In the report below I will be discussing few of the many features available within Windows Server 2003; I will be doing an extensive research on Domains, Trees and Forest how they work, what they are for and the benefits of them in general to any firm using Windows Server 2003
I will be looking into how these attributes work together and how they build a trust relation in-order to complete the network. A brief explanation of Windows Server 2003 and then a detailed review of my research over domain, tree and forest attributes of the Windows Server 2003.
At the end of this report I am expecting to gain an insight of how domain tree and forest work under Windows Server 2003, also how and why they have become such a reliable tool for any firm with internal/external network.
Windows server 2003
Microsoft windows server 2003 is a follow-up to the very successful windows server 2000 operating system designed ideally for businesses to improve their computer interactivity and to make day-to-day operations more efficient. Windows server 2003 was considered to be a marked improvement over 2000 server operating system, with added features and an even simpler interface.
Windows server 2003 contains Active Directory as a mean of holding the record of all the computers, users and groups which are inter-linked within the domain, Active Directory holds the permissions any particular member or group of members are allowed by the Administrator. The Active Directory can be viewed at number of levels where the logical levels are Domain Tree and Forest in Active Directory Network.
A Domain is whereby a user has access to a number of computer resources with the use of single login username/password. Domains have central directory database which can be shared among a group or groups depending on how the company operates. With the use of unique username/password any user who is in the domains directory will be able to access the database. This database will only be on the computers configured as a part of domain which are called domain controllers.
Domain controller are responsible for the security and integrity of the system, they also maintain and troubleshoot related user problems. Domains are identified by their DNS (Domain Name System) name structure, a structure which holds all the name of the servers connected to a domain.
Within a domain objects are grouped accordingly to achieve an efficient system to apply permissions to certain members or group of members, these objects are grouped using Organisational Units, which provide hierarchy to a domain and helps the Administrator to keep things in order. Within the OUs the active Directory have an additional tool to keep hold of all the group policies, their priorities etc which is known as Group Policy Objects (GPOs)
This helps Administrator a great deal as time is saved and job is completed efficiently, using GPOs in the domain will determine the policies which are assigned to certain users depending on the type of role they have in the company. For example , Sales department should not be allowed to view any data of Accounts Department but Account Department Members should be able to go into Sales Data to retrieve any file accordingly.
In Addition to GPOs attributes, it also is used in-order to restrict a particular action on a computer for a group of members, for example, In University Students are not allowed to uninstall Any Program from the PC.
One of the main reasons why windows server 2003 have been used for business networking is because of the added functions within Windows Server 2003 package, Trees is one of the features which allows the domain to be shared in a different location and use the database of the parent domain to create a tree domain. Where information is shared not only among the domain where it’s located but also in a different location and the updates are done periodically in-order to keep the files on the database updated. Tree holds one or more Domain and domain trees linked in a transitive trust hierarchy. A tree is a hierarchical arrangement of one or more domains that share a common schema and a contiguous namespace.
Domain tree allows an organization to become more decentralized as it is more independent than using an OU (Organisational Unit) tree. The transactions taking place within the network are secured using the Kerberos authentication method, as soon as the tree domain is established the security enables automatically to confirm a transitive trust relation. All the domains connected under the tree have the same DNS (Domain Name Server) which is taken from the parent or root domain in the tree. The following figure illustrates how tree domain works.
The parent domain is reskit.com and the child domains are named depending on their locations, Eu for Europe, Pak for Pakistan etc.
A forest is a collaboration of tree or trees which share a common global catalogue, logical structure and directory configuration. Connection between two Trees is established y a transitive trust relationship. A combination of all domains and all configuration and schema information builds up a forest. Database that holds the information is viewed at a number of levels. At the top of the structure is the Forest – the collection of every object, its attributes and rules in the Active Directory.
The forest holds one or more transitive, trust-linked Trees. All trees in the forest share a common schema and global catalogue.
Domains in a forest operate independently, but the forest enables communication across the entire organization. Forest do not form a contiguous namespace like tree, Forest form non-contiguous namespace which are based on different Root domain names.
In a domain forest trust within the trees is highly essential in-order to make sure that the information shared within forest is shared with the authenticated and registered Domain and to do that within Forest the trees build a trust relationship which is achieved at the root domain of each namespace which provide mutual access to resources.
Forest domain concept is applicable for companies which have different administrative staff for each domain along with different policies and security requirements. The following figure illustrate how Forest Domain Operates.
A transitive trust relation is formed between these two domains which allow them to communicate within this forest. As mentioned earlier that forest doesn’t builds on contiguous names but the trees does, as the figure shows both domains end with .co.uk which is the contiguous namespace, Despite of having different root domains.
Lastly I would like to address how windows server and its attributes have affected the way firms use to manage and build their networks, Window Server was introduces in 2000 and then in 2003 with added features and since then it’s been widely used in firms for internal and external networking. Windows Server attributes such as Domain trees and forest has helped firms to manage and build their networks more effectively and efficiently.
The features such as domains, tree and forest have given them an edge over other networking software’s making Windows Server 2003 best and most reliable in the business. Windows Server attributes are not only easy to setup-up but easy to use due to graphical user interface (GUI) which help companies in training their staff in most efficient manner.