Packt microsoft small business server 2003 a clear and concise administrators reference and howto aug 2005 ISBN 1904811493 pdf

Windows Small Business Server 2003 A Clear and Concise Administrator's Reference and How-To Quickly find the information you need to install, configure, and maintain all the features

Windows Small Business

Server 2003

A Clear and Concise Administrator's

Reference and How-To

Quickly find the information you need to install,

configure, and maintain all the features of SBS 2003 and get the job done

Stephanie Knecht-Thurmann

BIRMINGHAM - MUMBAI

Windows Small Business Server 2003: A Clear and

Copyright © 2005 Packt Publishing

All rights reserved No part of this book may be reproduced, stored in a retrieval system,

or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews Every effort has been made in the preparation of this book to ensure the accuracy of the information presented However, the information contained in this book is sold without warranty, either express or implied Neither the author, Packt Publishing, nor its dealers

or distributors will be held liable for any damages caused or alleged to be caused directly

or indirectly by this book

Packt Publishing has endeavored to provide trademark information about all the

companies and products mentioned in this book by the appropriate use of capitals However, Packt Publishing cannot guarantee the accuracy of this information

First published: August 2005

Published by Packt Publishing Ltd

Cover Design by www.visionwt.com

Translation from the German language edition of:

Small Business Server 2003 – Das Integrationshandbuch

für kleine und mittlere Unternehmen

published by Addison Wesley, an imprint of Pearson Education Deutschland GmbH, München

Copyright © 2004 by Pearson Education Deutschland GmbH All rights reserved

About the Author

Stephanie Knecht-Thurmann was born in 1975 in Itzehoe She graduated in 1994, and went on to study classical philology (Latin and Ancient Greek) and German at the Christian Albrechts University in Kiel

In 2001 she started working for a systems house in Hanover, where she was responsible for the technical documentation of complex IT systems for systems management in

heterogeneous architectures She earned various certifications, such as for Novadigm—RADIA She also gained experience in the Microsoft Windows environment, especially Windows 2000 Server, Small Business Server, and their successors

Stephanie Knecht-Thurmann started on her own with Knecht Consult in 2002 in

Barsinghausen Since then she has been advising companies on deployment of Microsoft products in mission-critical areas (consultation for a newspaper publisher in Vancouver, Canada, and Internet-based projects for several companies in Tashkent, Uzbekistan) Apart from this, she has also been active in the publishing field with books in German on

these subjects In 2003 her book Active Directory was published by Addison-Wesley with great success; in 2004 the book Small Business Server 2003 appeared under the same

label Other publications are already in progress

Table of Contents

Introduction 1 Chapter 1: Introduction to Small Business Server 2003 5

Decision Support: SBS 2003 or Windows Server 2003 6

Extending an Existing Environment with Additional Servers 7

Security 8

Features of Active Directory 20

Administrative Tasks: Adding Users and Computers 72

DNS-Forwarder 98

Migration from Small Business Server 2000 and Windows Server 2000 99

Information about Shared Folders, Applications and Settings 100

Step 2—Preparing the Server for the Installation 103

iii

Step 4—Carrying Out the Migration 106

Transferring User-Defined Settings from the Source Server 120

Migration from Small Business Server 4.5 and Windows Server NT 4.0 125

Information about Shared Folders, Applications, and Settings 127

Notifying Users about the Impending Migration 130

Step 2—Preparing the Server for the Installation 130

Transferring User-Defined Settings from the Source Server 148

v

Upgrading Small Business Server 2000 153

Chapter 4: Exchange Server 2003 and Fax Services 159

Enabling Logging for the SMTP, NNTP, and HTTP Protocols 166

E-Mail Administration 175

Setting Up Distribution Groups from Outlook 2003 177

Special Configuration for Exchange Server with more than 1 GB RAM 181

Chapter 5: Windows SharePoint Services 2.0 191

Administration Points of the SharePoint Services 196

vii

Editing the Contents of the Company Website 199

Extending the Virtual Server and Creating a Content Database 209Extending the Virtual Servers and Linking with an Existing Content Database 209

Chapter 6: Internet Security and Acceleration Server 2000 (ISA) 211

Administration of ISA Server 219

The "First Steps" Wizard and the Base Configuration 219

Configuration for OWA 241

Updating the MSDE Instance Used by SharePoint Services 259Installing Service Pack 3a for the SHAREPOINT Instance 260

Database Roles 269

Chapter 8: SBS 2003 Administration 281

The Server Management Console as Central Administrative Instance 281

xi

Changing Mailbox and Disk Quota Settings 312

Setting Up and Editing Groups and Group Properties 321

The Windows NT System Policy and the Windows 2003 Group Policy 326

Executing Group Policies for Computers and Users 333

Multiple Logins under Windows XP till a GPO is Activated 335

Implementation Strategy for Group Policies 336

Restoration of GPOs with Software Installation Settings 349

Basic – Redirect everyone's folder to the same location 368

Software Management and Deployment through Group Polices 372

Administrative Setup 375

Strategy for Configuring the Software Installation 384

Repackaging 387

Restoring Files with the Help of the Shadow Copy Feature 396

Editing Connection Passwords and Configurations 401

Changing the Server IP Address 402

Changing the IP Address for the Internet Connection from Static to Dynamic

Chapter 9: Update Management in the SBS Network through

Software Update Services Server (SUS) 407

Search for Errors: Updates not Deployed to the Clients 415

Search for Errors: Updates not Deployed to the Servers 416

Configuration of Automatic Update without Using the SUS Server 418

Chapter 10: Terminal Server in an SBS 2003 Environment 421

xv

Typical Scenarios for the Implementation of a Terminal Server 423

Demands Made on the Terminal Server and the Network 424

Opening an Administrator and Computer Account and Establishing a Connection 426

Embedding ActiveX Control Elements in a Website 436

Reports 444

Chapter 12: A Security Strategy for SBS 2003 445

Using a Router and Firewall for a Broadband Connection 446

Securing the Wireless Access Point (Base Station) 448

Configuring a Firewall on the Router 449

Verifying the Internet, E-Mail, Network, and Firewall Services on

Upgrading the Operating Systems and Applications 455

Appendix A: SBS 2003 and Firewalls without ISA Server 483 Appendix B: Configuration of a DHCP Server for SBS 2003 485 Index 487

xvii

Introduction

A fully functional and an easy-to-administer IT base is gaining importance even for small

to medium-sized companies aiming for expansion The Small Business Server 2003 operating system platform addresses this need The Small Business Server 2003 unites the essentially important applications—the Windows Server 2003 operating system, the current version of the Exchange mail server, the Share Point Services for synergy within

a team and, where applicable, the Internet Security and Acceleration Server (ISA), and the high-capacity MS SQL Server 2000 database—into one package This package offers

a very attractive price-to-performance ratio The restriction to only one location is not a disadvantage for small companies; in fact, it simplifies the administration process

This book helps the reader to plan, install, configure and operate a Small Business Server with all its components The different types of licensing and the update possibilities are also discussed in this book As this book cannot be an introduction to the operation of an operating system, it is primarily aimed at readers who have a working knowledge of Windows NT, 2000, XP, or Windows Server 2003

The field of information technology has seen an explosion in the number of new

businesses and startups It is, however, important to take a realistic look at the needs as well as constraints of such a setup before investing in a solution—to not get extravagant, and also to stay practical This is the thought that is gone behind the development of the Small Business Server 2003—to provide a server with a range of functions specially optimized for efficiently running such businesses

What This Book Covers

Chapter 1 introduces SBS and talks about the possible scenarios that would demand its

usage, the way it has improved over its predecessor, and about its base technology,

Active Directory

Chapter 2 discusses installation and basic configuration of SBS 2003, and various

network and administrative tasks such as adding users and printers, configuring remote access, etc

After the fresh installation, we move on to discuss the process of upgrading to SBS 2003

from previous versions in Chapter 3 We also present a few migration scenarios, and

illustrate the how a migration differs from an upgrade

Chapter 4 introduces Exchange Server 2003 and the fax services of SBS Chapter 5

follows with a discussion on Windows Sharepoint Services, for HTML-based central administration and access to documents, calendars, etc

Chapter 6 and Chapter 7 introduce you to Internet Security and Acceleration Server 2000

(a successor to Microsoft Proxy Server 2.0) and SQL Server 2000 (which can be used as

a database for your business applications); both these applications are available only on the Windows Small Business Server Premium Technologies CD

Chapter 8 is where we dig deep into SBS administration We've discussed a host of

topics, such as users, security and distribution groups, policies, their application, backup, software management, monitoring and reporting in SBS 2003, as well as network

administration

Chapter 9 discusses update management in the SBS network Chapter 10 discusses the

role of a terminal server and client applications in an SBS environment

Chapter 11 discusses the Business Contact Manager, an efficient customer-management

add-on for Outlook 2003 This is followed by Chapter 12, on strategies for protecting the

SBS network, from securing the router to restricting user rights

Chapter 13 suggests solutions to various areas that might require troubleshooting

Appendices A and B discuss configuring SBS 2003 and a firewall without ISA Server,

and configuring an existing DHCP server

Conventions

In this book, you will find a number of styles of text that distinguish between different kinds of information Here are some examples of these styles, and an explanation of their meaning

There are three styles for code Code words in text are shown as follows: "To see the difference, you can print_r() the results of both functions"

A block of code will be set as follows:

Any command-line input and output is written as follows:

Runas /netonly /user:NameSourceDomain\Administrator

"mmc\"%ProgramFiles%\Active Directory Migration Tool\Migrator.msc\""

New terms and important words are introduced in a bold-type font Words that you see

on the screen, in menus or dialog boxes for example, appear in our text like this:

"clicking the Next button moves you to the next screen"

Tips, suggestions, or important notes appear in a box like this

Reader Feedback

Feedback from our readers is always welcome Let us know what you think about this book, what you liked or may have disliked Reader feedback is important for us to

develop titles that you really get the most out of

To send us general feedback, simply drop an e-mail to feedback@packtpub.com, making sure to mention the book title in the subject of your message

If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on www.packtpub.com or e-mail suggest@packtpub.com

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors

http://www.packtpub.com/support

3

Questions

You can contact us at questions@packtpub.com if you are having a problem with some aspect of the book, and we will do our best to address it

1

Introduction to Small Business

Server 2003

Small Business Server (SBS) 2003 is the successor to SBS 2000 and features vast

improvements over its predecessor This chapter gives you a brief overview of the areas

of application, features, versions, requirements, and licensing issues related to Small

Business Server 2003 You will also learn some basics about fundamental technologies supported by SBS 2003

Area of Application of the Small Business Server

As the name suggests, SBS is meant for small- and medium-sized companies, where the maximum number of network clients does not exceed 75 For these companies SBS

offers a range of specially optimized functions for collective access to the Internet,

e-mail, and fax services, as well as file and printer sharing The complete server solution of SBS 2003 combines all these services The premium version of SBS additionally offers firewall and database server functionalities

SBS 2003 does an even better job of providing a complete integrated solution for the

infrastructure management of small and medium-sized companies than its predecessor It covers the central requirements of companies such as e-mail exchange, secure Internet access, document management, collective work on documents, and database preparation

as well as offering the advantages of Windows Server 2003 as the underlying operating system The advantage of combining all these components into a single system is that it is not necessary to purchase a tool for any of these areas from a separate vendor This

means lower licensing costs and smaller investment in training for administering the

system within the company

Small- and medium-sized companies often do not have an adequate number of people for network maintenance at their disposal, and the time that these people can spend on this task is limited by their involvement in their primary activity SBS 2003 can't really be

administered by some hobby administrator after work, but the large number of

administration wizards that have been provided make the job much easier

The Expanding Middle Class

The middle class has expanded enormously from the end of the '90s until today There was great willingness to invest in IT The desktop and server market grew by eight to ten percent in this period, and broadband connections rose by almost 20% At the same time data volumes also increased exceptionally Whereas in 1999 the volume of e-mail was still 4 billion terabytes, by 2003 the figure had already reached 18 billion terabytes Also, most companies now store their data in digital format

Implementation Planning

If you are involved with the implementation of SBS 2003, you should give a thought to the extent to which such an implementation could encounter internal obstacles These obstacles need not necessarily relate to company policy—they could also be based on objective constraints

Decision Support: SBS 2003 or Windows Server 2003

Both SBS 2003 and Windows Server 2003 offer features that can fulfill the IT

requirements of small and medium-sized companies To help you choose between them some scenarios are presented below in which the deployment of one of the two products

is advised Keep the following points in mind when installing SBS 2003:

• All SBS 2003 components are installed on a single server This ensures that all components are integrated The primary SBS can, however, be extended

to other servers

• SBS 2003 represents the highest level of a new Active Directory Therefore,

a fresh implementation doesn't pose any problems However, the SBS Active Directory does not support trust relationships with multiple domains So,

SBS 2003 can be used to implement only a single domain model

Companies with One Head Office and up to 75 Employees

For a maximum of 75 employees, the standard version of SBS offers an all-in-one solution for Internet, e-mail, and fax services and intranet solutions with many features for teamwork The premium version extends these capabilities to include Internet proxy and firewall functions, a database server, and extended functions for website creation and maintenance If your company has more than 75 employees, you can either exchange individual products contained in SBS via the Migration Pack or purchase Windows Server 2003, which has no restrictions regarding the number of users

Connecting a Branch to a Head Office

SBS 2003 can be used in this model if there is no integration with the Active Directory of the head office Such integration cannot be guaranteed via SBS 2003 because the SBS domain must constitute the master domain in the Active Directory If integration with the central Active Directory is required, you must use Windows Server 2003

However, you can implement an SBS domain over two locations The prerequisite for this is that one of the locations must have a Windows Server 2003 installation that mirrors the SBS This ensures that registration can take place over the quick LAN

connection at the location in situations where WAN connections are slow

Dismantling an Existing Active Directory Environment

SBS 2003 cannot be implemented as a domain controller in an existing Active Directory environment because it must form the master domain It is also not possible for SBS 2003

to have trust relationships with other domains Windows Server 2003 on the other hand offers the possibility of extending an existing tree or forest in a flexible manner, adding additional domain controllers, or forming trust relationships with other Active Directory

or NT 4.0 domains

Extending an Existing Environment with Additional Servers

SBS 2003 must be the domain controller of the master domain No further SBS 2003 machines can be added to this domain It is however possible to add more Windows Server 2003 machines as additional domain controllers or member servers If you wish to have more flexibility or plan to use a complex domain structure later, you should use Windows Server 2003 from the outset

Setting up a Web Server for the Intranet/Internet

SBS 2003 includes a web server This is Internet Information Server (IIS) 6.0 It has been improved greatly over IIS 5.0 and supports both ASP.NET and XML In addition to this web server that all server versions of Windows have, there is also the special Windows

2003 Server web edition This server is appropriate if you want to add just one web server This edition can also be used to run an entire server farm

Using a Terminal Server

SBS 2003 cannot itself be set up as a terminal server However, any Windows Server

2000 or 2003 can be added to the SBS domain as a terminal server SBS 2003 does, however, support the remote administration mode of the terminal server of Windows Server 2003 So, remote administration is guaranteed by a maximum of two simultaneous connections

7

Features of Small Business Server 2003

In the following sections, we introduce you to the main features of SBS 2003 The biggest strengths of SBS 2003 are network security and remote access to the company network You will also find information about features that have been improved in comparison with its predecessor SBS 2000

Network, Internet, and E-Mail

SBS 2003 has all the features that small and medium-sized companies require for

creating their presence on and accessing the Internet These include Exchange and Outlook technologies for e-mail exchange, for example Outlook Web Access and Remote Workspace, a web server for Internet presence, a firewall function, the possibility of shared Internet access via broadband and PPPoE, security mechanisms for the local network, and productivity tools for team work Each time that Internet and e-mail are configured, a VBS script is generated (config.vbs) With the help of this script, these settings can be relayed back to the computer later It can also be used to configure other SBS 2003 clients

The included SharePoint Services offer an already preconfigured website for

comprehensive teamwork

Exchange Server has an anti-spam function Additionally, Outlook 2003 has other

functions for filtering and blocking spam For example, Exchange Server includes

Microsoft Connector for POP3 mailboxes This makes it possible to migrate existing e-mail accounts to Exchange and to download the e-mails of these accounts and make them available to the user under Outlook For file attachments, a filter function has been provided

SBS comes with a fix for the blaster worm This fix is installed automatically Any virus software that is compatible with Exchange and Windows Server 2000 can be installed The anti-virus software should, as far as possible, support a server-client configuration and not just be a client or desktop solution

anti-SBS 2003 can be configured like Windows Server 2003 for network services like DNS, DHCP, and WINS The combination of Outlook/Exchange 2003 and Windows Server

2003 now also allows RPC over HTTP This makes it possible to establish secure

connections via the Internet to RPC server applications

60%, while the availability of services has increased by 275% The standard version already has a firewall; the premium version integrates Internet Security and Acceleration (ISA) Server 2000

SBS also supports hardware firewalls Almost all UPnP (Universal Plug and Play) devices are automatically recognized by the Internet Connection and e-mail

Configuration wizards If the firewall device is not UPnP-enabled, it will have to be configured manually Even UpnP devices can be problematic if they are based on

Based on Windows, SharePoint Services makes available a preconfigured website Using this central website, employees can use documents, announcements, events, or links together The Outlook 2003-Enhanced Outlook Web Access enables the joint use of data

or calendar functions via the Internet

Remote Access and Mobility

SBS 2003 data can be accessed remotely, irrespective of time, location, and device used Access can be configured for private as well as public files A user can have access to his or her desktop and e-mails Access takes place via the new remote portal Remote Workspace A data synchronization function is also included The integration of mobile devices like Smartphones and PDAs is given great importance in SBS 2003 Mobile users can access e-mails, calendar, schedules, and tasks via Outlook Mobile Access (OMA) For the administrator there is of course a Remote Administration module In addition, functions for virtual private networks (VPNs) are also included

Setup and Administration

The installation and configuration of SBS 2003 uses convenient wizards and needs little time investment SBS 2003 is already pre-installed on many OEM platforms The setup

of SBS clients has also been simplified in comparison to SBS 2000 since activation is no longer done by diskette but conveniently over the Internet via Online License Activation OEMs can pre-install the complete SBS with their own logos, service numbers, etc

9

The network configuration of clients is now done conveniently via a website and not by

diskette Pre-configuration of client applications is also possible In contrast to earlier

versions, in which only one user could be registered at a time, you can now register

several users in one step on the basis of user submissions

Monitoring functions have been improved Performance and usage reports can now be

received and evaluated by e-mail The quicker reaction time resulting from this

minimizes SBS downtime

Versions of Small Business Server

The Small Business Server 2003 is available in a standard version and a premium

version The following table lists the components contained in each of the two versions

Component Standard Version Premium Version

The following table gives you a brief overview of the functions of various components

and can help in choosing the right version:

Component Description

Windows Server

2003

The standard version of SBS is based on this operating system

This makes it possible to set up the Active Directory Service, for example Limitations are described in the paragraph following this table

SharePoint Services Environment for teamwork and communication

Component Description

Shared Fax Services Fax function that does not require a large number of telephone

connections Faxes can be received via printer, e-mail or SharePoint Faxes can be sent directly from user desktops and can be delayed

ISA Server 2000 Firewall service, routing, and NAT (Network Address Translation),

secure Internet access for several users simultaneously

SQL Server 2000 Powerful relational database for creating and implementing

• Within a domain there can be only one computer running Windows Server

2003 for Small Business Server

• It is not possible to remove the five operations master roles (FSMO, Flexible Single-Master Operation) from the SBS 2003 in the domain You can add further domain controllers to the domain, but the five operations masters

must remain on SBS 2003 Only the global catalogue (covered later in this chapter) can be executed on another domain controller to reduce the load on SBS 2003

• Within the Active Directory, SBS 2003 must constitute the root domain or the highest level of the Active Directory structure It cannot have any

subordinate domains So, it is not possible to integrate SBS 2003 in a

company network and run it within this network as a branch server

• The domain of Windows Server 2003 for Small Business Server cannot build

a trust relationship with any other domain So, it is not possible to access

resources beyond the server

• Additional servers must have an access license (CAL, Client Access License) for Windows Small Business Server

In every other respect, the server supplied with SBS 2003 is a standard Windows

Server 2003

All server components of SBS 2003 must be installed on one computer It is not possible, for example, to install the SQL server of the premium version on another server Only Front Page 2003 from the premium version can be installed on any client within the SBS network

11

Apart from the version of Windows Server 2003 included in Small Business Server, there

is also a "Windows Server 2003 for Small Business Server" This is the pure server solution as a trimmed down version of SBS 2003 and does not contain the functions of the SBS standard or premium version This version is subject to the same limitations as the Windows Server 2003 of SBS

Windows Server 2003 for Small Business Server is available for a price of about 550 USD With this, you get five CALs for the server Additionally up to ten more CALs can

be purchased for about 90 USD each If you need more than 15 CALs, you should fall back upon Windows Server 2003, because this model works out cheaper

While the premium version has ISA Server 2000 SP1 as an integrated firewall solution, the standard version only includes Windows Server 2003's Internet-connection firewall

In addition, Microsoft SUS server (Software Update Services) can be integrated with Small Business Server This component can be downloaded free of cost The current version is SUS 1.0 with Service Pack 1 The integration of SUS in a Small Business Server network is explained in Chapter 9

In contrast to SBS 2000, Terminal Services cannot be run in Application Mode under SBS 2003 It was removed since Application Mode on a domain controller

is risky for the network If Terminal Services still need to run in Application

Mode, you should add a 'proper' Windows Server 2003 to the domain

Hardware Requirements

The standard and premium versions of SBS 2003 differ in some respects with respect to their hardware requirements

Requirements for the Standard Version

Given below is a list of the hardware specifications recommended by Microsoft for running the standard version of SBS 2003 In light of the hardware available today these requirements look modest But remember that any savings you make on hardware will always be at the cost of performance

Component Minimum Recommended

Processor 300 MHz 550Mhz and above

RAM 256 MB 384 MB (Maximum 4 GB)

Disk capacity 4 GB 4 GB

Component Minimum Recommended

Graphics VGA SVGA (minimum 800 x 600 pixel)Other components Network card Two network cards

For Internet

access

Broadband or high-speed modem Internet connection

Additional connection costs may

be incurred with the service provider

Broadband or high-speed modem Internet connection Additional connection costs may be incurred with the service provider

For the network Dedicated class-1 fax modem

for the fax service

Dedicated class-1 fax modem for the fax service

For Outlook Mobile Access (OMA) Pocket PC Phone Edition

2003 or Smartphone 2003 Windows XP or Windows 2000

as the client operating system

Requirements for the Premium Version

Given below is a list of the hardware specifications recommended by Microsoft for running the premium version of SBS 2003

Component Minimum Recommended

Processor 300 MHz 550 MHz and above

RAM 256 MB 512 MB (Maximum 4 GB)

Disk capacity 5 GB, 2 GB for an installation

SBS 2000

5 GB, 2 GB for an installation SBS 2000

Graphics VGA SVGA (minimum 800 x 600 Pixel)Other components Network card Two network cards

For Internet

access

Broadband or high-speed modem Internet connection

Additional connection costs may

be incurred with the service provider

Broadband or high-speed modem Internet connection

Additional connection costs may

be incurred with the service provider

For the network Dedicated class-1 fax modem

for the fax service

Dedicated class-1 fax modem for the fax service

13

Component Minimum Recommended

For the network

(continued) For Outlook Mobile Access (OMA) Pocket PC Phone Edition

2003 or Smartphone 2003 Windows XP or Windows 2000

as the client operating system

Both versions support a maximum of two real physical CPUS or four virtual CPUs

License Information and Costs

For running SBS, both a Windows Small Business Server 2003 license as well as a Windows Small Business Server 2003 CAL (Client Access License) are required The first license permits the installation and use of SBS 2003; the second allows access to the server software on a per-user or per-computer basis The CALs do not refer to

simultaneous connections The CALs of the standard and premium versions do not differ

in price A maximum of 75 licenses may be used in a SBS 2003 domain The SBS package comes with five CALs

A user CAL allows a specific user to access SBS 2003 The computer from which the user makes the connection (desktop, mobile device, etc.) is unimportant On the other hand, a computer CAL is valid for only one computer Any user can log on from this computer You are free to decide whether you want to use the five included licenses per user or per computer Automatic license monitoring is not a feature of SBS 2003

The CAL is valid not just for the SBS itself but also for other Windows-based servers within the SBS domain However, this does not apply to other Exchange Servers, SQL Servers, etc

If you have acquired Software Assurance for the Small Business Server 2000 CALs, you can convert all these CALs to CALs for SBS 2003 free of cost If this is not the case, you have to purchase new CALs

If you have acquired Software Assurance for SBS 2000 as well as SBS 2000 CALs, you have a claim to SBS 2003 Premium

If you have acquired Software Assurance for SBS 2003-CALs, you can exchange based CALs for computer-based CALs and vice versa free of cost at the time of renewing the Assurance

user-In contrast to SBS 2000, the activation of CALs is no longer done by diskette, but with a special activation key over the Internet Alternatively, you can use the wizard to add new SBS licenses and activate them by phone (local call charges) SBS 2003 Standard

Version costs about $599 and SBS 2003 Premium Version about $1499 Detailed pricing

information can be found at http://www.microsoft.com/windowsserver2003/

sbs/howtobuy/pricing.mspx

Sometimes an existing SBS domain needs to be extended For example, there may be more than 75 users in the domain or the server components of SBS may need to be distributed over several physical systems or higher functionality may be required, like that of an Exchange 2003 Enterprise Server In such cases, the purchase of the Small Business Server 2003 Transition Pack is recommended Further details about the contents and pricing of the Transition Pack can be found at the above link

Active Directory as Base Technology for SBS 2003

The tips and instructions given here about Active Directory as the base technology of SBS 2003 are meant primarily for those users who have had little or no experience with Active Directory-based networks, e.g users migrating from Windows NT 4.0 or Novell NetWare A comprehensive treatment of this complex subject would be beyond the scope

of this book

Active Directory has been the integrated directory service solution for the central

administration of network objects since Windows Server 2003 Under SBS 2003, you can administer all the network objects of the SBS 2003 network via the Active Directory

Setting Up the Active Directory

The rest of this chapter introduces you to the Active Directory To begin with, a brief description of Active Directory is given, and the mode of functioning of a directory service is explained in detail The primary access protocol for Active Directory is LDAP (Lightweight Directory Access Protocol) At the end, a summary is presented of the core features of Active Directory that are new in relation to Windows NT

With Active Directory in Windows 2000, Microsoft made its entry into the world of directory services Novell Netware's Novell Directory Service (NDS) has been in the market longer Active Directory is based on standard Internet technologies It is fully integrated with the operating system of SBS 2003 With Active Directory, the domain model of Windows NT has been extended The primary access protocol for Active Directory is LDAP (Lightweight Directory Access Protocol) Version 3

How Does a Directory Service Work?

A directory service works in a manner analogous to a telephone directory In a telephone directory, a telephone number is linked to each name entry You can also find optional information such as the address of a subscriber there In a directory service, network

15

resource objects like users, printers, and databases are linked to items of information This information includes the name of the object, the location, and many object-specific details The more information you give about the characteristics of an object, the more quickly and precisely can it be found by network users later, even though entering details

of objects in the database will naturally take time

When the name of an object is known, all information pertaining to it can be directly obtained This corresponds to looking up a known name in a standard telephone directory

to find out the associated telephone number This, however, does not exhaust the

reference functions of the directory Let us say you do not know the exact name of an object but have some information about it Then you can search for all objects in the directory that meet these criteria This process is analogous to looking up the Yellow Pages In this case you then get a list of all the relevant names The directory is, however, superior to the yellow pages to the extent that you can search the latter only based on predefined entries, whereas the directory allows you to define your own search criteria

A directory service makes it possible to administer all network objects centrally In Active Directory all information about users, servers, computers, printers, etc., can be maintained and administered at one place, and can be accessed by all users throughout the network This greatly simplifies administering and finding network resources

Objects in the Directory

The directory stores objects An object is a stored piece of information linked to a

network resource The directory service makes these resources available to network users

as well as applications This network service is responsible for the identification of resources so that users can access them Millions of objects can be stored in Active

Directory Each object has a unique identifier called the GUID (Globally Unique

Identifier) The GUID is a value of length 128 bits This value is assigned to each object when it is created

There are two types of Active Directory objects: containers and non-containers containers are also called end nodes or leaves A container holds further containers or

Non-end nodes; an Non-end node cannot contain any further objects An example of a container is

an organizational unit In this are computers, users, etc Even computers are classified as end nodes, although theoretically they can also contain objects such as printers

Directory and Directory Database

Even though the directory is often referred to as a database (or directory database), there are fundamental differences between these two terms A directory offers functions that go way beyond what is offered by a traditional relational database

A major difference consists in the fact that the information in a directory is more often

consulted than changed In a database, more and more updated data is written In a