Проектирование инфраструктуры Active Directory на основе WS2k3 PDF

Active Directory'
Microsoft
Windows
erver 2003
7 0 - 2 9 7
* - * *
* -- * *
* *
2006
[^
* i J I
% .>
i
,,.
m i l l ,
j Li iP'
Active Direct

Microsoft8
indows
erver 2003
7<
ICS
* - * *
* -- * * |
* *
2006
ML
^*
004
32.973.81-018.2
53
53
Active Directory
Microsoft Windows Server 2003. Microsoft / .
. . : - ;
.: , 2006. - 364 .: .
ISBN 5-7502-0031-0
ISBN 5-469-01180-1

Active Directory Microsoft Windows Server 2003.
Windows Server 2003,
,
, Active Directory.
,
, .
,
Microsoft Windows Server 2003 Active Directory.

Microsoft ( Microsoft Certified System Engi
neer) 70-297: Designing a Microsoft Windows Server 2003 Active Directory and Network
Infrastructure.
10 ,
. -
, ,
. .
004
32.973.81-018.2
Microsoft Corporation,
, , .
Active Directory, Authenticode, Microsoft, Microsoft Press, NetMeeting,
Windows, Windows NT Windows Server
Microsoft / .
.
, , , ,
,
, , .
ISBN 0-7356-1970-0 (.)

ISBN 5-7502-0031-0
ISBN 5-469-01180-1
,
Microsoft Corporation, 2003-2005
, Microsoft Corporation, 2005
, , 2005

1 Active Directory
1. Active Directory
Active Directory?

?
Active Directory
Active Directory

,

Active Directory

Active Directory

:
2. DNS

DNS

Active Directory DNS

XVII
1
2
2
2
2
4
4
4
5
6
7
7
8
8
9
9
10
10
10
11
11
13
13
15
15
16
16
17
17
19
20
22
23
24
24

3. TCP/IP
TCP/IP

IP-
IP-
Classless Internet Domain Routing (CIDR)

IP-
IP- DHCP

4.

,

25
25
26
26
27
28
28
29
30
31
32
33
34
34
35
35
35
36
36
37
37
38
39
39
40
40
41
41
42
43
2
1.

WAN-

2.

IP-

46
47
47
48
48
49
49
49
50
51
52
52
53
54
54
55
55
55
55
56
56
57
57
||
3.
Windows 2000

Windows NT 4.0
Windows 2003

.
58
58
58
59
59
59
59
60
60
61
62
62
64
64
64
65
65
66
66
67
67
67
67
67
68
68
68
68
68
69
69
70
70
3 Active Directory
1.

.
2.
LDAP Active Directory

74
75
75
77
81
82
84
84
85
86
86
86
86
87
87
88
88
88
89
111
DNS-

90
91
91
92
93
93
93
93
93
94
94
94
94
95
95
95
96
96
100
1. OU
OU
OU
,
,
OU
OU
OU
OU

OU

,

,

. OU
2.

101
102
!02
103
104
104
106
107
108
109
109
110
111
112
113
114
114
115
116
116
116
117
117
118
118
119
119
120
120
121
|)(

122

122

122

124

124

124
. .. 125

126
126
3.
126

127

127
Windows
128

128
GPO
129

130
GPO
131
GPO
131
GPO
131
GPO
131
GPO OU
132
GPO
132

132
,
133
.
133
134
135

135
135

136

136
136

136
-
137
137
137

137

139

139

139

140
5
1. :

DFS
FRS

144
145
145
146
147
147
148
148
150
150
)(
2.

,

.
3.

-
.
4.
Windows NT 4
Windows 2000

151
151
151
152
153
153
153
154
155
157
157
157
158
158
158
159
160
160
161
161
161
162
163
163
165
166
166
166
167
167
169
169
169
170
170
171
171
172
172
172
172
172
173
173
173
173
174
175
175
176

6 DNS
1. DNS
DNS
DNS
DNS

DNS-

2. DNS-

DNS

DNS Active Directory
DNS Active Directory, WINS DHCP
Active Directory
Active Directoiy
DNS DHCP
WINS
WINS
WINS

, Active Director'
DNS

DNS

BIND UNIX
BIND, Microsoft
BIND
. DNS

3. DNS

-

DNS-
DNS-

4. DNS
DNS

DNS

181
182
182
183
183
184
185
185
186
187
187
188
188
188
188
189
189
190
190
191
191
191
192
192
193
193
193
194
194
195
196
196
196
197
197
198
199
199
199
200
200
201
201
201
201
201
202
202
202
203
204
204

. DNS
205
206
206
206
206
206
207
207
207
207
207
208
208
208
209
210
210
210
210
7 WINS
1. WINS
WINS
Windows Server 2003
NetBIOS-
NetBIOS-
WINS
WINS-
WINS-
WINS
WINS
WINS

2. WINS

NetBIOS-
WINS-?
WINS-

3. WINS

/

WINS
215
216
216
216
216
220
220
220
222
222
224
224
225
225
226
226
227
227
227
228
228
229
230
230
231
231
232
232
232
233
233
234
234
234
"\\\
. WINS
235
235
235
235
236
236
236
236
236
236
237
237
237
238
238
239
239
8
1. IP-

J -
IP-
IP-

?
. IP-
2.

, IP-

3. DHCP
DHCP
:,
IP-
DHCP
DHCP-
IP-
DHCP

4. DHCP
DHCP
DHCP-?
243
244
244
244
245
246
246
247
248
249
249
253
253
253
254
255
255
255
258
258
258
258
259
259
260
260
260
261
262
262
262
263
263
263
263
DHCP-

DHCP-: 80/20
DNS
DHCP-
. DHCP
264
264
265
265
265
266
266
266
266
267
267
267
267
268
268
268
268
270
270
270
271
276
1.

2.

3.
NAT
IP-
NAT
NAT
NAT
NAT Traversal

4. NAT

NAT

NAT

277
277
278
279
280
280
281
281
282
282
283
283
284
284
286
286
287
287
287
287
288
288
288
290
290
290
290
291
291
Wlf

. NAT
291
293
293
294
294
295
295
295
296
296
296
297
297
298
299
10
1.

?

VPN
VPN
VPN
VPN

.
2.

VPN-

VPN
.
3.

IAS
303
304
304
304
305
308
308
309
310
311
311
311
312
313
313
313
315
315
315
315
316
316
316
317
317
319
319
319
320
320
320
320
321
321
321
322
323

RADIUS
RADIUS
RADIUS
RADIUS

RADIUS
.

324
325
325
326
326
327
327
327
328
328
328
328
329
329
329
329
329
331
331
331
332
336
,
Active Directory Microsoft Windows Server
2003. , ,
,
Active Directory.
,
Windows Server 2003.
, Active Directory, . . ,
, , .
, ,
DNS (Domain Name System), WINS (Windows Internet
Naming System), .
Microsoft Certified System En
gineer Microsoft.

-, ,
Microsoft Windows
Microsoft, ,
70-297: Designing a Microsoft Windows Server 2003 Active Di
rectory and Network Infrastructure.
Micro
soft .

Win
dows Server 2003. 1 ,
Windows ( 12 18 ).
- -
- ,
.
Microsoft Press Readiness Review Suite,
.
, . ,
:
. -
, Microsoft Encyclopedia of Networking, Second Edition
Microsoft Encyclopedia of Security,
Microsoft Press no Windows Server 2003 .
.
" - (
) . Web-
Microsoft Press http://www.microsoft.com/mspress/
support. Microsoft Press
{tkinput@microsoft.com) (Microsoft Press Technical Support, One Micro
soft Way, Redmond, WA 98052-6399).

:
,
,

;
;
, .
, ,
;
.
, .
;

, ,
;
,
, ;
,
.
.
,
.
! ,
, .
.
, .
, ,
.
Windows,
, ,
Windows 2003 Server,
; : (Start).
,
; ;
.
.
.
, , ,
, .
, [ ], . ,
[filename] ,
. .
, {}, . ,
{filename} ,
, .

. , ,
. ,
Windows Server 2003 Enterprise Edition,
- .
.
. ,
Microsoft Server 2003 (http://www.microsoft.com/windowsserver2003/evaluation/sysreqs/).
Windows Server 2003 Enterprise Edition :
133
86 ( 733) 733
Itanium;
128 ( 256);
* 1,5 86
2,0 Itanium.
)Q(

- 300
. ,
.
,
.
1. - CD-ROM.
,
Readme.txt -.
2. Readiness Review Suite
.

-
, Microsoft Encyclopedia of Security Microsoft Encyclopedia
of Networking, Second Edition PDF.
Adobe Acrobat Reader.
.
1. - CD-ROM .
,
Readme.txt -.
2. Training Kit eBook
.
, -.

Microsoft
Microsoft (Microsoft Certified Professional,
MCP)
. , Microsoft
.

Microsoft.
Microsoft
.
.
http://www.microsoft.com/traincert/siart/itpro.asp.
)()(|

7
.
Microsoft (Microsoft Certified Professional, MCP)

Windows
Microsoft.
Microsoft -.
Microsoft (Microsoft Certified

Solution Developer, MCSD)
, Microsoft,
Microsoft .NET Framework.
Microsoft (Microsoft Certified Application

Developer, MCAD) , ,
Microsoft,
Visual Studio .NET Web- XML.
Microsoft (Microsoft Certified Systems Engineer,

MCSE) ,
- Windows Server
2003 Microsoft.
Microsoft (Microsoft Certified System

Administrator, MCSA)
Windows Server 2003
Windows.
Microsoft (Microsoft Certified Database

Administrator, MCDBA) ,
Microsoft SQL Server.
Microsoft (Microsoft Certified Trainer, MCT)

Microsoft Official Curriculum (MOC)
Microsoft (Microsoft Certified Technical
Education Centers, CTEC).

,
.
Microsoft ,
Microsoft. ,
,
Microsoft.
Microsoft
. ,
,
Microsoft.
Microsoft
( MCSD Mi
crosoft .NET ).
Microsoft
.
Microsoft
: .
Microsoft
: .
Microsoft
.
Microsoft

Microsoft.
,
.
http://www.microsoft.com/traincert/mcp/mct
Microsoft.
, ,
- . Microsoft Press

http://mspress. microsoft, com/support.

, Microsoft Press
:
:
TKINPUT@MICROSOFT.COM
:
Microsoft Press
Attn: MCSE Self-Paced Training Kit (Exam 70-297): Designing a Microsoft Windows Se
2003 Active Directory and Network Infrastructure, Editor
One Microsoft Way
Redmond, WA 98052-6399
Microsoft Press
Knowledge Base http://www.microsoft.com/mspress/support/search.asp.
, Microsoft,
http://support.microsoft.com.
Active t

1. Active Directory
2. DNS
16
3. TCP/IP
25
4.
35
,
, -
.

.
,
,
Microsoft Windows Server 2003.
.
.
Microsoft Active Directory
(Domain Name System, DNS), .
TCP/IP .
- ,
,
, .
, Microsoft Windows Server 2003
.

Microsoft Windows 2000 Server Windows Server 2003.
Actwe Directory
1. Active Directory
Active Directory
.
Active Directory.
, :
/ Active Directory ;
S Active Directory;
S
Active Directory;
f Active Directory Schema.
- 45 .
Active Directory?
(directory) .
. ,
. ,
. Active Directory
, Windows Server 2003.

,
, .
, ,
Windows, Windows 2000. , Windows NT
4.0 ,
. ,
Security Accounts Manager (SAM).
Exchange Server Exchange.
.
- ,
.
.
.
,
, ,
.
?

, . Active Di
rectory .
. .
Active Directory
.500 Directory Access Protocol (DAP). X.500 Internet Standards

Organization (ISO), ,
. .500 DAP
.
Lightweight Directory Access Protocol (LDAP). LDAP
DAP,
. LDAP
.
Novell Directory Services (NDS). Novell NetWare,
.500.
Active Directory. Windows Server 2000
Windows Server 2003. LDAP.
.500, DAP LDAP

( ) www.ietf.org,
Internet Engineering Task Force (IETF). .500,
DAP LDAP.

, , ,
, . .
.
. .

,
. ,
( /),
,
. ,
. -
,
-
.
.
. ,
Active Directory ( ),
.
.

, .
.
.
( ), , .
. ,
.
, ,
.
Active Directory
Active Directory
Active Directory ,
.
Active Directory
, .
Active Directory ,
, ,
.
Active Directory ,
LDAP ( , IETF).
Active Directory ,
.
Active Directory , Windows
Server 2003,
Active Directory
.
Active Directory Windows Server 2003.
Active Directory ,
,
.
Active Directory
Active Directory
? ,
Windows Server 2003 ( , , ,
) .
Active Directory
. ,
,
.
Active Directory
, Active Directory
. Active Directory :
;
;
;
;

Active Directory .
Active Directory ( ),
.
Active Directory
Active Directory
, , ,
Windows .

.
.
. , (user object) ,
, , , . . ,
, . ,
, .
.
Users. ,
. Microsoft
( , ), Active
Directory Windows Server 2003. , Active Directory ,

, .
Active Directory Schema. , ,
Active Directory Schema (schema)
, . Active Directory Schema
( ), ,
( ) .
, Active Directory, ; .
,
(access control lists, ACL), Windows
Server 2003.
.
Windows Server 2003 .

(administrative boundary). ,
(security
database).
(security
boundaries). ,
; ,
.
.
, -, ,
.
Windows Server 2003 ,
, :
DNS, (DNS ).
, , DNS.
, (fully qualified domain name, FQDN) msnews
microsoft.com : msnews.microsoft.com.
Active Directory
.
, (
), ,
.
Windows Server
2003, Active Directory. ,
Windows Server, .
(forests).
Windows Server 2003, Active Directory
, , Windows
Server. Windows Server 2003
, Windows Server.
2 5.
, (tree).
, ,
. , , .
.
. . 1-1. microsoft.com
, Active Directory, .
microsoft.com
microsoft.com
. 1-1.

. . 1-1 ,
Astive Directory
, microsoft.com.
, DNS.
, DNS, .
, .
,
,
. , ,
Active Directory ( ).
, (forest root domain),
,
. , . ,
, .
. 1-2 .
. microsoft.com , contoso.com
. microsoft.com.

microsoft.com

microsoft.com
research. \
'..i-j-jsoft.com \
bales.
microsoft.com
- -
contoso.com
TKtg.
contoso.com
1\!
europe.sales.
microsoft.com
usa.sales.
microsoft.com
. 1-2. ,
Active Directory
. ,
;
, .

(organizational units, OU)
, . .
. -
Active Directory
. Active Directory ,
.

, .
OU , - .
OU.
OU - . ,

OU .
OU ( OU OU),
.
U . ,
. , ,
12- OTJ,
.

, ,
(trust relationships),
[ (trusted domain)] [
(trusting domain)].
Windows Server 2003 :
(parent and child trusts);
(tree-root trusts);
(external trusts);
(shortcut trusts);
s (realm trusts);
(forest trusts).
,

Active Directory
.

. , . .

. , .
, . .
(. 1-3).
,
. ,
, .
Active Directory
. 1-3.

.
, Windows, Windows
2000.
. Windows Server 2003
.
, .

,
Windows Server 2003 Windows NT 4.0.
(down-level domains) (, Active Directory)
,
. .
,
. ,
( )
.
; ,

.

, ,
.
, . 1-4.
. ,
.
, ,
.
Active Directory
^'
*
. 1-4. ,

,
, ,
.
. .

Windows Server 2003
Windows Server 2003 Kerberos, Windows
Kerberos V5.
, - .

Windows Server 2003

.
(user identification, ID), .
Active Directory
, Active Directory .
. ,
, ,

. :
.
0 Active Directory
,
. ,
.
Active Directory.
,
,
. ,
,
.
- , ,

Active Directory.
, .
Active Directory ,
.
OU, . Active
Directory . ,
.

Active Directory
.
.

Active Directory.
.
.
,
.
.

, ,
(multimaster model). To - ,
.
,
,
. (operations master
roles).
, . ,
.
(Schema Master).

. .
2 . 312
Active Directory
, Active Directory.
, Schema Master .
(Domain Naming Master).

. Domain Naming Master
. Domain Naming Master ,
; .
. ,
.
RID [Relative Identifier (RID) Master].
(RID) .
(security identifier, SID)
. SID Windows Server 2003 .
; SID
RID. ,
.
[Primary Domain Controller (PDC) Emulator].
Windows NT 4.0 PDC ,
Windows 2000, Windows Server 2003 Windows XP
. PDC
. , PDC
, .
PDC
, .
(Infrastructure Master). ,
.
Infrastructure Master,
. Infrastructure Master
. Infrastructure Master
, , .
. ,
.
Active Directory,
, .
.
.

.
-
, .

. ,
,
.
.
, ,
, .
Active Directory
,
. , ,
.

, .
.
,
. Microsoft
.
,
, , .

, . ,
.
,
.

IP- ( . 3)
.
1 /. , (local
network, LAN). LAN, (wide
?.: network, WAN), , , LAN.
.
Active
Directory , .
:, .
Active Directory.
,
OU . .
, (site
links), .
. .
.
: ( WAN-)
(site link object). Active Directory
[Internet Protocol (IP) Simple Mail Transfer Protocol
-SMTP)].
.
Active Directory
Active Directory .
,
- .
, .
\ 4
Active Directory
Windows Server 2003 (multimaster replication model), ( ) Active

Directory (equal masters).
,
.

. ,
( );
, .
,
, .
Active Directory,
Default-First-SiteName, .
WAN, . ,
LAN LAN ,
. 1-5. LAN WAN- (256 /).
LAN
, WAN- ,
.
: LAN,
LAN.
. 1-5.
(
), (
).
(intrasite replication).
. ,
. ,
. ,
, .
(intersite replication).
. ,
Active Directory
j g
WAN- , -
/ .
, ,
. , ,
. ,
( )
, .

, ,
. ,
.
.
1. ()
?
a. .
b. .
c. .
d. .
2. .
?
a.
.
b.
.
c.
.
d. .
3. ?
, Active Directory,
. , Active Di
rectory, .
Active Directory (, , ,
) ( ).
.
, ( ) ,
. .
. (OU)
.
.
Windows Server 2003 Active Directory;
.
,
. .
Active Directory
2. DNS
(Domain Name System, DNS)
IP- .
DNS , Windows Server 2003.
, :
S , DNS;
S ,
DNS;
S ;
/ , DNS Active Directory.
- 30 .

3, TCP/IP- (Transmission Control Protocol/
Internet Protocol) IP-. IP-
; IP-
192.168.132.103. ,
, .
TCP/IP- (hosts) [ (nodes)].
.
(-) mailserver. ,
TCP/IP IP-. , IP-
, (name resolution).
IP- .
,
, .
IP-, ,
. IP- (IP
routing), .
, ,
HOSTS. IP-;
- DNS.
LMHOSTS.
NetBIOS-. NetBIOS-
. LMHOSTS NetBIOS- IP.
DNS (Domain Name System).
. ,
Windows 2000 Windows Server 2003 Active
Directory.
a WINS (Windows Internet Naming Service). , NetBIOS IP-, . WINS Windows, -
Windows 2000, ,
Windows DNS.
Windows.
HOSTS DNS ( ), LMHOSTS
WINS ( NetBIOS-). DNS (
Windows Server 2003 Active Directory) WINS.
DNS
, ARPANET,
.
IP- .
HOSTS, , ,
. ,
, (
).
. :
, ;
,
HOSTS, ,
;
HOSTS ,
-.
DNS. DNS
,
. DNS .
- ,
.
.

(namespace) ,
, .
DNS.
; DNS-
.
- ,
. "
readme.txt. ,
. DNS .
mailserver,
mailserver.
. 1-6.
Active Directory
net
org
microsoft
headrest
yarrao
saJes
research
serverl
. 1-6.
gov
server2
DNS-
. DNS ,
. (
).
. Internet Activities
Board (1AB), -, .
com ( ), gov (
) . .
. 1-1.
. 1-1.
com
edu
org
( )
net
( )
gov
mil
num
arpa
DNS (reverse DNS lookups);

. DNS
xx
info
name
DNS
.
, . , micro
soft.com contoso.com com
. ,
, .
().
, contoso.com
sales.contoso.com research.contoso.com.
(fully qualified domain name, FQDN)
DNS;
( ) . FQDN:
milserver. sales, contoso. com
mailserver sales,
contoso com, , ,
(.).

DNS , .
(zone) , ,
( ).
(resource records), DNS, IP- .
.
, .
,
. . 1-7, contoso.com,
: sales.contoso.com research.contoso.com. con
toso.com 1; sales.contoso.com.
, research.contoso.com.
corn
contoso.com
sales.contosQ.com
1
. 1-7. ,
research.contoso.com
2
2Q
Active Directory
.
,
. . 1-7 .
, .
contoso.com . ,
contoso.com, ,
.
,
,
.
.
-, ,
.
.
. -
; (primary zone file).
, , ,
(secondary zone file).
,
. ,
:
(redundancy) ,
DNS ;
(load balancing)
( )
, ;

, .
. Windows Server 2003 .
Active Directory (Active Directory Integrated Zone).
DNS Active Directory. DNS- ,
Active Directory, , DNS-
Active Directory; DNS-,
. Active Directory
DNS-,
Active Directory,
(Primary Zone). - DNS
ASCII-.
.
(Secondary Zone).
( ) .
DNS-,
.

IP-, . DNS
, , (resolvcr).
DNS
Windows , DNS- (DNS

Client). TCP/IP (
) ,
-. , FQDN Web-
, DNS-, ,
.
: (forward
lookup query) IP- (reverse lookup query)
IP- . DNS- .
(forward lookup queries).
, - IP-.
.
, . ,
, .
. 1-8
www.contoso.com.
com
. 1-8.

CQntoso.com
1. DNS-
contoso.com.
, ;
( ).

, , .
2. , , ,
. -
, .
, ,
, , .
, www.contoso.com .
3.
IP- com.
4. www.contoso.com IP-,
.
(iterative queries),
, .
22
s Active Directory
5. , com, IP- ,
contoso.com.
6. www.contoso.com IP contoso.com.
7. contoso.com IP- www.contoso.com.
8. IP- www.contoso.com
.
- .., (reverse lookup queries). IP-
-. TCP/IP ( nslookup,
ping netstat) .
, , ,
, -
.
DNS - , IP-,
IP- DNS
.
in-addr.arpa ( inverse address). In-addr.arpa
IP- . ,
-.
in-addr.arpa -
IP-. , IP-
, , IP-
in-addr.arpa .
, - IP- 192.168.201.35 PTR (
) 20I.168.192.in-addr.arpa.
35 IN PTR host_name.
in-addr-arpa DNS-. in-addr-arpa
[pointer (PTR) records] IP- -.
.

. (resource record)
- IP-. . 1-2
, DNS- Windows Server 2003.
. 1-2.
DNS
, - IP-.
32- IP 4
, 128-
IP IPv6
CNAME
(alias) . CNAME,
IP-
. 1-2.
DNS
()
MX
(mail exchange record)

DNS-
(name server record)
DNS-
(pointer record) IP-
DNS- (DNS reverse-naming zone)
Start of Authority
. ,
DNS-.
DNS-
(service record) ,
. SRV
Active Directory
Windows Internet Name Service WINS-,
,
DNS
WINS (reverse WINS record)
Microsoft DNS nbstat
( )
(well-known service record)
,

NS
PTR
SOA
SRV
WINS
WINS_R
WKS

, A, CNAME, MX, NS, PTR, SOA SRV.
, .
DNS
DNS, Windows Microsoft Windows 2000
Server, DNS-
IP-; .
IP-,
Dynamic Host Configuration Protocol (DHCP), DHCP DNS- IP-,
DHCP-. DNS ,
Active Directory.

. , , ,
.
Active Directory
DNS (locator service), Active Directory (

Windows). Active Directory
, DNS. (
),
DNS SRV.
DNS-. Microsoft DNS

, ,
. ,
.
.
1. Active Directory DNS?
2.
-?
a. .
b. ALIAS.
c. CNAME.
. HINFO.
3. DNS
, .
?
a. .
b. Active Directory.
c. SRV.
& DNS
.
- IP-, a DNS
Windows Server 2003. Active Directory
DNS; DNS
(SRV). DNS- ( Active Directory) DNS
(DNS lookup).
DNS Active Directory. DNS
. ,
, - IP- .
DNS
, .
.
TCP/IP
25
3. TCP/IP
TCP/IP , ,
. TCP/IP
Windows Server 2003. ,
TCP/IP.
, :
S TCP/IP Windows Server 2003;

S , IP-;
S (network ID),
(host ID) (subnets);
S -.
30 .
TCP/IP
TCP/IP . () TCP/IP
(. 1-9): (application layer),
(transport layer), (internet layer) (network access
layer), .
- . ,
,
( ); .
-
-.
. 1-9. TCP/IP
Active Directory

.

TCP/IP. Windows Server 2003
, TCP/IP:
WinSock Microsoft- Berkeley Sockets API,
-/-;
NetBIOS Helper Service ( NetBIOS) NetBIOS (network basic input
output system) (legacy) ,
DOS BIOS,
. NetBIOS
Windows. NetBIOS Helper Service NetBIOS
(sockets).
TCP/IP-: WinSock
NetBIOS. Windows- Microsoft,
WinSock.
TCP/IP-, :
Hypertext Transfer Protocol (HTTP) Web-
;
File Transfer Protocol (FTP) ;
Simple Mail Transfer Protocol (SMTP)
;
Telnet (terminal emulation protocol),
- ;
Domain Name System (DNS) ,
.

;

.
,
, .
(data delivery)
.
Transmission Control Protocol (TCP) ,
(connection-oriented protocol),
.
(reliable protocol),
, .
, .
TCP.
a
User Datagram Protocol (UDP) ,

(connectionless protocol),
. UDP .
TCP/IP
, TCP,
. UDP
, ,
,
.
, TCP UDP,
TCP- UDP- .
065535. 0 1023
. (wellknown port numbers); Internet Assigned Numbers
Authority (IAN). 1024 49151
IANA (registered ports);
. , 4915265535
, (private).
7.

,
, .
: Internet Protocol (IP), Address Resolution Protocol (ARP),
Internet Control Message Protocol (ICMP) Internet Group Management Protocol (IGMP).
IP ( , )
,
. IP , ,
, , . IP
.
, TCP,
.
, IP TTL
(Time to Live), ,
. TTL
. IP, , TTL
. IP, TTL, 0,
.
ARP IP- (. . ), .
, IP IP- .
( )
,
.
ARP, Windows Server 2003, IP-
, ,
ARP-. .
IP-, ARP . , ARP
. , ARP
; IP-,
. IP- ,
Active Directory
.
ARP-.
ICMP ,
. ICMP
(routers), IP ,
.
, IP , ICMP Destination Unreachable ( ).
IGMP ,
IP- (multicast group membership).
(multicasting)
-.
,
,
. ,
IP-, .

. ,
. , Ethernet Asynchronous
Transfer Mode (ATM), , .
1-
TCP/IP- IP-,
. IP, ,
.
IP- , 0 255.
, IP-
- 192.168.1.102.
0-255? ,
, . ,
IP- 192.168.1.102 - 11000000 10101000 00000001 01100110.
,
.
IP- .
(network ID) IP-, .
, . IP- 192.168.1.102
192.168.1 .
, .
192.168.1.0.
(host ID) IP-,
.
. IP- 192.168.1.102
( 192.168.1.0 ), 102.
TCP/IP

.
, .
, IP- ,
, ,
(subnet mask). ,
. ,
,
, IP-, .
. 1-10 IP- .
.
, .
, ,
.

IP-:
131.104.16.92
10000011 011010000001000001011100
255.255.0.0
11111111 111111110000000000000000
131.104.0.0
10000011 01101000 00000000 00000000
0.0.16.92
00000000 00000000 00010000 01011100
. 1-10.
IP-
IP- ,
. IP- (classful
IP addressing). IP-,
.
IP- IP-
.
, IP- , 0
255. w.x.y.z.
(w), IP- , . 1-3.
. 1-3.
IP-
ID
'

w.0.0.0
w.x.0.0
w.x.y.O
1-126
128-191
192-223
224239
240255
126
16 384
2 097 152
16 777 214
65 534
254
255.0.0.0
255.255.0.0
255.255.255.0
8 Active Directory
, .
-
- (Internet service providers, ISP), IP-
ISP. D
.
, ,
IP- .
IP- ( 98 98.162.102.53).
, .
, , .
IP-
. , IP-
, ( . ).
Classless Internet Domain Routing (CIDR)

IP- ,

(default subnet mask) . , ,
, ,
.
,
, . ,
. Classless
Internet Domain Routing (CIDR)*.
CIDR
. , ,
, IP-,
-
, .
,
. , , IP. (255.255.0.0),
:
11111111 11111111 00000000 00000000
, 16 IP-
, 16 - .
, , .
. ( ,
.) ,
:
11111111 11111111 11111000 00000000
1111 1000 248. . 1-4

.
* C1DR : Classless Interdomain Routing. . .
TCP/IP
. 1-4.

10000000
128
11000000
192
11100000
224
11110000
240
11111000
248
11111100
252
11111110
254

255, 0,
255, . , 255.255.0.0
, 255.0.255.0 . 255
, . ,
255.255.0.0 ,
IP-.

, , . 1-4. IP 184.12.102.20 255.255.255.0
184.12.102.0 ( 255.255.0.0,
184.12.0.0).
184.12.0.0 ,
.

, . 1-4, ,
.

, , IP, Internet Assigned Numbers Authority (IANA).
- IP-.
(private network), , ,
(firewall) -,
, (public address)
, .
,
:
- 10.0.0.0 10.255.255.255;
- 172.16.0.0 172.31.255.255;
- 192.168.0.0 192.168.255.255.
32
a Active Directory

.
.
IP-
(routing)
. TCP/iP- ,
,
. IP .
, TCP UDP
IP . IP , .
; ,
. , ,
-.
, ,
, . IP
(gateway), (router),
. , IP
, , . -
, ,
.
, , , ,
.
(hop). , ,
, , .
- IP- (default gateway)
, , -
. ( , IP)
(routing tables),
.
(preferred routes) ( ).
-
, .
:

. , -
,
;

, .
,
. ,
.
;
.
: Routing Information Protocol (RIP) Open Shortest Path
First (OSPF).
TCP/IP
IP- DHCP
Dynamic Host Configuration Protocol (DHCP) ,
IP- .
IP- ,
TCP/IP. DHCP , IP- ;
, DHCP - .
DHCP ,
, DNS. IP-,
DHCP- ; (scope).
,
. ( )
TCP/IP DNS- WINS-.
, IP-
( Windows-
).
TCP/IP
IP-, DHCP-. DHCP-,
IP-,
, .
, IP-
, DHCP-.
(leasing) ( IP- ).
, ,
. 50% ,
, , .
, . ,
- , .
IP- , .
DHCP Windows Server 2003.
DHCP- Windows Server 2003,
DHCP
IP- .
IP- (Automatic Private IP Add
ressing, APIPA) , Windows 2000;
Windows XP Windows Server 2003. APIPA ,
IP-, IP-
, DHCP-.
APIPA 169.254.0.1169.254.255.255,
Microsoft .
, APIPA , DHCP-. APIPA
Windows 2000, Windows Server 2003
Windows XP ;
.
DHCP-, - , APIPA,
, DHCP-.
Active Directory

, ,
. ,
.
.
1. TCP/lP-
?
a. .
b. .
c. .
d. (link).*
2. 131.107.0.0,
255.255.0.0.
, ,
20 .
?
3. IP 157.54.4.201?
a. 255.0.0.0.
b. 255.255.0.0.
c. 255.255.255.0.
d. 255.255.255.255.
TCP/IP : ,
, ( ). -
, -
.
- IP-,
- ;
0 255. IP-
, , , ,
. , IP-
, .
IP-
Dynamic Host Configuration Protocol (DHCP). DHCP-
IP-, ,
, ,
DNS- .
* : TCP/IP
. OSI. . .
gg
4.

Windows Server 2003
(Routing and Remote Access service).
, ,
.
, Windows Server 2003 .
, :
/ , Windows Server 2003

;
S ;
;
S .
20 .

Windows Server 2003
,
,
.
LAN- WAN-.

.

, .
( ), (,
, ) ,
.

.
(dial-up).
,
.
,
(public switched telephone network, PSTN), Integrated
Services Digital Network (ISDN) .25.
.
.
a Active Directory pf

;
.
(Virtual Private Neiwork, VPN). VPN

, . ,
, VPN-
- .- .
- (ISP)
.
(,
);
VPN-. ,
VPN-
.
VPN
. -, , ,
,
. ISP
. -,
,
, .
- ,
,
.

, VPN
.
,

, ,
:
( ) ( LAN-).

,
WAN- ( ).
:
Point-to-Point Protocol (PPP).
. ,
,
, ,
.
,
.
Serial Line Internet Protocol (SLIP). ,

UNIX - .
SLIP ,
SLIP- .
RAS. NetBIOS
(proprietary) ,
Microsoft. NetBIOS-
.
NetBIOS.
,
TCP/IP. NetBIOS NetBIOS Extended User
Interface (NetBEUI) .
.
;
. ,
, , a SLIP (
).

.
,

. ,
,
, .

, . (
) - (creden
tials),
, . Windows Server 2003
.
Password Authentication Protocol (PAP).
.
.
, ," . ,

. , Microsoft
.
Shiva Password Authentication Protocol (SPAP). Shiva (
Intel), . SPAP

. SPAP -
Active Directory
,
. , .
Challenge Handshake Authentication Protocol (CHAP).
PAP SPAP. (challenge),
.
() ,
. ,
. ,
. CHAP MD5-CHAP,
RSA MD5.
Microsoft CHAP (MS-CHAP). CHAP,
MS-CHAP. 2 Windows 2000,
Windows Server 2003 Windows XP. 1
Windows.
Extensible Authentication Protocol (EAP). -, .
-

. , ,
(authenticator);
.
,
(secure access tokens) (one-time
password systems).

. SPAP
, . CHAP, MS-CHAP
; ,
.

,

. Callback Control
Protocol,
(callback) . ,
, , ,
. .
, ,
, .

, .

(Caller ID) (Automatic Number Identifica
tion, ANI). ,
.

.
.
, (Remote Access Policies, RAP)
, , ,
. RAP ,
.
, , .
,
. (policy)
(rules), , ,
.
.
, .

, ,
. ,
.
.
1. ,
.
?
a. .
b. CHAP.
c. SPAP.
d. MS-CHAP.
2.
,
?
._. ~ * '
a. .
b. SUP.
c. RAS.
d. NetBIOS.
3. VPN-
?
Active Directory
Windows Server 2003

. ,
(Virtual Private Network, VPN).

, .
, "
.
(
, ),
( )
(
).
j f
Active Directory (, , ,
) ( ).
.
, ( ) ,
. .
. (OU)
.
.
Windows Server 2003 Active Directory;

. ,
. .
- IP-, a DNS
Windows Server 2003. Active Directory
DNS;
DNS (SRV). DNS-
- ( Active Directory)
DNS (DNS lookup).
DNS Active Directory. DNS
. ,
, - IP- .
DNS
, .
.
TCP/IP : ,
, ( ). -
, -
.
'
TCP/IP- IP-,
- ;
0 255. IP-
, , , ,
. , IP-
, .
IP-
Dynamic Host Configuration Protocol (DHCP). DHCP-
IP-, ,
, , DNS .
Windows Server 2003
. ,
VPN.

, .
,
. , ,
TCP/IP.
(
, ),
( )
(
).

, ,
, , .
Active Directory. , , ,
.
, .
Active Directory.
, . ,
.
. ,

.
DNS. .
, DNS- DNS
.
Active Directory
. ,
. ,
Windows Server 2003 network.
TCP/IP
.
IP-. IP-
. IP IP-
.
- ..
,
.
.
,
.
,
.

- namespace ( ) ,
,
. ,
.
~ object , .
, .
~ root domain
(naming structure). , Active Directory,
Active Directory .

, .
~ operations master roles
,
; .
,
.
, Active Directory ~ Active Directory Integrated Zone DNS, DNS Active Directory.
DNS
.
Classless Internet Domain Routing (CIDR) IP-,
IP-
AF. CIDR
.
.
1.
1. ()
?
a. .
b. .
c. .
d. .
: .
2. .
?
a.
.
b.
.
c.
.
d. .
: .
3. ?
:
,
.
.
2.
1. Active Directory DNS?
: Active Directory DNS (locator
service). (
Active Directory) DNS SRV.
2.
-?
a. .
b. ALIAS.
c. CNAME.
d. HINFO.
: .
3. DNS
, .
?
a. .
b. Active Directory.
Active Directory
c. SRV.
d. DNS
.
: .
3.
1. TCP/IP-
?
a. .
b. .
c. .
d. .
: .
2. 131.107.0.0,
255.255.0.0.
, ,
20 .
?
:
.
240 20 .
255.255.255.240 , 4095 ,
31 . 2
, ,
.
3.
IP- 157.54.4.201?
a. 255.0.0.0.
b. 255.255.0.0.
c. 255.255.255.0.
d. 255.255.255.255.
: .
4.
1. ,
.
?
a. .
b. CHAP.
c. SPAP.
d. MS-CHAP.
: , d.

,
?
a. .
b. SLIP.
;. RAS.
d. NetBIOS.
: .
VPN-
?
: -, ,
, ,
. -, VPN-
,
, . ,
VPN (
) ,
.
1.
47
2.
55
3.
59
:
;
.
:
;
;
(
, ,
, , Web-).
Active Directory .
;
;
;
.
Active Directory .
, ;
Active Directory ;
.
.
;
;
;
.

Microsoft Windows Server 2003,
,
.

.
, ;
, ,
Active Directory. - ,
,
.

,
1.
1.
.
, ,
.
, :
/ ;
S ;
S .
20 .

,
. ,
. WAN-
, , ,
LAN-, .
WAN- (
). ,
.
Windows, Windows 2000, Microsoft

.
. , , Microsoft
.
,

(organizational units, OU). . . ,
Microsoft : ,
, . , ,
, (branch offices).

,
.
.

. ,
- .
.

.
.

,
. . 2-1.
^52-&41 Frame Relay

/
256- Frame Relay

. 2-1.

( ).

. , ,
, .
WAN .

.
, (
), ,
, . ,
, WAN- .
( 512 /)
.

WAN-. ,
Asynchronous Transfer Mode (ATM) Frame Relay.
, ,
, , :
;
;
.

,
, (. 2-2). ,
, . ,
, ,
. ,
.
.
,
. ,
, , ,
.
, ,
. ,
, , .
, .

,
.
512-'
* * N " - N ^ Frame Relay
64\\
-\\
\
Frame
'
Relay
\
\
64-
Frame Relay
. 2-2.
, , , (hubs)
;
(. 2-3). , . ,
, (department stores), ,
-.
,
.
,
.
( ) -
,
, . -,
, .

(subsidiary office) ,
. , ,
(,
).
, .
64-
512-
"~^^^_^ Frame Relay
V4
-\\
Frame
Relay
\
\
'
\
\
64-
Frame Relay
. 2-2.
, , , (hubs)
;
(. 2-3). , . ,
, (department stores), ,
-.
,
.
,
.
( ) -
,
, . -,
, .

(subsidiary office) ,
. , ,
(,
).
, .
'\ ^\ ,^\
. 2-3.

. ,
, .
.
,
. ,
.
, , .
, -
, .
.

,
.
,
, .
,. -
. , , -,
,
; ,
.
,
?
-,
? , , ,
, .
?
? (,
1),
.
, ;

.
?
,
.
.
.
, , -
, .

.
WAN-
( )
WAN- ,
.
, , .
WAN-
. .
,
, .
, ,
, ( ),
, . .
(
).
,
.

.
: ,
, , , .
,
, , , ,
.

, .
.
?
? ,
, ?
?
? ? ?
- , , ?
, -
? ?
?
, -.
(My Documents) Z:.
,
.
? , ?
? ?
, , ,
.

?
(instant messaging),
, ?
?
? ?

. . ,
. , .
, , ,
( ). -.
, ,
. , , ,
.
. - , ,
, .
.
.

, ' ,
-. ,
: .
-.
, Active Directory.
. -,
. ,
OU Active Directory,
. -,
, ,
.
,
. , ,
.

. , -
.
. ,
,
. .
Active Directory. ,
OU . ,
.
,
.
,
.
, .
, , . ,
.
- ,
, , .
. ?
?
, ?
, .

Windows 2003 :
. ,
.
,
.

, ,
. ,
.
.
1. , ,
?
2. ?
3.
. 1. -
, 64-
. ?
: , ,
. (
)
.
:
( ) (
,
).
, ,
.
2.

, .
IP-, ,
, .
, :
/ ;
S ;
S .
- 30 .

,
.
.

. .
LAN, .
.
LAN .
LAN
LAN WAN. -
, , . ,
, DHCP DNS,
. ().
Windows, (
), , Windows,
.
.
, , ', .
(patch panels) (closets).
,
.
.
(dial-up access)
, .
-,
, , .
Windows-, , .
LAN.
, LAN .
1-
, Internet Protocol (IP).
, IP-
-. ,
IP- . ,
IP- ( ,
) Dynamic Host Configuration Protocol (DHCP).
.
,
.
.
DHCP- DHCP
(DHCP relay agent).
, DHCP-,
DNS-.
TCP- UDP-, ,

, .

, . (inventory)
, .

,
.
, , .
, ,
, -
-.
.
, IP-, .
.
, , .
, .
, BIOS.
.
.
, , .
. ,
.
.
.
, .
, DHCP, DNS WINS.
- . ,
, .
. ,
, (
).
, .
, .
, .
- , Windows
Server 2003, ,
Active Directory,
. . 5.

, , ,
. ,
, -. , ,
.
.
( )
.
.

.
.
. ,
,
.
( , , ,
?), .
, -, ,
.

, ,
. , , .
,
.
,
.
, , , ,

.

, .
, , ,
.
,
. ,
? ?
,
.
(Performance Console). (
Windows, Windows 2000, Performance Monitor)
.
,
, , .
(System Moni
tor). Windows Server 2003.
(Network Monitor).
. (frames) ,
,
.

, ,
. -, ,
. -, , ,
.

. , , Active Directory
, ,
.

, ,
. ,
.
.
1. ?
2. IP- .
3.
Windows.
, , ,
IP- .
.
- .
,
.
,
.
,
.
.
3.
,
, , ,
, .
, :
S
S
S
S
;
;
;
.
30 .
Windows 2000
Active Directory, ,
. ,
, , .
, , ,
, .

, . 2-4.
, .
.
.
treyresearch.com
i
cpancll.com
/ treyresearch
com
/ \
/
/
, treyresearch.com
. -
/f
/
treyresearch.com

research.
dallas.
cpandl.com
. 2-4.
Windows 2000
:
;
;
;
(shortcut trusts);
;
Windows NT 4.0.

, ,
, OU.
, . 2-5.
. 2-5. OU
OU :
, OU ( OU);
OU
. OU,
OU, ;
(Group Policy Objects, GPO), OU.
OU
- , . ,
OU
, OU .
,
. ,
OU, .
OU ,
, .
, OU
OU.
, OU, ,
.
g2

, ,
.
,
.
-
, ,
.
, ,
, (operations master roles)
.. . 1.
.
(bridgehead server)
Active Directory.
, ,
DNS, DHCP, .
, ,
,
.
Windows NT 4.0
Windows NT 4.0,
,
Windows 2000 Active Directory. Windows NT 4.0
, . Windows NT 4.0
(primary domain controller, PDC)
(backup domain controllers, BDC); ,
, Windows NT
.

. ,
Windows NT 4.0
. Windows 2003 OU, .
, , (
), OU .
(
), , .
,
, , OU
.
Windows NT
, :
Active Directory;
;
;
.
,
, Active
Directory .
,
. 2-6.
:
;
;
;
.
. 2-6.
Windows NT 4.0

. .
IP- . ,
. , DNS, DHCP,
Internet Information Services (IIS),
. , ,
, . ,
, .
.
,
.
, . ,
. .
. ,
. ,
.
Windows 2003
Windows 2003
,

(domain functionality) ,
. .
Windows 2000 ( ) (Windows 2000 Mixed).
. ,
Windows NT 4.0, Windows 2000 Windows 2003.
.
Windows 2000 ( ) (Windows 2000 Native).
, Windows 2000
Windows 2003. (
Windows Server 2003) .
Windows Server 2003 ( ) (Windows Server 2003 Interim).
,
Windows 2003, Windows NT 4.0.
Windows NT 4.0 Windows 2003 Server.
Windows Server 2003. .
,

(forest functionality) ,
. .
Windows 2000. ;
, Win
dows NT 4.0, Windows 2000 Windows 2003.
Windows Server 2003 ( ). ,
Windows 2003,
Windows NT 4.0.
Windows NT 4.0 Windows 2003 Server.
Windows Server 2003. .
,
Windows 2003 .
Microsoft Windows Server 2003 Resource Kit.
,
Active Directory. ,
.
.
Northwind Traders ,
. Northwind Traders
Microsoft Windows NT 4.0 (master domain model)
.
.

, ,
. ,
Windows Server 2003 Active Directory,
.
,
.
2 000
1000
750
750
500

. -
. - -
-. -

, ,
- - (research
and development, R&D). Ton-
R&D.

. , - VPN-
.
***'4*^

.
1. Windows NT.
2. Northwind Traders ?
3. Northwind Traders?

, ,
. ,
.
.
1. Active Directory ,
Windows NT 4.0. 12 Windows NT 4.0 300
Windows 98, Windows NT 4.0 Workstation Windows
XP Professional. .
Windows NT 4.0 .
.

- ?
2. Windows 2000 Active
Directory. ,
.
?
3.
Windows NT 4.0 Windows 2003,
Windows 2000,
,
.
Windows 2000 OU ,
.
Windows NT 4.0, ,
.
, .
Contoso Ltd.,
, .
Windows NT Server 4.0.
Windows 98 Windows 2000 Professional. Contoso
. ,
Windows Server 2003
Active Directory.
Windows XP Professional.

Contoso
, -.
Contoso Trey Research
, .
, Contoso
() - ().
, -.
- ( ).
(Trey Research) .
, -,
.
.
gg

256-
Frame Relay, - 128-.
- 64- Frame Relay.
(backbone) 155- ATM. 10/100- .
, 10/100- .

, .
Dallas,
.

.
, ,
, .
, -
. .
-
- , . -. -
.
.
1. .
?
2. ,
.
- ?
3. ,
.
?
4. , Active Directory ?
: , ,
. (
)
.
:
( ) (
,
).
, ,
.
, , ,
IP- .
.
- .
,
.
,
.
,
.
.
Windows 2000,
,
.
Windows 2000 OU ,
.
Windows NT 4.0, ,
.
, .
01
, ,
, , .

, IP- , Active
Directory .

, . . ,
OU.

Windows Server 2003 Windows.
Windows 2003,
. Windows 2000,
, Windows NT 4.0 .
,

, . ,
.

/ ~ centralized/decentralized
OU
. OU
.
WAN- ~ WAN link (LAN),
. WAN- ,
, LAN.
WAN-.
~ functional level ,
Windows,
. , .
1.
1. , ,
?
: , , ,
, ,
.
2. ?
: ,
, ,
, .
3.
. 1.
, 64- .
?
: 64- ,
- .
,
.
2.
1. ?
:
, ,
, , , .
, .
71
-. IP- .
: , ,
, DNS-.
, DHCP , , .
3.
Windows.
: (Performance) (
Performance Monitor Windows)
. (Network Monitor)
.
3.
1. Windows NT.
:
,
, .
.
. - \
- \
/
/
\ *
\
*~~--~-^/
V
/ -isc>3so-i \
\
Xorthwind Traders ?
: ,
. - , , -,
.
Northwind Traders?
:
-.
.
72
3.
Windows NT 4.0. 12 Windows NT 4.0 300
Windows 98, Windows NT 4.0 Workstation Windows
XP Professional. .
Windows NT 4.0 .
.

- ?
:
OU .
,
, WAN-
.
2. Windows 2000 Active
Directory. ,
.
?
: , OU
. ,
OU. ,
.
3.
Windows NT 4.0 Windows 2003.
: .
Active Directory.
. .
.

1. .
?
:
, .
. , ,
.
WAN- .
2. ,
.
- ?
:
. .
; ,
.
,
.
?
: .
( , ) .

.
,
.
, Active Directory ?
: , ,
.
-, OU .
.
,
.
. .

Active Directory
1.
75
2.
86
Active Directory -
:
Active Directory;
Active Directory.
Active Directory:
;
Active Directory;
NetBIOS-.

,
Active Directory,
. ,
, ,
Active Directory. ,
, , ,
, ,
.

. ,
Microsoft Active Directory.

Active Directory, 1.
Active
Directory (. 2).
jg
1.

Active Directory
, . ,
. ,
.
, :
S Active Directory;
S ;
S ,
.
40 .

Active Directory (. 3-1).
,
, , ,
. , Active
Directory ,
, .
.
contoso.com
. 3-1. Active Directory

,
- .
, -
.
,
. ,
, , ,
,
.
Active Directory , Win
dows NT. , Windows NT, -
JQ
Active Directory
(Security Accounts Manager, SAM) 40 000

. Windows NT Active Directory
. Active Directory
: (OU) .

OU. Active Directory
, .
Active Directory Windows NT (
),
.
OU , . OU
. OU (
OU OU), .
, OU -
. , OU
,
;
. . 3-2 , OU
. OU 4.
. 3-2. OU

OU ,
, ,
, WAN. ,
IP- .
1 /. ,
(LAN). LAN
WAN, LAN.
5.
;.1~; 1
- ( )
~:: : .
;:. , , ,
;_ , . , ,
: :~. ,
^ . ,
~:.~ , . ~.~- , , , , , .

. , , :
:, , . .
: ,
Active Directory, . -, Active Directory

. -,
WAN- , .
,
.
,
, ,
Active Directory. OU ,
. ,
. , .
.

,
.
, .
,
, .

,
. , , ,
, ,
,
. . 3-3 ,
.
( . 3-4 , ),
, OU .
78
Active Directory
houston.
contoso.com
atlanta.
contoso.com
. 3-3. ,
chem. research.
contoso.com
robotic.research.
contoso.com
. 3-4. ,
,
.
.
. ,

, .
.
, .
-, .
,
, .
WAN-
, , .
,
.
, , WAN-
.
.
, .
,
, . ,
,
hr.contoso.com sales.contoso.com, ,
contoso.com.
Windows NT.
Windows NT, , ,
Active Directory.
(schema master) ,
.
,
Active Directory. ,
, , .
,
0U, ,
. , ,
, .
0U,
( , 0U).
, ,
, .
.
, ,
,
. , ,
, ,
, , .
.
,
.

, .
QQ
Active Directory
,
.
. ,

, (shortcut
trust). : ,
.
,
(. 4).
, ,
(Enterprise Admins).
. ,
, (Do
main Admins).
.
,
,
. ,
.
, (trust links),
.
, Active
Directory; . ,
( ), (distinguished name, DN)
DNS- .
.
.
, ,
. ,
. , ,

. ,

(Enterprise Admins)
(Schema Admins). :
,
. ,
( ), ,
.
( ),
.
, , , .

,
. , ,
, , ,
. , ,
. ,
, DNS.

, ,
. . 3-5
.
fabrikam.com
us.sales.
contoso.com
asia.sales.
contoso.com
, 3-5. ,

, :
DNS.

( ),
.
DNS, DNS-,
.
, ,
. , ,
.
Active Directory
, LDAP- (Lightweight Directory Access Protocol),

Microsoft,
LDAP- .
.
:

. ,
. . 3-6 ,
. 3-5, .
us.sales.
contoso.com
asia.sales.
contoso.com
. 3-6. ,

,
, , ,

. , ,
.
.
.
,
. ,
Windows Server 2003, (forest trust),
.
,
, .
. ,
, , , -
. , ,
Windows 2003, . .
,
. ,
. .
. ,
, ,
,
. ,
, ,
.
.
, , ,
.
-
, . , -
, (
- ),
-, Active
Directory. -
-,
.
.
,
. ,
. ,
.
,
, ,
, . ,
, .
.
.
,
.
, ,
.
, ,
, (user principal name,
UPN) .
.

-, ,
- .
.
.
.
Active Directory
.
DNS- ,

.
(ACL)
,
, ,
.
,
, , ,
, .
,
.
. Windows Sei'ver
2003, , , , .
.

Northwind Traders. ,
.
.
Northwind Traders ,
. Northwind Traders
Microsoft Windows NT 4.0 (master domain model)
.
.

, ,
. ,
.
,
.

2000
1
()
1000
750
750
500

. -
. - -
-. -

, ,
- - (research
and development, R&D). Ton-
R&D.

. , - VPN-
.
V
4

, .
1. ? ? ?
2. Northwind Traders .
Active Directory
Fnasa 3

, ,
. ,
. .
1. ,
.
?
2.
?
3. ?
?
4. ?
,
, .
,
, ,
.
,
DNS.
,
/ - .
2.
, ,
, .
LDAP (Lightweight Directory Access Protocol), , Active Direc
tory, .
, :
S
/
S
S
, Active Directory;
;
NetBIOS;
Active Directory.
20 .
Active Directory
LDAP ,
. , LDAP ( Active Directory),
, , . ,
LDAP, .
Active Directory ,
Active Directory. ,
. , Active Direc
tory ,

. , ,
. ,
Active Directory .
:
(relative distinguished names, RDN);
(distinguished names, DN);
(user principal names, UPN);
.

(RDN) ,
. ,
. , :
CN=wjglenn,CN=Users,0C=contoso, DC=com
CN=wjglenn. RDN
(OU) Users. RDN ,
Common Name.
Active Directory RDN ,
, ,
RDN.
( ,
) ,
LDAP- .
,
DC Domain Component, DNS-
ORG.
OU Organizational Unit, ,
.
CN Common Name, ,
Active Directory.

(DN),
, ,
. DN DN
, DN ,
.
:
CN=wjglenn,CN=Users,DC=contoso,DC=com
Active Directory
DN , wjglenn Users,
contoso.com. wjglenn
, DN
. DN ,
(fully qualified domain name, FQDN)
DNS. DN .

, .
. , ,
:
contoso.com/Users/wjglenn
, .
,
LDAP- ( CN DC).

(UPN), ,
_@_.
,
. , Active Direc
tory .
, .

, Active Directory
,
Active Directory; .
, ,
.
,
.
. ,
.
1.
: (domain naming
master) RID (relative ID master). , ,
, (security
principals).
.
. ,
. ,
, (Enter
prise Admins).

, , ,
.
FSMO (flexible single master operations).
RID. RID
. ,
RID : RID.
Active Directory,
RID 500 RID,
.
400 RID, RID 500 RID.

,
Active Directory, DNS. DNS
IP- , Active
Directory. , Active Directory DNS .
6
DNS, DNS
,
Active Directory.
DNS
. , contoso.com
sales.contoso.com, europe.sales.contoso.com.
, DNS, . .
( ).
Active Directory , DNS.
Active Directory,
. .
,
.
Active Directory DNS,
NetBIOS- (Network Basic Input/Output System)
, Windows -
Windows Server 2003. DNS-
NetBIOS ; (,
. .) , IP-.
Windows ,
NetBIOS-. Windows NetBIOS-
, ,
. NetBIOS-.
Active Directory DNS, NetBIOS-
. NetBIOS- - .
DNS
DNS, .
Active Directory
NetBIOS- DNS-,
.
NetBIOS- SALES.
(FQDN) sales.contoso.com.
NetBIOS- DNS-.
NetBIOS- 16 ,
NetBIOS-. DNS
64 , , DNS- 15
NetBIOS- .

. , NetBIOS- DNS. , ,
.
Active Directory, DNS-,
NetBIOS (. . DNS- 15
). , , DNS, NetBIOS,
. ,
. ,
, .
DNS-
Active Directory DNS ,
,
,
DNS- .
.
DNS-
Active Directory. , Microsoft
. ,
.
, DNS (service
records, SRV). , DNS-
, Windows 2003 Server.
DNS-
Active Directory , Microsoft. ,
, ,
, , , -
, , .
,
DNS-.
Active Directory
DNS-. ,
fabrikam.com.
internal.fabrikam.com.
DNS-.
, Active Directory
.
.
,
DNS-. ,
, ,
.

, ,
. .
, .
, : az, 09
(-). DNS Windows Server 2003
,
DNS.
,
NetBIOS.

.
DNS-, . ,
contoso.com. contoso.com
, ,
contoso.com (, sales.contoso.com).
. ,
(,
microsoft.com , ), .
- .

,
. ( contoso.com
local.contoso.com).

(security principal objects) Active
Directory,
.
( ,
) , . ,
, .
,
:
, ;
, ;
, , , . .
Actiwe Directory
,
.
Unicode-
LDAP, ,
: # , + \ < >.
, ,
:
20 ;
15 ;
63 .
,
, @.
.

. , wjglenn hr.contoso.com
sales.contoso.com. , ,
Active
Directory .

, ,
. ,
.
.
1. ,
, , .
2. DNS NetBIOS?
3. , ,
DNS- proseware.com.
, .
DNS-?
4. , , .
, Keith Harris.
,

kharris. , ,
?
a. .
b. ,
.
c. ,
.
d. Active Directory
.
Active Directory : (distinguished names),

(relative distinguished names),
(user principal names).

: ( ) RID
( RID ).
DNS , Net
BIOS . Active Directory
. NetBIOS- ( ) 15 ,
DNS- 64. ,
( 15 ).
DNS- .
Active Directory
DNS- . Active
Directory DNS-.
, .
Active Directory Fourth

Coffee - .
Windows 98 Windows NT Professional 4.0. Fourth Coffee
,
. ,
Windows Server 2003 Active Directory.
Windows XP Professional. ,
}'.

Fourth Coffee

. Fourth Coffee ,
, .
Fourth Coffee ( ). , Fourth

Coffee ( ) ( ). 5
, ,
.-:: -. -,
.
Active Directory
Northwind
Traders .
, -.
- ,
- .
, northwindtraders.com,
.

- 512-
Frame Relay.
,
, 64 /.
10/100 /.
Windows NT,
, .
, , WAN-
.
. -
.

.

Northwind Traders northwindtraders.com
Fourth Coffee.
northwindtraders.com .
-
-
. , .
- .
- .
.
1.
, ,
.
2. ,
.
, ?
3. , ,
. ,
,
DNS- fourthcoffee.com.
. ?

4. , Active Direc
tory, DNS-? NetBIOS-?
- , ?
,
, .
,
, ,
.
,
DNS.
,
/ -
.
Active Directory : (distinguished names),
(relative distinguished names),
(user principal names).

: ( ) RID
( RID ).
DNS ,
NetBIOS . Active Directory
. NetBIOS- ( ) 15
, DNS- 64. ,
( 15 ).
DNS- .
Active Directory
DNS- . Active
Directory DNS-.
, .

, ,
, , .
OU,
OU (, , ).
,
DNS .

. .
Active Directory
DNS-
Active Directory , Microsoft.
, ,
.

NetBIOS ,
Windows. Active Directory
DNS, NetBIOS , -
.
/ ~ autonomous/isolated. ,
-
,
Active Directory. ,
, ,
.
~ forest root domain ,
Active Directory; . ,
( ),
DNS- .
1.
1. ? ? ?
: Northwind Traders .
. R&D,
.
. , .
2. Northwind Traders .
:
. Northwind Traders
(NWtraders)
. R&D .
R&D
NWtraders
1.
1. :-,
. .
?
,
: ..
1> >
i
> (
); ) ! i
> "- ,
>.
"
WAN- , ^ <
" , )
> i
^
i \ ,
Windows NT 4.0; ) ' ^ i"
^ > < ^
, , , i . .-i
2. i J ^ ->
LTBC
?
:
(Enterprise Admins)
(Schema Admins), ;
; ,
( )
.
3. ?
?
:
DNS.
DNS
.
4. ?
: .
,
.
, ,
.
2.
1. ,
, , .
: ;
, .
;
.
( , ), .
Active Directory
.
ftctiye Directory
2. DNS NetBIOS?
: DNS ,
NetBIOS . NetBIOS-
Windows. DNS-
64 , NetBIOS- 15.
3. , ,
DNS- proseware.com.
, .
DNS-?
: DNS-
proseware.com Active Directory.
proseware.com (
sales.proseware.com).
4. , , .
, Keith Harris.
,

kharris. , ,
?
a. .
b. ,
.
c. ,
.
d. Active Directory
.
: .

1.
, ,
.
: - ,
. , ,
. ,
.
, fourthcoffee.com, -
.
.
,
northwindtraders.
2. ,
.
, ?
: ; ,
.
WAN-
OU, .
:

.
3. , ,
. ,
,
. ?
:
(. 3-7).
LA
fourthcoffee.com
L\ LA LA
nashville.
fourthcoffee.com
. 3-7.
rome.
fourthcoffee.com
houston.
fourthcoffee.com
fourthcoffee.com
4. , Active
Directory, DNS-? NetBIOS-?
- , ?
: fourthcoffee DNS
NetBIOS, 64 15 .
northwindtraders ( 16 )
NetBIOS. DNS- NetBIOS-,
. ,
.
, NetBIOS- northwindtrader.

iOi
1. OU
101
2.
117
3,
126
Active Directory, -
:
(OU).
OU:
OU;
OU, .
:
;
, ,
.
:
;
;
;
.
:
;
;
'' .
:
GPO;
GPO;
;
.

, Active Directory
. ,
.

. ,
.

(OU) .

, .
.

Active Directory - . 1. ,
Active
Directory . 2.
Active Directory (. 3),
, , 3 .
1. 0U

(OU) .
,
. ,
.
, :
S , OU;
S OU
;
S OU;
/ .
- 40 .
0U
1, OU ,
. OU
.
OU :
;
;
;
;
;
;
;
OU.
OU .
DNS, ,
OU. OU
, . , OU
,
.
OU
, ,

. OU , , OU . :
;
;
.
OU
.
OU, ,
, OU,
. OU
.
OU -
, .
, WAN-
, (. 5),
OU , OU
.
0U

OU
, -. OU,
,
Active Directory , OU ,
.
: OU ,
, ,
, OU
. ,
OU, ,
.
OU, ,
(. . ).
OU,
: .
.
,
OU, (. 4-1),
, OU.
OU,
:
;
;
;
;
OU.
/
/.
(Domain!
(Builtin)
(Computers)
, "->
(Domain Controllers)
(Users)
<^>
(Accounts)
- , ^
(User Accounts)
"" * V *
(Admin Accounts)
- **>
(Groups)
. 4-1. OU,
t14
, OU,
, .
1. , ,
( . 2).
2. OU , .
3. OU ,
1.
Apxiiienypas
, ,
, ,
, . :
, ;
;
' ;
.
0U
Active Directory
. ,
OU, ,
OU ,
(,
). ,
, OU, OU
. .
OU ,
,
OU, ,
. OU ,
- ,
U .
. 4-2.
OU
.
OU,
, . ,

, .
. , (
, ,
), -,
. OU
, ;
(. 4-3).
(Builtin)
(Computers)
(Users)
Domain
Admins

(Admin Accounts)
User
Admins
(Groups)
Group
Admins
(Accounts)
**>*
. 4-2.

(User Accounts)
"*~
OU
. ,
, .
,
.
. , , , OU
,
.
OU ,
, , OU, ,
.
OU
, ,
. ,
( ).
OU, ,
.
OU ( OU )
,
. : OU
OU.
, .
/
/
/
(Builtin)
(Computers)
(Users)
~ ^$>,
^f>
* <>,.
. 4-3. OU ,

OU . :
,
.
. OU,
,
. OU
, OU.
, .
, ,
, , OU,
.
OU, OU,

.
0U

.
, , ,
, . ,
OU ,
(List Contents) OU. , , -
-j gy
: , .
. 4-4.
; Domain)
(Builtin)
(Computers)
(Users)
--i<> j
(Users)
< ^Sjj (Hidden)

. 4-4. OU
,
, , -

.
OU,
. OU,
. OU,
, .
OU
3.
,
OU .

.
( , ) .
(Group Policy Object,
108
GPO) , ,
. GPO, , OU.
GPO ,
, OU.
. ,
, GPO, ,
,
, .
, GPO.
GPO OU . GPO OU,
,
.
. GPO OU ,
GPO. GPO,
OU , OU;
, , OU,
GPO.
OU,
,
OU, . ,
OU OU,
, OU OU
, .
OU, ,
.
OU , GPO.
GPO - ,
, .
OU , ,
OU , .
OU,
OU, GPO.
OU
Active Directory OU,
.
(Domain). Active Directory.
, ,
.
.
(Built-in).
, .
(Users).
, .
, .
,
OU . ,
(Users) GPO.
, OU .
(Computers).
, .
(Users), GPO ,
OU.
OU (Domain Controllers).
. OU
.
, -,
, OU. OU
. OU ,
.
,
.
, , OU
OU. OU
. ,
, ,
.

OU , OU.
, OU, , OU
( ).
. ,
OU,
OU,
. , ,
,
( ).
OU .
OU , ,
.
, .
,
, .
, OU,
OU.
0U
OU . ,
, .
OU , OU .
OU:
;
;
11Q
;
, ;
, .
OU, ,
, , . , ,
OU . . Microsoft
Windows Server 2003 Deployment Kit, Microsoft Resource Kit (Micro
soft Press, 2003), Active Directory no http://www.micwsoft. com/technet.

OU (. 4-5)
, .
, ,
.
(Builtin)
(Computers)
(Users)
JS2L
KLf
. 4-5. OU

, :
OU .
, , , ;
-J -J ^
-
;
, ;
OU
.
, :
, ,
, ;
- .
(
) ,
OU , .
5.

OU (. 4-6)
-,
. ,
.
/
/
/
(Domain;
\
\
(Builtin)
(Computers)
(Users)

. 4-6. OU
-
112
, :
-
;
;
, .
.
. -
OU.

OU (. 4-7)
, -,
. , .
(Builtin)
(Computers)
(Users)
__
*y>j
^JSILI
. 4-7. OU
-

.
.
OU,
, , .
"
,

(. 4-8) OU ,
, , OU
, .
I . _ ,'- (Builtin)
1 ..__.
LllSL'
(Computers)
(Users)
Go,I
>J
. 4-8. OU ,

:
;
.
:

;
,
.
114
,

(. 4-9) OU ,
, OU ,
.
/
/
.'Domain)
(Builtin)
(Computers)
(Users)

-
5
. 4-9. OU ,

:

.
, ,
.
. OU
OU Northwind
Traders. ,
.
.
115
Northwind Traders ,
. Northwind Traders
Microsoft Windows NT 4.0 (master domain model).

, , .
,
.
,
.
2000
1000
750
750
500

.
, .
NAwest
AsiaPacific

(R&D)
Glasgow
Corp
j -j g
Northwind Traders ,
.
RDNwtraders.local
NWtraders.local
Glasgow
Asia Pacific
NAeast
R&D
NAwest
Corp
NWTraders

OU
Northwind Traders.
.
nwtraders. local
Corp.nwtraders.local
NAwest.nwtraders.local
NAeast.nwtraders.local
Glasgow. RDNwtraders .local
AsiaPacific. nwtrade rs. local

, ,
. ,
. .
1. OU?
OU ?
2. OU OU ?
3. .
, . ?
4. OU ? ?
OU,
, .
, .
OU , ,
.
,
, .
OU ,
, ,
, OU
.
.
, ,
.
2.

OU
.
, , .
, :
S , Active Directory;
S ;
/ .
- 25 .

Active Directory ,
(security principal),
. ,
.
. ,
Microsoft Windows NT, Windows 2000, Windows XP Windows Server 2003,
.
, .
.
. - Active Directory
. ( )
,
.
. , ,
. ,
,
.
j $ g
InetOrgPerson. InetOrgPerson
, InetOrgPerson
, LDAP (Lightweight
Directory Access Protocol). Active Directory
.
. , Active Directory,
.
. , ,
.

,
, , .

,
(member servers)
, .
OU
, ,
. , ,
,
, ,
.
, ,
. ,
,
, .
, .

, , . ,
DAL-SVR1, , ,
. BPOTTER1, ,
(Barry Potter),
.

,
, , ,
. ,
, .
, ,
.

.

. Active Directory
(Access Control List, ACL),

, .

.
.

, .
,
,
(Computer Management) (Local
Users and Groups). ,
,
Active Directory (Active Directory Users
and Computers) (
Active Directory).
. Active Directory
.
Active Directory
(Active Directory Users and Computers).
,
.

Windows ,
. ,
: (Administrator) (Guest).
,
(Administrators).
,
.
;
(Domain Admins) [
, , (Enterprise
Admins) (Schema Admins)].
, (
).
.
(Guest)
. ,
, ,
. ,
(Guests). , ,
(Domain Guests).
. , ,
120
. ,
/ .

.
.
,
.
(), .
OU,
.
20 ,
, Windows 2000, 20
. . ,
Windows 2000,
: " / \ [ ] : ; | = , + * ? < >.
, ,
,
. ,
,
,
.
.

.
, ,
.
,
.

,
. Windows
Server 2003 ,
. , Windows Server 2003 ,
(Administrator).
, Windows ,
. ,
.
,
, .
.
, ,
24 .
,
.
,
. Microsoft 42
, Windows Server 2003 .
, , ,
.
, .
,
, ,
. Microsoft .
.
, .
.
, .

,
,
. ,
.
.
.
,
.
,
.
, ,
.
. ,
, , ,
.
, ,
.
( ),
. , , ,
, .
, ,
.
(tickets).
, ,
.
, ,
,
. GPO (Default
Domain GPO) 10 ,
. ,
- .
122
,
.

(Run As).
. ,
(Administrators).
OU.
* (Admi
nistrator) (Guest). ,
.

. ,
,

. ,
.
,
.
.
Active Directory
.
.

Windows Server 2003
. Windows .
(security groups).
.
; ,
. , ,
, . Windows
.
(distribution groups).
, Windows, , .

. .

, Active Directory
: ,
.
,
. :

, ;
Windows
2000 Windows Server 2003 (. . Windows 2000
2003), , ,
;

.

,
(
).
:

;
Windows 2000 Windows Server 2003,

.

.
:
, Windows
2000 Windows Server 2003;
;

;
,
;

.
. 4-1 ,
, .
. 4-1.
,
,
Windows 2000
Windows Server 2003
,
,

(G)
(DL)
,

;

(U) ,

,

,

124

Active Directory (. . ).
. ,
(. 4-10).
( Dallas Junior Admins).
Junior Admins
.
,
.
,
. , .
, .
. 4-10.

,
.

, .
, :
;
64 ;
,
Windows 2000. : " / \ [ ] :; ] =
, + *?<>;
, Windows .

,
. ,
.
-f 2 5
.
.

. .
, ,
,
. .
,
.
, . ,
Executives ( ).
.
.
. .

.
, ,
.
.
.
1. .
2. .
3. .
4. .
, Microsoft,
: AGUDLP. (accounts, A)
(global groups, G),
(universal groups, U), (domain local groups, DL),
(permissions, P).
All Good Users Do Love Permissions (
).
.

,
. ,
( ) ,
. ,
; .
1. ?
2. ?
3. ?

, ,
. ,
. .
1. Active Directory Windows
Server 2003?
2. .
?
3. ?
Windows Server 2003 Active Directory :

, , , InetOrgPerson.
, ,
.
,
Active Directory.

.

, .
, .
, Active Directory
.
, .
, ,
, ,
, .
3.

,
. ,
.
Windows Server 2003
.
, :
S , ;
S , (GPO);
S .
40 .
-{27

,
, , OU Active Directory.

(Group Policy Object, GPO).
Windows 2000, Windows Windows Server
2003 ( , Active Directory )
GPO, , .
Active Directory,
GPO, .
.
(Computer Configuration)
, ,
.
(User Configuration)
, ,
.
( ),
: (Software Settings), Windows (Windows
Settings) (Administrative Templates).

(Software Settings) ,
,
.
Windows 2000 Professional, Windows 2000 Server, Windows Professional, Windows
XP 64-Bit Edition Windows Server 2003 . ,
,
.
.
Windows (Windows Installer service) ,

Win
dows (Windows Installer packages) (. ).
Windows (Windows Installer Packages)

, Windows Installer ,
. Windows Installer Package
msi.
Windows Installer .
,
.
:
(publishing) (assigning).
, , (Start)
. (advertising)
. ( ,
), . -
128
,
.
, ,
, .
.
(Add/Remove Programs)
(Control Panel) , ,
.
Windows
Windows (Windows Settings)
, Windows.
(Scripts).
, .
,
.
ActiveX, VBScript, JScript, Perl,
MS-DOS .
(Security Settings). ,
.
Internet Explorer (Internet Explorer Maintenance).
. Internet Explorer
.
(Remote Installation Services, RIS). RIS

.
. .
(Folder Redirection).
.
Windows [ (My Documents), (Start Menu)
Application Data], .
.

(Administrative Templates),
, ,
. . 4-2.
. 4-2.

(Control Panel)

(Desktop)
3
. 4-2.
-|29
()
(Network)

(Offline Files)

(Network and Dial-Up Connections)
(Printers)
(Start
Menu and Taskbar)
(System)
/ (
), /
( )

Windows X
(Windows Components)
Windows
(Windows Explorer), Internet Explorer
Windows Installer
GPO
GPO, ,
, , GPO
. GPO .
GPO GPO
, GPO.
GPO GPO, ,
. , , ,
, .
GPO, ,
GPO.
GPO GPO, ,
, . ,
, ,
, .
GPO, , ,
.
GPO OU GPO, OU,
. , OU,
, /,
. OU.
GPO, OU,
Active Directory, OU,
.. OU GPO, ,
, .
130
,
GPO, , GPO, GPO,
Active Directory. GPO Active Directory
(),
() , , (OU).

. ,
. , GPO ,
, . ,
,
, , , .
GPO ,
, . ,
OU , OU
, .
, ,
, .
(General) GPO
, GPO.
.
, ,
. ,
, .
, .
,
.
(No Override). GPO ,
, , GPO,
GPO, . ,
.
(Block Policy Inheritance).
GPO,
. ,
, .
,
.
, OU,
, ,
.
-jg-j
, ~ . , :
GPO, GPO , OU. ,
, GPO ,
. GPO , OU.
GPO
,
, , GPO OU, 500 20 ,
, .
,
.
" : (Read) ( : ,
) (Apply Group Policy),
.
, , .
GPO
GPO,
, OU. GPO
, GPO OU.
GPO
GPO, ,
. , GPO
. GPO
. , ,
,
. GPO
.
GFO
GPO ,
GPO OU, .
GPO .
,
, , GPO .
, , ,
.
GPO, .
132
GPO 0U
GPO OU,
. OU ,
,
. , OU .
OU, OU
OU.

(Users) (Computers) .
GPO . ,
GPO, ,
,
OU, GPO.
,
. redirusr.exe ,
redircomp.exe . OU,
, OU,
GPO. , OU
New Users, OU GPO ,
OU New Users.
, GPO.

.
%windir%\system32 ,
324949 Redirecting the Users and Computers Containers in Windows Server 2003 Domains
Microsoft Knowledge Base http:/support.microsoft.com.
GPO

.
,
. , , ,
, , GPO.

, GPO,
. ,
, ,
, OU. ,
, OU
.
-jgg
, , OU,
.
, , ,
.
, OU, OU OU
OU.
,
OU.
, , ,
, ,
GPO.
GPO, :
GPO, ,
;
GPO, ,
;
GPO, OU,
OU.
,

Active Directory.
.
Windows 95/98/ .
Windows NT 4.0 .
Windows 2000 Professional Server
, Windows Server 2003, .
.
Windows XP Professional, Windows XP 64-bit Edition Windows Server 2003
.
, Windows 2000 Professional
, Windows Server 2003, Micro
soft Windows Server 2003 Deployment Kit (Microsoft Press, 2003).
.

(OU)
Northwind Traders.
,
. .
134
Northwind Traders Active Directory.

OU. .
OU
Nwtraders.local
HQ Management
Finance
IT
NAwest.nwtraders. local
Sales
Marketing
IT
NAeast. nwtraders. local
Customer Service
Customer Support
Training
Glasgow.RDNwtraders.local
Development
Sustained Engineering
IT
AsiaPacific.nwtraders.local
Research
Consulting
Production
,
, .

,

.
,
.

IPSec

,
.

,

, ,

()
,
,
IPSec.

,
.
, ,

, OU ,
. .
1. OU ?
2. ?

, ,
. ,
. .
1. ?
?
2. GPO ? ,
GPO Active Directory?
3. GPO, OU,
. , , GPO,
, OU, .
?

. ,
,
Windows , ,
(Administrative Templates).
,
. GPO
, OU. GPO, -
138
. GPO
OU.
OU GPO.
: ,
GPO, , .
, GPO, ,
(No Override),
GPO, .
GPO
.
Humongous
Insurance, .

Windows Server 2003 Enterprise Edition.
Windows NT Professional 4.0, Windows 2000 Professional Windows XP
Professional. Humongous Insurance ,
OU, .

Humongous Insurance
,
.
Humongous Insurance - (
). , Humongous Insurance
( -) ( ).
, .
-,
. -
, . , -
- .

, - 1-
Frame Relay.
.
humongousinsurance.com.
, - ,
.
WAN-.
-j^j
-
- - .
, . -
. - .
- - ,
. , ,
. ,
,
. .
, 12 .
5 ,
, .
, - ,
,
. ,
. ,
.
, .
1. OU , .
?
2. ,
?
?
3.
? ?
4.
?
OU,
, .
, .
OU , ,
.
,
, .
OU ,
, , -
138
, OU
.
.
, ,
.
Windows Server 2003 Active Directory :
, , , InetOrgPerson.
, ,
.
,
Active Directory.

.

, .
, .
, Active Directory
.
, .
, ,
, ,
, .

. ,
,
Windows , ,
(Administrative Templates).
,
.
GPO , OU. GPO,
. GPO
OU.
OU GPO.
: ,
GPO, , .
, GPO, ,
(No Override),
GPO, .
GPO .

, ,
, , .
OU,
. OU
,
.
, AGUDLP.
(accounts, ) (global groups, G),
(universal groups, U),
(domain local groups, DL), (permissions, P).
GPO, ,
, GPO Active Directory. GPO
: , GPO , GPO , GPO OU.
, , GPO ,
. GPO ,
OU.

OU ~ OU model
(OU): 1) , 2) , 3)
, 4) ,
5) , .
- account Windows Server 2003
: ( ),
( Active Directory),
( ,
), ( ,
) InetOrgPerson (
; , LDAP).
~ Group Policy Windows
. ,
(GPO), GPO , OU.
140
1.
QU
Northwind Traders. .
nwtraders.local
HQ Management ( -)
Finance ( )
IT (-)
Sales ( )
Marketing ( )
IT (-)
Customer Service ( )
Customer Support ( )
Training ( )
Research ( )
Development ( )
Sustained Engineering ( )
IT (-)
Consulting ( )
Production ( )
1.
1. OU?
OU ?
: OU
,
. OU
.
2. OU OU ?
: OU, ,
, OU.
OU, ,
, , ,
.
3. .
, . ?
: Users OU,
GPO . OU,
, GPO OU.
4. OU ?
?
:
, -,
, OU .
,
,
-
.
2.
1. Active Directory Windows Server
2003?
: , , ,
InetOrgPerson.
2. .
?
: 24
. , , .
( Microsoft) 42 .

, , .

, .
3. ?
: ,
, .
.
3.
1. OU ?
: ,
, OTJ.
, .
OU HQ Management OU Laptops ( ).
OU ,
.
NAwest OU LaptopComputers,
.
OU Customer Support OTJ CallCenter (
). OTJ
.
.
Glasgow OU ComputerAccounts (
) redircmp.exe ,
OU.
142
2. ?
: -
, .
-.
3.
1. ?
?
:
, Active Directory.
, Windows
(Administrative
Templates).
2. GPO ? ,
GPO Active Directory?
: GPO ,
GPO Active Directory. GPO, ,
GPO, , , , GPO, OU.
, . GPO
, GPO, .
GPO, ,
.
3. GPO, OU,
. , , GPO,
, OU, .
?
: . OU
OU OTJ .
, GPO, GPO
. OU
GPO, GPO .

1. OU , .
?
:
OU , , OU,
. :
,
, .

,
.
2. ,
?
?
143
: ,
(Maximum Password Age)
30 , (Enforce
Password History) 12 .
,
. ,
,
. ,
, ,
(ticket expiration policy).
3.
? ?
: .
, .
SRV.
( ).
, ,
. , SRV-DAL-EXCH
, , Exchange
Server.
4.
?
: ,
. ,
.
1 .
145
2.
151
3.
161
4.
170

Active Directory -
:
Active Directory.
Active Directory:
;
.
Active Directory:

;
;
.
Active Directory:
,
Active Directory.

3 4 Active
Directory. ,
(OU), . ,
, .

WAN-,
.
,
. , ,
. ,
, . , ,
Windows.

Active
Directory, 1. ,
Active
Directory ( . 2).
.
1.
, . .
.
, ,
.
, :
S , ,
WAN-;
S ;
S , .
- 20 .

1, ,
IP-,
. IP-,
, , (. 5-1).
WAN-.
Active Directory
( , OU) .
Active Directory.
, ,
, (. 5-2).
Active Directory. ,
, ,
OU, .
DNS (Domain Name System),
DNS-.
Active Directory ,
Default-FirstSite-Name, .
146
. 5-1.
. 5-2.
: , , (site links),
.
, WAN-. ,
:
;
;
(Distributed File System, DFS);
(File Replication Service, FRS).

, Microsoft Windows 2000 Microsoft
Windows XP , ,
. IP- ,
, . ,
.
, .
, ,
WAN-. ,
, ,
, ,
. DNS (SRV)
,
.

Active Directory (multimaster
replication). Active Directory .
, Active Directory ,
, .
.
, , ,
( );
, .
, ,
. ,
,
(
).
.

, ,
, .
, , .
3 , .
DFS
DFS (Distributed File System) ,
,
. DFS ,
, , .
, DFS, ,
, Active Directory
, . DFS
, ,
. DFS ,
, DFS ,
Active Directory, , ,
DFS, .
DFS Windows Server 2003
Simplifying Infrastructure Complexity with Windows Distributed File System
http:/www. microsoft.com/windowsserver2003/techinfo/overview/dfs.mspx.
FRS
SYSVOL
( System Volume). Active Directory SYSVOL
, . SYSVOL
GPO, ,
, , . FRS (File Replication Service)
Windows Server 2003, ,
SYSVOL, . ,
SYSVOL, FRS .
FRS, Windows Server 2003,
Technical Overview of Windows Server 2003 File Services http://www.mkrosoft.com/windowsserver2003/techinfo/overview/file.mspx.

,
(. 2). ,
:
;
(LAN) ;
TCP/IP- ;
WAN-,
.
,
Active Directory ,
. DNS Active Directory.
, .
,
, , LAN.
.
, .
,
.
LAN LAN,
( ). , , LAN
. ,

, ,
, .
,
.
2.
, ,
, . , -
|4
, DFS,
, DFS-.
, ,
. ,
512 / 3 /.
10
/. , LAN.
LAN, WAN-,
LAN.
,

. ,
, , ,
. IP-
, . ,
,
. ,
(
) . ,
, ,
.
,
(. 5-3).
.
.
f
145
X
\
256 /
60%
1
I
192.168.1.0
\-/
1,5 /
45%
245 ^
/
=; ^
yS
/
192.16 8.3.0
7 5
X
N
/
1
I
192.168.2.0
256
30%
256 /
40%
f
65
>i
/
1
192.168,40
\
V
. 5-3. ,

150
. -, Active Directory.
,
.
, . IP- , ,
- Active Directory, .

,
.
( ).
.
.

.
: IP-,
.
.

, ,
. ,
.
.
1. ,
, -.
512 /. ?
2. ?
3. , ?
,
, Active Directory, DFS (Distributed
File System) FRS (File Replication Service).
,
,
, TCP/IP-
.
LAN ( LAN,
), ,
, , , .
2.
,

. ,
, Windows Server 2003
. , ,
,
.
, :
S
S
S
S
S
, , ;
;
;
;
.
30 .

,
, Active Directory.

. :
;
, ;
.
,
,
.
, , ,
. , , , ,
,
. , ,
, .
, ,
.
,
, , ,
,
WAN-.
152
, WAN-
, . WAN-
,
,
.
, ,
,
. ,
, ,
, ,
WAN-.
(hub site), . .
,
, ,
.
, ,
, -
,
WAN-.
, .
. ,
, ,
. ,
- ,
.
.
,
.

,
.
, , ,
, . ,
,
.
1000 ,
.
1000 10 000 ,
.
5000
. , 20 000 ,
.
, , ,
, .
, 15 , -
| gg
, ,
.
,
, ,
, . ,
,
. ,
, ,
. ,
.

, ,
.
. ,
(Enterprise Admins) (Schema Admins)
.
,

(. . ),
(shortcut trusts) .
, ,

.
, WAN- .

,
.
. (operations masters)
, ,
, ,
, .
.

(Schema Master).

. ,
, Active Directory.
, , , ,
,
[. . (DC),
] (Schema
154
Admins). DC, , ,
, DC.
(Domain Naming Master).

.
. ,
;
. ,
:
. . , ,
, .
.
( ,
)
,
.
,
,
, .

[Primary Domain Controller (PDC) Emulator]
Windows NT 4.0 PDC ,
Windows Server 2003. PDC
. , PDC
, .
RID [Relative Identifier (RID) Master]
(RID) .
. SID Windows Server 2003 .
; SID
RID.
, .
(Infrastructure Master) ,
.
,
.
.
, , .
,
,
. , ,
, .
,
, ,
.
15

, .
~ , .
, .
. :
, , ,
.
,
' ), . ,
.
, ,
.

,
Active Directory,
, .
.
,
, .
Active Directory .
. , ,
. .
, .
. , -
Active Directory. .
, .
. ,
. ,
.
,
,
, . . ,
,
.
-
,
.
. ,
,
.
.
, ,
, .
, (user
prinipal name, UPN) user@domain.com,
. ,
jgg
, . ,
, , - ,
WAN-.
Windows Server 2003
. ,

, .
,
.
, ,
. ,

.

, .
.

, .

,
.
,
, . Microsoft
.
,
, , .

, . ,
.
,
.

.
100 ,
, , WAN-
.
.
,
.
.
,
, Active Directory.

WAN-.
-| g j

, .
, ,
,
, ,
, .
, ,
, .
,
,
.

, , ,
. ,
, , ,
.
500, Windows
Server 2003 850 .
500 1500,
Windows Server 2003
850 .
1500, Windows
Server 2003 850 .
,
,
.
.
.
, 1,6
850 , 3 850 .

,
.
, , , , .
, .

,
.
, .
-j g j

, .
, ,
,
, ,
, .
, ,
, .
,
,
.

, , ,
. ,
, , ,
..
500, Windows
Server 2003 850 .
500 1500,
Windows Server 2003
850 .
1500, Windows
Server 2003 850 .
,
,
.
.
.
, 1,6
350 , 3 850 .

,
.
, , , , .
, .

,
.
, .
158
, Active Directory (NTDS.dit),

1000 400 .
, DNS.
, Active Directory,
500 .
, SYSVOL, 500 .
, Windows Server 2003,
2 .
,
,
, .
,
. , ,

50% .

,
, .
, .
500, 512 .
500 1000,
1 .
1000, 2 .
Microsoft Active Directory Sizer Tool,

,
Active Directory.
http://www.microsoft.com/windows2000/downloads/tools/sizer/default.asp.
Windows 2000,
.

Northwind Traders.
, .
.
Northwind Traders ,
. Northwind Traders
.

, , .
,
.
Northwind .
-, ,
, Active
Directory. ,
. ,
.
,
.
DCOM- (Distributed Component Object Model), .

.

.
1. ? ?
.
Nwtraders .local
AsiaPacific. nwtraders .local
RDNwtraders.local
160
2. ?
?
.

Nwtraders.local

RDNwtraders.local

(/)

, ,
. ,
. .
1. ?
, ?
2. , .
15 000 .
. ?
3.
?

WAN- .
,
, , ,
, , .
1000, .
1000 10 000, .
5000 10 000
. 1000
, .

. :
,
.
Active
Directory,
. Active Director,
, , .
jg-j

, .
, ,
.
3.
Active Directory ,
. ,
WAN-
. ,
.
, :
S , Active Directory
;
S ,
- ( );
S .
25 .

,
Active Directory. ,
,
.

Active Directory ,

.
( ) (
, ) -.

. , , ,
, . ,
, ,
. , , - .
.
.
, , , WAN- ( -
162
,
). , ,
, / . ,
,
. , ,
. , - , ,
.
, ,
Directory Services Guide,
Microsoft Windows Server 2003 Resource Kit (Microsoft Press, 2003).

WAN-. ,
LAN LAN . LAN
WAN-. ,

, WAN- .
, :
LAN, LAN.
,

, .
Active Directory.
: RPC (Remote Procedure Call) SMTP (Simple Mail Transfer Protocol).

. RPC
Active Directory,
.
SMTP ,
( RPC).
SMTP
(domain partition information) DC, . SMTP
,
(
RPC). SMTP
.

-.
- NTDS Settings,
, NTDS Settings ,
, -
. , .
Knowledge Consistency Checker (KCC)
- .
- .
(. . -
) . ,
,
.
, , Directory
Services Guide, Windows Server 2003 Resource Kit (Microsoft Press, 2003).

(site link) Active Directory,
.
. :
( WAN-)
. ,
(IP SMTP), .
, , .
, ,
, ,
.

. , ,
, WAN-
,
. ,
WAN-, ,
.
,
, ,
.
WAN-, .

(. 5-4). ,
, , .
,
, , :
;
;

.
184
. 5-4.
,
, . ,
, .
(site-link bridges) ,
. ,
.
, . . 5-5
,
. ,
,
. ,
.
. ,
,
. , ,
,
.
.
I I
V
J
%. ^S
1
^"*^
f
\
\
^
I
00
\,_
~~~-J I
. 5-5. ,

( ).
,
: (-
WAN- )
.

, ,
. 100.
, (
, Domain Controller Locator)
.
. , . 5-6.

D, ,
(600) , (1000).
. 5-6.

. . 5-1 ,
.
. 5-1.

(/)
9,6
1042
19,2
798
38,4
644
56
586
64
567
128
486
256
425
512
378
1024
340
2048
309
4096
283
166

, . . ,
. ,
, ,
, , ,
WAN- . :

WAN-, ,
, .
,
,
.
,
. ,
. 180
, . . (
, ). ,
.
, WAN-,
.

Active Directory IP
DEFAULTIPSITELINK. ,
. SMTP .
.
, .
, ,
, , , . ,
.
,
.
RPC IP
,
SMTP.
-

- (bridgehead servers),
.
, (. 5-7). ,
( )
, . ,
, -
.
. 5-7.
, ,
,
, .
, -.
Windows Server 2003 Resource Kit Active Directory Load
Balancing (ADLB),
- (,
).
.

Northwind Trad
ers. ,
. .
Northwind Traders ,
. Northwind Traders

, ,
. ,
.
,
.

2000
(. . .)
168
()
1000
750
750
500

. -
. - -
-. -

, ,
- -
(research and development, R&D). Ton-
R&D.

. , - VPN-
.
(-)
4 w
" - " " i

lk

Northwind Traders.
Dual
( )
Fractional El
El
34,368 /
10 /
768 /
2,048 /
1,5 /
128 /
32 /
384 /
1,544 /
56 /

, .
1. Northwind Traders,
, . ,
. , ,
.
2. ? ,
- ?

, ,
. ,
. .
1. WAN-,
?
2. , .
3. ,
.
.

.
.
- ( ),
, ,
.
Knowledge Consistency Checker ()
-, ,
.
Active Directory,
.
. , ,
. , ,
.
100.
.
, ,
, .
4.
Active Directory
Microsoft Windows NT 4 Windows 2000, ,
2,
, .
, Windows NT 4 Windows 2000 Windows Server 2003.
, :
S Windows NT 4;
/ Windows 2000.
10 .
Windows NT 4
Windows NT 4 Windows Server 2003 .
, , Windows NT 4
. Windows NT 4
.
Windows NT 4 .
. , Windows NT 4
, Windows Server
2003
(OU).
, Windows NT 4
Windows Server 2003 :
.
,
. ,
Windows NT 4, ,
( , ) Windows Server 2003.
, OU
.

. . ,
.
.
-jy^

.
,
.
Windows 2000
Windows 2000,
, Windows NT 4. Active Directory,
Windows Server 2003, Windows 2000,
:
, ,
.
, ,
,
.
, , , .
Windows 2000 , ,
, - , Windows Server 2003,
, Windows
Server 2003. .
, . 1.
Windows 2000 Windows Server 2003
Windows Server 2003
Adprep.exe (Active Directory Preparation),
\I386 - Windows Server 2003.
: ,
Active Directory
.
.
Microsoft Windows Server 2003
Deployment Kit (Microsoft Press, 2003).

, ,
. ,
.
.
1. Windows NT 4 Windows Server 2003
?
,
?
3. Windows 2000 Windows Server 2003
?
7 . 312
, Windows NT 4
, ,

.
Windows NT 4 Windows Server 2003
, ,
: ,
,
,
.

.
Contoso Ltd.,
, .
Windows 98 Windows 2000 Professional.
Contoso . ,
Windows Server 2003
Active Directory.

Contoso
, -
(Internet Service Providers, ISP). Contoso
Trey Research ,
.
1900
-. , Contoso
() - ().
- 185 , -. -
173
35 , - . }, .
, .
-,
.
(Trey Research) .
215 ,
-,
. .

- 512- , 256- .
(backbone) 155- ATM.
10/100- .
10/100- .
, - ,
.

, .
contoso.com, , -
. ,
treyresearch.com, .

.
, ,
, .
, -
. .
-
- .
- -.
- .
, .
1. ? .
2.
?
3. ?
4. ?
|74
,
, Active Directory, DFS (Distributed
File System) FRS (File Replication Service).
,
,
, TCP/IP-
.
LAN ( LAN,
), ,
, , , .

WAN- .
,
, , ,
, , .
1000, .
1000 10 000, .
5000 10 000
. 1000
, .

. :
,
.
Active
Directory,
. Active Director,
, , .

, .
, ,
.
.
s
.
.
- ( ),
,
.
Knowledge Consistency Checker (KCC)
-, , ~>
.
Active Directory, ;. . :-;
. , , :-:
-j j g
. , ,
.
100.
.
, ,
, .
, Windows NT 4
, ,

.
Windows NT 4 Windows Server 2003
, ,
: ,
,
,
.

.

, ,
, , .
WAN-,
, , DFS (Distributed File System)
FRS (File Replication Service). LAN
LAN, (10 / ).
,
. ,
, , .
,
, WAN-
, , , .
, 1000 ,
, 1000 10 000, 5000
10 000 .

,
.
, ,
. Microsoft
.

. ,
, .
:
-, ,
, .

Knowledge Consistency Checker Windows-,
, -.
~ site-link transitivity . , , ,
. ,
, .
- operations masters
.
( , RID
) (
).
1.
1. ,
, -.
512 /. ?
: .
,
10 / .
2. ?
: ,
, Active Directory, DFS FRS.
3. , ?
: LAN LAN,
( ).
, . ,
, , ,
, ,
WAN- ( ).
2.
1. ? ? ;
.
Nwtraders.local
-
1
NAeastnwtraders.local
Co.nwtraders.local
RDNwtraders.local
Glasgow. RDNwtraders .local
.
,
, . ,
corp.nwtraders.local:

. ,
(nwtraders.local).
RDNwtraders.local
Glasgow.RDNwtraders.local.
, Active Directory. ,
corp.nwtraders.local,
, , .
,
,
corp.nwtraders.local, , ,
, WAN-.
?
?
.

Nwtraders.local

RDNwtraders.local

(/)
: ,
, nwtraders.local.
,
- Active
Directory.
Jg
2.
1. ?
, ?
: ,
, .
WAN- ,
. ,
, WAN.
, ,
, (
) .
2. , .
15 000 .
. ?
: .
1000 10 000, .
5000 10 000 .
3.
?
:
.
,
.
, ,
.
3.
1. Northwind Traders,
, . ,
. , ,
.
: WAN- VPN. 64 /,
,
8 5 ,
.
(Greenwich Mean Time, GMT). , ,
.
2. ? , ;:
- ?
: .
,
WAN- .
.
179
3.
'-. WAN-,
?
: WAN-
, .
2. , .
:
. .
.
. - (
).
, .
3. ,
.
: ,
, .
.
:
.
4.
?
: , Windows Server 2003 ,
,
(OU),
.
,
?
: ,
, 1) , 2)
, 3)
, 4)
.
3. Windows 2000 Windows Server 2003
?
: , .
.
Windows Server 2003, ,
, .

1. ? .
: :
, - . ,
, : 1)
, , WAN-
, 2) -,
, 3) .
2.
?
: 1.
,
, . ,
,
.
3. ?
: -
- .
4. ?
:
,
. , 35
, , .
,
, .
DNS
1 . DNS
182
2. DNS-
188
3. DNS
199
4. DNS
202
, -
:
DNS.
DNS Active Directory:

DNS;
.
DNS-:
;
DNS Active Directory, WINS
DHCP;
;
DNS.
DNS Berkeley Internet

Name Domain (BIND) UNIX Active Directory.
DNS:
DNS;
DNS-;
DNS.
DNS.
DNS
(Domain Name System

DNS)
, ,
, , ,
. . (. 2). DNS
, .

DNS WINS, DHCP Active Directory.
DNS, ,
. DNS UNIX,
BIND- DNS Active Directory.
DNS.
DNS,
DNS .

,
1, ,
2.
1.
DNS
, ,

DNS. DNS, ,
DNS .

. 2,
.
DNS.
, :
S DNS;
S DNS-
;
S .
20 .
DNS
IP-,
. www.microsoft.com, -
DNS
172.16.45.67. (Fully Qualified

Domain Name, FQDN), -
() IP-. DNS. 1,
.
, .
DNS

, .
DNS .
, , . .
,
, DNS.
DNS,
, DNS. , DNS . ,
, . . 6-1
, DNS- .
. 6-1.
DNS
SOA (Start of Authority)
NS (Name Server)

DNS-,
A (host)
FQDN, IP-
PTR (Pointer Record)
IP , FQDN
CNAME (Canonical name)

FQDN
MX (Mail Exchange)

,
DNS
SRV (Service)
,
, ,
, Web- . .
DNS
(zone) DNS, DNS-cep .
. . ,
DNS- contoso.com, Contoso,
, ,
ftp.contoso.com, www.contoso.com, marketing.contoso.com . .
184
DNS

(. 6-1).
(Primary zone) DNS,
.
(Secondary zone) DNS,
.
.
, Active Directory (Active Director}' integrated zone)
, Active Directory.
- (Stub zone) , ,
DNS-.
DNS .
Active Directory
Active Directory
,
Active Directory
-,
Active Directory
. 6-1.
,
DNS .

DNS-,
DNS-.
(Incremental Zone Transfer, IXFR)
.
, .
(Full Zone Transfer, AXFR) DNS
DNS- .
WAN-,
,
.
(Fast zone transfer)
.
BUS
DNS
, DNS
.
DNS-
DNS- .
; 4.
DNS-,
, .
DNS-.
, ;
,
, DNS-.
, . ,
DNS-.

(, ).

.

Active Directory, ,
. ,
contoso.com,
Active Directory sales.contoso.com? DNS
. 6-2 6-3, ,
2,
DNS.
Active Directory: contoso.com ( )

DNS: contoso.com ( )
. 6-2. DNS
186
DNS
*g 3oHaext-contoso.com
Active Directory: contoso.com ( )

DNS: ext-contoso.com ( )
. 6-3. DNS
Active
Directory DNS: , ,

2.

DNS .
Active Directory ?
DNS-?
? DNS ;
,
DNS.
? ,
; ,
, .

, DNS-
.
DNS- .
.
Active Directory
DNS?
: Active Directory
?
: AXFR, IXFR
?
DMS
-| g y
DNS- , (
, )?
DNS-, , , ?
,
.
BIND Windows- DNS

-,
DNS DNS.
DNS, ,
. DNS
BIND Microsoft Windows Server 2003,
: DNS.
DNS
,
, Active Directory
BIND DNS ( , , 2);
.

, ,
. ,
. .
1. ?
2. Active Directory
?
3.
DNS-,
. ?
DNS ,

Active Directory.
DNS,
. DNS , , ,
, DNS-.
DNS-
.

; DNS Windows Server 2003 :"
(IXFR), (AXFR) .
188
DNS
2.
DNS-
, , DNS,
.
DNS, Active Directory, UNIX, BIND DNS, , DHCP
WINS. , ,
, DNS
.
, :
/ ;
/ DNS Active Directory,
WINS DHCP;
S ;
" DNS;
V DNS UNIX BIND
Active Directory.
- 40 .

2 , Active
Directory, DNS.
, Active Directory.
DNS
Active Directory .
DNS
DNS
Active Directory, DNS.
.

?
? (
contoso.com.)
DNS-: ()
?
DNS Active Directory ?

DNS,
(. 6-2).
2
. 6-2.
DNS-
-jgg
, Microsoft
edu
gov
mil
,
(Defense Data Network, DDN)
net
,
(National Science Foundation, NSF)
, Center for Networked Information Discovery
and Retrieval (CNIDR)
org
contoso.com.
, ,
. ,
namerica.contoso.com,
: sales.namerica.contoso.com.
DNS Active Directory

DNS,
Active Directory, .
, Active Directory ,
DNS.
Active Directory DNS-. Active Directory
DNS- ,
(, contoso.com), ,

.
:
(LAN) ( ).
, ,
, ;
,
-. DNS.

;
: , , ,
DHCP DNS;
, DNS-.
DNS Active Directory, WINS DHCP

DNS-
.
, Active Directory
; DHCP
IP- ,
DNS
DNS .
WINS, DNS
NetBIOS- WINS-. Active Directory.
Active Directory
. Active Directory
DNS- (DNS Server), ,
.
Active Directory
(Domain Controller)
DNS-, ,
DNS-. , DNS-
Active Directory.
DNS,
DNS.
, DNS
Active Directory
DNS-. Active Di
rectory .
, DNS-,
.
, DNS DNS-, . ,
DNS- DNS,
DNS-
( ). DNS, Active Directory,
- Active Directory
.
Active Directory ( .
), (Access Control Lists, ACLs)
DNS, Active Directory. ,
ACL ,
, ,
.

.
DNS, Active Directory, ,
,
.
DNS- Active Directory,
.
DNS,
, ;
( ),
.
DNS-
-jg^
, DNS Active Directory

;
DNS DHCP.
DNS DHCP

PTR , ,
,
.
DHCP Windows Server 2003 DHCP-,
DHCP- DNS-,
. , DHCP
PTR DHCP-, DHCP- FQDN
DNS. Windows Server 2003
DHCP- :
PTR ;
DNS- PTR ;
DNS;
* DNS
;
DNS.
DHCP- Windows Server 2003 Windows 2000
:
DNS-, , DHCP-.
DHCP , DNS-
PTR .
DHCP
; DNS WINS.
WINS
DNS- NetBIOS, WINS. DNS
DNS, a WINS NetBIOS. DNS
NetBIOS (
DNS), Windows Server 2003
, WINS-:
a WINS;
WINS (WINS-R).
WINS
WINS DNS WINS
NetBIOS- -, DNS-.
, DNS-
.sales.contoso.com (. 6-4), .
192
DNS
1. DNS- IP- .
2. , DNS-
DNS-, DNS-,
sales.contoso.com.
3. DNS-
(. 6-4).
4. DNS-,
, WINS,
FQDN - ( , )
NetBIOS- WINS-.
5. WINS- , IP- DNS-.
6. DNS- WINS- IP-
DNS-, .
7. DNS- .
DNS-
DNS-
DNS-
DNS-

WINS
WINS-
. 6-4. WINS DNS

WINS
WINS-R ,
WINS. , -
IP-. WINS IP-,
, IP- WINS-, -;
DNS- IP-,
DNS. DNS-
NetBIOS- , DNS NetBIOS-
.

1 Windows Server 2003,

.
DNS-

UNIX,
DNS. DNS
DNS-. DNS-
, (zone transfer).
DNS- DNS-. DNS ,
.
, DNS- :
;
;
DNS- DNS- ;
.
, Active Directory
, Active
Directory, DNS. DNS
Active Directory, .
, Active Directory
, ,
3.
, Active Directory.
:
DNS-, Active Directory;
DNS- Active Directory ( );
Active Directory;
, .

, - Active Directory
.
, DNS-.
Active Directory, ,
Active Directory, :

(discretionary access control list,
DACL);
;
DNS.
DNS
,
DNS.
DNS- ,
. DNS Windows Server 2003
DNS
, .
DNS .
,
, ;
, . , ,
,
,
. ,
!

,
; . Windows Server 2003
http://www.microsoft.com/technet/ security/prodtech/windows/win2003.
DNS:
(footprinting)
, whois, nslookup axfr (
;
, ,
, );
(denial-of-service, DoS)
.
ping of death, ping
,
. DoS- DNS-
, .
(redirection) ,
DNS-, , .
DNS- DNS-,
, .
,
.
, DNS , ,
.
DNS
DNS.
DNS-
. DNS-
, DNS-.
, DNS DNS-.

DNS, , UDP TCP
53 DNS-.
DoS- DNS-,
IP-, DNS-, DNS-, -
DNS-
DNS-,
,
DNS- (cache pollution),
(Secure Cache Against
Pollution),
.
DNS-, , DACL
DNS-. DACL
DNS-,
.
DNS,
DNS-,
. ,
, IP ,
.
DNS- Windows Server 2003,
NTFS, FAT FAT32.
DNS , Active
Directory, .
, DNS-,
(
), .
, , ,
, (-
), .
, DNS,
.

, DNS DNS-
; ,
(WAN),
?
.
, , :
IP- (IPSec);
(VPN);
Active Directory
IPSec VPN.
,
, 3DES ( -). :
, ,
. , ,
, ,
. ,
.
196
BUS
, Active Directory,
DNS- .
BIND UNIX
1,
Microsoft- DNS. , Active
Directory Windows Server 2003 DNS BIND.
DNS- BIND, DNS-, , ,
Microsoft- DNS,
: BIND DNS Windows NT. Windows 2003
DNS DNS-, :

.
BIND, Microsoft
DNS Windows Server 2003
DNS Windows Server 2003 DNS
BIND:
BIND 4.9.7;
BIND 8.1;
BIND 8.2;
BIND 9.1.0.
DNS.
Windows Server 2003
DNS-
DNS-, . BIND DNS, , , DNS
Active Directory. :
DNS- BIND 8.1.2 ;
, DNS BIND
SRV ( ). , _http._tcp.contoso.com IK
SRV 0 0 80 Web- webserver.contoso.com;
, DNS BIND
, RFC 2136; ,
. DNS
BIND SRV :
Active Directory.
BIND
DNS- Windows Server 2003
: ,
.
, .
DNS-
DNS- Windows Server 2003

,
, , BIND- 4.9.4. BIND-
WINS WINS-R,
(Do Not Replicate This
Record).
.
DNS
DNS
.
.
Northwind Traders ,
.
Windows NT 4.0 (
). ,
,
, .
,

, .
2000
1000
750
750
(. . .)
198
DNS
()
500
-
. -
, - -
, -
.

.
; ,
- -
VPN.
Active Directory
Active Directory
,
Active Directory
-,
Active Directory
Northwind Traders ,
. ; Active Directory (
) .
NWTraders

, .
, ,
Northwind Traders. .
DN5

, ,
. ,
.
.
1. 350 , Windows 98
Windows NT Workstation.
, DNS.
DNS
?
2.
, , DNS-
. ?
3. BIND Active Directory?
DNS
Active Directory. Active Directory,
DNS.

.
DNS DNS.
, DoS- DNS
DNS.
3. DNS
, DNS- , .
DNS
DNS-. ,
DNS-, DNS-
DNS.
, :
S DNS;
S DNS-.
15 .
DNS
, , ,
. . 6-5 . "
, , DNS- . .
200
DNS
. 6-5.
.
: Active Directory,
?
DNS- ? ( 4.)
DNS- UNIX BIND
DNS?
, DHCP
WINS?
DNS
Active Directory?

I
DNS. Active Directory
:
systemroot\System32\DNS DNS-. , marketing.contoso.com
marketing.contoso.com.dns. ,
dns;
Active Directory ( ; . ).
, Active Directory, . 2.

2 , DNS Active Directory, ,
. , Active
Directory, .
DNS
-
- (stub zone) , ,
DNS-, DNS.
DNS- DNS-
: ( NS)
-.
DNS-
-. ,
, -
.

,
IP-. .
, ,
.
, :
, Active Directory;
;
.
DNS-
DNS, ,
. Active
Directory , ,
.
, . ,
DNS- ,
. 4.
DNS-
, , :
, Active Directory. ,
DNS Active Directory;
, TCP/IP ;
,
;
; ,
DNS-.

, ,
. ,
.
.
202
DNS
1. Windows Server 2003,

UNIX, .
-.
,
- .
?
2. Windows Server 2003.
, .
DNS .
3. Active Directory sales.contoso.com.
.
:
systemroot\System32\DNS DNS-, ( ,
Active Directory), Active Directory.
Active Directory
,
.
, .

.
4.
DNS
, :
DNS, LAN WAN,
, DNS.
, DNS-,
.
, :
S DNS-.
- 25 .
DNS
DNS- ,
, . :

. , , DNS , (. 6-6).
DNS
203
,
.
. 6-6.

, DNS- , ,
.
DNS-? ,
.
? (
,
.)
DNS- DNS? DNS- ,
. DNS .
?
,
. , DNS , WAN-
. .
Active Directory, DNS-
?
.
DNS- Windows Server 2003 ..
DNS- ?
DNS.
204
DNS
DNS-
DNS-? ,
DNS ,
. DNS
, : , ,
Active Directory, .
DNS-
? ,
DNS , DNS-.
, DNS- , ,
, DNS-
. , ,
WAN- .
DNS-, .
DNS
Microsoft DNS.
DNS,
:
Intel Pentium III (733 );
256 ;
4 .
,
, Microsoft
DNS- .
DNS- , :
, DNS-;
, ;
, DNS-;
, DNS- .
DNS-, Microsoft, 9500 1300
75 %.
DNS :. DNS-. , AXFR (AXFR Request Sen
, DNS- ;
. , ::
,
.

\-- , (. 6-7). DNS- -,
. , DNS-, .
DSS
1
/
<
DNS
v"
128
-1
DNS
DNS-
DNS>^
contoso.com
"""
. 6-7.

, , : ,
, DNS-.
DNS-,
: DNS-
. 4
DNS .
, 100 .

DNS
. 1000
DNS- , , .

DNS-,
, DNS- ,
. . 6-8,
DNS- , .
DNS2
DNS1
^ 192.168.0.8
192.168.1.9
DNS:
DNS:
192.168.0.8
192.168.1.9
192.168.1.9
192.168.0.8
. 6-8.
DNS

. : DNS--;,
- WAN-,
.

, , WAN. , *
,
.
, }! DNS .\ on
DNS- . ^^ > i.,n
, , ii
. DNS
DNS
.
.
. 2.

, .
1. DNS- ?
2. DNS,
. , ; ..
DNS?

, , ;:
. , ?,:-;;
. T;ia=^
1. DNS -: .
DNS-. ;,.-. \
. ?
2. DNS- _ .
- WAN- .; :
, -,. _
Web-, , .:.
WAN-?
3. DNS-?
2il/
, ,
,
DNS.
DNS-
,
.
DNS- .
, , DNS- ,
. : DNS-
.
DNS iviTS Consulting.

Inc , , -
, . Windows
Server 2003 Active Directory.
Windows 98 Windows 2000 Professional. MTS
DNS, Active Directory.

MTS

, ,
. ?..! MTS 300
. ,
( ;
( , , , )
( . .).
, Web- .
, MTS ,
.
-.

256-
Fractional Tl ISDN-,
128- Fractional Tl. ,

.
208
LAN 10/100 /. . 6-9

.
. 6-9.

, .
-
- , ,
. - , , .
DNS - .
, .
1. DNS?
2. , DNS- ;
. ,
?
, ?
3. :
. DNS-, , ,
, .
?
4. MTS .
, DNS UNIX- BIND
, DNS
DNS. ,
DNS Active Directory.
, ?
DNS ,

Active Directory.
DNS,
. DNS , , ,
, DNS-.
DNS-
.

; DNS Windows Server 2003 :
(IXFR), (AXFR) .
DNS
Active Directory. Active Directory, a
DNS.
DNS DNS.
, DoS- DNS
DNS.
:
systemroot\System32\DNS DNS-, ( ,
Active Directory), Active Directory.
Active Directory
,
.
, .

.
, ,
,
DNS.
DNS-
,
.
DNS- .
, , DNS- ,
. : DNS-
.
2i0
DNS
Ss!a 0
sc
, ,
, , .

DNS .,
, .
* DNS ,! . IU,I,HI,,I . ,<. ,,1
Active Directory. . r^yi ( , p , > ii Due. {.,,>,
DNS
* DNS -
; DoS- DNS .
DNS,,
* DNS- , D
, DHCP WII IS ;
.

- DNS, DNS-cepacpo..!
.
~ zone transfer DNS- 110
. Windows Server 2003 . .-,
(IFXR), (AXFR) .
- caching-only server DMS-, ' _
. . <,
,
.
Berkeley Internet Name Domain (BIND) -- DNS, D_
UNIX. Active Directory Microsoft ,'
$.1.2,

1.
1.
: IXFR, AXFR ( WindowServer 2003 ).
2. Active Directory
?
: ,
Active Directory.
11
-. ,
-'-! ?
1 .? , f> ^, ,
WAN- , ,
Fc.ni! 1 ,
.
? 5
cy.tM= "? , , ?
"? . Northwirtd Traders. ,
[*> '5'- , *)- . (, . ,
- . . 8.
r^nfJ^/hr^rjersJOOe!
NWtraders.local
/ .
Asia Pacific
.; *
NAeast
NAwest
NWtraders
. ?_
1
. 350 , Windows 98
Wmdovs T-.IT 'Workstation.
, DNS.

: DHCP- ,
DHCP-, DHCP- ()
DHCP-, -
?
, , DN8-
. ?
: , ... ,
' B'HD Active Directory?
; 8,2 .
#>
S^***-
67
-.
S^=^2S^5S?S^^^
>OuKfe&S>X?& u T a * i t ^ -^ . %
?
: UNIX-
-, . -
IP- -, - IP-.
, , ,
DNS- .
, ,
.
, .
DNS .
: DNS-, Active
Directory DNS - .
3. Active Directory sales.contoso.com.
.
: ; ,
Active Directory, Active Directory,
.
4.
1. DNS- ?
: DNS- Windows Server
2003 Windows 2000 Server, , Active Directory.
2. DNS,
. ,
DNS?
:
.
4.
1. DNS
DNS-.
. ?
: ,
, ,
, ,
DNS- .
DMS
3.
UNIX, .
-.
,
- .
?
: UNIX-
-, .
IP- -, - IP-.
, , ,
DNS- .
, ,
.
, .
DNS .
: DNS-, Active
Directory DNS TCP/IP -
.
3. Active Director)' sales.contoso.com.
.
: ; ,
Active Directory, Active Directory,
.
4.
1. DNS- ?
: DNS- Windows Server
2003 Windows 2000 Server, , Active Directory.
2. DNS,
. ,
DNS?
:
.
4.
1. DNS
DNS-.
. ?
: ,
, ,
, ,
DNS- .
213
2. DNS-
- WAN- ,
,
Web-.
WAN-?
: .
, WAN-.
3. DNS-?
: . -, DNS DNS-. -,
DNS-
, DNS
.

1. DNS?
:
, DNS-.
, DNS-.

.
2. , DNS-
. ,
?
, ?
:
,
, , DoS- .
(VPN) ,
, , Active
Directory, DNS-.
3.
. DNS-, , ,
, .
?
: -, - ,
DNS- .
Web-,
,
. , ,
,
.
DNS
MTS .
, DNS UNIX- BIND
, DNS
DNS. ,
DNS Active Directory.

, ?
: ,
BIND 8.1.2 , DNS Active Directory,
BIND
, SRV,
, Active Directory.
ABA

WINS
!,<?)1, W I N ?
2^f?
2, WINS
226
. > . WINS
^
7,'..^ - IT =!,1'^|'^ .
) .. WINS.
NetBIOS-:
WINS.
.
DNS, Windows (Windows Internet

Name System WINS) .
WINS

, , ,
, , , . . (. 2).
WINS.
, , ,
DNS (. 6) .
WINS .
WINS , WINS ( DNS-).

,
1.
2-fg
WiNS
1. WINS
WINS ,
- (NetBIOS). NetBIOS-
IP-. DNS, WINS
IP-.
WINS ,
WINS .
, :
/ WINS;
S NetBIOS-
Windows Server 2003;
/ , WINS
.
- 40 .
WINS
, WINS Windows
Server 2003, , ,
. , Windows
Windows 2000, WINS. , WINS Windows
2000, , WINS ,
, .
Windows Server 2003
WINS
. , IP-
. WINS ,
.
DNS,
,
. , ,
, WINS-
(. 3).
NetBIOS-
NetBIOS 80- Sytek IBM
IBM .
, 20 , NetBIOS.
Windows NetBIOS-
. NetBIOS- 16- ,
, TCP/IP. 15
NetBIOS- , , -
WINS
217
, .
, NetBIOS-,
. . 7-1 7-2
NetBIOS-,
Microsoft.
. 7-1.
NetBIOS- Microsoft
computer_name[00h ]
, WINS

computer_name[03h]
Messenger WINS
computer_name [20h]
Server WINS
username[03h]
, Messenger,
net send
. 7-2.
NetBIOS- Microsoft
domain_name[lCh]
MSBROWSE [01 h]
domain_name[lEh]
Payroll NetBIOS- HRDirector

(Run) \\hr_director\payroll
hr_director[20h]
(LAN), IP- - (. . 7-1).
. 7-1.
NetBIOS-
. 7-1, ,
, , NetBIOS-
hr_director[20h]. , hr_director,
IP-.
, NetBIOS-
. ,
, , -
WINS
,
WINS, Lmhosts (. ),
v ^ (, 8), ,
, (, . 7-3).
. 7-3.
NetBIOS-

NetBIOS- NetBIOS- IP-
()
NetBIOS- (WINS-)
NetBIOS-
NetBIOS-
( -), WINS-
( -), .
(mixed) ,
- -
4-'
(h-), - -.
, NetBIOS-
WINS-. ,
-
Windows Server 2003

-. WINS , h- .
, ,
ipconfig /all (. 7-2).
, (h-),
, WINS-. ^' /- !- '-^ DHCP (. 8).
-taxi
G i s D o c u n e n t s and S e t t i n g s > i p c o n f isr V a i l
I P Windows '--.-/".
'-. .'.';..-.-.:*-" - ; ..<'/'. ; 20
PHS- - . > - - L - d
design.ru
: . . -v. ._\..-. . * ; . . . . :
'..'. 1- . - -. . =
WIHS- - - - - - i .=
; DNS .--/ d
iGB - Ethernet - /;
DNS- - - s
/10
. . - - -= - - - - V . s Intel<R>
I
. ... . -:..:- .".._- -..- - -,V :
SO-O3-47-32^60-CF
DHCP . . . . . . . . . . . :
'
V IP- -=. i . . . . .." - -' . . s192.168.20.100
i
- :_. . - . . ;. i : 2
2551.255.255.0
... . . . . i; . . V : 1
192.168.20-1
DMS-..-.. . . . - .,,,. - - - - - .= 1
192.168.20.1
C:\Docunehts and S e t t i n g s ^ .
_ ;
-
, 7-2. Ipconfig / All

,
, . ,
WINS
219
, . 7-3, 1 2.
2 Computer 2-1, Computer 1-1
UNC- \\Computer2-1. ,
NetBIOS IP-, 1
, Computer 2-1.
, Computer 1-1
Computer 2-J .
,
1-1
2
. 7-3, NetBIOS-
NetBIOS-,
Lmhosts, %systemRoot%\System32\Drivers\Etc, NetBIOS-, .
NetBIOS- IP-, Lmhosts
Computer 2-1 IP-:
192.168.8.2
computer2-1 #PRE
192.168.8.3
computer2-2
WINS
NetBIOS- ,
.
, , LAN WINS-,
WINS- ( WINS-
, WINS). , .
7-4 LAN
WINS- NetBIOS- IP-.
WINS- IP-,
, !
220
WiNS
. 7-4. NetBIOS- WINS

, , WINS. ,
, :
;
NetBIOS- ;
NetBIOS-.
NetBIOS- .
NetBIOS-
, NetBIOS-:
;
Lmhosts;
WINS.
, ,
. Lmhosts
, , ,
, .
.
WINS ,
.
WINS.
WINS
WINS , , :
WINS-;
WINS-.
WINS-
WINS- NetBIOS-
IP-, . WINS-
NetBIOS- IP-.
WINS, IP-.
WINS- . 7-4.
. 7-4.
WINS
WINS-
WINS- NetBIOS-
IP- WINS-, .
WINS
WINS- NetBIOS-,
,
WINS- NetBIOS- (,
), WINS-

WINS- ,
WINS-
DNS, DNS-, WINS

,
. :
WINS-, , ,
, ;
WINS-, ,
, , WINS-
WINS-. WINS-
, WINS- WINS-
, WINS-
. Windows XP Windows 2000 12
WINS-.

, NetBIOS-,
,
NetBIOS- .
,
.
,
, WINS
IP-.
, WINS , ,
, .
NetBIOS- ,
IP-.
WINS-
NetBIOS- WINS-,
WINS- , ,
222
f/i^^3 7
!!*!0 0Tpw.TWbi WIMB
WII*-J5 ^ * M N
' - LFP- *!-. CROH
WINS-,
;
?;
WINS IP-^,. ^^^- N^RTor*-TH--,r^H'aM
WIN 3-^ '-* !. .'
. Windows Sery pr ? r,ri ^. ci-riin-iaa <-^ '- OaT.a.center
Hdition Enterprise .Edison,
Windows XP "Professional Home F^'o'on, *?4- ;
Windows Millennium.;
Windows 2000;
Windows NT Ser-'er:
Windows NT Workstation;
Windows 95. 9
Â/itifimvc .
P7 T T T I .
Microsoft LAN Manager:

MS-DOS;
OS/2;
Linux UNIX SAMBA.
<?6 , Linn - "- tJ^'H*' ^^ -*^ -;*"/. ^'7 W*"! IS
, . ^^^ WT?T^;_ &.* '/^

. /^ .^ WINS.,
WJNS- WINS- "
' ^ , ^1 ^
1 ?. WT1 <-^^. cry ^ ^
, - ,
NetBIOS " ^ "^VTTTCI - 1-1
* ^^- /rotv ^-^
W!MS
paô : j w c . '^^'' TietBTo^ . 11
; WIN>. ^ ?'> , "
WINS, NetBIOS -
. , WINS-,
. , WINS-,
WINS. WINS WINS-,
, NetBIOS- ,
WINS.
WiNS
223

. 7-5.
WINS
WINS ,
WINS, , . 7-5,
WINS NetBIOS-,
.
1. , WINS,
, WINS.
2. WINS NetBIOS-
IP- .
3. NetBIOS- , WINS IP-
, WINS.
4. NetBIOS- , WINS
WINS-, .
5. WINS- LAN, WINS
WINS- ,
, .
, WINS ,
WINS- WINS.
224
WINS

,
,
.
.
,
, .
,
. ,

.
WINS
WINS (Extensible
Storage Engine, ESE), , Active Directory,
Microsoft Exchange Windows. ESE
Joint Engine Technology (JET). , Microsoft SQL Server,
Oracle Sybase, ,
. , -
, ,
. ESE
.
, , WINS,
IP- WINS-,
. ,
, . :
;
.
, ?
,
,
.
(, WINS ).
,
WINS.
WINS
WINS JET .
. , .
J, ,
, J10.log.
, ,
WINS
225
, J100000F.log,
.
. ,

.
.
, ,
,
. , ,
. RAID

, , ,
.
.
. ,
.
Wins.mdb. WlNS-, : IP-

IP-.
Winstmp.mdb. , WINS-cep .
Res# .log. ,

. ,
WINS
, (Event Viewer).

, .

(. 3). , , ,
. ,
. Windows Server 2003 WINS:
, ,
, WINS-;
WINS- .
, 1
.

, ,
. ,
. .
1. 4 NetBIOS-.
2. , -
WINS, NetBIOS-.
! WINS
f.nssn 1
,' WTNS-, >" , .

,
.-: NCT.ETOI- 1 ! .
3, WTNS - _" - "
/.
W I N S ' - /:,-^ ,\ - ^ N.-tBTO*-* ^-^

-, N^-tBÔ? ifMewa '-..^- .'- a ^-r ?
'/'^'- >:!5. ^ W^N."*
^^ -/'-- 3 : i . , \l'J'-'.Vc-'--r- 15 H 0 H T * T I 4 ' " f
???-fC:^^
f t'VEITf-('
? 9 . I F ' ^ ' /
S*
^^TD^LHSHn1? N e t B I O S
- W i n d o w s ,
HMS U ?- T 4r-t
''1!1
H ' - O ^ f 'TTMKI / > ' ^ ' '
' W ' n / i ' / ' y / ' c ? ^ . ^ ^ / ^ ^ - ^ . * u
^^-^ .- '' '~,> [ ' . ^ ^ -
' 11 ' ? 1 1 ^--^ ./.
TJ ' ^;![ WiriH-''
? '' ^.
r f
* -r. f ^f ? Q 0 " !
i f X ^. "'"*tJ" ^- f " : ' - f .
rrp i
^^ . /^. - * n-y^v-^^r 17/!

SB
. ' ^ . ^ ^ ' *,^-^7,1.* V/T7-] r ; . / ^."?. ^ ' ' ^ ' -!
,?1? ^ <-;
W I N S
- - ? WTN>
3? N e t B I O S
-.^,
^ <--<._
'/^-
net ^ ^ - . ^
1<-~- n_^[_rsi.' p - i i n u v W I T ! - .

^ ^ ?
Tl '.'.''
r p
; !'!if;"
WINS-? ?, '. ' ^- -/

WTNS, ..; WIN? 11;--^ " ^ .
TOD
?.,|^_1,
HDOK'.- rT
' 1.^'"' '
& . -.. L O l f l ' T ' W F T T ^
:;
'
^ / ' :- '. -[,"..[ ij^.j-.c-.T
?.(1'
J,- Tf [.r';U
2-
Vw I
, , ^^ i
WINS, :, ' ! ^/ ^-, RO -^ ?
, WTN"..
WINS, - -^--,
, ^^ WTMS ^'^ ^^-- *-
- 71 cepêpw -^ - Ynp^BTewi^^'^ winH'y-
2000 , N^tP.IO-^_HfT^H ^^- v/^ rav-Ke . '-,-"
- -
, '? ^ 1: =
,
, ? Windows, WINS . }]?. ? 1
. Acti'-'e. Directory ]-~
WIN5,
$!\#
227
, :
' lii'siiLiQUi'j&ji'LnLih
/. ya-'Ai^nu-' ii ii-
-.
Ly'/i- / V / l N l r .
: iik-uO..! wji'U i-'f -'/ W i N ^ T,;pBCpOB,
bDipaOOia i Gi'pa i Ci'niO W i i J*J ..'

ki MapiHp y"i li-c'i i.i'i,
n/idnu
il_C< i.'.Xv./i i .'.i-iiH IV.D i 2 G; DL.1 - 3 H a i t ^-^
o e i L o p i a m u a u i i n n a
J?io ,, TaK KaK \
p a 3 U e u j e r m c i 'i WlNCi -. i'J<." t'- J ;u i,

*
(;;> H3aj "p'-'B
cti't- (WA.H^ . - 1 "^ ^,

-;
inn lipoueccGpa - " /,
WINS;
WiN4J
,^vUliii;ilonjii.~ .. c-L ieHi L A N L A N '
' OOT&i-.i HaMi'llIt.
. "."'.,. OTCTf/cT HiaTL, K.dKHe

1! t W I N S - ( D i 4 ^
L/HCP);
OOiH.e^ sr-ji.u~HliC YCTiCD

'_'<.>3.uaim;i i ja.
l'uiaiia
- ^ ^ - V/lP-l^ ' -
' 'i<>iio'Ji'.;i jiio O e i i i ; a i r_ _. Cpaj't.-j iii*. [ ' ^ .

iGiJj/i'.* n a i J G ' j i i o c "^-. iiBHi.ie -.' : - | .
rjcl.iiiob-ilb'iejrt.^ '-
1 _, .- '
: WINS ,
CLLAX 'tCai-iajiainn ,.
, ^ juHpwKi>bv":ia'aiJiiv..i.'i, ]iw Imitosis WINS. ~
. ' <, :'.uniii.ii'i
W I N S CcpBepOB HOipoGye ,<;'

I
iLah, W1.NU ti'a paOu/'c ivic.^j - W A N - /
*fi
' KdKoi '-^.'
((.;. - )'.
NetBIOS-
,
NetBIOS-. ,
Lmhosts . ,
WINS .
WlNS-?
, , WINS-
10 000 . ,
4 1
|^$;&* ^^|> W M
, '
. i jalii-tiLil'i
/ Tpyi- W I N * ; ;
>I"J *-;- /l ii'i'L. -i- H I : V. ;. 1,: --tin'. W1H b-CcpBSpGBj

"*-
biîpciGu i i t C i p a i OiT'iiO WiiT ^ /

i'i ivjapjjj'p y' i oOi vi'i,
- 2-5
ilOCi'ic i t i h ( j"i). uidbLj _ 11 t.j DTI - i i t i i n a i ' i .

Jii'i a , i L Ha ' . J i u _* . TaK KaK '
p a Ji.'i CIJJ i"i [ 'J W l f j -. j jo iiiJM-i;ii j
i"
. i tapiiipy i'(i-3i4i o p o B
v /; eT ; i^rii'Li
L A N L A N
(WAH>, :
- ;
inn - ii ouf'rpODCi'iciDiic - 3 I H ,
WINS;
WI'N'J- ' '
*"' . 8.\> 10'~' OiiCTCi.ii;. ' SjiaTL
' 6 ' -
WINS- ( DN^ / L/HCP);
OOiii.CC n paSi/sCjJiCHIjC.
j\n;i
<'- ^ ]>. o n u t i i i yajjj.ii j DUA-/j|îin;i W i H i~i ' -
Uiyio' ) Hio CeiTi ; a DUpaOuio I r. >. - . p a ; [''iol.iilO^-lliviCrl, "

tODi'yio- jrialiOojioO ^ i iv To pCaju'iSaiiiii'i. 1 a iO,
'1^. D , WINS ^ ,
- Kartajidi/ .
- -. ^--
IiiibcisTs WINS. -
jl.yjo-ijj.riC CiGi' IOI^^'T D <-o>uaiilii'i u nana..

VViNb i i o i p e O y e i /
_ wir-i^ ]'". WAN--?

s
11 it- '.'
i* & (, J>)/
NetBiOS-
,
NetBIOS-. ,
Lmhosts . ,
WINS .
WINS-?
, , WINS-
10 000 . ,
WINS
29
1 , , WINS,
NetBIOS- IP-
WINS-. . WINS-
, ,
, . WINS- Windows XP
NetBIOS-, .
Server, Replicator, Messenger, Computer Browser . . 7-6
WINS WINS- Windows XP.
JiJSl
0*1
*']
CrpaBta
a ni' rt
<8| WIN5

f j ) CCMPJTER1 [192.156 0 1]
{J&
:
- - ^
: ^^ 7 ^ 7
S-
%DOMAMI
; 1?
01 hj
121 20 :
j :5
[IBh] ..
192.168.20,21
COMPUTER1
[OOh]
192,168.20,21
COMPUTER1
[20h] -
192.168.20,21
.DOMAIN1
[OOh] Workgroup
192.168.20.21
DOMAIN1
[ICh]
192.168.20,21
, DOMAIN 1
[1 Eh]
192.168.20.21
I ... 1
fifiaasrau
192 168 0.1

192.168.0.1
192.168.0.1
192.168.0.1
192.168.0.1
192.168,0,1
192.168.0.1 2
. 7-6. WINS Windows XP

,
, .
WINS
. WINS- ,
,
, WAN- .
,
WINS-.
NetBIOS-.

WINS ,
.
, WINS-,
-
, ,
WINS. WINS-.
- , Lmhosts
, #PRE,
WINS-.
230
WINS

.
, IP-,
, , , .
? , -
. WINS-, ,
, , DNS- ?
.

, ,
. ,
,
, .
.
, WINS
.
^
LAN WINS- WINS , . LAN
, ,
.

, WINS NetBIOS- , WINS , ,
NetBIOS-. ,
.
, WINS-.
WINS.
WINS NetBIOS- WINS ,
WINS- .
. 7-7 , , ,
. WINS , ,
WINS-,
WINS-. ,
NetBIOS- , WINS-
. WAN-,
128-/ Frame Relay.
(^^,
J*id^Tii&
7-7.
^ WINS
231
11 WINS
,
NetBIOS- ,
. WINS NetBIOS- .
WINS- , , WINS NetBIOS-
, WINS-
WINS-.
NetBIOS-
. !
?
WINS-, WINS- ?

, ,
Bbi ,
. .
1. WINS-?
2. WINS- ^ ?
3. WINS- , ?
NetBIOS-
/ " (,
. .)
WINS- > <-,, vVINS- ,
WiNS- (, 3).
, WINS,
, , .
,
232
MUS
. WINS-
. WINS
WINS- .
WINS
,
.
WINS-
.
3.
WSNS
WINS WINS
WINS-, . ,

NetBIOS-. , WINS-
.
, :
S WINS;
S
(tombstone);
S .
25 .

WINS WINS-
, , , . .,
,
. - WINS-
,
, .

,
WINS-, 200 (. 7-8).
1 WINS- WS1.
Clientl-1 NetBIOS-, .
WINS- WS1 WINS-.
\clientl-l, Clientl-2 ?:
WINS-, 1-;
.
2 WINS- (WS2). Client2-1, :<
2, NetBIOS- WINS-
W1MS
233

Clientl-1
i i " IP- |
. 7-8.
. , , Clientl-1 Client2-1 NetBIOS. (. . 7-8) ,
NetBIOS-
Lmhosts WINS, , Lmhosts . Clientl-1
WS1, Client2-1,
2, 2
WS2.
WINS- NetBIOS- ,
() .
. WINS- :
(push) ;
(pull) ;
(push/pull) .

. , NetBIOS-
WINS-
.
:
WIN-;
IP- NetBIOS- IP-;
WINS.

WINS-,
.
:
WINS-;
.
234
WINS
WINS-,
, ,
(, ).
/
WINS- .
WINS , ,
.
,
, , ,
WAN-.
WINS- /
, NetBIOS-
, WINS- NetBIOS.

WINS , WINS-,
, .
WINS , .
WINS.
WINS-,
WINS- ( ) WINS-
, ,
(tombstoning)
WINS-. ,
, ,
. WINS,
, ,
WINS-.
WINS
DNS , WINS
, WINS- .
WINS-, DNS-,
, , WINS
, ,
NetBIOS- IP- .
DNS, WINS :
IPSec;
VPN.
WINS
. WINS-
W1U8
235
,
Active Directory
.
. WINS
WINS
.
.
Northwind Traders WINS Active

Directory Windows Server 2003.
.
WINS, .

, .
WINS Northwind Traders,
. ?

, ,
. ,
. .
1. WINS . ,
WINS-?
2.
.
3. ,
. , WINS, , 25 WINS-
, .
? ,
WINS-?
236
WINS
WINS
WINS-, , NetBIOS .
WINS- ,
.
.
, WINS-
12 . . LAN WINS- 15 .
WINS ,
( ).
NetBIOS- Contoso Ltd.,

. - ().
Windows NT 4.0, 2000 Server Windows Server 2003
Windows 98, 2000 Professional ;
Linux.
NetBIOS-,
.
NetBIOS TCP/IP, NetBIOS-
,
.

Contoso
, -.
, Contoso
() - ().

1500 ,
-. D
Frame Relay 128 /,
WAN-. 10/100-
.
reaiumt' uitftttri

Contoso ,
.
, Windows 95.
Contoso
.
, .
1. WINS- ,
,
?
2. , Contoso .
?
NetBIOS-
.
3. , WINS, -
, WINS-.
NetBIOS-?
4. D .
WINS- ?
WINS , NetBIOS- .
NetBIOS- IP-. DNS, WINS

IP-.
NetBIOS- Windows
NT, Windows 95/98 . Windows Server 2003
NetBIOS-: ,
Lmhosts WINS.
WINS
, .
.
WINS WINS-, ,
NetBIOS- , WINS.
WINS- , -
WINS, WINS
, WINS- .
NetBIOS-
( ,
. .).
WINS-, WINS- ,
WINS- (. 3).
WiUS
, WINS,
, , .

. .
WINS
.
WINS
, .
,
WINS-.
Windows NT 4.0,
.
, .
WINS WINS
WINS-, .
NetBIOS- .
WINS- ,
.
.
, WINS-
12 . . LAN WINS-
15 .
WINS ,
( ).

, ,
, , .

NetBIOS-: ,
Lmhosts WINS. WINS ,
NetBIOS- . WINS
, .
, WINS,
WINS , NetBIOS-.
NetBIOS-
( ,
. .).
WINS ,
. ,
WINS, , ,
.
.
239
.
WINS
WINS WINS
WINS-, .
NetBIOS- . WINS-
,
. ,
WINS- . WINS
, (
).

WINS ~ WINS proxy WINS-, ,
NetBIOS- , WINS.
- Node types ,
NetBIOS-: , , .
~ Replication partners ,
WINS- ,
.
~ Tombstoned deletion
WINS. WINS- , ,
.
1.
1. 4 NetBIOS-.
a. - ( ).
b. - ( NetBIOS-, WINS-).
c. - ( NetBIOS-, -
-).
d. - ( - -).
2. , -
WINS, NetBIOS-.
WINS-, ,
. ,
NetBIOS-.
: Lmhosts
NetBIOS- IP- , .
WINS- WINS. WINS
NetBIOS- , WINS,
240
WINS
WINS- . WINS- IP- ,

.
3. WINS 5 .
.
:
a. WINS
WINS- .
b. ,
.
c. WINS- (Wins.mdb) : IP ,
IP-.
d. WINS (Winstmp.mdb)
.
e. (Res#.log) ,
.
2.
1. WINS-?
: , ,
, .
.
2. WINS- ^ ?
: ,
-, NetBIOS-
, WINS-. ,
NetBIOS- ,
.
WINS,
Lmhosts NetBIOS- IP-
. ,
.
3.
WINS- , ?
: WINS- WINS-
, , NetBIOS.
3.
1. WINS Northwind Traders,
. ?
: ,
. , WINS-
, .
.WINS-
WINS- 1
WINS 5
WINS- 10
WINS- 6
3.
1. WINS . ,
WINS-?
: ,
. ,
.
, , , .
2.
.
: WINS-; IP-
NetBIOS- IP- WINS.
3. ,
. , WINS, , 25 WINS-
, .
? ,
WINS-?
: ,
WINS-,
.
(tombstone), WINS-.

1. WINS- ,
,
?
: . , Contoso
8000 ( 4000 ). WINS-, -
WINS
(128 , 350 ,
IDE . .) 10 000 .
WINS-,
, ,
.
, Contoso .
?
NetBIOS-
.
: ,
.
Lmhosts, WINS- .
, WINS, -
, WINS-.
NetBIOS-?
: WINS,
NetBIOS- ,
WINS, WINS-, .
D .
WINS- ?
: , ,
,
, ,
, .
1. IP-
244
2.
255
3. DHCP
259
4. DHCP
263
:
TCP/IP- IP- ;
;
IP- DHCP;
.
IP-:
DHCP DNS;
DHCP .

-:
DHCP.

,
,
. IP- IP-
,
, .
244
IP-
.
IP- ,
DHCP,
.
IP-,

.

,
1.
1. IP-
IP- ,
IP-.
IP-
.
IP-, ,
IP- .
, :
S IP-;
S TCP/IP- , .
60 .

, : 2
(), 10 () 16 ().
. , 9876 9 * 3 + 8 * 102 + 7 *
10' + 6 * 10. , (10) 0, 1, 2, 3 . .
0 9,
10, .

,
: , , ,
. 2,
, 0; , .
, 0 1.
1000 0001. (
), 0 1, ,
. - 129. -
!-
245
8 ( , 8-
), ( ) 8 .
128
64
32
16
27
26
25
24
23
22
2'
128 + 1 = 129
( 1) 255:
128
64
32
16
2"
V
1
2
1
8
2
1
4
3
2
1
2'
128 + 64 + 32 + 16 + 8 + 4 + 2 + 1 = 255

, ,
.
, 16.
, 16, 16,
0.
,
10 (09).
10, = 11, = 12 . .
:
4096
16
1
256
16
3
16
16'
16
13
:
1 * 163 + 3 * 162 + 10 * 161 + 11 * 16 = ...
: , ,
, ,
, ,
, .
, ipconfig / a l l .
IP- Physical Address M A C
, 00-0B-DB-28-F3-9A.
,
.
(nibble). , , , 8. 9 1001 1010,
. , F3
1111 . - F3-9A (
), : 11110011-10011010.
, 0x11.
246
, , (Calcula
tor), Microsoft. (View)
(Scientific).
Bin, 1111 1001 1010
Hex.
,
, .
IP-.
!-
TCP/IP (Transmission Control Protocol/Internet Protocol) Windows
Server 2003 , ,
TCP/IP IP-.
IP- , ,
DHCP-, . ,
IP- .
iP-
IP- , . IP-
, .
(. . 8-1).
. 8-1.
IP-
1 126
IP-, . , 12.5.5.3
IP- , 12
5.5.3. 16
128191.
, . IP- 172.16.32.15
172.16 32.15.
65 000
192223.
, . ,
192.16.32.15 192.16.32
15. 254
224239,

240255, D,

: 127,
.
IP-
, (1-126), (128-191), (192-223) D (224-239;
).
IP-
247
iP-
IP- InterNIC (Internet
Network Information Center)*. ,
.
,
, 254 .
254? , 8
. , 8 , 0000 0000,
, , , .
, 8 , 11111111, (
) 255. .
, ,
. , 8- 28 2 = 256 2 =
254 , ,
.
, ,
. ,
, ,
. ,
, IP- .
IP-
NAT, 9. . 8-2 ,
InterNIC,
.
. 8-2.
IP-
10.0.0.1-10.255.255.254
, 126 ,
16
172.16.0.1-172.31.255.254
, 16
20
(. )
192.168.0.1-192.168.255.254
, 256
16

169.254.0.1-169.254.255.254
,
DHCP-.
Windows 98
IP-
(Automatic Private IP Addressing, APIPA),
3
, 169.254..:
, DHCP-,
DHCP- .
IP- , , . . .
248

(. 8-1).

. 8-1.
, . 8-1,
192.168.1.0 1254.
, , ,
, .
, IP- (192.168.8)
,
.

, IP- ,
,
.
IP- (. 8-3),
, .
. 8-3.
255.0.0.0
255.255.0.0
255.255.255.0
IP-.
, IP- 10.1.2.3 255.0.0.0 (
),
( AND) IP- :
AND
00001010.00000001.00000010.000 00011
10.1.2.3
11111111.00000000.00000000.00000000
00001010.00000000.00000000.000 00000
255.0.0.0
10.0.0.0 ( )
IP-
1 AND 1 = 1, .
1,
, , : ( 10).
, ,
, IP- (
) ( ,
IP-).
, . IP , .
, , .
, IP- 172.16.12.5
172.16.13.5, , , .
,
, 172.16.0.0, .

, ,
8 ( ) .
IP- ,
.
.
?
,
, .
?
?
,
,
. .
192.168.8.0, .
, IP- :
1100 0000.1010 1000. 0000 1000. 0000 0000
192.168.8.0
1111 1111.1111 1111.1111 1111.1000 0000
255.255.255.128 ( )
(
). ,
1 0. ,
128.
, 128,
192.168.8.0 192.168.8.128. 255.255.255.192,
64: 192
1100 0000, 64.
, 0, 64, 128 192 .
255.255.255.128 126 ,
7 .
2" 2, 27 2, .
250
192.168.8.0, 192.168.8.128.
1-126 192-254
(, ).
IP- , , 192.168.8.0/25
, 192.168.8.127 :
1
1100 0000.1010 1000.0000 1000.0[000 0000]
192.168.8.0/25
1100 0000.1010 1000.0000 1000;0[111 1111]
192.168.8.127/25
IP-, ,
.
2
1100 0000.1010 1000.0000 . 0000]
192.168.8.128/25
1100 0000.1010 1000.0000 1000.111 1111]
192.168.8.255/25
, 128 255
.
Windows 2003 ,
RFC 1812. 2,
.
,
(Classless Internet Domain
Routing, CIDR), /8 /16. , IP-
172.16.8.0/24. 24 ,
8 . , 255.255.255.0.

.
, .
192.168.1.0.
,
255.255.255.128
(. 8-2).
1 1 126,
2 129-254.
. ,
IP-, IP- ,
. ,
, . 3
, DHCP .
IP-
91
IP-; 192.168.1.5
: 255.255.255.128
: 192.168.1.1
IP-: 192.168.1.140
: 255.255.255.128
: 192.168.1.129
. 8-2. ,
. 8-4.

( CIDR)
1-2
3-4
5-8
9-16
17-32
33-64
65-128
129-256
257-512
513-1024
1 025-2 048
2 049-4 096
4 097-8 192
8 193-16 384
16 385-32 768
32 769-65 536
65 537-131072
131073-262 144
262 145-524 288
524 289-1048 576
1048 577-2 097 152
2 097 153-4 194 304
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
255.128.0.0/9
255.192.0.0/10
255.224.0.0/11
255.240.0.0/12
255.248.0.0/13
255.252.0.0/14
255.254,0.0/15
255.255.0.0/16
255.255.128.0/17
255.255.192.0/18
255.255.224.0/19
255.255.240.0/20
255.255.248.0/21
255.255.252.0/22
255.255.254.0/23
255.255.255.0/24
255.255.255.0/25
255.255.255.192/26
255.255.255.224/27
255.255.255.240/28
255.255.255.248/29
255.255.255.252/30
8 388 606
4 194 302
2 097 150
1 048 574
524 286
262 142
131070
65 534
32 766
16 382
8 190
4 094
2 046
1022
510
254
126
62
30
14
6
2
252
. 8-5.

( CIDR)
1-2
3-4
5-8
9-16
17-32
33-64
65-128
129-256
257-512
513-1 024
1 025-2 048
2 049-4 096
4 097-8 192
8 193-16 384
1
2
3
4
5
6
7
8
9
10
11
12
13
14
255.255.128.0/17
255.255.192.0/18
255.255.224.0/19
255.255.240.0/20
255.255.248.0/21
255.255.252.0/22
255.255.254.0/23
255.255.255.0/24
255.255.255.128/25
255.255.255.192/26
255.255.255.224./27
255.255.255.240/28
255.255.255.248/29
255.255.255.252/30
32 766
16 382
8 190
4 094
2 046
1022
510
254
126
62
30
14
6
2
. 8-6.

( CIDR)
1-2
3-4
5-8
9-16
17-32
33-64
1
2
3
4
5
6
255.255.255.128/25
255.255.255.192/26
255.255.255.224/27
255.255.255.240/28
255.255.255.248/29
255.255.255.252/30
126
62
30
14
6
2
-
, IP-
, .
, - ,
. ,
IP- , 192.16.9.131. ,
255.255.255.0.
,
255.255.255.192. ,
: 192.168.9.0, 192.168.9.64, 192.168.9.128, 192.168.9.192.
,
, ping
, 192.168.9.64, :
!-
941
Request Timeout. ,
,
192.168.9.131 192.168.9.66
192.168.9.0.
,
, , , .
IP- ,
,
.
. !-
IP-
Northwind Traders, ().
, .
.
Northwind Traders .
, ,
(. . ).
TCP/IP ,
,
IP- .
:

172.20.0.0/16;
200 .

, .
1. ?
254
2. .
a. /16.
b. /19.
c. /21.
d /24.
3. IP-?
a. 7.
b. 1204.
c. 2903.
d 4032.
4. IP-?
a. 1.
b. 2.
c. 2903.
d 4032.
5. ,
?
a. 254.
b. 1022.
c. 6398.
d 65 534.
6. .
IP-, .
a. 10.0.0.0/8
b. 230.120.0.0/16
c. 69.254.0.0/16
d 192.168.0.0/16

, ,
. ,
. .
1. . ?
IP- ?
2. 15 000 ,
.
IP-, IP-.
, 500600 , 350
. IP- .
, SQL Server,
. ipconfig,
:
IP Address: 192.168.8.142
Subnet Mask: 255.255.255.128
Default Gateway: 192.168.8.1
TCP/IP Windows Server 2003. IP-

TCP/IP, . ,
, IP-.
IP- , ,
.
IP-.
,
.
, , 255.0.0.0,
255.255.0.0 255.255.255.0 .
IP-.

.
.
2.
, , ,
. IP- Web-
, .
,
(Demilitarization Zone, DMZ),

, .
, :
S , ,
Microsoft ISA Server;
/ .
15 .

. 8-3 , , ,
. ,
, .
258
. 8-3.

, ,
, .
. 8-4 , .
,
.
.
. 8-4.

. ,
IP- , , UDP TCP,
(80 - ) . .
, :
;
SPI;
.
, ,
. ,
.
SPI (stateful packet inspection) . ,
,
(). ,
() TCP- SYN,
SPI . ,

SYN, .
, Microsoft Proxy Server,
, , -
25?
.
Web-. SPI,
,
URL.
(intrusion detection system, IDS)
,
,
. IDS:
. IDS
;
. IDS ,
, ,
.
,
, .
, .
- ,
IDS .
,
Web- ?
.
, ,
(. 8-5).

'
'
!
,^ *j-
"
' '-"~
| "'
~ , *%*^
&
. 8-5.
, Web-
,
, , , ISA Server.
258

,
,
, , ,
.

, , ,
. ., , ,
.

, ,
( , , IDS, ),
:
VPN- Microsoft ISA Server Dell
Windows 2000 Server;
CheckPoint Firewall
Solaris Server;
Microsoft ISA- Dell
,

.
, IP-
, ,
.
, ,
( , ).
:
;
;
(telnet, ssh, rdp);
;
;
IP-.
,
IP- ,
, .
,
.

, ,
. ,
. .
DHCP

Web- Web-
. Web- ,
.
- , .
Web-,
, ?
2.
?
3.
.
?
,
, .
Web- , .
, SPI
.
,
, ,
, , IDS.
,
IP- , ,
, .
3. DHCP
TCP/IP ,
,
.
, .

(DHCP). ? , ,
. , DHCP IP-.
DHCP
.
, :
S , IP- DHCP;
f IP- DHCP;
/ APIPA.
25 .
2Q
DHCP
DHCP Windows Server 2003. DHCP-
, DHCP,
DHCP- IP- TCP/IP, IP-
WINS, DNS, .
IP-
IP- DHCP- .
1. DHCP- DHCP. ,
, .
IP- (IP Lease Discover).
2. DHCP-, IP-,
DHCP- . -
, IP-, , IP- DHCP-
, IP-.
3. DHCP- DHCP-
DHCPDISCOVER -
-.
4. DHCP-, IP-, DHCP
DISCOVER, IP-,
DHCP- .
. 8-6, IP- ,
IP- (scope), IP-
DCHP-.
IP

DHCP-,

IP
ysry
IP
,,, | ,
IP
^^
DHCP-
IP
^
.
IP
X
-
f
DHCP-,

, _ ,
> )
*

(
DHCP-
. 8-6. IP- DHCP
DHCP
IP-, DHCP. DHCP- , ,
:
IP- DHCP-;
;
DHCP
281
.
;
DHCP, IP- DNS WINS- (.);
. DHCP-
IP- TCP/IP.
, , DHCP- IP-
192.168.1.0/24, 192.168.1.1
192.168.1.254. , ,
IP-, IP- .
IP-
DHCP ,
. DHCP- IP-,
IP- WINS- DNS ,
. , , DHCP
(. 8-7), DHCP- TCP/IP.
. 8-7.
003 Router
IP-
006 DNS Servers
IP- DNS-
015 DNS Domain Name
DNS
044 WINS/NBNS Servers
IP- WINS-
046 WINS/NBT Node

Type
DHCP-
( b- ( h-, - -)
047 NetBIOS Scope ID
NetBIOS (
). NetBIOS
NetBIOS- ,

DHCP-
7, IP-
, . , DHCP-
DHCP- (. 8-7).
%- h
SP
1
1
IP
DHCP-

. 8-7.
DHCP-
202
DHCP-
DHCP , DHCP, . :
DHCP;
DHCP-.
, DHCP-,
DHCP-, DHCP-
, .
WINS Proxy Agent, .
DHCP/BOOTP (RFC 1542), DHCP- .
IP-
, DHCP- DHCP- IP-
DHCP- DHCP-
?
DHCP- .
- DHCP-? , . DHCP ,
IP- 169.254.0.1-169.254.255.254.
DHCP
DHCP-
. IP-, DHCP .
DHCP- Windows Server 2003
DHCP, Active Directory,
DHCP Active Directory. DHCP-
DHCP- , .

, ,
. ,
. .
1. IP- DHCP-,
DHCP-?
2. DHCP DNS-cep DHCP-?
DHCP. ,
. ipconfig / a l l ,
, :
IP Address: 169.254.112.14
Subnet Mask: 255.255.0.0
Default Gateway:
DHCP

, DHCP. DHCP IP TCP/IP, IP- WINS-, DNS-
, DHCP-.
IP-, DHCP-.
DHCP- , , .
DHCP- IP- ,
, DHCP/
(RFC 1542).
DHCP-.
4. DHCP
DHCP, ,
, DHCP.
DHCP-
.
, :
S
S
S
/
IP- DHCP;
DHCP DNS;
DHCP;
DHCP .
25 .
DHCP
DHCP ,
, .
DHCP- , RFC1542/ .
DHCP-?
, DHCP.
DHCP-.
, , WAN-, .
DHCP- :
;
;
.
264
DHCP-
DHCP-,
DHCP-
( Windows
NT Server, Windows 2000 Server Windows Server 2003) ,
. DHCP-
Windows Server 2003 , .
, ,
.

, DHCP-
. DHCP- ,
Microsoft.
:
500- Intel x86 Family Model 7 Stepping 3;
256 ;
100- Ethernet 802.3;
Windows Server 2003 Enterprise Edition;
5 000 ;
DHCP 2 ;
,
;
, DHCP- , DHCP-.
48 DHCP-
DHCP-. . 8-8.
. 8-8. DHCP- ,
48
DHCP-
68 412 059
20 039 592
20 039 253
57 559 426
57 470 934
484012
190 901
0
, DHCP-
. DHCP ,
DHCP
25
(2 ), 10 .
DHCP.
DHCP-,
DHCP- , WAN DHCP-
. DHCP- ,
. ,
. , DHCP , :
;
;
, .
DHCP-: 80/20
DHCP-,
, .
80% IP- DHCP-, , 20%
DHCP- . DHCP-,
80% IP-, DHCP- IP- DHCP.
DNS
Windows Server 2003
DNS- ( ). DHCP-
PTR DHCP-,
IP- .
DHCP-
Microsoft,
DHCP-. ,
IP- , ?
. 8-9.
. 8-9. DHCP-

DHCP , Windows

, ,

IP-,
IP-
, DHCP
. DHCP
DHCP
Northwind Traders --. ,
.
.
Northwind Traders --.

.
(. );
DHCP-.
..-

i."'
5"
4_^v_,-'''
A3
A3

, .
1. DHCP- ( )?
.
2. DHCP- (
)? .
3. DHCP ?
.
4. ,
.
?

, ,
. ,
. .
26"
1. DHCP (, ),
RFC-154- . DHCP-
, DHCP-,
DHCP- . DHCP- , IP- DHCP?
2. , DHCP-
?
3. ,
DHCP.
DHCP, , ,
, DHCP-,
, .
DHCP-,
DHCP- (
Windows NT Server, Windows 2000 Server Windows Server 2003)
, .
DHCP- PTR DHCP-
, IP- .
DHCP-,
, .
80% IP- DHCP-, ,
20% DHCP- .
IP- ,
.
15
: Windows XP Profes
sional Windows Server 2003.

Trey Research , -.
,
200
.
10 . 312

, - Trey Research
(. . ).
. - Web-
Microsoft Exchange 2003. ,
,
.
, ,

. ,
IP- 300 .

-,
,
3000 .
, .
1. IP- ?
?
2. , Web, ?
3. ?

TCP/IP, . ,
, IP-.
IP- , ,
, .
IP-.
,
.
2;
, , 255.0.0.0,
255.255.0.0 255.255.255.0, .
IP-.

.
.
,
, .
Web- , .
, SPI
.
,
, ,
, , IDS.
.
,
IP- , ,
, .
, DHCP. DHCP IP TCP/IP, IP- WINS-, DNS-
, DHCP-.
IP-, DHCP-.
DHCP- , , .
DHCP- IP- ,
, DHCP/
(RFC 1542).
DHCP-.
DHCP, , ,
, DHCP-,
, .
DHCP-,
DHCP- (
, .
DHCP- PTR DHCP-, IP- .
DHCP-,
, .
80% IP- DHCP-, ,
20% DHCP- . DHCP-,
80% IP-, DHCP- IP-
DHCP-.
270

, ,
, , .

TCP/IP, . ,
, IP-.
,
, .
Web- , .
, , IP .
* DHCP IP- TCP/IP, IP- WINSDNS- , DHCP-.
IP-, DHCP-.
DHCP- , , .
DHCP-,
DHCP- (
, . DHCP-
PTR DHCP-,
IP- .

~ Subnetting IP-
.
~ Perimeter network , ,
;
(Intrusion Detection Systems, IDS).
DHCP- ~ DHCP Relay Agent ,
DHCP/BOOTP DHCP,
. RFC-1542- ,
DHCP-.
80/20 ~ 80/20 Rule , IP DHCP-
80 : 20%.
271

1.
1. ?
: : 5 (6 + WAN); : 7 (9 + WAN + );
: 1 (2 + WAN); D: 4 (5 + WAN).
2. .
a. /16.
b. /19.
c. /21.
d. /24.
: d.
3. IP-?
a. 7.
b. 1204.
c. 2903.
d. 4032.
: (2903 , :
808; 1311; 129; D 655).
4. IP-?
a. 1.
b. 2.
c. 2903.
d 4032.
: .
5. ,
?
a. 254.
b. 1022.
c. 6398.
d. 65 534.
: .
6. .
IP-, .
a. 10.0.0.0/8
b. 230.120.0.0/16
c. 69.254.0.0/16
d. 192.168.0.0/16
: a n d .
272
1.
1. . ?
IP- ?
: (1-126), (128-191), (192-223), D (224-239) (240-255).
IP-: 10.0.0.1-10.255.255.254, 172.16.0.1-172.31.255.254 192.168.0.1192.168.255.254.
2. 15 000 ,
.
IP-, IP-.
, 500600 , 350
. IP-
.
: ,
. 254 ,
, 126, 62, 30 . .
65 000 , .
, 500600 ,
255.255.0.0. 600 8
(28 = 256), , 8
250 .
.
10.0.0.0 255.255.192.0, 1024 16 000
.

. , 255.255.240.0 4000
4000 , 255.255.248.0 8000
2000 .
, SQL Server,
. ipconfig,
:
IP Address: 192.168.8.142
Subnet Mask: 255,255.255.128
Default Gateway: 192.168.8.1
?
: (
). , ,
.
128.
1 ( ) 126 (127 ,
). 192.168.8.128
129 254. , IP-
. , IP-,
, . ,
TCP/IP ,
192.168.8.1, , IP-.
273
2.
Web- Web-
. Web- ,
.
- , .
Web-,
, ?
: Web-
.
2.
?
: IDS . ISA
Server IDS ( ).
3.
.
?
: , (
, IDS). (,
SPI . .), , , ,
. .
3.
1. IP- DHCP-,
DHCP-?
: . DHCP-
, DCHP- , ,
DHCP- .
2. DHCP DNS-cep DHCP-?
: 003 Router 006 DNS Servers IP-
DNS-.
DHCP. ,
. ipconfig / a l l ,
, :
IP Address: 169.254.112.14
Subnet Mask: 255.255.0.0
Default Gateway:
.
: DHCP, IP- 169.254..
, DHCP IP APIPA.
74
4.
1. DHCP- ( )?
.
: , DHCP
10 000 .
2. DHCP- (
)? .
: ,
DHCP.
3. DHCP ?
.
: , ,
4. ,
.
?
: -
- . -
DHCP-, .
DHCP-, ,
80/20.
.
4.
1. DHCP (, ),
RFC-154- . DHCP-
, DHCP-,
DHCP- . DHCP-
, IP- DHCP?
: . RFC-1542-
( ), , DHCP-.
2. , DHCP-
?
: DHCP-
DHCP- RFC-1542- .
,
.
3. ,
DHCP.
: ,
.
275

1. IP- ?
?
: IP-
. 1100 ,
, 300 . ,
300 .
10.0.0.0/16, 256 , 65 000 ,
10.0.0.0/24 65 536 254 .
172.16.0.1/24 256 254
, .
2. , Web, ?
: Web-
.
3. ?
: ,
.
, .
IDS .
1 .
277
2.
280
3.
284
4. NAT
288

8, IP-,
IP-. IP-
,
.
IP- .
IP-
IP-, . ,
(Network Address Translation, NAT),
NAT.

, 1.
277
1.

,
RAID, .

, , .
, :
S , ;
S .
20 .

,
, . ,
, ,

.
, , -
DNS-,
? ,
?
, ,
, .
,
.
.
.
?
, . ,
,
?
?
? (, )? ,
, ,
, .
-
,
.
?
. ,
?
, , -
-.
. , ,
.
? , . ,
, ,
. -
, Web- ,
.
.
? ,
VPN,
.
, ?
,
( , ,
. .). , - .

.
?
, ( VPN,
10),
? VPN-
. ISP?
Frame Relay,
? . ,
, !

.
.
(VPN) ,
, VPN ,
.
ISP ,
. ISP , -,
. ,
, ISP.
VPN
.
ISP ?
ISP - (
, 99% )? ?
?
ISP - ,
? VPN
, IPSec- L2TP .
ISP
?
?
? ,
(1),
. ,
? ,
.
, , .
:
, .
:
, 56 /;
(Integrated Services Digital Network, ISDN)
64 / 2,048 /.
:
(Digital Subscriber Line, DSL),
, .
, 144 / 1,544 / ;
T-carrier, ,
64 /. -1 24
64 /, 1,544 /. -2
6,312 /, -3 44,736 /, -4 274,176 /.
-1 (fractional -1), 64 /;
E-carrier, ,
64 /. fractional E-1 -1,
2,048 /. -2 8,448 /.
:
.25,
. 9600 / 1,544 / ;
(Frame Relay) 56 /
1,544 /;
(Asynchronous Transfer Mode, ATM),
25622 /;
(VPN),
.
ISP , ,
.

, ,
. ,
. .
1. ,
. ,
, -
280
. DSL NAT.
, ,
.
?
2. , , 95%
. , ,
(Network Access Server, NAS), NAT-,
Windows Server 2003 Standard Edition 32
NAT DSL. ,
.
3. ,
ISP . VPN.
ISP?
, ,
, ,
. ISP
.

. ,
.
.
,
?
,
,
. , ,
?
ISP VPN ,
,
. ,
- ,
,
.
.
2.

. , 1965 .
, 20
. ,
. -,

.
.
, :
S ;
S
.
20 .

, ,
. ,
,
. ,
.

,
.
. , ,
, .
.
Web-,
Web.
Outlook 1325 .
100 ,
, 2 ,
500 000 .
-1, 30% .
, ,
.
Ethernet. 10 /, ,
10 . , - Ethernet
40% .
6 /.
,
.
( ),

.
? ,
, '
.
282
Tnasa 9
DHCP- DNS-? ,
.
Web-
?
, ,
. ,
,
.
(
Voice over IP, VoIP)? VoIP
,
,
.
,
.
, .

(Virtual Private Networks, VPN)
10, VPN .
,
. , VPN
,
.
, .
.
VPN?
VPN VoIP, Web-
? , ?
, ,
, ISP ,
. ,
. ,
, ISP ,
, ,
.

: ,
-1 -3, , ,
. ,
,
.
.
,
. , Web-
Active Directory VPN,

. , .
. ?
, ? ,
,
.
WAN. WAN
WAN- ,
Web- ( , ,
).
, HTTP Telnet,
, SMTP FTP.

, ,
. ,
. .
1. . 100
.
56- ,
,
Web-. ?
2. .
.
, -
VoIP.
?
3.
? .
, ,
, ISP ,
. 1SP ,
, ,
.
,
,
, .
VPN
, , VPN
, VoIP Web-,
.
, ,
- . ,
.
3.

.
. (Network
Address Translation, NAT) ,
. NAT
.
, :
S NAT;
S NAT.
20 .
NAT
NAT ,
, . , IP-,
. 9-1, ,
.
. 9-1. ,
IP-
10.0.0.0/8
10.0.0.1-10.255.255.254
172.16.0.0/12
172.16.0.1-172.16.31.254
192.168.0.0/16
192.168.0.1-192.168.255.254
IP-,
.
Windows Server 2003, .
(Routing and Remote Access, RRAS)
(Internet Connection Sharing, ICF), NAT. ICF
,
NAT RRAS (. . 9-1).
NAT IP- TCP/UDP
IP- .
IP-, Internet Network Informa
tion Center (InterNIC) ISP, ,
NAT. NAT
. 4
IP- ,
.
. 9-2 Windows
Server 2003.
" m\$
_ \
\
d it) COMPUTER! ()
_&|_
jL (Oj
;--]|[
/ &
1 ^^.
^
^^*
^ 2 -
B - j f l . IP-
j | [
jg^
j g ^ -
+ *Q ,<
[+. +^-
1L
. 9-1. NAT
. 9-2.
NAT
(TCP UDP)

IP-
IP-,
InterNIC
IP-, .
Web-, IP- DNS-,

, .
DNS-, 53
.

, ,

. 9-2 NAT . NAT

IP- IP- 66.x. 130.77, .
.
286
1. IP- .
2. IP , IP-
( , ), IP-
(192.168.8.2), (TCP UDP), .
3. IP- ,
, NAT.
4. NAT IP- () IP 66.x.130.77, TCP UDP,
.
5. NAT,
IP-
IP- IP- ,
.
. 9-2. NAT
IP-
NAT IP-
, InterNIC. - IP-
, ,
, IP-.
IP 4 (IPv4), NAT
IP-.
IP 6 (IPv6), IPng (Internet Protocol Next
Generation), , 4
( IPv4) ( ,
1036). IPv6 IPv4. ,
IPv6 :
1AB1:0:0:ABCD:DCBA:12 34:5678:9ABC
,
NAT IP-. Windows
Server 2003 IPv6,
(Install).
(Protocol), (Add)
Microsoft TCP/IP 6 (Microsoft TCP/IP version 6).
NAT
NAT , NAT
, IP- . -
, , 9-2,
192.168.0.0/24. ,
IP- , IP- NAT,

. ,
, ,
.
NAT
NAT, RRAS, IP
:
Simple Network Management Protocol (SNMP);
Lightweight Directory Access Protocol (LDAP);
Component Object Model (COM);
Distributed Component Object Model (DCOM);
a Kerberos 5;
Remote Procedure Call (RFC).
Active Directory Kerberos v5,
NAT.
, NAT, -.

Windows 2000, NAT Windows Server 2003 VPN-
, L2TP IPSec. , , FTP-,
Port, IP-
, NAT. NAT Windows Server 2003
:
FTP;
ICMP;
a Point-to-Point ( );
Direct Play ( );
ILS (Internet Locator Service), LDAP.
MAT Traversal
IP- ,
NAT, ,
, . NAT
Traversal ( NAT)
NAT . NAT,

.

, ,
. ,
. .
288
1. , , ,
DSL-, .
, NAT?
2. IP NAT.
IP-.
NAT, ?
3. NAT ,
, , ,
NetWare 4.11, .
?
(NAT) ,
. NAT ,
IP- IP-,
.
NAT IP- InterNIC.
NAT
, ,
.
NAT Traversal
NAT,
.
4. NAT
NAT,
, NAT.
NAT.
, :
S NAT;
S NAT;
S NAT
25 .

NAT
:
NAT ;
, NAT;
NAT
, IP-;
NAT IP- DNS
( DHCP- DNS);

;
;

;
NAT, .
NAT
. NAT ,
,
. , L2TP/IPSec
NAT, , IPSec, IPSec NATTraversal (IPSec NAT-T), IPSec NAT.
, NAT , IP-,
IP-, NAT .
IP- IP-
DHCP- IP-
DHCP- NAT (. 9-3).
i
ir-fllsea &&
~'~-
f.>. - , : > ; - .
. 9-3.
'.,. - .-;
...1W.
psr ffi
iPsV!--
v- ,,,
$1&*:
NAT DHCP

DNS, NAT: NAT
DNS-
(. 9-4).
CBowcfBar[SftT/npocToH%i^îajf^^^:
\
5* appstp? ft
&^ *? . ^^
OK
. 9-4. NAT DNS
NAT
NAT , WINS DHCP. NAT
:
;
;
.

NAT :
IP- ,
IP- () .

NAT ,
.
, ,
.

NAT. NAT ,
NAT
(Routing and Remote Access). . 9-5 LAN-,
.
NAT
-,
. 9-5. NAT
NAT
NAT, , ,
. 3, NAT
-,
.

IP- , .
, .

,
. ,
IP-. ,
, .

Web-,
. ,
IP- IP-
, .
IP-
IP- . -
. ,
Web-, . . 9-6
(Services And Ports),
(Properties) ,
. Web- IP-, ,
IP- DNS-, IP-
.
;
^ * j
&*&! | jttoP j
-** i la Sbffrjpa & &^^ &

(5?3f iMfljB
FTF-
Internet Mail Access Protocol, 3 (1)
Internet Mail Access Protocol, 4IIMAP4)
(SMTP)
IP- !1KE)
Q IP [ IKE NAT1
Posf-Ofhce Protocol 3 []

~1 IHTTPS]
Telnet -
. 9-6.
$&&$*
IP-,
ISP. , IP-
IP-. 2,
; 2, 4, 8, 16 . .,
, IP- . , 8 IP, 192.168.1.32-192.168.1.39, 192.168.1.32
255.255.255.248. Add ()
(Address Pool), . 9-7, IP, ISP.
; NAT

IP-, .
1 4
MAT
JJJSJ
!*(-.{*-<
r.i)4!S!!iMi|Cfi.lKf/s.'...rP!,!! \
3 * w fft aupeeis s-a3H5tae-;C4jT3CT3uH->>-i-^t:4" ^,
|;. j
,;:
<?!'*
tJTCfti?
^^'^
. 9-7. NAT IP-

8, ,
, . ,
, ,
Web-, .
, , .
, ,
, .
. NAT
NAT .
, .
.
Northwind Traders ,
.
Windows NT 4.0 (
). ,
,
, .
,

, .
2000
1000
750
750
500

1. IP . NAT. NAT ?
Exchange Server 2000,
Outlook 2003. Outlook 2003
Exchange RPC.
. NAT ?
?

, ,
. ,
. .
1. ,
.
, ,
. NAT
. NAT ? .
2.
, ,
IP-, ISP. , NAT
. NAT,
IP- 25 ?
3. ,
Web- .
IP- .
?
NAT, , NAT
. , NAT
.
,
. , NAT,
.
NAT ,
.
NAT
. ,
.

Contoso, Ltd., , 300
, (
). .
,
.
-
, .
Windows XP Professional
Windows Server 2003, Windows
Professional, .
10 ,
20 Windows
Professional Windows Server 2003. ,

.
296

, ,
.
DSL, Windows Server 2003.
)' DSL
.
1.
, .
. ? ?
2. Active Directory,
Windows Server 2003. dcpromo
, Windows Server 2003,
, . ?
3. Windows Server 2003 NAT,
IP-
10.1.1.112. ?

, , ,
.
ISP , .

, .
, .
.
,
?
VPN ,
, ,
-
. , ISP -
, ,

.
.
,
,
, .
VPN
, , VPN , VoIP Web-, ::
.
297
, ,
- . ,
.
(NAT) ,
. NAT ,
IP- IP-,
.
NAT IP- InterNIC.
NAT
, ,
.
NAT Traversal
NAT,
.
NAT, , NAT
. , NAT
.
,
. , NAT,
.
NAT .
NAT
. ,
.
j j
, ,
, , .

, .
, , , ,

.
,
,
.
VPN ,
, ,
ISP -
. , ISP -
-
.
,
, ,
, ISP ,
. ISP ,
, ,

VPN
, , VPN
, VoIP Web-,
.
NAT . ,
(10.0.0.0/8, 172.16.0.0/12 192.168.0.0/16),
,
IP-.
NAT ,
.
NAT, , NAT
.
NAT
, .

~ Intrusion detection system (IDS)
,
.
~ Virtual private network (VPN) ,
. ,
, .
() ~ Bandwidth ,
, /.
~ Network Address Translation (NAT) ,
IP-
.
NAT Traversal ,
NAT.
/ ~ Inbound/Outbound Filters ,
NAT,
.
~ Special Port
.
Voice over IP (VoIP) ,
, .
9'
;
1,
1. ,
. ,
,
. DSL NAT.
, ,
.
?
:
, , ,
.
- .
2. , , 95%
. , ,
(Network Access Server, NAS), NAT-,
NAT DSL. ,
.
:
. , , NAS
.
3. ,
ISP . VPN.
ISP?
: , ISP -
, . ,
ISP .
2.
1. . 100
.
56- ,
,
Web-. ?
: Web,
, .
2. .
.
,
2QQ
- VoIP.
?
: VoIP
.
,
.
3.
? .
: . ,
. , .
, ,
, ,
.
3.
1. , , ,
DSL-, .
, NAT?
: -, , NAT ,
. -, NAT ,
:
, DSL.
2. IP NAT.
IP-.
NAT, ?
: IP-
, , , .
NAT. NAT
IP- NAT, IP-
IP- ,
.
3. NAT ,
, , ,
NetWare 4.11, .
?
: NAT ,
TCP/IP. NetWare,
, IPX/SPX, TCP/IP.
TCP/IP.
4.
1. IP . NAT. NAT ?
:
IP- .

.
, ,
, . ,
Web-,
.
Exchange Server 2000,
Outlook 2003. Outlook 2003
Exchange RPC.
. NAT
? ?
: . NAT ,
NAT RPC, SNMP, LDAP, COM, DCOM Kerberos v5.
Exchange 2003 RPC, RPC
NAT.
4.
1. ,
.
, ,
. NAT ? .
: , ,
IPSec, IPSec NAT-Traversal (IPSec NAT-T), IPSec
NAT.
2.
, ,
IP-, ISP. , NAT
. NAT,
IP- 25 ?
: NAT
, IP-
, IP- .
IP- NAT
.
IP-, NAT DHCP-. DHCP-
IP-
.
3. ,
Web- .
IP- .
?
: Web-
, , -, IP-,
. IP- IP, . -, ,
IP- IP- .
10
1.
304
2.
316
3.
321

-
:
;
;
;
;
;
;
;
, ,
.
:
;
;
.

, ,
. -
304
10
, ,
, .
,
,
.
.

,
.
,
.

,
1.
1.

, ,
. ,
,
.
, :
S ;
/ ;
S .
50 .

, ,
.
Windows Server 2003
(virtual private network, VPN).
,
.

, ,
:
(Network Access Client);

(Network Access Server, NAS).

Microsoft Windows
95, 98, 2000, , , (Pointto-Point Protocol), Linux, Macintosh NetWare.

. :
, ;
VPN-;
.

. ,
,
. ,
.
, :
;
,
;

;

.
, :
* ,
, ;

;

, ,
,
, .
:
(Public Switched Telephone
Network, PSTN).
.
;
(Integrated Services Digital Network, ISDN). ISDN
PSTN ,
. BRI- ISDN , D. -
, BRI-
306
10
ISDN , 64 /;
, 128 /. D-
16
/.
PRI- ISDN,
. PRI 23 64- - 64-
D-. ISDN ISDN- (. . 10-1).
. 10-1. ISDN
,

,
. ,
.
.
, .
(Ports)
(Routing and Remote Access).

Active Directory (. 10-1).
. 10-1.

(VPN ) [Remote Access
Permission (Dial-in or VPN)]

(Verify Caller ID)

(. 3)
,
.
,

(Callback Options)
,

IP ,
IP- (Assign a Static Internet Protocol

(IP) Address)
- , (Apply Static Routes)

RRAS

VPN-
VPN- ,
, IPSec- (. )
.

2,4
5,0 802.11
(. . 10-2). (IR),
,
. Bluetooth

, (Personal Digital Assistants, PDA).
Windows XP SP 1 .
. 10-2.
() / (/)
802.11
802.11b
802.11
802. llg
2,4/2
2,4/11
5/54
2,4 / 22

:

, .
(. 2);
, (Access Point, ) ,
. LAN,

.

.
, (
). ,
:
;
, 2,42,5 ;
;
> , , .
:
;
;
;
.
10
?

, .
,
, .
45 .
,
.
.
,
.
.
, ,
.

:
,
;

, .
, RADIUS,
RADIUS-,
IAS (. 3).
, ,
, .
. 10-2 , NAS,
. Windows Server 2003 NAS
(RRAS).
^"',
. 10-2. NAS , VPN

g0g

(NAS) ,
. RRAS Windows Server 2003
, ,
VPN-.
,
,
. IAS-
(Microsoft- RADIUS, RADIUS 3).
:

.
. ,
,
. , ,
,
;
, .

. , ,
, ,
. ,
.
,
, .
.
, .
, , , .
(
) ;
, ,
SLIP. SLIP IP, ,
, ,
;
.
:
. ,
:
( );
;
;

;
RADIUS ,

. RADIUS ,
.
10

,
.
. . 10-3
,
.
. 10-3.
Challenge Handshake Authentication

Protocol (CHAP)
Password Authentication Protocol
(PAP)
Shiva Password Authentication
Protocol (SPAP)
Microsoft Challenge Handshake
Authentication Protocol (MS-CHAP)
,
-
,

, ,

Microsoft Challenge Handshake Authenti

cation Protocol version 2 (MS-CHAP v2)
Extensible Authentication Protocol Trans
port Layer Security (EAP-TLS)
Protected Extensible Authentication

Protocol (PEAP)
MD-5 Challenge
Microsoft,
CHAP
,
Windows 2000

, -,

802.1,
,

-
,

Extensible Authentication Protocol (EAP) ,

.
, :
;
;
;
.
,
,
! -
, Windows Server
2003. Windows XP Windows Server 2003
-, 2810,
; .
311

,
(
), ,
.
, ,
, ,
, , , ,
, ,
.
, .

NAS-
. NAS ,
.
VPN

, VPN.
VPN
.
VPN.
. VPN- ,
,
, , , ,
.
.
, 3-DES, ,
VPN-.
VPN-.
, .
,
. VPN ,
,
.
VPN
VPN ,
.
,
. ,
, .
312
10

VPN- (. 10-3).
VPN-
. 10-3. VPN

L2TP. VPN-
.
1. VPN- NAS (), VPN, RRAS.
2. VPN- ,
.
3. VPN- VPN-
( ).
,

.
VPN.
. VPN- ,
.
. VPN
,
.
IP-. , ,
, VPN IP-
.
VPN
VPN- , VPN-
VPN-, .
VPN :
. ,
, ;
.
: L2TR , -
g-j
(Microsoft Point-to-Point Encryption). L2TP/IPSec

. L2TP
Windows XP Windows Server 2003;
VPN ,
;
, ;
VPN-
VPN- ;
IP- . VPN-
IP- DHCP,
DNS WINS-.
VPN
VPN-
. , VPN-
,
VPN.
VPN-,
:
;
.
VPN-
, , VPN. VPN- ,
, VPN-
, VPN-.
,
VPN-, . ,
,
, VPN.

VPN
.
, ,
.

,
, -
?.
, , .
, .
314
10

, ?
?
?
,
?
?

VPN-?
,
?
,
. ,
10 .
, 150
.
.
NAS, .

,
NAS-. ,
, 256 ,
56- .
, 30-
.
:
30 / 256 = 7680 /.
, NAS 70%
10- Ethernet, .
,
. ,
, ISP
, ,
, , .

.

. ,
,
, - ,
, IDS, .
,
.
.

.
.
Northwind Traders WEP

- .

, , -.
:

; , ,
;

.

, .
1. Northwind Traders
? ?
2.
Northwind Traders? ?
3. ,
. .

, ,
. ,
. .
1. .
2. - ,
. ,
,
. ,
, ,
. ,
?
3.
, ,
-.
, .
?
3"f
10

.
, ,

.
VPN- ,
TCP/IP, L2TP.

2,45
802.1. , (IR) ,
,
.
-
;
.
2.

. ,
,
, , . .

,
.
, :
S
;
/
.
- 20 .

,
. ,

, .
VPN-
, ,
NAS .
.
. 100 /
,
100 /
.
, IPSec (IPSec
hardware offload),
.
.
, .
.
. , .
1000 , 512
. 1000
128 , 128
. ,
NAS- 256 ,
2000 VPN- 768 :
256 + (128 2) + (128 2)
,
;
, .

.
.
? ?
?
. 56- 1,
?
. ,
?
, ?
. ,
?
, . ,
? ,

, NetWare 4.11
IPX/SPX, ?
,
.
VPN- , , -
318
10
,
. .
,
VPN-.
,
. , ,
, :
;
VPN;
.
,

. ,
,
,
. ,
, VPN- . :
!

, NAS, ,
(. 10-4).
. 10-4.
NAS
NAS

VPN-
IAS-
NAS ,
:

?
?
,
?

VPN-?
L2TP
VPN-?
, ,
IAS-,
.
, ,
. ,
, .
,
. ,
.
,
: .
, ,
, 30
.
,
NAS.

NAS . ,
NAS,
. ,
NAS . ,
, VPN-.
, ,
. ,
, ,
.

, 10
150, .
NAS?
, NAS-?
NAS: ?
NAS
, :
, ,
, ;
, ;
,
.

,
.
VPN
VPN,
.

NAS-: L2TP?

?
VPN-?
10
.

.
.
Northwind Traders
( Northwind Traders
3 7).
,
.
, WAN-
.

, .
1. ? ,
? ?
2. VPN-? ?
3. ?
.
4. , VPN .

, ,
. ,
. .
1. ,
.
2. ,
.
3. ,
.
. ,
.
,
Microsoft Server 2003.

,
( , . .).
NAS ,
,
,
.

, ,
, .
3.

, ,
. ,

.
, :
S ;
/ ;
S IAS.
60 .

.
,
, . ,
,
, .

(Internet Authentication Service, IAS)
, ,
,
.
322
10

,
, .
(. . 10-5),
.
. 10-5.

(Authentication Type)
, CHAP, MS-CHAP
. .,
,
(Called Station ID)
NAS. ,

,
(Calling Station ID)
RADIUS.
( IAS) [Client-Friendly Name]
RADIUS,
IP- ( IAS)
[RADIUS. Client IP Address]
IP- RADIUS
RADIUS-
NAS ( IAS) [Client Vendor]
,

(Day and Time Restrictions)

(Framed Protocol)
IAS
(, SLIP, Frame Relay .25)
MS RAS Vendor
RADIUS
( )
NAS
( IAS)
[NAS Identifier]
IP- NAS,
( IAS) [NAS IP Address]
IP- ( RADIUS)
NAS,
( IAS)
[NAS Port Type]
,
, ISDN,

,
(Service Type)
, , Telnet . .,

(Tunnel Type)
, PPTR L2TP . .,

Windows,
(Windows Groups)
,
,
, .
, , -
. ,
. .
(Dial-in constraints)
, RRAS
.
, , ;
. ,
,
.
IP (IP). IP- ,
IP- , ,
. IP,
IP-.
(Multilink)
,
.
(Authentication)
(MS-CHAP, EAP . .), ,
MS-CHAP MS- CHAP v2.
(Encryption)
, , ,
( 3DES 160- ).
(Advanced). ,
, RADIUS IAS
RADIUS.

:
;
;
;
1-;
, IP- -
.
SAS
,

. IAS
,
IAS.
IAS,
(Remote Authentication Dial-In User Service, RADIUS).
,
. RADIUS VPN,
.
324
10
RADIUS
RADIUS :
RADIUS- , ,
,
, VPN . RADIUS-
,
. ,
IP- RADIUS- . . RADIUS-
;
RADIUS- , VPN . (
) , RADIUS-,
RADIUS-. ,
RADIUS,
, RADIUS;
RADIUS-. -ISP,
, ,
RADIUS-. RADIUS- ,
RADIUS- . RADIUS-
RADIUS-,
, , RADIUS- (.
. 10-4).
RADIUS
jf.
%
"4DIUS-
!_
NAS
<*
3*
I
>ig|
RADIUS-
. 10-4. RADIUS-,

IAS , VPN
:
. IAS NAS;
. IAS
, CHAP, MS-CHAP 1 2, EAR IAS
,
. IAS- Active Directory,

;
. IAS
, .
VPN-
, ,
RADIUS-.
IAS-, RADIUS , IAS-.
RADIUS
, IAS:
RADIUS-, RADIUS- RADIUS-?
, RADIUS-. , NAS,
IAS, RADIUS-.
, ,
, RADIUS-,
. , RADIUS :
RADIUS;
RADIUS ;
RADIUS.
RADIUS,
:
;
;
, , : 1,
. .
RADIUS
,
RADIUS
. ,
RADIUS-, RADIUS.
RADIUS-,
,
RADIUS- . ,
RADIUS- ,
RADIUS-, RADIUS-,
,
, RADIUS.
RADIUS
. RADIUS-
, :
MS-CHAP vl, v2;
EAP-TLS;
CHAP;
SPAP;
PAR
326
10
RADIUS- ,
, IPSec (
L2TP). IPSec
160- , 3-DES.
RADIUS

, ,
.

.
RADIUS- ,
IAS-
.
IAS- RADIUS,
.
RADIUS RADIUS-,
, RADIUS-
RADIUS-.
IAS- .
, ,
RADIUS.
RADIUS, ,
; ,
, .
,
.
, . ,
RADIUS , ,
, .

RADIUS-, , 1:
;
ISDN.

. ,
.
ISDN.
, ISDN-.
ISP,
.
ISP, , ISP
. ,
, !
327
RADIUS
RADIUS,
RADIUS, .
, RADIUS
VPN. . ,
RADIUS RADIUS- RADIUS-.
RADIUS-
, :
;
WAN-;

RADIUS- .
RADIUS- ,
.
RADIUS- , .
.

, ( ).
.
1.
, VPN?
2. ,
?
3. RADIUS-?
, IAS RADIUS?
4. ,
-? , ?

, ,
. ,
. .
1. ,
. ,
.
?
IAS.
RADIUS-?
3. ,
RADIUS-.
RADIUS-?
10
,
,
.
,
. ,
.

, IAS,
Microsoft- RADIUS.
IAS , ,
, VPN .
RADIUS- ,
.
RADIUS- , VPN-
.
RADIUS- RADIUS.
RADIUS- , RADIUS-
. , RADIUS-
RADIUS-, RADIUS-.
,
Contoso Ltd., ().
, . Contoso ,
, .
, ,
. ,
( Windows
2000, Windows Server 2003 NetWare 4.11,
),
, .

12 Contoso
- .
, 22 .
- , Contoso ,
, . ,
, .
, , , .

,
.
, (,
).
.

Web-
.
, .
1. .
,
. ?
2. , , ,
.
, (
). ?
3. - ,
,
. ,
.
?
4. ,
NAS.
, ?
]

.
, ,

.
330
10
VPN- ,
TCP/IP, L2TP.

2,45 ,
802.1. , (IR) ,
,
.
-
;
.

,
( , . .).
NAS ,
,
,
.

, ,
, .
,
,
.
,
. ,
.

, IAS,
Microsoft- RADIUS.
IAS , ,
, VPN .
RADIUS- ,
.
RADIUS- , VPN-
.
, RADIUS- RADIUS.
RADIUS- , RADIUS-
. , RADIUS-
RADIUS-, RADIUS-.
,
. ,
.
gg-|

, ,
, , .

. , ,

. VPN-
, TCP/IP,
L2TP .

.
NAS ,
,
,
.
,
,
. .

, IAS,
Microsoft- RADIUS. IAS RADIUS Microsoft.
RADIUS RADIUS-
RADIUS-.
RADIUS NAS IAS. RADIUS
, VPN- . RADIUS-
, RADIUS- .

() ~ Access point () ,
. LAN,
.
~ Network Access Server (NAS) ,
, Windows
Server 2003 (Routing and Remote Access,
RRAS). NAS
VPN .
RADIUS- , ,
.
RADIUS- , VPN
;
RADIUS-.
332
10
RADIUS- , , RADIUS-
, RADIUS-.
~ Extensible Authentication Protocol (EAP)
, -
,
.
1.
1. Nortlrwind Traders
? ?
: 802,1,
.
2.
Northwind Traders? ?
: WPA (WiFi Protected Access),
.
3. ,
. .
: WPA
, RADIUS-
802.1.
1.
1. .
: ,
, .
, ,
.
2. - ,
. ,
,
. ,
, ,
. ,
?
: VPN- RRAS
VPN- .
, , ,
, LAN.
3.
, ,
-.
ggg
, .
?
:
, .
.
2.
1. ? ,
? ?
:
, - -,
. -
,
, .
2. VPN-? ?
: VPN- ,
VPN-
WAN-,
VPN-.
3. ?
.
: L2TP/IPSec ,
NAT. ,
VPN, -,
VPN-. VPN- IPSec
3DES.
4. , VPN .
: IPSec (Public Key Infrastructure,
PKI) VPN.
2.
1. ,
.
: , ,
.
2. ,
.
: ,
,
, .
, .
3. ,
.
. ,
.
10
,
Microsoft Server 2003.
: ,
. L2TP s
, Windows Server 2003.
3.
1. ,
. ,
.
?
: ,
RRAS .
, ,
. ,
, ,
, .
IAS.
RADIUS-?
: ,
RADIUS , ,
RADIUS-, . RADIUS, RADIUS,
, , .
3. ,
RADIUS-.
RADIUS-?
: ISP,
, , ,
RADIUS-. RADIUS- , RADIUS .

1. .
,
. ?
: .
,
NAS, .
, , ,
.
2.
, , ,
. -

, (
). ?
: , , , -,
. , ,
.
(Hardware Compatibility List, HCL)
, NAS.
3. - ,
,
. ,
.
?
: NAS VPN-, VPN-
.
, ,
, L2TP IPSec.
4. ,
NAS.
, ?
:
, .

- .
256
ACL (access control list) 5, 190
Active Directory 3, 4, 23
4
75
155
155
155
13
11
Active Directory integrated zone . ,
Active Directory
ADLB (Active Directory Load Balancing) 167
administrative boundary .

alias .
ANI (Automatic Number Identification) 39
APIPA (Automatic Private IP Addressing) 33
ARP (Address Resolution Protocol) 27
ATM (Asynchronous Transfer Mode) 28
AXFR (Full Zone Transfer) .
,
BDC (backup domain controller) 62

BIND 187, 196
bridgehead server . , ;
,
callback .
Caller ID .
CHAP (Challenge Handshake Authentication
Protocol) 38, 310, 325
CIDR (Classless Internet Domain Routing) 30
closet .
COM (Component Object Model) 287
credential .
D
DACL (discretionary access control list) 193
DAP (Directory Access Protocol) 3
data delivery .
DCOM (Distributed Component Object
Model) 287
default gateway . ,
default subnet mask . ,
DFS (Distributed File System) 146, 147

DHCP (Dynamic Host Configuration
Protocol) 23, 33, 56, 63, 189, 218,
259-264
DHCP relay agent .
DHCP
dial-up access . ,

directory .
distribution group . ,
DMZ (Demilitarization Zone) 255

DN (distinguished name) 80, 87
DNS (Domain Name System) 1, 16, 17, 23,
26, 63, 90, 182-194, 204, 265
23
23
21
domain functionality . ,
Domain Naming Master . , ,

domain partition information . ,

down-level domain . ,
(Extensible Authentication
Protocol) 38, 310
EAP-TLS (Extensible Authentication Protocol
Transport Layer Security) 310, 325
equal masters .
Ethernet 28
external trusts .
,
F
Fast zone transfer . ,
firewall .
forest .
forest functionality . ,
forest root domain . ,

forest trust . ,

forward lookup query . ,

FQDN (fully qualified domain name) 5, 19,
90, 183 .
frame .
FRS (File Replication Service) 146, 148
FSMO (flexible single master operations) 89
FTP (File Transfer Protocol) 26
G
gateway .
GPO (Group Policy Object) 61, 107, 108,
109, 127
OU 129
129
129
132
129
OU 132
131
131
131
131
hop .
host .
host ID .
HOSTS 16
HTTP (Hypertext Transfer Protocol) 26
I
IAS (Internet Authentication Service) 321, 323
ICF (Internet Connection Sharing) 284
ICMP (Internet Control Message
Protocol) 27, 28
IGMP (Internet Group Management
Protocol) 27, 28
IIS (Internet Information Services) 63
Infrastructure Master . ,
intersite replication . ,
intrasite replication . ,
inventory .
IP (Internet Protocol) 13,27
IP Lease Discover . IP-,

IP routing . IP-
IPSec 195
IP- 28
33
29, 246
248
ggj
260
260
247
IP- 28, 56, 244, 246
262
29
1- 16
ISDN (Integrated Services Digital
Network) 35, 305
IXFR (Incremental Zone Transfer) .
,
(Knowledge Consistency Checker)

Kerberos 10, 287
163
L
L2TP 312
LAN (local area network) 13, 55
LDAP (Lightweight Directory Access
Protocol) 3, 4, 86, 118, 287
leasing . IP-,
LMHOSTS 16
load balancing .
locator service .
mail exchange record . ,
MD-5 Challenge 310

member server . ,
MS-CHAP (Microsoft Challenge Handshake
Authentication Protocol) 38, 310, 325
multicast group membership .
IP-
multicasting .
multimaster model .

N
name resolution .
name server record . ,
namespace .
NAS 309
NAT 284, 288
NDS (Novell Director)' Services) 3
NetBEUI (NetBIOS Extended User
Interface) 37
NetBIOS (network basic input output
system) 26, 37, 89, 216, 220, 227
network ID .
node .
838
one-time password system .

operations master role . , ,
OSPF (Open Shortest Path First) 32

OU (organizational unit) 7, 8, 48, 76, 101113
P
PAP (Password Authentication Protocol) 37,
310, 325
parent and child trusts .
,

patch panel .
PDA (Persona! Digital Assistants) 307
PDC (primary domain controller) 62
PEAP (Protected Extensible Authentication
Protocol) 310
pointer (PTR) record . ,
policy .
(Point-to-Point Protocol) 36
312
preferred route .
Primary Domain Controller (PDC)

Emulator . ,

Primary zone . ,
primary zone file . ,
private network .
PSTN 305
PSTN (public switched telephone network) 35
public address .
R
RADIUS (Remote Authentication Dial-In User
Service) 323-326
RAP (Remote Access Policies) 39
RAS 37
RDN (relative distinguished name) 87
realm trusts . ,

redundancy .
Relative Identifier (RID) Master . ,
RID
resolver .
resource record . ,
reverse WINS record . ,
WINS
RIP (Routing Information Protocol) 32
router .
routing .
routing table .
RPC (Remote Procedure Call) 162, 287
RRAS (Routing and Remote Access
Service) 35, 284
rule .
s
SAM (Security Accounts Manager) 2, 75, 76
schema .
Schema Master . , ,
scope .
secondary zone . ,
secondary zone file . ,

secure access token .
security boundary . ,
security database .
security group . ,
security principal .
security principal object .

service record . ,
shortcut trusts .
,
SID (security identifier) 12, 88, 154
SLIP (Serial Line Internet Protocol) 37
SMTP (Simple Mail Transfer Protocol) 13,
26, 162
SNMP (Simple Network Management
Protocol) 287
SPAP (Shiva Password Authentication
Protocol) 37, 310, 325
SRV (service record) 90
stub zone . ,
TCP (Transmission Control Protocol) 26

TCP/IP (Transmission Control Protocol/
Internet Protocol) 16, 25, 246

25, 27
25, 26
25, 28
25, 26
Telnet 26
ticket .
tree .
tree-root trusts .
,
trust relationships .
trusting domain . ,
TTL (Time to Live) 27
UDP (User Datagram Protocol) 26

UPN (user principal name) 83, 87, 88, 155
user object . ,
VPN (Virtual Private Network)
304, 311, 312, 313
36, 195, 282,
w
WAN (wide area network) 13, 55
well-known service record . ,

WINS (Windows Internet Name System)
189, 191, 215-234
X
X.25 35
X.500 3
zone
A

IP- . APIPA

. ANI
DHCP- 56, 261
5
121,310
5
20
121
31
SPI (stateful packet inspection)
256
256
256
3
. VPN
122
124
122
124
122
123
122
16,
123
107,126,127
132
127
130
127
28

102
4, 6, 81

. SAM
8
9
8
8
8
8, 10, 82

8
8, 9, 61, 153
8,10
4, 5, 11, 75, 77
18
19
8
162
18
7, 153
9
64
. DNS
26
Start of Authority 23
Windows Internet Name Service 23
234
WINS 23, 192
23
23
WINS 191
19, 22, 183
23
23 . SRV
234
22, 23
21, 22
21
19, 20. 183. 192
5
. DMZ
20, 184
20
184, 201
Active Directory
193
201
20, 184
20
193
200
193
- B I N D 196
IS4
184
184
4, 6, 7, 64, 80, 82
. LAN
184,
. SID
28
28
39
10
20, 277, 319
221
87, 88
221
221
. UPN
. RDN
221
221
. DN

. UPN
56
20, 21
58
2, 10
305

. PSTN
108
11, 151, 152
. PDC
157
. BDC
225
38
32
28, 32, 55
32
248, 261
30

11, 14
56
33, 260
38
31
4
. GPO
5
106
5
91
4; . OU
. UPN
233
233
32
.
PDA
39
322
. RAP
120
. FQDN
27
27
27
39
281,316
6, 17, 188
22
14
16, 20, 218, 220
. DFS
. WAN

13, 161
WINS 232
14,161
195
14,161
147
162

RID (relative ID master) 12, 88, 154
12, 88, 154
12, 154
11,62,153
11, 79, 153

12, 154
13, 145
13
13, 146, 163, 166
164
166
163
165
167
148
145, 150
12, 155
185
309
20
185, 204
62
185
166
118
38
24
.
RRAS
Windows . WINS
. ICF

. IAS
. FRS
.
RADIUS

3
3
3
3
3
3
56
26
. DN
. ACL

DACL
5

307
32
35, 304, 316, 321

56
VPN 311
37
16 .
88, 117
117
118
119
119
119
16 .
31
1-

32, 37
32
128
28
(Walter Glenn)
MCSE , 17
() , .
20 , Exchange Server 2003
Administrator's Companion (Microsoft Press, 2003), MCSE: Exchange 2000 Server
Administration Study Guide (Sybex, 2000) Mike Meyers' MCSA Managing a Microsoft
Windows Server 2003 Network Environment Certification Passport (Osborne, 2003).
Web
Microsoft.
. (Michael T. Simpson)
MTS Consulting, Inc. ( ),
, .

,
. MCSE, MCSA,
, CNE, CCNP, Security-r Certified Ethical Hacker (). ,
17- , 12-
, ,
.

.
Active Directory
Microsoft Windows Server 2003
fiSICs'GSOtt
. .
ML
05784 07.09.01.
22.08.05. 70x100 '/
. . . 29,67.
2500. 312.
, 194044, -, . ., . 29.
005-93, 2; 95 3005 .
.
190005, -, ., . 29.
' /FD
I^ZZ W W
El'"".
W.PITER.COM

, ,
,
. , 1- , . 10; ./ (095) 234-38-15, 25570-67, 255-70-68; e-mail: sales@piter.msk.ru

- . , . ., . 29;
./ (812) 703-73-73, 703-73-72; e-mail: sales@piter.com
. 25 , . 4; ./ (0732) 39-43-62, 39-61 -70;

e-mail: pitervrn@comch.ru
. 8 , . 2676, 203, 205; ./ (343) 225-39-94, 225-40-20;

e-mail: piter-ural@isnet.ru
. , . 13; . (8312) 41-27-31;

e-mai!: piter@infonet.nnov.ru
. -, . 104, 502;
./ (383) 354-13-09, 211-27-18; e-mail: piter-sib@risp.ru
--
. , . 26; . (863) 269-91 -22, 269-91-30;

e-mail: jupiter@rost.ru
. , . 17; . (846) 994-22-62, 994-69-53; e-mail: pitvolga@samtel.ru
. , . 12, 10-11; ./ (10-38-057) 712-27-05,

751-10-02, (0572) 58-41-45; e-mail: piter@kharkov.piter.com
. , . 6, . 1, 33; ./ (10-38-044) 490-35-68, 490-35-69;

e-mail: office@piter-press.kiev.ua
r w
^
. , . 21, 3; ./ (10-375-17) 226-19-53;

e-mail: office@minsk.piter.com
, .
: (812) 703-73-73.
E-mail: grigorjan@piter.com
/ V ^ .
^
: - - (812) 103-73-72,
- (095) 974-34-50.
: (812) 703-73-73.
- e-mail: kozin@piter.com

Проектирование инфраструктуры Active Directory на основе WS2k3 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Проектирование инфраструктуры Active Directory на основе WS2k3 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

Active Directory'

ISBN 0-7356-1970-0 (.)

Microsoft (Microsoft Certified Professional, MCP)

Microsoft (Microsoft Certified

Microsoft (Microsoft Certified Application

Microsoft (Microsoft Certified Systems Engineer,

Microsoft (Microsoft Certified System

Microsoft (Microsoft Certified Database

Microsoft (Microsoft Certified Trainer, MCT)

.500 Directory Access Protocol (DAP). X.500 Internet Standards

.500, DAP LDAP

Windows Server 2003 .

Windows Server 2003 ,

Windows Server 2003 (multimaster replication model), ( ) Active

DNS (reverse DNS lookups);

Windows , DNS- (DNS

(mail exchange record)

Active Directory DNS

DNS (locator service), Active Directory (

S TCP/IP Windows Server 2003;

User Datagram Protocol (UDP) ,

10000011 01101000 00000000 00000000

00000000 00000000 00010000 01011100

Classless Internet Domain Routing (CIDR)

1111 1000 248. . 1-4

/ , Windows Server 2003

Serial Line Internet Protocol (SLIP). ,

Windows Server 2003

Windows, Windows 2000, Microsoft

^52-&41 Frame Relay

(Security Accounts Manager, SAM) 40 000

, LDAP- (Lightweight Directory Access Protocol),

Active Directory : (distinguished names),

Active Directory Fourth

Fourth Coffee ( ). , Fourth

< ^Sjj (Hidden)

(Access Control List, ACL),

Windows Server 2003 Active Directory :

Windows (Windows Installer service) ,

Windows (Windows Installer Packages)

Northwind Traders Active Directory.

NAeast. nwtraders. local

Windows Server 2003 .

, Active Directory (NTDS.dit),

Microsoft Active Directory Sizer Tool,

DCOM- (Distributed Component Object Model), .

" - " " i

DNS Active Directory:

DNS Berkeley Internet

(Domain Name System

172.16.45.67. (Fully Qualified

SOA (Start of Authority)

PTR (Pointer Record)

CNAME (Canonical name)

. Windows Server 2003

Active Directory: contoso.com ( )

Active Directory: contoso.com ( )

BIND Windows- DNS

DNS Active Directory

DNS Active Directory, WINS DHCP

, DNS Active Directory

. 6-4. WINS DNS

W I N S ' - /:,-^ ,\ - ^ N.-tBTO- ^-^

. ' ^ . ^ ^ ' ,^-^7,1. V/T7-] r ; . / ^."?. ^ ' ' ^ ' -!