Windows 2003 – Server Roles
Microsoft’s slogan of – ‘Easy to deploy, use, and manage’ – does have a ring of truth. However, it does rely on you having the knowledge and skill to make your Windows Server 2003 fulfil its potential. I must confess that even though I am familiar with the different types of server, every time I checked with the ‘Configure Your Server Wizard’, I found at least one feature that I would otherwise have missed, so my mantra became – ‘Give the wizard a chance’.
Roles To Configure Your Windows 2003 Server
- Domain Controller
- DNS (WINS)
- File Server
- Print Server
- Application Server
- Mail Server
- Terminal Services
- RAS – Dial-in or VPN
Certain server roles are best combined, for example domain controller, DNS, and DHCP, whilst other roles are better on their own server, for example I would separate email (Exchange) from Terminal Services.
Active Directory is a huge topic in itself. While DCPROMO is easy to run, planning of both the physical and the logical structure is the key to a trouble free active directory. Good news, in Server 2003 you can rename the both the domain itself and the domain controller (Renaming was greyed out in Windows 2000).
Domain controllers do not have to be your most powerful machines, however they must be reliable and always available to answer logon requests. Decide which DCs will hold which FSMO (Flexible single master operations) role. By default, only the first server is a GC (Global Catalog). Having at least one GC on each site will improve any service which makes and LDAP request for Active Directory names.
Install the Replication Monitor from the Support folder of the Server CD
Active Directory absolutely relies on DNS, this is why you must become an expert on configuring DNS. Once DNS is setup, it runs itself thanks to the new dynamic component hence DDNS. TCP/IP knowledge plus understanding of how DNS works is essential when troubleshooting connectivity problems.
What DNS does is enable client machines to resolve servers IP addresses. Once the client finds the server, Active Directory uses LDAP to locate services like Kerberos, Global Catalog that clients request.
Your first domain controller can be tricky to setup. To begin with plan then check the Computer Name found in the System Icon. Before you run DCPROMO make sure you have the correct Primary DNS Suffix, drill down through the More.. button.
My tactic is to do as little configuring of the forward lookup zone as possible and leave it all to the DCPROMO wizard. Once Active Directory creates the forward lookup zone, I configure Active Directory integration to to replicate DNS records to the other servers. Then I manually create the reverse lookup zone, add PTR records and check with NSLOOKUP.
If you are troubleshooting DNS _SRV records, try stopping and starting the Netlogon service.
Make it your reflex to install DNS on domain controllers.
(All I want to say about WINS is plan to phase it out, you only need it for Windows 9x clients.)
I used to think you needed a DHCP server on every Subnet, but now I recommend just two DHCP servers to share each scope, with a DHCP relay agent on each subnet. DHCP fits in well with DNS and domain controllers, so I would install DHCP on selected domain controllers.
Once you have installed DHCP, there is much configuration work. But before you do anything else, you must Authorize the DHCP servers in Active Directory. I believe this authorization is a device to make you stop and think ‘do I need another DHCP server?’ Officially the authorization is to prevent rogue techies installing an extra DHCP server when it takes their fancy.
Now you are ready to decide which of the numerous Scope Options to configure e.g. 003 Router, 006 DNS Servers.
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
Perhaps the NPM’s best feature is the way it suggests solutions to network problems. Its second best feature is the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.
How to Configure a Server: File Server Role
Unlike the above roles, file servers should be member servers, installing Active Directory here would be a disadvantage. Here are is your checklist of features for a file server that you might wish to deploy.
- Disk Quotas – NTFS partitions
- Share and NTFS Permissions – Share Wizard, here is a wizard I really like
- Offline Settings for laptops
- DFS and or RAID
- Indexing service (Forgotten Service)
- RAID and or DFS?
- New feature – Shadow Copies
File servers have always combined well with print servers.
Print servers probably show the greatest variation of machine, from dedicated print servers, you get printers hanging off domain controllers to ‘Jet Direct’ printers with their own network cards. In my experience there is a contrast between the software settings which are easy to configure and the hardware which constantly cries for attention e.g. paper jam, ‘out of toner’. Here is a checklist to for the software components of your print server:
- Add Printer Wizard – same as ever
- Drivers for Windows 9x clients
- Change Spooler to another volume
- Printer Priority
- Network Printers
- Web Based Printing (Clients)
- Windows 8 Printer Problems
Application Server Role
The sort of applications that I mean are database, e.g. SQL or web e.g. IIS.
There is rarely any advantage in installing Active Directory on Application servers, and often this combination creates problems as Active Directory and application services fight for resources or control of components. So install Application servers on their own member server.
Authentication is important for all server roles, but fail to tie down permissions on an application server and you could get sensitive company information being made available to everyone. Failure to control security could also invite hackers to attacking your data. So, delve into all aspects of security on your database servers.
There are extra hardware considerations for your application server. Pamper your database ‘crown jewels’ with hardware RAID. Get a trial of clustering. Clustering is technically interesting, is the way of the future and it will take reliability to another level. Convince who ever holds the purse strings that the greater availability and less downtime will pay for clustering.
How to Configure a Server:Mail Server Role
Mail servers benefit from being on their own server, separate from domain controllers and separate from database servers like SQL. Your checklist should include:
- DNS (MX) record
- Site Connectors, SMTP connectors
- SMTP service, SMTP virtual server object
- POP3 and IMAP server objects
- Fire Wall
- Configuring Mailboxes
- OWA (Outlook web access)
- (Client’s Outlook)
NTM will produce a neat diagram of your network topology. But that’s just the start;Network Topology Mapper can create an inventory of the hardware and software of your machines and network devices. Other neat features include dynamic update for when you add new devices to your network. I also love the ability to export the diagrams to Microsoft Visio.
Finally, Guy bets that if you test drive the Network Topology Mapper then you will find a device on your network that you had forgotten about, or someone else installed without you realizing!
Download your 14 day free trial ofSolarWinds Network Topology Mapper
Rather exotic perhaps, but if you do need to support clients who need audio or video services, then there is a separate Windows Media Service to install through Add Remove Programs, Windows Settings.
Terminal services is Microsoft’s thin client solution. The Windows 2003 server does all the processing, and the clients connect from a machine which essentially becomes a dumb terminal. Terminal Services is built into Windows Server 2003, it is not a separate product as it was in NT 4.0. However it lies dormant and you need to install it thought the Add or Remove Programs / Windows Components. You will also need to install Terminal Service Licensing on one of your servers. Check out special group for Terminal Server Licencing in Built-in folder of Active Directory Users and Computers.
The main question is which mode will you run terminal? Remote Desktop for Administration or Application mode.
When you install the programs for Terminal Services check out – special ‘Transforms’ method. 32 Bit programs should be o.k. Also search websites for scripts to make any non Microsoft applications operate in multi session mode.
Group Policy. There are Group Policies just for Terminal services, e.g. Do not let users accidentally Shut Down the terminal server when they think they are shutting down their own machine!
Permissions. By default every user can access a terminal server, perhaps you wish to change this.
I like thePermissions Analyzer because it enables me to see WHO has permissions to do WHAT at a glance. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, and takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free SolarWinds utility saves when you are troubleshooting authorization problems for user’s access to a resource. Give this permissions monitor a try – it’s free!
The RAS or Routing and RAS has come along way from its NT 4.0 days. The fact that it is now built in and installed by default is in an indication of its more robust nature and greater importance. There are lots of components and technologies to understand and configure to make a successful RAS server:
- RAS hardware or a fast internet connection if you are relying on VPN.
- DHCP Relay agent or a special IP range for clients.
- Extra ‘Remote Access Policies’ to control dial up users
- User properties, Dial-up tab to allow and control Remote Access Permission
- Other optional considerations NAT (Network Address Translation), RADIUS service with your ISP.
Summary of How to Configure Windows Server Roles
Lookout for server roles that you can combine, for example domain controller, DNS, and DHCP. Also be aware of other roles that are better deployed on their own server, for example, Exchange Server or File and Print server.
If you like this page then please share it with your friends