Microsoft Windows XP Networking Inside Out
.pdf
3: Network Connectivity
10 Chapter
Part 3: Network Connectivity
So, to change the ICS host to another computer, follow these steps:
1Disable the ICS host computer by clearing the Allow Other Network Users To Connect Through This Computer’s Internet Connection option on the Advanced tab of the Internet connection’s properties dialog box. This will clear the former ICS host’s IP address.
2On the computer you want to become the new ICS host, run the Network Setup Wizard again, and select the option This Computer Connects Directly To The Internet. The Other Computers On My Network Connect To The Internet Through This Computer. When prompted, select the Internet connection directly connected to this computer that you will be sharing with the rest of the workgroup.
3After the ICS host computer setup is complete, run the Network Setup Wizard on the client computers so that they will be configured to use the new ICS host. Select the option This Computer Connects To The Internet Through Another Computer On My Network Or Through A Residential Gateway for each client computer.
caution Each time you run the Network Setup Wizard it will attempt to change the name of your workgroup to the default name, MSHOME. If this isn’t the name you want, be alert and type in your own workgroup name each time. If your entire workgroup is not set to the same workgroup name, you will lose network connectivity.
Common Workgroup
Problems and Solutions
You might run into problems with your network even though you’ve used the Network Setup Wizard. This section covers common problems you might encounter when setting up your workgroup.
Clients Cannot Connect
Client computers can only connect to each other if they have a proper IP address and subnet mask. Run the Network Setup Wizard again on the clients that are unable to connect. If you continue to have problems, make sure that the computers are physically connected to the network. See your networking hardware documentation for additional information and troubleshooting tips. Also, see Chapter 12, “Solving Connectivity Problems,” to learn about additional tools and troubleshooting steps to help you.
308
3: Network Connectivity
Chapter 10: Managing Network Connections
Windows 95 Clients Cannot Connect
The Network Setup Wizard is not supported on Windows 95, Windows NT 4.0, or Windows 2000 clients. However, you can manually configure these computers to access the network. Simply configure them to use DHCP to automatically receive IP configuration information. Make sure you also install Client For Microsoft Networks and File And Printer Sharing For Microsoft Networks on each computer. See the Windows 95 help files for more information.
Manually Assigned Static IP
Addresses Cause Conflicts or Access Problems
In most cases, your best solution to conflicts caused from incorrectly assigned static IP addresses is to allow Windows XP to automatically assign IP addresses using APIPA by running the Network Setup Wizard. However, if you do assign static addresses manually, you need to make sure they are all in the same IP address range and subnet. See “Understanding TCP/IP in Depth,” page 24, to learn more about TCP/IP.
The ICS Host Does Not Work
If the ICS host does not seem to be working, make sure the ICS service is running by following these steps:
1Choose Start, Control Panel, and open Administrative Tools. Then open Computer Management.
2In the Computer Management console, expand Services And Applications in the left pane, and select Services.
3In the right pane, locate Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS) and make sure that the service is started, as shown in Figure 10-12.
4If the service does not appear to be started, right-click the service and choose Start.
If the ICS host still doesn’t work, try manually connecting to the Internet and using the Internet to ensure that your Internet connection is working. If you are using a dial-up connection, check the Advanced tab of its properties dialog box to ensure that the Establish A Dial-Up Connection Whenever A Computer On My Network Attempts
To Access The Internet option is selected.
Chapter 10
309
3: Network Connectivity
Part 3: Network Connectivity
Figure 10-12. Check the Status column to ensure that the ICF/ICS service is Started.
10 Chapter
Internet Usage with ICS Is Slow
Remember that if multiple computers are using a single Internet connection, you might experience a slowdown in browsing performance. This is particularly likely if you are using a dial-up connection or if other users are downloading multimedia files or using streaming media. You might also see a slowdown if the ICS computer is heavily burdened.
A Client Can Connect to Other Network
Clients, But None Can Connect to Him
When one computer on the network can’t be contacted by others on the network, most likely ICF is enabled on the LAN NIC of the computer that others can’t connect to. ICF will not allow network traffic when it is enabled on the LAN’s NIC. To resolve this problem, open the LAN’s properties dialog box, select the Advanced tab, and clear the option in the Internet Connection Firewall dialog box.
caution Be careful to disable ICF on the LAN connection, not on the Internet connection.
ICS Clients Cannot Autodial an AOL Connection
Some ISPs, such as AOL, do not use Windows Dial-Up Networking. In this case, you must manually establish an Internet connection from the ICS host before ICS clients can access the Internet.
For an entire chapter dedicated to troubleshooting network problems and the tools you can use to help resolve these problems, see Chapter 12, “Solving Connectivity Problems.”
310
Chapter 11
Understanding |
|
Active Directory |
311 |
Domains |
|
Running |
|
Windows XP |
|
Professional |
|
in a Domain |
321 |
Environment |
|
Joining a Domain |
322 |
Logging On to a |
328 |
Windows Domain |
|
Ensuring That |
|
You Have Logged |
330 |
On to the Domain |
|
Surveying |
|
Windows XP |
|
Changes in a |
330 |
Domain Setting |
|
Finding |
|
Domain |
336 |
Resources |
|
Leaving a Domain |
344 |
Accessing |
|
Domain Resources |
|
from Windows XP |
344 |
Home Edition |
3: Network Connectivity
Understanding
Domain
Connectivity
In small office and home networks, the workgroup design is often the best solution, and Microsoft Windows XP gives you all that you need to create a highly effective workgroup. However, large networks quickly outgrow the workgroup model because there is no centralized administration and security. The solution is to create a Microsoft domain-based network. Because domains can be very large and complex, and are run by network administrators, the details of administering a domain are beyond the scope of this book. This chapter discusses the components that make up a domain as well as the use of Windows XP Professional in a domain environment including information on how to join a domain, how to use the domain’s resources, and how to leave the domain.
note Windows XP Home Edition can access some shared resources in a domain but cannot join a Windows domain. See “Accessing Domain Resources from Windows XP Home Edition” on page 344 for more information. Windows XP Professional is the appropriate version of Windows XP to use for domainbased computing.
Understanding Active
Directory Domains
Before you log on to a domain from your Windows XP Professional computer, it’s important to understand the fundamental differences between a domain and a workgroup.
311
3: Network Connectivity
Part 3: Network Connectivity
11 Chapter
To read about computing with Windows XP in a workgroup environment, see Chapter 10, “Managing Workgroup Connections.”
The Microsoft Windows 2000 line of server products introduced a new Windows domain architecture based on Active Directory, the underlying directory service that manages domain resources. Although some fundamentals of Active Directory domains are similar to those in Microsoft Windows NT 4.0 and earlier networks, Active Directory domains are fundamentally more powerful and flexible. This chapter focuses entirely on Active Directory domains because Windows NT 4.0–style domains have been phased out in most organizations.
For more information about the Active Directory directory service and its role in Windows domains, see “Active Directory,” page 319.
Domains are centrally managed. This fact drives how domains work and how Windows XP Professional functions within a domain. Network administrators manage the domain’s resources, which include the network’s shared computers, printers, devices, software services, and users. The domain is run on various computers known as servers that are dedicated to providing network services and storage space for applications and data. Some servers serve applications to the network users and offer shared disk space for user files. Other servers, known as domain controllers, are responsible for such administrative activities of the network as authenticating users who want to sign on to the network. Servers run one of the server editions of Windows, such as Windows 2000 Server or Windows 2000 Advanced Server. The server versions of Windows enable network administrators to secure the domain and control which users can sign on and what they can do after they are connected to the domain.
Domain Servers
The domain controller mentioned in the preceding section is one type of server used to administer a domain. There are several different roles in which Windows Active Directory–based servers can be used. The following list gives you a quick overview of the more common roles:
●Domain controller. Domain controllers are used to manage user authentication and communication with other domains. Each domain must have at least one domain controller (although typically more than one domain controller is used to provide redundancy and to help balance network load). Active Directory domain controllers maintain the Active Directory database, which keeps track of all users, computers, and shared resources.
●Member server. Active Directory servers that are not domain controllers are known as member servers. They can function as print servers or file servers or can act in other specialized roles, such as those mentioned in this list.
●Dynamic Host Configuration Protocol (DHCP) server. A DHCP server assigns IP configuration data to network clients and makes sure that each
312
3: Network Connectivity
Chapter 11: Understanding Domain Connectivity
client computer has a unique IP address. In a nutshell, the DHCP server handles all IP addressing automatically so that each client has network connectivity. You can learn more about TCP/IP and DHCP in Chapter 2, “Configuring TCP/IP and Other Protocols.”
●Domain Name System (DNS) server. Active Directory networks use DNS, the same naming system widely used on the Internet, to uniquely identify network computers. DNS uses discrete names, such as www.microsoft.com, to organize all client and domain names. You can read more about DNS in “Domain Name System (DNS)” on page 24.
●Windows Internet Naming Service (WINS) server. WINS is used rather than DNS in pre–Active Directory networks as the default Windows naming service. In environments where older client computers, servers, and applications requiring NetBIOS name resolution are used, WINS servers can be provided for backward compatibility.
●Terminal server. Terminal Services is a program that runs on a Terminal server and allows clients to log on to the Terminal server and run applications directly from it, as though they were logged on the computer locally.
Managing Multiple Server Roles on One Computer
Several server roles are often combined on one server. For example, a domain controller can also be a DNS server, or a DHCP server can also be a Terminal server. Because each server role is accomplished by running a software program called a service on a designated computer, you can run all of these services on one server. This saves the cost and complexity of configuring multiple machines.
One problem network administrators face, however, is load balancing, which is the art of distributing network activity across several machines so that the network doesn’t slow down due to bottlenecks on overused servers. Because of the demands placed on servers by network clients, there are often dedicated DNS or DHCP servers as well as dedicated file and print servers. This frees up the domain controllers to focus on their primary tasks instead of providing all of these additional services. Another reason to use multiple computers is to eliminate single points of failure. If one server in the domain should fail, it will not bring down multiple services. For even higher reliability, multiple computers can be used to provide fault tolerance, a model in which more than one server is used for each server role. If one server should fail, another can take over its functions automatically and keep the network running while repairs are made to the failed server.
As you might imagine, each server entails additional costs in terms of hardware and administrative overhead. Therefore, the decisions about the number of servers to use and how they will be managed can be difficult and complex issues for network planners.
Chapter 11
313
3: Network Connectivity
Part 3: Network Connectivity
Understanding Domain Structure
A number of components come together to provide the features and functionality of an Active Directory domain. There are three essential structural components:
●The domain
●The organizational unit (OU)
●The site
The basic unit of organization in an Active Directory network is the domain. A domain is a logical grouping of users and computers for administrative and security purposes. Notice that the term logical is used. The design of the domain is based on administration and security issues, not where the computers are physically located. In fact, a domain can hold computers located in one physical building, distributed across a corporate campus, or even spread out around the world. In the following illustration, the domain exists in a single office building. Domain controllers and other necessary servers reside at the same location and service the needs of clients. One or more administrators manage the network.
Domain
Domain controller
11 Chapter
Workstation Workstation
Workstation |
Workstation |
Workstation |
However, a domain can also encompass multiple locations and require wide area network (WAN) links, as shown in the following illustration.
314
3: Network Connectivity
Chapter 11: Understanding Domain Connectivity
|
Single Domain, |
Workstation |
Two Locations |
Location 1
Workstation
Domain controller |
Workstation |
WAN link
Location 2
Domain controller |
Workstation |
Workstation |
Workstation |
As the figure shows, there are two locations, but only one domain. Users are connected between the locations with a WAN link, but there is still only one domain. So, the domain is a logical grouping used for administrative purposes. Active Directory networks can contain thousands of users and computers in a single domain. In fact, many large networks function with a single domain.
But in some cases, different domains are necessary for the same network environment. Perhaps your company consists of a corporate headquarters and a manufacturing plant, and that security needs and user administration are completely different at
the corporate headquarters and the manufacturing plant. In this case, two different domains might be preferred to implement different security standards and different administrative needs.
The problem is that domains are expensive, both in terms of computer hardware (multiple servers) and administrative personnel (more administrators). Multiple domains also can be difficult and complex in terms of communicating and accessing resources between the two domains. For this reason, network planners always prefer to use one domain whenever possible. Multiple domains are only used when portions of a network have very different security or administrative needs than other portions.
Chapter 11
315
3: Network Connectivity
Part 3: Network Connectivity
11 Chapter
However, what if you need to make some divisions within a domain without making major security or administrative changes? What if one administrator needs to control a portion of the domain and another needs to administer a different portion? In this case, network administrators create organizational units (OUs). An OU is a unit of administration that is created within a domain. In the following illustration, there is one domain, but within the domain, three OUs have been established along administrative boundaries so that the Marketing, Production, and Sales groups are handled by different administrators.
|
|
Single Domain |
|
|
with OUs |
|
Domain controller |
|
Marketing OU |
Production OU |
Sales OU |
Workstation |
Workstation |
Workstation |
In this case, a different OU is created for each division, and all users and shared resources for each division are stored within that division’s OU. Domain administrators can delegate control of each OU to different administrators. The good news is that everything is still within the same domain and handled by the same domain controllers, but different administrators can control different portions of the domain.
OUs can be used for a variety of purposes, depending on the organizational needs of the business. Because OUs are used to organize data or users for management purposes, there are a number of possible applications:
●In many environments, different departments or company divisions are managed with OUs. This helps organize resources such as printers, helps to manage which users have permission to use which resources, and allows different administrators to manage different portions of the network.
316
3: Network Connectivity
Chapter 11: Understanding Domain Connectivity
●In some cases, OUs are also used to manage different classes of resources. For example, there might be a Users OU, a Shared Folder OU, a Printers OU, and so forth. Administrative responsibilities are handled based on resources— one administrator might only handle user accounts, whereas another might manage shared printers. This feature helps keep the resources organized and easy to manage.
●OUs can also be based on locations. If your domain spans Houston, Los Angeles, Seattle, and Phoenix, each physical location could function as an OU so that local administrators could manage each physical location.
There are many different applications for OUs that give networks the flexibility they need while keeping the single domain model. This structure fixed many problems that administrators often faced in Windows NT networks, where domains tended to grow out of control and were difficult to manage.
Active Directory networks also enable you to manage physical network locations by organizing them as sites. A site is a physical location where bandwidth between network clients is considered fast and inexpensive. For example, users located in one building might be considered a site because they all belong to a local area network (LAN). However, other users in the same domain might reside in a different site across town because a WAN link is required to link the two sites together.
So, if Active Directory uses domains and OUs to organize resources and administration, why are sites even needed? There are two primary reasons:
● Traffic. Sites help Active Directory determine which locations are local and which ones are not. LAN bandwidth is usually inexpensive and fast. However, if you have to use a WAN link between locations, its speed is often slower and can even be costly to the company. Sites help Active Directory know where the slower and more expensive links reside so that it can help optimize traffic from one site to the next.
● Replication. Active Directory domain controllers function in a peer fash- |
11 |
|
ion. Each contains a copy of the Active Directory database, and they all |
Chapter |
|
have to replicate its contents with each other to make sure that information |
||
|
||
is up-to-date and redundant in case one server goes down. For example, |
|
|
suppose you’re an administrator. You add a user to the network using a |
|
|
domain controller. That domain controller then replicates the change to |
|
|
another domain controller, and the process continues until all the domain |
|
|
controllers have the same information. This replication traffic can occur |
|
|
frequently, which can be a big problem over a WAN link. So, sites are used |
|
|
to help Active Directory know how to control replication between domain |
|
|
controllers based on where the domain controllers physically reside. |
|
|
Sites, OUs, and domains are all important to the structure, management, and function- |
|
|
ality of an Active Directory domain-based network. |
|
317