Ben’s Blog

Welcome to Exchange class!

To begin, we covered a chapter which reiterates the basics of AD.  Exchange is just a *touch* more complicated than installing, say, Office, and so a good understanding of AD concepts is important.  Afterwards, we briefly looked at the protocols and mechanisms that Exchange uses on a network.

The second chapter we covered actually looked at Exchange the program itself.  Or, what it takes to install the program.  Before we even crack the plastic on our installation disc, we need to make sure the following items have been taken care of: ASP.net, .NET Framework, WWW, SMTP and NNTP (I hope you remember what all of those things stand for!).

Once those services and frameworks have been taken care of, we need to go ahead and prepare our forests and appropriate domains for installation.  The forest comes first, and we prepare it by running the Exchange setup utility with the /forestprep switch.  This takes a while.  After that’s finished, we do the same thing for our domain by running the /domainprep switch against the setup program.

Homework:

• Take Home Test #1 – Chapters  1-2 – download it here.
• Work on Microsoft E-Learning modules

Welcome to CompTIA Network+!

We began the class, after introductions, by diving straight into network fundamentals.  We discussed the differences between clients and servers, between a client/server setup and a peer-to-peer setup and when using each would be appropriate.  Also, we covered the differences between LANs, MANs and WANs, and went over the various networking topologies that exist — both physical and logical.

Homework:

• Chapter One Review Questions

Welcome to the NSA program!

After some introductions, we dove straight into a practice exam!  I’m sure that’s what all of you were expecting on the first day of school, right?  Remember, this test is not for a grade, but it’s a way to measure where you stand right now and how much of this stuff you already know.  If I were to give this test around Christmas, I suspect all of you would do quite well on it!

After that, we dove straight into computers.  Literally.  We actually tore them open and disassembled them.  It’s always a lot of fun for me, as an instructor, to watch a bunch of students have a computer in dozens of parts spread out all over the place.  Next we did some fast-and-furious fact flying about the different parts of the computer, starting with the motherboard, and going through processors, memory, peripherals, storage, power, cooling, and a bunch of other stuff too.

Homework:

• Chapter One Review Questions

Since this class is all about Active Directory, I can’t think of a better way to start than by talking about what exactly AD is.

So, what is it?  Active Directory is the directory service system that modern Windows networks use.  Most networks you’ll find are at least moderately complex, and AD serves as a way to navigate and organize them.  AD provides us a way to manage resources such as users, computers, applications and network devices (think printers) in a relatively easy way (at least compared to the way we used to have to do it!).

We quickly reviewed some concepts you’ll need to wrap your mind around as we go forward in this class.  Namely, the schema, domains, forests, sites, organizational units, functional levels and trusts.

Speaking of functional levels and trusts, since those are new concepts to us, why not cover them now?

Functional levels serve as the limits of what features your implementation of AD can cover.  The higher the functional level, the higher the amount of functionality you’ll have.  Why not have the most functionality you can?  Well, the reason comes from compatibility.  So, I can’t have Universal Groups if I still have some ancient NT4 domain controllers hanging around, and if I want to set up trusts between two forests, I’ll need all of my domain controllers running Server 2003.  You get the point.

Trusts have to do with the authentication arm of AD.  If you’re a user that needs to log into and access resources located on various domains, imagine the royal pain in the butt it would be to maintain separate logins for each of those domains.  Trusts allow domains to trust the previous authentications of other domains.  Obviously, by default, no trusts are configured when you first install Windows, but you can configure trusts to be shortcut trusts, external trusts, realm trusts or cross-forest trusts.  We discuss these more in depth later.

We went ahead and tackled chapter two, which dealt with actually installing this beast we call AD.  Before even starting, make sure you have the following: a version of Server 2000 or greater (and not Web Edition), at least 200 MB of free space on an NTFS partition, a network infrastructure running TCP/IP, DNS, or the ability to host it, and local access to the server you’d like to install it on.  Setting up AD is as simple as issuing a command and answering some questions in a wizard, but you can also configure an answer file if you see yourself setting up multiple identical servers.  The command for setting up AD is dcpromo, and if I wanted to point to an answer file to move that annoying wizard out of the way, I might issue a command that looks like this: dcpromo /answer:a:\dc.txt.  Then scoot back and walk away.

Most domains have more than one domain controller.  The controllers are, by definition, identical, so why have more than one?  Fault tolerance, my friend.  When setting up the second or third or whatever domain controller, we can make things easier on ourselves by setting these servers up as Replica servers.  What this means is that the dcpromo utility finds an existing controller for the domain and simply clones it.

Homework:

• Take Home Test #1 – download it here.
• Work on Microsoft E-Learning modules

Welcome back!  I hope you’ve enjoyed your last couple of weeks off — I know I have (if, by enjoy, you mean lots of meetings and late-night lab rebuilds).

This particular class is about the procedures beyond the day-in and day-out of server administration (like last class).  In this class we will be learning the intricacies of the mechanisms that allow our networks to work.  Be prepared to discuss things such as DNS, security (including IPSec), WSUS, etc.

In today’s class, we discussed DHCP.  If you reach way back to the Network+ class, you’ll remember that DHCP stands for Dynamic Host Configuation Protocol.  What that means is that this particular protocol will automatically configure our computers with IP addresses, subnet masks, gateways, DNS servers and more.  This becomes nicer and nicer the larger our networks become — imagine having to manually configure 500 different computers — the time alone to complete this task would be phenomenal and that’s assuming that we wouldn’t make ANY mistakes on any of those 500 computers.  Ha!

Just for review, recall that the configurations that clients receive are called leases, and are temporary in nature.  In Windows networks, they last for eight days, and the clients try renewing the leases starting at day four.  Typically, the client is allowed to keep getting the same IP address, although it’s not guaranteed.

We discussed some of the requirements of the DHCP server.  For Windows networks, this means NT4+, a server with a static IP address (irony?  no, not really) and a valid range of addresses at your disposal. For a computer to use DHCP as a client, basically any modern or semi-modern operating system will do.  For example, Windows 3.11 will receive a dynamically assigned IP address.

Now, back in Net+, I promised we would get into DHCP much deeper, and I plan on keeping that promise.

We’ve discussed how DHCP works in general terms.  The DHCP client comes alive, broadcasts out on the network looking for a server.  If one’s available, it responds back and configures the client, if one’s not, the DHCP client self configures with an APIPA address.  But, let’s really look at how the DCHP process works.

There are up to eight different types of packets that get thrown around on the network during typical DHCP conversations.  The four most common:

• DHCPDISCOVER – This packet is sent out by the client machine.  It’s by definition a broadcast packet, and its sole purpose is to dig up a DHCP server somewhere.
• DHCPOFFER – This packet is sent out by the server to a client machine in response to a DHCPDISCOVER packet.  No configuration is happening yet, the server is just introducing itself and offering IP address configuration.  We do this in case there are more than one DHCP server in the subnet, the client can then turn away “late” DHCPOFFER packets (more on this in a moment).
• DHCPREQUEST – This is a client packet, and it’s sent out to the first DHCP server to send out a DHCPOFFER packet.  It’s the formal request for configuration, and basically tells the server, “Hey, thanks for the configuration, I’ll take it.”
• DHCPACK – This packet, sent out by the server, acknowledges (hence the ACK) that the client has accepted its configuration and logs its presence in the server.  That particular IP address will not be given to another client unless the client gives it up later.

There are, of course, other types of DHCP packets:

• DHCPDECLINE – This packet is sent by the client to the server declining its offer.  This packet would be sent to DHCP servers who respond the clients after the inital DHCP server responds (remember our example above?)
• DHCPNACK – Sometimes, when a client tries to renew it’s lease, the server says no.  Usually the reason is that the client machine is now in a different subnet, but sometimes we just want to deny network access to a client, and this is one way of doing it.
• DHCPRELEASE – This type of packet releases the client’s IP address.  To accomplish this in a Windows system, we issue the ipconfig /release command.
• DHCPINFORM – This packet is used by clients in order to obtain additional IP addresses.

Clear?  Good.  Now, here’s a wrench: the DHCPDISCOVER packet is a broadcast packet right?  What happens when the DHCP client is on one subnet and the DHCP server is on another subnet on the other side of a router?  If the router is like most, the client won’t be able to find the DHCP server — routers block broadcast packets.  This can present some problems.  It’s not exactly cheap buy lots of servers simply for running DHCP servers.

We have two possible solutions to this problem.  First, we could purchase a RFC1542-compliant router, which is a fancy way of saying “Buy a router that DOES let broadcast packets through!”.  This would certainly work, but may defeat the benefit of the router by combining broadcast domains.  Another solution we could do is set one server up as a DHCP Relay Agent.  I like this solution — with it, we name some random server as an informant of sorts.  This particular server listens for DHCPDISCOVER packets, and then wraps them up as non-broadcast packets and smuggles them across the router, destined for the DHCP Server on the other side.  The DHCP server then takes over and configuration happens as normal.

So what happens when a client can’t find a server with whom to connect?  After a period of trying to locate a server, the client will self-configure with an older dynamic configuration protocol called Automatic Private IP Addressing (APIPA).  An APIPA address starts out with the octets 169.254 and has random entries in the last two octets.  Once the client receives an APIPA address, it continues to try to contact a DHCP server every five minutes.  The reason is because an APIPA address cannot be routed, which means you will NOT be able to access the Internet, or any other network on the other side of a router.

Ok, theory aside, we jumped into the actual DHCP server configuration and looked around at some things.  One thing to point out, if your DHCP server is running inside Active Directory, it must be authorized by an administrator.  This is to prevent rouge servers from popping up on the network and handing out phony addresses.

We discussed the concepts of Reservations and Exclusions.  Oftentimes, students will confuse the two, and it’s important that you recognize the differences between the two.  To configure a Reservation, you will need the MAC address of a client, and the server will reserve a specific IP address for that MAC address.  No other host will receive it, but the host will still receive its configuration dynamically.  When you configure an exclusion, on the other hand, it is in effect telling the DHCP server not to even hand out a particular address or range of addresses.  This is useful if you have servers or specialized clients that need static IP addresses right in the middle of your IP address range.  For example, I might have a configured scope of 192.168.1.0 – 192.168.1.255, but have some servers that live on 192.168.1.50-55.  Those servers would be statically configured with their IP addresses, and then I would configure exclusions in the DHCP server to not hand out those IP addresses to clients.

Homework:

• Take Home Test #1 – download it here.
• Work on Microsoft E-Learning modules.

Just the final.

Homework:

• Enjoy the time off!!

Just the final exam today.  See you next quarter!

Homework:

• Enjoy the time off, you deserve it!

number 9 … number 9 … number 9 …  

In celebration of National Beatles Day (it isn’t) we took a Powerpoint final!  I can’t think of any other way that John, Paul, George and Ringo would have wanted it (that’s a lie)!

Homework:

• Go home and listen to your favorite Beatles album.  Mine is Abbey Road, followed by Sgt. Pepper’s.

Again, nothing but the final.

Homework:

• None!

Nothing today but the final.  Nice job this quarter, see most of you on September 30!!!

Homework:

• No homework, but you may want to start reading in your books for next quarter.