[ Pobierz całość w formacie PDF ]
.Revision 1.0 This document should only be used by a Novell-certified instructor.IG 12-35If you think this document was pirated, call 1-800-PIRATES or 1-801-861-7101.Integrating OtherNovell ServicesNetWare 5 Advanced Administration Instructor GuideSecurity Determination from a Single User AccountIn the NDS database, each user account exists only once.Because allnetwork resources are in the same database, you do not need to createa user account on each server or domain a user needs to access.As aresult, you can determine from a single location what access rights auser has to any network resource.Figure 12-7: Determining All NT Domain Access from a Single NDS User AccountNDS also allows you to remove access to all network resources bydeleting a single user account.You can be assured that there are noother accounts (security holes) residing on other servers or domains forthat user.Having a single user object in NDS does not create a single point of failurex for network access.Because the NDS database that the user resides incan be partitioned and replicated to as many servers as needed on thenetwork, the user object should always be available.12-18IG 12-36 This document should only be used by a Novell-certified instructor.Revision 1.0If you think this document was pirated, call 1-800-PIRATES or 1-801-861-7101.Integrating Other Novell ServicesPresentation NotesSecurity Determination from aSingle User Accountd 12-7 (Figure 12-7:Determining All NT DomainAccess from a Single NDSUser Account)Discuss administering useraccess from a singlelocation.Revision 1.0 This document should only be used by a Novell-certified instructor.IG 12-37If you think this document was pirated, call 1-800-PIRATES or 1-801-861-7101.Integrating OtherNovell ServicesNetWare 5 Advanced Administration Instructor GuideEasy Movement of User AccountsMoving a user account from one domain to another is a cumbersometask under the Windows NT domain system.It involves recording userinformation on a piece of paper, deleting the user account, and thenrecreating that account in another domain.In NDS, because user accounts reside in an administrative containercalled an organizational unit, moving a user from one organizational unitto another is a simple procedure.For example, if Bill moves from marketing to engineering, you can moveBill s user account from the marketing organizational unit to theengineering organizational unit.Because the user account was notdeleted, all the properties associated with Bill s user account aremaintained.In NDS, users do not need to be moved from one NT domain to another.Windows NT domains are treated as groups to which NDS users canbelong.A user can be a member of as many domains as needed.Per-Object AdministrationIn Windows NT domains, administrative rights are granted on aper-domain, per-object-type basis.For example, you cannot grant a useradministrative rights to just one printer in a domain.You must grant theuser administrative rights to all printers in the domain.In NDS, administrative rights are granted on a per-object basis.Eachobject has a trustees list that determines other objects access to thatobject.12-19IG 12-38 This document should only be used by a Novell-certified instructor.Revision 1.0If you think this document was pirated, call 1-800-PIRATES or 1-801-861-7101.Integrating Other Novell ServicesPresentation NotesEasy Movement of User AccountsDiscuss how easily userscan be moved with NetWareAdministrator.Per-Object AdministrationDiscuss the level to whichadministration rights can begranted in NDS.Revision 1.0 This document should only be used by a Novell-certified instructor.IG 12-39If you think this document was pirated, call 1-800-PIRATES or 1-801-861-7101.Integrating OtherNovell ServicesNetWare 5 Advanced Administration Instructor GuideNDS for NT Componentsand Their FunctionsTo allow Windows NT domains to be managed from a single NDSdatabase, NDS for NT provides the following components:SAMSRV.DLLDomain Object WizardNovell NDS for NT ClientNetWare AdministratorMailbox Manager for Exchange12-20IG 12-40 This document should only be used by a Novell-certified instructor.Revision 1.0If you think this document was pirated, call 1-800-PIRATES or 1-801-861-7101.Integrating Other Novell ServicesPresentation NotesNDS for NT Components andTheir FunctionsIntroduce the NDS for NTcomponents.Revision 1.0 This document should only be used by a Novell-certified instructor.IG 12-41If you think this document was pirated, call 1-800-PIRATES or 1-801-861-7101.Integrating OtherNovell ServicesNetWare 5 Advanced Administration Instructor GuideSAMSRV.DLLAn application, such as NetLogon or User Manager for Domains, thatneeds access to information from the Windows NT domain makes arequest to SAMLIB.DLL.This includes applications that run on either aWindows NT Server or a Windows NT Workstation.Using Remote Procedure Calls (RPC), the SAMLIB.DLL communicatesto SAMSRV.DLL.SAMSRV.DLL then accesses the Windows NTSecurity Accounts Manager (SAM) where the domain database is storedand performs the requested operation.If an application is running on the Windows NT Server, this process iscompleted internally.If an application is running on a Windows NTWorkstation, RPC requests are sent to the Windows NT Server over thenetwork.Windows NT Windows NTWorkstation ServerApplications ApplicationsSAMLIB.DLL SAMLIB.DLLRPC RPCSAMSRV.DLLSAMDomainDatabaseFigure 12-8: Windows NT Server Domain Architecture12-21IG 12-42 This document should only be used by a Novell-certified instructor.Revision 1.0If you think this document was pirated, call 1-800-PIRATES or 1-801-861-7101.Integrating Other Novell ServicesPresentation NotesSAMSRV.DLLd 12-8 (Figure 12-8: WindowsNT Server DomainArchitecture)Review how the domaindatabase is accessed fromWindows NT Workstationsand Windows NT Serversbefore NDS for NT isinstalled.Revision 1.0 This document should only be used by a Novell-certified instructor.IG 12-43If you think this document was pirated, call 1-800-PIRATES or 1-801-861-7101.Integrating OtherNovell ServicesNetWare 5 Advanced Administration Instructor GuideNDS for NT renames the original SAMSRV.DLL file to MSSAMSRV.DLLand replaces it with a new DLL.The new DLL uses the original name,SAMSRV.DLL.The new SAMSRV.DLL from Novell redirects domain access calls toNDS.Thus, NDS can fulfill domain requests for Windows NT Servers,Windows NT Workstations, and applications.Windows NT Windows NT NetWareWorkstation Server ServerApplications ApplicationsSAMLIB.DLL SAMLIB.DLLRPC RPCNovellSAMSRV
[ Pobierz całość w formacie PDF ]