Вы находитесь на странице: 1из 366

Active Directory'

Microsoft

Windows
erver 2003
7 0 - 2 9 7

* - * *
* -- * *
* *
2006

[^

* i J I
% .>
i

,,.

m i l l ,

j Li iP'

Active Direct

Microsoft8

indows
erver 2003
7<

ICS
* - * *
* -- * * |
* *
2006

ML

^*

004
32.973.81-018.2
53

53

Active Directory
Microsoft Windows Server 2003. Microsoft / .
. . : - ;
.: , 2006. - 364 .: .
ISBN 5-7502-0031-0
ISBN 5-469-01180-1

Active Directory Microsoft Windows Server 2003.
Windows Server 2003,
,
, Active Directory.
,
, .
,
Microsoft Windows Server 2003 Active Directory.

Microsoft ( Microsoft Certified System Engi
neer) 70-297: Designing a Microsoft Windows Server 2003 Active Directory and Network
Infrastructure.
10 ,
. -
, ,
. .
004
32.973.81-018.2
Microsoft Corporation,
, , .
Active Directory, Authenticode, Microsoft, Microsoft Press, NetMeeting,
Windows, Windows NT Windows Server
Microsoft / .
.
, , , ,
,
, , .

ISBN 0-7356-1970-0 (.)


ISBN 5-7502-0031-0
ISBN 5-469-01180-1

,
Microsoft Corporation, 2003-2005
, Microsoft Corporation, 2005
, , 2005


1 Active Directory
1. Active Directory
Active Directory?

?
Active Directory
Active Directory



,





Active Directory

Active Directory

:

2. DNS

DNS




Active Directory DNS

XVII
1
2
2
2
2
4
4
4
5
6
7
7
8
8
9
9
10
10
10
11
11
13
13
15
15
16
16
17
17
19
20
22
23
24
24


3. TCP/IP
TCP/IP




IP-
IP-
Classless Internet Domain Routing (CIDR)

IP-
IP- DHCP

4.


,





25
25
26
26
27
28
28
29
30
31
32
33
34
34
35
35
35
36
36
37
37
38
39
39
40
40
41
41
42
43

2
1.






WAN-



2.


IP-


46
47
47
48
48
49
49
49
50
51
52
52
53
54
54
55
55
55
55
56
56
57
57

||

3.
Windows 2000



Windows NT 4.0
Windows 2003


.

58
58
58
59
59
59
59
60
60
61
62
62
64
64
64
65
65
66
66
67
67
67
67
67
68
68
68
68
68
69
69
70
70

3 Active Directory
1.




.

2.
LDAP Active Directory





74
75
75
77
81
82
84
84
85
86
86
86
86
87
87
88
88
88
89

111

DNS-


90
91
91
92
93
93
93
93
93
94
94
94
94
95
95
95
96
96

100

1. OU
OU
OU
,
,
OU
OU
OU
OU

OU



,

,

. OU

2.







101
102
!02
103
104
104
106
107
108
109
109
110
111
112
113
114
114
115
116
116
116
117
117
118
118
119
119
120
120
121

|)(


122

122

122

124

124

124
. .. 125

126

126
3.
126

127

127
Windows
128

128
GPO
129

130
GPO
131
GPO
131
GPO
131
GPO
131
GPO OU
132
GPO
132

132
,
133
.
133

134

135

135

135

136

136

136

136
-
137

137

137

137

139

139

139

140
5
1. :



DFS
FRS

144
145
145
146
147
147
148
148
150
150

)(

2.

,










.

3.








-
.

4.
Windows NT 4
Windows 2000

151
151
151
152
153
153
153
154
155
157
157
157
158
158
158
159
160
160
161
161
161
162
163
163
165
166
166
166
167
167
169
169
169
170
170
171
171
172
172
172
172
172
173
173
173
173
174
175
175
176


6 DNS
1. DNS
DNS
DNS
DNS

DNS-


2. DNS-

DNS

DNS Active Directory
DNS Active Directory, WINS DHCP
Active Directory
Active Directoiy
DNS DHCP
WINS
WINS
WINS


, Active Director'
DNS

DNS

BIND UNIX
BIND, Microsoft
BIND
. DNS

3. DNS


-

DNS-
DNS-

4. DNS
DNS

DNS

181
182
182
183
183
184
185
185
186
187
187
188
188
188
188
189
189
190
190
191
191
191
192
192
193
193
193
194
194
195
196
196
196
197
197
198
199
199
199
200
200
201
201
201
201
201
202
202
202
203
204
204




. DNS

205
206
206
206
206
206
207
207
207
207
207
208
208
208
209
210
210
210
210

7 WINS
1. WINS
WINS
Windows Server 2003
NetBIOS-
NetBIOS-
WINS
WINS-
WINS-
WINS
WINS
WINS

2. WINS

NetBIOS-
WINS-?
WINS-




3. WINS




/

WINS

215
216
216
216
216
220
220
220
222
222
224
224
225
225
226
226
227
227
227
228
228
229
230
230
231
231
232
232
232
233
233
234
234
234

"\\\

. WINS

235
235
235
235
236
236
236
236
236
236
237
237
237
238
238
239
239

8
1. IP-



J -
IP-
IP-


?
. IP-

2.



, IP-

3. DHCP
DHCP
:,
IP-
DHCP
DHCP-
IP-
DHCP

4. DHCP
DHCP
DHCP-?

243
244
244
244
245
246
246
247
248
249
249
253
253
253
254
255
255
255
258
258
258
258
259
259
260
260
260
261
262
262
262
263
263
263
263

DHCP-

DHCP-: 80/20
DNS
DHCP-
. DHCP

264
264
265
265
265
266
266
266
266
267
267
267
267
268
268
268
268
270
270
270
271

276

1.


2.




3.
NAT
IP-
NAT
NAT
NAT
NAT Traversal

4. NAT

NAT



NAT

277
277
278
279
280
280
281
281
282
282
283
283
284
284
286
286
287
287
287
287
288
288
288
290
290
290
290
291
291

Wlf


. NAT

291
293
293
294
294
295
295
295
296
296
296
297
297
298
299

10
1.



?




VPN
VPN
VPN
VPN


.

2.

VPN-



VPN
.

3.


IAS

303
304
304
304
305
308
308
309
310
311
311
311
312
313
313
313
315
315
315
315
316
316
316
317
317
319
319
319
320
320
320
320
321
321
321
322
323


RADIUS
RADIUS
RADIUS
RADIUS

RADIUS
.

324
325
325
326
326
327
327
327
328
328
328
328
329
329
329
329
329
331
331
331
332

336

,
Active Directory Microsoft Windows Server
2003. , ,
,
Active Directory.
,
Windows Server 2003.
, Active Directory, . . ,
, , .
, ,
DNS (Domain Name System), WINS (Windows Internet
Naming System), .
Microsoft Certified System En
gineer Microsoft.


-, ,
Microsoft Windows
Microsoft, ,
70-297: Designing a Microsoft Windows Server 2003 Active Di
rectory and Network Infrastructure.
Micro
soft .


Win
dows Server 2003. 1 ,
Windows ( 12 18 ).

- -
- ,
.
Microsoft Press Readiness Review Suite,
.
, . ,
:
. -
, Microsoft Encyclopedia of Networking, Second Edition
Microsoft Encyclopedia of Security,
Microsoft Press no Windows Server 2003 .
.
" - (
) . Web-
Microsoft Press http://www.microsoft.com/mspress/
support. Microsoft Press
{tkinput@microsoft.com) (Microsoft Press Technical Support, One Micro
soft Way, Redmond, WA 98052-6399).


:
,
,

;
;
, .
, ,
;
.
, .
;

, ,
;
,
, ;
,
.

.
,
.

! ,
, .
.
, .
, ,
.

Windows,
, ,
Windows 2003 Server,
; : (Start).
,
; ;
.
.
.
, , ,
, .
, [ ], . ,
[filename] ,
. .
, {}, . ,
{filename} ,
, .



. , ,
. ,
Windows Server 2003 Enterprise Edition,
- .

.
. ,
Microsoft Server 2003 (http://www.microsoft.com/windowsserver2003/evaluation/sysreqs/).
Windows Server 2003 Enterprise Edition :
133
86 ( 733) 733
Itanium;
128 ( 256);
* 1,5 86
2,0 Itanium.

)Q(


- 300
. ,
.
,
.
1. - CD-ROM.
,
Readme.txt -.
2. Readiness Review Suite
.


-
, Microsoft Encyclopedia of Security Microsoft Encyclopedia
of Networking, Second Edition PDF.
Adobe Acrobat Reader.
.
1. - CD-ROM .
,
Readme.txt -.
2. Training Kit eBook
.
, -.


Microsoft
Microsoft (Microsoft Certified Professional,
MCP)
. , Microsoft
.

Microsoft.
Microsoft
.
.
http://www.microsoft.com/traincert/siart/itpro.asp.

)()(|


7
.

Microsoft (Microsoft Certified Professional, MCP)


Windows
Microsoft.
Microsoft -.

Microsoft (Microsoft Certified


Solution Developer, MCSD)
, Microsoft,
Microsoft .NET Framework.

Microsoft (Microsoft Certified Application


Developer, MCAD) , ,
Microsoft,
Visual Studio .NET Web- XML.

Microsoft (Microsoft Certified Systems Engineer,


MCSE) ,
- Windows Server
2003 Microsoft.

Microsoft (Microsoft Certified System


Administrator, MCSA)
Windows Server 2003
Windows.

Microsoft (Microsoft Certified Database


Administrator, MCDBA) ,
Microsoft SQL Server.

Microsoft (Microsoft Certified Trainer, MCT)



Microsoft Official Curriculum (MOC)
Microsoft (Microsoft Certified Technical
Education Centers, CTEC).


,
.
Microsoft ,
Microsoft. ,
,
Microsoft.

Microsoft
. ,
,
Microsoft.

Microsoft
( MCSD Mi
crosoft .NET ).
Microsoft
.
Microsoft
: .
Microsoft
: .
Microsoft
.
Microsoft

Microsoft.
,
.
http://www.microsoft.com/traincert/mcp/mct
Microsoft.

, ,
- . Microsoft Press

http://mspress. microsoft, com/support.

, Microsoft Press
:
:
TKINPUT@MICROSOFT.COM
:
Microsoft Press
Attn: MCSE Self-Paced Training Kit (Exam 70-297): Designing a Microsoft Windows Se
2003 Active Directory and Network Infrastructure, Editor
One Microsoft Way
Redmond, WA 98052-6399
Microsoft Press
Knowledge Base http://www.microsoft.com/mspress/support/search.asp.
, Microsoft,
http://support.microsoft.com.

Active t

1. Active Directory

2. DNS

16

3. TCP/IP

25

4.

35

,
, -
.


.
,
,
Microsoft Windows Server 2003.
.
.
Microsoft Active Directory
(Domain Name System, DNS), .
TCP/IP .
- ,
,
, .
, Microsoft Windows Server 2003
.



Microsoft Windows 2000 Server Windows Server 2003.

Actwe Directory

1. Active Directory
Active Directory
.
Active Directory.
, :

/ Active Directory ;
S Active Directory;
S
Active Directory;
f Active Directory Schema.
- 45 .

Active Directory?
(directory) .
. ,
. ,
. Active Directory
, Windows Server 2003.


,
, .
, ,
Windows, Windows 2000. , Windows NT
4.0 ,
. ,
Security Accounts Manager (SAM).
Exchange Server Exchange.
.
- ,
.
.
.
,
, ,
.
?


, . Active Di
rectory .
. .

Active Directory

.500 Directory Access Protocol (DAP). X.500 Internet Standards


Organization (ISO), ,
. .500 DAP
.
Lightweight Directory Access Protocol (LDAP). LDAP
DAP,
. LDAP
.
Novell Directory Services (NDS). Novell NetWare,
.500.
Active Directory. Windows Server 2000
Windows Server 2003. LDAP.

.500, DAP LDAP


( ) www.ietf.org,
Internet Engineering Task Force (IETF). .500,
DAP LDAP.

, , ,
, . .
.
. .

,
. ,
( /),
,
. ,
. -
,
-
.

.
. ,
Active Directory ( ),
.
.

, .
.
.
( ), , .
. ,
.
, ,
.

Active Directory

Active Directory
Active Directory ,
.
Active Directory
, .
Active Directory ,
, ,
.
Active Directory ,
LDAP ( , IETF).
Active Directory ,
.
Active Directory , Windows
Server 2003,
Active Directory
.
Active Directory Windows Server 2003.
Active Directory ,
,
.

Active Directory
Active Directory
? ,
Windows Server 2003 ( , , ,
) .
Active Directory
. ,
,
.
Active Directory
, Active Directory
. Active Directory :
;
;
;
;

Active Directory .
Active Directory ( ),
.

Active Directory

Active Directory
, , ,
Windows .

.
.
. , (user object) ,
, , , . . ,
, . ,
, .
.
Users. ,
. Microsoft
( , ), Active
Directory Windows Server 2003. , Active Directory ,

, .
Active Directory Schema. , ,
Active Directory Schema (schema)
, . Active Directory Schema
( ), ,
( ) .
, Active Directory, ; .
,
(access control lists, ACL), Windows
Server 2003.
.

Windows Server 2003 .


(administrative boundary). ,
(security
database).
(security
boundaries). ,
; ,
.
.
, -, ,
.
Windows Server 2003 ,
, :
DNS, (DNS ).
, , DNS.
, (fully qualified domain name, FQDN) msnews
microsoft.com : msnews.microsoft.com.

Active Directory

.
, (
), ,
.
Windows Server
2003, Active Directory. ,
Windows Server, .
(forests).
Windows Server 2003, Active Directory
, , Windows
Server. Windows Server 2003
, Windows Server.
Windows Server 2003.
2 5.

, (tree).
, ,
. , , .
.
. . 1-1. microsoft.com
, Active Directory, .

microsoft.com

microsoft.com

. 1-1.

. . 1-1 ,

Astive Directory

, microsoft.com.
, DNS.
, DNS, .
, .

,
,
. , ,
Active Directory ( ).
, (forest root domain),
,
. , . ,
, .
. 1-2 .
. microsoft.com , contoso.com
. microsoft.com.



microsoft.com


microsoft.com

research. \
'..i-j-jsoft.com \

bales.
microsoft.com

- -
contoso.com

TKtg.
contoso.com

1\!
europe.sales.
microsoft.com

usa.sales.
microsoft.com

. 1-2. ,
Active Directory
. ,
;
, .


(organizational units, OU)
, . .
. -

Active Directory

. Active Directory ,
.

, .
OU , - .
OU.
OU - . ,

OU .
OU ( OU OU),
.
U . ,
. , ,
12- OTJ,
.


, ,
(trust relationships),
[ (trusted domain)] [
(trusting domain)].
Windows Server 2003 :
(parent and child trusts);
(tree-root trusts);
(external trusts);
(shortcut trusts);
s (realm trusts);
(forest trusts).

,

Active Directory
.

. , . .

. , .
, . .
(. 1-3).
,
. ,
, .

Active Directory

. 1-3.


.
, Windows, Windows
2000.
. Windows Server 2003
.
, .


,
Windows Server 2003 Windows NT 4.0.
(down-level domains) (, Active Directory)
,
. .
,
. ,
( )
.
; ,

.



, ,
.
, . 1-4.
. ,
.
, ,
.

Active Directory

^'
*

. 1-4. ,

,
, ,
.
. .


Windows Server 2003
Windows Server 2003 Kerberos, Windows
Kerberos V5.
, - .


Windows Server 2003

.
(user identification, ID), .

Active Directory
, Active Directory .
. ,
, ,

. :
.

0 Active Directory

,
. ,
.
Active Directory.
,
,
. ,
,
.
- , ,

Active Directory.
, .
Active Directory ,
.
OU, . Active
Directory . ,
.


Active Directory
.
.


Windows Server 2003,
Active Directory.
.
.
,
.
.

, ,
(multimaster model). To - ,
.
,
,
. (operations master
roles).
, . ,
.
(Schema Master).

. .
2 . 312

Active Directory

, Active Directory.
, Schema Master .
(Domain Naming Master).

. Domain Naming Master
. Domain Naming Master ,
; .
. ,
.
RID [Relative Identifier (RID) Master].
(RID) .
(security identifier, SID)
. SID Windows Server 2003 .
; SID
RID. ,
.
[Primary Domain Controller (PDC) Emulator].
Windows NT 4.0 PDC ,
Windows 2000, Windows Server 2003 Windows XP
. PDC
. , PDC
, .
PDC
, .
(Infrastructure Master). ,
.
Infrastructure Master,
. Infrastructure Master
. Infrastructure Master
, , .
. ,
.
Active Directory,
, .
.
.

.
-
, .

. ,
,
.
.
, ,
, .

Active Directory

,
. , ,
.

, .
.
,
. Microsoft
.
,
, , .

, . ,
.
,
.

Windows Server 2003 ,


IP- ( . 3)
.
1 /. , (local
network, LAN). LAN, (wide
?.: network, WAN), , , LAN.
.
Active
Directory , .
:, .
Active Directory.
,
OU . .
, (site
links), .
. .
.
: ( WAN-)
(site link object). Active Directory
[Internet Protocol (IP) Simple Mail Transfer Protocol
-SMTP)].
.

Active Directory
Active Directory .
,
- .
, .

\ 4

Active Directory

Windows Server 2003 (multimaster replication model), ( ) Active


Directory (equal masters).
,
.

. ,
( );
, .
,
, .
Active Directory,
Default-First-SiteName, .
WAN, . ,
LAN LAN ,
. 1-5. LAN WAN- (256 /).
LAN
, WAN- ,
.
: LAN,
LAN.

. 1-5.

(
), (
).

(intrasite replication).
. ,
. ,
. ,
, .
(intersite replication).
. ,

Active Directory

j g

WAN- , -
/ .
, ,
. , ,
. ,
( )
, .


, ,
. ,
.
.
1. ()
?
a. .
b. .
c. .
d. .
2. .
?
a.
.
b.
.
c.
.
d. .
3. ?

, Active Directory,
. , Active Di
rectory, .
Active Directory (, , ,
) ( ).
.
, ( ) ,
. .
. (OU)
.
.
Windows Server 2003 Active Directory;
.
,
. .

Active Directory

2. DNS
(Domain Name System, DNS)
IP- .
DNS , Windows Server 2003.
, :
S , DNS;
S ,
DNS;
S ;
/ , DNS Active Directory.
- 30 .


3, TCP/IP- (Transmission Control Protocol/
Internet Protocol) IP-. IP-
; IP-
192.168.132.103. ,
, .
TCP/IP- (hosts) [ (nodes)].
.
(-) mailserver. ,
TCP/IP IP-. , IP-
, (name resolution).
IP- .
,
, .
IP-, ,
. IP- (IP
routing), .
, ,
HOSTS. IP-;
- DNS.
LMHOSTS.
NetBIOS-. NetBIOS-
. LMHOSTS NetBIOS- IP.
DNS (Domain Name System).
. ,
Windows 2000 Windows Server 2003 Active
Directory.
a WINS (Windows Internet Naming Service). , NetBIOS IP-, . WINS Windows, -

Windows 2000, ,
Windows DNS.
Windows.
HOSTS DNS ( ), LMHOSTS
WINS ( NetBIOS-). DNS (
Windows Server 2003 Active Directory) WINS.

DNS
, ARPANET,
.
IP- .
HOSTS, , ,
. ,
, (
).
. :
, ;
,
HOSTS, ,
;
HOSTS ,
-.
DNS. DNS
,
. DNS .
- ,
.
.


(namespace) ,
, .
DNS.
; DNS-
.
- ,
. "
readme.txt. ,
. DNS .
mailserver,
mailserver.
. 1-6.

Active Directory

net

org

microsoft

headrest

yarrao

saJes

research

serverl

. 1-6.

gov

server2

DNS-

. DNS ,
. (
).
. Internet Activities
Board (1AB), -, .
com ( ), gov (
) . .
. 1-1.
. 1-1.

com
edu

org

( )

net

( )

gov

mil

num

arpa

DNS (reverse DNS lookups);


. DNS

xx

info

name

DNS

.
, . , micro
soft.com contoso.com com
. ,
, .
().
, contoso.com
sales.contoso.com research.contoso.com.
(fully qualified domain name, FQDN)
DNS;
( ) . FQDN:
milserver. sales, contoso. com

mailserver sales,
contoso com, , ,
(.).


DNS , .
(zone) , ,
( ).
(resource records), DNS, IP- .
.
, .
,
. . 1-7, contoso.com,
: sales.contoso.com research.contoso.com. con
toso.com 1; sales.contoso.com.
, research.contoso.com.
corn

contoso.com

sales.contosQ.com
1

. 1-7. ,

research.contoso.com
2

2Q

Active Directory

.
,
. . 1-7 .
, .
contoso.com . ,
contoso.com, ,
.
,
,
.
.
-, ,
.
.
. -
; (primary zone file).
, , ,
(secondary zone file).
,
. ,
:
(redundancy) ,
DNS ;
(load balancing)
( )
, ;


, .
. Windows Server 2003 .
Active Directory (Active Directory Integrated Zone).
DNS Active Directory. DNS- ,
Active Directory, , DNS-
Active Directory; DNS-,
. Active Directory
DNS-,
Active Directory,
(Primary Zone). - DNS
ASCII-.
.
(Secondary Zone).
( ) .
DNS-,
.


IP-, . DNS
, , (resolvcr).

DNS

Windows , DNS- (DNS


Client). TCP/IP (
) ,
-. , FQDN Web-
, DNS-, ,
.
: (forward
lookup query) IP- (reverse lookup query)
IP- . DNS- .
(forward lookup queries).
, - IP-.
.
, . ,
, .
. 1-8
www.contoso.com.

com

. 1-8.


CQntoso.com

1. DNS-
contoso.com.
, ;
( ).

, , .
2. , , ,
. -
, .
, ,
, , .
, www.contoso.com .
3.
IP- com.
4. www.contoso.com IP-,
.
(iterative queries),
, .

22

s Active Directory

5. , com, IP- ,
contoso.com.
6. www.contoso.com IP contoso.com.
7. contoso.com IP- www.contoso.com.
8. IP- www.contoso.com
.
- .., (reverse lookup queries). IP-
-. TCP/IP ( nslookup,
ping netstat) .
, , ,
, -
.
DNS - , IP-,
IP- DNS
.
in-addr.arpa ( inverse address). In-addr.arpa
IP- . ,
-.
in-addr.arpa -
IP-. , IP-
, , IP-
in-addr.arpa .
, - IP- 192.168.201.35 PTR (
) 20I.168.192.in-addr.arpa.
35 IN PTR host_name.
in-addr-arpa DNS-. in-addr-arpa
[pointer (PTR) records] IP- -.
.


. (resource record)
- IP-. . 1-2
, DNS- Windows Server 2003.
. 1-2.

DNS

, - IP-.
32- IP 4
, 128-
IP IPv6

CNAME

(alias) . CNAME,
IP-

. 1-2.

DNS

()

MX

(mail exchange record)


DNS-
(name server record)
DNS-
(pointer record) IP-
DNS- (DNS reverse-naming zone)
Start of Authority
. ,
DNS-.
DNS-
(service record) ,
. SRV
Active Directory
Windows Internet Name Service WINS-,
,
DNS
WINS (reverse WINS record)
Microsoft DNS nbstat
( )
(well-known service record)
,

NS
PTR
SOA

SRV

WINS

WINS_R

WKS


, A, CNAME, MX, NS, PTR, SOA SRV.
, .

DNS
DNS, Windows Microsoft Windows 2000
Server, DNS-
IP-; .
IP-,
Dynamic Host Configuration Protocol (DHCP), DHCP DNS- IP-,
DHCP-. DNS ,
Active Directory.

Active Directory DNS


Active Directory DNS
. , , ,
.

Active Directory

DNS (locator service), Active Directory (


Windows). Active Directory
, DNS. (
),
DNS SRV.
DNS-. Microsoft DNS
Windows Server 2003.


, ,
. ,
.
.
1. Active Directory DNS?
2.
-?
a. .
b. ALIAS.
c. CNAME.
. HINFO.
3. DNS
, .
?
a. .
b. Active Directory.
c. SRV.
& DNS
.

- IP-, a DNS
Windows Server 2003. Active Directory
DNS; DNS
(SRV). DNS- ( Active Directory) DNS
(DNS lookup).
DNS Active Directory. DNS
. ,
, - IP- .
DNS
, .
.

TCP/IP

25

3. TCP/IP
TCP/IP , ,
. TCP/IP
Windows Server 2003. ,
Windows Server 2003.
TCP/IP.
, :

S TCP/IP Windows Server 2003;


S , IP-;
S (network ID),
(host ID) (subnets);
S -.
30 .

TCP/IP
TCP/IP . () TCP/IP
(. 1-9): (application layer),
(transport layer), (internet layer) (network access
layer), .
- . ,
,
( ); .
-
-.

. 1-9. TCP/IP

Active Directory


.

TCP/IP. Windows Server 2003
, TCP/IP:
WinSock Microsoft- Berkeley Sockets API,
-/-;
NetBIOS Helper Service ( NetBIOS) NetBIOS (network basic input
output system) (legacy) ,
DOS BIOS,
. NetBIOS
Windows. NetBIOS Helper Service NetBIOS
(sockets).
TCP/IP-: WinSock
NetBIOS. Windows- Microsoft,
WinSock.
TCP/IP-, :
Hypertext Transfer Protocol (HTTP) Web-
;
File Transfer Protocol (FTP) ;
Simple Mail Transfer Protocol (SMTP)
;
Telnet (terminal emulation protocol),
- ;
Domain Name System (DNS) ,
.


;

.
,
, .
(data delivery)
.
Transmission Control Protocol (TCP) ,
(connection-oriented protocol),
.
(reliable protocol),
, .
, .
TCP.
a

User Datagram Protocol (UDP) ,


(connectionless protocol),
. UDP .

TCP/IP

, TCP,
. UDP
, ,
,
.
, TCP UDP,
TCP- UDP- .
065535. 0 1023
. (wellknown port numbers); Internet Assigned Numbers
Authority (IAN). 1024 49151
IANA (registered ports);
. , 4915265535
, (private).
7.


,
, .
: Internet Protocol (IP), Address Resolution Protocol (ARP),
Internet Control Message Protocol (ICMP) Internet Group Management Protocol (IGMP).
IP ( , )
,
. IP , ,
, , . IP
.
, TCP,
.
, IP TTL
(Time to Live), ,
. TTL
. IP, , TTL
. IP, TTL, 0,
.
ARP IP- (. . ), .
, IP IP- .
( )
,
.
ARP, Windows Server 2003, IP-
, ,
ARP-. .
IP-, ARP . , ARP
. , ARP
; IP-,
. IP- ,

Active Directory

.
ARP-.
ICMP ,
. ICMP
(routers), IP ,
.
, IP , ICMP Destination Unreachable ( ).
IGMP ,
IP- (multicast group membership).
(multicasting)
-.
,
,
. ,
IP-, .



. ,
. , Ethernet Asynchronous
Transfer Mode (ATM), , .

1-
TCP/IP- IP-,
. IP, ,
.
IP- , 0 255.
, IP-
- 192.168.1.102.
0-255? ,
, . ,
IP- 192.168.1.102 - 11000000 10101000 00000001 01100110.
,
.
IP- .
(network ID) IP-, .
, . IP- 192.168.1.102
192.168.1 .
, .
192.168.1.0.
(host ID) IP-,
.
. IP- 192.168.1.102
( 192.168.1.0 ), 102.

TCP/IP


.
, .
, IP- ,
, ,
(subnet mask). ,
. ,
,
, IP-, .
. 1-10 IP- .
.
, .
, ,
.

IP-:

131.104.16.92

10000011 011010000001000001011100

255.255.0.0

11111111 111111110000000000000000

131.104.0.0

10000011 01101000 00000000 00000000

0.0.16.92

00000000 00000000 00010000 01011100

. 1-10.

IP-
IP- ,
. IP- (classful
IP addressing). IP-,
.
IP- IP-
.
, IP- , 0
255. w.x.y.z.
(w), IP- , . 1-3.
. 1-3.

IP-

ID

'

w.0.0.0
w.x.0.0
w.x.y.O

1-126
128-191
192-223
224239
240255

126
16 384
2 097 152

16 777 214
65 534
254

255.0.0.0
255.255.0.0
255.255.255.0

8 Active Directory

, .
-
- (Internet service providers, ISP), IP-
ISP. D
.
, ,
IP- .
IP- ( 98 98.162.102.53).
, .
, , .
IP-
. , IP-
, ( . ).

Classless Internet Domain Routing (CIDR)


IP- ,

(default subnet mask) . , ,
, ,
.
,
, . ,
. Classless
Internet Domain Routing (CIDR)*.
CIDR
. , ,
, IP-,
-
, .
,
. , , IP. (255.255.0.0),
:
11111111 11111111 00000000 00000000

, 16 IP-
, 16 - .
, , .
. ( ,
.) ,
:
11111111 11111111 11111000 00000000

1111 1000 248. . 1-4


.
* C1DR : Classless Interdomain Routing. . .

TCP/IP

. 1-4.

10000000

128

11000000

192

11100000

224

11110000

240

11111000

248

11111100

252

11111110

254


255, 0,
255, . , 255.255.0.0
, 255.0.255.0 . 255
, . ,
255.255.0.0 ,
IP-.

, , . 1-4. IP 184.12.102.20 255.255.255.0
184.12.102.0 ( 255.255.0.0,
184.12.0.0).
184.12.0.0 ,
.

, . 1-4, ,
.


, , IP, Internet Assigned Numbers Authority (IANA).
- IP-.
(private network), , ,
(firewall) -,
, (public address)
, .
,
:
- 10.0.0.0 10.255.255.255;
- 172.16.0.0 172.31.255.255;
- 192.168.0.0 192.168.255.255.

32

a Active Directory


.
.

IP-
(routing)
. TCP/iP- ,
,
. IP .
, TCP UDP
IP . IP , .
; ,
. , ,
-.
, ,
, . IP
(gateway), (router),
. , IP
, , . -
, ,
.
, , , ,
.
(hop). , ,
, , .
- IP- (default gateway)
, , -
. ( , IP)
(routing tables),
.
(preferred routes) ( ).
-
, .
:

. , -
,
;

, .
,
. ,
.
;
.
: Routing Information Protocol (RIP) Open Shortest Path
First (OSPF).

TCP/IP

IP- DHCP
Dynamic Host Configuration Protocol (DHCP) ,
IP- .
IP- ,
TCP/IP. DHCP , IP- ;
, DHCP - .
DHCP ,
, DNS. IP-,
DHCP- ; (scope).
,
. ( )
TCP/IP DNS- WINS-.
, IP-
( Windows-
).
TCP/IP
IP-, DHCP-. DHCP-,
IP-,
, .
, IP-
, DHCP-.
(leasing) ( IP- ).
, ,
. 50% ,
, , .
, . ,
- , .
IP- , .
DHCP Windows Server 2003.
DHCP- Windows Server 2003,
DHCP
IP- .
IP- (Automatic Private IP Add
ressing, APIPA) , Windows 2000;
Windows XP Windows Server 2003. APIPA ,
IP-, IP-
, DHCP-.
APIPA 169.254.0.1169.254.255.255,
Microsoft .
, APIPA , DHCP-. APIPA
Windows 2000, Windows Server 2003
Windows XP ;
.
DHCP-, - , APIPA,
, DHCP-.

Active Directory


, ,
. ,
.
.
1. TCP/lP-
?
a. .
b. .
c. .
d. (link).*
2. 131.107.0.0,
255.255.0.0.
, ,
20 .
?
3. IP 157.54.4.201?
a. 255.0.0.0.
b. 255.255.0.0.
c. 255.255.255.0.
d. 255.255.255.255.

TCP/IP : ,
, ( ). -
, -
.
- IP-,
- ;
0 255. IP-
, , , ,
. , IP-
, .
IP-
Dynamic Host Configuration Protocol (DHCP). DHCP-
IP-, ,
, ,
DNS- .

* : TCP/IP
. OSI. . .

gg

4.

Windows Server 2003
(Routing and Remote Access service).
Windows Server 2003 ,
, ,
.
, Windows Server 2003 .
, :

/ , Windows Server 2003


;
S ;
;
S .
20 .


Windows Server 2003
,
,
.
Windows Server 2003 ,
LAN- WAN-.

.

, .
( ), (,
, ) ,
.



.
(dial-up).
,
.
,
(public switched telephone network, PSTN), Integrated
Services Digital Network (ISDN) .25.
.
.

a Active Directory pf


;
.
(Virtual Private Neiwork, VPN). VPN

, . ,
, VPN-
- .- .
- (ISP)
.
(,
);
VPN-. ,
VPN-
.

VPN
. -, , ,
,
. ISP
. -,
,
, .
- ,
,
.

, VPN
.

,

, ,
:
( ) ( LAN-).


,
WAN- ( ).
:
Point-to-Point Protocol (PPP).
. ,
,
, ,
.
,
.

Serial Line Internet Protocol (SLIP). ,


UNIX - .
SLIP ,
SLIP- .
RAS. NetBIOS
(proprietary) ,
Microsoft. NetBIOS-
.
NetBIOS.
,
TCP/IP. NetBIOS NetBIOS Extended User
Interface (NetBEUI) .

.
;
. ,
, , a SLIP (
).


.
,

. ,
,
, .



, . (
) - (creden
tials),
, . Windows Server 2003
.
Password Authentication Protocol (PAP).
.
.
, ," . ,

. , Microsoft
.
Shiva Password Authentication Protocol (SPAP). Shiva (
Intel), . SPAP

. SPAP -

Active Directory

,
. , .
Challenge Handshake Authentication Protocol (CHAP).
PAP SPAP. (challenge),
.
() ,
. ,
. ,
. CHAP MD5-CHAP,
RSA MD5.
Microsoft CHAP (MS-CHAP). CHAP,
Windows Server 2003.
MS-CHAP. 2 Windows 2000,
Windows Server 2003 Windows XP. 1
Windows.
Extensible Authentication Protocol (EAP). -, .
-

. , ,
(authenticator);
.
,
(secure access tokens) (one-time
password systems).

. SPAP
, . CHAP, MS-CHAP
; ,
.


,

. Callback Control
Protocol,
(callback) . ,
, , ,
. .
, ,
, .

, .



(Caller ID) (Automatic Number Identifica
tion, ANI). ,
.




.
.
, (Remote Access Policies, RAP)
, , ,
. RAP ,
.
, , .
,
. (policy)
(rules), , ,
.
.
, .


, ,
. ,
.
.
1. ,
.
?
a. .
b. CHAP.
c. SPAP.
d. MS-CHAP.
2.
,
?
._. ~ * '
a. .
b. SUP.
c. RAS.
d. NetBIOS.
3. VPN-
?

Active Directory

Windows Server 2003


. ,
(Virtual Private Network, VPN).

, .
, "
.
(
, ),
( )
(
).

j f

Active Directory (, , ,
) ( ).
.
, ( ) ,
. .
. (OU)
.
.
Windows Server 2003 Active Directory;

. ,
. .
- IP-, a DNS
Windows Server 2003. Active Directory
DNS;
DNS (SRV). DNS-
- ( Active Directory)
DNS (DNS lookup).
DNS Active Directory. DNS
. ,
, - IP- .
DNS
, .
.
TCP/IP : ,
, ( ). -
, -
.

'

TCP/IP- IP-,
- ;
0 255. IP-
, , , ,
. , IP-
, .
IP-
Dynamic Host Configuration Protocol (DHCP). DHCP-
IP-, ,
, , DNS .
Windows Server 2003
. ,
VPN.

, .
,
. , ,
TCP/IP.
(
, ),
( )
(
).


, ,
, , .

Active Directory. , , ,
.
, .
Active Directory.
, . ,
.
. ,

.
DNS. .
, DNS- DNS
.

Active Directory

. ,
. ,
Windows Server 2003 network.
TCP/IP
.
IP-. IP-
. IP IP-
.
- ..
,
.
.
,
.
,
.


- namespace ( ) ,
,
. ,
.
~ object , .
, .
~ root domain
(naming structure). , Active Directory,
Active Directory .

, .
~ operations master roles
,
; .
,
.
, Active Directory ~ Active Directory Integrated Zone DNS, DNS Active Directory.
DNS
.
Classless Internet Domain Routing (CIDR) IP-,
IP-
AF. CIDR
.

.
1.
1. ()
?
a. .
b. .
c. .
d. .
: .
2. .
?
a.
.
b.
.
c.
.
d. .
: .
3. ?
:
,
.
.

2.
1. Active Directory DNS?
: Active Directory DNS (locator
service). (
Active Directory) DNS SRV.
2.
-?
a. .
b. ALIAS.
c. CNAME.
d. HINFO.
: .
3. DNS
, .
?
a. .
b. Active Directory.

Active Directory

c. SRV.
d. DNS
.
: .

3.
1. TCP/IP-
?
a. .
b. .
c. .
d. .
: .
2. 131.107.0.0,
255.255.0.0.
, ,
20 .
?
:
.
240 20 .
255.255.255.240 , 4095 ,
31 . 2
, ,
.
3.
IP- 157.54.4.201?
a. 255.0.0.0.
b. 255.255.0.0.
c. 255.255.255.0.
d. 255.255.255.255.
: .

4.
1. ,
.
?
a. .
b. CHAP.
c. SPAP.
d. MS-CHAP.
: , d.


,
?
a. .
b. SLIP.
;. RAS.
d. NetBIOS.
: .

VPN-
?
: -, ,
, ,
. -, VPN-
,
, . ,
VPN (
) ,
.

1.

47

2.

55

3.

59

:
;
.

:
;
;
(
, ,
, , Web-).

Active Directory .
;
;
;
.

Active Directory .
, ;
Active Directory ;
.

.
;
;

;
.


Microsoft Windows Server 2003,
,
.

.
, ;
, ,
Active Directory. - ,
,
.


,
1.

1.
.
, ,
.

, :
/ ;
S ;
S .

20 .


,
. ,
. WAN-
, , ,
LAN-, .
WAN- (
). ,
.

Windows, Windows 2000, Microsoft


.
. , , Microsoft
.
,

(organizational units, OU). . . ,
Microsoft : ,
, . , ,
, (branch offices).

,
.
.

. ,
- .
.

.
.

,
. . 2-1.

^52-&41 Frame Relay


/
256- Frame Relay

. 2-1.


( ).

. , ,
, .
WAN .


.
, (
), ,
, . ,
, WAN- .
( 512 /)
.

WAN-. ,
Asynchronous Transfer Mode (ATM) Frame Relay.
, ,
, , :
;
;
.


,
, (. 2-2). ,
, . ,
, ,
. ,
.
.
,
. ,
, , ,
.

, ,
. ,
, , .
, .

,
.

512-'
* * N " - N ^ Frame Relay
64\\
-\\

\
Frame
'
Relay

\
\

64-
Frame Relay

. 2-2.
, , , (hubs)
;
(. 2-3). , . ,
, (department stores), ,
-.
,
.
,
.
( ) -
,
, . -,
, .


(subsidiary office) ,
. , ,
(,
).
, .

64-

512-
"~^^^_^ Frame Relay

V4

-\\

Frame
Relay

\
\
'

\
\

64-
Frame Relay

. 2-2.
, , , (hubs)
;
(. 2-3). , . ,
, (department stores), ,
-.
,
.
,
.
( ) -
,
, . -,
, .


(subsidiary office) ,
. , ,
(,
).
, .

'\ ^\ ,^\
. 2-3.

. ,
, .
.
,
. ,
.
, , .
, -
, .
.


,
.
,
, .
,. -
. , , -,
,
; ,
.
,
?
-,
? , , ,
, .

?
? (,
1),
.
, ;

.
?
,
.
.
.
, , -
, .

.

WAN-
( )
WAN- ,
.
, , .
WAN-
. .
,
, .
, ,
, ( ),
, . .
(
).
,
.


.
: ,
, , , .
,
, , , ,
.

, .
.
?
? ,
, ?

?
? ? ?
- , , ?
, -
? ?
?
, -.
(My Documents) Z:.
,
.
? , ?
? ?

, , ,
.

?
(instant messaging),
, ?
?
? ?

. . ,
. , .
, , ,
( ). -.
, ,
. , , ,
.
. - , ,
, .
.
.



, ' ,
-. ,
: .
-.
, Active Directory.
. -,
. ,
OU Active Directory,
. -,

, ,
.
,
. , ,
.

. , -
.
. ,
,
. .
Active Directory. ,
OU . ,
.
,
.
,
.
, .
, , . ,
.
- ,
, , .
. ?
?
, ?
, .


Windows 2003 :
. ,
.
,
.


, ,
. ,
.
.
1. , ,
?
2. ?
3.
. 1. -

, 64-
. ?

: , ,
. (
)
.
:
( ) (
,
).
, ,
.

2.

, .
IP-, ,
, .
, :

/ ;
S ;
S .
- 30 .


,
.
.



. .
LAN, .
.
LAN .
LAN
LAN WAN. -

, , . ,
, DHCP DNS,
. ().
Windows, (
), , Windows,
.
.
, , ', .
(patch panels) (closets).
,
.
.
(dial-up access)
, .
-,
, , .
Windows-, , .
LAN.
, LAN .

1-
, Internet Protocol (IP).
, IP-
-. ,
IP- . ,
IP- ( ,
) Dynamic Host Configuration Protocol (DHCP).
.
,
.
.
DHCP- DHCP
(DHCP relay agent).
, DHCP-,
DNS-.
TCP- UDP-, ,

, .



, . (inventory)
, .


,
.
, , .
, ,
, -
-.
.
, IP-, .
.
, , .
, .
, BIOS.
.
.
, , .
. ,
.
.
.
, .
, DHCP, DNS WINS.
- . ,
, .
. ,
, (
).
, .
, .
, .
- , Windows
Server 2003, ,
Active Directory,
. . 5.


, , ,
. ,
, -. , ,
.
.
( )
.
.


.
.
. ,
,
.
( , , ,
?), .
, -, ,
.



, ,
. , , .
,
.
,
.
, , , ,

.



, .
, , ,
.
,
. ,
? ?
,
.
(Performance Console). (
Windows, Windows 2000, Performance Monitor)
.
,
, , .
(System Moni
tor). Windows Server 2003.
(Network Monitor).
. (frames) ,
,
.


, ,
. -, ,
Windows Server 2003 ,
. -, , ,
.

. , , Active Directory
, ,
.


, ,
. ,
.
.
1. ?
2. IP- .
3.
Windows.

, , ,
IP- .
.
- .
,
.
,
.
,
.
.

3.

,
, , ,
. Active Directory ,
, .

, :
S
S
S
S

;
;
;
.

30 .

Windows 2000
Active Directory, ,
. ,
, , .
, , ,
, .


, . 2-4.
, .
.
.
treyresearch.com

i
cpancll.com

/ treyresearch
com

/ \

/
/

, treyresearch.com

. -

/f
/

treyresearch.com


research.
dallas.
cpandl.com

. 2-4.

Windows 2000

:
;
;

;
(shortcut trusts);
;
Windows NT 4.0.


, ,
, OU.
, . 2-5.

. 2-5. OU
OU :
, OU ( OU);
OU
. OU,
OU, ;
(Group Policy Objects, GPO), OU.
OU
- , . ,
OU
, OU .

,
. ,
OU, .
OU ,
, .
, OU
OU.
, OU, ,
.

g2


, ,
.
,
.
-
, ,
.
, ,
, (operations master roles)
.. . 1.
.
(bridgehead server)
Active Directory.
, ,
DNS, DHCP, .
, ,
,
.

Windows NT 4.0
Windows NT 4.0,
,
Windows 2000 Active Directory. Windows NT 4.0
, . Windows NT 4.0
(primary domain controller, PDC)
(backup domain controllers, BDC); ,
, Windows NT
.

. ,
Windows NT 4.0
. Windows 2003 OU, .
, , (
), OU .
(
), , .
,
, , OU
.
Windows NT
, :
Active Directory;
;

;
.

,
, Active
Directory .
,
. 2-6.
:
;
;
;
.

. 2-6.
Windows NT 4.0

. .
IP- . ,
. , DNS, DHCP,
Internet Information Services (IIS),
. , ,
, . ,
, .

.
,
.

, . ,
. .
. ,
. ,
.

Windows 2003
Windows 2003
,
Windows Server 2003.


(domain functionality) ,
. .
Windows 2000 ( ) (Windows 2000 Mixed).
. ,
Windows NT 4.0, Windows 2000 Windows 2003.
.
Windows 2000 ( ) (Windows 2000 Native).
, Windows 2000
Windows 2003. (
Windows Server 2003) .
Windows Server 2003 ( ) (Windows Server 2003 Interim).
,
Windows 2003, Windows NT 4.0.
Windows NT 4.0 Windows 2003 Server.
Windows Server 2003. .
,
Windows Server 2003.


(forest functionality) ,
. .
Windows 2000. ;
, Win
dows NT 4.0, Windows 2000 Windows 2003.
Windows Server 2003 ( ). ,
Windows 2003,
Windows NT 4.0.
Windows NT 4.0 Windows 2003 Server.
Windows Server 2003. .
,
Windows Server 2003.
Windows 2003 .
Microsoft Windows Server 2003 Resource Kit.

,
Active Directory. ,
.
.

Northwind Traders ,
. Northwind Traders
Microsoft Windows NT 4.0 (master domain model)
.
.

, ,
. ,
Windows Server 2003 Active Directory,
.
,
.

2 000

1000

750

750

500


. -
. - -
-. -

, ,
- - (research
and development, R&D). Ton-
R&D.

. , - VPN-
.

***'4*^


.
1. Windows NT.
2. Northwind Traders ?
3. Northwind Traders?


, ,
. ,
.
.
1. Active Directory ,
Windows NT 4.0. 12 Windows NT 4.0 300
Windows 98, Windows NT 4.0 Workstation Windows
XP Professional. .
Windows NT 4.0 .
.

- ?
2. Windows 2000 Active
Directory. ,

.
?
3.
Windows NT 4.0 Windows 2003,

Windows 2000,
,
.
Windows 2000 OU ,
.
Windows NT 4.0, ,
.
, .

Contoso Ltd.,
, .
Windows NT Server 4.0.
Windows 98 Windows 2000 Professional. Contoso
. ,
Windows Server 2003
Active Directory.
Windows XP Professional.


Contoso
, -.
Contoso Trey Research
, .

, Contoso
() - ().
, -.
- ( ).
(Trey Research) .
, -,
.
.

gg


256-
Frame Relay, - 128-.
- 64- Frame Relay.
(backbone) 155- ATM. 10/100- .
, 10/100- .

, .
Dallas,
.


.
, ,
, .
, -
. .

-
- , . -. -
.

.
1. .
?
2. ,
.
- ?
3. ,
.
?
4. , Active Directory ?

: , ,
. (
)
.

:
( ) (
,
).
, ,
.
, , ,
IP- .
.
- .
,
.
,
.
,
.
.
Windows 2000,
,
.
Windows 2000 OU ,
.
Windows NT 4.0, ,
.
, .

01
, ,
, , .


, IP- , Active
Directory .

, . . ,
OU.

Windows Server 2003 Windows.
Windows 2003,
. Windows 2000,
, Windows NT 4.0 .
,

, . ,
.


/ ~ centralized/decentralized
OU
. OU
.
WAN- ~ WAN link (LAN),
. WAN- ,
, LAN.
WAN-.
~ functional level ,
Windows,
. , .

1.
1. , ,
?
: , , ,
, ,
.
2. ?
: ,
, ,
, .
3.
. 1.
, 64- .
?
: 64- ,
- .
,
.

2.
1. ?
:
, ,
, , , .
, .

71

-. IP- .
: , ,
, DNS-.
, DHCP , , .
3.
Windows.
: (Performance) (
Performance Monitor Windows)
. (Network Monitor)
.

3.
1. Windows NT.
:
,
, .
.

. - \
- \

/
/

\ *
\

*~~--~-^/
V
/ -isc>3so-i \
\

Xorthwind Traders ?
: ,
. - , , -,
.
Northwind Traders?
:
-.
.

72

3.
1. Active Directory ,
Windows NT 4.0. 12 Windows NT 4.0 300
Windows 98, Windows NT 4.0 Workstation Windows
XP Professional. .
Windows NT 4.0 .
.

- ?
:
OU .
,
, WAN-
.
2. Windows 2000 Active
Directory. ,
.
?
: , OU
. ,
OU. ,
.
3.
Windows NT 4.0 Windows 2003.
: .
Active Directory.
. .
.


1. .
?
:
, .
. , ,
.
WAN- .
2. ,
.
- ?
:
. .
; ,
.

,
.
?
: .
( , ) .

.
,
.
, Active Directory ?
: , ,
.
-, OU .
.
,
.
. .


Active Directory

1.

75

2.

86

Active Directory -
:
Active Directory;
Active Directory.
Active Directory:
;
Active Directory;
NetBIOS-.


,
Active Directory,
. ,
, ,
Active Directory. ,
, , ,
, ,
.

. ,
Microsoft Active Directory.



Active Directory, 1.
Active
Directory (. 2).

jg

1.

Active Directory
, . ,
. ,
.
, :
S Active Directory;
S ;
S ,
.
40 .


Active Directory (. 3-1).
,
, , ,
. , Active
Directory ,
, .
.

contoso.com
. 3-1. Active Directory

,
- .
, -
.
,
. ,
, , ,
,
.
Active Directory , Win
dows NT. , Windows NT, -

JQ

Active Directory

(Security Accounts Manager, SAM) 40 000


. Windows NT Active Directory
. Active Directory
: (OU) .

OU. Active Directory
, .
Active Directory Windows NT (
),
.
OU , . OU
. OU (
OU OU), .
, OU -
. , OU
,
;
. . 3-2 , OU
. OU 4.

. 3-2. OU

OU ,
, ,
, WAN. ,
IP- .
1 /. ,
(LAN). LAN
WAN, LAN.
5.

;.1~; 1

- ( )
~:: : .
;:. , , ,
;_ , . , ,
: :~. ,
^ . ,
~:.~ , . ~.~- , , , , , .

. , , :
:, , . .
: ,
Active Directory, . -, Active Directory

. -,
WAN- , .
,
.
,
, ,
Active Directory. OU ,
. ,
. , .
.


,
.
, .
,
, .

,
. , , ,
, ,
,
. . 3-3 ,
.
( . 3-4 , ),
, OU .

78

Active Directory

houston.
contoso.com

atlanta.
contoso.com

. 3-3. ,

chem. research.
contoso.com

robotic.research.
contoso.com

. 3-4. ,
,
.
.
. ,

, .

.
, .
-, .
,
, .
WAN-
, , .
,
.
, , WAN-
.
.
, .
,
, . ,
,
hr.contoso.com sales.contoso.com, ,
contoso.com.
Windows NT.
Windows NT, , ,
Active Directory.
(schema master) ,
.
,
Active Directory. ,
, , .

,
0U, ,
. , ,
, .
0U,
( , 0U).
, ,
, .
.
, ,
,
. , ,
, ,
, , .
.
,
.

, .

QQ

Active Directory

,
.
. ,

, (shortcut
trust). : ,
.
,
(. 4).
, ,
(Enterprise Admins).
. ,
, (Do
main Admins).
.
,
,
. ,
.
, (trust links),
.

, Active
Directory; . ,
( ), (distinguished name, DN)
DNS- .
.
.
, ,
. ,
. , ,

. ,

(Enterprise Admins)
(Schema Admins). :
,
. ,
( ), ,
.
Windows Server 2003 ,
( ),
.
, , , .


,
. , ,
, , ,
. , ,
. ,
, DNS.

, ,
. . 3-5
.

fabrikam.com

us.sales.
contoso.com

asia.sales.
contoso.com

, 3-5. ,

, :
DNS.

( ),
.
DNS, DNS-,
.
, ,
. , ,
.

Active Directory

, LDAP- (Lightweight Directory Access Protocol),


Microsoft,
LDAP- .
.
:

. ,
. . 3-6 ,
. 3-5, .

us.sales.
contoso.com

asia.sales.
contoso.com

. 3-6. ,


,
, , ,

. , ,
.
.
.
,
. ,
Windows Server 2003, (forest trust),
.
,
, .
. ,
, , , -

. , ,
Windows 2003, . .
Windows Server 2003.
,
. ,
. .
. ,
, ,
,
. ,
, ,
.
.
, , ,
.
-
, . , -
, (
- ),
-, Active
Directory. -
-,
.
.
,
. ,
. ,
.
,
, ,
, . ,
, .
.
.
,
.
, ,
.
, ,
, (user principal name,
UPN) .
.

-, ,
- .
.
.
.

Active Directory

.
DNS- ,

.
(ACL)
,
, ,
.

,
, , ,
, .
,
.
. Windows Sei'ver
2003, , , , .

.

Northwind Traders. ,
.
.

Northwind Traders ,
. Northwind Traders
Microsoft Windows NT 4.0 (master domain model)
.
.

, ,
. ,
Windows Server 2003 Active Directory,
.
,
.


2000

1
()

1000

750

750

500


. -
. - -
-. -

, ,
- - (research
and development, R&D). Ton-
R&D.

. , - VPN-
.

V
4


, .
1. ? ? ?
2. Northwind Traders .

Active Directory

Fnasa 3


, ,
. ,
. .
1. ,
.
?
2.
?
3. ?
?
4. ?

,
, .
,
, ,
.
,
DNS.
,
/ - .

2.
, ,
, .
LDAP (Lightweight Directory Access Protocol), , Active Direc
tory, .
, :

S
/
S
S

, Active Directory;
;
NetBIOS;
Active Directory.
20 .

Active Directory
LDAP ,
. , LDAP ( Active Directory),
, , . ,
LDAP, .

Active Directory ,
Active Directory. ,
. , Active Direc
tory ,

. , ,
. ,
. Active Directory ,
Active Directory .
:
(relative distinguished names, RDN);
(distinguished names, DN);
(user principal names, UPN);
.


(RDN) ,
. ,
. , :
CN=wjglenn,CN=Users,0C=contoso, DC=com

CN=wjglenn. RDN
(OU) Users. RDN ,
Common Name.
Active Directory RDN ,
, ,
RDN.
( ,
) ,
LDAP- .
,
DC Domain Component, DNS-
ORG.
OU Organizational Unit, ,
.
CN Common Name, ,
Active Directory.


(DN),
, ,
. DN DN
, DN ,
.
:
CN=wjglenn,CN=Users,DC=contoso,DC=com

Active Directory

DN , wjglenn Users,
contoso.com. wjglenn
, DN
. DN ,
(fully qualified domain name, FQDN)
DNS. DN .


, .
. , ,
:
contoso.com/Users/wjglenn
, .
,
LDAP- ( CN DC).


(UPN), ,
_@_.
,
. , Active Direc
tory .
, .


, Active Directory
,
Active Directory; .
, ,
.
,
.
. ,
.
1.
: (domain naming
master) RID (relative ID master). , ,
, (security
principals).
.
. ,
(security identifier, SID)
. ,
, (Enter
prise Admins).

, , ,

.
FSMO (flexible single master operations).
RID. RID
. ,
RID : RID.
Active Directory,
RID 500 RID,
.
400 RID, RID 500 RID.


,
Active Directory, DNS. DNS
IP- , Active
Directory. , Active Directory DNS .
6
DNS, DNS
,
Active Directory.
DNS
. , contoso.com
sales.contoso.com, europe.sales.contoso.com.
, DNS, . .
( ).
Active Directory , DNS.
Active Directory,
. .
,
.
Active Directory DNS,
NetBIOS- (Network Basic Input/Output System)
, Windows -
Windows Server 2003. DNS-
NetBIOS ; (,
. .) , IP-.
Windows ,
NetBIOS-. Windows NetBIOS-
, ,
. NetBIOS-.
Active Directory DNS, NetBIOS-
. NetBIOS- - .
DNS
DNS, .

Active Directory

NetBIOS- DNS-,
.
NetBIOS- SALES.
(FQDN) sales.contoso.com.
NetBIOS- DNS-.
NetBIOS- 16 ,
NetBIOS-. DNS
64 , , DNS- 15
NetBIOS- .

. , NetBIOS- DNS. , ,
.
Active Directory, DNS-,
NetBIOS (. . DNS- 15
). , , DNS, NetBIOS,
. ,
. ,
, .

DNS-
Active Directory DNS ,
,
,
DNS- .
.
DNS-
Active Directory. , Microsoft
. ,
.
, DNS (service
records, SRV). , DNS-
, Windows 2003 Server.
DNS-
Active Directory , Microsoft. ,
, ,
, , , -
, , .
,
DNS-.

Active Directory
DNS-. ,
fabrikam.com.
internal.fabrikam.com.

DNS-.
, Active Directory
.
.
,
DNS-. ,
, ,
.


, ,
. .
, .
, : az, 09
(-). DNS Windows Server 2003
,
DNS.
,
NetBIOS.

.
DNS-, . ,
contoso.com. contoso.com
, ,
contoso.com (, sales.contoso.com).
. ,
(,
microsoft.com , ), .
- .

,
. ( contoso.com
local.contoso.com).


(security principal objects) Active
Directory,
.
( ,
) , . ,
, .
,
:
, ;
, ;
, , , . .

Actiwe Directory

,
.
Unicode-
LDAP, ,
: # , + \ < >.
, ,
:
20 ;
15 ;
63 .
,
, @.
.

. , wjglenn hr.contoso.com
sales.contoso.com. , ,
Active
Directory .


, ,
. ,
.
.
1. ,
, , .
2. DNS NetBIOS?
3. , ,
DNS- proseware.com.
, .
DNS-?
4. , , .
, Keith Harris.
,

kharris. , ,
?
a. .
b. ,
.
c. ,
.
d. Active Directory
.

Active Directory : (distinguished names),


(relative distinguished names),
(user principal names).

: ( ) RID
( RID ).
DNS , Net
BIOS . Active Directory
. NetBIOS- ( ) 15 ,
DNS- 64. ,
( 15 ).
DNS- .
Active Directory
DNS- . Active
Directory DNS-.
, .

Active Directory Fourth


Coffee - .
Windows NT Server 4.0.
Windows 98 Windows NT Professional 4.0. Fourth Coffee
,
. ,
Windows Server 2003 Active Directory.
Windows XP Professional. ,
}'.


Fourth Coffee

. Fourth Coffee ,
, .

Fourth Coffee ( ). , Fourth


Coffee ( ) ( ). 5
, ,
.-:: -. -,
.

Active Directory

Northwind
Traders .
, -.
- ,
- .
, northwindtraders.com,
.


- 512-
Frame Relay.
,
, 64 /.
10/100 /.
Windows NT,
, .
, , WAN-
.
. -
.


.

Northwind Traders northwindtraders.com
Fourth Coffee.
northwindtraders.com .

-
-
. , .
- .
- .

.
1.
, ,
.
2. ,
.
, ?
3. , ,
. ,
,
DNS- fourthcoffee.com.
. ?


4. , Active Direc
tory, DNS-? NetBIOS-?
- , ?

,
, .
,
, ,
.
,
DNS.
,
/ -
.
Active Directory : (distinguished names),
(relative distinguished names),
(user principal names).

: ( ) RID
( RID ).
DNS ,
NetBIOS . Active Directory
. NetBIOS- ( ) 15
, DNS- 64. ,
( 15 ).
DNS- .
Active Directory
DNS- . Active
Directory DNS-.
, .


, ,
, , .

OU,
OU (, , ).
,
DNS .

. .

Active Directory

DNS-
Active Directory , Microsoft.
, ,
.


NetBIOS ,
Windows. Active Directory
DNS, NetBIOS , -
.
/ ~ autonomous/isolated. ,
-
,
Active Directory. ,
, ,
.
~ forest root domain ,
Active Directory; . ,
( ),
DNS- .

1.
1. ? ? ?
: Northwind Traders .
. R&D,
.
. , .
2. Northwind Traders .
:
. Northwind Traders
(NWtraders)
. R&D .

R&D

NWtraders

1.
1. :-,
. .
?
,
: ..
1> >
i
> (
); ) ! i
> "- ,
>.
"
WAN- , ^ <
" , )
> i
^
i \ ,
Windows NT 4.0; ) ' ^ i"
^ > < ^
, , , i . .-i
2. i J ^ ->
LTBC
?
:
(Enterprise Admins)
(Schema Admins), ;
; ,
( )
.
3. ?
?
:
DNS.
DNS
.
4. ?
: .
,
.
, ,
.

2.
1. ,
, , .
: ;
, .
;
.
( , ), .
Active Directory
.

ftctiye Directory

2. DNS NetBIOS?
: DNS ,
NetBIOS . NetBIOS-
Windows. DNS-
64 , NetBIOS- 15.
3. , ,
DNS- proseware.com.
, .
DNS-?
: DNS-
proseware.com Active Directory.
proseware.com (
sales.proseware.com).
4. , , .
, Keith Harris.
,

kharris. , ,
?
a. .
b. ,
.
c. ,
.
d. Active Directory
.
: .


1.
, ,
.
: - ,
. , ,
. ,
.
, fourthcoffee.com, -
.
.
,
northwindtraders.
2. ,
.
, ?

: ; ,
.
WAN-
OU, .
:

.
3. , ,
. ,
,
DNS- fourthcoffee.com.
. ?
:
DNS- fourthcoffee.com.
(. 3-7).

LA
fourthcoffee.com

L\ LA LA
nashville.
fourthcoffee.com

. 3-7.

rome.
fourthcoffee.com

houston.
fourthcoffee.com

fourthcoffee.com

4. , Active
Directory, DNS-? NetBIOS-?
- , ?
: fourthcoffee DNS
NetBIOS, 64 15 .
northwindtraders ( 16 )
NetBIOS. DNS- NetBIOS-,
. ,
.
, NetBIOS- northwindtrader.


iOi

1. OU

101

2.

117

3,

126

Active Directory, -
:
(OU).

OU:
OU;
OU, .

:
;
, ,
.

:
;
;
;
.

:
;
;
'' .

:
GPO;
GPO;
;
.

, Active Directory
. ,
.

. ,
.

(OU) .

, .
.


Active Directory - . 1. ,
Active
Directory . 2.
Active Directory (. 3),
, , 3 .

1. 0U

(OU) .
,
. ,
.
, :
S , OU;
S OU
;
S OU;
/ .
- 40 .

0U
1, OU ,
. OU
.
OU :
;
;
;
;
;
;
;
OU.
OU .
DNS, ,
OU. OU
, . , OU
,
.
OU
, ,

. OU , , OU . :
;
;
.
OU
.
OU, ,
, OU,
. OU
.
OU -
, .
, WAN-
, (. 5),
OU , OU
.

0U

OU
, -. OU,

,
Active Directory , OU ,
.
: OU ,
, ,
, OU
. ,
OU, ,
.
OU, ,
(. . ).
OU,
: .
.
,
OU, (. 4-1),
, OU.
OU,
:
;
;
;
;

OU.
/

/.

(Domain!

(Builtin)
(Computers)

, "->

(Domain Controllers)
(Users)

<^>

(Accounts)
- , ^

(User Accounts)

"" * V *

(Admin Accounts)

- **>

(Groups)

. 4-1. OU,

t14

, OU,
, .
1. , ,
( . 2).
2. OU , .
3. OU ,
1.

Apxiiienypas
, ,
, ,
, . :
, ;
;
' ;
.

0U
Active Directory
. ,
OU, ,
OU ,
(,
). ,
, OU, OU
. .
OU ,
,
OU, ,
. OU ,
- ,
U .
. 4-2.
OU
.
OU,
, . ,

, .

. , (
, ,
), -,
. OU
, ;
(. 4-3).

(Builtin)

(Computers)

(Domain Controllers)

(Users)

Domain
Admins


(Admin Accounts)

User
Admins

(Groups)

Group
Admins

(Accounts)

**>*

. 4-2.


(User Accounts)
"*~

OU

. ,
, .
,
.
. , , , OU
,
.

OU ,
, , OU, ,
.
OU
, ,
. ,
( ).
OU, ,
.
OU ( OU )
,
. : OU
OU.
, .

/
/
/

(Builtin)
(Computers)
(Domain Controllers)
(Users)

~ ^$>,
^f>

* <>,.

. 4-3. OU ,

OU . :
,
.
. OU,
,
. OU
, OU.
, .
, ,
, , OU,
.
OU, OU,

.

0U

.
, , ,
, . ,
OU ,
(List Contents) OU. , , -

-j gy

: , .
. 4-4.

; Domain)

(Builtin)
(Computers)
(Domain Controllers)
(Users)

--i<> j

(Users)

< ^Sjj (Hidden)


. 4-4. OU
,
, , -

.
OU,
. OU,
. OU,
, .

OU
3.
,
OU .

.
( , ) .
(Group Policy Object,

108

GPO) , ,
. GPO, , OU.
GPO ,
, OU.
. ,
, GPO, ,
,
, .
, GPO.
GPO OU . GPO OU,
,
.
. GPO OU ,
GPO. GPO,
OU , OU;
, , OU,
GPO.
OU,
,
OU, . ,
OU OU,
, OU OU
, .
OU, ,
.
OU , GPO.
GPO - ,
, .
OU , ,
OU , .
OU,
OU, GPO.

OU
Active Directory OU,
.
(Domain). Active Directory.
, ,
.
.
(Built-in).
, .
(Users).
, .
, .
,
OU . ,

(Users) GPO.
, OU .
(Computers).
, .
(Users), GPO ,
OU.
OU (Domain Controllers).
. OU
.
, -,
, OU. OU
. OU ,
.
,
.
, , OU
OU. OU
. ,
, ,
.


OU , OU.
, OU, , OU
( ).
. ,
OU,
OU,
. , ,
,
( ).
OU .
OU , ,
.
, .
,
, .
, OU,
OU.

0U
OU . ,
, .
OU , OU .
OU:
;
;

11Q

;
, ;
, .
OU, ,
, , . , ,
OU . . Microsoft
Windows Server 2003 Deployment Kit, Microsoft Resource Kit (Micro
soft Press, 2003), Active Directory no http://www.micwsoft. com/technet.


OU (. 4-5)
, .
, ,
.

(Builtin)
(Computers)
(Domain Controllers)
(Users)

JS2L
KLf

. 4-5. OU

, :
OU .
, , , ;

-J -J ^

-
;
, ;
OU
.
, :
, ,
, ;
- .
(
) ,
OU , .
5.


OU (. 4-6)
-,
. ,
.

/
/
/

(Domain;

\
\
(Builtin)
(Computers)
(Domain Controllers)
(Users)


. 4-6. OU
-

112

, :
-
;
;
, .
.
. -
OU.


OU (. 4-7)
, -,
. , .

(Builtin)
(Computers)
(Domain Controllers)
(Users)

__
*y>j
^JSILI

. 4-7. OU
-

.
.
OU,
, , .

"

,

(. 4-8) OU ,
, , OU
, .

I . _ ,'- (Builtin)
1 ..__.
LllSL'

(Computers)
(Domain Controllers)
(Users)

Go,I
>J

. 4-8. OU ,

:
;
.
:

;
,
.

114

,

(. 4-9) OU ,
, OU ,
.

/
/

.'Domain)

(Builtin)
(Computers)
(Domain Controllers)
(Users)


-
5

. 4-9. OU ,

:

.
, ,
.

. OU
OU Northwind
Traders. ,
.
.

115

Northwind Traders ,
. Northwind Traders
Microsoft Windows NT 4.0 (master domain model).

, , .
,
Windows Server 2003 Active Directory,
.
,
.

2000

1000

750

750

500


.
, .

NAwest

AsiaPacific


(R&D)

Glasgow

Corp

j -j g

Northwind Traders ,
.
RDNwtraders.local

NWtraders.local

Glasgow
Asia Pacific

NAeast

R&D

NAwest

Corp

NWTraders


OU
Northwind Traders.
.

nwtraders. local
Corp.nwtraders.local
NAwest.nwtraders.local
NAeast.nwtraders.local
Glasgow. RDNwtraders .local
AsiaPacific. nwtrade rs. local


, ,
. ,
. .
1. OU?
OU ?
2. OU OU ?
3. .
, . ?
4. OU ? ?

OU,
, .
, .
OU , ,
.

,
, .
OU ,
, ,
, OU
.
.
, ,
.

2.

OU
.
, , .
, :

S , Active Directory;
S ;
/ .
- 25 .


Active Directory ,
(security principal),
. Active Directory ,
. ,
.
. ,
Microsoft Windows NT, Windows 2000, Windows XP Windows Server 2003,
.
, .
.
. - Active Directory
. ( )
,
.
. , ,
. ,
,
.

j $ g

InetOrgPerson. InetOrgPerson
, InetOrgPerson
, LDAP (Lightweight
Directory Access Protocol). Active Directory
.
. , Active Directory,
.
. , ,
.


,
, , .

,
(member servers)
, .
OU
, ,
. , ,
,
, ,
.
, ,
. ,
,
, .
, .

, , . ,
DAL-SVR1, , ,
. BPOTTER1, ,
(Barry Potter),
.


,
, , ,
. ,
, .
, ,
.

.

. Active Directory

(Access Control List, ACL),


, .


Windows Server 2003 .
.
.

, .
,
,
(Computer Management) (Local
Users and Groups). ,
,
Active Directory (Active Directory Users
and Computers) (
Active Directory).
. Active Directory
.
Active Directory
(Active Directory Users and Computers).
,
.


Windows ,
. ,
: (Administrator) (Guest).
,
(Administrators).
,
.
;
(Domain Admins) [
, , (Enterprise
Admins) (Schema Admins)].
, (
).
.
(Guest)
. ,
, ,
. ,
(Guests). , ,
(Domain Guests).
. , ,

120

. ,
/ .



.
.
,
.
(), .
OU,
.
20 ,
, Windows 2000, 20
. . ,
Windows 2000,
: " / \ [ ] : ; | = , + * ? < >.
, ,
,
. ,
,
,
.
.

.
, ,
.
,
.


,
. Windows
Server 2003 ,
. , Windows Server 2003 ,
(Administrator).
, Windows ,
. ,
.
,
, .
.
, ,
24 .
,
.

,
. Microsoft 42
, Windows Server 2003 .
, , ,
.
, .
,
, ,
. Microsoft .
.
, .
.
, .


,
,
. ,
.
.
.
,
.
,
.
, ,
.
. ,
, , ,
.
, ,
.
( ),
. , , ,
, .
, ,
.
(tickets).
, ,
.
, ,
,
. GPO (Default
Domain GPO) 10 ,
. ,
- .

122

,
.

(Run As).
. ,
(Administrators).
OU.
* (Admi
nistrator) (Guest). ,
.


. ,
,

. ,
.
,
.
.
Active Directory
.
.


Windows Server 2003
. Windows .
(security groups).
.
; ,
. , ,
, . Windows
.
(distribution groups).
, Windows, , .

. .


, Active Directory
. Windows Server 2003
: ,
.
,
. :

, ;

Windows
2000 Windows Server 2003 (. . Windows 2000
2003), , ,
;

.


,
(
).
:

;
Windows 2000 Windows Server 2003,

.


.
:
, Windows
2000 Windows Server 2003;
;

;
,
;

.

. 4-1 ,
, .
. 4-1.

,
,
Windows 2000
Windows Server 2003

,
,

(G)

(DL)

,

;

(U) ,

,

,

124


Active Directory (. . ).
. ,
(. 4-10).
( Dallas Junior Admins).
Junior Admins
.
,
.
,
. , .
, .

. 4-10.


,
.

, .
, :
;
64 ;
,
Windows 2000. : " / \ [ ] :; ] =
, + *?<>;
, Windows .


,
. ,
.

-f 2 5

.
.

. .
, ,
,
. .
,
.
, . ,
Executives ( ).
.
.
. .

.
, ,
.
.
.
1. .
2. .
3. .
4. .

, Microsoft,
: AGUDLP. (accounts, A)
(global groups, G),
(universal groups, U), (domain local groups, DL),
(permissions, P).
All Good Users Do Love Permissions (
).

.

,
. ,
( ) ,
. ,
; .
1. ?
2. ?
3. ?


, ,
. ,
. .
1. Active Directory Windows
Server 2003?
2. .
?
3. ?

Windows Server 2003 Active Directory :


, , , InetOrgPerson.
, ,
.
,
Active Directory.

.

, .
, .
, Active Directory
.
, .
, ,
, ,
, .

3.

,
. ,
.
Windows Server 2003
.
, :

S , ;
S , (GPO);
S .
40 .

-{27


,
, , OU Active Directory.

(Group Policy Object, GPO).
Windows 2000, Windows Windows Server
2003 ( , Active Directory )
GPO, , .
Active Directory,
GPO, .
.

(Computer Configuration)
, ,
.

(User Configuration)
, ,
.
( ),
: (Software Settings), Windows (Windows
Settings) (Administrative Templates).


(Software Settings) ,
,
.
Windows 2000 Professional, Windows 2000 Server, Windows Professional, Windows
XP 64-Bit Edition Windows Server 2003 . ,
,
.
.

Windows (Windows Installer service) ,


Win
dows (Windows Installer packages) (. ).

Windows (Windows Installer Packages)


, Windows Installer ,
. Windows Installer Package
msi.
Windows Installer .
,
.
:
(publishing) (assigning).
, , (Start)
. (advertising)
. ( ,
), . -

128

,
.
, ,
, .
.
(Add/Remove Programs)
(Control Panel) , ,
.

Windows
Windows (Windows Settings)
, Windows.
(Scripts).
, .
,
.
ActiveX, VBScript, JScript, Perl,
MS-DOS .
(Security Settings). ,
.
Internet Explorer (Internet Explorer Maintenance).
. Internet Explorer
.
(Remote Installation Services, RIS). RIS

.
. .
(Folder Redirection).
.
Windows [ (My Documents), (Start Menu)
Application Data], .
.

(Administrative Templates),
, ,
. . 4-2.
. 4-2.


(Control Panel)

(Desktop)

3
. 4-2.

-|29

()

(Network)


(Offline Files)

(Network and Dial-Up Connections)

(Printers)

(Start
Menu and Taskbar)

(System)

/ (
), /
( )

Windows X
(Windows Components)

Windows
(Windows Explorer), Internet Explorer
Windows Installer

GPO
GPO, ,
, , GPO
. GPO .
GPO GPO
, GPO.
GPO GPO, ,
. , , ,
, .
GPO, ,
GPO.
GPO GPO, ,
, . ,
, ,
, .
GPO, , ,
.
GPO OU GPO, OU,
. , OU,
, /,
. OU.
GPO, OU,
Active Directory, OU,
.. OU GPO, ,
, .

130

,
GPO, , GPO, GPO,
Active Directory. GPO Active Directory
(),
() , , (OU).



. ,
. , GPO ,
, . ,
,
, , , .
GPO ,
, . ,
OU , OU
, .
, ,
, .
(General) GPO
, GPO.
.
, ,
. ,
, .

, .
,
.
(No Override). GPO ,
, , GPO,
GPO, . ,
.
(Block Policy Inheritance).
GPO,
. ,
, .
,
.
, OU,
, ,
.

-jg-j

, ~ . , :
GPO, GPO , OU. ,
, GPO ,
. GPO , OU.
GPO
,
, , GPO OU, 500 20 ,
, .
,
.
" : (Read) ( : ,
) (Apply Group Policy),
.
, , .

GPO
GPO,
, OU. GPO
, GPO OU.
GPO
GPO, ,
. , GPO
. GPO
. , ,
,
. GPO
.
GFO
GPO ,
GPO OU, .
GPO .
,
, , GPO .
, , ,
.
GPO, .

132

GPO 0U
GPO OU,
. OU ,
,
. , OU .
OU, OU
OU.

(Users) (Computers) .
GPO . ,
GPO, ,
,
OU, GPO.
Windows Server 2003 ,
,
. redirusr.exe ,
redircomp.exe . OU,
, OU,
GPO. , OU
New Users, OU GPO ,
OU New Users.
, GPO.

.
%windir%\system32 ,
Windows Server 2003.
324949 Redirecting the Users and Computers Containers in Windows Server 2003 Domains
Microsoft Knowledge Base http:/support.microsoft.com.

GPO

.
,
. , , ,
, , GPO.


, GPO,
. ,
, ,
, OU. ,
, OU
.

-jgg

, , OU,
.
, , ,
.
, OU, OU OU
OU.
,
OU.
, , ,
, ,
GPO.
GPO, :
GPO, ,
;
GPO, ,
;
GPO, OU,
OU.

,

Active Directory.
.
Windows 95/98/ .
Windows NT 4.0 .
Windows 2000 Professional Server
, Windows Server 2003, .
.
Windows XP Professional, Windows XP 64-bit Edition Windows Server 2003
.
, Windows 2000 Professional
, Windows Server 2003, Micro
soft Windows Server 2003 Deployment Kit (Microsoft Press, 2003).

.

(OU)
Northwind Traders.
,
. .

134

Northwind Traders Active Directory.


OU. .

OU

Nwtraders.local

HQ Management
Finance
IT

Corp.nwtraders.local

NAwest.nwtraders. local

Sales
Marketing
IT

NAeast. nwtraders. local

Customer Service
Customer Support
Training
Glasgow.RDNwtraders.local
Development
Sustained Engineering
IT

AsiaPacific.nwtraders.local

Research

Consulting
Production

,
, .


,

.
,
.

IPSec


,
.


,

, ,

()

,
,
IPSec.


,
.
, ,

, OU ,
. .
1. OU ?
2. ?


, ,
. ,
. .
1. ?
?
2. GPO ? ,
GPO Active Directory?
3. GPO, OU,
. , , GPO,
, OU, .
?


. ,
,
Windows , ,
(Administrative Templates).
,
. GPO
, OU. GPO, -

138

. GPO
OU.
OU GPO.
: ,
GPO, , .
, GPO, ,
(No Override),
GPO, .
GPO
.

Humongous
Insurance, .

Windows Server 2003 Enterprise Edition.
Windows NT Professional 4.0, Windows 2000 Professional Windows XP
Professional. Humongous Insurance ,
OU, .


Humongous Insurance
,
.

Humongous Insurance - (
). , Humongous Insurance
( -) ( ).
, .
-,
. -
, . , -
- .


, - 1-
Frame Relay.
.
humongousinsurance.com.
, - ,
.
WAN-.

-j^j

-
- - .
, . -
. - .

- - ,
. , ,
. ,
,
. .
, 12 .
5 ,
, .
, - ,
,
. ,
. ,
.

, .
1. OU , .
?
2. ,
?
?
3.
? ?
4.
?

OU,
, .
, .
OU , ,
.
,
, .
OU ,
, , -

138

, OU
.
.
, ,
.
Windows Server 2003 Active Directory :
, , , InetOrgPerson.
, ,
.
,
Active Directory.

.

, .
, .
, Active Directory
.
, .
, ,
, ,
, .

. ,
,
Windows , ,
(Administrative Templates).
,
.
GPO , OU. GPO,
. GPO
OU.
OU GPO.
: ,
GPO, , .
, GPO, ,
(No Override),
GPO, .
GPO .


, ,
, , .

OU,
. OU
,
.
, AGUDLP.
(accounts, ) (global groups, G),
(universal groups, U),
(domain local groups, DL), (permissions, P).
GPO, ,
, GPO Active Directory. GPO
: , GPO , GPO , GPO OU.
, , GPO ,
. GPO ,
OU.


OU ~ OU model
(OU): 1) , 2) , 3)
, 4) ,
5) , .
- account Windows Server 2003
: ( ),
( Active Directory),
( ,
), ( ,
) InetOrgPerson (
; , LDAP).
~ Group Policy Windows
. ,
(GPO), GPO , OU.

140

1.
QU
Northwind Traders. .

nwtraders.local

Corp.nwtraders.local

HQ Management ( -)
Finance ( )
IT (-)

NAwest.nwtraders.local

Sales ( )
Marketing ( )
IT (-)

NAeast.nwtraders.local

Customer Service ( )
Customer Support ( )
Training ( )

Glasgow.RDNwtraders.local

Research ( )
Development ( )
Sustained Engineering ( )
IT (-)

AsiaPacific.nwtraders.local

Consulting ( )
Production ( )

1.
1. OU?
OU ?
: OU
,
. OU
.
2. OU OU ?
: OU, ,
, OU.
OU, ,
, , ,
.
3. .
, . ?
: Users OU,
GPO . OU,
, GPO OU.

4. OU ?
?
:
, -,
, OU .
,
,
-
.

2.
1. Active Directory Windows Server
2003?
: , , ,
InetOrgPerson.
2. .
?
: 24
. , , .
( Microsoft) 42 .

, , .

, .
3. ?
: ,
, .
.

3.
1. OU ?
: ,
, OTJ.
, .
OU HQ Management OU Laptops ( ).
OU ,
.
NAwest OU LaptopComputers,
.
OU Customer Support OTJ CallCenter (
). OTJ
.
.
Glasgow OU ComputerAccounts (
) redircmp.exe ,
OU.

142

2. ?
: -
, .
-.

3.
1. ?
?
:
, Active Directory.
, Windows
(Administrative
Templates).
2. GPO ? ,
GPO Active Directory?
: GPO ,
GPO Active Directory. GPO, ,
GPO, , , , GPO, OU.
, . GPO
, GPO, .
GPO, ,
.
3. GPO, OU,
. , , GPO,
, OU, .
?
: . OU
OU OTJ .
, GPO, GPO
. OU
GPO, GPO .


1. OU , .
?
:
OU , , OU,
. :
,
, .

,
.
2. ,
?
?

143

: ,
(Maximum Password Age)
30 , (Enforce
Password History) 12 .
,
. ,
,
. ,
, ,
(ticket expiration policy).
3.
? ?
: .
, .
SRV.
( ).
, ,
. , SRV-DAL-EXCH
, , Exchange
Server.
4.
?
: ,
. ,
.

1 .

145

2.

151

3.

161

4.

170


Active Directory -
:
Active Directory.
Active Directory:
;
.
Active Directory:

;
;
.
Active Directory:
,
Active Directory.

3 4 Active
Directory. ,
(OU), . ,
, .

WAN-,
.
,
. , ,

. ,
, . , ,
Windows.

Active
Directory, 1. ,
Active
Directory ( . 2).
.

1.
, . .
.
, ,
.
, :

S , ,
WAN-;
S ;
S , .
- 20 .


1, ,
IP-,
. IP-,
, , (. 5-1).
WAN-.
Active Directory
( , OU) .
Active Directory.
, ,
, (. 5-2).
Active Directory. ,
, ,
OU, .
DNS (Domain Name System),
DNS-.
Active Directory ,
Default-FirstSite-Name, .

146

. 5-1.

. 5-2.
: , , (site links),
.
, WAN-. ,
:
;
;
(Distributed File System, DFS);
(File Replication Service, FRS).


, Microsoft Windows 2000 Microsoft
Windows XP , ,
. IP- ,
, . ,
.
, .

, ,
WAN-. ,
, ,
, ,
. DNS (SRV)
,
.


Active Directory (multimaster
replication). Active Directory .
, Active Directory ,
, .
.
, , ,
( );
, .
, ,
. ,
,
(
).
.

, ,
, .
, , .
3 , .

DFS
DFS (Distributed File System) ,
,
. DFS ,
, , .
, DFS, ,
, Active Directory
, . DFS
, ,
. DFS ,
, DFS ,
Active Directory, , ,
DFS, .
DFS Windows Server 2003
Simplifying Infrastructure Complexity with Windows Distributed File System
http:/www. microsoft.com/windowsserver2003/techinfo/overview/dfs.mspx.

FRS
SYSVOL
( System Volume). Active Directory SYSVOL
, . SYSVOL
GPO, ,
, , . FRS (File Replication Service)
Windows Server 2003, ,
SYSVOL, . ,
SYSVOL, FRS .
FRS, Windows Server 2003,
Technical Overview of Windows Server 2003 File Services http://www.mkrosoft.com/windowsserver2003/techinfo/overview/file.mspx.


,
(. 2). ,
:
;
(LAN) ;
TCP/IP- ;
WAN-,
.
,
Active Directory ,
. DNS Active Directory.
, .
,
, , LAN.
.
, .
,
.
LAN LAN,
( ). , , LAN
. ,

, ,
, .
,
.
2.
, ,
, . , -

|4

, DFS,
, DFS-.
, ,
. ,
512 / 3 /.
10
/. , LAN.
LAN, WAN-,
LAN.
,

. ,
, , ,
. IP-
, . ,
,
. ,
(
) . ,
, ,
.
,
(. 5-3).
.
.
f

145
X
\

256 /
60%

1
I

192.168.1.0
\-/

1,5 /
45%

245 ^
/
=; ^

yS
/

192.16 8.3.0

7 5
X
N
/
1
I
192.168.2.0

256
30%

256 /
40%
f
65
>i
/
1

192.168,40
\
V

. 5-3. ,

150

. -, Active Directory.
,
.
, . IP- , ,
- Active Directory, .


,
.
( ).
.
.

.
: IP-,
.
.


, ,
. ,
.
.
1. ,
, -.
512 /. ?
2. ?
3. , ?

,
, Active Directory, DFS (Distributed
File System) FRS (File Replication Service).
,
,
, TCP/IP-
.
LAN ( LAN,
), ,
, , , .

2.

,

. ,
, Windows Server 2003
. , ,
,
.
, :

S
S
S
S
S

, , ;
;
;
;
.
30 .


,
, Active Directory.

. :
;
, ;
.
,

,
.
, , ,
. , , , ,
,
. , ,
, .
, ,
.
,
, , ,
,
WAN-.

152

, WAN-
, . WAN-
,
,
.
, ,
,
. ,
, ,
, ,
WAN-.
(hub site), . .
,
, ,
.
, ,
, -
,
WAN-.
, .
. ,
, ,
. ,
- ,
.
.
,
.


,
.
, , ,
, . ,
,
.
1000 ,
.
1000 10 000 ,
.
5000
. , 20 000 ,
.
, , ,
, .
, 15 , -

| gg

, ,
.
,
, ,
, . ,
,
. ,
, ,
. ,
.


, ,
.
. ,
(Enterprise Admins) (Schema Admins)
.
,

(. . ),
(shortcut trusts) .
, ,

.
, WAN- .


,
.
. (operations masters)
, ,
, ,
, .
.


Windows Server 2003 .
(Schema Master).

. ,
, Active Directory.
, , , ,
,
[. . (DC),
] (Schema

154

Admins). DC, , ,
, DC.
(Domain Naming Master).

.
. ,
;
. ,
:
. . , ,
, .
.
( ,
)
,
.
,
,
, .

Windows Server 2003 .


[Primary Domain Controller (PDC) Emulator]
Windows NT 4.0 PDC ,
Windows Server 2003. PDC
. , PDC
, .
RID [Relative Identifier (RID) Master]
(RID) .
(security identifier, SID)
. SID Windows Server 2003 .
; SID
RID.
, .
(Infrastructure Master) ,
.
,
.
.
, , .
,
,
. , ,
, .
,
, ,
.

15


, .
~ , .
, .
. :
, , ,
.
,
' ), . ,
.
, ,
.


,
Active Directory,
, .
.
,
, .
Active Directory .

. , ,
. .
, .
. , -
Active Directory. .
, .
. ,
. ,
.

,
,
, . . ,
,
.
-
,
.
. ,
,
.
.
, ,
, .
, (user
prinipal name, UPN) user@domain.com,
. ,

jgg

, . ,
, , - ,
WAN-.
Windows Server 2003
. ,

, .
,
.
, ,
. ,

.

, .
.

, .

,
.
,
, . Microsoft
.
,
, , .

, . ,
.
,
.

.
100 ,
, , WAN-
.
.
,
.
.
,
, Active Directory.

WAN-.

-| g j




, .
, ,
,
, ,
, .
, ,
, .
,
,
.


, , ,
. ,
, , ,
.
500, Windows
Server 2003 850 .
500 1500,
Windows Server 2003
850 .
1500, Windows
Server 2003 850 .
,
,
.
.
.
, 1,6
850 , 3 850 .

,
.
, , , , .
, .


,
.
, .

-j g j




, .
, ,
,
, ,
, .
, ,
, .
,
,
.


, , ,
. ,
, , ,
..
500, Windows
Server 2003 850 .
500 1500,
Windows Server 2003
850 .
1500, Windows
Server 2003 850 .
,
,
.
.
.
, 1,6
350 , 3 850 .

,
.
, , , , .
, .


,
.
, .

158

, Active Directory (NTDS.dit),


1000 400 .
, DNS.
, Active Directory,
500 .
, SYSVOL, 500 .
, Windows Server 2003,
2 .
,
,
, .
,
. , ,

50% .


,
, .
, .
500, 512 .
500 1000,
1 .
1000, 2 .

Microsoft Active Directory Sizer Tool,


,
Active Directory.
http://www.microsoft.com/windows2000/downloads/tools/sizer/default.asp.
Windows 2000,
Windows Server 2003.

.

Northwind Traders.
, .
.

Northwind Traders ,
. Northwind Traders
Microsoft Windows NT 4.0 (master domain model).
.

, , .

,
Windows Server 2003 Active Directory,
.
Northwind .
-, ,
, Active
Directory. ,
. ,
.
,
.

DCOM- (Distributed Component Object Model), .


.


.
1. ? ?
.

Nwtraders .local
AsiaPacific. nwtraders .local
NAeast.nwtraders.local
NAwest.nwtraders.local
Corp.nwtraders.local
RDNwtraders.local
Glasgow.RDNwtraders.local

160

2. ?
?
.



Nwtraders.local



RDNwtraders.local



(/)


, ,
. ,
. .
1. ?
, ?
2. , .
15 000 .
. ?
3.
?


WAN- .
,
, , ,
, , .
1000, .
1000 10 000, .
5000 10 000
. 1000
, .

. :
,
.
Active
Directory,
. Active Director,
, , .

jg-j


, .
, ,
.

3.

Active Directory ,
. ,
WAN-
. ,
.
, :
S , Active Directory
;
S ,
- ( );
S .
25 .


, Windows Server 2003
,
Active Directory. ,
,
.


Active Directory ,

.
( ) (
, ) -.

. , , ,
, . ,
, ,
. , , - .
.
.
, , , WAN- ( -

162

,
). , ,
, / . ,
,
. , ,
. , - , ,
.
, ,
Directory Services Guide,
Microsoft Windows Server 2003 Resource Kit (Microsoft Press, 2003).

WAN-. ,
LAN LAN . LAN
WAN-. ,

, WAN- .
, :
LAN, LAN.

,

, .
Active Directory.
: RPC (Remote Procedure Call) SMTP (Simple Mail Transfer Protocol).

. RPC
Active Directory,
.
SMTP ,
( RPC).
SMTP
(domain partition information) DC, . SMTP
,
(
RPC). SMTP
.


-.
- NTDS Settings,
, NTDS Settings ,
, -

. , .
Knowledge Consistency Checker (KCC)
- .
- .
(. . -
) . ,
,
.
, , Directory
Services Guide, Windows Server 2003 Resource Kit (Microsoft Press, 2003).


(site link) Active Directory,
.
. :
( WAN-)
. ,
(IP SMTP), .
, , .
, ,
, ,
.

. , ,
, WAN-
,
. ,
WAN-, ,
.
,
, ,
.
WAN-, .


(. 5-4). ,
, , .
,
, , :
;
;

.

184

. 5-4.
,
, . ,
, .
(site-link bridges) ,
. ,
.
, . . 5-5
,
. ,
,
. ,
.
. ,
,
. , ,
,
.
.

I I
V
J
%. ^S

1
^"*^

f
\
\

^
I

00

\,_
~~~-J I

. 5-5. ,

( ).
,
: (-
WAN- )
.


, ,
. 100.
, (
, Domain Controller Locator)
.
. , . 5-6.

D, ,
(600) , (1000).

. 5-6.

. . 5-1 ,
.
. 5-1.

(/)

9,6

1042

19,2

798

38,4

644

56

586

64

567

128

486

256

425

512

378

1024

340

2048

309

4096

283

166


, . . ,
. ,
, ,
, , ,
WAN- . :

WAN-, ,
, .
,
,
.
,
. ,
. 180
, . . (
, ). ,
.
, WAN-,
.


Active Directory IP
DEFAULTIPSITELINK. ,
. SMTP .
.
, .
, ,
, , , . ,
.
,
.
RPC IP
,
SMTP.

-

- (bridgehead servers),
.
, (. 5-7). ,
( )
, . ,
, -
.

. 5-7.
, ,
,
, .
, -.
Windows Server 2003 Resource Kit Active Directory Load
Balancing (ADLB),
- (,
).

.

Northwind Trad
ers. ,
. .

Northwind Traders ,
. Northwind Traders
Microsoft Windows NT 4.0 (master domain model).

, ,
. ,
Windows Server 2003 Active Directory,
.
,
.


2000

(. . .)

168

()

1000

750

750

500


. -
. - -
-. -

, ,
- -
(research and development, R&D). Ton-
R&D.

. , - VPN-
.

(-)

4 w

" - " " i


lk


Northwind Traders.

Dual
( )
Fractional El
El

34,368 /

10 /

768 /
2,048 /
1,5 /

128 /
32 /
384 /

1,544 /

56 /


, .
1. Northwind Traders,
, . ,
. , ,
.
2. ? ,
- ?


, ,
. ,
. .
1. WAN-,
?
2. , .
3. ,
.

.

.
.
- ( ),
, ,
.
Knowledge Consistency Checker ()
-, ,
.
Active Directory,
.
. , ,
. , ,

.
100.
.
, ,
, .

4.
Active Directory
Microsoft Windows NT 4 Windows 2000, ,
Windows Server 2003 .
2,
, .
, Windows NT 4 Windows 2000 Windows Server 2003.
, :

S Windows NT 4;
/ Windows 2000.
10 .

Windows NT 4
Windows NT 4 Windows Server 2003 .
, , Windows NT 4
. Windows NT 4
.
Windows NT 4 .
, Windows Server 2003
. , Windows NT 4
, Windows Server
2003
(OU).
, Windows NT 4
Windows Server 2003 :
.
,
. ,
Windows NT 4, ,
( , ) Windows Server 2003.
, OU
.

. . ,
.
Windows Server 2005,
.

-jy^


.
,
.

Windows 2000
Windows 2000,
, Windows NT 4. Active Directory,
Windows Server 2003, Windows 2000,
:
, ,
.
, ,
,
.
, , , .
Windows 2000 , ,
, - , Windows Server 2003,
, Windows
Server 2003. .
, . 1.
Windows 2000 Windows Server 2003
Windows Server 2003
Adprep.exe (Active Directory Preparation),
\I386 - Windows Server 2003.
: ,
Active Directory
.
.
Microsoft Windows Server 2003
Deployment Kit (Microsoft Press, 2003).


, ,
. ,
.
.
1. Windows NT 4 Windows Server 2003
?
2. Windows NT 4 Windows Server 2003
,
?
3. Windows 2000 Windows Server 2003
?
7 . 312

, Windows NT 4
Windows Server 2003 ,
, ,

.
Windows NT 4 Windows Server 2003
, ,
: ,
,
,
.
Windows 2000 Windows Server 2003,

.

Contoso Ltd.,
, .
Windows NT Server 4.0.
Windows 98 Windows 2000 Professional.
Contoso . ,
Windows Server 2003
Active Directory.
Windows XP Professional.


Contoso
, -
(Internet Service Providers, ISP). Contoso
Trey Research ,
.

1900
-. , Contoso
() - ().
- 185 , -. -

173

35 , - . }, .
, .
-,
.
(Trey Research) .
215 ,
-,
. .


- 512- , 256- .
(backbone) 155- ATM.
10/100- .
10/100- .
, - ,
.

, .
contoso.com, , -
. ,
treyresearch.com, .


.
, ,
, .
, -
. .

-
- .
- -.
- .

, .
1. ? .
2.
?
3. ?
4. ?

|74

,
, Active Directory, DFS (Distributed
File System) FRS (File Replication Service).
,
,
, TCP/IP-
.
LAN ( LAN,
), ,
, , , .

WAN- .
,
, , ,
, , .
1000, .
1000 10 000, .
5000 10 000
. 1000
, .

. :
,
.
Active
Directory,
. Active Director,
, , .

, .
, ,
.
.
s
.
.
- ( ),
,
.
Knowledge Consistency Checker (KCC)
-, , ~>
.
Active Directory, ;. . :-;
. , , :-:

-j j g

. , ,
.
100.
.
, ,
, .
, Windows NT 4
Windows Server 2003 ,
, ,

.
Windows NT 4 Windows Server 2003
, ,
: ,
,
,
.
Windows 2000 Windows Server 2003,

.


, ,
, , .

WAN-,
, , DFS (Distributed File System)
FRS (File Replication Service). LAN
LAN, (10 / ).
,
. ,
, , .
,
, WAN-
, , , .
, 1000 ,
, 1000 10 000, 5000
10 000 .

,
.
, ,
. Microsoft
.


. ,
, .
:
-, ,
, .


Knowledge Consistency Checker Windows-,
, -.
~ site-link transitivity . , , ,
. ,
, .
- operations masters
.
( , RID
) (
).

1.
1. ,
, -.
512 /. ?
: .
,
10 / .
2. ?
: ,
, Active Directory, DFS FRS.
3. , ?
: LAN LAN,
( ).
, . ,
, , ,
, ,
WAN- ( ).

2.
1. ? ? ;
.

Nwtraders.local
AsiaPacific.nwtraders.local

-
1

NAeastnwtraders.local

NAwest.nwtraders.local

Co.nwtraders.local

RDNwtraders.local
Glasgow. RDNwtraders .local

.
,
, . ,
corp.nwtraders.local:

. ,
(nwtraders.local).
RDNwtraders.local
Glasgow.RDNwtraders.local.
, Active Directory. ,
corp.nwtraders.local,
, , .
,
,
corp.nwtraders.local, , ,
, WAN-.
?
?
.




Nwtraders.local




RDNwtraders.local




(/)

: ,
, nwtraders.local.
,
- Active
Directory.

Jg

2.
1. ?
, ?
: ,
, .
WAN- ,
. ,
, WAN.
, ,
, (
) .
2. , .
15 000 .
. ?
: .
1000 10 000, .
5000 10 000 .
3.
?
:
.
,
.
, ,
.

3.
1. Northwind Traders,
, . ,
. , ,
.
: WAN- VPN. 64 /,
,
8 5 ,
.
(Greenwich Mean Time, GMT). , ,
.
2. ? , ;:
- ?
: .
,
WAN- .
.

179

3.
'-. WAN-,
?
: WAN-
, .
2. , .
:
. .
.
. - (
).
, .
3. ,
.
: ,
, .
.
:
.

4.
1. Windows NT 4 Windows Server 2003
?
: , Windows Server 2003 ,
,
(OU),
.
2. Windows NT 4 Windows Server 2003
,
?
: ,
, 1) , 2)
, 3)
, 4)
.
3. Windows 2000 Windows Server 2003
?
: , .
.
Windows Server 2003, ,
Windows Server 2003,
, .


1. ? .
: :
, - . ,
, : 1)
, , WAN-
, 2) -,
, 3) .
2.
?
: 1.
,
, . ,
,
.
3. ?
: -
- .
4. ?
:
,
. , 35
, , .
,
, .

DNS

1 . DNS

182

2. DNS-

188

3. DNS

199

4. DNS

202

, -
:
DNS.

DNS Active Directory:


DNS;
.

DNS-:
;
DNS Active Directory, WINS
DHCP;
;
DNS.

DNS Berkeley Internet


Name Domain (BIND) UNIX Active Directory.
DNS:
DNS;
DNS-;
DNS.

DNS.

DNS

(Domain Name System


DNS)
, ,
, , ,
. . (. 2). DNS
, .

DNS WINS, DHCP Active Directory.
DNS, ,
. DNS UNIX,
BIND- DNS Active Directory.
DNS.
DNS,
DNS .


,
1, ,
2.

1.
DNS
, ,

DNS. DNS, ,
DNS .

. 2,
.
DNS.
, :

S DNS;
S DNS-
;
S .
20 .

DNS
IP-,
. www.microsoft.com, -

DNS

172.16.45.67. (Fully Qualified


Domain Name, FQDN), -
() IP-. DNS. 1,
.
, .

DNS

, .
DNS .
, , . .
,
, DNS.
DNS,
, DNS. , DNS . ,
, . . 6-1
, DNS- .
. 6-1.

DNS

SOA (Start of Authority)

NS (Name Server)

DNS-,

A (host)

FQDN, IP-

PTR (Pointer Record)

IP , FQDN

CNAME (Canonical name)


FQDN

MX (Mail Exchange)

,
DNS

SRV (Service)

,
, ,
, Web- . .

DNS
(zone) DNS, DNS-cep .
. . ,
DNS- contoso.com, Contoso,
, ,
ftp.contoso.com, www.contoso.com, marketing.contoso.com . .

184

DNS

. Windows Server 2003


(. 6-1).
(Primary zone) DNS,
.
(Secondary zone) DNS,
.
.
, Active Directory (Active Director}' integrated zone)
, Active Directory.
- (Stub zone) , ,
DNS-.
DNS .

Active Directory

Active Directory

,
Active Directory

-,

Active Directory

. 6-1.
,
DNS .


DNS-,
DNS-.
Windows Server 2003 .
(Incremental Zone Transfer, IXFR)
.
, .
(Full Zone Transfer, AXFR) DNS
DNS- .
WAN-,
,
.
(Fast zone transfer)
, Windows Server 2003
.

BUS

DNS
, DNS
.
DNS-
DNS- .
; 4.
DNS-,
, .
DNS-.
, ;
,
, DNS-.
, . ,
DNS-.

(, ).

.

Active Directory, ,
. ,
contoso.com,
Active Directory sales.contoso.com? DNS
. 6-2 6-3, ,
2,
DNS.

Active Directory: contoso.com ( )


DNS: contoso.com ( )

. 6-2. DNS

186

DNS

*g 3oHaext-contoso.com

Active Directory: contoso.com ( )


DNS: ext-contoso.com ( )

. 6-3. DNS
Active
Directory DNS: , ,

2.


DNS .
Active Directory ?
DNS-?
? DNS ;
,
DNS.
? ,
; ,
, .

, DNS-
.
DNS- .
.
Active Directory
DNS?
: Active Directory
?
: AXFR, IXFR
?

DMS

-| g y

DNS- , (
, )?
DNS-, , , ?
,
.

BIND Windows- DNS


-,
DNS DNS.
DNS, ,
. DNS
BIND Microsoft Windows Server 2003,
: DNS.
DNS
,
, Active Directory
BIND DNS ( , , 2);
.


, ,
. ,
. .
1. ?
2. Active Directory
?
3.
DNS-,
. ?

DNS ,

Active Directory.
DNS,
. DNS , , ,
, DNS-.
DNS-
.

; DNS Windows Server 2003 :"
(IXFR), (AXFR) .

188

DNS

2.
DNS-
, , DNS,
.
DNS, Active Directory, UNIX, BIND DNS, , DHCP
WINS. , ,
, DNS
.
, :

/ ;
/ DNS Active Directory,
WINS DHCP;
S ;
" DNS;
V DNS UNIX BIND
Active Directory.
- 40 .


2 , Active
Directory, DNS.
, Active Directory.
DNS
Active Directory .
DNS

DNS
Active Directory, DNS.
.

?
? (
contoso.com.)
DNS-: ()
?
DNS Active Directory ?


DNS,
(. 6-2).

2
. 6-2.

DNS-

-jgg

, Microsoft

edu

gov

mil

,
(Defense Data Network, DDN)

net

,
(National Science Foundation, NSF)
, Center for Networked Information Discovery
and Retrieval (CNIDR)

org

contoso.com.
, ,
. ,
namerica.contoso.com,
: sales.namerica.contoso.com.

DNS Active Directory


DNS,
Active Directory, .
, Active Directory ,
DNS.
Active Directory DNS-. Active Directory
DNS- ,
(, contoso.com), ,

.
:
(LAN) ( ).
, ,
, ;
,
-. DNS.

;
: , , ,
DHCP DNS;
, DNS-.

DNS Active Directory, WINS DHCP


DNS-
.
, Active Directory
; DHCP
IP- ,

DNS

DNS .
WINS, DNS
NetBIOS- WINS-. Active Directory.

Active Directory
2. Active Directory ,
. Active Directory
DNS- (DNS Server), ,
.

Active Directory
(Domain Controller)
DNS-, ,
DNS-. , DNS-
Active Directory.
DNS,
DNS.
, DNS
Active Directory
DNS-. Active Di
rectory .
, DNS-,
.
, DNS DNS-, . ,
DNS- DNS,
DNS-
( ). DNS, Active Directory,
- Active Directory
.
Active Directory ( .
), (Access Control Lists, ACLs)
DNS, Active Directory. ,
ACL ,
, ,
.

.
DNS, Active Directory, ,
,
.
DNS- Active Directory,
.
DNS,
, ;
( ),
.

DNS-

-jg^

, DNS Active Directory


;
DNS DHCP.
DNS DHCP

PTR , ,
,
.
DHCP Windows Server 2003 DHCP-,
DHCP- DNS-,
. , DHCP
PTR DHCP-, DHCP- FQDN
DNS. Windows Server 2003
DHCP- :
PTR ;
DNS- PTR ;
DNS;
* DNS
;
DNS.
DHCP- Windows Server 2003 Windows 2000
:
DNS-, , DHCP-.
DHCP , DNS-
PTR .
DHCP
; DNS WINS.
WINS
DNS- NetBIOS, WINS. DNS
DNS, a WINS NetBIOS. DNS
NetBIOS (
DNS), Windows Server 2003
, WINS-:
a WINS;
WINS (WINS-R).
WINS
WINS DNS WINS
NetBIOS- -, DNS-.
, DNS-
.sales.contoso.com (. 6-4), .

192

DNS

1. DNS- IP- .
2. , DNS-
DNS-, DNS-,
sales.contoso.com.
3. DNS-
(. 6-4).
4. DNS-,
, WINS,
FQDN - ( , )
NetBIOS- WINS-.
5. WINS- , IP- DNS-.
6. DNS- WINS- IP-
DNS-, .
7. DNS- .
DNS-

DNS-

DNS-

DNS-


WINS

WINS-

. 6-4. WINS DNS


WINS
WINS-R ,
WINS. , -
IP-. WINS IP-,
, IP- WINS-, -;
DNS- IP-,
DNS. DNS-
NetBIOS- , DNS NetBIOS-
.


1 Windows Server 2003,

.

DNS-


UNIX,
DNS. DNS
DNS-. DNS-
, (zone transfer).
DNS- DNS-. DNS ,
.
, DNS- :
;
;
DNS- DNS- ;
.

, Active Directory
, Active
Directory, DNS. DNS
Active Directory, .
, Active Directory
, ,
3.
, Active Directory.
:
DNS-, Active Directory;
DNS- Active Directory ( );
Active Directory;
, .

, - Active Directory
.
, DNS-.
Active Directory, ,
Active Directory, :

(discretionary access control list,
DACL);
;
DNS.

DNS
,
DNS.
DNS- ,
. DNS Windows Server 2003

DNS

, .
DNS .
,
, ;
, . , ,
,
,
. ,
!


,
; . Windows Server 2003
http://www.microsoft.com/technet/ security/prodtech/windows/win2003.
DNS:
(footprinting)
, whois, nslookup axfr (
;
, ,
, );
(denial-of-service, DoS)
.
ping of death, ping
,
. DoS- DNS-
, .
(redirection) ,
DNS-, , .
DNS- DNS-,
, .
,
.
, DNS , ,
.
DNS
DNS.
DNS-
. DNS-
, DNS-.
, DNS DNS-.

DNS, , UDP TCP
53 DNS-.
DoS- DNS-,
IP-, DNS-, DNS-, -

DNS-

DNS-,
,
DNS- (cache pollution),
(Secure Cache Against
Pollution),
.
DNS-, , DACL
DNS-. DACL
DNS-,
.
DNS,
DNS-,
. ,
, IP ,
.
DNS- Windows Server 2003,
NTFS, FAT FAT32.
DNS , Active
Directory, .
, DNS-,
(
), .
, , ,
, (-
), .
, DNS,
.


, DNS DNS-
; ,
(WAN),
?
.
, , :
IP- (IPSec);
(VPN);
Active Directory
IPSec VPN.
,
, 3DES ( -). :
, ,
. , ,
, ,
. ,
.

196

BUS

, Active Directory,
. Active Directory ,
DNS- .

BIND UNIX
1,
Microsoft- DNS. , Active
Directory Windows Server 2003 DNS BIND.
DNS- BIND, DNS-, , ,
Microsoft- DNS,
: BIND DNS Windows NT. Windows 2003
DNS DNS-, :


.

BIND, Microsoft
DNS Windows Server 2003
DNS Windows Server 2003 DNS
BIND:
BIND 4.9.7;
BIND 8.1;
BIND 8.2;
BIND 9.1.0.
Windows Server 2003,
DNS.
Windows Server 2003
DNS-
DNS-, . BIND DNS, , , DNS
Active Directory. :
DNS- BIND 8.1.2 ;
, DNS BIND
SRV ( ). , _http._tcp.contoso.com IK
SRV 0 0 80 Web- webserver.contoso.com;
, DNS BIND
, RFC 2136; ,
. DNS
BIND SRV :
Active Directory.

BIND
DNS- Windows Server 2003
: ,
.
, .

DNS-

DNS- Windows Server 2003


,
, , BIND- 4.9.4. BIND-
WINS WINS-R,
(Do Not Replicate This
Record).

.
DNS
DNS
Northwind Traders. ,
.
.

Northwind Traders ,
.
Windows NT 4.0 (
). ,
,
, .
,
Active Directory Windows Server 2003.

, .

2000

1000

750

750

(. . .)

198

DNS

()

500

-
. -
, - -
, -
.

.
; ,
- -
VPN.

Active Directory

Active Directory

,
Active Directory

-,

Active Directory

Northwind Traders ,
. ; Active Directory (
) .

NWTraders


, .
, ,
Northwind Traders. .

DN5


, ,
. ,
.
.
1. 350 , Windows 98
Windows NT Workstation.
, DNS.
DNS
?
2.
, , DNS-
. ?
3. BIND Active Directory?

DNS
Active Directory. Active Directory,
DNS.

.
DNS DNS.
, DoS- DNS
DNS.

3. DNS
, DNS- , .
DNS
DNS-. ,
DNS-, DNS-
DNS.
, :

S DNS;
S DNS-.
15 .

DNS
, , ,
. . 6-5 . "
, , DNS- . .

200

DNS

. 6-5.

.
: Active Directory,
?
DNS- ? ( 4.)
DNS- UNIX BIND
DNS?
, DHCP
WINS?
DNS
Active Directory?


I
DNS. Active Directory
:
systemroot\System32\DNS DNS-. , marketing.contoso.com
marketing.contoso.com.dns. ,
dns;
Active Directory ( ; . ).
, Active Directory, . 2.


2 , DNS Active Directory, ,
. , Active
Directory, .

DNS

-
- (stub zone) , ,
DNS-, DNS.
DNS- DNS-
: ( NS)
-.
DNS-
-. ,
, -
.


,
IP-. .
, ,
.
, :
, Active Directory;
;
.
DNS-
DNS, ,
. Active
Directory , ,
.
, . ,
DNS- ,
. 4.
DNS-
, , :
, Active Directory. ,
DNS Active Directory;
, TCP/IP ;
,
;
; ,
DNS-.


, ,
. ,
.
.

202

DNS

1. Windows Server 2003,


UNIX, .
-.
,
- .
?
2. Windows Server 2003.
, .
DNS .
3. Active Directory sales.contoso.com.
.

:
systemroot\System32\DNS DNS-, ( ,
Active Directory), Active Directory.
Active Directory
,
.
, .

.

4.
DNS
, :
DNS, LAN WAN,
, DNS.
, DNS-,
.
, :

S DNS-.
- 25 .

DNS
DNS- ,
, . :

. , , DNS , (. 6-6).

DNS

203

,
.

. 6-6.


, DNS- , ,
.
DNS-? ,
.
? (
,
.)
DNS- DNS? DNS- ,
. DNS .
?
,
. , DNS , WAN-
. .
Active Directory, DNS-
?
.
DNS- Windows Server 2003 ..
DNS- ?
DNS.

204

DNS

DNS-
DNS-? ,
DNS ,
. DNS
, : , ,
Active Directory, .
DNS-
? ,
DNS , DNS-.
, DNS- , ,
, DNS-
. , ,
WAN- .
DNS-, .

DNS

Microsoft DNS.
DNS,
:
Intel Pentium III (733 );
256 ;
4 .
,
, Microsoft
DNS- .
DNS- , :
, DNS-;
, ;
, DNS-;
, DNS- .
DNS-, Microsoft, 9500 1300
75 %.
DNS :. DNS-. , AXFR (AXFR Request Sen
, DNS- ;
. , ::
,
.


\-- , (. 6-7). DNS- -,
. , DNS-, .

DSS

1
/
<

DNS

v"

128

-1

DNS

DNS-

DNS>^
contoso.com

"""

. 6-7.


, , : ,
, DNS-.
DNS-,
: DNS-
. 4
DNS .
, 100 .


DNS
. 1000
DNS- , , .

DNS-,
, DNS- ,
. . 6-8,
DNS- , .

DNS2

DNS1

^ 192.168.0.8

192.168.1.9

DNS:

DNS:

192.168.0.8
192.168.1.9

192.168.1.9
192.168.0.8

. 6-8.

DNS



. : DNS--;,
- WAN-,
.

, , WAN. , *
,
.
, }! DNS .\ on
DNS- . ^^ > i.,n
, , ii

. DNS
DNS
Northwind Traders. ,
.
.

. 2.


, .
1. DNS- ?
2. DNS,
. , ; ..
DNS?


, , ;:
. , ?,:-;;
. T;ia=^
1. DNS -: .
DNS-. ;,.-. \
. ?
2. DNS- _ .
- WAN- .; :
, -,. _
Web-, , .:.
WAN-?
3. DNS-?

2il/

, ,
,
DNS.
DNS-
,
.
DNS- .
, , DNS- ,
. : DNS-
.

DNS iviTS Consulting.


Inc , , -
, . Windows
Server 2003 Active Directory.
Windows 98 Windows 2000 Professional. MTS
DNS, Active Directory.
Windows XP Professional.


MTS

, ,
. ?..! MTS 300
. ,
( ;
( , , , )
( . .).
, Web- .

, MTS ,
.
-.


256-
Fractional Tl ISDN-,
128- Fractional Tl. ,

.

208

LAN 10/100 /. . 6-9


.

. 6-9.



, .

-
- , ,
. - , , .
DNS - .

, .
1. DNS?
2. , DNS- ;
. ,
?
, ?
3. :
. DNS-, , ,
, .
?

4. MTS .
, DNS UNIX- BIND
, DNS
DNS. ,
DNS Active Directory.
, ?

DNS ,

Active Directory.
DNS,
. DNS , , ,
, DNS-.
DNS-
.

; DNS Windows Server 2003 :
(IXFR), (AXFR) .
DNS
Active Directory. Active Directory, a
DNS.
DNS DNS.
, DoS- DNS
DNS.
:
systemroot\System32\DNS DNS-, ( ,
Active Directory), Active Directory.
Active Directory
,
.
, .

.
, ,
,
DNS.
DNS-
,
.
DNS- .
, , DNS- ,
. : DNS-
.

2i0

DNS

Ss!a 0

sc
, ,
, , .


DNS .,
, .
* DNS ,! . IU,I,HI,,I . ,<. ,,1
Active Directory. . r^yi ( , p , > ii Due. {.,,>,
DNS
* DNS -
; DoS- DNS .
DNS,,
* DNS- , D
, DHCP WII IS ;
.


- DNS, DNS-cepacpo..!
.
~ zone transfer DNS- 110
. Windows Server 2003 . .-,
(IFXR), (AXFR) .
- caching-only server DMS-, ' _
. . <,
,
.
Berkeley Internet Name Domain (BIND) -- DNS, D_
UNIX. Active Directory Microsoft ,'
$.1.2,


1.
1.
: IXFR, AXFR ( WindowServer 2003 ).
2. Active Directory
?
: ,
Active Directory.

11

-. ,
-'-! ?
1 .? , f> ^, ,
WAN- , ,
Fc.ni! 1 ,
.
? 5

cy.tM= "? , , ?
"? . Northwirtd Traders. ,
[*> '5'- , *)- . (, . ,
- . . 8.
r^nfJ^/hr^rjersJOOe!

NWtraders.local

/ .

Asia Pacific
.; *

NAeast

NAwest

NWtraders

. ?_
1

. 350 , Windows 98
Wmdovs T-.IT 'Workstation.
, DNS.

: DHCP- ,
DHCP-, DHCP- ()
DHCP-, -

?
, , DN8-
. ?
: , ... ,
' B'HD Active Directory?
; 8,2 .

#>
S^***-

67

-.

S^=^2S^5S?S^^^

>OuKfe&S>X?& u T a * i t ^ -^ . %
?

: UNIX-
-, . -
IP- -, - IP-.
, , ,
DNS- .
, ,
.
2. Windows Server 2003.
, .
DNS .
: DNS-, Active
Directory DNS - .
3. Active Directory sales.contoso.com.
.
: ; ,
Active Directory, Active Directory,
.

4.
1. DNS- ?
: DNS- Windows Server
2003 Windows 2000 Server, , Active Directory.
2. DNS,
. ,
DNS?
:
.

4.
1. DNS
DNS-.
. ?
: ,
, ,
, ,
DNS- .

DMS

3.
1. Windows Server 2003,
UNIX, .
-.
,
- .
?
: UNIX-
-, .
IP- -, - IP-.
, , ,
DNS- .
, ,
.
2. Windows Server 2003.
, .
DNS .
: DNS-, Active
Directory DNS TCP/IP -
.
3. Active Director)' sales.contoso.com.
.
: ; ,
Active Directory, Active Directory,
.

4.
1. DNS- ?
: DNS- Windows Server
2003 Windows 2000 Server, , Active Directory.
2. DNS,
. ,
DNS?
:
.

4.
1. DNS
DNS-.
. ?
: ,
, ,
, ,
DNS- .

213

2. DNS-
- WAN- ,
,
Web-.
WAN-?
: .
, WAN-.
3. DNS-?
: . -, DNS DNS-. -,
DNS-
, DNS
.


1. DNS?
:
, DNS-.
, DNS-.

.
2. , DNS-
. ,
?
, ?
:
,
, , DoS- .
(VPN) ,
, , Active
Directory, DNS-.
3.
. DNS-, , ,
, .
?
: -, - ,
DNS- .
Web-,
,
. , ,
,
.

DNS

MTS .
, DNS UNIX- BIND
, DNS
DNS. ,

DNS Active Directory.


, ?
: ,
BIND 8.1.2 , DNS Active Directory,
BIND
, SRV,
, Active Directory.

ABA


WINS

!,<?)1, W I N ?

2^f?

2, WINS

226

. > . WINS

^
7,'..^ - IT =!,1'^|'^ .
) .. WINS.
NetBIOS-:
WINS.
.

DNS, Windows (Windows Internet


Name System WINS) .
WINS

, , ,
, , , . . (. 2).
WINS.
, , ,
DNS (. 6) .
WINS .
WINS , WINS ( DNS-).

,
1.

2-fg

WiNS

1. WINS
WINS ,
- (NetBIOS). NetBIOS-
IP-. DNS, WINS
IP-.
WINS ,
WINS .
, :
/ WINS;
S NetBIOS-
Windows Server 2003;
/ , WINS
.
- 40 .

WINS
, WINS Windows
Server 2003, , ,
. , Windows
Windows 2000, WINS. , WINS Windows
2000, , WINS ,
, .
Windows Server 2003

WINS
. , IP-
. WINS ,
.
DNS,
,
. , ,
, WINS-
(. 3).
NetBIOS-
NetBIOS 80- Sytek IBM
IBM .
, 20 , NetBIOS.
Windows NetBIOS-
. NetBIOS- 16- ,
, TCP/IP. 15
NetBIOS- , , -

WINS

217

, .
, NetBIOS-,
. . 7-1 7-2
NetBIOS-,
Microsoft.
. 7-1.

NetBIOS- Microsoft

computer_name[00h ]

, WINS

computer_name[03h]

Messenger WINS

computer_name [20h]

Server WINS

username[03h]

, Messenger,
net send

. 7-2.

NetBIOS- Microsoft

domain_name[lCh]
MSBROWSE [01 h]

domain_name[lEh]

Payroll NetBIOS- HRDirector


(Run) \\hr_director\payroll
hr_director[20h]
(LAN), IP- - (. . 7-1).

. 7-1.

NetBIOS-

. 7-1, ,
, , NetBIOS-
hr_director[20h]. , hr_director,
IP-.
, NetBIOS-
. ,
, , -

WINS

,
WINS, Lmhosts (. ),
v ^ (, 8), ,
, (, . 7-3).
. 7-3.

NetBIOS-


NetBIOS- NetBIOS- IP-
()
NetBIOS- (WINS-)
NetBIOS-

NetBIOS-
( -), WINS-
( -), .
(mixed) ,
- -

4-'

(h-), - -.
, NetBIOS-
WINS-. ,
-

Windows Server 2003


-. WINS , h- .
, ,
ipconfig /all (. 7-2).
, (h-),
, WINS-. ^' /- !- '-^ DHCP (. 8).

-taxi
G i s D o c u n e n t s and S e t t i n g s > i p c o n f isr V a i l
I P Windows '--.-/".
'-. .'.';..-.-.:*-" - ; ..<'/'. ; 20

PHS- - . > - - L - d
design.ru
: . . -v. ._\..-. . * ; . . . . :

'..'. 1- . - -. . =
WIHS- - - - - - i .=
; DNS .--/ d
iGB - Ethernet - /;
DNS- - - s
/10
. . - - -= - - - - V . s Intel<R>
I
. ... . -:..:- .".._- -..- - -,V :
SO-O3-47-32^60-CF
DHCP . . . . . . . . . . . :
'
V IP- -=. i . . . . .." - -' . . s192.168.20.100
i
- :_. . - . . ;. i : 2
2551.255.255.0
... . . . . i; . . V : 1
192.168.20-1
DMS-..-.. . . . - .,,,. - - - - - .= 1
192.168.20.1
C:\Docunehts and S e t t i n g s ^ .
_ ;
-

, 7-2. Ipconfig / All


,
, . ,

WINS

219

, . 7-3, 1 2.
2 Computer 2-1, Computer 1-1
UNC- \\Computer2-1. ,
NetBIOS IP-, 1
, Computer 2-1.
, Computer 1-1
Computer 2-J .

,
1-1

2
. 7-3, NetBIOS-
NetBIOS-,
Lmhosts, %systemRoot%\System32\Drivers\Etc, NetBIOS-, .
NetBIOS- IP-, Lmhosts
Computer 2-1 IP-:
192.168.8.2

computer2-1 #PRE

192.168.8.3

computer2-2

WINS
NetBIOS- ,
.
, , LAN WINS-,
WINS- ( WINS-
, WINS). , .
7-4 LAN
WINS- NetBIOS- IP-.
WINS- IP-,
, !

220

WiNS

. 7-4. NetBIOS- WINS


, , WINS. ,
, :
;
NetBIOS- ;
NetBIOS-.
NetBIOS- .
NetBIOS-
, NetBIOS-:
;
Lmhosts;
WINS.
, ,
. Lmhosts
, , ,
, .
.
WINS ,
.
WINS.

WINS
WINS , , :
WINS-;
WINS-.
WINS-
WINS- NetBIOS-
IP-, . WINS-
NetBIOS- IP-.
WINS, IP-.
WINS- . 7-4.

. 7-4.

WINS

WINS-

WINS- NetBIOS-
IP- WINS-, .
WINS

WINS- NetBIOS-,
,

WINS- NetBIOS- (,
), WINS-

WINS- ,
WINS-

DNS, DNS-, WINS


,
. :
WINS-, , ,
, ;
WINS-, ,
, , WINS-
WINS-. WINS-
, WINS- WINS-
, WINS-
. Windows XP Windows 2000 12
WINS-.


, NetBIOS-,
,
NetBIOS- .
,
.
,
, WINS
IP-.
, WINS , ,
, .
NetBIOS- ,
IP-.

WINS-
NetBIOS- WINS-,
WINS- , ,

222

f/i^^3 7

!!*!0 0Tpw.TWbi WIMB

WII*-J5 ^ * M N

' - LFP- *!-. CROH

WINS-,
;
?;
WINS IP-^,. ^^^- N^RTor*-TH--,r^H'aM
WIN 3-^ '-* !. .'
. Windows Sery pr ? r,ri ^. ci-riin-iaa <-^ '- OaT.a.center
Hdition Enterprise .Edison,
Windows XP "Professional Home F^'o'on, *?4- ;
Windows Millennium.;
Windows 2000;
Windows NT Ser-'er:
Windows NT Workstation;
Windows 95. 9

^A/itifimvc .

P7 T T T I .

Microsoft LAN Manager:


MS-DOS;
OS/2;
Linux UNIX SAMBA.
<?6 , Linn - "- tJ^'H*' ^^ -*^ -;*"/. ^'7 W*"! IS

, . ^^^ WT?T^;_ &.* '/^


. /^ .^ WINS.,
WJNS- WINS- "
' ^ , ^1 ^
1 ?. WT1 <-^^. cry ^ ^
, - ,
NetBIOS " ^ "^VTTTCI - 1-1
* ^^- /rotv ^-^

W!MS
pa^o : j w c . '^^'' TietBTo^ . 11
; WIN>. ^ ?'> , "
WINS, NetBIOS -
. , WINS-,
. , WINS-,
WINS. WINS WINS-,
, NetBIOS- ,
WINS.

WiNS

223


. 7-5.

WINS

WINS ,
WINS, , . 7-5,
WINS NetBIOS-,
.
1. , WINS,
, WINS.
2. WINS NetBIOS-
IP- .
3. NetBIOS- , WINS IP-
, WINS.
4. NetBIOS- , WINS
WINS-, .
5. WINS- LAN, WINS
WINS- ,
, .
, WINS ,
WINS- WINS.

224

WINS


,
,
.
.
,
, .
,
. ,

.

WINS
WINS (Extensible
Storage Engine, ESE), , Active Directory,
Microsoft Exchange Windows. ESE
Joint Engine Technology (JET). , Microsoft SQL Server,
Oracle Sybase, ,
. , -
, ,
. ESE
.
, , WINS,
IP- WINS-,
. ,
, . :
;
.
, ?
,
,
.
(, WINS ).
,
WINS.

WINS
WINS JET .
. , .
J, ,
, J10.log.
, ,

WINS

225

, J100000F.log,
.
. ,

.
.
, ,
,
. , ,
. RAID

, , ,
.
.
. ,
.
Wins.mdb. WlNS-, : IP-

IP-.
Winstmp.mdb. , WINS-cep .
Res# .log. ,

. ,
WINS
, (Event Viewer).


, .

(. 3). , , ,
. ,
. Windows Server 2003 WINS:
, ,
, WINS-;
WINS- .
, 1
.


, ,
. ,
. .
1. 4 NetBIOS-.
2. , -
WINS, NetBIOS-.

! WINS

f.nssn 1

,' WTNS-, >" , .


,
.-: NCT.ETOI- 1 ! .
3, WTNS - _" - "
/.

W I N S ' - /:,-^ ,\ - ^ N.-tBTO*-* ^-^


-, N^-tB^O? ifMewa '-..^- .'- a ^-r ?

'/'^'- >:!5. ^ W^N."*

^^ -/'-- 3 : i . , \l'J'-'.Vc-'--r- 15 H 0 H T * T I 4 ' " f

???-fC:^^

f t'VEITf-('

? 9 . I F ' ^ ' /
S*

^^TD^LHSHn1? N e t B I O S
- W i n d o w s ,

HMS U ?- T 4r-t

''1!1

H ' - O ^ f 'TTMKI / > ' ^ ' '

' W ' n / i ' / ' y / ' c ? ^ . ^ ^ / ^ ^ - ^ . * u

^^-^ .- '' '~,> [ ' . ^ ^ -

' 11 ' ? 1 1 ^--^ ./.

TJ ' ^;![ WiriH-''

? '' ^.

r f

* -r. f ^f ? Q 0 " !

i f X ^. "'"*tJ" ^- f " : ' - f .

rrp i

^^ . /^. - * n-y^v-^^r 17/!


SB

. ' ^ . ^ ^ ' *,^-^7,1.* V/T7-] r ; . / ^."?. ^ ' ' ^ ' -!

,?1? ^ <-;

W I N S

- - ? WTN>

3? N e t B I O S

-.^,

^ <--<._

'/^-

net ^ ^ - . ^

1<-~- n_^[_rsi.' p - i i n u v W I T ! - .

^ ^ ?

Tl '.'.''

r p

; !'!if;"

WINS-? ?, '. ' ^- -/


WTNS, ..; WIN? 11;--^ " ^ .
TOD

?.,|^_1,

HDOK'.- rT

' 1.^'"' '

& . -.. L O l f l ' T ' W F T T ^

:;

'

^ / ' :- '. -[,"..[ ij^.j-.c-.T

?.(1'

J,- Tf [.r';U

2-
Vw I
, , ^^ i
WINS, :, ' ! ^/ ^-, RO -^ ?
, WTN"..
WINS, - -^--,
, ^^ WTMS ^'^ ^^-- *-
- 71 cep^epw -^ - Ynp^BTewi^^'^ winH'y-
2000 , N^tP.IO-^_HfT^H ^^- v/^ rav-Ke . '-,-"
- -
, '? ^ 1: =
,
, ? Windows, WINS . }]?. ? 1
. Acti'-'e. Directory ]-~
WIN5,

$!\#

227

, :
' lii'siiLiQUi'j&ji'LnLih
/. ya-'Ai^nu-' ii ii-

-.

Ly'/i- / V / l N l r .

: iik-uO..! wji'U i-'f -'/ W i N ^ T,;pBCpOB,

bDipaOOia i Gi'pa i Ci'niO W i i J*J ..'


ki MapiHp y"i li-c'i i.i'i,

n/idnu

il_C< i.'.Xv./i i .'.i-iiH IV.D i 2 G; DL.1 - 3 H a i t ^-^

o e i L o p i a m u a u i i n n a

J?io ,, TaK KaK \

p a 3 U e u j e r m c i 'i WlNCi -. i'J<." t'- J ;u i,


*

(;;> H3aj "p'-'B

cti't- (WA.H^ . - 1 "^ ^,


-;
inn lipoueccGpa - " /,
WINS;
WiN4J

,^vUliii;ilonjii.~ .. c-L ieHi L A N L A N '

' OOT&i-.i HaMi'llIt.

. "."'.,. OTCTf/cT HiaTL, K.dKHe


1! t W I N S - ( D i 4 ^

L/HCP);

OOiH.e^ sr-ji.u~HliC YCTiCD


'_'<.>3.uaim;i i ja.

l'uiaiia

- ^ ^ - V/lP-l^ ' -

' 'i<>iio'Ji'.;i jiio O e i i i ; a i r_ _. Cpaj't.-j iii*. [ ' ^ .


iGiJj/i'.* n a i J G ' j i i o c "^-. iiBHi.ie -.' : - | .

rjcl.iiiob-ilb'iejrt.^ '-

1 _, .- '

: WINS ,
CLLAX 'tCai-iajiainn ,.
, ^ juHpwKi>bv":ia'aiJiiv..i.'i, ]iw Imitosis WINS. ~
. ' <, :'.uniii.ii'i

W I N S CcpBepOB HOipoGye ,<;'


I

iLah, W1.NU ti'a paOu/'c ivic.^j - W A N - /

*fi

' KdKoi '-^.'

((.;. - )'.

NetBIOS-
,
NetBIOS-. ,
Lmhosts . ,
WINS .

WlNS-?
, , WINS-
10 000 . ,

4 1

|^$;&* ^^|> W M

, '
. i jalii-tiLil'i

/ Tpyi- W I N * ; ;

>I"J *-;- /l ii'i'L. -i- H I : V. ;. 1,: --tin'. W1H b-CcpBSpGBj


"*-

bi^ipciGu i i t C i p a i OiT'iiO WiiT ^ /


i'i ivjapjjj'p y' i oOi vi'i,

- 2-5

ilOCi'ic i t i h ( j"i). uidbLj _ 11 t.j DTI - i i t i i n a i ' i .


Jii'i a , i L Ha ' . J i u _* . TaK KaK '
p a Ji.'i CIJJ i"i [ 'J W l f j -. j jo iiiJM-i;ii j
i"

. i tapiiipy i'(i-3i4i o p o B

v /; eT ; i^rii'Li

L A N L A N

(WAH>, :
- ;
inn - ii ouf'rpODCi'iciDiic - 3 I H ,
WINS;
WI'N'J- ' '
*"' . 8.\> 10'~' OiiCTCi.ii;. ' SjiaTL

' 6 ' -

WINS- ( DN^ / L/HCP);

OOiii.CC n paSi/sCjJiCHIjC.
j\n;i

<'- ^ ]>. o n u t i i i yajjj.ii j DUA-/j|^iin;i W i H i~i ' -

Uiyio' ) Hio CeiTi ; a DUpaOuio I r. >. - . p a ; [''iol.iilO^-lliviCrl, "


tODi'yio- jrialiOojioO ^ i iv To pCaju'iSaiiiii'i. 1 a iO,

'1^. D , WINS ^ ,
- Kartajidi/ .

- -. ^--

IiiibcisTs WINS. -

jl.yjo-ijj.riC CiGi' IOI^^'T D <-o>uaiilii'i u nana..


VViNb i i o i p e O y e i /

_ wir-i^ ]'". WAN--?


s

11 it- '.'

i* & (, J>)/

NetBiOS-
,
NetBIOS-. ,
Lmhosts . ,
WINS .

WINS-?
, , WINS-
10 000 . ,

WINS

29

1 , , WINS,
NetBIOS- IP-
WINS-. . WINS-
, ,
, . WINS- Windows XP
NetBIOS-, .
Server, Replicator, Messenger, Computer Browser . . 7-6
WINS WINS- Windows XP.
JiJSl

0*1

*']

CrpaBta

a ni' rt

<8| WIN5

f j ) CCMPJTER1 [192.156 0 1]
{J&
:

- - ^

: ^^ 7 ^ 7
S-
%DOMAMI

; 1?
01 hj

121 20 :

j :5

[IBh] ..

192.168.20,21

COMPUTER1

[OOh]

192,168.20,21

COMPUTER1

[20h] -

192.168.20,21

.DOMAIN1

[OOh] Workgroup

192.168.20.21

DOMAIN1

[ICh]

192.168.20,21

, DOMAIN 1

[1 Eh]

192.168.20.21

I ... 1

fifiaasrau

192 168 0.1


192.168.0.1
192.168.0.1
192.168.0.1
192.168.0.1
192.168,0,1
192.168.0.1 2

. 7-6. WINS Windows XP


,
, .
WINS
. WINS- ,
,
, WAN- .
,
WINS-.
NetBIOS-.


WINS ,
.
, WINS-,
-
, ,
WINS. WINS-.
- , Lmhosts
, #PRE,
WINS-.

230

WINS



.
, IP-,
, , , .
? , -
. WINS-, ,
, , DNS- ?
.

, ,
. ,
,
, .
.

, WINS
.

^
LAN WINS- WINS , . LAN
, ,
.


, WINS NetBIOS- , WINS , ,
NetBIOS-. ,
.
, WINS-.
WINS.
WINS NetBIOS- WINS ,
WINS- .
. 7-7 , , ,
. WINS , ,
WINS-,
WINS-. ,
NetBIOS- , WINS-
. WAN-,
128-/ Frame Relay.

(^^,

J*id^Tii&

7-7.

^ WINS

231

11 WINS

,
NetBIOS- ,
. WINS NetBIOS- .
WINS- , , WINS NetBIOS-
, WINS-
WINS-.
NetBIOS-
. !
?
WINS-, WINS- ?


, ,
Bbi ,
. .
1. WINS-?
2. WINS- ^ ?
3. WINS- , ?

NetBIOS-
/ " (,
. .)
WINS- > <-,, vVINS- ,
WiNS- (, 3).
, WINS,
, , .
,

232

MUS

. WINS-
. WINS
WINS- .
WINS
,
.
WINS-
.

3.
WSNS
WINS WINS
WINS-, . ,

NetBIOS-. , WINS-
.
, :

S WINS;
S
(tombstone);
S .
25 .


WINS WINS-
, , , . .,
,
. - WINS-
,
, .

,
WINS-, 200 (. 7-8).
1 WINS- WS1.
Clientl-1 NetBIOS-, .
WINS- WS1 WINS-.
\clientl-l, Clientl-2 ?:
WINS-, 1-;
.
2 WINS- (WS2). Client2-1, :<
2, NetBIOS- WINS-

W1MS

233


Clientl-1
i i " IP- |

. 7-8.
. , , Clientl-1 Client2-1 NetBIOS. (. . 7-8) ,
NetBIOS-
Lmhosts WINS, , Lmhosts . Clientl-1
WS1, Client2-1,
2, 2
WS2.
WINS- NetBIOS- ,
() .
. WINS- :
(push) ;
(pull) ;
(push/pull) .



. , NetBIOS-
WINS-
.
:
WIN-;
IP- NetBIOS- IP-;
WINS.


WINS-,
.
:
WINS-;
.

234

WINS

WINS-,
, ,
(, ).

/
WINS- .
WINS , ,
.
,
, , ,
WAN-.
WINS- /
, NetBIOS-
, WINS- NetBIOS.


WINS , WINS-,
, .
WINS , .
WINS.
WINS-,
WINS- ( ) WINS-
, ,
(tombstoning)
WINS-. ,
, ,
. WINS,
, ,
WINS-.

WINS
DNS , WINS
, WINS- .
WINS-, DNS-,
, , WINS
, ,
NetBIOS- IP- .
DNS, WINS :
IPSec;
VPN.
WINS
. WINS-

W1U8

235

,
Active Directory
.

. WINS
WINS
Northwind Traders. ,
.
.

Northwind Traders WINS Active


Directory Windows Server 2003.
.
WINS, .


, .
WINS Northwind Traders,
. ?


, ,
. ,
. .
1. WINS . ,
WINS-?
2.
.
3. ,
. , WINS, , 25 WINS-
, .
? ,
WINS-?

236

WINS

WINS
WINS-, , NetBIOS .
WINS- ,
.
.
, WINS-
12 . . LAN WINS- 15 .
WINS ,
( ).

NetBIOS- Contoso Ltd.,


. - ().
Windows NT 4.0, 2000 Server Windows Server 2003
Windows 98, 2000 Professional ;
Linux.
NetBIOS-,
.
NetBIOS TCP/IP, NetBIOS-
,
.


Contoso
, -.

, Contoso
() - ().


1500 ,
-. D
Frame Relay 128 /,
WAN-. 10/100-
.

reaiumt' uitftttri


Contoso ,
.
, Windows 95.
Contoso
.

, .
1. WINS- ,
,
?
2. , Contoso .
?
NetBIOS-
.
3. , WINS, -
, WINS-.
NetBIOS-?
4. D .
WINS- ?

WINS , NetBIOS- .
NetBIOS- IP-. DNS, WINS

IP-.
NetBIOS- Windows
NT, Windows 95/98 . Windows Server 2003
NetBIOS-: ,
Lmhosts WINS.
WINS
, .
.
WINS WINS-, ,
NetBIOS- , WINS.
WINS- , -
WINS, WINS
, WINS- .
NetBIOS-
( ,
. .).
WINS-, WINS- ,
WINS- (. 3).

WiUS

, WINS,
, , .

. .
WINS
.
WINS
, .
,
WINS-.
Windows NT 4.0,
.
, .
WINS WINS
WINS-, .
NetBIOS- .
WINS- ,
.
.
, WINS-
12 . . LAN WINS-
15 .
WINS ,
( ).


, ,
, , .


NetBIOS-: ,
Lmhosts WINS. WINS ,
NetBIOS- . WINS
, .
, WINS,
WINS , NetBIOS-.
NetBIOS-
( ,
. .).
WINS ,
. ,
WINS, , ,
.
.

239

.
WINS
WINS WINS
WINS-, .
NetBIOS- . WINS-
,
. ,
WINS- . WINS
, (
).


WINS ~ WINS proxy WINS-, ,
NetBIOS- , WINS.
- Node types ,
NetBIOS-: , , .
~ Replication partners ,
WINS- ,
.
~ Tombstoned deletion
WINS. WINS- , ,
.

1.
1. 4 NetBIOS-.
a. - ( ).
b. - ( NetBIOS-, WINS-).
c. - ( NetBIOS-, -
-).
d. - ( - -).
2. , -
WINS, NetBIOS-.
WINS-, ,
. ,
NetBIOS-.
: Lmhosts
NetBIOS- IP- , .
WINS- WINS. WINS
NetBIOS- , WINS,

240

WINS

WINS- . WINS- IP- ,


.
3. WINS 5 .
.
:
a. WINS
WINS- .
b. ,
.
c. WINS- (Wins.mdb) : IP ,
IP-.
d. WINS (Winstmp.mdb)
.
e. (Res#.log) ,
.

2.
1. WINS-?
: , ,
, .
.
2. WINS- ^ ?
: ,
-, NetBIOS-
, WINS-. ,
NetBIOS- ,
.
WINS,
Lmhosts NetBIOS- IP-
. ,
.
3.

WINS- , ?
: WINS- WINS-
, , NetBIOS.

3.
1. WINS Northwind Traders,
. ?
: ,
. , WINS-
, .

.WINS-

WINS- 1
WINS 5

WINS- 10

WINS- 6

3.
1. WINS . ,
WINS-?
: ,
. ,
.
, , , .
2.
.
: WINS-; IP-
NetBIOS- IP- WINS.
3. ,
. , WINS, , 25 WINS-
, .
? ,
WINS-?
: ,
WINS-,
.
(tombstone), WINS-.


1. WINS- ,
,
?
: . , Contoso
8000 ( 4000 ). WINS-, -

WINS

(128 , 350 ,
IDE . .) 10 000 .
WINS-,
, ,
.
, Contoso .
?
NetBIOS-
.
: ,
.
Lmhosts, WINS- .
, WINS, -
, WINS-.
NetBIOS-?
: WINS,
NetBIOS- ,
WINS, WINS-, .
D .
WINS- ?
: , ,
,
, ,
, .

1. IP-

244

2.

255

3. DHCP

259

4. DHCP

263

:
TCP/IP- IP- ;
;
IP- DHCP;
.

IP-:
DHCP DNS;
DHCP .

-:
DHCP.


,
,
. IP- IP-
,
, .

244

IP-
.
IP- ,
DHCP,
.
IP-,

.


,
1.

1. IP-
IP- ,
IP-.
IP-
.
IP-, ,
IP- .
, :

S IP-;
S TCP/IP- , .
60 .


, : 2
(), 10 () 16 ().
. , 9876 9 * 3 + 8 * 102 + 7 *
10' + 6 * 10. , (10) 0, 1, 2, 3 . .
0 9,
10, .


,
: , , ,
. 2,
, 0; , .
, 0 1.
1000 0001. (
), 0 1, ,
. - 129. -

!-

245

8 ( , 8-
), ( ) 8 .
128

64

32

16

27

26

25

24

23

22

2'

128 + 1 = 129

( 1) 255:
128

64

32

16

2"

V
1

2
1

8
2
1

4
3

2
1

2'

128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255


, ,
.
, 16.
, 16, 16,
0.
,
10 (09).
10, = 11, = 12 . .
:
4096
16
1

256
16
3

16

16'

16

13
:
1 * 163 + 3 * 162 + 10 * 161 + 11 * 16 = ...
: , ,
, ,
, ,
, .
, ipconfig / a l l .
IP- Physical Address M A C
, 00-0B-DB-28-F3-9A.
,
.
(nibble). , , , 8. 9 1001 1010,
. , F3
1111 . - F3-9A (
), : 11110011-10011010.
, 0x11.

246

, , (Calcula
tor), Microsoft. (View)
(Scientific).
Bin, 1111 1001 1010
Hex.
,
, .
IP-.

!-
TCP/IP (Transmission Control Protocol/Internet Protocol) Windows
Server 2003 , ,
TCP/IP IP-.
IP- , ,
DHCP-, . ,
IP- .

iP-
IP- , . IP-
, .
(. . 8-1).
. 8-1.

IP-

1 126
IP-, . , 12.5.5.3
IP- , 12
5.5.3. 16

128191.
, . IP- 172.16.32.15
172.16 32.15.
65 000

192223.
, . ,
192.16.32.15 192.16.32
15. 254

224239,

240255, D,

: 127,
.
IP-
, (1-126), (128-191), (192-223) D (224-239;
).

IP-

247

iP-
IP- InterNIC (Internet
Network Information Center)*. ,
.
,
, 254 .
254? , 8
. , 8 , 0000 0000,
, , , .
, 8 , 11111111, (
) 255. .
, ,
. , 8- 28 2 = 256 2 =
254 , ,
.
, ,
. ,
, ,
. ,
, IP- .
IP-
NAT, 9. . 8-2 ,
InterNIC,
.
. 8-2.

IP-

10.0.0.1-10.255.255.254

, 126 ,
16

172.16.0.1-172.31.255.254

, 16
20
(. )

192.168.0.1-192.168.255.254

, 256
16

169.254.0.1-169.254.255.254

,
DHCP-.
Windows 98
IP-
(Automatic Private IP Addressing, APIPA),
3

, 169.254..:
, DHCP-,
DHCP- .
IP- , , . . .

248


(. 8-1).

. 8-1.
, . 8-1,
192.168.1.0 1254.
, , ,
, .
, IP- (192.168.8)
,
.


, IP- ,
,
.
IP- (. 8-3),
, .
. 8-3.

255.0.0.0
255.255.0.0
255.255.255.0

IP-.
, IP- 10.1.2.3 255.0.0.0 (
),
( AND) IP- :
AND

00001010.00000001.00000010.000 00011

10.1.2.3

11111111.00000000.00000000.00000000
00001010.00000000.00000000.000 00000

255.0.0.0
10.0.0.0 ( )

IP-

1 AND 1 = 1, .
1,
, , : ( 10).
, ,
, IP- (
) ( ,
IP-).
, . IP , .
, , .
, IP- 172.16.12.5
172.16.13.5, , , .
,
, 172.16.0.0, .


, ,
8 ( ) .
IP- ,
.
.

?
,
, .
?
?
,
,
. .
192.168.8.0, .
, IP- :
1100 0000.1010 1000. 0000 1000. 0000 0000

192.168.8.0

1111 1111.1111 1111.1111 1111.1000 0000

255.255.255.128 ( )

(
). ,
1 0. ,
128.
, 128,
192.168.8.0 192.168.8.128. 255.255.255.192,
64: 192
1100 0000, 64.
, 0, 64, 128 192 .
255.255.255.128 126 ,
7 .
2" 2, 27 2, .

250

192.168.8.0, 192.168.8.128.
1-126 192-254
(, ).
IP- , , 192.168.8.0/25
, 192.168.8.127 :
1
1100 0000.1010 1000.0000 1000.0[000 0000]

192.168.8.0/25

1100 0000.1010 1000.0000 1000;0[111 1111]

192.168.8.127/25

IP-, ,
.
2
1100 0000.1010 1000.0000 . 0000]

192.168.8.128/25

1100 0000.1010 1000.0000 1000.111 1111]

192.168.8.255/25

, 128 255
.

Windows 2003 ,
RFC 1812. 2,
.
,
(Classless Internet Domain
Routing, CIDR), /8 /16. , IP-
172.16.8.0/24. 24 ,
8 . , 255.255.255.0.

.
, .
192.168.1.0.
,
255.255.255.128
(. 8-2).
1 1 126,
2 129-254.
. ,
IP-, IP- ,
. ,
, . 3
, DHCP .

IP-

91

IP-; 192.168.1.5
: 255.255.255.128
: 192.168.1.1

IP-: 192.168.1.140
: 255.255.255.128
: 192.168.1.129

. 8-2. ,
. 8-4.


( CIDR)

1-2
3-4
5-8
9-16
17-32
33-64
65-128
129-256
257-512
513-1024
1 025-2 048
2 049-4 096
4 097-8 192
8 193-16 384
16 385-32 768
32 769-65 536
65 537-131072
131073-262 144
262 145-524 288
524 289-1048 576
1048 577-2 097 152
2 097 153-4 194 304

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

255.128.0.0/9
255.192.0.0/10
255.224.0.0/11
255.240.0.0/12
255.248.0.0/13
255.252.0.0/14
255.254,0.0/15
255.255.0.0/16
255.255.128.0/17
255.255.192.0/18
255.255.224.0/19
255.255.240.0/20
255.255.248.0/21
255.255.252.0/22
255.255.254.0/23
255.255.255.0/24
255.255.255.0/25
255.255.255.192/26
255.255.255.224/27
255.255.255.240/28
255.255.255.248/29
255.255.255.252/30

8 388 606
4 194 302
2 097 150
1 048 574
524 286
262 142
131070
65 534
32 766
16 382
8 190
4 094
2 046
1022
510
254
126
62
30
14
6
2

252

. 8-5.


( CIDR)

1-2
3-4
5-8
9-16
17-32
33-64
65-128
129-256
257-512
513-1 024
1 025-2 048
2 049-4 096
4 097-8 192
8 193-16 384

1
2
3
4
5
6
7
8
9
10
11
12
13
14

255.255.128.0/17
255.255.192.0/18
255.255.224.0/19
255.255.240.0/20
255.255.248.0/21
255.255.252.0/22
255.255.254.0/23
255.255.255.0/24
255.255.255.128/25
255.255.255.192/26
255.255.255.224./27
255.255.255.240/28
255.255.255.248/29
255.255.255.252/30

32 766
16 382
8 190
4 094
2 046
1022
510
254
126
62
30
14
6
2

. 8-6.


( CIDR)

1-2
3-4
5-8
9-16
17-32
33-64

1
2
3
4
5
6

255.255.255.128/25
255.255.255.192/26
255.255.255.224/27
255.255.255.240/28
255.255.255.248/29
255.255.255.252/30

126
62
30
14
6
2

-
, IP-
, .
, - ,
. ,
IP- , 192.16.9.131. ,
255.255.255.0.
,
255.255.255.192. ,
: 192.168.9.0, 192.168.9.64, 192.168.9.128, 192.168.9.192.
,
, ping
, 192.168.9.64, :

!-

941

Request Timeout. ,
,
192.168.9.131 192.168.9.66
192.168.9.0.
,
, , , .
IP- ,
,
.

. !-
IP-
Northwind Traders, ().
, .
.

Northwind Traders .
, ,
(. . ).

TCP/IP ,
,
IP- .
:

172.20.0.0/16;
200 .


, .
1. ?

254

2. .
a. /16.
b. /19.
c. /21.
d /24.
3. IP-?
a. 7.
b. 1204.
c. 2903.
d 4032.
4. IP-?
a. 1.
b. 2.
c. 2903.
d 4032.
5. ,
?
a. 254.
b. 1022.
c. 6398.
d 65 534.
6. .
IP-, .
a. 10.0.0.0/8
b. 230.120.0.0/16
c. 69.254.0.0/16
d 192.168.0.0/16


, ,
. ,
. .
1. . ?
IP- ?
2. 15 000 ,
.
IP-, IP-.
, 500600 , 350
. IP- .
3. Windows Server 2003.
, SQL Server,
. ipconfig,
:

IP Address: 192.168.8.142
Subnet Mask: 255.255.255.128
Default Gateway: 192.168.8.1

TCP/IP Windows Server 2003. IP-


TCP/IP, . ,
, IP-.
IP- , ,
.
IP-.
,
.
, , 255.0.0.0,
255.255.0.0 255.255.255.0 .
IP-.

.
.

2.
, , ,
. IP- Web-
, .
,
(Demilitarization Zone, DMZ),

, .
, :

S , ,
Microsoft ISA Server;
/ .
15 .


. 8-3 , , ,
. ,
, .

258

. 8-3.

, ,
, .
. 8-4 , .
,
.
.

. 8-4.

. ,
IP- , , UDP TCP,
(80 - ) . .
, :
;
SPI;
.
, ,
. ,
.
SPI (stateful packet inspection) . ,
,
(). ,
() TCP- SYN,
SPI . ,

SYN, .
, Microsoft Proxy Server,
, , -

25?

.
Web-. SPI,
,
URL.
(intrusion detection system, IDS)
,
,
. IDS:
. IDS
;
. IDS ,
, ,
.
,
, .
, .
- ,
IDS .
,
Web- ?
.
, ,
(. 8-5).

'
'
!

,^ *j-

"

' '-"~

| "'

~ , *%*^

&

. 8-5.
, Web-
,
, , , ISA Server.

258


,
,
, , ,
.

, , ,
. ., , ,
.


, ,
( , , IDS, ),
:
VPN- Microsoft ISA Server Dell
Windows 2000 Server;
CheckPoint Firewall
Solaris Server;
Microsoft ISA- Dell
Windows Server 2003.
,

.

, IP-
, ,
.
, ,
( , ).
:
;
;
(telnet, ssh, rdp);
;
;
IP-.
,
IP- ,
, .
,
.


, ,
. ,
. .

DHCP

1. Windows Server 2003.


Web- Web-
. Web- ,
.
- , .
Web-,
, ?
2.
?
3.
.
?

,
, .
Web- , .
, SPI
.
,
, ,
, , IDS.
,
IP- , ,
, .

3. DHCP
TCP/IP ,
,
.
, .

(DHCP). ? , ,
. , DHCP IP-.
DHCP
.
, :
S , IP- DHCP;
f IP- DHCP;
/ APIPA.
25 .

2Q

DHCP
DHCP Windows Server 2003. DHCP-
, DHCP,
DHCP- IP- TCP/IP, IP-
WINS, DNS, .

IP-
IP- DHCP- .
1. DHCP- DHCP. ,
, .
IP- (IP Lease Discover).
2. DHCP-, IP-,
DHCP- . -
, IP-, , IP- DHCP-
, IP-.
3. DHCP- DHCP-
DHCPDISCOVER -
-.
4. DHCP-, IP-, DHCP
DISCOVER, IP-,
DHCP- .
. 8-6, IP- ,
IP- (scope), IP-
DCHP-.
IP

DHCP-,

IP
ysry

IP

,,, | ,

IP

^^

DHCP-
IP
^
.
IP

X
-
f

DHCP-,

, _ ,
> )
*

(

DHCP-
. 8-6. IP- DHCP

DHCP
IP-, DHCP. DHCP- , ,
:
IP- DHCP-;
;

DHCP

281

.
;
DHCP, IP- DNS WINS- (.);
. DHCP-
IP- TCP/IP.

, , DHCP- IP-
192.168.1.0/24, 192.168.1.1
192.168.1.254. , ,
IP-, IP- .
IP-
DHCP ,
. DHCP- IP-,
IP- WINS- DNS ,
. , , DHCP
(. 8-7), DHCP- TCP/IP.
. 8-7.

003 Router

IP-

006 DNS Servers

IP- DNS-

015 DNS Domain Name

DNS

044 WINS/NBNS Servers

IP- WINS-

046 WINS/NBT Node


Type

DHCP-
( b- ( h-, - -)

047 NetBIOS Scope ID

NetBIOS (
). NetBIOS
NetBIOS- ,

DHCP-
7, IP-
, . , DHCP-
DHCP- (. 8-7).

%- h

SP

1
1

IP

DHCP-


. 8-7.

DHCP-

202

DHCP-
DHCP , DHCP, . :
DHCP;
DHCP-.
, DHCP-,
DHCP-, DHCP-
, .
WINS Proxy Agent, .
DHCP/BOOTP (RFC 1542), DHCP- .

IP-
, DHCP- DHCP- IP-
DHCP- DHCP-
?
DHCP- .
- DHCP-? , . DHCP ,
IP- 169.254.0.1-169.254.255.254.

DHCP
DHCP-
. IP-, DHCP .
DHCP- Windows Server 2003
DHCP, Active Directory,
DHCP Active Directory. DHCP-
DHCP- , .


, ,
. ,
. .
1. IP- DHCP-,
DHCP-?
2. DHCP DNS-cep DHCP-?
3. Windows Server 2003,
DHCP. ,
. ipconfig / a l l ,
, :
IP Address: 169.254.112.14
Subnet Mask: 255.255.0.0
Default Gateway:

DHCP

DHCP Windows Server 2003. DHCP-


, DHCP. DHCP IP TCP/IP, IP- WINS-, DNS-
, DHCP-.
IP-, DHCP-.
DHCP- , , .
DHCP- IP- ,
, DHCP/
(RFC 1542).
DHCP-.

4. DHCP
DHCP, ,
, DHCP.
DHCP-
.
, :

S
S
S
/

IP- DHCP;
DHCP DNS;
DHCP;
DHCP .
25 .

DHCP
DHCP ,
, .
DHCP- , RFC1542/ .
DHCP-?

, DHCP.
DHCP-.
, , WAN-, .
DHCP- :
;
;
.

264

DHCP-
DHCP-,
DHCP-
( Windows
NT Server, Windows 2000 Server Windows Server 2003) ,
. DHCP-
Windows Server 2003 , .
, ,
.


, DHCP-
. DHCP- ,
Microsoft.
:
500- Intel x86 Family Model 7 Stepping 3;
256 ;
100- Ethernet 802.3;
Windows Server 2003 Enterprise Edition;
5 000 ;
DHCP 2 ;
,
;
, DHCP- , DHCP-.
48 DHCP-
DHCP-. . 8-8.
. 8-8. DHCP- ,
48
DHCP-

68 412 059
20 039 592
20 039 253
57 559 426
57 470 934
484012
190 901
0

, DHCP-
. DHCP ,

DHCP

25

(2 ), 10 .
DHCP.
DHCP-,
DHCP- , WAN DHCP-
. DHCP- ,
. ,
. , DHCP , :
;
;
, .
DHCP-: 80/20
DHCP-,
, .
80% IP- DHCP-, , 20%
DHCP- . DHCP-,
80% IP-, DHCP- IP- DHCP.
DNS
Windows Server 2003
DNS- ( ). DHCP-
PTR DHCP-,
IP- .

DHCP-
Microsoft,
DHCP-. ,
IP- , ?
. 8-9.
. 8-9. DHCP-

DHCP , Windows


, ,

IP-,
IP-

, DHCP

. DHCP
DHCP
Northwind Traders --. ,
.
.

Northwind Traders --.


.
(. );
DHCP-.
..-


i."'

5"

4_^v_,-'''

A3
A3


, .
1. DHCP- ( )?
.
2. DHCP- (
)? .
3. DHCP ?
.
4. ,
.
?


, ,
. ,
. .

26"

1. DHCP (, ),
RFC-154- . DHCP-
, DHCP-,
DHCP- . DHCP- , IP- DHCP?
2. , DHCP-
?
3. ,
DHCP.

DHCP, , ,
, DHCP-,
, .
DHCP-,
DHCP- (
Windows NT Server, Windows 2000 Server Windows Server 2003)
, .
DHCP- PTR DHCP-
, IP- .
DHCP-,
, .
80% IP- DHCP-, ,
20% DHCP- .

IP- ,
.
15
: Windows XP Profes
sional Windows Server 2003.


Trey Research , -.
,
200
.

10 . 312


, - Trey Research
(. . ).
. - Web-
Microsoft Exchange 2003. ,
,
.

, ,

. ,
IP- 300 .

-,
,
3000 .

, .
1. IP- ?
?
2. , Web, ?
3. ?


TCP/IP Windows Server 2003. IP-
TCP/IP, . ,
, IP-.
IP- , ,
, .
IP-.
,
.

2;

, , 255.0.0.0,
255.255.0.0 255.255.255.0, .
IP-.

.
.
,
, .
Web- , .
, SPI
.
,
, ,
, , IDS.
.
,
IP- , ,
, .
DHCP Windows Server 2003. DHCP-
, DHCP. DHCP IP TCP/IP, IP- WINS-, DNS-
, DHCP-.
IP-, DHCP-.
DHCP- , , .
DHCP- IP- ,
, DHCP/
(RFC 1542).
DHCP-.
DHCP, , ,
, DHCP-,
, .
DHCP-,
DHCP- (
Windows NT Server, Windows 2000 Server Windows Server 2003)
, .
DHCP- PTR DHCP-, IP- .
DHCP-,
, .
80% IP- DHCP-, ,
20% DHCP- . DHCP-,
80% IP-, DHCP- IP-
DHCP-.

270


, ,
, , .

TCP/IP Windows Server 2003. IP-


TCP/IP, . ,
, IP-.
,
, .
Web- , .
, , IP .
* DHCP IP- TCP/IP, IP- WINSDNS- , DHCP-.
IP-, DHCP-.
DHCP- , , .
DHCP-,
DHCP- (
Windows NT Server, Windows 2000 Server Windows Server 2003)
, . DHCP-
PTR DHCP-,
IP- .


~ Subnetting IP-
.
~ Perimeter network , ,
;
(Intrusion Detection Systems, IDS).
DHCP- ~ DHCP Relay Agent ,
DHCP/BOOTP DHCP,
. RFC-1542- ,
DHCP-.
80/20 ~ 80/20 Rule , IP DHCP-
80 : 20%.

271


1.
1. ?
: : 5 (6 + WAN); : 7 (9 + WAN + );
: 1 (2 + WAN); D: 4 (5 + WAN).
2. .
a. /16.
b. /19.
c. /21.
d. /24.
: d.
3. IP-?
a. 7.
b. 1204.
c. 2903.
d. 4032.
: (2903 , :
808; 1311; 129; D 655).
4. IP-?
a. 1.
b. 2.
c. 2903.
d 4032.
: .
5. ,
?
a. 254.
b. 1022.
c. 6398.
d. 65 534.
: .
6. .
IP-, .
a. 10.0.0.0/8
b. 230.120.0.0/16
c. 69.254.0.0/16
d. 192.168.0.0/16
: a n d .

272

1.
1. . ?
IP- ?
: (1-126), (128-191), (192-223), D (224-239) (240-255).
IP-: 10.0.0.1-10.255.255.254, 172.16.0.1-172.31.255.254 192.168.0.1192.168.255.254.
2. 15 000 ,
.
IP-, IP-.
, 500600 , 350
. IP-
.
: ,
. 254 ,
, 126, 62, 30 . .
65 000 , .
, 500600 ,
255.255.0.0. 600 8
(28 = 256), , 8
250 .
.
10.0.0.0 255.255.192.0, 1024 16 000
.

. , 255.255.240.0 4000
4000 , 255.255.248.0 8000
2000 .
3. Windows Server 2003.
, SQL Server,
. ipconfig,
:
IP Address: 192.168.8.142
Subnet Mask: 255,255.255.128
Default Gateway: 192.168.8.1
?
: (
). , ,
.
128.
1 ( ) 126 (127 ,
). 192.168.8.128
129 254. , IP-
. , IP-,
, . ,
TCP/IP ,
192.168.8.1, , IP-.

273

2.
1. Windows Server 2003.
Web- Web-
. Web- ,
.
- , .
Web-,
, ?
: Web-
.
2.
?
: IDS . ISA
Server IDS ( ).
3.
.
?
: , (
, IDS). (,
SPI . .), , , ,
. .

3.
1. IP- DHCP-,
DHCP-?
: . DHCP-
, DCHP- , ,
DHCP- .
2. DHCP DNS-cep DHCP-?
: 003 Router 006 DNS Servers IP-
DNS-.
3. Windows Server 2003,
DHCP. ,
. ipconfig / a l l ,
, :
IP Address: 169.254.112.14
Subnet Mask: 255.255.0.0
Default Gateway:
.
: DHCP, IP- 169.254..
, DHCP IP APIPA.

74

4.
1. DHCP- ( )?
.
: , DHCP
10 000 .
2. DHCP- (
)? .
: ,
DHCP.
3. DHCP ?
.
: , ,
4. ,
.
?
: -
- . -
DHCP-, .
DHCP-, ,
80/20.
.

4.
1. DHCP (, ),
RFC-154- . DHCP-
, DHCP-,
DHCP- . DHCP-
, IP- DHCP?
: . RFC-1542-
( ), , DHCP-.
2. , DHCP-
?
: DHCP-
DHCP- RFC-1542- .
,
.
3. ,
DHCP.
: ,
.

275


1. IP- ?
?
: IP-
. 1100 ,
, 300 . ,
300 .
10.0.0.0/16, 256 , 65 000 ,
10.0.0.0/24 65 536 254 .
172.16.0.1/24 256 254
, .
2. , Web, ?
: Web-
.
3. ?
: ,
.
, .
IDS .

1 .

277

2.

280

3.

284

4. NAT

288


8, IP-,
IP-. IP-
,
.
IP- .
IP-
IP-, . ,
(Network Address Translation, NAT),
NAT.


, 1.

277

1.

,
RAID, .

, , .
, :

S , ;
S .
20 .


,
, . ,
, ,

.
, , -
DNS-,
? ,
?
, ,
, .
,
.
.
.
?
, . ,
,
?
?
? (, )? ,
, ,
, .
-
,
.
?
. ,
?
, , -

-.
. , ,
.
? , . ,
, ,
. -
, Web- ,
.
.
? ,
VPN,
.
, ?
,
( , ,
. .). , - .

.
?
, ( VPN,
10),
? VPN-
. ISP?
Frame Relay,
? . ,
, !



.
.
(VPN) ,
, VPN ,
.
ISP ,
. ISP , -,
. ,
, ISP.
VPN
.
ISP ?
ISP - (
, 99% )? ?
?
ISP - ,
? VPN
, IPSec- L2TP .

ISP
?
?
? ,
(1),
. ,
? ,
.
, , .
:
, .
:
, 56 /;
(Integrated Services Digital Network, ISDN)
64 / 2,048 /.
:
(Digital Subscriber Line, DSL),
, .
, 144 / 1,544 / ;
T-carrier, ,
64 /. -1 24
64 /, 1,544 /. -2
6,312 /, -3 44,736 /, -4 274,176 /.
-1 (fractional -1), 64 /;
E-carrier, ,
64 /. fractional E-1 -1,
2,048 /. -2 8,448 /.
:
.25,
. 9600 / 1,544 / ;
(Frame Relay) 56 /
1,544 /;
(Asynchronous Transfer Mode, ATM),
25622 /;
(VPN),
.
ISP , ,
.


, ,
. ,
. .
1. ,
. ,
, -

280

. DSL NAT.
, ,
.
?
2. , , 95%
. , ,
(Network Access Server, NAS), NAT-,
Windows Server 2003 Standard Edition 32
Windows XP Professional.
NAT DSL. ,
.
3. ,
ISP . VPN.
ISP?

, ,
, ,
. ISP
.

. ,
.
.
,
?
,
,
. , ,
?
ISP VPN ,
,
. ,
- ,
,
.
.

2.

. , 1965 .
, 20
. ,
. -,


.
.
, :

S ;
S
.
20 .


, ,
. ,
,
. ,
.


,
.
. , ,
, .
.
Web-,
Web.
Outlook 1325 .
100 ,
, 2 ,
500 000 .
-1, 30% .
, ,
.
Ethernet. 10 /, ,
10 . , - Ethernet
40% .
6 /.
,
.
( ),

.
? ,
, '
.

282

Tnasa 9

DHCP- DNS-? ,
.
Web-
?
, ,
. ,
,
.
(
Voice over IP, VoIP)? VoIP
,
,
.
,
.
, .


(Virtual Private Networks, VPN)
10, VPN .
,
. , VPN
,
.
, .
.
VPN?
VPN VoIP, Web-
? , ?
, ,
, ISP ,
. ,
. ,
, ISP ,
, ,
.


: ,
-1 -3, , ,
. ,
,
.
.
,
. , Web-

Active Directory VPN,


. , .
. ?
, ? ,
,
.
WAN. WAN
WAN- ,
Web- ( , ,
).
, HTTP Telnet,
, SMTP FTP.


, ,
. ,
. .
1. . 100
.
56- ,
,
Web-. ?
2. .
.
, -
VoIP.
?
3.
? .

, ,
, ISP ,
. 1SP ,
, ,
.
,
,
, .
VPN
, , VPN
, VoIP Web-,
.
, ,
- . ,
.

3.

.
. (Network
Address Translation, NAT) ,
. NAT
.
, :
S NAT;
S NAT.
20 .

NAT
NAT ,
, . , IP-,
. 9-1, ,
.
. 9-1. ,

IP-

10.0.0.0/8

10.0.0.1-10.255.255.254

172.16.0.0/12

172.16.0.1-172.16.31.254

192.168.0.0/16

192.168.0.1-192.168.255.254

IP-,
.
Windows Server 2003, .
(Routing and Remote Access, RRAS)
(Internet Connection Sharing, ICF), NAT. ICF
,
NAT RRAS (. . 9-1).
NAT IP- TCP/UDP
IP- .
IP-, Internet Network Informa
tion Center (InterNIC) ISP, ,
NAT. NAT
. 4
IP- ,
.
. 9-2 Windows
Server 2003.

" m\$

_ \
\
d it) COMPUTER! ()
_&|_
jL (Oj

;--]|[

/ &
1 ^^.
^

^^*

^ 2 -

B - j f l . IP-
j | [
jg^
j g ^ -

+ *Q ,<
[+. +^-

1L
. 9-1. NAT

. 9-2.

NAT

(TCP UDP)


IP-

IP-,
InterNIC

IP-, .
Web-, IP- DNS-,

, .
DNS-, 53

.

, ,

. 9-2 NAT . NAT


IP- IP- 66.x. 130.77, .
.

286

1. IP- .
2. IP , IP-
( , ), IP-
(192.168.8.2), (TCP UDP), .
3. IP- ,
, NAT.
4. NAT IP- () IP 66.x.130.77, TCP UDP,
.
5. NAT,
IP-
IP- IP- ,
.

. 9-2. NAT

IP-
NAT IP-
, InterNIC. - IP-
, ,
, IP-.
IP 4 (IPv4), NAT
IP-.
IP 6 (IPv6), IPng (Internet Protocol Next
Generation), , 4
( IPv4) ( ,
1036). IPv6 IPv4. ,
IPv6 :
1AB1:0:0:ABCD:DCBA:12 34:5678:9ABC
,
NAT IP-. Windows
Server 2003 IPv6,
(Install).
(Protocol), (Add)
Microsoft TCP/IP 6 (Microsoft TCP/IP version 6).

NAT
NAT , NAT
, IP- . -

, , 9-2,
192.168.0.0/24. ,
IP- , IP- NAT,

. ,
, ,
.

NAT
NAT, RRAS, IP
:
Simple Network Management Protocol (SNMP);
Lightweight Directory Access Protocol (LDAP);
Component Object Model (COM);
Distributed Component Object Model (DCOM);
a Kerberos 5;
Remote Procedure Call (RFC).
Active Directory Kerberos v5,
NAT.
, NAT, -.


Windows 2000, NAT Windows Server 2003 VPN-
, L2TP IPSec. , , FTP-,
Port, IP-
, NAT. NAT Windows Server 2003
:
FTP;
ICMP;
a Point-to-Point ( );
Direct Play ( );
ILS (Internet Locator Service), LDAP.

MAT Traversal
IP- ,
NAT, ,
, . NAT
Traversal ( NAT)
NAT . NAT,

.


, ,
. ,
. .

288

1. , , ,
DSL-, .
, NAT?
2. IP NAT.
IP-.
NAT, ?
3. NAT ,
, , ,
NetWare 4.11, .
?

(NAT) ,
. NAT ,
IP- IP-,
.
NAT IP- InterNIC.
NAT
, ,
.
NAT Traversal
NAT,
.

4. NAT
NAT,
, NAT.
NAT.
, :

S NAT;
S NAT;
S NAT
25 .


NAT
:
NAT ;
, NAT;

NAT

, IP-;
NAT IP- DNS
( DHCP- DNS);

;
;

;
NAT, .
NAT
. NAT ,
,
. , L2TP/IPSec
NAT, , IPSec, IPSec NATTraversal (IPSec NAT-T), IPSec NAT.
, NAT , IP-,
IP-, NAT .
IP- IP-
DHCP- IP-
DHCP- NAT (. 9-3).

i
ir-fllsea &&

~'~-

f.>. - , : > ; - .

. 9-3.

'.,. - .-;

...1W.
psr ffi

iPsV!--

v- ,,,

$1&*:

NAT DHCP


DNS, NAT: NAT
DNS-
(. 9-4).

CBowcfBar[SftT/npocToH%i^^iajf^^^:
\

5* appstp? ft

&^ *? . ^^

OK

. 9-4. NAT DNS

NAT
NAT , WINS DHCP. NAT
:
;
;
.


NAT :
IP- ,
IP- () .


NAT ,
.
, ,
.



NAT. NAT ,
NAT
(Routing and Remote Access). . 9-5 LAN-,
.

NAT

-,

. 9-5. NAT

NAT
NAT, , ,
. 3, NAT
-,
.



IP- , .
, .


,
. ,
IP-. ,
, .


Web-,
. ,
IP- IP-
, .
IP-
IP- . -

. ,
Web-, . . 9-6
(Services And Ports),
(Properties) ,
. Web- IP-, ,
IP- DNS-, IP-
.
;
^ * j

&*&! | jttoP j

-** i la Sbffrjpa & &^^ &


(5?3f iMfljB

FTF-
Internet Mail Access Protocol, 3 (1)

Internet Mail Access Protocol, 4IIMAP4)

(SMTP)
IP- !1KE)
Q IP [ IKE NAT1
Posf-Ofhce Protocol 3 []

~1 IHTTPS]
Telnet -

. 9-6.

$&&$*

IP-,
ISP. , IP-
IP-. 2,
; 2, 4, 8, 16 . .,
, IP- . , 8 IP, 192.168.1.32-192.168.1.39, 192.168.1.32
255.255.255.248. Add ()
(Address Pool), . 9-7, IP, ISP.
; NAT

IP-, .

1 4

MAT

JJJSJ
!*(-.{*-<

r.i)4!S!!iMi|Cfi.lKf/s.'...rP!,!! \

3 * w fft aupeeis s-a3H5tae-;C4jT3CT3uH->>-i-^t:4" ^,

|;. j

,;:

<?!'*

tJTCfti?

^^'^

. 9-7. NAT IP-


8, ,
, . ,
, ,
Web-, .
, , .
, ,
, .

. NAT
NAT .
, .
.

Northwind Traders ,
.
Windows NT 4.0 (
). ,
,
, .
,
Active Directory Windows Server 2003.



, .

2000

1000

750

750

500


1. IP . NAT. NAT ?
2. Windows Server 2003,
Exchange Server 2000,
Outlook 2003. Outlook 2003
Exchange RPC.
. NAT ?
?


, ,
. ,
. .

1. ,
.
, ,
. NAT
. NAT ? .
2.
, ,
IP-, ISP. , NAT
. NAT,
IP- 25 ?
3. ,
Web- .
IP- .
?

NAT, , NAT
. , NAT
.
,
. , NAT,
.
NAT ,
.
NAT
. ,
.


Contoso, Ltd., , 300
, (
). .
,
.
-
, .
Windows XP Professional
Windows Server 2003, Windows
Professional, .

10 ,
20 Windows
Professional Windows Server 2003. ,

.

296


, ,
.
DSL, Windows Server 2003.
)' DSL
.

1.
, .
. ? ?
2. Active Directory,
Windows Server 2003. dcpromo
, Windows Server 2003,
, . ?
3. Windows Server 2003 NAT,
IP-
10.1.1.112. ?


, , ,
.
ISP , .

, .
, .
.
,
?
VPN ,
, ,
-
. , ISP -
, ,

.
.
,
,
, .
VPN
, , VPN , VoIP Web-, ::
.

297

, ,
- . ,
.
(NAT) ,
. NAT ,
IP- IP-,
.
NAT IP- InterNIC.
NAT
, ,
.
NAT Traversal
NAT,
.
NAT, , NAT
. , NAT
.
,
. , NAT,
.
NAT .
NAT
. ,
.

j j
, ,
, , .


, .
, , , ,

.
,
,
.
VPN ,
, ,
ISP -
. , ISP -
-

.
,
, ,
, ISP ,
. ISP ,
, ,

VPN
, , VPN
, VoIP Web-,
.
NAT . ,
(10.0.0.0/8, 172.16.0.0/12 192.168.0.0/16),
,
IP-.
NAT ,
.
NAT, , NAT
.
NAT
, .


~ Intrusion detection system (IDS)
,
.
~ Virtual private network (VPN) ,
. ,
, .
() ~ Bandwidth ,
, /.
~ Network Address Translation (NAT) ,
IP-
.
NAT Traversal ,
NAT.
/ ~ Inbound/Outbound Filters ,
NAT,
.
~ Special Port
.
Voice over IP (VoIP) ,
, .

9'

;
1,
1. ,
. ,
,
. DSL NAT.
, ,
.
?
:
, , ,
.
- .
2. , , 95%
. , ,
(Network Access Server, NAS), NAT-,
Windows Server 2003 Standard Edition 32
Windows XP Professional.
NAT DSL. ,
.
:
. , , NAS
.
3. ,
ISP . VPN.
ISP?
: , ISP -
, . ,
ISP .

2.
1. . 100
.
56- ,
,
Web-. ?
: Web,
, .
2. .
.
,

2QQ

- VoIP.
?
: VoIP
.
,
.
3.
? .
: . ,
. , .
, ,
, ,
.

3.
1. , , ,
DSL-, .
, NAT?
: -, , NAT ,
. -, NAT ,
:
, DSL.
2. IP NAT.
IP-.
NAT, ?
: IP-
, , , .
NAT. NAT
IP- NAT, IP-
IP- ,
.
3. NAT ,
, , ,
NetWare 4.11, .
?
: NAT ,
TCP/IP. NetWare,
, IPX/SPX, TCP/IP.
TCP/IP.

4.
1. IP . NAT. NAT ?
:
IP- .



.
, ,
, . ,
Web-,
.
2. Windows Server 2003,
Exchange Server 2000,
Outlook 2003. Outlook 2003
Exchange RPC.
. NAT
? ?
: . NAT ,
NAT RPC, SNMP, LDAP, COM, DCOM Kerberos v5.
Exchange 2003 RPC, RPC
NAT.

4.
1. ,
.
, ,
. NAT ? .
: , ,
IPSec, IPSec NAT-Traversal (IPSec NAT-T), IPSec
NAT.
2.
, ,
IP-, ISP. , NAT
. NAT,
IP- 25 ?
: NAT
, IP-
, IP- .
IP- NAT
.
IP-, NAT DHCP-. DHCP-
IP-
.
3. ,
Web- .
IP- .
?
: Web-
, , -, IP-,
. IP- IP, . -, ,
IP- IP- .

10

1.

304

2.

316

3.

321


-
:
;
;
;
;
;
;
;
, ,
.

:
;
;
.



, ,
. -

304

10

, ,
, .
,
,
.
.

,
.
,
.

,
1.

1.

, ,
. ,
,
.
, :

S ;
/ ;
S .
50 .



, ,
.
Windows Server 2003
(virtual private network, VPN).
,
.




, ,
:

(Network Access Client);


(Network Access Server, NAS).


Microsoft Windows
95, 98, 2000, , , (Pointto-Point Protocol), Linux, Macintosh NetWare.

. :
, ;
VPN-;
.


. ,
,
. ,
.
, :
;
,
;

;

.
, :
* ,
, ;

;

, ,
,
, .
:
(Public Switched Telephone
Network, PSTN).
.
;
(Integrated Services Digital Network, ISDN). ISDN
PSTN ,
. BRI- ISDN , D. -
, BRI-

306

10

ISDN , 64 /;
, 128 /. D-
16
/.
PRI- ISDN,
. PRI 23 64- - 64-
D-. ISDN ISDN- (. . 10-1).

. 10-1. ISDN
,

,
. ,
.
.
, .
(Ports)
(Routing and Remote Access).

Active Directory (. 10-1).
. 10-1.


(VPN ) [Remote Access
Permission (Dial-in or VPN)]

(Verify Caller ID)



(. 3)
,
.
,


(Callback Options)

,

IP ,

IP- (Assign a Static Internet Protocol


(IP) Address)

- , (Apply Static Routes)


RRAS

VPN-

VPN- ,
, IPSec- (. )
.

2,4
5,0 802.11
(. . 10-2). (IR),
,
. Bluetooth

, (Personal Digital Assistants, PDA).
Windows XP SP 1 .
. 10-2.

() / (/)

802.11
802.11b
802.11
802. llg

2,4/2
2,4/11
5/54
2,4 / 22


:

, .
(. 2);
, (Access Point, ) ,
. LAN,

.

.
, (
). ,
:
;
, 2,42,5 ;
;
> , , .
:
;
;
;
.

10

?

, .
,
, .
45 .
,
.
.
,
.
.
, ,
.


:
,
;

, .
, RADIUS,
RADIUS-,
IAS (. 3).
, ,
, .
. 10-2 , NAS,
. Windows Server 2003 NAS
(RRAS).

^"',

. 10-2. NAS , VPN


g0g


(NAS) ,
. RRAS Windows Server 2003
, ,
VPN-.
,
,
. IAS-
(Microsoft- RADIUS, RADIUS 3).
:

.
. ,
,
. , ,
,
;
, .

. , ,
, ,
. ,
.
,
, .
.
, .
, , , .
(
) ;
, ,
SLIP. SLIP IP, ,
, ,
;
.
:
. ,
:
( );
;
;

;
RADIUS ,

. RADIUS ,
.

10


,
.
. . 10-3
,
.
. 10-3.

Challenge Handshake Authentication


Protocol (CHAP)
Password Authentication Protocol
(PAP)
Shiva Password Authentication
Protocol (SPAP)
Microsoft Challenge Handshake
Authentication Protocol (MS-CHAP)

,
-
,

, ,

Microsoft Challenge Handshake Authenti


cation Protocol version 2 (MS-CHAP v2)
Extensible Authentication Protocol Trans
port Layer Security (EAP-TLS)

Protected Extensible Authentication


Protocol (PEAP)
MD-5 Challenge

Microsoft,
CHAP
,
Windows 2000


, -,

802.1,
,

-
,

Extensible Authentication Protocol (EAP) ,


.
, :
;
;
;
.
,
,
! -
, Windows Server
2003. Windows XP Windows Server 2003
-, 2810,
; .

311


,
(
), ,
.
, ,
, ,
, , , ,
, ,
.
, .


NAS-
. NAS ,
.

VPN

, VPN.
VPN
.
VPN.
. VPN- ,
,
, , , ,
.
.
, 3-DES, ,
VPN-.
VPN-.
, .
,
. VPN ,
,
.

VPN
VPN ,
.
,
. ,
, .

312

10


VPN- (. 10-3).

VPN-

. 10-3. VPN

Windows Server 2003 Standard Edition 1000
L2TP. VPN-
.
1. VPN- NAS (), VPN, RRAS.
2. VPN- ,
.
3. VPN- VPN-
( ).
,

.
VPN.
. VPN- ,
.
. VPN
,
.
IP-. , ,
, VPN IP-
.

VPN
VPN- , VPN-
VPN-, .
VPN :
. ,
, ;
.
: L2TR , -

g-j

(Microsoft Point-to-Point Encryption). L2TP/IPSec



. L2TP
Windows XP Windows Server 2003;
VPN ,
;
, ;
VPN-
VPN- ;
IP- . VPN-
IP- DHCP,
DNS WINS-.

VPN
VPN-
. , VPN-
,
VPN.
VPN-,
:
;
.
VPN-
, , VPN. VPN- ,
, VPN-
, VPN-.
,
VPN-, . ,
,
, VPN.


VPN
.
, ,
.


,
, -
?.
, , .
, .

314

10


, ?
?
?
,
?
?

VPN-?
,
?
,
. ,
10 .
, 150
.
.
NAS, .

,
NAS-. ,
, 256 ,
56- .
, 30-
.
:
30 / 256 = 7680 /.
, NAS 70%
10- Ethernet, .
,
. ,
, ISP
, ,
, , .

.

. ,
,
, - ,
, IDS, .
,
.

.


Northwind Traders. ,
.
.

Northwind Traders WEP


- .

, , -.
:

; , ,
;

.


, .
1. Northwind Traders
? ?
2.
Northwind Traders? ?
3. ,
. .


, ,
. ,
. .
1. .
2. - ,
. ,
,
. ,
, ,
. ,
?
3.
, ,
-.
, .
?

3"f

10


.
, ,

.
VPN- ,
TCP/IP, L2TP.

2,45
802.1. , (IR) ,
,
.
-
;
.

2.


. ,
,
, , . .

,
.
, :

S
;
/
.
- 20 .




,
. ,

, .

VPN-
, ,
NAS .
.
. 100 /
,
100 /
.
, IPSec (IPSec
hardware offload),
.
.
, .
.
. , .
1000 , 512
. 1000
128 , 128
. ,
NAS- 256 ,
2000 VPN- 768 :
256 + (128 2) + (128 2)
,
;
, .


.
.
? ?
?
. 56- 1,
?
. ,
?
, ?
. ,
?
, . ,
? ,

, NetWare 4.11
IPX/SPX, ?
,
.
VPN- , , -

318

10

,
. .
,
VPN-.
,
. , ,
, :
;
VPN;
.
,

. ,
,
,
. ,
, VPN- . :
!

, NAS, ,
(. 10-4).
. 10-4.

NAS

NAS


VPN-
IAS-

NAS ,
:

?
?
,
?

VPN-?
L2TP
VPN-?
, ,
IAS-,
.
, ,
. ,
, .
,

. ,
.
,
: .
, ,
, 30
.
,
NAS.



NAS . ,
NAS,
. ,
NAS . ,
, VPN-.
, ,
. ,
, ,
.


, 10
150, .
NAS?
, NAS-?
NAS: ?
NAS
, :
, ,
, ;
, ;
,
.

,
.

VPN
VPN,
.

NAS-: L2TP?

?
VPN-?

10

.


Northwind Traders. ,
.
.

Northwind Traders
( Northwind Traders
3 7).
,
.
, WAN-
.


, .
1. ? ,
? ?
2. VPN-? ?
3. ?
.
4. , VPN .


, ,
. ,
. .
1. ,
.
2. ,
.
3. ,
.
. ,

.
,
Microsoft Server 2003.


,
( , . .).
NAS ,
,
,
.

, ,
, .

3.


, ,
. ,

.
, :

S ;
/ ;
S IAS.
60 .



.
,
, . ,
,
, .

(Internet Authentication Service, IAS)
, ,
,
.

322

10


,
, .
(. . 10-5),
.
. 10-5.


(Authentication Type)

, CHAP, MS-CHAP
. .,

,
(Called Station ID)

NAS. ,

,
(Calling Station ID)

RADIUS.
( IAS) [Client-Friendly Name]

RADIUS,

IP- ( IAS)
[RADIUS. Client IP Address]

IP- RADIUS

RADIUS-
NAS ( IAS) [Client Vendor]

,

(Day and Time Restrictions)


(Framed Protocol)

IAS
(, SLIP, Frame Relay .25)

MS RAS Vendor

RADIUS
( )

NAS
( IAS)
[NAS Identifier]

IP- NAS,
( IAS) [NAS IP Address]

IP- ( RADIUS)

NAS,
( IAS)
[NAS Port Type]

,
, ISDN,

,
(Service Type)

, , Telnet . .,


(Tunnel Type)

, PPTR L2TP . .,

Windows,
(Windows Groups)

,
,

, .
, , -

. ,
. .
(Dial-in constraints)
, RRAS
.
, , ;
. ,
,
.
IP (IP). IP- ,
IP- , ,
. IP,
IP-.
(Multilink)
,
.
(Authentication)
(MS-CHAP, EAP . .), ,
MS-CHAP MS- CHAP v2.
(Encryption)
, , ,
( 3DES 160- ).
(Advanced). ,
, RADIUS IAS
RADIUS.

:
;
;
;
1-;
, IP- -
.

SAS
,

. IAS
,
IAS.
IAS,
(Remote Authentication Dial-In User Service, RADIUS).
,
. RADIUS VPN,
.

324

10

RADIUS
RADIUS :
RADIUS- , ,
,
, VPN . RADIUS-
,
. ,
IP- RADIUS- . . RADIUS-
;
RADIUS- , VPN . (
) , RADIUS-,
RADIUS-. ,
RADIUS,
, RADIUS;
RADIUS-. -ISP,
, ,
RADIUS-. RADIUS- ,
RADIUS- . RADIUS-
RADIUS-,
, , RADIUS- (.
. 10-4).

RADIUS

jf.
%

"4DIUS-

!_
NAS

<*
3*
I

>ig|
RADIUS-

. 10-4. RADIUS-,

IAS , VPN
:
. IAS NAS;
. IAS
, CHAP, MS-CHAP 1 2, EAR IAS
,
. IAS- Active Directory,

;

. IAS
, .
VPN-
, ,
RADIUS-.
IAS-, RADIUS , IAS-.

RADIUS
, IAS:
RADIUS-, RADIUS- RADIUS-?
, RADIUS-. , NAS,
IAS, RADIUS-.
, ,
, RADIUS-,
. , RADIUS :
RADIUS;
RADIUS ;
RADIUS.
RADIUS,
:
;
;
, , : 1,
. .

RADIUS
,
RADIUS
. ,
RADIUS-, RADIUS.
RADIUS-,
,
RADIUS- . ,
RADIUS- ,
RADIUS-, RADIUS-,
,
, RADIUS.
RADIUS
. RADIUS-
, :
MS-CHAP vl, v2;
EAP-TLS;
CHAP;
SPAP;
PAR

326

10

RADIUS- ,
, IPSec (
L2TP). IPSec
160- , 3-DES.

RADIUS

, ,
.

.
RADIUS- ,
IAS-
.
IAS- RADIUS,
.
RADIUS RADIUS-,
, RADIUS-
RADIUS-.
IAS- .
, ,
RADIUS.
RADIUS, ,
; ,
, .
,
.
, . ,
RADIUS , ,
, .


RADIUS-, , 1:
;
ISDN.

. ,
.
ISDN.
, ISDN-.
ISP,
.
ISP, , ISP
. ,
, !

327

RADIUS
RADIUS,
RADIUS, .
, RADIUS
VPN. . ,
RADIUS RADIUS- RADIUS-.
RADIUS-
, :
;
WAN-;

RADIUS- .
RADIUS- ,
.
RADIUS- , .

.


, ( ).
.
1.
, VPN?
2. ,
?
3. RADIUS-?
, IAS RADIUS?
4. ,
-? , ?


, ,
. ,
. .
1. ,
. ,
.
?
2. Windows Server 2003,
IAS.
RADIUS-?
3. ,
RADIUS-.
RADIUS-?

10

,
,
.
,
. ,
.

, IAS,
Microsoft- RADIUS.
IAS , ,
, VPN .
RADIUS- ,
.
RADIUS- , VPN-
.
RADIUS- RADIUS.
RADIUS- , RADIUS-
. , RADIUS-
RADIUS-, RADIUS-.

,
Contoso Ltd., ().
, . Contoso ,
, .
, ,
. ,
( Windows
2000, Windows Server 2003 NetWare 4.11,
),
, .


12 Contoso
- .
, 22 .

- , Contoso ,
, . ,
, .
, , , .


,
.
, (,
).
.


Web-
.

, .
1. .
,
Windows Server 2003. ,
. ?
2. , , ,
.
, (
). ?
3. - ,
,
. ,
.
?
4. ,
NAS.
, ?

]

.
, ,

.

330

10

VPN- ,
TCP/IP, L2TP.

2,45 ,
802.1. , (IR) ,
,
.
-
;
.

,
( , . .).
NAS ,
,
,
.

, ,
, .
,
,
.
,
. ,
.

, IAS,
Microsoft- RADIUS.
IAS , ,
, VPN .
RADIUS- ,
.
RADIUS- , VPN-
.
, RADIUS- RADIUS.
RADIUS- , RADIUS-
. , RADIUS-
RADIUS-, RADIUS-.
,
. ,
.

gg-|


, ,
, , .


. , ,

. VPN-
, TCP/IP,
L2TP .

.
NAS ,
,
,
.
,
,
. .

, IAS,
Microsoft- RADIUS. IAS RADIUS Microsoft.
RADIUS RADIUS-
RADIUS-.
RADIUS NAS IAS. RADIUS
, VPN- . RADIUS-
, RADIUS- .


() ~ Access point () ,
. LAN,
.
~ Network Access Server (NAS) ,
, Windows
Server 2003 (Routing and Remote Access,
RRAS). NAS
VPN .
RADIUS- , ,
.
RADIUS- , VPN
;
RADIUS-.

332

10

RADIUS- , , RADIUS-
, RADIUS-.
~ Extensible Authentication Protocol (EAP)
, -
,
.

1.
1. Nortlrwind Traders
? ?
: 802,1,
.
2.
Northwind Traders? ?
: WPA (WiFi Protected Access),
.
3. ,
. .
: WPA
, RADIUS-
802.1.

1.
1. .
: ,
, .
, ,
.
2. - ,
. ,
,
. ,
, ,
. ,
?
: VPN- RRAS
VPN- .
, , ,
, LAN.
3.
, ,
-.

ggg

, .
?
:
, .
.

2.
1. ? ,
? ?
:
, - -,
. -
,
, .
2. VPN-? ?
: VPN- ,
VPN-
WAN-,
VPN-.
3. ?
.
: L2TP/IPSec ,
NAT. ,
VPN, -,
VPN-. VPN- IPSec
3DES.
4. , VPN .
: IPSec (Public Key Infrastructure,
PKI) VPN.

2.
1. ,
.
: , ,
.
2. ,
.
: ,
,
, .
, .
3. ,
.
. ,
.

10

,
Microsoft Server 2003.
: ,
. L2TP s
, Windows Server 2003.

3.
1. ,
. ,
.
?
: ,
RRAS .
, ,
. ,
, ,
, .
2. Windows Server 2003,
IAS.
RADIUS-?
: ,
RADIUS , ,
RADIUS-, . RADIUS, RADIUS,
, , .
3. ,
RADIUS-.
RADIUS-?
: ISP,
, , ,
RADIUS-. RADIUS- , RADIUS .


1. .
,
Windows Server 2003. ,
. ?
: .
,
NAS, .
, , ,
.
2.

, , ,
. -


, (
). ?
: , , , -,
. , ,
.
(Hardware Compatibility List, HCL)
, NAS.
3. - ,
,
. ,
.
?
: NAS VPN-, VPN-
.
, ,
, L2TP IPSec.
4. ,
NAS.
, ?
:
, .

- .

256
ACL (access control list) 5, 190
Active Directory 3, 4, 23
4
75
155
155
155
13
11
Active Directory integrated zone . ,
Active Directory
ADLB (Active Directory Load Balancing) 167
administrative boundary .

alias .
ANI (Automatic Number Identification) 39
APIPA (Automatic Private IP Addressing) 33
ARP (Address Resolution Protocol) 27
ATM (Asynchronous Transfer Mode) 28
AXFR (Full Zone Transfer) .
,

BDC (backup domain controller) 62


BIND 187, 196
bridgehead server . , ;
,

callback .
Caller ID .
CHAP (Challenge Handshake Authentication
Protocol) 38, 310, 325
CIDR (Classless Internet Domain Routing) 30
closet .
COM (Component Object Model) 287
credential .

D
DACL (discretionary access control list) 193
DAP (Directory Access Protocol) 3
data delivery .
DCOM (Distributed Component Object
Model) 287
default gateway . ,
default subnet mask . ,

DFS (Distributed File System) 146, 147


DHCP (Dynamic Host Configuration
Protocol) 23, 33, 56, 63, 189, 218,
259-264
DHCP relay agent .
DHCP
dial-up access . ,

directory .
distribution group . ,

DMZ (Demilitarization Zone) 255


DN (distinguished name) 80, 87
DNS (Domain Name System) 1, 16, 17, 23,
26, 63, 90, 182-194, 204, 265
23
23
21
domain functionality . ,

Domain Naming Master . , ,



domain partition information . ,

down-level domain . ,

(Extensible Authentication
Protocol) 38, 310
EAP-TLS (Extensible Authentication Protocol
Transport Layer Security) 310, 325
equal masters .
Ethernet 28
external trusts .
,

F
Fast zone transfer . ,

firewall .
forest .
forest functionality . ,

forest root domain . ,


forest trust . ,

forward lookup query . ,


FQDN (fully qualified domain name) 5, 19,
90, 183 .
frame .
FRS (File Replication Service) 146, 148
FSMO (flexible single master operations) 89
FTP (File Transfer Protocol) 26

G
gateway .
GPO (Group Policy Object) 61, 107, 108,
109, 127
OU 129
129
129
132
129
OU 132
131
131
131
131

hop .
host .
host ID .
HOSTS 16
HTTP (Hypertext Transfer Protocol) 26

I
IAS (Internet Authentication Service) 321, 323
ICF (Internet Connection Sharing) 284
ICMP (Internet Control Message
Protocol) 27, 28
IGMP (Internet Group Management
Protocol) 27, 28
IIS (Internet Information Services) 63
Infrastructure Master . ,

intersite replication . ,

intrasite replication . ,

inventory .
IP (Internet Protocol) 13,27
IP Lease Discover . IP-,

IP routing . IP-
IPSec 195
IP- 28
33
29, 246
248

ggj

260
260
247
IP- 28, 56, 244, 246
262
29
1- 16
ISDN (Integrated Services Digital
Network) 35, 305
IXFR (Incremental Zone Transfer) .
,

(Knowledge Consistency Checker)


Kerberos 10, 287

163

L
L2TP 312
LAN (local area network) 13, 55
LDAP (Lightweight Directory Access
Protocol) 3, 4, 86, 118, 287
leasing . IP-,
LMHOSTS 16
load balancing .
locator service .

mail exchange record . ,

MD-5 Challenge 310


member server . ,
MS-CHAP (Microsoft Challenge Handshake
Authentication Protocol) 38, 310, 325
multicast group membership .
IP-
multicasting .
multimaster model .

N
name resolution .
name server record . ,
namespace .
NAS 309
NAT 284, 288
NDS (Novell Director)' Services) 3
NetBEUI (NetBIOS Extended User
Interface) 37
NetBIOS (network basic input output
system) 26, 37, 89, 216, 220, 227
network ID .
node .

838

one-time password system .



operations master role . , ,

OSPF (Open Shortest Path First) 32


OU (organizational unit) 7, 8, 48, 76, 101113

P
PAP (Password Authentication Protocol) 37,
310, 325
parent and child trusts .
,

patch panel .
PDA (Persona! Digital Assistants) 307
PDC (primary domain controller) 62
PEAP (Protected Extensible Authentication
Protocol) 310
pointer (PTR) record . ,
policy .
(Point-to-Point Protocol) 36
312
preferred route .

Primary Domain Controller (PDC)


Emulator . ,

Primary zone . ,
primary zone file . ,
private network .
PSTN 305
PSTN (public switched telephone network) 35
public address .

R
RADIUS (Remote Authentication Dial-In User
Service) 323-326
RAP (Remote Access Policies) 39
RAS 37
RDN (relative distinguished name) 87
realm trusts . ,

redundancy .
Relative Identifier (RID) Master . ,
RID
resolver .
resource record . ,
reverse WINS record . ,
WINS
RIP (Routing Information Protocol) 32
router .
routing .

routing table .
RPC (Remote Procedure Call) 162, 287
RRAS (Routing and Remote Access
Service) 35, 284
rule .

s
SAM (Security Accounts Manager) 2, 75, 76
schema .
Schema Master . , ,
scope .
secondary zone . ,
secondary zone file . ,

secure access token .

security boundary . ,
security database .
security group . ,
security principal .

security principal object .



service record . ,
shortcut trusts .
,
SID (security identifier) 12, 88, 154
SLIP (Serial Line Internet Protocol) 37
SMTP (Simple Mail Transfer Protocol) 13,
26, 162
SNMP (Simple Network Management
Protocol) 287
SPAP (Shiva Password Authentication
Protocol) 37, 310, 325
SRV (service record) 90
stub zone . ,

TCP (Transmission Control Protocol) 26


TCP/IP (Transmission Control Protocol/
Internet Protocol) 16, 25, 246

25, 27
25, 26
25, 28
25, 26
Telnet 26
ticket .
tree .
tree-root trusts .
,

trust relationships .

trusting domain . ,
TTL (Time to Live) 27

UDP (User Datagram Protocol) 26


UPN (user principal name) 83, 87, 88, 155
user object . ,
VPN (Virtual Private Network)
304, 311, 312, 313

36, 195, 282,

w
WAN (wide area network) 13, 55
well-known service record . ,

WINS (Windows Internet Name System)
189, 191, 215-234

X
X.25 35
X.500 3

zone

A

IP- . APIPA

. ANI
DHCP- 56, 261
5
121,310

5
20
121
31
SPI (stateful packet inspection)
256
256

256

3
. VPN
122
124
122
124
122
123
122

16,

123
107,126,127
132
127
130
127
28


102
4, 6, 81

. SAM
8
9
8
8
8
8, 10, 82

8
8, 9, 61, 153
8,10
4, 5, 11, 75, 77
18
19
8
162
18
7, 153
9
64
. DNS
26

Start of Authority 23
Windows Internet Name Service 23
234
WINS 23, 192
23
23
WINS 191
19, 22, 183
23
23 . SRV
234
22, 23

21, 22
21
19, 20. 183. 192

5
. DMZ
20, 184
20
184, 201
Active Directory
193
201
20, 184
20
193
200
193
- B I N D 196
IS4
184
184

4, 6, 7, 64, 80, 82
. LAN

184,

. SID
28
28

39
10
20, 277, 319

221
87, 88
221
221
. UPN
. RDN
221
221
. DN

. UPN
56
20, 21

58
2, 10
305

. PSTN
108
11, 151, 152
. PDC
157
. BDC
225

38
32
28, 32, 55
32
248, 261
30

11, 14
56

33, 260
38
31
4
. GPO
5
106
5
91
4; . OU
. UPN

233
233
32
.
PDA
39
322
. RAP
120
. FQDN

27
27
27
39
281,316
6, 17, 188
22

14
16, 20, 218, 220
. DFS
. WAN


13, 161
WINS 232
14,161
195
14,161
147
162


RID (relative ID master) 12, 88, 154
12, 88, 154
12, 154
11,62,153
11, 79, 153

12, 154

13, 145
13
13, 146, 163, 166
164
166
163
165
167
148
145, 150

12, 155
185
309
20
185, 204
62
185
166
118
38

24
.
RRAS
Windows . WINS
. ICF

. IAS

. FRS
.
RADIUS

3
3
3
3
3
3
56
26
. DN

. ACL

DACL
5


307

32

35, 304, 316, 321


56
VPN 311
37
16 .
88, 117
117
118
119
119
119

16 .

31
1-


32, 37
32

128

28

(Walter Glenn)
MCSE , 17
() , .
20 , Exchange Server 2003
Administrator's Companion (Microsoft Press, 2003), MCSE: Exchange 2000 Server
Administration Study Guide (Sybex, 2000) Mike Meyers' MCSA Managing a Microsoft
Windows Server 2003 Network Environment Certification Passport (Osborne, 2003).
Web
Microsoft.
. (Michael T. Simpson)
MTS Consulting, Inc. ( ),
, .

,
. MCSE, MCSA,
, CNE, CCNP, Security-r Certified Ethical Hacker (). ,
17- , 12-
, ,
.


.
Active Directory
Microsoft Windows Server 2003
fiSICs'GSOtt

. .

ML

05784 07.09.01.
22.08.05. 70x100 '/

. . . 29,67.

2500. 312.
, 194044, -, . ., . 29.
005-93, 2; 95 3005 .
.
190005, -, ., . 29.

' /FD

I^ZZ W W
El'"".
W.PITER.COM


, ,
,

. , 1- , . 10; ./ (095) 234-38-15, 25570-67, 255-70-68; e-mail: sales@piter.msk.ru


- . , . ., . 29;
./ (812) 703-73-73, 703-73-72; e-mail: sales@piter.com

. 25 , . 4; ./ (0732) 39-43-62, 39-61 -70;


e-mail: pitervrn@comch.ru

. 8 , . 2676, 203, 205; ./ (343) 225-39-94, 225-40-20;


e-mail: piter-ural@isnet.ru

. , . 13; . (8312) 41-27-31;


e-mai!: piter@infonet.nnov.ru
. -, . 104, 502;
./ (383) 354-13-09, 211-27-18; e-mail: piter-sib@risp.ru
--

. , . 26; . (863) 269-91 -22, 269-91-30;


e-mail: jupiter@rost.ru

. , . 17; . (846) 994-22-62, 994-69-53; e-mail: pitvolga@samtel.ru

. , . 12, 10-11; ./ (10-38-057) 712-27-05,


751-10-02, (0572) 58-41-45; e-mail: piter@kharkov.piter.com

. , . 6, . 1, 33; ./ (10-38-044) 490-35-68, 490-35-69;


e-mail: office@piter-press.kiev.ua

r w
^

. , . 21, 3; ./ (10-375-17) 226-19-53;


e-mail: office@minsk.piter.com

, .
: (812) 703-73-73.
E-mail: grigorjan@piter.com

/ V ^ .
^
: - - (812) 103-73-72,
- (095) 974-34-50.
: (812) 703-73-73.
- e-mail: kozin@piter.com

Оценить