Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
/

Win 2K review: Forget NT, this is something very different

Today's breaking news
Send to a friendFeedback

By Russell Kay

Computerworld, 10/19/99

Microsoft Corp. had a very good reason for renaming its planned Windows NT 5.0 operating system Windows 2000. The new network-based OS is far, far different than the NT 4.0 that IT managers have come to know over the past several years and five service packs.

Compared to its predecessor, NT 4.0 Enterprise Edition, Win 2K Advanced Server is much more complex and admits much greater degrees of control. It also requires more intensive and deep networking knowledge than I suspect that many IT departments can muster.

Based on a Microsoft training course I took last week, it's clear that most NT administrators and network designers are going to need extensive training right from the get-go to implement Win 2K. Course instructor Ed Fandery of Productivity Point International pointed out that learning and implementing Advanced Server is like NT 4.0 Enterprise plus the entire BackOffice suite of servers-and then some.

Log me on, Scotty!

The new Windows 2K Advanced Server requires that a surprising number of different server engines be set up redundantly and operating. Even the simple act of logging on works totally differently. Under NT 4.0, a log-on request generates a broadcast call to locate the server or primary domain controller (PDC). That's simple enough but perhaps creates more network traffic than is desirable.

Under Win 2K, that same log-on request invokes a single direct call to the Domain Name Server (DNS) for IP address resolution. If the DNS isn't accessible, for whatever reason, no log-on is possible, even though the server is waiting. Almost all interfaces with servers are via names at the user level and via IP addresses underneath, meaning that DNS is everywhere.

What's in a name?

The organization of Win 2K networks is somewhat different from NT, and hard to explain for two reasons. First, much of it is nonhierarchical in nature, relating to considerations such as location and bandwidth. Second, there exist several different sets of network nomenclature that are intermingled and used together, not just in the teaching and reference material but in the on-screen dialogue boxes as well.

The serious problem is that none of these metaphoric terms exactly match up to one another, and sometimes they don't reflect the networks' real structure. Here is some of the lexicon that Microsoft introduced us to:

•The basics: site, domain, organizational unit. These are the fundamental network building blocks. Domains are managed by Domain Controllers and contain subdomains and Organizational Units (OU). OUs are administrative units whose administration can be delegated, and OUs can be nested within OUs can be nested within OUs can be nested Φ but you don't want to go over 12 levels of nesting or else the system will start slowing dramatically. Those two are hierarchical, while a Site is a collection of domains with "good network connectivity" that's defined as LAN speed.

Your organization may have a Chicago office and a London shop; they're part of the same Forest, but you'll want to make them separate sites, each with its own copy of the global catalog (which is a subset of the Active Directory). If you don't, a lookup request to find a London e-mail address may itself have to cross the Atlantic. But a domain can be part of several sites, too.

•The out-of-sights: users, resources, groups. These vital objects are there because they must be, but they're quite different. Users is really just a folder containing information about individual user accounts; it's not subject to Win 2K's group policies and is just there as a holding tank during migration. Normally users are made part of an Organizational Unit. Resources are things like printers. A group is a collection of users and resources for the purposes of administering permissions and for e-mail segmentation. An OU, however, is subject to Group Policies in what permissions its members have.

•The family values: parent, child, sibling.

These familiar terms depict relationships between objects. Simple enough, but, based on what I saw , uncle, brother-in-law, and second-cousin-twice-removed should make the list any day now.

•The woodies: forest, tree, root. These are important but nonintuitive concepts. A forest is a grouping of one or more related domains, characterized by sharing the same structure of attributes (called a schema) and by trusting one another. The root, as in Unix, is the start of everything. Tree seems to mean a subgrouping of related domains within a forest; it isn't much used and imparts no distinctive attributes.

It's company policy

What's the difference between a right and a permission? Under Win 2K, a permission gives access to a system resource, such as to use a printer or read a file, while a right allows the user to do some system task, such as log on, delegate rights, administer a specific group, and so forth.

Confused? Wait until you find out that the two must be separately administered using different tools. All rights are granted through a Group Policy, which as you might suspect applies to a group (of users).

Ouch, I didn't mean that

It appears to be entirely possible for domain administrators to shoot themselves in the foot, i.e., to lock themselves out of the domain entirely such that the only recourse is to reinstall Windows 2K AS and reconfigure the network. ("Warning: this is being done by trained professionals; do not attempt this in your living room Φ") Another place where Win 2K administration has a serious gap is in documenting its own structure.

Say you delegate the administration of OUs to other people, then you leave the company. There's no simple way to tell who is in charge of those OUs.

Finders keepers

How do you look up a user in a directory? You don't. Even if you're the domain administrator, unless you know what directory to look into, the only way to find a user is through a Search command.

It works fairly well, but it's still just a search command. Behind the scenes, it actually invokes two different mechanisms: DNS for locating the proper domain and server, and Lightweight Directory Access Protocol (LDAP) for finer granularity of attributes.

School daze

Unless they're planning a quick trip into another profession, savvy IT managers who currently have NT in their job description had better plan on taking some fairly heavy-duty training courses on the innards of Win 2K. Microsoft's own certification program is being revamped for Win 2K, and current Microsoft Certified Systems Engineers (MCSE) will have to take at least two or three more exams to be certified for Windows 2000. (See www.microsoft.com/mcp/certstep/mcse.htm for full details.)

For more enterprise computing news, visit Computerworld online. Story copyright © 1999 All rights reserved.

RELATED LINKS

Feedback
Tell us your thoughts on this article or the issues it raises.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.