CHAPTER 2

Network Operating Systems: Windows Network Concepts

1
Introduction
 One basic choice that you must make before you proceed any further in building your
network is to decide which network operating system (NOS) to use as the foundation for your
network.

 All NOSs must provide certain core functions, such as connecting to other computers on the
network, sharing files and other resources, and providing security.

 Network operating systems (NOS) typically are used to run computers that act as servers.

 They provide the capabilities required for network operation.

 Network operating systems are also designed for client computers and provide functions so
the distinction between network operating systems and standalone operating systems is not as
much as great.
2
 Cont…

Network operating systems provide the following functions:

File and print sharing.

Account administration for users.

Security.

Client operating systems provide the following functions:

Creating and managing client accounts

Enabling clients to connect to the network

Allowing clients to share resources

Managing clients’ access to shared resources

3
Facilitating communication between clients.
Workgroup
Workgroup networks are more common in homes or in small offices that don’t have dedicated
servers.

LANs were originally designed to connect a small number of computers into what later came
to be called a workgroup or peer to peer.

Workgroup is Microsoft's term for peer-to-peer local area network.

Computers running Microsoft operating systems in the same workgroup may share files,
printers, or Internet connection.

Workgroup contrasts with a domain, in which computers rely on centralized authentication.

4
 The Purpose of Workgroups in Computer Networking
In computer networking, a workgroup is a collection of computers on a local area network (LAN) that
share common resources and responsibilities. The term is most commonly associated with Microsoft
Windows workgroups but also applies to other environments.

Windows workgroups can be found in homes, schools and small businesses.

 However, while all three are similar, they don't function in the exact same way as domains and Home
Groups.

Workgroups in Microsoft Windows

Microsoft Windows workgroups organize PCs as peer-to-peer local networks that facilitate easier
sharing of files, internet access, printers and other local network resources. Each computer that's a
member of the group can access the resources being shared by the others, and in turn, can share its
5
own resources if configured to do so.
 Cont…

Joining a workgroup requires all participants to use a matching name.

All Windows computers are automatically assigned to a default group named WORKGROUP

Admin users can change the workgroup name from Control Panel.

Note that workgroup names are managed separately from computer names.

To access shared resources on other PCs within its group, a user must know the name of the
workgroup that computer belongs to plus the username and password of an account on the
remote computer.

Windows workgroups can contain many computers but work best with 15 or fewer. As the
number of computers increases, a workgroup LAN eventually become very difficult to
administer and should be re-organized into multiple networks or a client-server network 6
 Windows Workgroups vs Homegroups and Domains
Windows domains support client-server local networks. A specially configured computer
called the Domain Controller running a Windows Server operating system serves as a central
server for all clients.

Windows domains can handle much more computers than workgroups due to maintaining
centralized resource sharing and access control.

 A client PC can belong only to a workgroup or to a Windows domain but not both - assigning
a computer to the domain automatically removes it from the workgroup.

7
 Cont…
Home Groups are designed to simplify the management of workgroups for administrators,
particularly homeowners. Instead of requiring an administrator to manually set up shared user
accounts on every PC, Home Group security settings can be managed through one shared
login. Plus, Home Group communication is encrypted and makes it simple to share even single
files with other Home Group users.

Joining a Home Group does not remove a PC from its Windows workgroup; the two sharing
methods co-exist. Computers running versions of Windows older than Windows 7, however,
cannot be members of Home Groups.

8
Cont…
Note: Home Group settings can be found in Control Panel > Network and the Internet >
Home Group. You can join Windows to a domain through the same process undergone for
joining a workgroup; just choose the Domain option instead.

9
 Domain

A domain, in the context of networking, refers to any group of users, workstations, devices,
printers, computers and database servers that share different types of data via network
resources.

In other words, a domain is a collection of objects that share the same database.

That means, in our workgroup example you would create one central Active Directory
database and connect workgroup computers 1 and 2 to this database domain.

10
Cont…
A domain has a domain controller that governs all basic domain functions and manages
network security.

Thus, a domain is used to manage all user functions, including username/password and shared
system resource authentication and access.

 A domain is also used to assign specific resource privileges such as user accounts.

The advantage of the Domain is that all it makes user management much easier by sharing
access information to all systems in the domain. That ways you don’t have to define a user
account for everyone on every system, you simply create the user credentials once and that’s
its Domain networks are the norm for large corporate environments that have dedicated
servers. 11
Domain Name System

The Domain Name System (DNS) is basically a large database which resides on various computers and it
contains the names and IP addresses of various hosts on the internet and various domains.

The Domain Name System is used to provide information to the Domain Name Service to use when queries
are made. The service is the act of querying the database, and the system is the data structure and data itself.

The Domain Name System is similar to a file system in Unix starting with a root. Branches attach to the root
to create a huge set of paths. Each branch in the DNS is called a label. Each label can be 63 characters long,
but most are less. Each text word between the dots can be 63 characters in length, with the total domain
name (all the labels) limited to 255 bytes in overall length.

The domain name system database is divided into sections called zones. The name servers in their

respective zones are responsible for answering queries for their zones.

12
 Cont…
A zone is a subtree of DNS and is administered separately. There are multiple name servers for
a zone. There is usually one primary nameserver and one or more secondary name servers. A
name server may be authoritative for more than one zone.
Structure and message format
At the top is what is called the root and it is the start of all other branches in the DNS tree. It is
designated with a period. Each branch moves down from level to level.

When referring to DNS addresses, they are referred to from the bottom up with the root
designator (period) at the far right. Example: "myhost.mycompany.com.".

13
14
 Domain Name Servers (DNS)
Domain Name Servers (DNS) are the Internet's equivalent of a phone book.

They maintain a directory of domain names and translate them to Internet Protocol (IP)
addresses. This is necessary because, although domain names are easy for people to remember,
computers or machines, access websites based on IP addresses. Each computer on the Internet is
assigned a unique address, called an IP address. A typical IP address looks like this:
199.123.456.7

It is very difficult to keep in mind the IP addresses of all the websites we visit daily. Words are
easier to remember than strings of numbers. This is where domain names come into the picture.
When you visit a website, all you need to know is its URL. Computers remember numbers, and
DNS helps us convert the URL into an IP address that the computer can understand.
15
Cont…

• When you type in domain.com into your browser, the browser first needs to get the IP address
of www.domain.com. The browser contacts a DNS server to query the location of the server
where the webpages are stored. Think of it as a directory service of IP address.

• The domain name is the name of a network associated with an organization. For sites in the
United States, domain names typically take the form: org-name.org-type The org-type is usually
one of the following:
 com indicates a commercial organization (e.g., a company)
 edu indicates an educational organization
 org indicates a general (often non-commercial) organization
 gov indicates government agency such like U.S.
 mil indicates a U.S. military site 16
 Cont…
 On the Internet, many communications programs deal only with IP addresses, yet allow their users to specify
machines in terms of their host names (or alias host names).

 Or a program which already knows the IP address must determine the domain name for the network to which
the machine is connected. Such programs must somehow convert the host names into IP addresses (or vice
versa) behind the scenes. How do they achieve this translation between IP addresses and host names?

 The mapping of host names to IP addresses is handled through a service called Domain Name Service (DNS).
Rather than require individual machines, applications, or users to keep up with the constant changes in host
names and IP addresses, a series of special DNS servers across the world (known as "name servers") keep
track of the name/address information for all the computers on the Internet.

 Applications that need to determine an IP address from a host name (or vice versa) contact the local "name
server" to supply this information.
17
Cont…

For instance, if you use a web browser to check out the site "web.mit.edu", the program
actually first contacts your local DNS machine to obtain the IP-address that matches the host
name you provided; then the program uses that IP address to complete your request.

• DNS is used much more frequently than is usually supposed: virtually every activity that
moves information across the network (getting web documents, transferring files, sending or
receiving electronic mail) relies on DNS.

18
Continued!!

19
 Domain Controllers
• It contains directory containing information about objects in
domain.
• On Microsoft Servers, a domain controller (DC) is a server
computer that responds to security authentication requests
(logging in, checking permissions, etc.) within a
Windows domain.
• It is a server on a Microsoft Windows or Windows network
that is responsible for allowing host access to Windows
domain resources.

20
 Cont.
• A domain controller is the centerpiece of the Windows Active
Directory service.
• It authenticates users, stores user account information and enforces
security policy for a Windows domain.
• A domain controller gives access to another domain in a trust
relationship so that a user logging into a domain can access resources
in another domain.
• If the server performing the domain controller role is lost, the domain
can still function.
• If the primary domain controller is not available, the administrator can
designate an alternate domain controller to assume the role.
21
Cont…

Active Directory is a directory service that enables administrators to

create organizational divisions called domains.
A domain is a logical container of network components, hosted by at
least one server designated as a domain controller.
The domain controllers for each domain replicate their data among
themselves, for fault tolerance and load balancing purposes.
An AD domain controller authenticates and authorizes all users and
computers in a Windows domain type network-assigning and
enforcing security policies for all computers and installing or
updating software.

22
Cont…

Fig 2.1 Domain controller

23
Fig 2.2 Subdomain controller
24
Domain Controllers, Member Servers, and Domain Services

When you install Windows Server 2012 on a new system, you can
configure the server to be a member server, a domain controller, or
a standalone server.
The differences between these types of servers are extremely
important.
Member servers are part of a domain but don’t store directory
information.
Domain controllers are distinguished from member servers because
they store directory information and provide authentication and
directory services for the domain.

25
Cont.

Standalone servers aren’t part of a domain. Because standalone

servers have their own user databases, they authenticate logon
requests independently.
Domain Controllers -Contains directory containing information
about objects in domain
Replication- Process of copying directory data to multiple
domain controllers
26
Cont…

Fig 2.3 Active directory replication

27
 Windows Active Directory
• Active Directory is hierarchical database enables administrators to
organize users and network resources to reflect the organization of the
environment in which it is used.
• For example, if a company identifies its users and resources primarily
by department or location, Active Directory can be configured to mirror
that structure.
• You can structure Active Directory and organize the objects
representing users and resources in a way that makes the most sense.
• Active Directory offers the following features, among others, that
make it a highly flexible directory service:

28
Cont…

 Hierarchical organization—this structure makes

management of network resources and administration of
security policies easier.
 Centralized but distributed database—all network data is
centrally located, but it can be distributed among many
servers for fast, easy access to information from any
location.
 Automatic replication of information also provides load
balancing and fault tolerance.

29
Cont.
 Active Directory replication is the transfer of information among
domain controllers to make sure all domain controllers have
consistent and up-to-date information.
 Scalability—Advanced indexing technology provides high-
performance data access, whether Active Directory consists of a few
dozen or few million objects.
 Security—Fine-grained access controls enable administrators to
control access to each directory object and its properties.
 Active Directory also supports secure authentication protocols to
maximize compatibility with Internet applications and other systems.

30
Cont…

 Flexibility—Active Directory is installed with some predefined

objects, such as user accounts and groups, but their properties can

be modified, and new objects can be added for a customized

solution.

 Policy-based administration—Administrators can define policies to

ensure a secure and consistent environment for users yet maintain

the flexibility to apply different sets of rules for departments,

locations, or user classes as needed 31

Overview of the Active Directory Structure

The best way to understand how Active Directory works is to install

it and start using it, but first, knowing the terms used to describe its
structure is helpful.

 There are two aspects of Active Directory’s structure:

 Physical structure

 Logical structure

32
 Active Director’s Physical structure

The physical structure of Active Directory consists of a database that

is replicated to all domain controllers in a Forest.

The storage architecture of Active Directory has different parts:

Forests, Domains, and Organizational Units are the core elements.

DNS provides name resolution for domain controllers.

33
Fig 2.4 The physical structure of Active Directory

34
 Cont…
The physical structure consists of sites and servers configured as domain
controllers.

An Active Directory site is nothing more than a physical location in which
domain controllers communicate and replicate information regularly.

Specifically, Microsoft defines a site as one or more IP subnets connected

by high-speed LAN technology.

A small business with no branch offices or other locations, for example,

consists of a single site.
35
 Cont..
However, a business with a branch office in another part of the city
connected to the main office through a slow WAN link usually has two
sites.

Typically, each physical location with a domain controller operating in a

common domain connected by a WAN constitutes a site.

The main reasons for defining multiple sites are to control the frequency
of Active Directory replication and to assign policies based on physical
location.
36
 Cont…

 Another component of the physical structure is a server configured

as a domain controller, which is a computer running Windows Server
2012 with the Active Directory Domain Services role installed.
 Although an Active Directory domain can consist of many domain
controllers, each domain controller can service only one domain.
 Each domain controller contains a full replication of the objects that
make up the domain and is responsible for the following functions:

37
 Cont..

 Storing a copy of the domain data and replicating changes to that data

to all other domain controllers throughout the domain.

 Providing data search and retrieval functions for users attempting to

locate objects in the directory

 Providing authentication and authorization services for users who log

on to the domain and attempt to access network resources.

38
Active Directory’s Logical Structure
• A domain is defined as a logical group of network objects (computers,
users, devices) that share the same Active Directory database.
• A tree is a collection of one or more domains and domain trees in a
contiguous namespace, linked in a transitive trust hierarchy.
• At the top of the structure is the forest.

Fig 2.5 Active Directory logical structure

39
Working with Active Directory

Windows Server 2012 supports a multi-master (a method of replication

employed by databases to transfer data or changes to data across multiple
computers) replication model.
In this model, any domain controller can process directory changes and then
replicate those changes to other domain controllers automatically.
Windows Server distributes an entire directory of information, called a data
store.
 Inside the data store are sets of objects representing user, group, and computer
accounts as well as shared resources such as servers, files, and printers.

40
 Active Directory
A directory service is a repository of information about the resources
—hardware, software, and human—that are connected to a network.
Users, computers, and applications throughout the network can
access the repository for a variety of purposes, including user
authentication, storage of configuration data.
Active Directory, on the other hand, stores all of the domain
information in a common and searchable format.
41
Cont..

• All the user accounts, computer accounts, group accounts, access

control lists, security identifiers, Group Policy Objects (GPOs), shares,
printers, properties about people and their locations, are all stored in
the Active Directory.

42
Cont…
Active Directory provides the following network services:
Lightweight Directory Access Protocol (LDAP) – An open standard used to
access other directory services

Security service using the principles of Secure Sockets Layer (SSL) and
Kerberos-based authentication

Hierarchical and internal storage of organizational data in a centralized location

for faster access and better network administration

Data availability in multiple servers with concurrent updates to provide better

scalability

43
 The Role of a Directory Service

A network directory service, as the name suggests, stores information

about a computer network and offers features for retrieving and managing
that information.

Essentially, it’s a database composed of records or objects describing

users and available network resources, such as servers, printers, and
applications.

Like a database for managing a company’s inventory, a directory service

includes functions to search for, add, modify, and delete information.
44
 Cont..
Unlike an inventory database, a directory service can also manage how
its stored resources can be used and by whom.
For example, a directory service can be used to specify who has the
right to log on to a computer or restrict what software can be installed on
a computer.
A directory service is often thought of as an administrator’s tool, but
users can use it, too.
Users might need the directory service to locate network resources, such
as printers or shared folders, by performing a search

45