3 OS - Windows 2000 Computer Object Printer *Each object has attributes that define the object. MicroFLOPPY Double Sided 720 K Application Other Organizational unit OU An organizational unit (OU) is like a file folder in a file AD3 cabinet. The OU is designed to hold objects (or even AD3 PUSH POWER AD3 POWER RESET COMPACT AD3 RESET COMPACT other OUs). It contains attributes like an object, but it Computer has no functionality on its own. As with a file folder, its purpose is to hold other objects. As the name implies, an OU helps you organize your directory structure. For Printer example, you could have an accounting OU that contains other OUs, such as Accounts Payable and Accounts Receivable, and inside those OUs can reside objects, Share such as users, groups, computers, printers, and so forth. Other OU Other AD3 AD3 PUSH AD3 POWER RESET COMPACT AD3 POWER RESET COMPACT OU *This is a hierarchy view of the OU and objects within it. Computers Contain Objects Organizational Unit (OU) Printers Data MicroFLOPPY Double Sided 720 K Users Groups Apps *Objects are contained within organizational units. 8 I Domain A domain is like a house in a neighborhood. Each domain can have its own security policies and can By definition, a domain is a logical grouping of users establish trust relationships with other domains. The and computers. The domain typically resides in a Active Directory is made up of one or more domains. localized geographic location, but this is not always Domains contain a schema, which defines what objects the case. In reality, a domain is more than a logical are stored in the domain. The Schema defines objects grouping it is actually a security boundary of a by classes (such as a Users class, a Computers class, Windows 2000 or NT network. You can think of a and so on) and all objects belonging to a class are network with multiple domains as being similar to a called  instances  of that class. You can learn more residential neighborhood. All the homes make up the about the Active Directory schema in Chapter 27. neighborhood, but each home is a security boundary that hold certain objects inside and keeps others out. Domain OU AD3 AD3 PUSH POWER AD3 RESET COMPACT AD3 POWER RESET COMPACT Computer Printers Share Other OU OU *Each domain serves as a security boundary. OU *The domain sits at the top of the hierarchy. 9 UNDERSTANDING ACTIVE DIRECTORY CHAPTER INTRODUCTION TO ACTIVE DIRECTORY 1 1 Organizational unit reality, a domain is more than a logical grouping it is actually a security boundary of a Windows 2000 or NT An organizational unit (OU) is like a file folder in a file network. You can think of a network with multiple cabinet. The OU is designed to hold objects (or even domains as being similar to a residential neighborhood. other OUs). It contains attributes like an object, but it All the homes make up the neighborhood, but each has no functionality on its own. As with a file folder, its home is a security boundary that hold certain objects purpose is to hold other objects. As the name implies, inside and keeps others out. A domain is like a house in an OU helps you organize your directory structure. For a neighborhood. Each domain can have its own security example, you could have an accounting OU that contains policies and can establish trust relationships with other domains. The Active Directory is made up of one or more domains. Domains contain a schema, which defines what objects are stored in the domain. The Schema defines objects by classes (such as a Users class, a Domain 1: Trusts Domain 2 Security Boundary "." Domain 1 trusts Domain 2: Domain 3 Trusts Domain 3 through Transitive trust .com Security Domain 3 Boundary corp.com other OUs, such as Accounts Payable and Accounts acctcorp.com mktcorp.com Receivable, and inside those OUs can reside objects, such as users, groups, computers, printers, and so forth. sur1.acctcorp.com sur1.mktcorp.com sur2.acctcorp.com sur2.mktcorp.com Domain *This is an example of a contiguous namespace. By definition, a domain is a logical grouping of users and computers. The domain typically resides in a localized geographic location, but this is not always the case. In 10 I Computers class, and so on) and all objects belonging root domain is corp.com and DomainA and DomainB to a class are called  instances  of that class. You can exist in a domain tree, the contiguous namespace for learn more about the Active Directory schema in the two would be domaina.corp.com and Chapter 27. domainb.corp.com. If Domain A resides in corpjp.com Tree The hierarchy structure of the domain, organizational units, and objects is called a tree. The objects within the tree are referred to as endpoints while the OUs in the tree structure are nodes. In comparison to a physical tree, you can think of the branches as OUs or containers and the leaves being objects an object is the natural endpoint of the node within the tree. Domain trees A domain tree exists when several domains are linked by trust relationships and share a common schema, configuration, and global catalog. Trust relationships in Windows 2000 are based on the Kerberos Security *Administrators can view the tree structure protocol. Kerberos trusts are transitive. In other of the Active Directory. words, if Domain 1 trusts Domain 2 and Domain 2 trusts Domain 3, then Domain 1 trusts Domain 3. The and Domain B resides in the corp.com root, then the Active Directory automatically configures trust two would not share a contiguous namespace. relationships within the same tree and forest. You can learn more about trust relationships in the Active Directory in Chapter 21. Forest A domain tree also shares a contiguous namespace. A A forest is one or more trees that do not share a contiguous namespace follows the same DNS naming hierarchy within the domain tree. For example, if the 11 UNDERSTANDING ACTIVE DIRECTORY CHAPTER INTRODUCTION TO ACTIVE DIRECTORY 1 1 production.corp.com, and mgmt.corp.com form a forest with corp.com serving as the forest root. Site A site is not actually considered part of the Active Directory hierarchy, but it is configured in the Active Directory for replication purposes. A site is defined as a geographical location in a network containing Active Directory servers with a well-connected TCP/IP subnet. Well-connected means that the network connection is highly reliable and fast. Administrators use the Active Directory to configure replication between sites. Users do not have to be aware of site configuration. As far as the Active Directory is concerned, users only see domains. How the structure appears to administrators and users As an administrator, you view the structure of the Active Directory through the administrative tools that you can explore in detail later in Chapters 14 through 21. From the tools, you can see the structure through the domains, OUs, and objects that are a part of the Active Directory. Users browse the Active Directory by accessing it in My Network Places. Users see a folder view for the domain and organizational units within the domain. The objects *Users can see a folder view of the Active Directory. then reside in their respective OUs. Primarily, users find resources by performing LDAP searches instead of browsing (see Chapter 13). contiguous namespace. The trees in the forest do share a common schema, configuration, and global catalog, but Active Directory names the trees do not share a contiguous name space. All trees In the Active Directory, every object, such as users, in the forest trust each other through Kerberos transitive groups, computers, printers, and so forth, has a unique trusts. In actuality, the forest does not have a distinct name. Four kinds of names are assigned to each object. name, but the trees are viewed as a hierarchy of trust relationships. The tree at the top of the hierarchy normally refers to the tree. For example, corp.com, 12 I First, each object has a distinguished name (DN). The Common name (CN) DN is unique from all other objects and contains the For example, if you wanted to access a document full information needed to retrieve the object. The DN called  Company mission that resides in a particular contains the domain where the object resides and the domain, the DN may read: path to the object. The DN is made up of these attributes (or qualities): /DC=com/DC=mycompany/OU=acct/CN=documents/C N=Company Mission Domain component name (DC) Organizational unit name (OU) By using the DN, the Active Directory can begin at the top of the domain and work its way down to the actual 13 UNDERSTANDING ACTIVE DIRECTORY CHAPTER TCP/IP BASICS 2 2 WHY YOU NEED TO KNOW ABOUT TCP/IP FOR THE ACTIVE DIRECTORY CP/IP (Transmission Control Protocol/Internet occurs using TCP/IP. In fact, Windows 2000 is designed Protocol) is the de facto standard for Internet for TCP/IP networks. In order to understand and Tcommunication. TCP/IP is the protocol that allows implement the Active Directory, you do need at least a all communication on the World Wide Web to take general understanding of TCP/IP. If you are already place, and over the years, TCP/IP has become more immersed in a TCP/IP network, then this chapter serves popular as the protocol of choice in LAN and WAN as a good review. If you are new to Windows environments. networking, then this chapter is just what you need to understand the basics of TCP/IP. The Active Directory is integrated with TCP/IP in that all directory replication between domain controllers 14 I WHAT IS TCP/IP? CP/IP is a protocol that was originally Hypertext Transfer Protocol (HTTP) is the Internet developed by the Department of Defense. standard for the delivery of HTML documents. TBasically, TCP/IP provides a set of rules that Simple Network Management Protocol (SNMP) govern how computers communicate with each other manages network devices and monitors network over a network. Just as people have to speak the same events. language to communicate with each other, computers Simple Mail Transfer Protocol (SMTP) provides must also communicate in the same language, or messaging (e-mail) services. protocol. TCP/IP is considered a suite of protocols because it is made up of many protocols that provide User Datagram Protocol (UDP) provides the vast communication functionality we now enjoy in connectionless communication. networking environments and on the Internet. In fact, Network News Transfer Protocol (NNTP) provides over 100 protocols are in the TCP/IP suite. The newsgroup services. following list points out some of the most common Telnet provides terminal emulation for remote ones: connections. Transmission Control Protocol (TCP) provides Address Resolution Protocol (ARP) resolves IP connection-oriented communication. address to hardware (MAC) addresses Internet Protocol (IP) manages routing and Internet Control Management Protocol (ICMP) network traffic. provides error control File Transfer Protocol (FTP) manages file transfer Lightweight Directory Access Protocol (LDAP) and remote directory management. provides directory access capabilities 15 UNDERSTANDING ACTIVE DIRECTORY CHAPTER TCP/IP BASICS 2 2 TCP/IP COMPONENTS ust as a language has certain components, such as Binary numbers are calculated by counting from the words, grammar, and syntax, the TCP/IP protocol right to the left of a series of binary digits. Each bit J contains components that enable each computer on a counts twice as much as the previous bit. In other TCP/IP network to function and communicate on the words, the first bit equals 1, the second bit equals 2, the network. You must configure three major TCP/IP third bit equals 4, and so forth. In an IP address, there components on TCP/IP computers: the IP address, are 8 bits, so the eighth bit is equal to 128: subnet mask, and default gateway. 128 64 32 16 8 4 2 1 IP address In binary math, the bits are added together to determine the numerical value. For example, if all bits in the octect Each computer on a TCP/IP network must have a unique are turned  on, then the numerical value is 255. In IP address. The IP address identifies that computer on other words, 11111111 in binary is equal to the network and the address must be unique (no two 128+64+32+16+4+2+1, which equals 255. computers can have the same IP address. You can think of an IP address as being similar to a postal address, If all the bits are  off, then the binary representation is which is uniquely identified by city, state, zip code, then 00000000 which is equal to 0+0+0+0+0+0+0+0, which by street address, then by the person s name. These equals 0. Using this scheme, you can represent any address qualities enable the postal system to delivery a number between 0 and 255. piece of mail to a particular person at a particular address. A computer s IP address enables the network to For example, what is binary value of 10? Remember that deliver communication to that particular computer. the bits in the octet must be turned on or off to equal the number ten. In the binary octet, the number 10 is Each IP address is 32 bits long, and is divided into 4 represented as 00001010, which equals bytes. Each byte is referred to as an octet. A typical IP 0+0+0+0+8+0+2+0, which equals 10. addresses looks like this: 131.107.2.200. In order to understand IP addressing, you have to start thinking in An IP address is made up of four octets that are binary math. Computers see data in terms of ones and separated by periods. A typical IP address you may zeroes. In essence, a stream of network data is simply assign to a computer would be 10.2.0.4. In binary, the made up of ones and zeroes that the computer computers see this address as: interprets. One (1) represents  on and zero (0) 00001010 00000010 00000000 00000100 represents  off. 16 I AD3 AD3 PUSH POWER RESET COMPACT POWER RESET COMPACT AD3 AD3 Network Computer My IP address is 10.2.0.4 Other computers on the network communicate with me by using this IP address. They see my IP address in binary, which is 00001010 00000010 00000000 00000100 You cannot simply assign computers on your network Class A: Class A addresses have a beginning octet any IP address you choose. The IP addressing scheme from 1 to 126. Network Solutions assigns the first you use must be defined by classes and subnets. Just octet and the network administrator assigns the as everyone in a certain town has the same addressing three remaining octets. Class A networks were properties of city, state, and zip code, the IP addresses developed for large networks and obtaining a must belong to certain classes and subnets. An Class A address today is very difficult. Class A isolated LAN or WAN can determine a class of networks can support up to 16,387,064 hosts. addresses and appropriate subnet masks to use for Also, the address range of 127 is reserved for their network, but for proper Internet communication, TCP/IP troubleshooting and is called a loopback many networks choose to obtain IP addressing from address. Network Solutions, which is the organization that Class B: Class B networks have the first octet handles all of the Internet s domain name and IP assignment from 128 to 191. Network Solutions address assignment. assigns the first and second octet numbers and the network administrator assigns the last two. Each IP address identifies both the network in which Class B networks can support up to 64,516 hosts. the computer (or node, such as a router) resides and the actual computer or node itself. These are called Class C: Class C networks use 192 through 255 the network ID and host ID. The three major for the first octet. Network Solutions assigns the groupings of IP addresses are called classes. The first three octets and the network administrator following list gives you an overview of the three assigns the final octet. Class C networks can only classes: support up to 254 hosts. 17 UNDERSTANDING ACTIVE DIRECTORY CHAPTER TCP/IP BASICS 2 2 Host portion of Network portion of the IP the IP address address (Class C) (Class C) 10.2.0 .4 Subnet mask must include at least a default subnet mask. For Class A networks, the default subnet mask is 255.0.0.0. For The second component of IP addressing is the subnet Class B networks, the default subnet mask is mask. As mentioned in the previous section, part of the 255.255.0.0 and for Class C networks, the default IP address points to the actual network while another subnet mask is 255.255.255.0. portion of the IP address points to the actual computer or node (host). The subnet mask hides, or masks, part of The process of subnetting a network and assigning a the IP address to keep the network ID and the host ID proper mask for a subnet is often a difficult task and is separated. Subnet masks enable you to break your beyond the scope of this book. But to understand the network into subnets, which can provide you more basics of TCP/IP, do remember that at least a default available IP addresses and further organize your subnet mask is required. network. Also, subnetting controls reduces overall network traffic. Each IP address assigned to a client 18 I Default gateway communicate with computers on different subnets. A default gateway is not a required component of client The last component of IP addressing is the default IP configuration, but if gateways are in use in your gateway. A default gateway, or router, is the IP address network, the client computers must know the IP of the router that leads out of the subnet. You can address of the gateway(s) for communication to take think of the default gateway as the  road that leads place with different network segments. out. Client computers use the default gateway to 19 UNDERSTANDING ACTIVE DIRECTORY CHAPTER TCP/IP BASICS 2 2 TCP/IP MANAGEMENT TECHNOLOGIES f people could speak and think in binary math, they could seamlessly communicate with computers. But Ihumans are language-based creatures while computers  think in terms of math. You would have a very difficult time remembering the IP address of each computer you wanted to access on the network. It s much easier to remember ServerD as opposed to 131.107.2.200. So, people contact servers and computers using a friendly, language-based name, but computers must contact each other using the actual IP address. In order for the two worlds to mix, any friendly, language-based names must be resolved to IP addresses so that computers can communicate with each other. For this to happen and to ease the burden of IP address resolution and assignment, several services are available. Windows Internet Naming Service (WINS) WINS resolves NetBIOS computer names to IP Dynamic Host Configuration Protocol (DHCP) addresses. A NetBIOS name is a friendly, language-based DHCP is a server service that dynamically assigns IP computer name. Because computers must communicate addresses and IP address information (such as the using a computer s IP address and not its NetBIOS name, default gateway) to network clients. Traditionally, WINS maps NetBIOS names to their corresponding IP TCP/IP had the reputation of having high overhead address. This way, you can name your computer  Joe s because each client had to be assigned a unique IP Laptop instead of an IP address like 131.107.2.200. address. Imagine having to manually assign IP addresses WINS maintains a database that keeps track of this to 1,000 network clients without making a mistake! information. WINS clients contact a WINS server to find DHCP solves this problem by automatically handling the information that  MyComputer equals client IP assignment. DHCP works by leasing an 131.107.2.200. The client can then use the IP address to appropriate and unique IP address to network clients for communicate with Joe s Laptop. This process is invisible a specified period of time. DHCP makes certain that no to users and requires little intervention from duplicate addresses are assigned so that all clients can administrators. WINS is not necessary in pure Windows have connectivity. This process is invisible to users and 2000 environments, but is provided for backward requires little intervention on the part of network compatibility. Windows 2000 computers use DNS for administrators. You can learn more about DHCP in name resolution, so WINS will slowly phase out over the Chapter 4. next several years. You can learn more about WINS in Chapter 5 and DNS in Chapter 6. 20 I Domain Name System (DNS) DNS resolves fully qualified domain names (FQDN) to IP addresses. Just as WINS resolves friendly NetBIOS names to IP addresses, DNS resolves domain names, such as www.microsoft.com, to its appropriate IP address. This process enables you to communicate with computers on the Internet (and now in Windows 2000 networks) using friendly domain names instead of IP addresses. In the past, DNS was a static mapping contained in HOSTS files, which is simply a text file that lists the host name to IP address mapping. Now, Dynamic DNS (DDNS) can respond to and update changes that occur. You learn more about DNS and its place in Windows 2000 in Chapter 6. 21 UNDERSTANDING ACTIVE DIRECTORY CHAPTER TCP/IP BASICS 2 2 TCP/IP UTILITIES CP/IP contains a number of command line utilities TCP/IP is functioning properly. If you cannot contact a that help you gain information about the TCP/IP remote computer, ping is a good way to determine if the Tconfiguration of your computer and troubleshoot computer is  down or if some other communication connectivity problems. The following sections tell you problem exists. about the three most common utilities. Netstat Ping Netstat provides TCP/IP statistics and current connection information. This utility is useful to get a You can use Ping to test connectivity with both your close look at your current connections and find out computer and remote computers. Ping enables you to about potential problems. Netstat comes with a number perform a test using a computer s IP address, NetBIOS of switches you can use to refine the information name, or DNS name. You can perform a loopback test on returned to you. Simply type netstat ? at the command your own computer to make sure your TCP/IP software line to learn more. is initializing properly. This test checks your computer to make certain TCP/IP is operational. To perform a loopback test, simply type ping 127.0.0.1 at the command line and press Enter. To test a remote computer, type ping (IP address, NetBIOS name, or DNS name) at the command line and press Enter. The ping test to a remote computer checks it to make certain 22 Ipconfig information returned to you. This information will include all of your computer s IP configuration Ipconfig is a popular utility that gives you additional information, such as DHCP lease, MAC (Media information about your current settings, such as the IP Access Control) address, and so forth. As with Netstat, Address, Subnet Mask, Default Gateway, and DNS, you can type ipconfig ? to view the available switches WINS, and DHCP servers. You can type ipconfig at the to refine the information returned. command line to get this information, or you can type ipconfig /all at the command line to have complete 23 UNDERSTANDING ACTIVE DIRECTORY

Wyszukiwarka