393 59 13MB
English Pages 325 Year 2004
ɋ. Ɋɟɣɦɟɪ, Ɇ. Ɇɚɥɤɟɪ
Active Directory ɞɥɹ Windows Server 2003. ɋɩɪɚɜɨɱɧɢɤ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚ/ɉɟɪ, ɫ ɚɧɝɥ. — Ɇ.: «ɋɉ ɗɄɈɆ», 2004.— 512 ɫ: ɢɥ.
ȼɜɟɞɟɧɢɟ. ɋɬɪɭɤɬɭɪɚ ɤɧɢɝɢ. ɋɨɝɥɚɲɟɧɢɹ, ɢɫɩɨɥɶɡɭɟɦɵɟ ɜ ɷɬɨɣ ɤɧɢɝɟ. ɑɚɫɬɶ I. Ʉɪɚɬɤɢɣ ɨɛɡɨɪ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory Windows Server 2003. Ƚɥɚɜɚ 1. Ʉɨɧɰɟɩɰɢɢ Active Directory. Ƚɥɚɜɚ 2. Ʉɨɦɩɨɧɟɧɬɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory. Ƚɥɚɜɚ 3. Active Directory ɢ ɞɨɦɟɧɧɚɹ ɫɢɫɬɟɦɚ ɢɦɟɧ. Ƚɥɚɜɚ 4. Ɋɟɩɥɢɤɚɰɢɹ Active Directory ɢ ɫɚɣɬɵ. ɑɚɫɬɶ II. Ɋɟɚɥɢɡɚɰɢɹ ɫɥɭɠɛɵ Active Directory Windows Server 2003. Ƚɥɚɜɚ 5. ɉɪɨɟɤɬɢɪɨɜɚɧɢɟ ɫɬɪɭɤɬɭɪɵ Active Directory. Ƚɥɚɜɚ 6. ɍɫɬɚɧɨɜɤɚ Active Directory. Ƚɥɚɜɚ 7. ɉɟɪɟɯɨɞ ɤ Active Directory. ɑɚɫɬɶ III. Ⱥɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory Windows Server 2003. Ƚɥɚɜɚ 8. Ɂɚɳɢɬɚ Active Directory. Ƚɥɚɜɚ 9. Ⱦɟɥɟɝɢɪɨɜɚɧɢɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ Active Directory. Ƚɥɚɜɚ 10. ɍɩɪɚɜɥɟɧɢɟ ɨɛɴɟɤɬɚɦɢ Active Directory. Ƚɥɚɜɚ 11. ȼɜɟɞɟɧɢɟ ɜ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ. Ƚɥɚɜɚ 12. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ. Ƚɥɚɜɚ 13. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɤɨɦɩɶɸɬɟɪɚɦɢ. ɑɚɫɬɶ IV. Ɉɛɫɥɭɠɢɜɚɧɢɟ Active Directory Windows Server 2003. Ƚɥɚɜɚ 14. Ɇɨɧɢɬɨɪɢɧɝ ɢ ɨɛɫɥɭɠɢɜɚɧɢɟ Active Directory. Ƚɥɚɜɚ 15. ȼɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɜ ɫɥɭɱɚɟ ɫɛɨɹ.
Ⱦɨɛɪɨ ɩɨɠɚɥɨɜɚɬɶ ɜ Active Directory Microsoft Windows Server 2003, ɹɜɥɹɸɳɢɣɫɹ ɢɫɬɨɱɧɢɤɨɦ ɢɧɮɨɪɦɚɰɢɢ, ɤɨɬɨɪɚɹ ɩɨɬɪɟɛɭɟɬɫɹ ɜɚɦ ɞɥɹ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ ɢ ɪɟɚɥɢɡɚɰɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory ɜ ɫɢɫɬɟɦɟ Windows Server 2003. ɋɥɭɠɛɚ ɤɚɬɚɥɨɝɚ Active Directory ɩɟɪɜɨɧɚɱɚɥɶɧɨ ɛɵɥɚ ɜɵɩɭɳɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Microsoft Windows 2000. Ȼɨɥɶɲɢɧɫɬɜɨ ɤɨɧɰɟɩɰɢɣ Active Directory, ɪɟɚɥɢɡɨɜɚɧɧɵɯ ɜ ɫɢɫɬɟɦɟ Windows 2000, ɫɨɯɪɚɧɢɥɢɫɶ ɢ ɜ ɫɢɫɬɟɦɟ Windows Server 2003, ɤɪɨɦɟ ɬɨɝɨ, ɩɨɹɜɢɥɨɫɶ ɦɧɨɝɨ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɢɣ. ɗɬɚ ɤɧɢɝɚ ɫɨɞɟɪɠɢɬ ɜɫɟ, ɱɬɨ ɜɵ ɞɨɥɠɧɵ ɡɧɚɬɶ ɨɛ Active Directory, ɜɤɥɸɱɚɹ ɞɟɬɚɥɶɧɭɸ ɬɟɯɧɢɱɟɫɤɭɸ ɢɧɮɨɪɦɚɰɢɸ ɢ ɪɭɤɨɜɨɞɫɬɜɨ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɨɟ ɞɥɹ ɩɥɚɧɢɪɨɜɚɧɢɹ, ɪɟɚɥɢɡɚɰɢɢ ɢ ɭɩɪɚɜɥɟɧɢɹ ɫɥɭɠɛɨɣ Active Directory ɜ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. Ⱦɪɭɝɢɦɢ ɫɥɨɜɚɦɢ, ɷɬɚ ɤɧɢɝɚ ɹɜɥɹɟɬɫɹ ɭɧɢɜɟɪɫɚɥɶɧɵɦ ɫɩɪɚɜɨɱɧɢɤɨɦ, ɫɨɞɟɪɠɚɳɢɦ ɜɫɟ, ɱɬɨɛɵ ɡɚɫɬɚɜɢɬɶ Active Directory ɪɚɛɨɬɚɬɶ ɧɚ ɜɚɫ.
Active Directory Microsoft Windows Server 2003 ɫɨɫɬɚɜɥɟɧ ɬɚɤ, ɱɬɨɛɵ ɧɚɢɛɨɥɟɟ ɩɨɧɹɬɧɨ ɨɩɢɫɚɬɶ ɢ ɨɛɴɹɫɧɢɬɶ ɬɟɯɧɨɥɨɝɢɢ Active Directory. Ɇɧɨɝɢɟ ɤɨɦɩɚɧɢɢ ɧɟ ɪɟɚɥɢɡɨɜɚɥɢ Active Directory ɜ ɫɢɫɬɟɦɟ Windows 2000, ɩɨɷɬɨɦɭ ɤɧɢɝɚ ɧɟ ɩɪɟɞɩɨɥɚɝɚɟɬ ɧɚɥɢɱɢɟ ɝɥɭɛɨɤɢɯ ɡɧɚɧɢɣ Active Directory ɭ ɱɢɬɚɬɟɥɟɣ. Ʉɧɢɝɚ ɧɚɱɢɧɚɟɬɫɹ ɫ ɨɩɢɫɚɧɢɹ ɨɫɧɨɜ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɢ ɨɛɴɹɫɧɟɧɢɹ ɬɨɝɨ, ɤɚɤ ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ ɪɟɚɥɢɡɨɜɚɧɚ ɜ Active Directory. Ɂɚɬɟɦ ɪɚɫɫɤɚɡɵɜɚɟɬɫɹ, ɤɚɤ ɪɚɛɨɬɚɟɬ Active Directory, ɤɚɤ ɟɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɢ ɤɚɤ ɭɩɪɚɜɥɹɬɶ ɟɸ ɜ ɜɚɲɟɣ ɫɪɟɞɟ. Ʉɧɢɝɚ ɪɚɡɞɟɥɟɧɚ ɧɚ ɱɟɬɵɪɟ ɱɚɫɬɢ, ɭɫɥɨɠɧɹɸɳɢɟɫɹ ɩɨ ɦɟɪɟ ɧɚɤɨɩɥɟɧɢɹ ɜɚɦɢ ɡɧɚɧɢɣ. ȼ ɱɚɫɬɢ I ɞɚɟɬɫɹ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɬɟɪɦɢɧɨɜ Active Directory ɢ ɤɨɧɰɟɩɰɢɣ. ȼ ɱɚɫɬɢ II ɨɛɴɹɫɧɹɟɬɫɹ ɩɥɚɧɢɪɨɜɚɧɢɟ ɢ ɩɪɨɟɤɬɢɪɨɜɚɧɢɟ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ Active Directory ɜ ɜɚɲɟɣ ɫɪɟɞɟ. ɉɨɫɥɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɫɥɭɠɛɵ Active Directory ɟɣ ɧɭɠɧɨ ɭɩɪɚɜɥɹɬɶ, ɩɨɷɬɨɦɭ ɜ ɱɚɫɬɢ III ɭɬɨɱɧɹɸɬɫɹ ɞɟɬɚɥɢ, ɤɚɫɚɸɳɢɟɫɹ ɭɩɪɚɜɥɟɧɢɹ ɫɥɭɠɛɨɣ Active Directory, ɢ ɞɟɥɚɟɬɫɹ ɫɢɥɶɧɵɣ ɚɤɰɟɧɬ ɧɚ ɛɟɡɨɩɚɫɧɨɫɬɶ Active Directory ɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. ɑɚɫɬɶ IV, ɡɚɤɥɸɱɢɬɟɥɶɧɵɣ ɪɚɡɞɟɥ ɤɧɢɝɢ, ɩɨɫɜɹɳɟɧɚ ɨɛɫɥɭɠɢɜɚɧɢɸ Active Directory. ɑɚɫɬɶ I, «Ʉɪɚɬɤɢɣ ɨɛɡɨɪ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory Windows 2003», ɫɨɞɟɪɠɢɬ ɜɜɟɞɟɧɢɟ ɜ ɤɨɧɰɟɩɰɢɢ ɢ ɤɨɦɩɨɧɟɧɬɵ Active Directory ɫɢɫɬɟɦɵ Windows Server 2003. ɗɬɚ ɜɟɪɫɢɹ Active Directory ɹɜɥɹɟɬɫɹ ɩɨɫɥɟɞɧɢɦ ɜɚɪɢɚɧɬɨɦ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɩɨɫɬɚɜɥɹɟɦɨɣ ɤɨɦɩɚɧɢɟɣ Microsoft. Active Directory ɨɛɟɫɩɟɱɢɜɚɟɬ ɦɨɳɧɭɸ ɫɥɭɠɛɭ ɤɚɬɚɥɨɝɚ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɭɸ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ, ɝɪɭɩɩɚɦɢ ɢ ɤɨɦɩɶɸɬɟɪɚɦɢ, ɢ ɩɪɟɞɥɚɝɚɟɬ ɛɟɡɨɩɚɫɧɵɣ ɞɨɫɬɭɩ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ. ɑɬɨɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɟɟ ɧɚɢɛɨɥɟɟ ɷɮɮɟɤɬɢɜɧɨ, ɜɵ ɞɨɥɠɧɵ ɩɨɧɹɬɶ ɤɨɧɰɟɩɰɢɸ Active Directory ɢ ɩɪɢɧɰɢɩɵ ɟɟ ɪɚɛɨɬɵ. ɗɬɢ ɨɫɧɨɜɵ ɢɡɥɨɠɟɧɵ ɜ ɱɚɫɬɢ I, ɤɨɬɨɪɚɹ ɜɤɥɸɱɚɟɬ ɫɥɟɞɭɸɳɢɟ ɝɥɚɜɵ. • ȼ ɝɥɚɜɟ 1, «Ʉɨɧɰɟɩɰɢɢ Active Directory», ɩɪɟɞɥɚɝɚɟɬɫɹ ɤɪɚɬɤɚɹ ɢɫɬɨɪɢɹ ɫɥɭɠɛ ɤɚɬɚɥɨɝɚ, ɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɹ Microsoft ɩɨɫɬɚɜɥɹɥɚ ɤɚɤ ɱɚɫɬɶ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦ Windows 2000 ɢ Windows NT. Ⱦɚɥɟɟ ɩɨɞɪɨɛɧɨ ɨɛɫɭɠɞɚɸɬɫɹ ɩɪɟɢɦɭɳɟɫɬɜɚ Active Directory ɩɨ ɫɪɚɜɧɟɧɢɸ ɫ ɩɪɟɞɵɞɭɳɢɦɢ ɫɥɭɠɛɚɦɢ ɤɚɬɚɥɨɝɚ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɜɵ ɧɚɣɞɟɬɟ ɬɚɤɠɟ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɧɨɜɨɜɜɟɞɟɧɢɣ, ɩɨɹɜɢɜɲɢɯɫɹ ɜ ɫɢɫɬɟɦɟ Windows Server 2003 ɜ ɞɨɩɨɥɧɟɧɢɟ ɤ ɬɟɦ, ɤɨɬɨɪɚɹ ɢɦɟɥɢɫɶ ɜ Windows 2000. • ȼ ɝɥɚɜɟ 2, «Ʉɨɦɩɨɧɟɧɬɵ Active Directory», ɞɚɟɬɫɹ ɞɟɬɚɥɶɧɨɟ ɨɩɢɫɚɧɢɟ ɤɨɧɰɟɩɰɢɣ ɢ ɤɨɦɩɨɧɟɧɬɨɜ, ɫɨɫɬɚɜɥɹɸɳɢɯ Active Directory. ȼ ɷɬɨɣ ɝɥɚɜɟ ɜɵ ɧɚɣɞɟɬɟ ɨɩɢɫɚɧɢɟ ɮɢɡɢɱɟɫɤɢɯ ɤɨɦɩɨɧɟɧɬɨɜ Active Directory, ɬɚɤɢɯ ɤɚɤ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɢ ɫɯɟɦɚ Active Directory, ɢ ɥɨɝɢɱɟɫɤɢɯ ɤɨɦɩɨɧɟɧɬɨɜ Active Directory, ɬɚɤɢɯ ɤɚɤ ɞɨɦɟɧɵ, ɞɟɪɟɜɶɹ ɢ ɥɟɫɚ. • ȼ ɝɥɚɜɟ 3, «Active Directory ɢ ɫɢɫɬɟɦɚ ɞɨɦɟɧɧɵɯ ɢɦɟɧ», ɩɪɢɜɨɞɢɬɫɹ ɨɩɢɫɚɧɢɟ ɩɪɢɧɰɢɩɨɜ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ Active Directory. ɋɥɭɠɛɚ Active Directory ɝɥɭɛɨɤɨ ɢɧɬɟɝɪɢɪɨɜɚɧɚ ɫ ɞɨɦɟɧɧɨɣ ɫɢɫɬɟɦɨɣ ɢɦɟɧ (DNS - Domain Name System), ɢ ɟɫɥɢ ɜɵ ɧɟɩɪɚɜɢɥɶɧɨ ɪɟɚɥɢɡɭɟɬɟ
•
•
• •
ɫɜɨɸ ɢɧɮɪɚɫɬɪɭɤɬɭɪɭ ɫɥɭɠɛɵ DNS, ɜɵ ɧɢɤɨɝɞɚ ɧɟ ɫɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɭɫɬɨɣɱɢɜɨ ɮɭɧɤɰɢɨɧɢɪɭɸɳɭɸ ɫɥɭɠɛɭ Active Directory. Ƚɥɚɜɚ ɧɚɱɢɧɚɟɬɫɹ ɫ ɤɪɚɬɤɨɝɨ ɨɛɡɨɪɚ ɤɨɧɰɟɩɰɢɣ DNS, ɡɚɬɟɦ ɨɩɢɫɵɜɚɟɬɫɹ ɢɧɬɟɝɪɚɰɢɹ ɦɟɠɞɭ Active Directory ɢ DNS, ɞɚɥɟɟ ɨɛɴɹɫɧɹɟɬɫɹ, ɤɚɤ ɥɭɱɲɟ ɜɫɟɝɨ ɪɟɚɥɢɡɨɜɚɬɶ DNS, ɱɬɨɛɵ ɨɛɟɫɩɟɱɢɬɶ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɟ ɫɥɭɠɛɵ ɪɚɡɪɟɲɟɧɢɹ ɢɦɟɧ, ɧɟɨɛɯɨɞɢɦɨɣ ɞɥɹ ɪɚɛɨɬɵ Active Directory. ȼ ɝɥɚɜɟ 4, «Ɋɟɩɥɢɤɚɰɢɹ Active Directory ɢ ɫɚɣɬɵ», ɩɪɨɞɨɥɠɚɟɬɫɹ ɨɩɢɫɚɧɢɟ ɩɪɢɧɰɢɩɨɜ ɪɚɛɨɬɵ Active Directory. ɑɬɨɛɵ ɩɨɧɹɬɶ, ɤɚɤ ɪɚɛɨɬɚɟɬ Active Directory, ɧɭɠɧɨ ɡɧɚɬɶ, ɤɚɤ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ Active Directory ɪɟɩɥɢɰɢɪɭɸɬ ɢɧɮɨɪɦɚɰɢɸ ɞɪɭɝ ɭ ɞɪɭɝɚ. ɉɨ ɭɦɨɥɱɚɧɢɸ Active Directory ɫɨɡɞɚɟɬ ɭɫɬɨɣɱɢɜɭɸ ɢ ɢɡɛɵɬɨɱɧɭɸ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ, ɬɚɤɠɟ ɢɦɟɸɬɫɹ ɨɩɰɢɢ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɟ ɞɥɹ ɫɨɡɞɚɧɢɹ ɨɩɬɢɦɚɥɶɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ. Ʉɚɤ ɬɨɥɶɤɨ ɜɵ ɢɡɭɱɢɬɟ ɨɫɧɨɜɧɵɟ ɤɨɧɰɟɩɰɢɢ ɢ ɤɨɦɩɨɧɟɧɬɵ Active Directory, ɜɚɲ ɫɥɟɞɭɸɳɢɣ ɲɚɝ ɛɭɞɟɬ ɫɨɫɬɨɹɬɶ ɜ ɪɟɚɥɢɡɚɰɢɢ ɫɥɭɠɛɵ Active Directory ɜ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. ɑɚɫɬɶ II, «Ɋɟɚɥɢɡɚɰɢɹ Active Directory Windows Server 2003», ɨɛɟɫɩɟɱɢɬ ɜɚɫ ɧɟɨɛɯɨɞɢɦɨɣ ɢɧɮɨɪɦɚɰɢɟɣ. ɉɟɪɜɵɣ ɲɚɝ ɜ ɪɟɚɥɢɡɚɰɢɢ Active Directory ɫɨɫɬɨɢɬ ɜ ɫɨɡɞɚɧɢɢ ɩɪɨɟɤɬɚ ɫɬɪɭɤɬɭɪɵ ɞɥɹ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. Ɍɚɤɢɟ ɫɬɪɭɤɬɭɪɧɵɟ ɷɥɟɦɟɧɬɵ, ɤɚɤ ɥɟɫ, ɞɨɦɟɧ, ɫɚɣɬ ɢ ɨɪɝɚɧɢɡɚɰɢɨɧɧɚɹ ɟɞɢɧɢɰɚ (OU - Organizational Unit), ɭɧɢɤɚɥɶɧɵ ɞɥɹ ɤɚɠɞɨɣ ɤɨɦɩɚɧɢɢ, ɩɨɷɬɨɦɭ ɫɨɡɞɚɧɢɟ ɩɪɚɜɢɥɶɧɨɝɨ ɩɪɨɟɤɬɚ ɫɥɭɠɛɵ ɞɥɹ ɜɚɲɟɣ ɫɪɟɞɵ ɬɪɟɛɭɟɬ ɫɭɳɟɫɬɜɟɧɧɵɯ ɡɧɚɧɢɣ ɢ ɭɫɢɥɢɣ. Ʉɚɤ ɬɨɥɶɤɨ ɩɪɨɟɤɬ Active Directory ɞɥɹ Windows Server 2003 ɛɭɞɟɬ ɫɨɡɞɚɧ, ɜɵ ɦɨɠɟɬɟ ɩɪɢɫɬɭɩɚɬɶ ɤ ɭɫɬɚɧɨɜɤɟ Active Directory. Ɇɧɨɝɢɟ ɤɨɦɩɚɧɢɢ, ɪɟɚɥɢɡɭɸɳɢɟ Active Directory ɞɥɹ Windows Server 2003, ɩɟɪɟɧɨɫɹɬ ɟɟ ɫ ɩɪɟɞɵɞɭɳɟɣ ɜɟɪɫɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɨɫɨɛɟɧɧɨ ɱɚɫɬɨ ɫ ɜɟɪɫɢɢ Microsoft Windows NT 4. ɉɨɫɤɨɥɶɤɭ Active Directory ɞɥɹ Windows Server 2003 ɨɬɥɢɱɚɟɬɫɹ ɨɬ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Windows NT, ɬɨ ɷɬɨ ɩɟɪɟɦɟɳɟɧɢɟ ɦɨɠɟɬ ɜɵɡɜɚɬɶ ɫɥɨɠɧɨɫɬɢ. ȼ ɱɚɫɬɢ II ɷɬɢ ɬɟɦɵ ɩɪɟɞɫɬɚɜɥɟɧɵ ɜ ɫɥɟɞɭɸɳɢɯ ɝɥɚɜɚɯ. ȼ ɝɥɚɜɟ 5, «ɉɪɨɟɤɬɢɪɨɜɚɧɢɟ ɫɬɪɭɤɬɭɪɵ Active Directory», ɞɚɟɬɫɹ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɩɪɨɰɟɫɫɚ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ, ɩɨɞɝɨɬɚɜɥɢɜɚɸɳɟɝɨ ɜɚɲɭ ɪɟɚɥɢɡɚɰɢɸ Active Directory. ɗɬɚ ɝɥɚɜɚ ɜɟɞɟɬ ɜɚɫ ɱɟɪɟɡ ɜɟɫɶ ɩɪɨɰɟɫɫ ɫɨɡɞɚɧɢɹ ɫɨɛɫɬɜɟɧɧɨɝɨ ɩɪɨɟɤɬɚ: ɨɬ ɧɢɫɯɨɞɹɳɟɝɨ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ ɤ ɪɚɡɪɚɛɨɬɤɟ ɫɬɪɭɤɬɭɪɵ ɫɥɭɠɛɵ Active Directory. ȼ ɷɬɨɣ ɝɥɚɜɟ ɨɛɫɭɠɞɚɸɬɫɹ ɜɫɟ ɤɨɦɩɨɧɟɧɬɵ ɜɚɲɟɝɨ ɩɪɨɟɤɬɚ, ɧɚɱɢɧɚɹ ɫ ɬɨɝɨ, ɫɤɨɥɶɤɨ ɥɟɫɨɜ ɜɚɦ ɫɥɟɞɭɟɬ ɪɚɡɜɟɪɬɵɜɚɬɶ, ɡɚɤɚɧɱɢɜɚɹ ɬɟɦ, ɤɚɤ ɫɨɡɞɚɜɚɬɶ ɫɜɨɸ ɫɬɪɭɤɬɭɪɭ OU. ȼ ɝɥɚɜɟ 6, «ɍɫɬɚɧɨɜɤɚ Active Directory», ɨɩɢɫɚɧɵ ɩɪɨɰɟɞɭɪɵ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. Ɉɧɚ ɩɨɫɜɹɳɟɧɚ ɭɫɬɚɧɨɜɤɟ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ Active Directory ɢ ɜɤɥɸɱɚɟɬ ɨɛɫɭɠɞɟɧɢɟ ɧɟɤɨɬɨɪɵɯ ɧɨɜɵɯ ɨɩɰɢɣ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɨɫɭɳɟɫɬɜɥɟɧɢɹ ɷɬɨɣ ɢɧɫɬɚɥɥɹɰɢɢ. ȼ ɝɥɚɜɟ 7, «ɉɟɪɟɯɨɞ ɤ Active Directory», ɩɪɢɜɨɞɢɬɫɹ ɢɧɮɨɪɦɚɰɢɹ, ɧɟɨɛɯɨɞɢɦɚɹ ɞɥɹ ɦɨɞɟɪɧɢɡɚɰɢɢ ɩɪɟɞɵɞɭɳɟɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɨɬ Microsoft ɤ Active Directory ɞɥɹ Windows Server 2003. Ɉɛɧɨɜɥɟɧɢɟ ɩɪɨɢɫɯɨɞɢɬ ɫɥɨɠɧɟɟ, ɟɫɥɢ ɦɨɞɟɪɧɢɡɢɪɭɟɬɫɹ ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ Windows NT, ɧɟɠɟɥɢ Active Directory ɫɢɫɬɟɦɵ Windows 2000. ɉɨɷɬɨɦɭ ɜ ɞɚɧɧɨɣ ɝɥɚɜɟ ɫɨɞɟɪɠɚɬɫɹ, ɝɥɚɜɧɵɦ ɨɛɪɚɡɨɦ, ɜɨɩɪɨɫɵ ɨɛɧɨɜɥɟɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɨɬ Windows NT ɤ Active Directory Windows Server 2003, ɚ ɬɚɤɠɟ ɦɨɞɟɪɧɢɡɚɰɢɢ Active Directory Windows 2000. ɉɨɫɥɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ Active Directory ɜɵ ɞɨɥɠɧɵ ɭɩɪɚɜɥɹɬɶ ɟɸ ɬɚɤ, ɱɬɨɛɵ ɨɛɟɫɩɟɱɢɬɶ ɦɚɤɫɢɦɚɥɶɧɭɸ ɜɵɝɨɞɭ ɫɜɨɟɣ ɤɨɦɩɚɧɢɢ. ȼ ɱɚɫɬɢ III, «Ⱥɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory Windows Server 2003», ɨɩɢɫɵɜɚɸɬɫɹ ɦɧɨɝɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɨɰɟɫɫɵ, ɤɨɬɨɪɵɟ ɜɵ ɛɭɞɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ. ȼ ɱɚɫɬɢ III ɢɦɟɸɬɫɹ ɞɜɟ ɨɫɧɨɜɧɵɯ ɬɟɦɵ: ɛɟɡɨɩɚɫɧɨɫɬɶ ɢ ɭɩɪɚɜɥɟɧɢɟ ɞɨɦɟɧɨɦ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. ȼɵ ɭɡɧɚɟɬɟ, ɤɚɤ ɪɚɛɨɬɚɟɬ ɡɚɳɢɬɚ ɜ Active Directory, ɤɚɤ ɦɨɠɧɨ ɜɨɫɩɨɥɶɡɨɜɚɬɶɫɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɥɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ ɜ ɩɪɟɞɟɥɚɯ ɜɚɲɟɣ ɫɬɪɭɤɬɭɪɵ Active Directory. Ⱦɚɥɟɟ ɫɥɟɞɭɟɬ ɨɛɫɭɠɞɟɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. Ɉɞɧɨ ɢɡ ɨɫɧɨɜɧɵɯ ɩɪɟɢɦɭɳɟɫɬɜ Active Directory ɩɨ ɫɪɚɜɧɟɧɢɸ ɫ ɩɪɟɞɵɞɭɳɢɦɢ ɫɥɭɠɛɚɦɢ ɤɚɬɚɥɨɝɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɧɚ ɫɨɞɟɪɠɢɬ ɦɨɳɧɵɟ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɪɚɛɨɱɢɦɢ ɫɬɚɧɰɢɹɦɢ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ. ɐɟɧɬɪɚɥɢɡɨɜɚɧɧɨɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ ɦɨɠɟɬ ɫɢɥɶɧɨ ɭɩɪɨɫɬɢɬɶ ɭɩɪɚɜɥɟɧɢɟ ɫɟɬɶɸ ɢ ɩɪɢɜɟɫɬɢ ɤ ɫɭɳɟɫɬɜɟɧɧɨɦɭ ɭɦɟɧɶɲɟɧɢɸ ɡɚɬɪɚɬ ɧɚ ɨɛɫɥɭɠɢɜɚɧɢɟ ɫɟɬɢ. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ - ɷɬɨ ɨɫɧɨɜɧɵɟ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ, ɤɨɬɨɪɵɟ ɜɵ ɛɭɞɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɪɚɛɨɱɢɦɢ ɫɬɚɧɰɢɹɦɢ ɜɚɲɟɣ ɫɟɬɢ. ɑɚɫɬɶ III ɜɤɥɸɱɚɟɬ ɫɥɟɞɭɸɳɢɟ ɝɥɚɜɵ.
•
Ƚɥɚɜɚ 8, «Ɂɚɳɢɬɚ Active Directory», ɧɚɱɢɧɚɟɬɫɹ ɫ ɨɩɢɫɚɧɢɹ ɤɨɧɰɟɩɰɢɣ, ɥɟɠɚɳɢɯ ɜ ɨɫɧɨɜɟ ɛɟɡɨɩɚɫɧɨɫɬɢ Active Directory Windows Server 2003. Ɉɫɧɨɜɧɨɟ ɜɧɢɦɚɧɢɟ ɜ ɷɬɨɣ ɝɥɚɜɟ ɭɞɟɥɟɧɨ ɩɪɨɬɨɤɨɥɭ Kerberos, ɤɨɬɨɪɵɣ ɹɜɥɹɟɬɫɹ ɡɚɞɚɧɧɵɦ ɩɨ ɭɦɨɥɱɚɧɢɸ ɨɩɨɡɧɚɜɚɬɟɥɶɧɵɦ ɩɪɨɬɨɤɨɥɨɦ ɜ Active Directory. • ȼ ɝɥɚɜɟ 9, «Ⱦɟɥɟɝɢɪɨɜɚɧɢɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory», ɛɨɥɟɟ ɲɢɪɨɤɨ ɨɛɫɭɠɞɚɟɬɫɹ ɫɢɫɬɟɦɚ ɛɟɡɨɩɚɫɧɨɫɬɢ Active Directory, ɩɨɞɪɨɛɧɨ ɨɩɢɫɵɜɚɸɬɫɹ ɫɩɨɫɨɛɵ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɪɚɡɪɟɲɟɧɢɣ ɜ ɩɪɟɞɟɥɚɯ ɫɜɨɟɝɨ ɞɨɦɟɧɚ. Active Directory ɨɛɟɫɩɟɱɢɜɚɟɬ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɦɧɨɝɢɦɢ ɭɪɨɜɧɹɦɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɪɚɡɪɟɲɟɧɢɣ, ɚ ɬɚɤɠɟ ɩɨɡɜɨɥɹɟɬ ɩɪɟɞɨɫɬɚɜɥɹɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɪɚɡɪɟɲɟɧɢɹ ɬɨɥɶɤɨ ɜ ɨɩɪɟɞɟɥɟɧɧɨɣ ɱɚɫɬɢ ɞɨɦɟɧɚ. ȼ ɝɥɚɜɟ ɨɩɢɫɵɜɚɟɬɫɹ, ɤɚɤ ɪɟɚɥɢɡɨɜɚɬɶ ɷɬɭ ɮɭɧɤɰɢɨɧɚɥɶɧɨɫɬɶ ɜ Active Directory. • ȼ ɝɥɚɜɟ 10, «ɍɩɪɚɜɥɟɧɢɟ ɨɛɴɟɤɬɚɦɢ Active Directory», ɜɵ ɩɨɡɧɚɤɨɦɢɬɟɫɶ ɫ ɭɩɪɚɜɥɟɧɢɟɦ ɨɛɴɟɤɬɚɦɢ Active Directory: ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ, ɤɨɬɨɪɵɟ ɜɫɟɝɞɚ ɛɵɥɢ ɱɚɫɬɶɸ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. Active Directory Windows Server 2003 ɫɨɞɟɪɠɢɬ ɢ ɞɪɭɝɢɟ ɨɛɴɟɤɬɵ, ɬɚɤɢɟ ɤɚɤ inetOrgPerson, ɭɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ, ɩɪɢɧɬɟɪɵ ɢ ɨɛɳɢɟ ɩɚɩɤɢ. • ȼ ɝɥɚɜɟ 11, «ȼɜɟɞɟɧɢɟ ɜ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ», ɞɚɟɬɫɹ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. Ɋɚɫɫɤɚɡɵɜɚɟɬɫɹ ɨ ɫɨɡɞɚɧɢɢ ɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɨɛ ɢɯ ɩɪɢɦɟɧɟɧɢɢ ɜ ɪɚɦɤɚɯ Active Directory, ɞɚɟɬɫɹ ɨɫɧɨɜɧɚɹ ɢɧɮɨɪɦɚɰɢɹ, ɤɨɬɨɪɚɹ ɬɪɟɛɭɟɬɫɹ ɞɥɹ ɩɨɧɢɦɚɧɢɹ ɫɥɟɞɭɸɳɢɯ ɞɜɭɯ ɝɥɚɜ, ɫɨɞɟɪɠɚɳɢɯ ɤɨɧɤɪɟɬɧɵɟ ɩɪɢɦɟɪɵ ɬɨɝɨ, ɱɬɨ ɦɨɠɧɨ ɞɟɥɚɬɶ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. • ȼ ɝɥɚɜɟ 12, «ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ», ɭɬɨɱɧɹɟɬɫɹ ɨɞɢɧ ɢɡ ɫɩɨɫɨɛɨɜ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. ɋ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɜɵ ɦɨɠɟɬɟ ɢɧɫɬɚɥɥɢɪɨɜɚɬɶ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ ɤɥɢɟɧɬɨɜ ɢ ɭɩɪɚɜɥɹɬɶ ɢɦ. ȼɨ ɦɧɨɝɢɯ ɤɨɦɩɚɧɢɹɯ ɭɩɪɚɜɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɫɥɨɠɧɭɸ, ɨɬɧɢɦɚɸɳɭɸ ɦɧɨɝɨ ɜɪɟɦɟɧɢ ɡɚɞɚɱɭ. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɚɜɬɨɦɚɬɢɡɚɰɢɢ ɷɬɨɣ ɡɚɞɚɱɢ, ɢ ɜ ɞɚɧɧɨɣ ɝɥɚɜɟ ɩɨɤɚɡɚɧɨ, ɤɚɤ ɷɬɨ ɫɞɟɥɚɬɶ. • Ƚɥɚɜɚ 13, «ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɤɨɦɩɶɸɬɟɪɚɦɢ», ɩɨɫɜɹɳɚɟɬɫɹ ɜɨɩɪɨɫɚɦ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɤɨɦɩɶɸɬɟɪɚɦɢ ɤɥɢɟɧɬɨɜ. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɢɦɟɸɬ ɦɧɨɝɨ ɨɩɰɢɣ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɪɚɛɨɱɢɦɢ ɫɬɨɥɚɦɢ, ɜɤɥɸɱɚɹ ɛɥɨɤɢɪɨɜɚɧɢɟ ɧɟɤɨɬɨɪɵɯ ɤɨɦɩɨɧɟɧɬɨɜ ɪɚɛɨɱɢɯ ɫɬɨɥɨɜ, ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɡɚɳɢɬɵ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ ɢ ɨɝɪɚɧɢɱɟɧɢɟ ɬɢɩɨɜ ɩɪɢɥɨɠɟɧɢɣ, ɤɨɬɨɪɵɟ ɦɨɠɟɬ ɜɵɩɨɥɧɹɬɶ ɩɨɥɶɡɨɜɚɬɟɥɶ. ȼ ɝɥɚɜɟ ɩɨɤɚɡɵɜɚɟɬɫɹ, ɤɚɤ ɪɟɚɥɢɡɨɜɚɬɶ ɜɫɟ ɷɬɢ ɜɨɡɦɨɠɧɨɫɬɢ. ɉɨɫɥɟɞɧɹɹ ɱɚɫɬɶ ɤɧɢɝɢ ɫɨɞɟɪɠɢɬ ɢɧɮɨɪɦɚɰɢɸ, ɧɟɨɛɯɨɞɢɦɭɸ ɞɥɹ ɨɛɫɥɭɠɢɜɚɧɢɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ Active Directory ɩɨɫɥɟ ɟɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ. Ⱦɥɹ ɷɬɨɝɨ ɧɭɠɧɨ ɩɪɨɮɢɥɚɤɬɢɱɟɫɤɢ ɨɬɫɥɟɠɢɜɚɬɶ ɫɨɫɬɨɹɧɢɟ ɤɨɦɩɨɧɟɧɬɨɜ Active Directory. ɑɚɫɬɨ ɜ ɩɪɨɰɟɫɫɟ ɦɨɧɢɬɨɪɢɧɝɚ ɜɵ ɦɨɠɟɬɟ ɭɜɢɞɟɬɶ ɩɟɪɜɵɟ ɩɪɟɞɭɩɪɟɠɞɟɧɢɹ ɨ ɬɨɦ, ɱɬɨ ɱɬɨ-ɬɨ ɢɞɟɬ ɧɟ ɬɚɤ, ɤɚɤ ɧɚɞɨ. ɉɨɫɤɨɥɶɤɭ ɷɬɨ ɩɪɨɢɫɯɨɞɢɬ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɤɚɤ ɬɳɚɬɟɥɶɧɨ ɜɵ ɭɩɪɚɜɥɹɟɬɟ ɫɪɟɞɨɣ, ɧɟɨɛɯɨɞɢɦɨ ɢɦɟɬɶ ɩɥɚɧ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ Active Directory ɧɚ ɫɥɭɱɚɣ ɟɟ ɨɬɤɚɡɚ. ɑɚɫɬɶ IV, «Ɉɛɫɥɭɠɢɜɚɧɢɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory Windows Server 2003», ɜɤɥɸɱɚɟɬ ɫɥɟɞɭɸɳɢɟ ɝɥɚɜɵ. • ȼ ɝɥɚɜɟ 14, «Ɇɨɧɢɬɨɪɢɧɝ ɢ ɨɛɫɥɭɠɢɜɚɧɢɟ Active Directory», ɫɨɞɟɪɠɢɬɫɹ ɩɨɞɪɨɛɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɨ ɬɨɦ, ɤɚɤ ɨɫɭɳɟɫɬɜɥɹɬɶ ɦɨɧɢɬɨɪɢɧɝ Active Directory, ɜɤɥɸɱɚɹ ɜɨɩɪɨɫɵ ɤɨɧɬɪɨɥɹ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory ɢ ɟɟ ɪɟɩɥɢɤɚɰɢɢ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɬɚɤɠɟ ɢɦɟɟɬɫɹ ɢɧɮɨɪɦɚɰɢɹ, ɤɚɫɚɸɳɚɹɫɹ ɜɨɩɪɨɫɨɜ ɨɛɫɥɭɠɢɜɚɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. • ȼ ɝɥɚɜɟ 15, «ȼɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫɢɫɬɟɦɵ ɜ ɫɥɭɱɚɟ ɫɛɨɹ», ɫɨɞɟɪɠɢɬɫɹ ɢɧɮɨɪɦɚɰɢɹ, ɧɟɨɛɯɨɞɢɦɚɹ ɞɥɹ ɫɨɡɞɚɧɢɹ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ Active Directory. Active Directory ɹɜɥɹɟɬɫɹ ɤɪɢɬɢɱɟɫɤɨɣ ɫɥɭɠɛɨɣ ɜɚɲɟɣ ɫɟɬɢ, ɢ ɜɵ ɞɨɥɠɧɵ ɭɦɟɬɶ ɜɨɫɫɬɚɧɨɜɢɬɶ ɟɟ ɩɨɫɥɟ ɥɸɛɨɣ ɩɨɥɨɦɤɢ, ɤɨɬɨɪɚɹ ɦɨɠɟɬ ɜɥɢɹɬɶ ɧɚ ɜɚɲɭ ɪɟɚɥɢɡɚɰɢɸ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ȼɫɟ ɪɚɡɞɟɥɵ ɷɬɨɣ ɤɧɢɝɢ ɩɨɫɜɹɳɟɧɵ ɩɪɨɰɟɫɫɭ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ, ɪɚɡɜɟɪɬɵɜɚɧɢɹ, ɭɩɪɚɜɥɟɧɢɹ ɢ ɨɛɫɥɭɠɢɜɚɧɢɹ Active Directory. Ɉɞɧɚɤɨ ɬɟɯɧɢɱɟɫɤɢɣ ɫɩɪɚɜɨɱɧɢɤ ɩɨ Active Directory Microsoft Windows Server 2003 - ɷɬɨ, ɩɪɟɠɞɟ ɜɫɟɝɨ, ɫɩɪɚɜɨɱɧɢɤ. ȿɫɥɢ ɜɚɦ ɧɚɞɨ ɩɨɡɧɚɤɨɦɢɬɶɫɹ ɫ ɨɩɪɟɞɟɥɟɧɧɨɣ ɬɟɦɨɣ, ɜɵ ɦɨɠɟɬɟ ɫɪɚɡɭ ɱɢɬɚɬɶ ɫɨɨɬɜɟɬɫɬɜɭɸɳɭɸ ɝɥɚɜɭ ɛɟɡ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɱɢɬɚɬɶ ɩɪɟɞɵɞɭɳɢɟ ɝɥɚɜɵ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɞɥɹ ɩɨɧɢɦɚɧɢɹ ɬɟɦɵ ɦɨɠɟɬ ɩɨɬɪɟɛɨɜɚɬɶɫɹ ɛɚɡɨɜɚɹ
ɢɧɮɨɪɦɚɰɢɹ. ɇɚɩɪɢɦɟɪ, ɨɛɫɭɠɞɟɧɢɟ ɜ ɝɥɚɜɟ 5 ɥɟɫɨɜ, ɞɨɦɟɧɨɜ, ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɯ ɟɞɢɧɢɰ ɢ ɫɚɣɬɨɜ ɩɪɟɞɩɨɥɚɝɚɟɬ, ɱɬɨ ɜɵ ɩɨɧɢɦɚɟɬɟ ɷɬɢ ɤɨɧɰɟɩɰɢɢ ɬɚɤ, ɤɚɤ ɨɧɢ ɩɪɟɞɫɬɚɜɥɟɧɵ ɜ ɝɥɚɜɟ 2. ɑɬɨɛɵ ɩɨɧɹɬɶ, ɤɚɤ ɢɫɩɨɥɶɡɭɸɬɫɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ (ɫɦ. ɝɥɚɜɭ 12), ɜɵ ɞɨɥɠɧɵ ɩɨɧɢɦɚɬɶ ɤɨɦɩɨɧɟɧɬɵ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɤɨɬɨɪɵɟ ɨɛɫɭɠɞɚɸɬɫɹ ɜ ɝɥɚɜɟ 11.
,
ɉɨɜɫɸɞɭ ɜ ɤɧɢɝɟ ɜɚɦ ɜɫɬɪɟɬɹɬɫɹ ɫɩɟɰɢɚɥɶɧɵɟ ɪɚɡɞɟɥɵ, ɜɵɞɟɥɹɸɳɢɟɫɹ ɢɡ ɨɫɧɨɜɧɨɝɨ ɬɟɤɫɬɚ. ɗɬɢ ɪɚɡɞɟɥɵ ɩɪɢɜɥɟɤɚɸɬ ɜɚɲɟ ɜɧɢɦɚɧɢɟ ɤ ɬɟɦɚɦ, ɢɦɟɸɳɢɦ ɫɩɟɰɢɚɥɶɧɵɣ ɢɧɬɟɪɟɫ ɢ ɜɚɠɧɨɫɬɶ, ɢɥɢ ɤ ɩɪɨɛɥɟɦɚɦ, ɫ ɤɨɬɨɪɵɦɢ ɜɵ ɨɛɹɡɚɬɟɥɶɧɨ ɫɬɨɥɤɧɟɬɟɫɶ ɜ ɩɪɨɰɟɫɫɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɫɥɭɠɛɵ. ɉɪɢɦɟɱɚɧɢɟ. Ɉɧɨ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɜɵɞɟɥɟɧɢɹ ɬɟɤɫɬɚ, ɤɨɬɨɪɵɣ ɩɨɞɱɟɪɤɢɜɚɟɬ ɜɚɠɧɨɫɬɶ ɨɩɪɟɞɟɥɟɧɧɨɣ ɤɨɧɰɟɩɰɢɢ ɢɥɢ ɨɛɪɚɳɚɟɬ ɜɧɢɦɚɧɢɟ ɧɚ ɫɩɟɰɢɚɥɶɧɵɣ ɫɥɭɱɚɣ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. Ʉɨɝɞɚ ɢɦɟɟɬɫɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɦɚɬɟɪɢɚɥ ɩɨ ɬɟɦɟ, ɧɚɯɨɞɹɳɢɣɫɹ ɜ ɞɪɭɝɢɯ ɪɚɡɞɟɥɚɯ ɷɬɨɣ ɤɧɢɝɢ ɢɥɢ ɜɨ ɜɧɟɲɧɢɯ ɢɫɬɨɱɧɢɤɚɯ, ɬɚɤɢɯ ɤɚɤ ɢɧɬɟɪɧɟɬ-ɫɚɣɬɵ ɢɥɢ ɫɬɚɬɶɢ, ɬɨ ɫɫɵɥɤɢ ɧɚ ɷɬɢ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɢɫɬɨɱɧɢɤɢ ɩɨɦɟɳɚɸɬɫɹ ɜ ɪɚɡɞɟɥ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ. ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. ȼ ɷɬɨɦ ɪɚɡɞɟɥɟ ɨɩɢɫɵɜɚɸɬɫɹ ɫɢɬɭɚɰɢɢ, ɤɨɝɞɚ ɜɚɲɢ ɞɟɣɫɬɜɢɹ ɢɥɢ ɢɯ ɨɬɫɭɬɫɬɜɢɟ ɦɨɝɭɬ ɩɨɜɥɟɱɶ ɡɚ ɫɨɛɨɣ ɧɟɩɪɢɹɬɧɨɫɬɢ. Ɉɛɪɚɬɢɬɟ ɫɟɪɶɟɡɧɨɟ ɜɧɢɦɚɧɢɟ ɧɚ ɷɬɢ ɪɚɡɞɟɥɵ, ɩɨɬɨɦɭ ɱɬɨ ɨɧɢ ɦɨɝɭɬ ɨɝɪɚɞɢɬɶ ɜɚɫ ɨɬ ɦɧɨɝɢɯ ɧɟɩɪɢɹɬɧɨɫɬɟɣ. ɇɚɢɥɭɱɲɚɹ ɩɪɚɤɬɢɤɚ. Ⱦɨɫɬɢɠɟɧɢɟ ɧɚɢɜɵɫɲɟɝɨ ɤɚɱɟɫɬɜɚ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɢ ɧɚɢɛɨɥɟɟ ɭɫɬɨɣɱɢɜɨɝɨ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɱɚɫɬɨ ɫɜɹɡɚɧɨ ɫɨ ɡɧɚɧɢɟɦ ɧɟɤɨɬɨɪɵɯ ɞɟɬɚɥɟɣ. ȼ ɷɬɢɯ ɪɚɡɞɟɥɚɯ ɜɵ ɧɚɣɞɟɬɟ ɷɬɢ ɡɧɚɧɢɹ. ɉɥɚɧɢɪɨɜɚɧɢɟ. Ȼɵɜɚɸɬ ɫɢɬɭɚɰɢɢ, ɤɨɝɞɚ ɧɟɛɨɥɶɲɢɟ ɡɚɩɥɚɧɢɪɨɜɚɧɧɵɟ ɩɪɟɞɨɫɬɨɪɨɠɧɨɫɬɢ ɫɬɨɹɬ ɦɧɨɝɢɯ ɱɚɫɨɜ ɩɨɢɫɤɚ ɧɟɢɫɩɪɚɜɧɨɫɬɟɣ ɢ ɩɪɨɫɬɨɹ ɫɢɫɬɟɦɵ. Ɍɚɤɢɟ ɫɢɬɭɚɰɢɢ ɨɩɢɫɵɜɚɸɬɫɹ ɜ ɪɚɡɞɟɥɚɯ ɩɥɚɧɢɪɨɜɚɧɢɹ. ɋɨɜɟɬ. ȼ ɷɬɢɯ ɪɚɡɞɟɥɚɯ ɜɚɦ ɞɚɸɬɫɹ ɫɨɜɟɬɵ, ɤɚɫɚɸɳɢɟɫɹ ɷɤɨɧɨ ɦɢɢ ɜɪɟɦɟɧɢ ɢɥɢ ɫɬɪɚɬɟɝɢɱɟɫɤɢɯ ɞɟɣɫɬɜɢɣ. ɉɪɚɤɬɢɱɟɫɤɢɣ ɨɩɵɬ. ɋɨ ɦɧɨɝɢɦɢ ɩɪɨɛɥɟɦɚɦɢ ɦɨɠɧɨ ɥɟɝɤɨ ɫɩɪɚɜɢɬɶɫɹ, ɟɫɥɢ ɜɵ ɡɧɚɟɬɟ, ɤɚɤ ɷɬɨ ɫɞɟɥɚɬɶ. ȼ ɷɬɨɦ ɪɚɡɞɟɥɟ ɢɞɟɬ ɨɛɫɭɠɞɟɧɢɟ ɬɚɤɢɯ ɩɪɨɛɥɟɦ, ɢ ɩɪɟɞɥɚɝɚɸɬɫɹ ɫɰɟɧɚɪɢɢ ɢɯ ɪɟɲɟɧɢɹ.
I. Active Directory Windows Server 2003 Active Directory Microsoft Windows Server 2003 ɹɜɥɹɟɬɫɹ ɩɨɫɥɟɞɧɟɣ ɜɟɪɫɢɟɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɪɚɡɪɚɛɨɬɚɧɧɨɣ ɜ ɤɨɦɩɚɧɢɢ Microsoft. ɋɥɭɠɛɚ Active Directory ɨɛɟɫɩɟɱɢɜɚɟɬ ɦɨɳɧɵɣ ɫɟɪɜɢɫ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ, ɝɪɭɩɩɚɦɢ ɢ ɤɨɦɩɶɸɬɟɪɚɦɢ, ɚ ɬɚɤɠɟ ɩɪɟɞɥɚɝɚɟɬ ɛɟɡɨɩɚɫɧɵɣ ɞɨɫɬɭɩ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ. ɑɬɨɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɷɬɭ ɫɥɭɠɛɭ ɧɚɢɛɨɥɟɟ ɷɮɮɟɤɬɢɜɧɨ, ɜɵ ɞɨɥɠɧɵ ɩɨɧɹɬɶ ɨɫɧɨɜɧɵɟ ɤɨɧɰɟɩɰɢɢ Active Directory ɢ ɬɨ, ɤɚɤ ɨɧɚ ɪɚɛɨɬɚɟɬ. ɗɬɨ ɹɜɥɹɟɬɫɹ ɰɟɥɶɸ ɩɟɪɜɨɣ ɱɚɫɬɢ ɞɚɧɧɨɣ ɤɧɢɝɢ. ȼ ɝɥɚɜɟ 1, «Ʉɨɧɰɟɩɰɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory», ɜɵ ɩɨɡɧɚɤɨɦɢɬɟɫɶ ɫ ɬɟɦ, ɱɬɨ ɦɨɠɟɬ ɞɟɥɚɬɶ ɞɥɹ ɜɚɫ Active Directory Windows Server 2003. Ƚɥɚɜɵ 1 ɢ 2 ɞɚɸɬ ɞɟɬɚɥɶɧɨɟ ɨɩɢɫɚɧɢɟ ɤɨɧɰɟɩɰɢɣ ɢ ɤɨɦɩɨɧɟɧɬɨɜ, ɤɨɬɨɪɵɟ ɫɨɫɬɚɜɥɹɸɬ Active Directory. Active Directory ɬɟɫɧɨ ɢɧɬɟɝɪɢɪɨɜɚɧɚ ɫ ɞɨɦɟɧɧɨɣ ɫɢɫɬɟɦɨɣ ɢɦɟɧ (DNS - Domain Name System), ɩɨɷɬɨɦɭ ɜ ɝɥɚɜɟ 3 ɨɛɴɹɫɧɹɟɬɫɹ ɷɬɚ ɢɧɬɟɝɪɚɰɢɹ ɢ ɬɨ, ɩɨɱɟɦɭ ɬɚɤ ɜɚɠɧɨ ɩɪɚɜɢɥɶɧɨ ɫɩɪɨɟɤɬɢɪɨɜɚɬɶ ɜɚɲɭ DNS ɩɟɪɟɞ ɧɚɱɚɥɨɦ ɪɟɚɥɢɡɚɰɢɢ ɫɥɭɠɛɵ Active Directory. ɂ ɜ ɡɚɤɥɸɱɟɧɢɟ, ɱɬɨɛɵ ɩɨɧɹɬɶ, ɤɚɤ ɪɚɛɨɬɚɟɬ Active Directory, ɜɵ ɞɨɥɠɧɵ ɡɧɚɬɶ, ɤɚɤ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ Active Directory ɪɟɩɥɢɰɢɪɭɸɬ ɢɧɮɨɪɦɚɰɢɸ ɞɪɭɝ ɭ ɞɪɭɝɚ. Ƚɥɚɜɚ 4 ɨɛɴɹɫɧɹɟɬ, ɤɚɤ ɪɚɛɨɬɚɟɬ ɪɟɩɥɢɤɚɰɢɹ ɢ ɤɚɤ ɟɟ ɦɨɠɧɨ ɨɩɬɢɦɢɡɢɪɨɜɚɬɶ.
1.
Active Directory
Ɉɩɟɪɚɰɢɨɧɧɚɹ ɫɢɫɬɟɦɚ Microsoft Windows Server 2003 ɫɨɞɟɪɠɢɬ ɫɚɦɭɸ ɩɨɫɥɟɞɧɸɸ ɪɟɚɥɢɡɚɰɢɸ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɪɚɡɪɚɛɨɬɚɧɧɭɸ ɤɨɦɩɚɧɢɟɣ Microsoft - Active Directory. ȼɩɟɪɜɵɟ ɩɨɹɜɢɜɲɢɫɶ ɜ Microsoft Windows 2000, ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ Active Directory, ɜɵɩɭɳɟɧɧɚɹ ɫ Windows Server 2003, ɛɵɥɚ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɚ, ɚ ɟɟ ɤɚɱɟɫɬɜɨ ɭɥɭɱɲɟɧɨ. . «Windows Server 2003» Microsoft Windows Server 2003, Active Directory: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition. ȿɫɥɢ ɜɵ ɱɢɬɚɟɬɟ ɤɧɢɝɭ ɜ ɫɜɨɟɦ ɦɟɫɬɧɨɦ ɤɧɢɠɧɨɦ ɦɚɝɚɡɢɧɟ, ɡɚɞɚɜɚɹɫɶ ɜɨɩɪɨɫɨɦ ɨ ɧɨɜɵɯ ɮɭɧɤɰɢɹɯ Active Directory ɜ Windows Server 2003, ɬɨ ɷɬɚ ɝɥɚɜɚ ɩɨɡɧɚɤɨɦɢɬ ɜɚɫ ɫ ɧɢɦɢ. Ɂɞɟɫɶ ɞɚɟɬɫɹ ɬɚɤɠɟ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɤɥɸɱɟɜɵɯ ɮɭɧɤɰɢɣ Active Directory ɢ ɨɛɴɹɫɧɹɟɬɫɹ, ɡɚɱɟɦ ɧɭɠɧɨ ɪɟɚɥɢɡɨ-ɜɵɜɚɬɶ ɷɬɢ ɮɭɧɤɰɢɢ ɜ ɫɪɟɞɟ ɩɪɟɞɩɪɢɹɬɢɹ, ɭɩɪɚɜɥɹɟɦɨɝɨ Windows Server 2003. ȿɫɥɢ ɜɵ ɪɟɲɢɥɢ ɪɟɚɥɢɡɨɜɚɬɶ ɫɥɭɠɛɭ Active Directory ɢɥɢ ɭɠɟ ɩɨɞɞɟɪɠɢɜɚɟɬɟ ɢɧɮɪɚɫɬɪɭɤɬɭɪɭ Active Directory, ɨɫɬɚɥɶɧɚɹ ɱɚɫɬɶ ɷɬɨɣ ɤɧɢɝɢ ɞɚɫɬ ɜɚɦ ɨɬɜɟɬɵ ɧɚ ɦɧɨɝɢɟ ɜɚɲɢ ɜɨɩɪɨɫɵ ɨɛ ɷɬɨɦ ɩɪɨɞɭɤɬɟ. Ɉɧɚ ɩɪɟɞɨɫɬɚɜɢɬ ɢɧɮɨɪɦɚɰɢɸ, ɧɟɨɛɯɨɞɢɦɭɸ ɞɥɹ ɩɥɚɧɢɪɨɜɚɧɢɹ, ɪɟɚɥɢɡɚɰɢɢ ɢ ɫɨɩɪɨɜɨɠɞɟɧɢɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɜɚɲɟɣ ɫɥɭɠɛɵ Active Directory. Ⱦɚɜɚɣɬɟ ɧɚɱɧɟɦ.
Э
Microsoft
Active Directory ɹɜɥɹɟɬɫɹ ɩɨɫɥɟɞɧɟɣ ɜɟɪɫɢɟɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɞɥɹ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ Microsoft Windows. ɋɥɭɠɛɚ Active Directory ɜɩɟɪɜɵɟ ɩɨɹɜɢɥɚɫɶ ɜ Windows Server 2000, ɢ ɨɧɚ ɹɜɥɹɟɬɫɹ ɤɨɦɩɨɧɟɧɬɨɦ Windows Server 2003. ɉɨɬɪɟɛɧɨɫɬɶ ɜ ɫɥɭɠɛɟ ɤɚɬɚɥɨɝɚ ɜ ɜɵɱɢɫɥɢɬɟɥɶɧɨɣ
ɫɪɟɞɟ ɤɨɦɩɶɸɬɟɪɨɜ Microsoft ɜɵɪɨɫɥɚ ɜ ɪɟɡɭɥɶɬɚɬɟ ɛɵɫɬɪɨɝɨ ɪɚɫɩɪɨɫɬɪɚɧɟɧɢɹ ɩɟɪɫɨɧɚɥɶɧɵɯ ɤɨɦɩɶɸɬɟɪɨɜ ɧɚ ɪɚɛɨɱɢɯ ɦɟɫɬɚɯ. ɉɨ ɦɟɪɟ ɭɜɟɥɢɱɟɧɢɹ ɤɨɥɢɱɟɫɬɜɚ ɤɨɦɩɶɸɬɟɪɨɜ, ɜɯɨɞɹɳɢɯ ɜ ɪɚɛɨɱɭɸ ɫɪɟɞɭ ɤɨɪɩɨɪɚɰɢɣ, ɪɚɫɬɟɬ ɩɨɬɪɟɛɧɨɫɬɶ ɜ ɬɨɦ, ɱɬɨɛɵ ɫɜɹɡɚɬɶ ɢɯ ɞɥɹ ɫɨɜɦɟɫɬɧɨɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɪɟɫɭɪɫɨɜ ɢ ɞɚɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɜɡɚɢɦɨɞɟɣɫɬɜɨɜɚɬɶ ɜ ɩɨɱɬɢ ɪɟɚɥɶɧɨɦ ɜɪɟɦɟɧɢ. ɇɨ ɤɨɝɞɚ ɤɨɦɩɚɧɢɹ ɫɨɜɦɟɫɬɧɨ ɢɫɩɨɥɶɡɭɟɬ ɪɟɫɭɪɫɵ, ɞɨɫɬɭɩɧɵɟ ɜ ɫɟɬɢ, ɬɪɟɛɭɟɬɫɹ ɬɚɤɠɟ ɤɚɬɚɥɨɝ (ɢɥɢ ɫɩɪɚɜɨɱɧɢɤ) ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɫɢɫɬɟɦɵ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɣ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɟɫɭɪɫɚɦ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɪɚɡɪɟɲɟɧɢɣ.
LAN
OS/2
MS-DOS
ȼ1987 ɝɨɞɭ ɩɟɪɜɚɹ ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ, ɪɚɡɪɚɛɨɬɚɧɧɚɹ ɞɥɹ ɩɨɞɞɟɪɠɤɢ ɜɵɱɢɫɥɢɬɟɥɶɧɨɣ ɫɪɟɞɵ ɤɨɦɩɶɸɬɟɪɨɜ Microsoft (ɨɩɟɪɚɰɢɨɧɧɵɟ ɫɢɫɬɟɦɵ OS/2 ɢ MS-DOS), ɨɫɧɨɜɵɜɚɥɚɫɶ ɧɚ ɫɟɬɟɜɨɣ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɟ Microsoft LAN Manager. ɋɥɭɠɛɚ ɤɚɬɚɥɨɝɚ ɫɢɫɬɟɦɵ LAN Manager ɨɛɟɫɩɟɱɢɜɚɥɚ ɨɫɧɨɜɧɵɟ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ ɞɥɹ ɫɨɜɦɟɫɬɧɨɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɮɚɣɥɨɜ ɢ ɪɟɫɭɪɫɨɜ ɩɟɱɚɬɢ, ɚ ɬɚɤɠɟ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɣ ɡɚɳɢɬɵ, ɧɨ ɨɧɚ ɧɟ ɝɨɞɢɥɚɫɶ ɞɥɹ ɫɪɟɞ ɛɨɥɶɲɨɝɨ ɩɪɟɞɩɪɢɹɬɢɹ. ɗɬɚ ɫɥɭɠɛɚ ɩɥɨɯɨ ɦɚɫɲɬɚɛɢɪɨɜɚɥɚɫɶ ɢ ɧɟ ɩɨɞɞɟɪɠɢɜɚɥɚ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ. ɑɬɨɛɵ ɨɛɪɚɬɢɬɶɫɹ ɤ ɨɛɳɟɞɨɫɬɭɩɧɵɦ ɪɟɫɭɪɫɚɦ, ɫɟɬɟɜɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɞɨɥɠɧɵ ɛɵɥɢ ɜɯɨɞɢɬɶ ɧɚ ɤɚɠɞɵɣ ɞɨɦɟɧ ɨɬɞɟɥɶɧɨ.
Windows NT
SAM
ȼɨɣɞɢɬɟ ɜ Microsoft Windows NT 3.1 Advanced Server. ɉɥɚɬɮɨɪɦɚ Windows NT Server ɩɪɟɞɥɚɝɚɟɬ ɭɫɬɨɣɱɢɜɭɸ 32-ɛɢɬɧɭɸ ɜɵɱɢɫɥɢɬɟɥɶɧɭɸ ɫɪɟɞɭ ɫ ɩɪɢɜɵɱɧɵɦ ɜɧɟɲɧɢɦ ɜɢɞɨɦ ɢ «ɨɳɭɳɟɧɢɟɦ» ɩɨɩɭɥɹɪɧɨɣ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ Microsoft Windows for Workgroups, ɩɪɟɞɧɚɡɧɚɱɟɧɧɨɣ ɞɥɹ ɧɚɫɬɨɥɶɧɵɯ ɤɨɦɩɶɸɬɟɪɨɜ. ɋɟɪɞɰɟɦ Windows NT NOS (Network Operating System — ɫɟɬɟɜɚɹ ɨɩɟɪɚɰɢɨɧɧɚɹ ɫɢɫɬɟɦɚ) ɹɜɥɹɟɬɫɹ ɛɚɡɚ ɞɚɧɧɵɯ SAM (Security Accounts Management - ɭɩɪɚɜɥɟɧɢɟ ɛɟɡɨɩɚɫɧɵɦɢ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ). Ɉɧɚ ɩɪɟɞɫɬɚɜɥɹɟɬ ɰɟɧɬɪɚɥɶɧɭɸ ɛɚɡɭ ɞɚɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ, ɜɤɥɸɱɚɸɳɭɸ ɜɫɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ ɜ ɞɨɦɟɧɟ. ɗɬɢ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ ɤ ɫɨɜɦɟɫɬɧɵɦ ɪɟɫɭɪɫɚɦ, ɩɪɢɧɚɞɥɟɠɚɳɢɦ ɥɸɛɨɦɭ ɫɟɪɜɟɪɭ ɜ ɞɨɦɟɧɟ Windows NT. Ȼɚɡɚ ɞɚɧɧɵɯ SAM ɨɫɬɚɜɚɥɚɫɶ ɝɥɚɜɧɨɣ ɫɥɭɠɛɨɣ ɤɚɬɚɥɨɝɚ ɞɥɹ ɧɟɫɤɨɥɶɤɢɯ ɜɚɪɢɚɧɬɨɜ ɫɢɫɬɟɦ Microsoft Windows NT NOS, ɜɤɥɸɱɚɹ ɫɢɫɬɟɦɭ Windows NT 3.5 ɢ ɫɢɫɬɟɦɭ Windows NT Server 4. Ȼɚɡɚ ɞɚɧɧɵɯ SAM ɦɚɫɲɬɚɛɢɪɨɜɚɥɚɫɶ ɧɚɦɧɨɝɨ ɥɭɱɲɟ, ɱɟɦ ɩɪɟɞɵɞɭɳɚɹ ɚɪɯɢɬɟɤɬɭɪɚ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɢɡ-ɡɚ ɜɜɟɞɟɧɢɹ ɦɟɠɞɨɦɟɧɧɵɯ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ. Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɜ Windows NT ɛɵɥɢ ɜɚɠɧɵ ɞɥɹ ɩɪɟɨɞɨɥɟɧɢɹ ɞɪɭɝɢɯ ɨɝɪɚɧɢɱɟɧɢɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Windows NT. Ɉɞɧɚɤɨ ɛɚɡɚ ɞɚɧɧɵɯ SAM ɢɦɟɥɚ ɧɟɫɤɨɥɶɤɨ ɨɝɪɚɧɢɱɟɧɢɣ, ɜɤɥɸɱɚɸɳɢɯ ɧɟɞɨɫɬɚɬɨɤ ɨɛɴɟɦɚ ɢ ɩɥɨɯɢɟ ɜɨɡɦɨɠɧɨɫɬɢ ɞɨɫɬɭɩɚ. Ȼɚɡɚ ɞɚɧɧɵɯ SAM ɢɦɟɥɚ ɩɪɚɤɬɢɱɟɫɤɨɟ ɨɝɪɚɧɢɱɟɧɢɟ ɪɚɡɦɟɪɚ ɜ 40 Ɇɛ. ȼ ɬɟɪɦɢɧɚɯ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɝɪɭɩɩɵ ɢ ɤɨɦɩɶɸɬɟɪɧɵɯ ɨɛɴɟɤɬɨɜ ɷɬɨ ɨɝɪɚɧɢɱɟɧɢɟ ɩɪɨɹɜɥɹɥɨɫɶ ɜ ɬɨɦ, ɱɬɨ ɤɨɥɢɱɟɫɬɜɨ ɨɛɴɟɤɬɨɜ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɧɟ ɦɨɝɥɨ ɩɪɟɜɵɲɚɬɶ 40000. ɑɬɨɛɵ ɦɚɫɲɬɚɛɢɪɨɜɚɬɶ ɜɵɱɢɫɥɢɬɟɥɶɧɭɸ ɫɪɟɞɭ ɡɚ ɩɪɟɞɟɥɵ ɷɬɨɝɨ ɨɝɪɚɧɢɱɟɧɢɹ, ɫɟɬɟɜɵɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɥɠɧɵ ɛɵɥɢ ɞɨɛɚɜɢɬɶ ɛɨɥɶɲɟ ɞɨɦɟɧɨɜ ɤ ɫɜɨɢɦ ɫɪɟɞɚɦ. Ɉɪɝɚɧɢɡɚɰɢɢ ɬɚɤɠɟ ɪɚɡɛɢɜɚɥɢɫɶ ɧɚ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ, ɱɬɨɛɵ ɞɨɫɬɢɝɧɭɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɣ ɚɜɬɨɧɨɦɢɢ, ɱɬɨɛɵ ɤɚɠɞɵɣ ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɦɨɝ ɢɦɟɬɶ ɩɨɥɧɵɣ ɤɨɧɬɪɨɥɶ ɧɚɞ ɫɜɨɢɦ ɫɨɛɫɬɜɟɧɧɵɦ ɞɨɦɟɧɨɦ. ɉɨɫɤɨɥɶɤɭ ɜɫɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ Windows NT 4 ɢɦɟɸɬ, ɩɨ ɫɭɳɟɫɬɜɭ, ɧɟɨɝɪɚɧɢɱɟɧɧɵɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɢɜɢɥɟɝɢɢ, ɫɨɡɞɚɧɢɟ ɨɬɞɟɥɶɧɵɯ ɞɨɦɟɧɨɜ ɛɵɥɨ ɟɞɢɧɫɬɜɟɧɧɵɦ ɦɟɬɨɞɨɦ ɭɫɬɚɧɨɜɥɟɧɢɹ ɝɪɚɧɢɰ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ. Ɉɞɧɚɤɨ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ ɜɫɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɢɦɟɥɢ ɩɨɥɧɵɣ ɤɨɧɬɪɨɥɶ ɧɚɞ ɫɟɪɜɟɪɚɦɢ ɢ ɫɥɭɠɛɚɦɢ, ɤɨɬɨɪɵɟ ɧɚ ɧɢɯ ɜɵɩɨɥɧɹɥɢɫɶ. ɋɨɡɞɚɧɢɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɞɨɦɟɧɨɜ ɧɟ ɛɵɥɨ ɩɪɢɜɥɟɤɚɬɟɥɶɧɵɦ ɦɟɬɨɞɨɦ, ɩɨɫɤɨɥɶɤɭ ɤɚɠɞɵɣ ɧɨɜɵɣ ɞɨɦɟɧ ɬɪɟɛɨɜɚɥ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɫɟɪɜɟɪɧɵɯ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜ, ɱɬɨ ɩɪɢɜɨɞɢɥɨ ɤ ɭɜɟɥɢɱɟɧɢɸ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɧɚɤɥɚɞɧɵɯ ɪɚɫɯɨɞɨɜ. ɉɨ ɦɟɪɟ ɪɨɫɬɚ ɤɨɥɢɱɟɫɬɜɚ ɞɨɦɟɧɨɜ ɜ ɨɪɝɚɧɢɡɚɰɢɢ ɨɛɟɫɩɟɱɟɧɢɟ ɭɜɟɪɟɧɧɨɫɬɢ ɨɬɧɨɫɢɬɟɥɶɧɨ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ, ɤɨɬɨɪɵɟ ɞɟɥɚɥɢ ɜɨɡɦɨɠɧɵɦ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɭɸ ɢɞɟɧɬɢɮɢɤɚɰɢɸ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ ɜɧɟɲɧɢɯ ɞɨɦɟɧɨɜ, ɬɚɤɠɟ ɩɪɢɜɨɞɢɥɨ ɤ ɪɨɫɬɭ ɧɚɤɥɚɞɧɵɯ ɪɚɫɯɨɞɨɜ. ɑɬɨɛɵ ɫɩɪɚɜɢɬɶɫɹ ɫ ɷɬɨɣ ɪɚɫɬɭɳɟɣ ɫɥɨɠɧɨɫɬɶɸ ɞɨɦɟɧɨɜ ɢ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ, ɫɟɬɟɜɵɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɪɟɚɥɢɡɨɜɵɜɚɥɢ ɨɞɧɭ ɢɡ ɱɟɬɵɪɟɯ ɞɨɦɟɧɧɵɯ ɦɨɞɟɥɟɣ: ɨɬɞɟɥɶɧɵɣ ɞɨɦɟɧ (single domain), ɞɨɦɟɧ ɫ ɨɞɧɢɦ ɯɨɡɹɢɧɨɦ (master domain), ɞɨɦɟɧ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɯɨɡɹɟɜɚɦɢ (multiple master domain, ɢɥɢ multimaster) ɢ ɨɬɧɨɲɟɧɢɹ ɩɨɥɧɨɝɨ ɞɨɜɟɪɢɹ (complete trust). ɗɬɢ ɞɨɦɟɧɧɵɟ ɦɨɞɟɥɢ ɩɨɤɚɡɚɧɵ ɧɚ ɪɢɫɭɧɤɟ 1-1.
. 1 -1.
,
Windows NT 4
ɉɪɢ ɩɨɞɞɟɪɠɤɟ ɷɬɢɯ ɞɨɦɟɧɧɵɯ ɦɨɞɟɥɟɣ ɫɚɦɵɟ ɛɨɥɶɲɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɯɥɨɩɨɬɵ ɫɨɫɬɨɹɥɢ ɜ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɫɨɡɞɚɧɢɹ ɢ ɫɨɩɪɨɜɨɠɞɟɧɢɹ ɛɨɥɶɲɨɝɨ ɤɨɥɢɱɟɫɬɜɚ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ. ɗɬɨ ɛɵɥɨ ɧɟ ɩɪɨɫɬɨ, ɩɨɬɨɦɭ ɱɬɨ ɜɫɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ Windows NT 4 ɞɨɥɠɧɵ ɛɵɥɢ ɫɨɡɞɚɜɚɬɶɫɹ ɫ ɞɜɭɯ ɫɬɨɪɨɧ, ɬ.ɟ. ɜ ɨɛɨɢɯ ɞɨɦɟɧɚɯ ɧɚ ɤɨɧɰɚɯ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ. ȼ ɫɰɟɧɚɪɢɹɯ, ɩɪɟɞɩɨɥɚɝɚɸɳɢɯ ɧɟɫɤɨɥɶɤɢɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɞɨɦɟɧɚ, ɷɬɨ ɬɪɟɛɨɜɚɥɨ ɤɨɨɪɞɢɧɚɰɢɢ ɢ ɜɡɚɢɦɨɞɟɣɫɬɜɢɹ, ɱɬɨ ɧɟ ɹɜɥɹɟɬɫɹ ɯɚɪɚɤɬɟɪɧɨɣ ɱɟɪɬɨɣ ɪɚɛɨɬɵ ɫɟɬɟɜɵɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ. Ʉɪɨɦɟ ɬɨɝɨ, ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɜ ɞɨɦɟɧɟ Windows NT ɛɵɥɢ ɧɟ ɨɫɨɛɟɧɧɨ ɭɫɬɨɣɱɢɜɵ. ɂɡ-ɡɚ ɩɪɢɦɟɧɟɧɢɹ ɦɟɬɨɞɚ ɨɞɧɨɡɧɚɱɧɨ ɨɩɪɟɞɟɥɹɟɦɨɣ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɦɟɠɞɭ ɩɚɪɨɣ ɤɨɦɩɶɸɬɟɪɨɜ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɨɜɚɥɫɹ ɞɥɹ ɩɨɞɞɟɪɠɚɧɢɹ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɜ Windows NT, ɷɬɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɱɚɫɬɨ ɛɵɥɢ ɧɟɞɨɫɬɭɩɧɵ. ȼɬɨɪɨɟ ɨɝɪɚɧɢɱɟɧɢɟ ɧɚ ɛɚɡɭ ɞɚɧɧɵɯ SAM ɫɨɫɬɨɹɥɨ ɜ ɜɨɡɦɨɠɧɨɫɬɹɯ ɞɨɫɬɭɩɚ. ȿɞɢɧɫɬɜɟɧɧɵɦ ɦɟɬɨɞɨɦ ɞɨɫɬɭɩɚ, ɩɪɢɦɟɧɹɜɲɢɦɫɹ ɩɪɢ ɜɡɚɢɦɨɞɟɣɫɬɜɢɢ ɫ ɛɚɡɨɣ ɞɚɧɧɵɯ SAM, ɛɵɥɚ ɫɚɦɚ NOS. ɗɬɨɬ ɦɟɬɨɞ ɨɝɪɚɧɢɱɢɜɚɥ ɩɪɨɝɪɚɦɦɢɪɭɟɦɵɣ ɞɨɫɬɭɩ ɢ ɧɟ ɨɛɟɫɩɟɱɢɜɚɥ ɤɨɧɟɱɧɵɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɥɟɝɤɨɝɨ ɞɨɫɬɭɩɚ ɞɥɹ ɩɨɢɫɤɚ ɨɛɴɟɤɬɨɜ. ȼɫɟ ɡɚɩɪɨɫɵ ɧɚ ɱɬɟɧɢɟ, ɫɨɡɞɚɧɢɟ ɢɥɢ ɢɡɦɟɧɟɧɢɟ ɨɛɴɟɤɬɨɜ SAM ɞɨɥɠɧɵ ɛɵɥɢ ɢɧɢɰɢɢɪɨɜɚɬɶɫɹ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɨɞɧɨɝɨ ɢɡ ɧɟɫɤɨɥɶɤɢɯ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɯ ɫɪɟɞɫɬɜ, ɜɤɥɸɱɟɧɧɵɯ ɜ ɢɧɬɟɪɮɟɣɫ ɩɨɥɶɡɨɜɚɬɟɥɹ (UI - User Interface) Windows NT 4, ɬɚɤɢɯ ɤɚɤ User Manager For Domains (Ⱥɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ ɞɨɦɟɧɨɜ) ɢɥɢ Server Manager (Ⱥɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ ɫɟɪɜɟɪɨɜ). ɗɬɨ ɨɝɪɚɧɢɱɢɥɨ ɩɨɥɟɡɧɨɫɬɶ ɛɚɡɵ ɞɚɧɧɵɯ SAM ɜ ɤɚɱɟɫɬɜɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɢ ɜɧɟɫɥɨ ɜɤɥɚɞ ɜ ɩɨɬɪɟɛɧɨɫɬɶ ɧɚɣɬɢ ɡɚɦɟɧɭ ɫɥɭɠɛɟ ɤɚɬɚɥɨɝɚ Windows NT ɜ ɛɭɞɭɳɢɯ ɜɟɪɫɢɹɯ ɫɢɫɬɟɦ Windows-NOS. Ɍɚɤɚɹ ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ ɧɚɱɚɥɚ ɨɛɪɟɬɚɬɶ ɮɨɪɦɭ ɧɚ ɪɚɛɨɱɢɯ ɫɬɨɥɚɯ ɤɨɦɚɧɞɵ ɪɚɡɪɚɛɨɬɱɢɤɨɜ Microsoft Exchange Server.
Windows 2000
Active Directory
Ɍɚɤ ɤɚɤ ɛɚɡɚ ɞɚɧɧɵɯ SAM ɧɟ ɛɵɥɚ ɥɟɝɤɨ ɞɨɫɬɭɩɧɨɣ ɫ ɜɧɟɲɧɟɣ ɫɬɨɪɨɧɵ ɫɚɦɨɣ NOS, ɨɧɚ ɧɟ ɩɨɞɯɨɞɢɥɚ ɞɥɹ ɩɨɞɞɟɪɠɤɢ ɫɟɬɟɜɵɯ ɩɪɢɥɨɠɟɧɢɣ ɬɢɩɚ Exchange Server. Ʉɨɝɞɚ ɛɵɥɚ ɜɵɩɭɳɟɧɚ ɱɟɬɜɟɪɬɚɹ ɜɟɪɫɢɹ Exchange Server, ɨɧɚ ɢɦɟɥɚ ɫɜɨɸ ɫɨɛɫɬɜɟɧɧɭɸ ɫɥɭɠɛɭ ɤɚɬɚɥɨɝɚ - Exchange Directory. ɋɥɭɠɛɚ Exchange Directory ɛɵɥɚ ɩɪɟɞɧɚɡɧɚɱɟɧɚ ɞɥɹ ɩɨɞɞɟɪɠɤɢ ɜɵɱɢɫɥɢɬɟɥɶɧɨɣ ɫɪɟɞɵ ɛɨɥɶɲɢɯ ɩɪɟɞɩɪɢɹɬɢɣ, ɜ ɛɨɥɟɟ ɩɨɡɞɧɢɯ ɜɟɪɫɢɹɯ ɨɧɚ ɨɫɧɨɜɵɜɚɥɚɫɶ ɧɚ ɨɬɤɪɵɬɵɯ ɫɬɚɧɞɚɪɬɚɯ ɢɧɬɟɪɧɟɬɚ. ɉɨɞɞɟɪɠɤɚ ɨɬɤɪɵɬɵɯ ɫɬɚɧɞɚɪɬɨɜ ɩɨɞɪɚɡɭɦɟɜɚɥɚ, ɱɬɨ Exchange Directory ɭɞɨɜɥɟɬɜɨɪɹɥɚ ɫɩɟɰɢɮɢɤɚɰɢɢ ɨɛɥɟɝɱɟɧɧɨɝɨ ɩɪɨɬɨɤɨɥɚ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɨɜ (LDAP) ɫɟɦɟɣɫɬɜɚ ɩɪɨɬɨɤɨɥɨɜ TCP/IP (ɉɪɨɬɨɤɨɥ ɞɥɹ ɜɡɚɢɦɨɞɟɣɫɬɜɢɹ ɫɟɬɟɣ ɜ ɢɧɬɟɪɧɟɬɟ) ɢ ɛɵɥɚ ɥɟɝɤɨ ɞɨɫɬɭɩɧɚ ɩɪɨɝɪɚɦɦɧɨ. Ɋɚɡɪɚɛɚɬɵɜɚɹ ɫɥɟɞɭɸɳɭɸ ɜɟɪɫɢɸ NOS-ɫɢɫɬɟɦ Windows, ɤɨɦɩɚɧɢɹ Microsoft ɪɚɫɫɦɚɬɪɢɜɚɥɚ ɫɥɭɠɛɭ ɤɚɬɚɥɨɝɚ Exchange Server ɜ ɤɚɱɟɫɬɜɟ ɦɨɞɟɥɢ ɞɥɹ ɛɭɞɭɳɟɣ ɪɟɚɥɢɡɚɰɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɜɵɝɨɞɚ ɨɬ ɪɚɡɜɢɬɢɹ ɫɟɬɟɜɨɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɧɚ ɛɚɡɟ ɫɭɳɟɫɬɜɭɸɳɟɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Exchange Server ɫɨɫɬɨɹɥɚ ɜ ɬɨɦ, ɱɬɨ ɜ ɛɭɞɭɳɢɯ ɜɵɩɭɫɤɚɯ Exchange Server ɦɨɝɥɚ ɛɵ ɛɵɬɶ ɨɛɳɚɹ ɩɥɚɬɮɨɪɦɚ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɤɨɬɨɪɚɹ ɨɛɫɥɭɠɢɜɚɥɚ ɛɵ ɢ ɫɟɬɟɜɭɸ ɫɪɟɞɭ, ɢ ɫɪɟɞɭ
Exchange Server. ɗɬɚ ɰɟɥɶ ɛɵɥɚ ɞɨɫɬɢɝɧɭɬɚ ɫ ɜɵɩɭɫɤɨɦ Windows 2000. ɍɫɬɨɣɱɢɜɚɹ ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ Active Directory, ɤɨɬɨɪɚɹ ɫɤɪɨɦɧɨ ɧɚɱɢɧɚɥɚɫɶ ɤɚɤ ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ Exchange Server ɜɟɪɫɢɢ 4, ɛɵɥɚ ɜ ɢɬɨɝɟ ɜɵɩɭɳɟɧɚ ɫ Windows 2000. ɋɥɭɠɛɚ Active Directory ɡɚɦɟɧɢɥɚ ɛɚɡɭ ɞɚɧɧɵɯ SAM ɜ ɤɚɱɟɫɬɜɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɞɥɹ ɫɟɬɟɜɵɯ ɫɪɟɞ ɨɬ Microsoft. ɗɬɚ ɧɨɜɚɹ ɪɟɚɥɢɡɚɰɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɛɵɥɚ ɧɚɩɪɚɜɥɟɧɚ ɧɚ ɩɪɟɨɞɨɥɟɧɢɟ ɨɝɪɚɧɢɱɟɧɢɣ ɫɥɭɠɛɵ Windows NT 4 SAM ɢ ɨɛɟɫɩɟɱɢɜɚɥɚ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɜɵɝɨɞɵ ɫɟɬɟɜɵɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ. Ƚɥɚɜɧɚɹ ɜɵɝɨɞɚ Active Directory ɜ ɪɟɚɥɢɡɚɰɢɢ Windows 2000 ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɧɚ ɦɚɫɲɬɚɛɢɪɭɟɦɚ. ɇɨɜɵɣ ɮɚɣɥ ɛɚɡɵ ɞɚɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɦɨɠɟɬ ɞɨɫɬɢɝɚɬɶ 70 Ɍɛ, ɱɬɨ ɹɜɥɹɟɬɫɹ ɜɟɫɨɦɵɦ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɢɟɦ ɩɨ ɫɪɚɜɧɟɧɢɸ ɫ ɥɢɦɢɬɨɦ SAM ɜ 40 Ɇɛ. ɑɢɫɥɨ ɨɛɴɟɤɬɨɜ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɛɵɬɶ ɫɨɯɪɚɧɟɧɵ ɜ Active Directory, ɩɪɟɜɵɲɚɟɬ ɨɞɢɧ ɦɢɥɥɢɨɧ. Ɏɚɤɬɢɱɟɫɤɢ Active Directory ɛɵɥɚ ɪɟɚɥɢɡɨɜɚɧɚ ɜ ɢɫɩɵɬɚɬɟɥɶɧɨɣ ɫɪɟɞɟ ɜ ɦɨɞɟɥɢ ɨɬɞɟɥɶɧɨɝɨ ɞɨɦɟɧɚ, ɫɨɞɟɪɠɚɳɟɣ ɛɨɥɟɟ ɫɬɚ ɦɢɥɥɢɨɧɨɜ ɨɛɴɟɤɬɨɜ. ȼ ɤɚɱɟɫɬɜɟ ɞɟɦɨɧɫɬɪɚɰɢɢ ɦɚɫɲɬɚɛɢɪɭɟɦɨɫɬɢ ɤɨɪɩɨɪɚɰɢɹ Compaq Computer Corporation, ɬɟɩɟɪɶ ɜɯɨɞɹɳɚɹ ɜ ɫɨɫɬɚɜ ɤɨɪɩɨɪɚɰɢɢ Hewlett-Packard, ɭɫɩɟɲɧɨ ɨɛɴɟɞɢɧɢɥɚ ɜ ɦɨɞɟɥɢ ɨɬɞɟɥɶɧɨɝɨ ɞɨɦɟɧɚ ɫɜɨɞɧɵɟ ɤɚɬɚɥɨɝɢ ɞɨɦɚɲɧɢɯ ɬɟɥɟɮɨɧɧɵɯ ɧɨɦɟɪɨɜ ɞɥɹ ɜɫɟɯ ɩɹɬɢɞɟɫɹɬɢ ɲɬɚɬɨɜ ɋɨɟɞɢɧɟɧɧɵɯ ɒɬɚɬɨɜ Ⱥɦɟɪɢɤɢ. ɋɩɢɫɤɢ, ɩɪɟɞɫɬɚɜɥɹɸɳɢɟ ɞɜɚ ɫɚɦɵɯ ɛɨɥɶɲɢɯ ɲɬɚɬɚ, ɛɵɥɢ ɡɚɝɪɭɠɟɧɵ ɞɜɚɠɞɵ, ɱɬɨɛɵ ɭɜɟɥɢɱɢɬɶ ɨɛɴɟɦ ɞɨ ɪɚɡɦɟɪɚ, ɩɪɟɜɵɲɚɸɳɟɝɨ ɫɬɨ ɦɢɥɥɢɨɧɨɜ ɨɛɴɟɤɬɨɜ. ȿɫɥɢ Active Directory ɦɨɠɟɬ ɯɪɚɧɢɬɶ, ɭɩɪɚɜɥɹɬɶ ɢ ɛɵɫɬɪɨ ɨɬɜɟɱɚɬɶ ɧɚ ɡɚɩɪɨɫɵ ɞɥɹ ɤɚɠɞɨɝɨ ɞɨɦɚɲɧɟɝɨ ɧɨɦɟɪɚ ɬɟɥɟɮɨɧɚ ɜ ɋɨɟɞɢɧɟɧɧɵɯ ɒɬɚɬɚɯ, ɬɨ ɨɧɚ ɦɨɠɟɬ ɬɚɤɠɟ ɦɚɫɲɬɚɛɢɪɨɜɚɬɶɫɹ ɞɨ ɪɚɡɦɟɪɨɜ ɨɪɝɚɧɢɡɚɰɢɣ ɛɨɥɶɲɢɯ ɩɪɟɞɩɪɢɹɬɢɣ. Ɍɚɤɨɣ ɨɝɪɨɦɧɵɣ ɩɪɨɝɪɟɫɫ ɜ ɞɨɩɭɫɬɢɦɨɦ ɨɛɴɟɦɟ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɫɟɬɟɜɵɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɛɨɥɶɲɟ ɧɟ ɞɨɥɠɧɵ ɞɟɥɢɬɶ ɫɜɨɢ ɫɪɟɞɵ ɧɚ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ, ɱɬɨɛɵ ɨɛɨɣɬɢ ɨɝɪɚɧɢɱɟɧɢɹ ɪɚɡɦɟɪɨɜ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. Ɋɟɡɭɥɶɬɚɬ ɫɨɫɬɨɢɬ ɜ ɭɦɟɧɶɲɟɧɢɢ ɤɨɥɢɱɟɫɬɜɚ ɞɨɦɟɧɨɜ, ɫɟɪɜɟɪɧɵɯ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜ ɢ ɭɦɟɧɶɲɟɧɢɢ ɨɛɴɟɦɚ ɫɟɬɟɜɨɝɨ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ, ɬɨ ɟɫɬɶ ɩɨɹɜɥɹɸɬɫɹ ɬɪɢ ɧɟɨɬɪɚɡɢɦɵɯ ɩɪɢɱɢɧɵ ɞɥɹ ɪɟɚɥɢɡɚɰɢɢ ɫɥɭɠɛɵ Active Directory. ɋɥɨɠɧɵɟ ɞɨɦɟɧɧɵɟ ɦɨɞɟɥɢ, ɤɨɬɨɪɵɟ ɩɪɟɨɛɥɚɞɚɥɢ ɜ Windows NT 4, ɬɟɩɟɪɶ ɦɨɝɭɬ ɛɵɬɶ ɨɛɴɟɞɢɧɟɧɵ ɜ ɦɟɧɶɲɟɟ ɤɨɥɢɱɟɫɬɜɨ ɞɨɦɟɧɨɜ ɫ ɩɨɦɨɳɶɸ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɯ ɟɞɢɧɢɰ (OU - organizational unit), ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɝɪɭɩɩɢɪɨɜɤɢ ɫɨɞɟɪɠɢɦɨɝɨ ɪɟɫɭɪɫɧɨɝɨ ɢɥɢ ɪɟɝɢɨɧɚɥɶɧɨɝɨ ɞɨɦɟɧɚ Windows NT 4. ɇɚ ɪɢɫɭɧɤɟ 1-2 ɩɨɤɚɡɚɧɚ ɬɢɩɢɱɧɚɹ ɦɨɞɟɥɶ ɨɬɞɟɥɶɧɨɝɨ ɞɨɦɟɧɚ ɫɢɫɬɟɦɵ Windows 2000. Ⱦɪɭɝɨɟ ɜɚɠɧɨɟ ɩɪɟɢɦɭɳɟɫɬɜɨ ɫɥɭɠɛɵ Active Directory ɫɨɫɬɨɢɬ ɜ ɟɟ ɞɨɫɬɭɩɧɨɫɬɢ. Ⱥɪɯɢɬɟɤɬɭɪɚ Active Directory ɪɚɡɪɚɛɨɬɚɧɚ ɧɚ ɨɬɤɪɵɬɵɯ ɫɬɚɧɞɚɪɬɚɯ ɢɧɬɟɪɧɟɬɚ, ɬɚɤɢɯ ɤɚɤ LDAP ɢ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ ɏ.500. Active Directory ɬɚɤɠɟ ɞɨɫɬɭɩɧɚ ɷɬɢɦ ɨɬɤɪɵɬɵɦ ɫɬɚɧɞɚɪɬɚɦ ɩɪɨɝɪɚɦɦɧɨ. Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɦɨɝɭɬ ɭɩɪɚɜɥɹɬɶ ɫɜɨɢɦɢ ɪɟɚɥɢɡɚɰɢɹɦɢ ɫɥɭɠɛɵ Active Directory, ɢɫɩɨɥɶɡɭɹ LDAP-ɫɨɜɦɟɫɬɢɦɵɟ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ, ɬɚɤɢɟ ɤɚɤ Active Directory Service Interface (ADSI) Edit ɢ Ldp.exe (LDAP-ɫɨɜɦɟɫ-ɬɢɦɵɣ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ Active Directory). Ɍɚɤ ɤɚɤ ɫɥɭɠɛɚ Active Directory ɨɬɤɪɵɬɚ ɞɥɹ LDAP, ɨɧɚ ɦɨɠɟɬ ɭɩɪɚɜɥɹɬɶɫɹ ɩɪɨɝɪɚɦɦɧɨ. ȼ ɪɟɡɭɥɶɬɚɬɟ ɫɟɬɟɜɵɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɦɨɝɭɬ ɩɢɫɚɬɶ ɫɰɟɧɚɪɢɢ ɡɚɞɚɱ ɭɩɪɚɜɥɟɧɢɹ ɬɢɩɚ ɩɚɤɟɬɧɨɝɨ ɢɦɩɨɪɬɚ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɨɛɴɟɤɬɨɜ, ɤɨɬɨɪɵɟ ɬɪɟɛɭɸɬ ɦɧɨɝɨ ɜɪɟɦɟɧɢ, ɟɫɥɢ ɜɵɩɨɥɧɹɸɬɫɹ ɱɟɪɟɡ ɝɪɚɮɢɱɟɫɤɢɣ ɢɧɬɟɪɮɟɣɫ ɩɨɥɶɡɨɜɚɬɟɥɹ (GUI). . 1 -2.
Windows 2000
Windows Server 2003
Active Directory
ɋɚɦɚɹ ɩɨɫɥɟɞɧɹɹ, ɭɥɭɱɲɟɧɧɚɹ ɢ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɧɚɹ, ɜɟɪɫɢɹ Active Directory, ɩɪɟɞɫɬɚɜɥɟɧɧɨɣ ɜ Windows 2000, ɹɜɥɹɟɬɫɹ ɤɨɦɩɨɧɟɧɬɨɦ ɜɫɟɯ ɱɥɟɧɨɜ ɫɟɦɟɣɫɬɜɚ Windows Server 2003 ɡɚ ɢɫɤɥɸɱɟɧɢɟɦ Web Edition, ɤɨɬɨɪɚɹ ɧɟ ɧɭɠɞɚɟɬɫɹ ɜ ɤɨɦɩɨɧɟɧɬɟ Active Directory ɢ ɧɟ ɪɟɚɥɢɡɭɟɬ ɟɝɨ. ɋɥɭɠɛɚ Active Directory ɫɟɦɟɣɫɬɜɚ Windows Server 2003 ɩɪɟɞɥɚɝɚɟɬ ɫɟɬɟɜɵɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ ɦɚɫɲɬɚɛɢɪɭɟɦɨɫɬɶ, ɜɨɡɦɨɠɧɨɫɬɢ ɞɨɫɬɭɩɚ ɢ ɮɭɧɤɰɢɨɧɚɥɶɧɨɫɬɶ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɨɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɜɵɱɢɫɥɢɬɟɥɶɧɨɣ ɫɪɟɞɵ ɫɨɜɪɟɦɟɧɧɵɯ ɩɪɟɞɩɪɢɹɬɢɣ. ɇɚɲɢ ɩɪɟɞɫɬɚɜɥɟɧɢɹ ɨ ɬɨɦ, ɱɬɨ ɞɨɥɠɧɚ ɜɵɩɨɥɧɹɬɶ ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ, ɡɧɚɱɢɬɟɥɶɧɨ ɪɚɫɲɢɪɢɥɢɫɶ ɫɨ ɜɪɟɦɟɧɢ ɤɨɦɩɶɸɬɟɪɨɜ ɫ MS-DOS, ɫɜɹɡɚɧɧɵɯ ɫɟɬɶɸ ɩɨɞ ɭɩɪɚɜɥɟɧɢɟɦ LAN Manager, ɢ Active Directory ɹɜɥɹɟɬɫɹ ɢɞɟɚɥɶɧɵɦ ɢɧɫɬɪɭɦɟɧɬɨɦ, ɭɞɨɜɥɟɬɜɨɪɹɸɳɢɦ ɷɬɢɦ ɩɪɟɞɫɬɚɜɥɟɧɢɹɦ. Ⱦɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ ɨɛɴɹɫɧɹɟɬɫɹ, ɤɚɤɢɦ ɨɛɪɚɡɨɦ Active Directory ɜɵɩɨɥɧɹɟɬ ɫɜɨɸ ɪɨɥɶ ɜ ɰɟɧɬɪɟ ɫɪɟɞɵ Windows Server 2003, ɢ ɤɚɤɢɟ ɧɨɜɵɟ ɮɭɧɤɰɢɢ ɩɨɹɜɢɥɢɫɶ ɜ ɷɬɨɦ ɜɵɩɭɫɤɟ.
Active Directory
ɑɬɨɛɵ ɭɞɨɜɥɟɬɜɨɪɢɬɶ ɪɚɫɬɭɳɢɟ ɡɚɩɪɨɫɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɜ ɧɟɢɡɦɟɧɧɨ ɩɥɸɪɚɥɢɫɬɢɱɟɫɤɨɣ ɜɵɱɢɫɥɢɬɟɥɶɧɨɣ ɫɪɟɞɟ ɫɨɜɪɟɦɟɧɧɨɝɨ ɩɪɟɞɩɪɢɹɬɢɹ, Microsoft ɞɨɥɠɟɧ ɛɵɥ ɜɤɥɸɱɢɬɶ ɨɬɤɪɵɬɵɟ ɜɵɱɢɫɥɢɬɟɥɶɧɵɟ ɫɬɚɧɞɚɪɬɵ ɜ ɫɜɨɢ NOS ɢ ɜ ɫɜɨɸ ɪɟɚɥɢɡɚɰɢɸ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ɉɪɟɞɫɬɚɜɥɹɟɬɫɹ ɜɫɟ ɛɨɥɟɟ ɜɟɪɨɹɬɧɵɦ, ɱɬɨ, ɜ ɤɨɧɟɱɧɨɦ ɫɱɟɬɟ, ɫɟɪɜɟɪɧɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɫɪɟɞɧɢɯ ɢ ɛɨɥɶɲɢɯ ɨɪɝɚɧɢɡɚɰɢɣ ɛɭɞɟɬ ɫɨɞɟɪɠɚɬɶ ɪɚɡɧɨɨɛɪɚɡɧɵɟ ɫɢɫɬɟɦɵ NOS, ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɧɚ ɪɚɡɥɢɱɧɵɯ ɬɢɩɚɯ ɫɟɪɜɟɪɧɵɯ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜ. ɋɟɪɜɟɪɧɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɦɨɠɟɬ ɜɤɥɸɱɚɬɶ ɫɟɪɜɟɪɵ Windows ɢ Novell Netware, ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɧɚ ɩɥɚɬɮɨɪɦɚɯ Intel, UNIX-ɩɥɚɬɮɨɪɦɵ, ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɧɚ ɛɚɡɟ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜ RISC (ɤɨɦɩɶɸɬɟɪɵ ɫ ɫɨɤɪɚɳɟɧɧɵɦ ɧɚɛɨɪɨɦ ɤɨɦɚɧɞ), ɢ ɫɟɪɜɟɪɵ ɪɚɛɨɱɢɯ ɝɪɭɩɩ ɫɟɦɟɣɫɬɜɚ Linux, ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɧɚ ɥɸɛɵɯ ɩɥɚɬɮɨɪɦɚɯ, ɤ ɤɨɬɨɪɵɦ ɦɨɝɭɬ ɩɪɢɥɨɠɢɬɶ ɪɭɤɢ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ. Ⱦɥɹ ɪɟɚɥɢɡɚɰɢɢ ɷɬɢɯ ɫɢɫɬɟɦ NOS ɞɨɥɠɧɵ ɜɡɚɢɦɨɞɟɣɫɬɜɨɜɚɬɶ ɫ ɩɨɦɨɳɶɸ ɨɛɳɟɝɨ ɹɡɵɤɚ ɢɥɢ ɹɡɵɤɨɜ. ɉɨɬɪɟɛɧɨɫɬɶ ɜ ɨɛɳɢɯ ɹɡɵɤɚɯ ɹɜɥɹɟɬɫɹ ɨɫɧɨɜɨɣ ɞɥɹ ɜɵɱɢɫɥɢɬɟɥɶɧɨɣ ɬɟɯɧɢɤɢ ɨɬɤɪɵɬɵɯ ɫɬɚɧɞɚɪɬɨɜ. ȼɦɟɫɬɨ ɧɚɩɪɹɠɟɧɧɵɯ ɭɫɢɥɢɣ, ɩɪɢɥɚɝɚɟɦɵɯ ɜ ɪɚɦɤɚɯ ɫɬɚɪɨɣ ɩɚɪɚɞɢɝɦɵ ɨɞɧɨɪɨɞɧɨɣ ɫɟɪɜɟɪɧɨɣ ɫɪɟɞɵ, ɢɫɩɨɥɶɡɭɸɳɟɣ ɡɚɤɪɵɬɵɟ (ɥɢɰɟɧɡɢɪɨɜɚɧɧɵɟ) ɪɟɚɥɢɡɚɰɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɜɵɱɢɫɥɢɬɟɥɶɧɚɹ ɫɪɟɞɚ ɫɨɜɪɟɦɟɧɧɵɯ ɩɪɟɞɩɪɢɹɬɢɣ ɫɬɪɟɦɢɬɫɹ ɛɵɬɶ ɨɛɴɟɞɢɧɟɧɧɨɣ ɫɟɬɟɜɨɣ ɫɥɭɠɛɨɣ. ȼ ɫɥɟɞɭɸɳɢɯ ɞɜɭɯ ɪɚɡɞɟɥɚɯ ɪɚɫɫɦɚɬɪɢɜɚɟɬɫɹ ɩɚɪɚ ɨɬɤɪɵɬɵɯ ɫɬɚɧɞɚɪɬɨɜ, ɧɚ ɤɨɬɨɪɵɯ ɨɫɧɨɜɚɧɚ Active Directory: ɢɟɪɚɪɯɢɹ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɏ.500 ɢ ɩɪɨɬɨɤɨɥ LDAP.
.500
ɋɬɚɧɞɚɪɬ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɏ.500 (namespace) ɨɩɪɟɞɟɥɹɟɬ ɬɨ, ɤɚɤ ɨɛɴɟɤɬɵ ɫɨɯɪɚɧɹɸɬɫɹ ɜ Active Directory. ɉɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ ɏ.500 ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɢɟɪɚɪɯɢɱɟɫɤɭɸ ɫɬɪɭɤɬɭɪɭ ɢɦɟɧ, ɤɨɬɨɪɚɹ ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ ɭɧɢɤɚɥɶɧɵɣ ɩɭɬɶ ɤ ɤɨɧɬɟɣɧɟɪɭ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. Ɉɧ ɨɛɟɫɩɟɱɢɜɚɟɬ ɬɚɤɠɟ ɭɧɢɤɚɥɶɧɵɣ ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɞɥɹ ɤɚɠɞɨɝɨ ɨɛɴɟɤɬɚ ɜ ɷɬɨɦ ɤɨɧɬɟɣɧɟɪɟ. ɂɫɩɨɥɶɡɭɹ ɢɦɹ ɜ ɫɬɚɧɞɚɪɬɟ ɏ.500 ɢɥɢ ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɨɛɴɟɤɬɚ (OID -Object Identifier), ɜɫɟ ɨɛɴɟɤɬɵ ɜɨ ɜɫɟɯ ɫɬɪɭɤɬɭɪɚɯ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɦɨɝɭɬ ɛɵɬɶ ɭɧɢɤɚɥɶɧɨ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɧɵ. ɋɥɭɠɛɚ ɤɚɬɚɥɨɝɚ Active Directory ɨɫɧɨɜɚɧɚ ɧɚ ɫɬɚɧɞɚɪɬɟ ɏ.500, ɢ Microsoft ɜɤɥɸɱɢɥ ɜ ɧɟɟ ɜɫɟ ɨɫɧɨɜɧɵɟ (ɢɥɢ ɨɪɢɝɢɧɚɥɶɧɵɟ) ɡɚɞɚɧɧɵɟ ɫɬɚɧɞɚɪɬɨɦ ɤɥɚɫɫɵ. ɗɬɨɬ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ ɦɨɠɧɨ ɩɪɟɞɫɬɚɜɥɹɬɶ ɢɥɢ ɜ ɬɨɱɟɱɧɨɣ (dotted), ɬ.ɟ. ɱɢɫɥɨɜɨɣ ɧɨɬɚɰɢɢ, ɢɥɢ ɜ ɫɬɪɨɤɨɜɨɣ (string). ɇɚɩɪɢɦɟɪ, ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɏ.500 OID, ɪɚɜɧɵɣ 2.5.4.10, ɹɜɥɹɟɬɫɹ ɷɤɜɢɜɚɥɟɧɬɨɦ ɚɬɪɢɛɭɬɚ Organization-Name (ɇɚɡɜɚɧɢɟ ɨɪɝɚɧɢɡɚɰɢɢ) (ɫ ɨɬɨɛɪɚɠɚɟɦɵɦ LDAP-ɢɦɟɧɟɦ - «ɨ»). ɑɢɫɥɨɜɨɟ ɩɪɟɞɫɬɚɜɥɟɧɢɟ ɤɥɚɫɫɚ ɷɬɨɝɨ ɨɛɴɟɤɬɚ ɭɧɢɤɚɥɶɧɨ ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ ɟɝɨ ɜ ɩɪɟɞɟɥɚɯ ɢɟɪɚɪɯɢɢ ɏ.500, ɢ ɬɚɤɢɦ ɨɛɪɚɡɨɦ ɨɛɴɟɤɬ ɫɬɚɧɨɜɢɬɫɹ ɭɧɢɤɚɥɶɧɵɦ. Ɉɛɴɟɤɬɵ Active Directory ɦɨɝɭɬ ɛɵɬɶ ɬɚɤɠɟ ɭɧɢɤɚɥɶɧɨ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɧɵ ɫ ɩɨɦɨɳɶɸ ɫɬɪɨɤɨɜɨɣ ɧɨɬɚɰɢɢ ɏ.500, ɢɡɜɟɫɬɧɨɣ ɬɚɤɠɟ ɤɚɤ ɤɚɬɚɥɨɝ ɜɡɚɢɦɨɞɟɣɫɬɜɢɹ ɨɬɤɪɵɬɵɯ ɫɢɫɬɟɦ (OSI - Open Systems Interconnection). ȼ ɫɬɪɨɤɨɜɨɣ ɧɨɬɚɰɢɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɨɛɴɟɤɬ ɦɨɠɟɬ ɛɵɬɶ ɩɪɟɞɫɬɚɜɥɟɧ ɤɚɤ: cn=Karen Friske, cn=Users, dc=Contoso, dc=com
ɑɬɨɛɵ ɭɞɨɜɥɟɬɜɨɪɢɬɶ ɬɪɟɛɨɜɚɧɢɸ ɭɧɢɤɚɥɶɧɨɫɬɢ ɜ ɩɪɨɫɬɪɚɧɫɬɜɟ ɢɦɟɧ ɏ.500, ɜ ɤɨɧɬɟɣɧɟɪɟ Users (ɉɨɥɶɡɨɜɚɬɟɥɢ) ɜ ɞɨɦɟɧɟ Contoso.com ɦɨɠɟɬ ɛɵɬɶ ɬɨɥɶɤɨ ɨɞɧɨ ɢɦɹ Karen Friske. Ɉɞɧɚɤɨ ɦɨɝɭɬ ɫɭɳɟɫɬɜɨɜɚɬɶ ɞɪɭɝɢɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ Ʉɚɪɟɧ Ɏɪɢɫɤ ɜ ɨɪɝɚɧɢɡɚɰɢɢ Contoso. ɂɦɹ ɏ.500 ɜɤɥɸɱɚɟɬ ɧɚɡɜɚɧɢɟ ɤɨɧɬɟɣɧɟɪɚ, ɜ ɤɨɬɨɪɨɦ ɧɚɣɞɟɧɚ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ (ɬɢɩɚ OU), ɢ
ɞɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɧɚɡɜɚɧɢɸ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɛɵɬɶ ɭɧɢɤɚɥɶɧɨɣ. ɋɬɪɨɤɨɜɨɟ ɩɪɟɞɫɬɚɜɥɟɧɢɟ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɏ.500 ɨɩɪɟɞɟɥɟɧɨ ɜ ɞɨɤɭɦɟɧɬɟ Request for Comments (RFC) 1779, ɤɨɬɨɪɵɣ ɞɨɫɬɭɩɟɧ ɧɚ ɫɚɣɬɟ http://www.faqs.org/rfcs/rfcl779.html. ɑɬɨɛɵ ɩɨɫɦɨɬɪɟɬɶ ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɏ.500 OID, ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɢɥɢ ɨɫɧɚɫɬɤɭ (snap-in) Active Directory Schema (ɋɯɟɦɚ Active Directory), ɢɥɢ ɨɫɧɚɫɬɤɭ ADSI Edit (Ɋɟɞɚɤɬɨɪ ADSI). ɑɬɨɛɵ ɩɨɫɦɨɬɪɟɬɶ ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɏ.500 OID ɞɥɹ ɚɬɪɢɛɭɬɚ Organization-Name, ɨɬɤɪɨɣɬɟ ɤɨɧɬɟɣɧɟɪ ɫɯɟɦɵ ɫ ɩɨɦɨɳɶɸ ADSI Edit ɢ ɩɪɨɤɪɭɬɢɬɟ ɜɧɢɡ ɞɨ ɧɚɡɜɚɧɢɹ ɚɬɪɢɛɭɬɚ: CN=Organization-Name. ɇɚ ɪɢɫɭɧɤɟ 1-3 ɩɨɤɚɡɚɧ ɢɞɟɧɬɢɮɢɤɚɬɨɪ attributelD (ɢɦɹ ɏ.500) ɚɬɪɢɛɭɬɚ http://Organization-Name.
. 1 -3.
Organization-Name,
ADSI Edit
Ⱦɨɥɠɧɵɦ ɨɛɪɚɡɨɦ ɫɩɪɨɟɤɬɢɪɨɜɚɧɧɚɹ ɢ ɫɤɨɧɫɬɪɭɢɪɨɜɚɧɧɚɹ ɝɟɬɟɪɨɝɟɧɧɚɹ ɫɟɬɟɜɚɹ ɫɪɟɞɚ ɧɟɜɢɞɢɦɚ ɞɥɹ ɤɨɧɟɱɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Ⱦɪɭɝɢɦɢ ɫɥɨɜɚɦɢ, ɩɨɥɶɡɨɜɚɬɟɥɢ ɧɟ ɞɨɥɠɧɵ ɡɚɦɟɱɚɬɶ, ɱɬɨ ɫɟɬɟɜɵɟ ɭɫɥɭɝɢ, ɧɚ ɤɨɬɨɪɵɟ ɨɧɢ ɩɨɥɚɝɚɸɬɫɹ ɜ ɫɜɨɟɣ ɪɚɛɨɬɟ, ɜɵɩɨɥɧɹɸɬɫɹ ɧɚ ɪɚɡɧɨɨɛɪɚɡɧɵɯ ɫɟɪɜɟɪɧɵɯ ɩɥɚɬɮɨɪɦɚɯ. Ɉɧɢ ɞɨɥɠɧɵ ɢɦɟɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɛɳɢɣ ɧɚɛɨɪ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɯ ɫɪɟɞɫɬɜ ɢ ɩɪɢɥɨɠɟɧɢɣ ɞɥɹ ɜɡɚɢɦɨɞɟɣɫɬɜɢɣ ɤɚɤ ɜ ɱɚɫɬɧɨɣ, ɬɚɤ ɢ ɜ ɨɛɳɟɫɬɜɟɧɧɨɣ ɫɟɬɢ (ɢɧɬɟɪɧɟɬ). Ɉɞɧɢɦ ɢɡ ɤɥɸɱɟɜɵɯ ɦɨɦɟɧɬɨɜ ɜ ɪɟɚɥɢɡɚɰɢɢ ɧɟɜɢɞɢɦɨɣ ɝɟɬɟɪɨɝɟɧɧɨɣ ɫɟɬɟɜɨɣ ɫɪɟɞɵ ɹɜɥɹɟɬɫɹ ɜɵɛɨɪ ɰɟɧɬɪɚɥɶɧɨɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɤɨɬɨɪɚɹ ɩɨɞɞɟɪɠɢɜɚɟɬ ɟɞɢɧɭɸ ɪɟɝɢɫɬɪɚɰɢɸ, ɧɚɩɪɢɦɟɪ, ɫɥɭɠɛɵ Active Directory Windows Server 2003. ȼ ɩɪɨɬɢɜɧɨɦ ɫɥɭɱɚɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɞɨɥɠɧɵ ɨɛɟɫɩɟɱɢɜɚɬɶ ɜɟɪɢɬɟɥɶɧɵɟ ɝɪɚɦɨɬɵ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɞɥɹ ɤɚɠɞɨɣ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ, ɤ ɤɨɬɨɪɨɣ ɨɧɢ ɯɨɬɹɬ ɨɛɪɚɬɢɬɶɫɹ. Ɍɢɩɢɱɧɵɦɢ ɩɪɢɦɟɪɚɦɢ ɝɟɬɟɪɨɝɟɧɧɨɣ ɜɵɱɢɫɥɢɬɟɥɶɧɨɣ ɫɪɟɞɵ ɹɜɥɹɸɬɫɹ: • ɨɩɟɪɚɰɢɨɧɧɵɟ ɫɢɫɬɟɦɵ ɞɥɹ ɧɚɫɬɨɥɶɧɵɯ ɤɨɦɩɶɸɬɟɪɨɜ ɫɟɦɟɣɫɬɜɚ Windows, ɜɵɩɨɥɧɹɸɳɢɟ ɪɚɡɧɨɨɛɪɚɡɧɵɟ ɫɨɜɦɟɫɬɢɦɵɟ ɩɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɵɟ ɜɫɟ ɞɚɸɬ ɨɞɧɨ ɢ ɬɨ ɠɟ ɜɩɟɱɚɬɥɟɧɢɟ ɢ ɨɳɭɳɟɧɢɟ ɨɬ ɫɜɨɟɣ ɪɚɛɨɬɵ, ɢ ɩɨɷɬɨɦɭ ɧɟ ɬɪɟɛɭɸɬ, ɢɥɢ ɬɪɟɛɭɸɬ ɜ ɧɟɡɧɚɱɢɬɟɥɶɧɨɣ ɫɬɟɩɟɧɢ, ɩɟɪɟɩɨɞɝɨɬɨɜɤɢ ɞɥɹ ɫɜɨɟɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ; • ɫɟɬɟɜɵɟ ɨɩɟɪɚɰɢɨɧɧɵɟ ɫɢɫɬɟɦɵ ɫɟɦɟɣɫɬɜɚ Windows ɢɥɢ Novell, ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɧɚ ɫɟɪɜɟɪɧɵɯ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜɚɯ Intel ɢɥɢ ɜ ɝɢɛɪɢɞɧɨɣ ɫɪɟɞɟ ɫ ɨɞɧɢɦ ɩɨɫɬɚɜɳɢɤɨɦ NOS ɞɥɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɢ ɞɪɭɝɢɦ - ɞɥɹ ɫɟɪɜɟɪɨɜ ɩɪɢɥɨɠɟɧɢɣ ɢ ɱɥɟɧɨɜ ɫɢɫɬɟɦɵ. Ⱦɥɹ ɬɪɚɞɢɰɢɨɧɧɨɣ ɦɨɞɟɥɢ ɨɛɪɚɛɨɬɤɢ ɞɚɧɧɵɯ ɬɢɩɚ ɤɥɢɟɧɬ-ɫɟɪɜɟɪ, ɩɨɩɭɥɹɪɧɨɣ ɜ ɫɨɜɪɟɦɟɧɧɵɯ ɨɬɞɟɥɚɯ ɤɨɪɩɨɪɚɬɢɜɧɵɯ ɢɧɮɨɪɦɚɰɢɨɧɧɵɯ ɬɟɯɧɨɥɨɝɢɣ (IT), ɩɪɟɞɩɨɱɬɢɬɟɥɶɧɵ ɨɫɧɨɜɧɵɟ ɫɢɫɬɟɦɵ NOS. ȼɵɛɢɪɚɹ ɜɟɪɫɢɸ ɷɬɢɯ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦ ɬɚɤ, ɱɬɨɛɵ ɨɧɚ ɭɞɨɜɥɟɬɜɨɪɹɥɚ ɨɬɤɪɵɬɵɦ ɫɬɚɧɞɚɪɬɚɦ, ɦɨɠɧɨ ɩɨɥɭɱɢɬɶ ɭɫɩɟɲɧɭɸ ɝɟɬɟɪɨɝɟɧɧɭɸ ɫɪɟɞɭ ɨɛɪɚɛɨɬɤɢ ɞɚɧɧɵɯ. Windows 2000 Active Directory, Windows Server 2003 Active Directory, Novell Directory Services ɜ ɫɢɫɬɟɦɟ Novel Netware 5 ɢ ɛɨɥɟɟ ɩɨɡɞɧɢɟ ɨɫɧɨɜɚɧɵ ɧɚ ɚɪɯɢɬɟɤɬɭɪɟ ɨɬɤɪɵɬɨɝɨ ɫɬɚɧɞɚɪɬɚ ɞɥɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ; • ɞɨɦɟɧɧɚɹ ɫɢɫɬɟɦɚ ɢɦɟɧ (DNS) ɩɨɞ UNIX, ɩɪɨɬɨɤɨɥ DHCP (Dynamic Host Configuration Protocol - ɩɪɨɬɨɤɨɥ ɞɢɧɚɦɢɱɟɫɤɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɯɨɫɬɚ), ɛɪɚɧɞɦɚɭɷɪ/ɩɪɨɤɫɢ
•
(firewall/proxy) ɢɥɢ ɫɟɪɜɟɪ NAT (Network Address Translation - ɩɪɟɨɛɪɚɡɨɜɚɧɢɟ ɫɟɬɟɜɵɯ ɚɞɪɟɫɨɜ), ɜɵɩɨɥɧɹɸɳɢɣɫɹ ɧɚ ɫɟɪɜɟɪɧɵɯ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜɚɯ RISC. ɇɟɤɨɬɨɪɵɟ (ɢɥɢ ɜɫɟ) ɜɢɞɵ ɨɛɟɫɩɟɱɟɧɢɹ ɢɧɬɟɪɧɟɬ-ɜɡɚɢɦɨɞɟɣɫɬɜɢɣ ɧɚ ɩɪɟɞɩɪɢɹɬɢɢ ɦɨɝɭɬ ɩɨɞɞɟɪɠɢɜɚɬɶɫɹ UNIXɫɟɪɜɟɪɚɦɢ. Ɍɚɤ ɤɚɤ ɫɥɭɠɛɵ ɢɧɬɟɪɧɟɬɚ ɜɵɩɨɥɧɟɧɵ ɜ ɨɬɤɪɵɬɨɦ ɫɬɚɧɞɚɪɬɟ, ɬɨ ɧɟɬ ɧɢɤɚɤɨɝɨ ɨɫɧɨɜɚɧɢɹ ɬɪɟɛɨɜɚɬɶ, ɱɬɨɛɵ ɫɥɭɠɛɵ, ɩɨɞɞɟɪɠɢɜɚɸɳɢɟ ɞɨɫɬɭɩ ɤ ɢɧɬɟɪɧɟɬɭ, ɢɦɟɥɢ ɨɩɪɟɞɟɥɟɧɧɵɣ ɬɢɩ; ɮɚɣɥɵ ɩɨɞ Linux ɢɥɢ ɩɪɢɤɥɚɞɧɨɣ ɫɟɪɜɟɪ, ɜɵɩɨɥɧɹɸɳɢɣɫɹ ɧɚ ɫɟɪɜɟɪɟ ɫ ɦɥɚɞɲɟɣ ɦɨɞɟɥɶɸ Intel ɢɥɢ RISC. ɋɪɟɞɚ Linux, ɱɚɫɬɨ ɪɚɡɜɟɪɬɵɜɚɟɦɚɹ ɜ ɨɛɴɟɦɟ, ɧɭɠɧɨɦ ɞɥɹ ɪɚɡɪɚɛɨɬɤɢ ɢɥɢ ɬɟɫɬɢɪɨɜɚɧɢɹ, ɩɪɟɞɥɚɝɚɟɬ ɜɨɡɦɨɠɧɵɣ ɦɚɪɲɪɭɬ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɫɟɬɟɜɵɯ ɭɫɥɭɝ, ɧɟ ɹɜɥɹɸɳɢɯɫɹ ɤɪɢɬɢɱɟɫɤɢ ɜɚɠɧɵɦɢ ɢ ɨɬɜɟɬɫɬɜɟɧɧɵɦɢ. Ɍɚɤɚɹ Linux-ɫɪɟɞɚ ɛɵɥɚ ɛɵ ɞɨɫɬɭɩɧɚ ɬɟɦ, ɤɬɨ ɢɫɩɨɥɶɡɭɟɬ Windows-ɩɪɢɥɨɠɟɧɢɹ ɱɟɪɟɡ ɩɪɨɬɨɤɨɥ SMB (Server Message Block ɛɥɨɤ ɫɟɪɜɟɪɧɵɯ ɫɨɨɛɳɟɧɢɣ). Ʉɨɧɟɱɧɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɟ ɨɫɨɡɧɚɜɚɥ ɛɵ, ɱɬɨ ɷɬɢ ɪɟɫɭɪɫɵ ɧɚɯɨɞɹɬɫɹ ɧɟ ɧɚ Windows-ɫɟɪɜɟɪɟ.
(LDAP)
LDAP ɹɜɥɹɟɬɫɹ ɤɚɤ ɩɪɨɬɨɤɨɥɨɦ ɞɨɫɬɭɩɚ, ɬɚɤ ɢ ɦɨɞɟɥɶɸ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɜ Active Directory Windows Server 2003. Ʉɚɤ ɢɧɮɨɪɦɚɰɢɨɧɧɚɹ ɦɨɞɟɥɶ ɢɟɪɚɪɯɢɹ ɢɦɟɧ LDAP ɩɨɞɨɛɧɚ ɢɟɪɚɪɯɢɢ ɢɦɟɧ ɤɚɬɚɥɨɝɨɜ X.500/OSI. Ʉɚɤ ɩɪɨɝɪɚɦɦɧɵɣ ɢɧɬɟɪɮɟɣɫ ɩɪɢɥɨɠɟɧɢɹ (API) LDAP ɪɟɚɥɢɡɨɜɚɧ ɜ Active Directory Windows Server 2003 ɜ Wldap32.dll. Active Directory ɩɨɥɧɨɫɬɶɸ ɩɨɞɞɟɪɠɢɜɚɟɬ ɞɨɫɬɭɩ ɤ ɤɚɬɚɥɨɝɭ, ɢɫɩɨɥɶɡɭɹ ɫɨɛɫɬɜɟɧɧɵɟ ɡɚɩɪɨɫɵ LDAP ɢɥɢ ɢɫɩɨɥɶɡɭɹ ɢɧɬɟɪɮɟɣɫ ADSI ɋɈɆ (Component Object Model — ɦɨɞɟɥɶ ɤɨɦɩɨɧɟɧɬɧɵɯ ɨɛɴɟɤɬɨɜ). Ʉɚɤ ɩɪɨɬɨɤɨɥ ɞɨɫɬɭɩɚ LDAP ɨɩɪɟɞɟɥɟɧ ɜ ɤɨɦɩɥɟɤɬɟ TCP/IP ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɞɚɧɧɵɦ, ɧɚɯɨɞɹɳɢɦɫɹ ɜ LDAP-ɫɨɜɦɟɫɬɢɦɵɯ ɤɚɬɚɥɨɝɚɯ. Ʉɚɤ ɨɬɤɪɵɬɵɣ ɫɬɚɧɞɚɪɬ LDAP ɨɛɥɟɝɱɚɟɬ ɨɛɦɟɧ ɞɚɧɧɵɦɢ ɦɟɠɞɭ ɩɥɚɬɮɨɪɦɚɦɢ ɫ ɪɚɡɥɢɱɧɵɦɢ ɫɥɭɠɛɚɦɢ ɤɚɬɚɥɨɝɚ, ɨ ɱɟɦ ɝɨɜɨɪɢɬɫɹ ɞɚɥɟɟ ɜ ɪɚɡɞɟɥɟ «Ʉɥɸɱɟɜɵɟ ɮɭɧɤɰɢɢ ɢ ɩɪɟɢɦɭɳɟɫɬɜɚ ɫɥɭɠɛɵ Active Directory» ɜ ɷɬɨɣ ɝɥɚɜɟ. ɉɪɟɞɫɬɚɜɥɟɧɢɟ ɢɟɪɚɪɯɢɢ ɢɦɟɧ LDAP ɞɥɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɩɪɢɜɟɞɟɧɧɨɣ ɜ ɩɪɢɦɟɪɟ ɪɚɧɟɟ, ɞɚɟɬɫɹ ɤɚɤ: LDAP: // cn=Karen Friske, cn=Users, dc=Contoso, dc=com
ɂɫɩɨɥɶɡɭɹ ɷɬɨ ɫɨɝɥɚɲɟɧɢɹ ɨɛ ɢɦɟɧɚɯ, ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɦɨɝɭɬ ɛɨɥɟɟ ɬɨɱɧɨ ɫɫɵɥɚɬɶɫɹ ɧɚ ɨɛɴɟɤɬɵ ɢ ɨɛɪɚɳɚɬɶɫɹ ɤ ɨɛɴɟɤɬɚɦ ɜ ɩɪɟɞɟɥɚɯ ɫɥɭɠɛɵ LDAP-ɫɨɜɦɟɫɬɢɦɨɝɨ ɤɚɬɚɥɨɝɚ. LDAP-ɩɪɨɬɨɤɨɥ ɢ ɦɨɞɟɥɶ ɤɚɬɚɥɨɝɚ (ɧɨ ɧɟ ɫɢɧɬɚɤɫɢɫ ɢɦɟɧɨɜɚɧɢɹ) ɨɩɪɟɞɟɥɟɧ ɞɨɤɭɦɟɧɬɨɦ RFC 1777, ɤɨɬɨɪɵɣ ɞɨɫɬɭɩɟɧ ɧɚ ɫɚɣɬɟ http://www.faqs.org/rfcs/rfcl777.html. Ⱦɥɹ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ Active Directory, ɫɨɜɦɟɫɬɢɦɨɣ ɫ LDAP, ɢɫɩɨɥɶɡɭɣɬɟ LDAPɱɭɜɫɬɜɢɬɟɥɶɧɵɣ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ ɬɢɩɚ Ldp.exe, ɤɨɬɨɪɵɣ ɹɜɥɹɟɬɫɹ ɱɚɫɬɶɸ ɩɚɤɟɬɚ Suptools.msi, ɪɚɫɩɨɥɨɠɟɧɧɨɝɨ ɜ ɩɚɩɤɟ Support\Tools ɤɨɦɩɚɤɬ-ɞɢɫɤɚ ɩɪɨɞɭɤɬɚ Windows Server 2003. ɂɫɩɨɥɶɡɭɹ Ldp.exe, ɜɵ ɦɨɠɟɬɟ ɫɜɹɡɚɬɶɫɹ ɢɥɢ ɩɨɞɤɥɸɱɢɬɶɫɹ ɤ ɫɥɭɠɛɟ Active Directory ɩɨ ɟɟ ɧɨɦɟɪɭ UDP (User Datagram Protocol — ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɩɪɨɬɨɤɨɥ ɞɚɧɧɵɯ) ɩɨɪɬɚ ɢ ɩɨɤɚɡɚɬɶ ɨɬɨɛɪɚɠɚɟɦɨɟ LDȺɊ-ɢɦɹ ɤɚɠɞɨɝɨ ɚɬɪɢɛɭɬɚ, ɤɥɚɫɫɚ ɢ ɨɛɴɟɤɬɚ. ɑɬɨɛɵ ɩɨɞɤɥɸɱɢɬɶɫɹ ɤ Active Directory, ɢɫɩɨɥɶɡɭɹ Ldp.exe, ɢ ɨɬɨɛɪɚɡɢɬɶ ɚɬɪɢɛɭɬɵ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɨɛɴɟɤɬɨɜ, ɫɜɹɠɢɬɟɫɶ ɫ Active Directory, ɢɫɩɨɥɶɡɭɹ UDP ɩɨɪɬɚ 389, ɪɚɫɤɪɨɣɬɟ ɤɨɧɬɟɣɧɟɪ ɢɥɢ ɨɪɝɚɧɢɡɚɰɢɨɧɧɭɸ ɟɞɢɧɢɰɭ, ɚ ɡɚɬɟɦ ɞɜɚɠɞɵ ɳɟɥɤɧɢɬɟ ɧɚ ɨɩɪɟɞɟɥɟɧɧɨɦ ɧɚɡɜɚɧɢɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɇɚ ɪɢɫɭɧɤɟ 1-4 ɩɨɤɚɡɚɧɚ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɫ ɢɦɟɧɟɦ Karen Friske, ɤɨɬɨɪɭɸ ɦɨɠɧɨ ɭɜɢɞɟɬɶ ɱɟɪɟɡ ɢɧɫɬɪɭɦɟɧɬ Ldp.exe.
. 1-4.
Karen Friske,
Ldp.exe
Active Directory
ȼɵ ɦɨɠɟɬɟ ɫɩɪɨɫɢɬɶ: «Ɂɚɱɟɦ ɦɧɟ ɧɭɠɧɚ ɫɥɭɠɛɚ Active Directory?». ȿɫɥɢ ɜɵ ɡɚɢɧɬɟɪɟɫɨɜɚɧɵ ɜ ɜɵɩɨɥɧɟɧɢɢ ɧɚɢɛɨɥɟɟ ɫɢɥɶɧɨ ɢɧɬɟɝɪɢɪɨɜɚɧɧɨɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɞɥɹ Windows Server 2003, ɬɨ Active Directory ɹɜɥɹɟɬɫɹ ɥɨɝɢɱɧɵɦ ɜɵɛɨɪɨɦ. Ⱦɪɭɝɚɹ ɨɱɟɧɶ ɩɨɩɭɥɹɪɧɚɹ ɩɪɢɱɢɧɚ, ɩɨɞɬɚɥɤɢɜɚɸɳɚɹ ɤ ɪɟɚɥɢɡɚɰɢɢ ɫɥɭɠɛɵ Active Directory, ɫɨɫɬɨɢɬ ɜ ɩɨɞɞɟɪɠɤɟ Microsoft Exchange Server 2000. Exchange Server 2000 ɩɨɥɚɝɚɟɬɫɹ ɧɚ Active Directory ɞɥɹ ɫɜɨɟɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɩɨɷɬɨɦɭ ɦɧɨɝɢɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɪɟɚɥɢɡɭɸɬ Active Directory, ɱɬɨɛɵ ɦɨɞɟɪɧɢɡɢɪɨɜɚɬɶɫɹ ɞɨ Exchange Server 2000. ȼ ɷɬɨɦ ɪɚɡɞɟɥɟ ɨɩɢɫɚɧɨ ɧɟɫɤɨɥɶɤɨ ɤɥɸɱɟɜɵɯ ɮɭɧɤɰɢɣ ɢ ɩɪɟɢɦɭɳɟɫɬɜ ɫɥɭɠɛɵ Active Directory Windows Server 2003.
Active Directory ɹɜɥɹɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɨɣ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨɣ ɫɥɭɠɛɨɣ ɤɚɬɚɥɨɝɚ, ɤɨɬɨɪɚɹ ɦɨɠɟɬ ɛɵɬɶ ɪɟɚɥɢɡɨɜɚɧɚ ɜ ɩɪɟɞɟɥɚɯ ɩɪɟɞɩɪɢɹɬɢɹ. ɗɬɨ ɭɩɪɨɳɚɟɬ ɫɟɬɟɜɨɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ, ɩɨɫɤɨɥɶɤɭ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɧɟ ɞɨɥɠɧɵ ɫɨɟɞɢɧɹɬɶɫɹ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɤɚɬɚɥɨɝɚɦɢ, ɱɬɨɛɵ ɜɵɩɨɥɧɹɬɶ ɭɩɪɚɜɥɟɧɢɟ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ. Ⱦɪɭɝɚɹ ɜɵɝɨɞɚ ɨɬ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨɝɨ ɤɚɬɚɥɨɝɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɧ ɦɨɠɟɬ ɬɚɤɠɟ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɪɭɝɢɦɢ ɩɪɢɥɨɠɟɧɢɹɦɢ, ɬɚɤɢɦɢ ɤɚɤ Exchange Server 2000. ɗɬɨ ɭɩɪɨɳɚɟɬ ɩɨɥɧɨɟ ɫɟɬɟɜɨɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ, ɬɚɤ ɤɚɤ ɢɫɩɨɥɶɡɭɟɬɫɹ ɟɞɢɧɚɹ ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ ɞɥɹ ɜɫɟɯ ɩɪɢɥɨɠɟɧɢɣ.
ȼ ɨɩɪɟɞɟɥɟɧɧɨɦ ɦɟɫɬɟ ɥɟɫɚ (forest - ɥɨɝɢɱɟɫɤɢɣ ɤɨɦɩɨɧɟɧɬ ɪɟɚɥɢɡɚɰɢɢ Active Directory) Windows Server 2003 ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɜɨɣɬɢ ɜ ɫɟɬɶ ɫ ɩɨɦɨɳɶɸ ɢɞɟɧɬɢɮɢɤɚɰɢɢ ɨɫɧɨɜɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɢɦɟɧ (UPN -User Principal Name), ɧɚɩɪɢɦɟɪ, [email protected]. ɉɨɫɥɟ ɭɫɩɟɲɧɨɣ ɢɞɟɧɬɢɮɢɤɚɰɢɢ ɢɦ ɛɭɞɟɬ ɩɪɟɞɨɫɬɚɜɥɟɧ ɞɨɫɬɭɩ ɤɨ ɜɫɟɦ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ, ɞɥɹ ɤɨɬɨɪɵɯ ɢɦ ɛɵɥɨ ɞɚɧɨ ɪɚɡɪɟɲɟɧɢɟ, ɛɟɡ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɪɟɝɢɫɬɪɢɪɨɜɚɬɶɫɹ ɫɧɨɜɚ ɧɚ ɪɚɡɥɢɱɧɵɯ ɫɟɪɜɟɪɚɯ ɢɥɢ ɞɨɦɟɧɚɯ. ɂɦɹ UPN ɹɜɥɹɟɬɫɹ ɨɛɹɡɚɬɟɥɶɧɵɦ ɚɬɪɢɛɭɬɨɦ ɨɛɴɟɤɬɚ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ Active Directory, ɢ ɨɧɨ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɜ Active Directory, ɤɨɝɞɚ ɫɨɡɞɚɟɬɫɹ ɧɨɜɚɹ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ.
Ɉɞɧɨ ɢɡ ɨɝɪɚɧɢɱɟɧɢɣ ɛɚɡɵ ɞɚɧɧɵɯ Windows NT 4 SAM ɫɨɫɬɨɹɥɨ ɜ ɬɨɦ, ɱɬɨ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɚɜɚ ɛɵɥɢ ɞɨɫɬɭɩɧɵ ɬɨɥɶɤɨ ɜ ɜɢɞɟ «ɜɫɟ ɢɥɢ ɧɢɱɟɝɨ». ɑɬɨɛɵ ɞɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ ɥɸɛɭɸ ɫɬɟɩɟɧɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɩɪɚɜ ɬɪɟɛɨɜɚɥɨɫɶ, ɱɬɨɛɵ ɜɵ ɫɞɟɥɚɥɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɱɥɟɧɨɦ ɝɪɭɩɩɵ Domain Admins. ɗɬɨɬ ɭɪɨɜɟɧɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɩɪɚɜ ɞɚɜɚɥ ɩɨɥɶɡɨɜɚɬɟɥɸ, ɩɨ ɫɭɳɟɫɬɜɭ, ɛɟɡɝɪɚɧɢɱɧɭɸ ɜɥɚɫɬɶ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ, ɜɤɥɸɱɚɹ ɩɪɚɜɨ ɭɞɚɥɹɬɶ ɞɪɭɝɢɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɡ ɝɪɭɩɩɵ Domain Admins. Ɍɚɤɨɣ ɦɟɬɨɞ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɮɭɧɤɰɢɣ ɧɟ ɛɵɥ ɛɟɡɨɩɚɫɧɵɦ. ɋ ɞɪɭɝɨɣ ɫɬɨɪɨɧɵ, Active Directory ɩɪɟɞɨɫɬɚɜɥɹɟɬ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ ɜɨɡɦɨɠɧɨɫɬɶ ɞɟɥɟɝɢɪɨɜɚɬɶ
ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɚɜɚ. ɂɫɩɨɥɶɡɭɹ ɦɚɫɬɟɪ Delegation Of Control Wizard (Ⱦɟɥɟɝɢɪɨɜɚɧɢɟ ɭɩɪɚɜɥɟɧɢɹ) ɢɥɢ ɭɫɬɚɧɚɜɥɢɜɚɹ ɨɩɪɟɞɟɥɟɧɧɵɟ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɨɛɴɟɤɬɵ Active Directory, ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɦɨɝɭɬ ɩɪɟɞɥɚɝɚɬɶ ɬɨɧɤɨ ɧɚɫɬɪɨɟɧɧɵɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɚɜɚ. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɧɚɡɧɚɱɢɬɶ ɨɩɪɟɞɟɥɟɧɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɟ ɩɪɚɜɨ ɫɛɪɚɫɵɜɚɬɶ ɩɚɪɨɥɢ ɜ ɞɨɦɟɧɟ, ɧɨ ɧɟ ɫɨɡɞɚɜɚɬɶ, ɭɞɚɥɹɬɶ ɢɥɢ ɤɚɤ-ɥɢɛɨ ɢɡɦɟɧɹɬɶ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɨɛɴɟɤɬ.
ȿɫɬɶ ɧɟɫɤɨɥɶɤɨ ɫɩɨɫɨɛɨɜ, ɤɨɬɨɪɵɦɢ ɜɵ ɦɨɠɟɬɟ ɩɨɥɭɱɢɬɶ ɜɵɝɨɞɭ ɨɬ ɢɧɬɟɝɪɚɰɢɢ ɦɟɠɞɭ Active Directory ɢ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɨɣ. Ɉɞɢɧ ɢɡ ɩɭɬɟɣ ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɢɧɬɟɪɮɟɣɫɚ ɨɛɳɟɝɨ ɭɩɪɚɜɥɟɧɢɹ — ɤɨɧɫɨɥɢ ɭɩɪɚɜɥɟɧɢɹ Microsoft (ɆɆɋ — Microsoft Management Console). ɉɪɢ ɜɡɚɢɦɨɞɟɣɫɬɜɢɢ ɫ Active Directory ɱɟɪɟɡ ɝɪɚɮɢɱɟɫɤɢɣ ɢɧɬɟɪɮɟɣɫ ɩɨɥɶɡɨɜɚɬɟɥɹ ɆɆɋ ɜɫɟ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ ɭɩɪɚɜɥɟɧɢɹ ɞɚɸɬ ɫɨɝɥɚɫɭɸɳɟɟɫɹ ɞɪɭɝ ɫ ɞɪɭɝɨɦ ɜɩɟɱɚɬɥɟɧɢɟ ɢ ɨɳɭɳɟɧɢɟ ɨɬ ɢɯ ɢɫɩɨɥɶɡɨɜɚɧɢɹ. Ⱦɥɹ Active Directory ɷɬɢ ɫɪɟɞɫɬɜɚ ɜɤɥɸɱɚɸɬ Active Directory Users And Computers (Active Directory: ɩɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ), Active Directory Domains And Trusts (Active Directory: ɞɨɦɟɧɵ ɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ) ɢ Active Directory Sites And Services (Active Directory: ɫɚɣɬɵ ɢ ɫɥɭɠɛɵ). Ɉɫɧɚɫɬɤɢ ɆɆɋ ɮɭɧɤɰɢɨɧɢɪɭɸɬ ɬɚɤ ɠɟ, ɤɚɤ ɜɫɟ ɞɪɭɝɢɟ ɫɪɟɞɫɬɜɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Windows Server 2003, ɧɚɩɪɢɦɟɪ, ɨɫɧɚɫɬɤɢ DHCP ɢ DNS.
ɋɥɭɠɛɚ Active Directory ɪɚɛɨɬɚɟɬ ɪɭɤɚ ɨɛ ɪɭɤɭ ɫ ɩɨɞɫɢɫɬɟɦɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ Windows Server 2003 ɩɪɢ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɛɟɡɨɩɚɫɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɨɛɟɫɩɟɱɟɧɢɢ ɡɚɳɢɬɵ ɨɛɳɟɞɨɫɬɭɩɧɵɯ ɫɟɬɟɜɵɯ ɪɟɫɭɪɫɨɜ. ɋɟɬɟɜɚɹ ɡɚɳɢɬɚ ɜ ɫɟɬɢ Windows Server 2003 ɧɚɱɢɧɚɟɬɫɹ ɫ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɜɨ ɜɪɟɦɹ ɪɟɝɢɫɬɪɚɰɢɢ. Ɉɩɟɪɚɰɢɨɧɧɚɹ ɫɢɫɬɟɦɚ Windows Server 2003 ɩɨɞɞɟɪɠɢɜɚɟɬ ɞɜɚ ɩɪɨɬɨɤɨɥɚ ɞɥɹ ɫɟɬɟɜɨɣ ɢɞɟɧɬɢɮɢɤɚɰɢɢ ɜɧɭɬɪɢ ɢ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ Windows Server 2003: ɩɪɨɬɨɤɨɥ Kerberos v5 ɢ ɩɪɨɬɨɤɨɥ NT LAN Manager (NTLM). ɉɪɨɬɨɤɨɥ Kerberos ɹɜɥɹɟɬɫɹ ɡɚɞɚɧɧɵɦ ɩɨ ɭɦɨɥɱɚɧɢɸ ɚɭɬɟɧɬɢɮɢɤɚɰɢɨɧɧɵɦ ɩɪɨɬɨɤɨɥɨɦ ɞɥɹ ɤɥɢɟɧɬɨɜ, ɜɨɲɟɞɲɢɯ ɜ ɫɢɫɬɟɦɭ ɫ ɤɥɢɟɧɬɫɤɢɯ ɤɨɦɩɶɸɬɟɪɨɜ, ɪɚɛɨɬɚɸɳɢɯ ɩɨɞ ɭɩɪɚɜɥɟɧɢɟɦ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦ Windows 2000 Professional ɢɥɢ Microsoft Windows XP Professional. ɉɨɥɶɡɨɜɚɬɟɥɢ, ɜɨɲɟɞɲɢɟ ɜ ɫɢɫɬɟɦɭ ɫ ɤɥɢɟɧɬɫɤɢɯ ɤɨɦɩɶɸɬɟɪɨɜ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ (Windows NT 4, Microsoft Windows 98 ɢɥɢ ɛɨɥɟɟ ɪɚɧɧɢɯ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦ) ɢɫɩɨɥɶɡɭɸɬ ɞɥɹ ɫɟɬɟɜɨɣ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɩɪɨɬɨɤɨɥ NTLM. ɉɪɨɬɨɤɨɥ NTLM ɬɚɤɠɟ ɢɫɩɨɥɶɡɭɟɬɫɹ ɤɥɢɟɧɬɚɦɢ ɫɢɫɬɟɦ Windows XP Professional ɢ Windows 2000, ɤɨɝɞɚ ɨɧɢ ɜɯɨɞɹɬ ɧɚ ɫɟɪɜɟɪɚ, ɪɚɛɨɬɚɸɳɢɟ ɩɨɞ ɭɩɪɚɜɥɟɧɢɟɦ Windows NT 4, ɢɥɢ ɧɚ ɚɜɬɨɧɨɦɧɵɟ ɤɨɦɩɶɸɬɟɪɵ ɫ ɫɢɫɬɟɦɚɦɢ Windows 2000 ɢɥɢ Windows Server 2003. ɋɥɭɠɛɚ Active Directory ɬɚɤɠɟ ɹɜɥɹɟɬɫɹ ɜɚɠɧɨɣ ɫɨɫɬɚɜɥɹɸɳɟɣ ɱɚɫɬɶɸ ɜ ɦɨɞɟɥɢ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ Windows Server 2003. Ʉɨɝɞɚ ɛɟɡɨɩɚɫɧɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɞɨɦɟɧ Windows Server 2003, ɩɨɞɫɢɫɬɟɦɚ ɡɚɳɢɬɵ ɜɦɟɫɬɟ ɫ Active Directory ɫɨɡɞɚɟɬ ɥɟɤɫɟɦɭ ɞɨɫɬɭɩɚ, ɤɨɬɨɪɚɹ ɫɨɞɟɪɠɢɬ ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɡɚɳɢɬɵ (SID - Security Identifier) ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɚ ɬɚɤɠɟ ɢɞɟɧɬɢɮɢɤɚɬɨɪɵ SID ɜɫɟɯ ɝɪɭɩɩ, ɱɥɟɧɨɦ ɤɨɬɨɪɵɯ ɹɜɥɹɟɬɫɹ ɞɚɧɧɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ. ɂɞɟɧɬɢɮɢɤɚɬɨɪ SID ɹɜɥɹɟɬɫɹ ɚɬɪɢɛɭɬɨɦ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɨɛɴɟɤɬɚ ɜ Active Directory. Ɂɚɬɟɦ ɥɟɤɫɟɦɚ ɞɨɫɬɭɩɚ ɫɪɚɜɧɢɜɚɟɬɫɹ ɫ ɞɟɫɤɪɢɩɬɨɪɨɦ ɡɚɳɢɬɵ ɧɚ ɪɟɫɭɪɫɟ, ɢ, ɟɫɥɢ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɫɨɨɬɜɟɬɫɬɜɢɟ, ɬɨ ɩɨɥɶɡɨɜɚɬɟɥɸ ɩɪɟɞɨɫɬɚɜɥɹɟɬɫɹ ɬɪɟɛɭɟɦɵɣ ɭɪɨɜɟɧɶ ɞɨɫɬɭɩɚ.
ɉɨɫɤɨɥɶɤɭ ɨɪɝɚɧɢɡɚɰɢɹ ɩɨɫɬɟɩɟɧɧɨ ɪɚɫɬɟɬ ɜ ɩɪɨɰɟɫɫɟ ɛɢɡɧɟɫɚ, ɥɢɛɨ ɷɬɨ ɩɪɨɢɫɯɨɞɢɬ ɛɵɫɬɪɨ, ɱɟɪɟɡ ɪɹɞ ɫɥɢɹɧɢɣ ɫ ɞɪɭɝɢɦɢ ɤɨɦɩɚɧɢɹɦɢ ɢ ɜ ɪɟɡɭɥɶɬɚɬɟ ɩɪɢɨɛɪɟɬɟɧɢɣ, ɫɥɭɠɛɚ Active Directory ɫɩɪɨɟɤɬɢɪɨɜɚɧɚ ɦɚɫɲɬɚɛɢɪɭɟɦɨɣ, ɞɥɹ ɬɨɝɨ ɱɬɨɛɵ ɫɩɪɚɜɥɹɬɶɫɹ ɫ ɷɬɢɦ ɪɨɫɬɨɦ. ȼɵ ɦɨɠɟɬɟ ɪɚɫɲɢɪɢɬɶ ɪɚɡɦɟɪ ɞɨɦɟɧɧɨɣ ɦɨɞɟɥɢ ɢɥɢ ɩɪɨɫɬɨ ɞɨɛɚɜɢɬɶ ɛɨɥɶɲɟ ɫɟɪɜɟɪɨɜ, ɱɬɨɛɵ ɩɪɢɫɩɨɫɨɛɢɬɶɫɹ ɤ ɩɨɬɪɟɛɧɨɫɬɹɦ ɭɜɟɥɢɱɟɧɢɹ ɨɛɴɟɦɚ. Ʌɸɛɵɟ ɢɡɦɟɧɟɧɢɹ ɜ ɢɧɮɪɚɫɬɪɭɤɬɭɪɟ Active Directory ɞɨɥɠɧɵ ɛɵɬɶ ɬɳɚɬɟɥɶɧɨ ɪɟɚɥɢɡɨɜɚɧɵ ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɩɪɨɟɤɬɨɦ Active Directory, ɤɨɬɨɪɵɣ ɩɪɟɞɭɫɦɚɬɪɢɜɚɟɬ ɬɚɤɨɣ ɪɨɫɬ. Ɉɬɞɟɥɶɧɵɣ ɞɨɦɟɧ, ɩɪɟɞɫɬɚɜɥɹɸɳɢɣ ɫɚɦɵɣ ɦɚɥɟɧɶɤɢɣ ɪɚɡɞɟɥ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ Active Directory, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɧɚ ɟɞɢɧɫɬɜɟɧɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɦɨɠɟɬ ɩɨɞɞɟɪɠɢɜɚɬɶ ɛɨɥɟɟ ɨɞɧɨɝɨ ɦɢɥɥɢɨɧɚ ɨɛɴɟɤɬɨɜ, ɬɚɤ ɱɬɨ ɦɨɞɟɥɶ ɨɬɞɟɥɶɧɨɝɨ ɞɨɦɟɧɚ ɩɨɞɯɨɞɢɬ ɞɚɠɟ ɞɥɹ ɛɨɥɶɲɢɯ ɨɪɝɚɧɢɡɚɰɢɣ.
Active Directory Windows Server 2003
ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɤɥɸɱɟɜɵɦ ɮɭɧɤɰɢɹɦ Active Directory, ɭɩɨɦɹɧɭɬɵɦ ɜɵɲɟ, ɢɦɟɸɬɫɹ ɧɟɫɤɨɥɶɤɨ ɧɨɜɵɯ ɮɭɧɤɰɢɣ, ɤɨɬɨɪɵɟ ɞɨɛɚɜɥɟɧɵ ɤ ɫɥɭɠɛɟ Active Directory ɜ Windows Server 2003. ȼ ɫɥɟɞɭɸɳɟɦ ɪɚɡɞɟɥɟ ɞɚɟɬɫɹ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɧɨɜɨɜɜɟɞɟɧɢɣ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ Windows Server 2003. Ȼɨɥɟɟ ɩɨɥɧɨ ɨɧɢ ɪɚɫɫɦɚɬɪɢɜɚɸɬɫɹ ɜ ɫɥɟɞɭɸɳɢɯ ɝɥɚɜɚɯ.
Active Directory Users And Computers
ɂɦɟɟɬɫɹ ɞɜɚ ɩɪɢɹɬɧɵɯ ɢɡɦɟɧɟɧɢɹ ɜ ɨɫɧɚɫɬɤɟ Active Directory Users And Computers (Active Directory: ɩɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ). ȼ Windows Server 2003 ɷɬɚ ɨɫɧɚɫɬɤɚ ɩɨɡɜɨɥɹɟɬ ɚɞɦɢɧɢɫɬɪɚɬɨɪɭ ɫɨɯɪɚɧɹɬɶ ɡɚɩɪɨɫɵ. Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɦɨɝɭɬ ɞɟɥɚɬɶ ɩɨɢɫɤ ɜ ɤɚɬɚɥɨɝɟ ɩɨ ɨɩɪɟɞɟɥɟɧɧɨɦɭ ɚɬɪɢɛɭɬɭ, ɫɨɯɪɚɧɹɬɶ ɡɚɩɪɨɫ, ɚ ɡɚɬɟɦ ɜɵɩɨɥɧɹɬɶ ɟɝɨ ɫɧɨɜɚ ɜ ɛɭɞɭɳɟɦ ɞɥɹ ɚɧɚɥɢɡɚ ɢɥɢ ɩɨɢɫɤɚ ɧɟɢɫɩɪɚɜɧɨɫɬɟɣ. ɇɚɩɪɢɦɟɪ, ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɦɨɠɟɬ ɫɨɯɪɚɧɹɬɶ ɪɟɡɭɥɶɬɚɬɵ ɩɨɢɫɤɚ ɥɸɛɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɨɛɴɟɤɬɚ, ɤɨɬɨɪɵɣ ɢɦɟɟɬ ɩɚɪɨɥɶ ɫ ɧɟɨɝɪɚɧɢɱɟɧɧɵɦ ɜɪɟɦɟɧɟɦ ɞɟɣɫɬɜɢɹ (Account Options: Password Never Expires - ɨɩɰɢɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ: ɩɚɪɨɥɶ ɫ ɧɟɨɝɪɚɧɢɱɟɧɧɵɦ ɜɪɟɦɟɧɟɦ ɞɟɣɫɬɜɢɹ), ɚ ɡɚɬɟɦ ɩɟɪɢɨɞɢɱɟɫɤɢ ɩɨɥɶɡɨɜɚɬɶɫɹ ɷɬɢɦ ɩɨɢɫɤɨɦ, ɱɬɨɛɵ ɫɥɟɞɢɬɶ ɡɚ ɧɚɥɢɱɢɟɦ ɬɚɤɨɝɨ ɩɚɪɨɥɹ, ɩɪɟɞɫɬɚɜɥɹɸɳɟɝɨ ɩɨɬɟɧɰɢɚɥɶɧɵɣ ɪɢɫɤ ɞɥɹ ɛɟɡɨɩɚɫɧɨɫɬɢ. Ɉɫɧɚɫɬɤɚ Active Directory Users And Computers ɩɨɡɜɨɥɹɟɬ ɚɞɦɢɧɢɫɬɪɚɬɨɪɭ ɪɟɞɚɤɬɢɪɨɜɚɬɶ ɧɟɫɤɨɥɶɤɨ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɨɛɴɟɤɬɨɜ ɨɞɧɨɜɪɟɦɟɧɧɨ. ȼ ɩɪɢɦɟɪɟ, ɭɩɨɦɹɧɭɬɨɦ ɜɵɲɟ, ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɫɞɟɥɚɥ ɩɨɢɫɤ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɢɦɟɸɳɢɯ ɩɚɪɨɥɢ ɫ ɧɟɨɝɪɚɧɢɱɟɧɧɵɦ ɜɪɟɦɟɧɟɦ ɞɟɣɫɬɜɢɹ, ɜɫɟ ɷɬɢ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɦɨɠɧɨ ɨɬɤɪɵɬɶ ɢ ɢɡɦɟɧɢɬɶ ɷɬɨɬ ɚɬɪɢɛɭɬ ɞɥɹ ɜɫɟɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɨɞɧɨɜɪɟɦɟɧɧɨ.
Active Directory Windows Server 2003 ɜɜɨɞɢɬ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɭɪɨɜɧɢ ɞɨɦɟɧɚ ɢ ɥɟɫɚ, ɤɨɬɨɪɵɟ ɨɛɟɫɩɟɱɢɜɚɸɬ ɨɛɪɚɬɧɭɸ ɫɨɜɦɟɫɬɢɦɨɫɬɶ ɞɥɹ ɞɨɦɟɧɨɜ, ɫɨɞɟɪɠɚɳɢɯ ɧɢɡɤɨɭɪɨɜɧɟɜɵɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. ɂɦɟɣɬɟ ɜ ɜɢɞɭ, ɱɬɨ ɜɵ ɞɨɥɠɧɵ ɛɭɞɟɬɟ ɩɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ ɢɥɢ ɥɟɫɚ, ɱɬɨɛɵ ɪɟɚɥɢɡɨɜɚɬɶ ɦɧɨɝɢɟ ɞɪɭɝɢɟ ɢɡɦɟɧɟɧɢɹ ɜ Active Directory ɞɥɹ Windows Server 2003. Ɇɧɨɝɢɟ ɢɡ ɧɨɜɵɯ ɮɭɧɤɰɢɣ ɬɪɟɛɭɸɬ ɫɟɬɟɜɨɣ ɫɪɟɞɵ, ɜ ɤɨɬɨɪɨɣ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɢɦɟɸɬ ɨɩɟɪɚɰɢɨɧɧɭɸ ɫɢɫɬɟɦɭ Windows Server 2003. . Windows Server 2003, NOS, , Windows NT 4 Windows 2000. Ɏɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ ɢ ɥɟɫɚ, ɡɚɞɚɧɧɵɣ ɩɨ ɭɦɨɥɱɚɧɢɸ, — «Windows 2000» (ɞɥɹ ɞɨɦɟɧɚ — «Windows 2000 mixed»). ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɩɪɢ ɭɫɬɚɧɨɜɤɟ Active Directory ɤɨɧɮɢɝɭɪɢɪɭɟɬɫɹ ɬɚɤ, ɱɬɨɛɵ ɢɫɩɨɥɶɡɨɜɚɥɢɫɶ ɬɨɥɶɤɨ ɬɟ ɧɨɜɵɟ ɮɭɧɤɰɢɢ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɩɨɞɞɟɪɠɢɜɚɬɶɫɹ ɤɨɦɛɢɧɚɰɢɟɣ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɫ Windows Server 2003 ɢ Windows Server 2000. ɑɬɨɛɵ ɜɨɫɩɨɥɶɡɨɜɚɬɶɫɹ ɩɪɟɢɦɭɳɟɫɬɜɚɦɢ ɧɨɜɵɯ ɮɭɧɤɰɢɣ ɫɥɭɠɛɵ Active Directory, ɭɪɨɜɟɧɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɜɨɡɦɨɠɧɨɫɬɟɣ ɞɨɥɠɟɧ ɛɵɬɶ ɩɨɞɧɹɬ ɤ ɭɪɨɜɧɸ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ Windows Server 2003 ɤɚɤ ɦɨɠɧɨ ɫɤɨɪɟɟ, ɬ.ɟ. ɜ ɞɨɦɟɧɟ ɧɟ ɞɨɥɠɧɨ ɨɫɬɚɬɶɫɹ ɧɢ ɨɞɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɸɬɫɹ ɫɢɫɬɟɦɵ Windows 2000 ɢɥɢ Windows NT 4. . Active Directory Windows Server 2003 mixed-mode ( ) native-mode ( ) Windows 2000. Windows Server 2003 Microsoft Active Directory, Active Directory. . . . 2-1 2-2.
Active Directory ɬɟɩɟɪɶ ɩɨɞɞɟɪɠɢɜɚɟɬ ɩɟɪɟɢɦɟɧɨɜɚɧɢɟ ɫɭɳɟɫɬɜɭɸɳɢɯ ɞɨɦɟɧɨɜ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ ɩɪɢ ɫɨɯɪɚɧɟɧɢɢ ɝɥɨɛɚɥɶɧɨ ɭɧɢɤɚɥɶɧɨɝɨ ɢɞɟɧɬɢɮɢɤɚɬɨɪɚ (GUID — Globally Unique Identifier) ɢ
ɢɞɟɧɬɢɮɢɤɚɬɨɪɚ ɡɚɳɢɬɵ (SID - Security Identifier) ɞɨɦɟɧɚ. ȿɫɬɶ ɧɟɫɤɨɥɶɤɨ ɫɰɟɧɚɪɢɟɜ, ɜ ɤɨɬɨɪɵɯ ɷɬɨ ɫɜɨɣɫɬɜɨ ɩɨɥɟɡɧɨ, ɜɤɥɸɱɚɹ ɫɥɢɹɧɢɟ ɞɜɭɯ ɨɪɝɚɧɢɡɚɰɢɣ, ɢɦɟɸɳɢɯ ɨɬɞɟɥɶɧɵɟ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ Active Directory, ɤɨɬɨɪɵɟ ɯɨɬɹɬ ɨɛɴɟɞɢɧɢɬɶɫɹ ɩɨɞ ɨɞɧɢɦ ɢɦɟɧɟɦ ɞɨɦɟɧɚ, ɨɬɪɚɠɚɸɳɢɦ ɢɯ ɜɧɟɲɧɟɟ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ. ɉɟɪɟɢɦɟɧɨɜɚɧɢɟ ɞɨɦɟɧɨɜ ɧɟ ɹɜɥɹɟɬɫɹ ɬɪɢɜɢɚɥɶɧɨɣ ITɩɪɨɰɟɞɭɪɨɣ. ɗɬɨ ɞɟɣɫɬɜɢɟ ɪɚɡɪɭɲɢɬɟɥɶɧɨ ɫ ɬɨɱɤɢ ɡɪɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɫɟɬɢ, ɞɥɹ ɡɚɜɟɪɲɟɧɢɹ ɨɩɟɪɚɰɢɢ ɤɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢ ɤɚɠɞɵɣ ɫɟɪɜɟɪ ɞɨɦɟɧɚ ɞɨɥɠɧɵ ɛɵɬɶ ɩɟɪɟɡɚɝɪɭɠɟɧɵ.
ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɪɚɡɞɟɥɚɦ ɞɨɦɟɧɚ ɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ (ɜɤɥɸɱɚɹ ɪɚɡɞɟɥ ɫɯɟɦɵ ɤɚɬɚɥɨɝɚ) Active Directory ɬɟɩɟɪɶ ɩɨɞɞɟɪɠɢɜɚɟɬ ɪɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ. Ɋɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɯɪɚɧɟɧɢɹ ɫɩɟɰɢɮɢɱɟɫɤɨɣ ɞɥɹ ɩɪɢɥɨɠɟɧɢɹ ɢɧɮɨɪɦɚɰɢɢ ɜ ɨɬɞɟɥɶɧɨɦ ɪɚɡɞɟɥɟ, ɤɨɬɨɪɵɣ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɬɨɥɶɤɨ ɧɚ ɬɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɦ ɬɪɟɛɭɟɬɫɹ ɨɛɧɨɜɥɟɧɢɟ ɷɬɢɯ ɞɚɧɧɵɯ. ɗɬɨ ɭɦɟɧɶɲɚɟɬ ɩɨɥɧɵɣ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ Active Directory. Ɂɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɪɟɚɥɢɡɚɰɢɹ ɪɚɡɞɟɥɚ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ Active Directory, ɨɛɴɟɞɢɧɟɧɧɭɸ ɫ ɡɨɧɚɦɢ DNS. Ɋɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɬɟɩɟɪɶ ɹɜɥɹɟɬɫɹ ɡɚɞɚɧɧɵɦ ɩɨ ɭɦɨɥɱɚɧɢɸ ɯɪɚɧɢɥɢɳɟɦ ɞɥɹ Active Directory, ɨɛɴɟɞɢɧɟɧɧɨɣ ɫ ɡɨɧɚɦɢ DNS. ɗɬɚ ɤɨɧɮɢɝɭɪɚɰɢɹ ɩɪɢɜɨɞɢɬ ɤ ɬɨɦɭ, ɱɬɨ ɞɚɧɧɵɟ ɡɨɧ DNS ɪɟɩɥɢɰɢɪɭɸɬɫɹ ɬɨɥɶɤɨ ɜ ɧɚɛɨɪ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɬɚɤɠɟ ɹɜɥɹɸɬɫɹ DNSɫɟɪɜɟɪɚɦɢ, ɜɤɥɸɱɚɹ DNS-ɫɟɪɜɟ-ɪɵ ɞɪɭɝɢɯ ɞɨɦɟɧɨɜ ɜ ɥɟɫɭ. Ɋɚɡɪɚɛɨɬɱɢɤɢ ɩɪɢɥɨɠɟɧɢɣ ɦɨɝɭɬ ɩɢɫɚɬɶ ɪɚɫɩɪɟɞɟɥɟɧɧɵɟ ɩɪɢɥɨɠɟɧɢɹ, ɢɫɩɨɥɶɡɭɹ ɷɬɭ ɜɨɡɦɨɠɧɨɫɬɶ ɬɚɤ, ɱɬɨɛɵ ɢɯ ɩɪɢɥɨɠɟɧɢɹ ɯɪɚɧɢɥɢ ɫɜɨɢ ɞɚɧɧɵɟ ɜ ɪɚɡɞɟɥɟ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ.
, ɗɬɚ ɧɨɜɚɹ ɮɭɧɤɰɢɹ ɹɜɥɹɟɬɫɹ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɢɟɦ ɤ ɩɪɨɰɟɫɫɭ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. ȼ ɫɢɫɬɟɦɟ Windows 2000 ɩɪɢ ɭɫɬɚɧɨɜɤɟ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɦɨɝɥɨ ɩɨɬɪɟɛɨɜɚɬɶɫɹ ɨɱɟɧɶ ɦɧɨɝɨ ɜɪɟɦɟɧɢ (ɨɬ ɧɟɫɤɨɥɶɤɢɯ ɱɚɫɨɜ ɞɨ ɧɟɫɤɨɥɶɤɢɯ ɞɧɟɣ) ɧɚ ɡɚɜɟɪɲɟɧɢɟ ɧɚɱɚɥɶɧɨɣ ɪɟɩɥɢɤɚɰɢɢ ɪɚɡɞɟɥɨɜ ɤɚɬɚɥɨɝɚ, ɨɫɨɛɟɧɧɨ ɞɥɹ ɛɨɥɶɲɢɯ ɪɚɡɞɟɥɨɜ ɤɚɬɚɥɨɝɚ ɢɥɢ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɫɨɟɞɢɧɟɧɧɵɯ ɦɟɞɥɟɧɧɵɦɢ ɥɢɧɢɹɦɢ ɫɜɹɡɢ. ɉɪɨɰɟɫɫ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɞɥɹ Windows Server 2003 ɬɟɩɟɪɶ ɩɨɞɞɟɪɠɢɜɚɟɬ ɫɨɡɞɚɧɢɟ ɪɚɡɞɟɥɨɜ ɤɚɬɚɥɨɝɚ ɢɡ ɧɟɞɚɜɧɟɣ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɞɚɧɧɵɯ System State (ɋɨɫɬɨɹɧɢɟ ɫɢɫɬɟɦɵ) ɫ ɞɪɭɝɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ Windows Server 2003. Ɍɚɤ ɤɚɤ ɤ ɞɚɧɧɵɦ ɤɚɬɚɥɨɝɚ ɨɛɪɚɳɚɸɬɫɹ ɫ ɦɟɫɬɧɨɝɨ ɞɢɫɤɚ, ɚ ɧɟ ɱɟɪɟɡ ɪɟɩɥɢɤɚɰɢɸ ɩɨ ɫɟɬɢ, ɷɬɨɬ ɩɪɨɰɟɫɫ ɫɢɥɶɧɨ ɭɫɤɨɪɹɟɬɫɹ.
ȼ Windows Server 2003 ɫɟɬɟɜɵɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɢɦɟɸɬ ɜɨɡɦɨɠɧɨɫɬɶ «ɞɟɡɚɤɬɢɜɢɪɨɜɚɬɶ», ɢɥɢ ɜɵɤɥɸɱɢɬɶ, ɤɥɚɫɫɵ, ɫɯɟɦɵ ɢ ɚɬɪɢɛɭɬɵ. ȼ ɪɟɡɭɥɶɬɚɬɟ ɜɵ ɦɨɠɟɬɟ ɩɟɪɟɨɩɪɟɞɟɥɹɬɶ ɚɬɪɢɛɭɬɵ ɢ ɤɥɚɫɫɵ ɜɦɟɫɬɨ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɫɨɡɞɚɜɚɬɶ ɧɨɜɵɣ ɚɬɪɢɛɭɬ ɢɥɢ ɤɥɚɫɫ ɜ ɫɥɭɱɚɟ ɨɲɢɛɤɢ ɜ ɨɩɪɟɞɟɥɟɧɢɢ ɤɚɤɨɝɨ-ɥɢɛɨ ɩɨɫɬɨɹɧɧɨɝɨ ɫɜɨɣɫɬɜɚ. ɉɪɟɞɩɨɥɨɠɢɦ, ɱɬɨ ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɪɟɲɚɟɬ ɪɚɫɲɢɪɢɬɶ ɫɯɟɦɭ, ɱɬɨɛɵ ɜɤɥɸɱɢɬɶ ɜ ɧɟɟ ɚɬɪɢɛɭɬ «Ɋɚɡɦɟɪ ɨɛɭɜɢ» ɨɛɴɟɤɬɚ ɤɥɚɫɫɚ «ɉɨɥɶɡɨɜɚɬɟɥɶ», ɢ ɧɟɨɫɬɨɪɨɠɧɨ ɭɫɬɚɧɚɜɥɢɜɚɟɬ ɨɩɪɟɞɟɥɟɧɢɟ ɚɬɪɢɛɭɬɚ ɧɚ integer (ɰɟɥɨɟ ɱɢɫɥɨ). ɉɨɥɭɱɢɜ ɨɬɤɚɡ, ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɪɟɲɚɟɬ, ɱɬɨ ɷɬɨ ɞɨɥɠɧɨ ɛɵɬɶ ɫɬɪɨɤɨɜɨɟ (string) ɡɧɚɱɟɧɢɟ, ɱɬɨɛɵ ɜɤɥɸɱɚɬɶ ɢ ɪɚɡɦɟɪ, ɢ ɲɢɪɢɧɭ. ɉɭɬɟɦ ɞɟɡɚɤɬɢɜɚɰɢɢ ɚɬɪɢɛɭɬɨɜ ɫɯɟɦɵ ɩɟɪɜɨɧɚɱɚɥɶɧɵɣ ɚɬɪɢɛɭɬ ɦɨɠɧɨ ɜɵɤɥɸɱɢɬɶ ɢ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɚɬɪɢɛɭɬ ɫ ɬɟɦ ɠɟ ɢɦɟɧɟɦ «Ɋɚɡɦɟɪ ɨɛɭɜɢ» ɢ ɫ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɦ ɨɩɪɟɞɟɥɟɧɢɟɦ. Ȼɟɡ ɷɬɨɣ ɜɨɡɦɨɠɧɨɫɬɢ ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɞɨɥɠɟɧ ɛɵɥ ɛɵ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɚɬɪɢɛɭɬ ɫ ɭɧɢɤɚɥɶɧɵɦ ɧɚɡɜɚɧɢɟɦ ɢ ɰɟɥɢɤɨɦ ɨɬɤɚɡɚɬɶɫɹ ɨɬ ɚɬɪɢɛɭɬɚ «Ɋɚɡɦɟɪ ɨɛɭɜɢ». ȼ ɤɚɱɟɫɬɜɟ ɩɨɞɫɬɪɚɯɨɜɤɢ, ɱɬɨɛɵ ɩɪɟɞɨɬɜɪɚɬɢɬɶ ɫɥɭɱɚɣɧɭɸ ɞɟɡɚɤɬɢɜɚɰɢɸ, ɢɡɦɟɧɟɧɢɹ, ɩɪɨɢɡɜɟɞɟɧɧɵɟ ɞɟɡɚɤɬɢɜɚɰɢɟɣ ɨɛɴɟɤɬɨɜ ɫɯɟɦɵ, ɹɜɥɹɸɬɫɹ ɨɛɪɚɬɢɦɵɦɢ.
ȼ Active Directory Windows Server 2003 ɬɚɤ ɠɟ, ɤɚɤ ɜ Windows 2000, ɬɪɚɮɢɤ ɦɟɠɫɚɣɬɨɜɨɣ ɪɟɩɥɢɤɚɰɢɢ ɩɨ ɭɦɨɥɱɚɧɢɸ ɫɠɚɬ. ɇɚɪɹɞɭ ɫ ɬɟɦ, ɱɬɨ ɷɬɨ ɫɠɚɬɢɟ ɨɩɬɢɦɢɡɢɪɭɟɬ ɩɪɨɩɭɫɤɧɭɸ ɫɩɨɫɨɛɧɨɫɬɶ ɫɟɬɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ, ɨɧɨ ɧɚɤɥɚɞɵɜɚɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɭɸ ɧɚɝɪɭɡɤɭ ɧɚ ɩɪɨɰɟɫɫɨɪɵ
ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɨɛɪɚɛɚɬɵɜɚɸɬ ɫɠɚɬɢɟ ɢ ɪɚɫɩɚɤɨɜɤɭ. ɉɨɫɤɨɥɶɤɭ ɬɟɩɟɪɶ ɫɠɚɬɢɟ ɬɪɚɮɢɤɚ ɪɟɩɥɢɤɚɰɢɢ ɦɨɠɧɨ ɜɵɤɥɸɱɚɬɶ (ɬɨɥɶɤɨ ɦɟɠɞɭ ɪɚɡɥɢɱɧɵɦɢ ɫɚɣɬɚɦɢ), ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɦɨɝɭɬ ɭɦɟɧɶɲɚɬɶ ɧɚɝɪɭɡɤɭ ɧɚ ɩɪɨɰɟɫɫɨɪ. ɗɬɨ ɩɪɨɢɫɯɨɞɢɬ ɡɚ ɫɱɟɬ ɭɜɟɥɢɱɟɧɢɹ ɧɚɝɪɭɡɤɢ ɧɚ ɩɪɨɩɭɫɤɧɭɸ ɫɩɨɫɨɛɧɨɫɬɶ ɫɟɬɢ, ɧɨ ɜ ɫɪɟɞɚɯ ɫ ɜɵɫɨɤɨɣ ɫɟɬɟɜɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɶɸ ɷɬɚ ɚɥɶɬɟɪɧɚɬɢɜɚ ɦɨɠɟɬ ɡɚɫɥɭɠɢɜɚɬɶ ɜɧɢɦɚɧɢɹ.
ɉɪɢ ɜɯɨɞɟ ɜ ɞɨɦɟɧ, ɧɚɯɨɞɹɳɢɣɫɹ ɜ ɨɫɧɨɜɧɨɦ ɪɟɠɢɦɟ Windows 2000 (native-mode), ɧɟɨɛɯɨɞɢɦɨ ɜɫɬɭɩɢɬɶ ɜ ɤɨɧɬɚɤɬ ɫ ɫɟɪɜɟɪɨɦ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ (GC - Global Catalog) ɞɥɹ ɨɛɪɚɛɨɬɤɢ ɭɧɢɜɟɪɫɚɥɶɧɨɝɨ ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɗɬɚ ɝɪɭɩɩɨɜɚɹ ɢɧɮɨɪɦɚɰɢɹ ɬɪɟɛɭɟɬɫɹ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɫɨɡɞɚɬɶ ɥɟɤɫɟɦɭ ɞɨɫɬɭɩɚ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ⱦɥɹ ɢɡɛɟɠɚɧɢɹ ɫɢɬɭɚɰɢɣ, ɜ ɤɨɬɨɪɵɯ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɜɯɨɞɵ ɜ ɫɢɫɬɟɦɭ ɨɬɤɥɨɧɹɸɬɫɹ ɢɡ-ɡɚ ɜɵɤɥɸɱɟɧɧɨɣ ɫɜɹɡɢ ɫ GC, ɨɛɵɱɧɚɹ ɩɪɚɤɬɢɤɚ ɩɪɢ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ Active Directory ɫɨɫɬɨɢɬ ɜ ɪɚɡɦɟɳɟɧɢɢ ɝɥɨɛɚɥɶɧɵɯ ɤɚɬɚɥɨɝɨɜ ɜ ɬɟɯ ɦɟɫɬɚɯ, ɤɨɬɨɪɵɟ ɫɨɟɞɢɧɟɧɵ ɫ ɨɫɧɨɜɧɨɣ ɫɟɬɶɸ ɦɟɧɟɟ ɧɚɞɟɠɧɵɦɢ ɫɟɬɟɜɵɦɢ ɫɜɹɡɹɦɢ. Ɍɟɩɟɪɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ Windows Server 2003 ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɬɚɤ, ɱɬɨɛɵ ɢɧɮɨɪɦɚɰɢɹ ɭɧɢɜɟɪɫɚɥɶɧɨɝɨ ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ ɤɷɲɢɪɨɜɚɥɚɫɶ, ɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɜɯɨɞɵ ɜ ɫɢɫɬɟɦɭ ɦɨɝɥɢ ɛɵɬɶ ɨɛɪɚɛɨɬɚɧɵ ɛɟɡ ɤɨɧɬɚɤɬɚ ɫ GC. ȼ ɪɟɡɭɥɶɬɚɬɟ ɧɟ ɬɪɟɛɭɟɬɫɹ, ɱɬɨɛɵ ɤɚɠɞɨɟ ɭɞɚɥɟɧɧɨɟ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɤɨɦɩɚɧɢɢ ɢɦɟɥɨ GC-ɤɚɬɚɥɨɝ. Ʉɪɨɦɟ ɬɨɝɨ, ɩɪɢ ɨɬɫɭɬɫɬɜɢɢ GC-ɤɚɬɚɥɨɝɚ ɧɚ ɤɚɠɞɨɦ ɭɞɚɥɟɧɧɨɦ ɫɚɣɬɟ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɩɨ ɫɟɬɟɜɵɦ ɫɨɟɞɢɧɟɧɢɹɦ, ɫɜɹɡɵɜɚɸɳɢɦ ɷɬɢ ɫɚɣɬɵ, ɭɦɟɧɶɲɚɟɬɫɹ.
ȼ ɫɢɫɬɟɦɟ Windows 2000 ɟɞɢɧɫɬɜɟɧɧɨɟ ɢɡɦɟɧɟɧɢɟ, ɫɞɟɥɚɧɧɨɟ ɜ ɨɞɧɨɦ ɱɥɟɧɟ ɝɪɭɩɩɵ, ɜɵɡɵɜɚɥɨ ɧɟɨɛɯɨɞɢɦɨɫɬɶ ɪɟɩɥɢɤɚɰɢɢ ɜɫɟɯ ɱɥɟɧɨɜ ɝɪɭɩɩɵ, ɱɬɨɛɵ ɫɢɧɯɪɨɧɢɡɢɪɨɜɚɬɶ ɢɡɦɟɧɟɧɢɹ ɫ ɞɪɭɝɢɦɢ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ. Ⱦɥɹ ɨɱɟɧɶ ɛɨɥɶɲɢɯ ɝɪɭɩɩ ɩɪɢ ɷɬɨɦ ɢɫɩɨɥɶɡɨɜɚɥɚɫɶ ɡɧɚɱɢɬɟɥɶɧɚɹ ɱɚɫɬɶ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɫɟɬɢ ɢ ɢɦɟɥɚɫɶ ɩɨɬɟɧɰɢɚɥɶɧɚɹ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨɬɟɪɢ ɞɚɧɧɵɯ ɱɥɟɧɚ ɝɪɭɩɩɵ, ɟɫɥɢ ɫɥɭɱɚɥɨɫɶ ɬɚɤ, ɱɬɨ ɱɥɟɧɫɬɜɨ ɜ ɝɪɭɩɩɟ ɢɡɦɟɧɹɥɨɫɶ ɧɚ ɧɟɫɤɨɥɶɤɢɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ. ɇɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ ɥɟɫɚ Windows Server 2003 ɪɟɩɥɢɤɚɰɢɹ ɢɡɦɟɧɟɧɢɣ ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ ɤɚɫɚɟɬɫɹ ɬɟɩɟɪɶ ɬɨɥɶɤɨ ɢɡɦɟɧɟɧɧɨɝɨ ɱɥɟɧɚ.
UI-
ɋɟɥɟɤɬɨɪ ɨɛɴɟɤɬɨɜ (object picker) ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɮɭɧɤɰɢɸ ɢɧɬɟɪɮɟɣɫɚ ɩɨɥɶɡɨɜɚɬɟɥɹ (UI), ɤɨɬɨɪɚɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɜɵɛɨɪɚ ɨɛɴɟɤɬɨɜ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɪɢ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɢ Active Directory. ɇɚɩɪɢɦɟɪ, ɩɪɢ ɞɨɛɚɜɥɟɧɢɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ ɤ ɝɥɨɛɚɥɶɧɨɣ ɝɪɭɩɩɟ ɢɫɩɨɥɶɡɭɟɬɫɹ UI-ɫɟɥɟɤɬɨɪ ɨɛɴɟɤɬɨɜ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɜɵɛɪɚɬɶ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɤɨɬɨɪɭɸ ɜɵ ɯɨɬɢɬɟ ɜɤɥɸɱɢɬɶ ɜ ɝɪɭɩɩɭ. ȼ ɩɪɨɲɥɵɯ ɜɵɩɭɫɤɚɯ ɷɬɨɬ ɢɧɬɟɪɮɟɣɫ ɨɛɟɫɩɟɱɢɜɚɥ ɩɪɨɫɬɨɟ ɩɪɟɞɫɬɚɜɥɟɧɢɟ ɤɚɬɚɥɨɝɚ, ɤɨɬɨɪɨɟ ɧɟɜɨɡɦɨɠɧɨ ɛɵɥɨ ɩɪɨɤɪɭɱɢɜɚɬɶ ɞɥɹ ɩɪɨɫɦɨɬɪɚ. Ɍɟɤɭɳɚɹ ɜɟɪɫɢɹ ɷɬɨɝɨ ɢɧɬɟɪɮɟɣɫɚ ɜɤɥɸɱɚɟɬ ɪɚɫɲɢɪɟɧɧɵɟ ɮɭɧɤɰɢɢ ɡɚɩɪɨɫɨɜ, ɤɨɬɨɪɵɟ ɩɨɡɜɨɥɹɸɬ ɞɟɥɚɬɶ ɩɨɢɫɤ ɜ ɤɚɬɚɥɨɝɟ ɧɚ ɭɪɨɜɧɟ ɚɬɪɢɛɭɬɚ ɢ ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɩɟɪɟɧɟɫɬɢ ɫɮɟɪɭ ɞɟɣɫɬɜɢɹ ɧɚ ɨɩɪɟɞɟɥɟɧɧɨɟ ɨɪɝɚɧɢɡɚɰɢɨɧɧɨɟ ɩɨɞɪɚɡɞɟɥɟɧɢɟ. Ɋɟɡɭɥɶɬɚɬɵ ɷɬɨɝɨ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɢɹ ɫɨɫɬɨɹɬ ɜ ɭɥɭɱɲɟɧɢɢ ɩɨɢɫɤɚ, ɚ ɬɚɤɠɟ ɜ ɭɦɟɧɶɲɟɧɢɢ ɫɟɬɟɜɨɝɨ ɬɪɚɮɢɤɚ, ɫɜɹɡɚɧɧɨɝɨ ɫɨ ɫɥɭɠɛɨɣ ɤɚɬɚɥɨɝɚ. Ȼɨɥɟɟ ɬɨɝɨ, UIɫɟɥɟɤɬɨɪ ɨɛɴɟɤɬɨɜ ɞɨɫɬɭɩɟɧ ɥɸɛɨɣ ɧɨɜɨɣ ɨɫɧɚɫɬɤɟ ɆɆɋ, ɜ ɤɨɬɨɪɨɣ ɬɪɟɛɭɟɬɫɹ ɜɵɛɢɪɚɬɶ ɨɛɴɟɤɬɵ ɢɡ Active Directory.
ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɩɪɨɰɟɫɫ, ɜ ɪɟɡɭɥɶɬɚɬɟ ɤɨɬɨɪɨɝɨ ɨɛɴɟɤɬɵɩɚɦɹɬɧɢɤɢ (tombstone) ɭɞɚɥɹɸɬɫɹ ɢɡ ɬɟɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɧɟɞɨɫɬɭɩɧɵ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɩɨɫɥɟ ɩɪɨɰɟɫɫɚ ɫɛɨɪɤɢ ɦɭɫɨɪɚ. ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɦɚɪɤɟɪ, ɤɨɬɨɪɵɣ ɭɤɚɡɵɜɚɟɬ ɧɚ ɬɨ, ɱɬɨ ɨɛɴɟɤɬ ɛɵɥ ɭɞɚɥɟɧ. « » — ɷɬɨ ɩɪɨɰɟɫɫ, ɫ ɩɨɦɨɳɶɸ ɤɨɬɨɪɨɝɨ ɨɛɴɟɤɬɵ, ɨɬɦɟɱɟɧɧɵɟ ɤɚɤ ɨɛɴɟɤɬɵ-ɩɚɦɹɬɧɢɤɢ, ɭɞɚɥɹɸɬɫɹ ɢɡɨ ɜɫɟɯ ɪɟɩɥɢɤ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory ɩɨ ɜɫɟɦɭ ɞɨɦɟɧɭ. ɉɪɨɰɟɫɫ ɭɞɚɥɟɧɢɹ ɷɬɢɯ ɧɟɚɤɬɢɜɧɵɯ ɨɛɴɟɤɬɨɜ ɢɫɩɨɥɶɡɭɟɬɫɹ ɜ ɬɚɤɢɯ ɫɢɬɭɚɰɢɹɯ, ɜ ɤɨɬɨɪɵɯ ɭɞɚɥɟɧɢɟ ɦɚɪɤɟɪɨɜ-ɩɚɦɹɬɧɢɤɨɜ ɜ ɪɚɡɞɟɥɟ ɤɚɬɚɥɨɝɚ ɞɨɦɟɧɚ ɜɵɩɨɥɧɹɟɬɫɹ ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɧɚɯɨɞɢɥɫɹ ɜ ɚɜɬɨɧɨɦɧɨɦ ɪɟɠɢɦɟ ɢɥɢ ɛɵɥ ɧɟɞɨɫɬɭɩɟɧ ɩɨ ɞɪɭɝɢɦ ɩɪɢɱɢɧɚɦ. ɉɪɟɠɞɟ ɧɟ ɫɭɳɟɫɬɜɨɜɚɥɨ ɧɢɤɚɤɨɝɨ ɩɪɨɰɟɫɫɚ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɨɝɨ ɞɥɹ ɨɱɢɳɟɧɢɹ ɫɢɫɬɟɦɵ ɨɬ ɬɚɤɢɯ «ɩɨɬɟɪɹɧɧɵɯ» ɦɚɪɤɟɪɨɜ-ɩɚɦɹɬɧɢɤɨɜ, ɜ ɪɟɡɭɥɶɬɚɬɟ ɱɟɝɨ ɛɚɡɚ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ ɦɨɝɥɚ ɜɵɪɚɫɬɚɬɶ ɞɨ ɬɚɤɢɯ ɪɚɡɦɟɪɨɜ, ɱɬɨ ɷɬɨ ɜɥɢɹɥɨ ɧɚ
ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɶ ɩɪɨɰɟɫɫɚ ɪɟɩɥɢɤɚɰɢɢ. ɗɬɨ ɬɚɤɠɟ ɨɡɧɚɱɚɥɨ, ɱɬɨ ɧɚ ɪɚɡɧɵɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɫɭɳɟɫɬɜɨɜɚɥɢ ɧɟɫɨɝɥɚɫɨɜɚɧɧɵɟ ɤɨɩɢɢ ɪɚɡɞɟɥɨɜ ɤɚɬɚɥɨɝɚ.
inetOrgPerson
Active Directory Windows Server 2003 ɬɟɩɟɪɶ ɩɨɞɞɟɪɠɢɜɚɟɬ ɤɥɚɫɫ inetOrgPerson ɜ ɬɨɦ ɜɢɞɟ, ɜ ɤɚɤɨɦ ɨɧ ɨɩɪɟɞɟɥɟɧ ɜ ɞɨɤɭɦɟɧɬɟ RFC 2798, ɤɨɬɨɪɵɣ ɞɨɫɬɭɩɟɧ ɧɚ ɫɚɣɬɟ http://www.faqs.org/rfcs/rfc2798.html. ɗɬɨ ɞɨɩɨɥɧɟɧɢɟ ɤ ɨɫɧɨɜɧɨɣ ɫɯɟɦɟ ɞɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɚɞɦɢɧɢɫɬɪɚɬɨɪɭ Active Directory ɩɟɪɟɦɟɲɚɬɶ ɨɛɴɟɤɬɵ inetOrgPerson ɢɡ ɞɪɭɝɢɯ LDAP-ɤɚɬɚɥɨ-ɝɨɜ, ɚ ɬɚɤɠɟ ɫɨɡɞɚɜɚɬɶ ɨɛɴɟɤɬɵ inetOrgPerson ɜ ɫɪɟɞɟ Active Directory Windows Server 2003.
ȼ ɷɬɨɣ ɝɥɚɜɟ ɜɵ ɭɡɧɚɥɢ, ɤɚɤ ɡɚ ɷɬɢ ɝɨɞɵ ɪɚɡɜɢɜɚɥɚɫɶ ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ Microsoft ɩɨ ɦɟɪɟ ɪɚɡɜɢɬɢɹ ɫɟɬɟɜɨɣ ɫɪɟɞɵ ɨɛɪɚɛɨɬɤɢ ɞɚɧɧɵɯ, ɧɚ ɤɨɬɨɪɭɸ ɨɧɚ ɨɩɢɪɚɟɬɫɹ. ɇɚɱɢɧɚɹ ɫ ɜɵɩɭɫɤɚ ɫɢɫɬɟɦɵ Windows 2000, ɜ ɤɚɱɟɫɬɜɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɜ ɹɞɪɟ NOS Windows ɢɫɩɨɥɶɡɨɜɚɥɚɫɶ Active Directory. ȼ ɷɬɨɣ ɝɥɚɜɟ ɛɵɥɨ ɞɚɧɨ ɤɪɚɬɤɨɟ ɜɜɟɞɟɧɢɟ ɜ ɩɥɚɬɮɨɪɦɭ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɢ ɨɛɴɹɫɧɟɧɨ, ɤɚɤ ɟɟ ɤɨɧɫɬɪɭɤɰɢɹ ɭɞɨɜɥɟɬɜɨɪɹɟɬ ɡɚɩɪɨɫɚɦ ɫɨɜɪɟɦɟɧɧɨɣ ɫɟɬɟɜɨɣ ɫɪɟɞɵ ɨɛɪɚɛɨɬɤɢ ɞɚɧɧɵɯ. Ȼɵɥɢ ɨɛɫɭɠɞɟɧɵ ɤɥɸɱɟɜɵɟ ɮɭɧɤɰɢɢ, ɩɨɤɚɡɵɜɚɸɳɢɟ ɜɵɝɨɞɵ ɨɬ ɢɫɩɨɥɶɡɨɜɚɧɢɹ Active Directory, ɢ ɜ ɡɚɤɥɸɱɟɧɢɟ ɞɚɧ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɟɟ ɧɨɜɵɯ ɮɭɧɤɰɢɣ.
2. Directory
Active
ɋɥɭɠɛɚ ɤɚɬɚɥɨɝɚ Active Directory Microsoft Windows Server 2003 ɫɭɳɟɫɬɜɭɟɬ ɧɚ ɞɜɭɯ ɭɪɨɜɧɹɯ: ɮɢɡɢɱɟɫɤɨɦ ɢ ɥɨɝɢɱɟɫɤɨɦ. ȼ ɬɟɪɦɢɧɚɯ ɮɢɡɢɱɟɫɤɨɣ ɫɬɪɭɤɬɭɪɵ Active Directory ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɮɚɣɥ, ɪɚɫɩɨɥɨɠɟɧɧɵɣ ɧɚ ɠɟɫɬɤɨɦ ɞɢɫɤɟ ɫɟɪɜɟɪɚ ɢ ɧɚ ɠɟɫɬɤɨɦ ɞɢɫɤɟ ɤɚɠɞɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɫɨɞɟɪɠɢɬ ɷɬɭ ɫɥɭɠɛɭ. Ʌɨɝɢɱɟɫɤɚɹ ɫɬɪɭɤɬɭɪɚ Active Directory ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɤɨɧɬɟɣɧɟɪɵ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɯɪɚɧɟɧɢɹ ɨɛɴɟɤɬɨɜ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ (ɪɚɡɞɟɥɨɜ ɤɚɬɚɥɨɝɚ, ɞɨɦɟɧɨɜ ɢ ɥɟɫɨɜ) ɧɚ ɩɪɟɞɩɪɢɹɬɢɢ. Ɋɚɡɞɟɥɵ ɤɚɬɚɥɨɝɚ, ɞɨɦɟɧɵ ɢ ɥɟɫɚ ɜ ɜɢɞɟ ɛɚɣɬɨɜ ɢɧɮɨɪɦɚɰɢɢ ɯɪɚɧɹɬɫɹ ɜ ɮɢɡɢɱɟɫɤɢɯ ɤɨɦɩɨɧɟɧɬɚɯ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɜɵ ɭɡɧɚɟɬɟ ɨ ɮɢɡɢɱɟɫɤɨɦ ɩɪɨɹɜɥɟɧɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory. Ɂɚɬɟɦ ɜɵ ɩɨɡɧɚɤɨɦɢɬɟɫɶ ɫ ɥɨɝɢɱɟɫɤɨɣ ɫɬɪɭɤɬɭɪɨɣ ɪɟɚɥɢɡɚɰɢɢ ɫɥɭɠɛɵ Active Directory. ɏɨɪɨɲɟɟ ɩɨɧɢɦɚɧɢɟ ɮɢɡɢɱɟɫɤɨɣ ɫɬɪɭɤɬɭɪɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɜɚɠɧɨ, ɧɨ ɡɧɚɧɢɟ ɥɨɝɢɱɟɫɤɨɣ ɫɬɪɭɤɬɭɪɵ ɹɜɥɹɟɬɫɹ ɧɟɩɪɟɦɟɧɧɵɦ ɭɫɥɨɜɢɟɦ ɭɫɩɟɲɧɨɣ ɪɟɚɥɢɡɚɰɢɢ ɢ ɭɩɪɚɜɥɟɧɢɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɨɣ ɜɚɲɟɣ ɫɥɭɠɛɵ. ɂɦɟɧɧɨ ɫ ɥɨɝɢɱɟɫɤɨɣ ɫɬɪɭɤɬɭɪɨɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɜɵ ɛɭɞɟɬɟ ɟɠɟɞɧɟɜɧɨ ɜɡɚɢɦɨɞɟɣɫɬɜɨɜɚɬɶ.
Active Directory
Ɏɢɡɢɱɟɫɤɨɟ ɩɪɨɹɜɥɟɧɢɟ ɫɥɭɠɛɵ Active Directory ɫɨɫɬɨɢɬ ɜ ɧɚɥɢɱɢɢ ɨɬɞɟɥɶɧɨɝɨ ɮɚɣɥɚ ɞɚɧɧɵɯ, ɪɚɫɩɨɥɨɠɟɧɧɨɝɨ ɧɚ ɤɚɠɞɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. Ɏɢɡɢɱɟɫɤɚɹ ɪɟɚɥɢɡɚɰɢɹ ɫɥɭɠɛɵ Active Directory ɨɩɢɫɵɜɚɟɬɫɹ ɦɟɫɬɨɩɨɥɨɠɟɧɢɟɦ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɪɚɫɩɨɥɨɠɟɧɚ ɫɥɭɠɛɚ. ɉɪɢ ɪɟɚɥɢɡɚɰɢɢ ɫɥɭɠɛɵ Active Directory ɦɨɠɧɨ ɞɨɛɚɜɥɹɬɶ ɫɬɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɨɜ, ɫɤɨɥɶɤɨ ɧɟɨɛɯɨɞɢɦɨ ɞɥɹ ɩɨɞɞɟɪɠɚɧɢɹ ɫɥɭɠɛ ɤɚɬɚɥɨɝɚ ɜ ɞɚɧɧɨɣ ɨɪɝɚɧɢɡɚɰɢɢ. ɂɦɟɟɬɫɹ ɩɹɬɶ ɨɩɪɟɞɟɥɟɧɧɵɯ ɪɨɥɟɣ, ɤɨɬɨɪɵɟ ɦɨɠɟɬ ɢɝɪɚɬɶ ɤɚɠɞɵɣ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. Ɉɧɢ ɢɡɜɟɫɬɧɵ ɤɚɤ (operations master roles). ȿɳɟ ɨɞɧɚ ɪɨɥɶ, ɤɨɬɨɪɭɸ ɦɨɠɟɬ ɜɵɩɨɥɧɹɬɶ ɥɸɛɨɣ ɨɬɞɟɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ, ɫɜɹɡɚɧɚ ɫ ɝɥɨɛɚɥɶɧɵɦ ɤɚɬɚɥɨɝɨɦ (GC — Global Catalog). ȼ ɷɬɨɦ ɪɚɡɞɟɥɟ ɦɵ ɪɚɫɫɦɨɬɪɢɦ ɯɪɚɧɢɥɢɳɟ ɞɚɧɧɵɯ ɫɥɭɠɛɵ Active Directory ɢ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɨɧɨ ɪɚɫɩɨɥɨɠɟɧɨ.
ȼɫɟ ɞɚɧɧɵɟ ɛɚɡɵ ɞɚɧɧɵɯ ɫɥɭɠɛɵ Active Directory ɯɪɚɧɹɬɫɹ ɜ ɨɬɞɟɥɶɧɨɦ ɮɚɣɥɟ Ntds.dit ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. ɗɬɨɬ ɮɚɣɥ ɞɚɧɧɵɯ ɩɨ ɭɦɨɥɱɚɧɢɸ ɧɚɯɨɞɢɬɫɹ ɜ ɩɚɩɤɟ %SystemRoot%\NTDS, ɪɚɫɩɨɥɨɠɟɧɧɨɣ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. ȼ ɧɟɦ ɯɪɚɧɢɬɫɹ ɜɫɹ ɢɧɮɨɪɦɚɰɢɹ ɤɚɬɚɥɨɝɚ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɚɹ ɞɥɹ ɞɚɧɧɨɝɨ ɞɨɦɟɧɚ, ɚ ɬɚɤɠɟ ɞɚɧɧɵɟ, ɹɜɥɹɸɳɢɟɫɹ ɨɛɳɢɦɢ ɞɥɹ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɞɚɧɧɨɣ ɨɪɝɚɧɢɡɚɰɢɢ. ȼɬɨɪɚɹ ɤɨɩɢɹ ɮɚɣɥɚ Ntds.dit ɧɚɯɨɞɢɬɫɹ ɜ ɩɚɩɤɟ %SystemRoot%\ System32. ɗɬɚ ɜɟɪɫɢɹ ɮɚɣɥɚ ɩɨɫɬɚɜɥɹɟɦɚɹ ɤɨɩɢɹ (ɤɨɩɢɹ, ɡɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ) ɛɚɡɵ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ, ɨɧɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɫɥɭɠɛɵ Active Directory. ɗɬɨɬ ɮɚɣɥ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɫɟɪɜɟɪ ɜɨ ɜɪɟɦɹ ɭɫɬɚɧɨɜɤɢ Microsoft Windows Server 2003, ɱɬɨɛɵ ɫɟɪɜɟɪ ɦɨɠɧɨ ɛɵɥɨ ɧɚɡɧɚɱɚɬɶ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɛɟɡ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɨɛɪɚɳɚɬɶɫɹ ɤ ɢɧɫɬɚɥɥɹɰɢɨɧɧɨɣ ɫɪɟɞɟ. ȼɨ ɜɪɟɦɹ ɜɵɩɨɥɧɟɧɢɹ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory (Dcpromo.exe) ɮɚɣɥ Ntds.dit ɤɨɩɢɪɭɟɬɫɹ ɢɡ ɩɚɩɤɢ System32 ɜ ɩɚɩɤɭ NTDS. Ɂɚɬɟɦ ɤɨɩɢɹ, ɫɨɯɪɚɧɟɧɧɚɹ ɜ ɩɚɩɤɟ NTDS, ɫɬɚɧɨɜɢɬɫɹ ɞɟɣɫɬɜɭɸɳɟɣ ɤɨɩɢɟɣ ɯɪɚɧɢɥɢɳɚ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ. ȿɫɥɢ ɷɬɨ ɧɟ ɩɟɪɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ, ɬɨ ɮɚɣɥ ɛɭɞɟɬ ɨɛɧɨɜɥɟɧ ɢɡ ɞɪɭɝɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɱɟɪɟɡ ɩɪɨɰɟɫɫ ɪɟɩɥɢɤɚɰɢɢ.
ɉɨ ɨɩɪɟɞɟɥɟɧɢɸ ɥɸɛɨɣ ɤɨɦɩɶɸɬɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ Windows Server 2003, ɢ ɤɨɬɨɪɵɣ ɩɨɞɞɟɪɠɢɜɚɟɬ ɤɨɩɢɸ ɛɚɡɵ ɞɚɧɧɵɯ ɫɥɭɠɛɵ Active Directory, ɹɜɥɹɟɬɫɹ . ȼɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫɨɡɞɚɸɬɫɹ ɪɚɜɧɵɦɢ ɡɚ ɧɟɫɤɨɥɶɤɢɦɢ ɢɫɤɥɸɱɟɧɢɹɦɢ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɪɚɫɫɦɨɬɪɟɧɵ ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ. ɉɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɩɪɨɰɟɫɫɚ ɪɟɩɥɢɤɚɰɢɢ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɯɨɡɹɟɜɚɦɢ ɞɨɦɟɧɚ (multimaster), ɨɩɢɫɚɧɧɨɝɨ ɜ ɝɥ. 4, ɤɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ ɩɨɞɞɟɪɠɢɜɚɟɬ ɧɨɜɟɣɲɭɸ ɤɨɩɢɸ ɛɚɡɵ ɞɚɧɧɵɯ ɞɨɦɟɧɚ ɢ ɫɩɨɫɨɛɟɧ ɫɨɡɞɚɜɚɬɶ ɢɡɦɟɧɟɧɢɹ ɜ ɧɟɣ. ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɤɨɧɬɪɨɥɥɟɪɚɦ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɫɨɞɟɪɠɚɬ ɫɥɭɠɛɭ Active Directory, ɢɦɟɟɬɫɹ ɧɟɫɤɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɫɩɟɰɢɚɥɶɧɨɝɨ ɧɚɡɧɚɱɟɧɢɹ, ɤɨɬɨɪɵɟ ɬɪɟɛɭɸɬɫɹ ɫɥɭɠɛɟ Active
Directory ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɨɩɪɟɞɟɥɟɧɧɵɯ ɮɭɧɤɰɢɣ. Ɉɧɢ ɹɜɥɹɸɬɫɹ ɫɟɪɜɟɪɚɦɢ (GC) ɢ (operations masters).
ɇɚ ɫɟɪɜɟɪɟ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ ɧɚɯɨɞɢɬɫɹ ɝɥɨɛɚɥɶɧɵɣ ɤɚɬɚɥɨɝ (GC). Ɉɧ ɹɜɥɹɟɬɫɹ ɱɚɫɬɢɱɧɨɣ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɨɣ ɬɨɥɶɤɨ ɞɥɹ ɱɬɟɧɢɹ ɤɨɩɢɟɣ ɜɫɟɯ ɤɨɧɬɟɤɫɬɨɜ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɚ (NC - Naming Context) ɜ ɥɟɫɭ. Ʉɚɬɚɥɨɝ GC ɫɨɞɟɪɠɢɬ ɨɫɧɨɜɧɨɣ, ɧɨ ɧɟɩɨɥɧɵɣ ɧɚɛɨɪ ɚɬɪɢɛɭɬɨɜ ɞɥɹ ɤɚɠɞɨɝɨ ɨɛɴɟɤɬɚ ɥɟɫɚ ɜ ɤɚɠɞɨɦ ɞɨɦɟɧɟ NC. Ⱦɚɧɧɵɟ ɤɚɬɚɥɨɝɚ GC ɩɨɥɭɱɚɸɬ ɢɡ ɜɫɟɯ ɪɚɡɞɟɥɨɜ ɤɚɬɚɥɨɝɚ ɞɨɦɟɧɨɜ ɜ ɥɟɫɭ, ɨɧɢ ɤɨɩɢɪɭɸɬɫɹ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɫɬɚɧɞɚɪɬɧɨɝɨ ɩɪɨɰɟɫɫɚ ɪɟɩɥɢɤɚɰɢɢ ɫɥɭɠɛɵ Active Directory. ɋɨɜɟɬ. Ȼɭɞɟɬ ɥɢ ɚɬɪɢɛɭɬ ɫɤɨɩɢɪɨɜɚɧ ɜ ɤɚɬɚɥɨɝ GC, ɨɩɪɟɞɟɥɹɟɬɫɹ ɫɯɟɦɨɣ. Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɦɨɝɭɬ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɚɬɪɢɛɭɬɵ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɜ ɤɚɬɚɥɨɝ GC, ɢɫɩɨɥɶɡɭɹ ɦɟɧɸ Active Directory Schema (ɋɯɟɦɚ Active Directory), ɜɫɬɪɨɟɧɧɨɟ ɜ ɤɨɧɫɨɥɶ ɭɩɪɚɜɥɟɧɢɹ ɆɆɋ. ɑɬɨɛɵ ɞɨɛɚɜɢɬɶ ɚɬɪɢɛɭɬ ɤ ɤɚɬɚɥɨɝɭ GC, ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ Replicate This Attribute To The Global Catalog (Ʉɨɩɢɪɨɜɚɬɶ ɷɬɨɬ ɚɬɪɢɛɭɬ ɜ ɝɥɨɛɚɥɶɧɵɣ ɤɚɬɚɥɨɝ) ɧɚ ɫɚɦɨɦ ɚɬɪɢɛɭɬɟ. ȼ ɪɟɡɭɥɶɬɚɬɟ ɡɧɚɱɟɧɢɟ ɩɚɪɚɦɟɬɪɚ ɚɬɪɢɛɭɬɚ isMemberOfPartialAttributeSet ɛɭɞɟɬ ɭɫɬɚɧɨɜɥɟɧɨ ɧɚ true (ɢɫɬɢɧɚ). ȼɵ ɦɨɠɟɬɟ ɞɨɛɚɜɥɹɬɶ ɚɬɪɢɛɭɬ ɤ ɝɥɨɛɚɥɶɧɨɦɭ ɤɚɬɚɥɨɝɭ, ɟɫɥɢ ɨɠɢɞɚɟɬɟ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɩɨɬɪɟɛɭɟɬɫɹ ɢɫɤɚɬɶ ɷɬɨɬ ɨɛɴɟɤɬ ɜ ɥɟɫɭ. Ɋɟɞɤɨ ɭɩɨɦɢɧɚɟɦɵɟ ɚɬɪɢɛɭɬɵ ɨɛɵɱɧɨ ɧɟ ɞɨɛɚɜɥɹɸɬɫɹ ɤ ɤɚɬɚɥɨɝɭ GC. ɉɟɪɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɭɫɬɚɧɨɜɥɟɧɧɵɣ ɜ ɞɨɦɟɧɟ, ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɹɜɥɹɟɬɫɹ ɤɨɧɬɪɨɥɥɟɪɨɦ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɦɨɠɧɨ ɧɚɡɧɚɱɢɬɶ ɤɚɤ GC, ɜɵɛɢɪɚɹ ɨɩɰɢɸ Global Catalog Server (ɋɟɪɜɟɪ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ) ɜ ɢɧɫɬɪɭɦɟɧɬɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Sites And Services (ɋɚɣɬɵ ɢ ɫɥɭɠɛɵ Active Directory). ɗɬɨ ɞɟɥɚɟɬɫɹ ɫ ɰɟɥɶɸ ɨɩɬɢɦɢɡɚɰɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. Ʉɚɤ ɢɫɩɨɥɶɡɭɟɬɫɹ ɤɚɬɚɥɨɝ GC ɜ ɩɪɨɰɟɫɫɟ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɨɩɢɫɚɧɨ ɞɚɥɟɟ ɜ ɷɬɨɦ ɪɚɡɞɟɥɟ. ȼ ɝɥɚɜɟ 5 ɞɚɟɬɫɹ ɛɨɥɟɟ ɩɨɞɪɨɛɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɨ ɤɨɥɢɱɟɫɬɜɟ GC-ɫɟɪɜɟɪɨɜ, ɤɨɬɨɪɨɟ ɩɨɬɪɟɛɭɟɬɫɹ ɩɪɢ ɪɚɡɜɟɪɬɵɜɚɧɢɢ, ɢ ɨ ɬɨɦ, ɝɞɟ ɢɯ ɫɥɟɞɭɟɬ ɪɚɫɩɨɥɚɝɚɬɶ. ȼɵ ɦɨɠɟɬɟ ɡɚɞɚɬɶɫɹ ɜɨɩɪɨɫɨɦ, ɡɚɱɟɦ ɜɨɨɛɳɟ ɧɭɠɧɵ GC-ɫɟɪɜɟɪɵ. ȼɨ-ɩɟɪɜɵɯ, ɨɧɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɩɨɢɫɤɚ ɜ Active Directory. Ȼɟɡ ɤɚɬɚɥɨɝɚ GC ɩɨɢɫɤ ɩɨ ɡɚɩɪɨɫɚɦ, ɩɨɥɭɱɟɧɧɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɧɟ ɨɛɥɚɞɚɟɬ ɡɚɩɪɨɲɟɧɧɵɦ ɨɛɴɟɤɬɨɦ, ɩɪɢɜɟɞɟɬ ɤ ɬɨɦɭ, ɱɬɨ ɨɧ ɩɟɪɟɩɪɚɜɢɬ ɡɚɩɪɨɫ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɞɪɭɝɨɝɨ ɞɨɦɟɧɚ. ɉɨɫɤɨɥɶɤɭ GC-ɤɚɬɚɥɨɝ ɫɨɞɟɪɠɢɬ ɩɨɥɧɵɣ ɫɩɢɫɨɤ ɜɫɟɯ ɨɛɴɟɤɬɨɜ ɥɟɫɚ (ɢ ɧɟ ɫɨɞɟɪɠɢɬ ɚɬɪɢɛɭɬɵ ɨɛɴɟɤɬɚ), GC-ɫɟɪɜɟɪ ɦɨɠɟɬ ɨɬɜɟɬɢɬɶ ɧɚ ɥɸɛɨɣ ɡɚɩɪɨɫ, ɢɫɩɨɥɶɡɭɹ ɚɬɪɢɛɭɬ, ɤɨɬɨɪɵɣ ɤɨɩɢɪɨɜɚɥɫɹ ɜ GC-ɤɚɬɚɥɨɝ, ɛɟɡ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɩɟɪɟɞɚɜɚɬɶ ɟɝɨ ɞɪɭɝɨɦɭ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ. Ɂɚɩɪɨɫ, ɤɨɬɨɪɵɣ ɩɨɫɥɚɧ GC-ɫɟɪɜɟɪɭ, ɹɜɥɹɟɬɫɹ LDAP-ɡɚɩɪɨɫɨɦ (Lightweght Directory Access Protocol — ɨɛɥɟɝɱɟɧɧɵɣ ɩɪɨɬɨɤɨɥ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɨɜ), ɢɫɩɨɥɶɡɭɸɳɢɦ ɩɨɪɬ 3268 (ɡɚɞɚɧɧɵɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɪɬ GC-ɤɚɬɚɥɨɝɚ). ȼɨ-ɜɬɨɪɵɯ, GC-ɫɟɪɜɟɪɵ ɧɟɨɛɯɨɞɢɦɵ ɞɥɹ ɨɛɪɚɛɨɬɤɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɜɯɨɞɨɜ ɜ ɫɢɫɬɟɦɭ. Ɉɛɵɱɧɨ ɤɚɠɞɵɣ ɪɚɡ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɞɨɦɟɧ, ɜɵɩɨɥɧɹɟɬɫɹ ɨɛɪɚɳɟɧɢɟ ɤ GC-ɤɚɬɚɥɨɝɭ. ɗɬɨ ɩɪɨɢɫɯɨɞɢɬ ɩɨɬɨɦɭ, ɱɬɨ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɧɟ ɹɜɥɹɸɳɢɟɫɹ ɝɥɨɛɚɥɶɧɵɦɢ, ɧɟ ɫɨɞɟɪɠɚɬ ɧɢɤɚɤɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨɛ ɭɧɢɜɟɪɫɚɥɶɧɨɦ ɱɥɟɧɫɬɜɟ ɝɪɭɩɩɵ. (ɍɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ ɢɦɟɸɬɫɹ ɬɨɥɶɤɨ ɜ ɞɨɦɟɧɚɯ, ɨɛɥɚɞɚɸɳɢɯ ɮɭɧɤɰɢɨɧɚɥɶɧɵɦ ɭɪɨɜɧɟɦ Microsoft Windows 2000 ɢɥɢ Windows Server 2003. Ɏɭɧɤɰɢɨɧɚɥɶɧɵɟ ɭɪɨɜɧɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɜ Windows Server 2003, ɱɬɨɛɵ ɪɚɡɪɟɲɢɬɶ ɮɭɧɤɰɢɢ ɫɥɭɠɛɵ Active Directory ɜɫɟɦ ɤɨɧɬɪɨɥɥɟɪɚɦ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɢɯ ɩɨɞɞɟɪɠɢɜɚɬɶ.) ɍɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ ɦɨɝɭɬ ɫɨɞɟɪɠɚɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ ɢɡ ɥɸɛɨɝɨ ɞɨɦɟɧɚ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɥɟɫɚ. Ɍɚɤ ɤɚɤ ɭɧɢɜɟɪɫɚɥɶɧɨɟ ɝɪɭɩɩɨɜɨɟ ɱɥɟɧɫɬɜɨ ɪɚɫɩɪɨɫɬɪɚɧɹɟɬɫɹ ɧɚ ɥɟɫ, ɬɨ ɝɪɭɩɩɨɜɨɟ ɱɥɟɧɫɬɜɨ ɦɨɠɟɬ ɛɵɬɶ ɪɚɡɪɟɲɟɧɨ ɬɨɥɶɤɨ ɬɟɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɢɦɟɟɬ ɢɧɮɨɪɦɚɰɢɸ ɤɚɬɚɥɨɝɚ ɧɚ ɭɪɨɜɧɟ ɥɟɫɚ, ɬ.ɟ. ɢɧɮɨɪɦɚɰɢɸ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ (GC). ɑɬɨɛɵ ɫɝɟɧɟɪɢɪɨɜɚɬɶ ɬɨɱɧɭɸ ɥɟɤɫɟɦɭ ɡɚɳɢɬɵ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɡɚɩɪɚɲɢɜɚɸɳɟɝɨ ɢɞɟɧɬɢɮɢɤɚɰɢɸ, ɬɪɟɛɭɟɬɫɹ ɤɨɧɬɚɤɬɢɪɨɜɚɬɶ ɫ GC-ɤɚɬɚɥɨɝɨɦ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɭɧɢɜɟɪɫɚɥɶɧɨɝɨ ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ ɩɨɥɶɡɨɜɚɬɟɥɹ. . Windows Server 2003 , Windows Server 2003 GC. , GC, , . GC, (
8
). ,
GC-
.
,
Active Directory: Sites And Services ( Active Directory) . NTDS Site Settings ( NTDS), Properties ( ). Properties Enable Universal Group Membership Caching ( ), , . , GC. ȼ Windows Server 2003 ɤɚɠɞɨɦɭ ɥɟɫɭ ɢ ɤɚɠɞɨɦɭ ɞɨɦɟɧɭ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ ɦɨɠɟɬ ɛɵɬɶ ɧɚɡɧɚɱɟɧ ɨɩɪɟɞɟɥɟɧɧɵɣ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ. Ɏɭɧɤɰɢɨɧɚɥɶɧɵɟ ɭɪɨɜɧɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɪɚɡɪɟɲɚɬɶ ɮɭɧɤɰɢɢ, ɤɨɬɨɪɵɟ ɪɟɚɥɢɡɨɜɚɧɵ ɧɚ ɤɨɦɛɢɧɚɰɢɹɯ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦ. Ʉɨɝɞɚ ɞɥɹ ɞɨɦɟɧɚ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ, ɬɨ ɨɧ ɩɪɢɦɟɧɹɟɬɫɹ ɬɨɥɶɤɨ ɤ ɞɚɧɧɨɦɭ ɞɨɦɟɧɭ. ȿɫɥɢ ɧɟ ɨɩɪɟɞɟɥɟɧɨ ɢɧɚɱɟ, ɞɨɦɟɧɵ ɫɨɡɞɚɸɬɫɹ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ mixed (ɫɦɟɲɚɧɧɵɣ) ɫɢɫɬɟɦɵ Windows 2000; ɥɟɫɚ ɫɨɡɞɚɸɬɫɹ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000. ȼ ɬɚɛɥɢɰɟ 2-1 ɩɨɤɚɡɚɧɵ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɭɪɨɜɧɢ ɞɨɦɟɧɨɜ ɢ ɨɩɟɪɚɰɢɨɧɧɵɟ ɫɢɫɬɟɦɵ, ɩɨɞɞɟɪɠɢɜɚɟɦɵɟ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ. . 2-1.
Ɏɭɧɤɰɢɨɧɚɥɶɧɵɣ ɞɨɦɟɧɚ Windows (ɫɦɟɲɚɧɧɵɣ) ɭɦɨɥɱɚɧɢɸ)
ɭɪɨɜɟɧɶ Ɉɩɟɪɚɰɢɨɧɧɵɟ ɫɢɫɬɟɦɵ, ɩɨɞɞɟɪɠɢɜɚɟɦɵɟ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɚɧɧɨɝɨ ɞɨɦɟɧɚ 2000 mixed Windows NT 4, Windows 2000, (ɡɧɚɱɟɧɢɟ ɪɨ Windows Server 2003.
Windows 2000 native (ɨɫɧɨɜɧɨɣ) Windows Server 2003 (ɩɪɨɦɟɠɭɬɨɱɧɵɣ) Windows Server 2003
Windows 2000, Windows Server 2003.
interim Windows NT 4, Windows Server 2003. Windows Server 2003.
ȼ ɬɚɛɥɢɰɟ 2-2 ɩɨɤɚɡɚɧɵ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɭɪɨɜɧɢ ɥɟɫɚ ɢ ɨɩɟɪɚɰɢɨɧɧɵɟ ɫɢɫɬɟɦɵ, ɩɨɞɞɟɪɠɢɜɚɟɦɵɟ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɜ ɥɟɫɭ. . 2-2.
Ɏɭɧɤɰɢɨɧɚɥɶɧɵɟ ɭɪɨɜɧɢ ɥɟɫɚ
Windows 2000 ɭɦɨɥɱɚɧɢɸ)
(ɡɧɚɱɟɧɢɟ
Windows Server 2003 (ɩɪɨɦɟɠɭɬɨɱɧɵɣ) Windows Server 2003
Ɉɩɟɪɚɰɢɨɧɧɵɟ ɫɢɫɬɟɦɵ, ɩɨɞɞɟɪɠɢɜɚɟɦɵɟ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɚɧɧɨɝɨ ɞɨɦɟɧɚ ɜ ɥɟɫɭ
ɩɨ Windows NT 4, Windows Windows Server 2003.
2000,
interim Windows NT 4, Windows Server 2003. Windows Server 2003.
ɉɪɟɠɞɟ ɱɟɦ ɩɨɜɵɲɚɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɥɟɫɚ ɞɨ ɭɪɨɜɧɹ Windows Server 2003, ɩɪɨɜɟɪɶɬɟ, ɜɫɟɦ ɥɢ ɞɨɦɟɧɚɦ ɥɟɫɚ ɭɫɬɚɧɨɜɥɟɧ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ Windows 2000 native ɢɥɢ Windows Server 2003. Ⱦɨɦɟɧɵ, ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɤɨɬɨɪɵɯ ɭɫɬɚɧɨɜɥɟɧ ɧɚ Windows 2000 native, ɛɭɞɭɬ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɩɨɞɧɹɬɵ ɞɨ ɮɭɧɤɰɢɨɧɚɥɶɧɨɝɨ ɭɪɨɜɧɹ Windows Server 2003, ɚ ɭɪɨɜɟɧɶ ɥɟɫɚ - ɞɨ ɭɪɨɜɧɹ Windows Server 2003. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɷɬɨ ɩɪɨɢɡɨɣɞɟɬ, ɤ ɞɚɧɧɨɦɭ ɞɨɦɟɧɭ (ɥɟɫɭ) ɦɨɝɭɬ ɛɵɬɶ ɞɨɛɚɜɥɟɧɵ ɬɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɪɚɛɨɬɚɸɳɢɟ ɧɚ ɬɨɦ ɠɟ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ. ɉɨɞɧɹɬɵɣ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ ɢɥɢ ɥɟɫɚ ɧɟɥɶɡɹ ɩɨɧɢɡɢɬɶ. ɂɬɚɤ, ɝɥɨɛɚɥɶɧɵɣ ɤɚɬɚɥɨɝ (GC) ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɨɛɥɟɝɱɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɜɯɨɞ ɜ ɫɢɫɬɟɦɭ, ɞɨɩɭɫɤɚɹ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɨɫɧɨɜɧɵɯ ɢɦɟɧ ɩɨɥɶɡɨɜɚɬɟɥɹ (ɧɚɩɪɢɦɟɪ, [email protected]). Ʉɚɬɚɥɨɝ GC ɩɨɧɢɦɚɟɬ ɨɫɧɨɜɧɵɟ ɢɦɟɧɚ
ɩɨɥɶɡɨɜɚɬɟɥɹ (UPN - User Principal Names), ɩɨɬɨɦɭ ɱɬɨ ɨɧ ɫɨɞɟɪɠɢɬ ɢɧɮɨɪɦɚɰɢɸ ɨ ɤɚɠɞɨɦ ɩɨɥɶɡɨɜɚɬɟɥɟ ɜ ɤɚɠɞɨɦ ɞɨɦɟɧɟ ɥɟɫɚ. Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɧɟ ɢɦɟɸɳɢɟ ɤɚɬɚɥɨɝɚ GC, ɧɟ ɨɛɥɚɞɚɸɬ ɷɬɢɦɢ ɞɚɧɧɵɦɢ, ɨɧɢ ɧɟ ɫɩɨɫɨɛɧɵ ɩɨɞɬɜɟɪɞɢɬɶ ɩɨɞɥɢɧɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɟɫɥɢ ɨɧ ɡɚɞɚɟɬɫɹ ɜ ɬɚɤɨɦ ɮɨɪɦɚɬɟ.
Active Directory ɪɚɡɪɚɛɨɬɚɧɚ ɤɚɤ ɫɢɫɬɟɦɚ ɪɟɩɥɢɤɚɰɢɢ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɯɨɡɹɟɜɚɦɢ. Ⱦɥɹ ɷɬɨɝɨ ɬɪɟɛɭɟɬɫɹ, ɱɬɨɛɵ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɢɦɟɥɢ ɪɚɡɪɟɲɟɧɢɹ ɞɟɥɚɬɶ ɡɚɩɢɫɶ ɜ ɛɚɡɭ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ. ɗɬɚ ɫɢɫɬɟɦɚ ɭɞɨɜɥɟɬɜɨɪɢɬɟɥɶɧɨ ɪɚɛɨɬɚɟɬ ɞɥɹ ɛɨɥɶɲɢɧɫɬɜɚ ɨɩɟɪɚɰɢɣ ɤɚɬɚɥɨɝɚ, ɧɨ ɞɥɹ ɧɟɤɨɬɨɪɵɯ ɨɩɟɪɚɰɢɣ ɬɪɟɛɭɟɬɫɹ ɧɚɥɢɱɢɟ ɟɞɢɧɫɬɜɟɧɧɨɝɨ ɨɮɢɰɢɚɥɶɧɨɝɨ (authoritative) ɫɟɪɜɟɪɚ. Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɜɵɩɨɥɧɹɸɳɢɟ ɨɩɪɟɞɟɥɟɧɧɵɟ ɪɨɥɢ, ɢɡɜɟɫɬɧɵ ɤɚɤ ɯɨɡɹɟɜɚ ɨɩɟɪɚɰɢɣ; ɜɫɟ ɨɧɢ ɜɵɩɨɥɧɹɸɬ ɪɨɥɢ FSMO (Flexible Single Master Operations — ɝɢɛɤɢɟ ɨɩɟɪɚɰɢɢ ɫ ɨɞɧɢɦ ɯɨɡɹɢɧɨɦ). ɋɭɳɟɫɬɜɭɟɬ ɩɹɬɶ ɪɨɥɟɣ ɯɨɡɹɟɜ ɨɩɟɪɚɰɢɣ ɜ Active Directory: • ɯɨɡɹɢɧ ɫɯɟɦɵ; • ɯɨɡɹɢɧ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ; • ɯɨɡɹɢɧ ɨɬɧɨɫɢɬɟɥɶɧɵɯ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ RID; • ɯɨɡɹɢɧ ɷɦɭɥɹɬɨɪɚ PDC (Primary Domain Controller — ɨɫɧɨɜɧɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ); • ɯɨɡɹɢɧ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ. ɉɟɪɜɵɟ ɞɜɟ ɪɨɥɢ ɭɫɬɚɧɚɜɥɢɜɚɸɬɫɹ ɞɥɹ ɥɟɫɚ ɜ ɰɟɥɨɦ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɡɚɞɚɟɬɫɹ ɬɨɥɶɤɨ ɨɞɢɧ ɯɨɡɹɢɧ ɫɯɟɦɵ ɢ ɨɞɢɧ ɯɨɡɹɢɧ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ ɞɥɹ ɤɚɠɞɨɝɨ ɥɟɫɚ. ɋɥɟɞɭɸɳɢɟ ɬɪɢ ɪɨɥɢ ɮɭɧɤɰɢɨɧɢɪɭɸɬ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ, ɬ.ɟ. ɡɚɞɚɟɬɫɹ ɬɨɥɶɤɨ ɨɞɧɚ ɢɡ ɷɬɢɯ ɪɨɥɟɣ ɞɥɹ ɤɚɠɞɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ. Ʉɨɝɞɚ ɜɵ ɭɫɬɚɧɨɜɢɬɟ Active Directory ɢ ɫɨɡɞɚɞɢɬɟ ɩɟɪɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɥɟɫɭ, ɟɦɭ ɛɭɞɭɬ ɧɚɡɧɚɱɟɧɵ ɜɫɟ ɷɬɢ ɩɹɬɶ ɪɨɥɟɣ. ȿɫɥɢ ɜɵ ɞɨɛɚɜɢɬɟ ɞɨɦɟɧɵ ɤ ɥɟɫɭ, ɬɨ ɩɟɪɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɤɚɠɞɨɦ ɧɨɜɨɦ ɞɨɦɟɧɟ ɜɨɡɶɦɟɬ ɧɚ ɫɟɛɹ ɫɜɨɢ ɩɪɨɲɥɵɟ ɬɪɢ ɪɨɥɢ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ. ɉɨ ɦɟɪɟ ɞɨɛɚɜɥɟɧɢɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜɵ ɩɟɪɟɞɚɞɢɬɟ ɧɟɤɨɬɨɪɵɟ ɢɡ ɷɬɢɯ ɪɨɥɟɣ ɞɪɭɝɢɦ ɤɨɧɬɪɨɥɥɟɪɚɦ ɞɨɦɟɧɚ. Ʉɚɤ ɩɟɪɟɞɚɜɚɬɶ ɪɨɥɢ ɞɪɭɝɢɦ ɤɨɧɬɪɨɥɥɟɪɚɦ ɞɨɦɟɧɚ, ɨɩɢɫɚɧɨ ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ. ɏɨɡɹɢɧ ɫɯɟɦɵ ɹɜɥɹɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɢɦɟɟɬ ɪɚɡɪɟɲɟɧɢɟ ɞɟɥɚɬɶ ɡɚɩɢɫɢ ɜ ɫɯɟɦɭ ɤɚɬɚɥɨɝɚ. ɑɬɨɛɵ ɫɞɟɥɚɬɶ ɥɸɛɨɟ ɢɡɦɟɧɟɧɢɟ ɜ ɫɯɟɦɟ ɤɚɬɚɥɨɝɚ, ɚɞɦɢɧɢɫɬɪɚɬɨɪ (ɨɧ ɞɨɥɠɟɧ ɛɵɬɶ ɱɥɟɧɨɦ ɝɪɭɩɩɵ ɛɟɡɨɩɚɫɧɨɫɬɢ Schema Admins — Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɫɯɟɦɵ) ɞɨɥɠɟɧ ɫɜɹɡɚɬɶɫɹ ɫ ɯɨɡɹɢɧɨɦ ɫɯɟɦɵ. ȿɫɥɢ ɦɨɞɢɮɢɤɚɰɢɹ ɫɯɟɦɵ ɩɪɟɞɩɪɢɧɹɬɚ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɧɟ ɹɜɥɹɸɳɟɦɫɹ ɯɨɡɹɢɧɨɦ ɫɯɟɦɵ, ɨɧɚ ɨɤɨɧɱɢɬɫɹ ɧɟɭɞɚɱɟɣ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɛɵɥɨ ɫɞɟɥɚɧɨ ɢɡɦɟɧɟɧɢɟ, ɦɨɞɢɮɢɤɚɰɢɢ ɫɯɟɦɵ ɤɨɩɢɪɭɸɬɫɹ ɧɚ ɨɫɬɚɥɶɧɵɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɥɟɫɭ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɩɟɪɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɭɫɬɚɧɨɜɥɟɧɧɵɣ ɜ ɥɟɫɭ (ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɞɥɹ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ) ɩɪɢɧɢɦɚɟɬ ɪɨɥɶ ɯɨɡɹɢɧɚ ɫɯɟɦɵ. ɗɬɚ ɪɨɥɶ ɦɨɠɟɬ ɛɵɬɶ ɩɟɪɟɞɚɧɚ ɞɪɭɝɨɦɭ ɤɨɧɬɪɨɥɥɟɪɭ ɜ ɥɸɛɨɟ ɜɪɟɦɹ ɫ ɩɨɦɨɳɶɸ ɨɫɧɚɫɬɤɢ Active Directory Schema (ɋɯɟɦɚ Active Directory) ɢɥɢ ɫ ɩɨɦɨɳɶɸ ɭɬɢɥɢɬɵ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ Ntdsutil. ɏɨɡɹɢɧ ɫɯɟɦɵ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɧ ɡɧɚɱɟɧɢɟɦ ɚɬɪɢɛɭɬɚ fSMORoleOwner ɜ ɤɨɧɬɟɣɧɟɪɟ ɫɯɟɦɵ. ɏɨɡɹɢɧ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɨɦ ɦɨɠɧɨ ɞɨɛɚɜɥɹɬɶ ɧɨɜɵɟ ɞɨɦɟɧɵ ɤ ɥɟɫɭ ɢɥɢ ɭɞɚɥɹɬɶ ɫɭɳɟɫɬɜɭɸɳɢɟ. Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɥɠɧɵ ɫɜɹɡɵɜɚɬɶɫɹ ɫ ɯɨɡɹɢɧɨɦ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ, ɱɬɨɛɵ ɞɨɛɚɜɢɬɶ ɢɥɢ ɭɞɚɥɢɬɶ ɞɨɦɟɧ. ȿɫɥɢ ɯɨɡɹɢɧ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ ɧɟɞɨɫɬɭɩɟɧ, ɥɸɛɚɹ ɩɨɩɵɬɤɚ ɞɨɛɚɜɢɬɶ ɞɨɦɟɧ ɤ ɥɟɫɭ ɢɥɢ ɭɞɚɥɢɬɶ ɟɝɨ ɩɨɬɟɪɩɢɬ ɧɟɭɞɚɱɭ. Ⱦɨɦɟɧɵ ɞɨɛɚɜɥɹɸɬɫɹ ɤ ɥɟɫɭ ɨɞɧɢɦ ɢɡ ɫɩɨɫɨɛɨɜ, ɤɨɬɨɪɵɟ ɬɪɟɛɭɸɬ ɩɨɞɤɥɸɱɟɧɢɹ ɭɞɚɥɟɧɧɨɝɨ ɜɵɡɨɜɚ ɩɪɨɰɟɞɭɪɵ (RPC) ɤ ɞɨɦɟɧɭ, ɢɫɩɨɥɧɹɸɳɟɦɭ ɪɨɥɶ ɯɨɡɹɢɧɚ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ. ɇɚɢɛɨɥɟɟ ɪɚɫɩɪɨɫɬɪɚɧɟɧɧɵɣ ɦɟɬɨɞ ɫɨɡɞɚɧɢɹ ɧɨɜɨɝɨ ɞɨɦɟɧɚ ɫɨɫɬɨɢɬ ɜ ɜɵɩɨɥɧɟɧɢɢ Dcpromo.exe ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ, ɤɨɬɨɪɚɹ ɡɚɩɭɫɤɚɟɬ ɦɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. ȼɨ ɜɪɟɦɹ ɷɬɨɝɨ ɩɪɨɰɟɫɫɚ ɜɵ ɩɨɥɭɱɚɟɬɟ ɜɨɡɦɨɠɧɨɫɬɶ ɭɫɬɚɧɨɜɢɬɶ ɩɟɪɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɧɨɜɵɣ ɞɨɦɟɧ. Dcpromo.exe ɜɨɣɞɟɬ ɜ ɤɨɧɬɚɤɬ ɫ ɯɨɡɹɢɧɨɦ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɚ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɫɞɟɥɚɬɶ ɷɬɨ ɢɡɦɟɧɟɧɢɟ. ȿɫɥɢ ɯɨɡɹɢɧ ɨɩɟɪɚɰɢɢ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ ɧɟɞɨɫɬɭɩɟɧ, ɬɨ ɫɨɡɞɚɧɢɟ ɞɨɦɟɧɚ ɨɤɨɧɱɢɬɫɹ ɧɟɭɞɚɱɟɣ. Ⱦɨɛɚɜɢɬɶ ɧɨɜɵɣ ɞɨɦɟɧ ɦɨɠɧɨ ɬɚɤɠɟ ɫ ɩɨɦɨɳɶɸ ɭɬɢɥɢɬɵ Ntdsutil. ɗɬɚ ɭɬɢɥɢɬɚ ɫɨɡɞɚɟɬ ɨɛɴɟɤɬ ɩɟɪɟɤɪɟɫɬɧɨɣ ɫɫɵɥɤɢ ɜ ɤɨɧɬɟɣɧɟɪɟ ɪɚɡɞɟɥɨɜ ɜ ɪɚɡɞɟɥɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ, ɤɨɬɨɪɵɣ ɡɚɬɟɦ
ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɥɟɫɭ. Ⱦɚɥɟɟ ɫɨɡɞɚɧɢɟ ɞɨɦɟɧɚ ɦɨɠɧɨ ɜɵɩɨɥɧɹɬɶ ɫ ɩɨɦɨɳɶɸ Dcpromo.exe ɛɟɡ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɜɯɨɞɢɬɶ ɜ ɤɨɧɬɚɤɬ ɫ ɯɨɡɹɢɧɨɦ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ. ɏɨɡɹɢɧ ɨɬɧɨɫɢɬɟɥɶɧɵɯ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ (RID) - ɷɬɨ ɪɨɥɶ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ. Ɉɧɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ RID-ɩɭɥɨɦ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɦ ɞɥɹ ɫɨɡɞɚɧɢɹ ɧɨɜɵɯ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ, ɬɚɤɢɯ ɤɚɤ ɩɨɥɶɡɨɜɚɬɟɥɢ, ɝɪɭɩɩɵ ɢ ɤɨɦɩɶɸɬɟɪɵ. Ʉɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɪɨɢɡɜɨɞɢɬ ɛɥɨɤ ɨɬɧɨɫɢɬɟɥɶɧɵɯ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ (RID), ɢɫɩɨɥɶɡɭɸɳɢɯɫɹ ɞɥɹ ɩɨɫɬɪɨɟɧɢɹ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ ɡɚɳɢɬɵ (SID), ɤɨɬɨɪɵɟ ɨɞɧɨɡɧɚɱɧɨ ɢɞɟɧɬɢɮɢɰɢɪɭɸɬ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ ɜ ɞɨɦɟɧɟ. Ȼɥɨɤ ɞɨɫɬɭɩɧɵɯ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ RID ɧɚɡɵɜɚɟɬɫɹ RID-ɩɭɥɨɦ. Ʉɨɝɞɚ ɤɨɥɢɱɟɫɬɜɨ ɞɨɫɬɭɩɧɵɯ RID-ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ ɜ RID-ɩɭɥɟ ɧɚ ɥɸɛɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ ɧɚɱɢɧɚɟɬ ɢɫɬɨɳɚɬɶɫɹ, ɞɟɥɚɟɬɫɹ ɡɚɩɪɨɫ ɧɚ ɞɪɭɝɨɣ RID-ɛɥɨɤ ɭ ɯɨɡɹɢɧɚ RID-ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ. Ɋɚɛɨɬɚ ɯɨɡɹɢɧɚ RID-ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ ɡɚɤɥɸɱɚɟɬɫɹ ɜ ɜɵɩɨɥɧɟɧɢɢ ɬɚɤɢɯ ɡɚɩɪɨɫɨɜ ɢ ɨɛɟɫɩɟɱɟɧɢɢ ɬɨɝɨ, ɱɬɨɛɵ ɧɢɤɚɤɨɣ RID-ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɧɟ ɛɵɥ ɜɵɞɟɥɟɧ ɛɨɥɟɟ ɨɞɧɨɝɨ ɪɚɡɚ. ɗɬɨɬ ɩɪɨɰɟɫɫ ɝɚɪɚɧɬɢɪɭɟɬ ɤɚɠɞɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɜ ɞɨɦɟɧɟ ɭɧɢɤɚɥɶɧɭɸ ɡɚɳɢɬɧɭɸ ɨɫɨɛɟɧɧɨɫɬɶ. ȿɫɥɢ ɯɨɡɹɢɧ RID-ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ ɜ ɬɟɱɟɧɢɟ ɤɚɤɨɝɨ-ɬɨ ɜɪɟɦɟɧɢ ɧɟɞɨɫɬɭɩɟɧ, ɩɪɨɰɟɫɫ ɫɨɡɞɚɧɢɹ ɧɨɜɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɧɚ ɨɩɪɟɞɟɥɟɧɧɵɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɦɨɠɟɬ ɛɵɬɶ ɩɪɟɪɜɚɧ. Ɇɟɯɚɧɢɡɦ ɡɚɩɪɨɫɚ ɧɨɜɵɯ ɛɥɨɤɨɜ RID-ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ ɪɚɡɪɚɛɨɬɚɧ ɬɚɤɢɦ ɨɛɪɚɡɨɦ, ɱɬɨɛɵ ɨɩɭɫɬɨɲɟɧɢɹ ɩɭɥɚ ɧɟ ɩɪɨɢɫɯɨɞɢɥɨ, ɜɟɞɶ ɡɚɩɪɨɫ ɞɟɥɚɟɬɫɹ ɪɚɧɶɲɟ, ɱɟɦ ɜɫɟ ɢɦɟɸɳɢɟɫɹ ɜ RID-ɩɭɥɟ ɢɞɟɧɬɢɮɢɤɚɬɨɪɵ ɛɭɞɭɬ ɪɨɡɞɚɧɵ. Ɉɞɧɚɤɨ ɟɫɥɢ ɯɨɡɹɢɧ RID-ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ ɧɚɯɨɞɢɬɫɹ ɜ ɚɜɬɨɧɨɦɧɨɦ ɪɟɠɢɦɟ, ɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɡɚɩɪɚɲɢɜɚɸɳɢɣ ɧɨɜɵɣ ɛɥɨɤ, ɢɫɱɟɪɩɚɟɬ ɨɫɬɚɬɨɤ RID-ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ, ɫɨɡɞɚɧɢɟ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɨɤɨɧɱɢɬɫɹ ɧɟɭɞɚɱɟɣ. ɑɬɨɛɵ ɫɧɨɜɚ ɫɞɟɥɚɬɶ ɜɨɡɦɨɠɧɵɦ ɫɨɡɞɚɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ, ɧɟɨɛɯɨɞɢɦɨ ɢɥɢ ɜɟɪɧɭɬɶ ɨɛɥɚɞɚɬɟɥɹ ɪɨɥɢ ɯɨɡɹɢɧɚ RID-ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ ɜ ɢɧɬɟɪɚɤɬɢɜɧɵɣ ɪɟɠɢɦ, ɢɥɢ ɷɬɚ ɪɨɥɶ ɞɨɥɠɧɚ ɛɵɬɶ ɩɟɪɟɞɚɧɚ ɞɪɭɝɨɦɭ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ ɜ ɞɚɧɧɨɦ ɞɨɦɟɧɟ.
PDC
Ɋɨɥɶ ɷɦɭɥɹɬɨɪɚ PDC ɬɪɟɛɭɟɬɫɹ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ Windows Server 2003 ɦɨɝ ɫɨɫɭɳɟɫɬɜɨɜɚɬɶ ɫ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɸɬɫɹ ɛɨɥɟɟ ɪɚɧɧɢɟ ɜɟɪɫɢɢ, ɱɟɦ Windows 2000. ȼ ɞɨɦɟɧɟ, ɪɚɛɨɬɚɸɳɟɦ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000 mixed (ɫɦɟɲɚɧɧɵɣ), ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫ Windows Server 2003 ɞɟɣɫɬɜɭɟɬ ɤɚɤ ɨɫɧɨɜɧɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ (PDC) ɞɥɹ ɜɫɟɯ ɧɢɡɤɨɭɪɨɜɧɟɜɵɯ (Microsoft Windows NT ɜɟɪɫɢɣ 4 ɢɥɢ 3.51) ɪɟɡɟɪɜɧɵɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ (BDC — Backup Domain Controller). ȼ ɬɚɤɨɣ ɫɪɟɞɟ ɬɪɟɛɭɟɬɫɹ ɷɦɭɥɹɬɨɪ PDC ɞɥɹ ɨɛɪɚɛɨɬɤɢ ɢɡɦɟɧɟɧɢɣ ɩɚɪɨɥɹ, ɪɟɩɥɢɰɢɪɨɜɚɧɢɹ ɢɡɦɟɧɟɧɢɣ ɞɨɦɟɧɚ ɧɚ BDC-ɞɨɦɟɧɵ ɢ ɜɵɩɨɥɧɟɧɢɹ ɫɥɭɠɛɵ ɝɥɚɜɧɨɝɨ ɛɪɚɭɡɟɪɚ ɞɨɦɟɧɚ (Domain Master Browser Service). ȿɫɥɢ ɷɦɭɥɹɬɨɪ PDC ɧɟɞɨɫɬɭɩɟɧ, ɜɫɟ ɫɨɛɵɬɢɹ, ɫɜɹɡɚɧɧɵɟ ɫɨ ɫɥɭɠɛɚɦɢ, ɢɧɢɰɢɢɪɨɜɚɧɧɵɦɢ ɧɢɡɤɨɭɪɨɜɧɟɜɵɦɢ ɤɥɢɟɧɬɚɦɢ, ɨɤɨɧɱɚɬɫɹ ɧɟɭɞɚɱɟɣ. ȼ ɞɨɦɟɧɚɯ, ɢɦɟɸɳɢɯ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ Windows 2000 native (ɨɫɧɨɜɧɨɣ) ɢɥɢ Windows Server 2003, ɷɦɭɥɹɬɨɪ PDC ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɛɫɥɭɠɢɜɚɧɢɹ ɦɨɞɢɮɢɤɚɰɢɣ ɩɚɪɨɥɹ. ȼɫɟ ɢɡɦɟɧɟɧɢɹ ɩɚɪɨɥɹ, ɫɞɟɥɚɧɧɵɟ ɧɚ ɞɪɭɝɢɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ, ɩɨɫɵɥɚɸɬɫɹ ɷɦɭɥɹɬɨɪɭ PDC. ȿɫɥɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ, ɧɟ ɹɜɥɹɸɳɢɯɫɹ ɷɦɭɥɹɬɨɪɚɦɢ PDC, ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɢɞɟɧɬɢɮɢɤɚɰɢɹ ɬɟɪɩɢɬ ɧɟɭɞɚɱɭ, ɢɞɟɧɬɢɮɢɤɚɰɢɹ ɩɨɜɬɨɪɹɟɬɫɹ ɧɚ ɷɦɭɥɹɬɨɪɟ PDC. ȿɫɥɢ ɷɦɭɥɹɬɨɪ PDC ɩɪɢɧɢɦɚɥ ɧɟɞɚɜɧɟɟ ɢɡɦɟɧɟɧɢɟ ɩɚɪɨɥɹ ɤ ɷɬɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ, ɢɞɟɧɬɢɮɢɤɚɰɢɹ ɩɪɨɣɞɟɬ ɭɫɩɟɲɧɨ. ɏɨɡɹɢɧ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɨɬɜɟɬɫɬɜɟɧɟɧ ɡɚ ɨɛɧɨɜɥɟɧɢɟ ɫɩɪɚɜɨɱɧɢɤɨɜ ɝɪɭɩɩɨɜɨɣ ɩɪɢɧɚɞɥɟɠɧɨɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ. Ɋɨɥɶ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɝɚɪɚɧɬɢɪɭɟɬ, ɱɬɨ ɢɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɜ ɧɚɡɜɚɧɢɹɯ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɛɭɞɭɬ ɨɬɪɚɠɟɧɵ ɜ ɢɧɮɨɪɦɚɰɢɢ ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ ɞɥɹ ɝɪɭɩɩ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɧɚ ɪɚɡɥɢɱɧɵɯ ɞɨɦɟɧɚɯ. ɏɨɡɹɢɧ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɩɨɞɞɟɪɠɢɜɚɟɬ ɧɨɜɟɣɲɢɣ ɫɩɢɫɨɤ ɷɬɢɯ ɫɩɪɚɜɨɱɧɢɤɨɜ ɢ ɪɟɩɥɢɰɢɪɭɟɬ ɷɬɭ ɢɧɮɨɪɦɚɰɢɸ ɧɚ ɜɫɟ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. ȿɫɥɢ ɯɨɡɹɢɧ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɧɟɞɨɫɬɭɩɟɧ, ɫɩɪɚɜɨɱɧɢɤɢ ɝɪɭɩɩɨɜɨɣ ɩɪɢɧɚɞɥɟɠɧɨɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ ɭɫɬɚɪɟɜɚɸɬ.
Ɋɨɥɢ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɦɨɝɭɬ ɩɟɪɟɞɚɜɚɬɶɫɹ ɞɪɭɝɨɦɭ ɞɨɦɟɧɭ ɞɥɹ ɨɩɬɢɦɢɡɚɰɢɢ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɢɥɢ ɞɥɹ ɡɚɦɟɧɵ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɟɫɥɢ ɞɟɪɠɚɬɟɥɶ ɪɨɥɢ ɫɬɚɥ ɧɟɞɨɫɬɭɩɟɧ. ɉɪɨɰɟɫɫ ɩɟɪɟɞɚɱɢ ɪɨɥɢ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɡɚɜɢɫɢɬ ɨɬ ɩɟɪɟɞɚɜɚɟɦɨɣ ɪɨɥɢ. ɋɭɳɟɫɬɜɭɸɬ ɫɥɟɞɭɸɳɢɟ
ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ ɞɥɹ ɩɟɪɟɞɚɱɢ ɪɨɥɟɣ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ: • ɯɨɡɹɢɧ ɫɯɟɦɵ - ɨɫɧɚɫɬɤɚ Active Directory Schema; • ɯɨɡɹɢɧ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ — ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Domains And Trusts (Ⱦɨɦɟɧɵ ɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ Active Directory); • ɯɨɡɹɢɧ RID, ɷɦɭɥɹɬɨɪɚ PDC ɢ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ — ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory). Ⱦɥɹ ɩɟɪɟɞɚɱɢ ɪɨɥɢ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɞɨɥɠɧɚ ɮɭɧɤɰɢɨɧɢɪɨɜɚɬɶ ɫɜɹɡɶ ɫ ɨɛɨɢɦɢ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ: ɬɟɤɭɳɢɦ ɢ ɩɪɟɞɥɚɝɚɟɦɵɦ ɞɟɪɠɚɬɟɥɟɦ ɪɨɥɢ. ȼ ɫɥɭɱɚɟ ɨɬɤɚɡɚ ɫɟɪɜɟɪɚ ɬɟɤɭɳɢɣ ɞɟɪɠɚɬɟɥɶ ɪɨɥɢ ɦɨɠɟɬ ɛɵɬɶ ɧɟɞɨɫɬɭɩɟɧ ɞɥɹ ɨɫɭɳɟɫɬɜɥɟɧɢɹ ɩɟɪɟɞɚɱɢ ɪɨɥɢ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɪɨɥɶ ɦɨɠɟɬ ɛɵɬɶ ɡɚɯɜɚɱɟɧɚ. Ɂɚɯɜɚɬɵɜɚɬɶ ɪɨɥɶ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɫɥɟɞɭɟɬ ɬɨɥɶɤɨ ɜ ɫɥɭɱɚɟ ɤɪɚɣɧɟɣ ɧɟɨɛɯɨɞɢɦɨɫɬɢ, ɟɫɥɢ ɭɤɚɡɚɧɨ, ɱɬɨ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɞɟɪɠɚɬɟɥɶ ɷɬɨɣ ɪɨɥɢ, ɛɭɞɟɬ ɧɟɞɨɫɬɭɩɟɧ ɜ ɬɟɱɟɧɢɟ ɞɥɢɬɟɥɶɧɨɝɨ ɩɟɪɢɨɞɚ ɜɪɟɦɟɧɢ. ɉɨɞɪɨɛɧɟɟ ɨ ɡɚɯɜɚɬɟ ɪɨɥɟɣ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɫɦ. ɝɥ. 15.
ɋɯɟɦɚ ɨɩɪɟɞɟɥɹɟɬ ɤɚɠɞɵɣ ɬɢɩ ɨɛɴɟɤɬɚ, ɤɨɬɨɪɵɣ ɦɨɠɧɨ ɫɨɯɪɚɧɹɬɶ ɜ Active Directory. ɉɪɟɠɞɟ ɱɟɦ ɫɨɡɞɚɜɚɬɶ ɨɛɴɟɤɬ ɜ Active Directory, ɟɝɨ ɧɚɞɨ ɫɧɚɱɚɥɚ ɨɩɪɟɞɟɥɢɬɶ ɜ ɫɯɟɦɟ. ɋɯɟɦɚ ɩɪɟɞɩɢɫɵɜɚɟɬ ɩɪɚɜɢɥɚ, ɤɚɫɚɸɳɢɟɫɹ ɫɨɡɞɚɧɢɹ ɨɛɴɟɤɬɨɜ ɜ ɛɚɡɟ ɞɚɧɧɵɯ. ɗɬɢ ɩɪɚɜɢɥɚ ɨɩɪɟɞɟɥɹɸɬ ɢɧɮɨɪɦɚɰɢɸ, ɤɨɬɨɪɚɹ ɦɨɠɟɬ ɛɵɬɶ ɫɨɯɪɚɧɟɧɚ ɫ ɤɚɠɞɵɦ ɨɛɴɟɤɬɨɦ, ɢ ɬɢɩ ɞɚɧɧɵɯ, ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɯ ɷɬɨɣ ɢɧɮɨɪɦɚɰɢɢ. ɋɯɟɦɚ ɫɨɫɬɨɢɬ ɢɡ ɨɛɴɟɤɬɨɜ ɤɥɚɫɫɨɜ ɢ ɚɬɪɢɛɭɬɨɜ. ɨɩɪɟɞɟɥɹɟɬ ɬɨ, ɤɚɤɢɟ ɧɨɜɵɟ ɨɛɴɟɤɬɵ ɦɨɝɭɬ ɛɵɬɶ ɫɨɡɞɚɧɵ ɜ ɤɚɬɚɥɨɝɟ. Ⱦɥɹ ɤɚɠɞɨɝɨ ɫɨɡɞɚɜɚɟɦɨɝɨ ɜ ɤɚɬɚɥɨɝɟ ɨɛɴɟɤɬɚ ɫɧɚɱɚɥɚ ɞɨɥɠɟɧ ɛɵɬɶ ɨɩɪɟɞɟɥɟɧ ɤɥɚɫɫ. ɉɪɢɦɟɪ ɨɛɴɟɤɬɚ ɤɥɚɫɫɚ — ɤɥɚɫɫ User (ɉɨɥɶɡɨɜɚɬɟɥɶ). ȼɫɟ ɧɨɜɵɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɨɛɴɟɤɬɵ, ɫɨɡɞɚɧɧɵɟ ɜ Active Directory, ɹɜɥɹɸɬɫɹ ɷɤɡɟɦɩɥɹɪɚɦɢ ɤɥɚɫɫɚ User. ɋɯɟɦɚ ɨɩɪɟɞɟɥɹɟɬ ɢ ɬɨ, ɤɚɤɚɹ ɢɧɮɨɪɦɚɰɢɹ ɦɨɠɟɬ ɫɨɯɪɚɧɹɬɶɫɹ ɞɥɹ ɤɚɠɞɨɝɨ ɤɥɚɫɫɚ ɨɛɴɟɤɬɚ. ɗɬɚ ɢɧɮɨɪɦɚɰɢɹ ɨɩɪɟɞɟɥɹɟɬɫɹ ɜ ɫɯɟɦɟ ɤɚɤ . Ɉɛɴɟɤɬ ɧɟɤɨɬɨɪɨɝɨ ɤɥɚɫɫɚ ɦɨɠɟɬ ɫɨɞɟɪɠɚɬɶ ɡɧɚɱɟɧɢɹ ɞɥɹ ɜɫɟɯ ɚɬɪɢɛɭɬɨɜ, ɨɩɪɟɞɟɥɟɧɧɵɯ ɞɥɹ ɷɬɨɝɨ ɤɥɚɫɫɚ, ɚ ɬɚɤɠɟ ɞɥɹ ɜɫɟɯ ɪɨɞɢɬɟɥɶɫɤɢɯ ɤɥɚɫɫɨɜ ɷɬɨɝɨ ɤɥɚɫɫɚ. ɇɚɩɪɢɦɟɪ, ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɦɨɠɟɬ ɢɦɟɬɶ ɨɩɪɟɞɟɥɟɧɧɵɟ ɡɧɚɱɟɧɢɹ ɚɬɪɢɛɭɬɨɜ ɞɥɹ ɜɫɟɯ ɨɛɴɟɤɬɨɜ ɜ ɤɥɚɫɫɟ User, ɬɚɤ ɠɟ ɤɚɤ ɢ ɞɥɹ ɤɥɚɫɫɚ
organizationalPerson, ɹɜɥɹɸɳɟɝɨɫɹ ɪɨɞɢɬɟɥɶɫɤɢɦ ɤɥɚɫɫɨɦ ɤɥɚɫɫɚ User. ɉɪɢ ɫɨɡɞɚɧɢɢ ɧɨɜɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɨɛɴɟɤɬɚ ɜɵ ɦɨɠɟɬɟ ɜɤɥɸɱɚɬɶ ɢɧɮɨɪɦɚɰɢɸ, ɤɚɫɚɸɳɭɸɫɹ ɷɬɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢ ɨɩɪɟɞɟɥɹɟɦɭɸ ɜ ɫɯɟɦɟ, ɜ ɤɚɱɟɫɬɜɟ ɚɬɪɢɛɭɬɚ ɜɫɟɯ ɤɥɚɫɫɨɜ, ɤ ɤɨɬɨɪɵɦ ɷɬɨɬ ɧɨɜɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɨɛɴɟɤɬ ɛɭɞɟɬ ɩɪɢɧɚɞɥɟɠɚɬɶ. Ɍɢɩ ɞɚɧɧɵɯ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɯɪɚɧɢɬɶɫɹ ɜ Active Directory ɞɥɹ ɤɚɠɞɨɝɨ ɚɬɪɢɛɭɬɚ, ɨɩɪɟɞɟɥɟɧ ɜ ɫɯɟɦɟ ɤɚɤ ɚɬɪɢɛɭɬɚ. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɤɥɚɫɫ ɫɨɞɟɪɠɢɬ ɚɬɪɢɛɭɬ, ɧɚɡɜɚɧɧɵɣ display Name, ɫɢɧɬɚɤɫɢɫ ɞɥɹ ɷɬɨɝɨ ɚɬɪɢɛɭɬɚ ɨɩɪɟɞɟɥɹɟɬɫɹ ɤɚɤ ɫɬɪɨɤɨɜɨɟ ɡɧɚɱɟɧɢɟ, ɤɨɬɨɪɨɟ ɦɨɠɟɬ ɛɵɬɶ ɥɸɛɵɦ ɚɥɮɚɜɢɬɧɨ-ɰɢɮɪɨɜɵɦ ɫɢɦɜɨɥɨɦ. Ɂɧɚɱɟɧɢɟ ɤɚɠɞɨɝɨ ɚɬɪɢɛɭɬɚ ɞɨɥɠɧɨ ɭɞɨɜɥɟɬɜɨɪɹɬɶ ɬɪɟɛɨɜɚɧɢɹɦ ɫɢɧɬɚɤɫɢɫɚ ɷɬɨɝɨ ɚɬɪɢɛɭɬɚ. ɋɯɟɦɚ Active Directory ɩɨɞɞɟɪɠɢɜɚɟɬ ɧɚɫɥɟɞɨɜɚɧɢɟ ɨɛɴɟɤɬɨɜ ɤɥɚɫɫɚ. ȼɫɟ ɨɛɴɟɤɬɵ ɫɯɟɦɵ ɨɪɝɚɧɢɡɨɜɚɧɵ ɜ ɢɟɪɚɪɯɢɱɟɫɤɨɦ ɩɨɪɹɞɤɟ ɜ ɤɨɧɬɟɤɫɬɟ ɢɦɟɧɨɜɚɧɢɹ. Ȼɥɚɝɨɞɚɪɹ ɷɬɨɦɭ ɥɸɛɨɣ ɨɛɴɟɤɬ ɤɥɚɫɫɚ ɫɩɨɫɨɛɟɧ ɭɧɚɫɥɟɞɨɜɚɬɶ ɜɫɟ ɯɚɪɚɤɬɟɪɢɫɬɢɤɢ ɨɛɴɟɤɬɚ ɫɜɨɟɝɨ ɪɨɞɢɬɟɥɶɫɤɨɝɨ ɤɥɚɫɫɚ. ɇɚɩɪɢɦɟɪ, ɤɥɚɫɫ Computer (Ʉɨɦɩɶɸɬɟɪ) ɮɚɤɬɢɱɟɫɤɢ ɹɜɥɹɟɬɫɹ ɞɨɱɟɪɧɢɦ ɤɥɚɫɫɨɦ ɨɬ ɤɥɚɫɫɚ User (ɉɨɥɶɡɨɜɚɬɟɥɶ), ɢ ɩɨɷɬɨɦɭ ɤɥɚɫɫ Computer ɧɚɫɥɟɞɭɟɬ ɜɫɟ ɚɬɪɢɛɭɬɵ, ɫɜɹɡɚɧɧɵɟ ɫ ɤɥɚɫɫɨɦ User. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɤɥɚɫɫ Computer ɚɫɫɨɰɢɢɪɭɟɬɫɹ ɫ ɚɬɪɢɛɭɬɚɦɢ, ɫɩɟɰɢɮɢɱɟɫɤɢɦɢ ɞɥɹ ɷɬɨɝɨ ɤɥɚɫɫɚ. ɋ ɩɨɦɨɳɶɸ ɨɫɧɚɫɬɤɢ Active Directory Schema ɜɵ ɦɨɠɟɬɟ ɭɜɢɞɟɬɶ ɨɪɝɚɧɢɡɚɰɢɸ ɧɚɫɥɟɞɨɜɚɧɢɹ ɨɛɴɟɤɬɨɜ ɤɥɚɫɫɚ ɢ ɢɟɪɚɪɯɢɸ ɨɛɴɟɤɬɨɜ ɤɥɚɫɫɚ. ɇɚ ɪɢɫɭɧɤɟ 2-1 ɩɨɤɚɡɚɧ ɤɥɚɫɫ Computer (Ʉɨɦɩɶɸɬɟɪ). Ɉɛɪɚɬɢɬɟ ɜɧɢɦɚɧɢɟ, ɱɬɨ ɨɧ ɹɜɥɹɟɬɫɹ ɞɨɱɟɪɧɢɦ ɩɨ ɨɬɧɨɲɟɧɢɸ ɤ ɤɥɚɫɫɭ User, ɤɨɬɨɪɵɣ ɹɜɥɹɟɬɫɹ ɞɨɱɟɪɧɢɦ ɤɥɚɫɫɨɦ ɤɥɚɫɫɚ organizationalPerson, ɢ ɬ.ɞ. ɗɬɚ ɫɢɫɬɟɦɚ ɧɚɫɥɟɞɨɜɚɧɢɹ ɡɧɚɱɢɬɟɥɶɧɨ ɨɛɥɟɝɱɚɟɬ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ ɫɨɡɞɚɧɢɟ ɧɨɜɵɯ ɤɥɚɫɫɨɜ ɨɛɴɟɤɬɨɜ, ɩɨɬɨɦɭ ɱɬɨ ɨɧɢ ɧɟ ɞɨɥɠɧɵ ɨɩɪɟɞɟɥɹɬɶ ɤɚɠɞɵɣ ɚɬɪɢɛɭɬ, ɫɜɹɡɚɧɧɵɣ ɫ ɧɨɜɵɦ ɤɥɚɫɫɨɦ, ɚ ɦɨɝɭɬ ɩɪɨɫɬɨ ɭɧɚɫɥɟɞɨɜɚɬɶ ɜɫɟ ɨɛɴɟɞɢɧɟɧɢɹ ɚɬɪɢɛɭɬɨɜ ɩɨɞɯɨɞɹɳɟɝɨ ɪɨɞɢɬɟɥɶɫɤɨɝɨ ɤɥɚɫɫɚ.
. 2-1.
Computer (
),
Active Directory Schema
ɋɯɟɦɚ Active Directory ɫɨɞɟɪɠɢɬ ɛɨɥɶɲɢɧɫɬɜɨ ɩɨɫɬɨɹɧɧɨ ɢɫɩɨɥɶɡɭɟɦɵɯ ɤɥɚɫɫɨɜ ɢ ɚɬɪɢɛɭɬɨɜ, ɧɟɨɛɯɨɞɢɦɵɯ ɞɥɹ ɪɟɚɥɢɡɚɰɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɩɪɟɞɩɪɢɹɬɢɹ. ɗɬɢ ɚɬɪɢɛɭɬɵ ɢ ɤɥɚɫɫɵ ɨɩɪɟɞɟɥɹɸɬɫɹ ɤɚɤ ɨɛɴɟɤɬɵ Category 1 (Ʉɚɬɟɝɨɪɢɹ 1), ɢɥɢ ɨɫɧɨɜɧɵɟ ɨɛɴɟɤɬɵ ɫɯɟɦɵ. Ⱦɥɹ ɩɨɞɞɟɪɠɤɢ ɤɥɚɫɫɨɜ ɢ ɚɬɪɢɛɭɬɨɜ, ɨɩɪɟɞɟɥɹɟɦɵɯ ɤɥɢɟɧɬɨɦ, ɩɪɢ ɪɚɡɪɚɛɨɬɤɟ ɫɯɟɦɵ Active Directory ɡɚɤɥɚɞɵɜɚɥɢɫɶ ɜɨɡɦɨɠɧɨɫɬɢ ɟɟ ɪɚɫɲɢɪɟɧɢɹ. Ⱦɪɭɝɢɦɢ ɫɥɨɜɚɦɢ, ɨɧɚ ɦɨɠɟɬ ɛɵɬɶ ɢɡɦɟɧɟɧɚ ɞɥɹ ɜɤɥɸɱɟɧɢɹ ɧɨɜɵɯ ɨɛɴɟɤɬɨɜ ɤɥɚɫɫɨɜ ɢ ɚɬɪɢɛɭɬɨɜ, ɜ ɤɨɬɨɪɵɯ, ɜɨɡɦɨɠɧɨ, ɧɭɠɞɚɟɬɫɹ ɨɪɝɚɧɢɡɚɰɢɹ. Ɉɛɴɟɤɬɵ ɫɯɟɦɵ, ɤɨɬɨɪɵɟ ɫɨɡɞɚɸɬɫɹ ɩɨɡɞɧɟɟ, ɨɩɪɟɞɟɥɹɸɬɫɹ ɤɚɤ ɨɛɴɟɤɬɵ Category 2 (Ʉɚɬɟɝɨɪɢɹ 2). ɋɯɟɦɭ ɨɛɵɱɧɨ ɪɚɫɲɢɪɹɸɬ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɨɧɚ ɭɞɨɜɥɟɬɜɨɪɹɥɚ ɩɨɬɪɟɛɧɨɫɬɹɦ ɩɪɢɥɨɠɟɧɢɣ, ɩɨɥɶɡɭɸɳɢɯɫɹ ɩɨɞɞɟɪɠɤɨɣ Active Directory. ɏɨɪɨɲɢɦ ɩɪɢɦɟɪɨɦ ɬɚɤɨɝɨ ɩɪɢɥɨɠɟɧɢɹ ɹɜɥɹɟɬɫɹ Microsoft Exchange Server 2000, ɞɥɹ ɩɨɞɞɟɪɠɤɢ ɤɨɬɨɪɨɝɨ ɩɪɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɢ Active Directory ɛɵɥɨ ɫɞɟɥɚɧɨ ɛɨɥɟɟ ɬɵɫɹɱɢ ɞɨɩɨɥɧɟɧɢɣ ɤ ɫɯɟɦɟ. Ʉɪɨɦɟ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɩɪɢɥɨɠɟɧɢɣ, ɩɨɥɶɡɭɸɳɢɯɫɹ ɩɨɞɞɟɪɠɤɨɣ Active Directory, ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɦɨɝɭɬ ɪɚɫɲɢɪɹɬɶ ɫɯɟɦɭ ɞɪɭɝɢɦɢ ɦɟɬɨɞɚɦɢ. ɗɬɨ ɦɨɠɧɨ ɫɞɟɥɚɬɶ ɜ ɩɚɤɟɬɧɨɦ ɪɟɠɢɦɟ ɫ ɩɨɦɨɳɶɸ ɫɪɟɞɫɬɜ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ ɫ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɨɣ, ɜɤɥɸɱɚɹ ɢɧɫɬɪɭɦɟɧɬɵ LDAP Data Interchange Format Directory Exchange (LDIFDE) ɢ Comma Separated Value Directory Exchange (CSVDE). ɋɯɟɦɚ ɦɨɠɟɬ ɛɵɬɶ ɪɚɫɲɢɪɟɧɚ ɩɪɨɝɪɚɦɦɧɨ, ɢɫɩɨɥɶɡɭɹ Active Directory Service Interfaces (ADSI) ɢ ɫɰɟɧɚɪɢɢ Microsoft Visual Basic. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨɛ ɢɧɫɬɪɭɦɟɧɬɚɯ LDIFDE ɢɥɢ CSVDE ɧɚɩɟɱɚɬɚɣɬɟ ɧɚɡɜɚɧɢɟ ɤɨɦɚɧɞɵ ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɞɥɹ ɜɵɡɨɜɚ ɨɧɥɚɣɧɨɜɨɣ ɩɨɞɫɤɚɡɤɢ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨɛ ADSI ɢ ADSI Edit ɨɛɪɚɬɢɬɟɫɶ ɤ ɤɨɦɩɥɟɤɬɭ ɪɚɡɪɚɛɨɬɤɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ Microsoft Windows Platform (SDK), ɤɨɬɨɪɵɣ ɦɨɠɧɨ ɡɚɝɪɭɡɢɬɶ ɢɥɢ ɡɚɤɚɡɚɬɶ ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤɟ ɧɚ ɫɚɣɬɟ http:// www.microsoft.com/msdownload/platformsdk/sdkupdate. ac ADSI Platform SDK ɦɨɠɧɨ ɩɪɨɫɦɨɬɪɟɬɶ ɢɧɬɟɪɚɤɬɢɜɧɨ ɧɚ ɫɚɣɬɟ http://msdn.microsoft.com/library/default.asp?url=/library/ en-us/netdir/adsi/directory_services.asp. ɋɯɟɦɚ ɦɨɠɟɬ ɛɵɬɶ ɢɡɦɟɧɟɧɚ ɱɟɪɟɡ ɢɧɬɟɪɮɟɣɫ ɩɨɥɶɡɨɜɚɬɟɥɹ Windows Server 2003 ɫ ɩɨɦɨɳɶɸ ɨɫɧɚɫɬɤɢ Active Directory Schema. ɋɧɚɱɚɥɚ ɧɭɠɧɨ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɬɶ ɨɫɧɚɫɬɤɭ, ɜɵɩɨɥɧɢɜ ɤɨɦɚɧɞɭ Regsvr32 Schmmgmt.dll ɢɡ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ. Ⱦɥɹ ɢɡɦɟɧɟɧɢɹ ɫɯɟɦɵ ɜɵ ɞɨɥɠɧɵ ɛɵɬɶ ɱɥɟɧɨɦ ɝɥɨɛɚɥɶɧɨɣ ɝɪɭɩɩɵ Schema Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɫɯɟɦɵ). ɑɬɨɛɵ ɩɨɧɹɬɶ, ɤɚɤ ɪɚɛɨɬɚɟɬ ɢɡɦɟɧɟɧɢɟ ɫɯɟɦɵ, ɩɪɟɞɫɬɚɜɶɬɟ ɫɟɛɟ, ɱɬɨ ɨɪɝɚɧɢɡɚɰɢɢ ɧɟɨɛɯɨɞɢɦɨ ɫɨɯɪɚɧɹɬɶ ɡɚɩɢɫɢ ɨ ɞɚɬɚɯ, ɤɨɝɞɚ ɫɥɭɠɚɳɢɟ ɩɪɢɫɬɭɩɢɥɢ ɤ ɪɚɛɨɬɟ, ɬ.ɟ. ɫɨɯɪɚɧɹɬɶ ɞɚɬɭ ɧɚɱɚɥɚ ɪɚɛɨɬɵ ɫɥɭɠɚɳɟɝɨ ɤɚɤ ɚɬɪɢɛɭɬ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɨɛɴɟɤɬɚ ɜ Active Directory. ɑɬɨɛɵ ɷɬɨɬ ɚɬɪɢɛɭɬ ɛɵɥ ɞɨɫɬɭɩɟɧ ɩɪɢ ɫɨɡɞɚɧɢɢ ɤɚɠɞɨɝɨ ɧɨɜɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɨɛɴɟɤɬɚ, ɨɧ ɫɧɚɱɚɥɚ ɞɨɥɠɟɧ ɛɵɬɶ ɨɩɪɟɞɟɥɟɧ ɜ ɫɯɟɦɟ. ɋ ɩɨɦɨɳɶɸ ɨɫɧɚɫɬɤɢ Active Directory Schema ɜɵ ɦɨɠɟɬɟ ɞɨɛɚɜɢɬɶ ɧɨɜɵɣ ɚɬɪɢɛɭɬ ɤ ɫɯɟɦɟ ɢ ɫɜɹɡɚɬɶ ɟɝɨ ɫ ɨɛɴɟɤɬɨɦ ɤɥɚɫɫɚ User. Ⱦɥɹ ɷɬɨɝɨ ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɲɚɝɢ. 1. Ɉɬɤɪɨɣɬɟ ɨɫɧɚɫɬɤɭ Active Directory Schema (ɋɯɟɦɚ Active Directory). 2. ȼɵɛɟɪɢɬɟ ɩɚɩɤɭ Attributes (Ⱥɬɪɢɛɭɬɵ) ɧɚ ɩɚɧɟɥɢ ɞɟɪɟɜɚ. 3. ȼ ɦɟɧɸ Action (Ⱦɟɣɫɬɜɢɟ) ɳɟɥɤɧɢɬɟ ɧɚ Create Attribute (ɋɨɡɞɚɬɶ ɚɬɪɢɛɭɬ).
4. ȼ ɨɤɧɟ ɩɪɟɞɭɩɪɟɠɞɟɧɢɹ Schema Object Creation (ɋɨɡɞɚɧɢɟ ɨɛɴɟɤɬɚ ɫɯɟɦɵ) ɳɟɥɤɧɢɬɟ ɧɚ Continue (ɉɪɨɞɨɥɠɢɬɶ). 5. ȼ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Create New Attribute (ɋɨɡɞɚɧɢɟ ɧɨɜɨɝɨ ɚɬɪɢɛɭɬɚ) ɜɜɟɞɢɬɟ ɢɧɮɨɪɦɚɰɢɸ ɜ ɪɚɡɞɟɥ Identification (ɂɞɟɧɬɢɮɢɤɚɰɢɹ): • Common Name (ɨɛɵɱɧɨɟ ɢɦɹ); • LDAP Display Name (ɨɬɨɛɪɚɠɚɟɦɨɟ LDAP-ɢɦɹ); • Unique X500 Object ID (ɭɧɢɤɚɥɶɧɵɣ ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɨɛɴɟɤɬɚ ɏ500); • Description (ɨɩɢɫɚɧɢɟ). 6. ȼ ɪɚɡɞɟɥɟ Syntax And Range (ɋɢɧɬɚɤɫɢɫ ɢ ɞɢɚɩɚɡɨɧ) ɜɧɟɫɢɬɟ ɢɧɮɨɪɦɚɰɢɸ ɜ ɩɨɥɹ: • Syntax (ɫɢɧɬɚɤɫɢɫ); • Minimum (ɦɢɧɢɦɭɦ); • Maximum (ɦɚɤɫɢɦɭɦ). 7. ȼɵɛɟɪɢɬɟ, ɛɭɞɟɬ ɥɢ ɧɨɜɵɣ ɚɬɪɢɛɭɬ ɦɧɨɝɨɡɧɚɱɧɵɦ (Multi-Valued) ɚɬɪɢɛɭɬɨɦ. ɉɨɞɪɨɛɧɚɹ ɢɧɮɨɪɦɚɰɢɹ, ɤɚɫɚɸɳɚɹɫɹ ɫɨɞɟɪɠɚɧɢɹ ɤɚɠɞɨɝɨ ɩɨɥɹ, ɫɬɚɧɨɜɢɬɫɹ ɞɨɫɬɭɩɧɨɣ ɩɪɢ ɜɵɛɨɪɟ ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɝɨ ɬɟɤɫɬɨɜɨɝɨ ɩɨɥɹ ɢ ɧɚɠɚɬɢɢ ɤɥɚɜɢɲɢ F1. 500 Object ID ɂɧɨɝɞɚ ɞɜɚ ɩɪɢɥɨɠɟɧɢɹ ɦɨɝɭɬ ɩɨɩɵɬɚɬɶɫɹ ɫɞɟɥɚɬɶ ɧɟɫɨɜɦɟɫɬɢɦɵɟ ɦɨɞɢɮɢɤɚɰɢɢ ɜ ɫɯɟɦɟ. ɑɬɨɛɵ ɪɟɲɢɬɶ ɷɬɭ ɩɪɨɛɥɟɦɭ, ɤɚɠɞɵɣ ɤɥɚɫɫ ɢ ɚɬɪɢɛɭɬ ɜ Active Directory ɦɨɝɭɬ ɛɵɬɶ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɧɵ ɭɧɢɤɚɥɶɧɵɦ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɦ ɨɛɴɟɤɬɚ (OID — Object Identifier) ɞɥɹ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɞɪɭɝɨɣ ɨɛɴɟɤɬ ɫɯɟɦɵ ɧɟ ɢɫɩɨɥɶɡɭɟɬ ɬɨɬ ɠɟ ɫɚɦɵɣ OID. Ɉɪɝɚɧɢɡɚɰɢɹ, ɩɥɚɧɢɪɭɸɳɚɹ ɫɨɡɞɚɧɢɟ ɧɨɜɵɯ OID, ɞɨɥɠɧɚ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɬɶɫɹ ɜ Ɇɟɠɞɭɧɚɪɨɞɧɨɣ ɨɪɝɚɧɢɡɚɰɢɢ ɩɨ ɫɬɚɧɞɚɪɬɢɡɚɰɢɢ (ISO — International Standards Organization) ɢɥɢ ɜ Ⱥɦɟɪɢɤɚɧɫɤɨɦ ɧɚɰɢɨɧɚɥɶɧɨɦ ɢɧɫɬɢɬɭɬɟ ɫɬɚɧɞɚɪɬɨɜ (ANSI - American National Standards Institute). ɉɪɢ ɪɟɝɢɫɬɪɚɰɢɢ ɨɪɝɚɧɢɡɚɰɢɹ ɫɬɚɧɞɚɪɬɨɜ ɜɵɞɟɥɢɬ ɜɚɦ ɱɚɫɬɶ ɩɪɨɫɬɪɚɧɫɬɜɚ OID, ɤɨɬɨɪɨɟ ɡɚɬɟɦ ɦɨɠɧɨ ɪɚɫɲɢɪɹɬɶ ɞɥɹ ɭɞɨɜɥɟɬɜɨɪɟɧɢɹ ɫɜɨɢɯ ɩɨɬɪɟɛɧɨɫɬɟɣ. ɇɚɩɪɢɦɟɪ, ɤɨɦɩɚɧɢɢ ɦɨɠɟɬ ɛɵɬɶ ɩɪɟɞɨɫɬɚɜɥɟɧɨ ɱɢɫɥɨ ɬɢɩɚ 1.2.840.ɏɏɏɏ. Ɉɧɨ ɨɪɝɚɧɢɡɨɜɚɧɨ ɜ ɢɟɪɚɪɯɢɱɟɫɤɨɦ ɩɨɪɹɞɤɟ ɢ ɫɨɞɟɪɠɢɬ ɫɥɟɞɭɸɳɢɟ ɱɚɫɬɢ: • 1 - ISO; • 2-ANSI; • 840 - ɋɨɟɞɢɧɟɧɧɵɟ ɒɬɚɬɵ Ⱥɦɟɪɢɤɢ; • ɏɏɏɏ — ɭɧɢɤɚɥɶɧɨɟ ɱɢɫɥɨ, ɢɞɟɧɬɢɮɢɰɢɪɭɸɳɟɟ ɜɚɲɭ ɤɨɦɩɚɧɢɸ. Ʉɚɤ ɬɨɥɶɤɨ ɜɵ ɩɨɥɭɱɢɥɢ ɷɬɨ ɱɢɫɥɨ, ɦɨɠɧɨ ɭɩɪɚɜɥɹɬɶ ɫɜɨɟɣ ɫɨɛɫɬɜɟɧɧɨɣ ɱɚɫɬɶɸ ɢɟɪɚɪɯɢɢ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ ɧɨɜɵɣ ɚɬɪɢɛɭɬ ɫ ɢɦɟɧɟɦ Employee Start Date (Ⱦɚɬɚ ɧɚɱɚɥɚ ɪɚɛɨɬɵ ɫɥɭɠɚɳɟɝɨ), ɟɦɭ ɦɨɠɧɨ ɧɚɡɧɚɱɢɬɶ ɱɢɫɥɨ ɬɢɩɚ 1.2.840.ɏɏɏɏ.12. ɉɭɫɬɶ OID ɞɥɹ ɤɨɧɬɚɤɬɚ ɜ Active Directory ɡɚɞɚɧ ɜ ɜɢɞɟ 1.2.840.113556.1.5.15. ɉɟɪɜɵɟ ɬɪɢ ɱɚɫɬɢ ɱɢɫɥɚ ɜɵɞɟɥɟɧɵ ɞɥɹ ISO, ANSI ɢ ɋɒȺ ɫɨɨɬɜɟɬɫɬɜɟɧɧɨ. ɑɢɫɥɨ 113556 ANSI ɩɪɟɞɨɫɬɚɜɢɥ ɤɨɦɩɚɧɢɢ Microsoft, ɤɨɬɨɪɚɹ ɧɚɡɧɚɱɢɥɚ 1 - ɧɚ Active Directory, 5 — ɧɚ ɤɥɚɫɫɵ Active Directory, 15 ɧɚ ɤɥɚɫɫ Contact (Ʉɨɧɬɚɤɬ). Ʉɨɦɩɥɟɤɬ ɪɟɫɭɪɫɨɜ Microsoft Windows Server 2000 Resource Kit ɫɨɞɟɪɠɢɬ ɢɧɫɬɪɭɦɟɧɬ ɩɨ ɢɦɟɧɢ OIDGen, ɤɨɬɨɪɵɣ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɫɨɡɞɚɧɢɹ ɭɧɢɤɚɥɶɧɵɯ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ OID ɞɥɹ ɤɥɚɫɫɨɜ ɢɥɢ ɚɬɪɢɛɭɬɨɜ ɨɛɴɟɤɬɚ ɛɟɡ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɪɟɝɢɫɬɪɢɪɨɜɚɬɶ OID. ɗɬɨɬ ɢɧɫɬɪɭɦɟɧɬ ɧɟ ɞɨɥɠɟɧ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ, ɟɫɥɢ ɫɯɟɦɚ ɛɭɞɟɬ ɪɚɡɜɟɪɬɵɜɚɬɶɫɹ ɜɧɟ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. Ⱦɥɹ ɜɧɟɲɧɟɝɨ ɪɚɡɜɟɪɬɵɜɚɧɢɹ Microsoft ɩɪɟɞɥɚɝɚɟɬ ɫɝɟɧɟɪɢɪɨɜɚɬɶ ɢ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɬɶ ɜɚɲ ɧɨɜɵɣ OID. ɉɨɞɪɨɛɧɨɫɬɢ ɫɦ. ɧɚ ɫɚɣɬɟ http://msdn.microsoft.com/certification/ad-registration.asp. ɇɚ ɪɢɫɭɧɤɟ 2-2 ɩɨɤɚɡɚɧɨ ɫɨɡɞɚɧɢɟ ɧɨɜɨɝɨ ɚɬɪɢɛɭɬɚ ɫ ɩɨɦɨɳɶɸ ɨɫɧɚɫɬɤɢ Active Directory Schema (ɋɯɟɦɚ Active Directory).
. 2-2.
,
. . Active Directory Users And Computers (
, Active Directory), ,
.
,
, .
, ,
.
Directory Services ( ) Platform SDK http:// msdn.microsoft.com/library/default.asp?url=/library/en-us/ netdir/ad/extending_the_user_interface_for_directory_objects.asp. Ɋɚɫɲɢɪɟɧɢɟ ɫɯɟɦɵ ɧɟ ɹɜɥɹɟɬɫɹ ɫɥɨɠɧɨɣ ɨɩɟɪɚɰɢɟɣ, ɧɨ ɩɟɪɟɞ ɟɟ ɨɫɭɳɟɫɬɜɥɟɧɢɟɦ ɧɟɨɛɯɨɞɢɦɨ ɩɪɨɜɟɫɬɢ ɩɪɟɞɜɚɪɢɬɟɥɶɧɨɟ ɩɥɚɧɢɪɨɜɚɧɢɟ, ɜɟɞɶ ɜɫɟ ɢɡɦɟɧɟɧɢɹ ɫɯɟɦɵ ɹɜɥɹɸɬɫɹ ɧɟɨɛɪɚɬɢɦɵɦɢ. Ɉɛɴɟɤɬɵ ɧɟ ɦɨɝɭɬ ɛɵɬɶ ɭɞɚɥɟɧɵ ɢɡ ɫɯɟɦɵ. ȿɫɥɢ ɜɵ ɫɞɟɥɚɟɬɟ ɨɲɢɛɤɭ ɩɪɢ ɪɚɫɲɢɪɟɧɢɢ ɫɯɟɦɵ, ɜɵ ɦɨɠɟɬɟ ɨɬɤɥɸɱɢɬɶ (ɞɟɡɚɤɬɢɜɢɪɨɜɚɬɶ) ɨɛɴɟɤɬ. ȼ Windows Server 2003 ɞɟɡɚɤɬɢɜɢɪɨɜɚɧɧɵɟ ɨɛɴɟɤɬɵ ɫɯɟɦɵ ɦɨɝɭɬ ɫɧɨɜɚ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɩɪɢ ɧɟɨɛɯɨɞɢɦɨɫɬɢ, ɚ ɧɨɜɵɟ ɨɛɴɟɤɬɵ ɫɯɟɦɵ ɦɨɝɭɬ ɫɨɡɞɚɜɚɬɶɫɹ ɫ ɬɟɦ ɠɟ ɫɚɦɵɦ ɢɦɟɧɟɦ, ɤɨɬɨɪɨɟ ɢɦɟɥ ɞɟɡɚɤɬɢɜɢɪɨɜɚɧɧɵɣ ɨɛɴɟɤɬ. ȿɫɬɶ ɧɟɫɤɨɥɶɤɨ ɦɨɦɟɧɬɨɜ, ɤɨɬɨɪɵɟ ɧɚɞɨ ɢɦɟɬɶ ɜ ɜɢɞɭ ɩɪɢ ɞɟɡɚɤɬɢɜɚɰɢɢ ɤɥɚɫɫɚ ɫɯɟɦɵ ɢ ɨɛɴɟɤɬɨɜ ɚɬɪɢɛɭɬɨɜ. ɋɧɚɱɚɥɚ ɜɵ ɦɨɠɟɬɟ ɞɟɡɚɤɬɢɜɢɪɨɜɚɬɶ ɬɨɥɶɤɨ ɤɥɚɫɫɵ ɢ ɚɬɪɢɛɭɬɵ, ɤɨɬɨɪɵɟ ɜɵ ɫɩɟɰɢɚɥɶɧɨ ɫɨɡɞɚɜɚɥɢ, ɬ.ɟ. ɨɛɴɟɤɬɵ Category 2. ȼɵ ɧɟ ɦɨɠɟɬɟ ɞɟɡɚɤɬɢɜɢɪɨɜɚɬɶ ɨɛɴɟɤɬɵ Category 1 ɢɥɢ . ɇɟɥɶɡɹ ɨɬɤɥɸɱɢɬɶ ɚɬɪɢɛɭɬ, ɹɜɥɹɸɳɢɣɫɹ ɱɥɟɧɨɦ ɤɥɚɫɫɚ, ɤɨɬɨɪɵɣ ɧɟ ɞɟɡɚɤɬɢɜɢɪɨɜɚɧ. ɗɬɨ ɨɝɪɚɧɢɱɟɧɢɟ ɩɪɟɞɨɬɜɪɚɳɚɟɬ ɨɲɢɛɤɢ ɜ ɫɨɡɞɚɧɢɢ ɧɨɜɵɯ ɷɤɡɟɦɩɥɹɪɨɜ ɧɟɞɟɡɚɤɬɢɜɢɪɨɜɚɧɧɨɝɨ ɤɥɚɫɫɚ, ɟɫɥɢ ɫɬɚɧɨɜɢɬɫɹ ɧɭɠɟɧ ɞɟɡɚɤɬɢɜɢɪɨɜɚɧɧɵɣ ɚɬɪɢɛɭɬ. ɑɬɨɛɵ ɞɟɡɚɤɬɢɜɢɪɨɜɚɬɶ ɨɛɴɟɤɬ ɚɬɪɢɛɭɬɚ ɢɥɢ ɤɥɚɫɫɚ Category 2, ɭɫɬɚɧɨɜɢɬɟ ɛɭɥɟɜɨɟ ɡɧɚɱɟɧɢɟ ɚɬɪɢɛɭɬɚ isDefunct ɨɛɴɟɤɬɚ ɫɯɟɦɵ ɧɚ true (ɢɫɬɢɧɚ). ɗɬɨ ɦɨɠɧɨ ɜɵɩɨɥɧɢɬɶ, ɢɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬ ADSI Edit (Ɋɟɞɚɤɬɢɪɨɜɚɧɢɟ ADSI) ɢɥɢ ɨɫɧɚɫɬɤɭ Active Directory Schema (ɋɯɟɦɚ Active Directory). ɇɚ ɪɢɫɭɧɤɟ 2-3 ɩɨɤɚɡɚɧɨ, ɤɚɤɢɟ ɮɥɚɠɤɢ ɩɚɪɚɦɟɬɪɨɜ ɭɫɬɚɧɨɜɤɢ ɧɚɞɨ ɨɱɢɫɬɢɬɶ ɞɥɹ ɞɟɡɚɤɬɢɜɚɰɢɢ ɚɬɪɢɛɭɬɚ EmployeeStartDate, ɫɨɡɞɚɧɧɨɝɨ ɜ ɩɪɢɦɟɪɟ, ɩɪɟɞɫɬɚɜɥɟɧɧɨɦ ɪɚɧɟɟ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɨɛɴɟɤɬ ɫɯɟɦɵ ɛɵɥ ɞɟɡɚɤɬɢɜɢɪɨɜɚɧ, ɨɧ ɫɱɢɬɚɟɬɫɹ ɧɟɫɭɳɟɫɬɜɭɸɳɢɦ. ɋɨɨɛɳɟɧɢɹ ɨɛ ɨɲɢɛɤɚɯ ɜ ɫɥɭɱɚɟ ɩɨɩɵɬɤɢ ɫɨɡɞɚɧɢɹ ɧɨɜɨɝɨ ɷɤɡɟɦɩɥɹɪɚ ɧɟɫɭɳɟɫɬɜɭɸɳɟɝɨ ɤɥɚɫɫɚ ɢɥɢ ɚɬɪɢɛɭɬɚ ɬɟ ɠɟ ɫɚɦɵɟ, ɤɨɬɨɪɵɟ ɩɨɹɜɥɹɸɬɫɹ, ɟɫɥɢ ɤɥɚɫɫ ɢɥɢ ɚɬɪɢɛɭɬ ɫɯɟɦɵ ɧɟ ɫɭɳɟɫɬɜɭɸɬ. ȿɞɢɧɫɬɜɟɧɧɨɟ ɞɟɣɫɬɜɢɟ, ɤɨɬɨɪɨɟ ɦɨɠɧɨ ɜɵɩɨɥɧɢɬɶ ɫ ɞɟɡɚɤɬɢɜɢɪɨɜɚɧɧɵɦ ɨɛɴɟɤɬɨɦ ɫɯɟɦɵ, ɫɨɫɬɨɢɬ ɜ ɟɝɨ ɩɨɜɬɨɪɧɨɣ ɚɤɬɢɜɚɰɢɢ. Ⱦɥɹ ɷɬɨɝɨ ɩɪɨɫɬɨ ɭɫɬɚɧɨɜɢɬɟ ɚɬɪɢɛɭɬ isDefunt ɧɚ false (ɥɨɠɶ). ɉɨɫɥɟ ɚɤɬɢɜɚɰɢɢ ɧɟɫɭɳɟɫɬɜɭɸɳɟɝɨ ɨɛɴɟɤɬɚ ɫɯɟɦɵ ɟɝɨ ɦɨɠɧɨ ɫɧɨɜɚ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɫɨɡɞɚɧɢɹ ɧɨɜɵɯ ɷɤɡɟɦɩɥɹɪɨɜ ɤɥɚɫɫɚ ɢɥɢ ɚɬɪɢɛɭɬɚ. ɉɪɨɰɟɫɫ ɞɟɡɚɤɬɢɜɚɰɢɢ/ɚɤɬɢɜɚɰɢɢ ɧɟ ɜɥɟɱɟɬ ɡɚ ɫɨɛɨɣ ɧɢɤɚɤɢɯ ɧɟɛɥɚɝɨɩɪɢɹɬɧɵɯ ɩɨɫɥɟɞɫɬɜɢɣ.
. 2-3.
Active Directory Schema (
Active Directory)
Active Directory
ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɭɫɬɚɧɨɜɢɥɢ Active Directory ɜ ɫɜɨɸ ɫɟɬɟɜɭɸ ɫɪɟɞɭ ɢ ɧɚɱɚɥɢ ɪɟɚɥɢɡɨɜɵɜɚɬɶ ɩɪɨɟɤɬ ɫɥɭɠɛɵ, ɩɨɞɯɨɞɹɳɢɣ ɞɥɹ ɜɚɲɢɯ ɞɟɥɨɜɵɯ ɰɟɥɟɣ, ɜɵ ɛɭɞɟɬɟ ɪɚɛɨɬɚɬɶ ɫ ɥɨɝɢɱɟɫɤɨɣ ɫɬɪɭɤɬɭɪɨɣ Active Directory. Ɉɧɚ ɹɜɥɹɟɬɫɹ ɦɨɞɟɥɶɸ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɤɨɬɨɪɚɹ ɨɩɪɟɞɟɥɹɟɬ ɤɚɠɞɨɝɨ ɭɱɚɫɬɧɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ ɧɚ ɩɪɟɞɩɪɢɹɬɢɢ, ɚ ɬɚɤɠɟ ɨɪɝɚɧɢɡɚɰɢɸ ɷɬɢɯ ɭɱɚɫɬɧɢɤɨɜ. Ȼɚɡɚ ɞɚɧɧɵɯ Active Directory ɫɨɞɟɪɠɢɬ ɫɥɟɞɭɸɳɢɟ ɫɬɪɭɤɬɭɪɧɵɟ ɨɛɴɟɤɬɵ: • ɪɚɡɞɟɥɵ; • ɞɨɦɟɧɵ; • ɞɟɪɟɜɶɹ ɞɨɦɟɧɨɜ; • ɥɟɫɚ; • ɫɚɣɬɵ; • ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ. Ⱦɚɥɟɟ ɩɪɟɞɫɬɚɜɥɟɧɨ ɜɜɟɞɟɧɢɟ ɜ ɷɬɢ ɤɨɦɩɨɧɟɧɬɵ ɢ ɤɨɧɰɟɩɰɢɢ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɜɵɞɚɱɢ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɞɨɫɬɭɩ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ ɤ ɪɟɫɭɪɫɚɦ, ɯɪɚɧɹɳɢɦɫɹ ɜ ɪɚɡɥɢɱɧɵɯ ɞɨɦɟɧɚɯ. ȼ ɝɥɚɜɟ 5 ɜɵ ɭɡɧɚɟɬɟ, ɤɚɤ ɷɬɢ ɫɬɪɭɤɬɭɪɧɵɟ ɤɨɦɩɨɧɟɧɬɵ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɞɨɫɬɢɠɟɧɢɹ ɨɩɪɟɞɟɥɟɧɧɵɯ ɰɟɥɟɣ (ɧɚɩɪɢɦɟɪ, ɡɚɳɢɬɚ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ) ɢ ɨɩɬɢɦɢɡɚɰɢɢ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɢ ɫɟɬɢ. ɋɚɦɢ ɭɱɚɫɬɧɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ (ɩɨɥɶɡɨɜɚɬɟɥɢ, ɝɪɭɩɩɵ ɢ ɤɨɦɩɶɸɬɟɪɵ) ɜ ɷɬɨɣ ɝɥɚɜɟ ɧɟ ɨɛɫɭɠɞɚɸɬɫɹ.
Active Directory
Ʉɚɤ ɜɵ ɭɠɟ ɡɧɚɟɬɟ, ɛɚɡɚ ɞɚɧɧɵɯ Active Directory ɯɪɚɧɢɬɫɹ ɜ ɮɚɣɥɟ ɧɚ ɠɟɫɬɤɨɦ ɞɢɫɤɟ ɤɚɠɞɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ɉɧɚ ɪɚɡɞɟɥɟɧɚ ɧɚ ɧɟɫɤɨɥɶɤɨ ɥɨɝɢɱɟɫɤɢɯ ɪɚɡɞɟɥɨɜ, ɤɚɠɞɵɣ ɢɡ ɤɨɬɨɪɵɯ ɯɪɚɧɢɬ ɪɚɡɥɢɱɧɵɟ ɬɢɩɵ ɢɧɮɨɪɦɚɰɢɢ. Ɋɚɡɞɟɥɵ Active Directory ɧɚɡɵɜɚɸɬɫɹ ɤɨɧɬɟɤɫɬɚɦɢ ɢɦɟɧɨɜɚɧɢɹ (NC naming contexts). ɉɪɨɫɦɨɬɪɟɬɶ ɢɯ ɦɨɠɧɨ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ Ldp.exe ɢɥɢ ADSI Edit (ɪɢɫ. 2-4).
. 2-4.
Active Directory
ADSI Edit
ȼ ɪɚɡɞɟɥɟ ɞɨɦɟɧɚ ɩɪɨɢɫɯɨɞɢɬ ɛɨɥɶɲɚɹ ɱɚɫɬɶ ɞɟɣɫɬɜɢɣ. Ɉɧ ɫɨɞɟɪɠɢɬ ɜɫɸ ɢɧɮɨɪɦɚɰɢɸ ɞɨɦɟɧɚ ɨ ɩɨɥɶɡɨɜɚɬɟɥɹɯ, ɝɪɭɩɩɚɯ, ɤɨɦɩɶɸɬɟɪɚɯ ɢ ɤɨɧɬɚɤɬɚɯ: ɜɫɟ, ɱɬɨ ɦɨɠɧɨ ɩɪɨɫɦɨɬɪɟɬɶ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory). Ɋɚɡɞɟɥ ɞɨɦɟɧɚ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɜ ɞɨɦɟɧɟ. ɂɧɮɨɪɦɚɰɢɹ, ɤɨɬɨɪɚɹ ɜ ɧɟɦ ɫɨɞɟɪɠɢɬɫɹ, ɬɪɟɛɭɟɬɫɹ ɤɚɠɞɨɦɭ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ ɞɥɹ ɩɨɞɬɜɟɪɠɞɟɧɢɹ ɩɨɞɥɢɧɧɨɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Ɋɚɡɞɟɥ ɤɨɧɮɢɝɭɪɚɰɢɢ ɫɨɞɟɪɠɢɬ ɢɧɮɨɪɦɚɰɢɸ ɨ ɤɨɧɮɢɝɭɪɚɰɢɢ ɥɟɫɚ, ɧɚɩɪɢɦɟɪ, ɢɧɮɨɪɦɚɰɢɸ ɨ ɫɚɣɬɚɯ, ɫɜɹɡɹɯ ɫɚɣɬɚ ɢ ɩɨɞɤɥɸɱɟɧɢɹɯ ɪɟɩɥɢɤɚɰɢɢ. ȼ ɧɟɦ ɯɪɚɧɹɬ ɢɧɮɨɪɦɚɰɢɸ ɦɧɨɝɢɟ ɩɪɢɤɥɚɞɧɵɟ ɩɪɨɝɪɚɦɦɵ. ɉɪɢɥɨɠɟɧɢɹ Exchange Server 2000, Microsoft Internet Security And Acceleration (ISA) Server ɩɨɦɟɳɚɸɬ ɫɜɨɸ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɜ ɪɚɡɞɟɥ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ Active Directory, ɚ ɧɟ ɜ ɫɜɨɸ ɫɨɛɫɬɜɟɧɧɭɸ ɫɥɭɠɛɭ ɤɚɬɚɥɨɝɚ. Ʉɨɝɞɚ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ ɩɟɪɜɵɣ ISA-ɫɟɪɜɟɪ ɜ ɫɜɨɸ ɨɪɝɚɧɢɡɚɰɢɸ, ɜɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɦɚɫɫɢɜ, ɤɨɬɨɪɵɣ ɛɭɞɟɬ ɯɪɚɧɢɬɶ ɜɫɸ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ISA ɜ Active Directory. Ɂɚɬɟɦ ɥɟɝɤɨ ɭɫɬɚɧɚɜɥɢɜɚɸɬɫɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ISA-ɫɟɪɜɟɪɵ, ɢɫɩɨɥɶɡɭɸɳɢɟ ɷɬɭ ɠɟ ɤɨɧɮɢɝɭɪɚɰɢɸ, ɤɨɬɨɪɚɹ ɱɢɬɚɟɬɫɹ ɢɡ ɫɥɭɠɛɵ Active Directory. Ɋɚɡɞɟɥ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ ɢɦɟɟɬ ɫɜɨɢ ɤɨɩɢɢ ɩɨɜɫɸɞɭ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ. Ʉɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫɨɞɟɪɠɢɬ ɩɟɪɟɡɚɩɢɫɵɜɚɟɦɭɸ ɤɨɩɢɸ ɪɚɡɞɟɥɚ ɤɨɧɮɢɝɭɪɚɰɢɢ, ɢ ɢɡɦɟɧɟɧɢɹ ɜ ɷɬɨɬ ɪɚɡɞɟɥ ɤɚɬɚɥɨɝɚ ɦɨɝɭɬ ɛɵɬɶ ɜɧɟɫɟɧɵ ɫ ɥɸɛɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɨɪɝɚɧɢɡɚɰɢɢ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. Ʉɨɝɞɚ ɪɟɩɥɢɤɚɰɢɹ ɩɨɥɧɨɫɬɶɸ ɫɢɧɯɪɨɧɢɡɢɪɨɜɚɧɚ, ɤɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɥɟɫɭ ɛɭɞɟɬ ɢɦɟɬɶ ɨɞɧɭ ɢ ɬɭ ɠɟ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ. Ɋɚɡɞɟɥ ɫɯɟɦɵ ɫɨɞɟɪɠɢɬ ɫɯɟɦɭ ɞɥɹ ɜɫɟɝɨ ɥɟɫɚ. Ʉɚɤ ɜɵ ɭɠɟ ɡɧɚɟɬɟ, ɫɯɟɦɚ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɧɚɛɨɪ ɩɪɚɜɢɥ ɨ ɬɨɦ, ɤɚɤɢɟ ɬɢɩɵ ɨɛɴɟɤɬɨɜ ɦɨɠɧɨ ɫɨɡɞɚɜɚɬɶ ɜ Active Directory, ɚ ɬɚɤɠɟ ɩɪɚɜɢɥɚ ɞɥɹ ɤɚɠɞɨɝɨ ɬɢɩɚ ɨɛɴɟɤɬɨɜ. Ɋɚɡɞɟɥ ɫɯɟɦɵ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɥɟɫɭ. Ɉɞɧɚɤɨ ɬɨɥɶɤɨ ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɯɨɡɹɢɧ ɫɯɟɦɵ, ɯɪɚɧɢɬ ɩɟɪɟɡɚɩɢɫɵɜɚɟɦɭɸ ɤɨɩɢɸ ɪɚɡɞɟɥɚ ɫɯɟɦɵ ɤɚɬɚɥɨɝɚ. ȼɫɟ ɢɡɦɟɧɟɧɢɹ ɤ ɫɯɟɦɟ ɨɫɭɳɟɫɬɜɥɹɸɬɫɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ - ɯɨɡɹɢɧɟ ɫɯɟɦɵ, ɚ ɡɚɬɟɦ ɪɟɩɥɢɰɢɪɭɸɬɫɹ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ.
Ɋɚɡɞɟɥ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ GC ɧɟ ɹɜɥɹɟɬɫɹ ɪɚɡɞɟɥɨɦ ɜ ɩɨɥɧɨɦ ɫɦɵɫɥɟ. Ɉɧ ɯɪɚɧɢɬɫɹ ɜ ɛɚɡɟ ɞɚɧɧɵɯ ɩɨɞɨɛɧɨ ɞɪɭɝɨɦɭ ɪɚɡɞɟɥɭ, ɧɨ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɧɟ ɦɨɝɭɬ ɜɜɨɞɢɬɶ ɢɧɮɨɪɦɚɰɢɸ ɜ ɧɟɝɨ ɧɚɩɪɹɦɭɸ. Ɋɚɡɞɟɥ GC ɩɪɟɞɧɚɡɧɚɱɟɧ ɬɨɥɶɤɨ ɞɥɹ ɱɬɟɧɢɹ ɧɚ ɜɫɟɯ GC-ɫɟɪɜɟɪɚɯ, ɨɧ ɩɨɫɬɪɨɟɧ ɢɡ ɫɨɞɟɪɠɢɦɨɝɨ ɛɚɡ ɞɚɧɧɵɯ ɞɨɦɟɧɚ. Ʉɚɠɞɵɣ ɚɬɪɢɛɭɬ ɜ ɫɯɟɦɟ ɢɦɟɟɬ ɛɭɥɟɜɨɟ ɡɧɚɱɟɧɢɟ ɫ ɢɦɟɧɟɦ isMemberOf Partial Attributes et. ȿɫɥɢ ɨɧɨ ɭɫɬɚɧɨɜɥɟɧɨ ɧɚ true (ɢɫɬɢɧɚ), ɚɬɪɢɛɭɬ ɤɨɩɢɪɭɟɬɫɹ ɜ ɤɚɬɚɥɨɝ GC. ɉɨɫɥɟɞɧɢɣ ɬɢɩ ɪɚɡɞɟɥɚ ɜ ɫɥɭɠɛɟ Active Directory Windows Server 2003 - ɷɬɨ ɪɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ. Ɍɨɥɶɤɨ ɨɞɢɧ ɬɢɩ ɪɚɡɞɟɥɚ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɫɨɡɞɚɟɬɫɹ ɜ Active Directory ɩɨ ɭɦɨɥɱɚɧɢɸ — ɷɬɨ ɪɚɡɞɟɥ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɣ ɞɥɹ ɫɥɭɠɛɵ ɫɟɪɜɟɪɚ ɞɨɦɟɧɧɨɣ ɫɢɫɬɟɦɵ ɢɦɟɧ (DNS Domain Name System). ɉɪɢ ɭɫɬɚɧɨɜɤɟ ɩɟɪɜɨɣ ɢɧɬɟɝɪɢɪɨɜɚɧɧɨɣ (integrated) ɡɨɧɵ Active Directory ɫɨɡɞɚɸɬɫɹ ɩɪɢɤɥɚɞɧɵɟ ɪɚɡɞɟɥɵ ɤɚɬɚɥɨɝɚ ForestDnsZones ɢ DomainDnsZones. Ɋɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɦɨɠɟɬ ɯɪɚɧɢɬɶ ɥɸɛɨɣ ɬɢɩ ɨɛɴɟɤɬɚ Active Directory, ɤɪɨɦɟ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ. Ʉɪɨɦɟ ɬɨɝɨ, ɪɚɡɞɟɥɵ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɫɨɡɞɚɸɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɰɟɫɫɨɦ ɪɟɩɥɢɤɚɰɢɢ ɞɚɧɧɵɯ, ɢ ɧɢ ɨɞɢɧ ɢɡ ɨɛɴɟɤɬɨɜ ɪɚɡɞɟɥɚ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɧɟ ɦɨɠɟɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɜ ɪɚɡɞɟɥ GC. Ɋɚɡɞɟɥɵ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɯɪɚɧɟɧɢɹ ɫɩɟɰɢɮɢɱɟɫɤɨɣ ɢɧɮɨɪɦɚɰɢɢ, ɫɜɹɡɚɧɧɨɣ ɫ ɩɪɢɥɨɠɟɧɢɹɦɢ. ȼɵɝɨɞɚ ɨɬ ɢɯ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɢɦɟɟɬɫɹ ɜɨɡɦɨɠɧɨɫɬɶ ɭɩɪɚɜɥɹɬɶ ɪɟɩɥɢɤɚɰɢɟɣ ɢɧɮɨɪɦɚɰɢɢ ɜ ɪɚɡɞɟɥ. Ⱦɥɹ ɫɥɢɲɤɨɦ ɞɢɧɚɦɢɱɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɧɟɨɛɯɨɞɢɦɨ ɭɩɪɚɜɥɹɬɶ ɪɟɩɥɢɤɚɦɢ, ɱɬɨɛɵ ɨɝɪɚɧɢɱɢɬɶ ɤɨɥɢɱɟɫɬɜɨ ɬɪɚɮɢɤɚ ɫɟɬɢ. ɉɪɢ ɫɨɡɞɚɧɢɢ ɪɚɡɞɟɥɚ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɜɵ ɦɨɠɟɬɟ ɭɤɚɡɚɬɶ, ɤɚɤɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɛɭɞɭɬ ɩɨɥɭɱɚɬɶ ɪɟɩɥɢɤɭ ɪɚɡɞɟɥɚ. Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɩɨɥɭɱɚɸɬ ɪɟɩɥɢɤɭ ɪɚɡɞɟɥɚ ɩɪɢɥɨɠɟɧɢɣ, ɦɨɝɭɬ ɧɚɯɨɞɢɬɶɫɹ ɜ ɥɸɛɨɦ ɞɨɦɟɧɟ ɢɥɢ ɫɚɣɬɟ ɥɟɫɚ. ɋɯɟɦɚ ɢɦɟɧɨɜɚɧɢɹ ɩɪɢɤɥɚɞɧɵɯ ɪɚɡɞɟɥɨɜ ɤɚɬɚɥɨɝɚ ɢɞɟɧɬɢɱɧɚ ɞɪɭɝɢɦ ɪɚɡɞɟɥɚɦ ɤɚɬɚɥɨɝɚ Active Directory. ɇɚɩɪɢɦɟɪ, DNS-ɢɦɹ ɞɥɹ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɨɝɨ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ ɜ ɥɟɫɭ Contoso.com dc=Configuration, dc=Contoso, dc=com. ȿɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ ɪɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɩɨ ɢɦɟɧɢ AppPartitionl ɜ ɞɨɦɟɧɟ Contoso.com, ɟɝɨ DNS-ɢɦɹ ɛɭɞɟɬ dc=AppPartitionl, dc=Contoso, dc=com. Ɋɚɡɞɟɥɵ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɞɨɫɬɚɬɨɱɧɨ ɝɢɛɤɢ ɩɨ ɨɬɧɨɲɟɧɢɸ ɤ ɦɟɫɬɭ ɫɨɡɞɚɧɢɹ, ɢɥɢ, ɛɨɥɟɟ ɬɨɱɧɨ, ɤ ɤɨɧɬɟɤɫɬɭ ɢɦɟɧɨɜɚɧɢɹ. ɇɚɩɪɢɦɟɪ, ɦɨɠɧɨ ɫɨɡɞɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɪɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɜ ɪɚɡɞɟɥɟ AppPartitionl. ɗɬɨ ɩɪɢɜɟɞɟɬ ɤ ɬɨɦɭ, ɱɬɨ ɪɚɡɞɟɥ ɛɭɞɟɬ ɢɦɟɬɶ ɢɦɹ dc=AppPartition2, dc=AppPartitionl, dc=Contoso, dc=com. ȼɨɡɦɨɠɧɨ ɫɨɡɞɚɧɢɟ ɪɚɡɞɟɥɚ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɫ DNS-ɢɦɟɧɟɦ, ɧɟ ɫɦɟɠɧɵɦ ɧɢ ɫ ɨɞɧɢɦ ɞɨɦɟɧɨɦ ɜ ɥɟɫɭ. ȼɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɪɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɜ ɞɨɦɟɧɟ Contoso.com, ɤɨɬɨɪɵɣ ɢɦɟɟɬ DNS-ɢɦɹ dc=AppPartition, ɬɚɤɢɦ ɨɛɪɚɡɨɦ, ɛɭɞɟɬ ɫɨɡɞɚɧɨ ɧɨɜɨɟ ɞɟɪɟɜɨ ɜ ɥɟɫɭ. . DNS. LDAP, . LDAP, , . ɋɨɡɞɚɧɢɟ ɪɚɡɞɟɥɚ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɭɫɥɨɠɧɹɟɬɫɹ ɧɟɨɛɯɨɞɢɦɨɫɬɶɸ ɨɛɫɥɭɠɢɜɚɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɞɨɫɬɭɩ ɤ ɨɛɴɟɤɬɚɦ ɪɚɡɞɟɥɚ. Ⱦɥɹ ɡɚɞɚɧɧɵɯ ɩɨ ɭɦɨɥɱɚɧɢɸ ɪɚɡɞɟɥɨɜ Active Directory ɪɚɡɪɟɲɟɧɢɹ ɧɚɡɧɚɱɚɸɬɫɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ. ɉɪɢ ɫɨɡɞɚɧɢɢ ɨɛɴɟɤɬɚ ɜ ɪɚɡɞɟɥɟ ɤɚɬɚɥɨɝɚ ɞɨɦɟɧɚ ɝɪɭɩɩɟ Domain Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ) ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɧɚɡɧɚɱɚɸɬɫɹ ɩɨɥɧɵɟ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɨɛɴɟɤɬɭ. ɉɪɢ ɫɨɡɞɚɧɢɢ ɨɛɴɟɤɬɚ ɜ ɪɚɡɞɟɥɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɢɥɢ ɜ ɪɚɡɞɟɥɟ ɫɯɟɦɵ ɤɚɬɚɥɨɝɚ ɪɚɡɪɟɲɟɧɢɹ ɧɚɡɧɚɱɚɸɬɫɹ ɞɥɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ, ɩɪɢɧɚɞɥɟɠɚɳɢɯ ɤɨɪɧɟɜɨɦɭ ɞɨɦɟɧɭ ɥɟɫɚ. ɉɨɫɤɨɥɶɤɭ ɩɪɢɤɥɚɞɧɨɣ ɪɚɡɞɟɥ ɤɚɬɚɥɨɝɚ ɦɨɠɟɬ ɛɵɬɶ ɫɨɡɞɚɧ ɜ ɥɸɛɨɦ ɪɚɡɞɟɥɟ ɞɨɦɟɧɚ ɤɚɬɚɥɨɝɚ ɢɥɢ ɤɚɤ ɨɬɞɟɥɶɧɨɟ ɞɟɪɟɜɨ ɜ ɥɟɫɭ, ɬɨ ɡɚɞɚɧɧɵɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɭɬɶ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɧɟ ɩɪɢɦɟɧɹɟɬɫɹ. ɇɚɡɧɚɱɢɬɶ ɝɪɭɩɩɟ Domain Admins ɩɨɥɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɨɛɴɟɤɬɚɦɢ ɜ ɪɚɡɞɟɥɟ ɧɟɫɥɨɠɧɨ, ɨɫɬɚɟɬɫɹ ɧɟɹɫɧɵɦ ɬɨ, ɤɚɤɨɣ ɞɨɦɟɧ ɹɜɥɹɟɬɫɹ ɡɚɞɚɧɧɵɦ ɩɨ ɭɦɨɥɱɚɧɢɸ. ɉɨɷɬɨɦɭ ɪɚɡɞɟɥɵ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɜɫɟɝɞɚ ɫɨɡɞɚɸɬɫɹ ɫɨ ɫɫɵɥɤɨɣ ɧɚ ɞɨɦɟɧ, ɫɨɞɟɪɠɚɳɢɣ ɞɟɫɤɪɢɩɬɨɪɵ ɡɚɳɢɬɵ. ɗɬɨɬ ɞɨɦɟɧ ɫɬɚɧɨɜɢɬɫɹ ɡɚɞɚɧɧɵɦ ɩɨ ɭɦɨɥɱɚɧɢɸ, ɨɧ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɞɨɫɬɭɩ ɤ ɨɛɴɟɤɬɚɦ ɜ ɪɚɡɞɟɥɟ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ. ȿɫɥɢ ɪɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɫɨɡɞɚɟɬɫɹ ɜ ɪɚɡɞɟɥɟ ɞɨɦɟɧɚ ɤɚɬɚɥɨɝɚ, ɬɨ ɪɨɞɢɬɟɥɶɫɤɢɣ ɞɨɦɟɧ ɢɫɩɨɥɶɡɭɟɬɫɹ ɜ ɤɚɱɟɫɬɜɟ ɞɨɦɟɧɚ, ɫɨɞɟɪɠɚɳɟɝɨ ɞɟɫɤɪɢɩɬɨɪɵ ɡɚɳɢɬɵ, ɢ ɫɨɡɞɚɟɬɫɹ ɧɚɫɥɟɞɨɜɚɧɢɟ ɪɚɡɪɟɲɟɧɢɣ. ȿɫɥɢ ɪɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɫɨɡɞɚɟɬ ɧɨɜɨɟ ɞɟɪɟɜɨ ɜ ɥɟɫɭ, ɬɨ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ ɥɟɫɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɜ ɤɚɱɟɫɬɜɟ ɞɨɦɟɧɚ, ɫɨɞɟɪɠɚɳɟɝɨ
ɞɟɫɤɪɢɩɬɨɪɵ ɡɚɳɢɬɵ. С .
, . . Ntdsutil,
. Windows Server 2003 Help And Support Center ( 2003).
Windows Server , , «Using application directory partitions»
, msdn.microsoft.com. Ʉɚɤ ɬɨɥɶɤɨ ɪɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɪɟɩɥɢɤɚɦɢ ɫɨɡɞɚɧ, ɭɩɪɚɜɥɟɧɢɟ ɪɟɩɥɢɤɚɰɢɟɣ ɪɚɡɞɟɥɚ ɨɫɭɳɟɫɬɜɥɹɟɬɫɹ ɬɚɤ ɠɟ, ɤɚɤ ɞɥɹ ɞɪɭɝɢɯ ɪɚɡɞɟɥɨɜ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɨ ɪɟɩɥɢɤɚɰɢɢ Active Directory ɫɦ. ɜ ɝɥ. 4.
Ⱦɨɦɟɧ ɹɜɥɹɟɬɫɹ ɨɫɧɨɜɧɵɦ ɫɬɪɨɢɬɟɥɶɧɵɦ ɛɥɨɤɨɦ ɜ ɦɨɞɟɥɢ ɫɥɭɠɛɵ Active Directory. ɍɫɬɚɧɚɜɥɢɜɚɹ Active Directory ɧɚ ɫɜɨɟɦ ɤɨɦɩɶɸɬɟɪɟ, ɪɚɛɨɬɚɸɳɟɦ ɩɨɞ ɭɩɪɚɜɥɟɧɢɟɦ Windows Server 2003, ɜɵ ɫɨɡɞɚɟɬɟ ɞɨɦɟɧ. Ⱦɨɦɟɧ ɫɥɭɠɢɬ ɜ ɤɚɱɟɫɬɜɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɣ ɝɪɚɧɢɰɵ, ɨɧ ɨɩɪɟɞɟɥɹɟɬ ɢ ɝɪɚɧɢɰɭ ɩɨɥɢɬɢɤ ɛɟɡɨɩɚɫɧɨɫɬɢ. Ʉɚɠɞɵɣ ɞɨɦɟɧ ɢɦɟɟɬ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ (ɨɩɬɢɦɚɥɶɧɨ ɢɦɟɬɶ ɞɜɚ ɢɥɢ ɛɨɥɟɟ). Ⱦɨɦɟɧɵ Active Directory ɨɪɝɚɧɢɡɨɜɚɧɵ ɜ ɢɟɪɚɪɯɢɱɟɫɤɨɦ ɩɨɪɹɞɤɟ. ɉɟɪɜɵɣ ɞɨɦɟɧ ɧɚ ɩɪɟɞɩɪɢɹɬɢɢ ɫɬɚɧɨɜɢɬɫɹ , ɨɛɵɱɧɨ ɨɧ ɧɚɡɵɜɚɟɬɫɹ ɢɥɢ . Ʉɨɪɧɟɜɨɣ ɞɨɦɟɧ ɹɜɥɹɟɬɫɹ ɨɬɩɪɚɜɧɨɣ ɬɨɱɤɨɣ ɞɥɹ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ Active Directory. ɇɚɩɪɢɦɟɪ, ɩɟɪɜɵɣ ɞɨɦɟɧ ɜ ɨɪɝɚɧɢɡɚɰɢɢ Contoso — Contoso.com. ɉɟɪɜɵɣ ɞɨɦɟɧ ɦɨɠɟɬ ɛɵɬɶ (dedicated) ɢɥɢ (non-dedicated) ɤɨɪɧɟɜɵɦ ɞɨɦɟɧɨɦ. ɇɚɡɧɚɱɟɧɧɵɣ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ, ɧɚɡɵɜɚɟɦɵɣ , ɹɜɥɹɟɬɫɹ ɩɭɫɬɵɦ ɞɨɦɟɧɨɦ-ɡɚɦɟɧɢɬɟɥɟɦ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɦ ɞɥɹ ɡɚɩɭɫɤɚ Active Directory. ɗɬɨɬ ɞɨɦɟɧ ɧɟ ɛɭɞɟɬ ɫɨɞɟɪɠɚɬɶ ɧɢɤɚɤɢɯ ɪɟɚɥɶɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ (ɝɪɭɩɩɵ) ɢ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ. ȿɞɢɧɫɬɜɟɧɧɵɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ, ɤɨɬɨɪɵɟ ɫɨɞɟɪɠɚɬɫɹ ɜ ɧɚɡɧɚɱɟɧɧɨɦ ɤɨɪɧɟɜɨɦ ɞɨɦɟɧɟ — ɷɬɨ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ, ɡɚɞɚɧɧɵɯ ɩɨ ɭɦɨɥɱɚɧɢɸ, ɬɚɤɢɯ ɤɚɤ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ Administrator (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪ) ɢ ɝɥɨɛɚɥɶɧɚɹ ɝɪɭɩɩɚ Domain Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ). ɇɟɧɚɡɧɚɱɟɧɧɵɣ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ - ɷɬɨ ɞɨɦɟɧ, ɜ ɤɨɬɨɪɨɦ ɫɨɡɞɚɸɬɫɹ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɮɚɤɬɢɱɟɫɤɢɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ. ɉɪɢɱɢɧɵ ɜɵɛɨɪɚ ɧɚɡɧɚɱɟɧɧɨɝɨ ɢɥɢ ɧɟɧɚɡɧɚɱɟɧ-ɧɨɝɨ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ ɨɛɫɭɠɞɚɸɬɫɹ ɜ ɝɥ. 5. Ɉɫɬɚɥɶɧɵɟ ɞɨɦɟɧɵ ɧɚ ɩɪɟɞɩɪɢɹɬɢɢ ɫɭɳɟɫɬɜɭɸɬ ɢɥɢ ɤɚɤ ɪɚɜɧɵɟ ɩɨ ɩɨɥɨɠɟɧɢɸ (peers) ɩɨ ɨɬɧɨɲɟɧɢɸ ɤ ɤɨɪɧɟɜɨɦɭ ɞɨɦɟɧɭ, ɢɥɢ ɤɚɤ ɞɨɱɟɪɧɢɟ ɞɨɦɟɧɵ. Ɋɚɜɧɵɟ ɩɨ ɩɨɥɨɠɟɧɢɸ ɞɨɦɟɧɵ ɧɚɯɨɞɹɬɫɹ ɧɚ ɬɨɦ ɠɟ ɢɟɪɚɪɯɢɱɟɫɤɨɦ ɭɪɨɜɧɟ, ɱɬɨ ɢ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ. ɇɚ ɪɢɫɭɧɤɟ 2-5 ɩɨɤɚɡɚɧɚ ɦɨɞɟɥɶ ɞɨɦɟɧɨɜ, ɪɚɜɧɵɯ ɩɨ ɩɨɥɨɠɟɧɢɸ.
. 2-5. Active Directory, Ɉɛɳɟɩɪɢɧɹɬɨ, ɱɬɨ ɞɨɦɟɧɵ, ɭɫɬɚɧɚɜɥɢɜɚɟɦɵɟ ɜɫɥɟɞ ɡɚ ɤɨɪɧɟɜɵɦ ɞɨɦɟɧɨɦ, ɫɬɚɧɨɜɹɬɫɹ . Ⱦɨɱɟɪɧɢɟ ɞɨɦɟɧɵ ɢɫɩɨɥɶɡɭɸɬ ɨɞɧɨ ɢ ɬɨ ɠɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ Active Directory ɫɨɜɦɟɫɬɧɨ ɫ ɪɨɞɢɬɟɥɶɫɤɢɦ ɞɨɦɟɧɨɦ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɩɟɪɜɵɣ ɞɨɦɟɧ ɜ ɨɪɝɚɧɢɡɚɰɢɢ Contoso ɧɚɡɜɚɧ Contoso.com, ɬɨ ɞɨɱɟɪɧɢɣ ɞɨɦɟɧ ɜ ɷɬɨɣ ɫɬɪɭɤɬɭɪɟ ɦɨɠɟɬ ɧɚɡɵɜɚɬɶɫɹ NAmerica.Contoso.com ɢ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɜɫɟɦɢ ɭɱɚɫɬɧɢɤɚɦɢ ɛɟɡɨɩɚɫɧɨɫɬɢ ɨɪɝɚɧɢɡɚɰɢɢ Contoso, ɧɚɯɨɞɹɳɢɦɢɫɹ ɜ ɋɟɜɟɪɧɨɣ Ⱥɦɟɪɢɤɟ. ȿɫɥɢ ɨɪɝɚɧɢɡɚɰɢɹ ɞɨɫɬɚɬɨɱɧɨ ɛɨɥɶɲɚɹ ɢɥɢ ɫɥɨɠɧɚɹ, ɬɨ ɦɨɝɭɬ ɩɨɬɪɟɛɨɜɚɬɶɫɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɞɨɱɟɪɧɢɟ ɞɨɦɟɧɵ, ɧɚɩɪɢɦɟɪ, Sales.NAmerica.Contoso.com. ɇɚ ɪɢɫɭɧɤɟ 2-6 ɩɨɤɚɡɚɧɚ ɪɨɞɢɬɟɥɶɫɤɨ-ɞɨ-ɱɟɪɧɹɹ ɢɟɪɚɪɯɢɹ ɞɨɦɟɧɚ ɞɥɹ ɨɪɝɚɧɢɡɚɰɢɢ Contoso.
. 2-6.
-
Contoso
Ⱦɨɦɟɧɵ, ɤɨɬɨɪɵɟ ɫɨɡɞɚɸɬɫɹ ɜ ɢɧɮɪɚɫɬɪɭɤɬɭɪɟ Active Directory ɩɨɫɥɟ ɫɨɡɞɚɧɢɹ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ, ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɭɳɟɫɬɜɭɸɳɟɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ Active Directory ɫɨɜɦɟɫɬɧɨ ɢɥɢ ɢɦɟɬɶ ɨɬɞɟɥɶɧɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ. ɑɬɨɛɵ ɜɵɞɟɥɢɬɶ ɨɬɞɟɥɶɧɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ ɞɥɹ ɧɨɜɨɝɨ ɞɨɦɟɧɚ, ɧɭɠɧɨ ɫɨɡɞɚɬɶ ɧɨɜɨɟ ɞɟɪɟɜɨ ɞɨɦɟɧɚ. ɇɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɢɫɩɨɥɶɡɭɟɬɫɹ ɥɢ ɟɞɢɧɫɬɜɟɧɧɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ ɢɥɢ ɧɟɫɤɨɥɶɤɨ, ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɞɨɦɟɧɵ ɜ ɬɨɦ ɠɟ ɫɚɦɨɦ ɥɟɫɭ ɮɭɧɤɰɢɨɧɢɪɭɸɬ ɫɨɜɟɪɲɟɧɧɨ ɨɞɢɧɚɤɨɜɨ. ɋɨɡɞɚɧɢɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɞɟɪɟɜɶɟɜ ɞɨɦɟɧɨɜ ɫɜɹɡɚɧɨ ɢɫɤɥɸɱɢɬɟɥɶɧɨ ɫ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɦɢ ɩɪɨɛɥɟɦɚɦɢ ɢ ɩɪɨɛɥɟɦɚɦɢ ɢɦɟɧɨɜɚɧɢɹ, ɨɧɨ ɧɢɤɚɤ ɧɟ ɡɚɬɪɚɝɢɜɚɟɬ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ. Ⱦɟɪɟɜɨ ɞɨɦɟɧɨɜ ɫɨɞɟɪɠɢɬ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɨɞɢɧ ɞɨɦɟɧ. Ⱦɚɠɟ ɨɪɝɚɧɢɡɚɰɢɹ ɫ ɟɞɢɧɫɬɜɟɧɧɵɦ ɞɨɦɟɧɨɦ ɢɦɟɟɬ ɞɟɪɟɜɨ ɞɨɦɟɧɨɜ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɧɟɫɤɨɥɶɤɢɯ ɞɟɪɟɜɶɟɜ ɜɦɟɫɬɨ ɞɨɱɟɪɧɢɯ ɞɨɦɟɧɨɜ ɜɥɢɹɟɬ ɧɚ ɤɨɧɮɢɝɭɪɚɰɢɸ DNS, ɨɛ ɷɬɨɦ ɜɵ ɭɡɧɚɟɬɟ ɜ ɝɥ. 3. Ⱦɟɪɟɜɨ ɞɨɦɟɧɨɜ ɨɛɪɚɡɭɟɬɫɹ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɤɨɝɞɚ ɨɪɝɚɧɢɡɚɰɢɹ ɫɨɡɞɚɟɬ ɞɨɦɟɧ ɜɫɥɟɞ ɡɚ ɫɨɡɞɚɧɢɟɦ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ (forest root domain), ɧɨ ɧɟ ɯɨɱɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɭɳɟɫɬɜɭɸɳɟɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ. ȼ ɫɥɭɱɚɟ Contoso, ɟɫɥɢ ɫɭɳɟɫɬɜɭɸɳɟɟ ɞɟɪɟɜɨ ɞɨɦɟɧɨɜ ɢɫɩɨɥɶɡɭɟɬ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ Contoso.com, ɦɨɠɟɬ ɛɵɬɶ ɫɨɡɞɚɧ ɧɨɜɵɣ ɞɨɦɟɧ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬ ɫɨɜɟɪɲɟɧɧɨ ɞɪɭɝɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ, ɧɚɩɪɢɦɟɪ, Fabrikam.com. ȿɫɥɢ ɜ ɞɚɥɶɧɟɣɲɟɦ ɩɨɬɪɟɛɭɟɬɫɹ ɫɨɡɞɚɧɢɟ ɞɨɦɟɧɨɜ, ɱɬɨɛɵ ɭɞɨɜɥɟɬɜɨɪɢɬɶ ɩɨɬɪɟɛɧɨɫɬɹɦ ɟɞɢɧɢɰɵ Fabrikam, ɨɧɢ ɦɨɝɭɬ ɫɨɡɞɚɜɚɬɶɫɹ ɤɚɤ ɞɨɱɟɪɧɢɟ ɨɬ ɞɟɪɟɜɚ ɞɨɦɟɧɨɜ Fabrikam. ɇɚ ɪɢɫɭɧɤɟ 2-7 ɩɨɤɚɡɚɧɚ ɫɯɟɦɚ ɨɪɝɚɧɢɡɚɰɢɢ Contoso ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɞɨɦɟɧɧɵɦɢ ɞɟɪɟɜɶɹɦɢ.
. 2-7.
Contoso
ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɚɦɭɸ ɞɚɥɶɧɸɸ ɪɟɩɥɢɤɚɰɢɸ ɢ ɹɜɥɹɟɬɫɹ ɝɪɚɧɢɰɟɣ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɥɹ ɩɪɟɞɩɪɢɹɬɢɹ. ȼɫɟ ɞɨɦɟɧɵ ɢ ɞɨɦɟɧɧɵɟ ɞɟɪɟɜɶɹ ɫɭɳɟɫɬɜɭɸɬ ɜ ɩɪɟɞɟɥɚɯ ɨɞɧɨɝɨ ɢɥɢ ɧɟɫɤɨɥɶɤɨ ɥɟɫɨɜ Active Directory. Ʌɟɫ ɹɜɥɹɟɬɫɹ ɨɛɳɢɦ ɞɥɹ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɥɟɫɭ. Ɉɛɳɢɦɢ ɤɨɦɩɨɧɟɧɬɚɦɢ ɦɨɝɭɬ ɛɵɬɶ: • Ɉɛɳɚɹ ɫɯɟɦɚ. ɍ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɥɟɫɭ ɢɦɟɟɬɫɹ ɨɞɧɚ ɢ ɬɚ ɠɟ ɫɯɟɦɚ. ȿɞɢɧɫɬɜɟɧɧɵɣ ɫɩɨɫɨɛ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɞɜɭɯ ɪɚɡɥɢɱɧɵɯ ɫɯɟɦ ɜ ɨɞɧɨɣ ɨɪɝɚɧɢɡɚɰɢɢ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɪɚɡɜɟɪɬɵɜɚɬɶ ɞɜɚ ɨɬɞɟɥɶɧɵɯ ɥɟɫɚ. • Ɉɛɳɢɣ ɪɚɡɞɟɥ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ. ȼɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɥɟɫɭ ɢɦɟɸɬ ɨɞɢɧ ɢ ɬɨɬ ɠɟ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɵɣ ɤɨɧɬɟɣɧɟɪ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ. Ɋɚɡɞɟɥ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ ɢɧɬɟɧɫɢɜɧɨ ɢɫɩɨɥɶɡɭɟɬɫɹ ɩɪɢɥɨɠɟɧɢɹɦɢ, ɩɨɞɞɟɪɠɢɜɚɸɳɢɦɢ ɫɥɭɠɛɭ Active Directory (Echange Server 2000 ɢ ISA). • Ɉɛɳɢɣ ɝɥɨɛɚɥɶɧɵɣ ɤɚɬɚɥɨɝ GC. Ɉɧ ɫɨɞɟɪɠɢɬ ɢɧɮɨɪɦɚɰɢɸ ɨɛɨ ɜɫɟɯ ɨɛɴɟɤɬɚɯ ɜ ɥɟɫɭ. ɗɬɨ ɞɟɥɚɟɬ ɩɨɢɫɤ ɥɸɛɨɝɨ ɨɛɴɟɤɬɚ ɛɨɥɟɟ ɷɮɮɟɤɬɢɜɧɵɦ ɢ ɞɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɜɯɨɞɢɬɶ ɧɚ ɥɸɛɨɣ ɞɨɦɟɧ ɥɟɫɚ, ɢɫɩɨɥɶɡɭɹ ɫɜɨɢ ɢɦɟɧɚ UPN. • щ .В ɞɥɹ ɥɟɫɚ ɫɨɡɞɚɸɬɫɹ ɞɜɟ ɝɪɭɩɩɵ ɛɟɡɨɩɚɫɧɨɫɬɢ (security groups). ɂɦ ɩɪɟɞɨɫɬɚɜɥɹɸɬɫɹ ɬɚɤɢɟ ɪɚɡɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɦɢ ɧɟ ɨɛɥɚɞɚɸɬ ɧɢɤɚɤɢɟ ɞɪɭɝɢɟ ɩɨɥɶɡɨɜɚɬɟɥɢ. Ƚɪɭɩɩɚ Schema Admins ɹɜɥɹɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɨɣ ɝɪɭɩɩɨɣ, ɤɨɬɨɪɚɹ ɢɦɟɟɬ ɩɪɚɜɨ ɢɡɦɟɧɹɬɶ ɫɯɟɦɭ, ɚ ɝɪɭɩɩɚ Enterprise Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɩɪɟɞɩɪɢɹɬɢɹ) ɹɜɥɹɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɨɣ ɝɪɭɩɩɨɣ, ɤɨɬɨɪɚɹ ɢɦɟɟɬ ɩɪɚɜɨ ɜɵɩɨɥɧɹɬɶ ɞɟɣɫɬɜɢɹ ɧɚ ɭɪɨɜɧɟ ɥɟɫɚ, ɬɚɤɢɟ ɤɚɤ ɞɨɛɚɜɥɟɧɢɟ ɢɥɢ ɭɞɚɥɟɧɢɟ ɞɨɦɟɧɨɜ ɢɡ ɥɟɫɚ. Ƚɪɭɩɩɚ Enterprise Admins ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɞɨɛɚɜɥɹɟɬɫɹ ɤ ɤɚɠɞɨɣ ɦɟɫɬɧɨɣ ɝɪɭɩɩɟ Administrators (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ) ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɜ ɤɚɠɞɨɦ ɞɨɦɟɧɟ ɥɟɫɚ. • Ɉɛɳɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ. ȼɫɟ ɞɨɦɟɧɵ ɜ ɥɟɫɭ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɬɚɤ, ɱɬɨɛɵ ɞɨɜɟɪɹɬɶ ɜɫɟɦ ɞɪɭɝɢɦ ɞɨɦɟɧɚɦ ɥɟɫɚ. Ȼɨɥɟɟ ɩɨɞɪɨɛɧɨ ɨ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɹɯ ɪɚɫɫɤɚɡɚɧɨ ɜ ɫɥɟɞɭɸɳɟɦ ɪɚɡɞɟɥɟ. ɇɚ ɪɢɫɭɧɤɟ 2-8 ɩɨɤɚɡɚɧ ɥɟɫ Contoso.
ɉɨ ɭɦɨɥɱɚɧɢɸ ɞɨɦɟɧ ɹɜɥɹɟɬɫɹ ɝɪɚɧɢɰɟɣ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ ɜ ɨɪɝɚɧɢɡɚɰɢɢ. ɂɦɟɹ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɟ ɪɚɡɪɟɲɟɧɢɹ, ɥɸɛɨɣ ɭɱɚɫɬɧɢɤ ɛɟɡɨɩɚɫɧɨɫɬɢ (ɧɚɩɪɢɦɟɪ, ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɝɪɭɩɩɵ) ɦɨɠɟɬ ɨɛɪɚɳɚɬɶɫɹ ɤ ɥɸɛɨɦɭ ɨɛɳɟɞɨɫɬɭɩɧɨɦɭ ɪɟɫɭɪɫɭ ɜ ɬɨɦ ɠɟ ɫɚɦɨɦ ɞɨɦɟɧɟ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ, ɤɨɬɨɪɵɟ ɧɚɯɨɞɹɬɫɹ ɡɚ ɩɪɟɞɟɥɚɦɢ ɞɨɦɟɧɚ, ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɫɥɭɠɛɵ Active Directory. ɩɪɟɞɫɬɚɜɥɹɸɬ ɫɨɛɨɣ ɨɩɨɡɧɚɜɚɬɟɥɶɧɭɸ ɫɜɹɡɶ ɦɟɠɞɭ ɞɜɭɦɹ ɞɨɦɟɧɚɦɢ, ɫ ɩɨɦɨɳɶɸ ɤɨɬɨɪɨɣ ɭɱɚɫɬɧɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ ɦɨɝɭɬ ɩɨɥɭɱɚɬɶ ɩɨɥɧɨɦɨɱɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɧɚ ɞɪɭɝɨɦ ɞɨɦɟɧɟ. ȿɫɬɶ ɧɟɫɤɨɥɶɤɨ ɬɢɩɨɜ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ, ɜɤɥɸɱɚɸɳɢɯ: • ɬɪɚɧɡɢɬɢɜɧɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ; • ɨɞɧɨɫɬɨɪɨɧɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ; • ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ;
•
ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɨɛɥɚɫɬɢ.
ȼɫɟ ɞɨɦɟɧɵ ɞɟɪɟɜɚ ɩɨɞɞɟɪɠɢɜɚɸɬ ɬɪɚɧɡɢɬɢɜɧɵɟ ɞɜɭɯɫɬɨɪɨɧɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɫ ɞɪɭɝɢɦɢ ɞɨɦɟɧɚɦɢ ɜ ɷɬɨɦ ɞɟɪɟɜɟ. ȼ ɩɪɢɦɟɪɟ, ɪɚɫɫɦɨɬɪɟɧɧɨɦ ɜɵɲɟ, ɤɨɝɞɚ ɞɨɦɟɧ NAmerica.Contoso.com ɫɨɡɞɚɟɬɫɹ ɤɚɤ ɞɨɱɟɪɧɢɣ ɞɨɦɟɧ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ Contoso.com, ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɫɨɡɞɚɸɬɫɹ ɞɜɭɯɫɬɨɪɨɧɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ NAmerica.Contoso.com ɢ Contoso.com. ɑɟɪɟɡ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɸɛɨɣ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜ ɞɨɦɟɧɟ NAmerica.Contoso.com ɦɨɠɟɬ ɨɛɪɚɳɚɬɶɫɹ ɤ ɥɸɛɨɦɭ ɪɟɫɭɪɫɭ ɜ ɞɨɦɟɧɟ Contoso.com, ɧɚ ɞɨɫɬɭɩ ɤ ɤɨɬɨɪɨɦɭ ɟɫɬɶ ɪɚɡɪɟɲɟɧɢɟ. Ⱥɧɚɥɨɝɢɱɧɨ, ɟɫɥɢ ɜ ɞɨɦɟɧɟ Contoso.com ɢɦɟɸɬɫɹ ɤɚɤɢɟ-ɥɢɛɨ ɭɱɚɫɬɧɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ (ɤɚɤ ɜ ɧɟɧɚɡɧɚɱɟɧɧɨɦ ɤɨɪɧɟɜɨɦ ɞɨɦɟɧɟ), ɢɦ ɦɨɠɧɨ ɞɚɜɚɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɞɨɦɟɧɚ NAmerica.Contoso.com. ȼ ɩɪɟɞɟɥɚɯ ɥɟɫɚ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɭɫɬɚɧɚɜɥɢɜɚɸɬɫɹ ɢɥɢ ɤɚɤ ɪɨɞɢɬɟɥɶɫɤɨ-ɞɨɱɟɪɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ, ɢɥɢ ɤɚɤ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɤɨɪɧɹ ɞɟɪɟɜɚ (tree root). ɉɪɢɦɟɪɨɦ ɪɨɞɢɬɟɥɶɫɤɨ-ɞɨɱɟɪ-ɧɢɯ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɹɜɥɹɸɬɫɹ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ NAmerica.Contoso.com ɢ Contoso.com. Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɤɨɪɧɹ ɞɟɪɟɜɚ - ɷɬɨ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɜɭɦɹ ɞɟɪɟɜɶɹɦɢ ɜ ɥɟɫɭ, ɧɚɩɪɢɦɟɪ, ɦɟɠɞɭ Contoso.com ɢ Fabrikam.com. ȼɫɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ ɥɟɫɚ ɹɜɥɹɸɬɫɹ ɬɪɚɧɡɢɬɢɜɧɵɦɢ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɫɟ ɞɨɦɟɧɵ ɜ ɥɟɫɭ ɞɨɜɟɪɹɸɬ ɞɪɭɝ ɞɪɭɝɭ. ȿɫɥɢ ɞɨɦɟɧ Contoso.com ɞɨɜɟɪɹɟɬ ɞɨɦɟɧɭ NAmerica.Contoso.com ɢ ɞɨɦɟɧ Europe.Contoso.com ɞɨɜɟɪɹɟɬ ɞɨɦɟɧɭ Contoso.com, ɬɨ ɬɪɚɧɡɢɬɢɜɧɨɫɬɶ ɭɤɚɡɵɜɚɟɬ ɧɚ ɬɨ, ɱɬɨ ɞɨɦɟɧ Europe.Contoso.com ɬɚɤɠɟ ɞɨɜɟɪɹɟɬ ɞɨɦɟɧɭ NAmerica.Contoso.com. ɉɨɷɬɨɦɭ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜ ɞɨɦɟɧɟ NAmerica. Contoso.com ɦɨɝɭɬ ɨɛɪɚɳɚɬɶɫɹ ɤ ɪɟɫɭɪɫɚɦ, ɢɦɟɸɳɢɦɫɹ ɜ ɞɨɦɟɧɟ Europe.Contoso.com, ɢ ɧɚɨɛɨɪɨɬ. ɋɜɨɣɫɬɜɨ ɬɪɚɧɡɢɬɢɜɧɨɫɬɢ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɩɪɢɦɟɧɢɦɨ ɤ ɞɨɜɟɪɢɬɟɥɶɧɵɦ ɨɬɧɨɲɟɧɢɹɦ ɤɨɪɧɹ ɞɟɪɟɜɚ. Ⱦɨɦɟɧ NAmerica.Contoso.com ɞɨɜɟɪɹɟɬ ɞɨɦɟɧɭ Contoso.com, ɢ ɞɨɦɟɧ Contoso.com ɞɨɜɟɪɹɟɬ ɞɨɦɟɧɭ Fabrikam.com. ɉɨɷɬɨɦɭ ɞɨɦɟɧ NAmerica. Contoso.com ɢ ɞɨɦɟɧ Fabrikam.com ɬɚɤɠɟ ɢɦɟɸɬ ɬɪɚɧɡɢɬɢɜɧɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɞɪɭɝ ɫ ɞɪɭɝɨɦ. ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɞɜɭɯɫɬɨɪɨɧɧɢɦ ɬɪɚɧɡɢɬɢɜɧɵɦ ɞɨɜɟɪɢɬɟɥɶɧɵɦ ɨɬɧɨɲɟɧɢɹɦ, ɤɨɬɨɪɵɟ ɭɫɬɚɧɚɜɥɢɜɚɸɬɫɹ ɩɪɢ ɫɨɡɞɚɧɢɢ ɧɨɜɨɝɨ ɞɨɱɟɪɧɟɝɨ ɞɨɦɟɧɚ, ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ ɥɟɫɚ ɦɨɝɭɬ ɛɵɬɶ ɫɨɡɞɚɧɵ ɨɞɧɨɫɬɨɪɨɧɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ. ɗɬɨ ɞɟɥɚɟɬɫɹ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɪɚɡɪɟɲɢɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ, ɤɨɬɨɪɵɟ ɧɟ ɫɨɫɬɨɹɬ ɜ ɩɪɹɦɵɯ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɹɯ. Ɉɞɧɨɫɬɨɪɨɧɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɬɚɤɠɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɨɩɬɢɦɢɡɚɰɢɢ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɢ ɪɚɛɨɬɵ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ, ɤɨɬɨɪɵɟ ɫɜɹɡɚɧɵ ɬɪɚɧɡɢɬɢɜɧɵɦɢ ɞɨɜɟɪɢɬɟɥɶɧɵɦɢ ɨɬɧɨɲɟɧɢɹɦɢ. ɗɬɢ ɨɞɧɨɫɬɨɪɨɧɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɧɚɡɵɜɚɸɬɫɹ ɭɤɨɪɨɱɟɧɧɵɦɢ ɞɨɜɟɪɢɬɟɥɶɧɵɦɢ ɨɬɧɨɲɟɧɢɹɦɢ (shortcut trusts). ɍɤɨɪɨɱɟɧɧɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɧɭɠɧɵ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɤɨɝɞɚ ɬɪɟɛɭɟɬɫɹ ɱɚɫɬɵɣ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ, ɤɨɬɨɪɵɟ ɭɞɚɥɟɧɧɨ ɫɜɹɡɚɧɵ ɱɟɪɟɡ ɞɟɪɟɜɨ ɞɨɦɟɧɚ ɢɥɢ ɥɟɫ. ɉɪɢɦɟɪɨɦ ɷɬɨɦɭ ɹɜɥɹɟɬɫɹ ɥɟɫ Contoso, ɢɡɨɛɪɚɠɟɧɧɵɣ ɧɚ ɪɢɫɭɧɤɟ 2-9.
. 2-9.
Contoso
ȿɫɥɢ ɝɪɭɩɩɚ ɛɟɡɨɩɚɫɧɨɫɬɢ ɜ ɞɨɦɟɧɟ Sales.Europe.Contoso.com ɱɚɫɬɨ ɨɛɪɚɳɚɟɬɫɹ ɤ ɨɛɳɟɦɭ ɪɟɫɭɪɫɭ ɜ ɞɨɦɟɧɟ Research.NAmerica.Contoso.com, ɬɨ ɩɪɢ ɧɚɥɢɱɢɢ ɬɨɥɶɤɨ ɬɪɚɧɡɢɬɢɜɧɵɯ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜ ɞɨɦɟɧɟ Sales.Europe.Contoso.com ɞɨɥɠɧɵ ɩɨɞɬɜɟɪɠɞɚɬɶ ɩɨɞɥɢɧɧɨɫɬɶ ɜ ɤɚɠɞɨɦ ɞɨɦɟɧɟ ɞɟɪɟɜɚ, ɪɚɫɩɨɥɨɠɟɧɧɨɦ ɦɟɠɞɭ ɧɢɦɢ ɢ ɞɨɦɟɧɨɦ, ɤɨɬɨɪɵɣ ɫɨɞɟɪɠɢɬ ɪɟɫɭɪɫ. Ɍɚɤɚɹ ɨɪɝɚɧɢɡɚɰɢɹ ɪɚɛɨɬɵ ɧɟɷɮɮɟɤɬɢɜɧɚ, ɟɫɥɢ ɱɚɫɬɨ ɜɨɡɧɢɤɚɟɬ ɩɨɬɪɟɛɧɨɫɬɶ ɞɨɫɬɭɩɚ ɤ ɷɬɢɦ ɪɟɫɭɪɫɚɦ. ɍɤɨɪɨɱɟɧɧɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɹɜɥɹɸɬɫɹ ɩɪɹɦɵɦɢ ɨɞɧɨɫɬɨɪɨɧɧɢɦɢ ɞɨɜɟɪɢɬɟɥɶɧɵɦɢ ɨɬɧɨɲɟɧɢɹɦɢ, ɤɨɬɨɪɵɟ ɞɚɞɭɬ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɜ ɞɨɦɟɧɟ Sales.Europe.Contoso.com ɷɮɮɟɤɬɢɜɧɨ ɩɨɞɬɜɟɪɠɞɚɬɶ ɩɨɞɥɢɧɧɨɫɬɶ ɜ ɞɨɦɟɧɟ Research.NAmerica.Contoso.com ɛɟɡ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɩɟɪɟɫɟɤɚɬɶ ɜɫɟ ɞɟɪɟɜɨ ɤɚɬɚɥɨɝɚ, ɱɬɨɛɵ ɬɭɞɚ ɞɨɛɪɚɬɶɫɹ. ɇɚ ɪɢɫɭɧɤɟ 2-10 ɩɨɤɚɡɚɧɵ ɷɬɢ ɩɪɹɦɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ. ȿɫɥɢ ɜɨɡɧɢɤɚɟɬ ɩɨɬɪɟɛɧɨɫɬɶ ɭɫɬɚɧɨɜɢɬɶ ɬɚɤɢɟ ɠɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɜ ɞɪɭɝɨɦ ɧɚɩɪɚɜɥɟɧɢɢ, ɦɨɠɧɨ ɫɨɡɞɚɬɶ ɩɪɹɦɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɷɬɢɦɢ ɞɜɭɦɹ ɞɨɦɟɧɚɦɢ, ɜɡɚɢɦɧɨ ɢɡɦɟɧɢɜ ɢɯ ɪɨɥɢ. (Ɍɚɤɢɟ ɞɜɨɣɧɵɟ ɩɪɹɦɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɤɚɠɭɬɫɹ ɬɪɚɧɡɢɬɢɜɧɵɦɢ ɨɬɧɨɲɟɧɢɹɦɢ, ɧɨ ɷɬɢ ɢɫɤɥɸɱɢɬɟɥɶɧɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɧɟ ɩɪɨɫɬɢɪɚɸɬɫɹ ɡɚ ɩɪɟɞɟɥɵ ɷɬɢɯ ɞɜɭɯ ɞɨɦɟɧɨɜ). ɹɜɥɹɸɬɫɹ ɧɨɜɨɣ ɮɭɧɤɰɢɟɣ ɜ Windows Server 2003. Ɉɧɢ ɩɪɟɞɫɬɚɜɥɹɸɬ ɫɨɛɨɣ ɞɜɭɯɫɬɨɪɨɧɧɢɟ ɬɪɚɧɡɢɬɢɜɧɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɜɭɦɹ ɨɬɞɟɥɶɧɵɦɢ ɥɟɫɚɦɢ. ɋ ɩɨɦɨɳɶɸ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɥɟɫɚ ɭɱɚɫɬɧɢɤɭ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɩɪɢɧɚɞɥɟɠɚɳɟɦɭ ɨɞɧɨɦɭ ɥɟɫɭ, ɦɨɠɧɨ ɞɚɜɚɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɜ ɥɸɛɨɦ ɞɨɦɟɧɟ ɫɨɜɟɪɲɟɧɧɨ ɞɪɭɝɨɝɨ ɥɟɫɚ. Ʉɪɨɦɟ ɬɨɝɨ, ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɜɯɨɞɢɬɶ ɧɚ ɥɸɛɨɣ ɞɨɦɟɧ ɨɛɨɢɯ ɥɟɫɨɜ, ɢɫɩɨɥɶɡɭɹ ɨɞɧɨ ɢ ɬɨ ɠɟ ɢɦɹ UPN.
•
Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ ɧɟ ɹɜɥɹɸɬɫɹ ɬɪɚɧɡɢɬɢɜɧɵɦɢ ɩɨ ɨɬɧɨɲɟɧɢɸ ɤ ɞɪɭɝɢɦ ɥɟɫɚɦ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ Forest 1 ɢɦɟɟɬ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ ɫ Forest2, ɢ Forest2 ɢɦɟɟɬ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ ɫ Forest3, ɬɨ Forestl ɧɟ ɢɦɟɟɬ ɚɜɬɨɦɚɬɢɱɟɫɤɢɯ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɥɟɫɚ ɫ Forest3. • Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ ɞɟɥɚɸɬ ɜɨɡɦɨɠɧɨɣ ɬɨɥɶɤɨ ɢɞɟɧɬɢɮɢɤɚɰɢɸ ɦɟɠɞɭ ɥɟɫɚɦɢ, ɨɧɢ ɧɟ ɨɛɟɫɩɟɱɢɜɚɸɬ ɞɪɭɝɢɟ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ. ɇɚɩɪɢɦɟɪ, ɤɚɠɞɵɣ ɥɟɫ ɛɭɞɟɬ ɢɦɟɬɶ ɭɧɢɤɚɥɶɧɵɣ ɤɚɬɚɥɨɝ GC, ɫɯɟɦɭ ɢ ɪɚɡɞɟɥ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ. ɂɧɮɨɪɦɚɰɢɹ ɦɟɠɞɭ ɷɬɢɦɢ ɞɜɭɦɹ ɥɟɫɚɦɢ ɧɟ ɤɨɩɢɪɭɟɬɫɹ, ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ ɩɪɨɫɬɨ ɞɟɥɚɸɬ ɜɨɡɦɨɠɧɵɦ ɧɚɡɧɚɱɟɧɢɟ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ ɦɟɠɞɭ ɥɟɫɚɦɢ. • ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɜɚɦ ɩɨɬɪɟɛɭɟɬɫɹ ɭɫɬɚɧɨɜɢɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɜɫɟɦɢ ɞɨɦɟɧɚɦɢ ɨɞɧɨɝɨ ɥɟɫɚ ɢ ɜɫɟɦɢ ɞɨɦɟɧɚɦɢ ɞɪɭɝɨɝɨ ɥɟɫɚ. Ⱦɥɹ ɷɬɨɝɨ ɜɵ ɦɨɠɟɬɟ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɨɞɧɨɫɬɨɪɨɧɧɢɟ, ɧɟ ɬɪɚɧɡɢɬɢɜɧɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɢɧɞɢɜɢɞɭɚɥɶɧɵɦɢ ɞɨɦɟɧɚɦɢ ɜ ɞɜɭɯ ɨɬɞɟɥɶɧɵɯ ɥɟɫɚɯ. ɇɚ ɪɢɫɭɧɤɟ 2-11 ɩɨɤɚɡɚɧɵ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ ɤɨɦɩɚɧɢɢ Contoso.
. 2-11. NWTraders.com,
Contoso
Contoso.com
ɉɨɫɥɟɞɧɢɣ ɬɢɩ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ — ɷɬɨ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɨɛɥɚɫɬɢ (Realm Trusts). Ɉɧɢ ɭɫɬɚɧɚɜɥɢɜɚɸɬɫɹ ɦɟɠɞɭ ɞɨɦɟɧɨɦ ɢɥɢ ɥɟɫɨɦ Windows Server 2003 ɢ ɧɟ Windowsɪɟɚɥɢɡɚɰɢɟɣ ɨɛɥɚɫɬɢ Kerberos v5. Ɂɚɳɢɬɚ Kerberos ɨɫɧɨɜɚɧɚ ɧɚ ɨɬɤɪɵɬɨɦ ɫɬɚɧɞɚɪɬɟ, ɢɦɟɸɬɫɹ ɞɪɭɝɢɟ ɫɢɟɬɟɦɵ ɫɟɬɟɜɨɣ ɡɚɳɢɬɵ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɩɪɨɬɨɤɨɥɟ Kerberos. Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɨɛɥɚɫɬɢ ɦɨɠɧɨ ɫɨɡɞɚɬɶ ɦɟɠɞɭ ɥɸɛɵɦɢ Kerberos-ɨɛɥɚɫ-ɬɹɦɢ, ɤɨɬɨɪɵɟ ɩɨɞɞɟɪɠɢɜɚɸɬ ɫɬɚɧɞɚɪɬ Kerberos v5. Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɨɛɥɚɫɬɢ ɦɨɝɭɬ ɛɵɬɶ ɨɞɧɨɫɬɨɪɨɧɧɢɦɢ ɢɥɢ ɞɜɭɯɫɬɨɪɨɧɧɢɦɢ, ɢɯ ɦɨɠɧɨ ɬɚɤɠɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɤɚɤ ɬɪɚɧɡɢɬɢɜɧɵɟ ɢ ɧɟ ɬɪɚɧɡɢɬɢɜɧɵɟ.
ȼɫɟ ɥɨɝɢɱɟɫɤɢɟ ɤɨɦɩɨɧɟɧɬɵ Active Directory, ɨɛɫɭɠɞɚɟɦɵɟ ɞɨ ɫɢɯ ɩɨɪ, ɩɪɚɤɬɢɱɟɫɤɢ ɧɟ ɡɚɜɢɫɹɬ ɨɬ ɮɢɡɢɱɟɫɤɨɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɫɟɬɢ. ɇɚɩɪɢɦɟɪ, ɩɪɢ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ ɫɬɪɭɤɬɭɪɵ ɞɨɦɟɧɚ ɞɥɹ ɤɨɪɩɨɪɚɰɢɢ ɜɨɩɪɨɫ ɨ ɬɨɦ, ɝɞɟ ɪɚɫɩɨɥɨɠɟɧɵ ɩɨɥɶɡɨɜɚɬɟɥɢ, ɹɜɥɹɟɬɫɹ ɧɟ ɫɚɦɵɦ ɜɚɠɧɵɦ. ȼɫɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜ ɞɨɦɟɧɟ ɦɨɝɭɬ ɧɚɯɨɞɢɬɶɫɹ ɜ ɟɞɢɧɫɬɜɟɧɧɨɦ ɨɮɢɫɧɨɦ ɫɬɪɨɟɧɢɢ ɢɥɢ ɜ ɨɮɢɫɚɯ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɩɨ ɜɫɟɦɭ ɦɢɪɭ. ɇɟɡɚɜɢɫɢɦɨɫɬɶ ɥɨɝɢɱɟɫɤɢɯ ɤɨɦɩɨɧɟɧɬɨɜ ɨɬ ɫɟɬɟɜɨɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɜɨɡɧɢɤɚɟɬ ɜɫɥɟɞɫɬɜɢɟ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɫɚɣɬɨɜ ɜ Active Directory. ɋɚɣɬɵ ɨɛɟɫɩɟɱɢɜɚɸɬ ɫɨɟɞɢɧɟɧɢɟ ɦɟɠɞɭ ɥɨɝɢɱɟɫɤɢɦɢ ɤɨɦɩɨɧɟɧɬɚɦɢ Active Directory ɢ ɮɢɡɢɱɟɫɤɨɣ ɫɟɬɟɜɨɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɨɣ. ɩɪɟɞɫɬɚɜɥɹɟɬ ɨɛɥɚɫɬɶ ɫɟɬɢ, ɝɞɟ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫɜɹɡɚɧɵ ɛɵɫɬɪɵɦ, ɧɟɞɨɪɨɝɢɦ ɢ ɧɚɞɟɠɧɵɦ ɫɟɬɟɜɵɦ ɩɨɞɤɥɸɱɟɧɢɟɦ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɫɚɣɬ ɫɨɞɟɪɠɢɬ ɨɞɧɭ ɢɥɢ ɛɨɥɟɟ ɩɨɞɫɟɬɟɣ ɫ ɩɪɨɬɨɤɨɥɨɦ ɢɧɬɟɪɧɟɬɚ (IP), ɫɜɹɡɚɧɧɵɯ ɥɨɤɚɥɶɧɨɣ ɫɟɬɶɸ (LAN) ɢɥɢ ɛɵɫɬɪɨɞɟɣɫɬɜɭɸɳɟɣ ɝɥɨɛɚɥɶɧɨɣ ɫɟɬɶɸ (WAN), ɩɨɞɤɥɸɱɟɧɧɵɯ ɤ ɨɫɬɚɥɶɧɨɣ ɱɚɫɬɢ ɫɟɬɢ ɱɟɪɟɡ ɛɨɥɟɟ ɦɟɞɥɟɧɧɵɟ WAN-ɩɨɞɤɥɸɱɟɧɢɹ. Ɉɫɧɨɜɧɚɹ ɩɪɢɱɢɧɚ ɞɥɹ ɫɨɡɞɚɧɢɹ ɫɚɣɬɨɜ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɢɦɟɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɭɩɪɚɜɥɹɬɶ ɥɸɛɵɦ ɫɟɬɟɜɵɦ ɬɪɚɮɢɤɨɦ, ɤɨɬɨɪɵɣ ɞɨɥɠɟɧ ɢɫɩɨɥɶɡɨɜɚɬɶ ɦɟɞɥɟɧɧɵɟ ɫɟɬɟɜɵɟ ɩɨɞɤɥɸɱɟɧɢɹ. ɋɚɣɬɵ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɫɟɬɟɜɵɦ ɬɪɚɮɢɤɨɦ ɜ ɩɪɟɞɟɥɚɯ ɫɟɬɢ Windows Server 2003 ɬɪɟɦɹ ɪɚɡɥɢɱɧɵɦɢ ɫɩɨɫɨɛɚɦɢ. • Ɋɟɩɥɢɤɚɰɢɹ. Ɉɞɧɢɦ ɢɡ ɜɚɠɧɟɣɲɢɯ ɫɩɨɫɨɛɨɜ, ɤɨɬɨɪɵɦ ɫɚɣɬɵ ɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɨɩɬɢɦɢɡɚɰɢɢ ɫɟɬɟɜɨɝɨ ɬɪɚɮɢɤɚ, ɹɜɥɹɟɬɫɹ ɭɩɪɚɜɥɟɧɢɟ ɬɪɚɮɢɤɨɦ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɨɜ ɢ GC-ɫɟɪɜɟɪɚɦɢ. ȼ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɥɸɛɨɟ ɢɡɦɟɧɟɧɢɟ, ɫɞɟɥɚɧɧɨɟ ɜ ɤɚɬɚɥɨɝɟ, ɛɭɞɟɬ ɤɨɩɢɪɨɜɚɬɶɫɹ ɜ ɬɟɱɟɧɢɟ ɩɪɢɛɥɢɡɢɬɟɥɶɧɨ ɩɹɬɢ ɦɢɧɭɬ. Ƚɪɚɮɢɤɨɦ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɦɨɠɧɨ ɭɩɪɚɜɥɹɬɶ ɬɚɤ, ɱɬɨɛɵ ɪɟɩɥɢɤɚɰɢɹ ɩɪɨɢɫɯɨɞɢɥɚ ɜɨ ɜɪɟɦɹ ɧɟɪɚɛɨɱɢɯ ɱɚɫɨɜ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɫɠɚɬ ɞɥɹ ɫɨɯɪɚɧɟɧɢɹ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɫɟɬɢ, ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɧɟ ɫɠɢɦɚɟɬɫɹ. (ȼ ɝɥɚɜɟ 4 ɩɪɟɞɫɬɚɜɥɟɧɚ ɛɨɥɟɟ ɞɟɬɚɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɢ ɨɬɧɨɫɢɬɟɥɶɧɨ ɪɚɡɥɢɱɢɣ ɦɟɠɞɭ ɜɧɭɬɪɢɫɚɣɬɨɜɨɣ ɢ ɦɟɠɫɚɣɬɨɜɨɣ ɪɟɩɥɢɤɚɰɢɹɦɢ.)
•
ɂɞɟɧɬɢɮɢɤɚɰɢɹ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɞɨɦɟɧ Windows Server 2003 ɫ ɤɥɢɟɧɬɚ, ɧɚ ɤɨɬɨɪɨɦ ɪɚɛɨɬɚɟɬ ɫɢɫɬɟɦɚ Windows 2000 ɢɥɢ Microsoft Windows XP Professional, ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɩɪɨɛɭɟɬ ɩɨɞɤɥɸɱɢɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɧɚɯɨɞɹɳɢɣɫɹ ɜ ɬɨɦ ɠɟ ɫɚɦɨɦ ɫɚɣɬɟ, ɝɞɟ ɧɚɯɨɞɢɬɫɹ ɤɥɢɟɧɬ. ȼ ɝɥɚɜɟ 3 ɛɭɞɟɬ ɨɛɫɭɠɞɚɬɶɫɹ, ɤɚɤ ɤɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɪɟɝɢɫɬɪɢɪɭɟɬ ɡɚɩɢɫɢ ɭɤɚɡɚɬɟɥɹ ɫɥɭɠɛ (SRV), ɫɩɟɰɢɮɢɱɟɫɤɢɟ ɞɥɹ ɫɚɣɬɚ. Ʉɨɝɞɚ ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɩɵɬɚɟɬɫɹ ɧɚɣɬɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɨɧ ɜɫɟɝɞɚ ɡɚɩɪɚɲɢɜɚɟɬ ɡɚɩɢɫɢ ɫɚɣɬɨɜ ɭ DNSɫɟɪɜɟɪɨɜ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɬɪɚɮɢɤ ɜɯɨɞɚ ɤɥɢɟɧɬɚ ɜ ɫɢɫɬɟɦɭ ɨɫɬɚɧɟɬɫɹ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ. ȿɫɥɢ ɞɨɦɟɧ ɪɚɛɨɬɚɟɬ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000 native (ɨɫɧɨɜɧɨɣ) ɢɥɢ Windows Server 2003, ɬɨ ɤɥɢɟɧɬ ɛɭɞɟɬ ɩɵɬɚɬɶɫɹ ɧɚɣɬɢ ɤɚɬɚɥɨɝ GC ɜɨ ɜɪɟɦɹ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. ȿɫɥɢ ɧɚ ɫɚɣɬɟ ɢɦɟɟɬɫɹ GC-ɫɟɪɜɟɪ, ɤɥɢɟɧɬ ɫɨɟɞɢɧɢɬɫɹ ɫ ɷɬɢɦ ɫɟɪɜɟɪɨɦ. (Ɋɨɥɶ ɫɚɣɬɨɜ ɜ ɩɨɢɫɤɟ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɩɨɞɪɨɛɧɨ ɨɛɫɭɠɞɚɟɬɫɹ ɜ ɝɥ. 3.) . , Windows NT 4 SP6a, Active Directory, Directory Services Client ( ), http://www.microsoft.com/ windows2000/server/evaluation/news/bulletins/ adextension.asp. , Windows 95 Windows 98, Directory Services Client Windows Server 2000. • ɋɟɬɟɜɵɟ ɫɥɭɠɛɵ, ɭɱɢɬɵɜɚɸɳɢɟ ɧɚɥɢɱɢɟ ɫɚɣɬɨɜ. Ɍɪɟɬɢɣ ɫɩɨɫɨɛ, ɤɨɬɨɪɵɣ ɩɨɡɜɨɥɹɟɬ ɫɚɣɬɚɦ ɫɨɯɪɚɧɹɬɶ ɜɵɫɨɤɭɸ ɩɪɨɩɭɫɤɧɭɸ ɫɩɨɫɨɛɧɨɫɬɶ, ɫɨɫɬɨɢɬ ɜ ɨɝɪɚɧɢɱɟɧɢɢ ɤɥɢɟɧɬɫɤɢɯ ɩɨɞɤɥɸɱɟɧɢɣ ɤ ɫɚɣɬɭ ɬɨɥɶɤɨ ɬɟɦɢ ɩɪɢɥɨɠɟɧɢɹɦɢ ɢ ɫɥɭɠɛɚɦɢ, ɤɨɬɨɪɵɟ ɭɱɢɬɵɜɚɸɬ ɧɚɥɢɱɢɟ ɫɚɣɬɨɜ. ɇɚɩɪɢɦɟɪ, ɢɫɩɨɥɶɡɭɹ ɪɚɫɩɪɟɞɟɥɟɧɧɭɸ ɮɚɣɥɨɜɭɸ ɫɢɫɬɟɦɭ (DFS Distributed File System), ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɜɚɬɶ ɧɟɫɤɨɥɶɤɨ ɪɟɩɥɢɤ ɩɚɩɤɢ ɧɚ ɪɚɡɥɢɱɧɵɯ ɫɚɣɬɚɯ ɜ ɫɟɬɢ. ɉɨɫɤɨɥɶɤɭ ɫɢɫɬɟɦɚ DFS ɫɩɪɨɟɤɬɢɪɨɜɚɧɚ ɬɚɤ, ɱɬɨ ɨɧɚ ɭɱɢɬɵɜɚɟɬ ɤɨɧɮɢɝɭɪɚɰɢɸ ɫɚɣɬɚ, ɤɨɦɩɶɸɬɟɪɵ ɤɥɢɟɧɬɚ ɜɫɟɝɞɚ ɩɪɨɛɭɸɬ ɨɛɪɚɬɢɬɶɫɹ ɤ DFS-ɪɟɩɥɢɤɟ ɧɚ ɫɜɨɟɦ ɫɨɛɫɬɜɟɧɧɨɦ ɫɚɣɬɟ, ɩɪɟɠɞɟ ɱɟɦ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɜɹɡɢ WAN-ɫɟɬɢ, ɱɬɨɛɵ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɢɧɮɨɪɦɚɰɢɢ ɧɚ ɞɪɭɝɨɦ ɫɚɣɬɟ. Ʉɚɠɞɵɣ ɤɨɦɩɶɸɬɟɪ ɜ ɫɟɬɢ Windows Server 2003 ɛɭɞɟɬ ɧɚɡɧɚɱɟɧ ɫɚɣɬɭ. Ʉɨɝɞɚ ɫɥɭɠɛɚ Active Directory ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɜ ɫɪɟɞɟ Windows Server 2003, ɫɨɡɞɚɟɬɫɹ ɡɚɞɚɧɧɵɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɫɚɣɬ, ɧɚɡɵɜɚɟɦɵɣ Default First Site Name (ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɢɦɹ ɩɟɪɜɨɝɨ ɫɚɣɬɚ), ɢ ɜɫɟ ɤɨɦɩɶɸɬɟɪɵ ɥɟɫɚ ɛɭɞɭɬ ɧɚɡɧɚɱɟɧɵ ɷɬɨɦɭ ɫɚɣɬɭ, ɟɫɥɢ ɧɟ ɫɨɡɞɚɟɬɫɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɫɚɣɬɨɜ. Ʉɨɝɞɚ ɫɨɡɞɚɸɬɫɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɚɣɬɵ, ɨɧɢ ɫɜɹɡɵɜɚɸɬɫɹ ɫ ɩɨɞɫɟɬɹɦɢ IP. Ʉɨɝɞɚ ɫɟɪɜɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ ɫɢɫɬɟɦɚ Windows Server 2003, ɫɬɚɧɨɜɢɬɫɹ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɬɨ ɨɧ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɧɚɡɧɚɱɚɟɬɫɹ ɬɨɦɭ ɫɚɣɬɭ, ɤɨɬɨɪɵɣ ɧɚɡɧɚɱɟɧ IP-ɚɞɪɟɫɭ ɤɨɦɩɶɸɬɟɪɚ. ɉɪɢ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɦɨɠɧɨ ɩɟɪɟɦɟɳɚɬɶ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Sites And Services (Active Directory: ɋɚɣɬɵ ɢ ɫɥɭɠɛɵ). Ʉɥɢɟɧɬɫɤɢɟ ɤɨɦɩɶɸɬɟɪɵ ɨɩɪɟɞɟɥɹɸɬ ɫɜɨɢ ɫɚɣɬɵ ɜ ɩɟɪɜɵɣ ɪɚɡ, ɤɨɝɞɚ ɨɧɢ ɡɚɩɭɫɤɚɸɬɫɹ ɢ ɜɯɨɞɹɬ ɜ ɞɨɦɟɧ. ɉɨɫɤɨɥɶɤɭ ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɧɟ ɡɧɚɟɬ, ɤɚɤɨɦɭ ɫɚɣɬɭ ɨɧ ɩɪɢɧɚɞɥɟɠɢɬ, ɬɨ ɨɧ ɫɨɟɞɢɧɹɟɬɫɹ ɫ ɥɸɛɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. ȼ ɩɪɨɰɟɫɫɟ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫɨɨɛɳɢɬ ɤɥɢɟɧɬɭ, ɤɚɤɨɦɭ ɫɚɣɬɭ ɨɧ ɩɪɢɧɚɞɥɟɠɢɬ, ɢ ɤɥɢɟɧɬ ɛɭɞɟɬ ɤɷɲɢ-ɪɨɜɚɬɶ ɷɬɭ ɢɧɮɨɪɦɚɰɢɸ ɞɥɹ ɫɥɟɞɭɸɳɟɝɨ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. . IP, , Default First Site Name. , Windows Server 2003, . Ʉɚɤ ɭɠɟ ɛɵɥɨ ɫɤɚɡɚɧɨ ɜɵɲɟ, ɧɟɬ ɩɪɹɦɨɣ ɫɜɹɡɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɢ ɞɪɭɝɢɦɢ ɥɨɝɢɱɟɫɤɢɦɢ ɤɨɧɰɟɩɰɢɹɦɢ Active Directory. Ɉɞɢɧ ɫɚɣɬ ɦɨɠɟɬ ɫɨɞɟɪɠɚɬɶ ɛɨɥɟɟ ɨɞɧɨɝɨ ɞɨɦɟɧɚ, ɢ ɨɞɢɧ ɞɨɦɟɧ ɦɨɠɟɬ ɩɪɢɧɚɞɥɟɠɚɬɶ ɧɟɫɤɨɥɶɤɢɦ ɫɚɣɬɚɦ. ɇɚ ɪɢɫɭɧɤɟ 2-12 ɩɨɤɚɡɚɧɨ, ɱɬɨ ɫɚɣɬ Seattle ɫɨɞɟɪɠɢɬ ɞɜɚ ɞɨɦɟɧɚ: Contoso.com ɢ NAmerica.Contoso.com. Ⱦɨɦɟɧ NWTraders.com ɪɚɫɩɪɟɞɟɥɟɧ ɦɟɠɞɭ ɧɟɫɤɨɥɶɤɢɦɢ ɫɚɣɬɚɦɢ.
я.
. .
3
4 .
DNS ,
5 Active Directory.
ɉɭɬɟɦ ɪɟɚɥɢɡɚɰɢɢ ɧɟɫɤɨɥɶɤɢɯ ɞɨɦɟɧɨɜ ɜ ɥɟɫɭ ɜ ɜɢɞɟ ɨɞɧɨɝɨ ɢɥɢ ɧɟɫɤɨɥɶɤɢɯ ɞɟɪɟɜɶɟɜ ɫɥɭɠɛɚ Active Directory Windows Server 2003 ɦɨɠɟɬ ɦɚɫɲɬɚɛɢɪɨɜɚɬɶɫɹ ɬɚɤ, ɱɬɨɛɵ ɨɛɟɫɩɟɱɢɬɶ ɭɫɥɭɝɢ ɤɚɬɚɥɨɝɚ ɞɥɹ ɫɟɬɢ ɥɸɛɨɝɨ ɪɚɡɦɟɪɚ. Ɇɧɨɝɢɟ ɢɡ ɤɨɦɩɨɧɟɧɬɨɜ Active Directory, ɬɚɤɢɟ ɤɚɤ ɝɥɨɛɚɥɶɧɵɣ ɤɚɬɚɥɨɝ ɢ ɚɜɬɨɦɚɬɢɱɟɫɤɢɟ ɬɪɚɧɡɢɬɢɜɧɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ, ɩɪɟɞɧɚɡɧɚɱɟɧɵ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɫɞɟɥɚɬɶ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɢ ɭɩɪɚɜɥɟɧɢɟ ɤɚɬɚɥɨɝɨɦ ɩɪɟɞɩɪɢɹɬɢɹ ɷɮɮɟɤɬɢɜɧɵɦ, ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɧɚɫɤɨɥɶɤɨ ɛɨɥɶɲɢɦ ɫɬɚɧɨɜɢɬɫɹ ɤɚɬɚɥɨɝ. Ɉɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ (OU - Organizational Unit) ɩɪɟɞɧɚɡɧɚɱɟɧɵ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɨɛɥɟɝɱɢɬɶ ɭɩɪɚɜɥɟɧɢɟ ɫɥɭɠɛɨɣ Active Directory. OU ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɫɞɟɥɚɬɶ ɛɨɥɟɟ ɷɮɮɟɤɬɢɜɧɵɦ ɭɩɪɚɜɥɟɧɢɟ ɟɞɢɧɫɬɜɟɧɧɵɦ ɞɨɦɟɧɨɦ, ɜɦɟɫɬɨ ɬɨɝɨ ɱɬɨɛɵ ɢɦɟɬɶ ɞɟɥɨ ɫ ɭɩɪɚɜɥɟɧɢɟɦ ɧɟɫɤɨɥɶɤɢɦɢ ɞɨɦɟɧɚɦɢ ɫɥɭɠɛɵ Active Directory. OU ɫɥɭɠɚɬ ɞɥɹ ɫɨɡɞɚɧɢɹ ɢɟɪɚɪɯɢɱɟɫɤɨɣ ɫɬɪɭɤɬɭɪɵ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ. Ⱦɨɦɟɧ ɦɨɠɟɬ ɫɨɞɟɪɠɚɬɶ ɫɨɬɧɢ ɬɵɫɹɱ ɨɛɴɟɤɬɨɜ. ɍɩɪɚɜɥɟɧɢɟ ɬɚɤɢɦ ɤɨɥɢɱɟɫɬɜɨɦ ɨɛɴɟɤɬɨɜ ɛɟɡ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɨɩɪɟɞɟɥɟɧɧɵɯ ɫɪɟɞɫɬɜ ɨɪɝɚɧɢɡɚɰɢɢ ɨɛɴɟɤɬɨɜ ɜ ɥɨɝɢɱɟɫɤɢɟ ɝɪɭɩɩɵ ɡɚɬɪɭɞɧɟɧɨ. Ɉɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ ɜɵɩɨɥɧɹɸɬ ɢɦɟɧɧɨ ɷɬɢ ɮɭɧɤɰɢɢ. ɇɚ ɪɢɫɭɧɤɟ 2-13 ɩɨɤɚɡɚɧ ɩɪɢɦɟɪ ɫɬɪɭɤɬɭɪɵ OU ɜ ɤɨɪɩɨɪɚɰɢɢ Contoso.
. 2-13.
OU ɹɜɥɹɸɬɫɹ ɤɨɧɬɟɣɧɟɪɚɦɢ ɨɛɴɟɤɬɨɜ, ɫɨɞɟɪɠɚɳɢɦɢ ɧɟɫɤɨɥɶɤɨ ɬɢɩɨɜ ɨɛɴɟɤɬɨɜ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ: • ɤɨɦɩɶɸɬɟɪɵ; • ɤɨɧɬɚɤɬɵ;
• • • • • •
ɝɪɭɩɩɵ; inetOrgPerson; ɩɪɢɧɬɟɪɵ; ɩɨɥɶɡɨɜɚɬɟɥɢ; ɨɛɳɟɞɨɫɬɭɩɧɵɟ ɩɚɩɤɢ; ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ. Ɉɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɝɪɭɩɩɢɪɨɜɤɢ ɨɛɴɟɤɬɨɜ ɜ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɰɟɥɹɯ. Ɉɧɢ ɦɨɝɭɬ ɞɟɥɟɝɢɪɨɜɚɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɚɜɚ ɢ ɭɩɪɚɜɥɹɬɶ ɝɪɭɩɩɨɣ ɨɛɴɟɤɬɨɜ ɤɚɤ ɨɬɞɟɥɶɧɵɦ ɩɨɞɪɚɡɞɟɥɟɧɢɟɦ.
Ɉɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɩɪɚɜ. ɇɚɩɪɢɦɟɪ, ɩɨɥɶɡɨɜɚɬɟɥɸ ɦɨɝɭɬ ɛɵɬɶ ɞɚɧɵ ɩɪɚɜɚ ɧɚ ɜɵɩɨɥɧɟɧɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ ɜ ɨɩɪɟɞɟɥɟɧɧɨɣ OU. ɗɬɨ ɦɨɝɭɬ ɛɵɬɶ ɩɪɚɜɚ ɜɵɫɨɤɨɝɨ ɭɪɨɜɧɹ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢɦɟɟɬ ɩɨɥɧɵɣ ɤɨɧɬɪɨɥɶ ɧɚɞ ɩɨɞɪɚɡɞɟɥɟɧɢɟɦ, ɢɥɢ ɨɱɟɧɶ ɨɝɪɚɧɢɱɟɧɧɵɟ ɢ ɫɩɟɰɢɮɢɱɟɫɤɢɟ (ɧɚɩɪɢɦɟɪ, ɬɨɥɶɤɨ ɜɨɡɦɨɠɧɨɫɬɶ ɫɛɪɚɫɵɜɚɧɢɹ ɩɚɪɨɥɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɷɬɨɦ ɩɨɞɪɚɡɞɟɥɟɧɢɢ). ɉɨɥɶɡɨɜɚɬɟɥɶ, ɤɨɬɨɪɵɣ ɢɦɟɟɬ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɚɜɚ ɧɚ ɞɨɫɬɭɩ ɤ ɨɪɝɚɧɢɡɚɰɢɨɧɧɨɣ ɟɞɢɧɢɰɟ, ɩɨ ɭɦɨɥɱɚɧɢɸ ɧɟ ɢɦɟɟɬ ɧɢɤɚɤɢɯ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɩɪɚɜ ɜɧɟ OU. Ɉɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ ɢɦɟɸɬ ɝɢɛɤɭɸ ɫɬɪɭɤɬɭɪɭ ɧɚɡɧɚɱɟɧɢɹ ɩɪɚɜ ɧɚ ɞɨɫɬɭɩ ɤ ɨɛɴɟɤɬɚɦ ɜɧɭɬɪɢ OU. ȼɨ ɦɧɨɝɢɯ ɞɢɚɥɨɝɨɜɵɯ ɨɤɧɚɯ Windows ɢ ɜɨ ɜɤɥɚɞɤɚɯ Properties (ɋɜɨɣɫɬɜɚ) ɨɧɢ ɧɚɡɵɜɚɸɬɫɹ ɪɚɡɪɟɲɟɧɢɹɦɢ. ɋɚɦɚ ɨɪɝɚɧɢɡɚɰɢɨɧɧɚɹ ɟɞɢɧɢɰɚ OU ɢɦɟɟɬ ɫɩɢɫɨɤ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ (ACL — Access Control List), ɜ ɤɨɬɨɪɨɦ ɦɨɠɧɨ ɧɚɡɧɚɱɚɬɶ ɩɪɚɜɚ ɧɚ ɞɨɫɬɭɩ ɤ ɷɬɨɣ OU. Ʉɚɠɞɵɣ ɨɛɴɟɤɬ ɜ OU ɢ ɤɚɠɞɵɣ ɚɬɪɢɛɭɬ ɨɛɴɟɤɬɚ ɢɦɟɟɬ ACL-ɫɩɢɫɨɤ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɵ ɦɨɠɟɬɟ ɨɱɟɧɶ ɬɨɱɧɨ ɤɨɧɬɪɨɥɢɪɨɜɚɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɚɜɚ, ɞɚɧɧɵɟ ɤɨɦɭ-ɥɢɛɨ ɜ ɷɬɨɦ ɩɨɞɪɚɡɞɟɥɟɧɢɢ. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɞɚɬɶ ɝɪɭɩɩɟ Help Desk (ɋɩɪɚɜɨɱɧɚɹ) ɩɪɚɜɨ ɢɡɦɟɧɹɬɶ ɩɚɪɨɥɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ OU, ɧɟ ɢɡɦɟɧɹɹ ɥɸɛɵɟ ɞɪɭɝɢɟ ɫɜɨɣɫɬɜɚ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɇɨɠɧɨ ɞɚɬɶ ɨɬɞɟɥɭ Human Resources (Ɉɬɞɟɥ ɤɚɞɪɨɜ) ɩɪɚɜɨ ɢɡɦɟɧɹɬɶ ɥɢɱɧɭɸ ɢɧɮɨɪɦɚɰɢɸ, ɤɚɫɚɸɳɭɸɫɹ ɥɸɛɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɥɸɛɨɦ OU, ɧɨ ɧɟ ɞɚɜɚɬɶ ɢɦ ɧɢɤɚɤɢɯ ɩɪɚɜ ɧɚ ɞɪɭɝɢɟ ɨɛɴɟɤɬɵ.
Ɉɞɧɨɣ ɢɡ ɮɭɧɤɰɢɣ OU ɹɜɥɹɟɬɫɹ ɨɛɴɟɞɢɧɟɧɢɟ ɨɛɴɟɤɬɨɜ ɜ ɝɪɭɩɩɵ ɬɚɤ, ɱɬɨɛɵ ɷɬɢɦɢ ɨɛɴɟɤɬɚɦɢ ɦɨɠɧɨ ɛɵɥɨ ɨɞɢɧɚɤɨɜɨ ɭɩɪɚɜɥɹɬɶ. ȿɫɥɢ ɜɵ ɯɨɬɢɬɟ ɨɞɢɧɚɤɨɜɨ ɭɩɪɚɜɥɹɬɶ ɜɫɟɦɢ ɤɨɦɩɶɸɬɟɪɚɦɢ ɜ ɨɬɞɟɥɟ (ɧɚɩɪɢɦɟɪ, ɜɜɨɞɹ ɨɝɪɚɧɢɱɟɧɢɹ ɧɚ ɬɨ, ɤɚɤɢɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɢɦɟɸɬ ɩɪɚɜɨ ɜɯɨɞɚ ɜ ɨɩɟɪɚɰɢɨɧɧɭɸ ɫɢɫɬɟɦɭ), ɜɵ ɦɨɠɟɬɟ ɫɝɪɭɩɩɢɪɨɜɚɬɶ ɤɨɦɩɶɸɬɟɪɵ ɜ OU ɢ ɭɫɬɚɧɨɜɢɬɶ ɪɚɡɪɟɲɟɧɢɟ Logon Locally (Ʌɨɤɚɥɶɧɵɣ ɜɯɨɞ ɜ ɫɢɫɬɟɦɭ) ɧɚ ɭɪɨɜɧɟ OU. ɗɬɨ ɪɚɡɪɟɲɟɧɢɟ ɛɭɞɟɬ ɭɫɬɚɧɨɜɥɟɧɨ ɞɥɹ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɨɜ ɜ ɞɚɧɧɨɣ OU. Ⱦɪɭɝɢɦ ɩɪɢɦɟɪɨɦ ɝɪɭɩɩɢɪɨɜɤɢ ɨɛɴɟɤɬɨɜ ɜ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɰɟɥɹɯ ɹɜɥɹɟɬɫɹ ɫɢɬɭɚɰɢɹ, ɤɨɝɞɚ ɫɨɜɨɤɭɩɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɧɭɠɞɚɟɬɫɹ ɜ ɨɞɢɧɚɤɨɜɨɣ ɫɬɚɧɞɚɪɬɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ ɤɨɦɩɶɸɬɟɪɚ ɢ ɨɞɢɧɚɤɨɜɨɦ ɧɚɛɨɪɟ ɩɪɢɥɨɠɟɧɢɣ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɨɛɴɟɞɢɧɹɸɬɫɹ ɜ ɨɞɧɭ OU, ɢ ɢɫɩɨɥɶɡɭɟɬɫɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ (group policy) ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ ɢ ɭɩɪɚɜɥɟɧɢɹ ɢɧɫɬɚɥɥɹɰɢɟɣ ɩɪɢɥɨɠɟɧɢɣ. ȼ ɦɧɨɝɢɯ ɫɥɭɱɚɹɯ ɨɛɴɟɤɬɵ ɜ OU ɛɭɞɭɬ ɭɩɪɚɜɥɹɬɶɫɹ ɱɟɪɟɡ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ. Group Policy Object Editor (Ɋɟɞɚɤɬɨɪ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ) ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɢɧɫɬɪɭɦɟɧɬ, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɪɚɛɨɱɟɣ ɫɪɟɞɨɣ ɤɚɠɞɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɛɥɨɤɢɪɨɜɤɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɪɚɛɨɱɢɯ ɫɬɨɥɨɜ, ɞɥɹ ɩɪɢɞɚɧɢɹ ɢɦ ɫɬɚɧɞɚɪɬɧɨɝɨ ɜɢɞɚ, ɨɛɟɫɩɟɱɟɧɢɹ ɫɰɟɧɚɪɢɟɜ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɢ ɜɵɯɨɞɚ ɢɡ ɧɟɟ, ɩɟɪɟɧɚɩɪɚɜɥɟɧɢɹ ɩɚɩɨɤ. ȼ ɬɚɛɥɢɰɟ 2-3 ɞɚɟɬɫɹ ɤɪɚɬɤɢɣ ɫɩɢɫɨɤ ɬɢɩɨɜ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ, ɞɨɫɬɭɩɧɵɯ ɜ ɪɟɞɚɤɬɨɪɟ Group Policy Object Editor.
. 2-3.
Ɍɢɩɵ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ
ɉɨɹɫɧɟɧɢɟ
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɚɪɚɦɟɬɪɚɦɢ, ɫɜɹɡɚɧɧɵɦɢ ɫ ɫɢɫɬɟɦɧɵɦ ɪɟɟɫɬɪɨɦ, ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɩɪɢɥɨɠɟɧɢɣ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ, ɜɤɥɸɱɚɹ ɞɨɫɬɭɩ ɤ ɤɨɦɩɨɧɟɧɬɚɦ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ, ɤ ɩɚɧɟɥɢ ɭɩɪɚɜɥɟɧɢɹ ɢ ɤɨɧɮɢɝɭɪɚɰɢɸ ɚɜɬɨɧɨɦɧɵɯ ɮɚɣɥɨɜ. Security ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɥɨɤɚɥɶɧɵɦ (Ȼɟɡɨɩɚɫɧɨɫɬɶ) ɤɨɦɩɶɸɬɟɪɨɦ, ɞɨɦɟɧɨɦ ɢ ɩɚɪɚɦɟɬɪɚɦɢ ɧɚɫɬɪɨɣɤɢ ɫɟɬɟɜɨɣ ɡɚɳɢɬɵ, ɜɤɥɸɱɚɹ ɭɩɪɚɜɥɟɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦ ɞɨɫɬɭɩɨɦ ɤ ɫɟɬɢ, ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɩɨɥɢɬɢɤ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɢ ɭɩɪɚɜɥɟɧɢɟ ɩɪɚɜɚɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Software installation ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ (ɍɫɬɚɧɨɜɤɚ ɭɫɬɚɧɨɜɤɨɣ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ) Scripts (ɋɰɟɧɚɪɢɢ) ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɫɰɟɧɚɪɢɟɜ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɜɵɩɨɥɧɹɬɶɫɹ ɩɪɢ ɡɚɩɭɫɤɟ ɢɥɢ ɜɵɤɥɸɱɟɧɢɢ ɤɨɦɩɶɸɬɟɪɚ, ɩɪɢ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɢɫɬɟɦɭ ɢ ɜɵɯɨɞɟ ɢɡ ɧɟɟ. Folder redirection ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɯɪɚɧɟɧɢɹ ɧɟɤɨɬɨɪɵɯ ɩɚɩɨɤ (ɉɟɪɟɧɚɩɪɚɜɥɟɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɩɪɨɮɢɥɹ ɧɚ ɫɟɬɟɜɨɦ ɫɟɪɜɟɪɟ. ɩɚɩɤɢ) ɉɚɩɤɢ My Documents (Ɇɨɢ ɞɨɤɭɦɟɧɬɵ) ɜɵɝɥɹɞɹɬ ɬɚɤ, ɛɭɞɬɨ ɨɧɢ ɯɪɚɧɹɬɫɹ ɥɨɤɚɥɶɧɨ, ɧɨ ɮɚɤɬɢɱɟɫɤɢ ɨɧɢ ɯɪɚɧɹɬɫɹ ɧɚ ɫɟɪɜɟɪɟ, ɝɞɟ ɤ ɧɢɦ ɦɨɠɧɨ ɨɛɪɚɳɚɬɶɫɹ ɫ ɥɸɛɨɝɨ ɤɨɦɩɶɸɬɟɪɚ ɜ ɫɟɬɢ. Administrative templates (Ⱥɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɲɚɛɥɨɧɵ)
Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɱɚɳɟ ɧɚɡɧɚɱɚɸɬɫɹ ɧɚ ɭɪɨɜɧɟ OU. ɗɬɨ ɨɛɥɟɝɱɚɟɬ ɡɚɞɚɱɭ ɭɩɪɚɜɥɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ, ɬɚɤ ɤɚɤ ɦɨɠɧɨ ɧɚɡɧɚɱɢɬɶ ɨɞɢɧ ɨɛɴɟɤɬ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ (GPO — Group Policy Object), ɧɚɩɪɢɦɟɪ, ɩɨɥɢɬɢɤɭ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɨɪɝɚɧɢɡɚɰɢɨɧɧɨɣ ɟɞɢɧɢɰɟ, ɤɨɬɨɪɚɹ ɡɚɬɟɦ ɪɚɫɩɪɨɫɬɪɚɧɢɬɫɹ ɧɚ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɥɢ ɤɨɦɩɶɸɬɟɪɵ ɜ OU. ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. Ɉɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ ɧɟ ɹɜɥɹɸɬɫɹ ɭɱɚɫɬɧɢɤɚɦɢ ɛɟɡɨɩɚɫɧɨɫɬɢ. ɂɯ ɧɟɥɶɡɹ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɪɟɫɭɪɫ ɬɚɤ, ɱɬɨɛɵ ɡɚɬɟɦ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜɫɟɣ OU ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɧɚɫɥɟɞɨɜɚɥɢ ɷɬɢ ɪɚɡɪɟɲɟɧɢɹ. OU ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɰɟɥɟɣ. Ⱦɥɹ ɩɪɟɞɨɫɬɚɜɥɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ ɧɟɨɛɯɨɞɢɦɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɵ.
ȼ ɷɬɨɣ ɝɥɚɜɟ ɜɵ ɪɚɫɫɦɨɬɪɟɥɢ ɨɫɧɨɜɧɵɟ ɮɢɡɢɱɟɫɤɢɟ ɢ ɥɨɝɢɱɟɫɤɢɟ ɤɨɦɩɨɧɟɧɬɵ ɫɥɭɠɛɵ Active Directory Windows Server 2003. ȼɚɥɟɧɨ ɢɦɟɬɶ ɩɪɟɞɫɬɚɜɥɟɧɢɟ ɨ ɮɢɡɢɱɟɫɤɢɯ ɤɨɦɩɨɧɟɧɬɚɯ, ɨɫɨɛɟɧɧɨ ɭɩɪɚɜɥɹɹ ɛɚɡɚɦɢ ɞɚɧɧɵɯ ɢ ɫɯɟɦɨɣ, ɪɚɡɦɟɳɚɹ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. ɇɨ ɜɫɟ-ɬɚɤɢ ɛɨɥɶɲɚɹ ɱɚɫɬɶ ɪɚɛɨɬɵ ɜ Active Directory ɛɭɞɟɬ ɫɜɹɡɚɧɚ ɫ ɥɨɝɢɱɟɫɤɢɦɢ ɤɨɦɩɨɧɟɧɬɚɦɢ. Ⱦɚɥɟɟ ɜɵ ɩɨɡɧɚɤɨɦɢɬɟɫɶ ɫ ɥɨɝɢɱɟɫɤɨɣ ɫɬɪɭɤɬɭɪɨɣ ɫɥɭɠɛɵ Active Directory.
3. Active Directory ɋɥɭɠɛɚ ɤɚɬɚɥɨɝɚ Active Directory Microsoft Windows Server 2003 ɩɪɢ ɩɨɢɫɤɟ ɪɟɫɭɪɫɨɜ ɜ ɫɟɬɢ ɩɨɥɧɨɫɬɶɸ ɩɨɥɚɝɚɟɬɫɹ ɧɚ ɞɨɦɟɧɧɭɸ ɫɢɫɬɟɦɭ ɢɦɟɧ (DNS). Ȼɟɡ ɧɚɞɟɠɧɨɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ DNS ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɫɟɬɢ ɧɟ ɫɦɨɝɭɬ ɞɟɥɚɬɶ ɪɟɩɥɢɤɢ ɞɪɭɝ ɫ ɞɪɭɝɚ, ɤɥɢɟɧɬɵ Microsoft Windows 2000 ɢ Microsoft Windows XP Professional ɧɟ ɫɦɨɝɭɬ ɜɯɨɞɢɬɶ ɜ ɫɟɬɶ, ɚ ɫɟɪɜɟɪɵ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɟɬɫɹ ɩɪɢɥɨɠɟɧɢɟ Microsoft Exchange Server 2000, ɧɟ ɫɦɨɝɭɬ ɩɨɫɵɥɚɬɶ ɷɥɟɤɬɪɨɧɧɭɸ ɩɨɱɬɭ. ɉɨ ɫɭɳɟɫɬɜɭ, ɟɫɥɢ ɜɚɲɚ ɪɟɚɥɢɡɚɰɢɹ ɫɥɭɠɛɵ DNS ɧɟɫɬɚɛɢɥɶɧɚ, ɬɨ ɫɟɬɶ Windows Server 2003 ɧɟ ɛɭɞɟɬ ɪɚɛɨɬɚɬɶ. ɗɬɨ ɡɧɚɱɢɬ, ɱɬɨ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɫɪɟɞɨɣ Active Directory ɜɵ ɞɨɥɠɧɵ ɢɦɟɬɶ ɝɥɭɛɨɤɨɟ ɡɧɚɧɢɟ ɤɨɧɰɟɩɰɢɣ DNS ɢ ɟɟ ɪɟɚɥɢɡɚɰɢɢ ɜ Windows Server 2003. Ⱦɚɧɧɚɹ ɝɥɚɜɚ ɧɚɱɢɧɚɟɬɫɹ ɫ ɤɪɚɬɤɨɝɨ ɨɛɡɨɪɚ DNS ɤɚɤ ɫɥɭɠɛɵ. Ⱦɚɥɟɟ ɩɨɞɪɨɛɧɨ ɪɚɫɫɤɚɡɵɜɚɟɬɫɹ, ɩɨɱɟɦɭ Active Directory ɡɚɜɢɫɢɬ ɨɬ DNS, ɢ ɤɚɤ ɪɚɛɨɬɚɟɬ ɩɪɨɰɟɫɫ ɪɚɡɪɟɲɟɧɢɹ ɢɦɟɧ. Ɂɚɬɟɦ ɪɟɱɶ ɢɞɟɬ ɨ ɫɥɭɠɛɟ DNS ɜ ɫɢɫɬɟɦɚɯ Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition. ȼ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɟ Windows Server 2003 ɞɨɦɟɧɧɚɹ ɫɢɫɬɟɦɚ ɢɦɟɧ ɢɦɟɟɬ ɫɜɨɣɫɬɜɚ, ɤɨɬɨɪɵɟ ɞɟɥɚɸɬ ɜɟɫɶɦɚ ɩɪɢɜɥɟɤɚɬɟɥɶɧɵɦ ɪɚɡɜɟɪɬɵɜɚɧɢɟ Active Directory. . Windows Server 2003, Web Edition Active Directory.
DNS
DNS ɹɜɥɹɟɬɫɹ ɫɥɭɠɛɨɣ ɪɚɡɪɟɲɟɧɢɹ ɢɦɟɧ. ȿɫɥɢ ɜɵ ɩɵɬɚɟɬɟɫɶ ɧɚɣɬɢ ɫɟɪɜɟɪ ɜ ɢɧɬɟɪɧɟɬɟ, ɛɨɥɟɟ ɜɟɪɨɹɬɧɨ, ɱɬɨ ɜɵ ɩɨɦɧɢɬɟ ɟɝɨ ɢɦɹ, ɧɚɩɪɢɦɟɪ, www.microsoft.com, ɱɟɦ IP-ɚɞɪɟɫ, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɜɵɝɥɹɞɟɬɶ ɤɚɤ 207.46.230.219. Ɉɞɧɚɤɨ ɜɚɲɟɦɭ ɤɨɦɩɶɸɬɟɪɭ ɞɥɹ ɫɨɟɞɢɧɟɧɢɹ ɫ Web-ɫɚɣɬɨɦ Microsoft ɬɪɟɛɭɟɬɫɹ ɡɧɚɬɶ ɟɝɨ IP-ɚɞɪɟɫ. ɋɥɭɠɛɚ DNS ɜɵɩɨɥɧɹɟɬ ɷɬɨɬ ɩɟɪɟɜɨɞ. ȼɵ ɫɨɨɛɳɚɟɬɟ ɫɜɨɟɦɭ ɛɪɚɭɡɟɪɭ ɢɦɹ ɤɨɦɩɶɸɬɟɪɚ, ɫ ɤɨɬɨɪɵɦ ɜɵ ɯɨɬɟɥɢ ɛɵ ɫɨɟɞɢɧɢɬɶɫɹ, a DNS ɩɪɟɜɪɚɳɚɟɬ ɷɬɨ ɢɦɹ ɜ ɩɪɚɜɢɥɶɧɵɣ IP-ɚɞɪɟɫ. ɉɪɢɦɟɱɚɧɢɟ. ɉɨɫɤɨɥɶɤɭ ɞɨɦɟɧɧɚɹ ɫɢɫɬɟɦɚ ɢɦɟɧ ɜɚɠɧɚ ɞɥɹ ɪɚɛɨɬɵ Active Directory, ɜɵ ɞɨɥɠɧɵ ɨɡɧɚɤɨɦɢɬɶɫɹ ɫ ɤɨɧɰɟɩɰɢɹɦɢ ɫɥɭɠɛɵ DNS ɢ ɡɧɚɬɶ, ɤɚɤ ɨɧɚ ɪɟɚɥɢɡɨɜɚɧɚ. ȿɫɥɢ ɜɵ ɧɟ ɡɧɚɤɨɦɵ ɫ DNS, ɜɚɦ ɫɥɟɞɭɟɬ ɩɪɨɫɦɨɬɪɟɬɶ ɧɟɤɨɬɨɪɵɟ ɪɟɫɭɪɫɵ, ɢɦɟɸɳɢɟɫɹ ɧɚ ɜɟɛ-ɫɚɣɬɟ Microsoft ɩɨ ɚɞɪɟɫɭ http://msdn.microsoft.com/ library/en-us /dns/dns_concepts. asp.
DNS ɢɫɩɨɥɶɡɭɟɬ ɢɟɪɚɪɯɢɱɟɫɤɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ ɞɥɹ ɩɨɢɫɤɚ ɤɨɦɩɶɸɬɟɪɨɜ. ɇɚ ɪɢɫɭɧɤɟ 3-1 ɩɨɤɚɡɚɧ ɩɪɢɦɟɪ ɨɪɝɚɧɢɡɚɰɢɢ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ. Ʉɨɪɧɟɜɨɣ ɞɨɦɟɧ ɨɛɨɡɧɚɱɚɟɬɫɹ ɬɨɱɤɨɣ («.»). Ɉɧ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɜɟɪɯɧɢɣ ɭɪɨɜɟɧɶ DNS, ɨɫɬɚɥɶɧɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ ɪɚɫɩɨɥɚɝɚɟɬɫɹ ɧɢɠɟ. ɇɚ ɫɥɟɞɭɸɳɟɦ ɭɪɨɜɧɟ ɩɨɞ ɤɨɪɧɟɜɵɦ ɞɨɦɟɧɨɦ ɪɚɫɩɨɥɚɝɚɸɬɫɹ ɞɨɦɟɧɵ ɩɟɪɜɨɝɨ ɭɪɨɜɧɹ, ɜɤɥɸɱɚɹ ɫɟɦɶ ɨɫɧɨɜɧɵɯ (generic) ɞɨɦɟɧɧɵɯ ɢɦɟɧ (com, edu, mil, net, org), ɨɤɨɥɨ ɞɜɭɯɫɨɬ ɫɨɤɪɚɳɟɧɢɣ ɧɚɡɜɚɧɢɣ ɫɬɪɚɧ (ɫɚ, uk, fr, br), ɫɟɦɶ ɧɨɜɵɯ ɞɨɦɟɧɨɜ (biz, info, pro ɢ ɬ.ɞ.), ɤɨɬɨɪɵɟ ɛɵɥɢ ɜɜɟɞɟɧɵ ɜ 2001 ɝɨɞɭ.
. 3-1.
DNS
ɉɨɞ ɞɨɦɟɧɚɦɢ ɜɟɪɯɧɟɝɨ ɭɪɨɜɧɹ ɪɚɫɩɨɥɨɠɟɧɵ ɞɨɦɟɧɵ ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ, ɤɨɬɨɪɵɟ ɨɛɵɱɧɨ ɨɬɧɨɫɹɬɫɹ ɤ ɧɚɡɜɚɧɢɹɦ ɤɨɦɩɚɧɢɣ ɢ ɞɨɥɠɧɵ ɛɵɬɶ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɵ ɜɥɚɫɬɹɦɢ ɢɧɬɟɪɧɟɬɚ. ɇɢɠɟ ɞɨɦɟɧɨɜ ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ ɪɚɫɩɨɥɚɝɚɸɬɫɹ ɩɨɞɞɨɦɟɧɵ. ɉɨɞɞɨɦɟɧɵ ɨɛɵɱɧɨ ɨɬɧɨɫɹɬɫɹ ɤ ɨɬɞɟɥɚɦ ɢɥɢ ɩɨɞɪɚɡɞɟɥɟɧɢɹɦ ɜ ɩɪɟɞɟɥɚɯ ɤɨɦɩɚɧɢɢ. ɗɬɢ ɩɨɞɞɨɦɟɧɵ ɪɟɝɢɫɬɪɢɪɭɸɬɫɹ ɢ ɭɩɪɚɜɥɹɸɬɫɹ ɫ DNSɫɟɪɜɟɪɨɜ, ɤɨɬɨɪɵɟ ɫɨɞɟɪɠɚɬ ɢɧɮɨɪɦɚɰɢɸ ɨ ɞɨɦɟɧɚɯ ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ. Ⱦɪɭɝɢɦ ɫɩɨɫɨɛɨɦ ɩɪɟɞɫɬɚɜɥɟɧɢɹ ɢɟɪɚɪɯɢɱɟɫɤɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɹɜɥɹɟɬɫɹ ɩɨɥɧɨɫɬɶɸ ɨɩɪɟɞɟɥɟɧɧɨɟ ɢɦɹ ɞɨɦɟɧɚ (FQDN — Fully Qualified Domain Name), ɧɚɩɪɢɦɟɪ, www.NAmerica.Contoso.com. FQDN ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɩɨɥɧɨɟ ɢɦɹ, ɤɨɬɨɪɨɟ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɢɞɟɧɬɢɮɢɤɚɰɢɢ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɤɨɦɩɶɸɬɟɪɚ ɜ ɩɪɟɞɟɥɚɯ ɜɫɟɝɨ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ DNS. ɑɬɨɛɵ ɩɨɧɹɬɶ, ɤɚɤ FQDN ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ ɤɨɦɩɶɸɬɟɪ ɜ ɩɪɨɫɬɪɚɧɫɬɜɟ ɢɦɟɧ DNS, ɩɪɨɱɬɢɬɟ ɟɝɨ ɫɩɪɚɜɚ ɧɚɥɟɜɨ. ɋɩɪɚɜɚ ɧɚɯɨɞɢɬɫɹ ɬɨɱɤɚ («.»), ɤɨɬɨɪɚɹ ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ, ɨɧɚ ɩɪɟɞɲɟɫɬɜɭɟɬ ɢɦɟɧɢ ɞɨɦɟɧɚ ɩɟɪɜɨɝɨ ɭɪɨɜɧɹ. Ɂɚ ɧɟɣ ɫɥɟɞɭɸɬ ɞɨɦɟɧ com ɩɟɪɜɨɝɨ ɭɪɨɜɧɹ, ɞɨɦɟɧ Contoso ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ ɢ ɩɨɞɞɨɦɟɧ NAmerica. ɋɥɟɜɚ ɜ ɢɦɟɧɢ FQDN ɧɚɯɨɞɢɬɫɹ www - ɢɦɹ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɤɨɦɩɶɸɬɟɪɚ.
ɉɨɫɤɨɥɶɤɭ DNS ɢɫɩɨɥɶɡɭɟɬ ɢɟɪɚɪɯɢɱɟɫɤɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ, ɬɨ ɞɨɫɬɚɬɨɱɧɨ ɩɪɨɫɬɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɟɝɨ ɤɚɤ . ɉɪɟɠɞɟ ɱɟɦ ɜ ɢɧɬɟɪɧɟɬɟ ɛɵɥɚ ɪɟɚɥɢɡɨɜɚɧɚ ɞɨɦɟɧɧɚɹ ɫɢɫɬɟɦɚ ɢɦɟɧ, ɜɫɹ ɢɧɮɨɪɦɚɰɢɹ, ɧɟɨɛɯɨɞɢɦɚɹ ɞɥɹ ɪɚɡɪɟɲɟɧɢɹ ɢɦɟɧ, ɯɪɚɧɢɥɚɫɶ ɜ ɟɞɢɧɫɬɜɟɧɧɨɦ ɮɚɣɥɟ. ɉɨɫɤɨɥɶɤɭ ɤɨɥɢɱɟɫɬɜɨ ɯɨɫɬɨɜ ɜ ɢɧɬɟɪɧɟɬɟ ɭɜɟɥɢɱɢɥɨɫɶ ɞɨ ɫɨɬɟɧ ɬɵɫɹɱ ɤɨɦɩɶɸɬɟɪɨɜ, ɬɨ ɭɩɪɚɜɥɟɧɢɟ ɨɞɧɢɦ ɮɚɣɥɨɦ ɫɬɚɥɨ ɧɟɩɪɚɤɬɢɱɧɵɦ. Ȼɵɥɚ ɪɚɡɪɚɛɨɬɚɧɚ ɫɢɫɬɟɦɚ DNS, ɢɫɩɨɥɶɡɭɸɳɚɹ ɪɚɫɩɪɟɞɟɥɟɧɧɭɸ ɛɚɡɭ ɞɚɧɧɵɯ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɪɚɫɩɪɟɞɟɥɟɧɧɨɣ ɛɚɡɵ ɞɚɧɧɵɯ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɢɧɮɨɪɦɚɰɢɹ DNS ɯɪɚɧɢɬɫɹ ɧɚ ɦɧɨɝɢɯ ɤɨɦɩɶɸɬɟɪɚɯ ɜɨ ɜɫɟɦ ɦɢɪɟ (ɜ ɫɥɭɱɚɟ ɢɧɬɟɪɧɟɬɚ) ɢ ɩɨɜɫɸɞɭ ɜ ɜɚɲɟɣ ɫɟɬɢ (ɜ ɫɥɭɱɚɟ ɜɧɭɬɪɟɧɧɟɣ ɫɟɬɢ). Ʉɚɠɞɵɣ DNS-ɫɟɪɜɟɪ ɨɛɫɥɭɠɢɜɚɟɬ ɬɨɥɶɤɨ ɨɞɧɭ ɦɚɥɟɧɶɤɭɸ ɱɚɫɬɶ ɛɚɡɵ ɞɚɧɧɵɯ DNS. ȼɫɹ ɛɚɡɚ ɞɚɧɧɵɯ ɪɚɡɞɟɥɟɧɚ ɧɚ ɡɨɧɧɵɟ ɮɚɣɥɵ ɧɚ ɨɫɧɨɜɟ ɢɦɟɧ ɞɨɦɟɧɨɜ. Ɂɨɧɧɵɟ ɮɚɣɥɵ ɪɚɫɩɪɟɞɟɥɟɧɵ ɦɟɠɞɭ ɧɟɫɤɨɥɶɤɢɦɢ ɫɟɪɜɟɪɚɦɢ. Ʉ ɩɪɢɦɟɪɭ, ɫɭɳɟɫɬɜɭɟɬ ɨɤɨɥɨ ɞɸɠɢɧɵ ɫɟɪɜɟɪɨɜ, ɤɨɬɨɪɵɟ ɫɨɞɟɪɠɚɬ ɡɨɧɧɵɟ ɮɚɣɥɵ ɞɥɹ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ. Ɉɧɢ ɯɪɚɧɹɬ ɢɧɮɨɪɦɚɰɢɸ ɨ DNS-cep-ɜɟɪɚɯ, ɤɨɬɨɪɵɟ ɧɟɫɭɬ ɡɨɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɞɥɹ ɞɨɦɟɧɨɜ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ. Ʉɨɪɧɟɜɵɟ ɫɟɪɜɟɪɵ ɧɟ ɫɨɞɟɪɠɚɬ ɜɫɸ ɢɧɮɨɪɦɚɰɢɸ ɨ ɞɨɦɟɧɚɯ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ, ɧɨ ɨɧɢ ɡɧɚɸɬ, ɤɚɤɢɟ ɫɟɪɜɟɪɵ ɢɦɟɸɬ ɷɬɭ ɢɧɮɨɪɦɚɰɢɸ. DNS-ɫɟɪɜɟɪɵ, ɯɪɚɧɹɳɢɟ ɢɧɮɨɪɦɚɰɢɸ ɨ ɞɨɦɟɧɚɯ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ, ɫɨɞɟɪɠɚɬ ɬɚɤɠɟ ɢɧɮɨɪɦɚɰɢɸ ɨ ɬɨɦ, ɧɚ ɤɚɤɢɯ ɫɟɪɜɟɪɚɯ ɧɚɯɨɞɹɬɫɹ ɡɨɧɧɵɟ ɮɚɣɥɵ ɞɥɹ ɞɨɦɟɧɨɜ ɫɥɟɞɭɸɳɟɝɨ ɭɪɨɜɧɹ. ɇɚɩɪɢɦɟɪ, ɫɟɪɜɟɪ ɦɨɠɟɬ ɫɨɞɟɪɠɚɬɶ ɡɨɧɧɵɟ ɮɚɣɥɵ ɞɥɹ ɞɨɦɟɧɚ , ɬ.ɟ. ɷɬɨɬ ɫɟɪɜɟɪ ɡɧɚɟɬ ɨɛɨ ɜɫɟɯ ɞɨɦɟɧɚɯ ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ, ɤɨɬɨɪɵɟ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɵ ɫ ɞɨɦɟɧɨɦ , ɧɨ ɨɧ ɦɨɠɟɬ ɧɟ ɡɧɚɬɶ ɨɬɞɟɥɶɧɵɟ ɞɟɬɚɥɢ ɨ ɞɨɦɟɧɟ ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ. ɋɟɪɜɟɪ ɞɨɦɟɧɚ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ ɡɧɚɟɬ, ɤɚɤɨɣ ɤɨɦɩɶɸɬɟɪ ɧɚ ɫɥɟɞɭɸɳɟɦ ɭɪɨɜɧɟ ɫɨɞɟɪɠɢɬ ɞɟɬɚɥɢ, ɤɚɫɚɸɳɢɟɫɹ ɞɨɦɟɧɚ ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ, ɢ ɬɚɤ ɩɪɨɞɨɥɠɚɟɬɫɹ ɞɨ ɫɚɦɨɝɨ ɧɢɡɚ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ DNS. ɋɟɪɜɟɪ, ɨɬɜɟɬɫɬɜɟɧɧɵɣ ɡɚ ɞɨɦɟɧ com, ɦɨɠɟɬ ɢɦɟɬɶ ɞɨɦɟɧ Contoso, ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɵɣ ɤɚɤ ɞɨɦɟɧ ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ. ɗɬɨɬ ɫɟɪɜɟɪ ɦɨɠɟɬ ɩɟɪɟɞɚɜɚɬɶ ɥɸɛɵɟ ɡɚɩɪɨɫɵ ɧɚ ɢɧɮɨɪɦɚɰɢɸ ɨ ɞɨɦɟɧɟ Contoso ɧɚ ɫɟɪɜɟɪ, ɤɨɬɨɪɵɣ ɫɨɞɟɪɠɢɬ ɡɨɧɧɵɟ ɮɚɣɥɵ ɞɥɹ Contoso.com. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɦɟɬɨɞɚ ɪɚɫɩɪɟɞɟɥɟɧɧɨɣ ɛɚɡɵ ɞɚɧɧɵɯ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɧɢɤɚɤɨɦɭ ɫɟɪɜɟɪɭ ɜ ɢɧɬɟɪɧɟɬɟ ɧɟ ɬɪɟɛɭɟɬɫɹ ɢɦɟɬɶ ɜɫɸ ɢɧɮɨɪɦɚɰɢɸ DNS. Ȼɨɥɶɲɢɧɫɬɜɨ ɫɟɪɜɟɪɨɜ ɯɪɚɧɹɬ ɢɧɮɨɪɦɚɰɢɸ ɨ ɧɟɤɨɬɨɪɨɣ ɱɚɫɬɢ ɞɟɪɟɜɚ, ɧɨ ɤɨɝɞɚ ɩɪɢɯɨɞɢɬ ɡɚɩɪɨɫ, ɤɨɬɨɪɵɣ ɨɧɢ ɧɟ ɦɨɝɭɬ ɜɵɩɨɥɧɢɬɶ, ɢɦ ɢɡɜɟɫɬɧɨ, ɤɚɤɨɣ DNS-ɫɟɪɜɟɪ ɯɪɚɧɢɬ ɧɟɨɛɯɨɞɢɦɭɸ ɢɧɮɨɪɦɚɰɢɸ. DNS-ɫɟɪɜɟɪɵ ɢɫɩɨɥɶɡɭɸɬ ɞɟɥɟɝɢɪɨɜɚɧɧɵɟ ɡɚɩɢɫɢ, ɪɟɬɪɚɧɫɥɹɬɨɪɵ (forwarders) ɢ ɤɨɪɧɟɜɵɟ ɫɫɵɥɤɢ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɬɨɝɨ, ɤɚɤɨɣ DNS-ɫɟɪɜɟɪ ɢɦɟɟɬ ɧɟɨɛɯɨɞɢɦɭɸ ɢɧɮɨɪɦɚɰɢɸ. ɗɬɢ ɬɟɦɵ ɛɭɞɭɬ ɨɛɫɭɠɞɚɬɶɫɹ ɞɚɥɟɟ ɜ ɝɥɚɜɟ.
ɂɟɪɚɪɯɢɱɟɫɤɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ DNS ɢ ɪɚɫɩɪɟɞɟɥɟɧɧɚɹ ɛɚɡɚ ɞɚɧɧɵɯ ɢɫɩɨɥɶɡɭɸɬɫɹ ɬɨɝɞɚ, ɤɨɝɞɚ ɤɥɢɟɧɬ ɩɪɨɛɭɟɬ ɧɚɣɬɢ IP-ɚɞɪɟɫ ɪɟɫɭɪɫɚ ɜ ɢɧɬɟɪɧɟɬɟ. ɂɫɩɨɥɶɡɭɹ ɩɪɢɦɟɪ ɢɡ ɩɪɟɞɵɞɭɳɟɝɨ ɪɚɡɞɟɥɚ (ɫɦ. ɪɢɫ. 3-1), ɩɪɟɞɩɨɥɨɠɢɦ, ɱɬɨ ɤɥɢɟɧɬ DNS (ɧɚɡɨɜɟɦ ɟɝɨ ɩɪɟɨɛɪɚɡɨɜɚɬɟɥɟɦ), ɪɚɫɩɨɥɨɠɟɧɧɵɣ ɜ ɤɚɤɨɣ-ɬɨ ɬɨɱɤɟ ɡɟɦɧɨɝɨ ɲɚɪɚ, ɯɨɱɟɬ ɫɨɟɞɢɧɢɬɶɫɹ ɫ ɜɟɛ-ɫɟɪɜɟɪɨɦ, ɢɦɟɸɳɢɦ ɚɞɪɟɫ www.NAmerica.Contoso.com. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ IP-ɚɞɪɟɫɚ ɜɵɩɨɥɧɹɸɬɫɹ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. Ʉɥɢɟɧɬ-ɩɪɟɨɛɪɚɡɨɜɚɬɟɥɶ ɩɨɫɵɥɚɟɬ ɪɟɤɭɪɫɢɜɧɵɣ ɡɚɩɪɨɫ ɨɛ IP-ɚɞɪɟɫɟ ɧɚ ɫɜɨɣ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɣ DNS-ɫɟɪɜɟɪ (ɨɛɵɱɧɨ ɷɬɨ DNS-ɫɟɪɜɟɪ ɩɪɨɜɚɣɞɟɪɚ ɫɥɭɠɛɵ
2.
3.
4.
5. 6. 7. 8.
ɢɧɬɟɪɧɟɬɚ). Ɋɟɤɭɪɫɢɜɧɵɣ ɡɚɩɪɨɫ ɦɨɠɟɬ ɢɦɟɬɶ ɬɨɥɶɤɨ ɞɜɚ ɜɨɡɦɨɠɧɵɯ ɨɬɜɟɬɚ: IP-ɚɞɪɟɫ, ɡɚɩɪɚɲɢɜɚɟɦɵɣ ɤɥɢɟɧɬɨɦ, ɢɥɢ ɫɨɨɛɳɟɧɢɟ ɨɛ ɨɲɢɛɤɚɯ, ɭɤɚɡɵɜɚɸɳɟɟ, ɱɬɨ ɢɧɮɨɪɦɚɰɢɹ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɧɚɣɞɟɧɚ. ȿɫɥɢ DNS-ɫɟɪɜɟɪ ɩɪɨɜɚɣɞɟɪɚ ɢɦɟɟɬ ɧɟɨɛɯɨɞɢɦɭɸ ɢɧɮɨɪɦɚɰɢɸ ɜ ɫɜɨɟɦ ɤɷɲɟ, ɬɨ ɨɧ ɜɨɡɜɪɚɳɚɟɬ IP-ɚɞɪɟɫ ɩɨɥɶɡɨɜɚɬɟɥɸ. ȿɫɥɢ ɧɭɠɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɧɟɬ, ɬɨ ɨɧ ɩɪɨɛɭɟɬ ɧɚɣɬɢ ɢɧɮɨɪɦɚɰɢɸ, ɩɨɫɵɥɚɹ ɢɬɟɪɚɰɢɨɧɧɵɣ ɡɚɩɪɨɫ ɧɚ ɞɪɭɝɨɣ ɫɟɪɜɟɪ. Ɉɬɜɟɬɨɦ ɧɚ ɢɬɟɪɚɰɢɨɧɧɵɣ ɡɚɩɪɨɫ ɦɨɠɟɬ ɛɵɬɶ ɢɥɢ ɪɚɡɪɟɲɟɧɧɨɟ ɢɦɹ, ɡɚɩɪɚɲɢɜɚɟɦɨɟ ɤɥɢɟɧɬɨɦ, ɢɥɢ ɩɟɪɟɚɞɪɟɫɚɰɢɹ ɧɚ ɞɪɭɝɨɣ DNS-ɫɟɪɜɟɪ, ɤɨɬɨɪɵɣ ɫɦɨɠɟɬ ɜɵɩɨɥɧɢɬɶ ɡɚɩɪɨɫ. ȼ ɧɚɲɟɦ ɩɪɢɦɟɪɟ DNS-ɫɟɪɜɟɪ ɩɪɨɜɚɣɞɟɪɚ ɩɨɫɵɥɚɟɬ ɢɬɟɪɚɰɢɨɧɧɵɣ ɡɚɩɪɨɫ ɤɨɪɧɟɜɨɦɭ ɫɟɪɜɟɪɭ ɨɛ IP-ɚɞɪɟɫɟ, ɤɨɬɨɪɵɣ ɫɨɨɬɜɟɬɫɬɜɭɟɬ www.NAmerica.Contoso.com. Ʉɨɪɧɟɜɨɣ ɫɟɪɜɟɪ ɧɟ ɦɨɠɟɬ ɨɬɜɟɬɢɬɶ ɧɚ ɡɚɩɪɨɫ, ɧɨ ɜ ɨɬɜɟɬ ɨɧ ɩɪɢɫɵɥɚɟɬ ɫɩɢɫɨɤ ɫɟɪɜɟɪɨɜ, ɨɬɜɟɬɫɬɜɟɧɧɵɯ ɡɚ ɞɨɦɟɧ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ . ɗɬɨɬ ɩɪɨɰɟɫɫ ɩɪɟɞɨɫɬɚɜɥɟɧɢɹ ɫɩɢɫɤɚ ɚɥɶɬɟɪɧɚɬɢɜɧɵɯ DNS-ɫɟɪɜɟɪɨɜ ɞɥɹ ɞɚɥɶɧɟɣɲɟɝɨ ɤɨɧɬɚɤɬɚ ɧɚɡɵɜɚɟɬɫɹ ɧɚɩɪɚɜɥɟɧɢɟɦ (referral). DNS-ɫɟɪɜɟɪ ɢɧɬɟɪɧɟɬ-ɩɪɨɜɚɣɞɟɪɚ ɩɨɫɵɥɚɟɬ ɢɬɟɪɚɰɢɨɧɧɵɣ ɡɚɩɪɨɫ ɨɞɧɨɦɭ ɢɡ ɷɬɢɯ ɫɟɪɜɟɪɨɜ ɫ ɩɪɨɫɶɛɨɣ ɨɛ IP-ɚɞɪɟɫɟ. ɋɟɪɜɟɪ ɞɚɟɬ ɜ ɨɬɜɟɬ ɫɩɢɫɨɤ ɫɟɪɜɟɪɨɜ, ɤɨɬɨɪɵɟ ɹɜɥɹɸɬɫɹ ɨɬɜɟɬɫɬɜɟɧɧɵɦɢ ɡɚ ɞɨɦɟɧ Contoso.com. Ⱦɚɥɟɟ DNS-ɫɟɪɜɟɪ ɩɪɨɜɚɣɞɟɪɚ ɩɨɫɵɥɚɟɬ ɡɚɩɪɨɫ DNS-ɫɟɪɜɟɪɭ Contoso.com, ɤɨɬɨɪɵɣ ɞɚɟɬ ɜ ɨɬɜɟɬ ɢɦɟɧɚ DNS-ɫɟɪɜɟɪɨɜ, ɭɩɪɚɜɥɹɸɳɢɯ ɞɨɦɟɧɨɦ NAmerica.Contoso.com. DNS-ɫɟɪɜɟɪ NAmerica.Contoso.com ɫɨɞɟɪɠɢɬ ɜɫɸ ɢɧɮɨɪɦɚɰɢɸ ɨɛ ɷɬɨɦ ɞɨɦɟɧɟ, ɢ ɨɧ ɩɨɫɵɥɚɟɬ DNS-ɫɟɪɜɟɪɭ ɩɪɨɜɚɣɞɟɪɚ IP-ɚɞɪɟɫ ɧɭɠɧɨɝɨ ɯɨɫɬɚ. DNS-ɫɟɪɜɟɪ ɩɪɨɜɚɣɞɟɪɚ ɨɬɜɟɱɚɟɬ ɧɚ ɪɟɤɭɪɫɢɜɧɵɣ ɡɚɩɪɨɫ, ɤɨɬɨɪɵɣ ɨɧ ɩɨɥɭɱɢɥ ɨɬ ɤɥɢɟɧɬɚɩɪɟɨɛɪɚɡɨɜɚɬɟɥɹ, ɢ ɩɨɫɵɥɚɟɬ IP-ɚɞɪɟɫ ɡɚɩɪɨɲɟɧɧɨɝɨ Web-ɫɟɪɜɟɪɚ. Ʉɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɫɨɟɞɢɧɹɟɬɫɹ ɫ www.NAmerica.Contoso.com. ɗɬɨɬ ɩɪɨɰɟɫɫ ɩɪɨɢɫɯɨɞɢɬ ɨɱɟɧɶ ɛɵɫɬɪɨ ɢ ɦɨɠɟɬ ɧɟ ɜɤɥɸɱɚɬɶ ɧɟɤɨɬɨɪɵɟ ɲɚɝɢ. Ʉɨɝɞɚ DNSɫɟɪɜɟɪ ɪɚɡɪɟɲɚɟɬ ɥɸɛɨɣ ɬɢɩ ɢɦɟɧɢ, ɨɧ ɫɨɯɪɚɧɹɟɬ ɷɬɭ ɢɧɮɨɪɦɚɰɢɸ ɜ ɤɷɲɟ ɜ ɬɟɱɟɧɢɟ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɩɟɪɢɨɞɚ. ȿɫɥɢ ɤɬɨ-ɬɨ ɢɫɤɚɥ ɷɬɨɬ ɠɟ ɫɚɣɬ ɪɚɧɶɲɟ ɜ ɷɬɨɬ ɞɟɧɶ ɢ DNS-ɫɟɪɜɟɪ ɩɪɨɜɚɣɞɟɪɚ ɪɚɡɪɟɲɢɥ ɷɬɨ ɢɦɹ, ɬɨ ɨɧ ɩɪɨɫɦɨɬɪɢɬ ɫɜɨɣ ɤɷɲ ɢ ɞɚɫɬ ɨɬɜɟɬ ɧɟɦɟɞɥɟɧɧɨ.
9. Ɍɟɤɭɳɢɟ ɡɚɩɢɫɢ, ɯɪɚɧɹɳɢɟɫɹ ɜ ɡɨɧɧɵɯ ɮɚɣɥɚɯ DNS, ɧɚɡɵɜɚɸɬɫɹ (RR — Resource Records). Ɂɚɩɢɫɢ ɪɟɫɭɪɫɨɜ ɫɨɞɟɪɠɚɬ ɬɟɤɭɳɭɸ ɢɧɮɨɪɦɚɰɢɸ ɨ ɞɨɦɟɧɟ. ȼɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɞɜɚɞɰɚɬɶ ɞɜɚ ɪɚɡɥɢɱɧɵɯ ɬɢɩɚ ɡɚɩɢɫɟɣ ɪɟɫɭɪɫɨɜ ɧɚ DNS-ɫɟɪɜɟɪɟ ɫɢɫɬɟɦɵ Windows Server 2003. ɇɚɢɛɨɥɟɟ ɪɚɫɩɪɨɫɬɪɚɧɟɧɧɵɟ ɡɚɩɢɫɢ ɪɟɫɭɪɫɨɜ ɩɟɪɟɱɢɫɥɟɧɵ ɜ ɬɚɛɥɢɰɟ 3-1. . 3-1. 2003
ɇɚɡɜɚɧɢɟ
Windows Server
ɉɨɹɫɧɟɧɢɟ
Start of Authority ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɨɫɧɨɜɧɨɣ ɫɟɪɜɟɪ ɢɦɟɧ ɞɥɹ (SOA) ɧɚɱɚɥɨ ɡɨɧɵ, ɭɫɬɚɧɚɜɥɢɜɚɟɬ ɩɚɪɚɦɟɬɪɵ, ɡɚɞɚɧɧɵɟ ɩɨ ɩɨɥɧɨɦɨɱɢɣ ɭɦɨɥɱɚɧɢɸ ɞɥɹ ɡɨɧɧɨɣ ɩɟɪɟɞɚɱɢ, ɩɚɪɚɦɟɬɪɵ ɞɥɢɬɟɥɶɧɨɫɬɢ ɯɪɚɧɟɧɢɹ ɡɨɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɢ ɜɪɟɦɹ ɠɢɡɧɢ (TTL — Time to Live) (ɫɦ. ɪɢɫ. 3-2). Host (A) - ɯɨɫɬ ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ IP-ɚɞɪɟɫ ɞɥɹ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɢɦɟɧɢ ɯɨɫɬɚ. ɗɬɨ ɬɚ ɡɚɩɢɫɶ, ɤɨɬɨɪɭɸ DNS-cepɜɟɪ ɜɨɡɜɪɚɳɚɟɬ ɜ ɩɪɨɰɟɫɫɟ ɪɚɡɪɟɲɟɧɢɹ ɢɦɟɧ. Mail Exchanger (MX) - ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɫɟɪɜɟɪɵ ɩɟɪɟɞɚɱɢ ɢɧɬɟɪɧɟɬɤɨɦɦɭɬɚɬɨɪ ɫɨɨɛɳɟɧɢɣ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɪɭɝɢɦɢ ɫɟɪɜɟɪɚɦɢ ɷɥɟɤɬɪɨɧɧɨɣ ɩɨɱɬɵ ɩɟɪɟɞɚɱɢ ɢɧɬɟɪɧɟɬ-ɫɨɨɛɳɟɧɢɣ ɞɥɹ ɩɨɢɫɤɚ ɚɧɚɥɨɝɢɱɧɵɯ ɫɟɪɜɟɪɨɜ ɜ ɞɨɦɟɧɟ. Name Server (NX) - ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɜɫɟ ɫɟɪɜɟɪɵ ɢɦɟɧ ɞɥɹ ɞɨɦɟɧɚ. ɫɟɪɜɟɪ ɢɦɟɧ Pointer (PTR) ɭɤɚɡɚɬɟɥɶ
- ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɢɦɟɧɚ ɯɨɫɬɨɜ, ɨɬɨɛɪɚɠɚɟɦɵɯ ɧɚ ɨɩɪɟɞɟɥɟɧɧɵɯ IP-ɚɞɪɟɫɚɯ. ɏɪɚɧɢɬɫɹ ɜ ɡɨɧɟ ɨɛɪɚɬɧɨɝɨ ɩɪɨɫɦɨɬɪɚ.
Canonical Name (CNAME) ɤɚɧɨɧɢɱɟɫɤɨɟ ɢɦɹ Service Locator (SRV) - ɭɤɚɡɚɬɟɥɶ ɫɥɭɠɛ
. 3-2.
SOA
ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɩɫɟɜɞɨɧɢɦ ɞɪɭɝɨɝɨ ɯɨɫɬɚ ɜ ɞɨɦɟɧɟ. ɉɪɢɦɟɧɹɟɬɫɹ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɤɨɝɞɚ ɧɟɫɤɨɥɶɤɨ ɢɦɟɧ ɯɨɫɬɚ ɢɫɩɨɥɶɡɭɸɬ ɨɞɢɧ ɢ ɬɨɬ ɠɟ IP-ɚɞɪɟɫ. ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɫɥɭɠɛɭ, ɤɨɬɨɪɚɹ ɢɦɟɟɬɫɹ ɜ ɞɨɦɟɧɟ. Active Directory ɲɢɪɨɤɨ ɢɫɩɨɥɶɡɭɟɬ ɡɚɩɢɫɢ SRV ɞɥɹ ɩɨɢɫɤɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ.
Contoso.com
ɋɨɜɟɬ. ɇɚ ɪɢɫɭɧɤɟ 3-2 ɩɨɤɚɡɚɧɚ ɡɚɩɢɫɶ SOA ɜ ɢɧɫɬɪɭɦɟɧɬɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ DNS. Ɂɚɩɢɫɢ DNS ɦɨɝɭɬ ɛɵɬɶ ɫɨɯɪɚɧɟɧɵ ɜ ɫɬɚɧɞɚɪɬɧɨɦ ɬɟɤɫɬɨɜɨɦ ɮɨɪɦɚɬɟ. ɇɚɩɪɢɦɟɪ, ɫɬɚɧɞɚɪɬɧɚɹ ɡɚɩɢɫɶ ɯɨɫɬɚ ɞɥɹ ɫɟɪɜɟɪɚ ɩɨ ɢɦɟɧɢ Webl.Contoso.com ɦɨɠɟɬ ɛɵɬɶ ɡɚɩɢɫɚɧɚ ɤɚɤ Webl.Contoso.com IN A 192.168.1.100.
DNS-
,
Ɉɞɧɢɦ ɢɡ ɜɚɠɧɵɯ ɚɫɩɟɤɬɨɜ ɢɡɭɱɟɧɢɹ ɪɚɛɨɬɵ DNS ɹɜɥɹɟɬɫɹ ɩɨɧɢɦɚɧɢɟ ɬɟɪɦɢɧɨɥɨɝɢɢ, ɤɨɬɨɪɚɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɩɢɫɚɧɢɹ ɤɨɦɩɨɧɟɧɬɨɜ DNS. Ɉɞɧɚ ɢɡ ɩɪɨɛɥɟɦ ɬɟɪɦɢɧɨɥɨɝɢɢ, ɤɨɬɨɪɚɹ ɦɨɠɟɬ ɡɚɬɪɭɞɧɹɬɶ ɩɨɧɢɦɚɧɢɟ, ɫɨɫɬɨɢɬ ɜ ɪɚɡɥɢɱɢɢ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ ɢ ɡɨɧɚɦɢ. ɋ ɨɞɧɨɣ ɫɬɨɪɨɧɵ, ɷɬɨ ɪɚɡɥɢɱɢɟ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɞɨɦɟɧ ɩɪɟɞɫɬɚɜɥɹɟɬ ɱɚɫɬɶ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ DNS, ɚ ɡɨɧɵ — ɷɬɨ ɢɧɮɨɪɦɚɰɢɹ ɨɛ ɷɬɨɣ ɱɚɫɬɢ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ. ɇɚɩɪɢɦɟɪ, ɤɨɦɩɚɧɢɹ ɦɨɠɟɬ ɜɥɚɞɟɬɶ ɢɦɟɧɟɦ ɞɨɦɟɧɚ ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ Contoso.com. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɤɨɦɩɚɧɢɹ ɜɥɚɞɟɟɬ ɨɞɧɨɣ ɱɚɫɬɶɸ ɩɨɥɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ DNS, ɬ.ɟ. ɷɬɨ ɢɯ ɞɨɦɟɧ. Ʉɨɝɞɚ ɤɨɦɩɚɧɢɹ ɪɟɚɥɢɡɭɟɬ DNS-ɫɟɪɜɟɪɵ ɞɥɹ ɞɨɦɟɧɚ, ɬɨ ɜɫɹ ɢɧɮɨɪɦɚɰɢɹ ɨ ɞɨɦɟɧɟ DNS ɛɭɞɟɬ ɯɪɚɧɢɬɶɫɹ ɧɚ ɨɞɧɨɦ ɢɥɢ ɧɟɫɤɨɥɶɤɢɯ DNS-ɫɟɪɜɟɪɚɯ. ɗɬɚ ɢɧɮɨɪɦɚɰɢɹ ɜɤɥɸɱɚɟɬ ɜɫɟ ɡɚɩɢɫɢ ɪɟɫɭɪɫɨɜ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɨɜ ɜ ɞɨɦɟɧɟ DNS. Ɉɧɚ ɹɜɥɹɟɬɫɹ ɡɨɧɧɨɣ ɢɧɮɨɪɦɚɰɢɟɣ ɢ ɯɪɚɧɢɬɫɹ ɜ ɡɨɧɧɵɯ ɮɚɣɥɚɯ ɧɚ ɫɟɪɜɟɪɚɯ DNS. ɋɭɳɟɫɬɜɭɟɬ ɞɜɚ ɪɚɡɥɢɱɧɵɯ ɬɢɩɚ ɡɨɧɧɵɯ ɮɚɣɥɨɜ ɜ DNS: . Ɂɨɧɚ ɩɪɹɦɨɝɨ ɩɪɨɫɦɨɬɪɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɪɚɡɪɟɲɟɧɢɹ ɢɦɟɧ ɯɨɫɬɚ ɤ IPɚɞɪɟɫɚɦ. ɗɬɢ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ ɨɛɟɫɩɟɱɢɜɚɸɬ ɡɚɩɢɫɢ ɯɨɫɬɚ (Ⱥ). Ɂɨɧɚ ɩɪɹɦɨɝɨ ɩɪɨɫɦɨɬɪɚ ɦɨɠɟɬ ɜɤɥɸɱɚɬɶ ɡɚɩɢɫɢ SOA ɢ NS, ɚ ɬɚɤɠɟ ɡɚɩɢɫɢ MX, CNAME ɢ SRV. Ɂɨɧɚ ɩɪɹɦɨɝɨ ɩɪɨɫɦɨɬɪɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɜɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɤɥɢɟɧɬ-ɩɪɟɨɛɪɚɡɨɜɚɬɟɥɶ ɞɟɥɚɟɬ ɡɚɩɪɨɫ DNS-ɫɟɪɜɟɪɭ, ɱɬɨɛɵ ɧɚɣɬɢ IP-ɚɞɪɟɫ ɫɟɪɜɟɪɚ ɜ ɫɟɬɢ. Ɂɨɧɵ ɨɛɪɚɬɧɨɝɨ ɩɪɨɫɦɨɬɪɚ ɜɵɩɨɥɧɹɸɬ ɩɪɨɬɢɜɨɩɨɥɨɠɧɭɸ ɮɭɧɤɰɢɸ. Ɉɧɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɬɨɝɞɚ, ɤɨɝɞɚ IP-ɚɞɪɟɫ ɯɨɫɬɚ ɢɡɜɟɫɬɟɧ, ɚ ɢɦɹ ɯɨɫɬɚ ɧɟ ɢɡɜɟɫɬɧɨ. Ɂɨɧɚ ɨɛɪɚɬɧɨɝɨ ɩɪɨɫɦɨɬɪɚ ɬɚɤɠɟ ɢɦɟɟɬ ɡɚɩɢɫɢ SOA ɢ NS, ɨɫɬɚɥɶɧɚɹ ɱɚɫɬɶ ɡɚɩɢɫɟɣ - ɷɬɨ ɡɚɩɢɫɢ PTR. Ɏɨɪɦɚɬ ɡɚɩɢɫɢ PTR ɩɨɞɨɛɟɧ ɡɚɩɢɫɢ
ɯɨɫɬɚ, ɧɨ ɨɧ ɨɛɟɫɩɟɱɢɜɚɟɬ ɨɬɜɟɬ ɞɥɹ ɨɛɪɚɬɧɨɝɨ ɩɨɢɫɤɚ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɡɚɩɢɫɹɯ ɫɦ. ɬɚɛɥ. 3-1. ɂɦɹ ɡɨɧɵ ɩɪɹɦɨɝɨ ɩɪɨɫɦɨɬɪɚ ɹɜɥɹɟɬɫɹ ɢɦɟɧɟɦ ɞɨɦɟɧɚ. ɂɦɹ ɡɨɧɵ ɨɛɪɚɬɧɨɝɨ ɩɪɨɫɦɨɬɪɚ ɨɩɪɟɞɟɥɢɬɶ ɛɨɥɟɟ ɬɪɭɞɧɨ, ɩɨɬɨɦɭ ɱɬɨ ɨɧɚ ɢɫɩɨɥɶɡɭɟɬ IP-ɚɞɪɟɫ ɩɨɞɫɟɬɢ, ɚ ɧɟ ɢɦɹ ɞɨɦɟɧɚ, ɜ ɤɚɱɟɫɬɜɟ ɝɪɚɧɢɰɵ ɡɨɧɵ. Ʉɨɝɞɚ ɜɵ ɫɨɡɞɚɟɬɟ ɡɨɧɭ ɨɛɪɚɬɧɨɝɨ ɩɪɨɫɦɨɬɪɚ, ɜɵ ɞɨɥɠɧɵ ɞɚɬɶ ɟɣ ɢɦɹ, ɨɫɧɨɜɚɧɧɨɟ ɧɚ IPɚɞɪɟɫɟ ɩɨɞɫɟɬɢ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ ɡɨɧɭ ɨɛɪɚɬɧɨɝɨ ɩɪɨɫɦɨɬɪɚ ɞɥɹ ɩɨɞɫɟɬɢ 192.168.1.0, ɬɨ ɡɨɧɧɨɟ ɢɦɹ ɛɭɞɟɬ L168.192.in-addr.arpa. ɂɦɹ in-addr.arpa ɫɩɟɰɢɚɥɶɧɨ ɡɚɪɟɡɟɪɜɢɪɨɜɚɧɨ ɜ DNS ɞɥɹ ɫɫɵɥɨɤ ɧɚ ɡɨɧɵ ɨɛɪɚɬɧɨɝɨ ɩɪɨɫɦɨɬɪɚ. ɉɟɪɜɚɹ ɱɚɫɬɶ ɡɨɧɧɨɝɨ ɢɦɟɧɢ ɹɜɥɹɟɬɫɹ ɫɟɬɟɜɵɦ ɚɞɪɟɫɨɦ, ɡɚɩɢɫɚɧɧɵɦ ɜ ɨɛɪɚɬɧɨɦ ɩɨɪɹɞɤɟ. ȿɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ ɡɨɧɭ ɨɛɪɚɬɧɨɝɨ ɩɪɨɫɦɨɬɪɚ ɞɥɹ ɩɨɞɫɟɬɢ ɤɥɚɫɫɚ ȼ (150.38.0.0), ɢɦɹ ɡɨɧɵ ɨɛɪɚɬɧɨɝɨ ɩɪɨɫɦɨɬɪɚ ɛɭɞɟɬ 38.150.in-addr.arpa. Ɉɫɧɨɜɧɵɦ ɫɟɪɜɟɪɨɦ ɢɦɟɧ (Primary Name Server) ɹɜɥɹɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɵɣ ɫɟɪɜɟɪ, ɢɦɟɸɳɢɣ ɩɟɪɟɡɚɩɢɫɵɜɚɟɦɭɸ ɤɨɩɢɸ ɡɨɧɧɵɯ ɮɚɣɥɨɜ (ɡɨɧɚ ɧɚ ɨɫɧɨɜɧɨɦ ɫɟɪɜɟɪɟ ɢɦɟɧ ɧɚɡɵɜɚɟɬɫɹ - primary zone). ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ DNS-ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɞɨɥɠɟɧ ɢɦɟɬɶ ɞɨɫɬɭɩ ɤ ɨɫɧɨɜɧɨɦɭ ɫɟɪɜɟɪɭ ɢɦɟɧ ɜɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɧɭɠɧɨ ɜɧɟɫɬɢ ɤɚɤɢɟ-ɥɢɛɨ ɢɡɦɟɧɟɧɢɹ ɜ ɡɨɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɧɟɫɟɧɵ ɢɡɦɟɧɟɧɢɹ, ɷɬɢ ɞɚɧɧɵɟ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɤɨɩɢɪɭɸɬɫɹ ɧɚ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɟɪɜɟɪɵ ɢɦɟɧ ɫ ɩɨɦɨɳɶɸ ɩɪɨɰɟɫɫɚ, ɤɨɬɨɪɵɣ ɧɚɡɵɜɚɟɬɫɹ . Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɣ ɫɟɪɜɟɪ ɢɦɟɧ (Secondary Name Server) ɢɦɟɟɬ ɤɨɩɢɸ ɡɨɧɧɵɯ ɮɚɣɥɨɜ, ɤɨɬɨɪɚɹ ɩɪɟɞɧɚɡɧɚɱɟɧɚ ɬɨɥɶɤɨ ɞɥɹ ɱɬɟɧɢɹ. ȿɞɢɧɫɬɜɟɧɧɵɣ ɫɩɨɫɨɛ ɨɛɧɨɜɥɟɧɢɹ ɡɨɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɫɟɪɜɟɪɚ ɢɦɟɧ ɫɨɫɬɨɢɬ ɜ ɡɨɧɧɨɣ ɩɟɪɟɞɚɱɟ ɫ ɨɫɧɨɜɧɨɝɨ ɫɟɪɜɟɪɚ ɢɦɟɧ. ȼ ɪɚɧɧɢɯ ɜɟɪɫɢɹɯ DNS ɤɚɠɞɚɹ ɡɨɧɧɚɹ ɩɟɪɟɞɚɱɚ ɛɵɥɚ ɩɨɥɧɨɣ ɡɨɧɧɨɣ ɩɟɪɟɞɚɱɟɣ, ɬ.ɟ. ɜɫɟ ɫɨɞɟɪɠɢɦɨɟ ɡɨɧɧɨɝɨ ɮɚɣɥɚ DNS ɩɟɪɟɞɚɜɚɥɨɫɶ ɫ ɨɫɧɨɜɧɨɝɨ ɫɟɪɜɟɪɚ ɢɦɟɧ ɧɚ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ. Ⱦɨɤɭɦɟɧɬ Request for Comment 1995 (Ɂɚɩɪɨɫ ɧɚ ɤɨɦɦɟɧɬɚɪɢɢ) ɩɪɟɞɫɬɚɜɢɥ ɛɨɥɟɟ ɷɮɮɟɤɬɢɜɧɵɣ ɦɟɯɚɧɢɡɦ ɡɨɧɧɨɣ ɩɟɪɟɞɚɱɢ, ɧɚɡɵɜɚɟɦɵɣ (incremental zone transfers), ɜ ɤɨɬɨɪɨɦ ɧɚ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɫɟɪɜɟɪ ɤɨɩɢɪɭɸɬɫɹ ɬɨɥɶɤɨ ɢɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɜ ɡɨɧɧɵɯ ɮɚɣɥɚɯ ɫ ɦɨɦɟɧɬɚ ɩɨɫɥɟɞɧɟɣ ɩɟɪɟɞɚɱɢ. Ⱦɪɭɝɨɟ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɢɟ ɩɪɟɞɫɬɚɜɥɟɧɨ ɜ ɞɨɤɭɦɟɧɬɟ Request for Comment 1996. ɗɬɨ ɦɟɯɚɧɢɡɦ ɭɜɟɞɨɦɥɟɧɢɣ, ɤɨɬɨɪɵɣ ɩɨɡɜɨɥɹɟɬ ɨɫɧɨɜɧɨɦɭ ɫɟɪɜɟɪɭ ɩɪɟɞɭɩɪɟɠɞɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɟɪɜɟɪɵ ɢɦɟɧ ɨ ɬɨɦ, ɱɬɨ ɛɵɥɢ ɫɞɟɥɚɧɵ ɢɡɦɟɧɟɧɢɹ ɤ ɡɨɧɧɵɦ ɮɚɣɥɚɦ. Ȼɟɡ ɨɩɰɢɢ ɭɜɟɞɨɦɥɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɫɟɪɜɟɪ ɢɦɟɧ ɛɭɞɟɬ ɤɨɧɬɚɤɬɢɪɨɜɚɬɶ ɫ ɨɫɧɨɜɧɵɦ ɫɟɪɜɟɪɨɦ ɬɨɥɶɤɨ ɱɟɪɟɡ ɢɧɬɟɪɜɚɥɵ ɜɪɟɦɟɧɢ, ɨɩɪɟɞɟɥɟɧɧɵɟ ɜ ɡɚɩɢɫɹɯ SOA ɞɥɹ ɤɚɠɞɨɣ ɡɨɧɵ. . DNSWindows Server 2003 , . (integrated) Active Directory, Active Directory. Ɍɪɟɬɢɣ ɬɢɩ ɫɟɪɜɟɪɚ ɢɦɟɧ - ɷɬɨ ɫɟɪɜɟɪ, ɤɨɬɨɪɵɣ ɬɨɥɶɤɨ ɤɷɲɢɪɭɟɬ ɢɧɮɨɪɦɚɰɢɸ (caching-only). Ɉɧ ɧɟ ɭɩɪɚɜɥɹɟɬ ɡɨɧɧɵɦɢ ɮɚɣɥɚɦɢ, ɚ ɬɨɥɶɤɨ ɤɷɲɢɪɭɟɬ ɥɸɛɵɟ ɪɚɡɪɟɲɟɧɢɹ ɢɦɟɧ, ɤɨɬɨɪɵɟ ɨɧ ɜɵɩɨɥɧɹɥ. Ʉɷɲɢɪɭɸɳɢɣ ɫɟɪɜɟɪ ɱɚɫɬɨ ɢɫɩɨɥɶɡɭɟɬɫɹ ɜ ɭɞɚɥɟɧɧɵɯ ɨɮɢɫɚɯ, ɩɨɞɤɥɸɱɟɧɧɵɯ ɤ ɛɨɥɶɲɨɦɭ ɨɮɢɫɭ ɫ ɨɝɪɚɧɢɱɟɧɧɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɶɸ. ɉɨɫɤɨɥɶɤɭ ɤɷɲɢɪɭɸɳɢɣ ɫɟɪɜɟɪ ɧɟ ɢɦɟɟɬ ɧɢɤɚɤɢɯ ɡɨɧɧɵɯ ɮɚɣɥɨɜ, ɬɨ ɢ ɬɪɚɮɢɤ ɡɨɧɧɨɣ ɩɟɪɟɞɚɱɢ DNS ɱɟɪɟɡ ɦɟɞɥɟɧɧɨɟ ɫɟɬɟɜɨɟ ɩɨɞɤɥɸɱɟɧɢɟ ɨɬɫɭɬɫɬɜɭɟɬ. Ʉɷɲɢɪɭɸɳɢɣ ɫɟɪɜɟɪ ɞɨɥɠɟɧ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶɫɹ ɬɚɤ, ɱɬɨɛɵ ɨɧ ɩɟɪɟɩɪɚɜɥɹɥ ɜɫɟ DNS-ɡɚɩɪɨɫɵ ɧɚ ɫɟɪɜɟɪ, ɪɚɫɩɨɥɨɠɟɧɧɵɣ ɜ ɝɥɚɜɧɨɦ ɨɮɢɫɟ ɤɨɦɩɚɧɢɢ. ɉɨɫɤɨɥɶɤɭ ɤɷɲɢɪɭɸɳɢɣ ɫɟɪɜɟɪ ɪɚɡɪɟɲɚɟɬ DNS-ɡɚɩɪɨɫɵ, ɬɨ ɨɧ ɤɷɲɢɪɭɟɬ ɢɧɮɨɪɦɚɰɢɸ ɜ ɬɟɱɟɧɢɟ ɧɟɤɨɬɨɪɨɝɨ ɜɪɟɦɟɧɢ (ɩɨ ɭɦɨɥɱɚɧɢɸ -1 ɱɚɫ). ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɥɸɛɨɣ ɦɟɫɬɧɵɣ DNS-ɡɚɩɪɨɫ ɬɨɣ ɠɟ ɫɚɦɨɣ ɢɧɮɨɪɦɚɰɢɢ ɦɨɠɟɬ ɛɵɬɶ ɪɚɡɪɟɲɟɧ ɜ ɦɟɫɬɧɨɦ ɦɚɫɲɬɚɛɟ. . DNSWindows Server 2003, , , (caching-only) . , . ɑɬɨɛɵ ɩɨɥɧɨɫɬɶɸ ɩɨɧɢɦɚɬɶ DNS, ɜɵ ɞɨɥɠɧɵ ɩɨɡɧɚɤɨɦɢɬɶɫɹ ɫ ɡɨɧɚɦɢ ɩɨɥɧɨɦɨɱɢɣ (zones of authority) ɢ ɩɨɥɧɨɦɨɱɧɵɦɢ (authoritative) ɫɟɪɜɟɪɚɦɢ ɢɦɟɧ. Ʉɚɠɞɵɣ ɨɫɧɨɜɧɨɣ ɢ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ
ɫɟɪɜɟɪɵ ɢɦɟɧ ɹɜɥɹɸɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦɢ ɞɥɹ ɫɜɨɟɝɨ ɞɨɦɟɧɚ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ DNS-ɫɟɪɜɟɪ ɫɨɞɟɪɠɢɬ ɡɨɧɧɵɟ ɮɚɣɥɵ ɞɥɹ ɞɨɦɟɧɚ Contoso.com, ɬɨ ɷɬɨɬ ɫɟɪɜɟɪ ɹɜɥɹɟɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦ ɫɟɪɜɟɪɨɦ ɢɦɟɧ ɞɥɹ ɷɬɨɝɨ ɞɨɦɟɧɚ. Ʉɚɤ ɩɨɥɧɨɦɨɱɧɵɣ ɫɟɪɜɟɪ ɢɦɟɧ ɨɧ ɧɟ ɛɭɞɟɬ ɨɬɩɪɚɜɥɹɬɶ ɧɢɤɚɤɢɯ ɡɚɩɪɨɫɨɜ ɨ ɯɨɫɬɚɯ ɷɬɨɣ ɡɨɧɵ ɞɪɭɝɢɦ DNS-ɫɟɪɜɟɪɚɦ. Ɇɧɨɝɢɟ ɤɨɦɩɚɧɢɢ ɭɫɬɚɧɚɜɥɢɜɚɸɬ ɤɨɧɮɢɝɭɪɚɰɢɸ DNS-ɫɟɪɜɟɪɚ ɬɚɤ, ɤɚɤ ɩɨɤɚɡɚɧɨ ɧɚ ɪɢɫɭɧɤɟ 3-3. ȼ ɷɬɨɦ ɫɰɟɧɚɪɢɢ ɢɦɟɸɬɫɹ ɞɜɚ ɨɫɧɨɜɧɵɯ DNS-ɫɟɪɜɟɪɚ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɟ ɞɥɹ ɞɨɦɟɧɚ Contoso.com. DNS1 ɫɨɞɟɪɠɢɬ ɡɚɩɢɫɶ ɯɨɫɬɚ ɞɥɹ ɫɟɪɜɟɪɚ ɩɨ ɢɦɟɧɢ Webl.Contoso.com, a DNS2-cepBep ɷɬɨɣ ɡɚɩɢɫɢ ɧɟ ɢɦɟɟɬ. Ʉɨɝɞɚ ɤɥɢɟɧɬ ɫɨɟɞɢɧɹɟɬɫɹ ɫ DNS1, ɨɧ ɫɦɨɠɟɬ ɪɚɡɪɟɲɢɬɶ IP-ɚɞɪɟɫ ɞɥɹ Webl. Ʉɨɝɞɚ ɤɥɢɟɧɬ ɫɨɟɞɢɧɹɟɬɫɹ ɫ DNS2 ɢ ɡɚɩɪɚɲɢɜɚɟɬ IP-ɚɞɪɟɫ ɞɥɹ Webl, ɫɟɪɜɟɪ ɨɬɜɟɬɢɬ, ɱɬɨ ɯɨɫɬ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɧɚɣɞɟɧ. ɉɨɫɤɨɥɶɤɭ DNS2 ɫɟɪɜɟɪ ɹɜɥɹɟɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦ ɞɥɹ ɞɨɦɟɧɚ Contoso.com, ɨɧ ɧɟ ɛɭɞɟɬ ɨɬɩɪɚɜɥɹɬɶ ɡɚɩɪɨɫɵ ɫɟɪɜɟɪɭ DNS1. ȿɝɨ ɩɨɜɟɞɟɧɢɟ ɡɚɥɨɠɟɧɨ ɜ ɩɪɨɟɤɬɟ ɢ, ɤɚɤ ɩɨɤɚɡɵɜɚɟɬ ɨɛɫɭɠɞɟɧɢɟ ɩɪɢɦɟɪɚ ɜ ɪɚɡɞɟɥɟ «ɉɪɚɤɬɢɱɟɫɤɢɣ ɨɩɵɬ», ɷɬɨ ɞɚɟɬ ɨɩɪɟɞɟɥɟɧɧɨɟ ɩɪɟɢɦɭɳɟɫɬɜɨ ɜ ɛɟɡɨɩɚɫɧɨɫɬɢ.
. 3-3.
DNS-
П
че
ы . ,
DNSDNS . 3-3). DNS2 -
, DNS
( ,
DNS2 DNS1
DNSSRV-
, DNS1 . , Active Directory. (Contoso.com),
. DNS-
.
DNS-
,
,
, -
.
-
,
DNS-
,
, ,
,
. DNS. www.Contoso.com, . DNS1. -
, .
, ,
,
-
ɉɨɫɤɨɥɶɤɭ ɫɢɫɬɟɦɚ DNS ɢɫɩɨɥɶɡɭɟɬ ɢɟɪɚɪɯɢɱɟɫɤɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ, ɞɨɥɠɟɧ ɫɭɳɟɫɬɜɨɜɚɬɶ ɦɟɯɚɧɢɡɦ ɫɨɟɞɢɧɟɧɢɹ ɪɚɡɧɵɯ ɭɪɨɜɧɟɣ ɢɟɪɚɪɯɢɢ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɤɥɢɟɧɬ ɫɨɟɞɢɧɹɟɬɫɹ ɫ ɫɟɪɜɟɪɨɦ, ɤɨɬɨɪɵɣ ɹɜɥɹɟɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦ ɞɥɹ ɞɨɦɟɧɚ ɩɟɪɜɨɝɨ ɭɪɨɜɧɹ , ɢ ɡɚɩɪɚɲɢɜɚɟɬ ɫɟɪɜɟɪ ɜ ɞɨɦɟɧɟ Contoso.com, corn-ɫɟɪɜɟɪ ɞɨɥɠɟɧ ɭɦɟɬɶ ɨɩɪɟɞɟɥɹɬɶ, ɤɚɤɨɣ ɫɟɪɜɟɪ ɢɦɟɧ ɹɜɥɹɟɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦ ɞɥɹ ɞɨɦɟɧɚ Contoso.com. ɗɬɨ ɜɨɡɦɨɠɧɨ ɩɪɢ ɩɨɦɨɳɢ (delegation records). Ɂɚɩɢɫɶ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɭɤɚɡɚɬɟɥɶ ɧɚ ɞɨɦɟɧ ɧɢɡɲɟɝɨ ɭɪɨɜɧɹ, ɤɨɬɨɪɵɣ ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ ɫɟɪɜɟɪ ɢɦɟɧ ɞɥɹ ɞɨɦɟɧɚ ɧɢɡɲɟɝɨ ɭɪɨɜɧɹ. ɇɚɩɪɢɦɟɪ, ɧɚ ɪɢɫɭɧɤɟ 3-4 ɩɨɤɚɡɚɧɨ, ɱɬɨ DNSl.Contoso.com ɹɜɥɹɟɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦ ɫɟɪɜɟɪɨɦ ɢɦɟɧ ɞɥɹ ɞɨɦɟɧɚ Contoso.com. DNS2 ɢ DNS3 ɹɜɥɹɸɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦɢ ɫɟɪɜɟɪɚɦɢ ɢɦɟɧ ɞɥɹ ɞɨɦɟɧɚ NAmerica.Contoso.com. ɋɟɪɜɟɪ DNS1 ɫɱɢɬɚɟɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦ ɞɥɹ ɞɨɦɟɧɚ NAmerica.Contoso.com, ɧɨ ɨɧ ɧɟ ɢɦɟɟɬ ɜɫɟɯ ɡɚɩɢɫɟɣ ɪɟɫɭɪɫɚ ɞɨɱɟɪɧɢɯ ɞɨɦɟɧɨɜ. Ɉɞɧɚɤɨ ɫɟɪɜɟɪ DNS1 ɢɫɩɨɥɶɡɭɟɬ ɡɚɩɢɫɶ ɞɟɥɟɝɢɪɨɜɚɧɢɹ, ɭɤɚɡɵɜɚɸɳɭɸ ɧɚ DNS2 ɢ DNS3 ɤɚɤ ɧɚ ɫɟɪɜɟɪɵ ɢɦɟɧ ɞɥɹ ɞɨɱɟɪɧɟɝɨ ɞɨɦɟɧɚ. Ʉɨɝɞɚ ɤɥɢɟɧɬ ɫɨɟɞɢɧɹɟɬɫɹ ɫ ɫɟɪɜɟɪɨɦ DNS1, ɡɚɩɪɚɲɢɜɚɹ ɢɧɮɨɪɦɚɰɢɸ ɨɛ NAmerica.Contoso.com, ɫɟɪɜɟɪ ɩɟɪɟɲɥɟɬ ɤɥɢɟɧɬɚ ɧɚ ɫɟɪɜɟɪɚ ɢɦɟɧ ɞɨɱɟɪɧɟɝɨ ɞɨɦɟɧɚ. ȼɬɨɪɨɣ ɫɩɨɫɨɛ ɫɨɟɞɢɧɟɧɢɹ ɪɚɡɥɢɱɧɵɯ ɭɪɨɜɧɟɣ ɢɟɪɚɪɯɢɢ ɫɢɫɬɟɦɵ DNS ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɤɨɪɧɟɜɵɯ ɫɫɵɥɨɤ ɢ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɪɟɬɪɚɧɫɥɹɬɨɪɵ ɢ ɤɨɪɧɟɜɵɟ ɫɫɵɥɤɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɧɢɡɤɨɭɪɨɜɧɟɜɵɦɢ ɫɟɪɜɟɪɚɦɢ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ DNS ɞɥɹ ɩɨɢɫɤɚ ɢɧɮɨɪɦɚɰɢɢ, ɧɚɯɨɞɹɳɟɣɫɹ ɧɚ ɜɵɫɨɤɨɭɪɨɜɧɟɜɵɯ ɫɟɪɜɟɪɚɯ DNS-ɢɟɪɚɪɯɢɢ. Ɋɟɬɪɚɧɫɥɹɬɨɪɵ ɢ ɤɨɪɧɟɜɵɟ ɫɫɵɥɤɢ ɢɫɩɨɥɶɡɭɸɬɫɹ DNS-ɫɟɪɜɟɪɨɦ ɞɥɹ ɩɨɢɫɤɚ ɢɧɮɨɪɦɚɰɢɢ, ɤɨɬɨɪɚɹ ɨɬɫɭɬɫɬɜɭɟɬ ɜ ɢɯ ɫɨɛɫɬɜɟɧɧɵɯ ɡɨɧɧɵɯ ɮɚɣɥɚɯ. ɇɚɩɪɢɦɟɪ, DNS-ɫɟɪɜɟɪ ɦɨɠɟɬ ɛɵɬɶ ɩɨɥɧɨɦɨɱɧɵɦ ɬɨɥɶɤɨ ɞɥɹ ɞɨɦɟɧɚ Contoso.com. Ʉɨɝɞɚ ɨɧ ɩɨɥɭɱɢɬ ɡɚɩɪɨɫ ɨɬ ɤɥɢɟɧɬɚ, ɡɚɩɪɚɲɢɜɚɸɳɟɝɨ ɪɚɡɪɟɲɟɧɢɟ ɢɦɟɧɢ ɜ ɞɨɦɟɧɟ Fabrikam.com (ɫɦ. ɪɢɫ. 3-1), DNS-ɫɟɪɜɟɪ Contoso.com ɞɨɥɠɟɧ ɢɦɟɬɶ ɤɚɤɨɣ-ɬɨ ɫɩɨɫɨɛ ɩɨɢɫɤɚ ɷɬɨɣ ɢɧɮɨɪɦɚɰɢɢ.
. 3-4.
Ɉɞɧɢɦ ɢɡ ɫɩɨɫɨɛɨɜ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɫɟɪɜɟɪɚ ɞɥɹ ɷɬɢɯ ɰɟɥɟɣ ɹɜɥɹɟɬɫɹ ɢɫɩɨɥɶɡɨɜɚɧɢɟ . Ɋɟɬɪɚɧɫɥɹɬɨɪ (forwarder) - ɷɬɨ ɩɪɨɫɬɨ ɞɪɭɝɨɣ DNS-ɫɟɪɜɟɪ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬɫɹ ɨɩɪɟɞɟɥɟɧɧɵɦ DNS-ɫɟɪɜɟɪɨɦ, ɤɨɝɞɚ ɨɧ ɧɟ ɦɨɠɟɬ ɪɚɡɪɟɲɢɬɶ ɡɚɩɪɨɫ. ɇɚɩɪɢɦɟɪ, ɩɨɥɧɨɦɨɱɧɵɣ ɫɟɪɜɟɪ ɢɦɟɧ ɞɥɹ Contoso.com ɦɨɠɟɬ ɩɨɥɭɱɢɬɶ ɪɟɤɭɪɫɢɜɧɵɣ ɡɚɩɪɨɫ ɞɥɹ ɞɨɦɟɧɚ Fabrikam.com. ȿɫɥɢ DNS-ɫɟɪɜɟɪ Contoso ɛɵɥ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɫ ɪɟɬɪɚɧɫɥɹɬɨɪɨɦ, ɬɨ ɨɧ ɨɬɩɪɚɜɢɬ ɪɟɤɭɪɫɢɜɧɵɣ ɡɚɩɪɨɫ ɪɟɬɪɚɧɫɥɹɬɨɪɭ, ɡɚɩɪɚɲɢɜɚɹ ɷɬɭ ɢɧɮɨɪɦɚɰɢɸ. Ɋɟɬɪɚɧɫɥɹɬɨɪɵ ɱɚɫɬɨ ɢɫɩɨɥɶɡɭɸɬɫɹ ɜɨ ɜɧɭɬɪɟɧɧɟɣ ɫɟɬɢ ɨɪɝɚɧɢɡɚɰɢɢ. Ɉɪɝɚɧɢɡɚɰɢɹ ɦɨɠɟɬ ɢɦɟɬɶ ɧɟɫɤɨɥɶɤɨ DNS-ɫɟɪɜɟɪɨɜ, ɝɥɚɜɧɨɣ ɡɚɞɚɱɟɣ ɤɨɬɨɪɵɯ ɹɜɥɹɟɬɫɹ ɜɧɭɬɪɟɧɧɟɟ ɪɚɡɪɟɲɟɧɢɟ ɢɦɟɧ. ɉɨɥɶɡɨɜɚɬɟɥɹɦ ɜɧɭɬɪɢ ɨɪɝɚɧɢɡɚɰɢɢ ɦɨɠɟɬ ɩɨɬɪɟɛɨɜɚɬɶɫɹ ɪɚɡɪɟɲɟɧɢɟ IP-ɚɞɪɟɫɨɜ ɢɧɬɟɪɧɟɬɚ. ɗɬɨ ɦɨɠɧɨ ɜɵɩɨɥɧɢɬɶ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɜ ɜɫɟ ɜɧɭɬɪɟɧɧɢɟ DNSɫɟɪɜɟɪɵ ɬɚɤ, ɱɬɨɛɵ ɨɧɢ ɦɨɝɥɢ ɪɚɡɪɟɲɚɬɶ ɚɞɪɟɫɚ ɢɧɬɟɪɧɟɬɚ. Ȼɨɥɟɟ ɪɚɫɩɪɨɫɬɪɚɧɟɧɧɵɦ ɜɚɪɢɚɧɬɨɦ ɹɜɥɹɟɬɫɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɜɧɭɬɪɟɧɧɢɯ DNS-ɫɟɪɜɟɪɨɜ ɫ ɪɟɬɪɚɧɫɥɹɬɨɪɨɦ, ɭɤɚɡɵɜɚɸɳɢɦ ɧɚ DNSɫɟɪɜɟɪ, ɹɜɥɹɸɳɢɣɫɹ ɨɬɜɟɬɫɬɜɟɧɧɵɦ ɡɚ ɪɚɡɪɟɲɟɧɢɟ ɢɦɟɧ ɢɧɬɟɪɧɟɬɚ. ɗɬɨɬ ɜɚɪɢɚɧɬ ɩɨɤɚɡɚɧ ɧɚ
ɪɢɫɭɧɤɟ 3-5. ȼɫɟ ɜɧɭɬɪɟɧɧɢɟ DNS-ɫɟɪɜɟɪɵ ɨɬɩɪɚɜɥɹɸɬ ɥɸɛɨɣ ɡɚɩɪɨɫ ɞɥɹ ɧɟɩɨɥɧɨɦɨɱɧɨɣ ɡɨɧɵ ɧɚ ɨɞɢɧ DNS-ɫɟɪɜɟɪ, ɤɨɬɨɪɵɣ ɪɚɡɪɟɲɚɟɬ ɢɧɬɟɪɧɟɬ-ɚɞɪɟɫɚ. ȿɫɥɢ DNS-ɫɟɪɜɟɪ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɪɟɬɪɚɧɫɥɹɬɨɪɚɦɢ, ɬɨ ɨɧ ɛɭɞɟɬ ɨɬɩɪɚɜɥɹɬɶ ɡɚɩɪɨɫɵ ɜɫɟɦ ɪɟɬɪɚɧɫɥɹɬɨɪɚɦ ɩɨ ɩɨɪɹɞɤɭ, ɩɪɟɠɞɟ ɱɟɦ ɩɨɩɵɬɚɟɬɫɹ ɢɫɩɨɥɶɡɨɜɚɬɶ ɥɸɛɨɣ ɞɪɭɝɨɣ ɫɩɨɫɨɛ ɪɚɡɪɟɲɟɧɢɹ IP-ɚɞɪɟɫɨɜ.
. 3-5.
ȼɬɨɪɨɣ ɦɟɬɨɞ, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɩɪɢɦɟɧɢɬɶ DNS-ɫɟɪɜɟɪ ɩɪɢ ɨɬɜɟɬɟ ɧɚ ɡɚɩɪɨɫɵ ɞɥɹ ɬɟɯ ɡɨɧ, ɞɥɹ ɤɨɬɨɪɵɯ ɨɧ ɧɟ ɹɜɥɹɟɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦ, ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɤɨɪɧɟɜɵɯ ɫɫɵɥɨɤ. Ʉɨɝɞɚ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ DNS-ɫɟɪɜɟɪ Windows Server 2003, ɢɦɟɸɳɢɣ ɞɨɫɬɭɩ ɤ ɢɧɬɟɪɧɟɬɭ, ɨɧ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɤɨɧɮɢɝɭɪɢɪɭɟɬɫɹ ɫɨ ɫɬɚɧɞɚɪɬɧɵɦ ɫɩɢɫɤɨɦ ɤɨɪɧɟɜɵɯ ɫɟɪɜɟɪɨɜ. Ʉɨɪɧɟɜɵɟ ɫɟɪɜɟɪɵ - ɷɬɨ ɫɟɪɜɟɪɵ, ɤɨɬɨɪɵɟ ɹɜɥɹɸɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦɢ ɞɥɹ ɤɨɪɧɹ ɜ ɩɪɨɫɬɪɚɧɫɬɜɟ ɢɦɟɧ ɢɧɬɟɪɧɟɬɚ. ȿɫɥɢ DNS-ɫɟɪɜɟɪ ɩɨɥɭɱɚɟɬ ɡɚɩɪɨɫ ɨ ɡɨɧɟ DNS, ɞɥɹ ɤɨɬɨɪɨɣ ɨɧ ɧɟ ɹɜɥɹɟɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦ, ɫɟɪɜɟɪ ɩɨɫɵɥɚɟɬ ɢɬɟɪɚɰɢɨɧɧɵɣ ɡɚɩɪɨɫ ɨɞɧɨɦɭ ɢɡ ɤɨɪɧɟɜɵɯ ɫɟɪɜɟɪɨɜ. ɂɬɟɪɚɰɢɨɧɧɵɟ ɡɚɩɪɨɫɵ ɛɭɞɟɬ ɢɧɢɰɢɢɪɨɜɚɬɶɫɹ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɧɭɠɧɨɟ ɢɦɹ ɧɟ ɛɭɞɟɬ ɪɚɡɪɟɲɟɧɨ ɢɥɢ ɩɨɤɚ ɫɟɪɜɟɪ ɧɟ ɩɨɞɬɜɟɪɞɢɬ, ɱɬɨ ɨɧɨ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɪɚɡɪɟɲɟɧɨ. . , DNS, Cache.dns, DNS. ȼɵ ɦɨɠɟɬɟ ɞɨɛɚɜɥɹɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ DNS-ɫɟɪɜɟɪɵ ɤ ɫɩɢɫɤɭ ɤɨɪɧɟɜɵɯ ɫɫɵɥɨɤ, ɜɤɥɸɱɚɹ ɜ ɧɟɝɨ DNS-ɫɟɪɜɟɪɵ, ɢɦɟɸɳɢɟɫɹ ɜ ɜɚɲɟɣ ɜɧɭɬɪɟɧɧɟɣ ɫɟɬɢ. ɉɨ ɭɦɨɥɱɚɧɢɸ DNS-ɫɟɪɜɟɪɵ Windows Server 2003 ɢɫɩɨɥɶɡɭɸɬ ɪɟɬɪɚɧɫɥɹɬɨɪɵ ɢ ɤɨɪɧɟɜɵɟ ɫɫɵɥɤɢ, ɤɨɝɞɚ ɨɧɢ ɩɵɬɚɸɬɫɹ ɪɚɡɪɟɲɚɬɶ ɢɦɟɧɚ. ȿɫɥɢ ɫɟɪɜɟɪ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɫ ɪɟɬɪɚɧɫɥɹɬɨɪɚɦɢ, ɨɧ ɫɧɚɱɚɥɚ ɨɬɩɪɚɜɢɬ ɪɟɤɭɪɫɢɜɧɵɟ ɡɚɩɪɨɫɵ ɜɫɟɦ ɪɟɬɪɚɧɫɥɹɬɨɪɚɦ. ȿɫɥɢ ɧɢ ɨɞɢɧ ɢɡ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ ɧɟ ɦɨɠɟɬ ɨɛɟɫɩɟɱɢɬɶ ɧɟɨɛɯɨɞɢɦɭɸ ɢɧɮɨɪɦɚɰɢɸ, ɬɨ DNS-cep-ɜɟɪ ɧɚɱɧɟɬ ɩɨɫɵɥɚɬɶ ɩɨɜɬɨɪɹɸɳɢɟɫɹ ɡɚɩɪɨɫɵ ɫɟɪɜɟɪɚɦ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɦ ɤɚɤ ɤɨɪɧɟɜɵɟ ɫɫɵɥɤɢ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɧɟɨɛɯɨɞɢɦ DNSɫɟɪɜɟɪ, ɢɫɩɨɥɶɡɭɸɳɢɣ ɬɨɥɶɤɨ ɪɟɬɪɚɧɫɥɹɬɨɪɵ ɢ ɧɟ ɢɫɩɨɥɶɡɭɸɳɢɣ ɤɨɪɧɟɜɵɟ ɫɫɵɥɤɢ. ɑɬɨɛɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɬɚɤɨɣ ɫɟɪɜɟɪ, ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ Do Not Use Recursion For This Domain (He ɢɫɩɨɥɶɡɨɜɚɬɶ ɪɟɤɭɪɫɢɸ ɞɥɹ ɷɬɨɝɨ ɞɨɦɟɧɚ) ɧɚ ɜɤɥɚɞɤɟ Forwarders (ɉɟɪɟɞɚɬɱɢɤɢ) ɜ ɨɤɧɟ Properties (ɋɜɨɣɫɬɜɚ) DNS-ɫɟɪɜɟɪɚ. ɉɨɫɥɟ ɷɬɨɝɨ DNS-ɫɟɪɜɟɪ ɫɧɚɱɚɥɚ ɛɭɞɟɬ ɩɵɬɚɬɶɫɹ ɪɚɡɪɟɲɢɬɶ ɥɸɛɵɟ ɡɚɩɪɨɫɵ ɫ ɩɨɦɨɳɶɸ ɫɜɨɟɣ ɦɟɫɬɧɨɣ ɡɨɧɧɨɣ ɢɥɢ ɤɷ-ɲɢɪɨɜɚɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ, ɩɨɫɵɥɚɹ ɪɟɤɭɪɫɢɜɧɵɟ ɡɚɩɪɨɫɵ ɤɚɠɞɨɦɭ ɢɡ ɫɜɨɢɯ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ. ȿɫɥɢ ɪɟɬɪɚɧɫɥɹɬɨɪɵ ɧɟ ɫɦɨɝɭɬ ɨɛɟɫɩɟɱɢɬɶ ɧɟɨɛɯɨɞɢɦɭɸ ɢɧɮɨɪɦɚɰɢɸ, DNS-ɫɟɪɜɟɪ ɧɟ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɪɭɝɢɟ ɫɪɟɞɫɬɜɚ, ɱɬɨɛɵ ɧɚɣɬɢ ɷɬɭ ɢɧɮɨɪɦɚɰɢɸ. Ɉɧ ɫɨɨɛɳɢɬ ɤɥɢɟɧɬɭ, ɱɬɨ ɯɨɫɬ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɧɚɣɞɟɧ. ɉɪɢɦɟɱɚɧɢɟ. ȼ ɫɢɫɬɟɦɟ DNS Windows Server 2003 ɜɨɡɦɨɠɧɨɫɬɢ ɬɪɚɞɢɰɢɨɧɧɵɯ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ ɪɚɫɲɢɪɟɧɵ ɡɚ ɫɱɟɬ ɪɟɚɥɢɡɚɰɢɢ ɭɫɥɨɜɧɵɯ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ. ɗɬɚ ɬɟɦɚ ɩɨɞɪɨɛɧɨ ɪɚɫɫɦɚɬɪɢɜɚɟɬɫɹ ɜ ɪɚɡɞɟɥɟ «ɍɫɥɨɜɧɚɹ ɪɟɬɪɚɧɫɥɹɰɢɹ» ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ.
DNS
ȼ ɩɪɨɲɥɨɦ ɫɥɨɠɧɨɫɬɶ ɪɚɛɨɬɵ ɫ DNS ɫɨɫɬɨɹɥɚ ɜ ɬɨɦ, ɱɬɨ ɜɫɹ ɡɨɧɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɞɨɥɠɧɚ ɛɵɥɚ ɜɜɨɞɢɬɶɫɹ ɜɪɭɱɧɭɸ. Ⱦɨ ɜɵɯɨɞɚ ɞɨɤɭɦɟɧɬɚ RFC 2136 ɧɟ ɫɭɳɟɫɬɜɨɜɚɥɨ ɧɢɤɚɤɨɝɨ ɫɩɨɫɨɛɚ ɚɜɬɨɦɚɬɢɱɟɫɤɨɝɨ ɨɛɧɨɜɥɟɧɢɹ ɡɨɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ DNS-ɫɟɪɜɟɪɚ. ȼ ɞɨɤɭɦɟɧɬɟ RFC 2136 ɨɩɢɫɚɧɨ, ɤɚɤ DNS-ɫɟɪɜɟɪɵ ɞɨɥɠɧɵ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ, ɱɬɨɛɵ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɩɪɢɧɢɦɚɬɶ ɨɛɧɨɜɥɟɧɢɹ ɤ ɡɚɩɢɫɹɦ ɪɟɫɭɪɫɨɜ ɜ ɡɨɧɧɵɯ ɮɚɣɥɚɯ. ɗɬɚ ɨɩɰɢɹ ɧɚɡɵɜɚɟɬɫɹ ɞɢɧɚɦɢɱɟɫɤɨɣ ɫɥɭɠɛɨɣ DNS (DDNS). DNS-ɫɟɪɜɟɪɵ Windows Server 2003 ɩɨɞɞɟɪɠɢɜɚɸɬ ɞɢɧɚɦɢɱɟɫɤɭɸ ɫɥɭɠɛɭ DNS. ɉɨ ɭɦɨɥɱɚɧɢɸ ɜɫɟ ɤɥɢɟɧɬɵ Windows 2000 ɢ Windows XP Professional, ɚ ɬɚɤɠɟ Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition ɢ Windows Server 2003, Datacenter Edition ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɨɛɧɨɜɥɹɸɬ ɫɜɨɢ ɡɚɩɢɫɢ ɪɟɫɭɪɫɨɜ ɜ DNS. Windows 2000 ɢ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ Windows Server 2003 ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɪɟɝɢɫɬɪɢɪɭɸɬ SRV-ɡɚɩɢɫɢ ɧɚ DNS-ɫɟɪɜɟɪɚɯ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɩɨɢɫɤɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. DNS-ɫɟɪɜɟɪɵ Windows Server 2003 ɛɭɞɭɬ
ɬɚɤɠɟ ɩɪɢɧɢɦɚɬɶ ɞɢɧɚɦɢɱɟɫɤɭɸ ɪɟɝɢɫɬɪɚɰɢɸ ɡɚɩɢɫɟɣ ɫ ɫɟɪɜɟɪɨɜ ɞɢɧɚɦɢɱɟɫɤɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɯɨɫɬɨɜ (DHCP). DHCP-ɫɟɪɜɟɪ Windows Server 2003 ɦɨɠɟɬ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶɫɹ ɞɥɹ ɚɜɬɨɦɚɬɢɱɟɫɤɨɝɨ ɨɛɧɨɜɥɟɧɢɹ DNS-ɡɚɩɢɫɟɣ ɞɥɹ ɥɸɛɨɝɨ ɢɡ ɟɝɨ ɤɥɢɟɧɬɨɜ, ɜɤɥɸɱɚɹ Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows Me ɢɥɢ Microsoft Windows NT. Ɉɞɧɚ ɢɡ ɩɪɨɛɥɟɦ ɞɢɧɚɦɢɱɟɫɤɨɣ ɫɢɫɬɟɦɵ DNS ɫɜɹɡɚɧɚ ɫ ɛɟɡɨɩɚɫɧɨɫɬɶɸ. Ȼɟɡ ɤɚɤɨɝɨ-ɥɢɛɨ ɤɨɧɬɪɨɥɹ ɧɚɞ ɬɟɦ, ɤɨɦɭ ɩɨɡɜɨɥɟɧɨ ɨɛɧɨɜɥɹɬɶ ɡɚɩɢɫɢ ɪɟɫɭɪɫɨɜ DNS, ɥɸɛɨɣ, ɢɦɟɸɳɢɣ ɞɨɫɬɭɩ ɤ ɜɚɲɟɣ ɫɟɬɢ, ɩɨɬɟɧɰɢɚɥɶɧɨ ɦɨɠɟɬ ɫɨɡɞɚɬɶ ɡɚɩɢɫɶ ɪɟɫɭɪɫɚ ɜ ɜɚɲɢɯ ɡɨɧɧɵɯ ɮɚɣɥɚɯ DNS, ɚ ɡɚɬɟɦ ɢɫɩɨɥɶɡɨɜɚɬɶ ɷɬɭ ɡɚɩɢɫɶ ɞɥɹ ɩɟɪɟɚɞɪɟɫɚɰɢɢ ɫɟɬɟɜɨɝɨ ɬɪɚɮɢɤɚ. ɑɬɨɛɵ ɪɟɲɢɬɶ ɷɬɭ ɩɪɨɛɥɟɦɭ ɜ ɫɢɫɬɟɦɟ DNS Windows Server 2003 ɫɭɳɟɫɬɜɭɸɬ . Ȼɟɡɨɩɚɫɧɵɟ ɨɛɧɨɜɥɟɧɢɹ ɢɦɟɸɬɫɹ ɬɨɥɶɤɨ ɜ ɢɧɬɟɝɪɢɪɨɜɚɧɧɵɯ ɡɨɧɚɯ Active Directory. ɋ ɩɨɦɨɳɶɸ ɛɟɡɨɩɚɫɧɵɯ ɨɛɧɨɜɥɟɧɢɣ ɜɵ ɦɨɠɟɬɟ ɭɩɪɚɜɥɹɬɶ ɬɟɦ, ɤɨɦɭ ɞɚɟɬɫɹ ɩɪɚɜɨ ɪɟɝɢɫɬɪɢɪɨɜɚɬɶ ɢ ɨɛɧɨɜɥɹɬɶ DNS-ɡɚɩɢɫɢ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɱɥɟɧɵ ɝɪɭɩɩɵ Authenticated Users (ɍɩɨɥɧɨɦɨɱɟɧɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ) ɢɦɟɸɬ ɩɪɚɜɨ ɨɛɧɨɜɥɹɬɶ ɫɜɨɢ ɡɚɩɢɫɢ ɜ ɫɢɫɬɟɦɟ DNS. ȼɵ ɦɨɠɟɬɟ ɢɡɦɟɧɢɬɶ ɷɬɨ, ɢɡɦɟɧɹɹ ɫɩɢɫɨɤ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ ACL (ACL - Access Control List) ɞɥɹ DNS-ɡɨɧɵ. Ⱦɢɧɚɦɢɱɟɫɤɚɹ ɫɢɫɬɟɦɚ DNS ɭɦɟɧɶɲɚɟɬ ɨɛɴɟɦ ɪɚɛɨɬɵ, ɤɨɬɨɪɵɣ ɞɨɥɠɟɧ ɞɟɥɚɬɶ ɚɞɦɢɧɢɫɬɪɚɬɨɪ DNS. Ⱦɚɥɟɟ ɜɵ ɭɡɧɚɟɬɟ, ɱɬɨ Active Directory Windows Server 2003 ɬɪɟɛɭɟɬ ɩɪɢɫɭɬɫɬɜɢɹ SRV-ɡɚɩɢɫɢ ɤɚɠɞɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɡɨɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ, ɩɨɷɬɨɦɭ ɩɨɞɞɟɪɠɤɚ ɞɢɧɚɦɢɱɟɫɤɢɯ ɨɛɧɨɜɥɟɧɢɣ ɹɜɥɹɟɬɫɹ ɜɚɠɧɵɦ ɫɜɨɣɫɬɜɨɦ DNS-ɫɢɫɬɟɦɵ Windows Server 2003.
DNS
Active Directory Windows Server 2003
Active Directory ɧɟ ɫɦɨɠɟɬ ɮɭɧɤɰɢɨɧɢɪɨɜɚɬɶ ɛɟɡ ɧɚɞɟɠɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ DNS. Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɧɟ ɫɦɨɝɭɬ ɧɚɯɨɞɢɬɶ ɞɪɭɝ ɞɪɭɝɚ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɞɨɦɟɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ, ɤɥɢɟɧɬɵ ɫ ɫɢɫɬɟɦɚɦɢ Windows 2000 ɢ Windows XP Professional ɛɭɞɭɬ ɨɱɟɧɶ ɦɟɞɥɟɧɧɨ ɢɫɤɚɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɞɥɹ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. Ȼɟɡ ɧɚɞɟɠɧɨɣ DNS ɥɸɛɵɟ ɞɪɭɝɢɟ ɫɥɭɠɛɵ, ɤɨɬɨɪɵɦ ɬɪɟɛɭɟɬɫɹ Active Directory, ɧɟ ɫɦɨɝɭɬ ɪɚɛɨɬɚɬɶ. ɇɚɩɪɢɦɟɪ, Exchange Server 2000 ɯɪɚɧɢɬ ɜɫɸ ɫɜɨɸ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɜ Active Directory, ɩɨɷɬɨɦɭ ɟɫɥɢ ɫɟɪɜɟɪɵ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɟɬɫɹ Exchange Server 2000, ɧɟ ɫɦɨɝɭɬ ɧɚɣɬɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɪɢ ɡɚɩɭɫɤɟ, ɨɧɢ ɧɟ ɫɦɨɝɭɬ ɡɚɩɭɫɬɢɬɶ ɛɨɥɶɲɢɧɫɬɜɨ ɫɥɭɠɛ Exchange Server 2000.
С . Windows NT
, DNS NetBIOS,
Internet Naming Service) Server 2003 WINS.
DNS Locator
Windows 95, Windows 98, Windows Me Windows Server 2003. Windows (WINS - Windows NetBIOS IP. Windows , NetBIOS
ɋɥɭɠɛɚ DNS Locator (ɍɤɚɡɚɬɟɥɶ DNS) ɨɱɟɧɶ ɜɚɠɧɚ ɞɥɹ Active Directory, ɩɨɬɨɦɭ ɱɬɨ DNS ɨɛɟɫɩɟɱɢɜɚɟɬ ɢɧɮɨɪɦɚɰɢɸ, ɤɨɬɨɪɚɹ ɧɟɨɛɯɨɞɢɦɚ ɤɥɢɟɧɬɚɦ ɞɥɹ ɩɨɢɫɤɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɫɟɬɢ. Ⱦɚɥɟɟ ɞɟɬɚɥɶɧɨ ɪɚɫɫɦɚɬɪɢɜɚɟɬɫɹ ɩɪɨɰɟɫɫ, ɤɨɬɨɪɵɦ ɩɨɥɶɡɭɟɬɫɹ ɤɥɢɟɧɬ ɞɥɹ ɩɨɢɫɤɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. . Windows NT NetBIOS. NetBIOS Domainname WINS. , , . , . SRV Windows Server 2003 ,
Windows 2000 Windows XP Professional. Windows Server 2003.
SRV
DNS,
Active
Directory
ɑɬɨɛɵ ɨɛɥɟɝɱɢɬɶ ɧɚɯɨɠɞɟɧɢɟ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, Active Directory ɢɫɩɨɥɶɡɭɟɬ ɭɤɚɡɚɬɟɥɶ ɫɥɭɠɛ (service locator) ɢɥɢ ɡɚɩɢɫɢ SRV. Ɂɚɩɢɫɢ SRV - ɷɬɨ ɧɨɜɵɣ ɬɢɩ DNS-ɡɚɩɢɫɢ, ɨɩɢɫɚɧɧɵɣ ɜ ɞɨɤɭɦɟɧɬɟ RFC 2782, ɨɧ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɢɞɟɧɬɢɮɢɤɚɰɢɢ ɭɫɥɭɝ ɜ TCP/IP-ɫɟɬɢ. ɇɚ ɩɪɢɦɟɪɟ ɨɞɧɨɣ ɢɡ ɡɚɩɢɫɟɣ, ɢɫɩɨɥɶɡɭɟɦɵɯ ɫɥɭɠɛɨɣ Active Directory, ɩɨɤɚɡɚɧɨ, ɤɚɤ ɤɚɠɞɚɹ ɡɚɩɢɫɶ SRV ɢɫɩɨɥɶɡɭɟɬ ɫɬɚɧɞɚɪɬɧɵɣ ɮɨɪɦɚɬ (ɫɦ. ɬɚɛɥ. 3-2). _ldap._tcp.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com . 3-2. Ʉɨɦɩɨɧɟɧɬ
ɉɪɢɦɟɪ
Ɉɛɴɹɫɧɟɧɢɟ
SRV
ɋɥɭɠɛɚ
_ldap
ɋɥɭɠɛɚ, ɤɨɬɨɪɭɸ ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ ɡɚɩɢɫɶ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɥɭɠɛɵ ɜɤɥɸɱɚɸɬ _kerberos, _kpassword ɢ _gc.
ɉɪɨɬɨɤɨɥ
_tcp
ɂɦɹ
contoso.com
ɉɪɨɬɨɤɨɥ, ɢɫɩɨɥɶɡɭɟɦɵɣ ɞɥɹ ɷɬɨɣ ɫɥɭɠɛɵ. Ɇɨɠɟɬ ɛɵɬɶ ɩɪɨɬɨɤɨɥɨɦ TCP ɢɥɢ ɩɪɨɬɨɤɨɥɨɦ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɞɚɬɚɝɪɚɦɦ (UDP). ɂɦɹ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɣ ɫɫɵɥɚɟɬɫɹ ɡɚɩɢɫɶ.
ȼɪɟɦɹ ɠɢɡɧɢ (TTL - Time to Live) Ʉɥɚɫɫ Ɂɚɩɢɫɶ ɪɟɫɭɪɫɚ ɉɪɢɨɪɢɬɟɬ
600
Ɂɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ «ɜɪɟɦɹ ɠɢɡɧɢ» ɡɚɩɢɫɢ (ɜ ɫɟɤɭɧɞɚɯ).
IN SRV
ɋɬɚɧɞɚɪɬɧɵɣ DNS-ɤɥɚɫɫ ɢɧɬɟɪɧɟɬɚ. ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɡɚɩɢɫɶ ɤɚɤ ɡɚɩɢɫɶ SRV.
0
ȼɟɫ
100
ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɩɪɢɨɪɢɬɟɬ ɡɚɩɢɫɢ ɞɥɹ ɤɥɢɟɧɬɚ. ȿɫɥɢ ɫɭɳɟɫɬɜɭɟɬ ɧɟɫɤɨɥɶɤɨ SRVɡɚɩɢɫɟɣ ɞɥɹ ɨɞɧɨɣ ɢ ɬɨɣ ɠɟ ɫɥɭɠɛɵ, ɤɥɢɟɧɬɵ ɛɭɞɭɬ ɫɧɚɱɚɥɚ ɩɵɬɚɬɶɫɹ ɫɨɟɞɢɧɢɬɶɫɹ ɫ ɫɟɪɜɟɪɨɦ, ɢɦɟɸɳɢɦ ɫɚɦɵɣ ɧɢɡɤɢɣ ɩɪɢɨɪɢɬɟɬ. Ɇɟɯɚɧɢɡɦ ɛɚɥɚɧɫɢɪɨɜɤɢ ɧɚɝɪɭɡɤɢ. ȿɫɥɢ ɫɭɳɟɫɬɜɭɟɬ ɧɟɫɤɨɥɶɤɨ SRV-ɡɚɩɢɫɟɣ ɞɥɹ ɨɞɧɨɣ ɢ ɬɨɣ ɠɟ ɫɥɭɠɛɵ, ɢ ɩɪɢɨɪɢɬɟɬ ɜɫɟɯ ɡɚɩɢɫɟɣ ɨɞɢɧɚɤɨɜ, ɤɥɢɟɧɬɵ ɱɚɳɟ ɜɵɛɢɪɚɸɬ ɡɚɩɢɫɢ ɫ ɛɨɥɟɟ ɜɵɫɨɤɢɦɢ ɜɟɫɚɦɢ.
ɉɨɪɬ Ⱥɞɪɟɫɚɬ
389
ɉɨɪɬ, ɢɫɩɨɥɶɡɭɟɦɵɣ ɷɬɨɣ ɫɥɭɠɛɨɣ. dc2.contoso.co ɏɨɫɬ, ɤɨɬɨɪɵɣ ɨɛɟɫɩɟɱɢɜɚɟɬ ɫɥɭɠɛɭ, m ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɧɧɭɸ ɡɚɩɢɫɶɸ.
ɉɨ ɫɭɬɢ, ɢɧɮɨɪɦɚɰɢɹ ɜ ɷɬɨɣ ɡɚɩɢɫɢ ɝɨɜɨɪɢɬ, ɱɬɨ ɟɫɥɢ ɤɥɢɟɧɬ ɢɳɟɬ ɫɟɪɜɟɪ ɨɛɥɟɝɱɟɧɧɨɝɨ ɩɪɨɬɨɤɨɥɚ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɨɜ (LDAP) ɜ ɞɨɦɟɧɟ Contoso.com, ɨɧ ɞɨɥɠɟɧ ɫɨɟɞɢɧɢɬɶɫɹ ɫ dc2.contoso.com. Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ Windows Server 2003 ɪɟɝɢɫɬɪɢɪɭɸɬ ɦɧɨɝɨ SRV-ɡɚɩɢɫɟɣ ɜ ɫɢɫɬɟɦɟ DNS. ɋɥɟɞɭɸɳɢɣ ɫɩɢɫɨɤ ɜɤɥɸɱɚɟɬ ɜɫɟ ɡɚɩɢɫɢ, ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɵɟ ɩɟɪɜɵɦ ɫɟɪɜɟɪɨɦ ɥɟɫɚ. contoso.com. 600 IN A 192.168.1.201 _ldap._tcp.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com. _ldap._tcp.Default-First-Site-Name._sites.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com. _ldap._tcp.pdc._msdcs.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com. _ldap._tcp.gc._msdcs.contoso.com. 600 IN SRVO 100 3268 dc2.contoso.com. _ldap._tcp. Default-First-Site-Name._sites._gc._msdcs.contoso.com. 600 IN SRV 0
100 3268 dc2.contoso.com. _ldap._tcp.64c228cd-5f07-4606-b843-d4fd114264b7.domains._msdcs.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com. gc._msdcs.contoso.com. 600 IN A 192.168.1.201 175170ad-0263-439f-bb4c-89eacc410ab1._msdcs.contoso.com. 600 IN CNAME dc2.contoso.com. _kerberos._tcp.dc._msdcs.contoso.com. 600 IN SRVO 100 88 dc2.contoso.com. _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.contoso.com. 600 IN SRV 0 100 88 dc2.contoso.com. _ldap._tcp.dc._msdcs.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com. _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com. _kerberos._tcp.contoso.com. 600 IN SRV 0 100 88 dc2.contoso.com. _kerberos._tcp.Default-First-Site-Name._sites.contoso.com. 600 IN SRV 0 100 88 dc2.contoso.com. _gc._tcp.contoso.com. 600 IN SRV 0 100 3268 dc2.contoso.com. _gc._tcp.Default-First-Site-Name._sites.contoso.com. 600 IN SRVO 100 3268 dl2.contoso.com. _kerberos._udp.contoso.com. 600 IN SRV 0 100 88 dc2.contoso.com. _kpasswd._tcp.contoso.com. 600 IN SRV 0 100 464 dc2.contoso.com. _kpasswd._udp.contoso.com. 600 IN SRV 0 100 464 dc2.contoso.com. DomainDnsZones.contoso.com. 600 IN A 192.168.1.201 _ldap._tcp.DomainDnsZones.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com. _ldap._lcp.Default-First-Site-Name._sites.DomainDnsZones.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com. ForestDnsZones.contoso.com. 600 IN A 192.168.1.201 _ldap._tcp.ForestDnsZones.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com. _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.contoso.com. 600 IN SRV 0 100 389 dc2.contoso.com.
. Netlogon.dns, system32\config.
Windows Server 2003, %systemroot%\ DNS,
DNS. ɉɟɪɜɚɹ ɱɚɫɬɶ SRV-ɡɚɩɢɫɢ ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ ɫɥɭɠɛɭ, ɧɚ ɤɨɬɨɪɭɸ ɭɤɚɡɵɜɚɟɬ ɡɚɩɢɫɶ SRV. ɋɭɳɟɫɬɜɭɸɬ ɫɥɟɞɭɸɳɢɟ ɫɥɭɠɛɵ: • _ldap Active Directory ɹɜɥɹɟɬɫɹ ɫɥɭɠɛɨɣ ɤɚɬɚɥɨɝɚ, ɫɨɜɦɟɫɬɢɦɨɣ ɫ LDAP-ɩɪɨɬɨɤɨɥɨɦ, ɫ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ, ɮɭɧɤɰɢɨɧɢɪɭɸɳɢɦɢ ɤɚɤ LDAP-ɫɟɪɜɟɪɵ. Ɂɚɩɢɫɢ _ldap SRV ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ LDAP ɫɟɪɜɟɪɵ, ɢɦɟɸɳɢɟɫɹ ɜ ɫɟɬɢ. ɗɬɢ ɫɟɪɜɟɪɵ ɦɨɝɭɬ ɛɵɬɶ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ Windows Server 2003 ɢɥɢ ɞɪɭɝɢɦɢ LDAP-ɫɟɪɜɟɪɚɦɢ; • _kerberos - ɨɫɧɨɜɧɨɣ ɨɩɨɡɧɚɜɚɬɟɥɶɧɵɣ ɩɪɨɬɨɤɨɥ ɞɥɹ ɜɫɟɯ ɤɥɢɟɧɬɨɜ Windows 2000 ɢ Windows XP Professional. SRV-ɡɚɩɢɫɢ _kerberos ɢɞɟɧɬɢɮɢɰɢɪɭɸɬ ɜɫɟ ɤɥɸɱɟɜɵɟ ɰɟɧɬɪɵ ɪɚɫɩɪɟɞɟɥɟɧɢɹ (KDC - Key Distribution Centers) ɜ ɫɟɬɢ. Ɉɧɢ ɦɨɝɭɬ ɛɵɬɶ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɫ Windows Server 2003 ɢɥɢ ɞɪɭɝɢɦɢ KDC-ɫɟɪɜɟɪɚɦɢ; • _kpassword — ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ ɫɟɪɜɟɪɵ ɢɡɦɟɧɟɧɢɹ ɩɚɪɨɥɟɣ kerberos ɜ ɫɟɬɢ (ɷɬɨ ɢɥɢ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫ Windows Server 2003 ɢɥɢ ɫ ɞɪɭɝɢɦɢ ɫɢɫɬɟɦɚɦɢ ɢɡɦɟɧɟɧɢɹ ɩɚɪɨɥɹ kerberos); • _gc - ɫɩɟɰɢɮɢɱɟɫɤɚɹ ɡɚɩɢɫɶ, ɨɬɧɨɫɹɳɚɹɫɹ ɤ ɮɭɧɤɰɢɢ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ ɜ Active Directory. ɋɟɪɜɟɪ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ ɜɵɩɨɥɧɹɟɬ ɦɧɨɠɟɫɬɜɨ ɜɚɠɧɵɯ ɮɭɧɤɰɢɣ ɜ Active Directory. Ɇɧɨɝɢɟ ɢɡ SRV-ɡɚɩɢɫɟɣ ɫɨɞɟɪɠɚɬ ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɫɚɣɬɚ ɜ ɞɨɩɨɥɧɟɧɢɟ ɤ ɤɨɦɩɨɧɟɧɬɚɦ, ɩɟɪɟɱɢɫɥɟɧɧɵɦ ɜ ɬɚɛɥɢɰɟ 3-2. ɋɚɣɬ ɢɫɩɨɥɶɡɭɟɬɫɹ ɜ Active Directory ɞɥɹ ɢɞɟɧɬɢɮɢɤɚɰɢɢ ɨɞɧɨɣ ɢɥɢ ɛɨɥɟɟ IP-ɩɨɞɫɟɬɟɣ, ɤɨɬɨɪɵɟ ɫɜɹɡɚɧɵ ɱɟɪɟɡ ɜɵɫɨɤɨɫɤɨɪɨɫɬɧɵɟ ɫɟɬɟɜɵɟ ɩɨɞɤɥɸɱɟɧɢɹ. Ɉɞɧɨ ɢɡ ɩɪɟɢɦɭɳɟɫɬɜ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɫɚɣɬɨɜ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɫɟɬɟɜɵɟ ɤɥɢɟɧɬɵ ɜɫɟɝɞɚ ɛɭɞɭɬ ɩɪɨɛɨɜɚɬɶ ɜɨɣɬɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɧɚɯɨɞɢɬɫɹ ɧɚ ɬɨɦ ɠɟ ɫɚɦɨɦ ɫɚɣɬɟ, ɱɬɨ ɢ ɤɥɢɟɧɬ. Ɂɚɩɢɫɢ ɫɚɣɬɚ ɧɭɠɧɵ ɤɨɦɩɶɸɬɟɪɚɦ ɞɥɹ ɩɨɢɫɤɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɜ ɬɨɦ ɠɟ ɫɚɦɨɦ ɫɚɣɬɟ, ɝɞɟ ɧɚɯɨɞɢɬɫɹ ɤɥɢɟɧɬ. ɉɨɞɪɨɛɧɨɫɬɢ ɦɟɯɚɧɢɡɦɚ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬɫɹ ɤɥɢɟɧɬɨɦ ɞɥɹ ɩɨɢɫɤɚ ɢɧɮɨɪɦɚɰɢɢ, ɤɚɫɚɸɳɟɣɫɹ ɫɚɣɬɚ, ɨɛɫɭɠɞɚɸɬɫɹ ɜ ɫɥɟɞɭɸɳɟɦ ɪɚɡɞɟɥɟ. Ⱦɪɭɝɢɦ ɧɟɨɛɯɨɞɢɦɵɦ ɤɨɦɩɨɧɟɧɬɨɦ SRV-ɡɚɩɢɫɟɣ ɹɜɥɹɟɬɫɹ ɡɧɚɱɟɧɢɟ _msdcs, ɤɨɬɨɪɨɟ ɢɦɟɟɬɫɹ ɜɨ ɦɧɨɝɢɯ ɡɚɩɢɫɹɯ. ɇɟɤɨɬɨɪɵɟ ɫɥɭɠɛɵ, ɩɪɟɞɭɫɦɨɬɪɟɧɧɵɟ ɡɚɩɢɫɹɦɢ SRV, ɧɟ ɨɬɧɨɫɹɬɫɹ ɤ ɫɥɭɠɛɚɦ, ɪɚɡɪɚɛɨɬɚɧɧɵɦ ɤɨɦɩɚɧɢɟɣ Microsoft. ɇɚɩɪɢɦɟɪ, ɦɨɝɭɬ ɜɫɬɪɟɬɢɬɶɫɹ LDAP ɢɥɢ kerberos-cep-ɜɟɪɵ ɜ ɪɟɚɥɢɡɚɰɢɹɯ, ɧɟ ɩɪɢɧɚɞɥɟɠɚɳɢɯ Microsoft. ɗɬɢ ɫɟɪɜɟɪɵ ɬɚɤɠɟ ɦɨɝɭɬ ɪɟɝɢɫɬɪɢɪɨɜɚɬɶ ɡɚɩɢɫɢ SRV ɧɚ ɫɟɪɜɟɪɟ DNS. Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫ Windows Server 2003 ɪɟɝɢɫɬɪɢɪɭɸɬ ɤɚɤ ɨɫɧɨɜɧɵɟ (generic)
ɡɚɩɢɫɢ (ɧɚɩɪɢɦɟɪ, _ldap._tcp.contoso.com), ɬɚɤ ɢ ɡɚɩɢɫɢ, ɫɨɞɟɪɠɚɳɢɟ ɫɫɵɥɤɭ ɧɚ _msdcs. Ɉɧɢ ɫɫɵɥɚɸɬɫɹ ɬɨɥɶɤɨ ɧɚ ɪɨɥɢ, ɨɩɪɟɞɟɥɟɧɧɵɟ ɩɪɨɞɭɤɬɚɦɢ Microsoft, ɬ.ɟ. ɧɚ Windows Server 2003 ɢɥɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ Windows 2000. Ɂɚɩɢɫɢ ɢɞɟɧɬɢɮɢɰɢɪɭɸɬ ɨɫɧɨɜɧɭɸ ɮɭɧɤɰɢɸ ɤɚɠɞɨɝɨ ɫɟɪɜɟɪɚ: gc (ɝɥɨɛɚɥɶɧɵɣ ɤɚɬɚɥɨɝ), dc (ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ) ɢɥɢ pdc (ɨɫɧɨɜɧɨɣ ɷɦɭɥɹɬɨɪ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ). Ⱦɪɭɝɚɹ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɚɹ ɡɚɩɢɫɶ ɫɨɞɟɪɠɢɬ ɝɥɨɛɚɥɶɧɵɣ ɭɧɢɤɚɥɶɧɵɣ ɢɞɟɧɬɢɮɢɤɚɬɨɪ (GUID globally unique identifier) ɞɨɦɟɧɚ. Ɂɚɩɢɫɶ GUID ɞɨɦɟɧɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɨɢɫɤɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɫɥɭɱɚɟ ɟɝɨ ɩɟɪɟɢɦɟɧɨɜɚɧɢɹ. . , ForestDnsZones DomainDnsZones. « » .
Active Directory
Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɟɬɫɹ Windows Server 2003, ɪɟɝɢɫɬɪɢɪɭɸɬ ɧɟɤɨɬɨɪɵɟ (ɢɥɢ ɜɫɟ) ɡɚɩɢɫɢ, ɨɩɢɫɚɧɧɵɟ ɜɵɲɟ. ɗɬɢ ɡɚɩɢɫɢ ɢɝɪɚɸɬ ɜɚɠɧɭɸ ɪɨɥɶ, ɤɨɝɞɚ ɤɥɢɟɧɬ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ ɫɢɫɬɟɦɚ Windows 2000 ɢɥɢ Windows XP Professional, ɩɵɬɚɟɬɫɹ ɜɨɣɬɢ ɜ ɞɨɦɟɧ. Ⱦɚɥɟɟ ɨɩɢɫɚɧɵ ɞɟɣɫɬɜɢɹ, ɤɨɬɨɪɵɟ ɜɵɩɨɥɧɹɸɬɫɹ ɩɪɢ ɜɯɨɞɟ ɤɥɢɟɧɬɚ ɜ ɞɨɦɟɧ. 1. ȼɨ ɜɪɟɦɹ ɜɯɨɞɚ ɩɨɥɶɡɨɜɚɬɟɥɹ ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɜɵɩɨɥɧɹɟɬ ɭɞɚɥɟɧɧɵɣ ɜɵɡɨɜ ɩɪɨɰɟɞɭɪɵ (RPC) ɡɚɩɪɨɫɚ ɦɟɫɬɧɨɣ ɫɟɬɟɜɨɣ ɫɥɭɠɛɟ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɤɨɬɨɪɚɹ ɢɧɢɰɢɢɪɭɟɬ ɫɟɚɧɫ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. əɜɥɹɹɫɶ ɱɚɫɬɶɸ RPC-ɡɚɩɪɨɫɚ, ɤɥɢɟɧɬ ɩɨɫɵɥɚɟɬ ɬɚɤɭɸ ɢɧɮɨɪɦɚɰɢɸ, ɤɚɤ ɢɦɹ ɤɨɦɩɶɸɬɟɪɚ, ɢɦɹ ɞɨɦɟɧɚ ɢ ɢɦɹ ɫɚɣɬɚ, ɫɥɭɠɛɟ Net Logon (ȼɯɨɞ ɜ ɫɟɬɶ). 2. ɋɥɭɠɛɚ ɜɯɨɞɚ ɜ ɫɟɬɶ ɢɫɩɨɥɶɡɭɟɬ ɫɥɭɠɛɭ ɭɤɚɡɚɬɟɥɹ ɞɨɦɟɧɨɜ (domain locator), ɱɬɨɛɵ ɜɵɡɜɚɬɶ API-ɮɭɧɤɰɢɸ DsGetDcName (), ɩɟɪɟɞɚɸɳɭɸ ɨɞɧɨ ɢɡ ɡɧɚɱɟɧɢɣ ɩɚɪɚɦɟɬɪɚ ɮɥɚɝɚ, ɩɟɪɟɱɢɫɥɟɧɧɵɯ ɜ ɬɚɛɥɢɰɟ 3-3. . 3-3.
DsGetDcName
Ɂɧɚɱɟɧɢɹ ɮɥɚɝɚ DsGetDcName Ɍɪɟɛɭɟɦɚɹ ɡɚɩɢɫɶ DNS DS_PDC_REQUIRED DS_GC_SERVER_REQUIRED
_ldap._tcp.pdc._msdcs.domainname _ldap._tcp.sitename._sites.gc. _msdcs.Forestrootdomainname
DS_KDC_REQUIRED
_kdc._tcp.sitename._sites.dc ._msdcs.domainname
DS_ONLY_LDAP_NEEDED
_ldap._tcp.sitename._sites._ msdcs.domainname
DsGetDcName sitename. DS_PDC_REQUIRED, , . DNS, . , DS_KDC_REQUIRED , _kdc._tcp.dc._msdcs.forestrootdomain. Э , , DNS. DomainGUID DsGetDcName (). _ldap._tcp.domainGUID.domains._msdcs.forestname. Э , . 3. DNS ɫɟɪɜɟɪ ɜɨɡɜɪɚɳɚɟɬ ɡɚɩɪɨɲɟɧɧɵɣ ɫɩɢɫɨɤ ɫɟɪɜɟɪɨɜ, ɪɚɫɫɨɪɬɢɪɨɜɚɧɧɵɣ ɫɨɝɥɚɫɧɨ ɩɪɢɨɪɢɬɟɬɭ ɢ ɜɟɫɭ. Ɂɚɬɟɦ ɤɥɢɟɧɬ ɩɨɫɵɥɚɟɬ LDAP ɡɚɩɪɨɫ, ɢɫɩɨɥɶɡɭɹ UDP-ɩɨɪɬ 389 ɩɨ ɤɚɠɞɨɦɭ ɢɡ ɚɞɪɟɫɨɜ ɡɚɩɢɫɢ ɜ ɬɨɦ ɩɨɪɹɞɤɟ, ɤɚɤ ɨɧɢ ɛɵɥɢ ɜɨɡɜɪɚɳɟɧɵ. ɉɨɫɥɟ ɨɬɫɵɥɤɢ ɤɚɠɞɨɝɨ ɩɚɤɟɬɚ ɤɥɢɟɧɬ ɠɞɟɬ ɜ ɬɟɱɟɧɢɟ 0,1 ɫ, ɟɫɥɢ ɧɢɤɚɤɨɝɨ ɨɬɜɟɬɚ ɧɟ ɩɨɥɭɱɟɧɨ, ɨɧ ɩɨɫɵɥɚɟɬ ɩɚɤɟɬ ɫɥɟɞɭɸɳɟɦɭ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ. Ʉɥɢɟɧɬ ɩɪɨɞɨɥɠɚɟɬ ɷɬɨɬ ɩɪɨɰɟɫɫ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɧɟ ɩɨɥɭɱɢɬ ɞɨɩɭɫɬɢɦɵɣ ɨɬɜɟɬ ɢɥɢ ɧɟ ɩɟɪɟɩɪɨɛɭɟɬ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. 4. Ʉɨɝɞɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɨɬɜɟɬɢɬ ɤɥɢɟɧɬɭ, ɤɥɢɟɧɬ ɩɪɨɜɟɪɹɟɬ ɨɬɜɟɬ, ɱɬɨɛɵ ɭɞɨɫɬɨɜɟɪɢɬɶɫɹ, ɱɬɨ ɨɧ ɫɨɞɟɪɠɢɬ ɡɚɩɪɨɲɟɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ. ȿɫɥɢ ɢɧɮɨɪɦɚɰɢɹ ɢɦɟɟɬɫɹ, ɤɥɢɟɧɬ ɧɚɱɢɧɚɟɬ ɩɪɨɰɟɫɫ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɫ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ʉɥɢɟɧɬ ɤɷɲɢɪɭɟɬ ɢɧɮɨɪɦɚɰɢɸ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɱɬɨɛɵ ɜ ɫɥɟɞɭɸɳɢɣ ɪɚɡ, ɤɨɝɞɚ ɟɦɭ ɩɨɬɪɟɛɭɟɬɫɹ ɨɛɪɚɬɢɬɶɫɹ ɤ Active Directory, ɧɟ ɧɭɠɧɨ ɛɵɥɨ ɫɧɨɜɚ ɩɪɨɯɨɞɢɬɶ ɩɪɨɰɟɫɫ ɨɛɧɚɪɭɠɟɧɢɹ. .
,
,
ɇɚɥɢɱɢɟ ɫɩɟɰɢɮɢɱɟɫɤɢɯ ɞɥɹ ɫɚɣɬɚ ɡɚɩɢɫɟɣ ɜɚɠɧɨ ɞɥɹ ɷɮɮɟɤɬɢɜɧɨɣ ɪɚɛɨɬɵ Active Directory, ɩɨɬɨɦɭ ɱɬɨ ɩɨɥɟ ɞɟɹɬɟɥɶɧɨɫɬɢ ɤɥɢɟɧɬɚ ɨɝɪɚɧɢɱɟɧɨ ɨɩɪɟɞɟɥɟɧɧɵɦ ɫɚɣɬɨɦ. ɇɚɩɪɢɦɟɪ, ɜ ɩɪɨɰɟɫɫɟ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɤɥɢɟɧɬ ɜɫɟɝɞɚ ɩɪɨɛɭɟɬ ɫɨɟɞɢɧɢɬɶɫɹ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɪɚɫɩɨɥɨɠɟɧɧɨɦ ɜ ɫɜɨɟɦ ɫɚɣɬɟ, ɩɪɟɠɞɟ ɱɟɦ ɫɨɟɞɢɧɹɬɶɫɹ ɫ ɥɸɛɵɦɢ ɞɪɭɝɢɦɢ ɫɚɣɬɚɦɢ. Ʉɚɤ ɠɟ ɤɥɢɟɧɬ ɭɡɧɚɟɬ, ɤɚɤɨɦɭ ɫɚɣɬɭ ɨɧ ɩɪɢɧɚɞɥɟɠɢɬ? ɂɧɮɨɪɦɚɰɢɹ ɫɚɣɬɚ ɞɥɹ ɥɟɫɚ ɯɪɚɧɢɬɫɹ ɜ ɪɚɡɞɟɥɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚ-, ɥɨɝɚ ɜ Active Directory, ɨɧɚ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɥɟɫɭ. ɋɩɢɫɨɤ IP-ɩɨɞɫɟɬɟɣ, ɤɨɬɨɪɵɟ ɫɜɹɡɚɧɵ ɫ ɨɩɪɟɞɟɥɟɧɧɵɦ ɫɚɣɬɨɦ, ɜɤɥɸɱɚɟɬɫɹ ɜ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ. Ʉɨɝɞɚ ɤɥɢɟɧɬ ɜɩɟɪɜɵɟ ɜɯɨɞɢɬ ɜ Active Directory, ɩɟɪɜɵɣ ɨɬɜɟɬɢɜɲɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫɪɚɜɧɢɜɚɟɬ IP-ɚɞɪɟɫ ɤɥɢɟɧɬɚ ɫ IP-ɚɞɪɟɫɨɦ ɫɚɣɬɚ. ɑɚɫɬɶ ɨɬɜɟɬɚ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɤɥɢɟɧɬɭ ɫɨɫɬɚɜɥɹɟɬ ɢɧɮɨɪɦɚɰɢɹ ɫɚɣɬɚ, ɤɨɬɨɪɭɸ ɤɥɢɟɧɬ ɡɚɬɟɦ ɤɷɲɢɪɭɟɬ. Ʌɸɛɵɟ ɩɨɫɥɟɞɭɸɳɢɟ ɩɨɩɵɬɤɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɛɭɞɭɬ ɜɤɥɸɱɚɬɶ ɢɧɮɨɪɦɚɰɢɸ ɫɚɣɬɚ ɤɥɢɟɧɬɚ. ȿɫɥɢ ɤɥɢɟɧɬ ɩɟɪɟɦɟɫɬɢɥɫɹ ɦɟɠɞɭ ɫɚɣɬɚɦɢ (ɧɚɩɪɢɦɟɪ, ɩɨɪɬɚɬɢɜɧɵɣ ɤɨɦɩɶɸɬɟɪ ɦɨɠɟɬ ɛɵɬɶ ɩɨɞɫɨɟɞɢɧɟɧ ɤ ɫɟɬɢ ɜ ɞɪɭɝɨɦ ɝɨɪɨɞɟ), ɨɧ ɜɫɟ ɟɳɟ ɩɨɫɵɥɚɟɬ ɢɧɮɨɪɦɚɰɢɸ ɫɚɣɬɚ ɤɚɤ ɱɚɫɬɶ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. DNS-ɫɟɪɜɟɪ ɨɬɜɟɬɢɬ ɫ ɡɚɩɢɫɶɸ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɧɚɯɨɞɢɬɫɹ ɜ ɡɚɩɪɚɲɢɜɚɟɦɨɦ ɫɚɣɬɟ. Ɉɞɧɚɤɨ ɟɫɥɢ ɧɚ ɨɫɧɨɜɟ ɧɨɜɨɝɨ IP-ɚɞɪɟɫɚ ɤɥɢɟɧɬɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɪɟɲɢɬ, ɱɬɨ ɤɥɢɟɧɬ ɧɟ ɧɚɯɨɞɢɬɫɹ ɧɚ ɩɟɪɜɨɧɚɱɚɥɶɧɨɦ ɫɚɣɬɟ, ɨɧ ɩɨɲɥɟɬ ɧɨɜɭɸ ɢɧɮɨɪɦɚɰɢɸ ɫɚɣɬɚ ɤɥɢɟɧɬɭ. Ɂɚɬɟɦ ɤɥɢɟɧɬ ɜɵɩɨɥɧɢɬ ɤɷɲɢɪɨɜɚɧɢɟ ɧɨɜɨɣ ɢɧɮɨɪɦɚɰɢɢ ɢ ɩɨɩɵɬɚɟɬɫɹ ɧɚɣɬɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɩɪɚɜɢɥɶɧɨɣ ɩɨɞɫɟɬɢ. ȿɫɥɢ ɤɥɢɟɧɬ ɧɟ ɧɚɯɨɞɢɬɫɹ ɧɢ ɜ ɨɞɧɨɦ ɢɡ ɫɚɣɬɨɜ, ɤɨɬɨɪɵɟ ɨɩɪɟɞɟɥɟɧɵ ɜ Active Directory, ɬɨ ɨɧ ɧɟ ɫɦɨɠɟɬ ɜɵɩɨɥɧɹɬɶ ɡɚɩɪɨɫɵ ɧɚ ɫɩɟɰɢɮɢɱɟɫɤɭɸ ɞɥɹ ɫɚɣɬɚ ɢɧɮɨɪɦɚɰɢɸ ɨ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ.
Active Directory
Ɉɞɧɨ ɢɡ ɫɚɦɵɯ ɛɨɥɶɲɢɯ ɩɪɟɢɦɭɳɟɫɬɜ ɜɵɩɨɥɧɟɧɢɹ DNS ɜ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɟ Windows Server 2003 ɡɚɤɥɸɱɚɟɬɫɹ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɢɧɬɟɝɪɢɪɨɜɚɧɧɵɯ ɡɨɧ (integrated zones) Active Directory. ɂɧɬɟɝɪɢɪɨɜɚɧɧɵɟ ɡɨɧɵ Active Directory ɞɚɸɬ ɦɧɨɠɟɫɬɜɨ ɩɪɟɢɦɭɳɟɫɬɜ. • Ɂɨɧɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɛɨɥɶɲɟ ɧɟ ɯɪɚɧɢɬɫɹ ɜ ɡɨɧɧɵɯ ɮɚɣɥɚɯ ɧɚ ɠɟɫɬɤɨɦ ɞɢɫɤɟ DNS-ɫɟɪɜɟɪɚ, ɨɧɚ ɯɪɚɧɢɬɫɹ ɜ ɛɚɡɟ ɞɚɧɧɵɯ Active Directory. ɗɬɨ ɨɛɟɫɩɟɱɢɜɚɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɭɸ ɡɚɳɢɬɭ. • ɉɪɨɰɟɫɫ ɡɨɧɧɨɣ ɩɟɪɟɞɚɱɢ ɡɚɦɟɧɟɧ ɪɟɩɥɢɤɚɰɢɟɣ Active Directory. ɉɨɫɤɨɥɶɤɭ ɡɨɧɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɯɪɚɧɢɬɫɹ ɜ Active Directory, ɬɨ ɞɚɧɧɵɟ ɤɨɩɢɪɭɸɬɫɹ ɱɟɪɟɡ ɧɨɪɦɚɥɶɧɵɣ ɩɪɨɰɟɫɫ ɪɟɩɥɢɤɚɰɢɢ Active Directory. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɪɟɩɥɢɤɚɰɢɹ ɩɪɨɢɫɯɨɞɢɬ ɧɚ ɭɪɨɜɧɟ ɚɬɪɢɛɭɬɨɜ ɬɚɤ, ɱɬɨ ɤɨɩɢɪɭɸɬɫɹ ɬɨɥɶɤɨ ɢɡɦɟɧɟɧɢɹ ɡɨɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ. Ɍɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɦɨɠɧɨ ɫɢɥɶɧɨ ɫɠɚɬɶ, ɭɜɟɥɢɱɢɜ ɩɪɨɩɭɫɤɧɭɸ ɫɩɨɫɨɛɧɨɫɬɶ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɢɧɬɟɝɪɢɪɨɜɚɧɧɨɣ ɡɨɧɵ Active Directory ɞɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɢɫɩɨɥɶɡɨɜɚɬɶ ɪɚɡɞɟɥɵ ɩɪɢɥɨɠɟɧɢɣ ɞɥɹ ɬɨɧɤɨɣ ɧɚɫɬɪɨɣɤɢ ɪɟɩɥɢɤɚɰɢɢ ɢɧɮɨɪɦɚɰɢɢ DNS. • ɂɧɬɟɝɪɢɪɨɜɚɧɧɵɟ ɡɨɧɵ ɞɚɸɬ ɜɨɡɦɨɠɧɨɫɬɶ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ DNS-ɫɟɪɜɟɪɚ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɯɨɡɹɟɜɚɦɢ. Ȼɟɡ Active Directory DNS ɦɨɠɟɬ ɩɨɞɞɟɪɠɢɜɚɬɶ ɬɨɥɶɤɨ ɨɞɢɧ ɨɫɧɨɜɧɨɣ ɫɟɪɜɟɪ ɢɦɟɧ ɞɥɹ ɤɚɠɞɨɝɨ ɞɨɦɟɧɚ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɫɟ ɢɡɦɟɧɟɧɢɹ ɜ ɡɨɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɞɨɥɠɧɵ ɛɵɬɶ ɫɞɟɥɚɧɵ ɧɚ ɨɫɧɨɜɧɨɦ ɫɟɪɜɟɪɟ ɢɦɟɧ, ɚ ɡɚɬɟɦ ɩɟɪɟɞɚɧɵ ɧɚ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɟɪɜɟɪɵ ɢɦɟɧ. ɋ ɢɧɬɟɝɪɢɪɨɜɚɧɧɵɦɢ ɡɨɧɚɦɢ Active Directory ɤɚɠɞɵɣ DNS-ɫɟɪɜɟɪ ɢɦɟɟɬ ɩɟɪɟɡɚɩɢɫɵɜɚɟɦɭɸ ɤɨɩɢɸ ɞɨɦɟɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ, ɬɚɤ ɱɬɨ ɢɡɦɟɧɟɧɢɹ ɡɨɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɦɨɝɭɬ ɛɵɬɶ ɫɞɟɥɚɧɵ ɜ ɥɸɛɨɦ ɦɟɫɬɟ ɜ ɨɪɝɚɧɢɡɚɰɢɢ. ɂɧɮɨɪɦɚɰɢɹ ɡɚɬɟɦ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɞɪɭɝɢɟ ɫɟɪɜɟɪɵ DNS. ɂɧɬɟɝɪɢɪɨɜɚɧɧɵɟ ɡɨɧɵ ɩɪɟɞɥɚɝɚɸɬ ɨɩɰɢɸ ɛɟɡɨɩɚɫɧɵɯ ɨɛɧɨɜɥɟɧɢɣ. ȿɫɥɢ ɡɨɧɚ ɹɜɥɹɟɬɫɹ ɢɧɬɟɝɪɢɪɨɜɚɧɧɨɣ ɡɨɧɨɣ Active Directory, ɜɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɟɟ ɬɚɤ, ɱɬɨɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɬɨɥɶɤɨ ɛɟɡɨɩɚɫɧɵɟ ɨɛɧɨɜɥɟɧɢɹ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɵ ɢɦɟɟɬɟ ɛɨɥɶɲɟ ɤɨɧɬɪɨɥɹ ɧɚɞ ɬɟɦ, ɤɚɤɢɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ ɨɛɧɨɜɥɹɸɬ ɡɚɩɢɫɢ ɪɟɫɭɪɫɨɜ ɜ Active Directory. ɋɚɦɵɦ ɛɨɥɶɲɢɦ ɧɟɞɨɫɬɚɬɤɨɦ ɢɧɬɟɝɪɢɪɨɜɚɧɧɨɣ ɡɨɧɵ Active Directory ɹɜɥɹɟɬɫɹ ɧɟɨɛɯɨɞɢɦɨɫɬɶ ɭɫɬɚɧɨɜɤɢ DNS ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ Windows Server 2003, ɱɬɨ ɫɨɡɞɚɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɭɸ ɧɚɝɪɭɡɤɭ ɧɚ ɧɟɝɨ. С . Active Directory . , , . DNS, DNS , Windows Server 2003, DNS.
Active Directory. Ʉɨɝɞɚ ɡɨɧɚ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ ɤɚɤ ɢɧɬɟɝɪɢɪɨɜɚɧɧɚɹ ɡɨɧɚ Active Directory, ɜɵ ɦɨɠɟɬ ɩɪɨɫɦɚɬɪɢɜɚɬɶ ɢɧɮɨɪɦɚɰɢɸ DNS ɜ Active Directory (ɫɦ. ɪɢɫ. 3-6). Ⱦɥɹ ɷɬɨɝɨ ɡɚɩɭɫɬɢɬɟ ɤɨɧɫɨɥɶ ɭɩɪɚɜɥɟɧɢɹ Microsoft (MMC -Microsoft Management Console) ɢ ɭɛɟɞɢɬɟɫɶ, ɱɬɨ ɨɫɧɚɫɬɤɚ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory) ɛɵɥɚ ɞɨɛɚɜɥɟɧɚ ɤ ɤɨɧɫɨɥɢ. ȼɵɛɟɪɢɬɟ ɩɚɩɤɭ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory) ɢɡ ɦɟɧɸ View (ȼɢɞ), ɜɵɛɟɪɢɬɟ Advanced Features (Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɜɨɣɫɬɜɚ). Ɉɬɤɪɨɣɬɟ ɩɚɩɤɭ ɫ ɢɦɟɧɟɦ ɞɨɦɟɧɚ, ɡɚɬɟɦ ɨɬɤɪɨɣɬɟ ɩɚɩɤɭ System (ɋɢɫɬɟɦɚ), ɡɚɬɟɦ - ɩɚɩɤɭ Microsof tDNS. Ɂɨɧɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɞɥɹ ɜɫɟɯ ɢɧɬɟɝɪɢɪɨɜɚɧɧɵɯ ɡɨɧ Active Directory ɩɟɪɟɱɢɫɥɟɧɚ ɜ ɤɚɠɞɨɣ ɡɨɧɧɨɣ ɩɚɩɤɟ.
. 3-6.
П
Active Directory
че ы . DNS Windows Server 2003 , , Windows 2000 Advanced Server.
DNS , Active Directory ;
,
(dedicated) (
.
. 3-7).
.
. 3-7.
Active Directory
, . , -
. , Fabrikam.com,
Contoso.com DNS-
Contoso.
Fabrikam,
, .
DNS-
DNS-
Contoso Fabrikam,
. TailspinToys.com DNS Windows 2000 . ),
(
• •
.
. DNS . DNS ,
DNSDNS DNS ,
, .
DNS , . . .
(stub zones)
Windows Server 2003 , .
DNS
Ȼɨɥɶɲɢɧɫɬɜɨ ɨɩɰɢɣ DNS, ɤɨɬɨɪɵɟ ɨɛɫɭɠɞɚɥɢɫɶ ɞɨ ɷɬɨɝɨ, ɞɨɫɬɭɩɧɵ ɜ Windows 2000. ȼ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɟ Windows Server 2003 ɢɦɟɟɬɫɹ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɬɪɢ ɫɭɳɟɫɬɜɟɧɧɵɯ ɭɥɭɱɲɟɧɢɹ DNS. Ɉɩɢɫɚɧɢɟ ɩɪɚɤɬɢɱɟɫɤɨɝɨ ɨɩɵɬɚ (ɫɦ. ɜɵɲɟ) ɢɥɥɸɫɬɪɢɪɭɟɬ ɨɞɧɭ ɢɡ ɬɢɩɢɱɧɟɣɲɢɯ ɬɪɭɞɧɨɫɬɟɣ ɜ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɢ DNS ɛɨɥɶɲɨɣ ɤɨɪɩɨɪɚɰɢɢ, ɫ ɤɨɬɨɪɨɣ ɫɬɚɥɤɢɜɚɥɢɫɶ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨ ɜɵɯɨɞɚ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ Windows Server 2003. (conditional forwarding) ɡɧɚɱɢɬɟɥɶɧɨ ɭɜɟɥɢɱɢɜɚɟɬ ɜɨɡɦɨɠɧɨɫɬɢ ɩɪɨɰɟɫɫɚ ɩɟɪɟɚɞɪɟɫɚɰɢɢ. Ⱦɨ ɜɵɯɨɞɚ Windows Server 2003 ɜ ɩɪɨɰɟɫɫɟ ɩɟɪɟɚɞɪɟɫɚɰɢɢ ɧɟɥɶɡɹ ɛɵɥɨ ɞɟɥɚɬɶ ɪɚɡɥɢɱɢɣ, ɨɫɧɨɜɚɧɧɵɯ ɧɚ ɢɦɟɧɚɯ ɞɨɦɟɧɚ. Ʉɨɝɞɚ ɤɥɢɟɧɬ-ɩɪɟɨɛɪɚɡɨɜɚɬɟɥɶ ɞɟɥɚɥ ɡɚɩɪɨɫ, ɧɚ ɤɨɬɨɪɵɣ ɫɟɪɜɟɪ ɧɟ ɦɨɝ ɨɬɜɟɬɢɬɶ ɫ ɩɨɦɨɳɶɸ ɫɜɨɟɝɨ ɤɷɲɚ ɢɥɢ ɡɨɧɧɵɯ ɮɚɣɥɨɜ, ɫɟɪɜɟɪ ɩɨɫɵɥɚɥ ɪɟɤɭɪɫɢɜɧɵɣ ɡɚɩɪɨɫ ɩɨ ɫɜɨɟɦɭ ɫɩɢɫɤɭ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɯ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ. ɇɟ ɛɵɥɨ ɜɨɡɦɨɠɧɨɫɬɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɪɟɬɪɚɧɫɥɹɬɨɪ ɬɚɤ, ɱɬɨɛɵ ɨɧ ɛɵɥ ɱɭɜɫɬɜɢɬɟɥɟɧ ɤ ɫɩɟɰɢɮɢɤɟ ɞɨɦɟɧɚ. ɍɫɥɨɜɧɚɹ ɩɟɪɟɚɞɪɟɫɚɰɢɹ ɨɛɟɫɩɟɱɢɜɚɟɬ ɤɚɤ ɪɚɡ ɬɚɤɨɣ ɬɢɩ ɨɫɦɵɫɥɟɧɢɹ: DNS-cep-ɜɟɪ ɦɨɠɟɬ ɬɟɩɟɪɶ ɩɟɪɟɞɚɜɚɬɶ ɡɚɩɪɨɫɵ ɞɨɦɟɧɚ ɧɚ ɪɚɡɥɢɱɧɵɟ ɫɟɪɜɟɪɵ DNS, ɭɱɢɬɵɜɚɹ ɢɦɹ ɞɨɦɟɧɚ. ɇɚɩɪɢɦɟɪ, ɤɨɦɩɚɧɢɹ, ɨ ɤɨɬɨɪɨɣ ɲɥɚ ɪɟɱɶ ɜɵɲɟ, ɢɦɟɟɬ ɩɹɬɶ ɞɟɪɟɜɶɟɜ ɜ ɟɞɢɧɫɬɜɟɧɧɨɦ ɥɟɫɭ. ɉɪɢ ɪɟɩɥɢɤɚɰɢɢ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɞɨɥɠɧɵ ɫɭɦɟɬɶ ɧɚɣɬɢ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɞɪɭɝɢɯ ɞɨɦɟɧɚɯ. ɉɨɥɶɡɨɜɚɬɟɥɢ ɬɚɤɠɟ ɱɚɫɬɨ ɩɭɬɟɲɟɫɬɜɭɸɬ ɦɟɠɞɭ ɤɨɦɩɚɧɢɹɦɢ. Ɉɧɢ ɞɨɥɠɧɵ ɢɦɟɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɜɯɨɞɢɬɶ ɧɚ ɫɜɨɣ ɞɨɦɚɲɧɢɣ ɞɨɦɟɧ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɫ ɤɚɤɨɣ ɫɟɬɶɸ ɨɧɢ ɫɜɹɡɚɧɵ ɮɢɡɢɱɟɫɤɢ. ɋɭɳɟɫɬɜɭɟɬ ɬɚɤɠɟ ɡɧɚɱɢɬɟɥɶɧɨɟ ɤɨɥɢɱɟɫɬɜɨ ɪɟɫɭɪɫɨɜ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɯ ɞɥɹ ɫɨɜɦɟɫɬɧɨɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɦɟɠɞɭ ɤɨɦɩɚɧɢɹɦɢ. ɗɬɢ ɬɪɟɛɨɜɚɧɢɹ ɩɨɞɪɚɡɭɦɟɜɚɸɬ, ɱɬɨ ɢɧɮɨɪɦɚɰɢɹ DNS ɞɨɥɠɧɚ ɛɵɬɶ ɨɛɳɟɞɨɫɬɭɩɧɨɣ ɞɥɹ ɪɚɡɧɵɯ ɞɨɦɟɧɨɜ. ɋ ɩɨɦɨɳɶɸ Windows Server 2003 ɫɟɪɜɟɪɵ DNS ɜ ɤɚɠɞɨɦ ɞɨɦɟɧɟ ɦɨɝɭɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɫ ɭɫɥɨɜɧɵɦ ɪɟɬɪɚɧɫɥɹɬɨɪɨɦ, ɩɟɪɟɚɞɪɟɫɭɸɳɢɦ ɡɚɩɪɨɫɵ ɧɚ ɨɞɢɧ ɢɥɢ ɛɨɥɟɟ ɫɟɪɜɟɪɨɜ DNS ɜ ɞɪɭɝɢɯ ɞɨɦɟɧɚɯ. Ʉɨɝɞɚ ɨɞɢɧ ɢɡ ɫɟɪɜɟɪɨɜ DNS ɪɚɡɪɟɲɚɟɬ ɢɦɹ ɢɡ ɞɪɭɝɨɝɨ ɞɨɦɟɧɚ, ɨɧ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɬɨɥɶɤɨ ɬɨɬ ɪɟɬɪɚɧɫɥɹɬɨɪ, ɤɨɬɨɪɵɣ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɞɥɹ ɷɬɨɝɨ ɞɨɦɟɧɚ. ɇɚɩɪɢɦɟɪ, ɤɨɝɞɚ ɤɥɢɟɧɬ ɜ ɞɨɦɟɧɟ Contoso.com ɞɨɥɠɟɧ ɧɚɣɬɢ ɪɟɫɭɪɫ ɜ ɞɨɦɟɧɟ Fabrikam.com, ɨɧ ɞɟɥɚɟɬ ɡɚɩɪɨɫ DNS-ɫɟɪɜɟɪɭ ɞɨɦɟɧɚ Contoso.com. DNS-ɫɟɪɜɟɪ ɩɪɨɜɟɪɹɟɬ ɫɜɨɢ ɡɨɧɧɵɟ ɮɚɣɥɵ, ɱɬɨɛɵ ɨɩɪɟɞɟɥɢɬɶ, ɹɜɥɹɟɬɫɹ ɥɢ ɨɧ ɩɨɥɧɨɦɨɱɧɵɦ ɫɟɪɜɟɪɨɦ ɞɥɹ ɷɬɨɝɨ ɞɨɦɟɧɚ, ɚ ɡɚɬɟɦ ɩɪɨɜɟɪɹɟɬ ɫɜɨɣ ɤɷɲ. ȿɫɥɢ ɨɧ ɧɟ ɫɦɨɠɟɬ ɪɚɡɪɟɲɢɬɶ ɢɦɹ ɫ ɩɨɦɨɳɶɸ ɷɬɢɯ ɢɫɬɨɱɧɢɤɨɜ, ɨɧ ɩɪɨɜɟɪɢɬ ɫɩɢɫɨɤ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ. Ɉɞɢɧ ɢɡ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ ɨɩɪɟɞɟɥɟɧ ɞɥɹ ɞɨɦɟɧɚ Fabrikam.com, ɬɚɤ ɱɬɨ DNS-ɫɟɪɜɟɪ Contoso.com ɩɨɲɥɟɬ ɪɟɤɭɪɫɢɜɧɵɣ ɡɚɩɪɨɫ ɬɨɥɶɤɨ ɷɬɨɦɭ ɫɟɪɜɟɪɭ DNS. ȿɫɥɢ ɧɟɬ ɧɢɤɚɤɢɯ ɭɫɥɨɜɧɵɯ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ ɞɥɹ ɞɨɦɟɧɚ Fabrikam.com, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɯ ɧɚ ɫɟɪɜɟɪɟ DNS Contoso.com, ɬɨ ɨɧ ɨɬɩɪɚɜɢɬ ɡɚɩɪɨɫ ɥɸɛɨɦɭ ɪɟɬɪɚɧɫɥɹɬɨɪɭ, ɤɨɬɨɪɵɣ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɛɟɡ ɤɚɤɢɯ-ɥɢɛɨ ɨɩɪɟɞɟɥɟɧɧɵɯ ɩɚɪɚɦɟɬɪɨɜ
ɧɚɫɬɪɨɣɤɢ ɞɨɦɟɧɚ, ɚ ɡɚɬɟɦ ɩɨɩɪɨɛɭɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɤɨɪɧɟɜɵɟ ɫɫɵɥɤɢ. ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. Ɉɛɪɚɬɢɬɟ ɜɧɢɦɚɧɢɟ, ɱɬɨ DNS-ɫɟɪɜɟɪ ɩɪɨɜɟɪɹɟɬ ɫɜɨɢ ɫɨɛɫɬɜɟɧɧɵɟ ɡɨɧɧɵɟ ɮɚɣɥɵ, ɩɪɟɠɞɟ ɱɟɦ ɢɫɩɨɥɶɡɨɜɚɬɶ ɪɟɬɪɚɧɫɥɹɬɨɪɵ. ȿɫɥɢ DNS-ɫɟɪɜɟɪ ɹɜɥɹɟɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦ ɞɥɹ ɞɚɧɧɨɝɨ ɞɨɦɟɧɚ, ɨɧ ɧɟ ɛɭɞɟɬ ɨɬɩɪɚɜɥɹɬɶ ɡɚɩɪɨɫ ɭɫɥɨɜɧɨɦɭ ɪɟɬɪɚɧɫɥɹɬɨɪɭ. ɍɫɥɨɜɧɚɹ ɩɟɪɟɚɞɪɟɫɚɰɢɹ ɤɨɧɮɢɝɭɪɢɪɭɟɬɫɹ ɜ ɨɤɧɟ Properties (ɋɜɨɣɫɬɜɚ) ɫɟɪɜɟɪɚ ɜ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɦ ɢɧɫɬɪɭɦɟɧɬɟ DNS (ɫɦ. ɪɢɫ. 3-8). ɋ ɟɝɨ ɩɨɦɨɳɶɸ ɜɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɨɞɢɧ ɢɥɢ ɛɨɥɟɟ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɤɚɱɟɫɬɜɟ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ ɞɥɹ ɤɚɠɞɨɝɨ ɢɦɟɧɢ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɤɨɧɮɢɝɭɪɢɪɭɟɬɟ ɧɟɫɤɨɥɶɤɨ ɫɟɪɜɟɪɨɜ DNS ɞɥɹ ɢɦɟɧɢ ɞɨɦɟɧɚ, ɬɨ DNS-ɫɟɪɜɟɪ ɛɭɞɟɬ ɩɵɬɚɬɶɫɹ ɢɫɩɨɥɶɡɨɜɚɬɶ ɩɟɪɜɵɣ DNS-ɫɟɪɜɟɪ ɜ ɫɩɢɫɤɟ. ȿɫɥɢ ɷɬɨɬ ɫɟɪɜɟɪ ɧɟ ɨɬɜɟɱɚɟɬ ɜ ɬɟɱɟɧɢɟ ɡɚɞɚɧɧɨɝɨ ɡɧɚɱɟɧɢɹ ɢɧɬɟɪɜɚɥɚ ɬɚɣɦɚ -ɭɬɚ, ɤɨɬɨɪɨɟ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɧɚ ɜɤɥɚɞɤɟ Forwarders (Ɋɟɬɪɚɧɫɥɹɬɨɪɵ), ɬɨ ɫɟɪɜɟɪ ɛɭɞɟɬ ɩɪɨɛɨɜɚɬɶ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɥɟɞɭɸɳɢɣ DNS-ɫɟɪɜɟɪ ɢɡ ɫɩɢɫɤɚ, ɩɨɤɚ ɧɟ ɛɭɞɭɬ ɡɚɩɪɨɲɟɧɵ ɜɫɟ ɢɦɟɸɳɢɟɫɹ ɜ ɫɩɢɫɤɟ DNS-ɫɟɪɜɟɪɵ. ȿɫɥɢ ɧɢɤɚɤɢɯ ɭɫɥɨɜɧɵɯ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɯ ɞɥɹ ɢɦɟɧɢ ɞɨɦɟɧɚ, ɜ ɫɩɢɫɤɟ ɧɟɬ, ɬɨ ɫɟɪɜɟɪ ɛɭɞɟɬ ɡɚɩɪɚɲɢɜɚɬɶ ɫɟɪɜɟɪɵ DNS, ɨɩɪɟɞɟɥɟɧɧɵɟ ɜ ɨɩɰɢɢ All Other DNS Domains (Ⱦɪɭɝɢɟ ɞɨɦɟɧɵ DNS).
. 3-8.
ɉɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɭɫɥɨɜɧɨɣ ɩɟɪɟɚɞɪɟɫɚɰɢɢ DNS-ɫɟɪɜɟɪ ɜɫɟɝɞɚ ɛɭɞɟɬ ɩɪɨɛɨɜɚɬɶ ɧɚɣɬɢ ɫɨɨɬɜɟɬɫɬɜɢɟ ɧɚɢɛɨɥɟɟ ɬɨɱɧɨɦɭ ɢɦɟɧɢ ɞɨɦɟɧɚ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɢɦɟɸɬɫɹ ɭɫɥɨɜɧɵɟ ɪɟɬɪɚɧɫɥɹɬɨɪɵ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɟ ɞɥɹ Fabrikam.com ɢ ɞɥɹ Europe.Fabrikam.com, ɚ ɤɥɢɟɧɬ ɞɟɥɚɟɬ ɡɚɩɪɨɫ ɨ ɫɟɪɜɟɪɟ Webl.Europe.Fabrikam.com, ɬɨ DNS-ɫɟɪɜɟɪ ɨɬɩɪɚɜɢɬ ɡɚɩɪɨɫ ɧɚ DNS-ɫɟɪɜɟɪ ɞɥɹ Europe.Fabrikam.com. (stub zones) - ɷɬɨ ɜɬɨɪɨɟ ɭɥɭɱɲɟɧɢɟ ɤ ɫɥɭɠɛɟ DNS ɜ Windows Server 2003. Ɉɧɢ ɩɪɟɞɧɚɡɧɚɱɟɧɵ ɞɥɹ ɭɩɪɨɳɟɧɢɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɪɚɡɪɟɲɟɧɢɹ ɢɦɟɧ ɦɟɠɞɭ ɧɟɫɤɨɥɶɤɢɦɢ ɩɪɨɫɬɪɚɧɫɬɜɚɦɢ ɢɦɟɧ. ɋɨɤɪɚɳɟɧɧɚɹ ɡɨɧɚ ɩɨɞɨɛɧɚ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɡɨɧɟ. ɉɪɢ ɭɫɬɚɧɨɜɥɟɧɢɢ ɫɨɤɪɚɳɟɧɧɨɣ ɡɨɧɵ ɜɵ ɞɨɥɠɧɵ ɨɩɪɟɞɟɥɢɬɶ IP-ɚɞɪɟɫ ɨɫɧɨɜɧɨɝɨ ɫɟɪɜɟɪɚ ɢɦɟɧ ɞɥɹ ɡɨɧɵ. Ɍɨɝɞɚ ɫɟɪɜɟɪ, ɜɥɚɞɟɸɳɢɣ ɫɨɤɪɚɳɟɧɧɨɣ ɡɨɧɨɣ, ɡɚɩɪɚɲɢɜɚɟɬ ɡɨɧɧɭɸ ɩɟɪɟɞɚɱɭ ɭ ɨɫɧɨɜɧɨɝɨ ɫɟɪɜɟɪɚ ɢɦɟɧ. Ɉɞɧɚɤɨ ɫɨɤɪɚɳɟɧɧɚɹ ɡɨɧɚ ɨɬɥɢɱɚɟɬɫɹ ɨɬ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɬɟɦ, ɱɬɨ ɨɧɚ ɫɨɞɟɪɠɢɬ ɬɨɥɶɤɨ ɡɚɩɢɫɢ SOA, NS ɢ ɡɚɩɢɫɢ ɯɨɫɬɚ (Ⱥ) ɞɥɹ ɫɟɪɜɟɪɚ ɢɦɟɧ ɞɨɦɟɧɚ, ɚ ɧɟ ɜɫɟ ɡɚɩɢɫɢ ɡɨɧɵ. ɗɬɨ ɭɥɭɱɲɚɟɬ ɩɪɨɰɟɫɫ ɪɚɡɪɟɲɟɧɢɹ ɢɦɟɧ ɛɟɡ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɟɪɜɟɪɵ. Ʉɨɝɞɚ DNS-ɫɟɪɜɟɪ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɫ ɫɨɤɪɚɳɟɧɧɨɣ ɡɨɧɨɣ, ɨɧ ɧɟ ɹɜɥɹɟɬɫɹ ɩɨɥɧɨɦɨɱɧɵɦ ɞɥɹ ɞɨɦɟɧɚ. Ɉɧ ɷɮɮɟɤɬɢɜɟɧ ɩɪɢ ɩɨɢɫɤɟ ɩɨɥɧɨɦɨɱɧɨɝɨ ɫɟɪɜɟɪɚ ɢɦɟɧ ɞɥɹ ɭɤɚɡɚɧɧɨɣ ɡɨɧɵ. ɋ ɩɨɦɨɳɶɸ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɡɨɧ DNS-ɫɟɪɜɟɪ ɦɨɠɟɬ ɧɚɣɬɢ ɩɨɥɧɨɦɨɱɧɵɣ ɫɟɪɜɟɪ ɢɦɟɧ ɞɥɹ ɡɨɧɵ ɛɟɡ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɤɨɧɬɚɤɬɢɪɨɜɚɬɶ ɫ ɫɟɪɜɟɪɚɦɢ ɤɨɪɧɟɜɵɯ ɫɫɵɥɨɤ. Ɉɛɪɚɬɢɬɟ ɜɧɢɦɚɧɢɟ, ɤɚɤ ɞɨɩɨɥɧɢɬɟɥɶɧɚɹ ɡɨɧɚ ɦɨɠɟɬ ɪɚɛɨɬɚɬɶ ɜ ɥɟɫɭ ɫ ɨɞɧɢɦ ɞɟɪɟɜɨɦ, ɬ.ɟ. ɫ ɧɟɩɪɟɪɵɜɧɵɦ ɩɪɨɫɬɪɚɧɫɬɜɨɦ ɢɦɟɧ (ɫɦ. ɪɢɫ. 3-9). Ȼɟɡ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɡɨɧ ɜ ɫɥɭɱɚɟ ɡɚɩɪɨɫɚ ɤɥɢɟɧɬɚ ɢɡ NAmerica.Contoso.com IPɚɞɪɟɫɚ ɯɨɫɬɚ ɜ ɞɨɦɟɧɟ SAmerica.Contoso.com DNS ɫɟɪɜɟɪ ɜ NAmerica. Contoso.com ɩɪɨɜɟɪɹɟɬ ɫɜɨɢ ɡɨɧɧɵɟ ɮɚɣɥɵ, ɤɷɲ ɢ ɪɟɬɪɚɧɫɥɹɬɨɪɵ. ȿɫɥɢ ɧɢ ɨɞɢɧ ɢɡ ɷɬɢɯ ɢɫɬɨɱɧɢɤɨɜ ɧɟ ɨɛɟɫɩɟɱɢɜɚɟɬ ɧɭɠɧɭɸ
ɢɧɮɨɪɦɚɰɢɸ, ɨɧ ɩɨɫɵɥɚɟɬ ɢɬɟɪɚɰɢɨɧɧɵɣ ɡɚɩɪɨɫ ɫɟɪɜɟɪɭ ɤɨɪɧɟɜɵɯ ɫɫɵɥɨɤ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ DNS ɫɟɪɜɟɪ ɜ ɤɨɪɧɟɜɨɦ ɞɨɦɟɧɟ Contoso.com ɞɨɥɠɟɧ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɤɚɤ ɤɨɪɧɟɜɨɣ ɫɟɪɜɟɪ, ɱɬɨɛɵ DNS-ɫɟɪɜɟɪ ɞɨɦɟɧɚ NAmerica. Contoso.com ɩɨɫɥɚɥ ɡɚɩɪɨɫ ɟɦɭ. Ʉɨɪɧɟɜɨɣ ɫɟɪɜɟɪ ɩɪɨɜɟɪɹɟɬ ɫɜɨɢ ɡɚɩɢɫɢ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɢ ɩɟɪɟɞɚɟɬ IP-ɚɞɪɟɫ ɩɨɥɧɨɦɨɱɧɨɝɨ ɫɟɪɜɟɪɚ ɢɦɟɧ ɞɨɦɟɧɚ SAmerica.Contoso.com ɫɟɪɜɟɪɭ ɢɦɟɧ NAmerica. Contoso.com. Ɂɚɬɟɦ ɫɟɪɜɟɪ ɢɦɟɧ NAmerica. Contoso.com ɡɚɩɪɚɲɢɜɚɟɬ ɭ ɨɞɧɨɝɨ ɢɡ ɫɟɪɜɟɪɨɜ DNS ɞɨɦɟɧɚ SAmerica. Contoso.com IP-ɚɞɪɟɫ ɫɟɪɜɟɪɚ, ɤɨɬɨɪɵɣ ɬɪɟɛɭɟɬɫɹ ɤɥɢɟɧɬɭ. ȿɫɥɢ ɢɦɟɟɬɫɹ ɫɨɤɪɚɳɟɧɧɚɹ ɡɨɧɚ, DNS-ɫɟɪɜɟɪ ɞɨɦɟɧɚ NAmerica. Contoso.com ɧɟ ɞɨɥɠɟɧ ɫɨɟɞɢɧɹɬɶɫɹ ɫ ɫɟɪɜɟɪɨɦ DNS ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ. ȿɦɭ ɧɟ ɧɭɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɜɨɢ ɤɨɪɧɟɜɵɟ ɫɫɵɥɤɢ, ɱɬɨɛɵ ɧɚɣɬɢ ɫɟɪɜɟɪ ɢɦɟɧ ɞɥɹ ɞɨɦɟɧɚ SAmerica.Contoso.com. Ʉɨɝɞɚ ɤɥɢɟɧɬ ɞɟɥɚɟɬ ɡɚɩɪɨɫ, ɫɟɪɜɟɪ ɩɪɨɜɟɪɹɟɬ ɫɜɨɢ ɡɨɧɧɵɟ ɮɚɣɥɵ, ɧɚɯɨɞɢɬ ɫɨɤɪɚɳɟɧɧɭɸ ɡɨɧɭ ɢ ɩɨɫɵɥɚɟɬ ɢɬɟɪɚɰɢɨɧɧɵɣ ɡɚɩɪɨɫ ɥɸɛɨɦɭ ɢɡ ɫɟɪɜɟɪɨɜ ɢɦɟɧ ɞɨɦɟɧɚ SAmerica. Contoso.com. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɫɨɤɪɚɳɟɧɧɨɣ ɡɨɧɵ ɨɫɨɛɟɧɧɨ ɷɮɮɟɤɬɢɜɧɨ ɩɪɢ ɧɚɥɢɱɢɢ ɧɟɫɤɨɥɶɤɢɯ ɞɟɪɟɜɶɟɜ. ȼɨɡɶɦɟɦ ɩɪɟɞɵɞɭɳɢɣ ɩɪɢɦɟɪ, ɜ ɤɨɬɨɪɨɦ ɥɟɫ ɫɨɫɬɨɢɬ ɢɡ ɩɹɬɢ ɞɟɪɟɜɶɟɜ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɡɚɩɢɫɟɣ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɜ ɤɨɪɧɟɜɨɣ ɡɨɧɟ ɜ ɷɬɨɦ ɫɥɭɱɚɟ ɧɟ ɪɚɛɨɬɚɟɬ, ɩɨɬɨɦɭ ɱɬɨ ɞɨɦɟɧɵ ɧɟ ɢɫɩɨɥɶɡɭɸɬ ɨɛɳɟɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ. ȼɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɫɨɤɪɚɳɟɧɧɭɸ ɡɨɧɭ ɞɥɹ ɤɚɠɞɨɝɨ ɞɨɦɟɧɚ ɧɚ ɫɟɪɜɟɪɚɯ DNS ɜ ɞɪɭɝɢɯ ɞɨɦɟɧɚɯ. ȿɫɥɢ ɜ ɷɬɨɦ ɫɥɭɱɚɟ ɤɚɤɨɣ-ɥɢɛɨ ɡɚɩɪɨɫ DNS ɧɭɠɞɚɟɬɫɹ ɜ ɢɧɮɨɪɦɚɰɢɢ ɢɡ ɞɪɭɝɨɝɨ ɞɨɦɟɧɚ, DNS-ɫɟɪɜɟɪ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɢɧɮɨɪɦɚɰɢɸ ɫɨɤɪɚɳɟɧɧɨɣ ɡɨɧɵ, ɱɬɨɛɵ ɧɟɦɟɞɥɟɧɧɨ ɫɨɟɞɢɧɢɬɶɫɹ ɫ ɫɟɪɜɟɪɨɦ ɢɦɟɧ ɜ ɞɪɭɝɨɦ ɞɨɦɟɧɟ.
. 3-9.
DNS
ɋɨɤɪɚɳɟɧɧɚɹ ɡɨɧɚ ɩɨɞɞɟɪɠɢɜɚɟɬ ɫɩɢɫɨɤ ɫɟɪɜɟɪɨɜ ɢɦɟɧ ɞɥɹ ɞɟɥɟɝɢɪɨɜɚɧɧɵɯ ɡɨɧ. Ʉɨɝɞɚ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ ɞɟɥɟɝɢɪɨɜɚɧɧɵɣ ɩɨɞɞɨɦɟɧ, ɜɵ ɞɨɥɠɧɵ ɜɜɟɫɬɢ IP-ɚɞɪɟɫɚ ɜɫɟɯ ɫɟɪɜɟɪɨɜ ɢɦɟɧ ɜ ɞɟɥɟɝɢɪɨɜɚɧɧɵɣ ɞɨɦɟɧ. ȿɫɥɢ ɷɬɨɬ ɫɩɢɫɨɤ ɫɟɪɜɟɪɨɜ ɢɦɟɧ ɢɡɦɟɧɹɟɬɫɹ, ɧɚɩɪɢɦɟɪ, ɨɞɢɧ ɢɡ ɫɟɪɜɟɪɨɜ ɢɦɟɧ ɭɞɚɥɟɧ ɢɡ ɫɟɬɢ, ɜɚɦ ɩɪɢɞɟɬɫɹ ɜɪɭɱɧɭɸ ɨɛɧɨɜɢɬɶ ɡɚɩɢɫɶ ɞɟɥɟɝɢɪɨɜɚɧɢɹ. ȼɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɨɤɪɚɳɟɧɧɭɸ ɡɨɧɭ, ɱɬɨɛɵ ɚɜɬɨɦɚɬɢɡɢɪɨɜɚɬɶ ɩɪɨɰɟɫɫ ɨɛɧɨɜɥɟɧɢɹ ɫɩɢɫɤɚ ɫɟɪɜɟɪɨɜ ɢɦɟɧ. ɑɬɨɛɵ ɫɞɟɥɚɬɶ ɷɬɨ ɜ ɞɨɦɟɧɟ Contoso.com, ɜɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɫɨɤɪɚɳɟɧɧɭɸ ɡɨɧɭ ɞɥɹ ɞɨɦɟɧɚ NAmerica.Contoso.com ɧɚ ɫɟɪɜɟɪɚɯ DNS ɞɨɦɟɧɚ Contoso.com. ȼɵ ɬɚɤɠɟ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɡɚɩɢɫɶ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɜ ɡɨɧɟ Contoso.com, ɭɤɚɡɵɜɚɸɳɭɸ ɧɚ ɫɨɤɪɚɳɟɧɧɭɸ ɡɨɧɭ. Ʉɨɝɞɚ ɡɚɩɢɫɢ ɫɟɪɜɟɪɚ ɢɦɟɧ ɢɡɦɟɧɹɬɫɹ ɜ ɞɨɱɟɪɧɟɦ ɞɨɦɟɧɟ, ɨɧɢ ɛɭɞɭɬ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɨɛɧɨɜɥɟɧɵ ɜ ɫɨɤɪɚɳɟɧɧɨɣ ɡɨɧɟ. Ʉɨɝɞɚ ɫɟɪɜɟɪɵ DNS Contoso.com ɛɭɞɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɡɚɩɢɫɶ ɞɟɥɟɝɢɪɨɜɚɧɢɹ, ɨɧɢ ɩɨɥɭɱɚɬ ɫɫɵɥɤɭ ɧɚ ɫɨɤɪɚɳɟɧɧɭɸ ɡɨɧɭ, ɬɚɤ ɱɬɨ ɭ ɧɢɯ ɜɫɟɝɞɚ ɛɭɞɟɬ ɞɨɫɬɭɩ ɤ ɨɛɧɨɜɥɟɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɫɟɪɜɟɪɚ ɢɦɟɧ. ɑɬɨɛɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɫɨɤɪɚɳɟɧɧɭɸ ɡɨɧɭ, ɢɫɩɨɥɶɡɭɣɬɟ New Zone Wizard (Ɇɚɫɬɟɪ ɧɨɜɨɣ ɡɨɧɵ) ɜ ɢɧɫɬɪɭɦɟɧɬɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ DNS. ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ Forward Lookup Zones (ɉɪɹɦɚɹ ɡɨɧɚ ɩɪɨɫɦɨɬɪɚ) ɢɥɢ ɧɚ Reverse Lookup Zones (Ɉɛɪɚɬɧɚɹ ɡɨɧɚ ɩɪɨɫɦɨɬɪɚ)) ɢ ɜɵɛɟɪɢɬɟ New Zone (ɇɨɜɚɹ ɡɨɧɚ). ɉɨɹɜɢɬɫɹ ɨɩɰɢɹ ɫɨɡɞɚɧɢɹ ɫɨɤɪɚɳɟɧɧɨɣ ɡɨɧɵ (ɫɦ. ɪɢɫ. 3-10).
. 3-10.
Ɍɪɟɬɶɟ ɭɥɭɱɲɟɧɢɟ DNS, ɩɨɦɨɝɚɸɳɟɟ ɪɚɡɪɟɲɟɧɢɸ ɢɦɟɧ ɯɨɫɬɚ ɦɟɠɞɭ ɧɟɫɤɨɥɶɤɢɦɢ ɞɨɦɟɧɚɦɢ, ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɪɚɡɞɟɥɚ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ. DNS ɜ Active Directory Windows Server 2003 ɢɫɩɨɥɶɡɭɟɬ ɪɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɞɥɹ ɨɛɥɟɝɱɟɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɢɧɮɨɪɦɚɰɢɢ DNS ɜ ɥɟɫɭ. ɉɪɢ ɭɫɬɚɧɨɜɤɟ DNS, ɤɨɝɞɚ ɜɵ ɧɚɡɧɚɱɚɟɬɟ ɩɟɪɜɵɣ ɫɟɪɜɟɪ ɜ ɥɟɫɭ ɧɚ ɪɨɥɶ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɜ Active Directory ɫɨɡɞɚɸɬɫɹ ɞɜɚ ɧɨɜɵɯ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ. ɗɬɨ ɪɚɡɞɟɥɵ DomainDnsZones ɢ ForestDnsZones. (ɂɯ ɧɟ ɜɢɞɧɨ ɧɢ ɜ ɨɞɧɨɦ ɢɡ ɨɛɵɱɧɵɯ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɯ ɫɪɟɞɫɬɜ ɭɩɪɚɜɥɟɧɢɹ Active Directory, ɨɧɢ ɨɬɨɛɪɚɠɚɸɬɫɹ ɩɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ADSI Edit ɢɥɢ Ldp.exe; ɢɫɩɨɥɶɡɨɜɚɧɢɟ ADSI Edit ɩɨɤɚɡɚɧɨ ɧɚ ɪɢɫɭɧɤɟ 3-11.) Ʉɚɠɞɵɣ ɢɡ ɷɬɢɯ ɪɚɡɞɟɥɨɜ ɯɪɚɧɢɬ ɪɚɡɧɭɸ ɤɨɧɮɢɝɭɪɚɰɢɸ ɪɟɩɥɢɤɚɰɢɢ. Ɋɚɡɞɟɥ DomainDnsZones ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɫɟɪɜɟɪɵ DNS, ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ. Ɋɚɡɞɟɥ ForestDnsZones ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɫɟɪɜɟɪɵ DNS, ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɜ ɥɟɫɭ. ȼɵ ɦɨɠɟɬɟ ɯɪɚɧɢɬɶ ɢɧɮɨɪɦɚɰɢɸ DNS ɜ ɪɚɡɞɟɥɟ ɤɚɬɚɥɨɝɚ ɞɨɦɟɧɚ, ɬ.ɟ. ɨɧɚ ɛɭɞɟɬ ɤɨɩɢɪɨɜɚɬɶɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. ɇɟɨɛɯɨɞɢɦɨ ɜɵɛɪɚɬɶ ɦɟɫɬɨ ɯɪɚɧɟɧɢɹ ɢɧɮɨɪɦɚɰɢɢ DNS ɩɪɢ ɫɨɡɞɚɧɢɢ ɧɨɜɨɣ ɡɨɧɵ (ɫɦ. ɪɢɫ. 3-12) ɜ ɨɤɧɟ Zone Properties (ɋɜɨɣɫɬɜɚ ɡɨɧɵ) ɜ ɢɧɫɬɪɭɦɟɧɬɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ DNS. ɂɦɟɸɬɫɹ ɱɟɬɵɪɟ ɜɚɪɢɚɧɬɚ ɯɪɚɧɟɧɢɹ ɢɧɮɨɪɦɚɰɢɢ DNS. • Ɍɨ All DNS Servers In The Active Directory Forest domainname (Ha ɜɫɟ ɫɟɪɜɟɪɵ DNS ɥɟɫɚ Active Directory). ɂɧɮɨɪɦɚɰɢɹ ɯɪɚɧɢɬɫɹ ɜ ɪɚɡɞɟɥɟ ForestDnsZones, ɨɬɤɭɞɚ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɫɟɪɜɟɪɵ DNS ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɥɟɫɚ. ɗɬɚ ɤɨɧɮɢɝɭɪɚɰɢɹ ɡɚɞɚɧɚ ɩɨ ɭɦɨɥɱɚɧɢɸ ɞɥɹ ɡɨɧɵ _msdcs ɜ ɢɧɬɟɝɪɢɪɨɜɚɧɧɨɣ ɡɨɧɟ Active Directory.
. 3-11.
•
•
DNS
ADSI Edit
Ɍɨ All DNS Servers In The Active Directory Domain domainname (Ha ɜɫɟ ɫɟɪɜɟɪɵ DNS ɜ ɞɨɦɟɧɟ Active Directory). ɂɧɮɨɪɦɚɰɢɹ ɯɪɚɧɢɬɫɹ ɜ ɪɚɡɞɟɥɟ DomamDnsZones, ɨɬɤɭɞɚ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɫɟɪɜɟɪɵ DNS, ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ. ɗɬɨ ɤɨɧɮɢɝɭɪɚɰɢɹ, ɩɪɢɧɹɬɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɞɥɹ ɢɧɬɟɝɪɢɪɨɜɚɧɧɨɣ ɡɨɧɵ Active Directory, ɫɨɡɞɚɧɧɨɣ ɜ ɩɪɨɰɟɫɫɟ ɨɛɧɨɜɥɟɧɢɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ɍɨ All Domain Controllers In The Active Directory Domain domainname (ɇɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ Active Directory). ɂɧɮɨɪɦɚɰɢɹ ɯɪɚɧɢɬɫɹ ɜ ɪɚɡɞɟɥɟ ɞɨɦɟɧɚ
ɤɚɬɚɥɨɝɚ, ɨɬɤɭɞɚ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. Ɋɚɡɥɢɱɢɟ ɦɟɠɞɭ ɷɬɨɣ ɨɩɰɢɟɣ ɢ ɩɪɟɞɵɞɭɳɟɣ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɜ ɷɬɨɦ ɫɥɭɱɚɟ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɩɨɥɭɱɚɬ ɢɧɮɨɪɦɚɰɢɸ, ɜ ɬɨ ɜɪɟɦɹ ɤɚɤ ɪɚɡɞɟɥ DomamDnsZones ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɬɨɥɶɤɨ ɧɚ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɹɜɥɹɸɳɢɟɫɹ ɫɟɪɜɟɪɚɦɢ DNS. • Ɍɨ All Domain Controllers Specified In The Scope Of The Following Application Directory Partition (ɇɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɩɪɟɞɟɥɚɯ ɫɥɟɞɭɸɳɟɝɨ ɪɚɡɞɟɥɚ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ). ɗɬɚ ɨɩɰɢɹ ɞɨɫɬɭɩɧɚ ɬɨɥɶɤɨ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɪɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ ɫ ɟɝɨ ɫɨɛɫɬɜɟɧɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɟɣ ɪɟɩɥɢɤɚɰɢɢ. ɂɧɮɨɪɦɚɰɢɹ DNS ɛɭɞɟɬ ɤɨɩɢɪɨɜɚɬɶɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɢɦɟɸɬ ɪɟɩɥɢɤɭ ɷɬɨɝɨ ɪɚɡɞɟɥɚ. . DNS , DNS . DNS , , . DNS DNSCMD. DNS DNS Create Default Application Directory Partitions ( ). DNSCMD dnscmd DN S servername/CreateBuiltin-DirectoryPartitions /forest. ForestDnsZones. DomainDnsZones, «/domain» . Active Directory, Enterprise Admins ( ).
. 3-12.
DNS
Ɉɛɵɱɧɨ ɡɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɤɨɧɮɢɝɭɪɚɰɢɹ ɡɨɧ ɧɟ ɢɡɦɟɧɹɟɬɫɹ. ɉɪɢ ɧɚɥɢɱɢɢ ɧɟɫɤɨɥɶɤɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ, ɩɪɢɱɟɦ ɬɨɥɶɤɨ ɧɟɤɨɬɨɪɵɟ ɢɡ ɧɢɯ ɹɜɥɹɸɬɫɹ ɫɟɪɜɟɪɚɦɢ DNS, ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɪɚɡɞɟɥɚ DomainDnsZones ɭɦɟɧɶɲɚɟɬ ɤɨɥɢɱɟɫɬɜɨ ɪɟɩɥɢɤɚɰɢɣ ɧɚ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɧɟ ɹɜɥɹɸɬɫɹ ɫɟɪɜɟɪɚɦɢ DNS. Ɂɨɧɚ _msdcs ɞɥɹ ɤɚɠɞɨɝɨ ɞɨɦɟɧɚ, ɤɨɬɨɪɚɹ ɜɤɥɸɱɚɟɬ ɬɨɥɶɤɨ ɢɧɮɨɪɦɚɰɢɸ ɨ ɫɟɪɜɟɪɚɯ Active Directory ɜ ɞɨɦɟɧɟ, ɯɪɚɧɢɬɫɹ ɜ ɪɚɡɞɟɥɟ ForestDnsZones. ɗɬɚ ɢɧɮɨɪɦɚɰɢɹ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɩɨ ɜɫɟɦɭ ɥɟɫɭ.
ɋɥɭɠɛɚ DNS ɹɜɥɹɟɬɫɹ ɧɟɨɛɯɨɞɢɦɨɣ ɫɟɬɟɜɨɣ ɫɥɭɠɛɨɣ ɞɥɹ ɫɟɬɟɣ Windows Server 2003. Ȼɟɡ ɧɟɟ ɩɪɚɤɬɢɱɟɫɤɢ ɥɸɛɨɣ ɜɯɨɞ ɜ ɫɢɫɬɟɦɭ ɢ ɭɫɢɥɢɹ ɩɨ ɩɨɢɫɤɭ ɪɚɫɩɨɥɨɠɟɧɢɹ ɪɟɫɭɪɫɨɜ ɩɨɬɟɪɩɹɬ ɧɟɭɞɚɱɭ ɜ Windows Server 2003. Ʉɚɤ ɫɟɬɟɜɨɣ ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɜɵ ɞɨɥɠɧɵ ɫɬɚɬɶ ɷɤɫɩɟɪɬɨɦ ɩɨ ɫɥɭɠɛɟ DNS. ȼ ɞɚɧɧɨɣ ɝɥɚɜɟ ɛɵɥ ɞɚɧ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɬɨɝɨ, ɤɚɤ ɪɚɛɨɬɚɟɬ DNS ɜ ɤɚɱɟɫɬɜɟ ɫɟɬɟɜɨɣ ɫɥɭɠɛɵ ɜ ɥɸɛɨɣ ɫɪɟɞɟ, ɩɨɤɚɡɚɧɚ ɫɩɟɰɢɮɢɤɚ ɢɧɬɟɝɪɚɰɢɢ DNS ɫ Active Directory. ɇɚɢɛɨɥɟɟ ɜɚɠɧɵɦ ɤɨɦɩɨɧɟɧɬɨɦ ɢɧɬɟɝɪɚɰɢɢ ɹɜɥɹɟɬɫɹ ɩɪɨɰɟɫɫ ɩɨɢɫɤɚ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɩɪɢ ɤɨɬɨɪɨɦ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ Active Directory ɪɟɝɢɫɬɪɢɪɭɸɬ ɡɚɩɢɫɢ SRV ɜ DNS, ɚ ɡɚɬɟɦ ɤɥɢɟɧɬɵ ɢɫɩɨɥɶɡɭɸɬ ɷɬɢ ɡɚɩɢɫɢ ɞɥɹ ɩɨɢɫɤɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. Ʉɪɨɦɟ ɬɨɝɨ, ɛɵɥɨ ɩɪɢɜɟɞɟɧɨ ɨɩɢɫɚɧɢɟ ɧɟɤɨɬɨɪɵɯ ɭɥɭɱɲɟɧɢɣ DNS ɜ Windows Server 2003.
4.
Active Directory
Ʉɚɠɞɚɹ ɤɨɦɩɚɧɢɹ, ɪɟɚɥɢɡɭɸɳɚɹ ɫɥɭɠɛɭ ɤɚɬɚɥɨɝɚ Active Directory Microsoft Windows Server 2003, ɪɚɡɜɟɪɬɵɜɚɟɬ ɧɟɫɤɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. Ɉɧɢ ɦɨɝɭɬ ɪɚɫɩɨɥɚɝɚɬɶɫɹ ɜ ɨɞɧɨɦ ɰɟɧɬɪɟ ɨɛɪɚɛɨɬɤɢ ɞɚɧɧɵɯ ɜ ɝɥɚɜɧɨɦ ɨɮɢɫɟ ɤɨɦɩɚɧɢɢ ɢ ɫɜɹɡɵɜɚɬɶɫɹ ɜɵɫɨɤɨɫɤɨɪɨɫɬɧɵɦɢ ɫɟɬɟɜɵɦɢ ɫɨɟɞɢɧɟɧɢɹɦɢ. Ɉɧɢ ɦɨɝɭɬ ɛɵɬɶ ɪɚɫɩɪɟɞɟɥɟɧɵ ɩɨ ɜɫɟɦɭ ɦɢɪɭ ɢ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɫɜɹɡɢ ɝɥɨɛɚɥɶɧɵɟ ɫɟɬɢ (WAN). ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɢɦɟɸɬ ɟɞɢɧɫɬɜɟɧɧɵɣ ɞɨɦɟɧ ɜ ɥɟɫɭ, ɞɪɭɝɢɟ ɤɨɦɩɚɧɢɢ - ɦɧɨɝɨ ɞɨɦɟɧɨɜ ɜ ɧɟɫɤɨɥɶɤɢɯ ɞɨɦɟɧɧɵɯ ɞɟɪɟɜɶɹɯ ɜ ɨɛɳɟɦ ɥɟɫɭ. ɇɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɫɤɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɢɦɟɟɬ ɤɨɦɩɚɧɢɹ ɢ ɝɞɟ ɨɧɢ ɪɚɫɩɨɥɨɠɟɧɵ, ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɞɨɥɠɧɵ ɪɟɩɥɢɰɢɪɨɜɚɬɶ ɢɧɮɨɪɦɚɰɢɸ ɞɪɭɝ ɭ ɞɪɭɝɚ. ȿɫɥɢ ɨɧɢ ɧɟ ɛɭɞɭɬ ɞɟɥɚɬɶ ɷɬɨɝɨ, ɤɚɬɚɥɨɝɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɫɬɚɧɭɬ ɩɪɨɬɢɜɨɪɟɱɢɜɵɦɢ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɧɚ ɨɞɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɛɭɞɟɬ ɫɨɡɞɚɧ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢ ɷɬɚ ɢɧɮɨɪɦɚɰɢɹ ɧɟ ɫɤɨɩɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɬɨ ɷɬɨɬ ɩɨɥɶɡɨɜɚɬɟɥɶ ɫɦɨɠɟɬ ɜɯɨɞɢɬɶ ɬɨɥɶɤɨ ɧɚ ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ɋɥɭɠɛɚ Active Directory ɢɫɩɨɥɶɡɭɟɬ ɦɨɞɟɥɶ ɪɟɩɥɢɤɚɰɢɢ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɯɨɡɹɟɜɚɦɢ, ɜ ɤɨɬɨɪɨɣ ɢɡɦɟɧɟɧɢɹ ɜ ɤɚɬɚɥɨɝɟ ɦɨɝɭɬ ɛɵɬɶ ɫɞɟɥɚɧɵ ɧɚ ɥɸɛɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɢ ɫɤɨɩɢɪɨɜɚɧɵ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ. ȼ ɞɚɧɧɨɣ ɝɥɚɜɟ ɨɩɢɫɵɜɚɟɬɫɹ ɩɪɨɰɟɫɫ ɪɟɩɥɢɤɚɰɢɢ ɜ Active Directory. Ƚɥɚɜɚ ɪɚɫɫɤɚɡɵɜɚɟɬ ɨ ɬɨɦ, ɤɚɤ ɪɚɛɨɬɚɟɬ ɪɟɩɥɢɤɚɰɢɹ, ɤɚɤ ɫɨɡɞɚɟɬɫɹ ɬɨɩɨɥɨɝɢɹ ɪɟɩɥɢɤɚɰɢɢ, ɢ ɤɚɤ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɤɨɩɢɪɭɸɬ ɢɧɮɨɪɦɚɰɢɸ ɞɪɭɝ ɭ ɞɪɭɝɚ.
Active Directory
ȼ ɝɥɚɜɟ 2 ɝɨɜɨɪɢɥɨɫɶ ɨ ɬɨɦ, ɱɬɨ Active Directory ɫɨɫɬɨɢɬ ɢɡ ɧɟɫɤɨɥɶɤɢɯ ɥɨɝɢɱɟɫɤɢɯ ɪɚɡɞɟɥɨɜ. Ɋɟɩɥɢɤɚɰɢɹ ɢɧɮɨɪɦɚɰɢɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɫ ɪɟɩɥɢɤɚɦɢ ɜɫɟɯ ɪɚɡɞɟɥɨɜ ɨɫɭɳɟɫɬɜɥɹɟɬɫɹ ɨɞɢɧɚɤɨɜɨ ɞɥɹ ɜɫɟɯ ɪɚɡɞɟɥɨɜ. Ʉɨɝɞɚ ɢɡɦɟɧɹɟɬɫɹ ɚɬɪɢɛɭɬ ɜ ɪɚɡɞɟɥɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ, ɨɧ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɬɚɤ ɠɟ, ɤɚɤ ɢ ɜ ɫɥɭɱɚɟ ɢɡɦɟɧɟɧɢɹ ɚɬɪɢɛɭɬɚ ɥɸɛɨɝɨ ɞɪɭɝɨɝɨ ɪɚɡɞɟɥɚ. ȿɞɢɧɫɬɜɟɧɧɨɟ ɨɬɥɢɱɢɟ ɫɨɫɬɨɢɬ ɜ ɫɩɢɫɤɟ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɩɨɥɭɱɚɬ ɤɨɩɢɸ ɪɟɩɥɢɰɢɪɭɟɦɨɝɨ ɢɡɦɟɧɟɧɢɹ. Ɋɟɩɥɢɤɚɰɢɹ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɜ ɨɞɧɨɦ ɢ ɬɨɦ ɠɟ ɫɚɣɬɟ ɨɛɪɚɛɚɬɵɜɚɟɬɫɹ ɢɧɚɱɟ, ɱɟɦ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɪɚɡɥɢɱɧɵɯ ɫɚɣɬɨɜ, ɧɨ ɨɫɧɨɜɧɚɹ ɦɨɞɟɥɶ ɧɟ ɢɡɦɟɧɹɟɬɫɹ. ȼ ɷɬɨɦ ɪɚɡɞɟɥɟ ɨɩɢɫɵɜɚɟɬɫɹ ɦɨɞɟɥɶ ɪɟɩɥɢɤɚɰɢɢ, ɤɨɬɨɪɚɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɜ Active Directory. ȼ ɨɬɥɢɱɢɟ ɨɬ ɦɨɞɟɥɢ ɪɟɩɥɢɤɚɰɢɢ ɫ ɟɞɢɧɫɬɜɟɧɧɵɦ ɯɨɡɹɢɧɨɦ, ɤɨɬɨɪɚɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɜ ɫɢɫɬɟɦɟ Microsoft Windows NT, Active Directory ɢɫɩɨɥɶɡɭɟɬ ɦɨɞɟɥɶ ɪɟɩɥɢɤɚɰɢɢ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɯɨɡɹɟɜɚɦɢ. ȼ Windows NT ɨɫɧɨɜɧɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ (PDC — Primary Domain Controller) ɹɜɥɹɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɩɪɢɧɢɦɚɬɶ ɢɡɦɟɧɟɧɢɹ ɢɧɮɨɪɦɚɰɢɢ ɞɨɦɟɧɚ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɢɡɦɟɧɟɧɢɟ ɫɞɟɥɚɧɨ, ɨɧɨ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɪɟɡɟɪɜɧɵɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ (BDC — Backup Domain Controllers). ɇɟɞɨɫɬɚɬɤɨɦ ɦɨɞɟɥɢ ɪɟɩɥɢɤɚɰɢɢ ɫ ɟɞɢɧɫɬɜɟɧɧɵɦ ɯɨɡɹɢɧɨɦ ɹɜɥɹɟɬɫɹ ɬɨ, ɱɬɨ ɨɧɚ ɧɟ ɦɚɫɲɬɚɛɢɪɭɟɬɫɹ ɞɥɹ ɛɨɥɶɲɨɣ ɪɚɫɩɪɟɞɟɥɟɧɧɨɣ ɫɪɟɞɵ. ɉɨɫɤɨɥɶɤɭ ɢɡɦɟɧɟɧɢɹ (ɧɚɩɪɢɦɟɪ, ɩɚɪɨɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ) ɦɨɝɭɬ ɜɵɩɨɥɧɹɬɶɫɹ ɬɨɥɶɤɨ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ PDC, ɷɬɨ ɦɨɠɟɬ ɫɬɚɬɶ ɭɡɤɢɦ ɦɟɫɬɨɦ, ɟɫɥɢ ɞɟɥɚɸɬɫɹ ɫɪɚɡɭ ɬɵɫɹɱɢ ɢɡɦɟɧɟɧɢɣ. Ʉɨɧɬɪɨɥɥɟɪ PDC ɧɚɯɨɞɢɬɫɹ ɬɨɥɶɤɨ ɜ ɨɞɧɨɦ ɦɟɫɬɟ ɤɨɦɩɚɧɢɢ, ɢ ɥɸɛɵɟ ɢɡɦɟɧɟɧɢɹ ɢɧɮɨɪɦɚɰɢɢ ɞɨɦɟɧɚ, ɪɚɫɩɨɥɨɠɟɧɧɨɝɨ ɜ ɭɞɚɥɟɧɧɨɦ ɦɟɫɬɟ, ɞɨɥɠɧɵ ɛɵɬɶ ɫɞɟɥɚɧɵ ɧɚ ɷɬɨɦ ɤɨɧɬɪɨɥɥɟɪɟ PDC. Ⱦɪɭɝɚɹ ɩɪɨɛɥɟɦɚ ɡɚɤɥɸɱɚɟɬɫɹ ɜ ɬɨɦ, ɱɬɨ ɤɨɧɬɪɨɥɥɟɪ PDC ɹɜɥɹɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɨɣ ɬɨɱɤɨɣ ɨɬɤɚɡɚ. ȿɫɥɢ ɨɧ ɧɟɞɨɫɬɭɩɟɧ, ɧɢɤɚɤɢɯ ɢɡɦɟɧɟɧɢɣ ɢɧɮɨɪɦɚɰɢɢ ɤɚɬɚɥɨɝɚ ɫɞɟɥɚɬɶ ɧɟɥɶɡɹ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɨɧ ɧɟ ɜɟɪɧɟɬɫɹ ɜ ɢɧɬɟɪɚɤɬɢɜɧɵɣ ɪɟɠɢɦ ɢɥɢ ɩɨɤɚ ɞɪɭɝɨɣ BDC-ɤɨɧɬɪɨɥɥɟɪ ɧɟ ɛɭɞɟɬ ɧɚɡɧɚɱɟɧ ɧɚ ɪɨɥɶ ɤɨɧɬɪɨɥɥɟɪɚ PDC. ȼ Active Directory ɢɡɦɟɧɟɧɢɹ ɢɧɮɨɪɦɚɰɢɢ ɞɨɦɟɧɚ ɦɨɝɭɬ ɛɵɬɶ ɫɞɟɥɚɧɵ ɧɚ ɥɸɛɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɬ.ɟ. ɤɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢɦɟɟɬ ɩɟɪɟɡɚɩɢɫɵɜɚɟɦɭɸ ɤɨɩɢɸ ɤɚɬɚɥɨɝɚ, ɚ ɤɨɧɬɪɨɥɥɟɪɚ PDC ɧɟ ɫɭɳɟɫɬɜɭɟɬ. Ʉɚɤ ɬɨɥɶɤɨ ɢɡɦɟɧɟɧɢɟ ɛɵɥɨ ɫɞɟɥɚɧɨ, ɨɧɨ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. Ɍɚɤɚɹ ɦɨɞɟɥɶ ɪɟɩɥɢɤɚɰɢɢ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɯɨɡɹɟɜɚɦɢ ɧɚɩɪɚɜɥɟɧɚ ɧɚ ɩɨɜɵɲɟɧɢɟ ɧɚɞɟɠɧɨɫɬɢ ɢ ɦɚɫɲɬɚɛɢɪɭɟɦɨɫɬɢ, ɜɟɞɶ ɢɡɦɟɧɟɧɢɹ ɜ ɤɚɬɚɥɨɝɟ ɦɨɠɧɨ ɞɟɥɚɬɶ ɧɚ ɥɸɛɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɝɞɟ ɨɧ ɪɚɫɩɨɥɨɠɟɧ. ɉɨɫɤɨɥɶɤɭ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɨɛɟɫɩɟɱɢɜɚɸɬ ɨɞɧɢ ɢ ɬɟ ɠɟ ɫɥɭɠɛɵ, ɨɬɤɚɡ ɨɞɧɨɝɨ ɢɯ ɧɢɯ ɧɟ ɹɜɥɹɟɬɫɹ ɤɪɢɬɢɱɧɵɦ ɞɥɹ ɜɫɟɣ ɫɢɫɬɟɦɵ. . 2 , Active Directory , . Э , . Ɇɨɞɟɥɶ ɪɟɩɥɢɤɚɰɢɢ, ɢɫɩɨɥɶɡɭɟɦɚɹ ɜ Active Directory, ɩɪɟɞɫɬɚɜɥɹɟɬ ɦɨɞɟɥɶ ɫ , ɨɛɥɚɞɚɸɳɭɸ ɫɯɨɞɢɦɨɫɬɶɸ. Ɋɟɩɥɢɤɚɰɢɹ ɧɟ ɹɜɥɹɟɬɫɹ ɠɟɫɬɤɨ ɫɨɝɥɚɫɨɜɚɧɧɨɣ, ɬɚɤ ɤɚɤ
ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɫɨɞɟɪɠɚɳɢɟ ɪɟɩɥɢɤɭ ɪɚɡɞɟɥɚ, ɧɟ ɜɫɟɝɞɚ ɢɦɟɸɬ ɢɞɟɧɬɢɱɧɭɸ ɢɧɮɨɪɦɚɰɢɸ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɧɨɜɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ ɫɨɡɞɚɧ ɧɚ ɨɞɧɨɦ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɧɟ ɩɨɥɭɱɚɬ ɷɬɭ ɢɧɮɨɪɦɚɰɢɸ ɞɨ ɫɥɟɞɭɸɳɟɝɨ ɰɢɤɥɚ ɪɟɩɥɢɤɚɰɢɢ. ɉɪɨɰɟɫɫ ɪɟɩɥɢɤɚɰɢɢ ɜɫɟɝɞɚ ɫɯɨɞɢɬɫɹ, ɬ.ɟ. ɟɫɥɢ ɫɢɫɬɟɦɚ ɩɨɞɞɟɪɠɢɜɚɟɬɫɹ ɜ ɫɬɚɰɢɨɧɚɪɧɨɦ ɫɨɫɬɨɹɧɢɢ, ɛɟɡ ɜɧɟɫɟɧɢɹ ɧɨɜɵɯ ɢɡɦɟɧɟɧɢɣ ɤ ɤɚɬɚɥɨɝɭ ɜ ɬɟɱɟɧɢɟ ɧɟɤɨɬɨɪɨɝɨ ɜɪɟɦɟɧɢ, ɬɨ ɜɫɟ
ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɞɨɫɬɢɝɧɭɬ ɟɞɢɧɨɨɛɪɚɡɧɨɝɨ ɫɨɫɬɨɹɧɢɹ ɢ ɛɭɞɭɬ ɢɦɟɬɶ ɢɞɟɧɬɢɱɧɭɸ ɢɧɮɨɪɦɚɰɢɸ. ɉɪɢ ɪɟɩɥɢɤɚɰɢɢ ɢɫɩɨɥɶɡɭɟɬɫɹ ɬɚɤɠɟ ɩɪɨɰɟɫɫ ɢ (store and forward). ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɦɨɠɟɬ ɩɨɥɭɱɚɬɶ ɢɡɦɟɧɟɧɢɟ ɤ ɤɚɬɚɥɨɝɭ, ɚ ɡɚɬɟɦ ɨɬɩɪɚɜɥɹɬɶ ɟɝɨ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. ɗɬɨ ɜɵɝɨɞɧɨ ɜ ɬɟɯ ɫɥɭɱɚɹɯ, ɤɨɝɞɚ ɧɟɫɤɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɧɚɯɨɞɹɳɢɯɫɹ ɜ ɪɚɡɧɵɯ ɨɮɢɫɚɯ ɤɨɦɩɚɧɢɢ, ɫɨɟɞɢɧɟɧɵ ɦɟɞɥɟɧɧɵɦɢ WAN-ɫɨɟɞɢɧɟɧɢɹɦɢ. ɂɡɦɟɧɟɧɢɟ ɤ ɤɚɬɚɥɨɝɭ ɦɨɠɟɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɫ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɨɞɧɨɝɨ ɢɡ ɫɚɣɬɨɜ ɧɚ ɟɞɢɧɫɬɜɟɧɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜɬɨɪɨɝɨ ɫɚɣɬɚ. Ʉɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɩɨɥɭɱɚɟɬ ɨɛɧɨɜɥɟɧɢɟ, ɦɨɠɟɬ ɡɚɬɟɦ ɩɟɪɟɩɪɚɜɢɬɶ ɢɡɦɟɧɟɧɢɹ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜɨ ɜɬɨɪɨɦ ɫɚɣɬɟ. Ʉɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɨɦ ɛɵɥɢ ɫɞɟɥɚɧɵ ɢɡɦɟɧɟɧɢɹ ɤɚɬɚɥɨɝɚ, ɧɟ ɞɨɥɠɟɧ ɤɨɩɢɪɨɜɚɬɶ ɢɡɦɟɧɟɧɢɹ ɧɟɩɨɫɪɟɞɫɬɜɟɧɧɨ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɤɚɤ ɷɬɨ ɢɦɟɟɬ ɦɟɫɬɨ ɜ ɦɨɞɟɥɢ ɪɟɩɥɢɤɚɰɢɢ ɫ ɟɞɢɧɫɬɜɟɧɧɵɦ ɯɨɡɹɢɧɨɦ.
Active Directory Windows Server 2003
Ɇɨɞɟɥɶ ɪɟɩɥɢɤɚɰɢɢ Active Directory Windows Server 2003, ɩɨ ɫɭɳɟɫɬɜɭ, ɫɨɜɩɚɞɚɟɬ ɫ ɬɨɣ, ɤɨɬɨɪɚɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɜ ɫɢɫɬɟɦɟ Microsoft Windows 2000, ɧɨ ɢɦɟɟɬ ɪɹɞ ɫɭɳɟɫɬɜɟɧɧɵɯ ɭɥɭɱɲɟɧɢɣ. • ɑɚɫɬɢɱɧɚɹ ɪɟɩɥɢɤɚɰɢɹ ɚɬɪɢɛɭɬɨɜ, ɢɦɟɸɳɢɯ ɧɟɫɤɨɥɶɤɨ ɡɧɚɱɟɧɢɣ. ȼ ɫɢɫɬɟɦɟ Windows 2000 ɚɬɪɢɛɭɬ ɹɜɥɹɥɫɹ ɫɚɦɨɣ ɦɚɥɟɧɶɤɨɣ ɟɞɢɧɢɰɟɣ ɪɟɩɥɢɤɚɰɢɢ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɢɡɦɟɧɟɧɢɟ ɨɞɧɨɝɨ ɢɡ ɧɟɫɤɨɥɶɤɢɯ ɡɧɚɱɟɧɢɣ ɜ ɚɬɪɢɛɭɬɟ ɦɨɠɟɬ ɫɨɡɞɚɜɚɬɶ ɫɭɳɟɫɬɜɟɧɧɵɣ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ. Ɍɢɩɢɱɧɵɣ ɩɪɢɦɟɪ ɬɚɤɨɣ ɫɢɬɭɚɰɢɢ ɫɜɹɡɚɧ ɫ ɭɧɢɜɟɪɫɚɥɶɧɵɦ ɱɥɟɧɫɬɜɨɦ ɝɪɭɩɩɵ. ɉɨɫɤɨɥɶɤɭ ɩɨɥɧɵɣ ɫɩɢɫɨɤ ɱɥɟɧɫɬɜɚ ɞɥɹ ɭɧɢɜɟɪɫɚɥɶɧɨɣ ɝɪɭɩɩɵ ɹɜɥɹɟɬɫɹ ɨɞɧɢɦ ɚɬɪɢɛɭɬɨɦ, ɬɨ ɞɨɛɚɜɥɟɧɢɟ ɨɞɧɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɤ ɭɧɢɜɟɪɫɚɥɶɧɨɣ ɝɪɭɩɩɟ ɩɪɢɜɨɞɢɬ ɤ ɡɧɚɱɢɬɟɥɶɧɨɣ ɪɟɩɥɢɤɚɰɢɢ, ɨɫɨɛɟɧɧɨ ɤɨɝɞɚ ɝɪɭɩɩɚ ɭɠɟ ɫɨɞɟɪɠɢɬ ɧɟɫɤɨɥɶɤɨ ɬɵɫɹɱ ɱɥɟɧɨɜ. ȼ Active Directory Windows Server 2003 ɚɬɪɢɛɭɬɵ, ɢɦɟɸɳɢɟ ɧɟɫɤɨɥɶɤɨ ɡɧɚɱɟɧɢɣ, ɩɨɞɨɛɧɵɟ ɱɥɟɧɫɬɜɭ ɝɪɭɩɩɵ, ɦɨɝɭɬ ɛɵɬɶ ɨɛɧɨɜɥɟɧɵ ɩɭɬɟɦ ɪɟɩɥɢɤɚɰɢɢ ɬɨɥɶɤɨ ɦɨɞɢɮɢɰɢɪɨɜɚɧɧɨɝɨ ɡɧɚɱɟɧɢɹ ɚɬɪɢɛɭɬɚ. • ɉɨɞɞɟɪɠɤɚ ɝɪɭɩɩ, ɫɨɞɟɪɠɚɳɢɯ ɛɨɥɟɟ 5000 ɱɥɟɧɨɜ. ȼ ɫɢɫɬɟɦɟ Windows 2000 ɝɪɭɩɩɵ ɧɟ ɦɨɝɭɬ ɫɨɞɟɪɠɚɬɶ ɛɨɥɟɟ 5000 ɱɥɟɧɨɜ ɢɡ-ɡɚ ɬɨɝɨ, ɱɬɨ ɪɟɩɥɢɤɚɰɢɢ ɦɨɞɢɮɢɤɚɰɢɣ ɜɵɩɨɥɧɹɟɬɫɹ ɧɚ ɭɪɨɜɧɟ ɚɬɪɢɛɭɬɨɜ. ɉɪɚɤɬɢɱɟɫɤɢɣ ɩɪɟɞɟɥ ɩɟɪɟɞɚɱɢ ɢɡɦɟɧɟɧɢɣ ɜ ɛɚɡɭ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ ɜ ɨɞɧɨɣ ɬɪɚɧɡɚɤɰɢɢ ɫɨɫɬɚɜɥɹɟɬ 5000 ɡɧɚɱɟɧɢɣ. ɗɬɨɬ ɩɪɟɞɟɥ ɨɩɪɟɞɟɥɹɟɬ ɦɚɤɫɢɦɚɥɶɧɨɟ ɤɨɥɢɱɟɫɬɜɨ ɨɛɧɨɜɥɟɧɢɣ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɜ ɩɪɨɰɟɫɫɟ ɨɞɧɨɣ ɪɟɩɥɢɤɚɰɢɢ. ȼ Active Directory Windows Server 2003 ɩɨɞɞɟɪɠɤɚ ɦɨɞɢɮɢɤɚɰɢɣ ɬɨɥɶɤɨ ɨɞɧɨɝɨ ɡɧɚɱɟɧɢɹ ɞɥɹ ɨɛɴɟɤɬɨɜ, ɢɦɟɸɳɢɯ ɧɟɫɤɨɥɶɤɨ ɡɧɚɱɟɧɢɣ, ɫɧɢɦɚɟɬ ɷɬɢ ɨɝɪɚɧɢɱɟɧɢɹ.
, Windows Server
. (interim) Windows Server 2003 Windows Server 2003. Windows Server 2003 , Windows Server 2003 Windows NT. . . 7.
2003.
•
•
, ,
ȼɨɡɦɨɠɧɨɫɬɶ ɨɬɤɥɸɱɚɬɶ ɫɠɚɬɢɟ ɩɪɢ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɜɟɫɶ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɫɠɢɦɚɟɬɫɹ ɤɚɤ ɞɥɹ Active Directory Windows 2000, ɬɚɤ ɢ ɞɥɹ Active Directory Windows Server 2003. ɗɬɨ ɞɚɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɭɸ ɧɚɝɪɭɡɤɭ ɧɚ ɩɪɨɰɟɫɫɨɪ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ɉɞɧɚɤɨ ɩɪɢ ɧɚɥɢɱɢɢ ɞɨɫɬɚɬɨɱɧɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɫɠɚɬɢɟ ɜ Active Directory Windows Server 2003 ɦɨɠɧɨ ɨɬɤɥɸɱɚɬɶ. ȼɨɡɦɨɠɧɨɫɬɶ ɭɜɟɞɨɦɥɟɧɢɣ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɪɟɩɥɢɤɚɰɢɹ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɩɪɨɢɡɜɨɞɢɬɫɹ ɩɨ ɝɪɚɮɢɤɭ ɫ ɡɚɞɚɧɧɨɣ ɱɚɫɬɨɬɨɣ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɨɣ ɧɚ ɫɜɹɡɹɯ ɫɚɣɬɚ. ȼ Active Directory Windows Server 2003 ɢɦɟɟɬɫɹ ɨɩɰɢɹ, ɩɨɡɜɨɥɹɸɳɚɹ ɜɤɥɸɱɚɬɶ ɭɜɟɞɨɦɥɟɧɢɹ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. ȿɫɥɢ ɭɜɟɞɨɦɥɟɧɢɹ ɜɤɥɸɱɟɧɵ, ɬɨ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ (bridgehead server) ɬɨɝɨ ɫɚɣɬɚ, ɝɞɟ ɩɪɨɢɡɨɲɥɨ ɢɡɦɟɧɟɧɢɟ, ɭɜɟɞɨɦɥɹɟɬ ɨɛ ɷɬɨɦ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɫɚɣɬɚ ɚɞɪɟɫɚɬɚ, ɢ ɢɡɦɟɧɟɧɢɹ ɩɟɪɟɞɚɸɬɫɹ ɩɨ ɫɜɹɡɹɦ ɫɚɣɬɚ. ɇɨɬɢɮɢɤɚɰɢɹ ɦɨɠɟɬ ɡɧɚɱɢɬɟɥɶɧɨ ɭɦɟɧɶɲɚɬɶ ɜɪɟɦɹ ɨɠɢɞɚɧɢɹ ɪɟɩɥɢɤɚɰɢɣ ɦɟɠɞɭ ɫɚɣɬɚɦɢ, ɧɨ ɩɪɢ ɷɬɨɦ ɡɧɚɱɢɬɟɥɶɧɨ ɭɜɟɥɢɱɢɜɚɟɬɫɹ ɫɟɬɟɜɨɣ ɬɪɚɮɢɤ.
. (
)
, -
ADSI Edit (site link object)
Options -
(connection object).
•
,
Options ( ,
)
;
.
ɍɥɭɱɲɟɧɧɚɹ ɝɟɧɟɪɚɰɢɹ ɬɨɩɨɥɨɝɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. ȼ ɫɢɫɬɟɦɟ Windows 2000 ɪɚɡɦɟɪ ɨɪɝɚɧɢɡɚɰɢɢ ɢɦɟɥ ɨɝɪɚɧɢɱɟɧɢɟ ɜ 100 ɫɚɣɬɨɜ ɜ ɥɟɫɭ. ɗɬɨ ɨɝɪɚɧɢɱɟɧɢɟ ɫɜɹɡɚɧɨ ɫɨ ɜɪɟɦɟɧɟɦ, ɤɨɬɨɪɨɟ ɬɪɟɛɭɟɬɫɹ ɫɥɭɠɛɟ Ʉɋɋ (Knowledge Consistency Checker — ɦɨɞɭɥɶ ɩɪɨɜɟɪɤɢ ɰɟɥɨɫɬɧɨɫɬɢ ɫɜɟɞɟɧɢɣ), ɞɥɹ ɬɨɝɨ ɱɬɨɛɵ ɜɵɱɢɫɥɢɬɶ ɬɨɩɨɥɨɝɢɸ ɦɚɪɲɪɭɬɢɡɚɰɢɢ ɞɥɹ ɬɚɤɨɝɨ ɤɨɥɢɱɟɫɬɜɚ ɫɚɣɬɨɜ. ɗɬɨ ɨɝɪɚɧɢɱɟɧɢɟ ɜ Active Directory Windows Server 2003 ɫɧɹɬɨ.
Ɉɞɧɚ ɢɡ ɝɥɚɜɧɵɯ ɩɪɢɱɢɧ ɫɨɡɞɚɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɫɚɣɬɨɜ ɜ Active Directory ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɢɦɟɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɭɩɪɚɜɥɟɧɢɹ ɬɪɚɮɢɤɨɦ ɪɟɩɥɢɤɚɰɢɢ. ɉɨɫɤɨɥɶɤɭ ɩɪɟɞɩɨɥɚɝɚɟɬɫɹ, ɱɬɨ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɫɜɹɡɚɧɵ ɜɵɫɨɤɨɫɤɨɪɨɫɬɧɵɦɢ ɫɨɟɞɢɧɟɧɢɹɦɢ, ɬɨ ɪɟɩɥɢɤɚɰɢɹ ɦɟɠɞɭ ɧɢɦɢ ɨɩɬɢɦɢɡɢɪɭɟɬɫɹ ɞɥɹ ɩɨɥɭɱɟɧɢɹ ɦɚɤɫɢɦɚɥɶɧɨɣ ɫɤɨɪɨɫɬɢ ɢ ɭɦɟɧɶɲɟɧɢɹ ɜɪɟɦɟɧɢ ɨɠɢɞɚɧɢɹ. Ɉɞɧɚɤɨ ɟɫɥɢ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɩɟɪɟɫɟɤɚɟɬ ɧɢɡɤɨɫɤɨɪɨɫɬɧɨɟ ɫɨɟɞɢɧɟɧɢɟ, ɬɨ ɫɨɯɪɚɧɟɧɢɟ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɫɟɬɢ ɫɬɚɧɨɜɢɬɫɹ ɫɟɪɶɟɡɧɨɣ ɩɪɨɛɥɟɦɨɣ. ɋɨɡɞɚɧɢɟ ɧɟɫɤɨɥɶɤɢɯ ɫɚɣɬɨɜ ɩɨɡɜɨɥɹɟɬ ɫɨɯɪɚɧɹɬɶ ɩɪɨɩɭɫɤɧɭɸ ɫɩɨɫɨɛɧɨɫɬɶ ɫɟɬɢ. ɋɨɜɟɬ. ȿɫɥɢ ɜɵ ɪɚɛɨɬɚɥɢ ɫ Microsoft Exchange Server 5.5 ɢɥɢ ɛɨɥɟɟ ɪɚɧɧɟɣ ɜɟɪɫɢɟɣ, ɪɚɡɥɢɱɢɹ ɩɪɨɰɟɫɫɨɜ ɪɟɩɥɢɤɚɰɢɢ ɜɧɭɬɪɢ ɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɜɚɦ ɡɧɚɤɨɦɵ. ɋɥɭɠɛɚ Active Directory ɢɫɩɨɥɶɡɭɟɬ ɦɧɨɝɢɟ ɩɪɢɧɰɢɩɵ ɭɩɪɚɜɥɟɧɢɹ ɪɟɩɥɢɤɚɰɢɟɣ ɜ Exchange Server 5.5.
Ɉɫɧɨɜɧɚɹ ɰɟɥɶ ɪɟɩɥɢɤɚɰɢɢ ɜɧɭɬɪɢ ɫɚɣɬɚ ɫɨɫɬɨɢɬ ɜ ɭɦɟɧɶɲɟɧɢɢ ɜɪɟɦɟɧɢ ɨɠɢɞɚɧɢɹ ɪɟɩɥɢɤɚɰɢɢ, ɬ.ɟ. ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫɚɣɬɚ ɞɨɥɠɧɵ ɨɛɧɨɜɥɹɬɶɫɹ ɧɚɫɬɨɥɶɤɨ ɛɵɫɬɪɨ, ɧɚɫɤɨɥɶɤɨ ɷɬɨ ɜɨɡɦɨɠɧɨ. Ɍɪɚɮɢɤ ɜɧɭɬɪɟɧɧɟɣ ɪɟɩɥɢɤɚɰɢɢ ɯɚɪɚɤɬɟɪɢɡɭɟɬɫɹ ɫɥɟɞɭɸɳɢɦ. • Ɋɟɩɥɢɤɚɰɢɹ ɩɪɨɢɫɯɨɞɢɬ ɫɪɚɡɭ ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɩɪɨɢɡɨɲɥɨ ɢɡɦɟɧɟɧɢɟ ɢɧɮɨɪɦɚɰɢɢ Active Directory. ɉɨ ɭɦɨɥɱɚɧɢɸ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɨɠɢɞɚɟɬ 15 ɫ ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɢɡɦɟɧɟɧɢɟ ɛɵɥɨ ɫɞɟɥɚɧɨ, ɚ ɡɚɬɟɦ ɧɚɱɢɧɚɟɬ ɤɨɩɢɪɨɜɚɬɶ ɷɬɨ ɢɡɦɟɧɟɧɢɟ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɫɚɣɬɟ. ɉɨɫɥɟ ɡɚɜɟɪɲɟɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɫ ɨɞɧɢɦ ɩɚɪɬɧɟɪɨɦ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɨɠɢɞɚɟɬ 3 ɫ, ɚ ɡɚɬɟɦ ɧɚɱɢɧɚɟɬ ɪɟɩɥɢɤɚɰɢɸ ɫ ɞɪɭɝɢɦ ɩɚɪɬɧɟɪɨɦ. Ɉɠɢɞɚɧɢɟ ɜ 15 ɫ ɧɟɨɛɯɨɞɢɦɨ ɞɥɹ ɭɜɟɥɢɱɟɧɢɹ ɷɮɮɟɤɬɢɜɧɨɫɬɢ ɪɟɩɥɢɤɚɰɢɢ ɜ ɫɥɭɱɚɟ, ɟɫɥɢ ɤ ɢɧɮɨɪɦɚɰɢɢ ɪɚɡɞɟɥɚ ɛɭɞɭɬ ɫɞɟɥɚɧɵ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɢɡɦɟɧɟɧɢɹ. ɉɪɨɞɨɥɠɢɬɟɥɶɧɨɫɬɶ ɩɟɪɢɨɞɚ ɨɠɢɞɚɧɢɹ ɦɨɠɟɬ ɛɵɬɶ ɢɡɦɟɧɟɧɚ ɱɟɪɟɡ ɫɢɫɬɟɦɧɵɣ ɪɟɟɫɬɪ Windows 2000 ɢɥɢ Windows Server 2003 (ɨɛɪɚɬɢɬɟɫɶ ɤ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɦ ɪɚɡɞɟɥɚɦ ɜ ɤɨɦɩɥɟɤɬɟ ɪɟɫɭɪɫɨɜ Resource Kits ɡɚ ɩɨɞɪɨɛɧɨɫɬɹɦɢ). ɇɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows Server 2003 ɷɬɨ ɡɧɚɱɟɧɢɟ ɦɨɠɧɨ ɢɡɦɟɧɢɬɶ ɞɥɹ ɤɚɠɞɨɝɨ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ, ɢɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬ ADSI Edit. • Ɍɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɧɟ ɫɠɚɬ. ɉɨɫɤɨɥɶɤɭ ɜɫɟ ɤɨɦɩɶɸɬɟɪɵ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɫɜɹɡɚɧɵ ɜɵɫɨɤɨɫɤɨɪɨɫɬɧɵɦɢ ɫɨɟɞɢɧɟɧɢɹɦɢ, ɞɚɧɧɵɟ ɩɨɫɵɥɚɸɬɫɹ ɛɟɡ ɫɠɚɬɢɹ. ɋɠɚɬɢɟ ɞɚɧɧɵɯ ɪɟɩɥɢɤɚɰɢɢ ɞɨɛɚɜɥɹɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɭɸ ɧɚɝɪɭɡɤɭ ɧɚ ɫɟɪɜɟɪ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɉɪɢ ɨɬɫɭɬɫɬɜɢɢ ɬɪɚɮɢɤɚ ɪɟɩɥɢɤɚɰɢɢ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɶ ɫɟɪɜɟɪɚ ɫɨɯɪɚɧɹɟɬɫɹ ɡɚ ɫɱɟɬ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɫɟɬɢ. • ɉɪɨɰɟɫɫ ɪɟɩɥɢɤɚɰɢɢ ɢɧɢɰɢɢɪɭɟɬɫɹ ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɭɜɟɞɨɦɥɟɧɢɟɦ, ɩɪɢɲɟɞɲɢɦ ɨɬ ɤɨɧɬɪɨɥɥɟɪɚ-ɨɬɩɪɚɜɢɬɟɥɹ. ɉɨɫɥɟ ɢɡɦɟɧɟɧɢɹ ɜ ɛɚɡɟ ɞɚɧɧɵɯ ɤɨɦɩɶɸɬɟɪ-ɨɬɩɪɚɜɢɬɟɥɶ ɨɛɧɨɜɥɟɧɢɣ ɭɜɟɞɨɦɥɹɟɬ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɚɞɪɟɫɚɬɚ ɨ ɬɨɦ, ɱɬɨ ɩɪɨɢɡɨɲɥɨ ɨɛɧɨɜɥɟɧɢɟ. Ʉɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɚɞɪɟɫɚɬɚ ɡɚɛɢɪɚɟɬ ɢɡɦɟɧɟɧɢɹ ɫ ɩɨɦɨɳɶɸ ɩɪɨɰɟɞɭɪɵ ɭɞɚɥɟɧɧɨɝɨ ɜɵɡɨɜɚ (RPC). ɉɨɫɥɟ ɨɤɨɧɱɚɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɤɨɧɬɪɨɥɥɟɪ-ɨɬɩɪɚɜɢɬɟɥɶ ɭɜɟɞɨɦɥɹɟɬ ɞɪɭɝɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɚɞɪɟɫɚɬɚ, ɤɨɬɨɪɵɣ ɬɚɤɠɟ ɡɚɛɢɪɚɟɬ ɢɡɦɟɧɟɧɢɹ. ɗɬɨɬ ɩɪɨɰɟɫɫ ɩɪɨɞɨɥɠɚɟɬɫɹ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɜɫɟ ɩɚɪɬɧɟɪɵ ɩɨ ɪɟɩɥɢɤɚɰɢɢ ɧɟ ɛɭɞɭɬ ɨɛɧɨɜɥɟɧɵ. • Ɍɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɩɨɫɵɥɚɟɬɫɹ ɧɟɫɤɨɥɶɤɢɦ ɩɚɪɬɧɟɪɚɦ ɜ ɬɟɱɟɧɢɟ ɤɚɠɞɨɝɨ ɰɢɤɥɚ ɪɟɩɥɢɤɚɰɢɢ. ɉɨɫɥɟ ɥɸɛɨɝɨ ɢɡɦɟɧɟɧɢɹ ɤɚɬɚɥɨɝɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɛɭɞɟɬ ɤɨɩɢɪɨɜɚɬɶ ɢɧɮɨɪɦɚɰɢɸ ɜɫɟɦ ɩɪɹɦɵɦ ɩɚɪɬɧɟɪɚɦ ɩɨ ɪɟɩɥɢɤɚɰɢɢ; ɷɬɨ ɦɨɝɭɬ ɛɵɬɶ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɫɚɣɬɟ ɢɥɢ ɬɨɥɶɤɨ ɧɟɤɨɬɨɪɵɟ ɢɡ ɧɢɯ. • ɂɡɦɟɧɢɬɶ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɧɟɬɪɭɞɧɨ. Ɇɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɨɛɴɟɤɬɵ-ɫɜɹɡɢ ɜɪɭɱɧɭɸ ɱɟɪɟɡ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Sites And Services (ɋɚɣɬɵ ɢ ɫɥɭɠɛɵ Active Directory), ɢɡɦɟɧɢɬɶ ɧɟɤɨɬɨɪɵɟ ɡɧɚɱɟɧɢɹ (ɧɚɩɪɢɦɟɪ,
•
ɧɚɱɚɥɶɧɨɟ ɭɜɟɞɨɦɥɟɧɢɟ ɩɚɪɬɧɟɪɚ ɩɨ ɪɟɩɥɢɤɚɰɢɢ) ɱɟɪɟɡ ɫɢɫɬɟɦɧɵɣ ɪɟɟɫɬɪ (ɨɛɪɚɬɢɬɟɫɶ ɤ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɦ ɪɚɡɞɟɥɚɦ ɞɨɤɭɦɟɧɬɚ Resource Kits ɡɚ ɩɨɞɪɨɛɧɨɫɬɹɦɢ) ɢɥɢ ɱɟɪɟɡ ɨɛɴɟɤɬ Partition (Ɋɚɡɞɟɥ), ɟɫɥɢ ɜɚɲ ɥɟɫ ɪɚɛɨɬɚɟɬ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows Server 2003. ɇɨ ɜ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɷɬɨɝɨ ɞɟɥɚɬɶ ɧɟ ɩɪɢɞɟɬɫɹ.
Ɉɫɧɨɜɧɚɹ ɰɟɥɶ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɭɦɟɧɶɲɢɬɶ ɧɚɝɪɭɡɤɭ ɧɚ ɫɟɬɶ, ɤɨɬɨɪɚɹ ɩɪɨɢɫɯɨɞɢɬ ɢɡ-ɡɚ ɬɪɚɮɢɤɚ ɪɟɩɥɢɤɚɰɢɢ. Ɍɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɯɚɪɚɤɬɟɪɢɡɭɟɬɫɹ ɫɥɟɞɭɸɳɢɦ. • Ɋɟɩɥɢɤɚɰɢɹ ɢɧɢɰɢɢɪɭɟɬɫɹ ɫɨɝɥɚɫɧɨ ɝɪɚɮɢɤɭ, ɚ ɧɟ ɬɨɝɞɚ, ɤɨɝɞɚ ɫɞɟɥɚɧɵ ɢɡɦɟɧɟɧɢɹ. ɑɬɨɛɵ ɭɩɪɚɜɥɹɬɶ ɪɟɩɥɢɤɚɰɢɟɣ ɦɟɠɞɭ ɫɚɣɬɚɦɢ, ɧɭɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɤɚɧɚɥ ɫɜɹɡɢ, ɫɨɟɞɢɧɹɸɳɢɣ ɷɬɢ ɫɚɣɬɵ. Ɉɞɧɨɣ ɢɡ ɨɩɰɢɣ ɹɜɥɹɟɬɫɹ ɜɪɟɦɹ, ɤɨɝɞɚ ɛɭɞɭɬ ɩɪɨɢɫɯɨɞɢɬɶ ɪɟɩɥɢɤɚɰɢɢ. Ⱦɪɭɝɚɹ ɨɩɰɢɹ ɭɫɬɚɧɚɜɥɢɜɚɟɬ ɢɧɬɟɪɜɚɥ, ɩɨɤɚɡɵɜɚɸɳɢɣ ɬɨ, ɤɚɤ ɱɚɫɬɨ ɛɭɞɭɬ ɩɪɨɢɫɯɨɞɢɬɶ ɪɟɩɥɢɤɚɰɢɢ ɜ ɬɟɱɟɧɢɟ ɧɚɦɟɱɟɧɧɨɝɨ ɜɪɟɦɟɧɢ. ȿɫɥɢ ɩɪɨɩɭɫɤɧɚɹ ɫɩɨɫɨɛɧɨɫɬɶ ɫɟɬɢ, ɫɨɟɞɢɧɹɸɳɟɣ ɨɮɢɫɵ ɤɨɦɩɚɧɢɢ, ɨɝɪɚɧɢɱɟɧɚ, ɪɟɩɥɢɤɚɰɢɢ ɦɨɠɟɬ ɛɵɬɶ ɧɚɦɟɱɟɧɚ ɧɚ ɧɟɪɚɛɨɱɢɟ ɱɚɫɵ. • Ɍɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɫɠɢɦɚɟɬɫɹ ɩɪɢɛɥɢɡɢɬɟɥɶɧɨ ɧɚ 10 - 15 ɩɪɨɰɟɧɬɨɜ ɨɬ ɩɟɪɜɨɧɚɱɚɥɶɧɨɝɨ ɪɚɡɦɟɪɚ, ɟɫɥɢ ɨɧ ɫɨɫɬɚɜɥɹɟɬ ɫɜɵɲɟ 32 Ʉɛ. ɑɬɨɛɵ ɫɨɯɪɚɧɢɬɶ ɩɪɨɩɭɫɤɧɭɸ ɫɩɨɫɨɛɧɨɫɬɶ ɫɟɬɢ, ɫɟɪɜɟɪɵ-ɩɥɚɰɞɚɪɦɵ ɤɚɠɞɨɝɨ ɫɚɣɬɚ ɫɠɢɦɚɸɬ ɬɪɚɮɢɤ ɡɚ ɫɱɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɩɪɨɰɟɫɫɨɪɚ. • Ⱦɥɹ ɩɪɟɞɭɩɪɟɠɞɟɧɢɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɞɪɭɝɨɝɨ ɫɚɣɬɚ ɨɛ ɢɡɦɟɧɟɧɢɹɯ ɤɚɬɚɥɨɝɚ ɭɜɟɞɨɦɥɟɧɢɹ ɧɟ ɢɫɩɨɥɶɡɭɸɬɫɹ. ȼɦɟɫɬɨ ɷɬɨɝɨ ɜɪɟɦɹ ɪɟɩɥɢɤɚɰɢɢ ɨɩɪɟɞɟɥɹɟɬɫɹ ɩɨ ɪɚɫɩɢɫɚɧɢɸ. • ɉɨɞɤɥɸɱɟɧɢɹ, ɤɨɬɨɪɵɟ ɜɵɩɨɥɧɹɸɬ ɪɟɩɥɢɤɚɰɢɸ ɦɟɠɞɭ ɫɚɣɬɚɦɢ, ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɩɪɨɬɨɤɨɥ ɢɧɬɟɪɧɟɬɚ (IP) ɢɥɢ ɩɪɨɬɨɤɨɥ ɷɥɟɤɬɪɨɧɧɨɣ ɩɨɱɬɵ (SMTP). ɉɪɨɬɨɤɨɥ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬɫɹ ɩɪɢ ɩɨɞɤɥɸɱɟɧɢɢ, ɨɩɪɟɞɟɥɹɟɬɫɹ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɶɸ ɢ ɧɚɞɟɠɧɨɫɬɶɸ ɫɟɬɢ, ɤɨɬɨɪɚɹ ɫɜɹɡɵɜɚɟɬ ɪɚɡɧɵɟ ɨɮɢɫɵ ɤɨɦɩɚɧɢɢ. • Ɍɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɩɨɫɵɥɚɟɬɫɹ ɧɟ ɩɚɪɬɧɟɪɚɦ ɩɨ ɪɟɩɥɢɤɚɰɢɢ, ɚ ɱɟɪɟɡ ɫɟɪɜɟɪɵ-ɩɥɚɰɞɚɪɦɵ. ɂɡɦɟɧɟɧɢɹ ɤɚɬɚɥɨɝɚ ɫɚɣɬɚ ɪɟɩɥɢɰɢɪɭɸɬɫɹ ɧɚ ɟɞɢɧɫɬɜɟɧɧɵɣ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ (ɨɞɢɧ ɧɚ ɤɚɠɞɵɣ ɪɚɡɞɟɥ ɤɚɬɚɥɨɝɚ) ɷɬɨɝɨ ɫɚɣɬɚ, ɚ ɡɚɬɟɦ — ɧɚ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɞɪɭɝɨɝɨ ɫɚɣɬɚ. Ⱦɚɥɟɟ ɢɡɦɟɧɟɧɢɹ ɪɟɩɥɢɰɢɪɭɸɬɫɹ ɫ ɫɟɪɜɟɪɚ-ɩɥɚɰɞɚɪɦɚ ɜɬɨɪɨɝɨ ɫɚɣɬɚ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɷɬɨɝɨ ɫɚɣɬɚ. • ȼɵ ɦɨɠɟɬɟ ɥɟɝɤɨ ɢɡɦɟɧɹɬɶ ɩɨɬɨɤ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ, ɢɡɦɟɧɹɹ ɩɪɚɤɬɢɱɟɫɤɢ ɤɚɠɞɵɣ ɤɨɦɩɨɧɟɧɬ ɪɟɩɥɢɤɚɰɢɢ. . Active Directory , , . ,
,
,—
5.
Ɋɟɩɥɢɤɚɰɢɹ ɜ Active Directory Windows Server 2003 ɪɟɚɥɢɡɨɜɚɧɚ ɬɚɤɢɦ ɨɛɪɚɡɨɦ, ɱɬɨ ɤɨɩɢɪɨɜɚɧɢɟ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɢɡɦɟɧɟɧɢɣ, ɫɞɟɥɚɧɧɵɯ ɧɚ ɨɞɧɨɦ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ, ɦɨɠɟɬ ɡɚɧɢɦɚɬɶ ɧɟɤɨɬɨɪɨɟ ɜɪɟɦɹ. ɗɬɚ ɜɪɟɦɟɧɧɚɹ ɡɚɞɟɪɠɤɚ ɧɚɡɵɜɚɟɬɫɹ (replication latency). ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɜɪɟɦɹ ɨɠɢɞɚɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɥɟɝɤɨ ɜɵɱɢɫɥɢɬɶ, ɨɫɨɛɟɧɧɨ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ. Ʉɚɤ ɭɠɟ ɝɨɜɨɪɢɥɨɫɶ, ɥɸɛɨɟ ɢɡɦɟɧɟɧɢɟ, ɫɞɟɥɚɧɧɨɟ ɜ ɛɚɡɟ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ ɧɚ ɨɞɧɨɦ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɛɭɞɟɬ ɤɨɩɢɪɨɜɚɬɶɫɹ ɩɚɪɬɧɟɪɚɦ ɩɨ ɪɟɩɥɢɤɚɰɢɢ ɩɪɢɛɥɢɡɢɬɟɥɶɧɨ ɱɟɪɟɡ 15 ɫ. Ʉɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɚɞɪɟɫɚɬɚ ɡɚɞɟɪɠɢɬ ɷɬɨ ɢɡɦɟɧɟɧɢɟ ɧɚ 15 ɫ, ɚ ɡɚɬɟɦ ɩɟɪɟɞɚɫɬ ɟɝɨ ɫɜɨɢɦ ɩɚɪɬɧɟɪɚɦ ɩɨ ɪɟɩɥɢɤɚɰɢɢ. ȼɪɟɦɹ ɨɠɢɞɚɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɩɪɢɛɥɢɡɢɬɟɥɶɧɨ ɪɚɜɧɨ 15-ɬɢ ɫɟɤɭɧɞɚɦ, ɭɦɧɨɠɟɧɧɵɦ ɧɚ ɤɨɥɢɱɟɫɬɜɨ ɪɟɬɪɚɧɫɥɹɰɢɣ, ɤɨɬɨɪɵɟ ɩɨɬɪɟɛɭɸɬɫɹ, ɩɪɟɠɞɟ ɱɟɦ ɢɧɮɨɪɦɚɰɢɹ ɞɨɫɬɢɝɧɟɬ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. Ɍɨɩɨɥɨɝɢɹ ɪɟɩɥɢɤɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɧɢɤɨɝɞɚ ɧɟ ɬɪɟɛɭɟɬ ɛɨɥɟɟ ɬɪɟɯ ɪɟɬɪɚɧɫɥɹɰɢɣ, ɬɚɤ ɱɬɨ ɦɚɤɫɢɦɚɥɶɧɨɟ ɜɪɟɦɹ ɨɠɢɞɚɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɫɨɫɬɚɜɥɹɟɬ ɩɪɢɦɟɪɧɨ 45 ɫ. Ɉɩɪɟɞɟɥɢɬɶ ɜɪɟɦɹ ɨɠɢɞɚɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɧɟɫɤɨɥɶɤɨ ɬɪɭɞɧɟɟ. ɉɪɟɠɞɟ ɜɫɟɝɨ, ɜɵ ɞɨɥɠɧɵ ɜɵɱɢɫɥɢɬɶ ɜɪɟɦɹ ɨɠɢɞɚɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɢɫɯɨɞɧɨɝɨ ɫɚɣɬɚ. ɗɬɨ ɬɨ ɜɪɟɦɹ,
ɤɨɬɨɪɨɟ ɩɨɬɪɟɛɭɟɬɫɹ ɞɥɹ ɤɨɩɢɪɨɜɚɧɢɹ ɢɡɦɟɧɟɧɢɣ, ɫɞɟɥɚɧɧɵɯ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɫɚɣɬɚɢɫɬɨɱɧɢɤɚ, ɧɚ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɬɨɝɨ ɠɟ ɫɚɣɬɚ. Ʉɚɤ ɬɨɥɶɤɨ ɢɧɮɨɪɦɚɰɢɹ ɞɨɫɬɢɝɧɟɬ ɫɟɪɜɟɪɚɩɥɚɰɞɚɪɦɚ ɫɚɣɬɚ-ɢɫɬɨɱɧɢɤɚ, ɜɪɟɦɹ, ɤɨɬɨɪɨɟ ɩɨɬɪɟɛɭɟɬɫɹ ɢɧɮɨɪɦɚɰɢɢ ɞɥɹ ɩɨɩɚɞɚɧɢɹ ɧɚ ɫɚɣɬ ɚɞɪɟɫɚɬɚ, ɨɩɪɟɞɟɥɹɟɬɫɹ ɪɚɫɩɢɫɚɧɢɟɦ ɫɜɹɡɢ ɷɬɨɝɨ ɫɚɣɬɚ ɢ ɢɧɬɟɪɜɚɥɨɦ ɦɟɠɞɭ ɪɟɩɥɢɤɚɰɢɹɦɢ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɪɟɩɥɢɤɚɰɢɢ ɜɵɩɨɥɧɹɸɬɫɹ ɤɚɠɞɵɟ 3 ɱɚɫɚ ɜ ɬɟɱɟɧɢɟ ɞɧɹ. ȿɫɥɢ ɷɬɨ ɡɧɚɱɟɧɢɟ ɧɟ ɢɡɦɟɧɟɧɨ, ɬɨ ɷɬɢ 3 ɱɚɫɚ ɦɨɠɧɨ ɞɨɛɚɜɢɬɶ ɤɨ ɜɪɟɦɟɧɢ ɨɠɢɞɚɧɢɹ ɪɟɩɥɢɤɚɰɢɢ. Ʉɨɝɞɚ ɢɧɮɨɪɦɚɰɢɹ ɞɨɫɬɢɝɚɟɬ ɫɟɪɜɟɪɚ-ɩɥɚɰɞɚɪɦɚ ɧɚ ɫɚɣɬɟ ɚɞɪɟɫɚɬɚ, ɬɨ ɤ ɨɛɳɟɦɭ ɜɪɟɦɟɧɢ ɨɠɢɞɚɧɢɹ ɧɭɠɧɨ ɞɨɛɚɜɢɬɶ ɟɳɟ ɢ ɜɪɟɦɹ ɨɠɢɞɚɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɜɧɭɬɪɢ ɫɚɣɬɚ ɞɥɹ ɫɚɣɬɚ ɚɞɪɟɫɚɬɚ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɩɨɥɭɱɟɧɧɨɟ ɜɪɟɦɹ ɨɠɢɞɚɧɢɹ ɦɨɠɟɬ ɛɵɬɶ ɞɨɫɬɚɬɨɱɧɨ ɜɟɥɢɤɨ. ɑɬɨɛɵ ɭɦɟɧɶɲɢɬɶ ɟɝɨ, ɧɟɨɛɯɨɞɢɦɨ ɫɨɤɪɚɬɢɬɶ ɢɧɬɟɪɜɚɥ ɪɟɩɥɢɤɚɰɢɣ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɞɨ 15 ɦɢɧɭɬ (ɦɢɧɢɦɚɥɶɧɨɟ ɡɧɚɱɟɧɢɟ). ɍɩɪɚɜɥɟɧɢɟ ɜɪɟɦɟɧɟɦ ɨɠɢɞɚɧɢɹ ɪɟɩɥɢɤɚɰɢɣ ɩɪɟɞɩɨɥɚɝɚɟɬ ɛɚɥɚɧɫɢɪɨɜɚɧɢɟ ɦɟɠɞɭ ɩɨɬɪɟɛɧɨɫɬɶɸ ɜ ɤɨɪɨɬɤɨɦ ɜɪɟɦɟɧɢ ɨɠɢɞɚɧɢɹ ɢ ɨɝɪɚɧɢɱɟɧɢɟɦ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɫɟɬɢ. ȿɫɥɢ ɬɪɟɛɭɟɬɫɹ ɨɱɟɧɶ ɤɨɪɨɬɤɨɟ ɜɪɟɦɹ ɨɠɢɞɚɧɢɹ, ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɞɨɥɠɧɵ ɛɵɬɶ ɩɨɦɟɳɟɧɵ ɜ ɨɞɢɧ ɢ ɬɨɬ ɠɟ ɫɚɣɬ, ɜ ɷɬɨɦ ɫɥɭɱɚɟ ɨɧɨ ɛɭɞɟɬ ɪɚɜɧɹɬɶɫɹ ɩɪɢɦɟɪɧɨ 45 ɫ ɞɥɹ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. Ɉɞɧɚɤɨ ɟɫɥɢ ɨɮɢɫɵ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ ɫɨɟɞɢɧɟɧɵ WAN-ɫɜɹɡɹɦɢ ɫ ɨɝɪɚɧɢɱɟɧɧɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɶɸ, ɜɚɦ ɩɨɬɪɟɛɭɟɬɫɹ ɧɟɫɤɨɥɶɤɨ ɫɚɣɬɨɜ, ɢ ɜɪɟɦɹ ɨɠɢɞɚɧɢɹ ɪɟɩɥɢɤɚɰɢɣ ɭɜɟɥɢɱɢɬɫɹ. ɂɧɨɝɞɚ ɜɪɟɦɹ ɨɠɢɞɚɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɦɨɠɟɬ ɨɤɚɡɚɬɶɫɹ ɫɥɢɲɤɨɦ ɛɨɥɶɲɢɦ, ɧɚɩɪɢɦɟɪ, ɤɨɝɞɚ ɜ ɤɚɬɚɥɨɝɟ ɦɟɧɹɟɬɫɹ ɚɬɪɢɛɭɬ, ɫɜɹɡɚɧɧɵɣ ɫ ɡɚɳɢɬɨɣ. Ⱦɥɹ ɷɬɢɯ ɫɢɬɭɚɰɢɣ Active Directory ɢɫɩɨɥɶɡɭɟɬ (urgent replication), ɩɪɢ ɤɨɬɨɪɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɟɪɟɞɚɟɬ ɢɡɦɟɧɟɧɢɹ ɫɜɨɢɦ ɩɚɪɬɧɟɪɚɦ ɩɨ ɪɟɩɥɢɤɚɰɢɢ ɧɟɦɟɞɥɟɧɧɨ. Ʌɸɛɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɩɨɥɭɱɢɜɲɢɣ ɫɪɨɱɧɨɟ ɨɛɧɨɜɥɟɧɢɟ, ɨɬɩɪɚɜɢɬ ɢɡɦɟɧɟɧɢɟ ɧɟɦɟɞɥɟɧɧɨ. Ɍɚɤɢɦ ɨɛɪɚɡɨɦ, ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɫɚɣɬɟ ɨɛɧɨɜɹɬ ɢɧɮɨɪɦɚɰɢɸ ɜ ɬɟɱɟɧɢɟ ɧɟɫɤɨɥɶɤɢɯ ɫɟɤɭɧɞ. ɋɪɨɱɧɵɟ ɪɟɩɥɢɤɚɰɢɢ ɦɨɝɭɬ ɛɵɬɶ ɜɵɡɜɚɧɵ ɫɥɟɞɭɸɳɢɦɢ ɬɢɩɚɦɢ ɢɡɦɟɧɟɧɢɣ. • ɂɡɦɟɧɟɧɢɟ ɩɨɥɢɬɢɤɢ ɛɥɨɤɢɪɨɜɤɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɞɥɹ ɞɨɦɟɧɚ. • ɂɡɦɟɧɟɧɢɟ ɩɨɥɢɬɢɤɢ ɩɚɪɨɥɟɣ ɞɨɦɟɧɚ. • ɉɟɪɟɦɟɳɟɧɢɟ ɪɨɥɢ ɯɨɡɹɢɧɚ ɨɬɧɨɫɢɬɟɥɶɧɨɝɨ ɢɞɟɧɬɢɮɢɤɚɬɨɪɚ (RID) ɧɚ ɧɨɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. • ɂɡɦɟɧɟɧɢɟ ɛɟɡɨɩɚɫɧɨɫɬɢ ɥɨɤɚɥɶɧɵɯ ɫɪɟɞɫɬɜ ɡɚɳɢɬɵ (LSA - Local Security Authority), ɧɚɩɪɢɦɟɪ, ɤɨɝɞɚ ɢɡɦɟɧɹɟɬɫɹ ɩɚɪɨɥɶ ɤɨɦɩɶɸɬɟɪɚ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɫɪɨɱɧɵɟ ɨɛɧɨɜɥɟɧɢɹ ɩɪɢɦɟɧɹɸɬɫɹ ɬɨɥɶɤɨ ɤ ɜɧɭɬɪɟɧɧɟɣ ɪɟɩɥɢɤɚɰɢɢ ɢ ɧɟ ɩɪɢɦɟɧɹɸɬɫɹ ɤ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. ɉɨɥɢɬɢɤɚ ɩɪɢɦɟɧɟɧɢɹ ɫɪɨɱɧɵɯ ɨɛɧɨɜɥɟɧɢɣ ɦɨɠɟɬ ɛɵɬɶ ɢɡɦɟɧɟɧɚ ɩɭɬɟɦ ɪɚɡɪɟɲɟɧɢɹ ɭɜɟɞɨɦɥɟɧɢɣ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɢɡɦɟɧɟɧɢɹ ɩɚɪɨɥɹ ɪɟɩɥɢɰɢɪɭɸɬɫɹ ɩɨ ɞɪɭɝɨɣ ɦɨɞɟɥɢ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢɡɦɟɧɹɟɬ ɩɚɪɨɥɶ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɷɬɨ ɢɡɦɟɧɟɧɢɟ ɧɟɦɟɞɥɟɧɧɨ ɤɨɩɢɪɭɟɬɫɹ ɩɪɹɦɨ ɜ PDC-ɷɦɭɥɹɬɨɪ. ɗɬɚ ɪɟɩɥɢɤɚɰɢɹ ɩɟɪɟɫɟɤɚɟɬ ɝɪɚɧɢɰɵ ɫɚɣɬɚ ɢ ɧɟ ɢɫɩɨɥɶɡɭɟɬ ɫɟɪɜɟɪɵ-ɩɥɚɰɞɚɪɦɵ ɫɚɣɬɨɜ. ȼɦɟɫɬɨ ɷɬɨɝɨ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɨɦ ɛɵɥɨ ɫɞɟɥɚɧɨ ɢɡɦɟɧɟɧɢɟ, ɞɥɹ ɨɛɧɨɜɥɟɧɢɹ ɩɚɪɨɥɹ ɢɫɩɨɥɶɡɭɟɬ RPC-ɩɨɞɤɥɸɱɟɧɢɟ ɤ PDC-ɷɦɭ-ɥɹɬɨɪɭ. Ɂɚɬɟɦ PDC-ɷɦɭɥɹɬɨɪ ɨɛɧɨɜɥɹɟɬ ɜɫɟ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɱɟɪɟɡ ɧɨɪɦɚɥɶɧɵɣ ɩɪɨɰɟɫɫ ɪɟɩɥɢɤɚɰɢɢ. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɨɩɵɬɚɟɬɫɹ ɜɨɣɬɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɟɳɟ ɧɟ ɩɨɥɭɱɢɥ ɧɨɜɵɣ ɩɚɪɨɥɶ, ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɩɪɟɠɞɟ ɱɟɦ ɨɬɤɥɨɧɢɬɶ ɜɯɨɞ ɜ ɫɢɫɬɟɦɭ, ɩɪɨɜɟɪɢɬ PDC-ɷɦɭɥɹɬɨɪ, ɧɚ ɩɪɟɞɦɟɬ ɧɚɥɢɱɢɹ ɨɛɧɨɜɥɟɧɢɣ, ɤɚɫɚɸɳɢɯɫɹ ɢɡɦɟɧɟɧɢɹ ɩɚɪɨɥɹ ɷɬɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ.
Ʉɥɸɱɟɜɵɦ ɦɨɦɟɧɬɨɦ ɪɟɩɥɢɤɚɰɢɢ ɜ Active Directory ɹɜɥɹɟɬɫɹ ɫɨɡɞɚɧɢɟ ɬɨɩɨɥɨɝɢɹ ɪɟɩɥɢɤɚɰɢɢ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɩɪɨɰɟɫɫ ɫɨɡɞɚɧɢɹ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ ɨɛɪɚɛɚɬɵɜɚɟɬɫɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɫɥɭɠɛɨɣ Active Directory. Ɇɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ ɜɪɭɱɧɭɸ, ɧɨ ɜ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɤɨɧɮɢɝɭɪɚɰɢɹ, ɡɚɞɚɧɧɚɹ ɫɢɫɬɟɦɨɣ ɩɨ ɭɦɨɥɱɚɧɢɸ, ɹɜɥɹɟɬɫɹ ɧɚɢɥɭɱɲɢɦ ɜɚɪɢɚɧɬɨɦ.
(Knowledge Consistency Checker)
Ʉɋɋ (Knowledge Consistency Checker) — ɷɬɨ ɩɪɨɰɟɫɫ, ɤɨɬɨɪɵɣ ɜɵɩɨɥɧɹɟɬɫɹ ɧɚ ɤɚɠɞɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɨɧ ɨɬɜɟɬɫɬɜɟɧ ɡɚ ɫɨɡɞɚɧɢɟ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. Ʉɚɤ ɬɨɥɶɤɨ ɤ ɥɟɫɭ Active Directory ɞɨɛɚɜɥɹɟɬɫɹ ɜɬɨɪɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɫɥɭɠɛɚ Ʉɋɋ
ɧɚɱɢɧɚɟɬ ɫɨɡɞɚɜɚɬɶ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ, ɤɨɬɨɪɚɹ ɹɜɥɹɟɬɫɹ ɢ ɷɮɮɟɤɬɢɜɧɨɣ, ɢ ɬɟɪɩɢɦɨɣ ɤ ɨɲɢɛɤɚɦ. ɉɨ ɦɟɪɟ ɞɨɛɚɜɥɟɧɢɹ ɤ ɫɚɣɬɭ ɞɪɭɝɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɢɥɢ ɧɨɜɵɯ ɫɚɣɬɨɜ Ʉɋɋ ɢɫɩɨɥɶɡɭɟɬ ɢɧɮɨɪɦɚɰɢɸ ɨ ɫɟɪɜɟɪɚɯ, ɫɚɣɬɚɯ, ɫɜɹɡɹɯ ɫɚɣɬɚ ɢ ɪɚɫɩɢɫɚɧɢɹɯ ɞɥɹ ɫɨɡɞɚɧɢɹ ɨɩɬɢɦɚɥɶɧɨɣ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ. ɋɥɭɠɛɚ Ʉɋɋ ɞɢɧɚɦɢɱɟɫɤɢ ɚɧɚɥɢɡɢɪɭɟɬ ɢɡɦɟɧɟɧɢɹ ɢɥɢ ɨɬɤɚɡɵ, ɜɨɡɧɢɤɚɸɳɢɟ ɜ ɩɪɟɞɟɥɚɯ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ. ȿɫɥɢ ɨɞɢɧ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜɪɟɦɟɧɧɨ ɧɚɯɨɞɢɬɫɹ ɜ ɚɜɬɨɧɨɦɧɨɦ ɪɟɠɢɦɟ, ɬɨ Ʉɋɋ ɩɟɪɟɫɦɚɬɪɢɜɚɟɬ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ, ɱɬɨɛɵ ɨɛɨɣɬɢ ɧɟɪɚɛɨɬɚɸɳɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ɉɨ ɭɦɨɥɱɚɧɢɸ Ʉɋɋ ɤɚɠɞɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɩɨɜɬɨɪɧɨ ɜɵɱɢɫɥɹɟɬ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ ɤɚɠɞɵɟ 15 ɦɢɧɭɬ. ɂɦɟɟɬɫɹ ɜɨɡɦɨɠɧɨɫɬɶ ɜ ɥɸɛɨɟ ɜɪɟɦɹ ɩɨɜɬɨɪɧɨ ɜɵɱɢɫɥɢɬɶ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Sites And Services (ɋɚɣɬɵ ɢ ɫɥɭɠɛɵ Active Directory). ɇɚɣɞɹ ɫɟɪɜɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵ ɯɨɬɢɬɟ ɩɪɨɜɟɪɢɬɶ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ, ɢ ɳɟɥɤɧɭɜ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ NTDS Settings (ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ NTDS) ɜ ɤɨɧɬɟɣɧɟɪɟ ɫɟɪɜɟɪɚ, ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ All Tasks (ȼɫɟ ɡɚɞɚɱɢ), ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ Check Replication Topology (ɉɪɨɜɟɪɢɬɶ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ).
ɉɪɢ ɫɨɡɞɚɧɢɢ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ ɫɥɭɠɛɚ Ʉɋɋ ɫɨɡɞɚɟɬ ɪɹɞ (connection object), ɤɨɬɨɪɵɟ ɯɪɚɧɹɬɫɹ ɜ ɪɚɡɞɟɥɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ Active Directory. Ɉɛɴɟɤɬɵ ɫɜɹɡɢ ɹɜɥɹɸɬɫɹ ɩɪɹɦɵɦɢ ɥɨɝɢɱɟɫɤɢɦɢ ɫɨɟɞɢɧɟɧɢɹɦɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɢɧɮɨɪɦɚɰɢɢ ɤɚɬɚɥɨɝɚ. Ʉɚɤ ɭɠɟ ɝɨɜɨɪɢɥɨɫɶ, Ʉɋɋ ɫɨɡɞɚɟɬ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ, ɤɨɬɨɪɚɹ ɹɜɥɹɟɬɫɹ ɷɮɮɟɤɬɢɜɧɨɣ ɢ ɬɟɪɩɢɦɨɣ ɤ ɨɲɢɛɤɚɦ. Ʉɋɋ ɫɬɪɨɢɬ ɫɬɨɥɶɤɨ ɨɛɴɟɤɬɨɜ ɫɜɹɡɢ, ɫɤɨɥɶɤɨ ɞɥɹ ɷɬɨɝɨ ɬɪɟɛɭɟɬɫɹ. Ɉɛɴɟɤɬɵ ɫɜɹɡɢ ɜɫɟɝɞɚ ɫɨɡɞɚɸɬɫɹ ɤɚɤ ɨɞɧɨɫɬɨɪɨɧɧɢɟ pull («ɬɹɧɭɳɢɟ») ɫɨɟɞɢɧɟɧɢɹ ɦɟɠɞɭ ɞɜɭɦɹ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ, ɩɨɬɨɦɭ ɱɬɨ ɧɨɪɦɚɥɶɧɵɣ ɩɪɨɰɟɫɫ ɪɟɩɥɢɤɚɰɢɢ ɹɜɥɹɟɬɫɹ pull-ɨɩɟɪɚɰɢɟɣ, ɜ ɤɨɬɨɪɨɣ ɤɨɧɬɪɨɥɥɟɪ-ɚɞɪɟɫɚɬ ɡɚɩɪɚɲɢɜɚɟɬ ɞɚɧɧɵɟ ɭ ɤɨɧɬɪɨɥɥɟɪɚ-ɨɬɩɪɚɜɢɬɟɥɹ ɢɧɮɨɪɦɚɰɢɢ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ Ʉɋɋ ɫɬɪɨɢɬ ɞɜɚ ɨɞɧɨɫɬɨɪɨɧɧɢɯ ɫɨɟɞɢɧɟɧɢɹ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɬɚɤ, ɱɬɨɛɵ ɢɧɮɨɪɦɚɰɢɹ ɦɨɝɥɚ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɜ ɨɛɨɢɯ ɧɚɩɪɚɜɥɟɧɢɹɯ. . Replication Monitor ( ) push (« ») . pull. ( , « » .) ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɨɛɴɟɤɬɵ ɫɜɹɡɢ, ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɫɨɡɞɚɧɧɵɟ Ʉɋɋ, ɨɩɬɢɦɢɡɢɪɨɜɚɧɵ, ɢ ɜɚɦ ɧɟ ɧɭɠɧɨ ɞɟɥɚɬɶ ɧɢɤɚɤɢɯ ɢɡɦɟɧɟɧɢɣ. Ɉɞɧɚɤɨ, ɜ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɜɵ, ɜɨɡɦɨɠɧɨ, ɡɚɯɨɬɢɬɟ ɢɯ ɢɡɦɟɧɢɬɶ. ɇɚɩɪɢɦɟɪ, ɜɵ ɩɨɠɟɥɚɟɬɟ, ɱɬɨɛɵ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɯɨɡɹɟɜ ɨɩɟɪɚɰɢɣ ɜɫɟɝɞɚ ɛɵɥɢ ɩɪɹɦɵɦɢ ɩɚɪɬɧɟɪɚɦɢ ɩɨ ɪɟɩɥɢɤɚɰɢɢ ɬɟɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɯ ɜɵ ɧɚɡɧɚɱɢɥɢ ɪɟɡɟɪɜɧɵɦɢ ɯɨɡɹɟɜɚɦɢ ɨɩɟɪɚɰɢɣ ɧɚ ɫɥɭɱɚɣ ɨɬɤɚɡɚ ɨɫɧɨɜɧɨɝɨ ɯɨɡɹɢɧɚ. ɋɨɡɞɚɜɚɹ ɫɨɝɥɚɲɟɧɢɟ ɨ ɩɨɞɤɥɸɱɟɧɢɢ, ɜɵ ɦɨɠɟɬɟ ɝɚɪɚɧɬɢɪɨɜɚɬɶ ɨɩɬɢɦɚɥɶɧɭɸ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɧɟɤɨɬɨɪɨɝɨ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɧɚɛɨɪɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. ȼɵ ɦɨɠɟɬɟ ɢɡɦɟɧɢɬɶ ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɨɛɴɟɤɬɵ ɫɜɹɡɢ ɞɜɭɦɹ ɫɩɨɫɨɛɚɦɢ: ɢɡɦɟɧɹɹ ɧɟɤɨɬɨɪɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɧɚ ɨɛɴɟɤɬɚɯ ɫɜɹɡɢ, ɫɨɡɞɚɧɧɵɯ Ʉɋɋ, ɢ ɞɨɛɚɜɥɹɹ ɧɨɜɵɟ ɨɛɴɟɤɬɵ ɫɜɹɡɢ.
,
ȼɵ ɦɨɠɟɬɟ ɢɡɦɟɧɹɬɶ ɝɪɚɮɢɤ ɢ ɤɨɧɬɪɨɥɥɟɪ-ɨɬɩɪɚɜɢɬɟɥɶ ɞɥɹ ɨɛɴɟɤɬɚ ɫɜɹɡɢ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ, ɚ ɬɚɤɠɟ ɬɪɚɧɫɩɨɪɬɧɵɣ ɩɪɨɬɨɤɨɥ ɞɥɹ ɦɟɠɫɚɣɬɨ-ɜɵɯ ɨɛɴɟɤɬɨɜ ɫɜɹɡɢ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɤɚɠɞɵɣ ɱɚɫ ɩɪɨɜɟɪɹɸɬ ɜɫɟɯ ɫɜɨɢɯ ɩɚɪɬɧɟɪɨɜ ɩɨ ɪɟɩɥɢɤɚɰɢɢ, ɱɬɨɛɵ ɭɞɨɫɬɨɜɟɪɢɬɶɫɹ, ɱɬɨ ɨɛɧɨɜɥɟɧɢɹ ɧɟ ɛɵɥɢ ɩɪɨɩɭɳɟɧɵ. ɗɬɨɬ ɝɪɚɮɢɤ ɦɨɠɧɨ ɢɡɦɟɧɢɬɶ ɬɚɤ, ɱɬɨɛɵ ɧɢɤɨɝɞɚ ɧɟ ɞɟɥɚɬɶ ɩɪɨɜɟɪɤɭ, ɩɪɨɜɟɪɹɬɶ ɤɚɠɞɵɟ ɩɨɥɱɚɫɚ ɢɥɢ ɤɚɠɞɵɟ 15 ɦɢɧɭɬ. (ɂɧɬɟɪɮɟɣɫ ɫɜɹɡɢ ɩɨɤɚɡɚɧ ɧɚ ɪɢɫɭɧɤɟ 4-1.) Ʉɨɝɞɚ ɜɵ ɩɪɨɢɡɜɨɞɢɬɟ ɢɡɦɟɧɟɧɢɹ ɨɛɴɟɤɬɚ ɫɜɹɡɢ, ɟɝɨ ɢɦɹ (ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɫɝɟɧɟɪɢɪɨɜɚɧɧɵɣ) ɡɚɦɟɧɹɟɬɫɹ ɧɚ ɝɥɨɛɚɥɶɧɵɣ ɭɧɢɤɚɥɶɧɵɣ ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɨɛɴɟɤɬɚ (GUID). ɉɨɫɥɟ ɢɡɦɟɧɟɧɢɹ ɨɛɴɟɤɬɚ ɜɵ ɦɨɠɟɬɟ ɟɝɨ ɩɟɪɟɢɦɟɧɨɜɚɬɶ.
. 4-1.
ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɫɨɡɞɚɬɶ ɫɨɜɟɪɲɟɧɧɨ ɧɨɜɵɣ ɨɛɴɟɤɬ ɫɜɹɡɢ, ɭɫɬɚɧɨɜɢɜ ɬɟɦ ɫɚɦɵɦ ɨɩɪɟɞɟɥɟɧɧɭɸ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ. ɉɪɢ ɫɨɡɞɚɧɢɢ ɨɛɴɟɤɬɚ ɫɜɹɡɢ ɜɵ ɡɚɞɚɟɬɟ, ɫ ɤɚɤɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɛɭɞɭɬ ɛɪɚɬɶɫɹ ɨɛɧɨɜɥɟɧɢɹ. ȼɵ ɦɨɠɟɬɟ ɢɡɦɟɧɢɬɶ ɥɸɛɨɣ ɩɚɪɚɦɟɬɪ ɧɚɫɬɪɨɣɤɢ ɜ ɫɨɝɥɚɲɟɧɢɢ ɨ ɫɜɹɡɹɯ. ɋɥɭɠɛɚ Ʉɋɋ ɧɟ ɛɭɞɟɬ ɭɞɚɥɹɬɶ ɢɥɢ ɢɡɦɟɧɹɬɶ ɫɜɹɡɢ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɢɡɦɟɧɟɧɵ ɢɥɢ ɫɨɡɞɚɧɵ ɜɪɭɱɧɭɸ. Ʉɋɋ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɨɡɞɚɧɧɵɟ ɜɪɭɱɧɭɸ ɨɛɴɟɤɬɵ ɫɜɹɡɢ ɬɚɤ, ɤɚɤ ɢɫɩɨɥɶɡɨɜɚɥ ɛɵ ɥɸɛɭɸ ɞɪɭɝɭɸ ɫɜɹɡɶ. Ʉɋɋ ɦɨɠɟɬ ɪɟɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɨɛɴɟɤɬɵ ɫɜɹɡɢ ɜ ɫɚɣɬɟ, ɱɬɨɛɵ ɫɤɨɦɩɟɧɫɢɪɨɜɚɬɶ ɨɛɴɟɤɬɵ ɫɜɹɡɢ, ɫɨɡɞɚɧɧɵɟ ɜɪɭɱɧɭɸ.
ɋɭɳɟɫɬɜɭɟɬ ɞɜɚ ɜɚɪɢɚɧɬɚ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɜ Active Directory. ȼ ɩɟɪɜɨɦ ɜɚɪɢɚɧɬɟ ɢɫɩɨɥɶɡɭɟɬɫɹ ɦɨɞɟɥɶ (spanning tree), ɤɨɝɞɚ ɫɨɡɞɚɟɬɫɹ ɬɨɩɨɥɨɝɢɹ ɪɟɩɥɢɤɚɰɢɢ ɬɨɥɶɤɨ ɫ ɨɞɧɢɦ ɧɚɩɪɚɜɥɟɧɢɟɦ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ. Ʉɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɨɦ ɪɚɡɦɟɳɚɟɬɫɹ ɪɚɡɞɟɥ ɤɚɬɚɥɨɝɚ, ɛɭɞɟɬ ɢɦɟɬɶ ɬɨɥɶɤɨ ɨɞɧɨɝɨ ɩɚɪɬɧɟɪɚ ɩɨ ɪɟɩɥɢɤɚɰɢɢ, ɩɟɪɟɞɚɸɳɟɝɨ ɞɚɧɧɵɟ ɞɥɹ ɷɬɨɝɨ ɪɚɡɞɟɥɚ. ɗɬɨ ɝɚɪɚɧɬɢɹ ɬɨɝɨ, ɱɬɨ ɧɢɤɨɝɞɚ ɧɟ ɜɨɡɧɢɤɧɭɬ ɫɜɹɡɢ, ɩɨ ɤɨɬɨɪɵɦ ɢɧɮɨɪɦɚɰɢɹ ɛɭɞɟɬ ɩɟɪɟɫɵɥɚɬɶɫɹ ɧɚ ɨɩɪɟɞɟɥɟɧɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɛɨɥɟɟ ɱɟɦ ɨɞɧɢɦ ɩɭɬɟɦ. Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɧɢɤɨɝɞɚ ɧɟ ɩɨɥɭɱɚɬ ɨɞɧɨ ɢ ɬɨ ɠɟ ɨɛɧɨɜɥɟɧɢɟ ɞɜɚɠɞɵ, ɩɨɬɨɦɭ ɱɬɨ ɨɧɨ ɩɪɢɛɵɜɚɟɬ ɬɨɥɶɤɨ ɢɡ ɨɞɧɨɝɨ ɢɫɬɨɱɧɢɤɚ. Ɉɫɧɨɜɧɨɣ ɧɟɞɨɫɬɚɬɨɤ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɚɥɝɨɪɢɬɦɚ spanning tree ɫɨɫɬɨɢɬ ɜ ɨɬɫɭɬɫɬɜɢɢ ɢɡɛɵɬɨɱɧɨɫɬɢ. ȿɫɥɢ ɧɚ ɨɞɧɨɦ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɩɪɨɢɡɨɣɞɟɬ ɫɛɨɣ, ɬɨ ɦɨɠɟɬ ɩɨɬɪɟɛɨɜɚɬɶɫɹ ɧɟɤɨɬɨɪɨɟ ɜɪɟɦɹ ɧɚ ɩɨɜɬɨɪɧɨɟ ɜɵɱɢɫɥɟɧɢɟ ɩɭɬɢ ɪɟɩɥɢɤɚɰɢɢ ɜ ɨɛɯɨɞ ɧɟɢɫɩɪɚɜɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ. ȼɬɨɪɨɣ ɜɚɪɢɚɧɬ ɫɨɡɞɚɧɢɹ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ ɞɨɥɠɟɧ ɜɤɥɸɱɚɬɶ . Ɉɫɧɨɜɧɵɦɢ ɰɟɥɹɦɢ ɪɚɡɪɚɛɨɬɤɢ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ Active Directory ɹɜɥɹɸɬɫɹ ɪɚɛɨɬɨɫɩɨɫɨɛɧɨɫɬɶ ɢ ɭɫɬɨɣɱɢɜɨɫɬɶ ɤ ɨɬɤɚɡɚɦ. ȿɫɥɢ ɨɬɞɟɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɧɟɞɨɫɬɭɩɟɧ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ, ɪɟɩɥɢɤɚɰɢɢ Active Directory ɧɟ ɞɨɥɠɧɚ ɨɤɚɧɱɢɜɚɬɶɫɹ ɧɟɭɞɚɱɟɣ. ɇɟɞɨɫɬɚɬɨɤ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɢɡɛɵɬɨɱɧɵɯ ɫɜɹɡɟɣ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɦɨɠɟɬ ɩɨɥɭɱɚɬɶ ɨɞɧɨ ɢ ɬɨ ɠɟ ɨɛɧɨɜɥɟɧɢɟ ɧɟɫɤɨɥɶɤɨ ɪɚɡ, ɩɨɬɨɦɭ ɱɬɨ ɤɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɩɚɪɬɧɟɪɨɜ ɩɨ ɪɟɩɥɢɤɚɰɢɢ. ɑɬɨɛɵ ɢɡɛɟɠɚɬɶ ɦɧɨɝɨɤɪɚɬɧɵɯ ɦɨɞɢɮɢɤɚɰɢɣ ɨɞɧɨɣ ɢ ɬɨɣ ɠɟ ɢɧɮɨɪɦɚɰɢɢ, ɩɪɢ ɪɟɩɥɢɤɚɰɢɢ Active Directory ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɟɦɩɮɢɪɨɜɚɧɢɟ ɪɚɫɩɪɨɫɬɪɚɧɟɧɢɹ. Ʉɚɤ ɬɨɥɶɤɨ ɤ ɨɪɝɚɧɢɡɚɰɢɢ ɞɨɛɚɜɥɹɸɬɫɹ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫ ɪɟɩɥɢɤɚɦɢ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɪɚɡɞɟɥɚ Active Directory, KCC ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɧɚɱɢɧɚɟɬ ɫɨɡɞɚɜɚɬɶ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ. ɗɬɚ ɬɨɩɨɥɨɝɢɹ ɨɛɪɚɡɭɟɬ ɤɨɥɶɰɨ ɪɟɩɥɢɤɚɰɢɢ. ɇɚ ɪɢɫɭɧɤɟ 4-2 ɩɨɤɚɡɚɧ ɩɪɢɦɟɪ ɩɪɨɫɬɨɣ ɫɟɬɟɜɨɣ ɫɬɪɭɤɬɭɪɵ ɫ ɬɪɟɦɹ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɜ ɨɞɧɨɦ ɞɨɦɟɧɟ ɢ ɟɞɢɧɫɬɜɟɧɧɨɦ ɫɚɣɬɟ.
. 4-2.
Ʉɋɋ ɫɨɡɞɚɟɬ ɤɨɥɶɰɨ ɪɟɩɥɢɤɚɰɢɢ (ɫɦ. ɪɢɫ. 4-2), ɜ ɤɨɬɨɪɨɦ ɤɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɫ ɞɜɭɦɹ ɜɯɨɞɹɳɢɦɢ ɫɜɹɡɹɦɢ ɪɟɩɥɢɤɚɰɢɢ. ȿɫɥɢ ɨɞɧɚ ɢɡ ɫɜɹɡɟɣ ɧɟɞɨɫɬɭɩɧɚ, ɬɨ ɨɛɧɨɜɥɟɧɢɟ ɦɨɠɟɬ ɩɟɪɟɞɚɜɚɬɶɫɹ ɩɨ ɞɪɭɝɨɣ ɫɜɹɡɢ. Ʉɪɨɦɟ ɬɨɝɨ, ɤɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɤɚɤ ɤɨɧɬɪɨɥɥɟɪ-ɢɫɬɨɱɧɢɤ ɞɥɹ ɞɜɭɯ ɞɪɭɝɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. ɗɬɨ ɫɨɡɞɚɟɬ ɢɡɛɵɬɨɱɧɨɟ ɤɨɥɶɰɨ ɞɥɹ ɤɚɠɞɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɉɨ ɦɟɪɟ ɭɜɟɥɢɱɟɧɢɹ ɤɨɥɢɱɟɫɬɜɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɫ ɪɟɩɥɢɤɨɣ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɪɚɡɞɟɥɚ ɫɬɚɧɨɜɢɬɫɹ ɜɚɠɧɵɦ ɜɬɨɪɨɣ ɩɪɢɧɰɢɩ ɫɨɡɞɚɧɢɹ ɫɜɹɡɟɣ. ɋɥɭɠɛɚ Ʉɋɋ ɜɫɟɝɞɚ ɫɨɡɞɚɟɬ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ, ɜ ɤɨɬɨɪɨɣ ɤɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɫɚɣɬɟ ɭɞɚɥɟɧ ɨɬ ɥɸɛɨɝɨ ɞɪɭɝɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɧɟ ɛɨɥɟɟ ɱɟɦ ɧɚ ɬɪɢ ɪɟɬɪɚɧɫɥɹɰɢɢ (hop). Ʉɨɝɞɚ ɤɨɥɢɱɟɫɬɜɨ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɫɚɣɬɟ ɫɬɚɧɨɜɢɬɫɹ ɛɨɥɶɲɟ ɫɟɦɢ, ɫɨɡɞɚɸɬɫɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɨɛɴɟɤɬɵ ɫɜɹɡɢ ɞɥɹ ɭɦɟɧɶɲɟɧɢɹ ɩɨɬɟɧɰɢɚɥɶɧɨɝɨ ɱɢɫɥɚ ɪɟɬɪɚɧɫɥɹɰɢɣ ɞɨ ɬɪɟɯ ɢɥɢ ɦɟɧɶɲɟɝɨ ɤɨɥɢɱɟɫɬɜɚ. ɇɚɩɪɢɦɟɪ, ɫɚɣɬ ɧɚ ɪɢɫɭɧɤɟ 4-3 ɢɦɟɟɬ ɞɟɜɹɬɶ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. Ɉɧ ɛɭɞɟɬ ɢɦɟɬɶ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ, ɜɤɥɸɱɚɸɳɭɸ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɨɞɧɭ ɞɨɩɨɥɧɢɬɟɥɶɧɭɸ ɫɜɹɡɶ.
. 4-3.
,
Ʉɨɥɶɰɚ ɪɟɩɥɢɤɚɰɢɢ ɨɫɧɨɜɵɜɚɸɬɫɹ ɧɚ ɪɚɡɞɟɥɚɯ ɤɚɬɚɥɨɝɚ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ Ʉɋɋ ɜɵɱɢɫɥɹɟɬ ɤɨɥɶɰɨ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɤɚɠɞɨɝɨ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ. ɇɚɩɪɢɦɟɪ, ɨɪɝɚɧɢɡɚɰɢɹ ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ ɜ ɟɞɢɧɫɬɜɟɧɧɨɦ ɫɚɣɬɟ ɢ ɪɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ, ɤɨɬɨɪɵɣ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɧɟɫɤɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɫɚɣɬɟ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɤɨɧɮɢɝɭɪɚɰɢɹ ɦɨɝɥɚ ɛɵɬɶ ɡɚɞɚɧɚ ɬɚɤ, ɤɚɤ ɩɨɤɚɡɚɧɨ ɧɚ ɪɢɫɭɧɤɟ 4-4. ȼ ɩɪɟɞɥɨɠɟɧɧɨɦ ɫɰɟɧɚɪɢɢ (ɫɦ. ɪɢɫ. 4-4) ɜɨɡɦɨɠɧɨ ɫɨɡɞɚɧɢɟ ɤɨɥɟɰ ɪɟɩɥɢɤɚɰɢɢ, ɩɪɟɞɫɬɚɜɥɟɧɧɵɯ ɜ ɬɚɛɥ. 4-1. . 4-1.
Ɋɚɡɞɟɥ ɤɚɬɚɥɨɝɚ Ɋɚɡɞɟɥ ɤɚɬɚɥɨɝɚ, ɤɚɬɚɥɨɝɚ
ɉɚɪɬɧɟɪɵ ɩɨ ɪɟɩɥɢɤɚɰɢɢ
ɤɨɧɮɢɝɭɪɚɰɢɢ ȼɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɛɭɞɭɬ ɪɚɡɞɟɥ ɫɯɟɦɵ ɜɤɥɸɱɟɧɵ ɜ ɤɨɥɶɰɨ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɪɚɡɞɟɥɚ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ ɢ ɪɚɡɞɟɥɚ ɫɯɟɦɵ ɤɚɬɚɥɨɝɚ, ɩɨɬɨɦɭ ɱɬɨ ɨɧɢ ɤɨɩɢɪɭɸɬɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɞɚɧɧɨɝɨ ɥɟɫɚ. Ɋɚɡɞɟɥ ɤɚɬɚɥɨɝɚ ɞɨɦɟɧɚ DCl.Contoso.com, DC2.Contoso.com, Contoso.com DC3.Contoso.com, DC4.Contoso.com.
Ɋɚɡɞɟɥ ɤɚɬɚɥɨɝɚ ɞɨɦɟɧɚ DC5.Fabrikam.com, DC6.Fabrikam.com. Fabrikam.com Ƚɥɨɛɚɥɶɧɵɣ ɤɚɬɚɥɨɝ (GC) DCl.Contoso.com, DC4.Contoso.com, DC5.Fabrikam.com. Ɋɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ DC2.Contoso.com, DC6. Fabrikam.com.1. AppPartitionl Ⱦɨɩɨɥɧɢɬɟɥɶɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɫɦɨɬɪɢɬɟ ɜ ɩɪɢɦɟɱɚɧɢɢ ɧɢɠɟ.
. 4-4.
,
. . , 4-4
DNS (ForestDnsZones , . 3
DomainDnsZones) 4-4 , . GC.
GC . Ɋɚɡɞɟɥɵ ɪɟɩɥɢɤɚɰɢɢ ɢ ɬɨɩɨɥɨɝɢɸ ɦɨɠɧɨ ɩɪɨɫɦɨɬɪɟɬɶ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ Replication Monitor (Ɇɨɧɢɬɨɪ ɪɟɩɥɢɤɚɰɢɢ). Ɇɨɧɢɬɨɪ ɪɟɩɥɢɤɚɰɢɢ — ɷɬɨ ɨɞɧɨ ɢɡ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɯ ɫɪɟɞɫɬɜ ɩɨɞɞɟɪɠɤɢ, ɤɨɬɨɪɵɟ ɩɨɦɟɳɟɧɵ ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤ Windows Server 2003. ɑɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ ɩɨɞɞɟɪɠɤɢ, ɡɚɩɭɫɬɢɬɟ ɮɚɣɥ Suptools.msi ɢɡ ɤɚɬɚɥɨɝɚ Support\Tools ɤɨɦɩɚɤɬ-ɞɢɫɤɚ Windows Server 2003. ɑɬɨɛɵ ɡɚɩɭɫɬɢɬɶ ɦɨɧɢɬɨɪ ɪɟɩɥɢɤɚɰɢɢ, ɜ ɨɤɧɟ Run (ȼɵɩɨɥɧɢɬɶ) ɧɚɩɟɱɚɬɚɣɬɟ replmon. ɇɚ ɪɢɫɭɧɤɟ 4-5 ɩɨɤɚɡɚɧɚ ɤɨɧɮɢɝɭɪɚɰɢɹ ɱɟɬɵɪɟɯ ɫɟɪɜɟɪɨɜ ɜ ɥɟɫɭ, ɨɬɨɛɪɚɠɚɟɦɚɹ ɫ ɩɨɦɨɳɶɸ ɦɨɧɢɬɨɪɚ ɪɟɩɥɢɤɚɰɢɢ.
. 4-5.
Ʉɨɥɶɰɨ ɪɟɩɥɢɤɚɰɢɢ - ɷɬɨ ɥɨɝɢɱɟɫɤɚɹ ɤɨɧɰɟɩɰɢɹ, ɮɚɤɬɢɱɟɫɤɚɹ ɬɨɩɨɥɨɝɢɹ ɪɟɩɥɢɤɚɰɢɢ, ɪɟɚɥɢɡɨɜɚɧɧɚɹ ɫ ɩɨɦɨɳɶɸ ɨɛɴɟɤɬɨɜ ɫɜɹɡɢ. ȼ ɬɨ ɜɪɟɦɹ ɤɚɤ ɞɥɹ ɤɚɠɞɨɝɨ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ ɫɨɡɞɚɟɬɫɹ ɨɬɞɟɥɶɧɨɟ ɤɨɥɶɰɨ ɪɟɩɥɢɤɚɰɢɢ, Ʉɋɋ ɧɟ ɫɨɡɞɚɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɨɛɴɟɤɬɵ ɫɜɹɡɢ ɞɥɹ ɤɚɠɞɨɝɨ ɤɨɥɶɰɚ ɪɟɩɥɢɤɚɰɢɢ. ȼɦɟɫɬɨ ɷɬɨɝɨ Ʉɋɋ, ɧɚɫɤɨɥɶɤɨ ɜɨɡɦɨɠɧɨ, ɩɨɜɬɨɪɧɨ ɢɫɩɨɥɶɡɭɟɬ ɨɞɧɢ ɢ ɬɟ ɠɟ ɨɛɴɟɤɬɵ ɫɜɹɡɢ ɞɥɹ ɦɧɨɝɢɯ ɤɨɥɟɰ ɪɟɩɥɢɤɚɰɢɢ. ȼ ɩɪɢɦɟɪɟ ɧɚ ɪɢɫɭɧɤɟ 4-5 DCl.Contoso.com ɢɦɟɟɬ ɨɛɴɟɤɬ ɫɜɹɡɢ ɫ DC4.Fabrikam.com. Ɉɞɢɧ ɢɡ ɫɩɨɫɨɛɨɜ ɩɪɨɫɦɨɬɪɚ ɫɜɨɣɫɬɜɚ ɨɛɴɟɤɬɚ ɫɜɹɡɢ ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɦɨɧɢɬɨɪɚ ɪɟɩɥɢɤɚɰɢɢ. ɑɬɨɛɵ ɪɚɫɫɦɨɬɪɟɬɶ ɫɜɨɣɫɬɜɚ ɜɯɨɞɹɳɢɯ ɫɜɹɡɟɣ ɫɟɪɜɟɪɚ, ɞɨɛɚɜɶɬɟ ɫɟɪɜɟɪ ɤ ɤɨɧɬɪɨɥɢɪɭɟɦɨɦɭ ɫɩɢɫɤɭ ɫɟɪɜɟɪɨɜ. Ɂɚɬɟɦ ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɢɦɟɧɢ ɫɟɪɜɟɪɚ ɢ ɜɵɛɟɪɢɬɟ Show Replication Topologies (ɉɨɤɚɡɚɬɶ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ). ɓɟɥɤɧɢɬɟ ɧɚ View (ȼɢɞ), ɞɚɥɟɟ — ɧɚ Connection Objects Only (Ɍɨɥɶɤɨ ɨɛɴɟɤɬɵ ɫɜɹɡɢ), ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɫɟɪɜɟɪɟ ɢ ɜɵɛɟɪɢɬɟ Properties (ɋɜɨɣɫɬɜɚ). ȼɤɥɚɞɤɚ Inbound Replication Connections (ȼɯɨɞɹɳɢɟ ɫɜɹɡɢ ɪɟɩɥɢɤɚɰɢɢ) ɩɨɤɚɡɵɜɚɟɬ ɜɫɟ ɜɯɨɞɹɳɢɟ ɫɜɹɡɢ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɚ ɬɚɤɠɟ ɪɚɡɞɟɥɵ, ɪɟɩɥɢɰɢɪɭɟɦɵɟ ɱɟɪɟɡ ɤɚɠɞɭɸ ɫɜɹɡɶ. Ʉɚɤ ɩɨɤɚɡɚɧɨ ɧɚ ɪɢɫɭɧɤɟ 4-6, ɷɬɨɬ ɨɛɴɟɤɬ ɫɜɹɡɢ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɪɟɩɥɢɰɢɪɨɜɚɧɢɹ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ (ɩɨɤɚɡɚɧ ɤɚɤ ɪɚɡɞɟɥ Fabrikam.com), ɪɚɡɞɟɥɚ ɫɯɟɦɵ ɤɚɬɚɥɨɝɚ ɢ ɪɚɡɞɟɥɚ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ. ȼɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɷɬɨ ɜɨɡɦɨɠɧɨ, Ʉɋɋ ɫɨɡɞɚɟɬ ɨɛɴɟɤɬ ɫɜɹɡɢ, ɩɪɢɝɨɞɧɵɣ ɞɥɹ ɪɟɩɥɢɰɢɪɨɜɚɧɢɹ ɧɟɫɤɨɥɶɤɢɯ ɪɚɡɞɟɥɨɜ ɤɚɬɚɥɨɝɚ.
. 4-6.
,
Ƚɥɨɛɚɥɶɧɵɣ ɤɚɬɚɥɨɝ ɨɬɥɢɱɚɟɬɫɹ ɨɬ ɞɪɭɝɢɯ ɪɚɡɞɟɥɨɜ ɬɟɦ, ɱɬɨ ɨɧ ɫɨɫɬɚɜɥɟɧ ɢɡ ɛɚɡ ɞɚɧɧɵɯ ɞɨɦɟɧɨɜ ɰɟɥɨɝɨ ɥɟɫɚ. Ʉɚɬɚɥɨɝ GC ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɩɪɟɞɧɚɡɧɚɱɟɧ ɬɨɥɶɤɨ ɞɥɹ ɱɬɟɧɢɹ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɢɧɮɨɪɦɚɰɢɹ ɜ GC ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɢɡɦɟɧɟɧɚ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɦ ɧɚɩɪɹɦɭɸ. Ƚɥɨɛɚɥɶɧɵɣ ɤɚɬɚɥɨɝ GC ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɫɩɢɫɨɤ ɜɫɟɯ ɚɬɪɢɛɭɬɨɜ, ɩɟɪɟɞɚɧɧɵɯ ɜ ɧɟɝɨ, ɚɬɪɢɛɭɬ isMemberOfPartialAttributesSet ɤɨɬɨɪɵɯ ɭɫɬɚɧɨɜɥɟɧ ɧɚ true (ɢɫɬɢɧɭ). Ɍɨɬ ɮɚɤɬ, ɱɬɨ GC ɫɨɡɞɚɧ ɢɡ ɛɚɡ ɞɚɧɧɵɯ ɞɨɦɟɧɨɜ, ɡɚɬɪɚɝɢɜɚɟɬ ɬɚɤɠɟ ɤɨɥɶɰɨ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ GC. Ʉɚɠɞɵɣ GC-ɫɟɪɜɟɪ ɞɨɥɠɟɧ ɩɨɥɭɱɢɬɶ GC-ɢɧɮɨɪɦɚɰɢɸ ɨɬ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜɫɟɯ ɞɨɦɟɧɨɜ. ɇɚ ɪɢɫɭɧɤɟ 4-7 ɩɪɢɜɟɞɟɧ ɩɪɢɦɟɪ ɤɨɦɩɚɧɢɢ, ɢɦɟɸɳɟɣ ɞɜɚ ɞɨɦɟɧɚ ɫ ɨɞɧɢɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜ ɤɚɠɞɨɦ; ɨɛɚ ɞɨɦɟɧɚ ɪɚɫɩɨɥɨɠɟɧɵ ɜ ɨɞɧɨɦ ɢ ɬɨɦ ɠɟ ɫɚɣɬɟ. Ⱦɨɦɟɧ DCl.Contoso.com ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɤɚɤ ɫɟɪɜɟɪ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ. GC-ɫɟɪɜɟɪ ɹɜɥɹɟɬɫɹ ɬɚɤɠɟ ɟɞɢɧɫɬɜɟɧɧɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɞɥɹ ɞɨɦɟɧɚ Contoso.com, ɩɨɷɬɨɦɭ ɨɧ ɢɡɜɥɟɤɚɟɬ GC-ɢɧɮɨɪɦɚɰɢɸ ɞɥɹ Contoso.com ɢɡ ɫɜɨɟɣ ɫɨɛɫɬɜɟɧɧɨɣ ɛɚɡɵ ɞɚɧɧɵɯ ɞɨɦɟɧɚ. Ʉɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ Fabrikam.com ɢɦɟɟɬ ɟɞɢɧɫɬɜɟɧɧɭɸ ɤɨɩɢɸ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ ɷɬɨɝɨ ɞɨɦɟɧɚ, ɩɨɷɬɨɦɭ DCl.Contoso.com ɫɨɛɢɪɚɟɬ GC-ɢɧɮɨɪɦɚɰɢɸ ɞɥɹ ɞɨɦɟɧɚ Fabrikam.com ɢɡ DC2.Fabrikam.com. Ⱦɥɹ ɢɡɜɥɟɱɟɧɢɹ ɢɧɮɨɪɦɚɰɢɢ ɢɡ ɞɨɦɟɧɚ Fabrikam.com ɫɨɡɞɚɧ ɨɛɴɟɤɬ ɫɜɹɡɢ, ɧɚɩɪɚɜɥɟɧɧɵɣ ɨɬ DC2.Fabrikam.com ɤ DCl.Contoso.com. ȼ ɞɚɥɶɧɟɣɲɟɦ ɷɬɚ ɫɜɹɡɶ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ GC-ɢɧɮɨɪɦɚɰɢɢ ɜ DCl.Contoso.com.
. 4-7.
ɇɚ ɪɢɫɭɧɤɟ 4-8 ɩɨɤɚɡɚɧ ɛɨɥɟɟ ɫɥɨɠɧɵɣ ɩɪɢɦɟɪ ɫɨɡɞɚɧɢɹ GC ɢ ɟɝɨ ɪɟɩɥɢɤɚɰɢɢ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɨɛɴɟɤɬ ɫɜɹɡɢ, ɧɚɩɪɚɜɥɟɧɧɵɣ ɨɬ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɤɚɠɞɨɝɨ ɞɨɦɟɧɚ ɧɚ ɤɚɠɞɵɣ GC-ɫɟɪɜɟɪ. DCl.Contoso.com ɢɦɟɟɬ ɜɯɨɞɹɳɢɣ ɨɛɴɟɤɬ ɫɜɹɡɢ ɨɬ ɤɨɧɬɪɨɥɥɟɪɨɜ DC2.Contoso.com, DC4.Fabrikam.com ɢ DC6.NWTraders.com. ɗɬɨɬ ɨɛɴɟɤɬ ɫɜɹɡɢ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɫɨɡɞɚɧɢɹ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ ɧɚ DCl.Contoso.com. ȼɫɟ ɞɪɭɝɢɟ GC-ɫɟɪɜɟɪɵ ɢɦɟɸɬ ɩɨɞɨɛɧɵɣ ɧɚɛɨɪ
ɨɛɴɟɤɬɨɜ ɫɜɹɡɢ. Ʉɪɨɦɟ ɬɨɝɨ, ɫɨɡɞɚɧɨ ɬɚɤɠɟ ɨɬɞɟɥɶɧɨɟ ɤɨɥɶɰɨ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɪɚɡɞɟɥɚ GC ɦɟɠɞɭ ɜɫɟɦɢ GC ɫɟɪɜɟɪɚɦɢ.
Ʉɨɝɞɚ ɤ ɥɟɫɭ ɞɨɛɚɜɥɹɸɬɫɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɚɣɬɵ, ɬɨɩɨɥɨɝɢɹ ɪɟɩɥɢɤɚɰɢɢ ɫɬɚɧɨɜɢɬɫɹ ɛɨɥɟɟ ɫɥɨɠɧɨɣ. ȼ ɫɰɟɧɚɪɢɢ, ɫɨɞɟɪɠɚɳɟɦ ɧɟɫɤɨɥɶɤɨ ɫɚɣɬɨɜ, ɞɨɥɠɧɚ ɛɵɬɶ ɫɨɡɞɚɧɚ ɬɨɩɨɥɨɝɢɹ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɤɚɠɞɨɝɨ ɫɚɣɬɚ, ɚ ɬɚɤɠɟ ɬɨɩɨɥɨɝɢɹ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. ɑɬɨɛɵ ɫɩɪɚɜɢɬɶɫɹ ɫ ɷɬɢɦ, ɩɪɨɰɟɫɫ ɫɨɡɞɚɧɢɹ ɨɛɴɟɤɬɨɜ ɫɜɹɡɢ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɜɧɭɬɪɢ ɫɚɣɬɚ ɢɡɦɟɧɹɟɬɫɹ. ȼ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ Ʉɋɋ ɧɚ ɤɚɠɞɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɨɬɜɟɬɫɬɜɟɧɟɧ ɡɚ ɫɨɡɞɚɧɢɟ ɬɟɯ ɨɛɴɟɤɬɨɜ ɫɜɹɡɢ, ɤɨɬɨɪɵɟ ɧɭɠɧɵ ɞɥɹ ɝɚɪɚɧɬɢɢ ɧɟɨɛɯɨɞɢɦɨɣ ɢɡɛɵɬɨɱɧɨɫɬɢ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɜɫɟɯ ɟɝɨ ɪɚɡɞɟɥɨɜ, ɡɚɬɟɦ ɨɧ ɪɟɩɥɢɰɢɪɭɟɬ ɢɧɮɨɪɦɚɰɢɸ ɨɛ ɨɛɴɟɤɬɚɯ ɫɜɹɡɢ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. Ʉɪɨɦɟ ɬɨɝɨ, ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɨɥɭɱɚɟɬ ɢɧɮɨɪɦɚɰɢɸ ɨɛ ɨɛɴɟɤɬɚɯ ɫɜɹɡɢ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɫɨɡɞɚɧɵ ɞɪɭɝɢɦɢ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ. ɉɪɢ ɫɥɟɞɭɸɳɟɦ ɜɵɩɨɥɧɟɧɢɢ Ʉɋɋ ɨɛɴɟɤɬɵ ɫɜɹɡɢ ɦɨɝɭɬ ɛɵɬɶ ɞɨɛɚɜɥɟɧɵ, ɢɡɦɟɧɟɧɵ ɢɥɢ ɭɞɚɥɟɧɵ ɧɚ ɨɫɧɨɜɟ ɢɧɮɨɪɦɚɰɢɢ, ɤɨɬɨɪɭɸ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɨɥɭɱɢɥ ɨ ɞɪɭɝɢɯ ɨɛɴɟɤɬɚɯ ɫɜɹɡɢ ɫɚɣɬɚ. ȼ ɤɨɧɟɱɧɨɦ ɫɱɟɬɟ, ɩɪɨɰɟɫɫɵ Ʉɋɋ, ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɧɚ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɜ ɫɚɣɬɟ, ɨɩɪɟɞɟɥɹɸɬ ɨɩɬɢɦɚɥɶɧɭɸ ɤɨɧɮɢɝɭɪɚɰɢɸ ɪɟɩɥɢɤɚɰɢɢ.
. 4-8.
GC-
ɉɨɞɨɛɧɵɣ ɩɨɞɯɨɞ ɢɫɩɨɥɶɡɭɟɬɫɹ ɬɚɤɠɟ ɩɪɢ ɨɩɪɟɞɟɥɟɧɢɢ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ, ɡɚ ɢɫɤɥɸɱɟɧɢɟɦ ɬɨɝɨ, ɱɬɨ ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɤɚɠɞɨɦ ɫɚɣɬɟ ɨɬɜɟɬɫɬɜɟɧɟɧ ɡɚ ɪɚɡɪɚɛɨɬɤɭ ɬɨɩɨɥɨɝɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. Ʉɋɋ ɨɞɧɨɝɨ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɫɚɣɬɟ ɨɛɨɡɧɚɱɚɟɬɫɹ ɤɚɤ (ISTG - Inter-Site Topology Generator) ɞɥɹ ɫɚɣɬɚ. ɂɦɟɟɬɫɹ ɬɨɥɶɤɨ ɨɞɢɧ ISTG-ɤɨɧɬɪɨɥɥɟɪ ɧɚ ɫɚɣɬɟ, ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ ɢɥɢ ɞɪɭɝɢɯ ɪɚɡɞɟɥɨɜ ɤɚɬɚɥɨɝɚ ɧɚɯɨɞɢɬɫɹ ɜ ɫɚɣɬɟ. Ʉɨɧɬɪɨɥɥɟɪ ISTG ɨɬɜɟɬɫɬɜɟɧɟɧ ɡɚ ɜɵɱɢɫɥɟɧɢɟ ɢɞɟɚɥɶɧɨɣ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɜɫɟɝɨ ɫɚɣɬɚ. ɗɬɨɬ ɩɪɨɰɟɫɫ ɫɨɫɬɨɢɬ ɢɡ ɞɜɭɯ ɱɚɫɬɟɣ. • ɂɞɟɧɬɢɮɢɤɚɰɢɹ ɫɟɪɜɟɪɨɜ-ɩɥɚɰɞɚɪɦɨɜ (bridgehead server) ɞɥɹ ɤɚɠɞɨɝɨ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ, ɢɦɟɸɳɟɝɨɫɹ ɜ ɫɚɣɬɟ. ɉɪɢ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɢɧɮɨɪɦɚɰɢɹ ɜɫɟɝɞɚ ɩɨɫɵɥɚɟɬɫɹ ɫ ɫɟɪɜɟɪɚ-ɩɥɚɰɞɚɪɦɚ ɨɞɧɨɝɨ ɫɚɣɬɚ ɧɚ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɞɪɭɝɨɝɨ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɩɨ ɫɟɬɟɜɨɣ ɫɜɹɡɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɢɧɮɨɪɦɚɰɢɹ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɬɨɥɶɤɨ ɨɞɧɚɠɞɵ. • ɋɨɡɞɚɧɢɟ ɨɛɴɟɤɬɨɜ ɫɜɹɡɢ ɦɟɠɞɭ ɫɟɪɜɟɪɚɦɢ-ɩɥɚɰɞɚɪɦɚɦɢ ɞɥɹ ɝɚɪɚɧɬɢɢ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. ɉɨɫɤɨɥɶɤɭ ɪɟɩɥɢɤɚɰɢɹ ɤɨɧɮɢɝɭɪɢɪɭɟɬɫɹ ɦɟɠɞɭ ɫɟɪɜɟɪɚɦɢ-ɩɥɚɰɞɚɪɦɚɦɢ, ɬɨ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɨɬɫɭɬɫɬɜɭɸɬ ɢɡɛɵɬɨɱɧɵɟ ɨɛɴɟɤɬɵ ɫɜɹɡɢ. ɉɪɢ ɞɨɛɚɜɥɟɧɢɢ ɤ ɥɟɫɭ ɧɨɜɨɝɨ ɫɚɣɬɚ ISTG ɜ ɤɚɠɞɨɦ ɫɚɣɬɟ ɨɩɪɟɞɟɥɹɟɬ, ɤɚɤɨɣ ɪɚɡɞɟɥ ɤɚɬɚɥɨɝɚ ɜ ɧɟɦ ɢɦɟɟɬɫɹ. Ɂɚɬɟɦ ISTG ɜɵɱɢɫɥɹɟɬ ɧɨɜɵɟ ɨɛɴɟɤɬɵ ɫɜɹɡɢ, ɤɨɬɨɪɵɟ ɩɨɬɪɟɛɭɸɬɫɹ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɧɭɠɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɫ ɧɨɜɨɝɨ ɫɚɣɬɚ. Ʉɪɨɦɟ ɬɨɝɨ, ISTG ɧɚɡɧɚɱɚɟɬ ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫɟɪɜɟɪɨɦ-ɩɥɚɰɞɚɪɦɨɦ ɞɥɹ ɤɚɠɞɨɝɨ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ. ISTG ɫɨɡɞɚɟɬ ɧɟɨɛɯɨɞɢɦɨɟ ɫɨɝɥɚɲɟɧɢɟ ɫɜɹɡɢ ɜ ɫɜɨɟɦ ɤɚɬɚɥɨɝɟ, ɢ ɷɬɚ ɢɧɮɨɪɦɚɰɢɹ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ. Ɂɚɬɟɦ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ
ɫɨɡɞɚɟɬ ɩɨɞɤɥɸɱɟɧɢɟ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɫ ɫɟɪɜɟɪɨɦ-ɩɥɚɰɞɚɪɦɨɦ ɭɞɚɥɟɧɧɨɝɨ ɫɚɣɬɚ, ɢ ɧɚɱɢɧɚɟɬɫɹ ɪɟɩɥɢɤɚɰɢɹ. ɇɚ ɪɢɫɭɧɤɟ 4-9 ɩɨɤɚɡɚɧ ɩɪɢɦɟɪ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ, ɫɨɡɞɚɧɧɨɣ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. ȼ ɷɬɨɦ ɩɪɢɦɟɪɟ ɥɟɫ ɫɨɞɟɪɠɢɬ ɞɜɚ ɫɚɣɬɚ ɢ ɞɜɚ ɞɨɦɟɧɚ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɜ ɤɚɠɞɨɦ ɫɚɣɬɟ. ɂɦɟɟɬɫɹ ɬɚɤɠɟ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɨɞɢɧ GC-ɫɟɪɜɟɪ ɜ ɤɚɠɞɨɦ ɫɚɣɬɟ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɤɚɠɞɵɣ ɫɚɣɬ ɫɨɞɟɪɠɢɬ ɪɚɡɞɟɥ ɤɚɬɚɥɨɝɚ ɞɥɹ ɤɚɠɞɨɝɨ ɢɡ ɞɨɦɟɧɨɜ, ɪɚɡɞɟɥ GC, ɚ ɬɚɤɠɟ ɪɚɡɞɟɥɵ ɫɯɟɦɵ ɤɚɬɚɥɨɝɚ ɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ. ȼ ɤɚɠɞɨɦ ɫɚɣɬɟ ɬɪɟɛɭɟɬɫɹ ɧɚɡɧɚɱɢɬɶ ɩɨ ɞɜɚ ɫɟɪɜɟɪɚ-ɩɥɚɰɞɚɪɦɚ, ɩɨɬɨɦɭ ɱɬɨ ɤɚɠɞɵɣ ɢɡ ɷɬɢɯ ɪɚɡɞɟɥɨɜ ɞɨɥɠɟɧ ɤɨɩɢɪɨɜɚɬɶɫɹ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. Ɉɞɢɧ ɢɡ ɫɟɪɜɟɪɨɜ-ɩɥɚɰɞɚɪɦɨɜ ɜ ɨɛɨɢɯ ɫɚɣɬɚɯ ɞɨɥɠɟɧ ɛɵɬɶ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ Contoso.com. Ⱦɪɭɝɨɣ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɨɛɨɢɯ ɫɚɣɬɨɜ ɞɨɥɠɟɧ ɛɵɬɶ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ Fabrikam.com. ȼ ɩɪɢɦɟɪɟ, ɩɨɤɚɡɚɧɧɨɦ ɧɚ ɪɢɫɭɧɤɟ 4-9, ɤɨɧɬɪɨɥɥɟɪɵ DCl.Contoso.com ɢ DC6.Fabrikam.com ɹɜɥɹɸɬɫɹ ɬɚɤɠɟ GC-ɫɟɪɜɟɪɚɦɢ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɨɧɢ ɫɬɚɧɭɬ ɫɟɪɜɟɪɚɦɢ-ɩɥɚɰɞɚɪɦɚɦɢ ɩɪɢ ɪɟɩɥɢɤɚɰɢɢ GC-ɢɧɮɨɪɦɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. ɉɨɫɤɨɥɶɤɭ ɪɚɡɞɟɥ ɫɯɟɦɵ ɢ ɪɚɡɞɟɥ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ ɹɜɥɹɸɬɫɹ ɨɛɳɢɦɢ ɞɥɹ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɬɨ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɷɬɢɯ ɪɚɡɞɟɥɨɜ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɨɞɢɧ ɢɡ ɫɭɳɟɫɬɜɭɸɳɢɯ ɨɛɴɟɤɬɨɜ ɫɜɹɡɢ. . Active Directory. , . Э .
. 4-9.
ȼɵɲɟ ɨɛɫɭɠɞɚɥɢɫɶ ɞɟɬɚɥɢ ɫɨɡɞɚɧɢɹ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ ɜ Active Directory. ȼ ɞɚɧɧɨɦ ɪɚɡɞɟɥɟ ɪɚɫɫɦɨɬɪɢɦ ɪɟɩɥɢɤɚɰɢɸ ɫ ɞɪɭɝɨɣ ɬɨɱɤɢ ɡɪɟɧɢɹ. Ɉɛɪɚɬɢɦ ɜɧɢɦɚɧɢɟ ɧɚ ɬɨ, ɤɚɤ ɧɚ ɫɚɦɨɦ ɞɟɥɟ ɩɟɪɟɞɚɟɬɫɹ ɦɨɞɢɮɢɰɢɪɨɜɚɧɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɦɟɠɞɭ ɞɜɭɦɹ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ, ɤɚɤ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɭɡɧɚɸɬ ɨ ɬɨɦ, ɤɚɤɭɸ ɢɧɮɨɪɦɚɰɢɸ ɨɧɢ ɞɨɥɠɧɵ ɤɨɩɢɪɨɜɚɬɶ ɩɚɪɬɧɟɪɚɦ ɩɨ ɪɟɩɥɢɤɚɰɢɢ, ɧɚɫɬɪɨɟɧɧɵɦ ɫɥɭɠɛɨɣ Ʉɋɋ.
ɋɭɳɟɫɬɜɭɸɬ ɞɜɚ ɬɢɩɚ ɨɛɧɨɜɥɟɧɢɣ ɢɧɮɨɪɦɚɰɢɢ Active Directory, ɤɚɫɚɸɳɟɣɫɹ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɉɟɪɜɵɣ ɬɢɩ ɨɛɧɨɜɥɟɧɢɣ (originating update). ɂɫɯɨɞɧɨɟ ɨɛɧɨɜɥɟɧɢɟ ɜɵɩɨɥɧɹɟɬɫɹ ɩɪɢ ɞɨɛɚɜɥɟɧɢɢ, ɢɡɦɟɧɟɧɢɢ ɢɥɢ ɭɞɚɥɟɧɢɢ ɨɛɴɟɤɬɚ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. ȼɬɨɪɨɣ ɬɢɩ ɨɛɧɨɜɥɟɧɢɣ (replicated update). Ɋɟɩɥɢɤɚɰɢɹ ɜɵɩɨɥɧɹɟɬɫɹ ɬɨɝɞɚ, ɤɨɝɞɚ ɢɡɦɟɧɟɧɢɟ, ɫɞɟɥɚɧɧɨɟ ɧɚ ɨɞɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɞɪɭɝɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ɉɨ ɨɩɪɟɞɟɥɟɧɢɸ ɢɫɯɨɞɧɨɟ ɨɛɧɨɜɥɟɧɢɟ, ɤɚɫɚɸɳɟɟɫɹ ɥɸɛɨɝɨ ɤɨɧɤɪɟɬɧɨɝɨ ɢɡɦɟɧɟɧɢɹ, ɬɨɥɶɤɨ ɨɞɧɨ, ɨɧɨ ɜɵɩɨɥɧɹɟɬɫɹ ɧɚ ɬɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɝɞɟ ɛɵɥɨ
ɫɞɟɥɚɧɨ. Ɂɚɬɟɦ ɢɫɯɨɞɧɨɟ ɨɛɧɨɜɥɟɧɢɟ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɢɦɟɸɬ ɪɟɩɥɢɤɭ ɪɚɡɞɟɥɚ Active Directory, ɡɚɬɪɨɧɭɬɨɝɨ ɨɛɧɨɜɥɟɧɢɟɦ. ɂɫɯɨɞɧɵɟ ɨɛɧɨɜɥɟɧɢɹ Active Directory ɩɪɨɢɫɯɨɞɹɬ ɜ ɫɥɟɞɭɸɳɢɯ ɫɥɭɱɚɹɯ: • ɤ Active Directory ɞɨɛɚɜɥɟɧ ɧɨɜɵɣ ɨɛɴɟɤɬ; • ɢɡ Active Directory ɭɞɚɥɟɧ ɫɭɳɟɫɬɜɭɸɳɢɣ ɨɛɴɟɤɬ; • ɚɬɪɢɛɭɬɵ ɫɭɳɟɫɬɜɭɸɳɟɝɨ ɨɛɴɟɤɬɚ ɢɡɦɟɧɟɧɵ. ɗɬɚ ɦɨɞɢɮɢɤɚɰɢɹ ɦɨɠɟɬ ɜɤɥɸɱɚɬɶ ɞɨɛɚɜɥɟɧɢɟ ɧɨɜɨɝɨ ɡɧɚɱɟɧɢɹ ɚɬɪɢɛɭɬɭ, ɭɞɚɥɟɧɢɟ ɡɧɚɱɟɧɢɹ ɚɬɪɢɛɭɬɚ ɢɥɢ ɢɡɦɟɧɟɧɢɟ ɫɭɳɟɫɬɜɭɸɳɟɝɨ ɡɧɚɱɟɧɢɹ; • ɨɛɴɟɤɬ Active Directory ɩɟɪɟɦɟɳɟɧ ɜ ɧɨɜɵɣ ɪɨɞɢɬɟɥɶɫɤɢɣ ɤɨɧɬɟɣɧɟɪ. ȿɫɥɢ ɢɡɦɟɧɹɟɬɫɹ ɢɦɹ ɪɨɞɢɬɟɥɶɫɤɨɝɨ ɤɨɧɬɟɣɧɟɪɚ, ɬɨ ɤɚɠɞɵɣ ɨɛɴɟɤɬ ɤɨɧɬɟɣɧɟɪɚ ɩɟɪɟɦɟɳɚɟɬɫɹ ɜ ɩɟɪɟɢɦɟɧɨɜɚɧɧɵɣ ɤɨɧɬɟɣɧɟɪ. ȼɫɟ ɢɫɯɨɞɧɵɟ ɨɛɧɨɜɥɟɧɢɹ Active Directory ɹɜɥɹɸɬɫɹ . ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜ ɩɪɨɰɟɫɫɟ ɩɟɪɟɞɚɱɢ ɦɨɞɢɮɢɤɚɰɢɹ ɞɨɥɠɧɚ ɛɵɬɶ ɩɟɪɟɞɚɧɚ ɩɨɥɧɨɫɬɶɸ, ɤɚɤ ɰɟɥɚɹ ɬɪɚɧɡɚɤɰɢɹ, ɢ ɧɢɤɚɤɚɹ ɟɟ ɱɚɫɬɶ ɧɟ ɩɟɪɟɞɚɟɬɫɹ ɨɬɞɟɥɶɧɨ ɨɬ ɞɪɭɝɢɯ ɱɚɫɬɟɣ.
ɉɨɫɥɟ ɩɟɪɟɞɚɱɢ ɢɫɯɨɞɧɨɝɨ ɨɛɧɨɜɥɟɧɢɹ ɢɡɦɟɧɟɧɢɟ ɞɨɥɠɧɨ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɫɨɞɟɪɠɚɬ ɪɟɩɥɢɤɭ ɷɬɨɝɨ ɪɚɡɞɟɥɚ. ȼ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɨɦ ɩɪɨɢɡɨɲɥɨ ɢɫɯɨɞɧɨɟ ɨɛɧɨɜɥɟɧɢɟ, ɠɞɟɬ 15 ɫ ɩɟɪɟɞ ɧɚɱɚɥɨɦ ɤɨɩɢɪɨɜɚɧɢɹ ɢɡɦɟɧɟɧɢɣ ɫɜɨɢɦ ɩɪɹɦɵɦ ɩɚɪɬɧɟɪɚɦ ɩɨ ɪɟɩɥɢɤɚɰɢɢ. ɗɬɨ ɨɠɢɞɚɧɢɟ ɩɪɟɞɧɚɡɧɚɱɟɧɨ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɧɟɫɤɨɥɶɤɨ ɦɨɞɢɮɢɤɚɰɢɣ ɤ ɛɚɡɟ ɞɚɧɧɵɯ ɦɨɠɧɨ ɛɵɥɨ ɪɟɩɥɢɰɢɪɨɜɚɬɶ ɨɞɧɨɜɪɟɦɟɧɧɨ, ɱɬɨ ɭɜɟɥɢɱɢɜɚɟɬ ɷɮɮɟɤɬɢɜɧɨɫɬɶ ɪɟɩɥɢɤɚɰɢɢ. Ɇɟɠɞɭ ɫɚɣɬɚɦɢ ɢɫɯɨɞɧɨɟ ɨɛɧɨɜɥɟɧɢɟ ɛɭɞɟɬ ɤɨɩɢɪɨɜɚɬɶɫɹ ɩɚɪɬɧɟɪɚɦ ɩɨ ɪɟɩɥɢɤɚɰɢɢ ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɝɪɚɮɢɤɨɦ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɦ ɧɚ ɫɜɹɡɹɯ ɫɚɣɬɚ. Ⱦɥɹ ɪɟɩɥɢɤɚɰɢɢ ɢɡɦɟɧɟɧɢɣ ɢɧɮɨɪɦɚɰɢɢ ɤɚɬɚɥɨɝɚ ɤɨɧɬɪɨɥɥɟɪɚɦ ɞɨɦɟɧɚ ɬɪɟɛɭɟɬɫɹ ɦɟɯɚɧɢɡɦ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɨɬɨɤɨɦ ɪɟɩɥɢɤɚɰɢɢ. Ⱦɥɹ ɨɩɬɢɦɢɡɚɰɢɢ ɪɟɩɥɢɤɚɰɢɢ Active Directory ɫɥɟɞɭɟɬ ɩɟɪɟɫɵɥɚɬɶ ɬɨɥɶɤɨ ɬɟ ɢɡɦɟɧɟɧɢɹ, ɤɨɬɨɪɵɟ ɞɨɥɠɧɵ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɦɟɠɞɭ ɞɜɭɦɹ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ. Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɞɨɥɠɧɵ ɭɦɟɬɶ ɨɩɪɟɞɟɥɹɬɶ ɷɬɢ ɢɡɦɟɧɟɧɢɹ, ɟɫɥɢ ɬɚɤɨɜɵɟ ɜɨɨɛɳɟ ɢɦɟɸɬɫɹ, ɚ ɡɚɬɟɦ ɤɨɩɢɪɨɜɚɬɶ ɬɨɥɶɤɨ ɬɭ ɱɚɫɬɶ ɢɡɦɟɧɟɧɢɣ, ɤɨɬɨɪɚɹ ɬɪɟɛɭɟɬɫɹ. Ⱦɥɹ ɭɩɪɚɜɥɟɧɢɹ ɪɟɩɥɢɤɚɰɢɟɣ ɤɚɬɚɥɨɝɚ ɜ Active Directory ɢɫɩɨɥɶɡɭɸɬɫɹ ɩɨɪɹɞɤɨɜɵɟ ɧɨɦɟɪɚ ɨɛɧɨɜɥɟɧɢɣ (USN update sequence number), ɡɧɚɱɟɧɢɹ ɭɪɨɜɧɹ (high-watermark value), ɜɟɤɬɨɪɵ ɧɨɜɢɡɧɵ (up-to-dateness vectors) ɢ ɨɬɦɟɬɤɢ ɨɛ ɢɡɦɟɧɟɧɢɹɯ (change stamps). ɗɬɢ ɤɨɦɩɨɧɟɧɬɵ ɨɛɫɭɠɞɚɸɬɫɹ ɞɚɥɟɟ. Ʉɨɝɞɚ ɨɛɴɟɤɬ ɛɚɡɵ ɞɚɧɧɵɯ ɦɨɞɢɮɢɰɢɪɭɟɬɫɹ, ɬɨ ɢɡɦɟɧɟɧɢɸ ɩɪɢɫɜɚɢɜɚɟɬɫɹ ɩɨɪɹɞɤɨɜɵɣ ɧɨɦɟɪ ɨɛɧɨɜɥɟɧɢɹ. ɉɨɪɹɞɤɨɜɵɟ ɧɨɦɟɪɚ ɨɛɧɨɜɥɟɧɢɹ (USN — update sequence number) ɹɜɥɹɸɬɫɹ ɫɩɟɰɢɮɢɤɨɣ ɛɚɡ ɞɚɧɧɵɯ ɫɟɪɜɟɪɚ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɢɡɦɟɧɟɧɢɸ ɧɨɦɟɪɚ ɬɟɥɟɮɨɧɚ ɨɞɧɨɝɨ ɢɡ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɛɵɥ ɧɚɡɧɚɱɟɧ ɧɨɦɟɪ USN 5555, ɬɨ ɫɥɟɞɭɸɳɟɟ ɢɡɦɟɧɟɧɢɟ ɛɚɡɵ ɞɚɧɧɵɯ, ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɢɡɦɟɧɹɟɦɨɝɨ ɨɛɴɟɤɬɚ, ɛɭɞɟɬ ɢɦɟɬɶ ɧɨɦɟɪ USN 5556. Ɉɞɢɧ ɧɨɦɟɪ USN ɧɚɡɧɚɱɚɟɬɫɹ ɞɥɹ ɤɚɠɞɨɝɨ ɫɨɜɟɪɲɟɧɧɨɝɨ ɢɡɦɟɧɟɧɢɹ. ȿɫɥɢ ɜ ɨɞɧɨɣ ɦɨɞɢɮɢɤɚɰɢɢ ɢɡɦɟɧɟɧɨ ɧɟɫɤɨɥɶɤɨ ɚɬɪɢɛɭɬɨɜ (ɧɚɩɪɢɦɟɪ, ɚɞɪɟɫ, ɧɨɦɟɪ ɬɟɥɟɮɨɧɚ ɢ ɦɟɫɬɨɩɨɥɨɠɟɧɢɟ ɨɮɢɫɚ), ɬɨ ɷɬɨɣ ɦɨɞɢɮɢɤɚɰɢɢ ɧɚɡɧɚɱɚɟɬɫɹ ɬɨɥɶɤɨ ɨɞɢɧ USN. ɋɭɳɟɫɬɜɭɟɬ ɬɪɢ ɫɩɨɫɨɛɚ ɢɫɩɨɥɶɡɨɜɚɧɢɹ USN ɩɪɢ ɜɵɩɨɥɧɟɧɢɢ ɦɨɞɢɮɢɤɚɰɢɣ. ȼɨ-ɩɟɪɜɵɯ, ɥɨɤɚɥɶɧɨɟ ɡɧɚɱɟɧɢɟ USN ɫɨɯɪɚɧɹɟɬɫɹ ɜɦɟɫɬɟ ɫ ɚɬɪɢɛɭɬɨɦ, ɤɨɬɨɪɵɣ ɛɵɥ ɦɨɞɢɮɢɰɢɪɨɜɚɧ. Ʌɨɤɚɥɶɧɨɟ ɡɧɚɱɟɧɢɟ ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ USN ɢɡɦɟɧɟɧɧɨɝɨ ɚɬɪɢɛɭɬɚ. ȼɨ-ɜɬɨɪɵɯ, USN ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɚɬɪɢɛɭɬɚ uSNChanged ɨɛɴɟɤɬɚ. ɗɬɨɬ ɚɬɪɢɛɭɬ ɯɪɚɧɢɬɫɹ ɫ ɤɚɠɞɵɦ ɨɛɴɟɤɬɨɦ ɢ ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ ɫɚɦɵɣ ɜɵɫɨɤɢɣ USN ɞɥɹ ɚɬɪɢɛɭɬɨɜ ɞɚɧɧɨɝɨ ɨɛɴɟɤɬɚ. Ɋɚɫɫɦɨɬɪɢɦ ɩɪɢɦɟɪ. ɉɪɟɞɩɨɥɨɠɢɦ, ɱɬɨ ɛɵɥ ɢɡɦɟɧɟɧ ɧɨɦɟɪ ɬɟɥɟɮɨɧɚ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɢ ɷɬɨɦɭ ɢɡɦɟɧɟɧɢɸ ɛɵɥ ɧɚɡɧɚɱɟɧ USN, ɪɚɜɧɵɣ 5556. ɂ ɥɨɤɚɥɶɧɵɣ USN, ɢ ɚɬɪɢɛɭɬ uSNChanged ɛɭɞɭɬ ɭɫɬɚɧɨɜɥɟɧɵ ɧɚ 5556. ȿɫɥɢ ɫɥɟɞɭɸɳɚɹ ɦɨɞɢɮɢɤɚɰɢɹ, ɫɞɟɥɚɧɧɚɹ ɜ ɤɚɬɚɥɨɝɟ ɧɚ ɬɨɦ ɠɟ ɫɟɪɜɟɪɟ, ɫɨɫɬɨɢɬ ɜ ɢɡɦɟɧɟɧɢɢ ɚɞɪɟɫɚ ɬɨɝɨ ɠɟ ɫɚɦɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɬɨ ɦɟɫɬɧɵɣ USN ɧɚ ɚɬɪɢɛɭɬɟ ɚɞɪɟɫɚ ɢ ɚɬɪɢɛɭɬ uSNChanged ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɨɛɴɟɤɬɚ ɛɭɞɭɬ ɢɡɦɟɧɟɧɵ ɧɚ 5557. Ɉɞɧɚɤɨ ɦɟɫɬɧɵɣ USN ɞɥɹ ɚɬɪɢɛɭɬɚ ɧɨɦɟɪɚ ɬɟɥɟɮɨɧɚ ɨɫɬɚɧɟɬɫɹ ɪɚɜɧɵɦ 5556, ɩɨɬɨɦɭ ɱɬɨ ɷɬɨ USN ɞɥɹ ɩɨɫɥɟɞɧɟɣ ɦɨɞɢɮɢɤɚɰɢɢ ɷɬɨɝɨ ɤɨɧɤɪɟɬɧɨɝɨ ɚɬɪɢɛɭɬɚ. Ʌɨɤɚɥɶɧɵɣ USN ɢ ɚɬɪɢɛɭɬ uSNChanged ɨɬɧɨɫɹɬɫɹ ɤɚɤ ɤ ɢɫɯɨɞɧɵɦ, ɬɚɤ ɢ ɤ ɪɟɩɥɢɰɢɪɭɟɦɵɦ ɨɛɧɨɜɥɟɧɢɹɦ. ȼ ɩɨɫɥɟɞɧɟɦ ɫɩɨɫɨɛɟ USN ɢɫɩɨɥɶɡɭɟɬɫɹ ɤɚɤ USN ɚɬɪɢɛɭɬɚ. ɗɬɨ ɡɧɚɱɟɧɢɟ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɬɨɥɶɤɨ ɞɥɹ ɢɫɯɨɞɧɵɯ ɦɨɞɢɮɢɤɚɰɢɣ, ɨɧɨ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɞɪɭɝɢɟ
ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɤɚɤ ɱɚɫɬɶ ɪɟɩɥɢɤɚɰɢɢ ɚɬɪɢɛɭɬɨɜ. Ʉɨɝɞɚ ɧɚ ɫɟɪɜɟɪɟ ɢɡɦɟɧɹɟɬɫɹ ɧɨɦɟɪ ɬɟɥɟɮɨɧɚ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɬɨ USN ɷɬɨɝɨ ɢɡɦɟɧɟɧɢɹ ɧɚɡɧɚɱɚɟɬɫɹ ɪɚɜɧɵɦ ɢɫɯɨɞɧɨɦɭ ɡɧɚɱɟɧɢɸ USN. Ʉɨɝɞɚ ɢɡɦɟɧɟɧɧɵɣ ɧɨɦɟɪ ɬɟɥɟɮɨɧɚ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɞɪɭɝɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɢɫɯɨɞɧɵɣ USN ɩɨɫɵɥɚɟɬɫɹ ɜɦɟɫɬɟ ɫ ɦɨɞɢɮɢɤɚɰɢɟɣ, ɢ ɷɬɨ ɡɧɚɱɟɧɢɟ ɧɟ ɢɡɦɟɧɹɟɬɫɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɚɞɪɟɫɚɬɚ. Ʌɨɤɚɥɶɧɵɣ USN ɢ ɚɬɪɢɛɭɬ uSNChanged ɛɭɞɭɬ ɢɡɦɟɧɟɧɵ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɚɞɪɟɫɚɬɚ, ɧɨ ɢɫɯɨɞɧɵɣ USN ɧɟ ɢɡɦɟɧɢɬɫɹ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɫɚɦ ɚɬɪɢɛɭɬ ɧɟ ɛɭɞɟɬ ɫɧɨɜɚ ɦɨɞɢɮɢɰɢɪɨɜɚɧ. ɂɫɯɨɞɧɵɣ USN ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɞɟɦɩɮɢɪɨɜɚɧɢɹ ɪɚɫɩɪɨɫɬɪɚɧɟɧɢɹ, ɤɨɬɨɪɨɟ ɪɚɫɫɦɚɬɪɢɜɚɟɬɫɹ ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ. Ɂɧɚɱɟɧɢɹ ɭɪɨɜɧɟɣ (high-watermark values) ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɬɟɦ, ɤɚɤɚɹ ɢɧɮɨɪɦɚɰɢɹ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ. Ʉɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɨɞɞɟɪɠɢɜɚɟɬ ɫɜɨɣ ɫɨɛɫɬɜɟɧɧɵɣ ɧɚɛɨɪ ɭɪɨɜɧɟɣ ɞɥɹ ɤɚɠɞɨɝɨ ɢɡ ɫɜɨɢɯ ɩɪɹɦɵɯ ɩɚɪɬɧɟɪɨɜ ɩɨ ɪɟɩɥɢɤɚɰɢɢ. ɍɪɨɜɟɧɶ -ɷɬɨ ɩɨɫɥɟɞɧɟɟ ɡɧɚɱɟɧɢɟ uSNChanged, ɤɨɬɨɪɨɟ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɨɥɭɱɢɥ ɨɬ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɩɚɪɬɧɟɪɚ ɩɨ ɪɟɩɥɢɤɚɰɢɢ. Ʉɨɝɞɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɨɫɵɥɚɟɬ ɦɨɞɢɮɢɤɚɰɢɸ ɩɚɪɬɧɟɪɭ ɩɨ ɪɟɩɥɢɤɚɰɢɢ, ɡɧɚɱɟɧɢɟ uSNChanged ɩɨɫɵɥɚɟɬɫɹ ɜɦɟɫɬɟ ɫ ɦɨɞɢɮɢɤɚɰɢɟɣ. Ʉɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɚɞɪɟɫɚɬɚ ɫɨɯɪɚɧɹɟɬ ɟɝɨ ɤɚɤ ɡɧɚɱɟɧɢɟ ɭɪɨɜɧɹ ɞɥɹ ɩɚɪɬɧɟɪɚ ɩɨ ɪɟɩɥɢɤɚɰɢɢ. Ɂɧɚɱɟɧɢɹ ɭɪɨɜɧɟɣ ɢɫɩɨɥɶɡɭɸɬɫɹ ɜɨ ɜɪɟɦɹ ɩɪɨɰɟɫɫɚ ɪɟɩɥɢɤɚɰɢɢ. Ʉɨɝɞɚ ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɡɚɩɪɚɲɢɜɚɟɬ ɨɛɧɨɜɥɟɧɢɟ ɭ ɞɪɭɝɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɬɨ ɤɨɧɬɪɨɥɥɟɪ-ɚɞɪɟɫɚɬ ɩɨɫɵɥɚɟɬ ɫɜɨɟ ɡɧɚɱɟɧɢɟ ɭɪɨɜɧɹ ɤɨɧɬɪɨɥɥɟɪɭ-ɨɬɩɪɚɜɢɬɟɥɸ. Ʉɨɧɬɪɨɥɥɟɪ-ɨɬɩɪɚɜɢɬɟɥɶ ɢɫɩɨɥɶɡɭɟɬ ɡɧɚɱɟɧɢɟ ɭɪɨɜɧɹ ɤɨɧɬɪɨɥɥɟɪɚ-ɚɞɪɟɫɚɬɚ ɞɥɹ ɮɢɥɶɬɪɚɰɢɢ ɜɫɟɯ ɩɨɬɟɧɰɢɚɥɶɧɵɯ ɨɛɧɨɜɥɟɧɢɣ ɢ ɩɨɫɵɥɚɟɬ ɬɨɥɶɤɨ ɬɟ ɢɡɦɟɧɟɧɢɹ, ɤɨɬɨɪɵɟ ɢɦɟɸɬ ɛɨɥɟɟ ɜɵɫɨɤɨɟ ɡɧɚɱɟɧɢɟ uSNChanged. . . ȼɟɤɬɨɪɵ ɧɨɜɢɡɧɵ (up-to-dateness vectors) ɬɚɤɠɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɬɟɦ, ɤɚɤɚɹ ɢɧɮɨɪɦɚɰɢɹ ɞɨɥɠɧɚ ɤɨɩɢɪɨɜɚɬɶɫɹ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ. ȼɟɤɬɨɪɵ ɧɨɜɢɡɧɵ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɨɬɫɥɟɠɢɜɚɧɢɹ ɜɫɟɯ ɢɫɯɨɞɧɵɯ ɦɨɞɢɮɢɤɚɰɢɣ, ɤɨɬɨɪɵɟ ɞɚɧɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɨɥɭɱɢɥ ɨɬ ɤɚɤɨɝɨ-ɥɢɛɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɇɚɩɪɢɦɟɪ, ɢɡɦɟɧɟɧ ɧɨɦɟɪ ɬɟɥɟɮɨɧɚ ɩɨɥɶɡɨɜɚɬɟɥɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ DC1, ɢ ɚɬɪɢɛɭɬɭ ɧɚɡɧɚɱɟɧ ɢɫɯɨɞɧɵɣ USN, ɪɚɜɧɵɣ 5556. Ʉɨɝɞɚ ɷɬɨɬ ɚɬɪɢɛɭɬ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪ DC2, ɢɫɯɨɞɧɵɣ USN ɤɨɩɢɪɭɟɬɫɹ ɫ ɨɛɧɨɜɥɟɧɧɵɦ ɚɬɪɢɛɭɬɨɦ. Ʉɪɨɦɟ ɬɨɝɨ, GUID ɤɨɧɬɪɨɥɥɟɪɚ DC1 ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɜɦɟɫɬɟ ɫ ɚɬɪɢɛɭɬɨɦ. Ʉɨɝɞɚ DC2 ɩɨɥɭɱɚɟɬ ɷɬɨ ɨɛɧɨɜɥɟɧɢɟ, ɨɧ ɦɨɞɢɮɢɰɢɪɭɟɬ ɫɜɨɣ ɜɟɤɬɨɪ ɧɨɜɢɡɧɵ, ɩɨɤɚɡɵɜɚɹ, ɱɬɨ ɫɚɦɨɟ ɩɨɫɥɟɞɧɟɟ ɢɫɯɨɞɧɨɟ ɨɛɧɨɜɥɟɧɢɟ, ɩɨɥɭɱɟɧɧɨɟ ɨɬ DC1, ɬɟɩɟɪɶ ɪɚɜɧɨ 5556. ȼɟɤɬɨɪ ɧɨɜɢɡɧɵ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɝɪɚɧɢɱɟɧɢɹ ɬɪɚɮɢɤɚ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ. Ʉɨɝɞɚ ɤɨɧɬɪɨɥɥɟɪ-ɚɞɪɟɫɚɬ ɡɚɩɪɚɲɢɜɚɟɬ ɨɛɧɨɜɥɟɧɢɟ ɭ ɤɨɧɬɪɨɥɥɟɪɚ-ɨɬɩɪɚɜɢɬɟɥɹ, ɨɧ ɜɤɥɸɱɚɟɬ ɜ ɡɚɩɪɨɫ ɫɜɨɢ ɜɟɤɬɨɪɵ ɧɨɜɢɡɧɵ. Ɂɚɬɟɦ ɤɨɦɩɶɸɬɟɪ-ɨɬɩɪɚɜɢɬɟɥɶ ɢɫɩɨɥɶɡɭɟɬ ɷɬɭ ɢɧɮɨɪɦɚɰɢɸ ɞɥɹ ɮɢɥɶɬɪɚɰɢɢ ɫɩɢɫɤɚ ɜɫɟɯ ɜɨɡɦɨɠɧɵɯ ɦɨɞɢɮɢɤɚɰɢɣ, ɤɨɬɨɪɵɟ ɨɧ ɦɨɠɟɬ ɩɨɫɥɚɬɶ ɤɨɧɬɪɨɥɥɟɪɭ-ɚɞɪɟɫɚɬɭ. Ɍɚɤɨɣ ɜɵɛɨɪ ɜɚɠɟɧ, ɤɨɝɞɚ ɢɦɟɟɬɫɹ ɛɨɥɟɟ ɞɜɭɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɞɥɹ ɞɚɧɧɨɝɨ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɤ ɫɰɟɧɚɪɢɸ, ɨɩɢɫɚɧɧɨɦɭ ɜ ɩɪɟɞɲɟɫɬɜɭɸɳɟɦ ɩɚɪɚɝɪɚɮɟ, ɞɨɛɚɜɢɬɶ ɤɨɧɬɪɨɥɥɟɪ DC3, ɬɨ ɢɡɦɟɧɟɧɢɟ ɧɨɦɟɪɚ ɬɟɥɟɮɨɧɚ, ɫɞɟɥɚɧɧɨɟ ɧɚ DC1, ɛɭɞɟɬ ɤɨɩɢɪɨɜɚɬɶɫɹ ɢ ɧɚ DC2, ɢ ɧɚ DC3. Ɍɟɩɟɪɶ DC3 ɢ DC2 ɛɭɞɭɬ ɢɦɟɬɶ ɨɛɧɨɜɥɟɧɧɵɣ ɧɨɦɟɪ ɬɟɥɟɮɨɧɚ, ɨɧɢ ɢɡɦɟɧɹɬ ɫɜɨɢ ɜɟɤɬɨɪɵ ɧɨɜɢɡɧɵ, ɩɨɤɚɡɵɜɚɹ, ɱɬɨ ɫɚɦɚɹ ɩɨɫɥɟɞɧɹɹ ɦɨɞɢɮɢɤɚɰɢɹ, ɤɨɬɨɪɭɸ ɨɧɢ ɨɛɚ ɩɨɥɭɱɢɥɢ ɨɬ DC1, ɢɦɟɥɚ ɢɫɯɨɞɧɵɣ USN 5556. ɉɪɢɛɥɢɡɢɬɟɥɶɧɨ ɱɟɪɟɡ 15 ɫ ɩɨɫɥɟ ɩɨɥɭɱɟɧɢɹ ɷɬɨɣ ɦɨɞɢɮɢɤɚɰɢɢ DC2 ɭɜɟɞɨɦɢɬ DC3, ɱɬɨ ɭ ɧɟɝɨ ɟɫɬɶ ɨɛɧɨɜɥɟɧɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. Ʉɨɝɞɚ DC3 ɛɭɞɟɬ ɡɚɩɪɚɲɢɜɚɬɶ ɨɛɧɨɜɥɟɧɢɹ ɤɚɬɚɥɨɝɚ ɭ DC2, ɨɧ ɜɤɥɸɱɢɬ ɫɜɨɣ ɜɟɤɬɨɪ ɧɨɜɢɡɧɵ ɜ ɡɚɩɪɨɫ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ DC2 ɨɩɪɟɞɟɥɢɬ, ɱɬɨ ɜɟɤɬɨɪ ɧɨɜɢɡɧɵ ɤɨɧɬɪɨɥɥɟɪɚ DC3 ɞɥɹ DC1 ɭɠɟ ɢɦɟɟɬ ɧɨɜɟɣɲɢɣ ɢɫɯɨɞɧɵɣ ɧɨɦɟɪ USN. ȿɫɥɢ ɦɨɞɢɮɢɤɚɰɢɹ ɧɨɦɟɪɚ ɬɟɥɟɮɨɧɚ ɛɵɥɚ ɟɞɢɧɫɬɜɟɧɧɵɦ ɢɡɦɟɧɟɧɢɟɦ, ɫɞɟɥɚɧɧɵɦ ɤ ɤɚɬɚɥɨɝɭ ɜ ɷɬɨɬ ɜɪɟɦɟɧɧɨɣ ɩɟɪɢɨɞ, ɬɨ ɢɧɮɨɪɦɚɰɢɹ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ DC2 ɢ DC3 ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɧɟ ɛɭɞɟɬ. ɉɪɨɰɟɫɫ ɨɝɪɚɧɢɱɟɧɢɹ ɦɨɞɢɮɢɤɚɰɢɣ, ɩɨɫɵɥɚɟɦɵɯ ɜɨ ɜɪɟɦɹ ɪɟɩɥɢɤɚɰɢɢ, ɫ ɩɨɦɨɳɶɸ ɜɟɤɬɨɪɚ ɧɨɜɢɡɧɵ ɧɚɡɵɜɚɟɬɫɹ ɞɟɦɩɮɢɪɨɜɚɧɢɟɦ ɪɚɫɩɪɨɫɬɪɚɧɟɧɢɹ. Ʉɚɤ ɭɠɟ ɝɨɜɨɪɢɥɨɫɶ, ɫɥɭɠɛɚ Ʉɋɋ ɫɨɡɞɚɟɬ ɢɡɛɵɬɨɱɧɵɟ ɪɟɩɥɢ-ɤɚɰɢɨɧɧɵɟ ɫɜɹɡɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ. Ɉɞɧɚ ɢɡ ɩɪɨɛɥɟɦ, ɫɜɹɡɚɧɧɵɯ ɫ ɷɬɢɦ, ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɞɧɢ ɢ ɬɟ ɠɟ ɦɨɞɢɮɢɤɚɰɢɢ ɦɨɝɭɬ ɩɨɫɵɥɚɬɶɫɹ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ ɨɬ ɧɟɫɤɨɥɶɤɢɯ ɩɚɪɬɧɟɪɨɜ ɩɨ ɪɟɩɥɢɤɚɰɢɢ. ɗɬɨ ɜɟɞɟɬ ɤ ɭɜɟɥɢɱɟɧɢɸ ɬɪɚɮɢɤɚ ɪɟɩɥɢɤɚɰɢɢ, ɚ ɬɚɤɠɟ ɩɨɬɟɧɰɢɚɥɶɧɨ ɩɪɢɜɨɞɢɬ ɤ ɫɢɬɭɚɰɢɢ, ɤɨɝɞɚ ɨɞɧɚ ɢ ɬɚ ɠɟ ɦɨɞɢɮɢɤɚɰɢɹ ɩɨɫɵɥɚɟɬɫɹ ɧɟɨɞɧɨɤɪɚɬɧɨ ɜɫɟɦ ɤɨɧɬɪɨɥɥɟɪɚɦ ɞɨɦɟɧɚ. Ⱦɟɦɩɮɢɪɨɜɚɧɢɟ ɪɚɫɩɪɨɫɬɪɚɧɟɧɢɹ, ɢɫɩɨɥɶɡɭɸɳɟɟ ɜɟɤɬɨɪ ɧɨɜɢɡɧɵ,
ɭɫɬɪɚɧɹɟɬ ɬɚɤɭɸ ɜɨɡɦɨɠɧɨɫɬɶ.
USN
ɇɨɦɟɪɚ USN (update sequence number) ɞɥɹ ɥɸɛɨɝɨ ɨɛɴɟɤɬɚ ɦɨɠɧɨ ɩɪɨɫɦɨɬɪɟɬɶ ɫ ɩɨɦɨɳɶɸ ɫɪɟɞɫɬɜ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ, ɜɤɥɸɱɟɧɧɵɯ ɜ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ ɩɨɞɞɟɪɠɤɢ Windows Server 2003. Ɉɞɢɧ ɢɡ ɫɩɨɫɨɛɨɜ ɩɪɨɫɦɨɬɪɚ ɥɨɤɚɥɶɧɨɝɨ USN ɢɫɯɨɞɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɢɫɯɨɞɧɨɝɨ USN ɢ ɨɬɦɟɬɤɢ ɜɪɟɦɟɧɢ (time stamp) ɞɥɹ ɥɸɛɨɝɨ ɚɬɪɢɛɭɬɚ ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɢɧɫɬɪɭɦɟɧɬɚ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ Repadmin. (ɉɨɥɧɭɸ ɢɧɫɬɪɭɤɰɢɸ ɩɨ ɭɫɬɚɧɨɜɤɟ Repadmin ɫɦɨɬɪɢɬɟ ɜ ɪɚɡɞɟɥɟ «Ɇɨɧɢɬɨɪɢɧɝ ɢ ɩɨɢɫɤ ɧɟɢɫɩɪɚɜɧɨɫɬɟɣ ɪɟɩɥɢɤɚɰɢɢ» ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ.) ɇɚɩɟɱɚɬɚɣɬɟ repadmin /showmeta object distinguished name (ɨɬɥɢɱɢɬɟɥɶɧɨɟ ɢɦɹ ɨɛɴɟɤɬɚ) ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ. Ɂɧɚɱɟɧɢɹ uSNCreated ɢ uSNChanged ɦɨɠɧɨ ɭɜɢɞɟɬɶ ɜ ADSI Edit ɱɟɪɟɡ ɫɜɨɣɫɬɜɚ ɨɛɴɟɤɬɚ. ɑɬɨɛɵ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɢɧɮɨɪɦɚɰɢɢ ɪɟɩɥɢɤɚɰɢɢ ɱɟɪɟɡ Ldp.exe, ɧɚɣɞɢɬɟ ɨɛɴɟɤɬ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɨɛɴɟɤɬɟ, ɜɵɛɟɪɢɬɟ Advanced (Ɋɚɫɲɢɪɟɧɧɵɣ), ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ Replication Metadata (Ɇɟɬɚ-ɞɚɧɧɵɟ ɪɟɩɥɢɤɚɰɢɢ). Ɂɧɚɱɟɧɢɹ USN ɬɚɤɠɟ ɦɨɠɧɨ ɩɪɢɫɦɨɬɪɟɬɶ ɱɟɪɟɡ Ɇɨɧɢɬɨɪ ɪɟɩɥɢɤɚɰɢɢ (ɫɦ. ɪɢɫ. 4-10). Ⱦɥɹ ɷɬɨɝɨ ɞɨɛɚɜɶɬɟ ɫɟɪɜɟɪ ɤ ɫɩɢɫɤɭ ɦɨɧɢɬɨɪɢɧɝɚ, ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɫɟɪɜɟɪɟ ɢ ɜɵɛɟɪɢɬɟ Show Attribute Meta-Data For Active Directory Object (ɉɨɤɚɡɚɬɶ ɦɟɬɚɞɚɧɧɵɟ ɚɬɪɢɛɭɬɚ ɞɥɹ ɨɛɴɟɤɬɚ Active Directory). ȼɜɟɞɢɬɟ ɦɚɧɞɚɬ (credentials) ɞɥɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɫ ɞɨɫɬɭɩɨɦ ɤ Active Directory, ɚ ɡɚɬɟɦ ɧɚɩɟɱɚɬɚɣɬɟ ɨɬɥɢɱɢɬɟɥɶɧɨɟ ɢɦɹ ɨɛɴɟɤɬɚ. ɑɚɫɬɶ USN-ɢɧɮɨɪɦɚɰɢɢ ɞɨɫɬɭɩɧɚ ɬɚɤɠɟ ɢɡ ɨɛɵɱɧɵɯ ɫɪɟɞɫɬɜ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ. ɑɬɨɛɵ ɩɨɫɦɨɬɪɟɬɶ ɬɟɤɭɳɢɟ ɢ ɢɫɯɨɞɧɵɟ ɡɧɚɱɟɧɢɹ USN ɞɥɹ ɨɛɴɟɤɬɚ ɜ ɢɧɫɬɪɭɦɟɧɬɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Users And Computers, ɜɤɥɸɱɢɬɟ Advanced Features (Ɋɚɫɲɢɪɟɧɧɵɟ ɮɭɧɤɰɢɢ) ɜ ɦɟɧɸ View (ȼɢɞ), ɚ ɡɚɬɟɦ ɨɛɪɚɬɢɬɟɫɶ ɤ ɜɤɥɚɞɤɟ Object (Ɉɛɴɟɤɬ) ɜ ɨɤɧɟ Properties (ɋɜɨɣɫɬɜɚ) ɨɛɴɟɤɬɚ. ɍɪɨɜɟɧɶ ɢ ɜɟɤɬɨɪ ɧɨɜɢɡɧɵ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɨɝɪɚɧɢɱɟɧɢɹ ɬɪɚɮɢɤɚ ɪɟɩɥɢɤɚɰɢɢ. Ɂɧɚɱɟɧɢɟ ɭɪɨɜɧɹ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɫɚɦɨɟ ɩɨɫɥɟɞɧɟɟ ɢɡɦɟɧɟɧɢɟ, ɤɨɬɨɪɨɟ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɨɥɭɱɢɥ ɨɬ ɞɪɭɝɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɬɚɤ ɱɬɨ ɤɨɧɬɪɨɥɥɟɪ-ɨɬɩɪɚɜɢɬɟɥɶ ɧɟ ɞɨɥɠɟɧ ɫɧɨɜɚ ɩɨɫɵɥɚɬɶ ɷɬɨ ɡɧɚɱɟɧɢɟ. ȼɟɤɬɨɪ ɧɨɜɢɡɧɵ ɫɨɞɟɪɠɢɬ ɫɚɦɵɟ ɫɜɟɠɢɟ ɨɛɧɨɜɥɟɧɢɹ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɩɨɥɭɱɟɧɵ ɨɬ ɞɪɭɝɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɫɨɞɟɪɠɚɳɢɯ ɪɟɩɥɢɤɭ ɪɚɡɞɟɥɚ, ɬɚɤ ɱɬɨ ɤɨɧɬɪɨɥɥɟɪ-ɨɬɩɪɚɜɢɬɟɥɶ ɧɟ ɞɨɥɠɟɧ ɩɨɫɵɥɚɬɶ ɬɚɤɢɟ ɦɨɞɢɮɢɤɚɰɢɢ ɤɚɬɚɥɨɝɚ, ɤɨɬɨɪɵɟ ɤɨɧɬɪɨɥɥɟɪ-ɚɞɪɟɫɚɬ ɭɠɟ ɩɨɥɭɱɢɥ ɨɬ ɞɪɭɝɨɝɨ ɩɚɪɬɧɟɪɚ ɩɨ ɪɟɩɥɢɤɚɰɢɢ.
. 4-10.
-
Replication Monitor (
)
ɂ ɩɨɫɥɟɞɧɟɟ, ɱɬɨ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɪɟɩɥɢɤɚɰɢɟɣ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ, — ɷɬɨ ɨɬɦɟɬɤɚ ɨɛ ɢɡɦɟɧɟɧɢɢ (change stamp). ȼɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɚɬɪɢɛɭɬ ɦɨɞɢɮɢɰɢɪɭɟɬɫɹ, ɷɬɚ ɦɨɞɢɮɢɤɚɰɢɹ ɩɨɦɟɱɚɟɬɫɹ ɨɬɦɟɬɤɨɣ ɨɛ ɢɡɦɟɧɟɧɢɢ. Ɂɚɬɟɦ ɨɬɦɟɬɤɚ ɨɛ ɢɡɦɟɧɟɧɢɢ ɩɨɫɵɥɚɟɬɫɹ ɜɦɟɫɬɟ ɫ ɦɨɞɢɮɢɤɚɰɢɟɣ, ɤɨɝɞɚ ɦɨɞɢɮɢɤɚɰɢɹ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. Ɉɬɦɟɬɤɚ ɨɛ ɢɡɦɟɧɟɧɢɹɯ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤɨɟ ɢɡɦɟɧɟɧɢɟ ɛɭɞɟɬ ɩɪɢɧɹɬɨ ɜ ɫɥɭɱɚɟ
ɤɨɧɮɥɢɤɬɚ ɪɟɩɥɢɤɚɰɢɢ. Ɉɬɦɟɬɤɚ ɨɛ ɢɡɦɟɧɟɧɢɹɯ ɫɨɫɬɨɢɬ ɢɡ ɬɪɟɯ ɤɨɦɩɨɧɟɧɬɨɜ. • ɇɨɦɟɪ ɜɟɪɫɢɢ. Ɉɧ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɬɫɥɟɠɢɜɚɧɢɹ ɤɨɥɢɱɟɫɬɜɚ ɢɡɦɟɧɟɧɢɣ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɫɞɟɥɚɧɵ ɤ ɚɬɪɢɛɭɬɭ ɨɛɴɟɤɬɚ. Ʉɨɝɞɚ ɨɛɴɟɤɬ ɫɨɡɞɚɟɬɫɹ, ɧɨɦɟɪ ɜɟɪɫɢɢ ɭ ɜɫɟɯ ɚɬɪɢɛɭɬɨɜ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɧɚ 1, ɞɚɠɟ ɟɫɥɢ ɩɨɥɟ ɚɬɪɢɛɭɬɚ ɨɫɬɚɜɥɟɧɨ ɩɭɫɬɵɦ. Ʉɨɝɞɚ ɩɪɨɢɫɯɨɞɢɬ ɧɚɡɧɚɱɟɧɢɟ «ɩɭɫɬɨɝɨ» ɚɬɪɢɛɭɬɚ, ɡɧɚɱɟɧɢɟ ɧɨɦɟɪɚ ɜɟɪɫɢɢ ɨɫɬɚɟɬɫɹ ɪɚɜɧɵɦ 1. Ɉɞɧɚɤɨ ɤɨɝɞɚ ɚɬɪɢɛɭɬ ɨɛɧɨɜɥɹɟɬɫɹ ɩɨɫɥɟ ɧɚɱɚɥɶɧɨɝɨ ɢɡɦɟɧɟɧɢɹ, ɧɨɦɟɪ ɜɟɪɫɢɢ ɤɚɠɞɵɣ ɪɚɡ ɭɜɟɥɢɱɢɜɚɟɬɫɹ ɧɚ ɟɞɢɧɢɰɭ. • ȼɪɟɦɹ ɩɨɫɥɟɞɧɟɣ ɡɚɩɢɫɢ. Ɉɧɨ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɬɫɥɟɠɢɜɚɧɢɹ ɜɪɟɦɟɧɢ, ɤɨɝɞɚ ɩɪɨɢɡɨɲɥɚ ɩɨɫɥɟɞɧɹɹ ɦɨɞɢɮɢɤɚɰɢɹ ɚɬɪɢɛɭɬɚ. Ɂɧɚɱɟɧɢɟ ɜɪɟɦɟɧɢ ɪɟɝɢɫɬɪɢɪɭɟɬɫɹ ɧɚ ɬɨɦ ɫɟɪɜɟɪɟ, ɝɞɟ ɚɬɪɢɛɭɬ ɛɵɥ ɦɨɞɢɮɢɰɢɪɨɜɚɧ, ɢ ɤɨɩɢɪɭɟɬɫɹ ɜɦɟɫɬɟ ɫ ɨɛɴɟɤɬɨɦ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ.
•
ɂɫɯɨɞɧɵɣ ɫɟɪɜɟɪ (Originating server). ɗɬɨɬ ɤɨɦɩɨɧɟɧɬ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ GUID ɫɟɪɜɟɪɚ, ɧɚ ɤɨɬɨɪɨɦ ɛɵɥɚ ɩɪɢɦɟɧɟɧɚ ɩɨɫɥɟɞɧɹɹ ɢɫɯɨɞɧɚɹ ɦɨɞɢɮɢɤɚɰɢɹ ɚɬɪɢɛɭɬɚ. ɗɬɢ ɬɪɢ ɤɨɦɩɨɧɟɧɬɚ ɮɨɪɦɢɪɭɸɬ ɨɬɦɟɬɤɭ ɨɛ ɢɡɦɟɧɟɧɢɹɯ ɞɥɹ ɤɚɠɞɨɣ ɦɨɞɢɮɢɤɚɰɢɢ ɚɬɪɢɛɭɬɚ. Ʉɨɝɞɚ ɚɬɪɢɛɭɬ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɞɪɭɝɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɷɬɚ ɢɧɮɨɪɦɚɰɢɹ ɤɨɩɢɪɭɟɬɫɹ ɜɦɟɫɬɟ ɫ ɚɬɪɢɛɭɬɨɦ. ȿɫɥɢ ɨɞɢɧ ɢ ɬɨɬ ɠɟ ɚɬɪɢɛɭɬ ɢɡɦɟɧɟɧ ɧɚ ɞɜɭɯ ɪɚɡɥɢɱɧɵɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɨɞɧɨɜɪɟɦɟɧɧɨ, ɬɨ ɨɬɦɟɬɤɚ ɨɛ ɢɡɦɟɧɟɧɢɹɯ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɬɨɝɨ, ɤɚɤɨɣ ɚɬɪɢɛɭɬ ɛɭɞɟɬ ɩɪɢɧɹɬ ɜ ɤɚɱɟɫɬɜɟ ɡɚɤɥɸɱɢɬɟɥɶɧɨɝɨ ɢɡɦɟɧɟɧɢɹ. ȼ ɫɥɭɱɚɟ ɤɨɧɮɥɢɤɬɚ ɪɟɲɟɧɢɟ ɨɬɧɨɫɢɬɟɥɶɧɨ ɡɚɤɥɸɱɢɬɟɥɶɧɨɝɨ ɢɡɦɟɧɟɧɢɹ ɞɟɥɚɟɬɫɹ ɜ ɫɥɟɞɭɸɳɟɦ ɩɨɪɹɞɤɟ. 1. ɇɨɦɟɪ ɜɟɪɫɢɢ. ȼɫɟɝɞɚ ɩɪɢɧɢɦɚɟɬɫɹ ɢɡɦɟɧɟɧɢɟ ɫ ɫɚɦɵɦ ɜɵɫɨɤɢɦ ɧɨɦɟɪɨɦ ɜɟɪɫɢɢ. ȿɫɥɢ ɢɡɦɟɧɟɧɢɟ ɧɚ ɨɞɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɢɦɟɟɬ ɧɨɦɟɪ ɜɟɪɫɢɢ 3, ɚ ɢɡɦɟɧɟɧɢɟ ɧɚ ɞɪɭɝɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɧɨɦɟɪ ɜɟɪɫɢɢ 4, ɛɭɞɟɬ ɜɫɟɝɞɚ ɩɪɢɧɢɦɚɬɶɫɹ ɢɡɦɟɧɟɧɢɟ ɫ ɧɨɦɟɪɨɦ ɜɟɪɫɢɢ 4. 2. ȼɪɟɦɹ ɩɨɫɥɟɞɧɟɣ ɡɚɩɢɫɢ. ȿɫɥɢ ɧɨɦɟɪɚ ɜɟɪɫɢɣ ɢɞɟɧɬɢɱɧɵ, ɬɨ ɛɭɞɟɬ ɩɪɢɧɹɬɨ ɢɡɦɟɧɟɧɢɟ ɫ ɫɚɦɵɦ ɧɟɞɚɜɧɢɦ ɜɪɟɦɟɧɟɦ ɩɨɫɥɟɞɧɟɣ ɡɚɩɢɫɢ. 3. GXJID ɫɟɪɜɟɪɚ. ȿɫɥɢ ɧɨɦɟɪɚ ɜɟɪɫɢɣ ɢ ɜɪɟɦɟɧɚ ɩɨɫɥɟɞɧɟɣ ɡɚɩɢɫɢ ɢɞɟɧɬɢɱɧɵ, ɬɨ ɢɫɩɨɥɶɡɭɟɬɫɹ GUID ɛɚɡɵ ɞɚɧɧɵɯ ɫɟɪɜɟɪɚ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɬɨɝɨ, ɤɚɤɨɟ ɢɡɦɟɧɟɧɢɟ ɞɨɥɠɧɨ ɛɵɬɶ ɩɪɢɧɹɬɨ. Ȼɭɞɟɬ ɩɪɢɧɹɬɨ ɢɡɦɟɧɟɧɢɟ, ɩɪɢɛɵɜɚɸɳɟɟ ɫ ɫɟɪɜɟɪɚ, ɢɦɟɸɳɟɝɨ ɛɨɥɟɟ ɜɵɫɨɤɢɣ GUID. ɂɞɟɧɬɢɮɢɤɚɬɨɪɵ GUID ɧɚɡɧɚɱɚɸɬɫɹ ɩɪɢ ɞɨɛɚɜɥɟɧɢɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɤ ɞɨɦɟɧɭ, a GUID ɧɚɡɧɚɱɚɟɬɫɹ ɩɪɨɢɡɜɨɥɶɧɨ.
П
че
ы .
,
,
. ,
.
-
. (
,
, .)
-
,
, ,
, ,
.
, .
,
, Active Directory,
. ɋɥɭɠɛɚ Active Directory ɫɩɨɫɨɛɧɚ ɪɚɡɪɟɲɚɬɶ ɤɨɧɮɥɢɤɬɵ, ɤɨɬɨɪɵɟ ɫɨɡɞɚɸɬɫɹ, ɤɨɝɞɚ ɨɞɢɧ ɢ ɬɨɬ ɠɟ ɚɬɪɢɛɭɬ ɨɛɴɟɤɬɚ ɢɡɦɟɧɹɟɬɫɹ ɨɞɧɨɜɪɟɦɟɧɧɨ ɧɚ ɞɜɭɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ. ɂɦɟɸɬɫɹ ɞɜɚ ɞɪɭɝɢɯ ɬɢɩɚ ɤɨɧɮɥɢɤɬɨɜ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɜɨɡɧɢɤɚɬɶ. • Ⱦɨɛɚɜɥɟɧɢɟ ɢɥɢ ɢɡɦɟɧɟɧɢɟ ɨɛɴɟɤɬɚ ɧɚ ɨɞɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɜ ɬɨ ɠɟ ɫɚɦɨɟ ɜɪɟɦɹ, ɤɨɝɞɚ ɤɨɧɬɟɣɧɟɪɧɵɣ ɨɛɴɟɤɬ ɷɬɨɝɨ ɨɛɴɟɤɬɚ ɭɞɚɥɹɟɬɫɹ ɧɚ ɞɪɭɝɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. Ɋɚɫɫɦɨɬɪɢɦ ɩɪɢɦɟɪ, ɜ ɤɨɬɨɪɨɦ ɧɚ ɨɞɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɛɵɥ ɞɨɛɚɜɥɟɧ ɧɨɜɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ ɤ ɨɪɝɚɧɢɡɚɰɢɨɧɧɨɣ ɟɞɢɧɢɰɟ (OU) Accounting (Ȼɭɯɝɚɥɬɟɪɢɹ). ȼ ɷɬɨ ɠɟ ɜɪɟɦɹ ɧɚ ɞɪɭɝɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɞɪɭɝɨɣ ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɭɞɚɥɹɟɬ OU Accounting. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɨɛɴɟɤɬ, ɤɨɬɨɪɵɣ ɛɵɥ ɞɨɛɚɜɥɟɧ ɤ ɭɞɚɥɟɧɧɨɦɭ ɤɨɧɬɟɣɧɟɪɭ, ɛɭɞɟɬ ɩɟɪɟɦɟɳɟɧ ɜ ɤɨɧɬɟɣɧɟɪ Active Directory ɫ ɢɦɟɧɟɦ LostAndFound. • Ⱦɨɛɚɜɥɟɧɢɟ ɨɛɴɟɤɬɨɜ ɫ ɨɞɧɢɦ ɢ ɬɟɦ ɠɟ ɨɬɧɨɫɢɬɟɥɶɧɵɦ ɨɬɥɢɱɢɬɟɥɶɧɵɦ ɢɦɟɧɟɦ (relative distinguished name) ɜ ɨɞɢɧ ɢ ɬɨɬ ɠɟ ɤɨɧɬɟɣɧɟɪ. Ɍɚɤɨɣ ɤɨɧɮɥɢɤɬ ɜɨɡɧɢɤɚɟɬ, ɤɨɝɞɚ ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɧɚ ɨɞɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɫɨɡɞɚɟɬ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɨɛɴɟɤɬ ɫ ɨɬɧɨɫɢɬɟɥɶɧɵɦ ɨɬɥɢɱɢɬɟɥɶɧɵɦ ɢɦɟɧɟɦ BDiaz ɜ OU Accounting, ɜ ɬɨ ɠɟ ɫɚɦɨɟ ɜɪɟɦɹ ɧɚ ɞɪɭɝɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɢɦɟɸɳɢɣ ɬɚɤɨɟ ɠɟ ɨɬɧɨɫɢɬɟɥɶɧɨɟ
ɨɬɥɢɱɢɬɟɥɶɧɨɟ ɢɦɹ, ɩɟɪɟɦɟɳɚɟɬɫɹ ɜ ɬɭ ɠɟ ɫɚɦɭɸ OU ɢɥɢ ɫɨɡɞɚɟɬɫɹ ɜ ɬɨɣ ɠɟ ɫɚɦɨɣ OU. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɬɨɝɨ, ɤɚɤɨɣ ɨɛɴɟɤɬ ɛɭɞɟɬ ɫɨɯɪɚɧɟɧ, ɚ ɤɚɤɨɣ ɩɟɪɟɢɦɟɧɨɜɚɧ, ɜ ɦɨɞɟɥɢ ɪɚɡɪɟɲɟɧɢɹ ɤɨɧɮɥɢɤɬɨɜ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ GUID, ɧɚɡɧɚɱɟɧɧɵɣ ɦɨɞɢɮɢɰɢɪɭɟɦɨɦɭ ɤɚɬɚɥɨɝɭ. Ɉɛɴɟɤɬ, ɢɦɟɸɳɢɣ ɛɨɥɟɟ ɜɵɫɨɤɢɣ GUID, ɛɭɞɟɬ ɫɨɯɪɚɧɟɧ, ɚ ɨɛɴɟɤɬ ɫ ɛɨɥɟɟ ɧɢɡɤɢɦ GUID ɩɟɪɟɢɦɟɧɨɜɚɧ ɧɚ BDiaz#CNF:userGUID, ɝɞɟ ɡɧɚɱɨɤ ɧɨɦɟɪɚ (#) ɹɜɥɹɟɬɫɹ ɫɢɦɜɨɥɨɦ ɞɭɛɥɢɪɨɜɚɧɢɹ. ȿɫɥɢ ɜɬɨɪɨɣ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɨɛɴɟɤɬ ɩɨɬɪɟɛɭɟɬɫɹ, ɬɨ ɟɝɨ ɦɨɠɧɨ ɛɭɞɟɬ ɩɟɪɟɢɦɟɧɨɜɚɬɶ. Ɋɟɩɥɢɤɚɰɢɹ ɭɞɚɥɟɧɢɣ ɨɛɴɟɤɬɨɜ ɨɛɪɚɛɚɬɵɜɚɟɬɫɹ ɜ Active Directory ɢɧɚɱɟ, ɱɟɦ ɞɪɭɝɢɟ ɦɨɞɢɮɢɤɚɰɢɢ ɤɚɬɚɥɨɝɚ. Ʉɨɝɞɚ ɭɞɚɥɹɟɬɫɹ ɭɱɟɬɧɚɹ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɨɧɚ ɧɟ ɭɧɢɱɬɨɠɚɟɬɫɹ ɧɟɦɟɞɥɟɧɧɨ. ȼɦɟɫɬɨ ɷɬɨɝɨ ɫɨɡɞɚɟɬɫɹ (tombstone). Ɉɛɴɟɤɬ-ɩɚɦɹɬɧɢɤ ɹɜɥɹɟɬɫɹ ɢɫɯɨɞɧɵɦ ɨɛɴɟɤɬɨɦ, ɭ ɤɨɬɨɪɨɝɨ ɚɬɪɢɛɭɬ isDeleted ɭɫɬɚɧɨɜɥɟɧ ɧɚ true (ɢɫɬɢɧɚ), ɚ ɛɨɥɶɲɢɧɫɬɜɨ ɚɬɪɢɛɭɬɨɜ ɨɛɴɟɤɬɚ ɭɞɚɥɟɧɨ. ɋɨɯɪɚɧɟɧɵ ɬɨɥɶɤɨ ɧɟɫɤɨɥɶɤɨ ɚɬɪɢɛɭɬɨɜ, ɬɢɩɚ GUID, SID, USN ɢ ɨɬɥɢɱɢɬɟɥɶɧɨɝɨ ɢɦɟɧɢ, ɤɨɬɨɪɵɟ ɬɪɟɛɭɸɬɫɹ ɞɥɹ ɢɞɟɧɬɢɮɢɤɚɰɢɢ ɷɬɨɝɨ ɨɛɴɟɤɬɚ. Ɉɛɴɟɤɬ-ɩɚɦɹɬɧɢɤ ɡɚɬɟɦ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. ɉɨ ɦɟɪɟ ɬɨɝɨ ɤɚɤ ɤɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɨɥɭɱɚɟɬ ɦɨɞɢɮɢɤɚɰɢɸ, ɦɨɞɢɮɢɤɚɰɢɢ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɫɞɟɥɚɧɵ ɧɚ ɢɫɯɨɞɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɩɪɢɦɟɧɹɸɬɫɹ ɧɚ ɜɫɟɯ ɨɫɬɚɥɶɧɵɯ ɤɨɧɬɪɨɥɥɟɪɚɯ. Ɉɛɴɟɤɬɵɩɚɦɹɬɧɢɤɢ ɨɫɬɚɸɬɫɹ ɜ ɛɚɡɟ ɞɚɧɧɵɯ ɞɨɦɟɧɚ ɜ ɬɟɱɟɧɢɟ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɩɟɪɢɨɞɚ ɜɪɟɦɟɧɢ, ɧɚɡɵɜɚɟɦɨɝɨ ɨɛɴɟɤɬɚ-ɩɚɦɹɬɧɢɤɚ (tombstone lifetime). ȼ ɤɨɧɰɟ ɜɪɟɦɟɧɢ ɠɢɡɧɢ ɨɛɴɟɤɬɚ-ɩɚɦɹɬɧɢɤɚ, ɭɫɬɚɧɨɜɥɟɧɧɨɝɨ ɩɨ ɭɦɨɥɱɚɧɢɸ ɧɚ 60 ɞɧɟɣ, ɤɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɭɞɚɥɹɟɬ ɟɝɨ ɢɡ ɫɜɨɟɣ ɤɨɩɢɢ ɛɚɡɵ ɞɚɧɧɵɯ. ɉɪɨɰɟɫɫ ɭɞɚɥɟɧɢɹ ɨɛɴɟɤɬɨɜ-ɩɚɦɹɬɧɢɤɨɜ ɢɡ ɛɚɡɵ ɞɚɧɧɵɯ ɧɚɡɵɜɚɟɬɫɹ (garbage collection). ɉɨ ɭɦɨɥɱɚɧɢɸ ɢɧɬɟɪɜɚɥ ɜɪɟɦɟɧɢ, ɱɟɪɟɡ ɤɨɬɨɪɵɣ ɩɪɨɢɡɜɨɞɢɬɫɹ ɫɛɨɪɤɚ ɦɭɫɨɪɚ, ɞɥɹ ɥɟɫɚ ɭɫɬɚɧɨɜɥɟɧ ɧɚ 12 ɱɚɫɨɜ. Ʉɚɠɞɵɟ 12 ɱɚɫɨɜ ɜɵɩɨɥɧɹɟɬɫɹ ɩɪɨɰɟɫɫ ɫɛɨɪɤɢ ɦɭɫɨɪɚ, ɢ ɭɞɚɥɹɸɬɫɹ ɜɫɟ ɨɛɴɟɤɬɵ-ɩɚɦɹɬɧɢɤɢ, ɜɪɟɦɹ ɠɢɡɧɢ ɤɨɬɨɪɵɯ ɢɫɬɟɤɥɨ. ȼ ɝɥɚɜɟ 1 ɝɨɜɨɪɢɥɨɫɶ ɨ ɬɨɦ, ɱɬɨ ɫɥɭɠɛɚ Active Directory Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɩɨɞɞɟɪɠɤɭ ɧɟɚɤɬɢɜɧɵɯ ɨɛɴɟɤɬɨɜ ɜ Active Directory. (lingering object) — ɷɬɨ ɨɛɴɟɤɬ, ɤɨɬɨɪɵɣ ɧɟ ɛɵɥ ɭɞɚɥɟɧ ɢɡ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɩɨɬɨɦɭ ɱɬɨ ɤɨɧɬɪɨɥɥɟɪ ɧɚɯɨɞɢɥɫɹ ɜ ɚɜɬɨɧɨɦɧɨɦ ɪɟɠɢɦɟ ɢɥɢ ɛɵɥ ɧɟ ɫɩɨɫɨɛɟɧ ɤ ɪɟɩɥɢɤɚɰɢɢ ɜ ɬɟɱɟɧɢɟ ɜɫɟɝɨ ɜɪɟɦɟɧɢ ɠɢɡɧɢ ɨɛɴɟɤɬɚɩɚɦɹɬɧɢɤɚ. Ⱦɥɹ ɭɞɚɥɟɧɢɹ ɧɟɚɤɬɢɜɧɵɯ ɨɛɴɟɤɬɨɜ ɢɫɩɨɥɶɡɭɟɬɫɹ ɢɧɫɬɪɭɦɟɧɬ Repadmin. С . ADSI Edit Ldp.exe. Э CN=Directory Service,CN=Windows NT,CN=Services,CN = Configuration, DC=ForestRootDomain. garbageCollPeriod tombstoneLifetime . .
ɉɪɢɱɢɧɚ ɫɨɡɞɚɧɢɹ ɧɟɫɤɨɥɶɤɢɯ ɫɚɣɬɨɜ ɜ Active Directory ɡɚɤɥɸɱɚɟɬɫɹ ɜ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɭɩɪɚɜɥɹɬɶ ɬɪɚɮɢɤɨɦ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɧɟɫɤɨɥɶɤɢɦɢ ɨɮɢɫɚɦɢ ɤɨɦɩɚɧɢɢ, ɨɫɨɛɟɧɧɨ ɦɟɠɞɭ ɬɟɦɢ, ɤɨɬɨɪɵɟ ɫɨɟɞɢɧɟɧɵ ɧɢɡɤɨɫɤɨɪɨɫɬɧɵɦɢ WAN-ɫɨɟɞɢɧɟɧɢɹɦɢ. Ʉɨɧɮɢɝɭɪɚɰɢɹ ɫɚɣɬɚ ɞɥɹ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ ɛɭɞɟɬ ɨɤɚɡɵɜɚɬɶ ɫɭɳɟɫɬɜɟɧɧɨɟ ɜɨɡɞɟɣɫɬɜɢɟ ɧɚ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ, ɢɞɭɳɢɣ ɩɨ ɫɟɬɢ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. ɋɮɨɪɦɭɥɢɪɨɜɚɬɶ ɱɟɬɤɢɣ ɤɪɢɬɟɪɢɣ ɬɨɝɨ, ɤɨɝɞɚ ɫɥɟɞɭɟɬ ɫɨɡɞɚɜɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɫɚɣɬ, ɬɪɭɞɧɨ ɢɡ-ɡɚ ɛɨɥɶɲɨɝɨ ɤɨɥɢɱɟɫɬɜɚ ɩɟɪɟɦɟɧɧɵɯ, ɤɨɬɨɪɵɟ ɞɨɥɠɧɵ ɛɵɬɶ ɜɤɥɸɱɟɧɵ ɜ ɷɬɨɬ ɤɪɢɬɟɪɢɣ. ȼ ɝɥɚɜɟ 5 ɩɪɢɜɨɞɢɬɫɹ ɩɨɞɪɨɛɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɨ ɫɨɡɞɚɧɢɢ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɫɚɣɬɨɜ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɞɚɥɟɟ ɪɚɫɫɦɨɬɪɟɧɵ ɞɪɭɝɢɟ ɜɨɩɪɨɫɵ ɩɨɫɬɪɨɟɧɢɹ Active Directory, ɤɨɬɨɪɵɟ ɧɭɠɧɨ ɭɱɢɬɵɜɚɬɶ ɩɪɢ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ ɬɨɩɨɥɨɝɢɢ ɫɚɣɬɚ. Ʉɚɤ ɫɤɚɡɚɧɨ ɜ ɝɥɚɜɟ 2, ɫɚɣɬ ɜ Active Directory — ɷɬɨ ɦɟɫɬɨ, ɜ ɤɨɬɨɪɨɦ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫɜɹɡɚɧɵ ɞɪɭɝ ɫ ɞɪɭɝɨɦ ɜɵɫɨɤɨɫɤɨɪɨɫɬɧɵɦɢ ɫɨɟɞɢɧɟɧɢɹɦɢ. Ɉɞɧɚ ɢɡ ɡɚɞɚɱ ɭɫɬɚɧɨɜɤɢ ɫɟɬɢ Active Directory ɫɨɫɬɨɢɬ ɜ ɨɩɪɟɞɟɥɟɧɢɢ ɬɨɝɨ, ɝɞɟ ɫɥɟɞɭɟɬ ɩɪɨɜɟɫɬɢ ɝɪɚɧɢɰɵ ɫɚɣɬɚ, ɚ ɡɚɬɟɦ ɫɨɟɞɢɧɢɬɶ ɫɚɣɬɵ ɜɦɟɫɬɟ.
Ʉɨɝɞɚ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ Active Directory, ɫɨɡɞɚɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɵɣ ɫɚɣɬ ɫ ɢɦɟɧɟɦ Default-First-SiteName (ɜ ɞɚɥɶɧɟɣɲɟɦ ɫɚɣɬ ɦɨɠɧɨ ɩɟɪɟɢɦɟɧɨɜɚɬɶ). ȿɫɥɢ ɧɟ ɫɨɡɞɚɟɬɫɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɫɚɣɬɨɜ, ɬɨ ɜɫɟ ɩɨɫɥɟɞɭɸɳɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɛɭɞɭɬ ɞɨɛɚɜɥɹɬɶɫɹ ɤ ɷɬɨɦɭ ɫɚɣɬɭ ɩɨ ɦɟɪɟ ɢɯ ɭɫɬɚɧɨɜɤɢ. Ɉɞɧɚɤɨ ɟɫɥɢ ɜɚɲɚ ɤɨɦɩɚɧɢɹ ɪɚɫɩɨɥɨɠɟɧɚ ɜ ɧɟɫɤɨɥɶɤɢɯ ɦɟɫɬɚɯ ɫ ɨɝɪɚɧɢɱɟɧɧɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɶɸ ɦɟɠɞɭ ɧɢɦɢ, ɬɨ ɜɵ ɧɚɜɟɪɧɹɤɚ ɡɚɯɨɬɢɬɟ ɫɨɡɞɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɚɣɬɵ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɚɣɬɵ ɫɨɡɞɚɸɬɫɹ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Sites And Services (ɋɚɣɬɵ ɢ ɫɥɭɠɛɵ Active Directory). ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɫɚɣɬ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɤɨɧɬɟɣɧɟɪɟ Sites (ɋɚɣɬɵ), ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ New Site (ɇɨɜɵɣ ɫɚɣɬ). ȼ ɫɩɢɫɤɟ Link Name (ɂɦɹ ɫɜɹɡɢ) ɜɵ ɞɨɥɠɧɵ ɜɵɛɪɚɬɶ ɬɭ ɫɜɹɡɶ ɫɚɣɬɚ, ɤɨɬɨɪɚɹ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɫɨɟɞɢɧɟɧɢɹ ɷɬɨɝɨ ɫɚɣɬɚ ɫ ɞɪɭɝɢɦɢ ɫɚɣɬɚɦɢ. Ʉɚɠɞɵɣ ɫɚɣɬ ɫɜɹɡɚɧ ɫ ɨɞɧɨɣ ɢɥɢ ɛɨɥɟɟ ɩɨɞɫɟɬɹɦɢ IP ɜ Active Directory. ɋɨɡɞɚɣɬɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɩɨɞɫɟɬɢ ɜ ɤɨɧɬɟɣɧɟɪɟ Subnets (ɉɨɞɫɟɬɢ) ɜ ɢɧɫɬɪɭɦɟɧɬɟ Active Directory Sites And Services ɢ ɫɜɹɠɢɬɟ ɩɨɞɫɟɬɢ ɫ ɧɨɜɵɦ ɫɚɣɬɨɦ. Ʉɚɠɞɵɣ ɫɚɣɬ ɞɨɥɠɟɧ ɢɦɟɬɶ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢ GC-ɫɟɪɜɟɪ. ɑɬɨɛɵ ɩɟɪɟɦɟɫɬɢɬɶ ɫɭɳɟɫɬɜɭɸɳɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɫɚɣɬ, ɜɵ ɦɨɠɟɬɟ ɳɟɥɤɧɭɬɶ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɨɛɴɟɤɬɟ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɟɝɨ ɬɟɤɭɳɟɦ ɤɨɧɬɟɣɧɟɪɟ Servers (ɋɟɪɜɟɪɵ) ɢ ɜɵɛɪɚɬɶ Move (ɉɟɪɟɦɟɫɬɢɬɶ). Ɂɚɬɟɦ ɜɚɦ ɛɭɞɟɬ ɩɪɟɞɥɨɠɟɧ ɜɵɛɨɪ ɫɚɣɬɚ, ɜ ɤɨɬɨɪɵɣ ɜɵ ɯɨɬɢɬɟ ɩɟɪɟɦɟɫɬɢɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ ɧɨɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɬɨ ɨɧ ɛɭɞɟɬ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɪɚɫɩɨɥɨɠɟɧ ɜ ɬɨɦ ɫɚɣɬɟ, ɜ ɤɨɬɨɪɨɦ ɩɨɞɫɟɬɶ IP ɫɨɨɬɜɟɬɫɬɜɭɟɬ IP-ɚɞɪɟɫɭ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ȼɨɡɦɨɠɧɨ ɫɨɡɞɚɧɢɟ ɫɚɣɬɚ ɛɟɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɧɨ ɷɬɨɝɨ ɞɟɥɚɬɶ ɧɟ ɫɥɟɞɭɟɬ.
ɋɨɟɞɢɧɟɧɢɹ Active Directory, ɤɨɬɨɪɵɟ ɫɜɹɡɵɜɚɸɬ ɫɚɣɬɵ ɜɦɟɫɬɟ, ɧɚɡɵɜɚɸɬɫɹ (Site Links). ɉɪɢ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɫɨɡɞɚɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɚɹ ɫɜɹɡɶ ɫɚɣɬɚ ɫ ɢɦɟɧɟɦ DEFAULTIPSITELINK. ȿɫɥɢ ɜɵ ɧɟ ɫɨɡɞɚɞɢɬɟ ɧɢɤɚɤɢɯ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɫɜɹɡɟɣ ɫɚɣɬɚ ɩɪɟɠɞɟ, ɱɟɦ ɫɨɡɞɚɞɢɬɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɚɣɬɵ, ɬɨ ɤɚɠɞɵɣ ɫɚɣɬ ɜɤɥɸɱɚɟɬɫɹ ɜ ɷɬɭ ɡɚɞɚɧɧɭɸ ɩɨ ɭɦɨɥɱɚɧɢɸ ɫɜɹɡɶ ɫɚɣɬɚ. ȿɫɥɢ WAN-ɫɜɹɡɢ ɦɟɠɞɭ ɨɮɢɫɚɦɢ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ ɨɞɢɧɚɤɨɜɵ ɩɨ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɢ ɫɬɨɢɦɨɫɬɢ, ɜɵ ɦɨɠɟɬɟ ɩɪɨɫɬɨ ɩɪɢɧɹɬɶ ɷɬɨ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɜɟɞɟɧɢɟ. ȿɫɥɢ ɜɫɟ ɫɚɣɬɵ ɫɨɟɞɢɧɟɧɵ ɨɞɧɨɣ ɫɜɹɡɶɸ, ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɧɢɦɢ ɛɭɞɟɬ ɢɦɟɬɶ ɨɞɢɧɚɤɨɜɵɟ ɫɜɨɣɫɬɜɚ. ɉɪɢ ɢɡɦɟɧɟɧɢɹɯ ɜ ɫɜɹɡɢ ɫɚɣɬɚ ɤɨɧɮɢɝɭɪɚɰɢɹ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɜɫɟɯ ɫɚɣɬɨɜ ɛɭɞɟɬ ɢɡɦɟɧɟɧɚ. ȿɫɥɢ ɜɵ ɯɨɬɢɬɟ ɢɦɟɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨ-ɪɚɡɧɨɦɭ ɭɩɪɚɜɥɹɬɶ ɪɟɩɥɢɤɚɰɢɟɣ ɦɟɠɞɭ ɫɚɣɬɚɦɢ, ɜɵ ɞɨɥɠɧɵ ɫɨɡɞɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɜɹɡɢ ɫɚɣɬɚ ɢ ɧɚɡɧɚɱɢɬɶ ɢɦ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɟ ɫɚɣɬɵ. ɋɨɡɞɚɧɢɟ ɫɜɹɡɟɣ ɫɚɣɬɚ ɧɟ ɡɚɦɟɧɹɟɬ ɪɚɛɨɬɭ ISTG. ɉɪɢ ɷɬɨɦ ɩɪɨɢɫɯɨɞɢɬ ɥɢɲɶ ɫɨɡɞɚɧɢɟ ɜɨɡɦɨɠɧɨɫɬɟɣ ɞɥɹ ɪɚɛɨɬɵ ISTG. Ʉɚɤ ɬɨɥɶɤɨ ɫɜɹɡɶ ɫɚɣɬɚ ɭɫɬɚɧɨɜɥɟɧɚ, ISTG ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɟɟ ɞɥɹ ɫɨɡɞɚɧɢɹ ɧɟɨɛɯɨɞɢɦɵɯ ɨɛɴɟɤɬɨɜ ɫɜɹɡɢ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɜɫɟɯ ɪɚɡɞɟɥɨɜ Active Directory ɦɟɠɞɭ ɜɫɟɦɢ ɫɚɣɬɚɦɢ. ɇɢɠɟ ɩɪɢɜɟɞɟɧɵ ɨɩɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɞɥɹ ɜɫɟɯ ɫɜɹɡɟɣ ɫɚɣɬɚ. • ɋɬɨɢɦɨɫɬɶ (Cost) - ɷɬɨ ɧɚɡɧɚɱɟɧɧɨɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɦ ɡɧɚɱɟɧɢɟ, ɤɨɬɨɪɨɟ ɨɩɪɟɞɟɥɹɟɬ ɨɬɧɨɫɢɬɟɥɶɧɭɸ ɫɬɨɢɦɨɫɬɶ ɫɜɹɡɢ ɫɚɣɬɚ. ɋɬɨɢɦɨɫɬɶ ɨɛɵɱɧɨ ɨɬɪɚɠɚɟɬ ɫɤɨɪɨɫɬɶ ɫɟɬɟɜɨɣ ɩɟɪɟɞɚɱɢ ɢ ɪɚɫɯɨɞɵ, ɫɜɹɡɚɧɧɵɟ ɫ ɟɟ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ. ɋɬɨɢɦɨɫɬɶ ɫɬɚɧɨɜɢɬɫɹ ɜɚɠɧɵɦ ɩɚɪɚɦɟɬɪɨɦ, ɟɫɥɢ ɜ ɨɪɝɚɧɢɡɚɰɢɢ ɢɦɟɸɬɫɹ ɢɡɛɵɬɨɱɧɵɟ ɫɜɹɡɢ ɫɚɣɬɚ, ɬ.ɟ. ɛɨɥɟɟ ɨɞɧɨɝɨ ɩɭɬɢ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɞɜɭɦɹ ɫɚɣɬɚɦɢ. ȼɨ ɜɫɟɯ ɫɥɭɱɚɹɯ ɜ ɤɚɱɟɫɬɜɟ ɩɭɬɢ ɪɟɩɥɢɤɚɰɢɢ ɜɵɛɢɪɚɟɬɫɹ ɦɚɪɲɪɭɬ ɫɚɦɨɣ ɧɢɡɤɨɣ ɫɬɨɢɦɨɫɬɢ. • Ƚɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ (Replication schedule) — ɨɩɪɟɞɟɥɹɟɬ, ɜ ɤɚɤɨɟ ɜɪɟɦɹ ɜ ɬɟɱɟɧɢɟ ɞɧɹ ɫɜɹɡɶ ɫɚɣɬɚ ɞɨɫɬɭɩɧɚ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ. Ɂɚɞɚɧɧɵɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɝɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɪɚɡɪɟɲɚɟɬ ɪɟɩɥɢɤɚɰɢɢ ɜ ɬɟɱɟɧɢɟ 24 ɱɚɫɨɜ ɜ ɞɟɧɶ. Ɉɞɧɚɤɨ ɟɫɥɢ ɩɪɨɩɭɫɤɧɚɹ ɫɩɨɫɨɛɧɨɫɬɶ ɩɭɬɢ ɤ ɫɚɣɬɭ ɨɝɪɚɧɢɱɟɧɚ, ɪɟɩɥɢɤɚɰɢɹ ɦɨɠɟɬ ɩɪɨɢɫɯɨɞɢɬɶ ɬɨɥɶɤɨ ɜ ɧɟɪɚɛɨɱɢɟ ɱɚɫɵ. • ɂɧɬɟɪɜɚɥ ɪɟɩɥɢɤɚɰɢɢ (Replication interval) - ɨɩɪɟɞɟɥɹɟɬ ɢɧɬɟɪɜɚɥɵ ɜɪɟɦɟɧɢ, ɱɟɪɟɡ ɤɨɬɨɪɵɟ ɫɟɪɜɟɪɵ-ɩɥɚɰɞɚɪɦɵ ɩɪɨɜɟɪɹɸɬ ɩɨɹɜɥɟɧɢɟ ɦɨɞɢɮɢɤɚɰɢɣ ɤɚɬɚɥɨɝɚ ɧɚ ɫɟɪɜɟɪɚɯɩɥɚɰɞɚɪɦɚɯ ɞɪɭɝɢɯ ɫɚɣɬɨɜ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɢɧɬɟɪɜɚɥ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɫɜɹɡɟɣ ɫɚɣɬɚ ɭɫɬɚɧɨɜɥɟɧ ɧɚ 180 ɦɢɧɭɬ. ɂɧɬɟɪɜɚɥ ɪɟɩɥɢɤɚɰɢɢ ɩɪɢɦɟɧɹɟɬɫɹ ɬɨɥɶɤɨ ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɝɪɚɮɢɤɨɦ ɪɟɩɥɢɤɚɰɢɢ. ȿɫɥɢ ɝɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɬɚɤ, ɱɬɨɛɵ ɩɨɡɜɨɥɹɬɶ ɪɟɩɥɢɤɚɰɢɢ ɫ 22:00 ɞɨ 5:00 ɩɨ ɭɦɨɥɱɚɧɢɸ, ɬɨ ɫɟɪɜɟɪɵ-ɩɥɚɰɞɚɪɦɵ ɩɪɨɜɟɪɹɸɬ ɦɨɞɢɮɢɤɚɰɢɢ ɱɟɪɟɡ ɤɚɠɞɵɟ 3 ɱɚɫɚ ɜ ɷɬɨɦ ɩɪɨɦɟɠɭɬɤɟ ɜɪɟɦɟɧɢ. • Ɍɪɚɧɫɩɨɪɬɧɵɟ ɩɪɨɬɨɤɨɥɵ ɪɟɩɥɢɤɚɰɢɢ (Replication transports). Ⱦɥɹ ɩɟɪɟɞɚɱɢ ɪɟɩɥɢɤɚɰɢɢ ɫɜɹɡɶ ɫɚɣɬɚ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɢɥɢ RPC ɩɨ IP, ɢɥɢ SMTP. Ⱦɨɩɨɥɧɢɬɟɥɶɧɭɸ
ɢɧɮɨɪɦɚɰɢɸ ɫɦɨɬɪɢɬɟ ɜ ɪɚɡɞɟɥɟ «ɉɪɨɬɨɤɨɥɵ ɬɪɚɧɫɩɨɪɬɢɪɨɜɤɢ ɪɟɩɥɢɤɚɰɢɢ» ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ. ɗɬɢ ɨɩɰɢɢ ɨɛɟɫɩɟɱɢɜɚɸɬ ɫɭɳɟɫɬɜɟɧɧɭɸ ɝɢɛɤɨɫɬɶ ɜ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɢ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. Ɉɞɧɚɤɨ ɫɭɳɟɫɬɜɭɸɬ ɬɚɤɠɟ ɧɟɤɨɬɨɪɵɟ ɨɲɢɛɤɢ, ɤɨɬɨɪɵɯ ɫɥɟɞɭɟɬ ɢɡɛɟɝɚɬɶ. ɑɬɨɛɵ ɩɨɧɹɬɶ, ɤɚɤ ɷɬɢ ɨɩɰɢɢ ɪɚɛɨɬɚɸɬ ɜɦɟɫɬɟ, ɪɚɫɫɦɨɬɪɢɬɟ ɫɟɬɶ ɤɨɦɩɚɧɢɢ, ɩɨɤɚɡɚɧɧɭɸ ɧɚ ɪɢɫɭɧɤɟ 4-11. ȼ Active Directory Windows Server 2003 ɜɫɟ ɫɜɹɡɢ ɫɚɣɬɚ ɫɱɢɬɚɸɬɫɹ ɬɪɚɧɡɢɬɢɜɧɵɦɢ (transitive) ɩɨ ɭɦɨɥɱɚɧɢɸ. Ʉɚɤ ɩɨɤɚɡɚɧɨ ɧɚ ɪɢɫɭɧɤɟ 4-11, Sitel ɢɦɟɟɬ ɫɜɹɡɢ ɫ ɫɚɣɬɚɦɢ Site2 ɢ Site4, a Site2 ɢɦɟɟɬ ɫɜɹɡɶ ɫ ɫɚɣɬɚɦɢ Site3 ɢ Site5. ɂɡ-ɡɚ ɬɪɚɧɡɢɬɢɜɧɨɣ ɩɪɢɪɨɞɵ ɫɜɹɡɟɣ ɫɚɣɬɚ ɷɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ Sitel ɦɨɠɟɬ ɬɚɤɠɟ ɪɟɩɥɢɰɢɪɨɜɚɬɶ ɢɧɮɨɪɦɚɰɢɸ ɧɚɩɪɹɦɭɸ ɫ ɫɚɣɬɚɦɢ Site3 ɢ Site5. ɋɬɨɢɦɨɫɬɶ ɫɜɹɡɟɣ ɫɚɣɬɚ ɨɩɪɟɞɟɥɹɟɬ ɩɭɬɶ, ɩɨ ɤɨɬɨɪɨɦɭ ɛɭɞɟɬ ɩɪɨɢɫɯɨɞɢɬɶ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɩɨ ɫɟɬɢ. Ʉɨɝɞɚ Ʉɋɋ ɫɨɡɞɚɟɬ ɬɨɩɨɥɨɝɢɸ ɦɚɪɲɪɭɬɢɡɚɰɢɢ, ɨɧ ɢɫɩɨɥɶɡɭɟɬ ɧɚɤɨɩɥɟɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɨ ɫɬɨɢɦɨɫɬɢ ɜɫɟɯ ɫɜɹɡɟɣ ɫɚɣɬɚ ɞɥɹ ɜɵɱɢɫɥɟɧɢɹ ɨɩɬɢɦɚɥɶɧɨɣ ɦɚɪɲɪɭɬɢɡɚɰɢɢ. ȼ ɩɪɢɦɟɪɟ, ɩɨɤɚɡɚɧɧɨɦ ɧɚ ɪɢɫɭɧɤɟ 4-11, ɟɫɬɶ ɞɜɚ ɜɨɡɦɨɠɧɵɯ ɦɚɪɲɪɭɬɚ ɦɟɠɞɭ ɫɚɣɬɚɦɢ Sitel ɢ Site5: ɩɟɪɜɵɣ ɦɚɪɲɪɭɬ — ɱɟɪɟɡ Site2, ɜɬɨɪɨɣ ɦɚɪɲɪɭɬ — ɱɟɪɟɡ Site4. ɋɬɨɢɦɨɫɬɶ ɩɟɪɟɞɚɱɢ ɱɟɪɟɡ Site2 - 300 (100 + 200), ɫɬɨɢɦɨɫɬɶ ɩɟɪɟɞɚɱɢ ɱɟɪɟɡ Site4 — 700 (500 + 200). ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɟɫɶ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɛɭɞɟɬ ɧɚɩɪɚɜɥɹɬɶɫɹ ɱɟɪɟɡ Site 2, ɟɫɥɢ ɷɬɨ ɩɨɞɤɥɸɱɟɧɢɟ ɮɭɧɤɰɢɨɧɢɪɭɟɬ.
. 4-11.
Ʉɨɝɞɚ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɩɪɨɯɨɞɢɬ ɩɨ ɧɟɫɤɨɥɶɤɢɦ ɫɜɹɡɹɦ ɫɚɣɬɚ, ɝɪɚɮɢɤɢ ɫɜɹɡɟɣ ɫɚɣɬɚ ɢ ɢɧɬɟɪɜɚɥɵ ɪɟɩɥɢɤɚɰɢɢ ɨɛɴɟɞɢɧɹɸɬɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɷɮɮɟɤɬɢɜɧɨɝɨ ɨɤɧɚ ɪɟɩɥɢɤɚɰɢɢ ɢ ɢɧɬɟɪɜɚɥɚ. ɇɚɩɪɢɦɟɪ, ɷɮɮɟɤɬɢɜɧɚɹ ɪɟɩɥɢɤɚɰɢɹ ɦɟɠɞɭ ɫɚɣɬɚɦɢ Site1 ɢ Site3 ɛɭɞɟɬ ɩɪɨɢɫɯɨɞɢɬɶ ɬɨɥɶɤɨ ɫ 24:00 ɞɨ 4:00 (ɷɬɨ ɜɪɟɦɹ ɩɟɪɟɤɪɵɬɢɹ ɝɪɚɮɢɤɨɜ) ɤɚɠɞɵɟ 60 ɦɢɧɭɬ (ɢɧɬɟɪɜɚɥ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɫɜɹɡɢ Site2-Site3). . , . , Sitel-Site2 2:00 6:00, Site2-Site3 22:00 1:00, Sitel Site3 . Sitel Site2, Site2 Site3. , , Site2 2:00, Site3 22:00.
ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɜɵ ɦɨɠɟɬɟ ɨɬɦɟɧɢɬɶ ɬɪɚɧɡɢɬɢɜɧɵɣ ɯɚɪɚɤɬɟɪ ɫɜɹɡɟɣ ɫɚɣɬɚ ɢ ɜɪɭɱɧɭɸ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ (site link bridges). ɉɪɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɢ ɦɨɫɬɨɜ ɫɜɹɡɟɣ ɫɚɣɬɚ ɜɵ ɨɩɪɟɞɟɥɹɟɬɟ, ɤɚɤɢɟ ɢɡ ɫɜɹɡɟɣ ɫɚɣɬɚ ɞɨɥɠɧɵ ɪɚɫɫɦɚɬɪɢɜɚɬɶɫɹ ɤɚɤ ɬɪɚɧɡɢɬɢɜɧɵɟ, ɚ ɤɚɤɢɟ ɧɟɬ. Ɉɬɦɟɧɚ ɬɪɚɧɡɢɬɢɜɧɨɝɨ ɯɚɪɚɤɬɟɪɚ ɫɜɹɡɟɣ ɫɚɣɬɚ ɦɨɠɟɬ ɛɵɬɶ ɩɨɥɟɡɧɨɣ, ɤɨɝɞɚ ɭ ɜɚɫ ɧɟɬ ɩɨɥɧɨɫɬɶɸ ɬɪɚɫɫɢɪɨɜɚɧɧɨɣ ɫɟɬɢ, ɬ.ɟ. ɧɟ ɜɫɟ ɫɟɝɦɟɧɬɵ ɫɟɬɢ ɞɨɫɬɭɩɧɵ (ɧɚɩɪɢɦɟɪ, ɟɫɥɢ ɞɥɹ ɩɨɞɤɥɸɱɟɧɢɹ ɤ ɨɞɧɨɣ ɢɡ ɱɚɫɬɟɣ ɫɟɬɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɦɨɞɟɦɧɭɸ ɫɜɹɡɶ, ɢɥɢ ɫɜɹɡɶ ɨɫɭɳɟɫɬɜɥɹɟɬɫɹ ɩɨ ɡɚɩɪɨɫɚɦ ɫɨɝɥɚɫɧɨ ɝɪɚɮɢɤɭ). Ɇɨɫɬɵ ɫɜɹɡɟɣ ɫɚɣɬɚ ɦɨɝɭɬ ɬɚɤɠɟ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɜ ɫɢɬɭɚɰɢɹɯ, ɤɨɝɞɚ ɤɨɦɩɚɧɢɹ ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɫɚɣɬɨɜ,
ɫɜɹɡɚɧɧɵɯ ɫ ɜɵɫɨɤɨɫɤɨɪɨɫɬɧɨɣ ɛɚɡɨɜɨɣ ɫɟɬɶɸ, ɢ ɧɟɫɤɨɥɶɤɨ ɦɟɧɶɲɢɯ ɫɚɣɬɨɜ, ɤɨɬɨɪɵɟ ɫɨɟɞɢɧɹɸɬɫɹ ɫ ɤɚɠɞɵɦ ɤɪɭɩɧɵɦ ɰɟɧɬɪɨɦ ɱɟɪɟɡ ɦɟɞɥɟɧɧɵɟ ɫɨɟɞɢɧɟɧɢɹ. ȼ ɷɬɢɯ ɫɥɭɱɚɹɯ ɦɨɫɬɵ ɫɜɹɡɟɣ ɫɚɣɬɚ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɛɨɥɟɟ ɷɮɮɟɤɬɢɜɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ ɩɨɬɨɤɨɦ ɬɪɚɮɢɤɚ ɪɟɩɥɢɤɚɰɢɢ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. ȼ ɝɥɚɜɟ 5 ɩɪɢɜɨɞɢɬɫɹ ɩɨɞɪɨɛɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɨ ɬɨɦ, ɤɨɝɞɚ ɢ ɤɚɤ ɫɥɟɞɭɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɦɨɫɬɵ ɫɜɹɡɟɣ ɫɚɣɬɚ. ɉɪɢ ɫɨɡɞɚɧɢɢ ɦɨɫɬɚ ɫɜɹɡɟɣ ɜɵ ɞɨɥɠɧɵ ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤɚɹ ɫɜɹɡɶ ɫɚɣɬɚ ɹɜɥɹɟɬɫɹ ɱɚɫɬɶɸ ɦɨɫɬɚ. Ʌɸɛɵɟ ɫɜɹɡɢ ɫɚɣɬɚ, ɤɨɬɨɪɵɟ ɜɵ ɞɨɛɚɜɥɹɟɬɟ ɤ ɦɨɫɬɭ ɫɜɹɡɟɣ ɫɚɣɬɚ, ɪɚɫɫɦɚɬɪɢɜɚɸɬɫɹ ɩɨ ɨɬɧɨɲɟɧɢɸ ɞɪɭɝ ɤ ɞɪɭɝɭ ɤɚɤ ɬɪɚɧɡɢɬɢɜɧɵɟ; ɫɜɹɡɢ ɫɚɣɬɚ, ɧɟ ɜɤɥɸɱɟɧɧɵɟ ɜ ɦɨɫɬ ɫɜɹɡɟɣ ɫɚɣɬɚ, ɬɪɚɧɡɢɬɢɜɧɵɦɢ ɧɟ ɹɜɥɹɸɬɫɹ. ȼ ɩɪɢɦɟɪɟ, ɪɚɫɫɦɨɬɪɟɧɧɨɦ ɜɵɲɟ, ɦɨɫɬ ɫɜɹɡɟɣ ɫɚɣɬɚ ɦɨɠɧɨ ɫɨɡɞɚɬɶ ɞɥɹ ɫɜɹɡɟɣ, ɫɨɟɞɢɧɹɸɳɢɯ Site1, Site2, Site4 ɢ Site5. Ɍɨɝɞɚ ɜɫɟ ɷɬɢ ɫɜɹɡɢ ɫɚɣɬɨɜ ɫɱɢɬɚɥɢɫɶ ɛɵ ɬɪɚɧɡɢɬɢɜɧɵɦɢ, ɱɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɫɚɣɬɚ Sitel ɦɨɝ ɛɵ ɧɚɩɪɹɦɭɸ ɨɛɦɟɧɢɜɚɬɶɫɹ ɪɟɩɥɢɤɚɦɢ ɫ ɫɟɪɜɟɪɨɦ-ɩɥɚɰɞɚɪɦɨɦ ɫɚɣɬɚ Site5. ɇɨ ɬɚɤ ɤɚɤ ɫɜɹɡɶ ɨɬ ɫɚɣɬɚ Site2 ɤ ɫɚɣɬɭ Site3 ɧɟ ɜɤɥɸɱɟɧɚ ɜ ɦɨɫɬ ɫɜɹɡɟɣ, ɨɧɚ ɧɟ ɹɜɥɹɟɬɫɹ ɬɪɚɧɡɢɬɢɜɧɨɣ. Ɍɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɨɬ ɫɚɣɬɚ Site3 ɧɚɩɪɚɜɥɹɟɬɫɹ ɤ ɫɚɣɬɭ Site2, ɚ ɨɬɬɭɞɚ ɤ ɞɪɭɝɢɦ ɫɚɣɬɚɦ. ɑɬɨɛɵ ɜɵɤɥɸɱɢɬɶ ɬɪɚɧɡɢɬɢɜɧɵɟ ɫɜɹɡɢ ɫɚɣɬɚ, ɨɱɢɫɬɢɬɟ ɨɩɰɢɸ Bridge All Site Links (ȼɫɟ ɫɟɬɟɜɵɟ ɫɜɹɡɢ ɨɛɴɟɞɢɧɟɧɵ ɜ ɦɨɫɬ) ɧɚ ɜɤɥɚɞɤɟ General (Ɉɛɳɢɟ) ɨɤɧɚ IP-Properties (ɋɜɨɣɫɬɜɚ IP). Ɉɛɴɟɤɬ IP ɪɚɫɩɨɥɨɠɟɧ ɜ ɤɨɧɬɟɣɧɟɪɟ Inter-Site Transports (ɋɪɟɞɫɬɜɚ ɩɟɪɟɞɚɱɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ) ɜ ɢɧɫɬɪɭɦɟɧɬɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Sites And Services. Ȼɭɞɶɬɟ ɨɫɬɨɪɨɠɧɵ, ɜɵɩɨɥɧɹɹ ɷɬɨ ɞɟɣɫɬɜɢɟ, ɩɨɫɤɨɥɶɤɭ ɬɟɩɟɪɶ ɜɵ ɞɨɥɠɧɵ ɛɭɞɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɦɨɫɬɵ ɫɜɹɡɟɣ ɫɚɣɬɚ ɞɥɹ ɜɫɟɯ ɫɚɣɬɨɜ, ɟɫɥɢ ɡɚɯɨɬɢɬɟ ɭɫɬɚɧɨɜɢɬɶ ɬɪɚɧɡɢɬɢɜɧɵɟ ɫɜɹɡɢ ɫɚɣɬɚ.
Active Directory Windows Server 2003 ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɞɢɧ ɢɡ ɬɪɟɯ ɪɚɡɥɢɱɧɵɯ ɦɟɬɨɞɨɜ ɬɪɚɧɫɩɨɪɬɢɪɨɜɤɢ ɪɟɩɥɢɤɚɰɢɢ.
•
С
ɂɫɩɨɥɶɡɨɜɚɧɢɟ RPC ɩɨ IP ɩɪɢ ɜɧɭɬɪɢɫɚɣɬɨɜɨɣ ɪɟɩɥɢɤɚɰɢɢ. ȼɫɟ ɩɨɞɤɥɸɱɟɧɢɹ ɪɟɩɥɢɤɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɞɨɥɠɧɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɩɨɞɤɥɸɱɟɧɢɟ RPC no IP. ɗɬɨ ɩɨɞɤɥɸɱɟɧɢɟ ɹɜɥɹɟɬɫɹ ɫɢɧɯɪɨɧɧɵɦ, ɬ.ɟ. ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɦɨɠɟɬ ɜ ɤɚɠɞɵɣ ɦɨɦɟɧɬ ɜɪɟɦɟɧɢ ɨɛɦɟɧɢɜɚɬɶɫɹ ɪɟɩɥɢɤɨɣ ɬɨɥɶɤɨ ɫ ɨɞɧɢɦ ɩɚɪɬɧɟɪɨɦ ɩɨ ɪɟɩɥɢɤɚɰɢɢ. RPC-ɩɨɞɤɥɸɱɟɧɢɟ ɢɫɩɨɥɶɡɭɟɬ ɞɢɧɚɦɢɱɟɫɤɨɟ ɧɚɡɧɚɱɟɧɢɟ ɩɨɪɬɨɜ (dynamic port mapping). ɉɟɪɜɨɟ RPC-ɩɨɞɤɥɸɱɟɧɢɟ ɜɵɩɨɥɧɹɟɬɫɹ ɱɟɪɟɡ ɩɨɪɬ ɩɪɟɨɛɪɚɡɨɜɚɬɟɥɹ ɤɨɧɟɱɧɨɝɨ ɭɡɥɚ RPC (RPC endpoint mapper port) (IP ɩɨɪɬ 135). ɗɬɨ ɩɨɞɤɥɸɱɟɧɢɟ ɩɪɢɦɟɧɹɟɬɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɩɨɪɬɚ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬ ɤɨɧɬɪɨɥɥɟɪ-ɚɞɪɟɫɚɬ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ.
. , ,
.
, DWORD : HKEY_LO-CAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\ Parameters\TCP/IP Port. • ɂɫɩɨɥɶɡɨɜɚɧɢɟ RPC no IP ɩɪɢ ɦɟɠɫɚɣɬɨɜɨɣ ɪɟɩɥɢɤɚɰɢɢ. ɗɬɨ RPC-ɩɨɞɤɥɸɱɟɧɢɟ ɨɬɥɢɱɚɟɬɫɹ ɨɬ ɦɟɠɫɚɣɬɨɜɨɝɨ ɩɨɞɤɥɸɱɟɧɢɹ ɬɨɥɶɤɨ ɬɟɦ, ɱɬɨ ɩɨ ɭɦɨɥɱɚɧɢɸ ɜɟɫɶ ɬɪɚɮɢɤ, ɩɟɪɟɞɚɜɚɟɦɵɣ ɦɟɠɞɭ ɫɚɣɬɚɦɢ, ɫɠɚɬ. . RPC IP Active Directory Sites And Services, , . RPC no IP RPC, a RPC no IP IP. • ɂɫɩɨɥɶɡɨɜɚɧɢɟ SMTP ɩɪɢ ɦɟɠɫɚɣɬɨɜɨɣ ɪɟɩɥɢɤɚɰɢɢ. SMTP ɦɨɠɟɬ ɨɤɚɡɚɬɶɫɹ ɯɨɪɨɲɢɦ ɜɵɛɨɪɨɦ ɜ ɦɟɬɨɞɢɤɟ ɪɟɩɥɢɤɚɰɢɢ, ɟɫɥɢ ɜɵ ɧɟ ɢɦɟɟɬɟ ɩɨɫɬɨɹɧɧɨɣ ɢ ɛɵɫɬɪɨɣ ɫɜɹɡɢ ɦɟɠɞɭ ɨɮɢɫɚɦɢ ɤɨɦɩɚɧɢɢ. SMTP ɢɫɩɨɥɶɡɭɟɬ ɚɫɢɧɯɪɨɧɧɨɟ ɩɨɞɤɥɸɱɟɧɢɟ, ɬ.ɟ. ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɦɨɠɟɬ ɜɵɩɨɥɧɹɬɶ ɪɟɩɥɢɤɚɰɢɢ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɫɟɪɜɟɪɚɦɢ ɨɞɧɨɜɪɟɦɟɧɧɨ. Ɉɞɧɚɤɨ ɢɫɩɨɥɶɡɨɜɚɧɢɟ SMTP ɢɦɟɟɬ ɧɟɤɨɬɨɪɵɟ ɨɝɪɚɧɢɱɟɧɢɹ. ȼɨ-ɩɟɪɜɵɯ, SMTP ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɬɨɥɶɤɨ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɢɧɮɨɪɦɚɰɢɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ, ɪɚɫɩɨɥɨɠɟɧɧɵɦɢ ɜ ɪɚɡɥɢɱɧɵɯ ɞɨɦɟɧɚɯ. ɋ ɩɨɦɨɳɶɸ ɩɪɨɬɨɤɨɥɚ SMTP ɦɨɠɧɨ ɪɟɩɥɢɰɢɪɨɜɚɬɶ ɬɨɥɶɤɨ ɪɚɡɞɟɥ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ, ɪɚɡɞɟɥ ɫɯɟɦɵ ɤɚɬɚɥɨɝɚ ɢ ɪɚɡɞɟɥ GC. ȼɨ ɜɬɨɪɵɯ, ɪɟɩɥɢɤɚɰɢɹ ɩɨ ɩɪɨɬɨɤɨɥɭ SMTP ɬɪɟɛɭɟɬ, ɱɬɨɛɵ ɤɨɦɩɨɧɟɧɬ SMTP ɜ ɢɧɮɨɪɦɚɰɢɨɧɧɵɯ ɫɥɭɠɛɚɯ ɢɧɬɟɪɧɟɬɚ (IIS) ɛɵɥ ɭɫɬɚɧɨɜɥɟɧ ɧɚ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶ SMTP ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ. Ɍɪɟɬɶɟ ɨɝɪɚɧɢɱɟɧɢɟ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɜ ɨɪɝɚɧɢɡɚɰɢɢ ɧɟɨɛɯɨɞɢɦɨ ɭɫɬɚɧɨɜɢɬɶ Microsoft Certificate Authority (MCA) (ɉɨɥɧɨɦɨɱɢɟ ɧɚ ɜɵɞɚɱɭ ɫɟɪɬɢɮɢɤɚɬɨɜ). ɋɟɪɬɢɮɢɤɚɬɵ ɨɬ ɆɋȺ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɰɢɮɪɨɜɵɯ ɩɨɞɩɢɫɟɣ ɤ ɫɨɨɛɳɟɧɢɹɦ SMTP, ɤɨɬɨɪɵɟ ɩɨɫɵɥɚɸɬɫɹ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ.
-
Ʉɚɤ ɭɠɟ ɝɨɜɨɪɢɥɨɫɶ ɜɵɲɟ, ɪɟɩɥɢɤɚɰɢɹ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɜɵɩɨɥɧɹɟɬɫɹ ɱɟɪɟɡ ɫɟɪɜɟɪɵ-ɩɥɚɰɞɚɪɦɵ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɝɟɧɟɪɚɬɨɪ ɦɟɠɫɚɣɬɨɜɨɣ ɬɨɩɨɥɨɝɢɢ (ISTG - Inter-Site Topology Generator) ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɩɪɢ ɜɵɱɢɫɥɟɧɢɢ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. ɑɬɨɛɵ ɭɡɧɚɬɶ, ɤɚɤɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɢɫɩɨɥɶɡɭɸɬɫɹ ɜ ɤɚɱɟɫɬɜɟ ɫɟɪɜɟɪɨɜ-ɩɥɚɰɞɚɪɦɨɜ, ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ Replication Monitor (Ɇɨɧɢɬɨɪ ɪɟɩɥɢɤɚɰɢɢ). ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɢɦɟɧɢ ɫɟɪɜɟɪɚ, ɤɨɬɨɪɵɣ ɤɨɧɬɪɨɥɢɪɭɟɬɫɹ ɦɨɧɢɬɨɪɨɦ ɪɟɩɥɢɤɚɰɢɢ, ɢ ɜɵɛɟɪɢɬɟ Show Bridgehead Servers (ɉɨɤɚɡɚɬɶ ɫɟɪɜɟɪɵɩɥɚɰɞɚɪɦɵ). ȼɵ ɦɨɠɟɬɟ ɜɵɛɪɚɬɶ ɫɟɪɜɟɪɵ-ɩɥɚɰɞɚɪɦɵ: ɬɨɥɶɤɨ ɞɥɹ ɫɚɣɬɚ, ɤɨɬɨɪɨɦɭ ɩɪɢɧɚɞɥɟɠɢɬ ɞɚɧɧɵɣ ɫɟɪɜɟɪ, ɢɥɢ ɞɥɹ ɜɫɟɝɨ ɩɪɟɞɩɪɢɹɬɢɹ. ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɩɪɨɫɦɨɬɪɟɬɶ ɫɟɪɜɟɪɵ-ɩɥɚɰɞɚɪɦɵ ɱɟɪɟɡ ɢɧɫɬɪɭɦɟɧɬ Repadmin. Ɉɬɤɪɨɣɬɟ ɨɤɧɨ ɫ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɨɣ ɢ ɧɚɩɟɱɚɬɚɣɬɟ repadmin /bridgeheads. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɧɟɨɛɯɨɞɢɦɨ ɭɩɪɚɜɥɹɬɶ ɬɟɦ, ɤɚɤɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɛɭɞɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɜ ɤɚɱɟɫɬɜɟ ɫɟɪɜɟɪɨɜ-ɩɥɚɰɞɚɪɦɨɜ. Ɋɚɛɨɬɚ ɫɟɪɜɟɪɚ-ɩɥɚɰɞɚɪɦɚ ɦɨɠɟɬ ɞɨɛɚɜɥɹɬɶ ɫɭɳɟɫɬɜɟɧɧɭɸ ɧɚɝɪɭɡɤɭ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɟɫɥɢ ɢɦɟɟɬɫɹ ɦɧɨɝɨ ɢɡɦɟɧɟɧɢɣ ɢɧɮɨɪɦɚɰɢɢ ɤɚɬɚɥɨɝɚ ɢ ɭɫɬɚɧɨɜɥɟɧɨ ɱɚɫɬɨɟ ɩɪɨɜɟɞɟɧɢɟ ɪɟɩɥɢɤɚɰɢɢ. Ⱦɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɫɟɪɜɟɪɨɜ-ɩɥɚɰɞɚɪɦɨɜ ɧɭɠɧɨ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɨɛɴɟɤɬɚɦ ɜ ɢɧɫɬɪɭɦɟɧɬɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Sites And Services, ɳɟɥɤɧɭɬɶ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɢɦɟɧɢ ɫɟɪɜɟɪɚ, ɚ ɡɚɬɟɦ ɜɵɛɪɚɬɶ Properties (ɋɜɨɣɫɬɜɚ) (ɫɦ. ɪɢɫ. 4-12). ȼɵ ɩɨɥɭɱɢɬɟ ɞɨɫɬɭɩ ɤ ɨɩɰɢɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɫɟɪɜɟɪɚ ɤɚɤ ɩɪɢɜɢɥɟɝɢɪɨɜɚɧɧɨɝɨ (preferred) ɫɟɪɜɟɪɚ-ɩɥɚɰɞɚɪɦɚ ɞɥɹ ɩɟɪɟɞɚɱɢ ɞɚɧɧɵɯ ɩɨ SMTP ɢɥɢ ɩɨ IP.
. 4-12.
-
ɉɪɟɢɦɭɳɟɫɬɜɨ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɩɪɢɜɢɥɟɝɢɪɨɜɚɧɧɵɯ ɫɟɪɜɟɪɨɜ-ɩɥɚɰɞɚɪɦɨɜ ɫɨɫɬɨɢɬ ɜ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɫɟɪɜɟɪɚɦɢ-ɩɥɚɰɞɚɪɦɚɦɢ ɛɭɞɭɬ ɜɵɛɪɚɧɵ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɭɤɚɡɚɧɧɵɟ ɜɚɦɢ. ȿɫɥɢ ɜɵ ɡɚɯɨɬɢɬɟ ɤɨɧɬɪɨɥɢɪɨɜɚɬɶ ɬɨ, ɤɚɤɢɟ ɫɟɪɜɟɪɵ ɢɫɩɨɥɶɡɭɸɬɫɹ ɜ ɤɚɱɟɫɬɜɟ ɫɟɪɜɟɪɨɜ-ɩɥɚɰɞɚɪɦɨɜ, ɜɵ ɞɨɥɠɧɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɪɢɜɢɥɟɝɢɪɨɜɚɧɧɵɣ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɞɥɹ ɤɚɠɞɨɝɨ ɪɚɡɞɟɥɚ, ɤɨɬɨɪɵɣ ɧɭɠɧɨ ɪɟɩɥɢɰɢɪɨɜɚɬɶ ɜ ɫɚɣɬ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɫɚɣɬ ɫɨɞɟɪɠɢɬ ɪɟɩɥɢɤɢ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ ɞɨɦɟɧɚ Contoso.com, ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ ɞɨɦɟɧɚ Fabrikam.com, ɪɚɡɞɟɥɚ GC ɢ ɪɚɡɞɟɥɚ ɩɪɢɥɨɠɟɧɢɣ, ɜɵ ɞɨɥɠɧɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫ ɪɟɩɥɢɤɨɣ ɤɚɠɞɨɝɨ ɢɡ ɷɬɢɯ ɪɚɡɞɟɥɨɜ. ȿɫɥɢ ɜɵ ɷɬɨɝɨ ɧɟ ɫɞɟɥɚɟɬɟ, ɬɨ ISTG ɡɚɪɟɝɢɫɬɪɢɪɭɟɬ ɫɨɛɵɬɢɟ ɜ ɠɭɪɧɚɥɟ ɫɨɛɵɬɢɣ, ɚ ɡɚɬɟɦ ɜɵɛɟɪɟɬ ɩɪɢɜɢɥɟɝɢɪɨɜɚɧɧɵɣ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɞɥɹ ɪɚɡɞɟɥɚ. ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɧɟɫɤɨɥɶɤɨ ɩɪɢɜɢɥɟɝɢɪɨɜɚɧɧɵɯ ɫɟɪɜɟɪɨɜ-ɩɥɚɰɞɚɪɦɨɜ, ɜ ɷɬɨɦ ɫɥɭɱɚɟ ISTG ɜɵɛɟɪɟɬ ɜ ɤɚɱɟɫɬɜɟ ɫɟɪɜɟɪɚ-ɩɥɚɰɞɚɪɦɚ ɨɞɢɧ ɢɡ ɭɤɚɡɚɧɧɵɯ ɫɟɪɜɟɪɨɜ. Ʉɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɩɪɢɜɢɥɟɝɢɪɨɜɚɧɧɵɯ ɫɟɪɜɟɪɨɜ-ɩɥɚɰɞɚɪɦɨɜ ɨɝɪɚɧɢɱɢɜɚɟɬ ɜɨɡɦɨɠɧɨɫɬɢ ISTG ɜɵɛɢɪɚɬɶ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ, ɬ.ɟ. ɜɫɟɝɞɚ ɛɭɞɟɬ ɜɵɛɢɪɚɬɶɫɹ ɫɟɪɜɟɪ, ɤɨɬɨɪɵɣ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɤɚɤ ɩɪɢɜɢɥɟɝɢɪɨɜɚɧɧɵɣ. ȿɫɥɢ ɷɬɨɬ ɫɟɪɜɟɪ ɧɟ ɛɭɞɟɬ ɪɚɛɨɬɚɬɶ ɢ ɞɪɭɝɢɟ ɫɟɪɜɟɪɵ ɧɟ ɛɭɞɭɬ ɧɚɡɧɚɱɟɧɵ ɜ ɤɚɱɟɫɬɜɟ ɫɟɪɜɟɪɨɜ-ɩɥɚɰɞɚɪɦɨɜ ɞɥɹ ɞɚɧɧɨɝɨ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ, ɬɨ ISTG ɧɟ ɛɭɞɟɬ ɜɵɛɢɪɚɬɶ ɞɪɭɝɨɣ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ, ɢ ɪɟɩɥɢɤɚɰɢɢ ɩɪɟɤɪɚɬɹɬɫɹ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɫɟɪɜɟɪ ɧɟ ɛɭɞɟɬ ɫɧɨɜɚ ɞɨɫɬɭɩɟɧ ɢɥɢ ɩɨɤɚ ɜɵ ɧɟ ɩɟɪɟɤɨɧɮɢɝɭɪɢɪɭɟɬɟ ɨɩɰɢɸ ɩɪɢɜɢɥɟɝɢɪɨɜɚɧɧɵɯ ɫɟɪɜɟɪɨɜ-ɩɥɚɰɞɚɪɦɨɜ. ȿɫɥɢ ɩɪɢɜɢɥɟɝɢɪɨɜɚɧɧɵɣ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɧɟ ɪɚɛɨɬɚɟɬ, ɜɵ ɦɨɠɟɬɟ ɢɥɢ ɭɞɚɥɢɬɶ ɷɬɨɬ ɫɟɪɜɟɪ ɢɡ ɩɪɢɜɢɥɟɝɢɪɨɜɚɧɧɵɯ ɢ ɩɨɡɜɨɥɢɬɶ ISTG ɫɚɦɨɦɭ ɧɚɡɧɚɱɚɬɶ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ, ɢɥɢ ɜɵɛɪɚɬɶ ɞɪɭɝɨɣ
ɩɪɢɜɢɥɟɝɢɪɨɜɚɧɧɵɣ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ. ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. ȿɫɥɢ ɩɪɢɜɢɥɟɝɢɪɨɜɚɧɧɵɣ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɧɟ ɪɚɛɨɬɚɟɬ, ɢ ɜɵ ɪɟɲɢɬɟ ɟɝɨ ɩɟɪɟɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ, ɬɨ ɢɡɦɟɧɟɧɢɹ ɧɭɠɧɨ ɞɟɥɚɬɶ ɜ ɨɛɨɢɯ ɫɚɣɬɚɯ. ɉɨɫɤɨɥɶɤɭ ɫɟɪɜɟɪɵɩɥɚɰɞɚɪɦɵ ɧɟ ɮɭɧɤɰɢɨɧɢɪɭɸɬ, ɬɨ ɧɢɤɚɤɚɹ ɢɧɮɨɪɦɚɰɢɹ ɧɟ ɛɭɞɟɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɵɟ ɢɡɦɟɧɟɧɢɹ ɧɟ ɛɭɞɭɬ ɫɞɟɥɚɧɵ ɜ ɨɛɨɢɯ ɫɚɣɬɚɯ.
Ɉɞɧɨ ɢɡ ɧɚɢɛɨɥɟɟ ɩɨɥɟɡɧɵɯ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɯ ɫɪɟɞɫɬɜ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɦɨɧɢɬɨɪɢɧɝɚ ɢ ɩɨɢɫɤɚ ɧɟɢɫɩɪɚɜɧɨɫɬɟɣ ɪɟɩɥɢɤɚɰɢɢ, — ɷɬɨ Replication Monitor (Ɇɨɧɢɬɨɪ ɪɟɩɥɢɤɚɰɢɢ). Ɉɧ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɤɚɤ ɱɚɫɬɶ ɮɚɣɥɚ Suptools.msi ɢɡ ɤɚɬɚɥɨɝɚ Support\Tools ɫ ɤɨɦɩɚɤɬ-ɞɢɫɤɚ Windows Server 2003. ɑɬɨɛɵ ɡɚɩɭɫɬɢɬɶ Replication Monitor, ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɧɚɩɟɱɚɬɚɣɬɟ replmon. Ɇɨɧɢɬɨɪ ɪɟɩɥɢɤɚɰɢɢ ɨɬɤɪɵɜɚɟɬɫɹ ɫ ɩɭɫɬɵɦ ɢɧɫɬɪɭɦɟɧɬɨɦ ɭɩɪɚɜɥɟɧɢɹ. ɉɟɪɟɞ ɧɚɱɚɥɨɦ ɪɚɛɨɬɵ ɳɟɥɤɧɢɬɟ ɧɚ Edit ɜ ɫɬɪɨɤɟ ɦɟɧɸ, ɱɬɨɛɵ ɞɨɛɚɜɢɬɶ ɨɞɢɧ ɢɥɢ ɛɨɥɟɟ ɫɟɪɜɟɪɨɜ ɤ ɫɩɢɫɤɭ ɤɨɧɬɪɨɥɢɪɭɟɦɵɯ ɫɟɪɜɟɪɨɜ. Ʉɚɤ ɬɨɥɶɤɨ ɫɟɪɜɟɪɵ ɞɨɛɚɜɥɟɧɵ ɜ ɫɩɢɫɨɤ, ɜɵ ɦɨɠɟɬɟ ɭɩɪɚɜɥɹɬɶ ɩɨɱɬɢ ɜɫɟɦɢ ɚɫɩɟɤɬɚɦɢ ɪɟɩɥɢɤɚɰɢɢ Active Directory. ɇɚɩɪɢɦɟɪ, ɨɬɫɥɟɠɢɜɚɬɶ ɬɟɤɭɳɟɟ ɫɨɫɬɨɹɧɢɟ ɪɟɩɥɢɤɚɰɢɢ, ɩɨɫɥɟɞɧɸɸ ɭɫɩɟɲɧɭɸ ɪɟɩɥɢɤɚɰɢɸ ɢɥɢ ɥɸɛɵɟ ɨɬɤɚɡɵ ɩɪɢ ɪɟɩɥɢɤɚɰɢɢ; ɜɵɧɭɠɞɚɬɶ ɪɟɩɥɢɤɚɰɢɸ; ɜɵɧɭɠɞɚɬɶ Ʉɋɋ ɤ ɩɨɜɬɨɪɧɨɦɭ ɜɵɱɢɫɥɟɧɢɸ ɬɨɩɨɥɨɝɢɢ ɦɚɪɲɪɭɬɢɡɚɰɢɢ. ɂɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬ ɦɨɧɢɬɨɪɢɧɝɚ, ɜɵ ɦɨɠɟɬɟ ɤɨɧɬɪɨɥɢɪɨɜɚɬɶ ɪɟɩɥɢɤɚɰɢɢ ɧɚ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɜɚɲɟɣ ɫɟɬɢ. ȼɬɨɪɨɣ ɩɨɥɟɡɧɵɣ ɢɧɫɬɪɭɦɟɧɬ ɦɨɧɢɬɨɪɢɧɝɚ ɪɟɩɥɢɤɚɰɢɣ - Repadmin. Ɉɧ ɬɚɤɠɟ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɫ ɩɨɦɨɳɶɸ ɮɚɣɥɚ Suptools.msi. ɑɬɨɛɵ ɡɚɩɭɫɬɢɬɶ ɷɬɨɬ ɢɧɫɬɪɭɦɟɧɬ, ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɧɚɩɟɱɚɬɚɣɬɟ repadmin. ɂɧɫɬɪɭɦɟɧɬ Repadmin ɨɛɟɫɩɟɱɢɜɚɟɬ ɬɚɤɢɟ ɠɟ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɟɬɢ, ɤɚɤ ɢ Replication Monitor, ɧɨ ɱɟɪɟɡ ɢɧɬɟɪɮɟɣɫ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ. ɂɧɫɬɪɭɦɟɧɬ Repadmin ɞɨɩɨɥɧɢɬɟɥɶɧɨ ɩɨɡɜɨɥɹɟɬ ɢɡɦɟɧɹɬɶ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ, ɞɨɛɚɜɥɹɹ ɨɛɴɟɤɬɵ ɫɜɹɡɢ. . Replication Monitor Repadmin, Help And Support Center ( ). Support Tasks ( ) Tools ( ), Windows Support Tools ( Windows). , , , . Help And Support Center. ɋɭɳɟɫɬɜɭɸɬ ɞɜɚ ɫɬɚɧɞɚɪɬɧɵɯ ɫɪɟɞɫɬɜɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ ɫɟɪɜɟɪɨɜ ɞɥɹ ɦɨɧɢɬɨɪɢɧɝɚ ɢ ɩɨɢɫɤɚ ɧɟɢɫɩɪɚɜɧɨɫɬɟɣ ɪɟɩɥɢɤɚɰɢɢ. ɉɟɪɜɵɣ ɢɧɫɬɪɭɦɟɧɬ -Event Viewer (ɋɪɟɞɫɬɜɨ ɩɪɨɫɦɨɬɪɚ ɫɨɛɵɬɢɣ). ɀɭɪɧɚɥ ɫɨɛɵɬɢɣ Directory Service (ɋɥɭɠɛɚ ɤɚɬɚɥɨɝɚ) — ɷɬɨ ɨɞɢɧ ɢɡ ɠɭɪɧɚɥɨɜ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ, ɤɨɬɨɪɵɣ ɞɨɛɚɜɥɹɟɬɫɹ ɤɨ ɜɫɟɦ ɤɨɧɬɪɨɥɥɟɪɚɦ ɞɨɦɟɧɚ. Ȼɨɥɶɲɚɹ ɱɚɫɬɶ ɫɨɛɵɬɢɣ, ɫɜɹɡɚɧɧɵɯ ɫ ɪɟɩɥɢɤɚɰɢɟɣ ɤɚɬɚɥɨɝɚ, ɡɚɩɢɫɵɜɚɟɬɫɹ ɜ ɧɟɝɨ, ɢ ɷɬɨ ɩɟɪɜɨɟ ɦɟɫɬɨ, ɤɨɬɨɪɨɟ ɜɵ ɞɨɥɠɧɵ ɩɪɨɫɦɨɬɪɟɬɶ ɩɪɢ ɜɨɡɧɢɤɧɨɜɟɧɢɢ ɫɛɨɹ ɩɪɢ ɪɟɩɥɢɤɚɰɢɢ. ɂɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Performance (ɉɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɶ) ɩɨɥɟɡɟɧ ɞɥɹ ɤɨɧɬɪɨɥɹ ɞɟɹɬɟɥɶɧɨɫɬɢ, ɫɜɹɡɚɧɧɨɣ ɫ ɪɟɩɥɢɤɚɰɢɟɣ, ɤɨɬɨɪɚɹ ɩɪɨɢɫɯɨɞɢɬ ɧɚ ɫɟɪɜɟɪɟ. Ʉɨɝɞɚ ɫɟɪɜɟɪ ɧɚɡɧɚɱɚɟɬɫɹ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɬɨ ɤ ɫɩɢɫɤɭ ɫɱɟɬɱɢɤɨɜ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɢ ɞɨɛɚɜɥɹɟɬɫɹ ɨɛɴɟɤɬ NTDS Performance. ɋɱɟɬɱɢɤɢ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɢ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɤɨɧɬɪɨɥɹ ɨɛɴɟɦɚ ɬɪɚɮɢɤɚ ɪɟɩɥɢɤɚɰɢɢ, ɚ ɬɚɤɠɟ ɞɪɭɝɨɣ ɞɟɹɬɟɥɶɧɨɫɬɢ, ɫɜɹɡɚɧɧɨɣ ɫ Active Directory. С . Active Directory , , DNS. DNS .
Ʉɥɸɱɟɜɵɦ ɚɫɩɟɤɬɨɦ ɭɩɪɚɜɥɟɧɢɹ ɫɥɭɠɛɨɣ Active Directory Windows Server 2003 ɹɜɥɹɟɬɫɹ ɩɨɧɢɦɚɧɢɟ ɬɨɝɨ, ɤɚɤ ɪɚɛɨɬɚɟɬ ɪɟɩɥɢɤɚɰɢɹ. ɍɫɬɨɣɱɢɜɚɹ ɫɪɟɞɚ ɪɟɩɥɢɤɚɰɢɢ ɧɟɨɛɯɨɞɢɦɚ ɞɥɹ ɩɨɞɞɟɪɠɚɧɢɹ ɧɨɜɟɣɲɢɯ ɤɨɩɢɣ ɜɫɟɣ ɢɧɮɨɪɦɚɰɢɢ ɤɚɬɚɥɨɝɚ ɧɚ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɜ ɥɟɫɭ, ɱɬɨ ɧɟɨɛɯɨɞɢɦɨ ɞɥɹ ɝɚɪɚɧɬɢɢ ɫɨɝɥɚɫɨɜɚɧɧɨɝɨ ɜɯɨɞɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɫɢɫɬɟɦɭ ɢ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɩɨɢɫɤɚ ɜ ɤɚɬɚɥɨɝɟ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɛɵɥɨ ɞɚɧɨ ɨɩɢɫɚɧɢɟ ɪɚɛɨɬɵ ɪɟɩɥɢɤɚɰɢɢ ɤɚɬɚɥɨɝɚ: ɫɨɡɞɚɧɢɟ
ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ Active Directory ɜ ɨɞɧɨɦ ɫɚɣɬɟ ɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ, ɪɚɫɩɨɥɨɠɟɧɧɵɦɢ ɜ ɪɚɡɧɵɯ ɫɚɣɬɚɯ, ɨɩɢɫɚɧɢɟ ɫɚɦɨɝɨ ɩɪɨɰɟɫɫɚ ɪɟɩɥɢɤɚɰɢɢ, ɩɪɢɧɰɢɩɨɜ ɟɟ ɨɩɬɢɦɢɡɚɰɢɢ ɞɥɹ ɭɦɟɧɶɲɟɧɢɹ ɨɛɴɟɦɚ ɫɟɬɟɜɨɝɨ ɬɪɚɮɢɤɚ.
II. Active Directory Windows Server 2003 Ɂɚɞɚɱɚ ɚɜɬɨɪɨɜ ɩɪɢ ɧɚɩɢɫɚɧɢɢ ɱɚɫɬɢ I ɞɚɧɧɨɣ ɤɧɢɝɢ ɫɨɫɬɨɹɥɚ ɜ ɬɨɦ, ɱɬɨɛɵ ɩɨɦɨɱɶ ɜɚɦ ɩɨɧɹɬɶ ɪɚɛɨɬɭ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory Microsoft Windows Server 2003. ɑɚɫɬɶ II ɩɨɦɨɠɟɬ ɜɚɦ ɪɟɚɥɢɡɨɜɚɬɶ Active Directory. ɉɟɪɜɵɣ ɲɚɝ ɜ ɷɬɨɦ ɧɚɩɪɚɜɥɟɧɢɢ ɫɨɫɬɨɢɬ ɜ ɫɨɡɞɚɧɢɢ ɚɪɯɢɬɟɤɬɭɪɵ Active Directory ɞɥɹ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. ɋɬɪɭɤɬɭɪɵ ɥɟɫɚ, ɞɨɦɟɧɚ, ɫɚɣɬɚ ɢ ɨɪɝɚɧɢɡɚɰɢɨɧɧɨɣ ɟɞɢɧɢɰɵ (OU) ɭɧɢɤɚɥɶɧɵ ɞɥɹ ɤɚɠɞɨɣ ɤɨɦɩɚɧɢɢ, ɩɨɷɬɨɦɭ ɪɚɡɪɚɛɨɬɤɚ ɩɪɚɜɢɥɶɧɨɝɨ ɩɪɨɟɤɬɚ ɞɥɹ ɜɚɲɟɣ ɫɪɟɞɵ ɩɨɬɪɟɛɭɟɬ ɡɧɚɧɢɣ ɢ ɭɫɢɥɢɣ. ȼ ɝɥɚɜɟ 5 ɩɪɢɜɨɞɢɬɫɹ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɩɪɨɰɟɫɫɚ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ. Ʉɚɤ ɬɨɥɶɤɨ ɜɵ ɫɨɡɞɚɞɢɬɟ ɫɜɨɸ ɦɨɞɟɥɶ Active Directory, ɦɨɠɧɨ ɧɚɱɚɬɶ ɟɟ ɭɫɬɚɧɨɜɤɭ. Ƚɥɚɜɚ 6 ɫɨɞɟɪɠɢɬ ɨɩɢɫɚɧɢɟ ɩɪɨɰɟɞɭɪ, ɧɟɨɛɯɨɞɢɦɵɯ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ Active Directory. Ɇɧɨɝɢɟ ɤɨɦɩɚɧɢɢ, ɪɟɚɥɢɡɭɸɳɢɟ Active Directory Windows Server 2003, ɩɟɪɟɯɨɞɹɬ ɤ ɧɟɣ ɨɬ Microsoft Windows NT 4. ɉɨɫɤɨɥɶɤɭ Active Directory Windows Server 2003 ɫɢɥɶɧɨ ɨɬɥɢɱɚɟɬɫɹ ɨɬ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Windows NT, ɷɬɨɬ ɩɟɪɟɯɨɞ ɞɨɫɬɚɬɨɱɧɨ ɫɥɨɠɟɧ ɢ ɹɜɥɹɟɬɫɹ ɝɥɚɜɧɨɣ ɬɟɦɨɣ ɝɥɚɜɵ 7.
5. Directory
Active
Ɋɚɡɜɟɪɬɵɜɚɧɢɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory ɜ Microsoft Windows Server 2003 ɬɪɟɛɭɟɬ ɩɥɚɧɢɪɨɜɚɧɢɹ ɢ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ. ɋɥɭɠɛɚ Active Directory ɦɨɠɟɬ ɛɵɬɶ ɪɚɡɜɟɪɧɭɬɚ ɜ ɨɪɝɚɧɢɡɚɰɢɢ ɥɸɛɨɝɨ ɪɚɡɦɟɪɚ, ɜɤɥɸɱɚɹ ɛɨɥɶɲɢɟ ɦɧɨɝɨɧɚɰɢɨɧɚɥɶɧɵɟ ɤɨɪɩɨɪɚɰɢɢ ɫ ɫɨɬɧɹɦɢ ɬɵɫɹɱ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɨɮɢɫɨɜ ɩɨ ɜɫɟɦɭ ɦɢɪɭ. ɋɨɡɞɚɧɢɟ ɦɨɞɟɥɢ Active Directory ɞɥɹ ɤɨɪɩɨɪɚɰɢɢ ɬɚɤɨɝɨ ɪɚɡɦɟɪɚ ɬɪɟɛɭɟɬ ɛɨɥɶɲɢɯ ɭɫɢɥɢɣ. Ɉɞɧɚɤɨ ɞɚɠɟ ɛɨɥɟɟ ɦɟɥɤɢɟ ɤɨɦɩɚɧɢɢ ɢɡɜɥɟɤɚɸɬ ɡɧɚɱɢɬɟɥɶɧɭɸ ɜɵɝɨɞɭ ɨɬ ɜɪɟɦɟɧɢ, ɩɨɬɪɚɱɟɧɧɨɝɨ ɧɚ ɧɚɱɚɥɶɧɨɟ ɩɪɨɟɤɬɢɪɨɜɚɧɢɟ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɞɚɟɬɫɹ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɩɪɨɰɟɫɫɚ ɩɥɚɧɢɪɨɜɚɧɢɹ, ɱɟɪɟɡ ɤɨɬɨɪɵɣ ɜɵ ɞɨɥɠɧɵ ɩɪɨɣɬɢ, ɩɪɟɠɞɟ ɱɟɦ ɧɚɱɚɬɶ ɪɚɡɜɟɪɬɵɜɚɧɢɟ Active Directory Windows Server 2003. ɉɪɟɞɩɨɥɚɝɚɟɬɫɹ, ɱɬɨ ɜɵ ɪɚɛɨɬɚɟɬɟ ɜ ɛɨɥɶɲɨɣ ɤɨɪɩɨɪɚɰɢɢ, ɢɦɟɸɳɟɣ ɧɟɫɤɨɥɶɤɨ ɩɨɞɪɚɡɞɟɥɟɧɢɣ ɢ ɨɮɢɫɨɜ. ȿɫɥɢ ɜɵ ɪɚɛɨɬɚɟɬɟ ɜ ɛɨɥɟɟ ɦɟɥɤɨɣ ɤɨɦɩɚɧɢɢ, ɦɧɨɝɢɟ ɢɡ ɤɨɧɰɟɩɰɢɣ, ɨɛɫɭɠɞɚɟɦɵɯ ɡɞɟɫɶ, ɛɭɞɭɬ ɩɪɢɦɟɧɢɦɵ ɢ ɤ ɧɟɣ. ɗɬɚ ɝɥɚɜɚ ɧɚɱɢɧɚɟɬɫɹ ɫ ɫɚɦɨɝɨ ɝɥɚɜɧɨɝɨ ɜɨɩɪɨɫɚ — ɫɤɨɥɶɤɨ ɥɟɫɨɜ ɬɪɟɛɭɟɬɫɹ ɞɥɹ ɜɚɲɟɣ ɫɟɬɢ. Ɂɚɬɟɦ ɨɛɫɭɠɞɚɟɬɫɹ ɪɚɡɛɢɟɧɢɟ ɥɟɫɨɜ ɧɚ ɞɨɦɟɧɵ ɢ ɩɥɚɧɢɪɨɜɚɧɢɟ ɞɨɦɟɧɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ. Ʉɚɤ ɬɨɥɶɤɨ ɜɵ ɪɚɡɛɟɪɟɬɟɫɶ ɫ ɞɨɦɟɧɚɦɢ, ɜɵ ɞɨɥɠɧɵ ɫɨɡɞɚɬɶ ɫɬɪɭɤɬɭɪɭ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɯ ɟɞɢɧɢɰ (OU) ɞɥɹ ɤɚɠɞɨɝɨ ɞɨɦɟɧɚ, ɚ ɡɚɬɟɦ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɫɚɣɬɵ. . Active Directory Windows Server 2003 Active Directory Microsoft Windows 2000. Windows Server 2003 Windows 2000, Active Directory . , Active Directory Windows 2000, Active Directory Microsoft Windows NT 4 .
ɋɚɦɨɟ ɝɥɚɜɧɨɟ ɪɟɲɟɧɢɟ, ɤɨɬɨɪɨɟ ɜɵ ɞɨɥɠɧɵ ɩɪɢɧɹɬɶ ɧɚ ɪɚɧɧɟɦ ɷɬɚɩɟ ɪɚɡɪɚɛɨɬɤɢ, - ɫɤɨɥɶɤɨ ɥɟɫɨɜ ɜɚɦ ɩɨɬɪɟɛɭɟɬɫɹ. Ɋɚɡɜɟɪɬɵɜɚɧɢɟ ɟɞɢɧɫɬɜɟɧɧɨɝɨ ɥɟɫɚ Active Directory ɨɡɧɚɱɚɟɬ, ɱɬɨ ɛɭɞɟɬ ɜɨɡɦɨɠɧɨ ɩɪɨɫɬɨɟ ɫɨɜɦɟɫɬɧɨɟ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɪɟɫɭɪɫɨɜ ɢ ɞɨɫɬɭɩ ɤ ɢɧɮɨɪɦɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɤɨɦɩɚɧɢɢ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɟɞɢɧɫɬɜɟɧɧɨɝɨ ɥɟɫɚ ɞɥɹ ɛɨɥɶɲɨɣ ɤɨɪɩɨɪɚɰɢɢ ɬɪɟɛɭɟɬ ɜɵɫɨɤɨɣ ɫɬɟɩɟɧɢ ɞɨɜɟɪɢɹ ɦɟɠɞɭ ɪɚɡɧɨɨɛɪɚɡɧɵɦɢ ɢ, ɜɨɡɦɨɠɧɨ, ɪɚɡɴɟɞɢɧɟɧɧɵɦɢ ɞɟɥɨɜɵɦɢ ɩɨɞɪɚɡɞɟɥɟɧɢɹɦɢ. ȼ ɤɨɧɟɱɧɨɦ ɫɱɟɬɟ, ɤɨɥɢɱɟɫɬɜɨ ɪɚɡɜɟɪɬɵɜɚɟɦɵɯ ɥɟɫɨɜ ɡɚɜɢɫɢɬ ɨɬ ɬɨɝɨ, ɱɬɨ ɹɜɥɹɟɬɫɹ ɧɚɢɛɨɥɟɟ ɜɚɠɧɵɦ ɞɥɹ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ: ɥɟɝɤɨɫɬɶ ɫɨɜɦɟɫɬɧɨɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɢɧɮɨɪɦɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɜɫɟɯ ɞɨɦɟɧɨɜ ɥɟɫɚ ɢɥɢ ɩɨɞɞɟɪɠɤɚ ɩɨɥɧɨɫɬɶɸ ɚɜɬɨɧɨɦɧɨɝɨ
ɢ ɢɡɨɥɢɪɨɜɚɧɧɨɝɨ ɭɩɪɚɜɥɟɧɢɟ ɱɚɫɬɹɦɢ ɫɬɪɭɤɬɭɪɵ ɤɚɬɚɥɨɝɚ. П че ы . Directory Active Directory . , (IT), ,
Active ,
. .
,
. Э ,
,
,
. ,
.
—
,
.
Active Directory
Ʌɟɫ Active Directory ɩɪɟɞɧɚɡɧɚɱɟɧ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɛɵɬɶ ɨɬɞɟɥɶɧɵɦ ɫɚɦɨɞɨɫɬɚɬɨɱɧɵɦ ɦɨɞɭɥɟɦ. ȼɧɭɬɪɢ ɥɟɫɚ ɥɟɝɤɨ ɫɨɜɦɟɫɬɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɢɧɮɨɪɦɚɰɢɸ ɢ ɫɨɬɪɭɞɧɢɱɚɬɶ ɫ ɞɪɭɝɢɦɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ ɢɡ ɬɨɝɨ ɠɟ ɫɚɦɨɝɨ ɩɨɞɪɚɡɞɟɥɟɧɢɹ. Ɉɞɧɚɤɨ ɞɟɣɫɬɜɢɹ ɨɞɧɨɝɨ ɱɟɥɨɜɟɤɚ ɦɨɝɭɬ ɜɨɡɞɟɣɫɬɜɨɜɚɬɶ ɧɚ ɤɚɠɞɨɝɨ ɱɥɟɧɚ ɥɟɫɚ. ɉɪɨɟɤɬɢɪɭɹ ɫɚɦɵɣ ɜɵɫɨɤɢɣ ɭɪɨɜɟɧɶ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ Active Directory, ɜɵ ɞɨɥɠɧɵ ɪɟɲɢɬɶ, ɧɭɠɧɨ ɥɢ ɜɚɦ ɪɚɡɜɟɪɬɵɜɚɬɶ ɨɞɢɧ ɥɟɫ ɢɥɢ ɧɟɫɤɨɥɶɤɨ. Ʉɚɠɞɵɣ ɥɟɫ ɹɜɥɹɟɬɫɹ ɢɧɬɟɝɪɢɪɨɜɚɧɧɵɦ ɦɨɞɭɥɟɦ, ɩɨɬɨɦɭ ɱɬɨ ɨɧ ɜɤɥɸɱɚɟɬ ɫɥɟɞɭɸɳɟɟ. • Ƚɥɨɛɚɥɶɧɵɣ ɤɚɬɚɥɨɝ. Ʌɟɫ ɢɦɟɟɬ ɨɞɢɧ ɝɥɨɛɚɥɶɧɵɣ ɤɚɬɚɥɨɝ (GC). Ʉɚɬɚɥɨɝ GC ɨɛɥɟɝɱɚɟɬ ɩɨɢɫɤ ɨɛɴɟɤɬɨɜ ɜ ɥɸɛɨɦ ɞɨɦɟɧɟ ɥɟɫɚ ɢ ɜɯɨɞ ɧɚ ɥɸɛɨɣ ɞɨɦɟɧ ɥɟɫɚ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɧɚ ɤɚɤɨɦ ɞɨɦɟɧɟ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɚ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ. • Ɋɚɡɞɟɥ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ. ȼɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫɨɜɦɟɫɬɧɨ ɢɫɩɨɥɶɡɭɸɬ ɨɞɢɧ ɢ ɬɨɬ ɠɟ ɪɚɡɞɟɥ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ. ɗɬɚ ɢɧɮɨɪɦɚɰɢɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɩɬɢɦɢɡɚɰɢɢ ɪɟɩɥɢɤɚɰɢɢ ɢɧɮɨɪɦɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ, ɞɥɹ ɯɪɚɧɟɧɢɹ ɩɪɢɥɨɠɟɧɢɣ ɢ ɢɧɮɨɪɦɚɰɢɢ Active Directory, ɩɨɞɞɟɪɠɢɜɚɸɳɟɣ ɩɪɢɥɨɠɟɧɢɹ, ɢ ɞɥɹ ɫɨɜɦɟɫɬɧɨɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɢɧɮɨɪɦɚɰɢɢ ɫ ɩɨɦɨɳɶɸ ɪɚɡɞɟɥɚ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ. • Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ. ȼɫɟ ɞɨɦɟɧɵ ɜ ɥɟɫɭ ɫɜɹɡɚɧɵ ɞɜɭɯɫɬɨɪɨɧɧɢɦɢ ɬɪɚɧɡɢɬɢɜɧɵɦɢ ɞɨɜɟɪɢɬɟɥɶɧɵɦɢ ɨɬɧɨɲɟɧɢɹɦɢ. ɇɟ ɫɭɳɟɫɬɜɭɟɬ ɧɢɤɚɤɨɣ ɨɩɰɢɢ, ɩɨɡɜɨɥɹɸɳɟɣ ɢɡɦɟɧɢɬɶ ɷɬɨ. . Microsoft Exchange Server 2000. Exchange Server 2000. Exchange Server 2000 , . (GAL - Global Address List) GC. Exchange Server 2000 . , . , . ȼ ɬɨ ɜɪɟɦɹ ɤɚɤ ɫɥɭɠɛɚ Active Directory ɨɛɥɟɝɱɚɟɬ ɫɨɜɦɟɫɬɧɨɟ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɢɧɮɨɪɦɚɰɢɢ, ɨɧɚ ɩɪɟɞɩɢɫɵɜɚɟɬ ɦɧɨɠɟɫɬɜɨ ɨɝɪɚɧɢɱɟɧɢɣ, ɤɨɬɨɪɵɟ ɬɪɟɛɭɸɬ, ɱɬɨɛɵ ɪɚɡɥɢɱɧɵɟ ɩɨɞɪɚɡɞɟɥɟɧɢɹ ɜ ɤɨɦɩɚɧɢɢ ɫɨɬɪɭɞɧɢɱɚɥɢ ɪɚɡɥɢɱɧɵɦɢ ɫɩɨɫɨɛɚɦɢ. ɗɬɢ ɨɝɪɚɧɢɱɟɧɢɹ ɜɤɥɸɱɚɸɬ ɫɥɟɞɭɸɳɟɟ. • Ɉɞɧɚ ɫɯɟɦɚ. ȼɫɟ ɞɨɦɟɧɵ ɜ ɥɟɫɭ ɢɫɩɨɥɶɡɭɸɬ ɨɞɧɭ ɫɯɟɦɭ. ɗɬɨ ɨɛɫɬɨɹɬɟɥɶɫɬɜɨ ɤɚɤ ɛɭɞɬɨ ɭɩɪɨɳɚɟɬ ɞɟɥɨ, ɧɨ ɨɧɨ ɦɨɠɟɬ ɛɵɬɶ ɨɞɧɨɣ ɢɡ ɩɪɢɱɢɧ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɧɟɫɤɨɥɶɤɢɯ ɥɟɫɨɜ ɜ ɤɨɪɩɨɪɚɰɢɢ. ȿɫɥɢ ɨɞɧɨ ɩɨɞɪɚɡɞɟɥɟɧɢɟ ɪɟɲɚɟɬ ɪɚɡɜɟɪɬɵɜɚɬɶ ɩɪɢɥɨɠɟɧɢɟ, ɤɨɬɨɪɨɟ ɢɡɦɟɧɹɟɬ ɫɯɟɦɭ, ɬɨ ɷɬɨ ɨɤɚɡɵɜɚɟɬ ɜɨɡɞɟɣɫɬɜɢɟ ɧɚ ɜɫɟ ɩɨɞɪɚɡɞɟɥɟɧɢɹ. ȼɨɡɦɨɠɧɨ, ɜɚɦ ɩɨɤɚɠɟɬɫɹ, ɱɬɨ ɬɚɤɨɟ ɫɨɛɵɬɢɟ ɧɟ ɛɭɞɟɬ ɢɦɟɬɶ ɛɨɥɶɲɨɝɨ ɜɨɡɞɟɣɫɬɜɢɹ ɧɚ ɜɫɸ ɫɥɭɠɛɭ, ɧɨ ɨɧɨ ɦɨɠɟɬ ɫɬɚɬɶ ɧɟɩɪɟɨɞɨɥɢɦɵɦ, ɟɫɥɢ ɞɜɚɞɰɚɬɶ ɩɨɞɪɚɡɞɟɥɟɧɢɣ ɪɟɲɚɬ, ɱɬɨ ɢɦ ɬɪɟɛɭɟɬɫɹ ɪɚɡɜɟɪɧɭɬɶ ɩɪɢɥɨɠɟɧɢɹ, ɢɡɦɟɧɹɸɳɢɟ ɫɯɟɦɭ. Ʉɚɠɞɚɹ ɦɨɞɢɮɢɤɚɰɢɹ ɫɯɟɦɵ ɞɨɥɠɧɚ ɛɵɬɶ ɩɪɨɜɟɪɟɧɚ ɞɥɹ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɨɧɚ ɧɟ ɧɚɯɨɞɢɬɫɹ ɜ ɩɪɨɬɢɜɨɪɟɱɢɢ ɫ ɞɪɭɝɢɦɢ ɢɡɦɟɧɟɧɢɹɦɢ ɫɯɟɦɵ. ɗɬɨ ɩɨɬɪɟɛɭɟɬ ɡɧɚɱɢɬɟɥɶɧɨɝɨ ɜɪɟɦɟɧɢ ɢ ɭɫɢɥɢɣ.
•
ɐɟɧɬɪɚɥɢɡɨɜɚɧɧɨɟ ɭɩɪɚɜɥɟɧɢɟ. Ɋɚɡɜɟɪɬɵɜɚɧɢɟ ɟɞɢɧɫɬɜɟɧɧɨɝɨ ɥɟɫɚ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɧɟɤɨɬɨɪɵɟ ɤɨɦɩɨɧɟɧɬɵ ɫɟɬɟɜɨɝɨ ɭɩɪɚɜɥɟɧɢɹ ɞɨɥɠɧɵ ɛɵɬɶ ɰɟɧɬɪɚɥɢɡɨɜɚɧɵ. ɇɚɩɪɢɦɟɪ, ɟɞɢɧɫɬɜɟɧɧɚɹ ɝɪɭɩɩɚ, ɨɛɥɚɞɚɸɳɚɹ ɩɪɚɜɨɦ ɢɡɦɟɧɹɬɶ ɫɯɟɦɭ, — ɷɬɨ ɝɪɭɩɩɚ Schema Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɫɯɟɦɵ). ȿɞɢɧɫɬɜɟɧɧɚɹ ɝɪɭɩɩɚ, ɨɛɥɚɞɚɸɳɚɹ ɩɪɚɜɨɦ ɞɨɛɚɜɥɹɬɶ ɢ ɭɞɚɥɹɬɶ ɞɨɦɟɧɵ ɢɡ ɥɟɫɚ, - ɷɬɨ ɝɪɭɩɩɚ Enterprise Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɩɪɟɞɩɪɢɹɬɢɹ). Ƚɪɭɩɩɚ Enterprise Admins ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɞɨɛɚɜɥɹɟɬɫɹ ɤ ɞɨɦɟɧɭ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɵ Administrators (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ) ɧɚ ɤɚɠɞɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɜ ɥɟɫɭ. Ⱦɥɹ ɧɟɤɨɬɨɪɵɯ ɤɨɦɩɚɧɢɣ ɷɬɨɬ ɬɢɩ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨɣ ɚɞɦɢɧɢɫɬɪɚɰɢɢ ɧɟɩɪɢɟɦɥɟɦ. ɗɬɨ ɨɬɧɨɫɢɬɫɹ ɤ ɤɨɦɩɚɧɢɹɦ, ɨɫɭɳɟɫɬɜɥɹɸɳɢɦ ɩɟɪɟɯɨɞ ɨɬ Windows NT 4, ɤɨɬɨɪɚɹ ɧɟ ɩɪɟɞɩɢɫɵɜɚɸɬ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɦɟɠɞɭ ɧɟɫɤɨɥɶɤɢɦɢ ɞɨɦɟɧɚɦɢ. • ɉɨɥɢɬɢɤɚ ɭɩɪɚɜɥɟɧɢɹ ɢɡɦɟɧɟɧɢɹɦɢ. ɉɨɫɤɨɥɶɤɭ ɢɡɦɟɧɟɧɢɹ ɥɟɫɚ ɦɨɝɭɬ ɡɚɬɪɚɝɢɜɚɬɶ ɤɚɠɞɵɣ ɞɨɦɟɧ ɢ ɞɨɥɠɧɵ ɜɵɩɨɥɧɹɬɶɫɹ ɬɨɥɶɤɨ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨ, ɬɪɟɛɭɟɬɫɹ ɱɟɬɤɚɹ ɩɨɥɢɬɢɤɚ ɭɩɪɚɜɥɟɧɢɹ ɢɡɦɟɧɟɧɢɹɦɢ. • Ⱦɨɜɟɪɟɧɧɵɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ. Ɋɚɡɜɟɪɬɵɜɚɧɢɟ ɨɞɧɨɝɨ ɥɟɫɚ ɬɪɟɛɭɟɬ ɨɩɪɟɞɟɥɟɧɧɨɣ ɫɬɟɩɟɧɢ ɞɨɜɟɪɢɹ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ ɜɫɟɯ ɞɨɦɟɧɨɜ. Ʌɸɛɨɣ ɚɞɦɢɧɢɫɬɪɚɬɨɪ, ɨɛɥɚɞɚɸɳɢɣ ɩɪɚɜɚɦɢ ɭɩɪɚɜɥɟɧɢɹ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɦɨɠɟɬ ɫɞɟɥɚɬɶ ɬɚɤɢɟ ɢɡɦɟɧɟɧɢɹ, ɤɨɬɨɪɵɟ ɡɚɬɪɨɧɭɬ ɜɟɫɶ ɥɟɫ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɫɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɨɜ ɞɨɥɠɧɵ ɛɵɬɶ ɜɵɫɨɤɨ ɞɨɜɟɪɟɧɧɵɦɢ ɥɸɞɶɦɢ. Ɉɛɞɭɦɵɜɚɹ ɜɨɩɪɨɫ, ɤɚɫɚɸɳɢɣɫɹ ɤɨɥɢɱɟɫɬɜɚ ɪɚɡɜɟɪɬɵɜɚɟɦɵɯ ɥɟɫɨɜ, ɜɵ ɞɨɥɠɧɵ ɨɰɟɧɢɬɶ ɤɚɠɞɵɣ ɢɡ ɷɬɢɯ ɮɚɤɬɨɪɨɜ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɫɜɨɢɯ ɫɨɛɫɬɜɟɧɧɵɯ ɩɨɬɪɟɛɧɨɫɬɟɣ.
Ʉɚɤ ɫɤɚɡɚɧɨ ɜɵɲɟ, ɧɚɢɛɨɥɟɟ ɫɭɳɟɫɬɜɟɧɧɵɣ ɜɨɩɪɨɫ, ɧɚ ɤɨɬɨɪɵɣ ɜɚɦ ɧɚɞɨ ɨɬɜɟɬɢɬɶ ɩɪɢ ɫɨɡɞɚɧɢɢ ɜɚɲɟɝɨ ɩɪɨɟɤɬɚ, - ɛɭɞɟɬɟ ɥɢ ɜɵ ɢɦɟɬɶ ɨɞɢɧ ɥɟɫ ɢɥɢ ɧɟɫɤɨɥɶɤɨ ɥɟɫɨɜ. ɗɬɨ ɪɟɲɟɧɢɟ ɞɨɥɠɧɨ ɛɵɬɶ ɫɞɟɥɚɧɨ ɩɟɪɟɞ ɧɚɱɚɥɨɦ ɪɚɡɜɟɪɬɵɜɚɧɢɹ, ɩɨɬɨɦɭ ɱɬɨ ɩɨɫɥɟ ɷɬɭ ɫɬɪɭɤɬɭɪɭ ɨɱɟɧɶ ɬɪɭɞɧɨ ɢɡɦɟɧɢɬɶ. ɇɟ ɫɭɳɟɫɬɜɭɟɬ ɨɞɧɨɲɚɝɨɜɨɝɨ ɩɪɨɰɟɫɫɚ ɫɥɢɹɧɢɹ ɥɟɫɨɜ - ɜɵ ɞɨɥɠɧɵ ɩɟɪɟɦɟɫɬɢɬɶ ɢɡ ɫɬɚɪɨɝɨ ɥɟɫɚ ɜɫɟ ɨɛɴɟɤɬɵ, ɤɨɬɨɪɵɟ ɧɭɠɧɵ ɜ ɧɨɜɨɦ ɥɟɫɭ. ɇɟɬ ɧɢɤɚɤɨɝɨ ɩɪɨɫɬɨɝɨ ɫɩɨɫɨɛɚ ɪɚɡɛɢɬɶ ɨɬɞɟɥɶɧɵɣ ɥɟɫ ɧɚ ɞɜɚ. ȼɵ ɞɨɥɠɧɵ ɫɨɡɞɚɬɶ ɨɬɞɟɥɶɧɵɣ ɥɟɫ, ɚ ɡɚɬɟɦ ɩɟɪɟɦɟɳɚɬɶ ɨɛɴɟɤɬɵ ɢɡ ɨɞɧɨɝɨ ɥɟɫɚ ɜ ɞɪɭɝɨɣ. ɉɨɱɬɢ ɜɫɟ ɤɨɦɩɚɧɢɢ ɪɚɡɜɟɪɬɵɜɚɸɬ ɨɞɢɧ ɥɟɫ. Ⱦɥɹ ɛɨɥɶɲɢɧɫɬɜɚ ɤɨɦɩɚɧɢɣ ɜɵɝɨɞɵ ɨɬ ɨɛɳɟɞɨɫɬɭɩɧɨɝɨ ɤɚɬɚɥɨɝɚ GC, ɜɫɬɪɨɟɧɧɵɯ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɢ ɨɛɳɟɝɨ ɪɚɡɞɟɥɚ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ ɛɨɥɟɟ ɜɚɠɧɵ, ɱɟɦ ɩɨɞɞɟɪɠɤɚ ɩɨɥɧɨɣ ɧɟɡɚɜɢɫɢɦɨɫɬɢ ɜɫɟɯ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɪɨɥɟɣ. ɉɪɢ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ ɫɥɭɠɛɵ Active Directory ɜɚɲ ɩɟɪɜɵɣ ɜɵɛɨɪ ɞɨɥɠɟɧ ɜɫɟɝɞɚ ɫɨɫɬɨɹɬɶ ɜ ɪɚɡɜɟɪɬɵɜɚɧɢɢ ɨɞɧɨɝɨ ɥɟɫɚ. ɉɪɟɞɩɨɥɚɝɚɹ ɷɬɨ, ɛɭɞɟɬɟ ɝɨɬɨɜɵ ɤ ɬɨɦɭ, ɱɬɨ, ɜɨɡɦɨɠɧɨ, ɜɚɦ ɩɪɢɞɟɬɫɹ ɩɨɫɬɭɩɢɬɶ ɢɧɚɱɟ. ɋɭɳɟɫɬɜɭɸɬ ɨɱɟɜɢɞɧɵɟ ɫɢɬɭɚɰɢɢ, ɜ ɤɨɬɨɪɵɯ ɧɟɫɤɨɥɶɤɨ ɥɟɫɨɜ ɹɜɥɹɸɬɫɹ ɧɚɢɥɭɱɲɢɦ ɜɵɛɨɪɨɦ ɞɥɹ ɤɨɦɩɚɧɢɢ. • ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɧɟ ɢɦɟɸɬ ɜɵɫɨɤɢɯ ɬɪɟɛɨɜɚɧɢɣ ɤ ɫɨɬɪɭɞɧɢɱɟɫɬɜɭ ɜɧɭɬɪɢ ɤɨɦɩɚɧɢɢ. ȼ ɧɢɯ ɩɨɞɪɚɡɞɟɥɟɧɢɹ ɪɚɛɨɬɚɸɬ ɧɟɡɚɜɢɫɢɦɨ ɞɪɭɝ ɨɬ ɞɪɭɝɚ, ɫ ɧɟɛɨɥɶɲɨɣ ɩɨɬɪɟɛɧɨɫɬɶɸ ɨɛɦɟɧɚ ɢɧɮɨɪɦɚɰɢɟɣ ɢɧɚɱɟ, ɱɟɦ ɩɨ ɷɥɟɤɬɪɨɧɧɨɣ ɩɨɱɬɟ. ɗɬɢ ɤɨɦɩɚɧɢɢ ɧɢɱɟɝɨ ɧɟ ɬɟɪɹɸɬ, ɪɚɡɜɟɪɬɵɜɚɹ ɧɟɫɤɨɥɶɤɨ ɥɟɫɨɜ. • ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɬɪɟɛɭɸɬ ɩɨɥɧɨɝɨ ɪɚɡɞɟɥɟɧɢɹ ɫɟɬɟɜɨɣ ɢɧɮɨɪɦɚɰɢɢ. ɉɨ ɸɪɢɞɢɱɟɫɤɢɦ ɩɪɢɱɢɧɚɦ ɢɥɢ ɢɡ ɫɨɨɛɪɚɠɟɧɢɣ ɛɟɡɨɩɚɫɧɨɫɬɢ ɤɨɦɩɚɧɢɢ ɦɨɠɟɬ ɩɨɬɪɟɛɨɜɚɬɶɫɹ ɝɚɪɚɧɬɢɹ ɬɨɝɨ, ɱɬɨ ɧɟɤɨɬɨɪɚɹ ɫɟɬɟɜɚɹ ɢɧɮɨɪɦɚɰɢɹ ɧɟ ɛɭɞɟɬ ɞɨɫɬɭɩɧɚ ɤɨɦɭ-ɥɢɛɨ ɡɚ ɩɪɟɞɟɥɚɦɢ ɞɚɧɧɨɝɨ ɩɨɞɪɚɡɞɟɥɟɧɢɹ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɢɧɮɨɪɦɚɰɢɹ ɨɞɧɨɝɨ ɥɟɫɚ ɧɟɜɢɞɢɦɚ ɜ ɞɪɭɝɨɦ ɥɟɫɭ. • ɇɟɤɨɬɨɪɵɦ ɤɨɦɩɚɧɢɹɦ ɬɪɟɛɭɸɬɫɹ ɧɟɫɨɜɦɟɫɬɢɦɵɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɫɯɟɦɵ. ȿɫɥɢ ɞɜɟ ɱɚɫɬɢ ɨɪɝɚɧɢɡɚɰɢɢ ɬɪɟɛɭɸɬ ɭɧɢɤɚɥɶɧɨɣ ɫɯɟɦɵ, ɩɨɬɨɦɭ ɱɬɨ ɨɧɢ ɪɚɡɜɟɪɬɵɜɚɸɬ ɩɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɵɟ ɞɟɥɚɸɬ ɜɡɚɢɦɧɨ ɧɟɫɨɜɦɟɫɬɢɦɵɟ ɢɡɦɟɧɟɧɢɹ ɜ ɫɯɟɦɟ, ɬɨ ɜɵ ɞɨɥɠɧɵ ɫɨɡɞɚɜɚɬɶ ɨɬɞɟɥɶɧɵɟ ɥɟɫɚ. • ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɧɟ ɦɨɝɭɬ ɞɨɝɨɜɨɪɢɬɶɫɹ ɨ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨɣ ɩɨɥɢɬɢɤɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ, ɨ ɩɨɥɢɬɢɤɚɯ ɞɥɹ ɥɟɫɚ ɢɥɢ ɨɛ ɭɩɪɚɜɥɟɧɢɢ ɢɡɦɟɧɟɧɢɹɦɢ ɫɯɟɦɵ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɧɭɠɧɨ ɪɚɡɜɟɪɧɭɬɶ ɨɬɞɟɥɶɧɵɟ ɥɟɫɚ. • ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɞɨɥɠɧɵ ɨɝɪɚɧɢɱɢɬɶ ɨɛɥɚɫɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ. ȼ ɩɪɟɞɟɥɚɯ ɥɟɫɚ ɜɫɟ ɞɨɦɟɧɵ ɫɨɜɦɟɫɬɧɨ ɢɫɩɨɥɶɡɭɸɬ ɬɪɚɧɡɢɬɢɜɧɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ, ɢ ɧɟɬ ɧɢɤɚɤɨɣ ɨɩɰɢɢ, ɤɨɬɨɪɚɹ ɩɨɡɜɨɥɹɟɬ ɧɚɪɭɲɢɬɶ ɢɯ. ȿɫɥɢ ɜɚɲɚ ɫɟɬɟɜɚɹ ɫɪɟɞɚ ɬɪɟɛɭɟɬ ɤɨɧɮɢɝɭɪɚɰɢɢ ɞɨɜɟɪɢɹ, ɜ ɤɨɬɨɪɨɣ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɞɜɭɯɫɬɨɪɨɧɧɢɯ ɬɪɚɧɡɢɬɢɜɧɵɯ
П
ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɦɟɠɞɭ ɜɫɟɦɢ ɞɨɦɟɧɚɦɢ, ɜɵ ɞɨɥɠɧɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɧɟɫɤɨɥɶɤɨ ɥɟɫɨɜ. че ы . .
, . . , ,
,
,
,
, .
, ,
— . .
, ,
. Э
,
, -
. , , ,
. , ,
,
. Ⱦɥɹ ɧɟɤɨɬɨɪɵɯ ɤɨɦɩɚɧɢɣ ɪɚɡɜɟɪɬɵɜɚɧɢɟ ɧɟɫɤɨɥɶɤɢɯ ɥɟɫɨɜ ɹɜɥɹɟɬɫɹ ɩɪɢɜɥɟɤɚɬɟɥɶɧɵɦ ɜɚɪɢɚɧɬɨɦ. Ɉɞɧɚɤɨ ɷɬɨ ɩɪɢɞɚɟɬ ɡɧɚɱɢɬɟɥɶɧɭɸ ɫɥɨɠɧɨɫɬɶ ɫɟɬɟɜɨɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɟ. ȼɨɡɧɢɤɚɟɬ ɪɹɞ ɩɪɨɛɥɟɦ. • ɍɜɟɥɢɱɟɧɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɭɫɢɥɢɣ, ɧɟɨɛɯɨɞɢɦɵɯ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɫɟɬɶɸ. ɉɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɨɞɢɧ ɞɨɦɟɧ, ɚ ɬɚɤɠɟ ɤɨɧɮɢɝɭɪɚɰɢɹ ɭɪɨɜɧɹ ɥɟɫɚ ɞɨɥɠɧɵ ɭɩɪɚɜɥɹɬɶɫɹ ɨɬɞɟɥɶɧɨ ɜ ɤɚɠɞɨɦ ɥɟɫɭ. • ɍɦɟɧɶɲɟɧɢɟ ɫɩɨɫɨɛɧɨɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɤ ɫɨɬɪɭɞɧɢɱɟɫɬɜɭ. Ɉɞɢɧ ɢɡ ɩɪɢɦɟɪɨɜ ɷɬɨɝɨ ɩɨɢɫɤ ɪɟɫɭɪɫɨɜ ɜ ɫɟɬɢ. ɉɨɥɶɡɨɜɚɬɟɥɢ ɧɟ ɫɦɨɝɭɬ ɢɫɤɚɬɶ GC-ɪɟɫɭɪɫɵ ɜ ɞɪɭɝɨɦ ɥɟɫɭ ɢ ɞɨɥɠɧɵ ɛɵɬɶ ɨɛɭɱɟɧɵ ɬɨɦɭ, ɤɚɤ ɢɫɤɚɬɶ ɪɟɫɭɪɫɵ, ɪɚɫɩɨɥɨɠɟɧɧɵɟ ɜɧɟ ɤɚɬɚɥɨɝɚ GC. • Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɭɫɢɥɢɹ, ɤɨɬɨɪɵɟ ɬɪɟɛɭɸɬɫɹ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɥɢ ɨɛɪɚɬɢɬɶɫɹ ɤ ɪɟɫɭɪɫɚɦ ɞɪɭɝɨɝɨ ɥɟɫɚ. Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɥɠɧɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɜɦɟɫɬɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɜɫɬɪɨɟɧɧɵɯ. ȿɫɥɢ ɤɚɤɚɹ-ɥɢɛɨ ɢɧɮɨɪɦɚɰɢɹ ɞɨɥɠɧɚ ɛɵɬɶ ɫɢɧɯɪɨɧɢɡɨɜɚɧɚ ɦɟɠɞɭ ɥɟɫɚɦɢ, ɬɨ ɷɬɨ ɬɚɤɠɟ ɧɚɞɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ. . , .
Active Directory
, (
,
,
)
(
,
. .) , , .
, Enterprise Admins
, (
OU.
) . ,
, .
,
, ,
.
Active Directory . OU OU.
,
.
Active Directory .
,
Active Directory. Administrators )
(
, . Enterprise Admins . Domain Admins Administrators
. , ,
.Э .
,
, , . . , . (SID)
ё
,
, ,
Enterprise Admins, ,
.
, Directory Services Restore ( Active Directory
), .
, ,
,
, . , . , . , . . , . ,
,
, . Э
•
. .Э Domain Admins ( Administrators ( ) Backup Operators , ,
( ). • •
), (
.
,
. . ,
,
), Operators
Server
, . .
,
ɇɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɫɤɨɥɶɤɨ ɪɚɡɜɟɪɬɵɜɚɟɬɫɹ ɥɟɫɨɜ, ɞɥɹ ɤɚɠɞɨɝɨ ɥɟɫɚ ɜɵ ɞɨɥɠɧɵ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɬɶ ɟɝɨ ɜɥɚɞɟɥɶɰɟɜ. ȼ ɬɟɯɧɢɱɟɫɤɢɯ ɬɟɪɦɢɧɚɯ ɩɪɨɫɬɨ ɨɩɪɟɞɟɥɢɬɶ, ɤɬɨ ɹɜɥɹɟɬɫɹ ɜɥɚɞɟɥɶɰɟɦ ɥɟɫɚ. Ƚɪɭɩɩɵ Schema Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɫɯɟɦɵ), Enterprise Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɩɪɟɞɩɪɢɹɬɢɹ) ɢ Domain Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ) ɜ ɤɨɪɧɟɜɨɦ ɞɨɦɟɧɟ ɦɨɝɭɬ ɛɵɬɶ ɨɩɪɟɞɟɥɟɧɵ ɤɚɤ ɜɥɚɞɟɥɶɰɵ ɥɟɫɚ, ɩɨɬɨɦɭ ɱɬɨ ɨɧɢ ɭɩɪɚɜɥɹɸɬ ɬɟɦɢ ɢɡɦɟɧɟɧɢɹɦɢ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɛɵɬɶ ɫɞɟɥɚɧɵ ɜ ɥɟɫɭ. ɗɬɨ ɪɨɥɢ ɱɢɫɬɨ ɬɟɯɧɢɱɟɫɤɢɟ, ɢ ɥɸɞɢ ɜ ɷɬɢɯ ɝɪɭɩɩɚɯ ɩɨɱɬɢ ɧɟ ɢɦɟɸɬ ɨɤɨɧɱɚɬɟɥɶɧɵɯ ɩɨɥɧɨɦɨɱɢɣ ɧɚ ɬɨ, ɛɭɞɭɬ ɥɢ ɧɚ ɫɚɦɨɦ ɞɟɥɟ ɫɞɟɥɚɧɵ ɦɨɞɢɮɢɤɚɰɢɢ ɤ ɥɟɫɭ. ɇɚɩɪɢɦɟɪ, ɝɪɭɩɩɚ Schema Admins ɦɨɠɟɬ ɢɡɦɟɧɹɬɶ ɫɯɟɦɭ, ɧɨ ɱɥɟɧ ɝɪɭɩɩɵ Schema Admins ɨɛɵɱɧɨ ɧɟ ɢɦɟɟɬ ɩɨɥɧɨɦɨɱɢɣ ɞɥɹ ɩɪɢɧɹɬɢɹ ɡɚɤɥɸɱɢɬɟɥɶɧɨɝɨ ɪɟɲɟɧɢɹ ɨɬɧɨɫɢɬɟɥɶɧɨ ɬɨɝɨ, ɛɭɞɟɬ ɥɢ ɡɚɩɪɨɫ ɧɚ ɢɡɦɟɧɟɧɢɟ ɫɯɟɦɵ ɨɞɨɛɪɟɧ. ȼɥɚɞɟɥɶɰɵ ɥɟɫɚ ɞɨɥɠɧɵ ɨɛɥɚɞɚɬɶ ɤɨɦɛɢɧɚɰɢɟɣ ɬɟɯɧɢɱɟɫɤɨɣ ɤɨɦɩɟɬɟɧɰɢɢ ɢ ɩɨɧɢɦɚɧɢɹ ɛɢɡɧɟɫɚ. Ɉɧɢ ɞɨɥɠɧɵ ɛɵɬɶ ɥɸɞɶɦɢ, ɤɨɬɨɪɵɟ ɡɧɚɸɬ ɨɛɳɢɟ ɞɟɥɨɜɵɟ ɬɪɟɛɨɜɚɧɢɹ ɨɪɝɚɧɢɡɚɰɢɢ ɢ ɜ ɬɨ ɠɟ ɜɪɟɦɹ ɩɨɧɢɦɚɸɬ ɬɟɯɧɢɱɟɫɤɨɟ ɡɧɚɱɟɧɢɟ ɜɵɩɨɥɧɟɧɢɹ ɜɫɟɯ ɷɬɢɯ ɬɪɟɛɨɜɚɧɢɣ. ȼɥɚɞɟɥɶɰɵ ɥɟɫɚ ɦɨɝɭɬ ɪɟɲɢɬɶ, ɱɬɨ ɛɭɞɟɬ ɪɚɡɜɟɪɧɭɬɨ ɩɪɢɥɨɠɟɧɢɟ, ɢɡɦɟɧɹɸɳɟɟ ɫɯɟɦɭ, ɩɨɬɨɦɭ ɱɬɨ ɨɧɨ ɩɪɢɧɟɫɟɬ ɡɧɚɱɢɬɟɥɶɧɭɸ ɞɟɥɨɜɭɸ ɩɨɥɶɡɭ ɤɨɦɩɚɧɢɢ, ɚ ɡɚɬɟɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɭ ɫɯɟɦɵ ɞɚɸɬ ɡɚɞɚɧɢɟ ɢɡɦɟɧɢɬɶ ɫɯɟɦɭ ɬɚɤ, ɤɚɤ ɷɬɨ ɬɪɟɛɭɟɬɫɹ. ȼ ɤɨɦɩɚɧɢɢ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɞɟɥɨɜɵɦɢ ɩɨɞɪɚɡɞɟɥɟɧɢɹɦɢ ɝɪɭɩɩɚ ɜɥɚɞɟɥɶɰɟɜ ɥɟɫɚ ɞɨɥɠɧɚ ɫɨɫɬɨɹɬɶ ɢɡ ɩɪɟɞɫɬɚɜɢɬɟɥɟɣ ɜɫɟɯ ɩɨɞɪɚɡɞɟɥɟɧɢɣ. ɗɬɨ ɜɚɠɧɨ ɞɥɹ ɷɮɮɟɤɬɢɜɧɨɝɨ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ, ɬ.ɟ. ɩɪɟɞɫɬɚɜɢɬɟɥɢ ɝɪɭɩɩɵ ɞɨɥɠɧɵ ɧɚɯɨɞɢɬɶɫɹ ɧɚ ɪɚɛɨɱɟɦ ɦɟɫɬɟ, ɱɬɨɛɵ ɝɪɭɩɩɚ ɦɨɝɥɚ ɛɵɫɬɪɨ ɩɪɢɧɹɬɶ ɪɟɲɟɧɢɟ ɨ ɪɟɚɥɢɡɚɰɢɢ ɢɡɦɟɧɟɧɢɣ ɭɪɨɜɧɹ ɥɟɫɚ. ȿɫɥɢ ɪɟɚɥɢɡɚɰɢɹ ɝɥɨɛɚɥɶɧɵɯ ɢɡɦɟɧɟɧɢɣ ɛɭɞɟɬ ɡɚɧɢɦɚɬɶ ɦɧɨɝɨ ɜɪɟɦɟɧɢ, ɬɨ ɨɬɞɟɥɶɧɵɟ ɩɨɞɪɚɡɞɟɥɟɧɢɹ ɦɨɝɭɬ ɩɨɠɚɥɟɬɶ, ɱɬɨ ɨɧɢ ɜɨɨɛɳɟ ɫɨɝɥɚɫɢɥɢɫɶ ɧɚ ɪɚɡɜɟɪɬɵɜɚɧɢɟ ɟɞɢɧɫɬɜɟɧɧɨɝɨ ɥɟɫɚ.
ɉɟɪɜɚɹ ɡɚɞɚɱɚ ɞɥɹ ɜɥɚɞɟɥɶɰɟɜ ɥɟɫɚ ɫɨɫɬɨɢɬ ɜ ɨɩɪɟɞɟɥɟɧɢɢ ɩɨɥɢɬɢɤɢ ɭɩɪɚɜɥɟɧɢɹ ɢɡɦɟɧɟɧɢɹɦɢ ɥɟɫɚ. ɗɬɨ ɩɨɥɢɬɢɤɚ ɨɩɪɟɞɟɥɹɟɬ ɬɨ, ɤɚɤɢɟ ɢɡɦɟɧɟɧɢɹ ɦɨɝɭɬ ɛɵɬɶ ɫɞɟɥɚɧɵ ɤ ɤɨɧɮɢɝɭɪɚɰɢɢ ɭɪɨɜɧɹ ɥɟɫɚ ɢ ɩɪɢ ɤɚɤɢɯ ɨɛɫɬɨɹɬɟɥɶɫɬɜɚɯ. ɋɭɳɟɫɬɜɭɟɬ ɞɜɚ ɬɢɩɚ ɢɡɦɟɧɟɧɢɣ ɥɟɫɚ: ɢɡɦɟɧɟɧɢɹ ɫɯɟɦɵ ɢ ɢɡɦɟɧɟɧɢɹ ɪɚɡɞɟɥɚ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ (ɧɚɩɪɢɦɟɪ, ɞɨɛɚɜɥɟɧɢɟ ɢɥɢ ɭɞɚɥɟɧɢɟ ɞɨɦɟɧɨɜ ɢ ɪɚɡɞɟɥɨɜ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ, ɢɡɦɟɧɟɧɢɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɫɚɣɬɚ). ɉɨɥɢɬɢɤɚ ɭɩɪɚɜɥɟɧɢɹ ɢɡɦɟɧɟɧɢɹɦɢ ɥɟɫɚ ɬɚɤɠɟ ɨɩɪɟɞɟɥɹɟɬ ɩɪɨɰɟɞɭɪɵ ɬɟɫɬɢɪɨɜɚɧɢɹ, ɨɞɨɛɪɟɧɢɹ ɢ ɪɟɚɥɢɡɚɰɢɢ ɥɸɛɵɯ ɢɡɦɟɧɟɧɢɣ ɥɟɫɚ. ɗɬɨ ɜɚɠɧɨ ɞɥɹ ɢɡɦɟɧɟɧɢɣ ɫɯɟɦɵ, ɩɨɫɤɨɥɶɤɭ ɢɯ ɧɟɥɟɝɤɨ ɜɨɫɫɬɚɧɨɜɢɬɶ, ɩɨɷɬɨɦɭ ɥɸɛɨɟ ɢɡɦɟɧɟɧɢɟ ɫɯɟɦɵ ɞɨɥɠɧɨ ɛɵɬɶ ɫɨɜɦɟɫɬɢɦɨ ɫɨ ɜɫɟɦɢ ɞɪɭɝɢɦɢ ɢɡɦɟɧɟɧɢɹɦɢ. ɉɨɥɢɬɢɤɚ ɭɩɪɚɜɥɟɧɢɹ ɢɡɦɟɧɟɧɢɹɦɢ ɥɟɫɚ ɞɨɥɠɧɚ ɨɩɪɟɞɟɥɢɬɶ ɩɪɨɰɟɞɭɪɭ ɬɟɫɬɢɪɨɜɚɧɢɹ ɢɡɦɟɧɟɧɢɣ ɫɯɟɦɵ, ɢ ɜɥɚɞɟɥɶɰɵ ɥɟɫɚ ɞɨɥɠɧɵ ɩɨɞɞɟɪɠɢɜɚɬɶ ɢɫɩɵɬɚɬɟɥɶɧɭɸ ɥɚɛɨɪɚɬɨɪɢɸ ɞɥɹ ɬɟɫɬɢɪɨɜɚɧɢɹ ɷɬɢɯ ɢɡɦɟɧɟɧɢɣ. ɉɨɥɢɬɢɤɚ ɭɩɪɚɜɥɟɧɢɹ ɢɡɦɟɧɟɧɢɹɦɢ ɥɟɫɚ ɞɨɥɠɧɚ ɬɪɟɛɨɜɚɬɶ ɩɨɥɧɨɝɨ ɢɫɩɵɬɚɧɢɹ ɜɫɟɯ ɢɡɦɟɧɟɧɢɣ ɭɪɨɜɧɹ ɥɟɫɚ ɢ ɝɚɪɚɧɬɢɪɨɜɚɬɶ, ɱɬɨ ɬɟɫɬɢɪɨɜɚɧɢɟ ɡɚɤɨɧɱɢɬɫɹ ɛɵɫɬɪɨ. ȿɫɥɢ ɤɚɠɞɵɣ ɡɚɩɪɨɫ ɧɚ ɢɡɦɟɧɟɧɢɟ ɛɭɞɟɬ ɡɚɧɢɦɚɬɶ ɦɧɨɝɨ ɜɪɟɦɟɧɢ ɧɚ ɨɛɪɚɛɨɬɤɭ, ɬɨ ɭɪɨɜɟɧɶ ɪɚɫɫɬɪɨɣɫɬɜɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɛɭɞɟɬ ɩɨɫɬɨɹɧɧɨ ɜɨɡɪɚɫɬɚɬɶ. ɉɨɥɢɬɢɤɚ ɭɩɪɚɜɥɟɧɢɹ ɢɡɦɟɧɟɧɢɹɦɢ ɥɟɫɚ ɞɨɥɠɧɚ ɛɵɬɶ ɫɮɨɪɦɢɪɨɜɚɧɚ ɩɪɟɠɞɟ, ɱɟɦ ɜɵ ɧɚɱɧɟɬɟ ɪɚɡɜɟɪɬɵɜɚɬɶ Active Directory. ȼ ɤɨɦɩɚɧɢɹɯ ɫ ɪɚɡɧɨɨɛɪɚɡɧɵɦɢ ɢ ɨɛɨɫɨɛɥɟɧɧɵɦɢ ɞɟɥɨɜɵɦɢ ɩɨɞɪɚɡɞɟɥɟɧɢɹɦɢ ɩɨɹɫɧɟɧɢɟ ɷɬɨɣ ɩɨɥɢɬɢɤɢ ɦɨɠɟɬ ɛɵɬɶ ɬɪɭɞɧɵɦ ɞɟɥɨɦ ɢ ɡɚɧɹɬɶ ɦɧɨɝɨ ɜɪɟɦɟɧɢ, ɧɨ ɢ ɩɨɫɥɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ Active Directory ɞɟɥɚɬɶ ɷɬɨ ɫɨɜɫɟɦ ɧɟ ɥɟɝɱɟ. ȿɫɥɢ ɞɟɥɨɜɵɟ ɩɨɞɪɚɡɞɟɥɟɧɢɹ ɧɟ ɫɦɨɝɭɬ ɞɨɝɨɜɨɪɢɬɶɫɹ ɨ ɩɨɥɢɬɢɤɟ ɭɩɪɚɜɥɟɧɢɹ ɢɡɦɟɧɟɧɢɹɦɢ ɥɟɫɚ ɩɟɪɟɞ ɪɚɡɜɟɪɬɵɜɚɧɢɟɦ, ɜɵ ɞɨɥɠɧɵ ɩɪɢɧɹɬɶ ɪɟɲɟɧɢɟ ɨ ɪɚɡɜɟɪɬɵɜɚɧɢɢ ɧɟɫɤɨɥɶɤɢɯ ɥɟɫɨɜ.
Ʉɚɤ ɬɨɥɶɤɨ ɜɨɩɪɨɫ ɨ ɤɨɥɢɱɟɫɬɜɟ ɪɚɡɜɟɪɬɵɜɚɟɦɵɯ ɥɟɫɨɜ ɭɥɚɠɟɧ, ɧɟɨɛɯɨɞɢɦɨ ɨɩɪɟɞɟɥɢɬɶ ɞɨɦɟɧɧɭɸ ɫɬɪɭɤɬɭɪɭ ɜ ɩɪɟɞɟɥɚɯ ɤɚɠɞɨɝɨ ɢɡ ɥɟɫɨɜ. ȼɚɲɚ ɩɟɪɜɚɹ ɡɚɞɚɱɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɡɚɞɨɤɭɦɟɧɬɢɪɨɜɚɬɶ ɤɨɧɮɢɝɭɪɚɰɢɸ ɬɟɤɭɳɢɯ ɫɥɭɠɛ ɤɚɬɚɥɨɝɚ ɢ ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤɚɹ ɱɚɫɬɶ ɬɟɤɭɳɟɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɦɨɠɟɬ ɛɵɬɶ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɚ, ɚ ɤɚɤɚɹ ɞɨɥɠɧɚ ɛɵɬɶ ɪɟɫɬɪɭɤɬɭɪɢɪɨɜɚɧɚ ɢɥɢ ɡɚɦɟɧɟɧɚ. Ɂɚɬɟɦ ɨɩɪɟɞɟɥɹɟɬɫɹ ɩɨɬɪɟɛɧɨɟ ɤɨɥɢɱɟɫɬɜɨ ɞɨɦɟɧɨɜ ɢ ɢɯ ɢɟɪɚɪɯɢɹ.
Active Directory
Ⱦɨɦɟɧɵ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɪɚɡɞɟɥɟɧɢɹ ɛɨɥɶɲɨɝɨ ɥɟɫɚ ɧɚ ɛɨɥɟɟ ɦɟɥɤɢɟ ɤɨɦɩɨɧɟɧɬɵ ɞɥɹ ɰɟɥɟɣ ɪɟɩɥɢɤɚɰɢɢ ɢɥɢ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ. ɋɥɟɞɭɸɳɢɟ ɯɚɪɚɤɬɟɪɢɫɬɢɤɢ ɞɨɦɟɧɚ ɤɪɚɣɧɟ ɜɚɠɧɵ ɩɪɢ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ Active Directory. • Ƚɪɚɧɢɰɚ ɪɟɩɥɢɤɚɰɢɢ. Ƚɪɚɧɢɰɵ ɞɨɦɟɧɚ ɹɜɥɹɸɬɫɹ ɝɪɚɧɢɰɚɦɢ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɪɚɡɞɟɥɚ ɞɨɦɟɧɚ ɤɚɬɚɥɨɝɚ ɢ ɞɥɹ ɢɧɮɨɪɦɚɰɢɢ ɞɨɦɟɧɚ, ɯɪɚɧɹɳɟɣɫɹ ɜ ɩɚɩɤɟ Sysvol ɧɚ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ. ȼ ɬɨ ɜɪɟɦɹ ɤɚɤ ɞɪɭɝɢɟ ɪɚɡɞɟɥɵ ɤɚɬɚɥɨɝɚ (ɪɚɡɞɟɥ ɫɯɟɦɵ, ɤɨɧɮɢɝɭɪɚɰɢɢ ɢ GC) ɪɟɩɥɢɰɢɪɭɸɬɫɹ ɩɨ ɜɫɟɦɭ ɥɟɫɭ, ɪɚɡɞɟɥ ɤɚɬɚɥɨɝɚ ɞɨɦɟɧɚ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɬɨɥɶɤɨ ɜ ɩɪɟɞɟɥɚɯ ɨɞɧɨɝɨ ɞɨɦɟɧɚ. • Ƚɪɚɧɢɰɚ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ. Ƚɪɚɧɢɰɵ ɞɨɦɟɧɚ ɹɜɥɹɸɬɫɹ ɬɚɤɠɟ ɝɪɚɧɢɰɚɦɢ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɩɨɥɶɡɨɜɚɬɟɥɢ ɨɞɧɨɝɨ ɞɨɦɟɧɚ ɧɟ ɦɨɝɭɬ ɨɛɪɚɳɚɬɶɫɹ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɜ ɞɪɭɝɨɦ ɞɨɦɟɧɟ, ɟɫɥɢ ɬɨɥɶɤɨ ɢɦ ɧɟ ɛɭɞɭɬ ɹɜɧɨ ɞɚɧɵ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɟ ɪɚɡɪɟɲɟɧɢɹ. • Ƚɪɚɧɢɰɵ ɩɨɥɢɬɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ. ɇɟɤɨɬɨɪɵɟ ɩɨɥɢɬɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ ɦɨɝɭɬ ɛɵɬɶ ɭɫɬɚɧɨɜɥɟɧɵ ɬɨɥɶɤɨ ɧɚ ɭɪɨɜɧɟ ɞɨɦɟɧɚ. ɗɬɢ ɩɨɥɢɬɢɤɢ, ɬɚɤɢɟ ɤɚɤ ɩɨɥɢɬɢɤɚ ɩɚɪɨɥɟɣ, ɩɨɥɢɬɢɤɚ ɛɥɨɤɢɪɨɜɤɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɢ ɩɨɥɢɬɢɤɚ ɛɢɥɟɬɨɜ Kerberos, ɩɪɢɦɟɧɹɸɬɫɹ ɤɨ ɜɫɟɦ ɭɱɟɬɧɵɦ ɡɚɩɢɫɹɦ ɞɨɦɟɧɚ.
ȼ ɬɨ ɜɪɟɦɹ ɤɚɤ ɛɨɥɶɲɢɧɫɬɜɨ ɤɨɦɩɚɧɢɣ ɪɚɡɜɟɪɬɵɜɚɟɬ ɟɞɢɧɫɬɜɟɧɧɵɣ ɥɟɫ, ɧɟɤɨɬɨɪɵɟ ɤɪɭɩɧɵɟ ɤɨɦɩɚɧɢɢ ɪɚɡɜɟɪɬɵɜɚɸɬ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ ɜ ɩɪɟɞɟɥɚɯ ɷɬɨɝɨ ɥɟɫɚ. ɉɪɨɳɟ ɜɫɟɝɨ ɭɩɪɚɜɥɹɬɶ ɟɞɢɧɫɬɜɟɧɧɵɦ ɞɨɦɟɧɨɦ, ɨɧ ɨɛɟɫɩɟɱɢɜɚɟɬ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɧɚɢɦɟɧɟɟ ɫɥɨɠɧɨɣ ɫɪɟɞɨɣ. Ɉɞɧɚɤɨ ɢɦɟɟɬɫɹ ɪɹɞ ɩɪɢɱɢɧ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ. Ⱦɥɹ ɛɨɥɶɲɢɧɫɬɜɚ ɤɨɦɩɚɧɢɣ ɢɞɟɚɥɶɧɵɣ ɩɪɨɟɤɬ Active Directory Windows Server 2003 ɛɭɞɟɬ ɜɤɥɸɱɚɬɶ ɦɧɨɠɟɫɬɜɨ ɛɨɥɟɟ ɦɟɥɤɢɯ ɞɨɦɟɧɨɜ, ɱɟɦ ɢɦɟɥɢɫɶ ɞɨ ɷɬɨɝɨ ɜ Windows NT. Ⱦɥɹ ɧɟɤɨɬɨɪɵɯ ɤɨɦɩɚɧɢɣ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ Windows NT ɦɨɝɭɬ ɨɛɴɟɞɢɧɢɬɶɫɹ ɜ ɟɞɢɧɫɬɜɟɧɧɵɣ ɞɨɦɟɧ Active Directory. Ɇɧɨɝɢɟ ɢɡ ɨɝɪɚɧɢɱɟɧɢɣ, ɤɨɬɨɪɵɟ ɩɪɢɜɨɞɢɥɢ ɤ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɧɟɫɤɨɥɶɤɢɯ ɞɨɦɟɧɨɜ ɜ Windows NT, ɛɵɥɢ ɭɫɬɪɚɧɟɧɵ ɜ Windows Server 2003. ɋɥɟɞɭɸɳɢɟ ɮɚɤɬɨɪɵ ɞɟɥɚɸɬ ɪɚɡɜɟɪɬɵɜɚɧɢɟ ɟɞɢɧɫɬɜɟɧɧɨɝɨ ɞɨɦɟɧɚ ɪɟɚɥɶɧɨɣ ɜɨɡɦɨɠɧɨɫɬɶɸ ɞɥɹ ɦɧɨɝɢɯ ɤɨɦɩɚɧɢɣ, ɢɦɟɸɳɢɯ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ ɜ Windows NT. П че ы . Active Directory Active Directory , . , Active Directory, Active Directory. Windows NT 4, Active Directory Windows Server 2003. Active Directory. , . Directory,
Active Directory, ,
Active .
, .
, ,
, . .
Active Directory,
Active Directory, ,
. -
, .
Active Directory: . ,
,
,
. ,
,
Active Directory
, ,
.
. .Э
,
, ,
,
.
OU . Ɉɝɪɚɧɢɱɟɧɢɹ ɧɚ ɪɚɡɦɟɪ ɛɚɡɵ ɞɚɧɧɵɯ ɜ ɡɧɚɱɢɬɟɥɶɧɨɣ ɫɬɟɩɟɧɢ ɛɵɥɢ ɫɧɹɬɵ ɜ Active Directory, ɬɟɩɟɪɶ ɨɧɚ ɦɨɠɟɬ ɫɨɞɟɪɠɚɬɶ ɧɟɫɤɨɥɶɤɨ ɫɨɬɟɧ ɬɵɫɹɱ ɨɛɴɟɤɬɨɜ. Ⱦɥɹ ɜɫɟɯ, ɤɪɨɦɟ ɫɚɦɵɯ ɛɨɥɶɲɢɯ, ɤɨɦɩɚɧɢɣ ɨɛɳɟɟ ɤɨɥɢɱɟɫɬɜɨ ɨɛɴɟɤɬɨɜ ɜ Active Directory ɧɟ ɛɭɞɟɬ ɩɪɟɜɵɲɚɬɶ ɜɨɡɦɨɠɧɨɟ ɤɨɥɢɱɟɫɬɜɨ ɨɛɴɟɤɬɨɜ ɜ ɞɨɦɟɧɟ. Ɉɞɧɚ ɢɡ ɩɪɢɱɢɧ ɫɨɡɞɚɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɞɨɦɟɧɨɜ ɜ Windows NT ɫɨɫɬɨɹɥɚ ɜ ɬɨɦ, ɱɬɨɛɵ ɨɝɪɚɧɢɱɢɜɚɬɶ ɢɥɢ ɞɟɥɟɝɢɪɨɜɚɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɣ ɞɨɫɬɭɩ. ȼ Active Directory ɫɬɪɭɤɬɭɪɚ OU ɫɨɡɞɚɟɬ ɢɟɪɚɪɯɢɸ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ, ɤɨɬɨɪɚɹ ɨɛɥɟɝɱɚɟɬ ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ ɨɩɪɟɞɟɥɟɧɧɵɦ ɱɚɫɬɹɦ ɤɚɬɚɥɨɝɚ ɢ ɨɝɪɚɧɢɱɢɜɚɟɬ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɣ ɞɨɫɬɭɩ. ȿɫɥɢ ɜɚɲɚ ɤɨɦɩɚɧɢɹ ɱɚɫɬɨ ɪɟɨɪɝɚɧɢɡɭɟɬɫɹ, ɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɩɟɪɟɞɜɢɝɚɸɬɫɹ ɦɟɠɞɭ ɞɟɥɨɜɵɦɢ ɩɨɞɪɚɡɞɟɥɟɧɢɹɦɢ, ɬɨ ɩɟɪɟɦɟɳɚɬɶ ɢɯ ɦɟɠɞɭ OU ɜ ɞɨɦɟɧɟ ɞɨɫɬɚɬɨɱɧɨ ɥɟɝɤɨ. Ɍɪɭɞɧɟɟ ɩɟɪɟɦɟɳɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ. ɍɩɪɚɜɥɹɬɶ ɨɞɧɢɦ ɞɨɦɟɧɨɦ ɥɟɝɱɟ ɜ ɬɨɦ ɨɬɧɨɲɟɧɢɢ, ɱɬɨ ɧɚɞɨ ɡɚɛɨɬɢɬɶɫɹ ɬɨɥɶɤɨ ɨɛ ɨɞɧɨɦ ɧɚɛɨɪɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɞɨɦɟɧɧɨɝɨ ɭɪɨɜɧɹ ɢ ɨɞɧɨɦ ɧɚɛɨɪɟ ɩɨɥɢɬɢɤ ɞɨɦɟɧɧɨɝɨ ɭɪɨɜɧɹ. Ʉɪɨɦɟ ɬɨɝɨ, ɜɵ ɞɨɥɠɧɵ ɭɩɪɚɜɥɹɬɶ ɬɨɥɶɤɨ ɨɞɧɢɦ ɧɚɛɨɪɨɦ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. ɋɚɦɵɣ ɥɟɝɤɢɣ ɫɰɟɧɚɪɢɣ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɝɪɭɩɩɨɜɵɦɢ ɩɨɥɢɬɢɤɚɦɢ — ɷɬɨ ɫɪɟɞɚ ɨɬɞɟɥɶɧɨɝɨ ɞɨɦɟɧɚ. ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɨɧɟɧɬɵ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɯɪɚɧɹɬɫɹ ɜ ɩɚɩɤɟ Sysvol ɧɚ ɤɚɠɞɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɢɦɟɟɬɟ ɬɨɥɶɤɨ ɨɞɢɧ ɞɨɦɟɧ, ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. ȿɞɢɧɫɬɜɟɧɧɵɣ ɞɨɦɟɧ ɹɜɥɹɟɬɫɹ ɫɚɦɨɣ ɥɟɝɤɨɣ ɫɪɟɞɨɣ ɞɥɹ ɩɥɚɧɢɪɨɜɚɧɢɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɢ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ. ɂɦɟɹ ɟɞɢɧɫɬɜɟɧɧɵɣ ɞɨɦɟɧ, ɜɚɦ ɧɟ ɧɭɠɧɨ ɛɟɫɩɨɤɨɢɬɶɫɹ ɨ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɹɯ ɢɥɢ ɨ ɧɚɡɧɚɱɟɧɢɢ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɡ ɞɪɭɝɢɯ ɞɨɦɟɧɨɜ. ȼ ɬɨ ɜɪɟɦɹ ɤɚɤ ɦɨɞɟɥɶ ɟɞɢɧɫɬɜɟɧɧɨɝɨ ɞɨɦɟɧɚ ɦɨɠɟɬ ɛɵɬɶ ɢɞɟɚɥɶɧɨɣ ɞɥɹ ɦɧɨɝɢɯ ɤɨɦɩɚɧɢɣ, ɛɨɥɶɲɢɧɫɬɜɨ ɤɪɭɩɧɵɯ ɤɨɦɩɚɧɢɣ ɪɚɡɜɟɪɬɵɜɚɸɬ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ. ɋɭɳɟɫɬɜɭɟɬ ɦɧɨɝɨ ɫɟɪɶɟɡɧɵɯ ɨɫɧɨɜɚɧɢɣ ɞɥɹ ɬɚɤɨɝɨ ɪɟɲɟɧɢɹ. • Ɍɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɞɨɥɠɟɧ ɛɵɬɶ ɨɝɪɚɧɢɱɟɧ. Ɋɚɡɞɟɥ ɤɚɬɚɥɨɝɚ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɹɜɥɹɟɬɫɹ ɫɚɦɵɦ ɛɨɥɶɲɢɦ ɢ ɧɚɢɛɨɥɟɟ ɱɚɫɬɨ ɢɡɦɟɧɹɟɦɵɦ ɪɚɡɞɟɥɨɦ ɤɚɬɚɥɨɝɚ, ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɷɬɨ ɦɨɠɟɬ ɜɵɡɵɜɚɬɶ ɫɥɢɲɤɨɦ ɛɨɥɶɲɨɣ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɨɮɢɫɚɦɢ ɤɨɦɩɚɧɢɢ (ɞɚɠɟ ɟɫɥɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɨ ɧɟɫɤɨɥɶɤɨ ɫɚɣɬɨɜ). • ɗɬɨɬ ɜɵɛɨɪ ɞɟɥɚɟɬɫɹ, ɟɫɥɢ ɦɟɠɞɭ ɨɮɢɫɚɦɢ ɤɨɦɩɚɧɢɢ ɫɭɳɟɫɬɜɭɸɬ ɦɟɞɥɟɧɧɵɟ ɫɟɬɟɜɵɟ ɩɨɞɤɥɸɱɟɧɢɹ ɢɥɢ ɟɫɥɢ ɜ ɨɮɢɫɚɯ ɢɦɟɟɬɫɹ ɦɧɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ȿɞɢɧɫɬɜɟɧɧɵɣ ɫɩɨɫɨɛ ɨɝɪɚɧɢɱɢɬɶ ɜ ɷɬɨɦ ɫɥɭɱɚɟ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɫɨɡɞɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɞɨɦɟɧɵ. • Ʌɸɛɵɟ ɨɮɢɫɵ ɤɨɦɩɚɧɢɢ, ɫɜɹɡɶ ɦɟɠɞɭ ɤɨɬɨɪɵɦɢ ɨɛɟɫɩɟɱɢɜɚɟɬɫɹ ɬɨɥɶɤɨ ɩɪɨɫɬɵɦ ɩɪɨɬɨɤɨɥɨɦ ɩɟɪɟɞɚɱɢ ɩɨɱɬɵ (SMTP), ɞɨɥɠɧɵ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶɫɹ ɤɚɤ ɨɬɞɟɥɶɧɵɟ ɞɨɦɟɧɵ. ɂɧɮɨɪɦɚɰɢɹ ɞɨɦɟɧɚ ɧɟ ɦɨɠɟɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɱɟɪɟɡ ɫɜɹɡɢ ɫɚɣɬɚ, ɢɫɩɨɥɶɡɭɸɳɢɟ ɩɪɨɬɨɤɨɥ SMTP. • ȿɞɢɧɫɬɜɟɧɧɵɣ ɫɩɨɫɨɛ ɢɦɟɬɶ ɪɚɡɥɢɱɧɭɸ ɩɨɥɢɬɢɤɭ ɩɚɪɨɥɟɣ, ɩɨɥɢɬɢɤɭ ɛɥɨɤɢɪɨɜɤɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɢ ɩɨɥɢɬɢɤɭ ɛɢɥɟɬɨɜ Kerberos ɫɨɫɬɨɢɬ ɜ ɪɚɡɜɟɪɬɵɜɚɧɢɢ ɨɬɞɟɥɶɧɵɯ ɞɨɦɟɧɨɜ. • ȿɫɥɢ ɜɚɦ ɧɟɨɛɯɨɞɢɦɨ ɨɝɪɚɧɢɱɢɜɚɬɶ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ ɢ ɢɦɟɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ
ɪɚɡɪɟɲɟɧɢɹ, ɜɵ ɡɚɯɨɬɢɬɟ ɪɚɡɜɟɪɧɭɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɞɨɦɟɧɵ. Ⱦɥɹ ɧɟɤɨɬɨɪɵɯ ɤɨɦɩɚɧɢɣ ɦɨɝɭɬ ɫɭɳɟɫɬɜɨɜɚɬɶ ɸɪɢɞɢɱɟɫɤɢɟ ɩɪɢɱɢɧɵ ɞɥɹ ɫɨɡɞɚɧɢɹ ɨɬɞɟɥɶɧɵɯ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɣ. • ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɞɨɦɟɧɵ ɫɨɡɞɚɸɬɫɹ ɩɨɬɨɦɭ, ɱɬɨ ɥɭɱɲɢɣ ɩɭɬɶ ɩɟɪɟɯɨɞɚ ɞɥɹ ɨɪɝɚɧɢɡɚɰɢɢ ɫɨɫɬɨɢɬ ɜ ɦɨɞɟɪɧɢɡɚɰɢɢ ɧɟɫɤɨɥɶɤɢɯ ɭɠɟ ɢɦɟɸɳɢɯɫɹ ɞɨɦɟɧɨɜ. ɋɭɳɟɫɬɜɭɸɬ ɫɟɪɶɟɡɧɵɟ ɨɫɧɨɜɚɧɢɹ ɞɥɹ ɫɨɡɞɚɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɞɨɦɟɧɨɜ. Ɉɞɧɚɤɨ ɤɚɠɞɵɣ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɞɨɦɟɧ ɭɜɟɥɢɱɢɜɚɟɬ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɢ ɮɢɧɚɧɫɨɜɵɟ ɢɡɞɟɪɠɤɢ. Ʉɚɠɞɵɣ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɞɨɦɟɧ ɬɪɟɛɭɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜ ɢ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ. ɉɨɥɶɡɨɜɚɬɟɥɢ ɛɭɞɭɬ ɨɛɪɚɳɚɬɶɫɹ ɤ ɪɟɫɭɪɫɚɦ ɱɟɪɟɡ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ, ɱɬɨ ɨɡɧɚɱɚɟɬ ɛɨɥɶɲɭɸ ɫɥɨɠɧɨɫɬɶ ɢ ɩɨɬɟɧɰɢɚɥɶɧɨ ɛɨɥɶɲɟɟ ɤɨɥɢɱɟɫɬɜɨ ɦɟɫɬ ɜɨɡɦɨɠɧɨɝɨ ɨɬɤɚɡɚ. ɉɨɥɶɡɨɜɚɬɟɥɢ, ɩɭɬɟɲɟɫɬɜɭɸɳɢɟ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ, ɞɨɥɠɧɵ ɩɨɞɬɜɟɪɠɞɚɬɶ ɫɜɨɢ ɩɪɚɜɚ ɞɨɫɬɭɩɚ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɫɜɨɟɦ ɞɨɦɚɲɧɟɦ ɞɨɦɟɧɟ. ɂɡ-ɡɚ ɷɬɢɯ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɡɚɬɪɚɬ ɨɛɳɟɟ ɤɨɥɢɱɟɫɬɜɨ ɞɨɦɟɧɨɜ ɞɨɥɠɧɨ ɨɫɬɚɜɚɬɶɫɹ ɧɚɫɬɨɥɶɤɨ ɦɚɥɵɦ, ɧɚɫɤɨɥɶɤɨ ɷɬɨ ɜɨɡɦɨɠɧɨ.
Ⱦɪɭɝɨɟ ɜɚɠɧɨɟ ɪɟɲɟɧɢɟ, ɤɨɬɨɪɨɟ ɜɵ ɞɨɥɠɧɵ ɩɪɢɧɹɬɶ ɩɪɢ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ ɫɥɭɠɛɵ Active Directory ɛɨɥɶɲɨɣ ɤɨɦɩɚɧɢɢ, — ɞɟɣɫɬɜɢɬɟɥɶɧɨ ɥɢ ɜɵ ɞɨɥɠɧɵ ɪɚɡɜɟɪɧɭɬɶ ɧɚɡɧɚɱɟɧɧɵɣ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ (ɧɚɡɵɜɚɟɦɵɣ ɬɚɤɠɟ ɩɭɫɬɵɦ ɤɨɪɧɟɦ). (dedicated root domain) -ɷɬɨ ɞɨɦɟɧ, ɤɨɬɨɪɵɣ ɜɵɩɨɥɧɹɟɬ ɮɭɧɤɰɢɢ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ. ȼ ɷɬɨɦ ɞɨɦɟɧɟ ɧɟɬ ɧɢɤɚɤɢɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɥɢ ɪɟɫɭɪɫɨɜ, ɡɚ ɢɫɤɥɸɱɟɧɢɟɦ ɬɟɯ, ɤɨɬɨɪɵɟ ɧɭɠɧɵ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɥɟɫɨɦ. Ʌɟɫ ɫ ɧɚɡɧɚɱɟɧɧɵɦ ɤɨɪɧɟɜɵɦ ɞɨɦɟɧɨɦ ɩɨɤɚɡɚɧ ɧɚ ɪɢɫɭɧɤɟ 5-1. Ⱦɥɹ ɛɨɥɶɲɢɧɫɬɜɚ ɤɨɦɩɚɧɢɣ, ɪɚɡɜɟɪɬɵɜɚɸɳɢɯ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ, ɧɚɫɬɨɹɬɟɥɶɧɨ ɪɟɤɨɦɟɧɞɭɟɬɫɹ ɢɦɟɬɶ ɧɚɡɧɚɱɟɧɧɵɣ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ. Ʉɨɪɧɟɜɨɣ ɞɨɦɟɧ - ɷɬɨ ɤɪɢɬɢɱɟɫɤɢɣ ɞɨɦɟɧ ɜ ɫɬɪɭɤɬɭɪɟ Active Directory. Ɉɧ ɫɨɞɟɪɠɢɬ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɝɪɭɩɩɵ ɭɪɨɜɧɹ ɥɟɫɚ (ɝɪɭɩɩɵ Enterprise Admins ɢ Schema Admins) ɢ ɯɨɡɹɟɜ ɨɩɟɪɚɰɢɣ ɭɪɨɜɧɹ ɥɟɫɚ (ɯɨɡɹɢɧɚ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ ɢ ɯɨɡɹɢɧɚ ɫɯɟɦɵ). Ʉɪɨɦɟ ɬɨɝɨ, ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ ɞɨɥɠɟɧ ɛɵɬɶ ɜɫɟɝɞɚ ɞɨɫɬɭɩɟɧ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜɯɨɞɹɬ ɧɚ ɞɪɭɝɢɟ ɞɨɦɟɧɵ, ɧɟ ɹɜɥɹɸɳɢɟɫɹ ɢɯ ɞɨɦɚɲɧɢɦɢ ɞɨɦɟɧɚɦɢ, ɢɥɢ ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɢ ɨɛɪɚɳɚɸɬɫɹ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɜ ɞɪɭɝɢɯ ɞɨɦɟɧɚɯ. Ʉɨɪɧɟɜɨɣ ɞɨɦɟɧ ɧɟɥɶɡɹ ɡɚɦɟɧɹɬɶ, ɟɫɥɢ ɨɧ ɪɚɡɪɭɲɟɧ, ɟɝɨ ɧɟɥɶɡɹ ɜɨɫɫɬɚɧɨɜɢɬɶ, ɜɵ ɞɨɥɠɧɵ ɡɚɧɨɜɨ ɩɨɫɬɪɨɢɬɶ ɜɟɫɶ ɥɟɫ.
. 5-1.
ɇɚɡɧɚɱɟɧɧɵɦ ɤɨɪɧɟɜɵɦ ɞɨɦɟɧɨɦ ɭɩɪɚɜɥɹɬɶ ɥɟɝɱɟ, ɱɟɦ ɤɨɪɧɟɜɵɦ ɞɨɦɟɧɨɦ, ɫɨɞɟɪɠɚɳɢɦ ɦɧɨɝɨ ɨɛɴɟɤɬɨɜ. ɉɨɫɤɨɥɶɤɭ ɛɚɡɚ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ ɛɭɞɟɬ ɦɚɥɚ, ɞɨɫɬɚɬɨɱɧɨ ɩɪɨɫɬɨ ɩɨɞɞɟɪɠɢɜɚɬɶ ɢ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ. Ɇɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɩɪɚɤɬɢɱɟɫɤɢ ɧɟɬ ɬɪɚɮɢɤɚ ɪɟɩɥɢɤɚɰɢɢ, ɬɚɤ ɱɬɨ ɧɟ ɫɥɨɠɧɨ ɪɚɫɩɨɥɨɠɢɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɧɟɫɤɨɥɶɤɢɯ ɨɮɢɫɚɯ ɤɨɦɩɚɧɢɢ ɞɥɹ ɝɚɪɚɧɬɢɢ ɢɡɛɵɬɨɱɧɨɫɬɢ. ɗɬɨ ɨɛɥɟɝɱɢɬ ɬɚɤɠɟ ɩɟɪɟɦɟɳɟɧɢɟ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɜ ɞɪɭɝɨɟ ɦɟɫɬɨ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɧɚɡɧɚɱɟɧɧɨɝɨ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɨɛɥɟɝɱɚɟɬ
ɨɝɪɚɧɢɱɟɧɢɟ ɱɥɟɧɫɬɜɚ ɜ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɝɪɭɩɩɚɯ ɭɪɨɜɧɹ ɥɟɫɚ. ɇɚɡɧɚɱɟɧɧɵɣ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ ɧɢɤɨɝɞɚ ɧɟ ɭɫɬɚɪɟɜɚɟɬ, ɨɫɨɛɟɧɧɨ ɟɫɥɢ ɞɨɦɟɧɭ ɞɚɸɬ ɝɪɭɩɩɨɜɨɟ (generic) ɢɦɹ. ɉɨ ɷɬɢɦ ɩɪɢɱɢɧɚɦ ɛɨɥɶɲɢɧɫɬɜɨ ɤɨɦɩɚɧɢɣ, ɜɵɛɢɪɚɸɳɢɟ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ, ɞɨɥɠɧɵ ɪɚɡɜɟɪɬɵɜɚɬɶ ɧɚɡɧɚɱɟɧɧɵɣ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ. Ⱦɚɠɟ ɤɨɦɩɚɧɢɢ, ɩɥɚɧɢɪɭɸɳɢɟ ɬɨɥɶɤɨ ɨɞɢɧ ɞɨɦɟɧ, ɞɨɥɠɧɵ ɪɚɫɫɦɨɬɪɟɬɶ ɩɪɟɢɦɭɳɟɫɬɜɚ, ɫɜɹɡɚɧɧɵɟ ɫ ɪɚɡɜɟɪɬɵɜɚɧɢɟɦ ɧɚɡɧɚɱɟɧɧɨɝɨ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ. ɇɚɡɧɚɱɟɧɧɵɣ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ ɬɪɟɛɭɟɬ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ, ɤɨɬɨɪɨɟ ɧɟ ɩɪɢɦɟɧɹɟɬɫɹ ɤ ɞɪɭɝɢɦ ɞɨɦɟɧɚɦ ɥɟɫɚ. ɉɨɫɤɨɥɶɤɭ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ ɫɨɞɟɪɠɢɬ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɥɟɫɚ, ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɞɥɹ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɞɨɥɠɧɵ ɛɵɬɶ ɡɚɳɢɳɟɧɵ ɜ ɦɚɤɫɢɦɚɥɶɧɨ ɜɨɡɦɨɠɧɨɣ ɫɬɟɩɟɧɢ. Ⱦɨɦɟɧ ɥɟɫɚ ɬɚɤɠɟ ɫɨɞɟɪɠɢɬ ɝɪɭɩɩɵ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɢɡɦɟɧɹɬɶ ɥɟɫ ɢ ɫɯɟɦɭ. ɑɥɟɧɵ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɝɪɭɩɩ ɜ ɤɨɪɧɟɜɨɦ ɞɨɦɟɧɟ ɞɨɥɠɧɵ ɢɦɟɬɶ ɛɨɥɟɟ ɜɵɫɨɤɢɣ ɭɪɨɜɟɧɶ ɞɨɜɟɪɢɹ, ɱɟɦ ɜ ɫɥɭɱɚɟ ɫ ɥɸɛɵɦ ɞɪɭɝɢɦ ɞɨɦɟɧɨɦ. ȼɵ, ɜɟɪɨɹɬɧɨ, ɡɚɯɨɬɢɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɩɰɢɸ Restricted Group (Ɉɝɪɚɧɢɱɟɧɧɚɹ ɝɪɭɩɩɚ) ɜ ɩɨɥɢɬɢɤɟ Domain Security Policy (ɉɨɥɢɬɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɨɦɟɧɚ) ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɱɥɟɧɫɬɜɨɦ ɷɬɢɯ ɝɪɭɩɩ. Ʉɨɧɮɢɝɭɪɚɰɢɹ DNS ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɞɨɥɠɧɚ ɛɵɬɶ ɧɚɫɬɨɥɶɤɨ ɛɟɡɨɩɚɫɧɨɣ, ɧɚɫɤɨɥɶɤɨ ɷɬɨ ɜɨɡɦɨɠɧɨ. ɉɨɫɤɨɥɶɤɭ ɭɫɬɚɧɨɜɤɚ ɜ ɤɨɪɧɟɜɨɦ ɞɨɦɟɧɟ ɤɚɤɨɝɨ-ɥɢɛɨ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɤɨɦɩɶɸɬɟɪɚ ɦɚɥɨɜɟɪɨɹɬɧɚ, ɜɵ ɞɨɥɠɧɵ ɜɤɥɸɱɢɬɶ ɛɟɡɨɩɚɫɧɵɟ ɞɢɧɚɦɢɱɟɫɤɢɟ ɨɛɧɨɜɥɟɧɢɹ ɞɥɹ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɡɨɧɵ DNS ɧɚ ɜɪɟɦɹ ɢɧɫɬɚɥɥɹɰɢɢ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɚ ɡɚɬɟɦ ɞɢɧɚɦɢɱɟɫɤɢɟ ɨɛɧɨɜɥɟɧɢɹ ɞɥɹ ɷɬɨɣ ɡɨɧɵ ɫɥɟɞɭɟɬ ɨɬɤɥɸɱɢɬɶ.
Ʉɚɤ ɬɨɥɶɤɨ ɩɪɨɟɤɬ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɜɵɩɨɥɧɟɧ, ɧɭɠɧɨ ɨɩɪɟɞɟɥɢɬɶ ɤɨɥɢɱɟɫɬɜɨ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɞɨɦɟɧɨɜ ɢ ɬɨ, ɢ ɤɚɤ ɨɧɢ ɜɩɢɲɭɬɫɹ ɜ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ DNS ɥɟɫɚ. ɂɫɩɨɥɶɡɭɣɬɟ ɪɟɤɨɦɟɧɞɚɰɢɢ, ɩɨɥɭɱɟɧɧɵɟ ɪɚɧɟɟ. ȿɫɥɢ ɬɟɤɭɳɚɹ ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ - ɷɬɨ ɫɥɭɠɛɚ ɞɥɹ ɫɟɬɢ Windows NT, ɬɨ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɤɨɥɢɱɟɫɬɜɚ ɞɨɦɟɧɨɜ Windows Server 2003 ɜɵ ɞɨɥɠɧɵ ɢɫɫɥɟɞɨɜɚɬɶ ɭɠɟ ɢɦɟɸɳɭɸɫɹ ɫɬɪɭɤɬɭɪɭ ɞɨɦɟɧɨɜ. Ɇɧɨɝɢɟ ɤɪɭɩɧɵɟ ɤɨɦɩɚɧɢɢ ɪɚɡɜɟɪɧɭɥɢ ɞɨɦɟɧɵ Windows NT, ɢɫɩɨɥɶɡɭɹ ɦɨɞɟɥɢ ɫ ɨɞɧɢɦ ɢɥɢ ɧɟɫɤɨɥɶɤɢɦɢ ɯɨɡɹɟɜɚɦɢ ɞɨɦɟɧɚ, ɜ ɤɨɬɨɪɨɣ ɨɞɧɢ ɞɨɦɟɧɵ ɫɨɞɟɪɠɚɥɢ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɥɨɛɚɥɶɧɵɯ ɝɪɭɩɩ, ɚ ɞɪɭɝɢɟ — ɪɟɫɭɪɫɵ ɤɨɦɩɚɧɢɢ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɤɨɦɩɚɧɢɢ ɢɦɟɥɢ ɞɸɠɢɧɵ ɞɨɦɟɧɨɜ ɫ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ ɢ ɫɨɬɧɢ ɞɨɦɟɧɨɜ ɫ ɪɟɫɭɪɫɚɦɢ. ɑɚɫɬɨ ɞɨɦɟɧɵ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɛɵɥɢ ɨɪɝɚɧɢɡɨɜɚɧɵ ɜɨɤɪɭɝ ɝɟɨɝɪɚɮɢɱɟɫɤɢɯ ɪɟɝɢɨɧɨɜ ɢɥɢ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɣ, ɢ ɤɚɠɞɵɣ ɢɡ ɧɢɯ ɨɛɵɱɧɨ ɢɦɟɥ ɨɞɢɧ ɢɥɢ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ ɪɟɫɭɪɫɨɜ ɜ ɩɪɟɞɟɥɚɯ ɨɞɧɨɝɨ ɝɟɨɝɪɚɮɢɱɟɫɤɨɝɨ ɪɟɝɢɨɧɚ ɢɥɢ ɞɟɥɨɜɨɝɨ ɩɨɞɪɚɡɞɟɥɟɧɢɹ. ɇɚ ɪɢɫɭɧɤɟ 5-2 ɩɨɤɚɡɚɧ ɩɪɢɦɟɪ ɬɨɝɨ, ɤɚɤ ɦɨɠɟɬ ɜɵɝɥɹɞɟɬɶ ɤɨɧɮɢɝɭɪɚɰɢɹ ɞɨɦɟɧɨɜ. ɉɟɪɟɯɨɞɹ ɤ Active Directory, ɷɬɢ ɤɨɦɩɚɧɢɢ ɦɨɝɭɬ ɡɧɚɱɢɬɟɥɶɧɨ ɭɦɟɧɶɲɢɬɶ ɤɨɥɢɱɟɫɬɜɨ ɞɨɦɟɧɨɜ. Ɉɛɵɱɧɵɣ ɩɭɬɶ ɨɛɧɨɜɥɟɧɢɹ ɞɥɹ ɦɧɨɝɢɯ ɫɨɫɬɨɢɬ ɜ ɦɨɞɟɪɧɢɡɚɰɢɢ ɞɨɦɟɧɨɜ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ. ɉɨɫɤɨɥɶɤɭ ɞɨɦɟɧɵ Active Directory ɦɨɝɭɬ ɫɨɞɟɪɠɚɬɶ ɡɧɚɱɢɬɟɥɶɧɨ ɛɨɥɶɲɟ ɨɛɴɟɤɬɨɜ, ɜ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɤɨɦɩɚɧɢɹ ɦɨɝɥɚ ɛɵ ɫɨɟɞɢɧɢɬɶ ɧɟɫɤɨɥɶɤɨ ɝɥɚɜɧɵɯ ɞɨɦɟɧɨɜ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɜ ɨɞɢɧ ɞɨɦɟɧ Active Directory. Ʉɚɤ ɬɨɥɶɤɨ ɩɪɨɢɡɨɣɞɟɬ ɦɨɞɟɪɧɢɡɚɰɢɹ ɞɨɦɟɧɨɜ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ, ɦɨɠɧɨ ɪɟɫɬɪɭɤɬɭɪɢɪɨɜɚɬɶ ɞɨɦɟɧɵ ɪɟɫɭɪɫɨɜ, ɱɬɨɛɵ ɨɧɢ ɫɬɚɥɢ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɦɢ ɟɞɢɧɢɰɚɦɢ ɜ ɞɨɦɟɧɟ Active Directory. ɂɧɨɝɞɚ ɞɨɦɟɧɵ ɪɟɫɭɪɫɨɜ ɦɨɠɧɨ ɭɞɚɥɢɬɶ. ɇɚɩɪɢɦɟɪ, ɧɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɢɦɟɥɢ ɞɨɦɟɧɵ ɪɟɫɭɪɫɨɜ ɞɥɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ Exchange Server 5.5. ɉɪɢ ɩɟɪɟɯɨɞɟ ɨɪɝɚɧɢɡɚɰɢɢ ɤ Exchange Server 2000 ɫɟɪɜɟɪɵ ɦɨɝɭɬ ɛɵɬɶ ɪɚɡɜɟɪɧɭɬɵ ɜ ɞɨɦɟɧɟ Active Directory. Ʉɨɝɞɚ ɩɨɫɥɟɞɧɢɣ ɫɟɪɜɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ Exchange Server 5.5, ɭɞɚɥɹɟɬɫɹ, ɞɨɦɟɧ Exchange ɦɨɠɧɨ ɬɚɤɠɟ ɭɞɚɥɢɬɶ. ɇɚ ɪɢɫɭɧɤɟ 5-3 ɩɨɤɚɡɚɧ ɜɨɡɦɨɠɧɵɣ ɩɟɪɟɯɨɞ ɞɥɹ ɤɨɦɩɚɧɢɢ, ɢɦɟɸɳɟɣ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ Windows NT 4.
. 5-2. Windows NT
ɉɪɢ ɩɥɚɧɢɪɨɜɚɧɢɢ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɞɨɦɟɧɨɜ ɜ ɥɟɫɭ ɝɪɚɧɢɰɵ ɞɨɦɟɧɚ ɨɛɵɱɧɨ ɨɩɪɟɞɟɥɹɸɬɫɹ ɢɥɢ ɝɟɨɝɪɚɮɢɱɟɫɤɢɦ ɦɟɫɬɨɦ ɪɚɫɩɨɥɨɠɟɧɢɹ ɤɨɪɩɨɪɚɰɢɢ, ɢɥɢ ɞɟɥɨɜɵɦɢ ɩɨɞɪɚɡɞɟɥɟɧɢɹɦɢ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɩɪɟɞɩɨɱɬɢɬɟɥɶɧɵ ɞɨɦɟɧɵ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɝɟɨɝɪɚɮɢɢ. Ⱦɨɦɟɧɧɭɸ ɤɨɧɮɢɝɭɪɚɰɢɸ ɬɪɭɞɧɨ ɢɡɦɟɧɹɬɶ ɩɨɫɥɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ, ɚ ɞɨɦɟɧɵ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɝɟɨɝɪɚɮɢɢ, ɜɪɹɞ ɥɢ ɛɭɞɭɬ ɬɪɟɛɨɜɚɬɶ ɦɨɞɢɮɢɤɚɰɢɢ. Ʉɪɨɦɟ ɬɨɝɨ, ɜ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɫɟɬɟɜɚɹ ɬɨɩɨɥɨɝɢɹ ɫɨɨɬɜɟɬɫɬɜɭɟɬ ɝɟɨɝɪɚɮɢɱɟɫɤɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ, ɬɚɤ ɱɬɨ ɟɫɥɢ ɜɵ ɛɭɞɟɬɟ ɫɨɡɞɚɜɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɞɨɦɟɧɵ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɬɪɚɮɢɤɨɦ ɪɟɩɥɢɤɚɰɢɢ, ɬɨ ɞɨɦɟɧɵ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɝɟɨɝɪɚɮɢɢ, ɜɟɪɨɹɬɧɨ, ɛɭɞɭɬ ɧɚɢɥɭɱɲɢɦ ɜɚɪɢɚɧɬɨɦ. Ⱦɨɦɟɧɧɵɣ ɩɪɨɟɤɬ, ɨɫɧɨɜɚɧɧɵɣ ɧɚ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɹɯ, ɜɵɛɢɪɚɟɬɫɹ ɬɨɥɶɤɨ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɷɬɢ ɩɨɞɪɚɡɞɟɥɟɧɢɹ ɞɨɫɬɚɬɨɱɧɨ ɚɜɬɨɧɨɦɧɵ. ȿɫɥɢ ɤɚɠɞɨɟ ɞɟɥɨɜɨɟ ɩɨɞɪɚɡɞɟɥɟɧɢɟ ɭɩɪɚɜɥɹɟɬ ɫɜɨɟɣ ɫɨɛɫɬɜɟɧɧɨɣ ɫɥɭɠɛɨɣ ɤɚɬɚɥɨɝɚ, ɬɨ ɞɨɦɟɧɵ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɹɯ, ɢɦɟɸɬ ɫɦɵɫɥ.
. 5-3.
Windows NT 4
Active Directory Windows Server 2003
ɉɨ ɦɟɪɟ ɞɨɛɚɜɥɟɧɢɹ ɞɨɦɟɧɨɜ ɤ ɥɟɫɭ ɜɵ ɦɨɠɟɬɟ ɞɟɥɚɬɶ ɷɬɨ ɜ ɤɨɧɮɢɝɭɪɚɰɢɢ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɞɟɪɟɜɶɹɦɢ ɢɥɢ ɜ ɟɞɢɧɫɬɜɟɧɧɨɦ ɞɟɪɟɜɟ. ȿɫɥɢ ɜɵ ɞɨɛɚɜɥɹɟɬɟ ɞɨɦɟɧɵ ɜ ɟɞɢɧɫɬɜɟɧɧɨɟ ɞɟɪɟɜɨ, ɬɨ ɨɧɢ ɛɭɞɭɬ ɢɦɟɬɶ ɫɦɟɠɧɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ, ɬ.ɟ. ɩɨɞɩɚɞɚɬɶ ɩɨɞ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ. ɑɚɫɬɨ ɷɬɨ ɹɜɥɹɟɬɫɹ ɧɚɢɥɭɱɲɢɦ ɩɪɨɟɤɬɨɦ ɞɥɹ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨɣ ɤɨɪɩɨɪɚɰɢɢ, ɝɞɟ ɜɫɟ ɞɟɥɨɜɵɟ
ɩɨɞɪɚɡɞɟɥɟɧɢɹ ɢɡɜɟɫɬɧɵ ɩɨɞ ɨɞɧɢɦ ɢɦɟɧɟɦ. Ɉɞɧɚɤɨ ɟɫɥɢ ɤɨɪɩɨɪɚɰɢɹ ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɣ ɫɨ ɫɜɨɟɨɛɪɚɡɧɵɦɢ ɨɬɥɢɱɢɬɟɥɶɧɵɦɢ ɱɟɪɬɚɦɢ, ɬɨ ɦɨɠɟɬ ɜɨɡɧɢɤɧɭɬɶ ɡɧɚɱɢɬɟɥɶɧɨɟ ɫɨɩɪɨɬɢɜɥɟɧɢɟ ɤ ɢɫɩɨɥɶɡɨɜɚɧɢɸ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɞɪɭɝɨɝɨ ɞɟɥɨɜɨɝɨ ɩɨɞɪɚɡɞɟɥɟɧɢɹ. ȼ ɷɬɢɯ ɫɥɭɱɚɹɯ ɜɵ ɞɨɥɠɧɵ ɞɨɛɚɜɥɹɬɶ ɞɨɦɟɧɵ ɜ ɨɬɞɟɥɶɧɵɟ ɞɟɪɟɜɶɹ, ɫɨɡɞɚɜɚɹ, ɬɚɤɢɦ ɨɛɪɚɡɨɦ, ɧɟɫɤɨɥɶɤɨ ɩɪɨɫɬɪɚɧɫɬɜ ɢɦɟɧ. ɋ ɮɭɧɤɰɢɨɧɚɥɶɧɨɣ ɬɨɱɤɢ ɡɪɟɧɢɹ ɦɟɠɞɭ ɪɚɡɜɟɪɬɵɜɚɧɢɟɦ ɟɞɢɧɫɬɜɟɧɧɨɝɨ ɞɟɪɟɜɚ ɢɥɢ ɧɟɫɤɨɥɶɤɢɯ ɞɟɪɟɜɶɟɜ ɧɟɬ ɩɨɱɬɢ ɧɢɤɚɤɨɝɨ ɪɚɡɥɢɱɢɹ. ȼ ɥɸɛɨɦ ɫɥɭɱɚɟ ɜɫɟ ɞɨɦɟɧɵ ɫɨɜɦɟɫɬɧɨ ɢɫɩɨɥɶɡɭɸɬ ɬɪɚɧɡɢɬɢɜɧɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɫ ɞɪɭɝɢɦɢ ɞɨɦɟɧɚɦɢ, GC ɢ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɵɣ ɤɨɧɬɟɣɧɟɪ. Ƚɥɚɜɧɚɹ ɫɥɨɠɧɨɫɬɶ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɧɟɫɤɨɥɶɤɢɯ ɞɟɪɟɜɶɟɜ ɫɨɫɬɨɢɬ ɜ ɪɚɡɪɚɛɨɬɤɟ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ DNS ɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɫɟɪɜɟɪɨɜ DNS. ɇɨ ɫ ɩɨɹɜɥɟɧɢɟɦ ɭɫɥɨɜɧɵɯ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ (conditional forwarders) ɢ ɫɨɤɪɚɳɟɧɧɵɯ ɡɨɧ (stub zones) ɷɬɚ ɩɪɨɰɟɞɭɪɚ ɜ Windows Server 2003 ɭɩɪɨɫɬɢɥɚɫɶ. ȿɫɥɢ ɜɵ ɪɚɡɜɟɪɬɵɜɚɟɬɟ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ, ɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɱɚɫɬɨ ɨɛɪɚɳɚɸɬɫɹ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɜ ɞɪɭɝɢɯ ɞɨɦɟɧɚɯ ɢɥɢ ɜɯɨɞɹɬ ɧɚ ɧɢɯ, ɜɵ, ɜɨɡɦɨɠɧɨ, ɡɚɯɨɬɢɬɟ ɞɨɛɚɜɢɬɶ ɩɪɹɦɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ (shortcut trusts) ɤ ɩɪɨɟɤɬɭ ɫɜɨɟɝɨ ɞɨɦɟɧɚ. ɉɪɹɦɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɭɥɭɱɲɟɧɢɹ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɢ ɩɪɢ ɞɨɫɬɭɩɟ ɤ ɪɟɫɭɪɫɚɦ ɢɥɢ ɩɪɢ ɜɯɨɞɟ ɜ ɫɢɫɬɟɦɭ ɫ ɪɚɡɧɵɯ ɞɨɦɟɧɨɜ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɞɨɜɟ- • ɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ ɜ Active Directory ɹɜɥɹɸɬɫɹ ɢɥɢ ɪɨɞɢɬɟɥɶɫɤɨ-ɞɨɱɟɪɧɢɦɢ, ɢɥɢ ɞɨɜɟɪɢɬɟɥɶɧɵɦɢ ɨɬɧɨɲɟɧɢɹɦɢ ɤɨɪɧɹ ɞɟɪɟɜɚ. Ʉɚɠɞɚɹ ɪɨɞɢɬɟɥɶɫɤɨ-ɞɨɱɟɪɧɹɹ ɩɚɪɚ ɫɨɜɦɟɫɬɧɨ ɢɫɩɨɥɶɡɭɟɬ ɞɜɭɯɫɬɨɪɨɧɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ, ɬɚɤ ɠɟ ɤɚɤ ɢ ɤɨɪɧɢ ɤɚɠɞɨɝɨ ɞɟɪɟɜɚ. ɉɨɫɤɨɥɶɤɭ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɬɪɚɧɡɢɬɢɜɧɵ, ɷɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɫɟ ɞɨɦɟɧɵ ɜ ɥɟɫɭ ɞɨɜɟɪɹɸɬ ɞɪɭɝ ɞɪɭɝɭ. Ɉɞɧɚɤɨ ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɞɨɦɟɧ, ɧɟ ɹɜɥɹɸɳɢɣɫɹ ɟɝɨ ɞɨɦɚɲɧɢɦ ɞɨɦɟɧɨɦ, ɜɨɡɦɨɠɧɨ, ɱɬɨ ɩɪɨɰɟɫɫɭ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɩɪɢɞɟɬɫɹ ɩɟɪɟɫɟɤɚɬɶ ɜɟɫɶ ɩɭɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ. ɇɚɩɪɢɦɟɪ, ɤɨɪɩɨɪɚɰɢɹ ɢɦɟɟɬ ɫɬɪɭɤɬɭɪɭ ɞɨɦɟɧɚ, ɩɨɤɚɡɚɧɧɭɸ ɧɚ ɪɢɫɭɧɤɟ 5-4. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɫ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ ɜ ɞɨɦɟɧɟ Asia.Fab-rikam.com ɜɯɨɞɢɬ ɜ ɞɨɦɟɧ Canada.NAmerica.Contoso.com Contoso.com, ɬɨ ɧɚɱɚɥɶɧɵɣ ɡɚɩɪɨɫ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɩɨɣɞɟɬ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɤɚɧɚɞɫɤɨɦ ɞɨɦɟɧɟ. Ɂɚɩɪɨɫ ɧɚ ɜɯɨɞ ɜ ɫɢɫɬɟɦɭ ɞɨɥɠɟɧ ɫɫɵɥɚɬɶɫɹ ɧɚ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɫ ɞɨɦɟɧɨɦ NAmerica, ɡɚɬɟɦ ɫ ɞɨɦɟɧɨɦ Contoso, ɞɚɥɟɟ ɫ ɞɨɦɟɧɨɦ Fabrikam ɢ, ɧɚɤɨɧɟɰ, ɫ ɞɨɦɟɧɨɦ Asia. ɉɪɹɦɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɨɝɭɬ ɫɨɤɪɚɳɚɬɶ ɩɭɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɩɪɹɦɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ Canada ɢ Asia, ɡɚɩɪɨɫ ɧɚ ɜɯɨɞ ɜ ɫɢɫɬɟɦɭ ɦɨɠɟɬ ɛɵɬɶ ɨɬɩɪɚɜɥɟɧ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ Asia ɧɚɩɪɹɦɭɸ. . , . , , , .
. 5-4.
ɉɥɚɧɢɪɨɜɚɧɢɟ ɞɨɦɟɧɨɜ ɫɥɟɞɭɟɬ ɡɚɤɨɧɱɢɬɶ ɩɟɪɟɞ ɧɚɱɚɥɨɦ ɪɚɡɜɟɪɬɵɜɚɧɢɹ, ɩɨɬɨɦɭ ɱɬɨ ɞɨɦɟɧɧɭɸ ɤɨɧɮɢɝɭɪɚɰɢɸ ɬɪɭɞɧɨ ɢɡɦɟɧɹɬɶ ɩɨɫɥɟ. Windows Server 2003 ɢɦɟɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɩɟɪɟɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ ɜ ɥɟɫɭ, ɪɚɛɨɬɚɸɳɟɦ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows Server 2003. Ɇɨɠɧɨ ɩɟɪɟɦɟɳɚɬɶ ɞɨɦɟɧ ɢɡ ɨɞɧɨɝɨ ɞɟɪɟɜɚ ɜ ɞɪɭɝɨɟ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ, ɧɨ ɧɟɬ ɜɨɡɦɨɠɧɨɫɬɢ ɡɚɦɟɧɵ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ. ɉɨ ɫɭɳɟɫɬɜɭ, ɜɨɡɦɨɠɧɨɫɬɶ ɩɟɪɟɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɚ ɩɨɡɜɨɥɹɟɬ ɜɚɦ ɢɡɦɟɧɹɬɶ ɫɬɪɭɤɬɭɪɭ ɢɦɟɧɨɜɚɧɢɹ ɜ ɥɟɫɭ, ɧɨ ɧɟ ɩɨɡɜɨɥɹɟɬ ɞɟɥɚɬɶ ɛɨɥɟɟ ɮɭɧɞɚɦɟɧɬɚɥɶɧɵɟ ɢɡɦɟɧɟɧɢɹ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɪɟɲɢɬɟ ɢɡɦɟɧɢɬɶ ɞɟɥɨɜɵɟ ɩɨɞɪɚɡɞɟɥɟɧɢɹ ɜ ɤɚɠɞɨɦ ɞɨɦɟɧɟ, ɜɵ ɞɨɥɠɧɵ ɩɟɪɟɦɟɫɬɢɬɶ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɨɛɴɟɤɬɨɜ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ. Ⱦɥɹ ɷɬɨɝɨ ɜɵ ɞɨɥɠɧɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɢɧɫɬɪɭɦɟɧɬ ɞɥɹ ɩɟɪɟɦɟɳɟɧɢɹ Active Directory (ADMT - Active Directory Migration Tool v.2) ɢɥɢ ɫɬɨɪɨɧɧɢɟ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ. ɂɧɫɬɪɭɦɟɧɬ ADMT ɦɨɠɧɨ ɧɚɣɬɢ ɜ ɩɚɩɤɟ /I386/ADMT ɧɚ ɤɨɦɩɚɤɬɞɢɫɤɟ Windows Server 2003.
Ⱦɥɹ ɤɚɠɞɨɝɨ ɢɡ ɞɨɦɟɧɨɜ, ɜɤɥɸɱɟɧɧɵɯ ɜ ɩɪɨɟɤɬ Active Directory, ɜɵ ɞɨɥɠɧɵ ɧɚɡɧɚɱɢɬɶ ɜɥɚɞɟɥɶɰɚ ɞɨɦɟɧɚ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɜɥɚɞɟɥɶɰɵ ɞɨɦɟɧɚ ɹɜɥɹɸɬɫɹ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦɢ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɣ ɢɥɢ ɝɟɨɝɪɚɮɢɱɟɫɤɨɝɨ ɪɟɝɢɨɧɚ, ɜ ɤɨɬɨɪɨɦ ɛɵɥ ɨɩɪɟɞɟɥɟɧ ɞɨɦɟɧ. . , . , — , . Ɋɨɥɶ ɜɥɚɞɟɥɶɰɚ ɞɨɦɟɧɚ ɫɨɫɬɨɢɬ ɜ ɭɩɪɚɜɥɟɧɢɢ ɢɧɞɢɜɢɞɭɚɥɶɧɵɦ ɞɨɦɟɧɨɦ. ɗɬɢ ɡɚɞɚɱɢ ɜɤɥɸɱɚɸɬ ɫɥɟɞɭɸɳɟɟ. • ɋɨɡɞɚɧɢɟ ɩɨɥɢɬɢɤ ɛɟɡɨɩɚɫɧɨɫɬɢ ɭɪɨɜɧɹ ɞɨɦɟɧɚ. ɗɬɨ ɜɤɥɸɱɚɟɬ ɩɨɥɢɬɢɤɭ ɩɚɪɨɥɟɣ, ɩɨɥɢɬɢɤɭ ɛɥɨɤɢɪɨɜɤɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɢ ɩɨɥɢɬɢɤɭ ɛɢɥɟɬɨɜ Kerberos.
• • • •
ɉɪɨɟɤɬɢɪɨɜɚɧɢɟ ɤɨɧɮɢɝɭɪɚɰɢɢ Group Policy (Ƚɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ) ɭɪɨɜɧɹ ɞɨɦɟɧɚ. ȼɥɚɞɟɥɟɰ ɞɨɦɟɧɚ ɦɨɠɟɬ ɩɪɨɟɤɬɢɪɨɜɚɬɶ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɞɥɹ ɜɫɟɝɨ ɞɨɦɟɧɚ ɢ ɞɟɥɟɝɢɪɨɜɚɬɶ ɩɪɚɜɨ ɫɜɹɡɵɜɚɬɶ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɫ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɦ ɭɪɨɜɧɹ OU. ɋɨɡɞɚɧɢɟ ɜ ɞɨɦɟɧɟ OU-ɫɬɪɭɤɬɭɪɵ ɜɵɫɨɤɨɝɨ ɭɪɨɜɧɹ. ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ OU-ɫɬɪɭɤɬɭɪɵ ɜɵɫɨɤɨɝɨ ɭɪɨɜɧɹ ɡɚɞɚɱɚ ɫɨɡɞɚɧɢɹ ɩɨɞɱɢɧɟɧɧɵɯ OU ɦɨɠɟɬ ɛɵɬɶ ɩɟɪɟɞɚɧɚ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ ɭɪɨɜɧɹ OU. Ⱦɟɥɟɝɢɪɨɜɚɧɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɩɪɚɜ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ. ȼɥɚɞɟɥɟɰ ɞɨɦɟɧɚ ɞɨɥɠɟɧ ɭɫɬɚɧɨɜɢɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɭɸ ɩɨɥɢɬɢɤɭ ɭɪɨɜɧɹ ɞɨɦɟɧɚ (ɜɤɥɸɱɚɹ ɩɨɥɢɬɢɤɢ ɫɯɟɦ ɢɦɟɧɨɜɚɧɢɹ, ɩɪɨɟɤɬɚ ɝɪɭɩɩ ɢ ɬ.ɞ.), ɚ ɡɚɬɟɦ ɞɟɥɟɝɢɪɨɜɚɬɶ ɩɪɚɜɚ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ ɭɪɨɜɧɹ OU. ɍɩɪɚɜɥɟɧɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɦɢ ɝɪɭɩɩɚɦɢ ɭɪɨɜɧɹ ɞɨɦɟɧɚ. Ʉɚɤ ɭɠɟ ɝɨɜɨɪɢɥɨɫɶ, ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɜ ɤɚɠɞɨɦ ɞɨɦɟɧɟ ɞɨɥɠɧɵ ɢɦɟɬɶ ɜɵɫɨɤɭɸ ɫɬɟɩɟɧɶ ɞɨɜɟɪɢɹ, ɩɨɬɨɦɭ ɱɬɨ ɢɯ ɞɟɣɫɬɜɢɹ ɦɨɝɭɬ ɜɵɡɵɜɚɬɶ ɩɨɫɥɟɞɫɬɜɢɹ ɧɚ ɭɪɨɜɧɟ ɥɟɫɚ. Ɋɨɥɶ ɜɥɚɞɟɥɶɰɚ ɞɨɦɟɧɚ ɫɨɫɬɨɢɬ ɜ ɨɝɪɚɧɢɱɟɧɢɢ ɱɥɟɧɫɬɜɚ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɣ ɝɪɭɩɩɵ ɭɪɨɜɧɹ ɞɨɦɟɧɚ ɢ ɜ ɞɟɥɟɝɢɪɨɜɚɧɢɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɩɪɚɜ ɧɢɡɲɟɝɨ ɭɪɨɜɧɹ ɜɫɟɝɞɚ, ɤɨɝɞɚ ɷɬɨ ɜɨɡɦɨɠɧɨ.
DNS
Ʉɚɤ ɬɨɥɶɤɨ ɜɵ ɨɩɪɟɞɟɥɢɥɢɫɶ ɫ ɤɨɥɢɱɟɫɬɜɨɦ ɞɨɦɟɧɨɜ ɢ ɢɯ ɢɟɪɚɪɯɢɟɣ, ɫɥɟɞɭɸɳɢɣ ɲɚɝ ɞɨɥɠɟɧ ɫɨɫɬɨɹɬɶ ɜ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ DNS ɞɥɹ ɜɚɲɟɣ ɫɟɬɢ. ɋɥɭɠɛɚ Active Directory Windows Server 2003 ɬɪɟɛɭɟɬ DNS, ɩɨɫɤɨɥɶɤɭ ɤɚɠɞɨɟ ɢɦɹ ɞɨɦɟɧɚ ɬɟɩɟɪɶ ɹɜɥɹɟɬɫɹ ɱɚɫɬɶɸ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ DNS. Ʉɥɸɱɟɜɨɟ ɪɟɲɟɧɢɟ ɩɪɨɟɤɬɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɨɩɪɟɞɟɥɢɬɶ, ɝɞɟ ɪɚɫɩɨɥɨɠɢɬɶ ɞɨɦɟɧɵ Active Directory ɜ ɩɪɟɞɟɥɚɯ ɷɬɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ. ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɷɬɨɦɭ ɜɵ ɞɨɥɠɧɵ ɬɚɤɠɟ ɫɩɪɨɟɤɬɢɪɨɜɚɬɶ ɤɨɧɮɢɝɭɪɚɰɢɸ ɫɟɪɜɟɪɚ DNS. ȿɫɥɢ ɤɨɦɩɚɧɢɹ ɭɠɟ ɢɦɟɟɬ ɫɜɨɸ ɢɧɮɪɚɫɬɪɭɤɬɭɪɭ DNS, ɬɨ ɜɚɦ ɩɪɢɞɟɬɫɹ ɫɩɪɨɟɤɬɢɪɨɜɚɬɶ ɫɜɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ, ɱɬɨɛɵ ɜɩɢɫɚɬɶɫɹ ɜ ɬɟɤɭɳɟɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ, ɚ ɬɚɤɠɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ DNS-ɫɟɪɜɟɪɵ Windows Server 2003 ɞɥɹ ɜɡɚɢɦɨɞɟɣɫɬɜɢɹ ɫ ɫɭɳɟɫɬɜɭɸɳɢɦɢ ɫɟɪɜɟɪɚɦɢ DNS.
DNS
ɉɟɪɜɵɣ ɲɚɝ ɜ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ DNS ɞɨɥɠɟɧ ɫɨɫɬɨɹɬɶ ɜ ɢɫɫɥɟɞɨɜɚɧɢɢ ɭɠɟ ɢɦɟɸɳɟɣɫɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ DNS. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɫɥɭɠɛɚ DNS ɜ Active Directory ɞɨɥɠɧɚ ɜɡɚɢɦɨɞɟɣɫɬɜɨɜɚɬɶ ɫ ɢɦɟɸɳɟɣɫɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɨɣ DNS. ɗɬɨ ɦɨɠɟɬ ɨɡɧɚɱɚɬɶ ɩɪɨɫɬɨ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɪɟɬɪɚɧɫɥɹɬɨɪɚ ɜ ɫɭɳɟɫɬɜɭɸɳɟɦ ɫɟɪɜɟɪɟ DNS, ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɢɦɟɸɳɟɝɨɫɹ DNS-ɫɟɪɜɟɪɚ ɤɚɤ ɨɫɧɨɜɧɨɝɨ ɞɥɹ Active Directory ɢɥɢ ɨɬɫɭɬɫɬɜɢɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ DNS ɜ Windows Server 2003. Active Directory ɬɪɟɛɭɟɬ, ɱɬɨɛɵ ɪɚɛɨɬɚɥɚ ɫɥɭɠɛɚ DNS, ɨɞɧɚɤɨ, ɫɭɳɟɫɬɜɭɟɬ ɧɟɫɤɨɥɶɤɨ ɜɚɪɢɚɧɬɨɜ ɟɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ. ɂɫɫɥɟɞɭɹ ɫɭɳɟɫɬɜɭɸɳɭɸ ɢɧɮɪɚɫɬɪɭɤɬɭɪɭ DNS, ɫɞɟɥɚɣɬɟ ɫɥɟɞɭɸɳɟɟ. • Ɂɚɞɨɤɭɦɟɧɬɢɪɭɣɬɟ ɜɫɟ DNS-ɢɦɟɧɚ ɞɨɦɟɧɨɜ, ɢɫɩɨɥɶɡɭɟɦɵɟ ɜ ɧɚɫɬɨɹɳɟɟ ɜɪɟɦɹ ɜ ɩɪɟɞɟɥɚɯ ɤɨɦɩɚɧɢɢ. ɋɸɞɚ ɜɯɨɞɹɬ ɢɦɟɧɚ, ɢɫɩɨɥɶɡɭɸɳɢɟɫɹ ɜ ɢɧɬɟɪɧɟɬɟ, ɚ ɬɚɤɠɟ ɜɧɭɬɪɟɧɧɢɟ ɢɦɟɧɚ. • Ɂɚɞɨɤɭɦɟɧɬɢɪɭɣɬɟ ɜɫɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɢɦɟɧɚ, ɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɹ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɥɚ ɜ ɫɬɪɭɤɬɭɪɚɯ ɜɥɚɫɬɢ ɢɧɬɟɪɧɟɬɚ. ɑɚɫɬɨ ɤɨɦɩɚɧɢɹ ɢɫɩɨɥɶɡɭɟɬ ɜ ɢɧɬɟɪɧɟɬɟ ɬɨɥɶɤɨ ɢɦɹ .com, ɦɨɠɧɨ ɬɚɤɠɟ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɬɶ ɢ ɞɪɭɝɢɟ ɢɦɟɧɚ ɞɨɦɟɧɚ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ ɬɢɩɚ .net ɢɥɢ .org. ȼɵ ɦɨɝɥɢ ɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɞɧɨ ɢɡ ɷɬɢɯ ɢɦɟɧ ɞɨɦɟɧɚ ɞɥɹ ɜɚɲɟɝɨ ɜɧɭɬɪɟɧɧɟɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ. • Ɂɚɞɨɤɭɦɟɧɬɢɪɭɣɬɟ ɫɭɳɟɫɬɜɭɸɳɭɸ ɤɨɧɮɢɝɭɪɚɰɢɸ ɫɟɪɜɟɪɨɜ DNS. ɗɬɚ ɞɨɤɭɦɟɧɬɚɰɢɹ ɞɨɥɠɧɚ ɜɤɥɸɱɚɬɶ ɬɢɩɵ DNS-ɫɟɪɜɟɪɨɜ, ɜ ɧɚɫɬɨɹɳɟɟ ɜɪɟɦɹ ɪɚɡɜɟɪɧɭɬɵɯ ɜ ɫɟɬɢ (ɧɚɩɪɢɦɟɪ DNS-ɫɟɪɜɟɪɵ ɧɚ ɛɚɡɟ Windows, BIND - Berkeley Internet Name Domain ɢɥɢ Lucent VitalQIP). Ʉɪɨɦɟ ɬɨɝɨ, ɤɨɧɮɢɝɭɪɚɰɢɹ DNS ɞɨɥɠɧɚ ɫɨɞɟɪɠɚɬɶ ɢɧɮɨɪɦɚɰɢɸ ɨ ɪɟɬɪɚɧɫɥɹɬɨɪɚɯ, ɨ ɞɟɥɟɝɢɪɨɜɚɧɢɢ ɡɨɧ ɢ ɨ ɤɨɧɮɢɝɭɪɚɰɢɢ ɨɫɧɨɜɧɵɯ ɢ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɫɟɪɜɟɪɨɜ.
Ʉɚɤ ɬɨɥɶɤɨ ɜɵ ɫɨɛɪɚɥɢ ɢɧɮɨɪɦɚɰɢɸ ɨɬɧɨɫɢɬɟɥɶɧɨ ɢɦɟɸɳɟɣɫɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ DNS, ɦɨɠɧɨ ɧɚɱɢɧɚɬɶ ɪɚɡɪɚɛɨɬɤɭ ɫɜɨɟɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɫɥɭɠɛɵ Active Directory.
DNS
Ɉɞɢɧ ɢɡ ɩɟɪɜɵɯ ɜɨɩɪɨɫɨɜ, ɧɚ ɤɨɬɨɪɵɣ ɜɵ ɞɨɥɠɧɵ ɨɬɜɟɬɢɬɶ ɩɟɪɟɞ ɧɚɱɚɥɨɦ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ, ɹɜɥɹɟɬɫɹ ɜɨɩɪɨɫ ɨ ɬɨɦ, ɯɨɬɢɬɟ ɥɢ ɜɵ ɢɦɟɬɶ ɨɞɧɨ ɢ ɬɨ ɠɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ DNS ɤɚɤ ɜ ɤɚɱɟɫɬɜɟ ɜɧɭɬɪɟɧɧɟɝɨ, ɬɚɤ ɢ ɜ ɤɚɱɟɫɬɜɟ ɜɧɟɲɧɟɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ. ɗɬɨɬ ɜɨɩɪɨɫ ɢɦɟɟɬ ɨɬɧɨɲɟɧɢɟ ɤ ɬɨɦɭ, ɞɟɣɫɬɜɢɬɟɥɶɧɨ ɥɢ ɜɵ ɯɨɬɢɬɟ ɜɵɫɬɚɜɢɬɶ ɜɧɭɬɪɟɧɧɟɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ ɜ ɢɧɬɟɪɧɟɬ.
ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɡɚɯɨɬɹɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɞɧɨ ɢ ɬɨ ɠɟ ɢɦɹ DNS ɢ ɜɧɭɬɪɢ, ɢ ɫɧɚɪɭɠɢ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɤɨɦɩɚɧɢɹ ɞɨɥɠɧɚ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɬɶ ɬɨɥɶɤɨ ɨɞɧɨ DNS-ɢɦɹ ɜ ɢɧɬɟɪɧɟɬɟ. ɇɚɩɪɢɦɟɪ, ɧɚ ɪɢɫɭɧɤɟ 5-5 ɩɨɤɚɡɚɧɨ, ɱɬɨ ɤɨɦɩɚɧɢɹ Contoso ɦɨɝɥɚ ɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ Contoso.com ɢ ɜɧɭɬɪɢ, ɢ ɜɧɟ ɤɨɦɩɚɧɢɢ.
. 5-5.
DNS
ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. ɇɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɢɫɩɨɥɶɡɭɟɬɟ ɥɢ ɜɵ ɨɞɢɧɚɤɨɜɵɟ ɢɥɢ ɪɚɡɥɢɱɧɵɟ ɜɧɭɬɪɟɧɧɟɟ ɢ ɜɧɟɲɧɟɟ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ, ɜɚɲ ɜɧɭɬɪɟɧɧɢɣ ɫɟɪɜɟɪ DNS ɧɢɤɨɝɞɚ ɧɟ ɞɨɥɠɟɧ ɛɵɬɶ ɞɨɫɬɭɩɟɧ ɜɧɟɲɧɢɦ ɤɥɢɟɧɬɚɦ. ȼɧɭɬɪɟɧɧɢɣ DNS-ɫɟɪɜɟɪ ɛɭɞɟɬ ɫɨɞɟɪɠɚɬɶ ɜɫɟ ɡɚɩɢɫɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɚ ɬɚɤɠɟ, ɩɨ ɜɨɡɦɨɠɧɨɫɬɢ, ɡɚɩɢɫɢ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɨɜ ɜ ɜɚɲɟɣ ɫɟɬɢ (ɟɫɥɢ ɜɵ ɜɤɥɸɱɢɬɟ ɞɢɧɚɦɢɱɟɫɤɭɸ ɫɥɭɠɛɭ DNS - DDNS). Ⱦɨɫɬɭɩɧɵɦɢ ɢɡ ɢɧɬɟɪɧɟɬɚ ɞɨɥɠɧɵ ɛɵɬɶ ɬɨɥɶɤɨ ɬɟ ɡɚɩɢɫɢ, ɤɨɬɨɪɵɟ ɤɚɫɚɸɬɫɹ ɪɟɫɭɪɫɨɜ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɷɬɨɝɨ ɞɨɫɬɭɩɚ. Ⱦɥɹ ɛɨɥɶɲɢɧɫɬɜɚ ɤɨɦɩɚɧɢɣ ɫɩɢɫɨɤ ɪɟɫɭɪɫɨɜ, ɞɨɫɬɭɩɧɵɯ ɢɡɜɧɟ, ɫɨɫɬɨɢɬ ɢɡ ɚɞɪɟɫɨɜ ɫɟɪɜɟɪɨɜ SMTP, Web-ɫɟɪɜɟɪɨɜ ɢ ɧɟɫɤɨɥɶɤɢɯ ɞɪɭɝɢɯ ɫɟɪɜɟɪɨɜ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɨɞɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɧɟ ɩɨɞɪɚɡɭɦɟɜɚɟɬ, ɱɬɨ ɜɵ ɞɨɥɠɧɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɞɢɧ DNS-ɫɟɪɜɟɪ ɢɥɢ ɡɨɧɧɵɣ ɮɚɣɥ ɞɥɹ ɜɧɭɬɪɟɧɧɢɯ ɢ ɜɧɟɲɧɢɯ ɡɚɞɚɱ. Ƚɥɚɜɧɨɟ ɩɪɟɢɦɭɳɟɫɬɜɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɟɞɢɧɨɝɨ ɜɧɭɬɪɟɧɧɟɝɨ ɢ ɜɧɟɲɧɟɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɧɨ ɨɛɟɫɩɟɱɢɜɚɟɬ ɫɨɝɥɚɫɨɜɚɧɢɟ ɞɥɹ ɤɨɧɟɱɧɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɉɨɥɶɡɨɜɚɬɟɥɶ ɜɫɟɝɞɚ ɢɫɩɨɥɶɡɭɟɬ ɨɞɧɨ ɢɦɹ ɞɨɦɟɧɚ ɞɥɹ ɩɨɞɤɥɸɱɟɧɢɹ ɤ ɨɛɳɟɣ ɫɟɬɢ. Ⱥɞɪɟɫ SMTP ɩɨɥɶɡɨɜɚɬɟɥɹ ɢ ɨɫɧɨɜɧɨɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɟ ɢɦɹ (UPN) ɛɭɞɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɞɧɨ ɢ ɬɨ ɠɟ ɢɦɹ ɞɨɦɟɧɚ ɜ ɤɚɱɟɫɬɜɟ ɩɭɛɥɢɱɧɨɝɨ ɜɟɛ-ɫɚɣɬɚ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɸ ɧɭɠɧɨ ɨɛɪɚɬɢɬɶɫɹ ɤ ɞɨɫɬɭɩɧɵɦ ɪɟɫɭɪɫɚɦ, ɨɧ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɞɧɨ ɢɦɹ ɢ ɜɧɭɬɪɢ, ɢ ɫɧɚɪɭɠɢ (ɯɨɬɹ ɨɧ ɦɨɠɟɬ ɨɛɪɚɳɚɬɶɫɹ ɤ ɪɚɡɧɵɦ ɫɟɪɜɟɪɚɦ). Ⱦɪɭɝɨɟ ɩɪɟɢɦɭɳɟɫɬɜɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɟɞɢɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɧɚɞɨ ɪɟɝɢɫɬɪɢɪɨɜɚɬɶ ɬɨɥɶɤɨ ɨɞɧɨ DNS-ɢɦɹ. Ɉɫɧɨɜɧɵɟ ɧɟɞɨɫɬɚɬɤɢ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɟɞɢɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɫɜɹɡɚɧɵ ɫ ɛɟɡɨɩɚɫɧɨɫɬɶɸ ɢ ɭɫɢɥɢɹɦɢ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ. Ɇɧɨɝɢɟ ɤɨɦɩɚɧɢɢ ɨɛɟɫɩɨɤɨɟɧɵ ɜɵɫɬɚɜɥɟɧɢɟɦ ɜɧɭɬɪɟɧɧɟɝɨ ɢɦɟɧɢ DNS ɜ ɢɧɬɟɪɧɟɬɟ ɢ ɜɢɞɹɬ ɜ ɷɬɨɦ ɩɨɬɟɧɰɢɚɥɶɧɵɣ ɪɢɫɤ ɜ ɨɫɥɚɛɥɟɧɢɢ ɛɟɡɨɩɚɫɧɨɫɬɢ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɟɞɢɧɨɝɨ ɜɧɭɬɪɟɧɧɟɝɨ ɢ ɜɧɟɲɧɟɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɦɨɠɟɬ ɭɫɥɨɠɧɹɬɶ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ DNS, ɩɨɬɨɦɭ ɱɬɨ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ DNS ɞɨɥɠɧɵ ɛɭɞɭɬ ɭɩɪɚɜɥɹɬɶ ɞɜɭɦɹ ɪɚɡɥɢɱɧɵɦɢ ɡɨɧɚɦɢ, ɢɦɟɸɳɢɦɢ ɨɞɧɨ ɢ ɬɨ ɠɟ ɢɦɹ ɞɨɦɟɧɚ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɨɞɧɨɝɨ ɢɦɟɧɢ ɦɨɠɟɬ ɬɚɤɠɟ ɭɫɥɨɠɧɢɬɶ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɤɥɢɟɧɬɚ. ɇɚɩɪɢɦɟɪ, ɛɨɥɶɲɢɧɫɬɜɨ ɩɪɨɤɫɢ-ɤɥɢɟɧɬɨɜ ɤɨɧɮɢɝɭɪɢɪɭɸɬɫɹ ɬɚɤ, ɱɬɨɛɵ ɨɧɢ ɢɧɬɟɪɩɪɟɬɢɪɨɜɚɥɢ ɨɩɪɟɞɟɥɟɧɧɵɟ ɢɦɟɧɚ ɞɨɦɟɧɚ ɤɚɤ ɜɧɭɬɪɟɧɧɢɟ, ɢ ɤɥɢɟɧɬ ɛɭɞɟɬ ɩɨɞɤɥɸɱɚɬɶɫɹ ɤ ɧɢɦ ɧɚɩɪɹɦɭɸ, ɦɢɧɭɹ ɩɪɨɤɫɢ-ɫɟɪɜɟɪ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɨɞɧɨɝɨ ɢɦɟɧɢ ɦɨɠɟɬ
ɭɫɥɨɠɧɢɬɶ ɷɬɨɬ ɩɪɨɰɟɫɫ. Ȼɨɥɶɲɢɧɫɬɜɨ ɤɨɦɩɚɧɢɣ ɢɫɩɨɥɶɡɭɟɬ ɪɚɡɥɢɱɧɵɟ ɜɧɭɬɪɟɧɧɢɟ ɢ ɜɧɟɲɧɢɟ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ. ɇɚɩɪɢɦɟɪ, ɤɨɦɩɚɧɢɹ ɦɨɝɥɚ ɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ Contoso.com ɤɚɤ ɜɧɟɲɧɟɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ ɢ ɢɦɹ Contoso.net ɢɥɢ ADContoso.com ɞɥɹ ɜɧɭɬɪɟɧɧɟɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ (ɫɦ. ɪɢɫ. 5-6). . , , . , Contoso.com , Contoso.net, ADContoso.com AD.Contoso.com — . AD.Contoso.com DNS, , .
. 5-6.
,
,
ɑɚɫɬɨ ɭɧɢɤɚɥɶɧɨɟ ɜɧɭɬɪɟɧɧɟɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ ɜɵɛɢɪɚɟɬɫɹ ɢɡ ɫɨɨɛɪɚɠɟɧɢɣ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɱɬɨɛɵ ɩɪɟɞɨɬɜɪɚɬɢɬɶ ɜɵɫɬɚɜɥɟɧɢɟ ɜɧɭɬɪɟɧɧɟɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɜ ɢɧɬɟɪɧɟɬɟ. Ʉɪɨɦɟ ɬɨɝɨ, ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ DNS ɢ ɩɪɨɤɫɢ ɭɩɪɨɳɚɟɬɫɹ ɜ ɡɧɚɱɢɬɟɥɶɧɨɣ ɫɬɟɩɟɧɢ. Ƚɥɚɜɧɨɟ ɧɟɭɞɨɛɫɬɜɨ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɭɧɢɤɚɥɶɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɤɨɦɩɚɧɢɹ ɞɨɥɠɧɚ ɪɟɝɢɫɬɪɢɪɨɜɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɢɦɟɧɚ DNS ɭ ɜɥɚɫɬɟɣ ɢɧɬɟɪɧɟɬɚ. ɏɨɬɹ ɪɟɝɢɫɬɪɚɰɢɹ ɧɟ ɹɜɥɹɟɬɫɹ ɨɛɹɡɚɬɟɥɶɧɵɦ ɬɪɟɛɨɜɚɧɢɟɦ, ɨɞɧɚɤɨ ɨɧɚ ɪɟɤɨɦɟɧɞɭɟɬɫɹ. ȿɫɥɢ ɜɵ ɧɟ ɡɚɪɟɝɢɫɬɪɢɪɭɟɬɟ ɢɦɹ, ɚ ɞɪɭɝɚɹ ɤɨɦɩɚɧɢɹ ɡɚɪɟɝɢɫɬɪɢɪɭɟɬ, ɬɨ ɜɚɲɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɧɟ ɫɦɨɝɭɬ ɢɫɤɚɬɶ ɜ ɢɧɬɟɪɧɟɬɟ ɪɟɫɭɪɫɵ, ɢɦɟɸɳɢɟ ɬɚɤɨɟ ɠɟ ɢɦɹ ɞɨɦɟɧɚ ɤɚɤ ɜɧɭɬɪɟɧɧɟɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ. Ɏɚɤɬɢɱɟɫɤɢɟ ɢɦɟɧɚ, ɤɨɬɨɪɵɟ ɜɵ ɜɵɛɢɪɚɟɬɟ ɞɥɹ ɫɜɨɟɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ DNS, ɛɭɞɭɬ ɜ ɡɧɚɱɢɬɟɥɶɧɨɣ ɫɬɟɩɟɧɢ ɨɩɪɟɞɟɥɹɬɶɫɹ ɬɟɤɭɳɟɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɨɣ DNS. ȿɫɥɢ ɭ ɜɚɫ ɧɟɬ ɭɫɬɚɧɨɜɥɟɧɧɨɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ DNS (ɬɚɤɨɣ ɫɰɟɧɚɪɢɣ ɜɫɬɪɟɱɚɟɬɫɹ ɜ ɫɟɬɹɯ Windows NT), ɢ ɟɫɥɢ ɜɵ ɭɠɟ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɥɢ ɢɦɹ ɞɨɦɟɧɚ, ɤɨɬɨɪɨɟ ɯɨɬɢɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ Active Directory, ɜɚɲ ɩɪɨɟɤɬ ɛɭɞɟɬ ɞɨɜɨɥɶɧɨ ɩɪɨɫɬɵɦ. Ɉɞɧɚɤɨ ɟɫɥɢ ɢɧɮɪɚɫɬɪɭɤɬɭɪɚ DNS ɭɠɟ ɢɦɟɟɬɫɹ ɢ ɜɵ ɞɨɥɠɧɵ ɜɡɚɢɦɨɞɟɣɫɬɜɨɜɚɬɶ ɫ ɷɬɨɣ ɫɪɟɞɨɣ, ɬɨ ɩɪɨɟɤɬɢɪɨɜɚɧɢɟ DNS ɭɫɥɨɠɧɹɟɬɫɹ. ȿɫɥɢ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ DNS ɧɟ ɫɭɳɟɫɬɜɭɟɬ, ɢɦɟɸɬɫɹ ɨɞɧɨ ɢɥɢ ɧɟɫɤɨɥɶɤɨ ɢɦɟɧ ɞɨɦɟɧɚ ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ, ɭɠɟ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɵɯ ɞɥɹ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ, ɬɨ ɩɪɨɟɤɬɢɪɨɜɚɬɶ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ DNS ɧɟɫɥɨɠɧɨ. ȼɵ ɦɨɠɟɬɟ ɜɵɛɪɚɬɶ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɨɟ ɢɦɹ ɞɨɦɟɧɚ ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ ɜ ɤɚɱɟɫɬɜɟ ɢɦɟɧɢ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ, ɚ ɡɚɬɟɦ ɞɟɥɟɝɢɪɨɜɚɬɶ ɞɨɱɟɪɧɢɟ ɢɦɟɧɚ ɞɨɦɟɧɚ ɞɥɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɞɨɦɟɧɨɜ ɜ ɬɨɦ ɠɟ ɫɚɦɨɦ ɞɟɪɟɜɟ ɢɥɢ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɢɦɟɧɚ ɞɨɦɟɧɨɜ ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ ɞɥɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɞɟɪɟɜɶɟɜ ɜ ɥɟɫɭ (ɫɦ. ɪɢɫ. 5-7).
. 5-7.
П
DNS
че
DNS
ы . ,
,
. , .
, —
;
, ,
, SMTP
. ,
.
, ,
. ,
. Contoso.net
, Contoso Contoso.com
. , -
[email protected], Contoso.com. , UPN [email protected], .
. -
SMTP
ɇɚ ɪɢɫɭɧɤɟ 5-7 ɩɨɤɚɡɚɧɨ, ɤɚɤ ɫɟɪɜɟɪɵ DNS ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɩɨ ɷɬɨɦɭ ɫɰɟɧɚɪɢɸ. DNS-ɫɟɪɜɟɪ Contoso.com ɹɜɥɹɟɬɫɹ ɨɮɢɰɢɚɥɶɧɵɦ (authoritative) ɞɥɹ ɫɜɨɟɝɨ ɞɨɦɟɧɚ ɢ ɫɨɞɟɪɠɢɬ ɡɚɩɢɫɢ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɧɚ NAmerica.Contoso.com ɢ Europe.Contoso.com, ɚ ɬɚɤɠɟ ɭɫɥɨɜɧɵɟ ɪɟɬɪɚɧɫɥɹɬɨɪɵ ɢ ɫɨɤɪɚɳɟɧɧɵɟ ɡɨɧɵ ɞɥɹ ɞɨɦɟɧɚ Fabrikam.com. DNS-ɫɟɪɜɟɪ Fabrikam.com ɹɜɥɹɟɬɫɹ ɨɮɢɰɢɚɥɶɧɵɦ ɞɥɹ ɫɜɨɟɣ ɡɨɧɵ ɢ ɫɨɞɟɪɠɢɬ ɭɫɥɨɜɧɵɟ ɪɟɬɪɚɧɫɥɹɬɨɪɵ ɢ ɫɨɤɪɚɳɟɧɧɵɟ ɡɨɧɵ ɞɥɹ Contoso.com. ɑɬɨɛɵ ɪɚɡɪɟɲɚɬɶ ɚɞɪɟɫɚ ɢɧɬɟɪɧɟɬɚ, ɫɟɪɜɟɪɵ ɤɨɪɧɹ ɞɟɪɟɜɚ ɞɨɥɠɧɵ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɫ ɪɟɬɪɚɧɫɥɹɬɨɪɨɦ, ɭɤɚɡɵɜɚɸɳɢɦ ɧɚ ɫɟɪɜɟɪ ɜ ɢɧɬɟɪɧɟɬɟ, ɢɥɢ ɫ ɤɨɪɧɟɜɵɦɢ ɫɫɵɥɤɚɦɢ ɢɧɬɟɪɧɟɬɚ. ɉɪɨɟɤɬɢɪɨɜɚɧɢɟ DNS ɭɫɥɨɠɧɢɬɫɹ, ɟɫɥɢ ɭ ɜɚɫ ɟɫɬɶ ɜɧɭɬɪɟɧɧɹɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɚ DNS. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɫɭɳɟɫɬɜɭɸɬ ɬɪɢ ɜɚɪɢɚɧɬɚ ɞɥɹ ɨɛɴɟɞɢɧɟɧɢɹ ɫ ɬɟɤɭɳɟɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɨɣ. ɉɟɪɜɵɣ ɜɚɪɢɚɧɬ ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɬɨɥɶɤɨ ɬɟɤɭɳɟɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ DNS ɞɥɹ Active Directory, ɜɤɥɸɱɚɹ ɢɦɹ ɞɨɦɟɧɚ. ɇɚɩɪɢɦɟɪ, Contoso ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ Contoso.net ɤɚɤ ɫɜɨɟ ɜɧɭɬɪɟɧɧɟɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ, ɚ DNS-ɫɟɪɜɟɪɵ BIND — ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɫɥɭɠɛɵ DNS. Ʉɨɦɩɚɧɢɹ ɦɨɠɟɬ ɜɡɹɬɶ Contoso.net ɤɚɤ ɢɦɹ ɞɨɦɟɧɚ Active Directory ɢ ɩɪɨɞɨɥɠɚɬɶ ɢɫɩɨɥɶɡɨɜɚɬɶ ɬɟɤɭɳɢɟ ɫɟɪɜɟɪɵ DNS (ɩɪɢ ɭɫɥɨɜɢɢ, ɱɬɨ ɨɧɢ ɩɨɞɞɟɪɠɢɜɚɸɬ SRV-ɡɚɩɢɫɢ ɭɤɚɡɚɬɟɥɟɣ ɫɥɭɠɛ). ȼ ɤɚɱɟɫɬɜɟ ɚɥɶɬɟɪɧɚɬɢɜɵ ɤɨɦɩɚɧɢɹ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɬɨ ɠɟ ɢɦɹ ɞɨɦɟɧɚ, ɧɨ ɩɟɪɟɦɟɫɬɢɬɶ ɫɥɭɠɛɭ DNS ɧɚ DNS-ɫɟɪɜɟɪɚ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɟɬɫɹ Windows Server 2003. ȼ ɥɸɛɨɦ ɫɥɭɱɚɟ ɬɪɟɛɭɟɬɫɹ ɨɱɟɧɶ ɧɟɛɨɥɶɲɚɹ ɪɟɤɨɧɮɢɝɭɪɚɰɢɹ DNS-ɫɟɪɜɟɪɨɜ. ɋɟɪɜɟɪɵ DNS ɦɨɝɭɬ ɩɪɨɞɨɥɠɚɬɶ ɢɫɩɨɥɶɡɨɜɚɬɶ ɬɟ ɠɟ ɫɚɦɵɟ ɪɟɬɪɚɧɫɥɹɬɨɪɵ ɢɥɢ ɤɨɪɧɟɜɵɟ ɫɫɵɥɤɢ ɞɥɹ ɪɚɡɪɟɲɟɧɢɹ ɢɦɟɧ ɜ ɢɧɬɟɪɧɟɬɟ. . DNS . , DNSDNS. Э . , . , DNS. ȼɬɨɪɨɣ ɜɚɪɢɚɧɬ ɩɪɢ ɧɚɥɢɱɢɢ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ DNS ɫɨɫɬɨɢɬ ɜ ɜɵɛɨɪɟ ɪɚɡɥɢɱɧɵɯ DNS-ɢɦɟɧ ɞɥɹ ɞɨɦɟɧɨɜ Active Directory. ɇɚɩɪɢɦɟɪ, Contoso ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ Contoso.net ɤɚɤ ɬɟɤɭɳɟɟ ɜɧɭɬɪɟɧɧɟɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ DNS ɢ ɪɚɡɜɟɪɧɭɬɶ ɞɨɦɟɧɵ Active Directory, ɢɫɩɨɥɶɡɭɸɳɢɟ AD.Contoso.net ɤɚɤ ɢɦɹ ɞɨɦɟɧɚ (ɫɦ. ɪɢɫ. 5-8). ȼ ɷɬɨɦ ɫɥɭɱɚɟ DNS-ɫɟɪɜɟɪ ɪɚɡɜɨɪɚɱɢɜɚɟɬɫɹ ɤɚɤ ɨɫɧɨɜɧɨɣ ɫɟɪɜɟɪ ɢɦɟɧ ɞɥɹ AD.Contoso.net ɫ ɡɚɩɢɫɹɦɢ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɞɥɹ NAmerica.AD. Contoso.net ɢ Europe.AD.Contoso.net. ɗɬɨɬ DNS-ɫɟɪɜɟɪ ɦɨɠɟɬ ɛɵɬɶ ɬɟɦ ɠɟ ɫɚɦɵɦ DNS-ɫɟɪɜɟɪɨɦ, ɤɨɬɨɪɵɣ ɹɜɥɹɟɬɫɹ ɨɮɢɰɢɚɥɶɧɵɦ ɫɟɪɜɟɪɨɦ ɞɥɹ Contoso.net, ɢɥɢ ɦɨɠɧɨ ɪɚɡɜɟɪɧɭɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ DNS-ɫɟɪɜɟɪ. ȿɫɥɢ ɜɵ ɪɚɡɜɟɪɬɵɜɚɟɬɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ DNS-ɫɟɪɜɟɪ ɞɥɹ ɞɨɦɟɧɚ Active Directory, ɧɟɨɛɯɨɞɢɦɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɪɟɬɪɚɧɫɥɹɬɨɪɵ ɢ ɤɨɪɧɟɜɵɟ ɫɫɵɥɤɢ ɞɥɹ ɧɟɝɨ. ȼ ɬɪɟɬɶɟɦ ɜɚɪɢɚɧɬɟ ɩɪɢ ɧɚɥɢɱɢɢ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ DNS ɞɨɦɟɧ Active Directory ɹɜɥɹɟɬɫɹ ɞɨɱɟɪɧɢɦ ɞɨɦɟɧɨɦ ɨɬ ɜɧɭɬɪɟɧɧɟɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ. ɇɚɩɪɢɦɟɪ, Contoso ɦɨɝ ɛɵ ɫɨɡɞɚɜɚɬɶ ɩɨɞɞɨɦɟɧ AD.Contoso.net ɤɚɤ ɞɨɦɟɧ Active Directory (ɫɦ. ɪɢɫ. 5-9). ȼ ɷɬɨɦ ɫɥɭɱɚɟ DNS-ɫɟɪɜɟɪ ɞɥɹ Contoso.net ɦɨɠɟɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɫ ɡɚɩɢɫɶɸ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɞɥɹ ɞɨɦɟɧɚ AD.Contoso.net. DNS-ɫɟɪɜɟɪ AD.Contoso.net ɦɨɠɟɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɫ ɡɚɩɢɫɶɸ ɪɟɬɪɚɧɫɥɹɬɨɪɚ, ɭɤɚɡɵɜɚɸɳɟɝɨ ɧɚ DNSɫɟɪɜɟɪ Contoso.net. ɇɚɢɛɨɥɟɟ ɫɥɨɠɧɵɣ ɩɪɨɟɤɬ DNS, ɫ ɤɨɬɨɪɵɦ ɜɵ ɤɨɝɞɚ-ɥɢɛɨ ɫɬɨɥɤɧɟɬɟɫɶ, ɜɨɡɧɢɤɧɟɬ ɜ ɫɥɭɱɚɟ, ɟɫɥɢ ɤɨɦɩɚɧɢɹ ɪɟɲɢɬ ɫɤɨɦɛɢɧɢɪɨɜɚɬɶ ɜɫɟ ɫɩɨɫɨɛɵ ɨɛɴɟɞɢɧɟɧɢɹ DNS ɫ ɜɧɭɬɪɟɧɧɢɦ ɩɪɨɫɬɪɚɧɫɬɜɨɦ ɢɦɟɧ. ɇɚɩɪɢɦɟɪ, ɧɚ ɪɢɫɭɧɤɟ 5-10 ɩɨɤɚɡɚɧɨ, ɱɬɨ ɤɨɦɩɚɧɢɹ, ɜɨɡɦɨɠɧɨ, ɭɠɟ ɢɫɩɨɥɶɡɭɟɬ Contoso.net ɢ Fabrikam.net ɤɚɤ ɜɧɭɬɪɟɧɧɢɟ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ. Ɋɟɲɢɜ ɪɚɡɜɟɪɧɭɬɶ Active Directory, ɤɨɦɩɚɧɢɹ ɦɨɠɟɬ ɞɨɛɚɜɢɬɶ ɞɨɱɟɪɧɢɟ ɞɨɦɟɧɵ ɩɨɞ ɫɭɳɟɫɬɜɭɸɳɢɟ, ɚ ɬɚɤɠɟ ɫɨɡɞɚɬɶ ɧɨɜɨɟ ɞɟɪɟɜɨ ɞɨɦɟɧɨɜ NWTraders.net. ɋ ɩɨɦɨɳɶɸ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɯ ɪɟɬɪɚɧɫɥɹɬɨɪɨɜ ɢ ɤɨɪɧɟɜɵɯ ɫɫɵɥɨɤ DNSɫɟɪɜɟɪɵ ɦɨɝɭɬ ɪɚɡɪɟɲɚɬɶ ɥɸɛɵɟ ɢɦɟɧɚ DNS ɜ ɨɪɝɚɧɢɡɚɰɢɢ.
.
5-8.
DNS
. 5-9.
DNS
Ɉɞɧɚɤɨ ɷɬɨ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ DNS ɧɟ ɨɩɪɟɞɟɥɹɟɬ ɢɟɪɚɪɯɢɸ Active Directory. ȼ ɩɪɢɦɟɪɟ ɧɚ ɪɢɫɭɧɤɟ 5-10 ɞɨɦɟɧ AD.Contoso.net ɦɨɠɟɬ ɛɵɬɶ ɤɨɪɧɟɜɵɦ ɞɨɦɟɧɨɦ Active Directory ɫ ɞɨɱɟɪɧɢɦɢ ɞɨɦɟɧɚɦɢ NAmerica.AD.Contoso.net ɢ Europe.AD.Contoso.net ɢ ɞɨɦɟɧɚɦɢ AD.Fabrikam.net ɢ NWTraders.net, ɢɫɩɨɥɶɡɭɸɳɢɦɢɫɹ ɜ ɤɚɱɟɫɬɜɟ ɤɨɪɧɟɜɵɯ ɞɨɦɟɧɨɜ ɞɥɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɞɟɪɟɜɶɟɜ ɜ ɥɟɫɭ Active Directory.
. 5-10.
DNS
DNS
ɉɪɚɤɬɢɱɟɫɤɢ ɜɫɟ ɛɨɥɶɲɢɟ ɤɨɦɩɚɧɢɢ ɭɠɟ ɢɦɟɸɬ ɭɫɬɚɧɨɜɥɟɧɧɭɸ ɢɧɮɪɚɫɬɪɭɤɬɭɪɭ DNS. ȼɨ ɦɧɨɝɢɯ ɫɥɭɱɚɹɯ DNS ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɪɚɡɪɟɲɟɧɢɹ ɢɦɟɧ ɫɟɪɜɟɪɨɜ UNIX ɢɥɢ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɩɨɬɪɟɛɧɨɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɭɫɥɭɝɚɯ DNS ɞɥɹ ɞɨɫɬɭɩɚ ɜ ɢɧɬɟɪɧɟɬ. ɂɧɨɝɞɚ ɭɫɥɭɝɢ DNS ɨɛɟɫɩɟɱɢɜɚɸɬɫɹ DNSɫɟɪɜɟɪɚɦɢ BIND, ɜɵɩɨɥɧɹɸɳɢɦɢɫɹ ɧɚ UNIX-ɫɟɪɜɟɪɚɯ. ɉɨɫɤɨɥɶɤɭ ɫɭɳɟɫɬɜɭɟɬ ɡɚɜɢɫɢɦɨɫɬɶ Windows NT ɨɬ ɢɦɟɧ NetBIOS ɢ ɨɬ ɫɥɭɠɛɵ ɢɦɟɧ ɢɧɬɟɪɧɟɬɚ ɞɥɹ Windows (WINS), ɜ ɩɪɨɬɢɜɨɩɨɥɨɠɧɨɫɬɶ ɢɦɟɧɚɦ ɯɨɫɬɨɜ ɢ DNS, ɦɧɨɝɢɟ Windows-ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɦɚɥɨ ɤɚɫɚɸɬɫɹ ɫɥɭɠɛɵ DNS. ɋɢɬɭɚɰɢɹ ɢɡɦɟɧɢɥɚɫɶ ɫ ɜɵɩɭɫɤɨɦ Active Directory ɫɢɫɬɟɦ Windows 2000 ɢ Windows Server 2003. ȼ ɝɥɚɜɟ 3 ɝɨɜɨɪɢɥɨɫɶ ɨ ɬɨɦ, ɱɬɨ Windows Server 2003 ɬɪɟɛɭɟɬɫɹ ɫɥɭɠɛɚ DNS ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɤɥɢɟɧɬɵ ɦɨɝɥɢ ɧɚɯɨɞɢɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. ɉɨɷɬɨɦɭ ɤɪɢɬɢɱɟɫɤɢɦ ɦɨɦɟɧɬɨɦ ɩɪɢ ɨɛɫɭɠɞɟɧɢɢ ɩɪɨɟɤɬɚ Active Directory ɫɬɚɧɨɜɢɬɫɹ ɜɨɩɪɨɫ ɨ ɪɚɡɦɟɳɟɧɢɢ ɫɥɭɠɛɵ DNS. Ⱦɥɹ ɛɨɥɶɲɢɧɫɬɜɚ ɤɨɦɩɚɧɢɣ ɫ ɫɭɳɟɫɬɜɭɸɳɟɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɨɣ DNS ɦɚɥɨɜɟɪɨɹɬɧɨ, ɱɬɨɛɵ ɨɧɢ ɩɪɨɫɬɨ ɭɞɚɥɢɥɢ ɬɟɤɭɳɭɸ ɢɧɮɪɚɫɬɪɭɤɬɭɪɭ ɢ ɩɟɪɟɦɟɫɬɢɥɢ ɜɫɟ ɜ Windows Server 2003. ɇɟɨɛɯɨɞɢɦɨɫɬɶ ɜ ɫɥɭɠɛɟ DNS ɞɥɹ Active Directory ɡɚɫɬɚɜɢɬ ɜɚɫ ɨɪɝɚɧɢɡɨɜɚɬɶ ɜɡɚɢɦɨɞɟɣɫɬɜɢɟ ɫ ɬɟɤɭɳɟɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɨɣ DNS. ȿɫɬɶ ɞɜɚ ɜɚɪɢɚɧɬɚ ɢɧɬɟɝɪɚɰɢɢ ɞɥɹ ɫɥɭɱɚɹ, ɤɨɝɞɚ ɞɨɥɠɧɚ ɩɨɞɞɟɪɠɢɜɚɬɶɫɹ ɬɟɤɭɳɚɹ BIND ɢɧɮɪɚɫɬɪɭɤɬɭɪɚ DNS. ɉɟɪɜɵɣ ɜɚɪɢɚɧɬ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ DNS-ɫɟɪɜɟɪɚ ɧɟ ɨɬ Microsoft ɢ ɪɚɫɩɨɥɚɝɚɬɶ ɧɚ ɷɬɢɯ ɫɟɪɜɟɪɚɯ ɧɟɨɛɯɨɞɢɦɭɸ ɞɥɹ Active Directory ɢɧɮɨɪɦɚɰɢɸ ɡɨɧ DNS. Ɍɚɤɚɹ ɜɨɡɦɨɠɧɨɫɬɶ, ɤɨɧɟɱɧɨ, ɫɭɳɟɫɬɜɭɟɬ. ȿɞɢɧɫɬɜɟɧɧɨɟ ɬɪɟɛɨɜɚɧɢɟ ɞɥɹ DNS - ɫɟɪɜɟɪ ɞɨɥɠɟɧ ɩɨɞɞɟɪɠɢɜɚɬɶ ɡɚɩɢɫɢ SRV. ȼɵ, ɜɟɪɨɹɬɧɨ, ɡɚɯɨɬɢɬɟ, ɱɬɨɛɵ ɫɟɪɜɟɪɵ DNS ɬɚɤɠɟ ɩɨɞɞɟɪɠɢɜɚɥɢ ɞɢɧɚɦɢɱɟɫɤɢɟ ɨɛɧɨɜɥɟɧɢɹ (ɨɫɨɛɟɧɧɨ, ɟɫɥɢ ɜɵ ɩɥɚɧɢɪɭɟɬɟ ɪɟɝɢɫɬɪɢɪɨɜɚɬɶ ɜɫɟ IP ɚɞɪɟɫɚ ɤɥɢɟɧɬɨɜ ɜ
DNS) ɢ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ (incremental) ɡɨɧɧɵɟ ɩɟɪɟɞɚɱɢ. ȿɫɥɢ ɬɟɤɭɳɚɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɚ ɢɫɩɨɥɶɡɭɟɬ BIND ɫɟɪɜɟɪɵ DNS, ɫɟɪɜɟɪɵ BIND 8.1.2 ɩɨɞɞɟɪɠɢɜɚɸɬ ɡɚɩɢɫɢ SRV ɢ ɞɢɧɚɦɢɱɟɫɤɢɟ ɨɛɧɨɜɥɟɧɢɹ. ɋɟɪɜɟɪ BIND 8.2.1 ɩɨɞɞɟɪɠɢɜɚɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɡɨɧɧɵɟ ɩɟɪɟɞɚɱɢ. ȿɫɥɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɨɞɧɭ ɢɡ ɷɬɢɯ ɜɟɪɫɢɣ BIND, ɬɨ ɜɵ ɦɨɠɟɬɟ ɩɪɨɞɨɥɠɚɬɶ ɢɫɩɨɥɶɡɨɜɚɧɢɟ DNS-ɫɟɪɜɟɪɨɜ BIND. (ȿɫɥɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ DNS-ɫɟɪɜɟɪɵ Lucent VitalQIP, ɬɨ ɜɟɪɫɢɢ 5.2 ɢ ɛɨɥɟɟ ɩɨɡɞɧɢɟ ɫɨɜɦɟɫɬɢɦɵ ɫ BIND 8.2.2.) . DNS , DNSWindows Server 2003 DNSMicrosoft, . DNSBIND, DNS, DNS Microsoft. , DNS Microsoft. : , DNS. DNSSRV, Active Directory Windows Server 2003 DNS. , DNS . , Active Directory. : « DNS, Active Directory?». , , . , : « DNS?». Windows Server 2003 , Active Directory.
DNSDNS. .
Active Directory DNS-
BIND, DNS
DNS-
BIND
DNS-
. Microsoft
. ,
DNS-
, , . ȼɬɨɪɨɣ ɜɚɪɢɚɧɬ ɨɛɴɟɞɢɧɟɧɢɹ DNS Windows Server 2003 ɫ BIND ɫɨɫɬɨɢɬ ɜ ɪɚɡɜɟɪɬɵɜɚɧɢɢ ɨɛɨɢɯ ɬɢɩɨɜ DNS. Ɇɧɨɝɢɟ ɤɨɦɩɚɧɢɢ ɢɫɩɨɥɶɡɭɸɬ DNS-ɫɟɪɜɟɪɵ BIND ɤɚɤ ɨɫɧɨɜɧɨɣ ɫɟɪɜɟɪ ɢɦɟɧ ɞɥɹ ɜɧɭɬɪɟɧɧɟɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ. ɇɚɩɪɢɦɟɪ, ɤɨɦɩɚɧɢɹ Contoso ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ BIND ɩɪɢ ɪɚɡɪɟɲɟɧɢɢ ɢɦɟɧ ɞɥɹ Contoso.com. ȿɫɥɢ ɨɧɚ ɪɟɲɢɬ ɪɚɡɜɟɪɬɵɜɚɬɶ Active Directory ɢ ɢɫɩɨɥɶɡɨɜɚɬɶ DNS-ɫɟɪɜɟɪ ɧɚ ɛɚɡɟ Windows Server 2003, ɫɭɳɟɫɬɜɭɟɬ ɦɧɨɠɟɫɬɜɨ ɜɚɪɢɚɧɬɨɜ. ȿɫɥɢ ɤɨɦɩɚɧɢɹ Contoso ɡɚɯɨɱɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ Contoso.com ɤɚɤ DNS-ɢɦɹ Active Directory, ɨɧɚ ɦɨɠɟɬ ɩɟɪɟɦɟɫɬɢɬɶ ɨɫɧɨɜɧɭɸ ɡɨɧɭ ɧɚ DNS-ɫɟɪɜɟɪ ɧɚ ɛɚɡɟ Windows Server 2003 ɢ ɩɨɞɞɟɪɠɢɜɚɬɶ DNS ɫɟɪɜɟɪ BIND ɜ ɤɚɱɟɫɬɜɟ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɫɟɪɜɟɪɚ ɢɦɟɧ. ɂɥɢ DNS-ɫɟɪɜɟɪ ɧɚ ɛɚɡɟ Windows Server 2003 ɦɨɝ ɛɵ ɫɬɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɦ ɫɟɪɜɟɪɨɦ ɢɦɟɧ ɤ DNS-ɫɟɪɜɟɪɭ BIND. . DNSBIND DNSWindows Server 2003 . DNS, . Active Directory, DNSBIND . Active Directory . Ʉɨɦɩɚɧɢɹ Contoso ɦɨɠɟɬ ɪɚɡɜɟɪɬɵɜɚɬɶ Active Directory, ɢɫɩɨɥɶɡɭɹ ɞɨɦɟɧɧɵɟ ɢɦɟɧɚ, ɨɬɥɢɱɧɵɟ ɨɬ ɬɟɯ, ɤɨɬɨɪɵɟ ɭɠɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɧɚ DNS-ɫɟɪɜɟɪɚɯ BIND. ɇɚɩɪɢɦɟɪ, ɢɦɹ Contoso.net ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɤɚɤ DNS-ɢɦɹ Active Directory. ȼ ɷɬɨɦ ɫɥɭɱɚɟ DNS-ɫɟɪɜɟɪɵ ɧɚ ɛɚɡɟ Windows Server 2003 ɦɨɝɭɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɤɚɤ ɨɮɢɰɢɚɥɶɧɵɟ ɫɟɪɜɟɪɵ ɞɥɹ Contoso.net, ɚ ɫɟɪɜɟɪɵ BIND -
ɤɚɤ ɨɮɢɰɢɚɥɶɧɵɟ ɫɟɪɜɟɪɵ ɞɥɹ Contoso.com. DNS-ɫɟɪɜɟɪɵ ɧɚ ɛɚɡɟ Windows Server 2003 ɦɨɝɭɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɫ ɭɫɥɨɜɧɵɦ ɪɟɬɪɚɧɫɥɹɬɨɪɨɦ ɧɚ DNS-ɫɟɪɜɟɪ BIND ɞɥɹ Contoso.com. Ⱦɨɦɟɧ Active Directory ɦɨɠɧɨ ɪɚɡɜɟɪɧɭɬɶ ɬɚɤɠɟ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ AD.Contoso.com ɜ ɤɚɱɟɫɬɜɟ ɢɦɟɧɢ ɞɨɦɟɧɚ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ DNS-ɫɟɪɜɟɪɵ BIND Contoso.com ɛɭɞɭɬ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɫ ɡɚɩɢɫɶɸ ɞɟɥɟɝɢɪɨɜɚɧɢɹ, ɧɚɩɪɚɜɥɹɸɳɟɣ ɥɸɛɨɣ ɩɨɢɫɤ ɞɥɹ ɞɨɦɟɧɚ AD.Contoso.com ɧɚ DNS Windows Server 2003. ɋɟɪɜɟɪɵ DNS ɫɢɫɬɟɦɵ Windows Server 2003 ɦɨɝɭɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɫ ɪɟɬɪɚɧɫɥɹɬɨɪɨɦ, ɭɤɚɡɵɜɚɸɳɢɦ ɧɚ DNS-ɫɟɪɜɟɪ BIND. С . , DNS, DNS. DNS, , : BIND Windows Server 2003. DNS Windows Server 2003 DNS, DNS BIND — Active Directory.
Ʉɚɤ ɬɨɥɶɤɨ ɩɪɨɟɤɬɢɪɨɜɚɧɢɟ ɧɚ ɭɪɨɜɧɟ ɞɨɦɟɧɨɜ ɡɚɤɨɧɱɟɧɨ, ɫɥɟɞɭɸɳɢɣ ɲɚɝ ɫɨɫɬɨɢɬ ɜ ɫɨɡɞɚɧɢɢ ɦɨɞɟɥɢ ɨɪɝɚɧɢɡɚɰɢɨɧɧɨɣ ɟɞɢɧɢɰɵ OU ɞɥɹ ɤɚɠɞɨɝɨ ɞɨɦɟɧɚ. ȼ ɝɥɚɜɟ 2 ɝɨɜɨɪɢɥɨɫɶ, ɱɬɨ OU ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɫɨɡɞɚɧɢɹ ɢɟɪɚɪɯɢɱɟɫɤɨɣ ɫɬɪɭɤɬɭɪɵ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ. ɗɬɚ ɢɟɪɚɪɯɢɹ ɦɨɠɟɬ ɡɚɬɟɦ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ ɢɥɢ ɩɪɢɦɟɧɟɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɤ ɫɨɜɨɤɭɩɧɨɫɬɢ ɨɛɴɟɤɬɨɜ.
Active Directory
Ⱦɨɦɟɧɵ Windows NT ɢɫɩɨɥɶɡɭɸɬ ɧɟɪɚɡɜɟɬɜɥɟɧɧɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ, ɬ.ɟ. ɜɫɟ ɨɛɴɟɤɬɵ ɜ ɞɨɦɟɧɟ ɧɚɯɨɞɹɬɫɹ ɧɚ ɨɞɧɨɦ ɭɪɨɜɧɟ. ɇɟɬ ɧɢɤɚɤɨɝɨ ɫɩɨɫɨɛɚ ɧɚɡɧɚɱɢɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɨɞɧɢɦ ɨɛɴɟɤɬɨɦ ɜ ɞɨɦɟɧɟ ɛɟɡ ɬɨɝɨ, ɱɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ ɬɨɬ ɠɟ ɫɚɦɵɣ ɭɪɨɜɟɧɶ ɭɩɪɚɜɥɟɧɢɹ ɧɚɞɨ ɜɫɟɦɢ ɞɪɭɝɢɦɢ ɨɛɴɟɤɬɚɦɢ ɜ ɤɚɬɚɥɨɝɟ. OU ɜ Active Directory ɩɨɡɜɨɥɹɸɬ ɫɨɡɞɚɜɚɬɶ ɢɟɪɚɪɯɢɸ ɨɛɴɟɤɬɨɜ ɜ ɩɪɟɞɟɥɚɯ ɨɬɞɟɥɶɧɨɝɨ ɞɨɦɟɧɚ. ɂɫɩɨɥɶɡɭɹ OU, ɜɵ ɦɨɠɟɬɟ ɞɚɜɚɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɣ ɤɨɧɬɪɨɥɶ ɬɨɥɶɤɨ ɧɚɞ ɨɞɧɨɣ ɱɚɫɬɶɸ ɞɨɦɟɧɚ ɢɥɢ ɞɚɠɟ ɩɪɟɞɨɫɬɚɜɥɹɬɶ ɨɝɪɚɧɢɱɟɧɧɵɣ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɣ ɞɨɫɬɭɩ ɤ ɷɬɨɣ ɱɚɫɬɢ. Ʉɨɝɞɚ ɜɵ ɩɪɨɟɤɬɢɪɭɟɬɟ ɫɬɪɭɤɬɭɪɭ OU, ɜɵ ɝɪɭɩɩɢɪɭɟɬɟ ɨɛɴɟɤɬɵ ɜɦɟɫɬɟ ɫ ɰɟɥɶɸ ɟɞɢɧɨɨɛɪɚɡɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ ɷɬɨɣ ɝɪɭɩɩɨɣ. ɇɚɩɪɢɦɟɪ, ɦɨɠɧɨ ɭɫɬɚɧɨɜɢɬɶ ɨɛɳɢɣ ɧɚɛɨɪ ɩɪɢɥɨɠɟɧɢɣ ɞɥɹ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɨɩɪɟɞɟɥɟɧɧɨɦ ɨɬɞɟɥɟ. Ƚɪɭɩɩɢɪɭɹ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ OU, ɜɵ ɦɨɠɟɬɟ ɧɚɡɧɚɱɢɬɶ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ (Group Policy), ɤɨɬɨɪɚɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɭɫɬɚɧɨɜɢɬ ɬɪɟɛɭɟɦɨɟ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ. ȼɨɡɦɨɠɧɨ, ɜɵ ɡɚɯɨɬɢɬɟ ɫɝɪɭɩɩɢɪɨɜɚɬɶ ɨɛɴɟɤɬɵ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɨɞɧɨɝɨ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚ ɷɬɨɣ ɝɪɭɩɩɟ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɢɦɟɟɬɫɹ ɨɬɞɚɥɟɧɧɵɣ ɨɮɢɫ ɫ ɦɟɫɬɧɵɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɦ, ɦɨɠɧɨ ɫɨɡɞɚɬɶ OU, ɩɨɦɟɫɬɢɬɶ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɤɨɦɩɶɸɬɟɪɵ ɨɬɞɚɥɟɧɧɨɝɨ ɨɮɢɫɚ ɜ ɷɬɨ ɩɨɞɪɚɡɞɟɥɟɧɢɟ, ɚ ɡɚɬɟɦ ɞɟɥɟɝɢɪɨɜɚɬɶ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ ɷɬɨɣ OU ɦɟɫɬɧɨɦɭ ɚɞɦɢɧɢɫɬɪɚɬɨɪɭ. Ɉɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ ɯɚɪɚɤɬɟɪɢɡɭɸɬɫɹ ɫɥɟɞɭɸɳɢɦ. • ɉɪɨɟɤɬɢɪɨɜɚɧɢ OU ɧɟ ɨɤɚɡɵɜɚɟɬ ɜɥɢɹɧɢɹ ɧɚ ɩɪɨɟɤɬɢɪɨɜɚɧɢɟ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ DNS. OU ɩɨɥɭɱɚɸɬ ɢɦɟɧɚ ɤɚɬɚɥɨɝɚ ɜ ɩɪɟɞɟɥɚɯ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ DNS. ɇɚɩɪɢɦɟɪ, ɨɪɝɚɧɢɡɚɰɢɨɧɧɚɹ ɟɞɢɧɢɰɚ ɦɨɠɟɬ ɢɦɟɬɶ ɨɬɥɢɱɢɬɟɥɶɧɨɟ ɢɦɹ OU=ManagersOU,OU=AdministrationOU, DC=Contoso, DC=Com. ȼ ɷɬɨɦ ɫɥɭɱɚɟ Contoso.com ɹɜɥɹɟɬɫɹ DNS-ɢɦɟ-ɧɟɦ, ɚ LDAP-ɢɦɟɧɚ ɜɧɭɬɪɢ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ DNS ɹɜɥɹɸɬɫɹ ɢɦɟɧɚɦɢ OU. • Ɉɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ ɦɨɝɭɬ ɛɵɬɶ ɫɨɡɞɚɧɵ ɜɧɭɬɪɢ ɞɪɭɝɢɯ ɟɞɢɧɢɰ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɚɜɚ ɢ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ Group Policy (Ƚɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ), ɭɫɬɚɧɨɜɥɟɧɧɵɟ ɧɚ ɜɟɪɯɧɟɦ ɭɪɨɜɧɟ ɟɞɢɧɢɰ OU, ɧɚɫɥɟɞɭɸɬɫɹ ɞɨɱɟɪɧɢɦɢ OU. ɗɬɨ ɩɨɜɟɞɟɧɢɟ ɦɨɠɟɬ ɛɵɬɶ ɢɡɦɟɧɟɧɨ. • Ɉɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ 0U ɩɪɨɡɪɚɱɧɵ ɞɥɹ ɤɨɧɟɱɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢɳɟɬ ɨɛɴɟɤɬ ɜ Active Directory, ɩɪɢɥɨɠɟɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɞɟɥɚɟɬ ɡɚɩɪɨɫ ɨɛ ɷɬɨɣ ɢɧɮɨɪɦɚɰɢɢ ɤ GC-ɤɚɬɚɥɨɝɭ. ɉɨɥɶɡɨɜɚɬɟɥɸ ɧɟ ɬɪɟɛɭɟɬɫɹ ɡɧɚɬɶ ɫɬɪɭɤɬɭɪɭ OU, ɱɬɨɛɵ ɫɞɟɥɚɬɶ ɜɯɨɞ ɜ ɫɢɫɬɟɦɭ ɢɥɢ ɧɚɣɬɢ ɨɛɴɟɤɬɵ ɜ Active Directory. • ɉɨ ɫɪɚɜɧɟɧɢɸ ɫ ɞɪɭɝɢɦɢ ɤɨɦɩɨɧɟɧɬɚɦɢ Active Directory, ɬɚɤɢɦɢ ɤɚɤ ɞɨɦɟɧɵ ɢ ɥɟɫɚ, ɫɬɪɭɤɬɭɪɭ OU ɥɟɝɤɨ ɢɡɦɟɧɢɬɶ ɩɨɫɥɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ. ɉɟɪɟɦɟɳɟɧɢɟ ɨɛɴɟɤɬɨɜ ɦɟɠɞɭ OU
ɫɜɨɞɢɬɫɹ ɤ ɳɟɥɱɤɭ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɨɛɴɟɤɬɟ ɢ ɜɵɛɨɪɭ Move (ɉɟɪɟɦɟɫɬɢɬɶ) ɢɡ ɤɨɧɬɟɤɫɬɧɨɝɨ ɦɟɧɸ.
OU
ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɤɨɦɩɚɧɢɣ ɦɨɞɟɥɶ OU ɢɦɟɟɬ ɛɨɥɶɲɭɸ ɝɢɛɤɨɫɬɶ. ɉɪɢ ɷɬɨɦ ɫɥɟɞɭɟɬ ɭɱɟɫɬɶ ɦɧɨɠɟɫɬɜɨ ɮɚɤɬɨɪɨɜ. П че ы . OU . —
,
. ,
. .
, OU .
OU. ,
OU,
,
,
OU
. .
(IT). ,
-
OU,
,
. 1 -
.
OU,
Ɉɞɧɚ ɢɡ ɩɪɢɱɢɧ ɫɨɡɞɚɧɢɹ ɫɬɪɭɤɬɭɪɵ OU ɡɚɤɥɸɱɚɟɬɫɹ ɜ ɜɨɡɦɨɠɧɨɫɬɢ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ. Ɇɧɨɝɢɟ ɤɨɦɩɚɧɢɢ, ɤɨɬɨɪɵɟ ɫɨɟɞɢɧɢɥɢ ɞɨɦɟɧɵ ɪɟɫɭɪɫɨɜ Windows NT ɜ ɟɞɢɧɫɬɜɟɧɧɵɣ ɞɨɦɟɧ Active Directory, ɜɨɡɦɨɠɧɨ, ɡɚɯɨɬɹɬ ɞɟɥɟɝɢɪɨɜɚɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɡɚɞɚɱɢ, ɤɨɬɨɪɵɟ ɨɛɵɱɧɨ ɜɵɩɨɥɧɹɥɢ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ ɪɟɫɭɪɫɨɜ. ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɢɦɟɸɬ ɧɟɫɤɨɥɶɤɨ ɨɮɢɫɨɜ ɫ ɥɨɤɚɥɶɧɵɦɢ ɫɟɬɟɜɵɦɢ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦɢ ɜ ɤɚɠɞɨɦ, ɢ ɨɧɢ, ɜɨɡɦɨɠɧɨ, ɡɚɯɨɬɹɬ ɞɟɥɟɝɢɪɨɜɚɬɶ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ ɤɚɠɞɨɦɭ ɢɡ ɷɬɢɯ ɨɮɢɫɨɜ. Ⱦɪɭɝɢɟ ɤɨɦɩɚɧɢɢ ɡɚɯɨɬɹɬ ɞɟɥɟɝɢɪɨɜɚɬɶ ɨɩɪɟɞɟɥɟɧɧɭɸ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɭɸ ɡɚɞɚɱɭ. ɇɚɩɪɢɦɟɪ, ɞɚɬɶ ɨɞɧɨɦɭ ɢɥɢ ɞɜɭɦ ɱɟɥɨɜɟɤɚɦ ɜ ɤɚɠɞɨɦ ɨɬɞɟɥɟ ɩɪɚɜɨ ɫɛɪɚɫɵɜɚɬɶ ɩɚɪɨɥɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɚ ɬɚɤɠɟ ɢɡɦɟɧɹɬɶ ɢɧɮɨɪɦɚɰɢɸ ɞɥɹ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɨɬɞɟɥɚ. ȼɫɟ ɷɬɨ ɫɬɚɧɨɜɢɬɫɹ ɜɨɡɦɨɠɧɵɦɢ ɩɭɬɟɦ ɫɨɡɞɚɧɢɹ ɫɬɪɭɤɬɭɪɵ OU ɜ Active Directory ɢ ɩɨɫɥɟɞɭɸɳɢɦ ɞɟɥɟɝɢɪɨɜɚɧɢɟɦ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɝɨ ɞɨɫɬɭɩɚ. ȼɨɡɦɨɠɧɨ ɩɪɟɞɫɬɚɜɥɟɧɢɟ ɥɸɛɨɝɨ ɭɪɨɜɧɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɝɨ ɞɨɫɬɭɩɚ ɧɚ ɭɪɨɜɧɟ OU. ȿɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ OU ɞɥɹ ɨɬɞɚɥɟɧɧɨɝɨ ɨɮɢɫɚ, ɜɵ ɦɨɠɟɬɟ ɩɪɟɞɫɬɚɜɢɬɶ ɟɝɨ ɚɞɦɢɧɢɫɬɪɚɬɨɪɭ ɩɨɥɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɨɛɴɟɤɬɚɦɢ ɷɬɨɝɨ ɨɮɢɫɚ. Ⱥɞɦɢɧɢɫɬɪɚɬɨɪ ɦɨɠɟɬ ɜɵɩɨɥɧɹɬɶ ɥɸɛɭɸ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɭɸ ɡɚɞɚɱɭ ɜ ɷɬɨɣ OU, ɜɤɥɸɱɚɹ ɫɨɡɞɚɧɢɟ ɞɨɱɟɪɧɢɯ OU ɢ ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɪɚɡɪɟɲɟɧɢɣ ɞɪɭɝɢɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ. ȿɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ OU ɞɥɹ ɤɚɠɞɨɝɨ ɨɬɞɟɥɚ, ɜɵ ɦɨɠɟɬɟ ɩɪɟɞɨɫɬɚɜɢɬɶ ɨɱɟɧɶ ɫɩɟɰɢɮɢɱɟɫɤɢɟ ɩɪɚɜɚ, ɬɢɩɚ ɩɪɚɜɚ ɫɛɪɚɫɵɜɚɧɢɹ ɩɚɪɨɥɟɣ, ɧɟɫɤɨɥɶɤɢɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɜ ɨɬɞɟɥɟ. Ɇɨɠɧɨ ɩɪɟɞɨɫɬɚɜɢɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɚɜɚ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɬɢɩɚɯ ɨɛɴɟɤɬɨɜ ɜ OU, ɧɚɩɪɢɦɟɪ, ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɨɬɞɟɥɚ ɦɨɝɭɬ ɢɡɦɟɧɹɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɧɨ ɧɟ ɨɛɴɟɤɬɵ ɝɪɭɩɩ ɢɥɢ ɤɨɦɩɶɸɬɟɪɨɜ. ȼ ɝɥɚɜɟ 9 ɫɨɞɟɪɠɢɬɫɹ ɩɨɞɪɨɛɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɨ ɞɟɥɟɝɢɪɨɜɚɧɢɢ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ. ɋɥɟɞɭɟɬ ɩɪɨɱɟɫɬɶ ɷɬɭ ɝɥɚɜɭ ɩɟɪɟɞ ɫɨɡɞɚɧɢɟɦ ɩɪɨɟɤɬɚ OU. Ⱦɥɹ ɛɨɥɶɲɢɧɫɬɜɚ ɤɨɦɩɚɧɢɣ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ ɛɭɞɭɬ ɪɚɡɪɚɛɚɬɵɜɚɬɶɫɹ ɧɚ ɨɫɧɨɜɟ ɬɪɟɛɨɜɚɧɢɣ, ɫɜɹɡɚɧɧɵɯ ɫ ɞɟɥɟɝɢɪɨɜɚɧɢɟɦ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ. ɋɤɨɪɟɟ ɜɫɟɝɨ, ɷɬɢ ɟɞɢɧɢɰɵ OU ɛɭɞɭɬ ɨɫɧɨɜɚɧɵ ɧɚ ɝɟɨɝɪɚɮɢɱɟɫɤɨɦ ɦɟɫɬɟ ɪɚɫɩɨɥɨɠɟɧɢɹ ɨɮɢɫɨɜ ɤɨɦɩɚɧɢɢ ɢɥɢ ɧɚ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɹɯ. ɗɬɢ ɝɪɚɧɢɰɵ OU ɛɭɞɭɬ ɬɚɤɠɟ ɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɦɢ ɝɪɚɧɢɰɚɦɢ.
0U,
ȼɬɨɪɚɹ ɩɪɢɱɢɧɚ ɞɥɹ ɫɨɡɞɚɧɢɹ OU ɡɚɤɥɸɱɚɟɬɫɹ ɜ ɭɩɪɚɜɥɟɧɢɢ ɧɚɡɧɚɱɟɧɢɟɦ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɢɡɦɟɧɟɧɢɹ ɢ ɭɩɪɚɜɥɟɧɢɹ ɤɨɧɮɢɝɭɪɚɰɢɟɣ ɪɚɛɨɱɢɯ ɫɬɨɥɨɜ. ɋ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɦɨɠɧɨ ɨɛɟɫɩɟɱɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɫɬɚɧɞɚɪɬɧɭɸ ɤɨɧɮɢɝɭɪɚɰɢɸ
ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ, ɜɤɥɸɱɚɹ ɚɜɬɨɦɚɬɢɱɟɫɤɭɸ ɢɧɫɬɚɥɥɹɰɢɸ ɧɚɛɨɪɚ ɩɪɢɥɨɠɟɧɢɣ. Ƚɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɦɨɠɟɬ ɭɩɪɚɜɥɹɬɶ ɢɡɦɟɧɟɧɢɹɦɢ, ɤɨɬɨɪɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜɵɩɨɥɧɹɸɬ ɧɚ ɫɜɨɢɯ ɤɨɦɩɶɸɬɟɪɚɯ, ɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ. ɉɨɱɬɢ ɜɫɟ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɜ Active Directory ɧɚɡɧɚɱɚɸɬɫɹ ɧɚ ɭɪɨɜɧɟ OU, ɬɚɤ ɱɬɨ ɪɚɡɜɟɪɬɵɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɛɭɞɟɬ ɢɝɪɚɬɶ ɜɚɠɧɭɸ ɪɨɥɶ ɜ ɩɪɨɟɤɬɟ OU. ɉɪɢ ɩɥɚɧɢɪɨɜɚɧɢɢ ɫɬɪɭɤɬɭɪɵ OU ɜɵ ɝɪɭɩɩɢɪɭɟɬɟ ɜɦɟɫɬɟ ɨɛɴɟɤɬɵ, ɤɨɬɨɪɵɟ ɬɪɟɛɭɸɬ ɨɞɢɧɚɤɨɜɵɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɨɞɧɨɝɨ ɨɬɞɟɥɚ ɬɪɟɛɭɟɬɫɹ ɨɞɢɧɚɤɨɜɵɣ ɧɚɛɨɪ ɩɪɢɥɨɠɟɧɢɣ, ɢɯ ɦɨɠɧɨ ɭɫɬɚɧɨɜɢɬɶ, ɢɫɩɨɥɶɡɭɹ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ. ɉɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɧɭɠɞɚɬɶɫɹ ɜ ɫɬɚɧɞɚɪɬɧɨɦ ɧɚɛɨɪɟ ɨɬɨɛɪɚɠɚɟɦɵɯ ɞɢɫɤɨɜ (mapped drives). ɋɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɦɨɠɧɨ ɧɚɡɧɚɱɢɬɶ, ɬɚɤɠɟ ɢɫɩɨɥɶɡɭɹ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ. ȼɨɡɦɨɠɧɨ, ɱɬɨ ɜɵ ɡɚɯɨɬɢɬɟ ɩɪɢɦɟɧɢɬɶ ɲɚɛɥɨɧ ɡɚɳɢɬɵ ɤɨ ɜɫɟɦ ɮɚɣɥɨɜɵɦ ɫɟɪɜɟɪɚɦ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. ɑɬɨɛɵ ɫɞɟɥɚɬɶ ɷɬɨ, ɫɝɪɭɩɩɢɪɭɣɬɟ ɜɫɟ ɮɚɣɥɨɜɵɟ ɫɟɪɜɟɪɵ ɜ OU ɢ ɧɚɡɧɚɱɶɬɟ ɲɚɛɥɨɧ ɡɚɳɢɬɵ, ɢɫɩɨɥɶɡɭɹ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɤɨɦɩɚɧɢɣ ɧɢɡɤɢɟ ɬɪɟɛɨɜɚɧɢɹ ɤ ɭɪɨɜɧɸ ɩɪɨɟɤɬɚ OU ɛɭɞɭɬ ɨɩɪɟɞɟɥɹɬɶɫɹ, ɩɪɟɠɞɟ ɜɫɟɝɨ, ɩɨɬɪɟɛɧɨɫɬɶɸ ɩɪɢɦɟɧɟɧɢɹ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɜɫɟ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɧɚɫɥɟɞɭɸɬɫɹ ɨɬ ɪɨɞɢɬɟɥɶɫɤɢɯ OU. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɵ ɦɨɠɟɬɟ ɩɪɢɦɟɧɢɬɶ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɧɚ ɜɵɫɨɤɨɦ ɭɪɨɜɧɟ ɜ ɫɬɪɭɤɬɭɪɟ OU, ɚ ɡɚɬɟɦ ɩɪɢɦɟɧɢɬɶ ɫɩɟɰɢɮɢɱɧɭɸ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɧɚ ɛɨɥɟɟ ɧɢɡɤɨɦ ɭɪɨɜɧɟ. ȿɫɥɢ ɧɭɠɧɨ ɢɡɦɟɧɢɬɶ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɧɚɫɥɟɞɨɜɚɧɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɷɬɨ ɦɨɠɧɨ ɫɞɟɥɚɬɶ, ɫɨɡɞɚɜ OU ɢ ɡɚɛɥɨɤɢɪɨɜɚɜ ɥɸɛɨɟ ɧɚɫɥɟɞɨɜɚɧɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɧɚ ɭɪɨɜɧɟ OU. Ɍɚɤɚɹ ɡɚɜɢɫɢɦɨɫɬɶ ɩɪɨɟɤɬɚ OU ɨɬ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɵ ɞɨɥɠɧɵ ɩɨɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɢ ɬɪɟɛɨɜɚɧɢɹ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. ȼ ɝɥɚɜɚɯ 11, 12, 13 ɩɨɞɪɨɛɧɨ ɨɛɫɭɠɞɚɟɬɫɹ, ɱɬɨ ɦɨɠɧɨ ɞɟɥɚɬɶ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ.
OU
ɇɚɱɧɢɬɟ ɪɚɡɪɚɛɚɬɵɜɚɬɶ ɩɪɨɟɤɬ OU ɫ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɯ ɟɞɢɧɢɰ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ. ɂɯ ɬɪɭɞɧɟɟ ɦɨɞɢɮɢɰɢɪɨɜɚɬɶ ɩɨɫɥɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɢɡ-ɡɚ OU, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɧɢɠɟ. OU ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ ɞɨɥɠɧɵ ɨɫɧɨɜɵɜɚɬɶɫɹ ɧɚ ɱɟɦ-ɬɨ ɧɟɢɡɦɟɧɧɨɦ: ɧɚ ɝɟɨɝɪɚɮɢɱɟɫɤɢɯ ɪɟɝɢɨɧɚɯ ɢɥɢ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɹɯ. ɉɪɨɟɤɬ OU, ɨɫɧɨɜɚɧɧɵɣ ɧɚ ɝɟɨɝɪɚɮɢɢ ɤɨɦɩɚɧɢɢ, ɜɟɪɨɹɬɧɨ, ɛɭɞɟɬ ɧɚɢɛɨɥɟɟ ɭɫɬɨɣɱɢɜ ɤ ɢɡɦɟɧɟɧɢɹɦ. ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɱɚɫɬɨ ɪɟɨɪɝɚɧɢɡɭɸɬɫɹ, ɧɨ ɪɟɞɤɨ ɢɡɦɟɧɹɸɬ ɝɟɨɝɪɚɮɢɱɟɫɤɭɸ ɤɨɧɮɢɝɭɪɚɰɢɸ. ɋɬɪɭɤɬɭɪɚ OU, ɨɫɧɨɜɚɧɧɚɹ ɧɚ ɝɟɨɝɪɚɮɢɢ ɤɨɦɩɚɧɢɢ, ɯɨɪɨɲɨ ɪɚɛɨɬɚɟɬ, ɟɫɥɢ ɤɨɦɩɚɧɢɹ ɢɫɩɨɥɶɡɭɟɬ ɞɟɰɟɧɬɪɚɥɢɡɨɜɚɧɧɭɸ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɭɸ ɦɨɞɟɥɶ, ɨɫɧɨɜɚɧɧɭɸ ɬɚɤɠɟ ɧɚ ɝɟɨɝɪɚɮɢɢ. ȿɫɥɢ ɤɚɠɞɨɟ ɝɟɨɝɪɚɮɢɱɟɫɤɨɟ ɦɟɫɬɨ (ɨɞɢɧ ɨɮɢɫ ɢɥɢ ɰɟɧɬɪɚɥɶɧɵɣ ɨɮɢɫ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɮɢɥɢɚɥɚɦɢ) ɢɦɟɟɬ ɫɜɨɣ ɫɨɛɫɬɜɟɧɧɵɣ ɧɚɛɨɪ ɫɟɬɟɜɵɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ, ɬɨ ɝɟɨɝɪɚɮɢɱɟɫɤɢɟ OU ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ ɷɬɢɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ. Ɉɫɧɨɜɧɨɣ ɧɟɞɨɫɬɚɬɨɤ ɫɬɪɭɤɬɭɪɵ OU, ɨɫɧɨɜɚɧɧɨɣ ɧɚ ɝɟɨɝɪɚɮɢɢ, ɩɪɨɹɜɥɹɟɬɫɹ ɬɨɝɞɚ, ɤɨɝɞɚ ɜɨɡɧɢɤɚɟɬ ɧɟɫɤɨɥɶɤɨ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɣ ɜ ɤɚɠɞɨɦ ɝɟɨɝɪɚɮɢɱɟɫɤɨɦ ɦɟɫɬɟ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɤɚɠɞɵɣ ɨɬɞɟɥ ɩɪɟɞɫɬɚɜɥɟɧ ɜ ɤɚɠɞɨɦ ɨɮɢɫɟ ɤɨɦɩɚɧɢɢ, ɛɨɥɟɟ ɷɮɮɟɤɬɢɜɧɨ ɧɚ ɜɵɫɲɟɦ ɭɪɨɜɧɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɬɪɭɤɬɭɪɭ OU, ɨɫɧɨɜɚɧɧɭɸ ɧɚ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɹɯ. ȼɬɨɪɚɹ ɫɬɪɭɤɬɭɪɚ OU ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ ɨɫɧɨɜɵɜɚɟɬɫɹ ɧɚ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɹɯ. ȼ ɷɬɨɣ ɦɨɞɟɥɢ OU ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ ɫɨɡɞɚɟɬɫɹ ɞɥɹ ɤɚɠɞɨɝɨ ɞɟɥɨɜɨɝɨ ɩɨɞɪɚɡɞɟɥɟɧɢɹ ɜ ɩɪɟɞɟɥɚɯ ɤɨɪɩɨɪɚɰɢɢ. ɗɬɨɬ ɬɢɩ ɤɨɧɮɢɝɭɪɚɰɢɢ ɹɜɥɹɟɬɫɹ ɧɚɢɛɨɥɟɟ ɩɨɞɯɨɞɹɳɢɦ, ɟɫɥɢ ɤɨɦɩɚɧɢɹ ɧɚɯɨɞɢɬɫɹ ɜ ɨɞɧɨɦ ɦɟɫɬɟ ɢɥɢ ɟɫɥɢ ɦɧɨɝɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɡɚɞɚɱɢ ɞɟɥɟɝɢɪɭɸɬɫɹ ɧɚ ɭɪɨɜɟɧɶ ɞɟɥɨɜɨɝɨ ɩɨɞɪɚɡɞɟɥɟɧɢɹ. ɉɪɨɛɥɟɦɚ, ɤɨɬɨɪɚɹ ɦɨɠɟɬ ɜɨɡɧɢɤɧɭɬɶ, ɡɚɤɥɸɱɚɟɬɫɹ ɜ ɬɨɦ, ɱɬɨ OU ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ ɢɡɦɟɧɹɬɫɹ ɜ ɫɥɭɱɚɟ ɪɟɨɪɝɚɧɢɡɚɰɢɢ ɤɨɦɩɚɧɢɢ. Ȼɨɥɶɲɢɧɫɬɜɨ ɤɪɭɩɧɵɯ ɤɨɪɩɨɪɚɰɢɣ ɮɚɤɬɢɱɟɫɤɢ ɛɭɞɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɤɨɦɛɢɧɚɰɢɸ ɟɞɢɧɢɰ, ɨɫɧɨɜɚɧɧɵɯ ɧɚ ɝɟɨɝɪɚɮɢɢ ɢ ɧɚ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɹɯ. Ɉɛɵɱɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ - ɷɬɨ OU ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɝɟɨɝɪɚɮɢɱɟɫɤɢɯ ɪɟɝɢɨɧɚɯ, ɫɨ ɫɥɟɞɭɸɳɢɦ ɭɪɨɜɧɟɦ OU ɜ ɩɪɟɞɟɥɚɯ ɤɚɠɞɨɝɨ ɪɟɝɢɨɧɚ, ɨɫɧɨɜɚɧɧɵɯ ɧɚ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɹɯ. ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɦɨɝɭɬ ɜɵɛɪɚɬɶ OU ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɹɯ, ɚ ɡɚɬɟɦ ɫɨɡɞɚɜɚɬɶ ɩɨɞ ɜɵɫɲɢɦ ɭɪɨɜɧɟɦ ɫɬɪɭɤɬɭɪɭ OU, ɨɫɧɨɜɚɧɧɭɸ ɧɚ ɝɟɨɝɪɚɮɢɢ. ɇɚ ɪɢɫɭɧɤɟ 5-11 ɩɨɤɚɡɚɧ ɩɪɨɟɤɬ OU ɞɥɹ ɤɪɭɩɧɨɣ ɤɨɦɩɚɧɢɢ. OU ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ ɜɤɥɸɱɚɟɬ Domain Controllers OU (OU ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ) (ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɪɚɫɩɨɥɨɠɟɧɵ ɜ ɷɬɨɣ OU) ɢ OU ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɭɪɨɜɧɹ ɞɨɦɟɧɚ. OU ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ ɦɨɝɭɬ ɜɤɥɸɱɚɬɶ OU ɫɥɭɠɛɵ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɞɥɹ ɜɫɟɯ ɫɥɭɠɟɛɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ (Service Account), ɢɫɩɨɥɶɡɭɟɦɵɯ ɜ ɞɨɦɟɧɟ. ɋɨɡɞɚɧɢɟ ɧɚ ɜɵɫɲɟɦ ɭɪɨɜɧɟ OU ɞɥɹ ɫɩɟɰɢɚɥɶɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɬɚɤɢɯ ɤɚɤ ɫɥɭɠɟɛɧɵɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ, ɭɩɪɨɳɚɟɬ ɢɯ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ. OU ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ ɦɨɝɭɬ ɜɤɥɸɱɚɬɶ OU ɫɟɪɜɟɪɨɜ, ɟɫɥɢ ɜɫɟ ɫɟɪɜɟɪɵ ɭɩɪɚɜɥɹɸɬɫɹ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨ. ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɷɬɢɦ
ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɦ OU ɦɨɝɭɬ ɛɵɬɶ ɬɚɤɠɟ OU ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɝɟɨɝɪɚɮɢɢ ɤɨɪɩɨɪɚɰɢɢ. Ɉɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɝɟɨɝɪɚɮɢɢ, ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ.
. 5-11.
OU
OU ɜɬɨɪɨɝɨ ɭɪɨɜɧɹ ɜ ɤɚɠɞɨɦ ɝɟɨɝɪɚɮɢɱɟɫɤɨɦ ɪɟɝɢɨɧɟ ɨɫɧɨɜɚɧɵ ɧɚ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɹɯ ɪɟɝɢɨɧɚ. OU ɛɢɡɧɟɫ-ɩɨɞɪɚɡɞɟɥɟɧɢɣ ɦɨɝɥɢ ɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ, ɚ ɬɚɤɠɟ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. ɉɨɞ ɞɟɥɨɜɵɦɢ OU ɪɚɫɩɨɥɚɝɚɸɬɫɹ OU, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɨɬɞɟɥɚɯ. ɇɚ ɷɬɨɦ ɭɪɨɜɧɟ OU ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɢɥɢ ɨɩɪɟɞɟɥɟɧɧɵɯ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ, ɬɢɩɚ ɩɪɚɜɚ ɫɛɪɨɫɚ ɩɚɪɨɥɟɣ. OU ɨɬɞɟɥɨɜ ɦɨɝɭɬ ɫɨɞɟɪɠɚɬɶ ɞɪɭɝɢɟ OU. • OU ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ - ɫɨɞɟɪɠɢɬ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ ɨɬɞɟɥɚ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ OU ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɪɚɡɛɢɜɚɸɬɫɹ ɧɚ OU, ɫɨɞɟɪɠɚɳɢɟ ɝɪɭɩɩɵ, ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɥɢ ɭɞɚɥɟɧɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. • OU ɤɨɦɩɶɸɬɟɪɨɜ - ɫɨɞɟɪɠɢɬ ɜɫɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɤɨɦɩɶɸɬɟɪɵ ɢ ɜɤɥɸɱɚɟɬ ɨɬɞɟɥɶɧɵɟ OU ɤɨɦɩɶɸɬɟɪɨɜ ɫ ɫɢɫɬɟɦɨɣ Windows NT, Windows 2000, Microsoft Windows XP Professional ɢ OU ɩɨɪɬɚɬɢɜɧɵɯ ɤɨɦɩɶɸɬɟɪɨɜ. • OU ɪɟɫɭɪɫɨɜ - ɫɨɞɟɪɠɢɬ ɪɟɫɭɪɫɵ, ɫɜɹɡɚɧɧɵɟ ɫ ɞɚɧɧɨɣ OU. ȼɤɥɸɱɚɟɬ ɞɨɦɟɧɵ ɥɨɤɚɥɶɧɵɯ ɝɪɭɩɩ, ɫɟɪɜɟɪɵ, ɩɪɢɧɬɟɪɵ ɢ ɫɨɜɦɟɫɬɧɨ ɢɫɩɨɥɶɡɭɟɦɵɟ ɩɚɩɤɢ. • OU ɩɪɢɥɨɠɟɧɢɣ ɢɥɢ ɩɪɨɟɤɬɨɜ. ȿɫɥɢ ɝɪɭɩɩɚ ɥɸɞɟɣ ɢ ɪɟɫɭɪɫɨɜ ɪɚɛɨɬɚɸɬ ɧɚɞ ɨɩɪɟɞɟɥɟɧɧɵɦ ɩɪɨɟɤɬɨɦ (ɩɪɢɥɨɠɟɧɢɟɦ), ɤɨɬɨɪɵɣ ɬɪɟɛɭɟɬ ɭɧɢɤɚɥɶɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ, ɦɨɠɧɨ ɫɨɡɞɚɬɶ ɫɬɪɭɤɬɭɪɭ OU ɞɥɹ ɷɬɢɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɚ ɡɚɬɟɦ ɫɝɪɭɩɩɢɪɨɜɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɪɟɫɭɪɫɵ ɢ ɤɨɦɩɶɸɬɟɪɵ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɞɚɧɧɨɝɨ ɩɪɨɟɤɬɚ, ɜ OU. С . , , OU. , . OU, ,— , . Ɋɚɛɨɬɚɹ ɧɚɞ ɫɨɡɞɚɧɢɟɦ ɩɪɨɟɤɬɚ OU, ɧɭɠɧɨ ɟɝɨ ɬɳɚɬɟɥɶɧɨ ɡɚɞɨɤɭɦɟɧɬɢɪɨɜɚɬɶ. ɉɪɨɟɤɬ ɛɭɞɟɬ
ɜɤɥɸɱɚɬɶ ɞɢɚɝɪɚɦɦɭ ɫɬɪɭɤɬɭɪɵ OU, ɫɩɢɫɨɤ ɜɫɟɯ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɯ ɟɞɢɧɢɰ OU ɢ ɰɟɥɢ ɤɚɠɞɨɝɨ OU. ȿɫɥɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ OU ɞɥɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ, ɡɚɞɨɤɭɦɟɧɬɢɪɭɣɬɟ ɩɪɚɜɚ, ɞɟɥɟɝɢɪɨɜɚɧɧɵɟ ɤɚɠɞɨɦɭ ɭɪɨɜɧɸ OU. Ɋɚɡɜɟɪɬɵɜɚɹ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ, ɫɜɹɡɚɧɧɭɸ ɫ ɤɚɠɞɵɦ OU, ɡɚɞɨɤɭɦɟɧɬɢɪɭɣɬɟ ɤɨɧɮɢɝɭɪɚɰɢɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ.
Ⱦɨ ɧɚɫɬɨɹɳɟɝɨ ɦɨɦɟɧɬɚ ɜ ɤɧɢɝɟ ɨɛɫɭɠɞɚɥɢɫɶ ɥɨɝɢɱɟɫɤɢɟ ɚɫɩɟɤɬɵ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ Active Directory ɛɟɡ ɭɱɟɬɚ ɮɚɤɬɢɱɟɫɤɨɣ ɫɟɬɟɜɨɣ ɬɨɩɨɥɨɝɢɢ ɨɪɝɚɧɢɡɚɰɢɢ. ɉɪɟɠɞɟ ɱɟɦ ɪɚɡɜɟɪɧɭɬɶ ɩɪɨɟɤɬ Active Directory, ɧɟɨɛɯɨɞɢɦɨ ɪɚɡɨɛɪɚɬɶɫɹ ɫ ɩɪɨɟɤɬɨɦ ɫɚɣɬɚ, ɧɚ ɤɨɬɨɪɵɣ ɧɟɩɨɫɪɟɞɫɬɜɟɧɧɨ ɜɥɢɹɟɬ ɫɟɬɟɜɚɹ ɬɨɩɨɥɨɝɢɹ.
Active Directory
ȼ Active Directory ɫɚɣɬɵ ɩɪɟɞɫɬɚɜɥɹɸɬ ɫɨɛɨɣ ɨɩɪɟɞɟɥɟɧɧɵɟ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɨɛɴɟɤɬɵ ɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɫɟɬɟɜɵɦ ɬɪɚɮɢɤɨɦ. ɗɬɨ ɨɫɭɳɟɫɬɜɥɹɟɬɫɹ ɬɪɟɦɹ ɫɩɨɫɨɛɚɦɢ. • Ɍɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɫɠɚɬ, ɩɨɷɬɨɦɭ ɪɟɩɥɢɤɚɰɢɹ ɦɟɠɞɭ ɫɚɣɬɚɦɢ ɢɫɩɨɥɶɡɭɟɬ ɩɨɥɨɫɭ ɩɪɨɩɭɫɤɚɧɢɹ ɫɟɬɢ ɜ ɦɟɧɶɲɟɣ ɫɬɟɩɟɧɢ, ɱɟɦ ɪɟɩɥɢɤɚɰɢɹ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ. ȼɵɩɨɥɧɟɧɢɟ ɪɟɩɥɢɤɚɰɢɢ ɩɪɨɢɫɯɨɞɢɬ ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɪɚɫɩɢɫɚɧɢɟɦ ɞɥɹ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɜ ɷɬɨ ɜɪɟɦɹ ɫɟɬɶ ɡɚɧɹɬɚ ɦɟɧɶɲɢɦ ɤɨɥɢɱɟɫɬɜɨɦ ɞɪɭɝɢɯ ɡɚɩɪɨɫɨɜ. • Ɍɪɚɮɢɤ, ɫɜɹɡɚɧɧɵɣ ɫ ɜɯɨɞɚɦɢ ɤɥɢɟɧɬɨɜ ɜ ɫɢɫɬɟɦɭ, ɨɫɬɚɧɟɬɫɹ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ, ɟɫɥɢ ɞɨɫɬɭɩɟɧ ɥɨɤɚɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. • ɉɪɢɥɨɠɟɧɢɹ, ɭɱɢɬɵɜɚɸɳɢɟ ɧɚɥɢɱɢɟ ɫɥɭɠɛɵ Active Directory, ɩɨɞɨɛɧɵɟ ɪɚɫɩɪɟɞɟɥɟɧɧɨɣ ɮɚɣɥɨɜɨɣ ɫɢɫɬɟɦɟ (DFS - Distributed File System), ɦɨɠɧɨ ɞɨɛɚɜɢɬɶ ɤ ɫɟɬɢ ɞɥɹ ɨɝɪɚɧɢɱɟɧɢɹ ɬɪɚɮɢɤɚ, ɫɜɹɡɚɧɧɨɝɨ ɫ ɞɨɫɬɭɩɨɦ ɤɥɢɟɧɬɨɜ ɤ ɦɟɫɬɧɨɦɭ ɫɚɣɬɭ.
ɉɨɫɤɨɥɶɤɭ ɩɪɨɟɤɬɢɪɨɜɚɧɢɟ ɫɚɣɬɚ ɫɢɥɶɧɨ ɡɚɜɢɫɢɬ ɨɬ ɨɪɝɚɧɢɡɚɰɢɨɧɧɨɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɫɟɬɢ, ɩɟɪɜɵɣ ɲɚɝ ɜ ɫɨɡɞɚɧɢɢ ɩɪɨɟɤɬɚ ɫɨɫɬɨɢɬ ɜ ɞɨɤɭɦɟɧɬɢɪɨɜɚɧɢɢ ɷɬɨɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ. Ⱦɨɤɭɦɟɧɬɢɪɨɜɚɧɢɟ ɞɨɥɠɧɨ ɜɤɥɸɱɚɬɶ: • ɫɯɟɦɵ ɬɨɩɨɥɨɝɢɢ ɝɥɨɛɚɥɶɧɨɣ (WAN) ɢ ɥɨɤɚɥɶɧɨɣ ɫɟɬɢ (LAN), ɞɟɬɚɥɢɡɢɪɭɸɳɢɟ ɫɟɬɶ ɤɨɪɩɨɪɚɰɢɢ, ɜ ɤɨɬɨɪɵɯ ɫɨɞɟɪɠɢɬɫɹ ɢɧɮɨɪɦɚɰɢɹ ɨ ɩɨɥɧɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɢ ɞɨɫɬɭɩɧɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɦɟɠɞɭ ɜɫɟɦɢ ɨɮɢɫɚɦɢ ɤɨɦɩɚɧɢɢ; • ɫɩɢɫɨɤ ɜɫɟɯ ɨɮɢɫɨɜ ɤɨɦɩɚɧɢɢ, ɜ ɤɨɬɨɪɵɯ ɤɨɦɩɶɸɬɟɪɵ ɫɜɹɡɚɧɵ ɱɟɪɟɡ ɜɵɫɨɤɨɫɤɨɪɨɫɬɧɵɟ ɫɟɬɟɜɵɟ ɫɨɟɞɢɧɟɧɢɹ. Ɉɩɪɟɞɟɥɟɧɢɟ ɜɵɫɨɤɨɫɤɨɪɨɫɬɧɨɝɨ ɩɨɞɤɥɸɱɟɧɢɹ ɦɟɧɹɟɬɫɹ ɜ ɡɚɜɢɫɢɦɨɫɬɢ ɨɬ ɬɚɤɢɯ ɮɚɤɬɨɪɨɜ, ɤɚɤ ɤɨɥɢɱɟɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɨɮɢɫɚɯ ɤɨɦɩɚɧɢɢ, ɨɛɳɟɟ ɤɨɥɢɱɟɫɬɜɨ ɨɛɴɟɤɬɨɜ ɜ ɞɨɦɟɧɟ ɢ ɞɨɦɟɧɨɜ ɜ ɥɟɫɭ. Ʉɪɨɦɟ ɬɨɝɨ, ɧɭɠɧɨ ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤɚɹ ɱɚɫɬɶ ɢɡ ɩɨɥɧɨɣ ɩɨɥɨɫɵ ɩɪɨɩɭɫɤɚɧɢɹ ɫɟɬɢ ɞɨɫɬɭɩɧɚ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɫɟɬɟɜɵɟ ɩɨɞɤɥɸɱɟɧɢɹ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɞɨɥɠɧɵ ɢɦɟɬɶ ɫɤɨɪɨɫɬɶ ɞɨɫɬɭɩɧɨɣ ɩɨɥɨɫɵ ɩɪɨɩɭɫɤɚɧɢɹ 512 Ʉɛ/ɫ. ȼ ɤɪɭɩɧɨɣ ɤɨɦɩɚɧɢɢ ɜ ɤɚɱɟɫɬɜɟ ɦɢɧɢɦɚɥɶɧɨɣ ɫɤɨɪɨɫɬɢ ɫɟɬɟɜɨɝɨ ɩɨɞɤɥɸɱɟɧɢɹ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɫɤɨɪɨɫɬɶ ɜ 10 Ɇɛ/ɫ; • ɞɥɹ ɤɚɠɞɨɝɨ ɨɮɢɫɚ ɤɨɦɩɚɧɢɢ ɭɬɨɱɧɢɬɟ ɤɨɥɢɱɟɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɤɨɦɩɶɸɬɟɪɨɜ, ɫɟɪɜɟɪɨɜ ɢ ɥɨɤɚɥɶɧɵɯ ɩɨɞɫɟɬɟɣ IP.
Ʉɚɤ ɬɨɥɶɤɨ ɢɧɮɨɪɦɚɰɢɹ ɨ ɫɟɬɢ ɤɨɦɩɚɧɢɢ ɫɨɛɪɚɧɚ, ɦɨɠɧɨ ɩɪɢɫɬɭɩɚɬɶ ɤ ɩɪɨɟɤɬɢɪɨɜɚɧɢɸ ɫɚɣɬɚ. Ⱦɥɹ ɧɚɱɚɥɚ ɢɫɫɥɟɞɭɣɬɟ ɤɚɠɞɵɣ ɨɮɢɫ ɤɨɦɩɚɧɢɢ, ɜ ɤɨɬɨɪɨɦ ɤɨɦɩɶɸɬɟɪɵ ɫɜɹɡɚɧɵ ɱɟɪɟɡ ɜɵɫɨɤɨɫɤɨɪɨɫɬɧɵɟ ɫɟɬɟɜɵɟ ɩɨɞɤɥɸɱɟɧɢɹ. ɋɤɨɥɶɤɨ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɧɚɯɨɞɢɬɫɹ ɜ ɤɚɠɞɨɦ ɦɟɫɬɟ? Ⱦɨɫɬɚɬɨɱɧɨ ɢɯ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɬɚɦ ɬɪɟɛɨɜɚɥɫɹ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ? Ʉɚɤɨɜɵ ɫɟɬɟɜɵɟ ɫɨɟɞɢɧɟɧɢɹ ɨɬ ɷɬɨɝɨ ɨɮɢɫɚ ɞɨ ɞɪɭɝɢɯ ɨɮɢɫɨɜ ɤɨɦɩɚɧɢɢ? Ʉɚɠɞɵɣ ɫɚɣɬ ɞɨɥɠɟɧ ɢɦɟɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɚ ɛɨɥɶɲɢɧɫɬɜɨ ɢɡ ɧɢɯ -ɢ GC-ɫɟɪɜɟɪ. ȿɫɥɢ ɜɵ ɪɟɲɚɟɬɟ, ɫɨɡɞɚɜɚɬɶ ɥɢ ɫɚɣɬ ɞɥɹ ɨɮɢɫɚ ɤɨɦɩɚɧɢɢ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ ɢ ɦɟɞɥɟɧɧɵɦ ɫɟɬɟɜɵɦ ɫɨɟɞɢɧɟɧɢɟɦ, ɬɨ ɧɚ ɫɚɦɨɦ ɞɟɥɟ ɪɟɲɚɟɬɫɹ ɜɨɩɪɨɫ ɨ ɬɨɦ, ɧɭɠɟɧ ɥɢ ɡɞɟɫɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. Ⱦɥɹ ɷɬɨɝɨ ɨɩɪɟɞɟɥɢɬɟ, ɤɚɤɨɣ ɜɚɪɢɚɧɬ ɩɪɢɜɟɞɟɬ ɤ ɧɚɢɦɟɧɶɲɟɦɭ ɤɨɥɢɱɟɫɬɜɭ ɫɟɬɟɜɨɝɨ ɬɪɚɮɢɤɚ. ɑɬɨ ɫɨɡɞɚɫɬ ɛɨɥɶɲɟɟ ɤɨɥɢɱɟɫɬɜɨ ɬɪɚɮɢɤɚ: ɜɯɨɞɵ ɤɥɢɟɧɬɨɜ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢɡ
ɞɪɭɝɢɯ ɨɮɢɫɨɜ ɤɨɦɩɚɧɢɢ ɢɥɢ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ? Ⱦɥɹ ɬɹɠɟɥɨɝɨ ɬɪɚɮɢɤɚ ɧɭɠɧɨ ɪɚɫɫɦɨɬɪɟɬɶ ɞɪɭɝɢɟ ɮɚɤɬɨɪɵ. ȿɫɥɢ ɜɵ ɧɟ ɩɨɦɟɫɬɢɬɟ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɞɚɧɧɨɟ ɦɟɫɬɨ, ɬɨ ɫɥɟɞɭɟɬ ɪɚɫɫɦɨɬɪɟɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɩɪɟɪɵɜɚɧɢɹ ɪɚɛɨɬɵ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɫɥɭɱɚɟ ɨɬɤɚɡɚ ɫɟɬɟɜɨɝɨ ɩɨɞɤɥɸɱɟɧɢɹ, ɩɨɬɨɦɭ ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɢ ɧɟ ɫɦɨɝɭɬ ɜɨɣɬɢ ɜ ɞɨɦɟɧ. ȿɫɥɢ ɜɵ ɜɫɟ ɪɚɜɧɨ ɪɚɡɜɟɪɬɵɜɚɟɬɟ Windows Server 2003 ɜ ɞɚɧɧɨɦ ɦɟɫɬɟ, ɬɨ ɧɟ ɦɨɠɟɬ ɥɢ ɨɧ ɛɵɬɶ ɬɚɤɠɟ ɢ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɫɚɣɬɚ? С . Active Directory , , , . , OU . , WAN, . , Active Directory, . ɉɨɫɥɟ ɨɩɪɟɞɟɥɟɧɢɹ ɤɨɥɢɱɟɫɬɜɚ ɫɚɣɬɨɜ ɞɥɹ Active Directory ɫɨɡɞɚɟɬɫɹ ɩɪɨɟɤɬ ɤɚɠɞɨɝɨ ɫɚɣɬɚ. Ʉɚɠɞɵɣ ɫɚɣɬ ɜ Active Directory ɫɜɹɡɚɧ ɫ ɨɞɧɨɣ ɢɥɢ ɛɨɥɟɟ ɩɨɞɫɟɬɹɦɢ IP, ɩɨɷɬɨɦɭ ɧɭɠɧɨ ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤɢɟ ɩɨɞɫɟɬɢ ɛɭɞɭɬ ɜɤɥɸɱɟɧɵ ɜ ɤɚɠɞɵɣ ɫɚɣɬ. ȿɫɥɢ ɜɵ ɪɟɲɢɬɟ ɧɟ ɪɚɡɜɟɪɬɵɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɤɚɤɨɦ-ɧɢɛɭɞɶ ɨɮɢɫɟ ɤɨɦɩɚɧɢɢ, ɧɭɠɧɨ ɨɩɪɟɞɟɥɢɬɶ, ɤ ɤɚɤɨɦɭ ɫɚɣɬɭ ɛɭɞɟɬ ɩɪɢɧɚɞɥɟɠɚɬɶ ɷɬɨɬ ɨɮɢɫ, ɢ ɞɨɛɚɜɢɬɶ ɷɬɭ ɩɨɞɫɟɬɶ IP ɤ ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɦɭ ɫɚɣɬɭ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɤɥɢɟɧɬɵ, ɧɚɯɨɞɹɳɢɟɫɹ ɜ ɭɞɚɥɟɧɧɨɦ ɨɮɢɫɟ, ɫɨɟɞɢɧɹɬɫɹ ɫ ɛɥɢɠɚɣɲɢɦɢ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ. ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ ɫɚɣɬɨɜ ɧɭɠɧɨ ɫɮɨɪɦɢɪɨɜɚɬɶ ɬɨɩɨɥɨɝɢɸ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɫɚɣɬɨɜ. Ⱦɥɹ ɷɬɨɝɨ ɫɤɨɧɮɢɝɭɪɢɪɭɣɬɟ ɫɜɹɡɢ ɫɚɣɬɚ ɦɟɠɞɭ ɨɮɢɫɚɦɢ ɤɨɦɩɚɧɢɢ. Ⱦɥɹ ɤɚɠɞɨɣ ɫɜɹɡɢ ɫɚɣɬɚ ɫɩɥɚɧɢɪɭɣɬɟ ɝɪɚɮɢɤ ɢ ɢɧɬɟɪɜɚɥ ɪɟɩɥɢɤɚɰɢɢ, ɚ ɬɚɤɠɟ ɫɬɨɢɦɨɫɬɶ ɫɜɹɡɢ ɫɚɣɬɚ. ȿɫɥɢ ɜɵ ɯɨɬɢɬɟ ɧɚɡɧɚɱɢɬɶ ɫɟɪɜɟɪɵɩɥɚɰɞɚɪɦɵ (bridgehead servers) ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ ɤɚɠɞɨɝɨ ɫɚɣɬɚ, ɢɞɟɧɬɢɮɢɰɢɪɭɣɬɟ ɜɫɟ ɪɚɡɞɟɥɵ Active Directory, ɤɨɬɨɪɵɟ ɛɭɞɟɬ ɪɚɫɩɨɥɨɠɟɧɵ ɜ ɫɚɣɬɟ, ɢ ɧɚɡɧɚɱɶɬɟ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɞɥɹ ɤɚɠɞɨɝɨ ɪɚɡɞɟɥɚ. Ɉɩɪɟɞɟɥɟɧɢɟ ɫɬɨɢɦɨɫɬɢ ɤɚɠɞɨɣ ɢɡ ɫɜɹɡɟɣ ɫɚɣɬɚ ɭɫɥɨɠɧɢɬɫɹ, ɟɫɥɢ ɢɦɟɟɬɫɹ ɧɟɫɤɨɥɶɤɨ ɜɨɡɦɨɠɧɵɯ ɦɚɪɲɪɭɬɨɜ ɦɟɠɞɭ ɨɮɢɫɚɦɢ ɤɨɦɩɚɧɢɢ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɧɭɠɧɨ ɧɚɡɧɚɱɢɬɶ ɡɚɬɪɚɬɵ ɞɥɹ ɫɜɹɡɟɣ ɫɚɣɬɚ ɬɚɤ, ɱɬɨɛɵ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ Active Directory ɢɫɩɨɥɶɡɨɜɚɥɫɹ ɨɩɬɢɦɚɥɶɧɵɣ ɦɚɪɲɪɭɬ. Ɉɞɢɧ ɢɡ ɫɩɨɫɨɛɨɜ ɨɩɪɟɞɟɥɟɧɢɹ ɫɬɨɢɦɨɫɬɢ ɤɚɠɞɨɣ ɫɜɹɡɢ ɫɚɣɬɚ ɫɨɫɬɨɢɬ ɜ ɫɨɡɞɚɧɢɢ ɬɚɛɥɢɰɵ, ɫɨɩɨɫɬɚɜɥɹɸɳɟɣ ɫɟɬɟɜɭɸ ɩɪɨɩɭɫɤɧɭɸ ɫɩɨɫɨɛɧɨɫɬɶ ɫɜɹɡɢ ɫɨ ɫɬɨɢɦɨɫɬɶɸ ɫɜɹɡɢ. ɉɪɢɦɟɪ ɩɨɤɚɡɚɧ ɜ ɬɚɛɥɢɰɟ 5-1. . 5-1.
Ⱦɨɫɬɭɩɧɚɹ ɩɪɨɩɭɫɤɧɚɹ ɫɩɨɫɨɛɧɨɫɬɶ ɋɬɨɢɦɨɫɬɶ ɫɜɹɡɢ ɫɚɣɬɚ Ȼɨɥɶɲɟ ɢɥɢ ɪɚɜɧɨ 10 Ɇɛ/ɫ Ɉɬ 10 Ɇɛ/ɫ ɞɨ 1,544 Ɇɛ/ɫ Ɉɬ 1,544 Ɇɛ/ɫ ɞɨ 512 Ʉɛ/ɫ
10 100 200
Ɉɬ 512 Ʉɛ/ɫ ɞɨ128 Ʉɛ/ɫ Ɉɬ 128 Ʉɛ/ɫ ɞɨ 56 Ʉɛ/ɫ Ɇɟɧɶɲɟ 56 Ʉɛ/ɫ
400 800
2000
ɂɫɩɨɥɶɡɭɹ ɢɧɮɨɪɦɚɰɢɸ, ɩɪɢɜɟɞɟɧɧɭɸ ɜ ɬɚɛɥɢɰɟ 5-1, ɜɵ ɦɨɠɟɬɟ ɧɚɡɧɚɱɢɬɶ ɫɬɨɢɦɨɫɬɶ ɤɚɠɞɨɣ ɫɜɹɡɢ ɫɚɣɬɚ. Ɂɚɬɟɦ ɧɭɠɧɨ ɜɵɱɢɫɥɢɬɶ, ɩɨ ɤɚɤɨɦɭ ɦɚɪɲɪɭɬɭ ɩɨɣɞɟɬ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ, ɟɫɥɢ ɜɫɟ ɫɜɹɡɢ ɞɨɫɬɭɩɧɵ, ɢ ɷɮɮɟɤɬɵ ɫɟɬɟɜɵɯ ɨɬɤɚɡɨɜ ɫɜɹɡɟɣ. ȿɫɥɢ ɟɫɬɶ ɢɡɛɵɬɨɱɧɵɟ ɩɭɬɢ ɜ ɩɪɟɞɟɥɚɯ ɫɟɬɢ, ɭɛɟɞɢɬɟɫɶ, ɱɬɨ ɫɬɨɢɦɨɫɬɶ ɫɜɹɡɟɣ ɫɚɣɬɚ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ ɬɚɤ, ɱɬɨɛɵ ɜ ɫɥɭɱɚɟ ɨɬɤɚɡɚ ɫɜɹɡɢ ɛɵɥ ɜɵɛɪɚɧ ɨɩɬɢɦɚɥɶɧɵɣ ɪɟɡɟɪɜɧɵɣ ɩɭɬɶ. ɍɩɪɚɜɥɹɬɶ ɪɟɩɥɢɤɚɰɢɹɦɢ Active Directory ɦɨɠɧɨ ɬɚɤɠɟ ɩɪɢ ɩɨɦɨɳɢ ɨɬɤɥɸɱɟɧɢɹ ɦɨɫɬɨɜ (site link bridging) ɦɟɠɞɭ ɫɜɹɡɹɦɢ ɫɚɣɬɚ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɦɨɫɬɵ ɫɜɹɡɟɣ ɫɚɣɬɚ ɜɵɤɥɸɱɚɬɶ ɧɟ ɧɭɠɧɨ, ɩɨɬɨɦɭ ɱɬɨ ɩɪɢ ɧɚɥɢɱɢɢ ɦɨɫɬɨɜ ɜɫɟ ɫɜɹɡɢ ɫɚɣɬɚ ɫɬɚɧɨɜɹɬɫɹ ɬɪɚɧɡɢɬɢɜɧɵɦɢ, ɬ.ɟ. ɟɫɥɢ ɫɚɣɬ Ⱥ ɢɦɟɟɬ ɫɜɹɡɶ ɫ ɫɚɣɬɨɦ ȼ, ɚ ɫɚɣɬ ȼ ɢɦɟɟɬ ɫɜɹɡɶ ɫ ɫɚɣɬɨɦ ɋ, ɬɨ ɫɚɣɬ Ⱥ ɦɨɠɟɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɧɚɩɪɹɦɭɸ ɫ ɫɚɣɬɨɦ ɋ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɬɚɤɨɟ ɩɨɜɟɞɟɧɢɟ ɠɟɥɚɬɟɥɶɧɨ. Ɉɞɧɚɤɨ ɫɭɳɟɫɬɜɭɸɬ ɢɫɤɥɸɱɟɧɢɹ, ɤɨɝɞɚ ɧɟɨɛɯɨɞɢɦɨ ɨɬɤɥɸɱɢɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɧɚɜɟɞɟɧɢɹ ɦɨɫɬɨɜ ɦɟɠɞɭ ɫɜɹɡɹɦɢ ɫɚɣɬɚ. ɇɚɩɪɢɦɟɪ, ɤɨɦɩɚɧɢɹ ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɰɟɧɬɪɚɥɶɧɵɯ ɫɚɣɬɨɜ (hub sites) ɜɨ ɜɫɟɦ ɦɢɪɟ ɢ ɧɟɫɤɨɥɶɤɨ ɧɟɛɨɥɶɲɢɯ ɨɮɢɫɨɜ, ɫɨɟɞɢɧɹɸɳɢɯɫɹ ɫ ɰɟɧɬɪɚɥɶɧɵɦɢ ɫɚɣɬɚɦɢ ɱɟɪɟɡ ɦɟɞɥɟɧɧɵɟ ɢɥɢ ɫɪɟɞɧɢɟ ɫɟɬɟɜɵɟ ɩɨɞɤɥɸɱɟɧɢɹ (ɫɦ. ɪɢɫ. 5-12). ȿɫɥɢ ɰɟɧɬɪɚɥɶɧɵɟ ɫɚɣɬɵ ɫɜɹɡɚɧɵ ɜɵɫɨɤɨɫɤɨɪɨɫɬɧɵɦɢ ɫɨɟɞɢɧɟɧɢɹɦɢ, ɬɨ ɚɜɬɨɦɚɬɢɱɟɫɤɨɟ ɧɚɜɟɞɟɧɢɟ ɦɨɫɬɨɜ ɦɟɠɞɭ ɫɜɹɡɹɦɢ ɫɚɣɬɚ ɩɪɢɟɦɥɟɦɨ. Ɉɞɧɚɤɨ, ɟɫɥɢ ɫɟɬɟɜɵɟ
ɩɨɞɤɥɸɱɟɧɢɹ ɦɟɠɞɭ ɰɟɧɬɪɚɥɶɧɵɦɢ ɫɚɣɬɚɦɢ ɧɟɞɨɫɬɚɬɨɱɧɨ ɛɵɫɬɪɵ ɢɥɢ ɛɨɥɶɲɚɹ ɱɚɫɬɶ ɩɨɥɨɫɵ ɩɪɨɩɭɫɤɚɧɢɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɞɪɭɝɢɯ ɩɪɢɥɨɠɟɧɢɣ, ɜɵ, ɜɨɡɦɨɠɧɨ, ɧɟ ɡɚɯɨɬɢɬɟ ɢɦɟɬɶ ɬɪɚɧɡɢɬɢɜɧɵɟ ɩɨɞɤɥɸɱɟɧɢɹ. ɇɚ ɪɢɫɭɧɤɟ 5-12 ɫɟɬɟɜɨɟ ɩɨɞɤɥɸɱɟɧɢɟ ɦɟɠɞɭ ɰɟɧɬɪɚɥɶɧɵɦɢ ɫɚɣɬɚɦɢ-ɤɨɧɰɟɧɬɪɚɬɨɪɚɦɢ Ⱥ ɢ ȼ ɦɨɠɟɬ ɢɦɟɬɶ ɨɝɪɚɧɢɱɟɧɧɭɸ ɞɨɫɬɭɩɧɭɸ ɩɪɨɩɭɫɤɧɭɸ ɫɩɨɫɨɛɧɨɫɬɶ. ȿɫɥɢ ɡɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɮɭɧɤɰɢɹ ɧɚɜɟɞɟɧɢɹ ɦɨɫɬɨɜ ɦɟɠɞɭ ɫɜɹɡɹɦɢ ɫɚɣɬɚ ɧɟ ɢɡɦɟɧɟɧɚ, ɬɨ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ ɰɟɧɬɪɚɥɶɧɨɝɨ ɫɚɣɬɚ Ⱥ ɛɭɞɟɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɫ ɫɟɪɜɟɪɨɦ-ɩɥɚɰɞɚɪɦɨɦ ɫɚɣɬɚ ȼ ɢ ɫ ɫɟɪɜɟɪɚɦɢ-ɩɥɚɰɞɚɪɦɚɦɢ ɞɪɭɝɢɯ ɫɚɣɬɨɜ, ɫɜɹɡɚɧɧɵɯ ɫ ɰɟɧɬɪɚɥɶɧɵɦ ɫɚɣɬɨɦ ȼ. ɗɬɨ ɡɧɚɱɢɬ, ɱɬɨ ɨɞɢɧ ɢ ɬɨɬ ɠɟ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɦɨɠɟɬ ɩɟɪɟɫɵɥɚɬɶɫɹ ɩɨ ɫɟɬɟɜɵɦ ɩɨɞɤɥɸɱɟɧɢɹɦ ɩɹɬɶ ɪɚɡ. ɑɬɨɛɵ ɢɡɦɟɧɢɬɶ ɷɬɨ, ɧɭɠɧɨ ɨɬɤɥɸɱɢɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɧɚɜɟɞɟɧɢɹ ɦɨɫɬɨɜ ɦɟɠɞɭ ɫɜɹɡɹɦɢ ɫɚɣɬɚ, ɚ ɡɚɬɟɦ ɫɨɡɞɚɬɶ ɦɨɫɬɵ ɫɜɹɡɟɣ ɫɚɣɬɚ ɜɪɭɱɧɭɸ. ɑɬɨɛɵ ɨɬɤɥɸɱɢɬɶ ɧɚɜɟɞɟɧɢɟ ɦɨɫɬɨɜ ɦɟɠɞɭ ɫɜɹɡɹɦɢ ɫɚɣɬɚ, ɨɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Sites And Services (ɋɚɣɬɵ ɢ ɫɥɭɠɛɵ Active Directory) ɢ ɧɚɣɞɢɬɟ IP-ɫɜɨɣɫɬɜɚ ɨɛɴɟɤɬɚ ɜ ɤɨɧɬɟɣɧɟɪɟ Inter-Site Transports (ɉɟɪɟɞɚɱɚ ɦɟɠɞɭ ɫɚɣɬɚɦɢ). ɇɚ ɜɤɥɚɞɤɟ General (Ɉɛɳɟɟ) ɨɤɧɚ IP-Properties (ɋɜɨɣɫɬɜɚ IP) ɨɱɢɫɬɢɬɟ ɨɩɰɢɸ Bridge All Site Links (Ɇɨɫɬɵ ɦɟɠɞɭ ɜɫɟɦɢ ɫɜɹɡɹɦɢ ɫɚɣɬɚ). Ɂɚɬɟɦ ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɦɨɫɬɵ ɫɜɹɡɟɣ ɫɚɣɬɚ ɞɥɹ ɜɫɟɯ ɫɜɹɡɟɣ, ɫɨɟɞɢɧɹɸɳɢɯ ɰɟɧɬɪɚɥɶɧɵɟ ɫɚɣɬɵ ɫ ɦɟɧɶɲɢɦɢ ɫɚɣɬɚɦɢ. Ʉɚɤ ɬɨɥɶɤɨ ɷɬɨ ɛɭɞɟɬ ɜɵɩɨɥɧɟɧɨ, ɜɟɫɶ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɨɬ ɫɚɣɬɚ Ⱥ ɧɚɩɪɚɜɢɬɫɹ ɤ ɰɟɧɬɪɚɥɶɧɨɦɭ ɫɚɣɬɭ ȼ, ɚ ɡɚɬɟɦ ɛɭɞɟɬ ɪɚɫɩɪɟɞɟɥɟɧ ɤɨ ɜɫɟɦ ɫɚɣɬɚɦ, ɫɜɹɡɚɧɧɵɦ ɫ ɫɚɣɬɨɦ ȼ.
. 5-12.
ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. ɋɛɪɚɫɵɜɚɹ ɨɩɰɢɸ Bridge All Site Links, ɜɵ ɜɵɤɥɸɱɚɟɬɟ ɬɪɚɧɡɢɬɢɜɧɨɫɬɶ ɫɜɹɡɟɣ ɫɚɣɬɚ, ɬ.ɟ. ɜɫɟ ɫɜɹɡɢ ɫɚɣɬɨɜ ɜ ɨɪɝɚɧɢɡɚɰɢɢ ɛɨɥɶɲɟ ɧɟ ɹɜɥɹɸɬɫɹ ɬɪɚɧɡɢɬɢɜɧɵɦɢ. ȿɫɥɢ ɩɨɫɥɟ ɷɬɨɝɨ ɩɨɧɚɞɨɛɹɬɫɹ ɦɨɫɬɵ ɦɟɠɞɭ ɫɜɹɡɹɦɢ ɫɚɣɬɚ, ɢɯ ɧɟɨɛɯɨɞɢɦɨ ɛɭɞɟɬ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɜɪɭɱɧɭɸ. ɂɫɩɨɥɶɡɭɣɬɟ ɷɬɭ ɨɩɰɢɸ ɨɫɬɨɪɨɠɧɨ!
ȼ ɩɪɨɟɤɬɢɪɨɜɚɧɢɟ ɫɚɣɬɚ ɜɯɨɞɢɬ ɨɩɪɟɞɟɥɟɧɢɟ ɦɟɫɬ ɪɚɡɦɟɳɟɧɢɹ ɫɟɪɜɟɪɨɜ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɟɬɫɹ ɫɢɫɬɟɦɚ Windows Server 2003, ɧɟɨɛɯɨɞɢɦɵɯ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɧɭɠɧɵɯ ɫɥɭɠɛ ɤɚɬɚɥɨɝɚ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ, ɤɚɤ ɬɨɥɶɤɨ ɜɵ ɡɚɜɟɪɲɢɬɟ ɩɪɨɟɤɬɢɪɨɜɚɧɢɟ ɫɚɣɬɚ, ɪɚɡɦɟɫɬɢɬɶ ɫɟɪɜɟɪɵ ɧɟɫɥɨɠɧɨ.
DNS-
Ʉɚɤ ɜɵ ɭɠɟ ɡɧɚɟɬɟ, ɫɥɭɠɛɚ DNS - ɷɬɨ ɤɪɢɬɢɱɟɫɤɚɹ ɫɥɭɠɛɚ ɞɥɹ Active Directory Windows Server 2003. Ȼɟɡ DNS ɤɥɢɟɧɬɵ ɧɟ ɫɦɨɝɭɬ ɧɚɯɨɞɢɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ Active Directory, ɚ ɤɨɧɬɪɨɥɥɟɪɵ
ɞɨɦɟɧɚ ɧɟ ɫɦɨɝɭɬ ɧɚɯɨɞɢɬɶ ɞɪɭɝ ɞɪɭɝɚ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ. DNS ɞɨɥɠɧɚ ɛɵɬɶ ɪɚɡɜɟɪɧɭɬɚ ɜ ɤɚɠɞɨɦ ɨɮɢɫɟ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ, ɢɫɤɥɸɱɚɹ ɬɨɥɶɤɨ ɨɱɟɧɶ ɦɚɥɟɧɶɤɢɟ ɨɮɢɫɵ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ. ɋɥɭɠɛɚ DNS Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɧɟɫɤɨɥɶɤɨ ɜɚɪɢɚɧɬɨɜ ɪɚɡɜɟɪɬɵɜɚɧɢɹ. ȼɵ ɦɨɠɟɬɟ ɩɨɦɟɳɚɬɶ DNS-ɫɟɪɜɟɪɵ ɜ ɨɮɢɫɟ ɬɚɦ, ɝɞɟ ɧɟɬ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɇɚɩɪɢɦɟɪ, ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɧɟɠɟɥɚɬɟɥɶɧɨ ɪɚɫɩɨɥɚɝɚɬɶ ɜ ɦɚɥɟɧɶɤɨɦ ɨɮɢɫɟ ɫ ɦɟɞɥɟɧɧɵɦ ɫɟɬɟɜɵɦ ɩɨɞɤɥɸɱɟɧɢɟɦ ɤ ɰɟɧɬɪɚɥɶɧɨɦɭ ɨɮɢɫɭ ɢɡ-ɡɚ ɛɨɥɶɲɨɝɨ ɬɪɚɮɢɤɚ ɪɟɩɥɢɤɚɰɢɢ, ɧɚɩɪɚɜɥɟɧɧɨɝɨ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. Ɉɞɧɚɤɨ DNS-ɫɟɪɜɟɪ ɜ ɷɬɨɬ ɨɮɢɫ ɩɨɦɟɫɬɢɬɶ ɦɨɠɧɨ, ɬɚɤ ɤɚɤ ɨɧ ɦɨɠɟɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɬɚɤ, ɱɬɨɛɵ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɛɵɥ ɨɱɟɧɶ ɦɚɥ ɢɥɢ ɜɨɨɛɳɟ ɨɬɫɭɬɫɬɜɨɜɚɥ. ȿɫɥɢ ɜɵ ɫɤɨɧɮɢɝɭɪɢɪɭɟɬɟ DNS-ɫɟɪɜɟɪ ɤɚɤ ɫɟɪɜɟɪ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɣ ɬɨɥɶɤɨ ɞɥɹ ɤɷɲɢɪɨɜɚɧɢɹ, ɨɧ ɛɭɞɟɬ ɨɩɬɢɦɢɡɢɪɨɜɚɬɶ ɩɨɢɫɤɢ ɤɥɢɟɧɬɚ, ɧɨ ɧɟ ɫɨɡɞɚɫɬ ɬɪɚɮɢɤɚ ɡɨɧɧɨɣ ɩɟɪɟɞɚɱɢ. Ɇɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ DNS-ɫɟɪɜɟɪ ɫ ɫɨɤɪɚɳɟɧɧɵɦɢ ɡɨɧɚɦɢ ɞɥɹ ɞɨɦɟɧɨɜ Active Directory. ɉɨɫɤɨɥɶɤɭ ɫɨɤɪɚɳɟɧɧɵɟ ɡɨɧɵ ɫɨɞɟɪɠɚɬ ɬɨɥɶɤɨ ɧɟɫɤɨɥɶɤɨ ɡɚɩɢɫɟɣ, ɤ ɭɞɚɥɟɧɧɨɦɭ ɨɮɢɫɭ ɛɭɞɟɬ ɧɚɩɪɚɜɥɹɬɶɫɹ ɨɱɟɧɶ ɧɟɛɨɥɶɲɨɣ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ. П а че ы . , .Э Active Directory . , ( ) . 100 . , ISTG ( ) , , , . , 6 , , . . , , , . Windows Server 2003 , Active Directory , Windows 2000. , ISTG, , . Active Directory . , Active Directory . , Active Directory Branch Office Planning Guide ( Active Directory ), Microsoft http://www.microsoft.com/windows2000/ techinf /planning/activedirectory/branchoffic /default.asp. Windows 2000, Windows Server 2003. Ʉɚɤ ɩɪɚɜɢɥɨ, ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫɥɟɞɭɟɬ ɪɚɫɩɨɥɚɝɚɬɶ ɜ ɛɨɥɶɲɢɧɫɬɜɟ ɨɮɢɫɨɜ ɤɨɦɩɚɧɢɢ, ɝɞɟ ɟɫɬɶ ɡɧɚɱɢɬɟɥɶɧɨɟ ɤɨɥɢɱɟɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Ⱦɥɹ ɷɬɨɝɨ ɫɭɳɟɫɬɜɭɟɬ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɞɜɟ ɩɪɢɱɢɧɵ. ȼɨ-ɩɟɪɜɵɯ, ɜ ɫɥɭɱɚɟ ɨɬɤɚɡɚ ɜ ɫɟɬɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜɫɟ ɪɚɜɧɨ ɫɦɨɝɥɢ ɜɨɣɬɢ ɜ ɫɟɬɶ. ȼɨ-ɜɬɨɪɵɯ, ɬɪɚɮɢɤ ɜɯɨɞɚ ɤɥɢɟɧɬɨɜ ɜ ɫɢɫɬɟɦɭ ɝɚɪɚɧɬɢɪɨɜɚɧɨ ɧɟ ɩɟɪɟɫɟɤɚɟɬɫɹ ɫ WAN-ɩɨɞɤɥɸɱɟɧɢɹɦɢ ɤ ɪɚɡɥɢɱɧɵɦ ɨɮɢɫɚɦ. Ⱦɥɹ ɫɨɡɞɚɧɢɹ ɢɡɛɵɬɨɱɧɨɫɬɢ ɠɟɥɚɬɟɥɶɧɨ ɩɨɦɟɫɬɢɬɶ ɞɜɚ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɤɚɠɞɵɣ ɨɮɢɫ. ȿɫɥɢ ɜɵ ɪɚɡɜɟɪɬɵɜɚɟɬɟ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɞɚɧɧɨɦ ɦɟɫɬɟ ɤɨɦɩɚɧɢɢ, ɬɨ ɜɵ ɞɨɥɠɧɵ ɬɚɤɠɟ ɫɨɡɞɚɬɶ ɫɚɣɬ, ɱɬɨɛɵ ɜɟɫɶ ɬɪɚɮɢɤ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɨɫɬɚɥɫɹ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ. ȿɫɬɶ ɬɚɤɠɟ ɞɜɟ ɩɪɢɱɢɧɵ, ɩɨɱɟɦɭ ɦɨɠɧɨ ɧɟ ɪɚɡɦɟɳɚɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɞɚɧɧɨɦ ɨɮɢɫɟ
ɤɨɦɩɚɧɢɢ. ȿɫɥɢ ɬɪɚɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɪɚɫɩɨɥɨɠɟɧɧɵɣ ɜ ɞɚɧɧɨɦ ɦɟɫɬɟ, ɜɵɲɟ, ɱɟɦ ɬɪɚɮɢɤ ɜɯɨɞɚ ɤɥɢɟɧɬɨɜ ɜ ɫɢɫɬɟɦɭ, ɦɨɠɧɨ ɪɚɡɪɚɛɨɬɚɬɶ ɬɚɤɭɸ ɤɨɧɮɢɝɭɪɚɰɢɸ, ɱɬɨɛɵ ɤɥɢɟɧɬɵ ɜɯɨɞɢɥɢ ɧɚ ɫɦɟɠɧɵɣ ɤɨɧɬɪɨɥɥɟɪ. ȿɫɥɢ ɞɚɧɧɨɟ ɦɟɫɬɨ ɪɚɡɦɟɳɟɧɢɹ ɧɟ ɢɦɟɟɬ ɧɢɤɚɤɢɯ ɫɪɟɞɫɬɜ ɮɢɡɢɱɟɫɤɨɣ ɡɚɳɢɬɵ ɫɟɪɜɟɪɨɜ, ɜɨɡɦɨɠɧɨ, ɧɟ ɫɥɟɞɭɟɬ ɪɚɡɦɟɳɚɬɶ ɡɞɟɫɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ȿɫɥɢ ɩɪɢɧɹɬɨ ɪɟɲɟɧɢɟ ɧɟ ɪɚɡɜɟɪɬɵɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɞɚɧɧɨɦ ɦɟɫɬɟ ɤɨɦɩɚɧɢɢ, ɫɭɳɟɫɬɜɭɟɬ ɞɜɚ ɫɩɨɫɨɛɚ ɭɩɪɚɜɥɹɬɶ ɪɟɝɢɫɬɪɚɰɢɟɣ ɤɥɢɟɧɬɨɜ. ȼɨ-ɩɟɪɜɵɯ, ɜɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɫɚɣɬ ɞɥɹ ɨɮɢɫɚ, ɚ ɡɚɬɟɦ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɫɜɹɡɢ ɫɚɣɬɚ ɤ ɨɞɧɨɦɭ ɢɡ ɫɭɳɟɫɬɜɭɸɳɢɯ ɫɚɣɬɨɜ. ȼɨ-ɜɬɨɪɵɯ, ɜɵ ɦɨɠɟɬɟ ɞɨɛɚɜɢɬɶ ɩɨɞɫɟɬɶ IP ɞɥɹ ɞɚɧɧɨɝɨ ɨɮɢɫɚ ɤ ɫɭɳɟɫɬɜɭɸɳɟɦɭ ɫɚɣɬɭ. ȿɫɥɢ ɜɵ ɪɚɡɜɟɪɬɵɜɚɟɬɟ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ, ɬɨ ɨɱɟɧɶ ɜɚɠɧɨ ɨɩɪɟɞɟɥɢɬɶ ɦɟɫɬɨ ɪɚɡɦɟɳɟɧɢɹ ɤɨɧɬɪɨɥɥɟɪɚ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ. Ɉɧ ɬɪɟɛɭɟɬɫɹ ɜɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɨɛɪɚɳɚɟɬɫɹ ɤ ɪɟɫɭɪɫɭ, ɪɚɫɩɨɥɨɠɟɧɧɨɦɭ ɜ ɞɪɭɝɨɦ ɞɟɪɟɜɟ ɞɨɦɟɧɚ, ɢɥɢ ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɞɨɦɟɧ, ɪɚɫɩɨɥɨɠɟɧɧɵɣ ɜ ɞɪɭɝɨɦ ɞɟɪɟɜɟ ɞɨɦɟɧɚ, ɧɟ ɜ ɟɝɨ ɫɨɛɫɬɜɟɧɧɨɦ ɞɟɪɟɜɟ. ɂɡ-ɡɚ ɷɬɨɝɨ ɧɭɠɧɨ ɪɚɡɦɟɳɚɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ ɜ ɥɸɛɵɯ ɨɮɢɫɚɯ ɫ ɛɨɥɶɲɢɦ ɤɨɥɢɱɟɫɬɜɨɦ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɥɢ ɬɚɦ, ɝɞɟ ɧɚ ɤɨɧɬɪɨɥɥɟɪɵ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɛɭɞɟɬ ɧɚɩɪɚɜɥɟɧ ɡɧɚɱɢɬɟɥɶɧɵɣ ɬɪɚɮɢɤ. ȿɫɥɢ ɫɟɬɟɜɚɹ ɬɨɩɨɥɨɝɢɹ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ ɜɤɥɸɱɚɟɬ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɵɟ ɪɟɝɢɨɧɚɥɶɧɵɟ ɨɮɢɫɵ, ɧɟɨɛɯɨɞɢɦɨ ɪɚɡɜɟɪɧɭɬɶ ɤɨɧɬɪɨɥɥɟɪ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɜ ɤɚɠɞɨɦ ɢɡ ɰɟɧɬɪɚɥɶɧɵɯ ɨɮɢɫɨɜ. ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. ɂɡ-ɡɚ ɜɚɠɧɨɫɬɢ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɢ ɜɥɢɹɧɢɹ ɧɚ ɥɟɫ ɟɝɨ ɨɬɫɭɬɫɬɜɢɹ ɤɨɧɬɪɨɥɥɟɪɵ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ ɞɨɥɠɧɨ ɛɵɬɶ ɪɚɫɩɪɟɞɟɥɟɧɵ ɩɨ ɝɟɨɝɪɚɮɢɱɟɫɤɨɦɭ ɩɪɢɧɰɢɩɭ. Ⱦɚɠɟ ɟɫɥɢ ɧɟɬ ɜɚɠɧɵɯ ɩɪɢɱɢɧ ɩɨɦɟɳɚɬɶ ɤɨɧɬɪɨɥɥɟɪ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɜ ɨɮɢɫɵ, ɪɚɫɩɨɥɨɠɟɧɧɵɟ ɡɚ ɩɪɟɞɟɥɚɦɢ ɝɨɥɨɜɧɨɝɨ ɨɮɢɫɚ, ɦɨɠɧɨ ɫɞɟɥɚɬɶ ɷɬɨ ɩɪɨɫɬɨ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɝɟɨɝɪɚɮɢɱɟɫɤɨɣ ɢɡɛɵɬɨɱɧɨɫɬɢ. Ɉɞɧɚɤɨ ɤɨɧɬɪɨɥɥɟɪɵ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɧɢɤɨɝɞɚ ɧɟ ɞɨɥɠɧɵ ɪɚɫɩɨɥɚɝɚɬɶɫɹ ɜ ɨɮɢɫɟ, ɝɞɟ ɨɧɢ ɧɟ ɦɨɝɭɬ ɛɵɬɶ ɡɚɳɢɳɟɧɵ ɮɢɡɢɱɟɫɤɢ. GC-ɫɟɪɜɟɪɵ ɧɭɠɧɵ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɞɥɹ ɜɯɨɞɚ ɧɚ ɞɨɦɟɧɵ, ɤɨɬɨɪɵɟ ɪɚɛɨɬɚɸɬ ɧɚ ɨɫɧɨɜɧɨɦ (native) ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000, ɢɥɢ ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɢ ɞɟɥɚɸɬ ɩɨɢɫɤ ɢɧɮɨɪɦɚɰɢɢ ɤɚɬɚɥɨɝɚ ɜ Active Directory. ȿɫɥɢ ɞɨɦɟɧ ɪɚɛɨɬɚɟɬ ɧɚ ɨɫɧɨɜɧɨɦ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000, ɧɭɠɧɨ ɩɨɦɟɫɬɢɬɶ GC-ɫɟɪɜɟɪ ɜ ɤɚɠɞɵɣ ɫɚɣɬ. ȼ ɢɞɟɚɥɟ ɜɫɟ ɷɬɨ ɞɨɥɠɧɨ ɛɵɬɶ ɫɛɚɥɚɧɫɢɪɨɜɚɧɨ ɬɪɚɮɢɤɨɦ ɪɟɩɥɢɤɚɰɢɢ, ɤɨɬɨɪɵɣ ɫɨɡɞɚɟɬɫɹ ɜ ɪɟɡɭɥɶɬɚɬɟ ɩɨɦɟɳɟɧɢɹ GC-ɫɟɪɜɟɪɚ ɜ ɤɚɠɞɨɦ ɫɚɣɬɟ. ȿɫɥɢ ɭ ɜɚɫ ɨɱɟɧɶ ɤɪɭɩɧɨɟ ɩɪɟɞɩɪɢɹɬɢɟ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɛɨɥɶɲɢɦɢ ɞɨɦɟɧɚɦɢ, GC-ɬɪɚ-ɮɢɤ ɪɟɩɥɢɤɚɰɢɢ ɛɭɞɟɬ ɡɧɚɱɢɬɟɥɶɧɵɦ. Ɉɛɳɟɟ ɩɪɚɜɢɥɨ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɪɚɡɦɟɳɚɬɶ GC-ɫɟɪɜɟɪ ɜ ɤɚɠɞɨɦ ɫɚɣɬɟ ɢ ɧɟɫɤɨɥɶɤɨ GC-ɫɟɪɜɟɪɨɜ ɜ ɛɨɥɶɲɢɯ ɫɚɣɬɚɯ. Ɉɞɧɨ ɢɡ ɭɥɭɱɲɟɧɢɣ Active Directory Windows Server 2003 ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɷɬɚ ɫɢɫɬɟɦɚ ɩɨɞɞɟɪɠɢɜɚɟɬ ɜɯɨɞɵ ɜ ɫɢɫɬɟɦɭ ɞɨɦɟɧɚ ɛɟɡ ɞɨɫɬɭɩɚ ɤ GC-ɫɟɪɜɟɪɭ ɡɚ ɫɱɟɬ ɤɷɲɢɪɨɜɚɧɢɹ ɭɧɢɜɟɪɫɚɥɶɧɨɝɨ ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ. Ʉɨɝɞɚ ɷɬɚ ɮɭɧɤɰɢɹ ɜɤɥɸɱɟɧɚ, ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɦɨɝɭɬ ɤɷɲɢɪɨɜɚɬɶ ɭɧɢɜɟɪɫɚɥɶɧɨɟ ɝɪɭɩɩɨɜɨɟ ɱɥɟɧɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɞɨɦɟɧɟ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɧɚ ɫɚɣɬ ɜ ɩɟɪɜɵɣ ɪɚɡ, ɭɧɢɜɟɪɫɚɥɶɧɨɟ ɱɥɟɧɫɬɜɨ ɝɪɭɩɩɵ ɩɨɥɶɡɨɜɚɬɟɥɹ ɞɨɥɠɧɨ ɛɵɬɶ ɧɚɣɞɟɧɨ ɜ GC-ɫɟɪɜɟɪɟ. ɉɨɫɥɟ ɩɟɪɜɨɝɨ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɛɭɞɟɬ ɤɷɲɢɪɨɜɚɬɶ ɭɧɢɜɟɪɫɚɥɶɧɨɟ ɝɪɭɩɩɨɜɨɟ ɱɥɟɧɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɧɟɨɩɪɟɞɟɥɟɧɧɨ ɞɨɥɝɨ. Ʉɷɲ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɦɨɞɢɮɢɰɢɪɭɟɬɫɹ ɤɚɠɞɵɟ 8 ɱɚɫɨɜ ɜ ɪɟɡɭɥɶɬɚɬɟ ɤɨɧɬɚɤɬɚ ɫ ɧɚɡɧɚɱɟɧɧɵɦ GC ɫɟɪɜɟɪɨɦ. ɑɬɨɛɵ ɜɤɥɸɱɢɬɶ ɮɭɧɤɰɢɸ ɭɧɢɜɟɪɫɚɥɶɧɨɝɨ ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ, ɨɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Sites And Services (ɋɚɣɬɵ ɢ ɫɥɭɠɛɵ Active Directory) ɢ ɪɚɡɜɟɪɧɢɬɟ ɨɛɴɟɤɬ ɬɨɝɨ ɫɚɣɬɚ, ɧɚ ɤɨɬɨɪɨɦ ɜɵ ɯɨɬɢɬɟ ɜɤɥɸɱɢɬɶ ɷɬɭ ɭɫɬɚɧɨɜɤɭ. ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɨɛɴɟɤɬɟ NTDS Site Settings (NTDS ɩɚɪɚɦɟɬɪɵ ɫɚɣɬɚ) ɢ ɜɵɛɟɪɢɬɟ Properties (ɋɜɨɣɫɬɜɚ) (ɫɦ. ɪɢɫ. 5-13). ɇɚ ɜɤɥɚɞɤɟ Site Settings (ɉɚɪɚɦɟɬɪɵ ɭɫɬɚɧɨɜɤɢ ɫɚɣɬɚ) ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ Enable Universal Group Membership Caching (Ɋɚɡɪɟɲɢɬɶ ɤɷɲɢɪɨɜɚɧɢɟ ɭɧɢɜɟɪɫɚɥɶɧɨɝɨ ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ) ɢ ɜ ɪɚɫɤɪɵɜɚɸɳɟɦɫɹ ɫɩɢɫɤɟ Refresh Cache From (Ɉɛɧɨɜɢɬɶ ɤɷɲ ɢɡ) ɜɵɛɟɪɢɬɟ ɫɚɣɬ, ɜ ɤɨɬɨɪɨɦ ɪɚɫɩɨɥɨɠɟɧ ɫɚɦɵɣ ɛɥɢɡɤɢɣ GC-ɫɟɪɜɟɪ.
. 5-13.
ɋɨɜɟɬ. Ɋɚɡɜɟɪɬɵɜɚɧɢɟ Exchange Server 2000 ɫɨɡɞɚɟɬ ɛɨɥɶɲɭɸ ɧɚɝɪɭɡɤɭ ɧɚ GC-ɫɟɪɜɟɪɚɯ. Exchange Server 2000 ɧɟ ɢɦɟɟɬ ɫɜɨɟɣ ɫɨɛɫɬɜɟɧɧɨɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɬɚɤ ɱɬɨ ɨɧ ɡɚɜɢɫɢɬ ɨɬ GC. Ʉɨɝɞɚ ɤɥɢɟɧɬ ɩɪɨɫɦɚɬɪɢɜɚɟɬ GAL, ɨɧ ɜɢɞɢɬ ɜɫɟɯ ɩɨɥɭɱɚɬɟɥɟɣ ɩɨɱɬɵ, ɩɟɪɟɱɢɫɥɟɧɧɵɯ ɜ GC. Ʉɨɝɞɚ Exchange Server 2000 ɧɚɞɨ ɧɚɣɬɢ ɚɞɪɟɫ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɱɬɨɛɵ ɞɨɫɬɚɜɢɬɶ ɷɥɟɤɬɪɨɧɧɭɸ ɩɨɱɬɭ, ɨɧ ɞɟɥɚɟɬ ɡɚɩɪɨɫ ɤɚɬɚɥɨɝɭ GC. ȿɫɥɢ ɜɵ ɪɚɡɜɟɪɬɵɜɚɟɬɟ Exchange Server 2000, ɜɵ ɞɨɥɠɧɵ ɪɚɫɩɨɥɨɠɢɬɶ GC ɜ ɤɚɠɞɨɦ ɦɟɫɬɟ, ɝɞɟ ɜɵɩɨɥɧɹɟɬɫɹ Exchange Server 2000, ɢ ɭɜɟɥɢɱɢɬɶ ɨɛɳɟɟ ɤɨɥɢɱɟɫɬɜɨ GC ɫɟɪɜɟɪɨɜ. ɇɚɢɛɨɥɟɟ ɜɚɠɧɵɦ ɯɨɡɹɢɧɨɦ ɨɩɟɪɚɰɢɣ ɞɥɹ ɟɠɟɞɧɟɜɧɨɣ ɪɚɛɨɬɵ ɹɜɥɹɟɬɫɹ ɷɦɭɥɹɬɨɪ ɨɫɧɨɜɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ (PDC). ɗɬɨɬ ɫɟɪɜɟɪ ɨɫɨɛɟɧɧɨ ɜɚɠɟɧ, ɟɫɥɢ ɞɨɦɟɧ ɪɚɛɨɬɚɟɬ ɧɚ ɫɦɟɲɚɧɧɨɦ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000 ɢɥɢ ɧɚ ɜɪɟɦɟɧɧɨɦ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows Server 2003, ɩɨɬɨɦɭ ɱɬɨ ɜɫɟ ɪɟɡɟɪɜɧɵɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ (BDC) ɫ ɫɢɫɬɟɦɨɣ Windows NT4 ɩɨɥɚɝɚɸɬɫɹ ɧɚ ɷɦɭɥɹɬɨɪ PDC ɞɥɹ ɫɢɧɯɪɨɧɢɡɚɰɢɢ ɤɚɬɚɥɨɝɚ. Ʉɪɨɦɟ ɬɨɝɨ, ɟɫɥɢ ɜɚɲɚ ɨɪɝɚɧɢɡɚɰɢɹ ɜɤɥɸɱɚɟɬ ɦɧɨɝɨ ɤɥɢɟɧɬɨɜ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ ɛɟɡ ɭɫɬɚɧɨɜɥɟɧɧɨɣ ɫɥɭɠɛɵ Directory Services Client (Ʉɥɢɟɧɬɚ ɭɫɥɭɝ ɤɚɬɚɥɨɝɚ), ɷɬɢ ɤɥɢɟɧɬɵ ɞɨɥɠɧɵ ɩɨɞɤɥɸɱɚɬɶɫɹ ɤ ɷɦɭɥɹɬɨɪɭ PDC, ɱɬɨɛɵ ɢɡɦɟɧɢɬɶ ɫɜɨɢ ɩɚɪɨɥɢ. Ⱦɚɠɟ ɜ ɨɫɧɨɜɧɨɦ ɪɟɠɢɦɟ ɷɦɭɥɹɬɨɪ PDC ɩɨɥɭɱɚɟɬ ɩɪɢɨɪɢɬɟɬɧɵɟ ɨɛɧɨɜɥɟɧɢɹ ɢɡɦɟɧɟɧɢɣ ɩɚɪɨɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɉɨɷɬɨɦɭ ɨɱɟɧɶ ɜɚɠɧɨ, ɝɞɟ ɨɧ ɪɚɫɩɨɥɨɠɟɧ. ɗɦɭɥɹɬɨɪ PDC ɞɨɥɠɟɧ ɛɵɬɶ ɪɚɫɩɨɥɨɠɟɧ ɜ ɰɟɧɬɪɚɥɶɧɨɦ ɨɮɢɫɟ, ɝɞɟ ɦɚɤɫɢɦɚɥɶɧɨɟ ɤɨɥɢɱɟɫɬɜɨ ɤɥɢɟɧɬɨɜ ɫɨɟɞɢɧɹɟɬɫɹ ɫ ɫɟɪɜɟɪɨɦ. Ɋɚɡɦɟɳɟɧɢɟ ɞɪɭɝɨɝɨ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɧɟ ɬɚɤ ɤɪɢɬɢɱɧɨ. ɉɪɢɧɢɦɚɹ ɪɟɲɟɧɢɟ ɨ ɬɨɦ, ɝɞɟ ɪɚɫɩɨɥɚɝɚɬɶ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ, ɢɫɩɨɥɶɡɭɣɬɟ ɫɥɟɞɭɸɳɢɟ ɪɟɤɨɦɟɧɞɚɰɢɢ. • ɉɨ ɜɨɡɦɨɠɧɨɫɬɢ ɯɨɡɹɢɧ ɫɯɟɦɵ, ɯɨɡɹɢɧ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɚ ɢ ɯɨɡɹɢɧ ɨɬɧɨɫɢɬɟɥɶɧɵɯ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ (RID) ɞɨɥɠɧɵ ɛɵɬɶ ɪɚɫɩɨɥɨɠɟɧɵ ɜ ɫɚɣɬɟ, ɢɦɟɸɳɟɦ ɞɪɭɝɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɤɚɱɟɫɬɜɟ ɩɪɹɦɨɝɨ ɩɚɪɬɧɟɪɚ ɩɨ ɪɟɩɥɢɤɚɰɢɢ. ɉɪɢɱɢɧɚ ɫɜɹɡɚɧɚ ɫ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟɦ ɫɢɫɬɟɦɵ ɜ ɫɥɭɱɚɟ ɨɬɤɚɡɚ. ȿɫɥɢ ɨɞɢɧ ɢɡ ɷɬɢɯ ɫɟɪɜɟɪɨɜ ɩɟɪɟɫɬɚɧɟɬ ɪɚɛɨɬɚɬɶ, ɜɚɦ, ɜɨɡɦɨɠɧɨ, ɩɪɢɞɟɬɫɹ ɡɚɯɜɚɬɢɬɶ ɪɨɥɶ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɢ ɩɟɪɟɞɚɬɶ ɟɟ ɞɪɭɝɨɦɭ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ. ɗɬɭ ɪɨɥɶ ɠɟɥɚɬɟɥɶɧɨ ɩɟɪɟɞɚɬɶ ɧɚ ɬɚɤɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɩɨɥɧɨɫɬɶɸ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɫ ɩɟɪɜɨɧɚɱɚɥɶɧɵɦ ɯɨɡɹɢɧɨɦ ɨɩɟɪɚɰɢɣ. ɋ ɧɚɢɛɨɥɶɲɟɣ ɫɬɟɩɟɧɶɸ ɜɟɪɨɹɬɧɨɫɬɢ ɷɬɨ ɩɪɨɢɡɨɣɞɟɬ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɞɜɚ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɛɭɞɭɬ ɧɚɯɨɞɢɬɶɫɹ ɜ ɨɞɧɨɦ ɢ ɬɨɦ ɠɟ ɫɚɣɬɟ ɢ ɛɭɞɭɬ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɤɚɤ ɩɪɹɦɵɟ ɩɚɪɬɧɟɪɵ ɩɨ ɪɟɩɥɢɤɚɰɢɢ. • ɏɨɡɹɢɧ RID ɞɨɥɠɟɧ ɛɵɬɶ ɞɨɫɬɭɩɟɧ ɞɥɹ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɱɟɪɟɡ ɩɨɞɤɥɸɱɟɧɢɟ ɩɨ ɭɞɚɥɟɧɧɨɦɭ ɡɚɩɪɨɫɭ ɩɪɨɰɟɞɭɪɵ (RPC). Ʉɨɝɞɚ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ ɩɨɬɪɟɛɭɟɬɫɹ ɛɨɥɶɲɟ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ RID, ɨɧ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ RPC ɩɨɞɤɥɸɱɟɧɢɟ, ɱɬɨɛɵ ɡɚɩɪɨɫɢɬɶ ɢɯ ɭ ɯɨɡɹɢɧɚ RID. • ɏɨɡɹɢɧ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɧɟ ɞɨɥɠɟɧ ɪɚɫɩɨɥɚɝɚɬɶɫɹ ɧɚ GC-ɫɟɪɜɟɪɟ, ɟɫɥɢ ɭ ɜɚɫ ɛɨɥɟɟ ɨɞɧɨɝɨ
•
ɞɨɦɟɧɚ. Ɋɨɥɶ ɯɨɡɹɢɧɚ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɫɨɫɬɨɢɬ ɜ ɨɛɧɨɜɥɟɧɢɢ ɫɫɵɥɨɤ ɧɚ ɨɬɨɛɪɚɠɚɟɦɵɟ ɢɦɟɧɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɩɟɪɟɢɦɟɧɨɜɚɧɚ, ɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɹɜɥɹɟɬɫɹ ɱɥɟɧɨɦ ɭɧɢɜɟɪɫɚɥɶɧɨɣ ɝɪɭɩɩɵ, ɯɨɡɹɢɧ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɨɛɧɨɜɥɹɟɬ ɢɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȿɫɥɢ ɯɨɡɹɢɧ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɪɚɫɩɨɥɨɠɟɧ ɧɚ GC-ɫɟɪɜɟɪɟ, ɨɧ ɧɟ ɛɭɞɟɬ ɮɭɧɤɰɢɨɧɢɪɨɜɚɬɶ, ɩɨɬɨɦɭ ɱɬɨ GC ɩɨɫɬɨɹɧɧɨ ɨɛɧɨɜɥɹɟɬɫɹ ɫɚɦɨɣ ɫɨɜɪɟɦɟɧɧɨɣ ɝɥɨɛɚɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɟɣ. ȼ ɪɟɡɭɥɶɬɚɬɟ ɯɨɡɹɢɧ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɧɟ ɨɛɧɚɪɭɠɢɬ ɧɢɤɚɤɨɣ ɭɫɬɚɪɟɜɲɟɣ ɢɧɮɨɪɦɚɰɢɢ ɢ, ɬɚɤɢɦ ɨɛɪɚɡɨɦ, ɧɢɤɨɝɞɚ ɧɟ ɨɛɧɨɜɢɬ ɩɟɪɟɤɪɟɫɬɧɭɸ ɦɟɠɞɨɦɟɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ. ȿɫɥɢ ɨɪɝɚɧɢɡɚɰɢɹ ɢɦɟɟɬ ɰɟɧɬɪɚɥɶɧɵɣ ɨɮɢɫ, ɝɞɟ ɪɚɫɩɨɥɚɝɚɟɬɫɹ ɛɨɥɶɲɢɧɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɜɫɟɯ ɯɨɡɹɟɜ ɨɩɟɪɚɰɢɣ ɫɥɟɞɭɟɬ ɩɨɦɟɳɚɬɶ ɜ ɷɬɨɬ ɫɚɣɬ.
ɉɪɨɟɤɬɢɪɨɜɚɧɢɟ Active Directory - ɷɬɨ ɬɟɦɚ ɨɬɞɟɥɶɧɨɣ ɤɧɢɝɢ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɝɨɜɨɪɢɥɨɫɶ, ɱɬɨ ɩɪɨɟɤɬɢɪɨɜɚɧɢɟ Active Directory ɧɚɱɢɧɚɟɬɫɹ ɫ ɤɨɦɩɨɧɟɧɬɨɜ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ, ɚ ɡɚɬɟɦ ɩɪɨɟɤɬɢɪɭɸɬɫɹ ɤɨɦɩɨɧɟɧɬɵ ɧɢɡɲɢɯ ɭɪɨɜɧɟɣ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɩɟɪɜɵɣ ɲɚɝ ɫɨɫɬɨɢɬ ɜ ɫɨɡɞɚɧɢɢ ɩɪɨɟɤɬɚ ɥɟɫɚ, ɡɚɬɟɦ ɫɥɟɞɭɟɬ ɩɪɨɟɤɬ ɞɨɦɟɧɨɜ, ɩɪɨɟɤɬ DNS ɢ, ɧɚɤɨɧɟɰ, ɩɪɨɟɤɬ OU. Ⱦɥɹ ɤɨɦɩɚɧɢɣ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɜ ɧɟɫɤɨɥɶɤɢɯ ɦɟɫɬɚɯ, ɩɪɨɟɤɬɢɪɨɜɚɧɢɟ ɫɚɣɬɨɜ — ɷɬɨ ɟɳɟ ɨɞɢɧ ɤɨɦɩɨɧɟɧɬ ɩɪɨɟɤɬɚ Active Directory.
6.
Active Directory
ɉɪɨɰɟɫɫ ɭɫɬɚɧɨɜɤɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory ɧɚ ɤɨɦɩɶɸɬɟɪɟ, ɜɵɩɨɥɧɹɸɳɟɦ Microsoft Windows Server 2003, ɧɟɫɥɨɠɟɧ. ɉɪɨɫɬɨɬɚ ɨɛɟɫɩɟɱɢɜɚɟɬɫɹ ɡɚ ɫɱɟɬ ɩɪɟɤɪɚɫɧɨɝɨ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. Ʉɨɝɞɚ ɫɥɭɠɛɚ Active Directory ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɧɚ ɫɟɪɜɟɪ ɫ Windows Server 2003, ɤɨɦɩɶɸɬɟɪ ɮɚɤɬɢɱɟɫɤɢ ɫɬɚɧɨɜɢɬɫɹ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. ȿɫɥɢ ɷɬɨ ɩɟɪɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɧɨɜɨɦ ɞɨɦɟɧɟ ɢ ɥɟɫɭ, ɬɨ ɫɨɡɞɚɟɬɫɹ ɱɢɫɬɚɹ ɛɚɡɚ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ, ɨɠɢɞɚɸɳɚɹ ɩɨɫɬɭɩɥɟɧɢɹ ɨɛɴɟɤɬɨɜ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ȿɫɥɢ ɷɬɨ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɭɠɟ ɫɭɳɟɫɬɜɭɸɳɟɦ ɞɨɦɟɧɟ, ɩɪɨɰɟɫɫ ɪɟɩɥɢɤɚɰɢɢ ɫɤɨɪɨ ɪɚɡɦɧɨɠɢɬ ɧɚ ɷɬɨɬ ɧɨɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜɫɟ ɨɛɴɟɤɬɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɞɚɧɧɨɝɨ ɞɨɦɟɧɚ. ȿɫɥɢ ɷɬɨ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɢɦɟɸɳɢɣ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɧɭɸ ɫɢɫɬɟɦɭ Microsoft Windows NT4, ɛɚɡɚ ɞɚɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɛɭɞɟɬ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɨɛɧɨɜɥɟɧɚ ɞɨ Active Directory ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɧɚ ɷɬɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɛɭɞɟɬ ɭɫɬɚɧɨɜɥɟɧ Windows Server 2003. ȼ ɷɬɨɣ ɝɥɚɜɟ ɩɪɢɜɟɞɟɧɚ ɢɧɮɨɪɦɚɰɢɹ, ɧɟɨɛɯɨɞɢɦɚɹ ɞɥɹ ɭɫɩɟɲɧɨɝɨ ɜɵɩɨɥɧɟɧɢɹ Active Directory Installation Wizard (Ɇɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory), ɚ ɬɚɤɠɟ ɨɛɫɭɠɞɚɸɬɫɹ ɞɜɚ ɞɪɭɝɢɯ ɦɟɬɨɞɚ ɭɫɬɚɧɨɜɤɢ Active Directory: ɢɧɫɬɚɥɥɹɰɢɹ ɛɟɡ ɩɨɦɨɳɢ ɦɚɫɬɟɪɚ ɢ ɭɫɬɚɧɨɜɤɚ ɢɡ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɪɟɡɟɪɜɧɵɯ ɮɚɣɥɨɜ. ȼ ɤɨɧɰɟ ɝɥɚɜɵ ɨɛɫɭɠɞɚɟɬɫɹ ɩɪɨɰɟɫɫ ɭɞɚɥɟɧɢɹ Active Directory ɫ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ.
Active Directory
Ʌɸɛɨɣ ɫɟɪɜɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ Windows Server 2003 ɢ ɤɨɬɨɪɵɣ ɭɞɨɜɥɟɬɜɨɪɹɟɬ ɭɫɥɨɜɢɹɦ, ɨɩɢɫɚɧɧɵɦ ɜ ɫɥɟɞɭɸɳɟɦ ɪɚɡɞɟɥɟ, ɦɨɠɟɬ ɫɨɞɟɪɠɚɬɶ Active Directory ɢ ɫɬɚɬɶ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. Ʉɚɠɞɵɣ ɧɨɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɮɚɤɬɢɱɟɫɤɢ ɹɜɥɹɟɬɫɹ ɚɜɬɨɧɨɦɧɵɦ ɫɟɪɜɟɪɨɦ, ɩɨɤɚ ɧɟ ɡɚɜɟɪɲɢɬɫɹ ɩɪɨɰɟɫɫ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. ȼ ɯɨɞɟ ɷɬɨɝɨ ɩɪɨɰɟɫɫɚ ɪɟɲɚɸɬɫɹ ɞɜɟ ɜɚɠɧɵɟ ɡɚɞɚɱɢ: ɫɨɡɞɚɟɬɫɹ ɢɥɢ ɡɚɩɨɥɧɹɟɬɫɹ ɛɚɡɚ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ ɢ ɡɚɩɭɫɤɚɟɬɫɹ Active Directory, ɱɬɨɛɵ ɫɟɪɜɟɪ ɨɬɜɟɱɚɥ ɧɚ ɩɨɩɵɬɤɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɞɨɦɟɧɚ ɢ ɧɚ ɡɚɩɪɨɫɵ ɨɛɥɟɝɱɟɧɧɨɝɨ ɩɪɨɬɨɤɨɥɚ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ LDAP. ȼ ɝɥɚɜɟ 2 ɝɨɜɨɪɢɥɨɫɶ, ɱɬɨ ɛɚɡɚ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ ɯɪɚɧɢɬɫɹ ɧɚ ɠɟɫɬɤɨɦ ɞɢɫɤɟ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɮɚɣɥɟ Ntds.dit. ȼ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ Windows Server 2003 ɮɚɣɥ Ntds.dit ɫɨɯɪɚɧɹɟɬɫɹ ɜ ɩɚɩɤɟ %systemroot %\system32 ɧɚ ɥɨɤɚɥɶɧɨɦ ɞɢɫɤɟ. ȼ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory-ɮɚɣɥ Ntds.dit ɤɨɩɢɪɭɟɬɫɹ ɜ ɦɟɫɬɨ, ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɧɧɨɟ ɜɨ ɜɪɟɦɹ ɢɧɫɬɚɥɥɹɰɢɢ, ɢɥɢ ɜ ɡɚɞɚɧɧɭɸ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɚɩɤɭ %systemroot %\NTDS, ɟɫɥɢ ɧɟ ɨɩɪɟɞɟɥɟɧɨ ɞɪɭɝɨɟ ɦɟɫɬɨ. ɉɪɢ ɧɚɥɢɱɢɢ ɮɚɣɥɚ Ntds.dit, ɫɤɨɩɢɪɨɜɚɧɧɨɝɨ ɧɚ ɠɟɫɬɤɢɣ ɞɢɫɤ ɜ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ Windows Server 2003, Active Directory ɦɨɠɟɬ ɛɵɬɶ ɭɫɬɚɧɨɜɥɟɧɚ ɜ ɥɸɛɨɟ ɜɪɟɦɹ ɛɟɡ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɨɛɪɚɳɚɬɶɫɹ ɤ ɢɧɫɬɚɥɥɹɰɢɨɧɧɨɣ ɫɪɟɞɟ. . Active Directory , (DNS) . , Windows Server 2003 . Ⱦɚɥɟɟ ɩɪɢɜɨɞɹɬɫɹ ɭɫɥɨɜɢɹ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ Active Directory ɦɨɝɥɚ ɪɚɛɨɬɚɬɶ ɜ Windows Server 2003.
Ɋɚɡɦɟɪ ɩɪɨɫɬɪɚɧɫɬɜɚ ɧɚ ɠɟɫɬɤɨɦ ɞɢɫɤɟ, ɧɟɨɛɯɨɞɢɦɨɝɨ ɞɥɹ ɯɪɚɧɟɧɢɹ ɫɥɭɠɛɵ Active Directory, ɛɭɞɟɬ ɡɚɜɢɫɟɬɶ ɨɬ ɤɨɥɢɱɟɫɬɜɚ ɨɛɴɟɤɬɨɜ ɜ ɞɨɦɟɧɟ ɢ ɨɬ ɬɨɝɨ, ɹɜɥɹɟɬɫɹ ɥɢ ɞɚɧɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫɟɪɜɟɪɨɦ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ (GC). ɑɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ Active Directory ɧɚ ɫɟɪɜɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ ɫɢɫɬɟɦɚ Windows Server 2003, ɠɟɫɬɤɢɣ ɞɢɫɤ ɞɨɥɠɟɧ ɭɞɨɜɥɟɬɜɨɪɹɬɶ ɫɥɟɞɭɸɳɢɦ ɦɢɧɢɦɚɥɶɧɵɦ ɬɪɟɛɨɜɚɧɢɹɦ: • 15 Ɇɛ ɫɜɨɛɨɞɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ - ɧɚ ɪɚɡɞɟɥ ɭɫɬɚɧɨɜɤɢ ɫɢɫɬɟɦɵ; • 250 Ɇɛ ɫɜɨɛɨɞɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ - ɞɥɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory Ntds.dit; • 50 Ɇɛ ɫɜɨɛɨɞɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ - ɞɥɹ ɮɚɣɥɨɜ ɪɟɝɢɫɬɪɚɰɢɨɧɧɨɝɨ ɠɭɪɧɚɥɚ ɬɪɚɧɡɚɤɰɢɣ ɩɪɨɰɟɫɫɨɪɚ ɧɚɪɚɳɢɜɚɧɢɹ ɩɚɦɹɬɢ (ESENT). ESENT ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɫɢɫɬɟɦɭ
ɜɡɚɢɦɨɞɟɣɫɬɜɢɹ ɛɚɡɵ ɞɚɧɧɵɯ, ɤɨɬɨɪɚɹ ɢɫɩɨɥɶɡɭɟɬ ɮɚɣɥɵ ɪɟɝɢɫɬɪɚɰɢɨɧɧɵɯ ɠɭɪɧɚɥɨɜ ɞɥɹ ɩɨɞɞɟɪɠɤɢ ɫɟɦɚɧɬɢɤɢ ɨɬɤɚɬɨɜ (rollback), ɱɬɨɛɵ ɝɚɪɚɧɬɢɪɨɜɚɬɶ ɩɟɪɟɞɚɱɭ ɬɪɚɧɡɚɤɰɢɣ ɛɚɡɟ ɞɚɧɧɵɯ. ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɩɟɪɟɱɢɫɥɟɧɧɵɦ ɬɪɟɛɨɜɚɧɢɹɦ ɞɥɹ ɩɨɞɞɟɪɠɤɢ ɭɫɬɚɧɨɜɤɢ ɩɚɩɤɢ Sysvol ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ ɨɞɢɧ ɥɨɝɢɱɟɫɤɢɣ ɞɢɫɤ ɞɨɥɠɟɧ ɛɵɬɶ ɨɬɮɨɪɦɚɬɢɪɨɜɚɧ ɩɨɞ ɮɚɣɥɨɜɭɸ ɫɢɫɬɟɦɭ NTFS v.5 (ɜɟɪɫɢɹ NTFS, ɤɨɬɨɪɚɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɜ ɫɢɫɬɟɦɚɯ Microsoft Windows 2000 ɢ Windows Server 2003). Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. Ɋɚɡɦɟɪ ɧɟɨɛɯɨɞɢɦɨɝɨ ɫɜɨɛɨɞɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɧɚ ɠɟɫɬɤɨɦ ɞɢɫɤɟ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɫɥɭɠɛɵ Active Directory ɛɭɞɟɬ ɡɚɜɢɫɟɬɶ ɨɬ ɤɨɥɢɱɟɫɬɜɚ ɨɛɴɟɤɬɨɜ ɜ ɜɚɲɟɦ ɞɨɦɟɧɟ ɢ ɥɟɫɭ. ɑɬɨɛɵ ɛɨɥɶɲɟ ɭɡɧɚɬɶ ɨ ɩɥɚɧɢɪɨɜɚɧɢɢ ɞɢɫɤɨɜɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɞɥɹ Active Directory, ɫɦɨɬɪɢɬɟ ɫɬɚɬɶɸ «Planning Domain Controller Capacity (ɉɥɚɧɢɪɨɜɚɧɢɟ ɜɦɟɫɬɢɦɨɫɬɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ)» ɧɚ ɫɚɣɬɟ www.microsoft.com/technet/ prodtechnol/windowsserver2003/evaluate/cpp/reskit/adsec/ parti /rkpdscap. asp.
ɉɨɫɥɟ ɭɫɬɚɧɨɜɤɢ Windows Server 2003 ɢ ɞɨ ɧɚɱɚɥɚ ɭɫɬɚɧɨɜɤɢ Active Directory ɭɛɟɞɢɬɟɫɶ, ɱɬɨ ɫɟɪɜɟɪ ɞɨɥɠɧɵɦ ɨɛɪɚɡɨɦ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɫɟɬɟɜɨɣ ɫɜɹɡɢ. ɉɨɩɵɬɚɣɬɟɫɶ ɫɨɟɞɢɧɢɬɶɫɹ ɫ ɞɪɭɝɢɦ ɤɨɦɩɶɸɬɟɪɨɦ ɩɨ ɫɟɬɢ, ɭɤɚɡɚɜ ɩɭɬɶ UNC ɢɥɢ IP-ɚɞɪɟɫ ɰɟɥɟɜɨɝɨ ɤɨɦɩɶɸɬɟɪɚ ɜ ɫɬɪɨɤɟ ɚɞɪɟɫɚ ɩɪɨɝɪɚɦɦɵ Windows Explorer ɢɥɢ ɢɫɩɨɥɶɡɭɹ ɭɬɢɥɢɬɭ Ping (ɧɚɩɪɢɦɟɪ, ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɧɚɩɟɱɚɬɚɣɬɟ ping 192.168.1.1). ȼɵɩɨɥɧɢɬɟ ɜɫɟ ɧɟɨɛɯɨɞɢɦɵɟ ɞɟɣɫɬɜɢɹ ɞɥɹ ɨɩɬɢɦɢɡɚɰɢɢ ɫɟɝɦɟɧɬɚ ɫɟɬɢ, ɜ ɤɨɬɨɪɨɦ ɛɭɞɟɬ ɧɚɯɨɞɢɬɶɫɹ ɧɨɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. Ⱦɥɹ ɷɬɨɝɨ ɢɫɩɨɥɶɡɭɣɬɟ ɢɧɫɬɪɭɦɟɧɬ ɫɟɬɟɜɨɝɨ ɭɩɪɚɜɥɟɧɢɹ Network Monitor (ɋɟɬɟɜɨɣ ɦɨɧɢɬɨɪ) ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɞɨɫɬɚɬɨɱɧɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ, ɧɟɨɛɯɨɞɢɦɨɣ ɞɥɹ ɩɨɞɞɟɪɠɤɢ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɢ ɬɪɚɮɢɤɚ ɪɟɩɥɢɤɚɰɢɢ, ɤɨɬɨɪɵɣ ɛɭɞɟɬ ɝɟɧɟɪɢɪɨɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. . Network Monitor Windows Server 2003. Windows Components Wizard ( Windows) Add/Remove Programs ( / ) Control Panel ( ). "Network Monitor" ( ) Windows Server 2003 Help and Support Center ( Windows Server 2003). ɉɟɪɟɞ ɭɫɬɚɧɨɜɤɨɣ ɫɥɭɠɛɵ Active Directory ɜɵ ɞɨɥɠɧɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɩɪɨɬɨɤɨɥɚ ɢɧɬɟɪɧɟɬɚ ɜ ɨɤɧɟ Local Area Connection Properties (ɋɜɨɣɫɬɜɚ ɥɨɤɚɥɶɧɵɯ ɩɨɞɤɥɸɱɟɧɢɣ). ɑɬɨɛɵ ɨɛɪɚɬɢɬɶɫɹ ɤ ɷɬɨɦɭ ɞɢɚɥɨɝɨɜɨɦɭ ɨɤɧɭ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɨɛɴɟɤɬɟ Local Area Connection (Ʌɨɤɚɥɶɧɵɟ ɩɨɞɤɥɸɱɟɧɢɹ) ɜ ɩɚɩɤɟ Network Connections (ɋɟɬɟɜɵɟ ɩɨɞɤɥɸɱɟɧɢɹ) ɜ ɨɤɧɟ Control Panel ɢ ɜɵɛɟɪɢɬɟ Properties (ɋɜɨɣɫɬɜɚ). ȼ ɨɤɧɟ Local Area Connection Properties ɜɵɛɟɪɢɬɟ Internet Protocol (TCP/IP) (ɉɪɨɬɨɤɨɥ ɢɧɬɟɪɧɟɬɚ), ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Properties. ȼ ɨɤɧɟ Internet Protocol (TCP/IP) Properties (ɋɜɨɣɫɬɜɚ ɩɪɨɬɨɤɨɥɚ ɢɧɬɟɪɧɟɬɚ), ɫɞɟɥɚɣɬɟ ɫɥɟɞɭɸɳɟɟ. • ɇɚ ɜɤɥɚɞɤɟ General (Ɉɛɳɟɟ) ɫɤɨɧɮɢɝɭɪɢɪɭɣɬɟ ɫɬɚɬɢɱɟɫɤɢɣ IP-ɚɞɪɟɫ ɤɨɦɩɶɸɬɟɪɚ. • ȿɫɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ, ɧɟ ɛɭɞɟɬ ɫɥɭɠɢɬɶ ɫɟɪɜɟɪɨɦ DNS, ɬɨ ɧɚ ɜɤɥɚɞɤɟ General ɜɵ ɞɨɥɠɧɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɚɞɪɟɫ ɫɟɪɜɟɪɚ DNS, ɡɚɞɚɜ ɟɦɭ IP-ɚɞɪɟɫ ɫɟɪɜɟɪɚ DNS, ɤɨɬɨɪɵɣ ɹɜɥɹɟɬɫɹ ɨɮɢɰɢɚɥɶɧɵɦ (authoritative) ɞɥɹ ɞɚɧɧɨɝɨ ɞɨɦɟɧɚ. ɋɦɨɬɪɢɬɟ ɫɥɟɞɭɸɳɢɣ ɪɚɡɞɟɥ ɞɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɢ DNS ɩɪɢ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. • ȼ ɨɤɧɟ Advanced TCP/IP Settings (Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ TCP/IP) ɳɟɥɤɧɢɬɟ ɧɚ Advanced (Ⱦɨɩɨɥɧɢɬɟɥɶɧɨ) ɧɚ ɜɤɥɚɞɤɟ General, ɳɟɥɤɧɢɬɟ ɧɚ ɜɤɥɚɞɤɟ WINS ɢ ɫɤɨɧɮɢɝɭɪɢɪɭɣɬɟ ɫɟɪɜɟɪ, ɡɚɞɚɜ IP-ɚɞɪɟɫ ɫɟɪɜɟɪɚ ɫɥɭɠɛɵ ɢɦɟɧ ɢɧɬɟɪɧɟɬɚ ɞɥɹ Windows (WINS), ɤɨɬɨɪɵɣ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɚɧɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ.
DNS
Ʉɚɤ ɝɨɜɨɪɢɥɨɫɶ ɜ ɩɪɟɞɵɞɭɳɢɯ ɝɥɚɜɚɯ, Active Directory ɬɪɟɛɭɟɬɫɹ ɫɥɭɠɛɚ DNS ɜ ɤɚɱɟɫɬɜɟ ɭɤɚɡɚɬɟɥɹ ɪɟɫɭɪɫɨɜ. Ʉɥɢɟɧɬɫɤɢɟ ɤɨɦɩɶɸɬɟɪɵ ɩɨɥɚɝɚɸɬɫɹ ɧɚ DNS ɩɪɢ ɩɨɢɫɤɟ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɱɬɨɛɵ ɨɧɢ ɦɨɝɥɢ ɚɭɬɟɧ-ɬɢɮɢɰɢɪɨɜɚɬɶ ɫɟɛɹ ɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɤɨɬɨɪɵɟ ɜɯɨɞɹɬ ɜ ɫɟɬɶ, ɚ ɬɚɤɠɟ ɞɟɥɚɬɶ ɡɚɩɪɨɫɵ ɤ ɤɚɬɚɥɨɝɭ ɞɥɹ ɩɨɢɫɤɚ ɨɩɭɛɥɢɤɨɜɚɧɧɵɯ ɪɟɫɭɪɫɨɜ. Ʉɪɨɦɟ ɬɨɝɨ, ɫɥɭɠɛɚ DNS ɞɨɥɠɧɚ ɩɨɞɞɟɪɠɢɜɚɬɶ ɡɚɩɢɫɢ ɫɥɭɠɛɵ ɭɤɚɡɚɬɟɥɹ ɪɟɫɭɪɫɨɜ (SRV) ɢ ɞɢɧɚɦɢɱɟɫɤɢɟ ɦɨɞɢɮɢɤɚɰɢɢ. ȿɫɥɢ ɫɥɭɠɛɚ DNS ɧɟ ɛɵɥɚ ɭɫɬɚɧɨɜɥɟɧɚ ɩɪɟɞɜɚɪɢɬɟɥɶɧɨ, ɬɨ ɦɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory
ɭɫɬɚɧɨɜɢɬ ɢ ɫɤɨɧɮɢɝɭɪɢɪɭɟɬ DNS ɨɞɧɨɜɪɟɦɟɧɧɨ ɫ Active Directory. ȿɫɥɢ DNS ɭɠɟ ɭɫɬɚɧɨɜɥɟɧɚ ɜ ɫɟɬɢ, ɩɪɨɜɟɪɶɬɟ ɟɟ ɤɨɧɮɢɝɭɪɚɰɢɸ, ɱɬɨɛɵ ɨɧɚ ɦɨɝɥɚ ɩɨɞɞɟɪɠɢɜɚɬɶ Active Directory. Ⱦɥɹ ɷɬɨɣ ɩɪɨɜɟɪɤɢ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɤɨɦɚɧɞɭ Dcdiag (ɞɨɫɬɭɩɧɚ ɤɚɤ ɱɚɫɬɶ ɧɚɛɨɪɚ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɯ ɫɪɟɞɫɬɜ, ɫɨɡɞɚɧɧɨɝɨ ɩɪɢ ɭɫɬɚɧɨɜɤɟ ɮɚɣɥɚ \Support\Tools\ Support.msi ɫ ɤɨɦɩɚɤɬ-ɞɢɫɤɚ Windows Server 2003). ɇɚɛɟɪɢɬɟ ɤɨɦɚɧɞɭ: dcdiag/test:dcpromo/dnsdomain:domainname/newforest
Ɍɟɩɟɪɶ ɜɵ ɫɦɨɠɟɬɟ ɭɞɨɫɬɨɜɟɪɢɬɶɫɹ, ɱɬɨ DNS-ɫɟɪɜɟɪ ɹɜɥɹɟɬɫɹ ɨɮɢɰɢɚɥɶɧɵɦ ɞɥɹ ɞɨɦɟɧɚ domainname ɢ ɦɨɠɟɬ ɩɪɢɧɢɦɚɬɶ ɞɢɧɚɦɢɱɟɫɤɢɟ ɨɛɧɨɜɥɟɧɢɹ ɞɥɹ ɧɨɜɵɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨɛ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɢɧɫɬɪɭɦɟɧɬɚ dcdiag ɧɚɩɟɱɚɬɚɣɬɟ dcdiag/? ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ. ȿɫɥɢ ɫɥɭɠɛɚ DNS ɜ ɫɟɬɢ ɨɬɫɭɬɫɬɜɭɟɬ, ɜɚɫ ɩɨɩɪɨɫɹɬ ɭɫɬɚɧɨɜɢɬɶ ɫɥɭɠɛɭ ɫɟɪɜɟɪɚ DNS ɜ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. ȿɫɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ, ɛɭɞɟɬ ɬɚɤɠɟ ɫɟɪɜɟɪɨɦ DNS, ɬɨ ɩɪɨɜɟɞɢɬɟ ɬɳɚɬɟɥɶɧɨɟ ɩɥɚɧɢɪɨɜɚɧɢɟ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ DNS, ɤɨɬɨɪɨɟ ɜɵ ɛɭɞɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ (ɫɦ. ɝɥ. 5 ɞɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ DNS). ȿɫɥɢ ɜɵ ɛɭɞɟɬɟ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɫɥɭɠɛɭ ɫɟɪɜɟɪɚ DNS ɨɞɧɨɜɪɟɦɟɧɧɨ ɫ Active Directory, ɫɤɨɧɮɢɝɭɪɢɪɭɣɬɟ ɭɫɬɚɧɨɜɤɢ ɫɟɪɜɟɪɚ DNS ɧɚ ɤɨɦɩɶɸɬɟɪɟ, ɱɬɨɛɵ ɭɤɚɡɚɬɶ ɫɟɛɹ ɩɟɪɟɞ ɭɫɬɚɧɨɜɤɨɣ Active Directory. Ɉɬɤɪɨɣɬɟ ɨɤɧɨ Internet Protocol (TCP/IP) Properties (ɋɜɨɣɫɬɜɚ ɩɪɨɬɨɤɨɥɚ ɢɧɬɟɪɧɟɬɚ) ɢ ɭɫɬɚɧɨɜɢɬɟ ɚɞɪɟɫ ɫɟɪɜɟɪɚ Preferred DNS Server (ɉɪɢɜɢɥɟɝɢɪɨɜɚɧɧɵɣ ɫɟɪɜɟɪ DNS) ɧɚ IPɚɞɪɟɫ ɥɨɤɚɥɶɧɨɝɨ ɤɨɦɩɶɸɬɟɪɚ (ɫɦ. ɪɢɫ. 6-1).
. 6-1.
DNS
ɑɬɨɛɵ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɢɥɢ ɭɞɚɥɹɬɶ Active Directory, ɜɚɲɚ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɞɨɥɠɧɚ ɢɦɟɬɶ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɪɚɡɪɟɲɟɧɢɹ. Ɍɢɩ ɪɚɡɪɟɲɟɧɢɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɡɚɜɢɫɢɬ ɨɬ ɬɢɩɚ ɫɨɡɞɚɜɚɟɦɨɝɨ ɞɨɦɟɧɚ. Ɇɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɩɪɨɜɟɪɹɟɬ ɪɚɡɪɟɲɟɧɢɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɟɪɟɞ ɭɫɬɚɧɨɜɤɨɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ȿɫɥɢ ɜɵ ɜɨɣɞɟɬɟ ɜ ɫɢɫɬɟɦɭ ɫ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ, ɧɟ ɢɦɟɸɳɟɣ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɪɚɡɪɟɲɟɧɢɣ, ɦɚɫɬɟɪ ɡɚɩɪɨɫɢɬ ɜɚɫ ɨ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɯ ɫɟɪɬɢɮɢɤɚɬɚɯ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ ɥɟɫɚ, ɜɵ ɞɨɥɠɧɵ ɜɨɣɬɢ ɜ ɫɢɫɬɟɦɭ ɫ ɩɪɚɜɚɦɢ ɥɨɤɚɥɶɧɨɝɨ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚ, ɧɨ ɫɟɬɟɜɵɟ ɫɟɪɬɢɮɢɤɚɬɵ ɞɥɹ ɷɬɨɝɨ ɧɟ ɧɭɠɧɵ. ȿɫɥɢ ɜɵ ɫɨɛɢɪɚɟɬɟɫɶ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ ɞɟɪɟɜɚ ɢɥɢ ɧɨɜɵɣ ɞɨɱɟɪɧɢɣ ɞɨɦɟɧ ɜ ɫɭɳɟɫɬɜɭɸɳɟɦ ɞɟɪɟɜɟ, ɧɟɨɛɯɨɞɢɦ ɫɟɬɟɜɨɣ ɫɟɪɬɢɮɢɤɚɬ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɞɨɦɟɧɚ. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ ɞɟɪɟɜɚ, ɜɵ ɞɨɥɠɧɵ ɩɪɟɞɴɹɜɢɬɶ ɫɟɪɬɢɮɢɤɚɬ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɱɥɟɧɚ ɝɪɭɩɩɵ Enterprise Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɩɪɟɞɩɪɢɹɬɢɹ). ɑɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɫɭɳɟɫɬɜɭɸɳɢɣ ɞɨɦɟɧ, ɜɵ ɞɨɥɠɧɵ ɩɪɟɞɴɹɜɢɬɶ ɫɟɪɬɢɮɢɤɚɬɵ, ɤɨɬɨɪɵɟ ɢɦɟɸɬ ɪɚɡɪɟɲɟɧɢɹ ɩɪɢɫɨɟɞɢɧɹɬɶ ɤɨɦɩɶɸɬɟɪ ɤ ɞɨɦɟɧɭ ɢ ɫɨɡɞɚɜɚɬɶ ɨɛɴɟɤɬ NTDS Setting (ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ NTDS) ɜ ɪɚɡɞɟɥɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ. Ƚɥɨɛɚɥɶɧɚɹ ɝɪɭɩɩɚ Domain Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ) ɢɦɟɟɬ ɬɚɤɨɣ ɭɪɨɜɟɧɶ ɪɚɡɪɟɲɟɧɢɣ.
Active Directory
ɑɬɨɛɵ ɧɚɱɚɬɶ ɢɧɫɬɚɥɥɹɰɢɸ Active Directory, ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɞɢɧ ɢɡ ɝɪɚɮɢɱɟɫɤɢɯ ɢɧɬɟɪɮɟɣɫɨɜ ɢɥɢ ɡɚɩɭɫɬɢɬɶ ɟɟ ɢɡ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ. ɋ ɩɨɦɨɳɶɸ ɝɪɚɮɢɱɟɫɤɢɯ ɢɧɬɟɪɮɟɣɫɨɜ ɦɨɠɧɨ ɭɫɬɚɧɨɜɢɬɶ ɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɫɥɭɠɛɭ ɤɚɬɚɥɨɝɚ, ɚ ɬɚɤɠɟ ɫɨɡɞɚɬɶ ɢ ɢɧɢɰɢɚɥɢɡɢɪɨɜɚɬɶ ɯɪɚɧɢɥɢɳɟ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ. Ɍɚɤ ɤɚɤ Active Directory ɬɪɟɛɭɟɬ, ɱɬɨɛɵ ɪɟɚɥɢɡɚɰɢɹ DNS ɛɵɥɚ ɨɮɢɰɢɚɥɶɧɨɣ ɞɥɹ ɡɚɩɥɚɧɢɪɨɜɚɧɧɨɝɨ ɞɨɦɟɧɚ, ɬɨ ɜ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ ɛɭɞɟɬ ɭɫɬɚɧɨɜɥɟɧ ɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɫɟɪɜɟɪ ɫɥɭɠɛɵ DNS, ɟɫɥɢ ɨɮɢɰɢɚɥɶɧɵɣ DNS-ɫɟɪɜɟɪ ɟɳɟ ɧɟ ɭɫɬɚɧɨɜɥɟɧ. ɋɭɳɟɫɬɜɭɟɬ ɧɟɫɤɨɥɶɤɨ ɫɩɨɫɨɛɨɜ ɡɚɩɭɫɤɚ ɩɪɨɰɟɫɫɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory: • Configure Your Server Wizard (Ɇɚɫɬɟɪ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɫɟɪɜɟɪɚ); • Active Directory Installation Wizard (Ɇɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory); • ɢɧɫɬɚɥɥɹɰɢɹ ɛɟɡ ɫɨɩɪɨɜɨɠɞɟɧɢɹ.
•
Ɉɤɧɨ Manage Your Server (ɍɩɪɚɜɥɟɧɢɟ ɫɟɪɜɟɪɨɦ) ɩɨɹɜɥɹɟɬɫɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɡɚɤɨɧɱɢɬɫɹ ɢɧɫɬɚɥɥɹɰɢɹ ɢɥɢ ɨɛɧɨɜɥɟɧɢɟ Windows Server 2003. Ɉɧɨ ɨɬɨɛɪɚɠɚɟɬ ɫɩɢɫɨɤ ɜɫɟɯ ɫɟɬɟɜɵɯ ɭɫɥɭɝ, ɤɨɬɨɪɵɟ ɭɫɬɚɧɨɜɥɟɧɵ ɧɚ ɫɟɪɜɟɪɟ, ɢ ɩɨɡɜɨɥɹɟɬ ɭɫɬɚɧɨɜɢɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɭɫɥɭɝɢ (ɫɦ. ɪɢɫ. 6-2).
. 6-2.
Manage Your Server (
)
ɂɡ ɨɤɧɚ Manage Your Server ɜɵ ɦɨɠɟɬɟ ɞɨɛɚɜɢɬɶ ɫɟɪɜɟɪɭ ɪɨɥɶ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɗɬɨ ɦɨɠɧɨ ɫɞɟɥɚɬɶ, ɜɵɛɪɚɜ ɨɩɰɢɸ Typical Settings for a First Server (Ɍɢɩɢɱɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɩɟɪɜɨɝɨ ɫɟɪɜɟɪɚ) ɫ ɩɪɟɞɜɚɪɢɬɟɥɶɧɨ ɪɚɡɪɚɛɨɬɚɧɧɵɦɢ ɧɚɫɬɪɨɣɤɚɦɢ ɢɥɢ ɪɨɥɶ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵɛɪɚɧɵ ɬɢɩɢɱɧɵɟ ɭɫɬɚɧɨɜɤɢ ɩɟɪɜɨɝɨ ɫɟɪɜɟɪɚ, ɬɨ ɚɜɬɨɦɚɬɢɡɢɪɨɜɚɧɧɵɣ ɩɪɨɰɟɫɫ ɞɨɛɚɜɢɬ ɫɥɭɠɛɵ ɫɟɪɜɟɪɚ DNS ɢ DHCP. ɉɪɨɝɪɚɦɦɚ ɢɧɫɬɚɥɥɹɰɢɢ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɭɫɬɚɧɨɜɢɬ Active Directory ɫ ɡɚɞɚɧɧɵɦɢ ɩɨ ɭɦɨɥɱɚɧɢɸ ɜɚɪɢɚɧɬɚɦɢ ɞɥɹ ɦɧɨɝɢɯ ɨɩɰɢɣ, ɢɫɩɨɥɶɡɭɹ Active Directory Installation Wizard (Ɇɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory). ȿɫɥɢ ɜɵ ɩɥɚɧɢɪɭɟɬɟ ɭɫɬɚɧɨɜɢɬɶ Active Directory ɫɨ ɜɫɟɦɢ ɡɚɞɚɧɧɵɦɢ ɩɨ ɭɦɨɥɱɚɧɢɸ ɨɩɰɢɹɦɢ, ɬɨ ɩɪɨɝɪɚɦɦɚ Configure Your Server Wizard (Ɇɚɫɬɟɪ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɫɟɪɜɟɪɚ) ɨɛɟɫɩɟɱɢɬ ɡɚɳɢɳɟɧɧɭɸ ɨɬ ɨɲɢɛɨɤ ɭɫɬɚɧɨɜɤɭ ɷɬɨɣ ɫɥɭɠɛɵ.
Active Directory
Active Directory Installation Wizard (Ɇɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory) ɦɨɠɧɨ ɡɚɩɭɫɬɢɬɶ, ɧɚɩɟɱɚɬɚɜ dcpromo.exe ɜ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Run ɢɥɢ ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ. Ʉɨɦɚɧɞɚ Dcpromo.exe ɢɦɟɟɬ ɞɜɚ ɩɚɪɚɦɟɬɪɚ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ: • ɩɚɪɚɦɟɬɪ /answer[:answerfil ] ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɚɜɬɨɦɚɬɢɱɟɫɤɨɣ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. ȼɤɥɸɱɢɬɟ ɜ ɷɬɨɬ ɩɚɪɚɦɟɬɪ ɢɦɹ ɮɚɣɥɚ ɚɜɬɨɦɚɬɢɱɟɫɤɨɝɨ ɨɬɜɟɬɚ, ɤɨɬɨɪɵɣ
ɫɨɞɟɪɠɢɬ ɜɫɸ ɢɧɮɨɪɦɚɰɢɸ, ɧɟɨɛɯɨɞɢɦɭɸ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɢɧɫɬɚɥɥɹɰɢɢ; • ɩɚɪɚɦɟɬɪ /adv ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɡɚɩɭɫɤɚ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɜ ɬɨɦ ɫɥɭɱɚɟ, ɤɨɝɞɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɛɭɞɟɬ ɫɨɡɞɚɧ ɢɡ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɪɟɡɟɪɜɧɵɯ ɮɚɣɥɨɜ. Ʉɨɝɞɚ ɜɵ ɞɨɛɚɜɥɹɟɬɟ ɩɚɪɚɦɟɬɪ /adv, ɬɨ ɜ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ ɧɭɠɧɨ ɭɤɚɡɚɬɶ ɩɭɬɶ ɤ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɦ ɪɟɡɟɪɜɧɵɦ ɮɚɣɥɚɦ. Ⱦɟɬɚɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɨ ɤɥɸɱɟɜɵɯ ɩɭɧɤɬɚɯ ɨɬɜɟɬɨɜ ɞɚɧɚ ɜ ɪɚɡɞɟɥɟ ɷɬɨɣ ɝɥɚɜɵ «ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory».
Ⱦɥɹ ɭɫɬɚɧɨɜɤɢ Active Directory ɜɵ ɦɨɠɟɬɟ ɡɚɩɭɫɬɢɬɶ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɣ ɩɪɨɰɟɫɫ ɜ «ɬɢɯɨɦ» ɪɟɠɢɦɟ, ɛɟɡ ɫɨɩɪɨɜɨɠɞɟɧɢɹ, ɧɚɩɟɱɚɬɚɜ dcpromo.exe/ answer:answerfil , ɝɞɟ answerfile — ɢɦɹ ɮɚɣɥɚ ɨɬɜɟɬɨɜ, ɤɨɬɨɪɵɣ ɜɵ ɫɨɡɞɚɥɢ. ȼ ɪɟɠɢɦɟ «ɛɟɡ ɫɨɩɪɨɜɨɠɞɟɧɢɹ» ɮɚɣɥ ɫɰɟɧɚɪɢɹ ɢɧɫɬɚɥɥɹɰɢɢ ɩɟɪɟɞɚɟɬ ɡɧɚɱɟɧɢɹ ɞɥɹ ɜɫɟɯ ɩɨɥɟɣ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɜɜɨɞɚ, ɤɨɬɨɪɵɟ ɜɵ ɡɚɩɨɥɧɹɥɢ ɛɵ ɩɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. Ⱦɥɹ ɥɸɛɨɝɨ ɤɥɸɱɚ, ɤɨɬɨɪɵɣ ɧɟ ɨɩɪɟɞɟɥɟɧ ɜ ɮɚɣɥɟ ɨɬɜɟɬɚ, ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɡɧɚɱɟɧɢɟ ɷɬɨɝɨ ɤɥɸɱɚ, ɢɥɢ ɩɨɹɜɢɬɫɹ ɨɤɧɨ, ɱɬɨɛɵ ɜɵ ɦɨɝɥɢ ɜɜɟɫɬɢ ɬɪɟɛɭɟɦɨɟ ɡɧɚɱɟɧɢɟ. ɋɨɡɞɚɧɢɟ ɮɚɣɥɚ ɨɬɜɟɬɨɜ ɞɥɹ ɢɧɫɬɚɥɥɹɰɢɢ ɛɟɡ ɫɨɩɪɨɜɨɠɞɟɧɢɹ ɛɭɞɟɬ ɨɩɢɫɚɧɨ ɩɨɡɠɟ ɜ ɷɬɨɣ ɝɥɚɜɟ.
ɑɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ Active Directory, ɢɫɩɨɥɶɡɭɹ ɦɚɫɬɟɪɚ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɫɟɪɜɟɪɚ (Configure Your Server Wizard), ɦɨɠɧɨ ɜɵɛɪɚɬɶ ɞɨɛɚɜɥɟɧɢɟ ɧɨɜɨɣ ɪɨɥɢ ɜ ɭɬɢɥɢɬɟ Manage Your Server (ɍɩɪɚɜɥɟɧɢɟ ɫɟɪɜɟɪɨɦ) ɢɥɢ Configure Your Server Wizard ɜ ɩɚɩɤɟ Administrative Tools (ɋɪɟɞɫɬɜɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ). ɑɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ Active Directory, ɢɫɩɨɥɶɡɭɹ Configure Your Server Wizard, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. ȼ ɨɤɧɟ Manage Your Server ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Add Or Remove A Role (Ⱦɨɛɚɜɢɬɶ ɢɥɢ ɭɞɚɥɢɬɶ ɪɨɥɶ) ɢɥɢ ɜɵɛɟɪɢɬɟ Configure Your Server Wizard ɜ ɩɚɩɤɟ Administrative Tools. Ɂɚɩɭɫɬɢɬɫɹ ɦɚɫɬɟɪ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɫɟɪɜɟɪɚ. 2. ȼ ɨɤɧɟ Preliminary Steps (ɉɪɟɞɜɚɪɢɬɟɥɶɧɵɟ ɲɚɝɢ) ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Next (Ⱦɚɥɟɟ). ɀɞɢɬɟ ɧɟɤɨɬɨɪɨɟ ɜɪɟɦɹ, ɩɨɤɚ ɦɚɫɬɟɪ ɢɳɟɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ Local Area Connections (Ʌɨɤɚɥɶɧɵɟ ɩɨɞɤɥɸɱɟɧɢɹ). 3. ɑɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ Active Directory, ɫɥɭɠɛɭ ɫɟɪɜɟɪɚ DNS ɢ ɫɥɭɠɛɭ ɩɪɨɬɨɤɨɥɚ ɞɢɧɚɦɢɱɟɫɤɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɯɨɫɬɚ (DHCP), ɜ ɨɤɧɟ Configuration Options (Ɉɩɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ) ɜɵɛɟɪɢɬɟ Typical Configuration For A First Server (Ɍɢɩɢɱɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ ɞɥɹ ɩɟɪɜɨɝɨ ɫɟɪɜɟɪɚ). ɑɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ ɬɨɥɶɤɨ Active Directory, ɜɵɛɟɪɢɬɟ Custom Configuration (ȼɵɛɨɪɨɱɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ), ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Next (ɫɦ. ɪɢɫ. 6-3). ɉɨɫɥɟɞɭɸɳɟɟ ɨɩɢɫɚɧɢɟ ɩɪɟɞɩɨɥɚɝɚɟɬ, ɱɬɨ ɜɵ ɜɵɛɪɚɥɢ ɨɩɰɢɸ Custom configuration.
. 6-3.
Configuration Options (
)
4. ȼ ɨɤɧɟ Server Role (Ɋɨɥɶ ɫɟɪɜɟɪɚ) ɜɵɛɟɪɢɬɟ Domain Controller (Ʉɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ), ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Next (ɫɦ. ɪɢɫ. 6-4).
. 6-4.
Server Role (
)
5. ȼ ɨɤɧɟ Summary Of Selections (Ɋɟɡɸɦɟ ɜɵɛɪɚɧɧɵɯ ɨɩɰɢɣ) ɩɨɞɬɜɟɪɞɢɬɟ ɜɵɛɨɪ ɪɨɥɢ ɫɟɪɜɟɪɚ ɢ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Next. Ⱦɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɜɵɛɪɚɧɧɵɯ ɭɫɥɭɝ ɩɨɹɜɢɬɫɹ ɨɤɧɨ Applying Selections (ɉɪɢɦɟɧɟɧɢɟ ɜɵɛɪɚɧɧɵɯ ɨɩɰɢɣ). 6. ɉɪɢ ɫɨɡɞɚɧɢɢ ɪɨɥɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɩɨɹɜɥɹɟɬɫɹ ɨɤɧɨ Welcome (ɉɪɢɜɟɬɫɬɜɢɟ) ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory (ɫɦ. ɪɢɫ. 6-5). ɉɨɫɥɟ ɷɬɨɝɨ ɛɭɞɟɬ ɜɵɩɨɥɧɹɬɶɫɹ ɬɨɬ ɠɟ ɩɪɨɰɟɫɫ, ɤɚɤ ɟɫɥɢ ɛɵ ɜɵ ɡɚɩɭɫɬɢɥɢ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɢɡ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ ɢɥɢ ɤɨɦɚɧɞɨɣ Run (ȼɵɩɨɥɧɢɬɶ). ɉɨɞɪɨɛɧɨɟ ɨɩɢɫɚɧɢɟ ɨɬɜɟɬɨɜ ɧɚ ɜɨɩɪɨɫɵ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɞɚɧɨ ɜ ɫɥɟɞɭɸɳɟɦ ɪɚɡɞɟɥɟ. Ɂɚɜɟɪɲɢɬɟ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory, ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Finish (Ƚɨɬɨɜɨ). ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɫɥɭɠɛɚ Active Directory ɭɫɬɚɧɨɜɥɟɧɚ ɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ, ɩɨɹɜɢɬɫɹ ɧɚɩɨɦɢɧɚɧɢɟ ɨ ɬɨɦ, ɱɬɨ ɧɭɠɧɨ ɩɟɪɟɡɚɩɭɫɬɢɬɶ ɜɚɲ ɫɟɪɜɟɪ.
. 6-5.
Welcome (
)
Active Directory
Active Directory
Ɇɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɪɚɛɨɬɚɟɬ ɩɪɨɫɬɨ. ȼɫɟ ɨɩɰɢɢ ɦɚɫɬɟɪɚ ɯɨɪɨɲɨ ɨɛɴɹɫɧɟɧɵ ɢ ɩɪɟɞɫɬɚɜɥɟɧɵ ɜ ɥɨɝɢɱɟɫɤɨɦ ɩɨɪɹɞɤɟ. ȼɦɟɫɬɨ ɬɨɝɨ ɱɬɨɛɵ ɩɪɨɜɨɞɢɬɶ ɜɚɫ ɱɟɪɟɡ ɷɬɨɬ ɞɨɫɬɚɬɨɱɧɨ ɨɱɟɜɢɞɧɵɣ ɩɪɨɰɟɫɫ, ɨɛɫɭɞɢɦ ɤɥɸɱɟɜɵɟ ɦɨɦɟɧɬɵ ɨɬɜɟɬɨɜ, ɫ ɤɨɬɨɪɵɦɢ ɜɵ ɫɬɨɥɤɧɟɬɟɫɶ ɩɪɢ ɭɫɬɚɧɨɜɤɟ Active Directory. ɑɬɨɛɵ ɡɚɩɭɫɬɢɬɶ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory, ɧɚɩɟɱɚɬɚɣɬɟ dcpromo ɜ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Run (ȼɵɩɨɥɧɢɬɶ) ɢɥɢ ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ. ɉɨɹɜɢɬɫɹ ɫɬɚɪɬɨɜɨɟ ɨɤɧɨ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory.
Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɸɬɫɹ Windows Server 2003, ɥɭɱɲɟ ɡɚɳɢɳɟɧɵ, ɱɟɦ ɬɟ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɸɬɫɹ ɩɪɟɞɵɞɭɳɢɟ ɜɟɪɫɢɢ ɫɟɬɟɜɵɯ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦ Windows, ɢ ɦɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɞɚɟɬ ɢɧɮɨɪɦɚɰɢɸ ɨ ɬɨɦ, ɤɚɤ ɷɬɚ ɡɚɳɢɬɚ ɡɚɬɪɚɝɢɜɚɟɬ ɜɯɨɞ ɤɥɢɟɧɬɚ ɜ ɫɢɫɬɟɦɭ. Ɂɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɥɢɬɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɸɬɫɹ Windows Server 2003, ɬɪɟɛɭɟɬ ɞɜɭɯ ɧɨɜɵɯ ɭɪɨɜɧɟɣ ɡɚɳɢɬɵ ɜɡɚɢɦɨɞɟɣɫɬɜɢɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ: ɩɨɞɩɢɫɢ ɛɥɨɤɚ ɫɟɪɜɟɪɧɵɯ ɫɨɨɛɳɟɧɢɣ (Server Message Block — SMB), ɚ ɬɚɤɠɟ ɲɢɮɪɨɜɚɧɢɹ ɢ ɩɨɞɩɢɫɢ ɫɟɬɟɜɨɝɨ ɬɪɚɮɢɤɚ ɛɟɡɨɩɚɫɧɨɝɨ ɤɚɧɚɥɚ. ɗɬɢ ɮɭɧɤɰɢɢ ɡɚɳɢɬɵ ɜɵɡɵɜɚɸɬ ɩɪɨɛɥɟɦɵ ɩɪɢ ɜɯɨɞɟ ɜ ɫɢɫɬɟɦɭ ɤɥɢɟɧɬɨɜ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ. ɇɢɠɟɩɪɢɜɟɞɟɧɧɵɟ ɤɥɢɟɧɬɫɤɢɟ ɨɩɟɪɚɰɢɨɧɧɵɟ ɫɢɫɬɟɦɵ Windows ɜ ɨɫɧɨɜɧɨɦ ɪɟɠɢɦɟ ɧɟ ɩɨɞɞɟɪɠɢɜɚɸɬ ɩɨɞɩɢɫɢ SMB, ɲɢɮɪɨɜɚɧɢɟ ɢ ɩɨɞɩɢɫɢ ɛɟɡɨɩɚɫɧɨɝɨ ɤɚɧɚɥɚ: • Microsoft Windows for Workgroups; • Microsoft Windows 95 ɢ Windows 98; • Microsoft Windows NT 4 (Service Pack 3 ɢ ɛɨɥɟɟ ɪɚɧɧɢɟ). ȿɫɥɢ ɜɚɲɚ ɫɟɬɶ ɩɨɞɞɟɪɠɢɜɚɟɬ ɷɬɢ ɫɢɫɬɟɦɵ, ɬɨ ɜɵ ɞɨɥɠɧɵ ɜɵɩɨɥɧɢɬɶ ɨɩɪɟɞɟɥɟɧɧɵɟ ɞɟɣɫɬɜɢɹ, ɱɬɨɛɵ ɞɚɬɶ ɢɦ ɜɨɡɦɨɠɧɨɫɬɶ ɜɯɨɞɢɬɶ ɜ ɫɢɫɬɟɦɭ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ Windows Server 2003 (ɫɦ. ɬɚɛɥ. 6-1). . 6-1.
Ʉɥɢɟɧɬ Ɉɋ
Ⱦɟɣɫɬɜɢɟ
Active Directory
Windows for Workgroups Ɇɨɞɟɪɧɢɡɢɪɭɣɬɟ ɨɩɟɪɚɰɢɨɧɧɭɸ ɫɢɫɬɟɦɭ. Windows 95/Windows 98 Ɇɨɞɟɪɧɢɡɢɪɭɣɬɟ ɨɩɟɪɚɰɢɨɧɧɭɸ ɫɢɫɬɟɦɭ (ɪɟɤɨɦɟɧɞɭɟɬɫɹ) ɢɥɢ ɭɫɬɚɧɨɜɢɬɟ Directory Services Client (Ʉɥɢɟɧɬ ɫɥɭɠɛ ɤɚɬɚɥɨɝɚ). Windows NT 4 Ɇɨɞɟɪɧɢɡɢɪɭɣɬɟ ɨɩɟɪɚɰɢɨɧɧɭɸ ɫɢɫɬɟɦɭ (ɪɟɤɨɦɟɧɞɭɟɬɫɹ) ɢɥɢ ɭɫɬɚɧɨɜɢɬɟ Service Pack 4 (ɢɥɢ ɛɨɥɟɟ ɩɨɡɞɧɢɣ). Directory Services Client (Ʉɥɢɟɧɬ ɫɥɭɠɛ ɤɚɬɚɥɨɝɚ) — ɷɬɨ ɤɨɦɩɨɧɟɧɬ ɤɥɢɟɧɬɫɤɨɣ ɫɬɨɪɨɧɵ, ɤɨɬɨɪɵɣ ɞɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɧɢɡɤɨɭɪɨɜɧɟɜɵɦ ɤɥɢɟɧɬɫɤɢɦ ɨɩɟɪɚɰɢɨɧɧɵɦ ɫɢɫɬɟɦɚɦ (Microsoft Windows 95, Windows 98 ɢ Windows NT 4) ɜɨɫɩɨɥɶɡɨɜɚɬɶɫɹ ɩɪɟɢɦɭɳɟɫɬɜɚɦɢ Active Directory. (ɗɬɨ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɪɚɫɩɪɟɞɟɥɟɧɧɨɣ ɮɚɣɥɨɜɨɣ ɫɢɫɬɟɦɵ (DFS) ɢ ɩɨɢɫɤɚ). ɉɨɫɦɨɬɪɢɬɟ ɫɬɪɚɧɢɰɭ ɞɨɩɨɥɧɟɧɢɣ ɤɥɢɟɧɬɚ Active Directory ɧɚ ɫɚɣɬɟ http:/ /www.microsoft.corn/windows2000/server/evaluation/news/bulletins/ adextension.asp ɞɥɹ ɩɨɥɭɱɟɧɢɹ ɢɧɮɨɪɦɚɰɢɢ ɨɬɧɨɫɢɬɟɥɶɧɨ ɡɚɝɪɭɡɤɢ ɢ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɫɥɭɠɛɵ Directory Services Client ɜ ɫɢɫɬɟɦɟ Windows NT 4 SP6a. Ɉɛɪɚɬɢɬɟ ɜɧɢɦɚɧɢɟ, ɱɬɨ ɩɪɟɞɵɞɭɳɟɟ ɧɚɡɜɚɧɢɟ ɫɥɭɠɛɵ Directory Services Client ɛɵɥɨ Active Directory Client Extension, ɫ ɷɬɢɦ ɢɦɟɧɟɦ ɜɵ ɛɭɞɟɬɟ ɫɬɚɥɤɢɜɚɬɶɫɹ ɜɨ ɦɧɨɝɢɯ ɫɬɚɬɶɹɯ ɜɟɛ-ɫɚɣɬɚ Microsoft. ɇɚ ɪɢɫɭɧɤɟ 6-6 ɩɨɤɚɡɚɧɨ ɨɤɧɨ Operating System Compatibility (ɋɨɜɦɟɫɬɢɦɨɫɬɶ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦ).
ɉɟɪɜɨɟ ɪɟɲɟɧɢɟ, ɤɨɬɨɪɨɟ ɜɵ ɞɨɥɠɧɵ ɩɪɢɧɹɬɶ ɜ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ, -ɤɚɤɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɞɨɥɠɟɧ ɛɵɬɶ ɫɨɡɞɚɧ. ɗɬɨ ɦɨɠɟɬ ɛɵɬɶ ɩɟɪɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɧɨɜɨɦ ɞɨɦɟɧɟ ɢɥɢ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɞɥɹ ɫɭɳɟɫɬɜɭɸɳɟɝɨ ɞɨɦɟɧɚ (ɫɦ. ɪɢɫ. 6-7). ɉɨ ɭɦɨɥɱɚɧɢɸ ɫɨɡɞɚɟɬɫɹ ɧɨɜɵɣ ɞɨɦɟɧ ɢ ɧɨɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɜɵɛɟɪɟɬɟ ɫɨɡɞɚɧɢɟ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɫɭɳɟɫɬɜɭɸɳɟɦ ɞɨɦɟɧɟ, ɬɨ ɢɦɟɣɬɟ ɜ ɜɢɞɭ, ɱɬɨ ɜɫɟ ɥɨɤɚɥɶɧɵɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ, ɤɨɬɨɪɵɟ ɫɭɳɟɫɬɜɭɸɬ ɧɚ ɫɟɪɜɟɪɟ, ɛɭɞɭɬ ɭɞɚɥɟɧɵ ɧɚɪɹɞɭ ɫɨ ɜɫɟɦɢ ɤɪɢɩɬɨɝɪɚɮɢɱɟɫɤɢɦɢ ɤɥɸɱɚɦɢ, ɤɨɬɨɪɵɟ ɯɪɚɧɢɥɢɫɶ ɧɚ ɤɨɦɩɶɸɬɟɪɟ. ȼɚɫ ɩɨɩɪɨɫɹɬ ɬɚɤɠɟ ɪɚɫɲɢɮɪɨɜɚɬɶ ɜɫɟ ɡɚɲɢɮɪɨɜɚɧɧɵɟ ɞɚɧɧɵɟ, ɩɨɬɨɦɭ ɱɬɨ ɩɨɫɥɟ ɭɫɬɚɧɨɜɤɢ Active Directory ɷɬɨ ɛɭɞɟɬ ɧɟɞɨɫɬɭɩɧɨ.
. 6-6.
Operating System Compatibility (
. 6-7.
Domain Controller Type (
)
)
ȿɫɥɢ ɜɵ ɜɵɛɟɪɟɬɟ ɫɨɡɞɚɧɢɟ ɧɨɜɨɝɨ ɞɨɦɟɧɚ, ɬɨ ɞɚɥɟɟ ɧɭɠɧɨ ɛɭɞɟɬ ɭɤɚɡɚɬɶ, ɫɨɡɞɚɜɚɬɶ ɥɢ ɤɨɪɧɟɜɨɣ ɞɨɦɟɧ ɜ ɧɨɜɨɦ ɥɟɫɭ, ɞɨɱɟɪɧɢɣ ɞɨɦɟɧ ɜ ɫɭɳɟɫɬɜɭɸɳɟɦ ɞɨɦɟɧɟ ɢɥɢ ɜ ɧɨɜɨɦ ɞɟɪɟɜɟ ɞɨɦɟɧɚ ɜ ɫɭɳɟɫɬɜɭɸɳɟɦ ɥɟɫɭ (ɫɦ. ɪɢɫ. 6-8). ɉɪɨɤɨɧɫɭɥɶɬɢɪɭɣɬɟɫɶ ɫ ɩɪɨɟɤɬɧɨɣ ɞɨɤɭɦɟɧɬɚɰɢɟɣ ɫɜɨɟɣ ɫɥɭɠɛɵ Active Directory (ɫɦ. ɝɥ. 5), ɱɬɨɛɵ ɨɩɪɟɞɟɥɢɬɶ ɩɪɢɪɨɞɭ ɫɨɡɞɚɜɚɟɦɨɝɨ ɞɨɦɟɧɚ. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɞɨɱɟɪɧɢɣ ɞɨɦɟɧ ɜ ɫɭɳɟɫɬɜɭɸɳɟɦ ɞɨɦɟɧɟ ɢɥɢ ɜ ɧɨɜɨɦ ɞɟɪɟɜɟ ɞɨɦɟɧɚ ɜ ɫɭɳɟɫɬɜɭɸɳɟɦ ɥɟɫɭ, ɜɵ ɞɨɥɠɧɵ ɩɪɟɞɫɬɚɜɢɬɶ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɟ ɫɟɬɟɜɵɟ ɫɟɪɬɢɮɢɤɚɬɵ ɞɥɹ ɩɪɨɞɨɥɠɟɧɢɹ ɢɧɫɬɚɥɥɹɰɢɨɧɧɨɝɨ ɩɪɨɰɟɫɫɚ. Ⱦɥɹ ɫɨɡɞɚɧɢɹ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɧɨɜɨɝɨ ɥɟɫɚ ɫɟɬɟɜɵɟ ɫɟɪɬɢɮɢɤɚɬɵ ɧɟ ɬɪɟɛɭɸɬɫɹ.
. 6-8.
Create New Domain (
)
ɉɪɢ ɫɨɡɞɚɧɢɢ ɧɨɜɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɞɥɹ ɧɨɜɨɝɨ ɞɨɦɟɧɚ ɧɭɠɧɨ ɡɚɞɚɬɶ ɩɨɥɧɨɟ ɢɦɹ DNS ɢ ɢɦɹ NetBIOS (ɫɦ. ɪɢɫ. 6-9). ɉɪɢ ɫɨɡɞɚɧɢɢ ɷɬɢɯ ɢɦɟɧ ɧɭɠɧɨ ɫɨɛɥɸɞɚɬɶ ɨɩɪɟɞɟɥɟɧɧɵɟ ɩɪɚɜɢɥɚ. ɉɨɥɧɨɟ ɢɦɹ DNS ɞɨɥɠɧɨ ɫɨɞɟɪɠɚɬɶ ɭɧɢɤɚɥɶɧɨɟ ɢɦɹ ɞɥɹ ɧɨɜɨɝɨ ɞɨɦɟɧɚ, ɚ ɩɪɢ ɫɨɡɞɚɧɢɢ ɞɨɱɟɪɧɟɝɨ ɞɨɦɟɧɚ ɞɨɥɠɟɧ ɫɭɳɟɫɬɜɨɜɚɬɶ ɪɨɞɢɬɟɥɶɫɤɢɣ ɞɨɦɟɧ, ɢ ɟɝɨ ɢɦɹ ɞɨɥɠɧɨ ɛɵɬɶ ɜɤɥɸɱɟɧɨ ɜ ɢɦɹ DNS. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ ɧɨɜɵɣ ɞɨɦɟɧ NAmerica ɜ ɞɟɪɟɜɟ ɞɨɦɟɧɚ Contoso.com, ɬɨ ɩɨɥɧɨɟ ɢɦɹ DNS, ɤɨɬɨɪɨɟ ɜɵ ɞɨɥɠɧɵ ɜɜɟɫɬɢ, ɛɭɞɟɬ NAmerica.Contoso.com. ɉɪɢ ɢɦɟɧɨɜɚɧɢɢ ɞɨɦɟɧɚ ɞɨɫɬɭɩɧɵɟ ɫɢɦɜɨɥɵ ɜɤɥɸɱɚɸɬ ɧɟɡɚɜɢɫɢɦɵɟ ɨɬ ɪɟɝɢɫɬɪɚ ɛɭɤɜɵ ɨɬ Ⱥ ɞɨ Z, ɰɢɮɪɵ ɨɬ 0 ɞɨ 9 ɢ ɞɟɮɢɫ (-). Ʉɚɠɞɵɣ ɤɨɦɩɨɧɟɧɬ DNS ɢɦɟɧɢ ɞɨɦɟɧɚ (ɫɟɤɰɢɢ, ɨɬɞɟɥɟɧɧɵɟ ɬɨɱɤɨɣ [.]) ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɞɥɢɧɧɟɟ 63-ɯ ɛɚɣɬɨɜ.
. 6-9.
New Domain Name (
)
ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɭɤɚɡɚɥɢ ɢɦɹ DNS ɞɥɹ ɞɨɦɟɧɚ, ɧɟɨɛɯɨɞɢɦɨ ɡɚɞɚɬɶ ɢɦɹ NetBIOS (ɫɦ. ɪɢɫ. 6-10). ɂɦɹ NetBIOS ɢɫɩɨɥɶɡɭɟɬɫɹ ɛɨɥɟɟ ɪɚɧɧɢɦɢ ɜɟɪɫɢɹɦɢ ɫɢɫɬɟɦɵ Windows ɞɥɹ ɢɞɟɧɬɢɮɢɤɚɰɢɢ ɢɦɟɧɢ ɞɨɦɟɧɚ. Ʌɭɱɲɟ ɜɫɟɝɨ ɩɪɢɧɹɬɶ ɚɜɬɨɦɚɬɢɱɟɫɤɨɟ ɢɦɹ NetBIOS, ɩɨɥɭɱɟɧɧɨɟ ɢɡ ɪɚɧɟɟ ɜɜɟɞɟɧɧɨɝɨ ɢɦɟɧɢ DNS. ȿɞɢɧɫɬɜɟɧɧɨɟ ɨɝɪɚɧɢɱɟɧɢɟ ɧɚ ɢɦɹ NetBIOS ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɧɨ ɧɟ ɞɨɥɠɧɨ ɩɪɟɜɵɲɚɬɶ ɱɟɬɵɪɧɚɞɰɚɬɶ ɫɢɦɜɨɥɨɜ. Ʉɪɨɦɟ ɬɨɝɨ, ɢɦɹ NetBIOS ɞɨɥɠɧɨ ɛɵɬɶ ɭɧɢɤɚɥɶɧɵɦ.
. 6-10.
NetBIOS Domain Name (
NetBIOS
)
Ɇɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɩɨɩɪɨɫɢɬ ɜɚɫ ɜɵɛɪɚɬɶ ɦɟɫɬɨ ɞɥɹ ɯɪɚɧɟɧɢɹ ɮɚɣɥɚ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory (Ntds.dit), ɮɚɣɥɨɜ ɪɟɝɢɫɬɪɚɰɢɨɧɧɵɯ ɠɭɪɧɚɥɨɜ Active Directory ɢ ɨɛɳɟɣ ɩɚɩɤɢ Sysvol. ȼɵ ɦɨɠɟɬɟ ɜɵɛɪɚɬɶ ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɦɟɫɬɚ ɢɥɢ ɡɚɞɚɬɶ ɞɪɭɝɢɟ (ɫɦ. ɪɢɫ. 6-11).
. 6-11.
Database And Log Folders (
)
Ɂɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɦɟɫɬɨ ɞɥɹ ɛɚɡɵ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ ɢ ɠɭɪɧɚɥɨɜ — ɩɚɩɤɚ %systemroot %\system32. Ɉɞɧɚɤɨ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɥɭɱɲɟɣ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɢ ɧɭɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ Active Directory ɬɚɤ, ɱɬɨɛɵ ɯɪɚɧɢɬɶ ɮɚɣɥ ɛɚɡɵ ɞɚɧɧɵɯ ɢ ɠɭɪɧɚɥɵ ɧɚ ɨɬɞɟɥɶɧɵɯ ɠɟɫɬɤɢɯ ɞɢɫɤɚɯ. Ɂɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɦɟɫɬɨ ɨɛɳɟɣ ɩɚɩɤɢ Sysvol - %systemdrive %\Windows. ȿɞɢɧɫɬɜɟɧɧɨɟ ɨɝɪɚɧɢɱɟɧɢɟ ɧɚ ɜɵɛɨɪ ɦɟɫɬɚ ɞɥɹ ɨɛɳɟɣ ɩɚɩɤɢ Sysvol ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɧɚ ɞɨɥɠɧɚ ɯɪɚɧɢɬɶɫɹ ɜ ɪɚɡɞɟɥɟ ɫ ɮɚɣɥɨɜɨɣ ɫɢɫɬɟɦɨɣ NTFS v5. ȼ ɩɚɩɤɟ Sysvol ɯɪɚɧɹɬɫɹ ɜɫɟ ɮɚɣɥɵ, ɤɨɬɨɪɵɟ ɞɨɥɠɧɵ ɛɵɬɶ ɞɨɫɬɭɩɧɵ ɤɥɢɟɧɬɚɦ ɞɨɦɟɧɚ Active Directory, ɧɚɩɪɢɦɟɪ, ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ (ɫɦ. ɪɢɫ. 6-12).
DNS-
Active Directory ɬɪɟɛɭɟɬ, ɱɬɨɛɵ ɜ ɫɟɬɢ ɛɵɥɚ ɭɫɬɚɧɨɜɥɟɧɚ ɫɥɭɠɛɚ DNS, ɬɨɝɞɚ ɤɨɦɩɶɸɬɟɪɵ-ɤɥɢɟɧɬɵ ɫɦɨɝɭɬ ɧɚɯɨɞɢɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɞɥɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ. Ⱦɥɹ ɷɬɨɝɨ ɪɟɚɥɢɡɚɰɢɹ DNS ɞɨɥɠɧɚ ɩɨɞɞɟɪɠɢɜɚɬɶ ɡɚɩɢɫɢ SRV. Microsoft ɪɟɤɨɦɟɧɞɭɟɬ ɬɚɤɠɟ ɩɨɞɞɟɪɠɤɭ ɞɢɧɚɦɢɱɟɫɤɢɯ ɨɛɧɨɜɥɟɧɢɣ. Ɋɟɚɥɢɡɚɰɢɹ ɫɥɭɠɛɵ DNS ɜ ɫɟɬɢ ɦɨɠɟɬ ɛɵɬɶ ɜɵɩɨɥɧɟɧɚ ɧɟ ɧɚ ɩɥɚɬɮɨɪɦɟ Microsoft, ɷɬɨ ɦɨɠɟɬ ɛɵɬɶ DNS-ɫɟɪɜɟɪ, ɪɚɛɨɬɚɸɳɢɣ ɩɨɞ Windows NT 4 (SP4), Windows 2000 Server ɢɥɢ Windows Server 2003.
. 6-12.
Shared System Volume (
)
ȿɫɥɢ ɤɨɦɩɶɸɬɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ Active Directory, ɧɟ ɹɜɥɹɟɬɫɹ DNS-ɫɟɪɜɟɪɨɦ, ɢɥɢ ɟɫɥɢ ɦɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɧɟ ɩɪɨɜɟɪɹɟɬ, ɱɬɨ DNS-ɫɟɪɜɟɪ ɞɨɥɠɧɵɦ ɨɛɪɚɡɨɦ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɞɥɹ ɧɨɜɨɝɨ ɞɨɦɟɧɚ, ɬɨ ɫɥɭɠɛɚ DNS ɫɟɪɜɟɪɚ ɦɨɠɟɬ ɛɵɬɶ ɭɫɬɚɧɨɜɥɟɧɚ ɜ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. (ȿɫɥɢ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɭɠɟ ɫɭɳɟɫɬɜɭɸɳɟɦ ɞɨɦɟɧɟ, ɬɨ ɫɱɢɬɚɟɬɫɹ, ɱɬɨ ɫɥɭɠɛɚ DNS ɭɠɟ ɭɫɬɚɧɨɜɥɟɧɚ, ɢ ɷɬɨɬ ɲɚɝ ɩɪɨɜɟɪɤɢ ɩɪɨɩɭɫɤɚɟɬɫɹ.) ȿɫɥɢ ɫɥɭɠɛɚ DNS ɪɟɚɥɢɡɨɜɚɧɚ ɜ ɫɟɬɢ, ɧɨ ɧɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ ɞɨɥɠɧɵɦ ɨɛɪɚɡɨɦ, ɬɨ ɨɤɧɨ DNS Registration Diagnostics (Ⱦɢɚɝɧɨɫɬɢɤɚ ɪɟɝɢɫɬɪɚɰɢɢ DNS) ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɫɨɨɛɳɚɟɬ ɨɛ ɨɲɢɛɤɚɯ ɤɨɧɮɢɝɭɪɚɰɢɢ. ȼ ɷɬɨɦ ɦɟɫɬɟ ɧɭɠɧɨ ɫɞɟɥɚɬɶ ɜɫɟ ɧɟɨɛɯɨɞɢɦɵɟ ɢɡɦɟɧɟɧɢɹ ɜ ɤɨɧɮɢɝɭɪɚɰɢɢ DNS ɢ ɩɨɜɬɨɪɢɬɶ ɩɪɨɝɪɚɦɦɭ ɞɢɚɝɧɨɫɬɢɤɢ DNS. ȼ ɤɚɱɟɫɬɜɟ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɜɚɪɢɚɧɬɚ ɦɨɠɧɨ ɩɪɨɞɨɥɠɢɬɶ ɢɧɫɬɚɥɥɹɰɢɸ Active Directory ɢ ɩɨɡɠɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ DNS ɜɪɭɱɧɭɸ. ɇɚ ɪɢɫɭɧɤɟ 6-13 ɩɨɤɚɡɚɧɵ ɪɟɡɭɥɶɬɚɬɵ ɞɢɚɝɧɨɫɬɢɤɢ DNS, ɜɵɩɨɥɧɟɧɧɨɣ ɜɨ ɜɪɟɦɹ ɪɚɛɨɬɵ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɢ ɬɪɢ ɜɚɪɢɚɧɬɚ ɜɨɡɦɨɠɧɵɯ ɩɪɨɞɨɥɠɟɧɢɹ. Ɉɛɪɚɬɢɬɟ ɜɧɢɦɚɧɢɟ, ɱɬɨ ɜɬɨɪɚɹ ɨɩɰɢɹ, ɫɜɹɡɚɧɧɚɹ ɫ ɭɫɬɚɧɨɜɤɨɣ ɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟɦ DNS-ɫɟɪɜɟɪɚ ɧɚ ɷɬɨɦ ɤɨɦɩɶɸɬɟɪɟ, ɹɜɥɹɟɬɫɹ ɡɚɞɚɧɧɨɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɜ ɫɢɬɭɚɰɢɢ, ɤɨɝɞɚ DNS ɫɟɪɜɟɪ ɧɟ ɧɚɣɞɟɧ. ȿɫɥɢ ɜɵ ɜɵɛɟɪɟɬɟ ɡɚɞɚɧɧɭɸ ɩɨ ɭɦɨɥɱɚɧɢɸ ɨɩɰɢɸ, ɫɜɹɡɚɧɧɭɸ ɫ ɭɫɬɚɧɨɜɤɨɣ ɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟɦ DNS ɫɟɪɜɟɪɚ, ɬɨ ɫɟɪɜɟɪ DNS ɢ ɫɥɭɠɛɚ DNS ɫɟɪɜɟɪɚ ɛɭɞɭɬ ɭɫɬɚɧɨɜɥɟɧɵ ɜ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. Ɉɫɧɨɜɧɚɹ ɡɨɧɚ DNS ɛɭɞɟɬ ɫɨɨɬɜɟɬɫɬɜɨɜɚɬɶ ɢɦɟɧɢ ɧɨɜɨɝɨ ɞɨɦɟɧɚ Active Directory, ɨɧɚ ɛɭɞɟɬ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ ɬɚɤ, ɱɬɨɛɵ ɩɪɢɧɢɦɚɬɶ ɞɢɧɚɦɢɱɟɫɤɢɟ ɨɛɧɨɜɥɟɧɢɹ. ɉɪɟɞɩɨɱɬɢɬɟɥɶɧɵɟ ɩɚɪɚɦɟɬɪɵ ɭɫɬɚɧɨɜɤɢ DNS-cepɜɟɪɚ (ɜ ɨɤɧɟ ɫɜɨɣɫɬɜ TCP/IP) ɛɭɞɭɬ ɦɨɞɢɮɢɰɢɪɨɜɚɧɵ ɞɥɹ ɭɤɚɡɚɧɢɹ ɧɚ ɥɨɤɚɥɶɧɵɣ DNS-ɫɟɪɜɟɪ. (ȼɵɲɟ ɪɟɤɨɦɟɧɞɨɜɚɥɨɫɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɥɨɤɚɥɶɧɵɣ IP-ɚɞɪɟɫ ɤɨɦɩɶɸɬɟɪɚ ɩɟɪɟɞ ɢɧɫɬɚɥɥɹɰɢɟɣ Active Directory.)
, 6-13.
DNS Registration Diagnostics ( Active Directory
DNS)
Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. Ʉɨɝɞɚ ɫɥɭɠɛɚ DNS ɫɟɪɜɟɪɚ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɦɚɫɬɟɪɨɦ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory, ɬɨ ɡɨɧɚ DNS ɫɨɡɞɚɟɬɫɹ ɤɚɤ ɢɧɬɟɝɪɢɪɨɜɚɧɧɚɹ ɡɨɧɚ Active Directory. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɢ ɢɧɬɟɝɪɢɪɨɜɚɧɧɨɣ ɡɨɧɵ Active Directory ɫɦ. ɝɥ. 3.
Ɉɛɟ ɫɢɫɬɟɦɵ, Windows Server 2003 ɢ Windows 2000, ɪɟɚɥɢɡɭɸɬ ɛɨɥɟɟ ɫɬɪɨɝɭɸ ɡɚɳɢɬɭ ɞɥɹ ɚɬɪɢɛɭɬɨɜ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɢ ɝɪɭɩɩɨɜɵɯ ɨɛɴɟɤɬɨɜ, ɱɟɦ ɬɚ, ɤɨɬɨɪɚɹ ɛɵɥɚ ɜ Windows NT 4. Ⱦɨɫɬɭɩ ɤ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦ ɨɛɴɟɤɬɚɦ ɢ ɝɪɭɩɩɨɜɨɟ ɱɥɟɧɫɬɜɨ ɩɨ ɭɦɨɥɱɚɧɢɸ ɧɟɞɨɫɬɭɩɧɵ ɞɥɹ ɚɧɨɧɢɦɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɜɯɨɞɨɜ ɜ ɫɢɫɬɟɦɭ. ɑɬɨɛɵ ɫɨɯɪɚɧɢɬɶ ɨɛɪɚɬɧɭɸ ɫɨɜɦɟɫɬɢɦɨɫɬɶ ɫ ɩɪɢɥɨɠɟɧɢɹɦɢ ɢ ɫɥɭɠɛɚɦɢ, ɫɨɡɞɚɧɧɵɦɢ ɞɨ Windows 2000 (Microsoft SQL-ɫɟɪɜɟɪ ɢ ɫɥɭɠɛɚ ɭɞɚɥɟɧɧɨɝɨ ɞɨɫɬɭɩɚ Remote Access Service, RAS), Active Directory ɤɨɧɮɢɝɭɪɢɪɭɟɬɫɹ ɬɚɤ, ɱɬɨɛɵ ɨɫɥɚɛɢɬɶ ɡɚɞɚɧɧɭɸ ɩɨ ɭɦɨɥɱɚɧɢɸ ɡɚɳɢɬɭ ɢ ɩɨɡɜɨɥɢɬɶ ɚɧɨɧɢɦɧɵɣ ɞɨɫɬɭɩ ɤ ɷɬɢɦ ɨɛɴɟɤɬɚɦ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ɗɬɨ ɜɵɩɨɥɧɹɟɬɫɹ ɩɭɬɟɦ ɞɨɛɚɜɥɟɧɢɹ ɫɩɟɰɢɚɥɶɧɵɯ ɝɪɭɩɩ Everyone (ȼɫɟ) ɢ Anonymous Logon (Ⱥɧɨɧɢɦɧɵɣ ɜɯɨɞ ɜ ɫɢɫɬɟɦɭ) ɤ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɟ Pre-Windows 2000 Compatible Access (Ⱦɨɫɬɭɩ, ɫɨɜɦɟɫɬɢɦɵɣ ɫ ɫɢɫɬɟɦɚɦɢ, ɪɚɡɪɚɛɨɬɚɧɧɵɦɢ ɞɨ Windows 2000). ȼ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɜɵ ɞɨɥɠɧɵ ɭɫɬɚɧɨɜɢɬɶ ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɪɚɡɪɟɲɟɧɢɹ ɞɥɹ ɝɪɭɩɩɨɜɵɯ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɨɛɴɟɤɬɨɜ. ȼ ɨɤɧɟ Permissions (Ɋɚɡɪɟɲɟɧɢɹ) ɜɵɛɟɪɢɬɟ ɨɞɧɭ ɢɡ ɞɜɭɯ ɨɩɰɢɣ (ɫɦ. ɪɢɫ. 6-14): • Permissions Compatible With Pre-Windows 2000 Server Operating Systems (Ɋɚɡɪɟɲɟɧɢɹ, ɫɨɜɦɟɫɬɢɦɵɟ ɫ ɨɩɟɪɚɰɢɨɧɧɵɦɢ ɫɢɫɬɟɦɚɦɢ, ɫɨɡɞɚɧɧɵɦɢ ɞɨ Windows 2000); • Permissions Compatible Only With Windows 2000 Or Windows Server 2003 Operating Systems (Ɋɚɡɪɟɲɟɧɢɹ, ɫɨɜɦɟɫɬɢɦɵɟ ɬɨɥɶɤɨ ɫ ɨɩɟɪɚɰɢɨɧɧɵɦɢ ɫɢɫɬɟɦɚɦɢ Windows 2000 ɢɥɢ Windows Server 2003).
. 6-14.
Permissions (
)
Ʉɚɤɭɸ ɨɩɰɢɸ ɜɵɛɪɚɬɶ? ȿɫɥɢ ɜɚɲɚ ɫɟɬɟɜɚɹ ɫɪɟɞɚ ɛɭɞɟɬ ɜɤɥɸɱɚɬɶ ɫɟɪɜɟɪɵ Windows NT, ɚ ɬɚɤɠɟ ɫɥɭɠɛɵ ɢɥɢ ɩɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɵɟ ɬɪɟɛɭɸɬ ɡɚɳɢɬɵ Windows NT ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ, ɜɵ ɞɨɥɠɧɵ ɩɪɢɧɹɬɶ ɡɚɞɚɧɧɭɸ ɩɨ ɭɦɨɥɱɚɧɢɸ: Permissions Compatible With Pre-Windows 2000 Server Operating Systems. ȿɫɥɢ ɜɚɲɚ ɫɟɬɟɜɚɹ ɫɪɟɞɚ ɜɤɥɸɱɚɟɬ ɬɨɥɶɤɨ Windows 2000 ɢɥɢ Windows Server 2003, ɟɫɥɢ ɜ ɧɟɣ ɧɟ ɛɭɞɭɬ ɜɵɩɨɥɧɹɬɶɫɹ ɩɪɨɝɪɚɦɦɵ, ɪɚɡɪɚɛɨɬɚɧɧɵɟ ɞɥɹ ɛɨɥɟɟ ɪɚɧɧɢɯ, ɱɟɦ Windows 2000, ɫɢɫɬɟɦ, ɜɵɛɟɪɢɬɟ Permissions Compatible Only With Windows 2000 Or Windows Server 2003 Operating Systems. ɂɦɟɣɬɟ ɜ ɜɢɞɭ, ɱɬɨ ɫ ɡɚɞɚɧɧɨɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɨɩɰɢɟɣ ɚɧɨɧɢɦɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɛɭɞɭɬ ɫɩɨɫɨɛɧɵ ɨɛɪɚɳɚɬɶɫɹ ɤ ɞɚɧɧɵɦ Active Directory, ɧɚɪɭɲɚɹ ɡɚɳɢɬɭ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɦɨɞɟɪɧɢɡɢɪɭɟɬɟ ɜɫɟ ɫɟɪɜɟɪɵ ɜ ɞɨɦɟɧɟ ɞɨ Windows 2000 ɢɥɢ Windows Server 2003, ɧɭɠɧɨ ɡɚɧɨɜɨ ɭɫɬɚɧɨɜɢɬɶ ɪɚɡɪɟɲɟɧɢɹ Windows Server 2003 ɞɥɹ ɝɪɭɩɩɨɜɵɯ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɨɛɴɟɤɬɨɜ. Ⱦɥɹ ɷɬɨɝɨ ɩɪɨɫɬɨ ɭɞɚɥɢɬɟ ɜɫɟɯ ɱɥɟɧɨɜ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɵ Pre-Windows 2000 Compatible Access (Ⱦɨɫɬɭɩ, ɫɨɜɦɟɫɬɢɦɵɣ ɫ ɫɢɫɬɟɦɚɦɢ, ɪɚɡɪɚɛɨɬɚɧɧɵɦɢ ɞɨ Windows 2000). ȼ ɞɨɦɟɧɟ Windows Server 2003 ɱɥɟɧɚɦɢ ɛɭɞɭɬ ɢɞɟɧɬɢɮɢɤɚɬɨɪɵ SID ɝɪɭɩɩ Everyone (ȼɫɟ) ɢ
Anonymous Logon (Ⱥɧɨɧɢɦɧɵɣ ɜɯɨɞ ɜ ɫɢɫɬɟɦɭ). ɑɬɨɛɵ ɭɞɚɥɢɬɶ ɱɥɟɧɨɜ ɷɬɨɣ ɝɪɭɩɩɵ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory), ɨɬɤɪɨɣɬɟ ɤɨɧɬɟɣɧɟɪ Builtin (ȼɫɬɪɨɟɧɧɵɟ ɨɛɴɟɤɬɵ), ɚ ɡɚɬɟɦ ɞɜɚɠɞɵ ɳɟɥɤɧɢɬɟ ɧɚ ɝɪɭɩɩɟ Pre-Windows 2000 Compatible Access (ɪɚɫɤɪɨɣɬɟ ɫɬɨɥɛɟɰ Name (ɂɦɹ) ɜ ɫɥɭɱɚɟ ɧɟɨɛɯɨɞɢɦɨɫɬɢ). ɇɚ ɜɤɥɚɞɤɟ Members (ɑɥɟɧɵ) ɨɤɧɚ ɝɪɭɩɩɨɜɵɯ ɫɜɨɣɫɬɜ ɜɵɛɟɪɢɬɟ ɨɛɚ ɢɞɟɧɬɢɮɢɤɚɬɨɪɚ SID ɢ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Remove (ɍɞɚɥɢɬɶ). Ⱦɥɹ ɭɞɚɥɟɧɢɹ ɱɥɟɧɨɜ ɷɬɨɣ ɝɪɭɩɩɵ ɢɡ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ ɧɚɩɟɱɚɬɚɣɬɟ ɫɥɟɞɭɸɳɭɸ ɤɨɦɚɧɞɭ: net localgroup /delete
"Pre-Windows
2000
Compatible
Access"
Everyone
"Anonymous
Logon"
ȼ ɥɸɛɨɦ ɫɥɭɱɚɟ, ɱɬɨɛɵ ɜɫɬɭɩɢɥɨ ɜ ɫɢɥɭ ɢɡɦɟɧɟɧɢɟ ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ, ɧɟɨɛɯɨɞɢɦɨ ɩɟɪɟɡɚɝɪɭɡɢɬɶ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. ɩɟɪɟɞ ɧɚɱɚɥɨɦ ɩɟɪɜɢɱɧɨɝɨ ɩɪɨɰɟɫɫɚ ɪɟɩɥɢɤɚɰɢɢ ɩɨɹɜɢɬɫɹ ɤɧɨɩɤɚ Finish Replication Later (ȼɵɩɨɥɧɢɬɶ ɪɟɩɥɢɤɚɰɢɸ ɩɨɡɠɟ). ȼɵɛɟɪɢɬɟ ɷɬɭ ɨɩɰɢɸ, ɱɬɨɛɵ ɩɨɡɜɨɥɢɬɶ ɧɨɪɦɚɥɶɧɨɦɭ ɩɪɨɰɟɫɫɭ ɪɟɩɥɢɤɚɰɢɢ ɫɢɧɯɪɨɧɢɡɢɪɨɜɚɬɶ ɪɚɡɞɟɥɵ ɤɚɬɚɥɨɝɚ ɧɚ ɷɬɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɩɨɡɠɟ.
.
6-15.
Directory
Services
Restore
Mode
Administrator )
Password
(
ɉɟɪɜɢɱɧɚɹ ɪɟɩɥɢɤɚɰɢɹ ɞɚɧɧɵɯ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ ɦɨɠɟɬ ɡɚɧɢɦɚɬɶ ɦɧɨɝɨ ɜɪɟɦɟɧɢ, ɨɫɨɛɟɧɧɨ ɩɨ ɦɟɞɥɟɧɧɵɦ ɫɟɬɟɜɵɦ ɩɨɞɤɥɸɱɟɧɢɹɦ, ɩɨɷɬɨɦɭ ɜ Active Directory Windows Server 2003 ɩɪɟɞɥɚɝɚɟɬɫɹ ɧɨɜɚɹ ɮɭɧɤɰɢɹ ɭɫɬɚɧɨɜɤɢ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɢɡ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɪɟɡɟɪɜɧɵɯ ɮɚɣɥɨɜ, ɤɨɬɨɪɚɹ ɨɛɫɭɠɞɚɟɬɫɹ ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ. ɇɚɢɥɭɱɲɚɹ ɩɪɚɤɬɢɤɚ. ɉɨɫɥɟ ɭɫɬɚɧɨɜɤɢ ɫɥɭɠɛɵ Active Directory ɜɵ ɞɨɥɠɧɵ ɨɬɤɪɵɬɶ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Users And Computers ɢ ɩɪɨɜɟɪɢɬɶ, ɱɬɨ ɫɨɡɞɚɧɵ ɜɫɟ ɜɫɬɪɨɟɧɧɵɟ ɭɱɚɫɬɧɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɬɚɤɢɟ ɤɚɤ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ Administrator ɢ ɝɪɭɩɩɵ ɛɟɡɨɩɚɫɧɨɫɬɢ Domain Admins, Enterprise Admins. ȼɵ ɞɨɥɠɧɵ ɬɚɤɠɟ ɩɪɨɜɟɪɢɬɶ ɫɨɡɞɚɧɢɟ «ɫɩɟɰɢɚɥɢɡɢɪɨɜɚɧɧɵɯ ɬɨɠɞɟɫɬɜ» Authenticated Users (ɍɞɨɫɬɨɜɟɪɟɧɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ) ɢ Interactive (ɂɧɬɟɪɚɤɬɢɜɧɵɣ). «ɋɩɟɰɢɚɥɢɡɢɪɨɜɚɧɧɵɟ ɬɨɠɞɟɫɬɜɚ» ɨɛɵɱɧɨ ɢɡɜɟɫɬɧɵ ɤɚɤ ɝɪɭɩɩɵ, ɧɨ ɜɵ ɧɟ ɦɨɠɟɬɟ ɜɢɞɟɬɶ ɢɯ ɱɥɟɧɫɬɜɨ. ɉɨɥɶɡɨɜɚɬɟɥɢ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɜɤɥɸɱɚɸɬɫɹ ɜ ɷɬɢ ɝɪɭɩɩɵ, ɤɨɝɞɚ ɨɧɢ ɨɛɪɚɳɚɸɬɫɹ ɤ ɫɩɟɰɢɮɢɱɟɫɤɢɦ ɪɟɫɭɪɫɚɦ. «ɋɩɟɰɢɚɥɢɡɢɪɨɜɚɧɧɵɟ ɬɨɠɞɟɫɬɜɚ» ɩɨ ɭɦɨɥɱɚɧɢɸ ɧɟ ɨɬɨɛɪɚɠɚɸɬɫɹ ɜ ɢɧɫɬɪɭɦɟɧɬɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Users And Computers. ɑɬɨɛɵ ɪɚɫɫɦɨɬɪɟɬɶ ɷɬɢ ɨɛɴɟɤɬɵ, ɜɵɛɟɪɢɬɟ View (ȼɢɞ), ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ Advanced Features (Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɮɭɧɤɰɢɢ). ȼ ɪɟɡɭɥɶɬɚɬɟ ɨɬɨɛɪɚɡɹɬɫɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɤɨɦɩɨɧɟɧɬɵ ɢɧɫɬɪɭɦɟɧɬɚ. Ɉɬɤɪɨɣɬɟ ɤɨɧɬɟɣɧɟɪ Foreign Security Principals (ȼɧɟɲɧɢɟ ɭɱɚɫɬɧɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ). Ɍɚɦ ɜɵ ɧɚɣɞɟɬɟ ɨɛɴɟɤɬɵ S-1-5-11 ɢ S-1-5-4, ɤɨɬɨɪɵɟ ɹɜɥɹɸɬɫɹ ɢɞɟɧɬɢɮɢɤɚɬɨɪɚɦɢ Authenticated Users SID ɢ Interactive SID, ɫɨɨɬɜɟɬɫɬɜɟɧɧɨ. Ⱦɜɚɠɞɵ ɳɟɥɤɧɢɬɟ ɧɚ ɷɬɢɯ ɨɛɴɟɤɬɚɯ, ɱɬɨɛɵ ɩɪɨɫɦɨɬɪɟɬɶ ɢɯ ɫɜɨɣɫɬɜɚ ɢ ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɪɚɡɪɟɲɟɧɢɹ.
«
»
ɑɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ Active Directory ɛɟɡ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɭɱɚɫɬɢɹ, ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɩɚɪɚɦɟɬɪ /answer [:filename] ɫ ɤɨɦɚɧɞɨɣ Dcpromo. ȼ ɷɬɨɬ ɩɚɪɚɦɟɬɪ ɧɭɠɧɨ ɜɤɥɸɱɢɬɶ ɢɦɹ ɮɚɣɥɚ ɨɬɜɟɬɨɜ. Ɏɚɣɥ ɨɬɜɟɬɨɜ ɫɨɞɟɪɠɢɬ ɜɫɟ ɞɚɧɧɵɟ, ɤɨɬɨɪɵɣ ɨɛɵɱɧɨ ɬɪɟɛɭɸɬɫɹ ɜ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ. Ɇɨɠɧɨ ɬɚɤɠɟ ɭɫɬɚɧɚɜɥɢɜɚɬɶ Active Directory ɩɪɢ ɭɫɬɚɧɨɜɤɟ Windows Server 2003 ɜ ɚɜɬɨɦɚɬɢɱɟɫɤɨɦ ɪɟɠɢɦɟ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɢɫɩɨɥɶɡɭɟɬɫɹ ɤɨɦɚɧɞɚ E:\I386\winnt32/unattend[:unattend.txt], ɝɞɟ unattend.txt - ɢɦɹ ɮɚɣɥɚ ɨɬɜɟɬɨɜ, ɢɫɩɨɥɶɡɭɟɦɨɝɨ ɞɥɹ ɩɨɥɧɨɣ ɢɧɫɬɚɥɥɹɰɢɢ Windows Server 2003. (ɉɪɟɞɩɨɥɚɝɚɟɬɫɹ, ɱɬɨ ɞɢɫɤɨɜɨɞɨɦ CD-ROM ɹɜɥɹɟɬɫɹ ɞɢɫɤ ȿ, ɢ ɜɵ ɜɫɬɚɜɢɥɢ ɜ ɞɢɫɤɨɜɨɞ ɞɢɫɤ.) Ɏɚɣɥ Unattend.txt ɞɨɥɠɟɧ ɫɨɞɟɪɠɚɬɶ ɪɚɡɞɟɥ [Deinstall], ɱɬɨɛɵ ɦɨɠɧɨ ɛɵɥɨ ɭɫɬɚɧɨɜɢɬɶ Active Directory. ɑɬɨɛɵ ɜɵɩɨɥɧɢɬɶ ɚɜɬɨɦɚɬɢɱɟɫɤɭɸ ɭɫɬɚɧɨɜɤɭ Active Directory ɩɨɫɥɟ ɭɫɬɚɧɨɜɤɢ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ Windows Server 2003, ɫɨɡɞɚɣɬɟ ɮɚɣɥ ɨɬɜɟɬɨɜ, ɤɨɬɨɪɵɣ ɫɨɞɟɪɠɢɬ ɪɚɡɞɟɥ [Deinstall]. Ⱦɥɹ ɷɬɨɝɨ ɧɚɩɟɱɚɬɚɣɬɟ ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɢɥɢ ɜ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Run dcpromo/ answer:answerfile (ɝɞɟ answerfile - ɢɦɹ ɮɚɣɥɚ ɨɬɜɟɬɨɜ). Ɏɚɣɥ ɨɬɜɟɬɨɜ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɬɟɤɫɬɨɜɵɣ ASCII-ɮɚɣɥ, ɤɨɬɨɪɵɣ ɫɨɞɟɪɠɢɬ ɜɫɸ ɢɧɮɨɪɦɚɰɢɸ, ɧɟɨɛɯɨɞɢɦɭɸ ɞɥɹ ɡɚɩɨɥɧɟɧɢɹ ɫɬɪɚɧɢɰ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. Ⱦɥɹ ɫɨɡɞɚɧɢɹ ɧɨɜɨɝɨ ɞɨɦɟɧɚ ɜ ɧɨɜɨɦ ɞɟɪɟɜɟ ɧɨɜɨɝɨ ɥɟɫɚ ɬɚɤ, ɱɬɨɛɵ ɫɥɭɠɛɚ DNS ɫɟɪɜɟɪɚ ɛɵɥɚ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ ɚɜɬɨɦɚɬɢɱɟɫɤɢ, ɫɨɞɟɪɠɚɧɢɟ ɮɚɣɥɚ ɨɬɜɟɬɨɜ ɜɵɝɥɹɞɢɬ ɫɥɟɞɭɸɳɢɦ ɨɛɪɚɡɨɦ: [Deinstall] UserName=admin_ username Password=admin_password UserDomain=acmin_domain DatabasePath= LogPath= SYSVOLPath= SafeModeAdminPassword=password ReplicaOrNewDomain=Domain NewDomain=Forest NewDomainDNSName=DNSdomainname DNSOnNetwork DomainNetbiosName=NetBIOSdomainname AutoConfigDNS=yes AllowAnonymousAccess=yes CriticalReplicationOnly=yes SiteName= RebootOnSuccess=yes
Ⱦɥɹ ɤɥɸɱɟɣ, ɧɟ ɢɦɟɸɳɢɯ ɡɧɚɱɟɧɢɣ, ɢɥɢ ɞɥɹ ɨɬɫɭɬɫɬɜɭɸɳɢɯ ɤɥɸɱɟɣ ɛɭɞɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɡɧɚɱɟɧɢɹ, ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ. Ʉɥɸɱɢ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɮɚɣɥɚ ɨɬɜɟɬɨɜ, ɢɡɦɟɧɹɸɬɫɹ ɜ ɡɚɜɢɫɢɦɨɫɬɢ ɨɬ ɬɢɩɚ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɛɭɞɟɬ ɫɨɡɞɚɧ (ɧɨɜɵɣ ɢɥɢ ɭɠɟ ɫɭɳɟɫɬɜɭɸɳɢɣ ɥɟɫ, ɧɨɜɨɟ ɢɥɢ ɭɠɟ ɫɭɳɟɫɬɜɭɸɳɟɟ ɞɟɪɟɜɨ). Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨɬɧɨɫɢɬɟɥɶɧɨ ɤɥɸɱɟɣ ɢ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɯ ɡɧɚɱɟɧɢɣ ɫɦɨɬɪɢɬɟ< ɞɨɤɭɦɟɧɬ http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b223757. Ʉɥɸɱ ReplicationSourcePath — ɷɬɨ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɤɥɸɱ, ɤɨɬɨɪɵɣ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɫɨɡɞɚɧɢɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɫ ɩɨɦɨɳɶɸ ɢɧɮɨɪɦɚɰɢɢ, ɜɨɫɫɬɚɧɨɜɥɟɧɧɨɣ ɢɡ ɪɟɡɟɪɜɧɵɯ ɫɪɟɞɫɬɜ. ɑɬɨɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɟɝɨ, ɭɤɚɠɢɬɟ ɦɟɫɬɨɩɨɥɨɠɟɧɢɟ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɪɟɡɟɪɜɧɵɯ ɮɚɣɥɨɜ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɡɚɩɨɥɧɟɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ ɜ ɩɟɪɜɵɣ ɪɚɡ. (ɗɬɨ ɬɨɬ ɠɟ ɫɚɦɵɣ ɩɭɬɶ, ɤɨɬɨɪɵɣ ɜɵɛɢɪɚɟɬɫɹ ɩɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory.) ɋɦɨɬɪɢɬɟ ɫɥɟɞɭɸɳɢɣ ɪɚɡɞɟɥ «ɍɫɬɚɧɨɜɤɚ Active Directory ɢɡ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɪɟɡɟɪɜɧɵɯ ɮɚɣɥɨɜ» ɞɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ. . Active Directory, Deploy.cab Support\Tools Windows Server 2003, Explore ( ) . Ref.chm, Extract ( ), Ref.chm . Deploy.cab Setupmgr.exe, Setup Manager ( ), GUI, Unattend.txt, Windows Server 2003 ( [Deinstall]). «Microsoft Windows Corporate Deployment Tools User's Guide» ( Microsoft Windows), , [Unattended] [Deinstall] Unattend.txt.
Active Directory ȼ Windows Server 2003 ɢɦɟɟɬɫɹ ɜɨɡɦɨɠɧɨɫɬɶ ɭɫɬɚɧɨɜɢɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɢɫɩɨɥɶɡɭɹ ɦɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory, 'ɩɪɢɱɟɦ ɧɚɱɚɥɶɧɨɟ ɡɚɩɨɥɧɟɧɢɟ ɬɪɟɯ ɪɚɡɞɟɥɨɜ ɤɚɬɚɥɨɝɚ ɜɵɩɨɥɧɹɟɬɫɹ ɩɭɬɟɦ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɩɪɟɞɜɚɪɢɬɟɥɶɧɨ ɫɨɡɞɚɧɧɨɝɨ ɪɟɡɟɪɜɧɨɝɨ ɧɚɛɨɪɚ ɞɚɧɧɵɯ ɜɦɟɫɬɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɧɨɪɦɚɥɶɧɨɝɨ ɩɪɨɰɟɫɫɚ ɪɟɩɥɢɤɚɰɢɢ ɩɨ ɫɟɬɢ. ȼɵɝɨɞɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɧɨɜɵɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɛɭɞɭɬ ɫɢɧɯɪɨɧɢɡɢɪɨɜɚɧɵ ɡɧɚɱɢɬɟɥɶɧɨ ɛɵɫɬɪɟɟ. ȼ ɩɪɨɬɢɜɧɨɦ ɫɥɭɱɚɟ ɫɨɡɞɚɧɢɟ ɪɚɡɞɟɥɨɜ ɞɨɦɟɧɚ ɫ ɩɨɦɨɳɶɸ ɧɨɪɦɚɥɶɧɨɝɨ ɩɪɨɰɟɫɫɚ ɪɟɩɥɢɤɚɰɢɢ ɦɨɠɟɬ ɡɚɧɢɦɚɬɶ ɱɚɫɵ ɢɥɢ ɞɧɢ. ɗɬɨɬ ɦɟɬɨɞ, ɫɤɨɪɟɟ ɜɫɟɝɨ, ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɜ ɫɪɟɞɟ ɫ ɧɢɡɤɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɶɸ ɫɟɬɢ ɢɥɢ ɫ ɛɨɥɶɲɢɦɢ ɪɚɡɞɟɥɚɦɢ ɤɚɬɚɥɨɝɚ. ɉɪɨɰɟɫɫ ɭɫɬɚɧɨɜɤɢ ɢɡ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɧɟ ɩɪɟɞɧɚɡɧɚɱɟɧ ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɭɳɟɫɬɜɭɸɳɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɫɥɭɱɚɟ ɢɯ ɨɬɤɚɡɨɜ. Ⱦɥɹ ɜɵɩɨɥɧɟɧɢɹ ɷɬɨɣ ɡɚɞɚɱɢ ɢɫɩɨɥɶɡɭɟɬɫɹ ɦɟɬɨɞ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɨɫɬɨɹɧɢɹ ɫɢɫɬɟɦɵ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɛɭɞɟɬ ɫɢɧɯɪɨɧɢɡɢɪɨɜɚɧ ɫ ɩɨɦɨɳɶɸ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɪɟɡɟɪɜɧɵɯ ɞɚɧɧɵɯ, ɩɪɨɢɡɨɣɞɟɬ ɪɟɩɥɢɤɚɰɢɹ, ɨɛɧɨɜɥɹɸɳɚɹ ɧɨɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜɫɟɦɢ ɢɡɦɟɧɟɧɢɹɦɢ, ɤɨɬɨɪɵɟ ɩɪɨɢɡɨɲɥɢ ɫ ɦɨɦɟɧɬɚ ɫɨɡɞɚɧɢɹ ɪɟɡɟɪɜɧɨɝɨ ɧɚɛɨɪɚ ɞɚɧɧɵɯ. ɑɬɨɛɵ ɭɦɟɧɶɲɢɬɶ ɜɪɟɦɹ ɪɟɩɥɢɤɚɰɢɢ, ɜɫɟɝɞɚ ɢɫɩɨɥɶɡɭɣɬɟ ɧɟɞɚɜɧɸɸ ɤɨɩɢɸ ɪɟɡɟɪɜɧɵɯ ɞɚɧɧɵɯ Active Directory. Ɋɟɡɟɪɜɧɵɣ ɧɚɛɨɪ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɫɬɚɪɲɟ, ɱɟɦ ɜɪɟɦɹ ɠɢɡɧɢ ɨɛɴɟɤɬɨɜ-ɩɚɦɹɬɧɢɤɨɜ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɢɦɟɟɬ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɡɧɚɱɟɧɢɟ 60 ɞɧɟɣ. Ɋɟɡɟɪɜɧɚɹ ɤɨɩɢɹ ɫɨɫɬɨɹɧɢɹ ɫɢɫɬɟɦɵ ɞɨɥɠɧɚ ɛɵɬɶ ɜɡɹɬɚ ɫ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ Windows Server 2003 ɜ ɩɪɟɞɟɥɚɯ ɬɨɝɨ ɠɟ ɫɚɦɨɝɨ ɞɨɦɟɧɚ, ɜ ɤɨɬɨɪɨɦ ɫɨɡɞɚɟɬɫɹ ɧɨɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ; ɪɟɡɟɪɜɧɵɟ ɤɨɩɢɢ ɫ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ Windows 2000 ɧɟɫɨɜɦɟɫɬɢɦɵ. ɉɨɫɥɟɞɧɟɟ ɨɝɪɚɧɢɱɟɧɢɟ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɪɟɡɟɪɜɧɵɣ ɮɚɣɥ ɞɨɥɠɟɧ ɛɵɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧ ɧɚ ɥɨɤɚɥɶɧɵɣ ɞɢɫɤ, ɢ ɨɛɪɚɳɚɬɶɫɹ ɤ ɧɟɦɭ ɧɭɠɧɨ ɤɚɤ ɤ ɞɢɫɤɭ, ɨɛɨɡɧɚɱɟɧɧɨɦɭ ɛɭɤɜɨɣ ɥɨɝɢɱɟɫɤɨɝɨ ɢɦɟɧɢ (ɩɭɬɢ UNC ɢ ɨɬɨɛɪɚɠɚɟɦɵɟ ɞɢɫɤɢ (mapped drives) ɧɟɞɨɩɭɫɬɢɦɵ ɜ ɤɚɱɟɫɬɜɟ ɱɚɫɬɢ ɩɚɪɚɦɟɬɪɚ /adv). Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɫɨɡɞɚɧɢɢ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɪɚɡɞɟɥɨɜ Active Directory ɫɦ. ɝɥ. 15. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢɡ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɪɟɡɟɪɜɧɵɯ ɮɚɣɥɨɜ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. ɋɨɡɞɚɣɬɟ ɢ ɩɪɨɜɟɪɶɬɟ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ System State (ɋɨɫɬɨɹɧɢɟ ɫɢɫɬɟɦɵ) ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. ȼɨɫɫɬɚɧɨɜɢɬɟ ɷɬɭ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ ɧɚ ɥɨɤɚɥɶɧɵɣ ɞɢɫɤ ɢɥɢ ɜ ɞɪɭɝɨɟ ɦɟɫɬɨ ɜ ɫɟɬɢ, ɝɞɟ ɤ ɧɟɣ ɦɨɠɧɨ ɨɛɪɚɳɚɬɶɫɹ (ɱɟɪɟɡ ɛɭɤɜɭ — ɢɦɹ ɞɢɫɤɚ) ɫ ɫɟɪɜɟɪɚ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ Windows Server 2003 ɢ ɤɨɬɨɪɵɣ ɞɨɥɠɟɧ ɛɵɬɶ ɧɚɡɧɚɱɟɧ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. 2. ɇɚ ɫɟɪɜɟɪɟ ɡɚɩɭɫɬɢɬɟ ɦɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɢɡ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ ɢɥɢ ɞɢɚɥɨɝɨɜɨɝɨ ɨɤɧɚ Run, ɢɫɩɨɥɶɡɭɹ ɩɚɪɚɦɟɬɪ /adv — ɧɚɩɟɱɚɬɚɣɬɟ dcpromo / adv. 3. ȼ ɨɤɧɟ Domain Controller Type (Ɍɢɩ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ) ɜɵɛɟɪɢɬɟ Additional Domain Controller For An Existing Domain (Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɞɥɹ ɫɭɳɟɫɬɜɭɸɳɟɝɨ ɞɨɦɟɧɚ). 4. ȼ ɨɤɧɟ Copying Domain Files (Ʉɨɩɢɪɨɜɚɧɢɟ ɮɚɣɥɨɜ ɞɨɦɟɧɚ) ɜɵɛɟɪɢɬɟ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɪɟɡɟɪɜɧɵɯ ɮɚɣɥɨɜ. 5. ȼ ɨɤɧɟ Copy Domain Information (Ʉɨɩɢɪɨɜɚɧɢɟ ɢɧɮɨɪɦɚɰɢɢ ɞɨɦɟɧɚ) ɜɵɛɟɪɢɬɟ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɪɟɡɟɪɜɧɵɯ ɮɚɣɥɨɜ ɞɥɹ ɷɬɨɝɨ ɞɨɦɟɧɚ. 6. Ɂɚɩɨɥɧɢɬɟ ɨɫɬɚɥɶɧɵɟ ɩɭɧɤɬɵ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɬɚɤ, ɤɚɤ ɨɩɢɫɚɧɨ ɜ ɩɪɟɞɵɞɭɳɢɯ ɪɚɡɞɟɥɚɯ. ɋɨɡɞɚɧɢɟ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɢɡ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɪɟɡɟɪɜɧɵɯ ɮɚɣɥɨɜ ɬɪɟɛɭɟɬ ɧɚɥɢɱɢɹ ɫɟɬɟɜɨɣ ɫɜɹɡɢ ɢ ɞɨɫɬɭɩɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɬɨɦ ɠɟ ɫɚɦɨɦ ɞɨɦɟɧɟ. ɋɨɞɟɪɠɚɧɢɟ ɨɛɳɟɞɨɫɬɭɩɧɨɝɨ ɪɟɫɭɪɫɚ Sysvol, ɧɚɩɪɢɦɟɪ, ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɧɨɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜɧɟ ɷɬɨɝɨ ɩɪɨɰɟɫɫɚ. Ɋɟɩɥɢɤɚɰɢɹ ɛɭɞɟɬ ɜɵɩɨɥɧɹɬɶɫɹ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɨɦ, ɫɨɞɟɪɠɚɳɢɦ ɫɜɟɠɢɟ ɞɚɧɧɵɟ, ɢ ɧɟɞɚɜɧɨ ɫɨɡɞɚɧɧɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɞɥɹ ɜɫɟɯ ɨɛɴɟɤɬɨɜ, ɫɨɡɞɚɧɧɵɯ ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɛɵɥ ɫɨɡɞɚɧ ɪɟɡɟɪɜɧɵɣ ɧɚɛɨɪ ɞɚɧɧɵɯ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. Ⱦɥɹ ɨɪɝɚɧɢɡɚɰɢɣ ɫɨ ɦɧɨɠɟɫɬɜɨɦ ɦɚɥɟɧɶɤɢɯ ɨɬɞɚɥɟɧɧɵɯ ɫɚɣɬɨɜ, ɫɜɹɡɚɧɧɵɯ ɦɟɞɥɟɧɧɵɦɢ ɫɜɹɡɹɦɢ ɫ ɰɟɧɬɪɚɥɶɧɵɦ ɫɚɣɬɨɦ ɢɥɢ ɰɟɧɬɪɨɦ ɞɚɧɧɵɯ, ɪɚɡɜɟɪɬɵɜɚɸɳɢɯ Active Directory, ɫɦɨɬɪɢɬɟ ɞɨɤɭɦɟɧɬ «Active Directory Branch Office Guide» (Ɋɭɤɨɜɨɞɫɬɜɨ ɩɨ ɫɨɡɞɚɧɢɸ Active Directory ɞɥɹ ɮɢɥɢɚɥɨɜ) ɩɨ ɚɞɪɟɫɭ http://www.microsoft.com/windows2000/ techinf /planning/activedirectory/branchoffice/default.asp. ɗɬɨɬ ɞɨɤɭɦɟɧɬ ɜɤɥɸɱɚɟɬ ɪɭɤɨɜɨɞɫɬɜɚ ɩɨ ɩɥɚɧɢɪɨɜɚɧɢɸ ɢ ɪɚɡɜɟɪɬɵɜɚɧɢɸ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɟ ɩɨɦɨɱɶ ɜɚɦ ɜ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ ɫɬɪɚɬɟɝɢɢ ɪɚɡɜɟɪɬɵɜɚɧɢɹ Active Directory ɜ ɫɰɟɧɚɪɢɢ ɫ ɧɟɫɤɨɥɶɤɢɦɢ
ɮɢɥɢɚɥɚɦɢ. ȼ ɪɭɤɨɜɨɞɫɬɜɚɯ ɫɨɞɟɪɠɚɬɫɹ ɬɚɤɠɟ ɩɨɲɚɝɨɜɵɟ ɢɧɫɬɪɭɤɰɢɢ ɪɟɚɥɢɡɚɰɢɢ ɷɬɨɣ ɫɬɪɚɬɟɝɢɢ.
Active Directory
ɋɥɭɠɛɚ Active Directory ɭɞɚɥɹɟɬɫɹ ɢɡ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɫ ɩɨɦɨɳɶɸ ɬɨɣ ɠɟ ɫɚɦɨɣ ɤɨɦɚɧɞɵ, ɤɨɬɨɪɚɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɟɟ ɭɫɬɚɧɨɜɤɢ -Dcpromo.exe. Ʉɨɝɞɚ ɜɵ ɜɵɩɨɥɧɹɟɬɟ ɷɬɭ ɤɨɦɚɧɞɭ ɧɚ ɤɨɦɩɶɸɬɟɪɟ, ɹɜɥɹɸɳɟɦɫɹ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɦɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɭɜɟɞɨɦɢɬ ɜɚɫ, ɱɬɨ ɟɫɥɢ ɜɵ ɜɵɛɟɪɟɬɟ ɩɪɨɞɨɥɠɟɧɢɟ ɷɬɨɣ ɩɪɨɰɟɞɭɪɵ, ɬɨ Active Directory ɛɭɞɟɬ ɞɟɢɧɫɬɚɥɥɢɪɨɜɚɧɚ. ɉɨɫɥɟɞɨɜɚɬɟɥɶɧɨɫɬɶ ɞɟɣɫɬɜɢɣ ɡɚɜɢɫɢɬ ɨɬ ɬɨɝɨ, ɹɜɥɹɟɬɫɹ ɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɫ ɤɨɬɨɪɨɝɨ ɜɵ ɭɞɚɥɹɟɬɟ Active Directory, ɩɨɫɥɟɞɧɢɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ ɢɥɢ ɧɟɬ. ȼ ɷɬɨɦ ɪɚɡɞɟɥɟ ɨɛɫɭɠɞɚɸɬɫɹ ɩɨɫɥɟɞɫɬɜɢɹ ɭɞɚɥɟɧɢɹ Active Directory. ɑɬɨ ɩɪɨɢɫɯɨɞɢɬ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɤɨɝɞɚ ɜɵ ɭɞɚɥɹɟɬɟ Active Directory? ɍɞɚɥɹɟɬɫɹ ɛɚɡɚ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ, ɜɫɟ ɭɫɥɭɝɢ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ Active Directory, ɨɫɬɚɧɚɜɥɢɜɚɸɬɫɹ ɢ ɭɞɚɥɹɸɬɫɹ, ɫɨɡɞɚɟɬɫɹ ɥɨɤɚɥɶɧɚɹ ɛɚɡɚ ɞɚɧɧɵɯ SAM, ɢ ɤɨɦɩɶɸɬɟɪ ɩɨɧɢɠɚɟɬɫɹ ɞɨ ɪɨɥɢ ɚɜɬɨɧɨɦɧɨɝɨ ɫɟɪɜɟɪɚ ɢɥɢ ɫɟɪɜɟɪɚ ɱɥɟɧɚ ɝɪɭɩɩɵ. Ɋɟɡɭɥɶɬɚɬ ɛɭɞɟɬ ɡɚɜɢɫɟɬɶ ɨɬ ɬɨɝɨ, ɹɜɥɹɟɬɫɹ ɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɞɨɩɨɥɧɢɬɟɥɶɧɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɢɥɢ ɩɨɫɥɟɞɧɢɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ ɢɥɢ ɥɟɫɭ. ɑɬɨɛɵ ɭɞɚɥɢɬɶ Active Directory ɢɡ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɧɚɩɟɱɚɬɚɣɬɟ dcpromo ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɢɥɢ ɜ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Run. ȼɧɚɱɚɥɟ ɧɭɠɧɨ ɨɩɪɟɞɟɥɢɬɶ, ɹɜɥɹɟɬɫɹ ɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɞɨɩɨɥɧɢɬɟɥɶɧɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɢɥɢ ɩɨɫɥɟɞɧɢɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. ɇɚ ɪɢɫɭɧɤɟ 6-16 ɩɨɤɚɡɚɧɨ ɨɤɧɨ ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɝɨ ɦɚɫɬɟɪɚ.
. 6-16.
Ɂɚɬɟɦ ɦɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɨɬɨɛɪɚɡɢɬ ɫɩɢɫɨɤ ɜɫɟɯ ɪɚɡɞɟɥɨɜ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ, ɧɚɣɞɟɧɧɵɯ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. ȿɫɥɢ ɷɬɨɬ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ - ɩɨɫɥɟɞɧɢɣ ɜ ɞɨɦɟɧɟ, ɬɨ ɨɧ ɹɜɥɹɟɬɫɹ ɩɨɫɥɟɞɧɢɦ ɢɫɬɨɱɧɢɤɨɦ ɷɬɢɯ ɞɚɧɧɵɯ ɩɪɢɥɨɠɟɧɢɣ. ȼɨɡɦɨɠɧɨ, ɱɬɨ ɜɵ ɡɚɯɨɬɢɬɟ ɡɚɳɢɬɢɬɶ ɷɬɢ ɞɚɧɧɵɟ, ɩɪɟɠɞɟ ɱɟɦ ɩɪɨɞɨɥɠɚɬɶ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɦɚɫɬɟɪɚ, ɤɨɬɨɪɵɣ ɭɞɚɥɢɬ ɷɬɢ ɪɚɡɞɟɥɵ. ȿɫɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɢɡ ɤɨɬɨɪɨɝɨ ɜɵ ɭɞɚɥɹɟɬɟ Active Directory, ɹɜɥɹɟɬɫɹ ɬɚɤɠɟ ɫɟɪɜɟɪɨɦ DNS, ɬɨ ɬɚɦ ɛɭɞɭɬ ɧɚɯɨɞɢɬɶɫɹ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɞɜɚ ɪɚɡɞɟɥɚ ɩɪɢɥɨɠɟɧɢɣ ɤɚɬɚɥɨɝɚ, ɜ ɤɨɬɨɪɵɯ ɯɪɚɧɹɬɫɹ ɡɨɧɧɵɟ ɞɚɧɧɵɟ. ɇɚ ɪɢɫɭɧɤɟ 6-17 ɫɦɨɬɪɢɬɟ ɩɪɢɦɟɪ ɪɚɡɞɟɥɨɜ ɩɪɢɥɨɠɟɧɢɣ DNS ɤɚɬɚɥɨɝɚ, ɧɚɣɞɟɧɧɵɯ ɩɪɢ ɞɟɢɧɫɬɚɥɥɹɰɢɢ Active Directory. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɩɨɞɬɜɟɪɞɢɬɟ ɭɞɚɥɟɧɢɟ ɩɪɢɤɥɚɞɧɨɝɨ ɪɚɡɞɟɥɚ ɤɚɬɚɥɨɝɚ, ɜɚɫ ɩɨɩɪɨɫɹɬ ɜɜɟɫɬɢ ɧɨɜɵɣ ɩɚɪɨɥɶ ɞɥɹ ɥɨɤɚɥɶɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚ. Ɂɚɬɟɦ ɩɨɹɜɢɬɫɹ ɨɤɧɨ Summary (Ɋɟɡɸɦɟ), ɢ ɭɞɚɥɟɧɢɟ Active Directory ɡɚɜɟɪɲɢɬɫɹ. Ⱦɥɹ ɨɤɨɧɱɚɧɢɹ ɷɬɨɝɨ ɩɪɨɰɟɫɫɚ ɜɵ ɞɨɥɠɧɵ ɩɟɪɟɡɚɩɭɫɬɢɬɶ ɤɨɦɩɶɸɬɟɪ. ɉɨɫɥɟ ɩɟɪɟɡɚɩɭɫɤɚ ɤɨɦɩɶɸɬɟɪɚ ɨɧ ɛɭɞɟɬ ɢɝɪɚɬɶ ɪɨɥɶ ɫɟɪɜɟɪɚ-ɱɥɟɧɚ ɞɨɦɟɧɚ ɢɥɢ ɚɜɬɨɧɨɦɧɨɝɨ ɫɟɪɜɟɪɚ.
. 6-17.
DNS
ɍɞɚɥɟɧɢɟ Active Directory ɢɡ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ -ɧɟ ɬɚɤɨɟ ɡɚɩɭɬɚɧɧɨɟ ɞɟɥɨ, ɤɚɤ ɭɞɚɥɟɧɢɟ Active Directory ɫ ɩɨɫɥɟɞɧɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ ɢɥɢ ɥɟɫɭ. ȼ ɫɥɭɱɚɟ ɭɞɚɥɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɨɫɬɚɸɬɫɹ ɪɟɩɥɢɤɢ ɪɚɡɞɟɥɨɜ ɤɚɬɚɥɨɝɚ, ɯɪɚɧɹɳɢɟɫɹ ɧɚ ɞɪɭɝɢɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ, ɬɚɤ ɱɬɨ ɮɚɤɬɢɱɟɫɤɢ ɞɚɧɧɵɟ ɧɟ ɛɭɞɭɬ ɩɨɬɟɪɹɧɵ. Ɇɧɨɠɟɫɬɜɨ ɢɧɬɟɪɟɫɧɵɯ ɢɡɦɟɧɟɧɢɣ ɩɪɨɢɫɯɨɞɢɬ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɩɪɢ ɞɟɢɧɫɬɚɥɥɹɰɢɢ Active Directory. • ȼɫɟ ɪɨɥɢ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɩɟɪɟɞɚɸɬɫɹ ɞɪɭɝɢɦ ɤɨɧɬɪɨɥɥɟɪɚɦ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. • ɉɚɩɤɚ Sysvol ɢ ɜɫɟ ɟɟ ɫɨɞɟɪɠɢɦɨɟ ɭɞɚɥɹɟɬɫɹ ɢɡ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. • Ɉɛɴɟɤɬ NTDS Settings (ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ NTDS) ɢ ɩɟɪɟɤɪɟɫɬɧɵɟ ɫɫɵɥɤɢ ɭɞɚɥɹɸɬɫɹ. • ɋɥɭɠɛɚ DNS ɨɛɧɨɜɥɹɟɬɫɹ ɞɥɹ ɭɞɚɥɟɧɢɹ SRV ɡɚɩɢɫɟɣ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. • ɋɨɡɞɚɟɬɫɹ ɥɨɤɚɥɶɧɚɹ ɛɚɡɚ ɞɚɧɧɵɯ SAM ɞɥɹ ɨɛɪɚɛɨɬɤɢ ɥɨɤɚɥɶɧɨɣ ɩɨɥɢɬɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ. • ȼɫɟ ɫɥɭɠɛɵ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɡɚɩɭɳɟɧɵ ɩɪɢ ɭɫɬɚɧɨɜɤɟ Active Directory (ɧɚɩɪɢɦɟɪ, Net Logon - ɋɟɬɟɜɨɣ ɜɯɨɞ ɜ ɫɢɫɬɟɦɭ), ɨɫɬɚɧɚɜɥɢɜɚɸɬɫɹ. Ɍɢɩ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɤɨɦɩɶɸɬɟɪɚ ɢɡɦɟɧɹɟɬɫɹ ɫ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɧɚ ɫɟɪɜɟɪ-ɱɥɟɧ ɞɨɦɟɧɚ, ɢ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɤɨɦɩɶɸɬɟɪɚ ɩɟɪɟɦɟɳɚɟɬɫɹ ɢɡ ɤɨɧɬɟɣɧɟɪɚ Domain Controllers (Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ) ɜ ɤɨɧɬɟɣɧɟɪ Computers (Ʉɨɦɩɶɸɬɟɪɵ). ɑɬɨɛɵ ɭɞɚɥɢɬɶ Active Directory ɢɡ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɜɵ ɞɨɥɠɧɵ ɜɨɣɬɢ ɜ ɫɢɫɬɟɦɭ ɤɚɤ ɱɥɟɧ ɝɪɭɩɩɵ Domain Admins ɢɥɢ Enterprise Admins. . Active Directory , GC. GC , , .
ɉɪɢ ɭɞɚɥɟɧɢɢ ɩɨɫɥɟɞɧɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ ɩɪɨɢɫɯɨɞɹɬ ɧɟɤɨɬɨɪɵɟ ɫɩɟɰɢɮɢɱɟɫɤɢɟ ɫɨɛɵɬɢɹ. ɉɪɢ ɭɞɚɥɟɧɢɢ ɩɨɫɥɟɞɧɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɭɞɚɥɹɟɬɫɹ ɫɚɦ ɞɨɦɟɧ. Ⱥɧɚɥɨɝɢɱɧɨ, ɟɫɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɹɜɥɹɟɬɫɹ ɩɨɫɥɟɞɧɢɦ ɜ ɥɟɫɭ, ɬɨ ɥɟɫ ɬɚɤɠɟ ɭɞɚɥɹɟɬɫɹ. ɋɨɛɵɬɢɹ, ɫɜɹɡɚɧɧɵɟ ɫ ɭɞɚɥɟɧɢɟɦ ɩɨɫɥɟɞɧɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ, ɜɤɥɸɱɚɸɬ ɫɥɟɞɭɸɳɟɟ. • Ɇɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɩɪɨɜɟɪɹɟɬ, ɱɬɨ ɧɟ ɫɭɳɟɫɬɜɭɟɬ ɧɢɤɚɤɢɯ ɞɨɱɟɪɧɢɯ ɞɨɦɟɧɨɜ. ɍɞɚɥɟɧɢɟ Active Directory ɛɥɨɤɢɪɭɟɬɫɹ, ɟɫɥɢ ɨɛɧɚɪɭɠɟɧɵ ɞɨɱɟɪɧɢɟ ɞɨɦɟɧɵ. • ȿɫɥɢ ɞɨɦɟɧ, ɤɨɬɨɪɵɣ ɛɭɞɟɬ ɭɞɚɥɟɧ, ɹɜɥɹɟɬɫɹ ɞɨɱɟɪɧɢɦ ɞɨɦɟɧɨɦ, ɬɨ ɨɪɝɚɧɢɡɭɟɬɫɹ ɤɨɧɬɚɤɬ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜ ɪɨɞɢɬɟɥɶɫɤɨɦ ɞɨɦɟɧɟ, ɢ ɧɚ ɧɟɝɨ ɤɨɩɢɪɭɸɬɫɹ ɢɡɦɟɧɟɧɢɹ. • ȼɫɟ ɨɛɴɟɤɬɵ, ɫɜɹɡɚɧɧɵɟ ɫ ɷɬɢɦ ɞɨɦɟɧɨɦ, ɭɞɚɥɹɸɬɫɹ ɢɡ ɥɟɫɚ. • ȼɫɟ ɨɛɴɟɤɬɵ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɧɚ ɪɨɞɢɬɟɥɶɫɤɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɭɞɚɥɹɸɬɫɹ. • ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ Active Directory ɭɞɚɥɟɧɚ, ɬɢɩ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɚ ɢɡɦɟɧɹɟɬɫɹ ɫ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɧɚ ɚɜɬɨɧɨɦɧɵɣ ɫɟɪɜɟɪ. ɋɟɪɜɟɪ ɩɨɦɟɳɚɟɬɫɹ ɜ ɪɚɛɨɱɭɸ ɝɪɭɩɩɭ ɩɨ ɢɦɟɧɢ Workgroup (Ɋɚɛɨɱɚɹ ɝɪɭɩɩɚ). Ⱥɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɪɚɡɪɟɲɟɧɢɹ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɭɞɚɥɟɧɢɹ ɩɨɫɥɟɞɧɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ
ɞɨɱɟɪɧɟɦ ɞɨɦɟɧɟ ɢɥɢ ɜ ɤɨɪɧɟɜɨɦ ɞɨɦɟɧɟ ɞɟɪɟɜɚ ɩɪɟɞɩɨɥɚɝɚɸɬ, ɱɬɨ ɜɵ ɞɨɥɠɧɵ ɜɨɣɬɢ ɜ ɫɢɫɬɟɦɭ ɤɚɤ ɱɥɟɧ ɝɪɭɩɩɵ Enterprise Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɩɪɟɞɩɪɢɹɬɢɹ) ɢɥɢ ɩɪɟɞɴɹɜɢɬɶ ɫɟɪɬɢɮɢɤɚɬɵ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚ ɩɪɟɞɩɪɢɹɬɢɹ ɜ ɩɪɨɰɟɫɫɟ ɜɵɩɨɥɧɟɧɢɹ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. ȿɫɥɢ ɜɵ ɭɞɚɥɹɟɬɟ Active Directory ɢɡ ɩɨɫɥɟɞɧɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɥɟɫɭ, ɜɵ ɞɨɥɠɧɵ ɜɨɣɬɢ ɜ ɫɢɫɬɟɦɭ ɢɥɢ ɤɚɤ Administrator (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪ), ɢɥɢ ɤɚɤ ɱɥɟɧ ɝɪɭɩɩɵ Domain Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ).
Active Directory
ɍɞɚɥɟɧɢɟ Active Directory ɦɨɠɟɬ ɩɪɨɢɫɯɨɞɢɬɶ ɜ ɚɜɬɨɦɚɬɢɱɟɫɤɨɦ ɪɟɠɢɦɟ, ɩɨɞɨɛɧɨ ɚɜɬɨɦɚɬɢɱɟɫɤɨɣ ɢɧɫɬɚɥɥɹɰɢɢ. Ⱦɥɹ ɷɬɨɝɨ ɢɫɩɨɥɶɡɭɟɬɫɹ ɤɨɦɚɧɞɧɚɹ ɫɬɪɨɤɚ. ȿɞɢɧɫɬɜɟɧɧɨɟ ɪɚɡɥɢɱɢɟ — ɫɨɞɟɪɠɚɧɢɟ ɮɚɣɥɚ ɨɬɜɟɬɨɜ. ɑɬɨɛɵ ɜɵɩɨɥɧɢɬɶ ɚɜɬɨɦɚɬɢɱɟɫɤɨɟ ɭɞɚɥɟɧɢɟ Active Directory, ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɢɥɢ ɜ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Run, ɧɚɩɟɱɚɬɚɣɬɟ dcpromo/ answer:answer file (ɝɞɟ answerfile — ɢɦɹ ɮɚɣɥɚ ɨɬɜɟɬɨɜ, ɤɨɬɨɪɵɣ ɜɵ ɫɨɡɞɚɞɢɬɟ). Ɏɚɣɥ ɨɬɜɟɬɨɜ ɫɨɞɟɪɠɢɬ ɡɧɚɱɟɧɢɹ ɤɥɸɱɟɣ, ɤɨɬɨɪɵɟ ɪɚɫɫɦɚɬɪɢɜɚɥɢɫɶ ɜɵɲɟ. ȼɚɠɧɟɣɲɢɣ ɤɥɸɱ — IsLastDCInDomain —.ɦɨɠɟɬ ɢɦɟɬɶ ɡɧɚɱɟɧɢɟ Yes (Ⱦɚ) ɢɥɢ No (ɇɟɬ). ȿɫɥɢ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ ɡɧɚɱɟɧɢɟ ɷɬɨɝɨ ɤɥɸɱɚ ɧɚ Yes, ɬɨ ɬɟɦ ɫɚɦɵɦ ɭɤɚɡɵɜɚɟɬɟ, ɱɬɨ ɭɞɚɥɹɟɬɟ Active Directory ɢɡ ɩɨɫɥɟɞɧɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ ɢ ɫɚɦ ɞɨɦɟɧ ɬɨɠɟ ɛɭɞɟɬ ɭɞɚɥɟɧ. Ɍɢɩɨɜɨɣ ɮɚɣɥ ɨɬɜɟɬɨɜ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɣ ɞɥɹ ɭɞɚɥɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɩɨɤɚɡɚɧ ɧɢɠɟ: [Deinstall] RebootOnSuccess=Yes lsLastDCInDomain=No AdministratorPassword=passivord Passwo rd =password UserName=Administrator
ȼ ɷɬɨɣ ɝɥɚɜɟ ɨɛɫɭɠɞɚɥɢɫɶ ɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɟ ɜɵ ɞɨɥɠɧɵ ɩɪɢɧɹɬɶ ɜ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory Windows Server 2003. ȼ ɬɨ ɜɪɟɦɹ ɤɚɤ ɦɟɯɚɧɢɡɦ ɭɫɬɚɧɨɜɤɢ Active Directory ɞɨɫɬɚɬɨɱɧɨ ɩɪɨɫɬ, ɪɟɲɟɧɢɹ ɞɨɥɠɧɵ ɛɵɬɶ ɬɳɚɬɟɥɶɧɨ ɫɩɥɚɧɢɪɨɜɚɧɵ ɢ ɫɨɝɥɚɫɨɜɚɧɵ ɫ ɩɪɨɟɤɬɨɦ Active Directory. ɍɞɚɥɟɧɢɟ Active Directory — ɬɨɠɟ ɩɪɨɫɬɚɹ ɩɪɨɰɟɞɭɪɚ, ɧɨ ɧɟɨɛɯɨɞɢɦɨ ɪɚɫɫɦɨɬɪɟɬɶ ɜɨɡɞɟɣɫɬɜɢɟ ɭɞɚɥɟɧɢɹ ɞɚɧɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɧɚ ɨɫɬɚɥɶɧɭɸ ɱɚɫɬɶ ɜɚɲɟɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ȼ ɝɥɚɜɟ ɛɵɥ ɬɚɤɠɟ ɪɚɫɫɦɨɬɪɟɧ ɧɨɜɵɣ ɫɩɨɫɨɛ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory — ɭɫɬɚɧɨɜɤɚ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɢɥɢ ɫɨɞɟɪɠɚɳɟɝɨ ɪɟɩɥɢɤɭ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɢɡ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɪɟɡɟɪɜɧɵɯ ɮɚɣɥɨɜ. ɗɬɨɬ ɫɩɨɫɨɛ ɡɧɚɱɢɬɟɥɶɧɨ ɭɦɟɧɶɲɚɟɬ ɜɪɟɦɹ, ɧɟɨɛɯɨɞɢɦɨɟ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɡɚ ɫɱɟɬ ɭɦɟɧɶɲɟɧɢɹ ɜɪɟɦɟɧɢ ɧɚ ɫɢɧɯɪɨɧɢɡɚɰɢɸ ɪɚɡɞɟɥɨɜ ɤɚɬɚɥɨɝɚ.
7.
Active Directory
ȼ Ƚɥɚɜɟ 6 ɪɚɫɫɤɚɡɵɜɚɥɨɫɶ, ɤɚɤɢɟ ɤɥɸɱɟɜɵɟ ɪɟɲɟɧɢɹ ɜɵ ɞɨɥɠɧɵ ɛɵɥɢ ɩɪɢɧɹɬɶ ɩɪɢ ɭɫɬɚɧɨɜɤɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɫɟɪɜɟɪɧɨɝɨ ɤɥɚɫɫɚ. Ⱦɥɹ ɩɪɨɫɬɨɬɵ ɩɨɧɢɦɚɧɢɹ ɩɪɟɞɩɨɥɚɝɚɥɨɫɶ, ɱɬɨ ɜɚɲɚ ɫɪɟɞɚ ɩɪɟɞɫɬɚɜɥɹɥɚ «ɱɢɫɬɨɟ ɩɨɥɟ», ɬ.ɟ. ɜ ɧɟɣ ɪɚɧɟɟ ɧɟ ɫɭɳɟɫɬɜɨɜɚɥɨ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ȼ ɝɥɚɜɟ ɛ ɩɨɞɱɟɪɤɢɜɚɥɚɫɶ ɜɚɠɧɨɫɬɶ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ Active Directory ɢ ɩɪɨɫɬɪɚɧɫɬɜɚ ɢɦɟɧ DNS. ɇɚ ɫɚɦɨɦ ɞɟɥɟ «ɱɢɫɬɚɹ» ɫɪɟɞɚ ɛɭɞɟɬ ɜɫɬɪɟɱɚɬɶɫɹ ɧɟ ɨɱɟɧɶ ɱɚɫɬɨ. ɋɤɨɪɟɟ ɜɫɟɝɨ, ɨɪɝɚɧɢɡɚɰɢɹ, ɤɨɬɨɪɚɹ ɩɟɪɟɯɨɞɢɬ ɤ Active Directory Microsoft Windows Server 2003, ɭɠɟ ɢɦɟɟɬ ɧɟɤɨɬɨɪɵɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɩɨɤɚɡɚɧ ɩɟɪɟɯɨɞ ɤ Active Directory Windows Server 2003 ɨɬ ɫɭɳɟɫɬɜɭɸɳɟɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Microsoft, ɬɨɱɧɟɟ, ɩɟɪɟɯɨɞ ɨɬ ɭɩɪɚɜɥɟɧɢɹ ɛɟɡɨɩɚɫɧɵɦɢ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ (SAM) ɫɢɫɬɟɦɵ Microsoft Windows NT 4 ɢɥɢ ɨɬ Active Directory Microsoft Windows 2000. ɋɰɟɧɚɪɢɢ ɩɟɪɟɯɨɞɚ ɫ ɬɟɯɧɨɥɨɝɢɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɧɟ ɩɪɢɧɚɞɥɟɠɚɳɢɯ Microsoft, ɬɢɩɚ Novell Directory Services (NDS) ɢɥɢ NetWare 3 Bindery, ɢɥɢ ɪɟɚɥɢɡɚɰɢɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɧɚ ɩɥɚɬɮɨɪɦɟ UNIX, ɜ ɞɚɧɧɭɸ ɝɥɚɜɭ ɧɟ ɜɨɲɥɢ. Д ь я я. Microsoft , Windows Server . UNIX Linux Windows «Migrating to Windows from UNIX and Linux ( Windows UNIX Linux)» http:// www.microsoft.com/windows2000/migrate/unix/default.asp. Novell Netware «NetWare to Windows 2000 Server Migration Planning Guide ( NetWare Windows 2000 Server)» http:// www.microsoft.com/windows2000/techinfo/planning/ incremental/netmigrate.asp. Windows Server 2000, Windows, « Windows» http://www.microsoft.com/windows2000/migrate/. ȼ ɧɚɱɚɥɟ ɝɥɚɜɵ ɨɛɫɭɠɞɚɸɬɫɹ ɪɚɡɥɢɱɧɵɟ ɜɚɪɢɚɧɬɵ ɩɭɬɟɣ ɩɟɪɟɯɨɞɚ ɤ Active Directory Windows Server 2003. Ɂɚɬɟɦ ɭɬɨɱɧɹɸɬɫɹ ɤɥɸɱɟɜɵɟ ɦɨɦɟɧɬɵ ɤɚɠɞɨɝɨ ɫɩɨɫɨɛɚ ɢ ɩɪɨɰɟɞɭɪɵ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɷɬɨɝɨ. ɉɪɢɦɟɱɚɧɢɟ. Ɉɫɧɨɜɧɨɟ ɜɧɢɦɚɧɢɟ ɜ ɝɥɚɜɟ ɭɞɟɥɟɧɨ ɩɪɨɰɟɫɫɭ ɩɟɪɟɯɨɞɚ ɨɬ Windows NT 4. ɗɬɨɬ ɫɰɟɧɚɪɢɣ ɩɪɟɞɩɨɥɚɝɚɟɬ ɛɨɥɶɲɢɟ ɢɡɦɟɧɟɧɢɹ ɜ ɬɟɯɧɨɥɨɝɢɢ ɢ, ɤɚɤ ɫɥɟɞɫɬɜɢɟ, ɹɜɥɹɟɬɫɹ ɛɨɥɟɟ ɫɥɨɠɧɵɦ. ɉɨɫɤɨɥɶɤɭ Active Directory Windows Server 2003 ɧɟɫɭɳɟɫɬɜɟɧɧɨ ɨɬɥɢɱɚɟɬɫɹ ɨɬ Active Directory Windows 2000, ɬɨ ɜ ɷɬɨɦ ɫɥɭɱɚɟ ɩɟɪɟɯɨɞ ɧɟ ɨɱɟɧɶ ɫɥɨɠɟɧ. Ʉɥɸɱɟɜɵɟ ɦɨɦɟɧɬɵ ɫɰɟɧɚɪɢɟɜ ɩɟɪɟɯɨɞɚ ɫ Windows 2000 ɨɩɢɫɚɧɵ ɜ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɯ ɪɚɡɞɟɥɚɯ ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ. ɉɨɷɬɨɦɭ, ɟɫɥɢ ɧɟ ɭɤɚɡɚɧɨ ɞɪɭɝɨɝɨ, ɩɪɨɰɟɫɫɵ, ɨɩɢɫɚɧɧɵɟ ɜ ɝɥɚɜɟ, ɤɚɫɚɸɬɫɹ ɩɟɪɟɯɨɞɚ ɨɬ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Windows NT 4 ɤ Windows Server 2003. Ɉɛɪɚɬɢɬɟ ɜɧɢɦɚɧɢɟ, ɱɬɨ ɟɫɥɢ ɧɟɬ ɫɩɟɰɢɚɥɶɧɨɝɨ ɨɝɪɚɧɢɱɟɧɢɹ, ɬɨ ɫɫɵɥɤɢ ɧɚ Windows 2000 Server ɜɤɥɸɱɚɸɬ Windows 2000 Server, Windows 2000 Advanced Server ɢ Windows 2000 Datacenter Server.
ȿɫɥɢ ɨɛɧɨɜɥɟɧɢɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɩɪɟɞɫɬɚɜɢɬɶ ɤɚɤ ɩɟɪɟɯɨɞ ɢɡ ɩɭɧɤɬɚ Ⱥ ɜ ɩɭɧɤɬ Ȼ, ɬɨ ɩɭɧɤɬɨɦ Ⱥ ɹɜɥɹɟɬɫɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɚ ɜɚɲɟɣ ɬɟɤɭɳɟɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɚ ɩɭɧɤɬɨɦ Ȼ - ɠɟɥɚɟɦɚɹ ɫɬɪɭɤɬɭɪɚ Active Directory Windows Server 2003. ɉɟɪɜɨɟ ɪɟɲɟɧɢɟ, ɤɨɬɨɪɨɟ ɜɵ ɞɨɥɠɧɵ ɫɞɟɥɚɬɶ ɩɪɢ ɩɥɚɧɢɪɨɜɚɧɢɢ ɩɟɪɟɯɨɞɚ, - ɷɬɨ ɬɨ, ɤɚɤ ɞɨɛɪɚɬɶɫɹ ɜ ɩɭɧɤɬ Ȼ. Ⱦɥɹ ɷɬɨɝɨ ɫɭɳɟɫɬɜɭɟɬ ɧɟɫɤɨɥɶɤɨ ɫɩɨɫɨɛɨɜ, ɤɨɬɨɪɵɟ ɧɚɡɵɜɚɸɬɫɹ . ȼɚɲ ɩɭɬɶ ɩɟɪɟɯɨɞɚ ɛɭɞɟɬ ɝɥɚɜɧɵɦ ɡɜɟɧɨɦ ɜ ɨɛɳɟɣ ɫɬɪɚɬɟɝɢɢ ɨɛɧɨɜɥɟɧɢɹ. ɗɬɚ ɫɬɪɚɬɟɝɢɹ ɛɭɞɟɬ ɜɤɥɸɱɚɬɶ ɨɩɢɫɚɧɢɟ ɬɨɝɨ, ɤɚɤɢɟ ɨɛɴɟɤɬɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɢ ɜ ɤɚɤɨɦ ɩɨɪɹɞɤɟ ɜɵ ɛɭɞɟɬɟ ɩɟɪɟɦɟɳɚɬɶ. ɇɚɢɥɭɱɲɢɣ ɫɩɨɫɨɛ ɥɸɛɨɝɨ ɩɪɨɟɤɬɚ ɩɟɪɟɦɟɳɟɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɫɨɫɬɨɢɬ ɜ ɞɨɤɭɦɟɧɬɢɪɨɜɚɧɢɢ ɤɚɠɞɨɣ ɞɟɬɚɥɢ ɜ ɪɚɛɨɱɢɣ ɞɨɤɭɦɟɧɬ, ɧɚɡɵɜɚɟɦɵɣ . ɋɭɳɟɫɬɜɭɟɬ ɬɪɢ ɩɭɬɢ ɩɟɪɟɯɨɞɚ: • ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ; • ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ; • ɨɛɧɨɜɥɟɧɢɟ ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ. Ɉɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ ɞɨɫɬɢɝɚɟɬɫɹ ɦɨɞɟɪɧɢɡɚɰɢɟɣ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ ɞɨ Windows Server 2003 ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ. ȼ ɫɥɭɱɚɟ Windows NT 4 ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ ɨɛɧɨɜɥɹɟɬɫɹ ɨɬ ɛɚɡɵ
ɞɚɧɧɵɯ SAM ɤ Active Directory Windows Server 2003. Ⱦɪɭɝɢɦɢ ɫɥɨɜɚɦɢ, ɩɭɧɤɬ Ⱥ ɨɛɧɨɜɥɹɟɬɫɹ ɨɬ Windows NT 4 ɢɥɢ Windows 2000 ɤ Windows Server 2003 ɢ ɫɬɚɧɨɜɢɬɫɹ ɩɭɧɤɬɨɦ Ȼ. ɉɨɫɥɟ ɡɚɜɟɪɲɟɧɢɹ ɨɛɧɨɜɥɟɧɢɹ ɩɭɧɤɬ Ⱥ ɩɪɟɤɪɚɳɚɟɬ ɫɭɳɟɫɬɜɨɜɚɧɢɟ. Ɉɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ ɹɜɥɹɟɬɫɹ ɧɚɢɦɟɧɟɟ ɫɥɨɠɧɵɦ ɦɟɬɨɞɨɦ ɩɟɪɟɯɨɞɚ, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɫɱɢɬɚɬɶɫɹ ɡɚɞɚɧɧɵɦ ɩɨ ɭɦɨɥɱɚɧɢɸ. ȼɬɨɪɨɣ ɜɚɪɢɚɧɬ — ɷɬɨ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ. ȼ ɩɪɨɰɟɫɫɟ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɨɛɴɟɤɬɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɤɨɩɢɪɭɸɬɫɹ ɢɡ ɫɭɳɟɫɬɜɭɸɳɟɣ ɩɥɚɬɮɨɪɦɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ (ɩɭɧɤɬ Ⱥ) ɜ Active Directory Windows Server 2003 (ɩɭɧɤɬ Ȼ). ɗɬɨɬ ɩɪɨɰɟɫɫ ɧɚɡɵɜɚɟɬɫɹ ɬɚɤɠɟ . ɉɪɢ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ ɩɭɧɤɬ Ⱥ ɢ ɩɭɧɤɬ Ȼ ɫɨɫɭɳɟɫɬɜɭɸɬ. Ʉɨɝɞɚ ɜɫɟ ɨɛɴɟɤɬɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɩɟɪɟɧɟɫɟɧɵ ɢɡ Ⱥ ɜ Ȼ, ɚ ɜɫɟ ɤɥɢɟɧɬɵ ɢ ɤɨɦɩɶɸɬɟɪɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɬɚɤ, ɱɬɨɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɧɨɜɭɸ ɫɥɭɠɛɭ ɤɚɬɚɥɨɝɚ, ɩɭɧɤɬ Ⱥ ɦɨɠɧɨ ɩɪɨɫɬɨ ɜɵɤɥɸɱɢɬɶ. ȿɫɥɢ ɫɩɟɰɢɮɢɤɚ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ ɬɚɤɨɜɚ, ɱɬɨ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ ɹɜɥɹɟɬɫɹ ɩɨɞɯɨɞɹɳɢɦ ɩɭɬɟɦ ɩɟɪɟɯɨɞɚ, ɬɨ ɩɪɢɦɢɬɟ ɜɨ ɜɧɢɦɚɧɢɟ ɧɟɫɤɨɥɶɤɨ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɫɨɨɛɪɚɠɟɧɢɣ ɞɥɹ ɫɪɚɜɧɟɧɢɹ ɷɬɨɝɨ ɩɭɬɢ ɫ ɨɛɧɨɜɥɟɧɢɟɦ ɞɨɦɟɧɚ. Ɉɧɢ ɨɛɫɭɠɞɚɸɬɫɹ ɜ ɩɨɫɥɟɞɭɸɳɢɯ ɪɚɡɞɟɥɚɯ. Ɍɪɟɬɢɣ ɩɭɬɶ ɩɟɪɟɯɨɞɚ — ɨɛɧɨɜɥɟɧɢɟ ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ - ɢɡɜɟɫɬɟɧ ɤɚɤ ɩɟɪɟɯɨɞ ɫ , ɢɥɢ ɩɟɪɟɯɨɞ. ɗɬɨɬ ɦɟɬɨɞ ɜɵɩɨɥɧɹɟɬɫɹ ɨɛɧɨɜɥɟɧɢɟɦ ɞɨɦɟɧɨɜ, ɢɦɟɸɳɢɯ ɫɢɫɬɟɦɭ Windows NT 4, ɢ ɩɨɫɥɟɞɭɸɳɢɦ ɩɟɪɟɦɟɳɟɧɢɟɦ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɜ ɧɨɜɵɣ ɢɥɢ ɭɠɟ ɫɭɳɟɫɬɜɭɸɳɢɣ ɞɨɦɟɧ Windows Server 2003. Ɉɧ ɨɛɴɟɞɢɧɹɟɬ ɩɪɟɢɦɭɳɟɫɬɜɚ ɩɟɪɜɨɝɨ ɢ ɜɬɨɪɨɝɨ ɩɭɬɢ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɪɚɫɫɦɨɬɪɟɧɵ ɞɚɥɟɟ. ȼ ɩɨɫɥɟɞɭɸɳɢɯ ɪɚɡɞɟɥɚɯ ɨɛɴɹɫɧɹɸɬɫɹ ɞɨɫɬɨɢɧɫɬɜɚ ɢ ɧɟɞɨɫɬɚɬɤɢ ɤɚɠɞɨɝɨ ɢɡ ɬɪɟɯ ɩɭɬɟɣ.
Ɉɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ, ɢɥɢ « » (in-place), ɹɜɥɹɟɬɫɹ ɫɚɦɵɦ ɩɪɨɫɬɵɦ ɩɭɬɟɦ ɩɟɪɟɯɨɞɚ. ɇɨ ɨɩɪɟɞɟɥɢɬɶ ɷɬɨ ɞɥɹ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ ɦɨɠɟɬ ɨɤɚɡɚɬɶɫɹ ɜɟɫɶɦɚ ɡɚɬɪɭɞɧɢɬɟɥɶɧɨ. ɉɪɢ ɨɛɧɨɜɥɟɧɢɢ ɞɨɦɟɧɚ ɫɭɳɟɫɬɜɭɸɳɚɹ ɩɥɚɬɮɨɪɦɚ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɩɪɟɨɛɪɚɡɭɟɬɫɹ ɜ Active Directory ɨɞɧɨɜɪɟɦɟɧɧɨ ɫ ɦɨɞɟɪɧɢɡɚɰɢɟɣ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɞɨ Windows Server 2003. ɉɪɨɫɬɨɬɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɜɵ ɧɟ ɢɦɟɟɬɟ ɜɨɡɦɨɠɧɨɫɬɢ ɢɡɦɟɧɢɬɶ ɫɬɪɭɤɬɭɪɭ ɞɨɦɟɧɚ ɜ ɩɪɨɰɟɫɫɟ ɨɛɧɨɜɥɟɧɢɹ. ȿɫɥɢ ɜɵ ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɞɨɦɟɧɚ NAmerica ɜ Contoso.com, ɩɪɟɞɫɬɚɜɥɹɸɳɟɝɨ ɫɪɟɞɭ Windows NT 4, ɬɨ ɩɨɫɥɟ ɨɛɧɨɜɥɟɧɢɹ ɜɵ ɛɭɞɟɬɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɦ ɞɨɦɟɧɚ NAmerica Windows Server 2003. ɉɪɢ ɨɛɧɨɜɥɟɧɢɢ ɞɨɦɟɧɚ ɜɵ ɧɟ ɫɦɨɠɟɬɟ ɢɡɦɟɧɢɬɶ ɫɬɪɭɤɬɭɪɭ ɞɨɦɟɧɚ ɢɥɢ ɞɨɦɟɧɧɨɟ ɢɦɹ. . (source domain) , , . . « ». , , (target domain) « ». Active Directory, .
Windows NT 4
ɇɚɢɛɨɥɟɟ ɱɚɫɬɨ ɜɫɬɪɟɱɚɸɳɢɣɫɹ ɫɰɟɧɚɪɢɣ — ɷɬɨ ɩɟɪɟɯɨɞ ɨɬ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Windows NT 4 ɤ Active Directory Windows Server 2003. ɇɟɫɦɨɬɪɹ ɧɚ ɫɜɨɣ ɜɨɡɪɚɫɬ, ɫɢɫɬɟɦɚ Windows NT 4 Server ɹɜɥɹɟɬɫɹ ɨɩɥɨɬɨɦ ɪɵɧɤɚ ɫɟɬɟɜɵɯ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦ (NOS) ɞɥɹ ɩɪɟɞɩɪɢɹɬɢɣ. ɇɚ ɦɨɦɟɧɬ ɜɵɯɨɞɚ ɤɧɢɝɢ ɤɨɦɩɚɧɢɹ Microsoft ɨɛɴɹɜɢɥɚ ɨ ɩɥɚɧɚɯ «ɨɬɫɬɚɜɤɢ» ɫɢɫɬɟɦɵ Windows NT 4 Server ɢ ɩɨɫɬɟɩɟɧɧɨɝɨ «ɫɜɟɪɬɵɜɚɧɢɹ» ɩɨɞɞɟɪɠɤɢ ɷɬɨɝɨ ɩɪɨɞɭɤɬɚ ɜ ɬɟɱɟɧɢɟ ɫɥɟɞɭɸɳɢɯ ɧɟɫɤɨɥɶɤɢɯ ɦɟɫɹɰɟɜ. ɋ ɜɵɩɭɫɤɨɦ Windows Server 2003 ɦɧɨɝɢɟ ɨɪɝɚɧɢɡɚɰɢɢ, ɤɨɬɨɪɵɟ ɧɟ ɯɨɬɟɥɢ ɩɟɪɟɯɨɞɢɬɶ ɤ Windows 2000, ɛɭɞɭɬ ɨɛɧɨɜɥɹɬɶɫɹ ɞɨ Active Directory Windows Server 2003.
Windows Server 2000
Ȼɨɥɟɟ ɩɪɨɫɬɨɣ ɩɭɬɶ ɞɨɫɬɭɩɟɧ ɞɥɹ ɜɥɚɞɟɥɶɰɟɜ Windows Server 2000, ɤɨɬɨɪɵɟ ɩɥɚɧɢɪɭɸɬ ɩɪɨɜɟɫɬɢ ɦɨɞɟɪɧɢɡɚɰɢɸ ɞɨ Windows Server 2003. Ɇɧɨɝɢɟ ɚɪɯɢɬɟɤɬɭɪɧɵɟ ɢɡɦɟɧɟɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɨɫɭɳɟɫɬɜɥɹɥɢɫɶ ɬɨɝɞɚ, ɤɨɝɞɚ ɤɥɢɟɧɬɵ ɫɨɡɞɚɜɚɥɢ ɫɜɨɸ ɫɪɟɞɭ ɫɟɬɢ Windows 2000, ɢɥɢ ɤɨɝɞɚ ɨɧɢ ɦɨɞɟɪɧɢɡɢɪɨɜɚɥɢ ɫɢɫɬɟɦɭ Windows NT Server 4. Ʉɥɢɟɧɬɵ, ɩɟɪɟɯɨɞɹɳɢɟ ɤ Active Directory Windows Server 2003 ɫ ɫɢɫɬɟɦɵ Windows 2000, ɧɚɢɛɨɥɟɟ ɜɟɪɨɹɬɧɨ ɩɥɚɧɢɪɭɸɬ ɢɡɜɥɟɱɶ ɜɵɝɨɞɭ ɢɡ ɧɨɜɵɯ ɮɭɧɤɰɢɣ, ɞɨɫɬɭɩɧɵɯ ɜ ɜɟɪɫɢɢ Active Directory Windows Server 2003. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɧɨɜɵɯ ɮɭɧɤɰɢɹɯ, ɞɨɫɬɭɩɧɵɯ ɜ Active Directory Windows Server 2003, ɫɦ. ɝɥ. 1.
Ⱦɥɹ Windows NT 4 ɩɟɪɟɯɨɞ ɤ Active Directory ɜɵɩɨɥɧɹɟɬɫɹ ɩɭɬɟɦ ɦɨɞɟɪɧɢɡɚɰɢɢ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ. Ʉɚɤ ɬɨɥɶɤɨ ɨɛɧɨɜɥɟɧɢɟ ɡɚɤɨɧɱɟɧɨ, ɦɨɠɧɨ ɩɨɥɶɡɨɜɚɬɶɫɹ ɩɪɟɢɦɭɳɟɫɬɜɚɦɢ ɧɨɜɵɯ ɮɭɧɤɰɢɣ Active Directory Windows Server 2003. Ɇɨɠɟɬ ɤɥɢɟɧɬ Windows 2000 Server ɜɵɛɪɚɬɶ
ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɸ ɞɨɦɟɧɚ ɜɦɟɫɬɨ ɨɛɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ? Ⱦɚ, ɩɨ ɬɟɦ ɠɟ ɫɚɦɵɦ ɩɪɢɱɢɧɚɦ, ɩɨ ɤɨɬɨɪɵɦ ɤɥɢɟɧɬɵ Windows NT 4 Server ɜɵɛɢɪɚɸɬ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɸ ɞɨɦɟɧɚ, - ɢɧɮɪɚɫɬɪɭɤɬɭɪɚ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɛɨɥɶɲɟ ɫɨɨɬɜɟɬɫɬɜɭɟɬ ɩɨɬɪɟɛɧɨɫɬɹɦ ɛɢɡɧɟɫɚ ɜ ɨɪɝɚɧɢɡɚɰɢɢ. Ʉɥɢɟɧɬ Windows 2000 Server, ɜɟɪɨɹɬɧɟɟ ɜɫɟɝɨ, ɦɨɞɟɪɧɢɡɢɪɭɟɬ NOS, a ɡɚɬɟɦ ɪɟɫɬɪɭɤɬɭɪɢɡɢɪɭɟɬ ɟɟ, ɱɟɦ ɜɵɩɨɥɧɢɬ ɱɢɫɬɭɸ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɸ ɞɨɦɟɧɚ. ɉɟɪɟɞ ɦɨɞɟɪɧɢɡɚɰɢɟɣ Windows 2000 Server ɞɨ Windows Server 2003 ɧɭɠɧɨ ɜɵɩɨɥɧɢɬɶ ɞɜɚ ɞɟɣɫɬɜɢɹ: ɩɨɞɝɨɬɨɜɢɬɶ ɥɟɫ ɢ ɞɨɦɟɧ Active Directory ɞɥɹ Windows Server 2003. ȼ ɩɚɩɤɟ \I386 ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤɟ Windows Server 2003 ɧɚɯɨɞɹɬɫɹ ɞɜɚ ɢɧɫɬɪɭɦɟɧɬɚ ɞɥɹ ɪɟɲɟɧɢɹ ɷɬɢɯ ɡɚɞɚɱ: ForestPrep ɢ DomainPrep. ɉɪɨɰɟɞɭɪɵ ɩɨɞɝɨɬɨɜɤɢ ɥɟɫɚ ɢ ɞɨɦɟɧɚ ɨɩɢɫɵɜɚɸɬɫɹ ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ.
. Windows NT 4
Windows 2000
Directory
Windows Server 2003 Active Active Directory ). Windows Server 2003,
. Domain Rename ( ,
• • •
.
: ; ; .
, , . Windows Server 2003 Domain Rename ( ). Rendom.exe Gpfixup.exe Windows Server 2003 \VALUEADD\MSFT\MGMT\DOMREN. Domain Rename Microsoft http:// www.microsoft.com/windowsserver2003/downloads/ domainrename.mspx. Domain Rename Windows Server 2003 Windows 2000. Domain Rename «Understanding How Domain Rename Works ( )» http: / /www. microsoft.com/windowsserver2003 /docs /Domain-Rename- Intro.doc. Domain Rename «Step-by-Step Guide to Implementing Domain Rename ( Domain Rename)» no http://www.microsoft.com/windowsserver2003/docs/Domain-Rename- Procedure, doc.
ɉɪɢ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ ɫɨɡɞɚɟɬɫɹ ɧɨɜɚɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɚ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Windows Server 2003, ɚ ɡɚɬɟɦ ɨɛɴɟɤɬɵ ɩɟɪɟɦɟɳɚɸɬɫɹ ɜ ɷɬɭ ɫɪɟɞɭ. ɉɪɟɢɦɭɳɟɫɬɜɨ ɷɬɨɝɨ ɩɭɬɢ ɩɟɪɟɯɨɞɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɪɢɝɢɧɚɥ ɫɪɟɞɵ Windows NT 4 ɨɫɬɚɟɬɫɹ ɧɟɬɪɨɧɭɬɵɦ ɜɨ ɜɪɟɦɹ ɫɨɡɞɚɧɢɹ ɰɟɥɟɜɨɣ ɫɪɟɞɵ, ɢɡɜɟɫɬɧɨɣ ɬɚɤɠɟ ɤɚɤ «ɱɢɫɬɵɣ» ɥɟɫ (pristine forest). Ɉɛɪɚɡ «ɱɢɫɬɨɝɨ» ɥɟɫɚ, ɛɟɡɭɫɥɨɜɧɨ, ɩɪɢɜɥɟɤɚɬɟɥɟɧ, ɟɝɨ ɦɨɠɧɨ ɛɵɫɬɪɨ ɡɚɩɨɥɧɢɬɶ ɨɛɴɟɤɬɚɦɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ: ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ, ɝɪɭɩɩɚɦɢ ɢ ɤɨɦɩɶɸɬɟɪɚɦɢ. Ɋɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ ɩɪɨɰɟɫɫ ɜɵɛɨɪɨɱɧɵɣ, ɡɞɟɫɶ ɢɦɟɟɬɫɹ ɜɨɡɦɨɠɧɨɫɬɶ ɜɵɛɨɪɚ ɬɟɯ ɨɛɴɟɤɬɨɜ, ɤɨɬɨɪɵɟ ɜɵ ɯɨɬɢɬɟ ɩɟɪɟɧɟɫɬɢ ɧɚ ɧɨɜɭɸ ɩɥɚɬɮɨɪɦɭ. (Ɉɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ — ɷɬɨ ɛɟɫɤɨɦɩɪɨɦɢɫɫɧɚɹ ɫɞɟɥɤɚ, ɬ.ɟ. ɤɚɠɞɵɣ ɨɛɴɟɤɬ ɞɨɦɟɧɚ Windows NT 4 ɨɛɧɨɜɥɹɟɬɫɹ ɞɨ Windows Server 2003 ɢ Active Directory.) ɉɪɨɟɤɬɢɪɨɜɚɧɢɟ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ - ɩɪɟɤɪɚɫɧɵɣ ɦɨɦɟɧɬ, ɱɬɨɛɵ ɭɛɪɚɬɶ ɜɫɟ ɞɭɛɥɢɤɚɬɵ, ɩɚɫɫɢɜɧɵɟ, ɬɟɫɬɨɜɵɟ ɢ ɞɪɭɝɢɟ ɛɨɥɟɟ ɧɟ ɮɭɧɤɰɢɨɧɢɪɭɸɳɢɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ. Ɉɧɢ ɢɫɱɟɡɧɭɬ, ɤɨɝɞɚ ɜɵ ɩɟɪɟɣɞɟɬɟ ɤ ɧɨɜɨɣ ɦɨɞɟɥɢ ɞɨɦɟɧɚ ɢ ɞɚɞɢɬɟ ɧɨɜɨɟ ɧɚɡɧɚɱɟɧɢɟ ɫɬɚɪɵɦ ɤɨɧɬɪɨɥɥɟɪɚɦ ɞɨɦɟɧɚ. ɍɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɝɪɭɩɩ, ɫɥɭɠɛ ɢ ɤɨɦɩɶɸɬɟɪɨɜ, ɧɚɡɵɜɚɟɦɵɟ ɬɚɤɠɟ (security principals), ɨɛɧɨɜɥɹɸɬɫɹ ɨɬ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ SAM Windows NT 4 Server ɤ
Active Directory. ɗɬɨ ɨɛɧɨɜɥɟɧɢɟ ɜɵɩɨɥɧɹɟɬɫɹ ɞɜɭɦɹ ɫɩɨɫɨɛɚɦɢ: ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɦɨɝɭɬ ɛɵɬɶ ɢɥɢ ɩɟɪɟɦɟɳɟɧɵ, ɢɥɢ ɤɥɨɧɢɪɨɜɚɧɵ. ɉɪɢ ɩɟɪɟɦɟɳɟɧɢɢ ɨɛɴɟɤɬɚ ɩɟɪɜɨɧɚɱɚɥɶɧɵɣ ɭɱɚɫɬɧɢɤ ɛɟɡɨɩɚɫɧɨɫɬɢ ɜ ɢɫɯɨɞɧɨɦ ɞɨɦɟɧɟ ɭɞɚɥɹɟɬɫɹ. ɉɟɪɟɦɟɳɟɧɢɟ ɨɛɴɟɤɬɚ - ɷɬɨ ɞɟɫɬɪɭɤɬɢɜɧɵɣ ɩɪɨɰɟɫɫ, ɢɫɯɨɞɧɵɟ ɨɛɴɟɤɬɵ ɞɨɦɟɧɚ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɜ ɫɥɭɱɚɟ ɫɛɨɹ, ɧɟ ɫɨɯɪɚɧɹɸɬɫɹ. Ʉɥɨɧɢɪɨɜɚɧɢɟ — ɷɬɨ ɩɪɨɰɟɫɫ ɫɨɡɞɚɧɢɹ ɧɨɜɨɝɨ, ɢɞɟɧɬɢɱɧɨɝɨ ɭɱɚɫɬɧɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ ɜ ɰɟɥɟɜɨɦ ɞɨɦɟɧɟ, ɨɫɧɨɜɚɧɧɨɦ ɧɚ ɨɛɴɟɤɬɟ ɢɫɯɨɞɧɨɝɨ ɞɨɦɟɧɚ. ɉɪɟɞɩɨɱɬɢɬɟɥɶɧɵɦ ɦɟɬɨɞɨɦ ɩɟɪɟɞɚɱɢ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ ɜ ɱɢɫɬɵɣ ɥɟɫ Windows Server 2003 ɹɜɥɹɟɬɫɹ ɤɥɨɧɢɪɨɜɚɧɢɟ. ɉɟɪɟɦɟɳɟɧɢɟ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɤɚɤ ɩɪɚɜɢɥɨ, ɩɪɨɢɡɜɨɞɢɬɫɹ ɩɪɢ ɩɟɪɟɯɨɞɟ ɦɟɠɞɭ ɞɜɭɦɹ ɥɟɫɚɦɢ Windows Server 2003 ɢɥɢ ɦɟɠɞɭ ɥɟɫɨɦ Windows 2000 ɢ ɥɟɫɨɦ Windows Server 2003. ɋɰɟɧɚɪɢɣ ɩɟɪɟɯɨɞɚ, ɫɜɹɡɚɧɧɵɣ ɫ ɨɛɧɨɜɥɟɧɢɟɦ ɢ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ, ɩɪɢɜɟɞɟɧ ɜ ɪɚɡɞɟɥɟ «Ɉɛɧɨɜɥɟɧɢɟ ɢ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ» ɜ ɷɬɨɣ ɝɥɚɜɟ. П а че ы . SID-History , ? . Windows NT 4
Windows Server ,
2003. .
,
X
, ,
Windows NT 4 Server, .
X
? , SID-History
SID-History. Active Directory, (SID) . SID, S-1-5-21-
X Windows NT 4 2127521184-1604012920-18879275 27-324294, SID-History Windows Server 2003. Windows NT 4 Active Directory SID Windows NT 4 SID-History . Windows Server 2003. Э Windows NT 4,
, ,
, .
SID, SID ?
,
. X Windows NT 4,
, , . SID SID-History
X
SID
,
, . (DACL SID SID-History),
discretionary access control list) ( . ? ,
.
?
.
— . .
,
, , ,
, , SID-History Active Directory Migration Tool (
.
Active Directory, ADMT). ?
SID-History .
SID
:
.
X
. ?
History ,
, . . SID Active Directory ,
,
History. SID
SID: SID-
, : SID
SID-History. ,
.
ɉɟɪɟɯɨɞ ɱɟɪɟɡ ɨɛɧɨɜɥɟɧɢɟ ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɤɨɦɛɢɧɚɰɢɸ ɞɜɭɯ ɝɥɚɜɧɵɯ ɩɭɬɟɣ ɩɟɪɟɯɨɞɚ. ɋɧɚɱɚɥɚ ɞɨɦɟɧ Windows NT 4 ɨɛɧɨɜɥɹɟɬɫɹ ɞɨ Windows Server 2003 ɢ ɫɥɭɠɛɵ Active Directory. Ɂɚɬɟɦ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɪɟɫɬɪɭɤɬɭɪɢɡɢɪɭɸɬɫɹ ɜ ɧɨɜɵɟ ɢɥɢ ɫɭɳɟɫɬɜɭɸɳɢɟ ɞɨɦɟɧɵ Windows Server 2003. ɗɬɨɬ ɦɟɬɨɞ ɫɨɱɟɬɚɟɬ ɫɢɸɦɢɧɭɬɧɵɟ ɜɵɝɨɞɵ ɨɬ ɨɛɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ (ɫɤɨɪɨɫɬɶ, ɦɚɥɵɣ ɪɢɫɤ, ɜɵɫɨɤɢɣ ɭɪɨɜɟɧɶ ɚɜɬɨɦɚɬɢɡɚɰɢɢ) ɫ ɞɨɥɝɨɫɪɨɱɧɵɦɢ ɩɪɟɢɦɭɳɟɫɬɜɚɦɢ ɨɬ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ (ɫɨɡɞɚɟɬ ɧɨɜɭɸ ɦɨɞɟɥɶ ɞɨɦɟɧɚ, ɪɟɚɥɢɡɨɜɚɧ ɜ ɜɢɞɟ ɫɬɚɞɢɣ, ɭɛɢɪɚɟɬ ɫɬɚɪɵɟ ɢ ɧɟɧɭɠɧɵɟ ɨɛɴɟɤɬɵ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ). Ɉɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɨɜ ɨɬ Windows NT 4 ɞɨ Windows Server 2003 ɹɜɥɹɟɬɫɹ ɧɚɢɛɨɥɟɟ ɰɟɥɟɫɨɨɛɪɚɡɧɵɦ ɫɩɨɫɨɛɨɦ ɩɟɪɟɯɨɞɚ. ɉɪɨɰɟɫɫ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɨɛɴɟɤɬɨɜ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɦɨɠɟɬ ɛɵɬɶ ɜɵɩɨɥɧɟɧ ɱɟɪɟɡ ɤɚɤɨɟ-ɬɨ ɜɪɟɦɹ, ɫɨɝɥɚɫɧɨ ɜɚɲɟɦɭ ɪɚɫɩɢɫɚɧɢɸ, ɪɟɫɭɪɫɚɦ ɢ ɛɸɞɠɟɬɭ. Ɉɧ ɞɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɫɟɬɟɜɵɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ ɩɨɡɧɚɤɨɦɢɬɶɫɹ ɫ ɧɨɜɨɣ ɫɥɭɠɛɨɣ ɤɚɬɚɥɨɝɚ, ɩɪɟɠɞɟ ɱɟɦ ɩɨɝɪɭɡɢɬɶɫɹ ɜ ɩɪɨɰɟɫɫ ɩɟɪɟɩɪɨɟɤɬɢɪɨɜɚɧɢɹ ɞɨɦɟɧɚ ɢɥɢ ɧɚɱɚɬɶ ɤɚɤɨɣ-ɥɢɛɨ ɨɩɚɫɧɵɣ ɩɪɨɟɤɬ ɩɟɪɟɯɨɞɚ. ɗɬɨɬ ɩɭɬɶ ɜɵɝɨɞɟɧ ɤɨɧɟɱɧɵɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ, ɩɨɫɤɨɥɶɤɭ ɢɯ ɦɢɪ ɫɟɬɟɜɵɯ ɭɫɥɭɝ ɧɟ ɢɡɦɟɧɢɬɫɹ ɜɧɟɡɚɩɧɨ: ɫɧɚɱɚɥɚ ɨɧɢ ɩɟɪɟɣɞɭɬ ɤ ɧɨɜɨɣ NOS, ɚ ɡɚɬɟɦ, ɱɟɪɟɡ ɤɚɤɨɟ-ɬɨ ɜɪɟɦɹ, ɛɭɞɟɬ ɪɟɫɬɪɭɤɬɭɪɢɡɢɪɨɜɚɧɚ ɦɨɞɟɥɶ ɞɨɦɟɧɚ.
ɉɪɢ ɜɵɛɨɪɟ ɩɭɬɢ ɩɟɪɟɯɨɞɚ ɢɦɟɣɬɟ ɜ ɜɢɞɭ, ɱɬɨ ɷɬɨ ɪɟɲɟɧɢɟ ɤɚɫɚɟɬɫɹ ɬɨɥɶɤɨ ɨɞɧɨɝɨ ɞɨɦɟɧɚ, ɫɨɜɟɪɲɟɧɧɨ ɫɩɪɚɜɟɞɥɢɜɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɪɚɡɥɢɱɧɵɟ ɩɭɬɢ ɩɟɪɟɯɨɞɚ ɞɥɹ ɪɚɡɥɢɱɧɵɯ ɞɨɦɟɧɨɜ ɜ ɩɪɟɞɟɥɚɯ ɨɞɧɨɣ ɨɪɝɚɧɢɡɚɰɢɢ. ɉɨɩɭɥɹɪɧɚɹ ɫɬɪɚɬɟɝɢɹ ɩɟɪɟɯɨɞɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɨɛɧɨɜɢɬɶ ɞɨɦɟɧ Windows NT 4 ɫ ɝɥɚɜɧɵɦɢ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ, ɚ ɡɚɬɟɦ ɪɟɫɬɪɭɤɬɭɪɢɡɢɪɨɜɚɬɶ ɞɨɦɟɧ ɪɟɫɭɪɫɨɜ Windows NT 4 ɜ ɧɨɜɵɣ ɞɨɦɟɧ Windows Server 2003. ȿɫɥɢ ɦɨɞɟɥɶ ɜɚɲɟɝɨ ɞɨɦɟɧɚ ɫ Windows NT 4 ɨɪɢɟɧɬɢɪɨɜɚɧɚ ɧɚ ɝɟɨɝɪɚɮɢɸ, ɦɨɠɧɨ ɦɨɞɟɪɧɢɡɢɪɨɜɚɬɶ ɨɞɢɧ ɢɥɢ ɧɟɫɤɨɥɶɤɨ ɛɨɥɶɲɢɯ ɞɨɦɟɧɨɜ, ɚ ɡɚɬɟɦ ɪɟɫɬɪɭɤɬɭɪɢɡɢɪɨɜɚɬɶ ɛɨɥɟɟ ɦɟɥɤɢɟ ɞɨɦɟɧɵ, ɫɨɯɪɚɧɹɹ ɢɯ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɭɸ ɚɜɬɨɧɨɦɢɸ ɱɟɪɟɡ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ (OU). Ɉɛɚ ɷɬɢ ɫɰɟɧɚɪɢɹ ɞɚɸɬ ɩɪɢɦɟɪɵ ɤɨɧɫɨɥɢɞɚɰɢɢ ɞɨɦɟɧɨɜ. Ⱦɚɜɚɣɬɟ ɪɚɫɫɦɨɬɪɢɦ ɤɪɢɬɟɪɢɢ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɩɪɢ ɜɵɛɨɪɟ ɧɚɢɛɨɥɟɟ ɩɨɞɯɨɞɹɳɟɝɨ ɩɭɬɢ.
ɋɥɟɞɭɸɳɢɟ ɜɨɩɪɨɫɵ ɭɦɟɫɬɧɨ ɡɚɞɚɬɶ ɩɪɢ ɨɩɪɟɞɟɥɟɧɢɢ ɧɚɢɛɨɥɟɟ ɩɨɞɯɨɞɹɳɟɝɨ ɩɭɬɢ ɩɟɪɟɯɨɞɚ ɞɥɹ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. 1. ɍɞɨɜɥɟɬɜɨɪɟɧɵ ɥɢ ɜɵ ɦɨɞɟɥɶɸ ɜɚɲɟɝɨ ɞɨɦɟɧɚ? Ɉɬɜɟɱɚɟɬ ɥɢ ɫɭɳɟɫɬɜɭɸɳɚɹ ɦɨɞɟɥɶ ɞɨɦɟɧɚ Windows NT 4 ɜɚɲɢɦ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɦ ɢ ɞɟɥɨɜɵɦ ɩɨɬɪɟɛɧɨɫɬɹɦ? 2. Ʉɚɤɭɸ ɫɬɟɩɟɧɶ ɪɢɫɤɚ ɜɵ ɦɨɠɟɬɟ ɞɨɩɭɫɬɢɬɶ ɩɪɢ ɩɟɪɟɯɨɞɟ ɤ ɧɨɜɨɣ ɦɨɞɟɥɢ ɞɨɦɟɧɚ? 3. ɋɤɨɥɶɤɨ ɜɪɟɦɟɧɢ ɜɵ ɝɨɬɨɜɵ ɩɨɬɪɚɬɢɬɶ ɧɚ ɜɵɩɨɥɧɟɧɢɟ ɩɟɪɟɯɨɞɚ? 4. Ʉɚɤɨɟ ɤɨɥɢɱɟɫɬɜɨ ɪɚɛɨɱɟɝɨ ɜɪɟɦɟɧɢ ɫɢɫɬɟɦɵ ɩɨɬɪɟɛɭɟɬɫɹ ɧɚ ɩɪɨɟɤɬ ɩɟɪɟɯɨɞɚ? 5. Ʉɚɤɢɟ ɪɟɫɭɪɫɵ ɞɨɫɬɭɩɧɵ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɩɟɪɟɯɨɞɚ? 6. Ʉɚɤɨɜ ɛɸɞɠɟɬ ɩɪɨɟɤɬɚ ɩɟɪɟɯɨɞɚ? 7. Ʉɚɤɨɟ ɤɨɥɢɱɟɫɬɜɨ ɫɟɪɜɟɪɧɵɯ ɩɪɢɥɨɠɟɧɢɣ, ɤɨɬɨɪɵɟ ɧɟ ɫɦɨɝɭɬ ɜɵɩɨɥɧɹɬɶɫɹ ɧɚ Windows Server 2003, ɞɨɥɠɧɵ ɛɵɬɶ ɩɨɞɞɟɪɠɚɧɵ ɩɨɫɥɟ ɩɟɪɟɯɨɞɚ? ɉɪɟɞɫɬɚɜɶɬɟ ɫɟɛɟ ɜɨɡɦɨɠɧɵɟ ɨɬɜɟɬɵ ɜ ɜɢɞɟ ɫɩɟɤɬɪɚ ɨɬ ɧɢɡɤɨɝɨ ɤ ɜɵɫɨɤɨɦɭ ɭɪɨɜɧɸ, ɩɪɢɱɟɦ, ɩɭɬɶ ɨɛɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ ɧɚɯɨɞɢɬɫɹ ɧɚ ɫɚɦɨɦ ɧɢɡɤɨɦ ɭɪɨɜɧɟ, ɚ ɩɭɬɶ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ - ɧɚ
ɫɚɦɨɦ ɜɵɫɨɤɨɦ. Ⱦɥɹ ɩɭɬɢ ɩɟɪɟɯɨɞɚ, ɫɜɹɡɚɧɧɨɝɨ ɫ ɨɛɧɨɜɥɟɧɢɟɦ ɢ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ ɜɵ, ɜɟɪɨɹɬɧɨ, ɭɜɢɞɢɬɟ ɤɨɦɛɢɧɚɰɢɸ ɞɟɥɨɜɵɯ ɬɪɟɛɨɜɚɧɢɣ ɧɚ ɤɚɠɞɨɣ ɫɬɨɪɨɧɟ ɫɩɟɤɬɪɚ ɢɥɢ ɩɨɫɟɪɟɞɢɧɟ (ɫɦ. ɪɢɫ. 7-1).
. 7-1.
ɍɱɢɬɵɜɚɹ ɜɫɟ ɜɵɲɟɫɤɚɡɚɧɧɨɟ, ɞɚɜɚɣɬɟ ɪɚɫɫɦɨɬɪɢɦ ɭɫɥɨɜɢɹ, ɩɪɢ ɤɨɬɨɪɵɯ ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ ɹɜɥɹɟɬɫɹ ɧɚɢɥɭɱɲɢɦ ɩɭɬɟɦ ɩɟɪɟɯɨɞɚ ɞɥɹ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. ȿɫɥɢ ɧɟɬ ɧɢɤɚɤɢɯ ɫɭɳɟɫɬɜɟɧɧɵɯ ɢɡɦɟɧɟɧɢɣ, ɤɨɬɨɪɵɟ ɯɨɬɟɥɨɫɶ ɛɵ ɫɞɟɥɚɬɶ ɜ ɞɨɦɟɧɧɨɣ ɦɨɞɟɥɢ ɨɞɧɨɜɪɟɦɟɧɧɨ ɫ ɩɟɪɟɯɨɞɨɦ ɤ Windows Server 2003, ɬɨɝɞɚ ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ ɨɛɟɫɩɟɱɢɬ ɫɚɦɵɣ ɥɟɝɤɢɣ ɩɭɬɶ. ɂɦɹ ɞɨɦɟɧɚ ɨɫɬɚɧɟɬɫɹ ɬɟɦ ɠɟ ɫɚɦɵɦ, ɬɚɤ ɠɟ ɤɚɤ ɢ ɫɭɳɟɫɬɜɨɜɚɧɢɟ ɜɫɟɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ. Ɉɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ - ɷɬɨ ɛɟɡɚɥɶɬɟɪɧɚɬɢɜɧɚɹ ɫɞɟɥɤɚ, ɩɪɨɫɬɨ ɛɭɞɟɬ ɪɟɚɥɢɡɨɜɚɧɚ ɜɚɲɚ ɬɟɤɭɳɚɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɜ ɜɟɪɫɢɢ Windows Server 2003. əɜɥɹɹɫɶ ɫɚɦɵɦ ɥɟɝɤɢɦ ɫɩɨɫɨɛɨɦ ɩɟɪɟɯɨɞɚ, ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɢ ɦɟɬɨɞ ɫ ɦɢɧɢɦɚɥɶɧɵɦ ɪɢɫɤɨɦ. Ʉɨɝɞɚ ɜɵ ɦɨɞɟɪɧɢɡɢɪɭɟɬɟ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɨɣ Windows NT 4 Server, ɩɪɨɰɟɫɫ ɜɵɩɨɥɧɹɟɬɫɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ. Ȼɟɡ ɜɡɚɢɦɨɞɟɣɫɬɜɢɹ ɫ ɩɨɥɶɡɨɜɚɬɟɥɟɦ ɜɨɡɦɨɠɧɨɫɬɟɣ ɞɥɹ ɨɲɢɛɨɤ ɜɨɡɧɢɤɚɟɬ ɧɟɦɧɨɝɨ. Ɇɟɬɨɞɨɥɨɝɢɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɩɨɫɥɟ ɫɛɨɹ ɩɪɢ ɨɛɧɨɜɥɟɧɢɢ ɞɨɦɟɧɚ ɬɚɤɠɟ ɨɬɧɨɫɢɬɟɥɶɧɨ ɩɪɨɫɬɚ. ȿɫɥɢ ɨɛɧɨɜɥɟɧɢɟ ɩɪɨɲɥɨ ɧɟɭɞɚɱɧɨ, ɜɵɤɥɸɱɢɬɟ ɨɫɧɨɜɧɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ (PDC), ɧɚɡɧɚɱɶɬɟ ɥɸɛɨɣ ɪɟɡɟɪɜɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ (BDC), ɢɦɟɸɳɢɣ ɫɜɟɠɢɟ ɞɚɧɧɵɟ, ɧɚ ɪɨɥɶ PDC, ɢ ɧɚɱɧɢɬɟ ɩɪɨɰɟɞɭɪɭ ɫɧɨɜɚ. Ƚɪɚɮɢɤ ɜɪɟɦɟɧɢ ɩɟɪɟɯɨɞɚ ɧɟ ɹɜɥɹɟɬɫɹ ɪɟɲɚɸɳɢɦ ɮɚɤɬɨɪɨɦ ɩɪɢ ɜɵɛɨɪɟ ɩɭɬɢ ɩɟɪɟɯɨɞɚ, ɬɟɦ ɧɟ ɦɟɧɟɟ, ɨɧ ɦɨɠɟɬ ɛɵɬɶ ɨɩɪɟɞɟɥɹɸɳɢɦ ɞɥɹ ɧɟɛɨɥɶɲɢɯ ɨɪɝɚɧɢɡɚɰɢɣ ɫ ɨɝɪɚɧɢɱɟɧɧɵɦɢ ɪɟɫɭɪɫɚɦɢ. Ɇɟɧɶɲɟ ɞɟɣɫɬɜɢɣ ɬɪɟɛɭɟɬɫɹ ɞɥɹ ɨɛɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ, ɱɟɦ ɞɥɹ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ, ɢ, ɫɨɨɬɜɟɬɫɬɜɟɧɧɨ, ɦɟɧɶɲɟ ɜɪɟɦɟɧɢ ɬɪɟɛɭɟɬɫɹ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɜɫɟɝɨ ɩɟɪɟɯɨɞɚ. ɇɚɩɪɢɦɟɪ, ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɡɚɧɢɦɚɟɬ ɦɧɨɝɨ ɜɪɟɦɟɧɢ ɧɚ ɫɨɡɞɚɧɢɟ ɢ ɩɪɨɜɟɪɤɭ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɰɟɥɟɜɨɝɨ ɞɨɦɟɧɚ, ɧɚ ɩɟɪɟɦɟɳɟɧɢɟ ɜɫɟɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫ ɢɫɯɨɞɧɨɝɨ ɞɨɦɟɧɚ ɧɚ ɰɟɥɟɜɨɣ ɞɨɦɟɧ. Ʉɪɭɩɧɵɟ ɨɪɝɚɧɢɡɚɰɢɢ, ɜɨɡɦɨɠɧɨ, ɧɟ ɫɦɨɝɭɬ ɩɟɪɟɦɟɫɬɢɬɶ ɜɫɟ ɨɛɴɟɤɬɵ ɡɚ ɨɞɢɧ ɪɚɡ, ɬɚɤ ɱɬɨ ɞɨɫɬɚɬɨɱɧɨ ɱɚɫɬɨ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ ɩɪɨɢɡɜɨɞɢɬɫɹ ɜ ɧɟɫɤɨɥɶɤɨ ɷɬɚɩɨɜ. ɇɚɩɪɨɬɢɜ, ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ - ɷɬɨ ɥɢɧɟɣɧɵɣ ɩɪɨɰɟɫɫ, ɟɫɥɢ ɨɧ ɛɵɥ ɧɚɱɚɬ, ɬɨ ɞɨɥɠɟɧ ɛɵɬɶ ɡɚɤɨɧɱɟɧ. Ⱦɪɭɝɨɟ ɫɨɨɛɪɚɠɟɧɢɟ, ɤɚɫɚɸɳɟɟɫɹ ɜɪɟɦɟɧɧɨɝɨ ɝɪɚɮɢɤɚ, — ɷɬɨ ɤɨɥɢɱɟɫɬɜɨ ɪɚɛɨɱɟɝɨ ɜɪɟɦɟɧɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɤɨɬɨɪɨɟ ɧɟɨɛɯɨɞɢɦɨ ɡɚɬɪɚɬɢɬɶ ɧɚ ɩɪɨɰɟɫɫ ɩɟɪɟɯɨɞɚ. ȼ ɩɪɨɰɟɫɫɟ ɨɛɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ ɨɛɴɟɤɬɵ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫɚɦɨɫɬɨɹɬɟɥɶɧɨ ɦɨɞɟɪɧɢɡɢɪɭɸɬɫɹ ɜ ɨɛɴɟɤɬɵ Windows Server 2003. ȼ ɪɟɡɭɥɶɬɚɬɟ ɷɬɢ ɪɟɫɭɪɫɵ ɫɬɚɧɨɜɹɬɫɹ ɧɟɞɨɫɬɭɩɧɵɦɢ ɧɟɩɨɫɪɟɞɫɬɜɟɧɧɨ ɜ ɩɪɨɰɟɫɫɟ. Ɉɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ ɜɵɡɵɜɚɟɬ ɩɪɨɫɬɨɣ ɜ ɫɟɬɟɜɨɦ ɞɨɫɬɭɩɟ ɤ ɪɟɫɭɪɫɚɦ ɜ ɬɟɱɟɧɢɟ ɜɪɟɦɟɧɢ, ɧɟɨɛɯɨɞɢɦɨɝɨ ɞɥɹ ɩɨɥɧɨɝɨ ɨɛɧɨɜɥɟɧɢɹ NOS. ȼ ɡɚɜɢɫɢɦɨɫɬɢ ɨɬ ɪɚɡɦɟɪɚ ɜɚɲɟɝɨ ɞɨɦɟɧɚ Windows NT 4 ɢ ɤɨɥɢɱɟɫɬɜɚ ɡɚɥɨɠɟɧɧɵɯ ɲɚɝɨɜ ɩɪɨɜɟɪɤɢ ɩɪɨɰɟɞɭɪɚ ɦɨɠɟɬ ɡɚɧɹɬɶ ɥɭɱɲɭɸ ɱɚɫɬɶ ɞɧɹ (ɟɫɥɢ ɜɫɟ ɢɞɟɬ ɫɨɝɥɚɫɧɨ ɩɥɚɧɭ). Ɍɚɤɢɦ ɨɛɪɚɡɨɦ, ɨɪɝɚɧɢɡɚɰɢɹ, ɤɨɬɨɪɚɹ
ɜɵɛɟɪɟɬ ɩɭɬɶ ɩɟɪɟɯɨɞɚ, ɫɜɹɡɚɧɧɵɣ ɫ ɨɛɧɨɜɥɟɧɢɟɦ ɞɨɦɟɧɚ, ɞɨɥɠɧɚ ɛɵɬɶ ɝɨɬɨɜɚ ɤ ɩɪɨɫɬɨɸ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ɉɨɫɤɨɥɶɤɭ ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ ɹɜɥɹɟɬɫɹ ɦɟɧɟɟ ɫɥɨɠɧɨɣ, ɚɜɬɨɦɚɬɢɡɢɪɨɜɚɧɧɨɣ ɨɩɟɪɚɰɢɟɣ, ɬɨ ɧɚ ɪɟɚɥɢɡɚɰɢɸ ɷɬɨɝɨ ɩɭɬɢ ɩɟɪɟɯɨɞɚ ɩɨɬɪɟɛɭɟɬɫɹ ɦɟɧɶɲɟɟ ɤɨɥɢɱɟɫɬɜɚ ɪɟɫɭɪɫɨɜ. Ɉɪɝɚɧɢɡɚɰɢɢ, ɤɨɬɨɪɵɟ ɧɟ ɜ ɫɨɫɬɨɹɧɢɢ ɧɚɛɪɚɬɶ ɤɚɞɪɵ ɧɚ ɜɵɩɨɥɧɟɧɢɟ ɛɨɥɟɟ ɫɥɨɠɧɨɣ ɡɚɞɚɱɢ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ, ɦɨɝɭɬ ɜɵɛɢɪɚɬɶ ɷɬɨɬ ɩɭɬɶ. Ɉɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ ɫɬɨɢɬ ɞɟɲɟɜɥɟ, ɱɟɦ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ, ɩɨɬɨɦɭ ɱɬɨ ɜɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɭɳɟɫɬɜɭɸɳɢɟ ɫɟɪɜɟɪɧɵɟ ɚɩɩɚɪɚɬɧɵɟ ɫɪɟɞɫɬɜɚ. ɗɬɨ ɜɨɜɫɟ ɧɟ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɵ ɞɨɥɠɧɵ ɤ ɷɬɨɦɭ ɫɬɪɟɦɢɬɶɫɹ; ɜ ɞɟɣɫɬɜɢɬɟɥɶɧɨɫɬɢ, ɨɛɧɨɜɥɟɧɢɟ NOS — ɜɟɫɶɦɚ ɩɨɞɯɨɞɹɳɟɟ ɜɪɟɦɹ ɞɥɹ ɦɨɞɟɪɧɢɡɚɰɢɢ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɢ ɞɪɭɝɢɯ ɫɟɪɜɟɪɨɜ, ɜɵɩɨɥɧɹɸɳɢɯ ɤɪɢɬɢɱɟɫɤɢɟ ɦɢɫɫɢɢ (ɷɥɟɤɬɪɨɧɧɚɹ ɩɨɱɬɚ, ɜɟɛ-ɫɟɪɜɟɪɵ ɢ ɬ.ɞ.). Ɉɞɧɚɤɨ ɟɫɥɢ ɜɚɲɢ ɢɦɟɸɳɢɟɫɹ ɫɟɪɜɟɪɧɵɟ ɚɩɩɚɪɚɬɧɵɟ ɫɪɟɞɫɬɜɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨ ɩɪɢɝɨɞɧɵ ɞɥɹ ɪɚɛɨɬɵ ɫ Windows Server 2003, ɜɵ ɦɨɠɟɬɟ ɩɨɬɪɚɬɢɬɶ ɦɟɧɶɲɟɟ ɤɨɥɢɱɟɫɬɜɨ ɞɟɧɟɝ ɧɚ ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ. ȼɵ ɦɨɠɟɬɟ ɢɡɛɟɠɚɬɶ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɩɨɤɭɩɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɟɪɜɟɪɵ ɞɥɹ ɫɨɡɞɚɧɢɹ ɫɪɟɞɵ «ɱɢɫɬɨɝɨ» ɥɟɫɚ, ɤɨɬɨɪɚɹ ɬɪɟɛɭɟɬɫɹ ɞɥɹ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ. ɋɪɟɞɢ ɞɪɭɝɢɯ ɮɚɤɬɨɪɨɜ, ɫɩɨɫɨɛɫɬɜɭɸɳɢɯ ɭɦɟɧɶɲɟɧɢɸ ɧɟɨɛɯɨɞɢɦɵɯ ɛɸɞɠɟɬɧɵɯ ɫɪɟɞɫɬɜ, ɛɭɞɟɬ ɛɨɥɟɟ ɧɢɡɤɚɹ ɫɬɨɢɦɨɫɬɶ ɪɟɫɭɪɫɨɜ (ɜɤɥɸɱɚɹ ɦɢɧɢɦɚɥɶɧɵɟ ɤɨɧɬɪɚɤɬɧɵɟ ɪɚɫɯɨɞɵ ɢ ɫɬɨɢɦɨɫɬɶ «ɧɟɪɟɚɥɢɡɨɜɚɧɧɵɯ ɜɨɡɦɨɠɧɨɫɬɟɣ» ɞɥɹ ɩɨɫɬɨɹɧɧɵɯ ɫɥɭɠɚɳɢɯ), ɚ ɬɚɤɠɟ ɭɦɟɧɶɲɟɧɢɟ ɪɚɫɯɨɞɨɜ ɧɚ ɬɟɫɬɢɪɨɜɚɧɢɟ (ɩɨɫɤɨɥɶɤɭ ɧɭɠɧɨ ɛɭɞɟɬ ɬɟɫɬɢɪɨɜɚɬɶ ɦɟɧɶɲɟɟ ɤɨɥɢɱɟɫɬɜɨ ɡɚɞɚɱ ɦɨɞɟɪɧɢɡɚɰɢɢ).
,
Windows Server
2003
Ɉɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ - ɷɬɨ ɯɨɪɨɲɢɣ ɜɵɛɨɪ, ɟɫɥɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɜɵ ɯɨɬɢɬɟ ɦɨɞɟɪɧɢɡɢɪɨɜɚɬɶ, ɧɟ ɜɵɩɨɥɧɹɟɬɫɹ ɫɟɬɟɜɚɹ ɫɥɭɠɛɚ ɢɥɢ ɤɨɦɦɟɪɱɟɫɤɢɟ ɩɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɵɦ ɬɪɟɛɭɟɬɫɹ Windows NT Server 4 ɤɚɤ ɨɩɟɪɚɰɢɨɧɧɚɹ ɫɢɫɬɟɦɚ. ɗɬɢ ɩɪɢɥɨɠɟɧɢɹ ɦɨɝɭɬ ɜɤɥɸɱɚɬɶ ɨɛɫɥɭɠɢɜɚɧɢɟ ɮɚɤɫɚ, ɛɭɯɝɚɥɬɟɪɢɢ ɢɥɢ ɥɸɛɨɟ ɫɟɪɜɟɪɧɨɟ ɩɪɢɥɨɠɟɧɢɟ, ɤɨɬɨɪɨɟ ɧɟ ɦɨɞɟɪɧɢɡɢɪɭɟɬɫɹ ɞɨɫɬɚɬɨɱɧɨ ɱɚɫɬɨ. ȿɫɥɢ ɬɚɤɢɟ ɫɥɭɠɛɵ ɢ ɩɪɢɥɨɠɟɧɢɹ ɫɭɳɟɫɬɜɭɸɬ ɜ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ, ɬɨ ɢɦɟɟɬ ɫɦɵɫɥ ɩɨɬɪɚɬɢɬɶ ɜɪɟɦɹ ɧɚ ɢɯ ɩɪɨɜɟɪɤɭ ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɫ Windows Server 2003 ɢ ɨɩɪɟɞɟɥɢɬɶ, ɮɭɧɤɰɢɨɧɢɪɭɸɬ ɥɢ ɨɧɢ ɞɨɥɠɧɵɦ ɨɛɪɚɡɨɦ. ȿɫɥɢ ɨɛɧɚɪɭɠɚɬɫɹ ɩɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɵɟ ɧɟ ɫɦɨɝɭɬ ɜɵɩɨɥɧɹɬɶɫɹ ɧɚ Windows Server 2003, ɬɨ ɜɨɡɦɨɠɧɵ ɫɥɟɞɭɸɳɢɟ ɜɚɪɢɚɧɬɵ: ɜɵ ɦɨɠɟɬɟ ɨɬɥɨɠɢɬɶ ɨɛɧɨɜɥɟɧɢɟ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɧɟ ɛɭɞɟɬ ɧɚɣɞɟɧɚ ɫɨɜɦɟɫɬɢɦɚɹ ɜɟɪɫɢɹ ɩɪɢɥɨɠɟɧɢɹ ɢɥɢ ɩɨɞɯɨɞɹɳɚɹ ɡɚɦɟɧɚ; ɩɟɪɟɦɟɫɬɢɬɶ ɩɪɢɥɨɠɟɧɢɟ ɫ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɧɚ ɫɟɪɜɟɪ-ɱɥɟɧ ɞɨɦɟɧɚ (ɟɫɥɢ ɜɨɡɦɨɠɧɨ); ɧɟ ɨɛɧɨɜɥɹɬɶ ɫɟɪɜɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ ɫɢɫɬɟɦɚ Windows NT Server 4, ɩɨɤɚ ɧɟ ɩɨɹɜɢɬɫɹ ɧɨɜɚɹ ɜɟɪɫɢɹ ɜɚɲɟɝɨ ɩɪɢɥɨɠɟɧɢɹ. ɂɦɟɣɬɟ ɜ ɜɢɞɭ, ɱɬɨ ɫɟɪɜɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ Windows NT 4, ɦɨɠɟɬ ɫɭɳɟɫɬɜɨɜɚɬɶ ɧɟɨɩɪɟɞɟɥɟɧɧɨ ɞɨɥɝɨ ɜ ɤɚɱɟɫɬɜɟ ɫɟɪɜɟɪɚ-ɱɥɟɧɚ ɞɨɦɟɧɚ ɜ ɫɟɬɢ, ɨɫɧɨɜɚɧɧɨɣ ɧɚ Windows Server 2003. . BDC Windows NT 4 Windows Server 2003 , Windows 2000 mixed (
) , Windows Server 2003 interim (
Windows Server 2000, ).
ɇɢɠɟ ɩɪɢɜɨɞɹɬɫɹ ɯɚɪɚɤɬɟɪɢɫɬɢɤɢ ɨɪɝɚɧɢɡɚɰɢɢ, ɤɨɬɨɪɨɣ ɯɨɪɨɲɨ ɩɨɞɯɨɞɢɬ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ ɜ ɤɚɱɟɫɬɜɟ ɩɭɬɢ ɩɟɪɟɯɨɞɚ. ȿɫɥɢ ɢɦɟɸɳɚɹɫɹ ɞɨɦɟɧɧɚɹ ɦɨɞɟɥɶ Windows NT 4 ɛɨɥɶɲɟ ɧɟ ɭɞɨɜɥɟɬɜɨɪɹɟɬ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɦ ɩɨɬɪɟɛɧɨɫɬɹɦ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ: ɭɫɬɚɪɟɥɚ ɢɡ-ɡɚ ɫɥɢɹɧɢɹ ɤɨɦɩɚɧɢɣ, ɩɪɢɨɛɪɟɬɟɧɢɹ, ɨɬɞɟɥɟɧɢɹ ɞɨɱɟɪɧɢɯ ɤɨɦɩɚɧɢɣ ɢ ɩɪ., ɩɨ ɞɪɭɝɢɦ ɩɪɢɱɢɧɚɦ ɛɨɥɶɲɟ ɧɟ ɹɜɥɹɟɬɫɹ ɧɚɢɛɨɥɟɟ ɨɩɬɢɦɚɥɶɧɨɣ ɫɟɬɟɜɨɣ ɩɥɚɬɮɨɪɦɨɣ ɞɥɹ ɫɥɭɠɛ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ, ɬɨ ɧɚɢɥɭɱɲɢɦ ɜɵɛɨɪɨɦ ɛɭɞɟɬ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ. ɗɬɨ ɞɚɫɬ ɜɚɦ ɜɨɡɦɨɠɧɨɫɬɶ ɧɚɱɚɬɶ ɫ ɧɨɜɨɝɨ ɩɪɨɟɤɬɚ Active Directory, ɤɨɬɨɪɵɣ ɛɭɞɟɬ
ɭɞɨɜɥɟɬɜɨɪɹɬɶ ɜɚɲɢɦ ɞɟɥɨɜɵɦ ɢ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɦ ɩɨɬɪɟɛɧɨɫɬɹɦ. ɍɱɢɬɵɜɚɹ ɜɪɟɦɹ ɢ ɭɫɢɥɢɹ, ɤɨɬɨɪɵɟ ɩɨɬɪɟɛɭɸɬɫɹ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ Active Directory ɜ ɩɪɟɞɟɥɚɯ ɜɚɲɟɝɨ ɩɪɟɞɩɪɢɹɬɢɹ, ɧɚɱɢɧɚɬɶ ɫ ɩɪɨɟɤɬɚ ɢɦɟɟɬ ɫɦɵɫɥ ɬɨɥɶɤɨ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɨɧ ɭɩɪɨɫɬɢɬ ɜɚɲɭ ɠɢɡɧɶ ɧɚɫɬɨɥɶɤɨ, ɧɚɫɤɨɥɶɤɨ ɷɬɨ ɜɨɡɦɨɠɧɨ. Ɋɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɩɭɬɶ ɫ ɛɨɥɟɟ ɜɵɫɨɤɢɦ ɪɢɫɤɨɦ, ɱɟɦ ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ. ɇɚɞɨ ɜɵɩɨɥɧɢɬɶ ɛɨɥɶɲɟɟ ɤɨɥɢɱɟɫɬɜɨ ɡɚɞɚɱ, ɢ ɩɨɷɬɨɦɭ ɦɧɨɝɢɟ ɜɟɳɢ ɦɨɝɭɬ ɢɞɬɢ ɧɟ ɬɚɤ, ɤɚɤ ɧɚɞɨ. ȼ ɪɟɡɭɥɶɬɚɬɟ ɪɚɫɬɟɬ ɧɟɞɨɜɨɥɶɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɤɨɬɨɪɵɟ ɧɟ ɦɨɝɭɬ ɜɨɣɬɢ ɜ ɫɢɫɬɟɦɭ, ɨɛɪɚɬɢɬɶɫɹ ɤ ɧɟɨɛɯɨɞɢɦɵɦ ɪɟɫɭɪɫɚɦ ɢɥɢ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɫɜɨɢɦ ɩɨɱɬɨɜɵɦ ɹɳɢɤɚɦ. ȿɫɥɢ ɜɵ ɞɨɫɬɚɬɨɱɧɨ ɨɫɧɚɳɟɧɵ, ɱɬɨɛɵ ɭɩɪɚɜɥɹɬɶ ɷɬɢɦ ɪɢɫɤɨɦ, ɬɨ ɧɟ ɢɡɛɟɝɚɣɬɟ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ. Ʉɚɤ ɦɨɠɧɨ ɭɩɪɚɜɥɹɬɶ ɷɬɢɦ ɪɢɫɤɨɦ? ɇɭɠɧɨ ɬɳɚɬɟɥɶɧɨ ɩɥɚɧɢɪɨɜɚɬɶ, ɬɟɫɬɢɪɨɜɚɬɶ, ɨɛɭɱɚɬɶɫɹ ɢ ɩɨɥɶɡɨɜɚɬɶɫɹ ɩɨɞɞɟɪɠɤɨɣ.
,
Ɋɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ ɜɫɟɝɞɚ ɡɚɧɢɦɚɟɬ ɛɨɥɶɲɟ ɜɪɟɦɟɧɢ. Ɉɞɧɚɤɨ ɟɫɥɢ ɝɪɚɮɢɤ ɜɚɲɟɝɨ ɩɪɨɟɤɬɚ ɩɟɪɟɯɨɞɚ ɪɚɡɪɟɲɚɟɬ ɜɤɥɸɱɢɬɶ ɧɟɨɛɯɨɞɢɦɨɟ ɩɥɚɧɢɪɨɜɚɧɢɟ, ɬɟɫɬɢɪɨɜɚɧɢɟ ɢ ɜɵɩɨɥɧɟɧɢɟ ɡɚɞɚɱ, ɬɨ ɧɟ ɢɡɛɟɝɚɣɬɟ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɪɚɛɨɬɚɟɬɟ ɜ ɨɪɝɚɧɢɡɚɰɢɢ, ɝɞɟ ɪɚɛɨɱɟɟ ɜɪɟɦɹ ɫɢɫɬɟɦɵ ɹɜɥɹɟɬɫɹ ɤɪɢɬɢɱɟɫɤɨɣ ɜɟɥɢɱɢɧɨɣ, ɧɚɩɪɢɦɟɪ ɜ ɛɢɡɧɟɫɟ, ɫɜɹɡɚɧɧɵɦ ɫ ɷɥɟɤɬɪɨɧɧɨɣ ɤɨɦɦɟɪɰɢɟɣ, ɝɞɟ ɤɚɠɞɚɹ ɦɢɧɭɬɚ ɩɪɨɫɬɨɹ ɩɟɪɟɫɱɢɬɵɜɚɟɬɫɹ ɛɭɯɝɚɥɬɟɪɚɦɢ ɜ ɪɚɡɦɟɪ ɩɨɬɟɪɹɧɧɨɝɨ ɞɨɯɨɞɚ, ɬɨ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ — ɯɨɪɨɲɢɣ ɜɵɛɨɪ. Ɍɚɤ ɤɚɤ ɨɧɚ ɜɤɥɸɱɚɟɬ ɫɨɡɞɚɧɢɟ ɧɟɡɚɩɨɥɧɟɧɧɨɝɨ, «ɱɢɫɬɨɝɨ» ɥɟɫɚ ɢ ɨɫɬɚɜɥɹɟɬ ɢɫɯɨɞɧɭɸ ɫɪɟɞɭ, ɩɨ ɫɭɳɟɫɬɜɭ, ɛɟɡ ɢɡɦɟɧɟɧɢɣ, ɬɨ ɪɚɛɨɬɨɫɩɨɫɨɛɧɨɫɬɶ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɫɨɯɪɚɧɹɟɬɫɹ, ɩɨɫɤɨɥɶɤɭ ɩɨɥɶɡɨɜɚɬɟɥɢ ɩɪɨɞɨɥɠɚɸɬ ɮɭɧɤɰɢɨɧɢɪɨɜɚɬɶ ɜ ɫɭɳɟɫɬɜɭɸɳɟɣ ɫɪɟɞɟ. ȼɵ ɦɨɠɟɬɟ ɩɟɪɟɧɨɫɢɬɶ ɛɨɥɶɲɢɟ ɢɥɢ ɦɚɥɟɧɶɤɢɟ ɩɚɪɬɢɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɬɟɱɟɧɢɟ ɧɟɩɢɤɨɜɵɯ ɱɚɫɨɜ ɪɚɛɨɬɵ ɢ ɨɫɬɚɜɥɹɬɶ ɷɬɢ ɧɨɜɵɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɛɟɡɞɟɣɫɬɜɭɸɳɢɦɢ ɞɨ ɬɨɝɨ ɜɪɟɦɟɧɢ, ɤɚɤ ɛɭɞɟɬɟ ɝɨɬɨɜɵ ɩɨɤɢɧɭɬɶ ɫɬɚɪɭɸ ɫɢɫɬɟɦɭ. Ɋɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ ɜɥɟɱɟɬ ɡɚ ɫɨɛɨɣ ɛɨɥɶɲɟɟ ɤɨɥɢɱɟɫɬɜɨ ɡɚɞɚɱ, ɱɟɦ ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ, ɢ ɩɨɷɬɨɦɭ ɬɪɟɛɭɟɬɫɹ ɛɨɥɶɲɟɟ ɤɨɥɢɱɟɫɬɜɨ ɪɟɫɭɪɫɨɜ. ȼɵɛɢɪɚɹ ɷɬɨɬ ɩɭɬɶ ɩɟɪɟɯɨɞɚ, ɭɛɟɞɢɬɟɫɶ, ɱɬɨ ɜɚɲ ɲɬɚɬ ɫɨɬɪɭɞɧɢɤɨɜ ɚɞɟɤɜɚɬɧɨ ɭɤɨɦɩɥɟɤɬɨɜɚɧ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɪɚɛɨɱɟɣ ɧɚɝɪɭɡɤɢ, ɫɜɹɡɚɧɧɨɣ ɫ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ ɞɨɦɟɧɚ. ɇɟ ɡɚɛɭɞɶɬɟ ɭɱɟɫɬɶ, ɱɬɨ ɜɚɲ ɲɬɚɬ ɧɟ ɛɭɞɟɬ ɜɵɩɨɥɧɹɬɶ ɨɛɵɱɧɵɟ ɟɠɟɞɧɟɜɧɵɟ ɨɛɹɡɚɧɧɨɫɬɢ ɢɡ-ɡɚ ɜɪɟɦɟɧɢ, ɩɨɬɪɚɱɟɧɧɨɝɨ ɧɚ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɸ. ȼɟɥɢɤɚ ɜɟɪɨɹɬɧɨɫɬɶ ɬɨɝɨ, ɱɬɨ ɜɵ ɧɟ ɫɦɨɠɟɬɟ ɩɪɢɨɫɬɚɧɨɜɢɬɶ ɩɪɨɰɟɞɭɪɵ ɫɟɬɟɜɨɝɨ ɪɟɡɟɪɜɢɪɨɜɚɧɢɹ ɧɚ ɧɟɫɤɨɥɶɤɨ ɧɟɞɟɥɶ ɢɡ-ɡɚ ɬɨɝɨ, ɱɬɨ ɜɚɲɢ ɬɟɯɧɢɤɢ ɛɭɞɭɬ ɧɚɥɚɠɢɜɚɬɶ ɢɫɩɵɬɚɬɟɥɶɧɭɸ ɥɚɛɨɪɚɬɨɪɢɸ, ɩɨɷɬɨɦɭ ɧɟ ɡɚɛɭɞɶɬɟ ɩɪɟɞɭɫɦɨɬɪɟɬɶ ɡɚɩɨɥɧɟɧɢɟ ɷɬɢɯ ɪɨɥɟɣ, ɟɫɥɢ ɜɵ ɨɫɭɳɟɫɬɜɥɹɟɬɟ ɩɟɪɟɯɨɞ ɫ ɜɧɭɬɪɟɧɧɢɦ ɲɬɚɬɨɦ. ȼ ɤɚɱɟɫɬɜɟ ɚɥɶɬɟɪɧɚɬɢɜɵ ɦɨɠɧɨ ɩɟɪɟɥɨɠɢɬɶ ɱɚɫɬɶ ɡɚɞɚɱ ɢɥɢ ɜɟɫɶ ɩɪɨɟɤɬ ɧɚ ɜɧɟɲɧɢɯ ɫɨɬɪɭɞɧɢɤɨɜ, ɩɨɫɤɨɥɶɤɭ ɫɭɳɟɫɬɜɭɟɬ ɦɧɨɠɟɫɬɜɨ ɤɨɧɫɭɥɶɬɚɬɢɜɧɵɯ ɝɪɭɩɩ, ɤɨɬɨɪɵɟ ɫɩɟɰɢɚɥɢɡɢɪɭɸɬɫɹ ɧɚ ɬɚɤɢɯ ɩɪɨɟɤɬɚɯ. ɗɬɨ ɫɷɤɨɧɨɦɢɬ ɜɪɟɦɹ ɢ ɞɟɧɶɝɢ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɨɛɭɱɟɧɢɹ ɜɚɲɢɯ ɜɧɭɬɪɟɧɧɢɯ ɫɨɬɪɭɞɧɢɤɨɜ. ɉɨ ɦɧɨɝɢɦ ɩɪɢɱɢɧɚɦ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ ɩɨɬɪɟɛɭɟɬ ɛɨɥɶɲɟɝɨ ɛɸɞɠɟɬɚ, ɱɟɦ ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ. Ⱥɩɩɚɪɚɬɧɵɟ ɬɪɟɛɨɜɚɧɢɹ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɩɨɫɬɪɨɟɧɢɹ ɧɟɡɚɩɨɥɧɟɧɧɨɣ ɫɪɟɞɵ ɥɟɫɚ, ɜ ɤɨɬɨɪɭɸ ɜɵ ɛɭɞɟɬɟ ɩɟɪɟɧɨɫɢɬɶ ɜɚɲɢ ɨɛɴɟɤɬɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɫɥɟɞɭɟɬ ɪɚɫɫɦɨɬɪɟɬɶ ɫ ɬɨɱɤɢ ɡɪɟɧɢɹ ɛɸɞɠɟɬɧɵɯ ɡɚɬɪɚɬ. ȿɫɥɢ ɜɵ ɧɚɯɨɞɢɬɟɫɶ ɧɚ ɫɬɚɞɢɢ ɨɛɧɨɜɥɟɧɢɹ Windows NT 4, ɬɨ ɷɬɢ ɚɩɩɚɪɚɬɧɵɟ ɪɚɫɯɨɞɵ, ɜɟɪɨɹɬɧɨ, ɩɪɨɢɡɨɣɞɭɬ ɜ ɥɸɛɨɦ ɢɡ ɬɪɟɯ ɫɰɟɧɚɪɢɟɜ ɩɟɪɟɯɨɞɚ.
,
Windows NT 4 Server
ȿɫɥɢ ɜɵ ɩɨɞɞɟɪɠɢɜɚɟɬɟ ɫɟɬɟɜɵɟ ɫɥɭɠɛɵ ɢɥɢ ɤɨɦɦɟɪɱɟɫɤɢɟ ɩɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɵɟ ɜɵɩɨɥɧɹɸɬɫɹ ɬɨɥɶɤɨ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4 Server, ɜɵ, ɨɱɟɜɢɞɧɨ, ɧɟ ɡɚɯɨɬɢɬɟ ɜɵɩɨɥɧɹɬɶ ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɫɨɞɟɪɠɢɬ ɷɬɢ ɤɨɦɩɶɸɬɟɪɵ. ɗɬɨɬ ɮɚɤɬ ɦɨɠɟɬ ɩɨɜɥɢɹɬɶ ɧɚ ɜɚɲɟ ɪɟɲɟɧɢɟ ɩɟɪɟɦɟɫɬɢɬɶ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ ɩɭɬɟɦ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ, ɚ ɡɚɬɟɦ
ɦɨɞɟɪɧɢɡɢɪɨɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɩɨɫɥɟ ɬɨɝɨ ɤɚɤ ɩɪɢɥɨɠɟɧɢɟ ɢɥɢ ɫɥɭɠɛɚ ɛɭɞɭɬ ɩɟɪɟɦɟɳɟɧɵ ɧɚ ɫɟɪɜɟɪ-ɱɥɟɧ ɞɨɦɟɧɚ, ɢɥɢ ɩɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɛɭɞɟɬɟ ɢɦɟɬɶ ɜɟɪɫɢɸ ɩɪɢɥɨɠɟɧɢɹ, ɫɨɜɦɟɫɬɢɦɭɸ ɫ Windows Server 2003.
ȿɫɥɢ ɜɵ ɪɟɲɢɬɟ, ɱɬɨ ɜɚɲɚ ɤɨɦɩɚɧɢɹ ɧɟ ɭɞɨɜɥɟɬɜɨɪɹɟɬ ɭɫɥɨɜɢɹɦ, ɩɨɡɜɨɥɹɸɳɢɦ ɭɜɟɪɟɧɧɨ ɜɵɛɪɚɬɶ ɨɛɧɨɜɥɟɧɢɟ ɢɥɢ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɸ ɞɨɦɟɧɚ ɜ ɤɚɱɟɫɬɜɟ ɩɭɬɢ ɨɛɧɨɜɥɟɧɢɹ, ɢɥɢ ɟɫɥɢ ɞɥɹ ɧɟɟ ɩɨɞɯɨɞɹɬ ɨɛɚ ɩɭɬɢ, ɬɨ, ɜɨɡɦɨɠɧɨ, ɜɵ ɜɵɛɟɪɟɬɟ ɬɪɟɬɢɣ ɩɭɬɶ — ɨɛɧɨɜɥɟɧɢɟ ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ. Ɋɚɫɫɦɨɬɪɢɬɟ ɜɨɡɦɨɠɧɨɫɬɶ ɨɛɧɨɜɥɟɧɢɹ ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ, ɟɫɥɢ ɯɨɬɢɬɟ ɩɨɥɭɱɢɬɶ ɧɟɦɟɞɥɟɧɧɭɸ ɜɵɝɨɞɭ ɨɬ ɩɟɪɟɯɨɞɚ ɤ Active Directory (ɜɤɥɸɱɚɹ ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ, ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ, ɩɭɛɥɢɤɚɰɢɸ ɩɪɢɥɨɠɟɧɢɣ ɢ ɦɧɨɝɨɟ ɞɪɭɝɨɟ), ɚ ɬɚɤɠɟ ɞɨɥɝɨɜɪɟɦɟɧɧɭɸ ɜɵɝɨɞɭ ɨɬ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ (ɦɟɧɶɲɟɟ ɤɨɥɢɱɟɫɬɜɨ ɞɨɦɟɧɨɜ ɫ ɭɜɟɥɢɱɟɧɧɵɦ ɨɛɴɟɦɨɦ ɞɨɦɟɧɚ, ɩɪɨɟɤɬ ɞɨɦɟɧɚ ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɜɚɲɢɦɢ ɞɟɥɨɜɵɦɢ ɢ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɦɢ ɰɟɥɹɦɢ). Ʉɪɢɬɢɱɟɫɤɢɣ ɜɨɩɪɨɫ, ɧɚ ɤɨɬɨɪɵɣ ɧɭɠɧɨ ɨɬɜɟɬɢɬɶ ɩɪɢ ɪɚɫɫɦɨɬɪɟɧɢɢ ɷɬɨɝɨ ɩɭɬɢ, ɫɥɟɞɭɸɳɢɣ: «Ȼɭɞɟɬ ɥɢ ɬɟɤɭɳɚɹ ɦɨɞɟɥɶ ɜɚɲɟɝɨ ɞɨɦɟɧɚ ɚɞɟɤɜɚɬɧɨ ɮɭɧɤɰɢɨɧɢɪɨɜɚɬɶ ɜ ɫɪɟɞɟ Windows Server 2003? » (ɩɨɧɹɬɢɟ «ɚɞɟɤɜɚɬɧɨ» ɹɜɥɹɟɬɫɹ ɨɱɟɧɶ ɫɭɛɴɟɤɬɢɜɧɵɦ, ɢ ɤɚɠɞɵɣ ɫɟɬɟɜɨɣ ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɞɨɥɠɟɧ ɪɟɲɢɬɶ ɞɥɹ ɫɟɛɹ, ɦɨɠɟɬ ɥɢ ɤɨɦɩɚɧɢɹ ɩɪɨɞɨɥɠɚɬɶ ɩɨɞɞɟɪɠɢɜɚɬɶ ɤɨɧɝɥɨɦɟɪɚɬ ɩɪɟɞɵɞɭɳɢɯ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦ, ɟɫɥɢ ɞɚ, ɬɨ ɤɚɤ ɞɨɥɝɨ.) ȿɫɥɢ ɨɬɜɟɬ - ɞɚ, ɜɨɡɦɨɠɧɨ, ɜɵ ɧɚɢɥɭɱɲɢɦ ɨɛɪɚɡɨɦ ɞɨɫɬɢɝɧɢɬɟ ɫɜɨɢɯ ɰɟɥɟɣ ɱɟɪɟɡ ɩɭɬɶ ɨɛɧɨɜɥɟɧɢɹ ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ. П че ы . . , . , ? SAM ( 80 , , , 40 ). Windows NT 4, . « ». , ( , . .) , . . , . , Active Directory.
Active Directory Windows Server 2003 ,
,
. ,
OU Windows NT 4, (
).
Domain Admins Windows NT 4
Active Directory . Ʉɚɤ ɬɨɥɶɤɨ ɜɵ ɨɩɪɟɞɟɥɢɥɢ ɥɭɱɲɢɣ ɩɭɬɶ ɩɟɪɟɯɨɞɚ ɞɥɹ ɜɚɲɢɯ ɞɨɦɟɧɨɜ, ɩɪɢɲɥɨ ɜɪɟɦɹ ɪɚɛɨɬɚɬɶ. ɋɥɟɞɭɸɳɢɟ ɪɚɡɞɟɥɵ ɭɬɨɱɧɹɸɬ ɞɟɣɫɬɜɢɹ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɦɨɞɟɪɧɢɡɚɰɢɢ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɜɚɲɟɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɫ Windows NT 4 ɤ Windows Server 2003.
Active Directory
ɉɨɞɝɨɬɨɜɤɚ ɩɟɪɟɯɨɞɚ ɨɬ Windows NT 4 ɤ Windows Server 2003 ɢ ɤ Active Directory ɩɪɨɢɫɯɨɞɢɬ ɜ ɬɪɢ ɷɬɚɩɚ. 1. ɉɥɚɧɢɪɨɜɚɧɢɟ ɩɟɪɟɯɨɞɚ. 2. ɂɫɩɵɬɚɧɢɟ ɩɥɚɧɚ ɩɟɪɟɯɨɞɚ. 3. ɉɪɨɜɟɞɟɧɢɟ ɷɤɫɩɟɪɢɦɟɧɬɚɥɶɧɨɝɨ ɩɟɪɟɯɨɞɚ.
Ʉɪɨɦɟ ɬɨɝɨ, ɜɵ ɞɨɥɠɧɵ ɡɚɩɥɚɧɢɪɨɜɚɬɶ ɜɪɟɦɹ ɧɚ ɨɛɫɥɭɠɢɜɚɧɢɟ ɢ ɩɨɞɞɟɪɠɤɭ, ɤɨɬɨɪɵɟ ɫɥɟɞɭɸɬ ɡɚ ɪɚɡɜɟɪɬɵɜɚɧɢɟɦ. Ɉɞɧɚɤɨ ɷɬɨɬ ɷɬɚɩ ɧɟ ɹɜɥɹɟɬɫɹ ɨɛɹɡɚɬɟɥɶɧɵɦ ɞɥɹ ɩɪɨɟɤɬɚ ɩɟɪɟɯɨɞɚ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɢ ɜ ɷɬɨɦ ɪɚɡɞɟɥɟ ɧɟ ɨɛɫɭɠɞɚɟɬɫɹ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨɛ ɨɛɧɨɜɥɟɧɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Windows NT 4 ɞɨ Windows Server 2003 ɫɦɨɬɪɢɬɟ ɫɬɚɬɶɸ «Upgrading Windows NT 4.0 Domains to Windows Server 2003 (Ɉɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɨɜ Windows NT 4.0 ɞɨ Windows Server 2003) ɩɨ ɚɞɪɟɫɭ http:// www.microsoft.com/technet/prodtechnol/windowsserver2003/ evaluate/cpp/reskit/ad. ɂɦɟɟɬɫɹ ɬɚɤɠɟ ɫɬɚɬɶɹ «Domain Migration Cookbook (Ʉɭɯɧɹ ɨɛɧɨɜɥɟɧɢɹ ɞɨɦɟɧɨɜ)» ɩɨ ɚɞɪɟɫɭ http://www.microsoft.co7n/technet/prodtechnol/windows2000serv/deploy/cookbook/cookintr. ɏɨɬɹ ɷɬɢ ɫɬɚɬɶɢ ɧɚɩɢɫɚɧɵ ɞɥɹ Windows Server 2000, ɨɧɢ ɞɚɸɬ ɤɪɢɬɢɱɟɫɤɢɣ ɚɧɚɥɢɡ ɬɟɯɧɢɤɢ ɩɟɪɟɯɨɞɚ ɨɬ Windows NT 4 ɢ ɜɤɥɸɱɚɸɬ ɩɪɨɰɟɞɭɪɵ ɢ ɧɚɢɥɭɱɲɢɟ ɦɟɬɨɞɵ ɪɟɚɥɢɡɚɰɢɢ ɨɛɧɨɜɥɟɧɢɹ ɢ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ. ɗɬɢ ɩɪɨɰɟɞɭɪɵ ɢ ɦɟɬɨɞɵ ɭɦɟɫɬɧɵ ɢ ɜ ɫɪɟɞɟ Windows Server 2003.
ɑɬɨɛɵ ɝɚɪɚɧɬɢɪɨɜɚɬɶ ɭɫɩɟɲɧɵɣ ɩɟɪɟɯɨɞ ɤ Windows Server 2003 ɢ Active Directory, ɡɚɬɪɚɬɶɬɟ ɞɨɫɬɚɬɨɱɧɨ ɭɫɢɥɢɣ ɧɚ ɟɝɨ ɩɥɚɧɢɪɨɜɚɧɢɟ, ɛɭɞɶ ɬɨ ɨɩɟɪɚɬɢɜɧɨɟ ɨɛɧɨɜɥɟɧɢɟ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɢɥɢ ɩɨɥɧɚɹ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɧɨɣ ɦɨɞɟɥɢ. Ʉɨɧɟɱɧɵɦ ɪɟɡɭɥɶɬɚɬɨɦ ɛɭɞɟɬ ɩɨɥɧɨɟ ɨɩɢɫɚɧɢɟ ɜɫɟɯ ɡɚɞɚɱ, ɤɨɬɨɪɵɟ ɧɭɠɧɨ ɜɵɩɨɥɧɢɬɶ ɜ ɩɪɨɰɟɫɫɟ ɦɨɞɟɪɧɢɡɚɰɢɢ. ɉɨɫɥɟ ɩɪɨɜɟɪɤɢ ɷɬɨɬ ɩɥɚɧ ɛɭɞɟɬ ɫɥɭɠɢɬɶ ɫɰɟɧɚɪɢɟɦ, ɩɨ ɤɨɬɨɪɨɦɭ ɜɵ ɜɵɩɨɥɧɢɬɟ ɦɧɨɝɨɱɢɫɥɟɧɧɵɟ ɢ ɪɚɡɧɨɨɛɪɚɡɧɵɟ ɡɚɞɚɱɢ ɦɨɞɟɪɧɢɡɚɰɢɢ ɫɜɨɟɝɨ ɞɨɦɟɧɚ. ɉɟɪɜɵɣ ɲɚɝ ɜ ɩɥɚɧɢɪɨɜɚɧɢɢ ɦɨɞɟɪɧɢɡɚɰɢɢɢ Active Directory ɫɨɫɬɨɢɬ ɜ ɞɨɤɭɦɟɧɬɢɪɨɜɚɧɢɢ ɫɭɳɟɫɬɜɭɸɳɟɝɨ ɤɚɬɚɥɨɝɚ ɢ ɩɥɚɬɮɨɪɦɵ ɫɟɬɟɜɵɯ ɫɥɭɠɛ. ȼɵ ɛɭɞɟɬɟ ɭɞɢɜɥɟɧɵ, ɨɛɧɚɪɭɠɢɜ, ɤɚɤ ɦɧɨɝɨɝɨ ɜɵ ɧɟ ɡɧɚɥɢ ɨ ɫɟɪɜɟɪɚɯ, ɫɥɭɠɛɚɯ ɢ ɩɪɢɥɨɠɟɧɢɹɯ, ɜɵɩɨɥɧɹɸɳɢɯɫɹ ɧɚ ɜɚɲɢɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ. ɂɫɩɨɥɶɡɭɣɬɟ ɷɬɭ ɪɟɜɢɡɢɸ ɤɚɤ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨɱɢɫɬɢɬɶ «ɩɚɭɬɢɧɭ» ɢ, ɜɨɡɦɨɠɧɨ, ɭɞɚɥɢɬɶ ɢɡɛɵɬɨɱɧɵɟ ɢɥɢ ɧɟɢɫɩɨɥɶɡɭɟɦɵɟ ɷɥɟɦɟɧɬɵ. ȼɵ ɫɞɟɥɚɟɬɟ ɜɚɲɭ ɫɟɬɶ ɛɨɥɟɟ ɷɮɮɟɤɬɢɜɧɨɣ ɢ ɥɟɝɤɨɣ ɜ ɫɨɩɪɨɜɨɠɞɟɧɢɢ ɢ ɭɦɟɧɶɲɢɬɟ ɨɛɴɟɦ ɪɚɛɨɬɵ, ɤɨɬɨɪɵɣ ɩɪɟɞɫɬɨɢɬ ɩɪɨɞɟɥɚɬɶ ɜ ɩɪɨɰɟɫɫɟ ɦɨɞɟɪɧɢɡɚɰɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. Ʉɚɤ ɬɨɥɶɤɨ ɬɟɤɭɳɚɹ ɫɪɟɞɚ ɛɭɞɟɬ ɡɚɞɨɤɭɦɟɧɬɢɪɨɜɚɧɚ, ɩɪɢɦɢɬɟ ɪɟɲɟɧɢɟ ɨ ɬɨɦ, ɤɚɤ ɢ ɤɨɝɞɚ ɦɨɞɟɪɧɢɡɢɪɨɜɚɬɶ Active Directory. ɇɢɠɟ ɩɪɢɜɨɞɹɬɫɹ ɬɟ ɷɥɟɦɟɧɬɵ, ɨɩɢɫɚɧɢɟ ɤɨɬɨɪɵɯ ɜɵ ɜɤɥɸɱɢɬɟ ɜ ɫɜɨɣ ɩɥɚɧ. • Ɍɟɤɭɳɚɹ ɞɨɦɟɧɧɚɹ ɫɬɪɭɤɬɭɪɚ Windows NT 4. ɉɟɪɟɞ ɧɚɱɚɥɨɦ ɦɨɞɟɪɧɢɡɚɰɢɢ ɜɵ ɞɨɥɠɧɵ ɢɦɟɬɶ ɹɫɧɭɸ ɤɚɪɬɢɧɭ ɬɟɤɭɳɟɝɨ ɫɨɫɬɨɹɧɢɹ. ɗɬɚ ɢɧɮɨɪɦɚɰɢɹ ɛɭɞɟɬ ɠɢɡɧɟɧɧɨ ɧɟɨɛɯɨɞɢɦɨɣ, ɤɨɝɞɚ ɜɵ ɛɭɞɟɬɟ ɩɥɚɧɢɪɨɜɚɬɶ ɨɬɤɚɬ ɩɟɪɟɯɨɞɚ. ɇɚɢɥɭɱɲɚɹ ɩɪɚɤɬɢɤɚ ɫɨɫɬɨɢɬ ɜ ɞɨɤɭɦɟɧɬɢɪɨɜɚɧɢɢ ɫɥɟɞɭɸɳɟɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɜɚɲɟɦ ɬɟɤɭɳɟɦ ɤɚɬɚɥɨɝɟ, ɫɟɬɟɜɵɯ ɫɥɭɠɛɚɯ ɢ ɫɪɟɞɟ, ɜ ɤɨɬɨɪɨɣ ɨɧɢ ɜɵɩɨɥɧɹɸɬɫɹ: o ɜɫɟ ɞɨɦɟɧɵ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ (ɞɨɦɟɧɵ ɪɟɫɭɪɫɨɜ ɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ); o ɜɫɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ (ɜɤɥɸɱɚɹ ɬɢɩ ɢ ɧɚɩɪɚɜɥɟɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ); o ɜɫɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɝɥɨɛɚɥɶɧɵɯ ɢ ɥɨɤɚɥɶɧɵɯ ɝɪɭɩɩ, ɚ ɬɚɤɠɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɨɜ; o ɜɫɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ ɢ ɞɪɭɝɢɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ, ɤɨɬɨɪɵɟ ɧɟɨɛɯɨɞɢɦɵ ɞɥɹ ɡɚɩɭɫɤɚ ɫɟɬɟɜɵɯ ɫɥɭɠɛ ɢɥɢ ɩɪɢɥɨɠɟɧɢɣ; o ɜɫɟ ɫɢɫɬɟɦɧɵɟ ɩɨɥɢɬɢɤɢ ɢ ɩɨɥɢɬɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɤɨɬɨɪɵɟ ɜɧɟɞɪɟɧɵ ɜ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. • Ɍɟɤɭɳɢɟ ɫɟɬɟɜɵɟ ɫɥɭɠɛɵ Windows NT 4. Ɂɚɞɨɤɭɦɟɧɬɢɪɭɣɬɟ ɜɫɟ ɫɟɬɟɜɵɟ ɫɥɭɠɛɵ, ɢɫɩɨɥɶɡɭɸɳɢɟɫɹ ɧɚ ɜɚɲɟɦ ɩɪɟɞɩɪɢɹɬɢɢ, ɜɤɥɸɱɚɹ ɫɟɪɜɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɨɧɢ ɜɵɩɨɥɧɹɸɬɫɹ. ɍɛɟɞɢɬɟɫɶ, ɱɬɨ ɜɚɲ ɩɥɚɧ ɩɟɪɟɯɨɞɚ ɨɬɜɟɱɚɟɬ ɡɚ ɜɵɩɨɥɧɟɧɢɟ ɷɬɢɯ ɫɥɭɠɛ. ȼɵ ɞɨɥɠɧɵ ɡɚɞɨɤɭɦɟɧɬɢɪɨɜɚɬɶ ɫɥɟɞɭɸɳɢɟ ɫɥɭɠɛɵ: o ɫɟɪɜɟɪɵ DNS; o ɫɟɪɜɟɪɵ ɩɪɨɬɨɤɨɥɚ ɞɢɧɚɦɢɱɟɫɤɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɯɨɫɬɚ (DHCP), a ɬɚɤɠɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɨɛɥɚɫɬɢ ɞɟɣɫɬɜɢɹ (scope); o ɫɟɪɜɟɪɵ ɫɥɭɠɛɵ ɢɦɟɧ ɢɧɬɟɪɧɟɬɚ ɞɥɹ Windows (WINS);
o ɫɟɪɜɟɪɵ ɫɥɭɠɛɵ ɭɞɚɥɟɧɧɨɝɨ ɞɨɫɬɭɩɚ (RAS) (ɫɦ. ɩɪɢɦɟɱɚɧɢɟ ɧɢɠɟ); o ɮɚɣɥɨɜɵɟ ɫɟɪɜɟɪɵ ɢ ɫɟɪɜɟɪɚ ɩɟɱɚɬɢ.
ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. RAS-ɫɟɪɜɟɪɵ ɫɢɫɬɟɦɵ Windows NT 4 ɢɫɩɨɥɶɡɭɸɬ NULL-ɫɟɚɧɫɵ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɦɨɞɟɦɚ ɢ ɞɪɭɝɢɯ ɩɚɪɚɦɟɬɪɨɜ ɟɝɨ ɧɚɫɬɪɨɣɤɢ, ɬɢɩɚ ɧɨɦɟɪɨɜ ɬɟɥɟɮɨɧɚ ɩɨɜɬɨɪɧɨɝɨ ɜɵɡɨɜɚ (call-back) ɞɥɹ ɭɞɚɥɟɧɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɉɨ ɭɦɨɥɱɚɧɢɸ Active Directory ɧɟ ɩɪɢɧɢɦɚɟɬ ɡɚɩɪɨɫɵ ɤ ɚɬɪɢɛɭɬɚɦ ɨɛɴɟɤɬɨɜ ɩɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ NULL-ɫɟɚɧɫɨɜ. Ȼɟɡ ɧɚɞɥɟɠɚɳɟɝɨ ɩɥɚɧɢɪɨɜɚɧɢɹ ɜɡɚɢɦɨɞɟɣɫɬɜɢɟ ɫɥɭɠɛ ɭɞɚɥɟɧɧɨɝɨ ɞɨɫɬɭɩɚ ɜ ɫɦɟɲɚɧɧɨɣ ɫɪɟɞɟ ɦɨɠɟɬ ɜɵɡɜɚɬɶ ɨɬɤɚɡ ɜ ɫɟɬɟɜɨɦ ɭɞɚɥɟɧɧɨɦ ɞɨɫɬɭɩɟ ɞɥɹ ɡɚɤɨɧɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɫɜɹɡɵɜɚɸɳɢɯɫɹ ɫ ɫɢɫɬɟɦɨɣ ɱɟɪɟɡ ɦɨɞɟɦ. ɑɬɨɛɵ ɢɡɛɟɝɚɬɶ RAS-ɤɨɧɮɥɢɤɬɨɜ ɜ ɩɪɨɰɟɫɫɟ ɦɨɞɟɪɧɢɡɚɰɢɢ, ɧɭɠɧɨ ɤɚɤ ɦɨɠɧɨ ɪɚɧɶɲɟ ɨɛɧɨɜɢɬɶ RAS-ɫɟɪɜɟɪɵ Windows NT 4. ȿɫɥɢ ɜ ɩɪɨɰɟɫɫɟ ɦɨɞɟɪɧɢɡɚɰɢɢ ɜɵ ɛɭɞɟɬɟ ɩɨɞɞɟɪɠɢɜɚɬɶ ɫɦɟɲɚɧɧɭɸ ɫɪɟɞɭ, ɧɭɠɧɨ ɩɨɧɢɡɢɬɶ ɡɚɞɚɧɧɭɸ ɩɨ ɭɦɨɥɱɚɧɢɸ ɡɚɳɢɬɭ Active Directory, ɜɵɛɢɪɚɹ ɨɩɰɢɸ Permissions Compatible With Pre-Windows 2000 Server Operating Systems (Ɋɚɡɪɟɲɟɧɢɹ, ɫɨɜɦɟɫɬɢɦɵɟ ɫ ɨɩɟɪɚɰɢɨɧɧɵɦɢ ɫɢɫɬɟɦɚɦɢ, ɩɪɟɞɲɟɫɬɜɭɸɳɢɦɢ Windows 2000 Server) ɩɪɢ ɜɵɩɨɥɧɟɧɢɢ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. • Ⱥɩɩɚɪɚɬɧɵɟ ɫɪɟɞɫɬɜɚ ɫɟɪɜɟɪɚ ɫ Windows NT 4 Server ɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ɗɬɨ ɨɫɨɛɟɧɧɨ ɜɚɠɧɨ ɞɥɹ ɨɛɧɨɜɥɟɧɢɹ, ɩɪɢ ɤɨɬɨɪɨɦ ɜɵ ɩɥɚɧɢɪɭɟɬɟ ɩɪɨɞɨɥɠɚɬɶ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɢɦɟɸɳɢɯɫɹ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜ ɫɟɪɜɟɪɚ ɜ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɧɨɣ ɫɪɟɞɟ ɞɨɦɟɧɚ. Ⱦɨɥɠɧɚ ɛɵɬɶ ɭɜɟɪɟɧɧɨɫɬɶ ɜ ɬɨɦ, ɱɬɨ ɥɸɛɨɣ ɫɟɪɜɟɪ, ɤɨɬɨɪɵɣ ɫɧɨɜɚ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɜ ɬɨɦ ɠɟ ɤɚɱɟɫɬɜɟ, ɭɞɨɜɥɟɬɜɨɪɹɟɬ ɬɪɟɛɨɜɚɧɢɹɦ, ɩɪɟɞɴɹɜɥɹɟɦɵɦ ɤ ɚɩɩɚɪɚɬɧɵɦ ɫɪɟɞɫɬɜɚɦ Windows Server 2003. ȼɚɠɧɨ ɬɚɤɠɟ ɡɚɞɨɤɭɦɟɧɬɢɪɨɜɚɬɶ ɩɪɨɝɪɚɦɦɧɭɸ ɤɨɧɮɢɝɭɪɚɰɢɸ ɤɚɠɞɨɝɨ ɫɟɪɜɟɪɚ ɞɥɹ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɜɫɟ ɩɪɢɥɨɠɟɧɢɹ ɢ ɫɥɭɠɛɵ ɛɭɞɭɬ ɭɱɬɟɧɵ ɜ ɧɨɜɨɣ ɫɪɟɞɟ. Ⱦɥɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɢ ɫɟɪɜɟɪɨɜ-ɱɥɟɧɨɜ ɞɨɦɟɧɚ, ɷɬɨɬ ɫɩɢɫɨɤ ɞɨɥɠɟɧ ɜɤɥɸɱɚɬɶ ɫɥɟɞɭɸɳɟɟ: o ɤɨɥɢɱɟɫɬɜɨ ɩɪɨɰɟɫɫɨɪɨɜ ɢ ɢɯ ɫɤɨɪɨɫɬɶ; o ɨɩɟɪɚɬɢɜɧɚɹ ɩɚɦɹɬɶ; o ɫɢɫɬɟɦɵ ɯɪɚɧɟɧɢɹ ɢɧɮɨɪɦɚɰɢɢ; o NOS, ɜɵɩɨɥɧɹɸɳɚɹɫɹ ɧɚ ɤɚɠɞɨɦ ɫɟɪɜɟɪɟ. (ȼɵ ɦɨɠɟɬɟ ɨɛɧɚɪɭɠɢɬɶ, ɱɬɨ ɭ ɜɚɫ ɢɦɟɟɬɫɹ ɫɨɜɨɤɭɩɧɨɫɬɶ ɪɚɡɧɵɯ NOS, ɤɨɬɨɪɵɟ ɢɦɟɸɬ ɪɚɡɥɢɱɧɵɟ ɩɭɬɢ ɨɛɧɨɜɥɟɧɢɹ.); o ɨɩɟɪɚɰɢɨɧɧɚɹ ɫɢɫɬɟɦɚ, ɜɵɩɨɥɧɹɸɳɚɹɫɹ ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ. (ɗɬɨ ɨɩɪɟɞɟɥɢɬ ɬɨ, ɤɚɤ ɜɵ ɪɟɚɥɢɡɭɟɬɟ ɫɢɫɬɟɦɧɵɟ ɩɨɥɢɬɢɤɢ ɢ ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ.); o ɜɫɟ ɩɪɢɥɨɠɟɧɢɹ, ɫɜɹɡɚɧɧɵɟ ɫ ɛɢɡɧɟɫɨɦ, ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4. (ȼɵ ɞɨɥɠɧɵ ɡɚɞɨɤɭɦɟɧɬɢɪɨɜɚɬɶ, ɫɨɜɦɟɫɬɢɦɵ ɥɢ ɨɧɢ ɫ Windows Server 2003 ɢ ɫɥɟɞɭɟɬ ɥɢ ɢɯ ɩɪɨɜɟɪɹɬɶ ɧɚ ɧɨɜɨɣ ɩɥɚɬɮɨɪɦɟ.) Ⱦɚɧɧɵɣ ɫɩɢɫɨɤ - ɷɬɨ ɬɨɥɶɤɨ ɨɫɧɨɜɚ. ȼɵ ɞɨɥɠɧɵ ɬɳɚɬɟɥɶɧɨ ɢɫɫɥɟɞɨɜɚɬɶ ɜɚɲɭ ɫɟɬɶ ɞɥɹ ɜɵɹɜɥɟɧɢɹ ɩɪɨɛɥɟɦ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɩɨɦɟɲɚɬɶ ɨɫɭɳɟɫɬɜɥɟɧɢɸ ɜɚɲɢɯ ɩɥɚɧɨɜ. Ɍɟɩɟɪɶ, ɤɨɝɞɚ ɜɵ ɢɦɟɟɬɟ ɹɫɧɨɟ ɩɪɟɞɫɬɚɜɥɟɧɢɟ ɨ ɬɨɣ ɬɨɱɤɟ, ɝɞɟ ɜɵ ɧɚɯɨɞɢɬɟɫɶ, ɬ.ɟ. ɨ ɩɭɧɤɬɟ Ⱥ, ɩɪɢɲɥɨ ɜɪɟɦɹ ɩɥɚɧɢɪɨɜɚɬɶ ɜɚɲɟ ɩɭɬɟɲɟɫɬɜɢɟ ɜ ɩɭɧɤɬ Ȼ. ɋɰɟɧɚɪɢɣ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɦɨɞɟɪɧɢɡɚɰɢɢ - ɷɬɨ ɩɨɲɚɝɨɜɵɣ ɫɩɢɫɨɤ ɡɚɞɚɱ ɢ ɩɨɪɹɞɨɤ ɢɯ ɜɵɩɨɥɧɟɧɢɹ. ɗɬɨɬ ɞɨɤɭɦɟɧɬ ɛɭɞɟɬ ɜɚɲɟɣ ɢɧɫɬɪɭɤɰɢɟɣ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɧɟ ɩɪɢɞɟɬ ɜɪɟɦɹ «ɩɨɜɟɪɧɭɬɶ ɜɵɤɥɸɱɚɬɟɥɶ». Ʉ ɧɚɱɚɥɭ ɦɨɞɟɪɧɢɡɚɰɢɢ ɷɬɨɬ ɫɩɢɫɨɤ ɞɨɥɠɟɧ ɛɵɬɶ ɩɪɨɜɟɪɟɧ, ɩɟɪɟɫɦɨɬɪɟɧ ɢ ɩɟɪɟɞɟɥɚɧ ɧɟɫɤɨɥɶɤɨ ɪɚɡ. ȿɫɥɢ ɜɵɩɨɥɧɹɟɬɫɹ ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ, ɬɨ ɫɰɟɧɚɪɢɣ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɛɭɞɟɬ ɨɬɧɨɫɢɬɟɥɶɧɨ ɩɪɨɫɬ: ɜ ɧɟɦ ɛɭɞɭɬ ɩɟɪɟɱɢɫɥɟɧɵ ɜɫɟ ɦɨɞɟɪɧɢɡɢɪɭɟɦɵɟ PDC ɢ BDC, ɩɨɪɹɞɨɤ ɦɨɞɟɪɧɢɡɚɰɢɢ, ɞɟɣɫɬɜɢɹ, ɤɨɬɨɪɵɟ ɜɵ ɩɪɟɞɩɪɢɦɢɬɟ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɝɚɪɚɧɬɢɪɨɜɚɬɶ ɩɪɨɞɨɥɠɟɧɢɟ ɪɚɛɨɬɵ ɫɟɬɟɜɵɯ ɫɥɭɠɛ ɜ ɩɪɨɰɟɫɫɟ ɨɛɧɨɜɥɟɧɢɹ, ɞɟɣɫɬɜɢɹ ɩɨ ɩɪɨɜɟɪɤɟ ɩɪɚɜɢɥɶɧɨɫɬɢ ɜɵɩɨɥɧɟɧɢɹ. ȼ ɩɥɚɧɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɬɚɤɠɟ ɛɭɞɭɬ ɩɟɪɟɱɢɫɥɟɧɵ ɩɨɥɶɡɨɜɚɬɟɥɢ, ɝɪɭɩɩɵ, ɤɨɦɩɶɸɬɟɪɵ ɢ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ, ɤɨɬɨɪɵɟ ɜɵ ɛɭɞɟɬɟ ɩɟɪɟɧɨɫɢɬɶ, ɢɫɯɨɞɧɵɟ ɢ ɰɟɥɟɜɵɟ ɞɨɦɟɧɵ. Ȼɭɞɟɬ ɜɵɛɪɚɧɨ ɜɪɟɦɹ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɩɪɨɰɟɫɫɚ ɦɨɞɟɪɧɢɡɚɰɢɢ, ɭɤɚɡɚɧɵ ɞɟɣɫɬɜɢɹ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɩɟɪɟɤɥɸɱɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɧɚ ɧɨɜɭɸ ɫɪɟɞɭ, ɭɬɨɱɧɟɧɵ ɲɚɝɢ ɩɨ ɩɪɨɜɟɪɤɟ ɩɪɚɜɢɥɶɧɨɫɬɢ ɩɟɪɟɯɨɞɚ. П че ы . . , .
. , . 1.
Windows NT 4 Server Contoso.
2. 3.
Contoso. DC7
BDC
. .
, DC7, . 4.
DC7
. .
5.
Server Manager ( , PDC NOS. NOS . (Э .)
6.
) DC1 DC1, Active Directory
7. DC1 • • •
. , , DNS, WINS, RAS).
(
,
Active Directory Users And Computers ( Active Directory). , . Upgradel,
= P@sswOrd. .
•
, \\
. ITStaff\Policies\
PersonalSoftware.doc.
. ?
?
-
? ɂ ɬɚɤ ɞɚɥɟɟ. ȼɚɲɚ ɩɪɨɰɟɞɭɪɚ ɞɨɥɠɧɚ ɛɵɬɶ ɞɨɫɬɚɬɨɱɧɨ ɞɟɬɚɥɢɡɢɪɨɜɚɧɚ, ɱɬɨɛɵ ɟɟ ɦɨɠɧɨ ɛɵɥɨ ɥɟɝɤɨ ɜɵɩɨɥɧɹɬɶ, ɧɟ ɩɨɥɚɝɚɹɫɶ ɧɚ ɩɚɦɹɬɶ. ɉɨɥɚɝɚɬɶɫɹ ɧɚ ɫɜɨɸ ɩɚɦɹɬɶ, ɤɨɝɞɚ ɩɨɞ ɭɝɪɨɡɨɣ ɧɚɯɨɞɢɬɫɹ ɫɟɬɟɜɨɣ ɞɨɫɬɭɩ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɞɨɦɟɧɚ — ɷɬɨ ɩɥɨɯɚɹ ɢɞɟɹ. . , « », Upgradel. , . , , , (LAN),
.
,
-
, . Ɍɟɩɟɪɶ, ɤɨɝɞɚ ɜɵ ɭɬɨɱɧɢɥɢ ɜɫɟ, ɱɬɨ ɛɭɞɟɬɟ ɞɟɥɚɬɶ ɩɪɢ ɭɫɩɟɲɧɨɦ ɯɨɞɟ ɫɨɛɵɬɢɣ, ɩɪɢɲɥɨ ɜɪɟɦɹ ɡɚɞɨɤɭɦɟɧɬɢɪɨɜɚɬɶ, ɤɚɤɢɟ ɞɟɣɫɬɜɢɹ ɜɵ ɛɭɞɟɬɟ ɜɵɩɨɥɧɹɬɶ, ɟɫɥɢ ɩɪɨɰɟɫɫ ɩɨɣɞɟɬ ɧɟɩɪɚɜɢɥɶɧɨ, ɬ.ɟ. ɩɥɚɧ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɢɫɬɟɦɵ ɩɪɢ ɫɛɨɟ ȼɚɲ ɩɥɚɧ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɢɫɬɟɦɵ ɜ ɫɥɭɱɚɟ ɫɛɨɹ, ɢɥɢ, ɛɨɥɟɟ ɨɩɬɢɦɢɫɬɢɱɧɨ, ɩɪɨɫɬɨ ɩɥɚɧ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ, ɷɤɜɢɜɚɥɟɧɬɟɧ ɩɥɚɧɭ ɦɨɞɟɪɧɢɡɚɰɢɢ, ɧɨ ɨɧ ɢɫɩɨɥɶɡɭɟɬɫɹ ɬɨɝɞɚ, ɤɨɝɞɚ ɞɟɣɫɬɜɢɹ ɩɨ
ɩɪɨɜɟɪɤɟ ɩɪɚɜɢɥɶɧɨɫɬɢ ɦɨɞɟɪɧɢɡɚɰɢɢ ɨɤɨɧɱɢɥɢɫɶ ɧɟɭɞɚɱɟɣ. Ɉɩɪɟɞɟɥɢɬɟ ɜ ɜɚɲɟɦ ɩɥɚɧɟ ɦɨɞɟɪɧɢɡɚɰɢɢ ɧɟ ɬɨɥɶɤɨ ɬɨ, ɱɬɨ ɜɵ ɛɭɞɟɬɟ ɞɟɥɚɬɶ ɞɥɹ ɩɪɨɜɟɪɤɢ ɩɪɚɜɢɥɶɧɨɫɬɢ ɲɚɝɨɜ, ɜɵɩɨɥɧɹɟɦɵɯ ɜ ɩɪɨɰɟɫɫɟ ɩɟɪɟɯɨɞɚ, ɧɨ ɢ ɬɨ, ɱɬɨ ɜɵ ɫɦɨɠɟɬɟ ɫɞɟɥɚɬɶ ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ ɞɨ ɩɨɫɥɟɞɧɟɝɨ ɪɚɛɨɬɨɫɩɨɫɨɛɧɨɝɨ ɫɨɫɬɨɹɧɢɹ. Ɍɚɤ ɜɵ ɫɦɨɠɟɬɟ ɩɨɞɞɟɪɠɢɜɚɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɞɥɹ ɜɚɲɢɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɧɚɣɬɢ ɨɲɢɛɤɢ ɜ ɩɥɚɧɟ ɦɨɞɟɪɧɢɡɚɰɢɢ ɢ ɩɨɩɪɨɛɨɜɚɬɶ ɜɫɟ ɫɧɨɜɚ. ȼ ɫɥɟɞɭɸɳɟɦ ɪɚɡɞɟɥɟ ɪɚɫɫɦɨɬɪɟɧɨ ɩɥɚɧɢɪɨɜɚɧɢɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɢɫɬɟɦɵ ɩɨɫɥɟ ɫɛɨɹ ɜ ɩɪɨɰɟɫɫɟ ɩɟɪɟɯɨɞɚ ɤ Active Directory. ȼɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫɢɫɬɟɦɵ ɩɨɫɥɟ ɧɟɭɞɚɜɲɟɝɨɫɹ ɨɛɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ ɑɬɨɛɵ ɩɪɢɝɨɬɨɜɢɬɶɫɹ ɤ ɜɨɫɫɬɚɧɨɜɥɟɧɢɸ ɫɢɫɬɟɦɵ ɜ ɫɥɭɱɚɟ ɧɟɭɞɚɜɲɟɝɨɫɹ ɨɛɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɟɟ. 1. Ⱦɨɛɚɜɶɬɟ BDC ɤɨ ɜɫɟɦ ɞɨɦɟɧɚɦ Windows NT 4 ɫ ɨɞɧɢɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. ɗɬɨ ɛɭɞɟɬ ɝɚɪɚɧɬɢɪɨɜɚɬɶ ɩɭɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɜ ɫɥɭɱɚɟ ɫɛɨɹ ɩɪɢ ɨɛɧɨɜɥɟɧɢɢ ɟɞɢɧɫɬɜɟɧɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. 2. ɋɢɧɯɪɨɧɢɡɢɪɭɣɬɟ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ BDC ɫ PDC. ɗɬɨ ɛɭɞɟɬ ɝɚɪɚɧɬɢɟɣ ɬɨɝɨ, ɱɬɨ ɛɚɡɚ ɞɚɧɧɵɯ SAM ɫɨɞɟɪɠɢɬ ɫɚɦɵɟ ɫɜɟɠɢɟ ɞɚɧɧɵɟ. 3. ɋɞɟɥɚɣɬɟ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ ɤɨɧɬɪɨɥɥɟɪɚ PDC. ȼɵɩɨɥɧɢɬɟ ɤɨɧɬɪɨɥɶɧɨɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɪɟɡɟɪɜɧɨɝɨ ɧɚɛɨɪɚ ɞɚɧɧɵɯ, ɱɬɨɛɵ ɩɪɨɜɟɪɢɬɶ, ɱɬɨ ɪɟɡɟɪɜɢɪɨɜɚɧɢɟ ɩɪɨɲɥɨ ɭɫɩɟɲɧɨ. 4. ɉɟɪɟɜɟɞɢɬɟ ɩɨɥɧɨɫɬɶɸ ɫɢɧɯɪɨɧɢɡɢɪɨɜɚɧɧɵɣ BDC ɜ ɚɜɬɨɧɨɦɧɵɣ ɪɟɠɢɦ ɢ ɨɛɟɫɩɟɱɶɬɟ ɟɝɨ ɛɟɡɨɩɚɫɧɨɫɬɶ. Ɍɟɦ ɫɚɦɵɦ ɜɵ ɫɨɯɪɚɧɢɬɟ ɤɨɩɢɸ ɛɚɡɵ ɞɚɧɧɵɯ SAM, ɤɨɬɨɪɭɸ ɜ ɫɥɭɱɚɟ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ ɛɟɡ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɩɨɜɬɨɪɧɨ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɫɟɪɜɟɪ ɢ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ. 5. ɉɟɪɢɨɞɢɱɟɫɤɢ ɩɨɞɤɥɸɱɚɣɬɟ ɷɬɨɬ ɡɚɳɢɳɟɧɧɵɣ BDC ɤɨɧɬɪɨɥɥɟɪ ɧɚɡɚɞ ɤ ɫɟɬɢ ɢ ɩɟɪɟɡɚɝɪɭɠɚɣɬɟ ɟɝɨ. ɗɬɨ ɫɨɯɪɚɧɢɬ ɚɤɬɭɚɥɶɧɨɫɬɶ ɛɚɡɵ ɞɚɧɧɵɯ SAM. Ⱦɟɥɚɣɬɟ ɷɬɨ ɨɛɹɡɚɬɟɥɶɧɨ, ɤɨɝɞɚ ɞɨɦɟɧ ɜɫɟ ɟɳɟ ɧɚɯɨɞɢɬɫɹ ɧɚ ɫɦɟɲɚɧɧɨɦ ɭɪɨɜɧɟ Windows 2000 ɢɥɢ ɧɚ ɜɪɟɦɟɧɧɨɦ (interim) ɭɪɨɜɧɟ Windows Server 2003 (ɟɫɥɢ ɧɟɬ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows 2000 Server). ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ ɛɭɞɟɬ ɩɨɞɧɹɬ, ɜɵ ɧɟ ɫɦɨɠɟɬɟ ɪɟɩɥɢɰɢɪɨɜɚɬɶ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ Windows Server 2003 ɢ BDC ɛɨɥɟɟ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ. ɑɬɨɛɵ ɜɨɫɫɬɚɧɨɜɢɬɶ ɫɢɫɬɟɦɭ PDC ɤɨɧɬɪɨɥɥɟɪɚ ɩɨɫɥɟ ɧɟɭɞɚɜɲɟɝɨɫɹ ɨɛɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. ȼɵɤɥɸɱɢɬɟ ɨɛɧɨɜɥɟɧɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. Ɉɧ ɫɱɢɬɚɟɬɫɹ PDC ɤɨɧɬɪɨɥɥɟɪɨɦ ɜ ɞɨɦɟɧɟ Windows NT 4 ɢ ɛɭɞɟɬ ɦɟɲɚɬɶ ɭɫɩɟɲɧɨɦɭ ɜɵɩɨɥɧɟɧɢɸ ɫɥɟɞɭɸɳɟɝɨ ɲɚɝɚ. 2. ɉɨɞɤɥɸɱɢɬɟ ɚɜɬɨɧɨɦɧɵɣ BDC ɧɚɡɚɞ ɜ ɫɟɬɶ ɢ ɧɚɡɧɚɱɶɬɟ ɟɝɨ ɧɚ ɪɨɥɶ PDC ɤɨɧɬɪɨɥɥɟɪɚ. ɗɬɨ ɞɟɣɫɬɜɢɟ ɡɚɩɭɫɬɢɬ ɪɟɩɥɢɤɚɰɢɸ ɫɨɯɪɚɧɟɧɧɨɣ ɛɚɡɵ ɞɚɧɧɵɯ SAM ɧɚ ɜɫɟ ɨɫɬɚɜɲɢɟɫɹ ɜ ɫɟɬɢ BDC ɤɨɧɬɪɨɥɥɟɪɵ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4. ȼɵɩɨɥɧɹɹ ɷɬɭ ɩɪɨɰɟɞɭɪɭ, ɜɵ ɜɨɫɫɬɚɧɨɜɢɬɟ ɫɜɨɸ ɫɟɬɶ, ɨɫɧɨɜɚɧɧɭɸ ɧɚ Windows NT 4, ɞɨ ɪɚɛɨɱɟɝɨ ɫɨɫɬɨɹɧɢɹ. Ɉɫɬɚɜɲɢɟɫɹ ɡɚɞɚɱɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɨɫɬɨɹɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɪɚɫɫɥɟɞɨɜɚɬɶ ɩɪɢɱɢɧɵ ɧɟɭɞɚɜɲɟɝɨɫɹ ɨɛɧɨɜɥɟɧɢɹ, ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɦ ɨɛɪɚɡɨɦ ɨɬɤɨɪɪɟɤɬɢɪɨɜɚɬɶ ɫɜɨɣ ɩɥɚɧ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɢ ɧɚɱɚɬɶ ɫɧɚɱɚɥɚ. ȼɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫɢɫɬɟɦɵ ɩɨɫɥɟ ɧɟɭɞɚɜɲɟɣɫɹ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ Ɍɚɤ ɤɚɤ ɜɵ ɩɟɪɟɧɨɫɢɬɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɢɡ ɞɨɦɟɧɚ Windows NT 4 ɜ Active Directory Windows Server 2003, ɬɨ ɜɚɲ ɩɥɚɧ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɜ ɫɥɭɱɚɟ ɫɛɨɹ ɛɭɞɟɬ ɨɬɧɨɫɢɬɟɥɶɧɨ ɩɪɨɫɬ. ɉɪɨɰɟɫɫ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ - ɷɬɨ ɧɟ-ɪɚɡɪɭɲɚɸɳɢɣ ɩɪɨɰɟɫɫ, ɫɪɟɞɚ Windows NT 4 ɛɭɞɟɬ ɩɨɥɧɨɫɬɶɸ ɮɭɧɤɰɢɨɧɢɪɨɜɚɬɶ ɜ ɩɪɨɰɟɫɫɟ ɩɟɪɟɯɨɞɚ. ȿɫɥɢ ɩɟɪɟɦɟɳɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɨɤɨɧɱɢɬɫɹ ɧɟɭɞɚɱɟɣ, ɷɬɨ ɜɵɡɨɜɟɬ ɨɩɪɟɞɟɥɟɧɧɵɟ ɧɟɭɞɨɛɫɬɜɚ, ɧɨ ɧɟ ɡɚɬɪɨɧɟɬ ɜɨɡɦɨɠɧɨɫɬɟɣ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɫɟɬɢ Windows NT 4. ɑɬɨɛɵ ɝɚɪɚɧɬɢɪɨɜɚɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɢɫɬɟɦɵ ɩɨɫɥɟ ɧɟɭɞɚɜɲɟɣɫɹ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. Ⱦɨɛɚɜɶɬɟ BDC ɤɨ ɜɫɟɦ ɞɨɦɟɧɚɦ Windows NT 4, ɤɨɬɨɪɵɟ ɢɦɟɸɬ ɬɨɥɶɤɨ ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ɗɬɨ ɛɭɞɟɬ ɝɚɪɚɧɬɢɪɨɜɚɬɶ ɩɭɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɩɪɨɢɡɨɣɞɟɬ ɫɛɨɣ ɩɪɢ ɨɛɧɨɜɥɟɧɢɢ ɟɞɢɧɫɬɜɟɧɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. 2. ɋɢɧɯɪɨɧɢɡɢɪɭɣɬɟ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ BDC ɫ PDC. ɗɬɨ ɛɭɞɟɬ ɝɚɪɚɧɬɢɪɨɜɚɬɶ ɚɤɬɭɚɥɶɧɨɫɬɶ ɛɚɡɵ ɞɚɧɧɵɯ SAM. 3. ɋɞɟɥɚɣɬɟ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ ɤɨɧɬɪɨɥɥɟɪɚ PDC. ȼɵɩɨɥɧɢɬɟ ɤɨɧɬɪɨɥɶɧɨɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɪɟɡɟɪɜɧɨɝɨ ɧɚɛɨɪɚ ɞɚɧɧɵɯ, ɱɬɨɛɵ ɩɪɨɜɟɪɢɬɶ, ɱɬɨ ɪɟɡɟɪɜɢɪɨɜɚɧɢɟ ɩɪɨɲɥɨ ɭɫɩɟɲɧɨ. ȿɫɥɢ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ ɨɤɨɧɱɢɬɫɹ ɧɟɭɞɚɱɟɣ, ɩɥɚɧ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɩɪɨɞɨɥɠɢɬɶ ɪɚɛɨɬɭ ɜ ɫɪɟɞɟ Windows NT 4, ɪɚɫɫɥɟɞɨɜɚɬɶ ɩɪɢɱɢɧɵ ɧɟɭɞɚɱɢ, ɩɪɨɜɟɪɢɬɶ ɩɥɚɧ
ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɢ ɩɪɨɛɨɜɚɬɶ ɫɧɨɜɚ. ȿɫɥɢ ɛɚɡɚ ɞɚɧɧɵɯ SAM ɫɢɫɬɟɦɵ Windows NT 4 ɪɚɡɪɭɲɟɧɚ ɜ ɩɪɨɰɟɫɫɟ ɩɟɪɟɦɟɳɟɧɢɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ, ɢɫɩɨɥɶɡɭɣɬɟ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ. Ɋɚɡɪɭɲɟɧɢɟ ɞɚɧɧɵɯ ɩɪɨɹɜɢɬ ɫɟɛɹ ɬɟɦ, ɱɬɨ ɧɟ ɜɫɟ ɨɛɴɟɤɬɵ ɩɨɹɜɹɬɫɹ ɜ User Manager (Ɇɟɧɟɞɠɟɪ ɩɨɥɶɡɨɜɚɬɟɥɟɣ), ɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɧɟ ɫɦɨɝɭɬ ɜɨɣɬɢ ɜ ɫɢɫɬɟɦɭ.
ȿɫɬɶ ɧɟɫɤɨɥɶɤɨ ɫɟɪɶɟɡɧɵɯ ɨɫɧɨɜɚɧɢɣ ɞɥɹ ɬɟɫɬɢɪɨɜɚɧɢɹ ɜɚɲɟɝɨ ɩɥɚɧɚ ɦɨɞɟɪɧɢɡɚɰɢɢ. • Ɍɟɫɬɢɪɨɜɚɧɢɟ ɩɨɞɬɜɟɪɞɢɬ, ɱɬɨ ɞɟɣɫɬɜɢɹ ɩɨ ɨɛɧɨɜɥɟɧɢɸ ɩɪɢɜɟɞɭɬ ɤ ɠɟɥɚɟɦɵɦ ɪɟɡɭɥɶɬɚɬɚɦ. • Ɍɟɫɬɢɪɨɜɚɧɢɟ ɞɚɫɬ ɜɨɡɦɨɠɧɨɫɬɶ ɨɩɪɟɞɟɥɢɬɶ ɜɪɟɦɹ, ɧɟɨɛɯɨɞɢɦɨɟ ɞɥɹ ɩɨɥɧɨɝɨ ɡɚɜɟɪɲɟɧɢɹ ɦɨɞɟɪɧɢɡɚɰɢɢ. • Ɍɟɫɬɢɪɨɜɚɧɢɟ ɞɚɫɬ ɜɨɡɦɨɠɧɨɫɬɶ ɨɡɧɚɤɨɦɢɬɶɫɹ ɫ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɦɢ ɫɪɟɞɫɬɜɚɦɢ ɢ ɩɪɨɰɟɞɭɪɚɦɢ, ɤɨɬɨɪɵɟ ɜɵ ɛɭɞɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɩɪɢ ɩɟɪɟɯɨɞɟ ɤ Active Directory. ɇɟ ɡɚɛɭɞɶɬɟ ɩɪɨɜɟɪɢɬɶ ɜɫɟ ɷɥɟɦɟɧɬɵ ɩɟɪɟɯɨɞɚ. Ɋɚɫɫɦɨɬɪɢɬɟ ɜɚɲ ɩɥɚɧ ɢ ɫɨɡɞɚɣɬɟ ɧɚɛɨɪ ɬɟɫɬɨɜ ɞɥɹ ɜɫɟɯ ɩɪɨɰɟɞɭɪ, ɤɨɬɨɪɵɟ ɜɚɦ ɧɚɞɨ ɛɭɞɟɬ ɜɵɩɨɥɧɢɬɶ. ɇɟ ɡɚɛɭɞɶɬɟ ɬɚɤɠɟ ɩɪɨɬɟɫɬɢɪɨɜɚɬɶ ɩɥɚɧ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ, ɬɚɤ ɤɚɤ ɦɨɦɟɧɬ ɨɬɤɚɬɚ ɤ ɞɨɦɟɧɭ Windows NT 4 — ɧɟ ɫɚɦɨɟ ɩɨɞɯɨɞɹɳɟɟ ɜɪɟɦɹ ɞɥɹ ɨɛɧɚɪɭɠɟɧɢɹ ɨɲɢɛɤɢ ɜ ɜɚɲɟɦ ɩɥɚɧɟ. ȿɫɥɢ ɬɟɫɬɢɪɨɜɚɧɢɟ ɩɨɤɚɡɵɜɚɟɬ ɨɲɢɛɤɢ, ɦɨɞɢɮɢɰɢɪɭɣɬɟ ɩɥɚɧ ɢ ɩɨɜɬɨɪɧɨ ɩɪɨɜɟɪɹɣɬɟ ɟɝɨ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɨɧ ɧɟ ɛɭɞɟɬ ɪɚɛɨɬɚɬɶ ɬɚɤ, ɤɚɤ ɧɭɠɧɨ. ɇɚɢɥɭɱɲɚɹ ɩɪɚɤɬɢɤɚ. ɉɪɢ ɬɟɫɬɢɪɨɜɚɧɢɢ ɜɚɲɟɝɨ ɩɥɚɧɚ ɩɟɪɟɯɨɞɚ ɫɨɡɞɚɣɬɟ ɢɫɩɵɬɚɬɟɥɶɧɭɸ ɫɪɟɞɭ, ɩɨɯɨɠɭɸ ɧɚ ɜɚɲɭ ɩɪɨɢɡɜɨɞɫɬɜɟɧɧɭɸ ɫɪɟɞɭ. ɍɞɨɫɬɨɜɟɪɶɬɟɫɶ, ɱɬɨ ɢɫɩɵɬɚɬɟɥɶɧɚɹ ɫɪɟɞɚ ɩɨɥɧɨɫɬɶɸ ɢɡɨɥɢɪɨɜɚɧɚ ɨɬ ɩɪɨɢɡɜɨɞɫɬɜɟɧɧɨɣ.
ɉɪɟɠɞɟ ɱɟɦ ɪɚɡɜɟɪɬɵɜɚɬɶ ɦɨɞɟɪɧɢɡɚɰɢɸ ɩɨ ɜɫɟɣ ɨɪɝɚɧɢɡɚɰɢɢ, ɧɭɠɧɨ ɩɪɨɜɟɫɬɢ ɷɤɫɩɟɪɢɦɟɧɬɚɥɶɧɵɣ ɨɬɤɚɬ ɩɟɪɟɯɨɞɚ ɫ ɨɝɪɚɧɢɱɟɧɧɨɣ ɢ ɭɩɪɚɜɥɹɟɦɨɣ ɝɪɭɩɩɨɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɗɬɨ ɞɚɫɬ ɜɚɦ ɜɨɡɦɨɠɧɨɫɬɶ ɬɳɚɬɟɥɶɧɨ ɩɪɨɚɧɚɥɢɡɢɪɨɜɚɬɶ ɪɟɡɭɥɶɬɚɬɵ ɩɟɪɟɯɨɞɚ ɜ ɭɩɪɚɜɥɹɟɦɨɣ ɫɪɟɞɟ ɩɟɪɟɞ ɜɵɩɨɥɧɟɧɢɟɦ ɩɨɥɧɨɝɨ ɩɥɚɧɚ ɦɨɞɟɪɧɢɡɚɰɢɢ. ɗɤɫɩɟɪɢɦɟɧɬɚɥɶɧɵɣ ɨɬɤɚɬ ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɩɪɟɢɦɭɳɟɫɬɜ. • Ɍɟɫɬɢɪɭɟɬ ɜɚɲ ɩɥɚɧ ɩɟɪɟɯɨɞɚ ɜ ɩɪɨɢɡɜɨɞɫɬɜɟɧɧɨɣ ɫɪɟɞɟ. • ɉɨɡɜɨɥɹɟɬ ɨɛɧɚɪɭɠɢɬɶ ɧɟɩɪɟɞɜɢɞɟɧɧɵɟ ɨɲɢɛɤɢ ɜ ɩɥɚɧɟ ɦɨɞɟɪɧɢɡɚɰɢɢ. • Ⱦɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɨɡɧɚɤɨɦɢɬɶɫɹ ɫ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɦɢ ɫɪɟɞɫɬɜɚɦɢ ɦɨɞɟɪɧɢɡɚɰɢɢ. ɗɤɫɩɟɪɢɦɟɧɬɚɥɶɧɚɹ ɦɨɞɟɪɧɢɡɚɰɢɹ ɞɚɫɬ ɜɚɦ ɜɨɡɦɨɠɧɨɫɬɶ ɨɰɟɧɢɬɶ ɪɟɡɭɥɶɬɚɬɵ ɜɚɲɟɝɨ ɩɥɚɧɚ ɢ ɜɧɟɫɬɢ ɢɡɦɟɧɟɧɢɹ. ɇɟ ɡɚɛɭɞɶɬɟ ɩɨɜɬɨɪɧɨ ɩɪɨɜɟɪɢɬɶ ɥɸɛɵɟ ɦɨɞɢɮɢɤɚɰɢɢ ɢ ɪɚɡɜɟɪɧɭɬɶ ɢɯ ɜ ɷɤɫɩɟɪɢɦɟɧɬɚɥɶɧɨɣ ɝɪɭɩɩɟ ɩɟɪɟɞ ɪɚɡɜɟɪɬɵɜɚɧɢɟɦ ɦɨɞɟɪɧɢɡɚɰɢɢ ɜɨ ɜɫɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. . . Э « ». , , . . , . Ʉɚɤ ɬɨɥɶɤɨ ɷɤɫɩɟɪɢɦɟɧɬɚɥɶɧɨɟ ɪɚɡɜɟɪɬɵɜɚɧɢɟ ɡɚɤɨɧɱɟɧɨ, ɢ ɜɫɟ ɨɲɢɛɤɢ ɜ ɩɥɚɧɟ ɦɨɞɟɪɧɢɡɚɰɢɢ ɜɵɹɜɥɟɧɵ ɢ ɢɫɩɪɚɜɥɟɧɵ, ɜɵ ɦɨɠɟɬɟ ɩɟɪɟɯɨɞɢɬɶ ɤ Active Directory Windows Server 2003.
Ɉɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ - ɷɬɨ ɜɬɨɪɚɹ ɫɬɚɞɢɹ ɩɪɨɰɟɫɫɚ ɩɟɪɟɯɨɞɚ ɤ Windows Server 2003. (ɉɟɪɜɚɹ ɫɬɚɞɢɹ - ɨɛɧɨɜɥɟɧɢɟ NOS.) ɉɪɢ ɨɛɧɨɜɥɟɧɢɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɸɬɫɹ ɫɢɫɬɟɦɵ Windows NT 4 Server ɢɥɢ Windows 2000 Server, ɩɨɫɥɟ ɦɨɞɟɪɧɢɡɚɰɢɢ NOS ɢ ɩɟɪɟɡɚɩɭɫɤɚ ɤɨɦɩɶɸɬɟɪɚ ɦɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɡɚɩɭɫɤɚɟɬɫɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ. ɉɨ ɨɤɨɧɱɚɧɢɢ ɪɚɛɨɬɵ ɦɚɫɬɟɪɚ ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ ɛɭɞɟɬ ɦɨɞɢɮɢɰɢɪɨɜɚɧɚ ɞɨ Active Directory Windows Server 2003. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ ɫɬɪɭɤɬɭɪɵ Active Directory ɫɦ. ɝɥ. 5. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨɛ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɫɦ. ɝɥ. 6. ȼ ɡɚɜɢɫɢɦɨɫɬɢ ɨɬ ɜɟɪɫɢɢ Windows ɜ ɩɪɨɰɟɫɫɟ ɨɛɧɨɜɥɟɧɢɹ ɜɵɩɨɥɧɹɸɬɫɹ ɪɚɡɥɢɱɧɵɟ ɞɟɣɫɬɜɢɹ. ɉɟɪɜɚɹ ɱɚɫɬɶ ɷɬɨɝɨ ɪɚɡɞɟɥɚ ɨɩɢɫɵɜɚɟɬ ɩɪɨɰɟɫɫɵ ɨɛɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4 Server, ɜɬɨɪɚɹ — ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows 2000 Server.
,
. Windows Server 2003. Service Pack 5 (
Windows NT 4, Windows NT 4 )
.
Windows NT 4 Server
ɉɪɢ ɨɛɧɨɜɥɟɧɢɢ Windows NT 4 Server ɞɨ Active Directory Windows Server 2003 ɜɧɚɱɚɥɟ ɦɨɞɟɪɧɢɡɢɪɭɟɬɫɹ ɨɩɟɪɚɰɢɨɧɧɚɹ ɫɢɫɬɟɦɚ, ɚ ɩɨɫɥɟ ɩɟɪɟɡɚɝɪɭɡɤɢ ɤɨɦɩɶɸɬɟɪɚ ɡɚɜɟɪɲɚɟɬɫɹ ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ. ȼ ɷɬɨɦ ɪɚɡɞɟɥɟ ɨɩɢɫɚɧɨ, ɤɚɤ ɩɪɨɜɨɞɢɬɶ ɩɨɞɝɨɬɨɜɤɭ ɢ ɜɵɩɨɥɧɟɧɢɟ ɨɛɧɨɜɥɟɧɢɹ ɨɬ Windows NT 4 Server ɤ Active Directory. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. ȼ ɷɬɨɦ ɪɚɡɞɟɥɟ ɨɛɫɭɠɞɚɸɬɫɹ ɬɨɥɶɤɨ ɜɨɩɪɨɫɵ ɨɛɧɨɜɥɟɧɢɹ ɞɨ Active Directory Windows Server 2003. ɉɨɫɤɨɥɶɤɭ ɜɧɚɱɚɥɟ ɜɵɩɨɥɧɹɟɬɫɹ ɨɛɧɨɜɥɟɧɢɟ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ Windows NT 4 Server ɞɨ Windows Server 2003, ɧɟɨɛɯɨɞɢɦɨ ɩɪɟɞɜɚɪɢɬɟɥɶɧɨ ɨɡɧɚɤɨɦɢɬɶɫɹ ɫ ɬɟɯɧɢɱɟɫɤɢɦɢ ɬɪɟɛɨɜɚɧɢɹɦɢ ɞɥɹ ɦɨɞɟɪɧɢɡɚɰɢɢ NOS. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɞɥɹ ɧɟɛɨɥɶɲɢɯ ɢɧɫɬɚɥɥɹɰɢɣ (ɨɬ ɨɞɧɨɝɨ ɞɨ ɩɹɬɢ ɫɟɪɜɟɪɨɜ) ɫɦɨɬɪɢɬɟ ɫɬɪɚɧɢɰɭ «Installing and Upgrading the Operating System (ɍɫɬɚɧɨɜɤɚ ɢ ɨɛɧɨɜɥɟɧɢɟ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ)» ɧɚ ɜɟɛ-ɫɚɣɬɟ Microsoft ɩɨ ɚɞɪɟɫɭ http:// www.microsoft.com/technet/prodtechnol/windowsserver2003/ proddocs/entserver/ins. ɂɧɮɨɪɦɚɰɢɸ ɞɥɹ ɛɨɥɶɲɢɯ ɢɧɫɬɚɥɥɹɰɢɣ ɫɦɨɬɪɢɬɟ ɜ ɫɬɚɬɶɟ Microsoft Windows Server 2003 Deployment Kit (Ʉɨɦɩɥɟɤɬ ɪɚɡɜɟɪɬɵɜɚɧɢɹ Windows Server 2003) ɩɨ ɚɞɪɟɫɭ http:// www.microsoft.co7n/windowsserver2003/techinfo/reskit/ deploykit.mspx. ɉɟɪɟɞ ɧɚɱɚɥɨɦ ɨɛɧɨɜɥɟɧɢɹ ɜɵɩɨɥɧɢɬɟ ɧɟɫɤɨɥɶɤɨ ɞɟɣɫɬɜɢɣ ɧɚ PDC ɤɨɧɬɪɨɥɥɟɪɟ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4, ɤɨɬɨɪɵɣ ɞɨɥɠɟɧ ɛɵɬɶ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧ. • Ɉɱɢɫɬɢɬɟ ɛɚɡɭ ɞɚɧɧɵɯ SAM. ɉɨɦɧɢɬɟ, ɱɬɨ ɩɪɢ ɨɛɧɨɜɥɟɧɢɢ ɞɨɦɟɧɚ ɜɫɟ ɜ ɧɟɣ ɛɭɞɟɬ ɨɛɧɨɜɥɟɧɨ ɞɨ Active Directory. ȼɟɥɢɤɚ ɜɟɪɨɹɬɧɨɫɬɶ ɬɨɝɨ, ɱɬɨ ɨɱɢɫɬɤɚ ɭɦɟɧɶɲɢɬ ɤɨɥɢɱɟɫɬɜɨ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɩɟɪɟɦɟɳɚɬɶɫɹ ɜ Active Directory, ɭɦɟɧɶɲɢɜ ɬɟɦ ɫɚɦɵɦ ɩɨɬɪɟɛɧɨɟ ɞɢɫɤɨɜɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ Windows Server 2003. ɂɦɟɣɬɟ ɜ ɜɢɞɭ, ɱɬɨ ɫɭɳɟɫɬɜɭɸɳɚɹ ɛɚɡɚ ɞɚɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɩɪɢ ɨɛɧɨɜɥɟɧɢɢ ɞɨ Active Directory ɦɨɠɟɬ ɭɜɟɥɢɱɢɬɶɫɹ ɜ 10 ɪɚɡ. ɉɪɢ ɨɱɢɳɟɧɢɢ SAM ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Windows NT 4 User Manager For Domains (Ɇɟɧɟɞɠɟɪ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɞɥɹ ɞɨɦɟɧɨɜ) ɢɥɢ ɫ ɩɨɦɨɳɶɸ ɤɨɦɚɧɞɵ Net User (ɉɨɥɶɡɨɜɚɬɟɥɶ ɫɟɬɢ) ɩɪɨɢɫɯɨɞɢɬ ɫɥɟɞɭɸɳɟɟ: o ɭɞɚɥɟɧɢɟ ɞɭɛɥɢɪɨɜɚɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ; o ɨɛɴɟɞɢɧɟɧɢɟ ɞɭɛɥɢɪɨɜɚɧɧɵɯ ɝɪɭɩɩ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ; o ɭɞɚɥɟɧɢɟ ɧɟɢɫɩɨɥɶɡɭɟɦɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɝɪɭɩɩ ɢ ɤɨɦɩɶɸɬɟɪɨɜ; o ɭɞɚɥɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɥɨɤɚɥɶɧɵɯ ɝɪɭɩɩ ɞɥɹ ɪɟɫɭɪɫɨɜ, ɤɨɬɨɪɵɟ ɛɨɥɶɲɟ ɧɟ ɫɭɳɟɫɬɜɭɸɬ; o ɭɫɬɚɧɨɜɤɚ ɤɨɦɩɥɟɤɬɚ Service Pack 5 ɞɥɹ Windows NT 4 ɢɥɢ ɛɨɥɟɟ ɩɨɡɞɧɟɝɨ. ȼɵ ɦɨɠɟɬɟ ɡɚɝɪɭɡɢɬɶ ɜɫɟ ɩɨɞɞɟɪɠɢɜɚɟɦɵɟ ɤɨɦɩɥɟɤɬɵ ɨɛɧɨɜɥɟɧɢɣ ɞɥɹ Windows NT 4 ɫ ɜɟɛ-ɫɚɣɬɚ Microsoft ɩɨ ɚɞɪɟɫɭ http://www.microsoft.com/ntserver/nts/downloads/default.asp.
PDC
ɉɟɪɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɧɭɠɧɨ ɦɨɞɟɪɧɢɡɢɪɨɜɚɬɶ ɜ ɜɚɲɟɦ ɞɨɦɟɧɟ Windows NT 4 - ɷɬɨ PDC. ȿɫɥɢ ɜɵ ɩɨɩɵɬɚɟɬɟɫɶ ɦɨɞɟɪɧɢɡɢɪɨɜɚɬɶ BDC ɪɚɧɶɲɟ, ɱɟɦ PDC, ɩɪɨɢɡɨɣɞɟɬ ɨɲɢɛɤɚ, ɩɨɬɨɦɭ ɱɬɨ ɞɨɦɟɧɵ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɫɢɫɬɟɦɟ Windows NT 4, ɦɨɝɭɬ ɢɦɟɬɶ ɬɨɥɶɤɨ ɨɞɢɧ PDC. ȼɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ Windows Server 2003 ɜ ɞɟɣɫɬɜɢɬɟɥɶɧɨɫɬɢ ɹɜɥɹɸɬɫɹ ɤɨɧɬɪɨɥɥɟɪɚɦɢ PDC ɩɨ ɨɬɧɨɲɟɧɢɸ ɤ ɞɨɦɟɧɭ Windows NT 4, ɩɨɷɬɨɦɭ ɦɨɞɟɪɧɢɡɢɪɭɣɬɟ ɫɧɚɱɚɥɚ PDC, ɱɬɨɛɵ ɧɟ ɧɚɪɭɲɢɬɶ ɷɬɨ ɩɪɚɜɢɥɨ. . PDC , BDC Windows NT 4, PDC, a Windows Server 2003. Э , , Windows
Server 2003,
, . ɉɨɫɥɟ ɨɤɨɧɱɚɧɢɹ ɷɬɨɝɨ ɩɪɨɰɟɫɫɚ ɢ ɩɪɨɜɟɪɤɢ ɧɚ ɩɨɜɪɟɠɞɟɧɢɹ ɫɟɬɢ ɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɜɵ ɦɨɠɟɬɟ ɞɨɛɚɜɥɹɬɶ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɢɧɫɬɚɥɥɢɪɭɹ ɧɨɜɵɟ ɢɥɢ ɦɨɞɟɪɧɢɡɢɪɭɹ ɫɭɳɟɫɬɜɭɸɳɢɟ BDC. ɉɨɤɚ ɜɵ ɧɚɯɨɞɢɬɟɫɶ ɧɚ ɫɦɟɲɚɧɧɨɦ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000 ɢɥɢ ɩɨɤɚ ɜɵ ɧɟ ɩɨɞɧɢɦɟɬɟ ɟɝɨ ɞɨ ɜɪɟɦɟɧɧɨɝɨ (interim) ɭɪɨɜɧɹ Windows Server 2003, ɜɵ ɫɦɨɠɟɬɟ ɩɨɞɞɟɪɠɢɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ Windows Server 2003 ɢ ɪɟɡɟɪɜɧɵɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4. Ʉɨɝɞɚ ɢ ɤɚɤ ɛɵɫɬɪɨ ɜɵ ɛɭɞɟɬɟ ɦɨɞɟɪɧɢɡɢɪɨɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪɵ BDC, ɡɚɜɢɫɢɬ ɨɬ ɜɚɫ. Ʉɨɝɞɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɵ ɞɨ Windows Server 2003, ɦɨɠɧɨ ɩɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɭɪɨɜɧɢ ɞɨɦɟɧɚ ɢ ɥɟɫɚ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɭɪɨɜɧɹɯ ɫɦɨɬɪɢɬɟ ɪɚɡɞɟɥ «ɉɪɟɞɫɬɚɜɥɟɧɢɟ ɨ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɭɪɨɜɧɹɯ» ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ. ɑɬɨɛɵ ɦɨɞɟɪɧɢɡɢɪɨɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪɵ PDC, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. ȼɫɬɚɜɶɬɟ ɤɨɦɩɚɤɬ-ɞɢɫɤ ɫ Windows Server 2003 ɜ CD-ROM. ȿɫɥɢ ɜɚɲ CD-ROM ɪɚɡɪɟɲɚɟɬ Autorun (Ⱥɜɬɨɦɚɬɢɱɟɫɤɨɟ ɜɵɩɨɥɧɟɧɢɟ), ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɡɚɩɭɫɬɢɬɫɹ ɩɪɨɝɪɚɦɦɚ Setup (ɍɫɬɚɧɨɜɤɚ). ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɡɚɩɭɫɬɢɬɶ ɮɚɣɥ Setup.exe ɢɡ ɤɨɪɧɟɜɨɣ ɩɚɩɤɢ ɤɨɦɩɚɤɬ-ɞɢɫɤɚ ɜɪɭɱɧɭɸ. ɉɪɢ ɡɚɩɭɫɤɟ ɩɪɨɝɪɚɦɦɵ Setup ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ Install Windows Server 2003 (ɍɫɬɚɧɨɜɤɚ Windows Server 2003). ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɩɪɨɝɪɚɦɦɚ Setup ɫɨɛɟɪɟɬ ɢɧɮɨɪɦɚɰɢɸ ɨ ɜɚɲɟɣ ɬɟɤɭɳɟɣ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɟ, ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ Upgrading To Windows Server 2003 (Ɉɛɧɨɜɥɟɧɢɟ ɞɨ Windows Server 2003). ȼɜɟɞɢɬɟ ɢɧɮɨɪɦɚɰɢɸ, ɧɟɨɛɯɨɞɢɦɭɸ ɞɥɹ ɡɚɜɟɪɲɟɧɢɹ ɩɪɨɝɪɚɦɦɵ Setup. Ʉɨɝɞɚ ɨɛɧɨɜɥɟɧɢɟ ɫɢɫɬɟɦɵ ɞɨ Windows Server 2003 ɡɚɤɨɧɱɢɬɫɹ, ɤɨɦɩɶɸɬɟɪ ɛɭɞɟɬ ɩɟɪɟɡɚɝɪɭɠɟɧ, ɩɨɫɥɟ ɱɟɝɨ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɧɚɱɧɟɬ ɪɚɛɨɬɚɬɶ ɦɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. ȼɵɩɨɥɧɢɬɟ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɜɚɲɢɦ ɩɪɨɟɤɬɨɦ Active Directory. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɢɧɫɬɚɥɥɹɰɢɹ ɡɚɤɨɧɱɢɬɫɹ, ɜɚɲ ɤɨɦɩɶɸɬɟɪ ɛɭɞɟɬ ɩɟɪɟɡɚɝɪɭɠɟɧ, ɢ ɨɛɧɨɜɥɟɧɢɟ ɞɨ Active Directory ɡɚɜɟɪɲɢɬɫɹ.
Active Directory
Ⱦɥɹ ɩɪɨɜɟɪɤɢ ɭɫɬɚɧɨɜɤɢ ɫɥɭɠɛɵ Active Directory ɧɚ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɧɨɦ» ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɧɭɠɧɨ ɜɵɩɨɥɧɢɬɶ ɧɟɫɤɨɥɶɤɨ ɞɟɣɫɬɜɢɣ. ɇɟɤɨɬɨɪɵɟ ɢɡ ɷɬɢɯ ɞɟɣɫɬɜɢɣ ɢɦɟɸɬ ɯɚɪɚɤɬɟɪ ɞɢɚɝɧɨɫɬɢɱɟɫɤɢɯ ɬɟɫɬɨɜ, ɞɪɭɝɢɟ -ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ. Ⱦɚɜɚɣɬɟ ɫɧɚɱɚɥɚ ɪɚɫɫɦɨɬɪɢɦ ɮɭɧɤɰɢɨɧɚɥɶɧɨɟ ɬɟɫɬɢɪɨɜɚɧɢɟ. • ɉɪɨɜɟɪɶɬɟ, ɱɬɨ ɜɫɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɝɪɭɩɩ ɢ ɤɨɦɩɶɸɬɟɪɨɜ ɩɟɪɟɦɟɳɟɧɵ ɜ Active Directory. Ⱦɥɹ ɷɬɨɝɨ ɨɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory) ɢ ɩɪɨɫɦɨɬɪɢɬɟ ɫɩɢɫɨɤ ɨɛɴɟɤɬɨɜ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ. ȼɨɡɦɨɠɧɨ, ɜɵ ɧɟ ɫɦɨɠɟɬɟ ɩɪɨɜɟɪɢɬɶ ɤɚɠɞɭɸ, ɧɨ ɨɛɹɡɚɬɟɥɶɧɨ ɫɥɟɞɭɟɬ ɜɵɛɪɚɬɶ ɧɟɫɤɨɥɶɤɨ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ Windows NT 4 ɢ ɩɪɨɜɟɪɢɬɶ, ɱɬɨ ɨɧɢ ɫɭɳɟɫɬɜɭɸɬ ɧɚ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. • ɉɪɨɜɟɪɶɬɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ Active Directory Domains And Trusts (Ⱦɨɦɟɧɵ ɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ Active Directory). • ɉɪɨɜɟɪɶɬɟ ɫɢɫɬɟɦɧɵɣ ɠɭɪɧɚɥ Event Viewer (ɋɪɟɞɫɬɜɨ ɩɪɨɫɦɨɬɪɚ ɫɨɛɵɬɢɣ) ɜ ɩɨɢɫɤɚɯ ɤɚɤɢɯ-ɥɢɛɨ ɨɲɢɛɨɤ, ɤɨɬɨɪɵɟ ɦɨɝɥɢ ɩɪɨɢɡɨɣɬɢ ɩɪɢ ɡɚɩɭɫɤɟ ɫɥɭɠɛɵ Active Directory. • ɉɪɨɜɟɪɶɬɟ, ɦɨɠɟɬɟ ɥɢ ɜɵ ɫɨɡɞɚɜɚɬɶ ɧɨɜɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ Windows Server 2003. ɇɚ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɨɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Users And Computers ɢ ɫɨɡɞɚɣɬɟ ɧɨɜɭɸ ɤɨɧɬɪɨɥɶɧɭɸ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ. • ɉɪɨɜɟɪɶɬɟ, ɦɨɝɭɬ ɥɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜɯɨɞɢɬɶ ɜ ɞɨɦɟɧ. ɋ ɤɨɦɩɶɸɬɟɪɚ, ɧɚɯɨɞɹɳɟɝɨɫɹ ɜ ɞɨɦɟɧɟ, ɩɨɩɵɬɚɣɬɟɫɶ ɜɨɣɬɢ ɜ ɫɢɫɬɟɦɭ ɫ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ⱦɥɹ ɷɬɨɣ ɰɟɥɢ ɜɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ «ɠɢɜɭɸ» ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɩɟɪɟɞ ɨɛɧɨɜɥɟɧɢɟɦ ɫɨɡɞɚɬɶ ɤɨɧɬɪɨɥɶɧɭɸ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ. • ɉɪɨɜɟɪɶɬɟ ɪɟɩɥɢɤɚɰɢɸ ɧɚ BDC ɤɨɧɬɪɨɥɥɟɪɵ. ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ ɧɨɜɨɝɨ ɤɨɧɬɪɨɥɶɧɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɨɬɤɪɨɣɬɟ User Manager For Domains ɧɚ BDC ɫ ɫɢɫɬɟɦɨɣ Windows NT 4 Server ɢ ɩɪɨɜɟɪɶɬɟ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɶ ɪɟɩɥɢɰɢɪɭɟɬɫɹ. ȼɵ ɦɨɠɟɬɟ ɨɬɫɨɟɞɢɧɢɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ Windows Server 2003 ɨɬ ɫɟɬɢ ɢ ɜɨɣɬɢ ɜ ɫɟɬɶ ɤɚɤ ɤɨɧɬɪɨɥɶɧɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɱɬɨɛɵ BDC ɫ
ɫɢɫɬɟɦɨɣ Windows NT 4 ɨɛɪɚɛɨɬɚɥ ɡɚɩɪɨɫ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. ɋɪɟɞɫɬɜɚ ɞɢɚɝɧɨɫɬɢɤɢ Active Directory ɪɚɫɩɨɥɨɠɟɧɵ ɜ ɤɨɦɩɥɟɤɬɟ Support Tools (ɋɪɟɞɫɬɜɚ ɩɨɞɞɟɪɠɤɢ) ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤɟ Windows Server 2003. ȼɵ ɦɨɠɟɬɟ ɭɫɬɚɧɨɜɢɬɶ ɷɬɢ ɫɪɟɞɫɬɜɚ ɧɚ ɨɛɧɨɜɥɟɧɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɫ Windows Server 2003, ɜɵɩɨɥɧɹɹ ɮɚɣɥ Suptools.msi ɢɡ ɩɚɩɤɢ \SUPPORT\TOOLS, ɪɚɫɩɨɥɨɠɟɧɧɨɣ ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤɟ Windows Server 2003. ɇɭɠɧɨ ɜɵɩɨɥɧɢɬɶ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ ɩɨ ɞɢɚɝɧɨɫɬɢɱɟɫɤɨɣ ɩɪɨɜɟɪɤɟ. ɑɬɨɛɵ ɩɪɨɜɟɪɢɬɶ ɫɩɨɫɨɛɧɨɫɬɶ ɤ ɜɡɚɢɦɨɞɟɣɫɬɜɢɸ ɢ ɮɭɧɤɰɢɨɧɚɥɶɧɨɫɬɶ Active Directory, ɡɚɩɭɫɬɢɬɟ ɢɧɫɬɪɭɦɟɧɬ Domain Controller Diagnostic (Ⱦɢɚɝɧɨɫɬɢɤɚ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ) (ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɧɚɩɟɱɚɬɚɣɬɟ dcdiag). ȼ ɪɟɡɭɥɶɬɚɬɟ ɭɫɩɟɲɧɨɝɨ ɢɫɩɵɬɚɧɢɹ ɜɨɡɜɪɚɳɚɟɬɫɹ ɪɹɞ ɫɨɨɛɳɟɧɢɣ «passed» (ɩɪɨɣɞɟɧɨ). Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. Ʉɨɦɩɨɧɟɧɬ Dcdiag ɢɧɫɬɪɭɦɟɧɬɚ Support Tool Windows Server 2003 ɚɧɚɥɢɡɢɪɭɟɬ ɫɨɫɬɨɹɧɢɟ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɥɟɫɭ ɢ ɞɚɟɬ ɞɟɬɚɥɶɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɨ ɬɨɦ, ɤɚɤ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɬɶ ɧɟɩɪɚɜɢɥɶɧɨɟ ɩɨɜɟɞɟɧɢɟ ɜ ɫɢɫɬɟɦɟ. Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɢɞɟɧɬɢɮɢɰɢɪɭɸɬɫɹ ɢ ɩɪɨɜɟɪɹɸɬɫɹ ɫɨɝɥɚɫɧɨ ɞɢɪɟɤɬɢɜɚɦ, ɤɨɬɨɪɵɟ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɜɨɞɢɬ ɜ ɤɨɦɚɧɞɧɭɸ ɫɬɪɨɤɭ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨɛ ɢɧɫɬɪɭɦɟɧɬɟ Dcdiag ɧɚɩɟɱɚɬɚɣɬɟ dcdiag/? ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ. ȿɫɥɢ ɷɬɨ ɧɟ ɩɟɪɜɵɣ ɞɨɦɟɧ Active Directory ɜ ɥɟɫɭ, ɧɚɩɟɱɚɬɚɣɬɟ repadmin/showreps ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ, ɱɬɨɛɵ ɩɪɨɜɟɪɢɬɶ ɭɫɩɟɲɧɨɫɬɶ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ Active Directory. ȼ ɪɟɡɭɥɶɬɚɬɟ ɭɫɩɟɲɧɨɝɨ ɢɫɩɵɬɚɧɢɹ ɜɨɡɜɪɚɳɚɟɬɫɹ ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɟ ɫɨɨɛɳɟɧɢɟ ɨ ɤɚɠɞɨɦ ɫɨɛɵɬɢɢ ɪɟɩɥɢɤɚɰɢɢ ɫ ɜɯɨɞɹɳɢɦɢ ɢ ɢɫɯɨɞɹɳɢɦɢ ɩɚɪɬɧɟɪɚɦɢ ɩɨ ɪɟɩɥɢɤɚɰɢɢ. ɑɬɨɛɵ ɩɪɨɜɟɪɢɬɶ ɭɫɩɟɲɧɨɫɬɶ ɪɟɩɥɢɤɚɰɢɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪɵ BDC, ɧɚɩɟɱɚɬɚɣɬɟ nltest/bdc_query:domainname, ɝɞɟ domainname — ɢɦɹ ɪɟɩ-ɥɢɰɢɪɭɟɦɨɝɨ ɞɨɦɟɧɚ. ȼ ɪɟɡɭɥɶɬɚɬɟ ɭɫɩɟɲɧɨɝɨ ɢɫɩɵɬɚɧɢɹ ɜɨɡɜɪɚɳɚɟɬɫɹ ɫɨɨɛɳɟɧɢɟ «status = success (ɫɬɚɬɭɫ = ɭɫɩɟɯ)» ɞɥɹ ɤɚɠɞɨɝɨ BDC ɤɨɧɬɪɨɥɥɟɪɚ ɜ ɞɨɦɟɧɟ. ɉɨɫɥɟ ɩɪɨɜɟɪɤɢ ɨɛɧɨɜɥɟɧɢɹ PDC ɜɵ ɦɨɠɟɬɟ ɦɨɞɟɪɧɢɡɢɪɨɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪɵ BDC.
BDC
ȼɨɡɦɨɠɧɨ, ɱɬɨ ɜ ɦɨɞɟɪɧɢɡɚɰɢɢ BDC-ɤɨɧɬɪɨɥɥɟɪɨɜ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4 ɧɟɬ ɧɢɤɚɤɨɣ ɧɟɨɛɯɨɞɢɦɨɫɬɢ. ɋ ɨɛɧɨɜɥɟɧɢɟɦ PDC ɜɫɹ ɢɧɮɨɪɦɚɰɢɹ ɞɨɦɟɧɚ ɨɛɧɨɜɢɬɫɹ ɞɨ Active Directory Windows Server 2003. ɉɨɫɥɟ ɷɬɨɝɨ ɦɨɠɧɨ ɜɜɟɫɬɢ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫ Windows Server 2003 ɞɥɹ ɩɨɞɞɟɪɠɤɢ ɩɨɬɪɟɛɧɨɫɬɟɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɞɨɦɟɧɚ, ɭɫɬɚɧɨɜɢɜ ɧɨɜɵɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫ Windows Server 2003 ɢɥɢ ɦɨɞɟɪɧɢɡɢɪɭɹ ɫɭɳɟɫɬɜɭɸɳɢɟ ɤɨɧɬɪɨɥɥɟɪɵ BDC. ɉɪɟɞɩɨɱɬɢɬɟɥɶɧɨ ɭɫɬɚɧɨɜɢɬɶ ɧɨɜɵɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫ Windows Server 2003, ɩɨɬɨɦɭ ɱɬɨ ɬɚɤɢɦ ɨɛɪɚɡɨɦ ɭɫɬɪɚɧɹɟɬɫɹ ɪɢɫɤ, ɫɜɹɡɚɧɧɵɣ ɫ ɨɛɧɨɜɥɟɧɢɟɦ BDC ɫ ɧɟɢɡɜɟɫɬɧɨɣ (ɢɥɢ, ɱɬɨ ɟɳɟ ɯɭɠɟ, ɩɪɨɛɥɟɦɧɨɣ) ɢɫɬɨɪɢɟɣ. ɇɨɜɚɹ ɢɧɫɬɚɥɥɹɰɢɹ Windows Server 2003 ɧɚ ɷɬɢɯ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɝɚɪɚɧɬɢɪɭɟɬ, ɱɬɨ ɤɨɦɩɶɸɬɟɪ ɛɭɞɟɬ ɧɚɯɨɞɢɬɶɫɹ ɜ ɱɢɫɬɨɦ ɫɨɫɬɨɹɧɢɢ. Ʉɨɝɞɚ ɜɵɛɢɪɚɟɬɫɹ ɦɨɞɟɪɧɢɡɚɰɢɹ BDC? ȼɨɡɦɨɠɧɨ, ɬɨɥɶɤɨ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɢɦɟɸɬɫɹ ɩɪɢɥɨɠɟɧɢɹ, ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɧɚ BDC, ɤɨɬɨɪɵɟ ɧɟɭɞɨɛɧɨ ɢɥɢ ɧɟɜɨɡɦɨɠɧɨ ɩɨɜɬɨɪɧɨ ɭɫɬɚɧɨɜɢɬɶ ɧɚ ɧɨɜɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɪɟɲɢɬɟ, ɱɬɨ ɧɟɨɛɯɨɞɢɦɨ ɩɪɨɜɟɫɬɢ ɨɛɧɨɜɥɟɧɢɟ BDC, ɬɨ ɷɬɨɬ ɩɪɨɰɟɫɫ ɛɭɞɟɬ ɬɚɤɢɦ ɠɟ, ɤɚɤ ɨɛɧɨɜɥɟɧɢɟ PDC. ɋɧɚɱɚɥɚ ɦɨɞɟɪɧɢɡɢɪɭɟɬɟ NOS, ɚ ɩɨɫɥɟ ɩɟɪɟɡɚɩɭɫɤɚ ɤɨɦɩɶɸɬɟɪɚ ɜɨɫɩɨɥɶɡɭɟɬɟɫɶ ɦɚɫɬɟɪɨɦ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɞɥɹ ɭɫɬɚɧɨɜɤɢ Active Directory ɢ ɧɚɡɧɚɱɟɧɢɹ ɫɟɪɜɟɪɚ ɧɚ ɪɨɥɶ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ɇɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɦɨɠɧɨ ɢ fie ɜɵɩɨɥɧɹɬɶ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɤɨɦɩɶɸɬɟɪ ɨɫɬɚɧɟɬɫɹ ɫɟɪɜɟɪɨɦ-ɱɥɟɧɨɦ ɞɨɦɟɧɚ Windows Server 2003, ɚ ɢɧɮɨɪɦɚɰɢɹ ɛɚɡɵ ɞɚɧɧɵɯ SAM ɧɚ ɷɬɨɦ ɫɟɪɜɟɪɟ ɛɭɞɟɬ ɩɨɬɟɪɹɧɚ. ȼɚɲ ɩɪɨɟɤɬ Active Directory ɩɪɟɞɩɢɫɵɜɚɟɬ ɩɨɬɪɟɛɧɨɟ ɤɨɥɢɱɟɫɬɜɨ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɚ ɜ ɩɥɚɧɟ ɦɨɞɟɪɧɢɡɚɰɢɢ ɭɤɚɡɚɧɨ, ɤɚɤɢɟ ɢɡ ɨɫɬɚɜɲɢɯɫɹ ɤɨɧɬɪɨɥɥɟɪɨɜ BDC ɞɨɥɠɧɵ ɛɵɬɶ ɧɚɡɧɚɱɟɧɵ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɩɨɫɥɟ ɨɛɧɨɜɥɟɧɢɹ, ɚ ɤɚɤɢɟ — ɨɫɬɚɬɶɫɹ ɫɟɪɜɟɪɚɦɢ-ɱɥɟɧɚɦɢ ɞɨɦɟɧɚ. ɉɟɪɟɝɪɭɡɤɚ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɩɨ ɫɰɟɧɚɪɢɸ ɨɛɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ ɩɪɨɢɫɯɨɞɢɬ, ɤɨɝɞɚ ɭ ɜɚɫ ɟɫɬɶ ɤɥɢɟɧɬɫɤɢɟ ɤɨɦɩɶɸɬɟɪɵ ɫ ɫɢɫɬɟɦɚɦɢ Windows 2000 Professional ɢ/ɢɥɢ Windows XP Professional ɜ ɞɨɦɟɧɟ, ɨɫɧɨɜɚɧɧɨɦ ɧɚ ɫɢɫɬɟɦɟ Windows NT 4, ɢ ɜɵ ɦɨɞɟɪɧɢɡɢɪɭɟɬɟ PDC ɞɨ Windows Server 2003. Ɍɚɤɚɹ ɫɢɬɭɚɰɢɹ ɦɨɠɟɬ ɩɪɢɜɟɫɬɢ ɤ ɩɟɪɟɝɪɭɡɤɟ ɟɞɢɧɫɬɜɟɧɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɢɦɟɸɳɟɝɨ Windows Server 2003. ɗɬɨ ɩɪɨɢɫɯɨɞɢɬ ɩɨɬɨɦɭ, ɱɬɨ ɤɨɦɩɶɸɬɟɪɵ ɫ ɫɢɫɬɟɦɚɦɢ Windows 2000 Professional ɢ Windows XP Professional, ɩɪɢɫɨɟɞɢɧɹɸɳɢɟɫɹ ɤ ɞɨɦɟɧɭ Active Directory, ɞɥɹ
ɜɵɩɨɥɧɟɧɢɹ ɥɸɛɵɯ ɞɟɣɫɬɜɢɣ, ɬɪɟɛɭɸɳɢɯ ɤɨɧɬɚɤɬɚ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɛɭɞɭɬ ɜɡɚɢɦɨɞɟɣɫɬɜɨɜɚɬɶ ɬɨɥɶɤɨ ɫ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɭɫɬɚɧɨɜɥɟɧɚ ɫɢɫɬɟɦɚ Windows 2000 Server ɢɥɢ Windows Server 2003. ȿɫɥɢ ɭ ɜɚɫ ɟɫɬɶ ɨɛɧɨɜɥɟɧɧɵɟ ɤɥɢɟɧɬɫɤɢɟ ɤɨɦɩɶɸɬɟɪɵ ɢɥɢ ɧɨɜɵɟ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɸɬɫɹ ɜɵɲɟɭɩɨɦɹɧɭɬɵɟ ɨɩɟɪɚɰɢɨɧɧɵɟ ɫɢɫɬɟɦɵ, ɜɵ ɞɨɥɠɧɵ ɩɪɟɞɩɪɢɧɹɬɶ ɧɟɤɨɬɨɪɵɟ ɲɚɝɢ ɞɥɹ ɭɫɬɪɚɧɟɧɢɹ ɪɢɫɤɚ, ɫɜɹɡɚɧɧɨɝɨ ɫ ɩɨɹɜɥɟɧɢɟɦ ɟɞɢɧɫɬɜɟɧɧɨɣ ɬɨɱɤɢ ɜɨɡɦɨɠɧɨɝɨ ɨɬɤɚɡɚ (ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɧɵɣ PDC). ɉɪɟɞɨɬɜɪɚɬɢɬɶ ɩɟɪɟɡɚɝɪɭɡɤɭ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɦɨɠɧɨ, ɟɫɥɢ ɛɵɫɬɪɨ ɞɨɛɚɜɢɬɶ ɜ ɫɟɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫ Windows Server 2003. ȿɫɥɢ ɧɟ ɩɪɟɞɩɨɥɚɝɚɟɬɫɹ ɧɟɦɟɞɥɟɧɧɨɝɨ ɨɛɧɨɜɥɟɧɢɹ ɜɫɟɯ BDC ɫ ɫɢɫɬɟɦɨɣ Windows NT 4 Server ɢɥɢ ɞɨɛɚɜɥɟɧɢɹ ɧɨɜɵɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɫ Windows Server 2003, ɦɨɠɧɨ ɢɡɦɟɧɢɬɶ ɫɢɫɬɟɦɧɵɣ ɪɟɟɫɬɪ ɧɚ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɧɨɦ PDC ɬɚɤɢɦ ɨɛɪɚɡɨɦ, ɱɬɨɛɵ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ Windows Server 2003 ɷɦɭɥɢɪɨɜɚɥ ɩɨɜɟɞɟɧɢɟ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4 ɞɥɹ ɜɫɟɯ ɤɥɢɟɧɬɨɜ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɸɬɫɹ Windows 2000 Professional ɢ Windows ɏɊ Professional. ɑɬɨɛɵ ɜɤɥɸɱɢɬɶ ɪɟɠɢɦ ɷɦɭɥɹɰɢɢ Windows NT 4, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ ɧɚ PDC ɫ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɧɨɣ ɫɢɫɬɟɦɨɣ Windows NT 4. 1. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɤɨɦɩɶɸɬɟɪ ɛɵɥ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧ ɨɬ Windows NT 4 ɞɨ Windows Server 2003, ɞɨ ɧɚɱɚɥɚ ɭɫɬɚɧɨɜɤɢ Active Directory ɨɬɤɪɨɣɬɟ ɪɟɞɚɤɬɨɪ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ (ɧɚɩɟɱɚɬɚɣɬɟ regedit ɜ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Run). 2. ɋɨɡɞɚɣɬɟ ɡɧɚɱɟɧɢɟ NT4EMULATOR ɜ ɤɥɸɱɟ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro lSet\Services\ Netlogon\Parameters. 3. ȼɵɛɟɪɢɬɟ Edit (ɉɪɚɜɤɚ), ɡɚɬɟɦ New (ɇɨɜɵɣ), ɚ ɡɚɬɟɦ DWORD Value (Ɂɧɚɱɟɧɢɟ DWORD). Ɂɚɦɟɧɢɬɟ ɢɦɹ New Value #1 ɢɦɟɧɟɦ NT 4Emulator ɢ ɧɚɠɦɢɬɟ Enter. 4. ȼ ɦɟɧɸ Edit ɳɟɥɤɧɢɬɟ ɧɚ Modify(ɂɡɦɟɧɢɬɶ). ȼ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Edit DWORD Value (ɉɪɚɜɤɚ ɡɧɚɱɟɧɢɹ DWORD) ɧɚɩɟɱɚɬɚɣɬɟ 1 ɜ ɬɟɤɫɬɨɜɨɦ ɩɨɥɟ Value Data (Ⱦɚɧɧɵɟ), ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ ɈɄ. 5. ɋɨɯɪɚɧɢɬɟ ɢɡɦɟɧɟɧɢɹ ɢ ɡɚɤɪɨɣɬɟ ɪɟɞɚɤɬɨɪ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ. 6. Ɂɚɩɭɫɬɢɬɟ ɦɚɫɬɟɪ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory, ɧɚɩɟɱɚɬɚɜ dcpromo ɜ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Run. ɉɨɜɬɨɪɢɬɟ ɷɬɨɬ ɩɪɨɰɟɫɫ ɧɚ ɤɚɠɞɨɦ ɢɡ ɧɟɞɚɜɧɨ ɭɫɬɚɧɨɜɥɟɧɧɵɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɫ Windows Server 2003 ɢɥɢ ɧɚ ɤɚɠɞɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɫ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɧɨɣ ɫɢɫɬɟɦɨɣ Windows NT 4, ɩɨɤɚ ɧɟ ɛɭɞɟɬ ɜɜɟɞɟɧɨ ɞɨɫɬɚɬɨɱɧɨɟ ɤɨɥɢɱɟɫɬɜɨ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɫ Windows Server 2003, ɱɬɨɛɵ ɜɨɡɦɨɠɧɨɫɬɶ ɩɟɪɟɝɪɭɡɤɢ ɛɵɥɚ ɭɫɬɪɚɧɟɧɚ. ɂɦɟɣɬɟ ɜ ɜɢɞɭ, ɱɬɨ ɷɬɨ ɜɪɟɦɟɧɧɨɟ ɪɟɲɟɧɢɟ ɜɪɟɦɟɧɧɨɣ ɩɪɨɛɥɟɦɵ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɫɟ ɡɚɩɥɚɧɢɪɨɜɚɧɧɵɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫ Windows NT 4 ɛɭɞɭɬ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɵ ɞɨ Windows Server 2003, ɜɵ ɞɨɥɠɧɵ ɢɥɢ ɭɫɬɚɧɨɜɢɬɶ ɡɧɚɱɟɧɢɟ NT 4Emulator ɧɚ 0x0, ɢɥɢ ɭɞɚɥɢɬɶ ɤɥɸɱ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ ɞɥɹ ɤɚɠɞɨɝɨ ɢɡ ɦɨɞɢɮɢɰɢɪɨɜɚɧɧɵɯ ɤɨɦɩɶɸɬɟɪɨɜ. П че ы . NT 4 , NT 4EMULATOR. Э Windows Server 2003 Windows 2000, , Windows 2000 Professional Windows XP Professional, Active Directory. Windows Server 2003 . NT 4EMULATOR, . ( regedit Run). NeutralizeNT4Emulator HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\ Netlogon\Parameters. Edit ( ), New ( ), DWORD Value ( DWORD). New Value #1 NeutralizeNT4Emulator Enter. Edit ( ) Modify ( ). Edit DWORD Value ( DWORD) 1 Value Data ( ), . ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɫɟ BDC ɫ Windows NT 4 ɛɭɞɭɬ ɭɫɬɚɧɨɜɥɟɧɵ ɢɥɢ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɵ ɞɨ Windows Server 2003, ɨɛɧɨɜɥɟɧɢɟ ɦɨɠɧɨ ɫɱɢɬɚɬɶ ɩɨɱɬɢ ɡɚɤɨɧɱɟɧɧɵɦ. Ɂɚɤɥɸɱɢɬɟɥɶɧɵɣ ɲɚɝ ɫɨɫɬɨɢɬ ɜ ɩɨɞɧɹɬɢɢ ɮɭɧɤɰɢɨɧɚɥɶɧɨɝɨ ɭɪɨɜɧɹ ɞɨɦɟɧɚ ɢ ɥɟɫɚ ɫ ɭɪɨɜɧɹ mixed Windows 2000 (ɡɧɚɱɟɧɢɟ ɩɨ
ɭɦɨɥɱɚɧɢɸ) ɤ ɭɪɨɜɧɸ Windows Server 2003. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɦɨɞɟɪɧɢɡɢɪɨɜɚɥɢ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɞɨ Windows Server 2003, ɧɭɠɧɨ ɩɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɭɪɨɜɧɢ ɞɨɦɟɧɚ ɢ ɥɟɫɚ, ɱɬɨɛɵ ɨɳɭɬɢɬɶ ɩɪɟɢɦɭɳɟɫɬɜɚ ɨɬ ɨɛɧɨɜɥɟɧɢɹ ɫɟɬɟɜɨɣ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ. ɂɧɮɨɪɦɚɰɢɸ ɨ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɭɪɨɜɧɹɯ ɫɦɨɬɪɢɬɟ ɜ ɪɚɡɞɟɥɟ «ɉɪɟɞɫɬɚɜɥɟɧɢɟ ɨ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɭɪɨɜɧɹɯ» ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ. ɑɬɨɛɵ ɩɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɲɚɝɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɜ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɧɨɦ ɞɨɦɟɧɟ. 1. Ɉɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Domains And Trusts (Ⱦɨɦɟɧɵ ɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ Active Directory). 2. ȼ ɞɟɪɟɜɟ ɤɨɧɫɨɥɢ ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɞɨɦɟɧɟ, ɮɭɧɤɰɢɨɧɚɥɶɧɨɫɬɶ ɤɨɬɨɪɨɝɨ ɜɵ ɯɨɬɢɬɟ ɩɨɞɧɹɬɶ, ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ Raise Domain Functional Level (ɉɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ). 3. ȼ ɩɭɧɤɬɟ Select An Available Domain Functional Level (ȼɵɛɟɪɢɬɟ ɞɨɫɬɭɩɧɵɣ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ) ɜɵɛɟɪɢɬɟ ɨɞɢɧ ɢɡ ɜɚɪɢɚɧɬɨɜ: • ɱɬɨɛɵ ɩɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ ɞɨ ɭɪɨɜɧɹ Windows 2000 native (ɟɫɬɟɫɬɜɟɧɧɵɣ), ɳɟɥɤɧɢɬɟ ɧɚ Windows 2000 Native, ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ Raise (ɉɨɞɧɹɬɶ); • ɱɬɨɛɵ ɩɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ ɞɨ ɭɪɨɜɧɹ Windows Server 2003, ɜɵɛɟɪɢɬɟ Windows Server 2003, ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ Raise. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɩɨɞɧɹɥɢ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ (ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɞɨ ɟɫɬɟɫɬɜɟɧɧɨɝɨ (native) ɭɪɨɜɧɹ Windows 2000), ɜɵ ɦɨɠɟɬɟ ɩɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɥɟɫɚ ɞɨ Windows Server 2003. ɗɬɨ ɨɛɟɫɩɟɱɢɬ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɟ ɫɥɭɠɛɵ Active Directory ɩɨ ɜɫɟɦɭ ɥɟɫɭ. ɑɬɨɛɵ ɩɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɥɟɫɚ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. Ɉɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Domains And Trusts. ȼ ɞɟɪɟɜɟ ɤɨɧɫɨɥɢ ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɭɡɥɟ Active Directory Domains And Trusts, ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ Raise Forest Functional Level (ɉɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ). ȼ ɩɭɧɤɬɟ Select An Available Domain Functional Level (ȼɵɛɟɪɢɬɟ ɞɨɫɬɭɩɧɵɣ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ) ɜɵɛɟɪɢɬɟ 2003 Windows Server, ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ Raise (ɉɨɞɧɹɬɶ). ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. ɉɪɨɰɟɞɭɪɚ ɩɨɞɧɹɬɢɹ ɮɭɧɤɰɢɨɧɚɥɶɧɨɝɨ ɭɪɨɜɧɹ ɞɨɦɟɧɚ ɢɥɢ ɥɟɫɚ ɹɜɥɹɟɬɫɹ ɧɟɨɛɪɚɬɢɦɨɣ. Ⱦɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɛɨɥɟɟ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ ɜɵ ɞɨɥɠɧɵ ɛɭɞɟɬɟ ɞɟɢɧɫɬɚɥɥɢɪɨɜɚɬɶ Active Directory (ɩɪɢ ɷɬɨɦ ɩɨɫɥɟ ɞɟɢɧɫɬɚɥɥɹɰɢɢ ɫɥɭɠɛɵ ɧɚ ɩɨɫɥɟɞɧɟɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɞɨɦɟɧ ɛɭɞɟɬ ɭɞɚɥɟɧ), ɚ ɡɚɬɟɦ ɩɨɜɬɨɪɧɨ ɭɫɬɚɧɨɜɢɬɶ ɫɥɭɠɛɭ ɤɚɬɚɥɨɝɚ. Ɏɭɧɤɰɢɨɧɚɥɶɧɵɟ ɭɪɨɜɧɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɜ Windows Server 2003, ɱɬɨɛɵ ɡɚɞɟɣɫɬɜɨɜɚɬɶ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɧɚɛɨɪ ɮɭɧɤɰɢɣ Active Directory ɞɥɹ ɬɟɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɢɯ ɩɨɞɞɟɪɠɢɜɚɬɶ. ɍɪɨɜɟɧɶ ɮɭɧɤɰɢɨɧɚɥɶɧɨɫɬɢ, ɤɨɬɨɪɵɣ ɜɵ ɜɵɛɟɪɟɬɟ ɞɥɹ ɜɚɲɟɝɨ ɩɪɟɞɩɪɢɹɬɢɹ, ɞɢɤɬɭɟɬɫɹ ɜɟɪɫɢɟɣ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ Windows, ɜɵɩɨɥɧɹɸɳɟɣɫɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ. Ɏɭɧɤɰɢɨɧɚɥɶɧɵɟ ɭɪɨɜɧɢ ɦɨɝɭɬ ɛɵɬɶ ɭɫɬɚɧɨɜɥɟɧɵ ɢ ɞɥɹ ɞɨɦɟɧɚ, ɢ ɞɥɹ ɥɟɫɚ. Ʉɨɝɞɚ ɭɪɨɜɟɧɶ ɥɟɫɚ ɭɫɬɚɧɨɜɥɟɧ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ Windows Server 2003, ɜɫɟ ɮɭɧɤɰɢɢ Active Directory ɞɨɫɬɭɩɧɵ. Ʉɨɧɰɟɩɰɢɹ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɭɪɨɜɧɟɣ ɩɨɞɨɛɧɚ ɩɚɪɚɦɟɬɪɚɦ ɧɚɫɬɪɨɣɤɢ ɫɦɟɲɚɧɧɨɝɨ ɢ ɟɫɬɟɫɬɜɟɧɧɨɝɨ ɪɟɠɢɦɚ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɩɪɟɞɫɬɚɜɥɟɧɵ ɜ Windows Server 2000. ɗɬɢ ɩɨɧɹɬɢɹ ɛɵɥɢ ɪɚɫɲɢɪɟɧɵ ɜ Windows Server 2003, ɱɬɨɛɵ ɜɦɟɫɬɢɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɮɭɧɤɰɢɢ Active Directory. Ɏɭɧɤɰɢɨɧɚɥɶɧɵɟ ɭɪɨɜɧɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɨɛɟɫɩɟɱɢɬɶ ɨɛɪɚɬɧɭɸ ɫɨɜɦɟɫɬɢɦɨɫɬɶ ɫ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɨɜ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ. ɂɦɟɸɬɫɹ ɱɟɬɵɪɟ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɭɪɨɜɧɹ ɞɨɦɟɧɚ: Windows 2000 mixed (ɫɦɟɲɚɧɧɵɣ) (ɡɧɚɱɟɧɢɟ ɩɨ ɭɦɨɥɱɚɧɢɸ), Windows 2000 native (ɟɫɬɟɫɬɜɟɧɧɵɣ), Windows Server 2003 interim (ɜɪɟɦɟɧɧɵɣ) ɢ Windows Server 2003. Ʉɨɝɞɚ ɜɵ ɦɨɞɟɪɧɢɡɢɪɭɟɬɟ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ, ɢɦɟɸɳɢɟɫɹ ɜ ɞɨɦɟɧɟ, ɞɨ Windows Server 2003, ɜɵ ɞɨɥɠɧɵ ɩɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɷɬɨɝɨ ɞɨɦɟɧɚ ɞɨ ɭɪɨɜɧɹ Windows Server 2003. ɉɨɞɴɟɦ ɮɭɧɤɰɢɨɧɚɥɶɧɨɝɨ ɭɪɨɜɧɹ ɞɨɦɟɧɚ ɨɬ ɫɦɟɲɚɧɧɨɝɨ Windows 2000 ɤ ɟɫɬɟɫɬɜɟɧɧɨɦɭ Windows 2000 ɢɥɢ ɤ Windows Server 2003 ɡɚɞɟɣɫɬɜɭɟɬ ɬɚɤɢɟ ɮɭɧɤɰɢɢ, ɤɚɤ SID-History, Universal Groups (ɍɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ) ɢ ɜɥɨɠɟɧɧɵɟ ɝɪɭɩɩɵ. ɂɦɟɸɬɫɹ ɬɪɢ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɭɪɨɜɧɹ ɥɟɫɚ: Windows 2000, Windows Server 2003 interim ɢ
Windows Server 2003. ɑɬɨɛɵ ɡɚɞɟɣɫɬɜɨɜɚɬɶ ɜɫɟ ɮɭɧɤɰɢɢ Active Directory ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɜɫɟ ɞɨɦɟɧɵ ɥɟɫɚ ɛɭɞɭɬ ɪɚɛɨɬɚɬɶ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ native Windows 2000 ɢɥɢ ɜɵɲɟ, ɧɭɠɧɨ ɩɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɥɟɫɚ ɞɨ ɭɪɨɜɧɹ Windows Server 2003. ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. ɇɟ ɩɨɞɧɢɦɚɣɬɟ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɥɟɫɚ ɞɨ ɭɪɨɜɧɹ Windows Server 2003, ɟɫɥɢ ɭ ɜɚɫ ɟɫɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɟɬɫɹ ɫɢɫɬɟɦɚ Windows NT 4 Server ɢɥɢ Windows 2000 Server. Ʉɚɤ ɬɨɥɶɤɨ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɥɟɫɚ ɛɭɞɟɬ ɩɨɞɧɹɬ ɞɨ ɭɪɨɜɧɹ Windows Server 2003, ɟɝɨ ɧɟɥɶɡɹ ɜɟɪɧɭɬɶ ɧɚɡɚɞ ɧɚ ɭɪɨɜɟɧɶ mixed ɢɥɢ native Windows 2000, ɢ ɜɵ ɧɟ ɫɦɨɠɟɬɟ ɩɨɞɞɟɪɠɢɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ ɜɚɲɟɝɨ ɥɟɫɚ.
Windows 2000 Server
ɉɪɨɰɟɫɫ ɨɛɧɨɜɥɟɧɢɹ ɞɨɦɟɧɚ ɫ Active Directory Windows 2000 Server ɞɨ Active Directory Windows Server 2003 ɛɨɥɟɟ ɩɪɨɫɬ ɩɨ ɫɪɚɜɧɟɧɢɸ ɫ ɨɛɧɨɜɥɟɧɢɟɦ ɞɨɦɟɧɚ Windows NT 4. ɋɟɬɢ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɫɢɫɬɟɦɟ Windows 2000, ɭɠɟ ɢɫɩɨɥɶɡɭɸɬ Active Directory ɜ ɤɚɱɟɫɬɜɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɩɨɷɬɨɦɭ ɷɬɨɬ ɩɟɪɟɯɨɞ ɛɨɥɶɲɟ ɩɨɯɨɠ ɧɚ ɫɰɟɧɚɪɢɣ ɱɢɫɬɨɝɨ ɨɛɧɨɜɥɟɧɢɹ, ɱɟɦ ɧɚ ɦɨɞɟɪɧɢɡɚɰɢɸ. ȼ ɦɨɞɟɪɧɢɡɚɰɢɢ ɫɢɫɬɟɦɵ Windows 2000 ɢɦɟɟɬɫɹ ɧɟɫɤɨɥɶɤɨ ɫɩɟɰɢɮɢɱɟɫɤɢɯ ɲɚɝɨɜ, ɨ ɤɨɬɨɪɵɯ ɜɵ ɞɨɥɠɧɵ ɡɧɚɬɶ ɩɟɪɟɞ ɧɚɱɚɥɨɦ ɨɛɧɨɜɥɟɧɢɹ. ȼɵ ɞɨɥɠɧɵ «ɩɨɞɝɨɬɨɜɢɬɶ» ɞɨɦɟɧ ɫ Active Directory Windows 2000 ɢ ɥɟɫ ɞɥɹ ɨɛɧɨɜɥɟɧɢɹ ɞɨ Active Directory Windows Server 2003. ɗɬɢ ɩɪɨɰɟɫɫɵ ɨɛɧɨɜɹɬ ɫɬɪɭɤɬɭɪɵ ɫɭɳɟɫɬɜɭɸɳɢɯ ɞɨɦɟɧɨɜ ɢ ɥɟɫɚ, ɱɬɨɛɵ ɨɧɢ ɛɵɥɢ ɫɨɜɦɟɫɬɢɦɵ ɫ ɧɨɜɵɦɢ ɮɭɧɤɰɢɹɦɢ Active Directory. ɇɚɢɥɭɱɲɚɹ ɩɪɚɤɬɢɤɚ ɉɟɪɟɞ ɩɨɞɝɨɬɨɜɤɨɣ ɞɨɦɟɧɚ (ɢ ɥɟɫɚ, ɜ ɤɨɬɨɪɨɦ ɨɧ ɪɚɫɩɨɥɨɠɟɧ) ɜɵ ɞɨɥɠɧɵ ɩɪɢɦɟɧɢɬɶ ɤɨɦɩɥɟɤɬ ɨɛɧɨɜɥɟɧɢɹ Windows 2000 Server Service Pack 2 (SP2), ɢɥɢ ɛɨɥɟɟ ɩɨɡɞɧɢɣ, ɤɨ ɜɫɟɦ ɤɨɧɬɪɨɥɥɟɪɚɦ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɟɬɫɹ Windows 2000 Server. ȼɵ ɦɨɠɟɬɟ ɡɚɝɪɭɡɢɬɶ ɤɨɦɩɥɟɤɬɵ ɨɛɧɨɜɥɟɧɢɣ ɞɥɹ Windows 2000 Server ɫ ɜɟɛ-ɫɚɣɬɚ Microsoft ɩɨ ɚɞɪɟɫɭ http://www.microsoft.com/ windows2000/downloads /servicepacks/default, asp. ɑɬɨɛɵ ɩɨɞɝɨɬɨɜɢɬɶ ɥɟɫ Active Directory ɞɥɹ ɨɛɧɨɜɥɟɧɢɹ, ɢɫɩɨɥɶɡɭɣɬɟ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Adprep.exe, ɱɬɨɛɵ ɫɞɟɥɚɬɶ ɧɟɨɛɯɨɞɢɦɵɟ ɢɡɦɟɧɟɧɢɹ ɤ ɫɯɟɦɟ Active Directory. ɉɨɦɧɢɬɟ, ɱɬɨ ɷɬɨɬ ɩɪɨɰɟɫɫ ɧɭɠɧɨ ɜɵɩɨɥɧɢɬɶ ɩɪɟɠɞɟ, ɱɟɦ ɛɭɞɟɬ ɧɚɱɚɬɨ ɨɛɧɨɜɥɟɧɢɟ ɞɨ Windows Server 2003. ɑɬɨɛɵ ɩɨɞɝɨɬɨɜɢɬɶ ɥɟɫ ɤ ɨɛɧɨɜɥɟɧɢɸ ɩɟɪɜɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɫ Windows 2000 Server ɞɨ Windows Server 2003, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. ɇɚɣɞɢɬɟ ɫɟɪɜɟɪ, ɤɨɬɨɪɵɣ ɹɜɥɹɟɬɫɹ ɯɨɡɹɢɧɨɦ ɫɯɟɦɵ. Ⱦɥɹ ɷɬɨɝɨ ɨɬɤɪɨɣɬɟ ɨɫɧɚɫɬɤɭ Active Directory Schema Microsoft Management Console (Ʉɨɧɫɨɥɶ ɭɩɪɚɜɥɟɧɢɹ ɫɯɟɦɨɣ), ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɭɡɥɟ Active Directory Schema (ɋɯɟɦɚ Active Directory), ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ Operations Master (ɏɨɡɹɢɧ ɨɩɟɪɚɰɢɣ). ȼ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Change Schema Master (ɂɡɦɟɧɟɧɢɟ ɯɨɡɹɢɧɚ ɫɯɟɦɵ) ɧɚɣɞɢɬɟ ɢɦɹ ɬɟɤɭɳɟɝɨ ɯɨɡɹɢɧɚ ɫɯɟɦɵ. ɋɞɟɥɚɣɬɟ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ ɯɨɡɹɢɧɚ ɫɯɟɦɵ. ȼɨɡɦɨɠɧɨ, ɜɚɦ ɩɨɬɪɟɛɭɟɬɫɹ ɜɨɫɫɬɚɧɨɜɢɬɶ ɷɬɨɬ ɨɛɪɚɡ, ɟɫɥɢ ɩɨɞɝɨɬɨɜɤɚ ɥɟɫɚ ɧɟ ɛɭɞɟɬ ɭɫɩɟɲɧɨɣ. Ɉɬɫɨɟɞɢɧɢɬɟ ɯɨɡɹɢɧɚ ɫɯɟɦɵ ɨɬ ɫɟɬɢ. ɇɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɣɬɟ ɩɨɞɤɥɸɱɟɧɢɟ ɞɨ ɲɚɝɚ 8 ɜ ɷɬɨɣ ɩɪɨɰɟɞɭɪɟ. ȼɫɬɚɜɶɬɟ ɤɨɦɩɚɤɬ-ɞɢɫɤ Windows Server 2003 ɜ ɞɢɫɤɨɜɨɞ CD-ROM. Ɉɬɤɪɨɣɬɟ ɤɨɦɚɧɞɧɭɸ ɫɬɪɨɤɭ, ɩɟɪɟɣɞɢɬɟ ɧɚ ɞɢɫɤɨɜɨɞ CD-ROM ɢ ɨɬɤɪɨɣɬɟ ɩɚɩɤɭ \I386. ɇɚɩɟɱɚɬɚɣɬɟ adprep/forestprep. ȼɵ ɞɨɥɠɧɵ ɛɵɬɶ ɱɥɟɧɨɦ ɝɪɭɩɩ Enterprise Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɩɪɟɞɩɪɢɹɬɢɹ) ɢ Schema Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɫɯɟɦɵ) ɜ Active Directory, ɢɥɢ ɜɚɦ ɞɨɥɠɧɵ ɛɵɬɶ ɞɟɥɟɝɢɪɨɜɚɧɵ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɟ ɩɨɥɧɨɦɨɱɢɹ. ɑɬɨɛɵ ɩɪɨɜɟɪɢɬɶ ɜɵɩɨɥɧɟɧɢɟ ɤɨɦɚɧɞɵ, ɨɬɤɪɨɣɬɟ Event Viewer (ɋɪɟɞɫɬɜɨ ɩɪɨɫɦɨɬɪɚ ɫɨɛɵɬɢɣ) ɢ ɩɪɨɜɟɪɶɬɟ ɫɢɫɬɟɦɧɵɣ ɠɭɪɧɚɥ ɧɚ ɩɪɟɞɦɟɬ ɨɲɢɛɨɤ ɢɥɢ ɧɟɨɠɢɞɚɧɧɵɯ ɫɨɛɵɬɢɣ. ȿɫɥɢ ɜɵ ɧɚɣɞɟɬɟ ɫɨɨɛɳɟɧɢɹ ɨɛ ɨɲɢɛɤɚɯ, ɫɜɹɡɚɧɧɵɟ ɫ ɩɪɨɰɟɫɫɨɦ ɩɨɞɝɨɬɨɜɤɢ ɥɟɫɚ, ɡɚɣɦɢɬɟɫɶ ɷɬɢɦɢ ɨɲɢɛɤɚɦɢ, ɩɪɟɠɞɟ ɱɟɦ ɜɵɩɨɥɧɹɬɶ ɫɥɟɞɭɸɳɢɣ ɲɚɝ. ȿɫɥɢ ɜɵ ɧɟ ɦɨɠɟɬɟ ɪɚɫɫɥɟɞɨɜɚɬɶ ɨɲɢɛɤɢ, ɢɫɩɨɥɶɡɭɣɬɟ ɢɧɫɬɪɭɦɟɧɬ ɞɢɚɝɧɨɫɬɢɤɢ Active Directory (ɧɚɩɟɱɚɬɚɜ dcdiag ɜ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Run), ɱɬɨɛɵ ɩɪɨɜɟɪɢɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɨɫɬɶ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɧɟ ɦɨɠɟɬɟ ɪɚɡɨɛɪɚɬɶɫɹ ɫ ɷɬɢɦɢ ɨɲɢɛɤɚɦɢ, ɜɨɫɫɬɚɧɨɜɢɬɟ ɯɨɡɹɢɧɚ ɫɯɟɦɵ ɢɡ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ, ɢɫɫɥɟɞɭɣɬɟ ɫɤɨɪɪɟɤɬɢɪɨɜɚɧɧɵɟ ɞɟɣɫɬɜɢɹ ɢ ɞɨɛɟɣɬɟɫɶ, ɱɬɨɛɵ ɩɨɞɝɨɬɨɜɤɚ ɥɟɫɚ ɛɵɥɚ ɡɚɤɨɧɱɟɧɚ ɭɫɩɟɲɧɨ. ȿɫɥɢ ɢɧɫɬɪɭɦɟɧɬ adprep/forestprep ɜɵɩɨɥɧɢɥɫɹ ɛɟɡ ɨɲɢɛɨɤ, ɩɨɜɬɨɪɧɨ ɩɨɞɤɥɸɱɢɬɟ ɯɨɡɹɢɧɚ
ɫɯɟɦɵ ɤ ɫɟɬɢ. ɇɚ ɷɬɨɦ ɡɚɜɟɪɲɢɬɫɹ ɩɨɞɝɨɬɨɜɤɚ ɥɟɫɚ ɤ ɨɛɧɨɜɥɟɧɢɸ ɞɨɦɟɧɚ ɫ Windows 2000 Server ɞɨ Windows Server 2003. ɋɥɟɞɭɸɳɢɣ ɲɚɝ ɫɨɫɬɨɢɬ ɜ ɩɨɞɝɨɬɨɜɤɟ ɞɨɦɟɧɚ. ɋɨɜɟɬ. ɉɟɪɟɞ ɧɚɱɚɥɨɦ ɩɨɞɝɨɬɨɜɤɢ ɞɨɦɟɧɚ ɩɨɞɨɠɞɢɬɟ, ɩɨɤɚ ɢɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɜ ɯɨɡɹɢɧɟ ɫɯɟɦɵ, ɛɭɞɭɬ ɪɟɩɥɢɰɢɪɨɜɚɧɵ ɯɨɡɹɢɧɭ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ. ɉɨɦɧɢɬɟ, ɱɬɨ ɟɫɥɢ ɫɟɪɜɟɪɵ ɧɚɯɨɞɹɬɫɹ ɜ ɪɚɡɥɢɱɧɵɯ ɫɚɣɬɚɯ, ɜɵ ɞɨɥɠɧɵ ɠɞɚɬɶ ɞɨɥɶɲɟ, ɱɬɨɛɵ ɡɚɜɟɪɲɢɬɶ ɪɟɩɥɢɤɚɰɢɸ. ȿɫɥɢ ɜɵ ɩɨɩɪɨɛɭɟɬɟ ɜɵɩɨɥɧɢɬɶ ɩɪɨɰɟɫɫ ɩɨɞɝɨɬɨɜɤɢ ɞɨɦɟɧɚ, ɩɪɟɠɞɟ ɱɟɦ ɢɡɦɟɧɟɧɢɹ ɛɭɞɟɬ ɪɟɩɥɢɰɢɪɨɜɚɧɵ, ɫɨɨɛɳɟɧɢɟ ɨɛ ɨɲɢɛɤɚɯ ɭɜɟɞɨɦɢɬ ɜɚɦ, ɱɬɨ ɧɟɨɛɯɨɞɢɦɨ ɟɳɟ ɩɨɞɨɠɞɚɬɶ. ɉɨɞɝɨɬɨɜɤɚ ɞɨɦɟɧɚ ɨɱɟɧɶ ɩɨɯɨɠɚ ɧɚ ɩɨɞɝɨɬɨɜɤɭ ɥɟɫɚ. Ⱦɥɹ ɷɬɨɝɨ ɧɭɠɧɨ ɧɚɣɬɢ ɢ ɩɨɞɝɨɬɨɜɢɬɶ ɞɟɪɠɚɬɟɥɹ ɪɨɥɢ ɯɨɡɹɢɧɚ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɜɦɟɫɬɨ ɯɨɡɹɢɧɚ ɫɯɟɦɵ. ɑɬɨɛɵ ɩɨɞɝɨɬɨɜɢɬɶ ɤɚɠɞɵɣ ɞɨɦɟɧ ɞɥɹ ɨɛɧɨɜɥɟɧɢɹ ɩɟɪɜɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɫ Windows 2000 Server ɞɨ Windows Server 2003, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. ɇɚɣɞɢɬɟ ɫɟɪɜɟɪ, ɤɨɬɨɪɵɣ ɹɜɥɹɟɬɫɹ ɯɨɡɹɢɧɨɦ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ. Ⱦɥɹ ɷɬɨɝɨ ɨɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Users And Computers, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɭɡɥɟ ɞɨɦɟɧɚ, ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ Operations Masters (ɏɨɡɹɟɜɚ ɨɩɟɪɚɰɢɣ). ɇɚ ɜɤɥɚɞɤɟ Infrastructure (ɂɧɮɪɚɫɬɪɭɤɬɭɪɚ) ɨɤɧɚ Operations Masters ɭɡɧɚɣɬɟ ɢɦɹ ɬɟɤɭɳɟɝɨ ɯɨɡɹɢɧɚ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ. ɇɚ ɫɟɪɜɟɪɟ, ɮɭɧɤɰɢɨɧɢɪɭɸɳɟɦ ɤɚɤ ɯɨɡɹɢɧ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ, ɜɫɬɚɜɶɬɟ ɤɨɦɩɚɤɬ-ɞɢɫɤ Windows Server 2003 ɜ ɞɢɫɤɨɜɨɞ CD-ROM. Ɉɬɤɪɨɣɬɟ ɤɨɦɚɧɞɧɭɸ ɫɬɪɨɤɭ, ɩɟɪɟɣɞɢɬɟ ɧɚ ɞɢɫɤɨɜɨɞ CD-ROM ɢ ɨɬɤɪɨɣɬɟ ɩɚɩɤɭ \I386. ɇɚɩɟɱɚɬɚɣɬɟ adprep/domainprep. ȼɵ ɞɨɥɠɧɵ ɛɵɬɶ ɱɥɟɧɨɦ ɝɪɭɩɩ Domain Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ) ɢɥɢ Enterprise Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɩɪɟɞɩɪɢɹɬɢɹ) ɜ Active Directory, ɢɥɢ ɜɚɦ ɞɨɥɠɧɵ ɛɵɬɶ ɞɟɥɟɝɢɪɨɜɚɧɵ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɟ ɩɨɥɧɨɦɨɱɢɹ. Ⱦɥɹ ɩɪɨɜɟɪɤɢ ɜɵɩɨɥɧɟɧɢɹ ɤɨɦɚɧɞɵ ɨɬɤɪɨɣɬɟ Event Viewer (ɋɪɟɞɫɬɜɨ ɩɪɨɫɦɨɬɪɚ ɫɨɛɵɬɢɣ) ɢ ɩɨɢɳɢɬɟ ɨɲɢɛɤɢ ɢɥɢ ɧɟɨɠɢɞɚɧɧɵɟ ɫɨɛɵɬɢɹ ɜ ɫɢɫɬɟɦɧɨɦ ɠɭɪɧɚɥɟ. ȿɫɥɢ ɢɧɫɬɪɭɦɟɧɬ adprep/domainprep ɜɵɩɨɥɧɢɥɫɹ ɛɟɡ ɨɲɢɛɨɤ, ɡɧɚɱɢɬ, ɜɵ ɭɫɩɟɲɧɨ ɩɨɞɝɨɬɨɜɢɥɢ ɞɨɦɟɧ ɤ ɨɛɧɨɜɥɟɧɢɸ ɫ Windows 2000 Server ɞɨ Windows Server 2003. ɉɨɜɬɨɪɢɦ ɟɳɟ ɪɚɡ, ɱɬɨ ɜɵ ɞɨɥɠɧɵ ɩɨɞɨɠɞɚɬɶ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɢɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɧɚ ɯɨɡɹɢɧɟ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ, ɧɟ ɛɭɞɭɬ ɪɟɩɥɢɰɢɪɨɜɚɧɵ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɥɟɫɚ ɩɟɪɟɞ ɨɛɧɨɜɥɟɧɢɟɦ ɥɸɛɨɝɨ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɧɚɱɧɟɬɟ ɦɨɞɟɪɧɢɡɢɪɨɜɚɬɶ ɨɞɢɧ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɩɪɟɠɞɟ, ɱɟɦ ɢɡɦɟɧɟɧɢɹ ɛɭɞɭɬ ɪɟɩɥɢɰɢɪɨɜɚɧɵ, ɫɨɨɛɳɟɧɢɟ ɨɛ ɨɲɢɛɤɚɯ ɭɜɟɞɨɦɢɬ ɜɚɫ, ɱɬɨ ɧɟɨɛɯɨɞɢɦɨ ɩɨɞɨɠɞɚɬɶ. Ɍɟɩɟɪɶ, ɤɨɝɞɚ ɞɨɦɟɧ ɢ ɥɟɫ ɩɨɞɝɨɬɨɜɥɟɧɵ ɞɥɹ ɨɛɧɨɜɥɟɧɢɹ ɞɨ Active Directory Windows Server 2003, ɜɵ ɦɨɠɟɬɟ ɧɚɱɢɧɚɬɶ. ȼ ɨɬɥɢɱɢɟ ɨɬ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4 ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɫɟɬɢ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɟɬɫɹ Windows 2000, ɹɜɥɹɸɬɫɹ ɜ ɧɟɤɨɬɨɪɨɦ ɫɦɵɫɥɟ PDC ɤɨɧɬɪɨɥɥɟɪɚɦɢ. Ɉɧɢ ɨɞɢɧɚɤɨɜɨ ɫɩɨɫɨɛɧɵ ɩɢɫɚɬɶ ɜ ɛɚɡɭ ɞɚɧɧɵɯ Active Directory, ɩɨɞɬɜɟɪɠɞɚɬɶ ɩɨɞɥɢɧɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɨɬɜɟɱɚɬɶ ɧɚ ɡɚɩɪɨɫɵ. Ɂɚ ɢɫɤɥɸɱɟɧɢɟɦ ɞɟɪɠɚɬɟɥɟɣ ɪɨɥɟɣ ɯɨɡɹɟɜ ɨɩɟɪɚɰɢɣ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɪɚɜɧɵ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɧɟ ɢɦɟɟɬ ɡɧɚɱɟɧɢɹ, ɤɚɤɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜɵ ɛɭɞɟɬɟ ɦɨɞɟɪɧɢɡɢɪɨɜɚɬɶ ɩɟɪɜɵɦ. ɉɪɨɰɟɫɫ ɨɛɧɨɜɥɟɧɢɹ Windows 2000 ɬɚɤɨɣ ɠɟ, ɤɚɤ ɞɥɹ ɨɛɧɨɜɥɟɧɢɹ Windows NT 4 ɞɨ Windows Server 2003. Ɉɧ ɫɨɫɬɨɢɬ ɢɡ ɞɜɭɯ ɲɚɝɨɜ: ɦɨɞɟɪɧɢɡɚɰɢɹ NOS ɞɨ Windows Server 2003 ɢ ɜɵɩɨɥɧɟɧɢɟ ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory.
ɉɭɬɶ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ ɧɚɢɛɨɥɟɟ ɱɚɫɬɨ ɜɵɛɢɪɚɟɬɫɹ ɨɪɝɚɧɢɡɚɰɢɹɦɢ, ɤɨɬɨɪɵɟ ɧɭɠɞɚɸɬɫɹ ɜ ɢɡɦɟɧɟɧɢɢ ɫɬɪɭɤɬɭɪɵ ɫɜɨɟɣ ɫɥɭɠɛɵ Active Directory. ɑɬɨɛɵ ɜɵɩɨɥɧɢɬɶ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɸ ɞɨɦɟɧɚ, ɜɵ ɫɧɚɱɚɥɚ ɞɨɥɠɧɵ ɫɨɡɞɚɬɶ ɧɭɠɧɭɸ ɫɬɪɭɤɬɭɪɭ ɥɟɫɚ ɢ ɞɨɦɟɧɚ, ɚ ɡɚɬɟɦ ɩɟɪɟɦɟɫɬɢɬɶ ɫɭɳɟɫɬɜɭɸɳɢɟ ɨɛɴɟɤɬɵ Active Directory ɜ ɷɬɭ ɧɨɜɭɸ ɫɬɪɭɤɬɭɪɭ. ɗɬɚ ɧɨɜɚɹ ɫɬɪɭɤɬɭɪɚ ɧɚɡɵɜɚɟɬɫɹ ɬɚɤɠɟ «ɱɢɫɬɵɦ» ɥɟɫɨɦ.
. (
Active Directory ). Windows NT 4 Windows Server 2003, . Active Directory Windows 2000 Active Directory Windows Server 2003 « ». Ɋɚɛɨɬɚ ɩɨ ɩɟɪɟɦɟɳɟɧɢɸ ɨɛɴɟɤɬɨɜ Active Directory (ɤɨɬɨɪɵɟ ɜɤɥɸɱɚɸɬ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɝɪɭɩɩ ɢ ɤɨɦɩɶɸɬɟɪɨɜ, ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɢ ɫɥɭɠɛ) ɨɛɥɟɝɱɟɧɚ ɡɚ ɫɱɟɬ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɢɧɫɬɪɭɦɟɧɬɨɜ ɦɨɞɟɪɧɢɡɚɰɢɢ ɞɨɦɟɧɚ. ɂɦɟɟɬɫɹ ɦɧɨɠɟɫɬɜɨ ɫɪɟɞɫɬɜ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɷɬɨɣ ɡɚɞɚɱɢ — ɢ ɨɬ ɤɨɦɩɚɧɢɢ Microsoft, ɢ ɨɬ ɫɬɨɪɨɧɧɢɯ ɩɪɨɢɡɜɨɞɢɬɟɥɟɣ. ɇɢɠɟ ɩɪɢɜɨɞɢɬɫɹ ɫɩɢɫɨɤ ɫɪɟɞɫɬɜ, ɢɦɟɸɳɢɯɫɹ ɜ ɧɚɫɬɨɹɳɟɟ ɜɪɟɦɹ (ɢɥɢ ɜ ɛɥɢɠɚɣɲɟɣ ɩɟɪɫɩɟɤɬɢɜɟ) ɭ ɢɯ ɢɡɝɨɬɨɜɢɬɟɥɟɣ. ɍɛɟɞɢɬɟɫɶ, ɱɬɨ ɜɵ ɜɵɛɪɚɥɢ ɜɟɪɫɢɸ ɢɧɫɬɪɭɦɟɧɬɚ, ɤɨɬɨɪɚɹ ɩɨɞɞɟɪɠɢɜɚɟɬ ɩɟɪɟɯɨɞ ɤ ɞɨɦɟɧɚɦ Active Directory ɜ Windows Server 2003. ȼɤɥɸɱɢɬɟ ɜ ɜɚɲɟ ɩɥɚɧɢɪɨɜɚɧɢɟ ɦɨɞɟɪɧɢɡɚɰɢɢ ɞɨɦɟɧɚ ɡɚɞɚɱɭ ɩɨɜɬɨɪɧɨɝɨ ɢɫɫɥɟɞɨɜɚɧɢɹ ɞɨɫɬɭɩɧɵɯ ɢɧɫɬɪɭɦɟɧɬɨɜ ɩɟɪɟɯɨɞɚ ɢ ɨɩɪɟɞɟɥɟɧɢɹ ɧɚɢɛɨɥɟɟ ɩɨɞɯɨɞɹɳɟɝɨ. Active Directory Migration Tool (ɂɧɫɬɪɭɦɟɧɬ ɦɨɞɟɪɧɢɡɚɰɢɢ Active Directory) (ADMT). Ɉɧ ɧɚɯɨɞɢɬɫɹ ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤɟ Windows Server 2003 ɩɚɩɤɟ ɜ \I386\ADMT. Ⱦɜɚɠɞɵ ɳɟɥɤɧɢɬɟ ɧɚ ɮɚɣɥɟ Admigration.msi ɞɥɹ ɟɝɨ ɭɫɬɚɧɨɜɤɢ. Ɉɰɟɧɨɱɧɚɹ ɜɟɪɫɢɹ ɢɧɫɬɪɭɦɟɧɬɚ bv-Admin ɞɥɹ ɦɨɞɟɪɧɢɡɚɰɢɢ Windows 2000 ɢ Windows Server 2003 ɨɬ ɤɨɪɩɨɪɚɰɢɢ BindView (http://www.bindview.com/products/Admin/winmig.cfm) ɦɨɠɧɨ ɜɡɹɬɶ ɧɚ ɜɟɛ-ɫɚɣɬɟ ɩɪɨɞɭɤɬɨɜ ɤɨɦɩɚɧɢɢ. ɂɫɩɵɬɚɬɟɥɶɧɚɹ ɜɟɪɫɢɹ ɩɪɨɝɪɚɦɦɵ Domain Migration Administrator (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪ ɦɨɞɟɪɧɢɡɚɰɢɢ ɞɨɦɟɧɚ) (DMA) ɨɬ ɤɨɦɩɚɧɢɢ NetlQ (http://www.netiq.com/products/dma/) ɞɨɫɬɭɩɧɚ ɞɥɹ ɡɚɝɪɭɡɤɢ ɧɚ ɜɟɛ-ɫɚɣɬɟ ɩɪɨɞɭɤɬɨɜ ɤɨɦɩɚɧɢɢ. ɂɫɩɵɬɚɬɟɥɶɧɚɹ ɜɟɪɫɢɹ ɩɪɨɝɪɚɦɦɵ Domain Migration Wizard (Ɇɚɫɬɟɪ ɦɨɞɟɪɧɢɡɚɰɢɢ ɞɨɦɟɧɚ) (DMW) ɨɬ ɤɨɦɩɚɧɢɢ Aelita Software (http:// www.aelita.com/products/DMW.htm) ɞɨɫɬɭɩɧɚ ɞɥɹ ɡɚɝɪɭɡɤɢ ɧɚ ɜɟɛɫɚɣɬɟ ɩɪɨɞɭɤɬɨɜ ɤɨɦɩɚɧɢɢ. Ɉɫɬɚɜɲɚɹɫɹ ɱɚɫɬɶ ɷɬɨɝɨ ɪɚɡɞɟɥɚ ɛɭɞɟɬ ɩɨɫɜɹɳɟɧɚ ɤɨɧɰɟɩɬɭɚɥɶɧɵɦ ɚɫɩɟɤɬɚɦ ɩɪɨɰɟɫɫɚ ɦɨɞɟɪɧɢɡɚɰɢɢ, ɚ ɧɟ ɞɟɬɚɥɹɦ ɫɩɟɰɢɮɢɱɟɫɤɢɯ ɢɧɫɬɪɭɦɟɧɬɨɜ. ȼ ɫɥɭɱɚɟ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɩɪɨɰɟɫɫ ɛɭɞɟɬ ɨɩɢɫɚɧ ɜ ɤɨɧɬɟɤɫɬɟ ɢɧɫɬɪɭɦɟɧɬɚ ɦɨɞɟɪɧɢɡɚɰɢɢ Active Directory ADMT ɨɬ Microsoft. ɉɪɟɠɞɟ ɱɟɦ ɜɞɚɜɚɬɶɫɹ ɜ ɞɟɬɚɥɢ ɦɨɞɟɪɧɢɡɚɰɢɢ ɨɛɴɟɤɬɨɜ, ɫɤɚɠɟɦ ɧɟɫɤɨɥɶɤɨ ɫɥɨɜ ɨɛ ɨɪɝɚɧɢɡɚɰɢɢ ɷɬɨɝɨ ɪɚɡɞɟɥɚ. ɋɥɟɞɭɸɳɢɟ ɞɚɥɟɟ ɡɚɞɚɱɢ ɪɚɡɛɢɬɵ ɧɚ ɤɚɬɟɝɨɪɢɢ: ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɨɜ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɢ ɞɨɦɟɧɨɜ ɪɟɫɭɪɫɨɜ. ɗɬɚ ɧɟɫɤɨɥɶɤɨ ɢɫɤɭɫɫɬɜɟɧɧɚɹ ɨɪɝɚɧɢɡɚɰɢɹ ɨɬɪɚɠɚɟɬ ɫɭɳɟɫɬɜɭɸɳɭɸ ɞɨɦɟɧɧɭɸ ɫɬɪɭɤɬɭɪɭ ɫɟɬɢ, ɨɫɧɨɜɚɧɧɭɸ ɧɚ Windows NT 4, ɜ ɤɨɬɨɪɨɣ ɩɪɟɞɦɟɬɧɚɹ ɨɛɥɚɫɬɶ ɫɨɫɬɨɢɬ ɢɡ ɞɨɦɟɧɨɜ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ (ɨɧɢ ɫɨɞɟɪɠɚɬ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɥɨɛɚɥɶɧɵɯ ɝɪɭɩɩ) ɢ ɞɨɦɟɧɨɜ ɪɟɫɭɪɫɨɜ (ɨɧɢ ɫɨɞɟɪɠɚɬ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɨɜ, ɪɟɫɭɪɫɨɜ ɢ ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ ɤ ɷɬɢɦ ɪɟɫɭɪɫɚɦ). ɇɚ ɪɢɫɭɧɤɟ 7-2 ɩɨɤɚɡɚɧɚ ɨɪɝɚɧɢɡɚɰɢɨɧɧɚɹ ɦɨɞɟɥɶ ɞɨɦɟɧɚ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɢ ɞɨɦɟɧɚ ɪɟɫɭɪɫɨɜ. ɑɬɨ ɞɟɥɚɬɶ, ɟɫɥɢ ɜɵ ɧɟ ɢɦɟɟɬɟ ɞɨɦɟɧɨɜ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɢ ɪɟɫɭɪɫɨɜ ɜ ɩɪɟɞɦɟɬɧɨɣ ɨɛɥɚɫɬɢ ɜɚɲɟɣ ɫɪɟɞɵ Windows NT 4? Ɍɨɝɞɚ ɪɚɫɫɦɨɬɪɢɬɟ ɬɨɥɶɤɨ ɫɨɞɟɪɠɢɦɨɟ, ɢɦɟɸɳɟɟ ɨɬɧɨɲɟɧɢɟ ɤ ɨɛɴɟɤɬɚɦ ɤɚɬɚɥɨɝɚ, ɤɨɬɨɪɵɟ ɜɵ ɞɨɥɠɧɵ ɩɟɪɟɧɟɫɬɢ. ɗɬɨ ɩɨɥɟɡɧɨ ɬɨɥɶɤɨ ɞɥɹ ɨɛɫɭɠɞɟɧɢɹ ɩɨɪɹɞɤɚ ɩɟɪɟɦɟɳɟɧɢɹ ɨɛɴɟɤɬɨɜ ɢ ɜɵɩɨɥɧɟɧɢɹ ɩɪɨɰɟɫɫɚ ɦɨɞɟɪɧɢɡɚɰɢɢ.
ɑɢɫɬɵɣ ɥɟɫ ɜɤɥɸɱɚɟɬ ɰɟɥɟɜɨɣ ɞɨɦɟɧ Windows Server 2003, ɜ ɤɨɬɨɪɵɣ ɜɵ ɛɭɞɟɬɟ ɩɟɪɟɦɟɳɚɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɢɫɬɟɦɵ Windows NT 4, ɬ.ɟ. ɜɚɲ ɩɭɧɤɬ Ȼ. ɉɪɢ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ ɜɵ ɢɦɟɟɬɟ ɜɨɡɦɨɠɧɨɫɬɶ ɫɨɡɞɚɬɶ ɨɩɬɢɦɚɥɶɧɭɸ ɫɪɟɞɭ ɞɨɦɟɧɚ ɞɥɹ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. Ȼɭɞɟɦ ɧɚɞɟɹɬɶɫɹ, ɱɬɨ ɷɬɨ ɩɪɨɢɡɨɣɞɟɬ ɜ ɤɨɧɰɟ ɞɥɢɧɧɨɝɨ ɢ ɜɞɭɦɱɢɜɨɝɨ ɩɪɨɰɟɫɫɚ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ Active Directory, ɢ ɜɫɟ ɤɨɦɩɨɧɟɧɬɵ ɜɚɲɟɣ ɫɬɪɭɤɬɭɪɵ Active Directory ɛɭɞɭɬ ɹɫɧɨ ɨɩɪɟɞɟɥɟɧɵ ɜ ɞɨɤɭɦɟɧɬɟ, ɨɩɢɫɵɜɚɸɳɟɦ ɜɚɲ ɩɪɨɟɤɬ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɩɪɨɰɟɫɫɟ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ ɫɦ. ɝɥ. 5.
. 7-2. Windows NT 4
ɋɨɜɟɬ. ɉɪɢ ɭɫɬɚɧɨɜɤɟ Active Directory ɜ ɱɢɫɬɵɣ ɥɟɫ ɜ ɨɤɧɟ Permissions (Ɋɚɡɪɟɲɟɧɢɹ) ɦɚɫɬɟɪɚ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ Permissions Compatible With Pre-Windows 2000 Server Operating Systems (Ɋɚɡɪɟɲɟɧɢɹ, ɫɨɜɦɟɫɬɢɦɵɟ ɫ ɨɩɟɪɚɰɢɨɧɧɵɦɢ ɫɢɫɬɟɦɚɦɢ, ɩɪɟɞɲɟɫɬɜɭɸɳɢɦɢ Windows 2000). ɗɬɚ ɭɫɬɚɧɨɜɤɚ ɩɨɡɜɨɥɹɟɬ ɚɧɨɧɢɦɧɵɦ ɭɱɟɬɧɵɦ ɡɚɩɢɫɹɦ ɩɨɥɶɡɨɜɚɬɟɥɹ ɨɛɪɚɳɚɬɶɫɹ ɤ ɢɧɮɨɪɦɚɰɢɢ ɞɨɦɟɧɚ ɢ ɬɪɟɛɭɟɬɫɹ ɞɥɹ ɤɥɨɧɢɪɨɜɚɧɢɹ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ. ɑɬɨɛɵ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɷɬɨɣ ɨɩɰɢɢ, ɜɵ ɞɨɥɠɧɵ ɜɵɛɪɚɬɶ ɨɩɰɢɸ Custom configuration (ȼɵɛɨɪɨɱɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ) ɜ ɨɤɧɟ Custom Options (ȼɵɛɨɪɨɱɧɵɟ ɨɩɰɢɢ) ɦɚɫɬɟɪɚ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɫɟɪɜɟɪɚ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɪɟɚɥɢɡɭɟɬɟ ɫɬɪɭɤɬɭɪɭ ɫɜɨɟɝɨ ɰɟɥɟɜɨɝɨ ɞɨɦɟɧɚ, ɧɭɠɧɨ ɜɵɩɨɥɧɢɬɶ ɧɟɫɤɨɥɶɤɨ ɞɟɣɫɬɜɢɣ ɞɥɹ ɩɨɞɝɨɬɨɜɤɢ ɤ ɩɟɪɟɦɟɳɟɧɢɸ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ. ɑɬɨɛɵ ɜɵɩɨɥɧɢɬɶ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɸ ɞɨɦɟɧɚ, ɰɟɥɟɜɨɣ ɞɨɦɟɧ ɫ Windows Server 2003 ɞɨɥɠɟɧ ɪɚɛɨɬɚɬɶ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ native Windows 2000 ɢɥɢ Windows Server 2003. Ɂɚɞɚɧɧɵɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧ ɞɥɹ ɧɨɜɨɣ ɪɟɚɥɢɡɚɰɢɢ Windows Server 2003 — mixed Windows 2000. ȿɫɥɢ ɜɚɲ ɰɟɥɟɜɨɣ ɞɨɦɟɧ ɛɭɞɟɬ ɜɤɥɸɱɚɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫ Windows 2000 Server ɢ Windows Server 2003, ɬɨ ɜɵ ɞɨɥɠɧɵ ɩɨɞɧɹɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨ ɭɪɨɜɧɹ native Windows 2000. ȿɫɥɢ ɜɚɲ ɧɨɜɵɣ ɞɨɦɟɧ ɛɭɞɟɬ ɜɤɥɸɱɚɬɶ ɬɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ Windows Server 2003, ɜɵ ɞɨɥɠɧɵ ɜɵɛɪɚɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ Windows Server 2003. ɂɦɟɣɬɟ ɜ ɜɢɞɭ, ɱɬɨ ɩɨɞɴɟɦ ɮɭɧɤɰɢɨɧɚɥɶɧɨɝɨ ɭɪɨɜɧɹ ɞɨɦɟɧɚ ɹɜɥɹɟɬɫɹ ɧɟɨɛɪɚɬɢɦɵɦ ɩɪɨɰɟɫɫɨɦ, ɜɵ ɧɟ ɦɨɠɟɬɟ ɩɨɧɢɡɢɬɶ ɟɝɨ ɞɨ ɩɪɟɞɵɞɭɳɟɝɨ ɫɨɫɬɨɹɧɢɹ. ɉɟɪɜɚɹ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɤɨɬɨɪɭɸ ɜɵ ɡɚɯɨɬɢɬɟ ɫɨɡɞɚɬɶ ɜ ɜɚɲɟɦ ɱɢɫɬɨɦ ɥɟɫɭ, ɛɭɞɟɬ ɡɚɩɢɫɶ, ɧɟɨɛɯɨɞɢɦɚɹ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɩɟɪɟɦɟɳɟɧɢɹ. ɋɨɡɞɚɜɚɹ ɫɩɟɰɢɚɥɶɧɭɸ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɜɵ ɦɨɠɟɬɟ ɝɚɪɚɧɬɢɪɨɜɚɬɶ, ɱɬɨ ɨɧɚ ɛɭɞɟɬ ɭɞɨɜɥɟɬɜɨɪɹɬɶ ɜɫɟɦ ɬɪɟɛɨɜɚɧɢɹɦ ɡɚɳɢɬɵ, ɧɟɨɛɯɨɞɢɦɨɣ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɡɚɞɚɱ, ɫɜɹɡɚɧɧɵɯ ɫ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ ɞɨɦɟɧɚ. Ʉɪɨɦɟ ɬɨɝɨ, ɜɵ ɩɨɭɩɪɚɠɧɹɟɬɟɫɶ ɜ ɧɚɢɥɭɱɲɟɣ ɡɚɳɢɬɧɨɣ ɩɪɚɤɬɢɤɟ — ɧɟ ɜɯɨɞɢɬɶ ɜ ɫɢɫɬɟɦɭ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ Administrator (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪ). ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɧɨɜɭɸ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ (ɬɢɩɚ Migrator) ɢɥɢ ɧɟɫɤɨɥɶɤɨ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ (Migrator 1, Migrator2 ɢ ɬ.ɞ.), ɟɫɥɢ ɜɵ ɩɥɚɧɢɪɭɟɬɟ ɢɦɟɬɶ ɧɟɫɤɨɥɶɤɨ ɞɨɜɟɪɟɧɧɵɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ, ɜɵɩɨɥɧɹɸɳɢɯ ɩɟɪɟɦɟɳɟɧɢɟ.
Ɍɚɤɢɦ ɨɛɪɚɡɨɦ, ɜɵ ɫɦɨɠɟɬɟ ɩɪɨɫɥɟɞɢɬɶ ɫɨɛɵɬɢɹ, ɜɵɩɨɥɧɟɧɧɵɟ ɤɚɠɞɵɦ ɜɥɚɞɟɥɶɰɟɦ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ, ɢ ɢɡɛɟɠɚɬɶ ɧɚɥɢɱɢɹ ɨɛɳɟɞɨɫɬɭɩɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɫ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɦɢ ɩɪɢɜɢɥɟɝɢɹɦɢ. ɍɱɟɬɧɵɟ ɡɚɩɢɫɢ, ɢɫɩɨɥɶɡɭɸɳɢɟɫɹ ɞɥɹ ɦɨɞɟɪɧɢɡɚɰɢɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɝɪɭɩɩ ɢ ɫɥɭɠɛ, ɞɨɥɠɧɚ ɛɵɬɶ ɱɥɟɧɚɦɢ ɝɪɭɩɩɵ Domain Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ) ɜ ɰɟɥɟɜɨɦ ɞɨɦɟɧɟ, ɟɫɥɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ SID-History ɞɥɹ ɫɨɯɪɚɧɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ. ɍɱɟɬɧɚɹ ɡɚɩɢɫɶ ɞɨɥɠɧɚ ɛɵɬɶ ɬɚɤɠɟ ɱɥɟɧɨɦ ɝɪɭɩɩɵ Administrators (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ) ɜ ɢɫɯɨɞɧɵɯ ɞɨɦɟɧɚɯ Windows NT 4. ɉɨɫɤɨɥɶɤɭ ɩɪɨɰɟɫɫ ɩɟɪɟɯɨɞɚ ɬɪɟɛɭɟɬ ɩɪɟɞɨɫɬɚɜɥɟɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɪɚɡɪɟɲɟɧɢɣ ɞɥɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɢɡ ɪɚɡɥɢɱɧɵɯ ɞɨɦɟɧɨɜ, ɧɟɨɛɯɨɞɢɦɨ ɫɨɡɞɚɬɶ ɧɟɫɤɨɥɶɤɨ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ, ɱɬɨɛɵ ɢɦɟɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɩɟɪɟɧɟɫɬɢ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɢɫɯɨɞɧɨɝɨ ɞɨɦɟɧɚ ɜ ɰɟɥɟɜɨɣ ɞɨɦɟɧ. ȼ ɰɟɥɟɜɨɦ ɞɨɦɟɧɟ Windows Server 2003 ɢ ɜ ɢɫɯɨɞɧɨɦ ɞɨɦɟɧɟ Windows NT 4 ɫɨɡɞɚɣɬɟ ɨɞɧɨɫɬɨɪɨɧɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɨɬ ɤɚɠɞɨɝɨ ɢɡ ɢɫɯɨɞɧɵɯ ɞɨɦɟɧɨɜ (ɬɨɬ, ɤɬɨ ɞɨɜɟɪɹɟɬ) ɤ ɰɟɥɟɜɨɦɭ ɞɨɦɟɧɭ (ɬɨɬ, ɤɨɦɭ ɞɨɜɟɪɹɸɬ). ɉɨɫɥɟ ɷɬɨɝɨ ɩɪɨɜɟɪɶɬɟ ɢɯ, ɢɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Domains And Trusts (Ⱦɨɦɟɧɵ ɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ Active Directory) ɜ Windows Server 2003 ɢ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Server Manager (Ɇɟɧɟɞɠɟɪ ɫɟɪɜɟɪɨɜ) ɜ ɫɢɫɬɟɦɟ Windows NT 4 Server. ɉɪɢ ɫɨɡɞɚɧɢɢ ɛɟɡɨɩɚɫɧɨɝɨ ɤɚɧɚɥɚ ɫɜɹɡɢ ɦɟɠɞɭ ɢɫɯɨɞɧɵɦɢ ɢ ɰɟɥɟɜɵɦɢ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɧɚ ɢɫɯɨɞɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ Windows NT 4 ɞɨɥɠɟɧ ɛɵɬɶ ɦɨɞɢɮɢɰɢɪɨɜɚɧ ɫɢɫɬɟɦɧɵɣ ɪɟɟɫɬɪ. ȿɫɥɢ ɷɬɨɝɨ ɧɟ ɫɞɟɥɚɬɶ ɩɟɪɟɞ ɭɫɬɚɧɨɜɤɨɣ ADMT, ɬɨ ɢɧɫɬɪɭɦɟɧɬ ɜɵɩɨɥɧɢɬ ɢɡɦɟɧɟɧɢɹ ɩɪɢ ɩɟɪɜɨɦ ɢɫɩɨɥɶɡɨɜɚɧɢɢ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ADMT ɫɞɟɥɚɟɬ ɢɡɦɟɧɟɧɢɹ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ, ɧɟɨɛɯɨɞɢɦɨ ɛɭɞɟɬ ɩɟɪɟɡɚɝɪɭɡɢɬɶ PDC. ɍɫɬɚɧɨɜɤɚ ɷɬɨɝɨ ɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɚɟɬ ɭɞɚɥɟɧɧɵɟ ɜɵɡɨɜɵ ɩɪɨɰɟɞɭɪɵ (RPC) ɩɨ ɩɪɨɬɨɤɨɥɭ TCP, ɧɢɫɤɨɥɶɤɨ ɧɟ ɭɦɟɧɶɲɚɹ ɡɚɳɢɬɭ ɫɢɫɬɟɦɵ Windows NT 4. ɇɚ ɢɫɯɨɞɧɨɦ PDC ɨɬɤɪɨɣɬɟ ɫɢɫɬɟɦɧɵɣ ɪɟɟɫɬɪ ɢ ɫɨɡɞɚɣɬɟ ɫɥɟɞɭɸɳɢɣ ɤɥɸɱ: HKEY_LOCAL_MACHINE\SYSTEM\CurrentContolSet\Control\Lsa. ɋɨɡɞɚɣɬɟ ɡɧɚɱɟɧɢɟ TcpijpClientSupport, ɭɫɬɚɧɨɜɢɜ DWORD, ɪɚɜɧɵɣ 1. ɇɚɢɥɭɱɲɚɹ ɩɪɚɤɬɢɤɚ. ȿɫɥɢ ɜɵ ɩɥɚɧɢɪɭɟɬɟ ɩɟɪɟɦɟɫɬɢɬɶ ɩɚɪɨɥɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ ɨɞɧɨɜɪɟɦɟɧɧɨ ɫ ɫɚɦɢɦɢ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ (ɜ ɩɪɨɬɢɜɨɩɨɥɨɠɧɨɫɬɶ ɬɨɦɭ, ɱɬɨɛɵ ɩɪɟɤɪɚɬɢɬɶ ɫɪɨɤ ɞɟɣɫɬɜɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɩɚɪɨɥɟɣ ɜ Windows NT 4 ɢ ɡɚɫɬɚɜɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɫɨɡɞɚɜɚɬɶ ɧɨɜɵɟ ɩɚɪɨɥɢ ɩɪɢ ɩɟɪɜɨɦ ɜɯɨɞɟ ɜ ɫɢɫɬɟɦɭ ɞɨɦɟɧɚ ɫ ɫɟɪɜɟɪɨɦ Windows Server 2003), ɬɨ ɜɚɦ ɫɌɩɹɬɶ ɩɨɬɪɟɛɭɟɬɫɹ ɪɟɞɚɤɬɢɪɨɜɚɬɶ ɫɢɫɬɟɦɧɵɣ ɪɟɟɫɬɪ. ɑɬɨɛɵ ɩɨɞɞɟɪɠɚɬɶ ɩɟɪɟɦɟɳɟɧɢɟ ɩɚɪɨɥɟɣ, ɧɚ ɢɫɯɨɞɧɨɦ PDC ɨɬɪɟɞɚɤɬɢɪɭɣɬɟ (ɢɥɢ ɫɨɡɞɚɣɬɟ, ɟɫɥɢ ɨɧ ɟɳɟ ɧɟ ɫɭɳɟɫɬɜɭɟɬ) ɫɥɟɞɭɸɳɢɣ ɤɥɸɱ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Lsa. Ⱦɥɹ ɡɧɚɱɟɧɢɹ AllowPasswordExport ɭɫɬɚɧɨɜɢɬɟ DWORD, ɪɚɜɧɵɣ 1. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɩɟɪɟɧɨɫɟ ɩɚɪɨɥɟɣ ɫɦɨɬɪɢɬɟ ɫɩɪɚɜɤɭ ɢɧɫɬɪɭɦɟɧɬɚ ADMT.
Active Directory Migration Tool
ɂɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Migration Tool (ɂɧɫɬɪɭɦɟɧɬ ɩɟɪɟɦɟɳɟɧɢɹ Active Directory) ɫɨɡɞɚɧ ɤɨɦɩɚɧɢɟɣ Microsoft ɫ ɰɟɥɶɸ ɦɨɞɟɪɧɢɡɚɰɢɢ ɨɛɴɟɤɬɨɜ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ADMT ɦɨɠɟɬ ɜɵɩɨɥɧɹɬɶ ɦɨɞɟɪɧɢɡɚɰɢɸ ɦɟɠɞɭ ɥɟɫɚɦɢ ɢ ɜɧɭɬɪɢ ɥɟɫɚ. ɉɟɪɟɦɟɳɟɧɢɟ ɫ ɫɢɫɬɟɦɵ Windows NT 4 ɧɚ Windows Server 2003 — ɷɬɨ ɩɪɢɦɟɪ ɦɨɞɟɪɧɢɡɚɰɢɢ ɦɟɠɞɭ ɥɟɫɚɦɢ. ɂɧɫɬɪɭɦɟɧɬ ADMT ɨɛɟɫɩɟɱɢɜɚɟɬ ɝɪɚɮɢɱɟɫɤɢɣ ɢɧɬɟɪɮɟɣɫ ɩɨɥɶɡɨɜɚɬɟɥɹ (GUI) ɢ ɢɧɬɟɪɮɟɣɫ ɫɨɡɞɚɧɢɹ ɫɰɟɧɚɪɢɹ, ɨɧ ɦɨɠɟɬ ɜɵɩɨɥɧɹɬɶɫɹ ɧɚ ɰɟɥɟɜɵɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɜ ɫɢɫɬɟɦɟ Windows 2000 ɢ Windows Server 2003. ɂɧɫɬɪɭɦɟɧɬ ADMT ɜɟɪɫɢɢ 2.0, ɢɦɟɸɳɢɣɫɹ ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤɟ Windows Server 2003, ɩɨɞɞɟɪɠɢɜɚɟɬ ɫɥɟɞɭɸɳɢɟ ɡɚɞɚɱɢ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɦɨɞɟɪɧɢɡɚɰɢɢ ɞɨɦɟɧɚ: • ɩɟɪɟɦɟɳɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ; • ɩɟɪɟɦɟɳɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɝɪɭɩɩ; • ɩɟɪɟɦɟɳɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɤɨɦɩɶɸɬɟɪɨɜ; • ɩɟɪɟɦɟɳɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫɥɭɠɛ; • ɩɟɪɟɦɟɳɟɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ;
• • • •
ɩɟɪɟɦɟɳɟɧɢɟ ɤɚɬɚɥɨɝɚ Exchange; ɩɟɪɟɜɨɞ ɡɚɳɢɬɵ ɧɚ ɦɢɝɪɢɪɨɜɚɧɧɵɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɨɜ; ɫɨɨɛɳɟɧɢɹ ɨ ɩɪɨɫɦɨɬɪɟ ɪɟɡɭɥɶɬɚɬɨɜ ɦɨɞɟɪɧɢɡɚɰɢɢ; ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ ɨɬɦɟɧɵ ɩɨɫɥɟɞɧɟɝɨ ɩɟɪɟɦɟɳɟɧɢɟ ɢ ɩɨɜɬɨɪ ɩɨɫɥɟɞɧɟɝɨ ɩɟɪɟɦɟɳɟɧɢɹ. Ɉɞɧɨ ɢɡ» ɩɪɟɢɦɭɳɟɫɬɜ ADMT ɩɨ ɫɪɚɜɧɟɧɢɸ ɫ ɞɪɭɝɢɦɢ ɢɧɫɬɪɭɦɟɧɬɚɦɢ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɷɬɨ ɫɪɟɞɫɬɜɨ ɜɤɥɸɱɟɧɨ ɜ ɩɪɨɞɭɤɬ Windows Server 2003. ɂɧɫɬɚɥɥɹɰɢɨɧɧɚɹ ɩɚɩɤɚ ɪɚɫɩɨɥɨɠɟɧɚ ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤɟ Windows Server 2003 ɜ ɩɚɩɤɟ \I386\ADMT. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. ȼɦɟɫɬɟ ɫ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɦɢ ɮɚɣɥɚɦɢ ADMT ɩɚɩɤɚ ADMT ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤɟ Windows Server 2003 ɫɨɞɟɪɠɢɬ ɞɨɤɭɦɟɧɬ Readme.doc, ɜ ɤɨɬɨɪɨɦ ɯɪɚɧɢɬɫɹ ɜɚɠɧɚɹ ɢɧɮɨɪɦɚɰɢɹ, ɤɚɫɚɸɳɚɹɫɹ ADMT. Ɉɛɹɡɚɬɟɥɶɧɨ ɩɪɨɱɬɢɬɟ ɷɬɨɬ ɞɨɤɭɦɟɧɬ ɩɟɪɟɞ ɭɫɬɚɧɨɜɤɨɣ ɢɧɫɬɪɭɦɟɧɬɚ ADMT ɢɥɢ ɟɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ. ɇɚɢɛɨɥɟɟ ɫɜɟɠɭɸ ɜɟɪɫɢɸ ɷɬɨɝɨ ɞɨɤɭɦɟɧɬɚ ɫɦɨɬɪɢɬɟ ɧɚ ɜɟɛ-ɫɚɣɬɟ Windows 2000 Active Directory Migration Tool ɩɨ ɚɞɪɟɫɭ: http://www.microsoft.com/windows2000/downloads/ tools/admt/default.asp. ɋ ɷɬɨɝɨ ɫɚɣɬɚ ɦɨɠɧɨ ɬɚɤɠɟ ɡɚɝɪɭɡɢɬɶ ɫɚɦ ɢɧɫɬɪɭɦɟɧɬ ADMT. ɍɛɟɞɢɬɟɫɶ, ɱɬɨ ɨɧ ɫɨɜɩɚɞɚɟɬ ɢɥɢ ɹɜɥɹɟɬɫɹ ɛɨɥɟɟ ɧɨɜɵɦ, ɱɟɦ ɜɟɪɫɢɹ, ɢɦɟɸɳɚɹɫɹ ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤɟ Windows Server 2003. ɑɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ ɢɧɫɬɪɭɦɟɧɬ ADMT ɧɚ ɰɟɥɟɜɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. Ɉɬɤɪɨɣɬɟ ɩɚɩɤɭ \I386\ADMT ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤɟ Windows Server 2003. 2. Ⱦɜɚɠɞɵ ɳɟɥɤɧɢɬɟ ɧɚ ɮɚɣɥɟ Admigration.msi, ɱɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ ADMT ɧɚ ɜɚɲɟɦ ɤɨɦɩɶɸɬɟɪɟ. 3. ɉɪɢɦɢɬɟ ɥɢɰɟɧɡɢɨɧɧɨɟ ɫɨɝɥɚɲɟɧɢɟ ɢ ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɚɪɚɦɟɬɪɵ ɧɚ ɫɬɪɚɧɢɰɚɯ ɦɚɫɬɟɪɚ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɢɧɫɬɪɭɦɟɧɬ ADMT ɛɭɞɟɬ ɭɫɬɚɧɨɜɥɟɧ, ɟɝɨ ɦɨɠɧɨ ɡɚɩɭɫɬɢɬɶ ɢɡ ɩɚɩɤɢ Administrative Tools (ɋɪɟɞɫɬɜɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ) ɜ ɦɟɧɸ Start (ɉɭɫɤ). ɂɧɫɬɪɭɦɟɧɬ ADMT ɡɚɩɭɫɤɚɟɬɫɹ ɤɚɤ ɨɫɧɚɫɬɤɚ ɆɆɋ ɜɦɟɫɬɟ ɫɨ ɜɫɟɦɢ ɦɚɫɬɟɪɚɦɢ, ɞɨɫɬɭɩɧɵɦɢ ɢɡ ɦɟɧɸ Action (Ⱦɟɣɫɬɜɢɟ) (ɫɦ. ɪɢɫ. 7-3).
. 7-3.
,
ADMT
ɉɪɨɰɟɫɫ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ ɬɪɟɛɭɟɬ, ɱɬɨɛɵ ɛɵɥ ɜɤɥɸɱɟɧ ɚɭɞɢɬ ɨɬɤɚɡɨɜ ɢ ɭɫɩɟɯɨɜ ɨɩɟɪɚɰɢɣ ɭɩɪɚɜɥɟɧɢɹ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ ɢ ɜ ɢɫɯɨɞɧɨɦ, ɢ ɜ ɰɟɥɟɜɨɦ ɞɨɦɟɧɚɯ. ɑɬɨɛɵ ɪɚɡɪɟɲɢɬɶ ɚɭɞɢɬ ɜ ɰɟɥɟɜɨɦ ɞɨɦɟɧɟ Windows Server 2003, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. Ɉɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory), ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɤɨɧɬɟɣɧɟɪɟ Domain Controllers (Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ) ɢ ɜɵɛɟɪɢɬɟ Properties (ɋɜɨɣɫɬɜɚ). 2. ȼ ɨɤɧɟ Domain Controllers Properties (ɋɜɨɣɫɬɜɚ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ) ɜɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Group Policy (Ƚɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ). 3. ȼɵɛɟɪɢɬɟ Default Domain Controllers Policy (Ɂɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɥɢɬɢɤɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ) ɢ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Edit (ɉɪɚɜɤɚ). 4. Ɋɚɫɤɪɨɣɬɟ ɩɭɧɤɬ Default DomainControllers Policy\Computer Conf iguration\ Windows
Settings\Security Settings\Local Policies\ Audit Policy (Ɂɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɥɢɬɢɤɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ\Ʉɨɧ-ɮɢɝɭɪɚɰɢɹ ɤɨɦɩɶɸɬɟɪɚ\ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ Windows\ ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ\Ʌɨɤɚɥɶɧɵɟ ɩɨɥɢɬɢɤɢ\ɉɨɥɢɬɢɤɚ ɚɭɞɢɬɚ), ɞɜɚɠɞɵ ɳɟɥɤɧɢɬɟ ɧɚ Audit Account Management (ɍɩɪɚɜɥɟɧɢɟ ɚɭɞɢɬɨɦ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ), ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ ɨɛɟ ɨɩɰɢɢ: Success (ɍɫɩɟɯ) ɢ Failure (Ɉɬɤɚɡ). 5. ȼɵɡɨɜɢɬɟ ɩɪɢɧɭɞɢɬɟɥɶɧɭɸ ɪɟɩɥɢɤɚɰɢɸ ɷɬɨɝɨ ɢɡɦɟɧɟɧɢɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ ɢɥɢ ɩɨɞɨɠɞɢɬɟ, ɩɨɤɚ ɢɡɦɟɧɟɧɢɹ ɛɭɞɭɬ ɪɟɩ-ɥɢɰɢɪɨɜɚɧɵ ɚɜɬɨɦɚɬɢɱɟɫɤɢ. ɑɬɨɛɵ ɪɚɡɪɟɲɢɬɶ ɚɭɞɢɬ ɜ ɢɫɯɨɞɧɨɦ ɞɨɦɟɧɟ Windows NT 4, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. Ɉɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ User Manager For Domains (Ɇɟɧɟɞɠɟɪ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɞɥɹ ɞɨɦɟɧɨɜ), ɜɵɛɟɪɢɬɟ Policies (ɉɨɥɢɬɢɤɢ), ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ Audit (Ⱥɭɞɢɬ). ɉɪɨɜɟɪɶɬɟ, ɱɬɨ ɨɩɰɢɹ Audit These Events (ɉɪɨɜɨɞɢɬɶ ɚɭɞɢɬ ɷɬɢɯ ɫɨɛɵɬɢɣ) ɜɵɛɪɚɧɚ ɢ ɱɬɨ ɞɥɹ User And Group Management (ɍɩɪɚɜɥɟɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ ɢ ɝɪɭɩɩɚɦɢ) ɜɵɛɪɚɧɵ ɨɩɰɢɢ Success (ɍɫɩɟɯ) ɢ Failure (Ɉɬɤɚɡ). Ʉɪɨɦɟ ɬɨɝɨ, ɧɭɠɧɨ ɫɨɡɞɚɬɶ ɧɨɜɭɸ ɥɨɤɚɥɶɧɭɸ ɝɪɭɩɩɭ ɧɚ ɢɫɯɨɞɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɞɥɹ ɰɟɥɟɣ ɜɧɭɬɪɟɧɧɟɝɨ ɚɭɞɢɬɚ ADMT. ɂɦɹ ɷɬɨɣ ɧɨɜɨɣ ɝɪɭɩɩɵ — sourcedomainname$$$ (ɧɚɩɪɢɦɟɪ, Contoso$$$). ADMT ɫɨɡɞɚɫɬ ɝɪɭɩɩɭ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɩɪɢ ɩɟɪɜɨɦ ɡɚɩɭɫɤɟ, ɟɫɥɢ ɜɵ ɧɟ ɫɨɡɞɚɞɢɬɟ ɟɟ ɡɚɪɚɧɟɟ. ȿɫɥɢ ɜɵ ɧɟ ɜɵɛɟɪɟɬɟ ɨɩɰɢɸ Permissions Compatible With Pre-Windows 2000 Server Operating Systems (Ɋɚɡɪɟɲɟɧɢɹ, ɫɨɜɦɟɫɬɢɦɵɟ ɫ ɨɩɟɪɚɰɢɨɧɧɵɦɢ ɫɢɫɬɟɦɚɦɢ, ɩɪɟɞɲɟɫɬɜɭɸɳɢɦɢ Windows 2000 Server ), ɩɪɢ ɭɫɬɚɧɨɜɤɟ Active Directory ɦɨɠɧɨ ɞɨɛɚɜɢɬɶ ɝɪɭɩɩɭ Everyone (ȼɫɟ) ɤ ɝɪɭɩɩɟ PreWindows 2000 Compatible Access (Ⱦɨɫɬɭɩ, ɫɨɜɦɟɫɬɢɦɵɣ ɫ ɨɩɟɪɚɰɢɨɧɧɵɦɢ ɫɢɫɬɟɦɚɦɢ, ɩɪɟɞɲɟɫɬɜɭɸɳɢɦɢ Windows 2000), ɧɚɩɟɱɚɬɚɜ net localgrowp "Pre-Windows 2000 Compatible Access" everyone /add ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɢ ɧɚɠɚɜ Enter. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɫɞɟɥɚɧɨ ɢɡɦɟɧɟɧɢɟ ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ, ɧɭɠɧɚ ɝɚɪɚɧɬɢɹ, ɱɬɨ ɪɚɡɪɟɲɟɧɢɹ ɝɪɭɩɩɵ Everyone (ȼɫɟ) ɩɪɢɦɟɧɹɸɬɫɹ ɤ ɚɧɨɧɢɦɧɵɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ. Ɉɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory), ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɤɨɧɬɟɣɧɟɪɟ Domain Controllers (Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ) ɢ ɜɵɛɟɪɢɬɟ Properties (ɋɜɨɣɫɬɜɚ). ɇɚ ɜɤɥɚɞɤɟ Group Policy (Ƚɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ) ɨɬɪɟɞɚɤɬɢɪɭɣɬɟ ɨɛɴɟɤɬ Default Domain Controllers Policy (Ɂɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ). ȼ ɩɨɥɟ Group Policy Object Editor (Ɋɟɞɚɤɬɨɪ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ) ɪɚɫɤɪɨɣɬɟ ɨɩɰɢɸ Default Domain Controllers Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options (Ɂɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɥɢɬɢɤɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ\Ʉɨɧɮɢɝɭɪɚɰɢɹ ɤɨɦɩɶɸɬɟ-ɪɚ\ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ Windows\ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ\Ʌɨ-ɤɚɥɶɧɵɟ ɩɨɥɢɬɢɤɢ\Ɉɩɰɢɢ ɡɚɳɢɬɵ) ɢ ɞɜɚɠɞɵ ɳɟɥɤɧɢɬɟ ɧɚ Network Access: Let Everyone Permissions Apply To Anonymous Users (ɋɟɬɟɜɨɣ ɞɨɫɬɭɩ: Ɋɚɡɪɟɲɟɧɢɹ ɝɪɭɩɩɵ ȼɫɟ ɩɪɢɦɟɧɹɬɶ ɤ ɚɧɨɧɢɦɧɵɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ). Ɉɬɦɟɬɶɬɟ ɨɩɰɢɸ Define This Policy Setting (Ɉɩɪɟɞɟɥɢɬɶ ɧɚɫɬɪɨɣɤɢ ɷɬɨɣ ɩɨɥɢɬɢɤɢ), ɜɵɛɟɪɢɬɟ Enabled (Ɋɚɡɪɟɲɟɧɨ), ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ ɈɄ.
Ⱦɨɦɟɧ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ Windows NT 4 ɫɨɞɟɪɠɢɬ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ, ɤɨɬɨɪɵɟ ɨɛɪɚɳɚɸɬɫɹ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ. ɋɨɝɥɚɫɧɨ ɫɰɟɧɚɪɢɸ ɩɟɪɟɯɨɞɚ ɩɭɬɟɦ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ ɞɨɦɟɧɚ ɜɵ ɛɭɞɟɬɟ ɩɟɪɟɦɟɳɚɬɶ ɨɛɴɟɤɬɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɜ ɞɨɦɟɧɚɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɟɪɟɞ ɩɟɪɟɦɟɳɟɧɢɟɦ ɞɨɦɟɧɨɜ ɪɟɫɭɪɫɨɜ. ɗɬɨɬ ɩɨɪɹɞɨɤ ɨɩɟɪɚɰɢɣ ɩɪɟɞɩɨɱɬɢɬɟɥɟɧ, ɩɨɬɨɦɭ ɱɬɨ ɩɪɢ ɷɬɨɦ ɫɨɯɪɚɧɹɟɬɫɹ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɜ ɩɪɨɰɟɫɫɟ ɩɟɪɟɯɨɞɚ. ɑɬɨɛɵ ɩɟɪɟɦɟɫɬɢɬɶ ɞɨɦɟɧ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. ɍɫɬɚɧɨɜɢɬɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɰɟɥɟɜɵɦ ɞɨɦɟɧɨɦ Windows Server 2003 ɢ ɞɨɦɟɧɨɦ ɪɟɫɭɪɫɨɜ Windows NT 4. ɉɟɪɟɦɟɫɬɢɬɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɝɥɨɛɚɥɶɧɨɣ ɝɪɭɩɩɵ. ɉɟɪɟɦɟɫɬɢɬɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ (ɫ ɩɚɪɨɥɹɦɢ ɢɥɢ ɛɟɡ). ɗɬɨ ɥɭɱɲɚɹ ɩɪɚɤɬɢɤɚ ɞɥɹ ɩɟɪɟɦɟɳɟɧɢɹ ɞɨɦɟɧɚ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ.
ɑɬɨɛɵ ɫɨɯɪɚɧɢɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɧɭɠɧɨ ɫɨɡɞɚɬɶ ɨɞɧɨɫɬɨɪɨɧɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɨɬ ɤɚɠɞɨɝɨ ɞɨɦɟɧɚ Windows NT 4, ɫɨɞɟɪɠɚɳɟɝɨ ɪɟɫɭɪɫɵ, ɤ ɤɨɬɨɪɵɦ ɞɨɥɠɧɵ ɨɛɪɚɳɚɬɶɫɹ ɩɟɪɟɦɟɳɟɧɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ, ɤ ɰɟɥɟɜɨɦɭ ɞɨɦɟɧɭ Windows Server 2003. ɋɨɡɞɚɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɫɨɫɬɨɢɬ ɢɡ ɞɜɭɯ ɲɚɝɨɜ. ɉɟɪɜɵɣ ɲɚɝ ɜɵɩɨɥɧɹɟɬɫɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɰɟɥɟɜɨɝɨ ɞɨɦɟɧɚ ɫ Windows Server 2003. Ⱦɨɛɚɜɶɬɟ ɤɚɠɞɵɣ ɞɨɦɟɧ ɪɟɫɭɪɫɨɜ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4 ɤ ɫɩɢɫɤɭ Domains That Trust This Domain (Ⱦɨɦɟɧɵ, ɤɨɬɨɪɵɟ ɞɨɜɟɪɹɸɬ ɷɬɨɦɭ ɞɨɦɟɧɭ) ɜ ɨɤɧɟ Properties (ɋɜɨɣɫɬɜɚ) ɰɟɥɟɜɨɝɨ ɞɨɦɟɧɚ, ɢɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬ Active Directory Domains And Trusts. ɑɬɨɛɵ ɡɚɳɢɬɢɬɶ ɷɬɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ, ɫɨɡɞɚɣɬɟ ɩɚɪɨɥɶ, ɤɨɬɨɪɵɣ ɩɨɬɪɟɛɭɟɬɫɹ ɩɪɢ ɮɨɪɦɢɪɨɜɚɧɢɢ ɜɬɨɪɨɣ ɩɨɥɨɜɢɧɵ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ. ȼɬɨɪɨɣ ɲɚɝ ɜɵɩɨɥɧɹɟɬɫɹ ɧɚ PDC ɞɨɦɟɧɚ ɪɟɫɭɪɫɨɜ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4. ɋ ɩɨɦɨɳɶɸ User Manager For Domains (Ɇɟɧɟɞɠɟɪ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɞɥɹ ɞɨɦɟɧɨɜ) ɞɨɛɚɜɶɬɟ ɰɟɥɟɜɨɣ ɞɨɦɟɧ Windows Server 2003 ɤ ɪɚɡɞɟɥɭ Trusted Domains (Ⱦɨɜɟɪɟɧɧɵɟ ɞɨɦɟɧɵ). ɑɬɨɛɵ ɜɵɩɨɥɧɢɬɶ ɷɬɭ ɡɚɞɚɱɭ, ɜɚɦ ɩɨɬɪɟɛɭɟɬɫɹ ɩɚɪɨɥɶ, ɫɨɡɞɚɧɧɵɣ ɧɚ ɩɟɪɜɨɦ ɲɚɝɟ. Ȼɭɞɟɬ ɩɨɥɭɱɟɧɨ ɫɨɨɛɳɟɧɢɟ ɨ ɫɬɚɬɭɫɟ, ɟɫɥɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɭɫɩɟɲɧɨ ɫɨɡɞɚɞɭɬɫɹ. ɉɨɪɹɞɨɤ ɨɩɟɪɚɰɢɣ ɩɪɢ ɩɟɪɟɦɟɳɟɧɢɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫɥɟɞɭɸɳɢɣ: ɫɧɚɱɚɥɚ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ, ɚ ɡɚɬɟɦ ɩɨɥɶɡɨɜɚɬɟɥɢ. Ɍɚɤɨɣ ɩɨɪɹɞɨɤ ɩɨɡɜɨɥɹɟɬ ɫɨɯɪɚɧɢɬɶ ɝɪɭɩɩɨɜɨɟ ɱɥɟɧɫɬɜɨ, ɤɨɝɞɚ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɩɟɪɟɦɟɳɚɸɬɫɹ ɜ ɰɟɥɟɜɨɣ ɞɨɦɟɧ ɩɨɡɠɟ, ɢ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ. Ʉɨɝɞɚ ɜɵ ɩɟɪɟɦɟɳɚɟɬɟ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ ɫ Windows NT 4 ɧɚ Windows Server 2003, ɫɨɡɞɚɸɬɫɹ ɧɨɜɵɟ ɢɞɟɧɬɢɮɢɤɚɬɨɪɵ SID ɞɥɹ ɧɨɜɨɣ ɝɥɨɛɚɥɶɧɨɣ ɝɪɭɩɩɵ. SID ɢɫɯɨɞɧɨɝɨ ɞɨɦɟɧɚ ɞɨɛɚɜɥɹɟɬɫɹ ɤ ɚɬɪɢɛɭɬɭ SID-History ɞɥɹ ɤɚɠɞɨɝɨ ɨɛɴɟɤɬɚ ɧɨɜɨɣ ɝɪɭɩɩɵ. ɋɨɯɪɚɧɹɹ SID ɢɫɯɨɞɧɨɝɨ ɞɨɦɟɧɚ ɜ ɩɨɥɟ SID-History, ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɩɪɨɞɨɥɠɚɬɶ ɨɛɪɚɳɚɬɶɫɹ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɜ ɞɨɦɟɧɟ ɪɟɫɭɪɫɨɜ ɫ Windows NT, ɤɨɬɨɪɵɟ ɟɳɟ ɧɟ ɩɟɪɟɦɟɳɟɧɵ. Ʉɥɨɧɢɪɭɹ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɝɥɨɛɚɥɶɧɵɯ ɝɪɭɩɩ (ɢɫɩɨɥɶɡɭɹ ADMT), ɜɵ ɫɨɡɞɚɞɢɬɟ ɫɬɪɭɤɬɭɪɭ ɫɤɟɥɟɬɧɨɣ ɝɪɭɩɩɵ ɜ ɰɟɥɟɜɨɦ ɞɨɦɟɧɟ ɫɨɝɥɚɫɧɨ ɜɚɲɟɦɭ ɩɪɨɟɤɬɭ Active Directory. ɉɨɫɤɨɥɶɤɭ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɩɟɪɟɦɟɫɬɹɬɫɹ ɩɨɡɠɟ, ɨɧɢ ɛɭɞɭɬ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɩɪɢɫɨɟɞɢɧɟɧɵ ɤ ɝɪɭɩɩɟ, ɱɥɟɧɚɦɢ ɤɨɬɨɪɨɣ ɨɧɢ ɛɵɥɢ ɜ ɢɫɯɨɞɧɨɦ ɞɨɦɟɧɟ. ɉɪɨɰɟɫɫ ɩɟɪɟɦɟɳɟɧɢɹ ɝɥɨɛɚɥɶɧɵɯ ɝɪɭɩɩ ɫ Windows NT 4 ɧɚ Windows Server 2003 ɩɪɢ ɩɨɦɨɳɢ Group Account Migration Wizard (Ɇɚɫɬɟɪ ɦɨɞɟɪɧɢɡɚɰɢɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɝɪɭɩɩ) ɢɧɫɬɪɭɦɟɧɬɚ ADMT ɧɟɫɥɨɠɟɧ. ɑɬɨɛɵ ɩɟɪɟɧɟɫɬɢ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ ɫ Windows NT 4 ɧɚ Windows Server 2003 ɫ ɩɨɦɨɳɶɸ Group Account Migration Wizard, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. ɂɞɟɧɬɢɮɢɰɢɪɭɣɬɟ ɢɫɯɨɞɧɵɟ ɢ ɰɟɥɟɜɵɟ ɞɨɦɟɧɵ. ȿɫɥɢ ɢɦɟɧɚ ɞɨɦɟɧɨɜ ɧɟ ɩɨɹɜɥɹɸɬɫɹ ɜ ɪɚɫɤɪɵɜɚɸɳɟɦɫɹ ɫɩɢɫɤɟ, ɢɯ ɦɨɠɧɨ ɧɚɩɟɱɚɬɚɬɶ. 2. ȼɵɛɟɪɢɬɟ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ Windows NT 4, ɤɨɬɨɪɵɟ ɜɵ ɯɨɬɢɬɟ ɩɟɪɟɦɟɫɬɢɬɶ ɧɚ Windows Server 2003. 3. ȼɵɛɟɪɢɬɟ OU, ɤ ɤɨɬɨɪɨɣ ɜɵ ɯɨɬɢɬɟ ɞɨɛɚɜɢɬɶ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ ɜ ɰɟɥɟɜɨɦ ɞɨɦɟɧɟ. . ADMT OU . , . , OU. , OU. 4. ȼɵɛɟɪɢɬɟ ɠɟɥɚɬɟɥɶɧɵɟ ɨɩɰɢɢ ɞɥɹ ɝɪɭɩɩɵ. ɋɸɞɚ ɜɯɨɞɹɬ ɨɩɰɢɹ, ɩɨɡɜɨ-ɥɹɸɳɚɸ ɤɨɩɢɪɨɜɚɬɶ ɱɥɟɧɨɜ ɝɪɭɩɩɵ ɨɞɧɨɜɪɟɦɟɧɧɨ ɫ ɤɨɩɢɪɨɜɚɧɢɟɦ ɝɪɭɩɩɵ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɱɥɟɧɵ ɝɪɭɩɩɵ ɧɟ ɞɨɥɠɧɵ ɤɨɩɢɪɨɜɚɬɶɫɹ ɜɦɟɫɬɟ ɫ ɝɪɭɩɩɨɣ. Ʉɨɩɢɪɨɜɚɧɢɟ ɱɥɟɧɨɜ ɝɪɭɩɩɵ ɨɞɧɨɜɪɟɦɟɧɧɨ ɫ ɦɨɞɟɪɧɢɡɚɰɢɟɣ ɝɪɭɩɩɵ ɹɜɥɹɟɬɫɹ ɯɨɪɨɲɢɦ ɜɵɛɨɪɨɦ ɞɥɹ ɦɚɥɟɧɶɤɢɯ ɨɪɝɚɧɢɡɚɰɢɣ, ɜ ɷɬɨɦ ɫɥɭɱɚɟ ɩɟɪɟɦɟɳɟɧɢɟ ɝɪɭɩɩɚɦɢ - ɩɪɢɟɦɥɟɦɵɣ ɦɧɨɝɨɫɬɭɩɟɧɱɚɬɵɣ ɩɨɞɯɨɞ. ȼ ɛɨɥɶɲɢɯ ɨɪɝɚɧɢɡɚɰɢɹɯ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ (ɬɢɩɚ ɫɥɭɠɚɳɢɯ) ɢɦɟɸɬ ɫɥɢɲɤɨɦ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɱɬɨɛɵ ɢɯ ɦɨɠɧɨ ɛɵɥɨ ɩɟɪɟɦɟɫɬɢɬɶ ɨɞɧɨɜɪɟɦɟɧɧɨ. Ʉɚɤ ɬɨɥɶɤɨ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ ɩɟɪɟɦɟɳɚɸɬɫɹ ɜ Windows Server 2003, ɩɪɢɯɨɞɢɬ ɜɪɟɦɹ ɩɟɪɟɦɟɳɟɧɢɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ.
ɉɟɪɟɦɟɳɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɧɟ ɞɟɥɚɟɬɫɹ ɡɚ ɨɞɢɧ ɪɚɡ. Ȼɵɥɨ ɛɵ ɧɟɩɥɨɯɨ ɬɳɚɬɟɥɶɧɨ ɫɩɥɚɧɢɪɨɜɚɬɶ ɩɨɪɹɞɨɤ ɷɬɨɝɨ ɩɟɪɟɦɟɳɟɧɢɹ ɢ ɫɨɝɥɚɫɨɜɚɧɢɟ ɜɨ ɜɪɟɦɟɧɢ. ɉɨɫɤɨɥɶɤɭ ɜ ɩɪɨɰɟɫɫɟ ɩɟɪɟɯɨɞɚ ɛɭɞɟɬ ɫɨɯɪɚɧɹɬɶɫɹ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ, ɫɜɹɡɚɧɧɵɦ ɫ Windows NT 4, ɷɬɨɬ ɩɪɨɰɟɫɫ ɦɨɠɧɨ ɪɚɫɬɹɧɭɬɶ ɧɚ ɞɧɢ, ɧɟɞɟɥɢ ɢɥɢ ɦɟɫɹɰɵ. ɉɪɢ ɩɟɪɟɦɟɳɟɧɢɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ ɫɥɟɞɭɟɬ ɢɦɟɬɶ ɜ ɜɢɞɭ ɫɥɟɞɭɸɳɟɟ. ɋɤɨɥɶɤɨ ɧɨɜɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɫɦɨɠɟɬ ɩɨɞɞɟɪɠɢɜɚɬɶ ɨɞɧɨɜɪɟɦɟɧɧɨ ɜɚɲɚ ȽȽ-ɝɪɭɩɩɚ? Ʉɚɤɨɣ ɧɚɛɨɪ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɞɨɥɠɟɧ ɩɟɪɟɦɟɳɚɬɶɫɹ ɜɦɟɫɬɟ? Ʉɚɤɨɣ ɧɚɛɨɪ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɧɟ ɫɦɨɠɟɬ ɡɚ ɨɩɪɟɞɟɥɟɧɧɨɟ ɜɪɟɦɹ ɩɪɢɫɩɨɫɨɛɢɬɶɫɹ ɤ ɧɟɭɞɨɛɫɬɜɚɦ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ? ɗɬɢɦɢ ɫɨɨɛɪɚɠɟɧɢɹɦɢ ɧɭɠɧɨ ɪɭɤɨɜɨɞɫɬɜɨɜɚɬɶɫɹ ɩɪɢ ɨɩɪɟɞɟɥɟɧɢɢ ɩɨɪɹɞɤɚ ɢ ɫɨɝɥɚɫɨɜɚɧɢɹ ɜɨ ɜɪɟɦɟɧɢ ɩɪɨɰɟɫɫɚ ɦɨɞɟɪɧɢɡɚɰɢɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɇɚ ɩɟɪɜɨɦ ɲɚɝɟ ɜɵɛɢɪɚɸɬɫɹ ɩɨɥɶɡɨɜɚɬɟɥɢ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɩɟɪɟɦɟɳɚɬɶɫɹ ɨɞɧɨɜɪɟɦɟɧɧɨ, ɢ ɜɪɟɦɹ ɜɵɩɨɥɧɟɧɢɹ ɦɨɞɟɪɧɢɡɚɰɢɢ. Ɏɚɤɬɢɱɟɫɤɨɟ ɩɟɪɟɦɟɳɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ ɩɪɨɰɟɞɭɪɧɨ ɨɱɟɧɶ ɩɨɯɨɠɟ ɧɚ ɩɟɪɟɦɟɳɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɝɥɨɛɚɥɶɧɵɯ ɝɪɭɩɩ. ɑɬɨɛɵ ɩɟɪɟɦɟɫɬɢɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɫ Windows NT 4 ɧɚ Windows Server 2003 ɢ ɜ Active Directory ɫ ɩɨɦɨɳɶɸ User Account Migration Wizard ɢɧɫɬɪɭɦɟɧɬɚ ADMT, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. ȼɵɛɟɪɢɬɟ ɢɫɯɨɞɧɵɟ ɢ ɰɟɥɟɜɵɟ ɞɨɦɟɧɵ. 2. ȼɵɛɟɪɢɬɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ Windows NT 4, ɤɨɬɨɪɵɟ ɜɵ ɯɨɬɢɬɟ ɩɟɪɟɦɟɫɬɢɬɶ. 3. ȼɵɛɟɪɢɬɟ OU-ɚɞɪɟɫɚɬɚ ɜ ɰɟɥɟɜɨɦ ɞɨɦɟɧɟ. 4. ɉɨɞɬɜɟɪɞɢɬɟ, ɱɬɨ ɜɵ ɧɚ ɫɚɦɨɦ ɞɟɥɟ ɯɨɬɢɬɟ ɩɟɪɟɦɟɫɬɢɬɶ ɩɚɪɨɥɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɂɫɩɨɥɶɡɭɹ ADMT, ɜɵ ɦɨɠɟɬɟ ɜɵɛɪɚɬɶ ɨɞɧɨ ɢɡ ɫɥɟɞɭɸɳɢɯ ɞɟɣɫɬɜɢɣ. • ɋɨɡɞɚɧɢɟ ɧɨɜɵɯ, ɫɥɨɠɧɵɯ ɩɚɪɨɥɟɣ. ɋɨɡɞɚɟɬɫɹ ɬɟɤɫɬɨɜɵɣ ɞɨɤɭɦɟɧɬ (ɮɨɪɦɚɬ ɡɧɚɱɟɧɢɣ, ɨɬɞɟɥɟɧɧɵɯ ɡɚɩɹɬɨɣ, [.csv]), ɤɨɬɨɪɵɣ ɭɫɬɚɧɚɜɥɢɜɚɟɬ ɫɨɨɬɜɟɬɫɬɜɢɟ ɦɟɠɞɭ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ ɢ ɧɨɜɵɦɢ ɩɚɪɨɥɹɦɢ, ɡɚɬɟɦ ɪɟɲɚɟɬɫɹ ɡɚɞɚɱɚ ɫɜɹɡɵɜɚɧɢɹ ɩɚɪɨɥɟɣ ɫ ɦɢɝɪɢɪɨɜɚɧɧɵɦɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ. • ɍɫɬɚɧɨɜɥɟɧɢɟ ɩɚɪɨɥɹ, ɫɨɜɩɚɞɚɸɳɟɝɨ ɫ ɢɦɟɧɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɉɚɪɨɥɶ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɧɚ ɡɧɚɱɟɧɢɟ username (ɢɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹ). ɉɨɫɤɨɥɶɤɭ ɷɬɚ ɨɩɰɢɹ ɢ ɨɩɢɫɚɧɧɚɹ ɜɵɲɟ ɫɨɡɞɚɸɬ ɪɢɫɤ ɞɥɹ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɬɨ ɞɥɹ ɩɟɪɟɦɟɳɟɧɧɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɰɟɥɟɜɨɦ ɞɨɦɟɧɟ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɚɬɪɢɛɭɬ User Must Change Password At Next Logon (ɉɨɥɶɡɨɜɚɬɟɥɶ ɞɨɥɠɟɧ ɢɡɦɟɧɢɬɶ ɩɚɪɨɥɶ ɩɪɢ ɫɥɟɞɭɸɳɟɦ ɜɯɨɞɟ ɜ ɫɢɫɬɟɦɭ). • ɉɟɪɟɦɟɳɟɧɢɟ ɩɚɪɨɥɟɣ. ɗɬɚ ɨɩɰɢɹ ɩɨɡɜɨɥɹɟɬ ɩɟɪɟɦɟɫɬɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɚɪɨɥɢ ɫ ɢɫɯɨɞɧɨɝɨ ɞɨɦɟɧɚ ɜ ɰɟɥɟɜɨɣ ɞɨɦɟɧ, ɞɥɹ ɱɟɝɨ ɬɪɟɛɭɟɬɫɹ ɢɞɟɧɬɢɮɢɤɚɰɢɹ ɢɫɯɨɞɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ
ɩɟɪɟɦɟɳɚɟɦɵɯ ɩɚɪɨɥɟɣ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. ɂɫɯɨɞɧɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɩɟɪɟɦɟɳɚɟɦɵɯ ɩɚɪɨɥɟɣ ɹɜɥɹɟɬɫɹ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɢɫɯɨɞɧɨɦ ɞɨɦɟɧɟ, ɤɨɬɨɪɵɣ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɤɚɤ Password Export Server (ɋɟɪɜɟɪ ɷɤɫɩɨɪɬɚ ɩɚɪɨɥɟɣ) (PES) ɩɭɬɟɦ ɭɫɬɚɧɨɜɤɢ DLL ɞɥɹ ɦɨɞɟɪɧɢɡɚɰɢɢ ɩɚɪɨɥɟɣ. Ɇɨɞɟɪɧɢɡɚɰɢɹ ɩɚɪɨɥɟɣ - ɷɬɨ ɨɬɞɟɥɶɧɵɣ ɤɨɦɩɨɧɟɧɬ ADMT, ɟɝɨ ɦɨɠɧɨ ɭɫɬɚɧɨɜɢɬɶ ɧɚ ɥɸɛɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ (ɪɟɤɨɦɟɧɞɭɟɬɫɹ ɧɚ BDC) ɜ ɢɫɯɨɞɧɨɦ ɞɨɦɟɧɟ ɫ ɤɨɦɩɚɤɬ-ɞɢɫɤɚ Windows Server 2003. ɑɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ DLL ɞɥɹ ɦɨɞɟɪɧɢɡɚɰɢɢ ɩɚɪɨɥɟɣ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɫ Windows NT 4, ɨɬɤɪɨɣɬɟ ɩɚɩɤɭ \I386\ADMT\PWDMIG ɢ ɞɜɚɠɞɵ ɳɟɥɤɧɢɬɟ ɧɚ ɮɚɣɥɟ Pwdmig.msi. ɋɟɪɜɟɪ PES ɨɛɫɥɭɠɢɜɚɟɬ ɛɚɡɭ ɞɚɧɧɵɯ ɩɚɪɨɥɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɫɯɨɞɧɨɝɨ ɞɨɦɟɧɚ ɢ ɫɨɡɞɚɟɬ ɛɟɡɨɩɚɫɧɵɣ ɤɚɧɚɥ ɫɜɹɡɢ ɫ ɰɟɥɟɜɵɦ ɞɨɦɟɧɨɦ ɞɥɹ ɩɟɪɟɦɟɳɟɧɢɹ ɷɬɢɯ ɩɚɪɨɥɟɣ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨɛ ɭɫɬɚɧɨɜɤɟ ɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɮɭɧɤɰɢɢ ɩɟɪɟɦɟɳɟɧɢɹ ɩɚɪɨɥɟɣ ɫɦɨɬɪɢɬɟ ɞɨɤɭɦɟɧɬ Readme.doc ɜ ɩɚɩɤɟ \I386\ADMT ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤɟ Windows Server 2003 ɢɥɢ ɩɨ ɚɞɪɟɫɭ: http://www.7nicrosoft.co7n/ windows2000/downloads/tools/admt/default.asp. 5. ɍɩɪɚɜɥɹɣɬɟ ɫɨɫɬɨɹɧɢɟɦ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫ ɩɨɦɨɳɶɸ ɨɩɰɢɢ ɩɟɪɟɦɟɳɟɧɢɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ. ɋ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ ADMT ɦɨɠɧɨ ɭɩɪɚɜɥɹɬɶ ɩɟɪɟɯɨɞɨɦ ɨɬ ɢɫɯɨɞɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɤ ɰɟɥɟɜɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɜ ɨɤɧɟ Account Transition Options (Ɉɩɰɢɢ ɩɟɪɟɯɨɞɚ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ). ɋɭɳɟɫɬɜɭɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɭɩɪɚɜɥɟɧɢɹ ɫɨɫɬɨɹɧɢɟɦ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɰɟɥɟɜɨɝɨ ɞɨɦɟɧɚ (ɪɚɡɪɟɲɚɬɶ, ɛɥɨɤɢɪɨɜɚɬɶ ɢɥɢ ɭɪɚɜɧɹɬɶ ɟɟ ɫ ɢɫɯɨɞɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ) ɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɢɫɯɨɞɧɨɝɨ ɞɨɦɟɧɚ (ɛɥɨɤɢɪɨɜɚɬɶ ɢɥɢ ɪɚɡɪɟɲɢɬɶ ɧɚ ɭɫɬɚɧɨɜɥɟɧɧɨɟ ɤɨɥɢɱɟɫɬɜɨ ɞɧɟɣ). . , , , . . , . , Windows Server 2003 ,
ADMT, . Windows NT 4
,
ADMT, ADMT.
Ɂɚɤɥɸɱɢɬɟɥɶɧɵɣ ɲɚɝ ɜ ɦɨɞɟɪɧɢɡɚɰɢɢ ɞɨɦɟɧɚ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɤ Windows Server 2003 ɫɨɫɬɨɢɬ ɜ ɩɪɟɤɪɚɳɟɧɢɢ ɷɤɫɩɥɭɚɬɚɰɢɢ ɢɫɯɨɞɧɨɝɨ ɞɨɦɟɧɚ, ɤɨɬɨɪɨɟ ɩɪɨɢɡɜɨɞɢɬɫɹ ɩɨɫɥɟ ɩɪɨɜɟɪɤɢ ɬɨɝɨ, ɱɬɨ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɧɭɠɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ ɩɟɪɟɦɟɳɟɧɵ ɤ Windows Server 2003, ɚ ɫɟɬɟɜɵɟ ɫɥɭɠɛɵ ɪɚɛɨɬɚɸɬ ɜ ɱɢɫɬɨɦ ɥɟɫɭ. ɑɬɨɛɵ ɩɪɟɤɪɚɬɢɬɶ ɷɤɫɩɥɭɚɬɚɰɢɸ ɞɨɦɟɧɚ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ, ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɩɪɨɫɬɨ ɜɵɤɥɸɱɚɸɬ. ɋɩɭɫɬɹ ɧɟɤɨɬɨɪɨɟ ɜɪɟɦɹ (ɜ ɬɟɱɟɧɢɟ ɤɨɬɨɪɨɝɨ ɦɨɧɢɬɨɪ ɨɬɫɥɟɠɢɜɚɟɬ ɥɸɛɵɟ ɩɟɪɟɪɵɜɵ ɜ ɞɨɫɬɭɩɟ ɤ ɫɟɬɢ ɢɥɢ ɪɟɫɭɪɫɚɦ) ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɢɥɢ ɦɨɞɟɪɧɢɡɢɪɭɸɬɫɹ ɞɨ Windows Server 2003, ɢɥɢ ɧɚ ɧɢɯ ɡɚɧɨɜɨ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɨɩɟɪɚɰɢɨɧɧɚɹ ɫɢɫɬɟɦɚ Windows Server 2003, ɚ ɨɧɢ ɧɚɡɧɚɱɚɸɬɫɹ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɢɥɢ ɨɫɬɚɸɬɫɹ ɜ ɪɨɥɢ ɫɟɪɜɟɪɨɜ-ɱɥɟɧɨɜ ɞɨɦɟɧɚ. . Windows NT 4 , . «account unknown (
)». ,
«account unknown», ,
SID-
History.
, Windows NT 4. Ɍɟɩɟɪɶ, ɤɨɝɞɚ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɝɥɨɛɚɥɶɧɵɯ ɝɪɭɩɩ ɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɩɟɪɟɦɟɳɟɧɵ, ɩɪɨɰɟɫɫ ɦɨɞɟɪɧɢɡɚɰɢɢ ɞɨɦɟɧɚ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɡɚɜɟɪɲɟɧ. ȼɚɲɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜɯɨɞɹɬ ɜ ɞɨɦɟɧ Windows Server 2003 ɢ ɥɟɝɤɨ ɨɛɪɚɳɚɸɬɫɹ ɤ ɢɯ ɨɛɳɟɞɨɫɬɭɩɧɵɦ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ ɫ ɞɨɦɟɧɚ ɪɟɫɭɪɫɨɜ Windows NT 4. Ȼɥɚɝɨɞɚɪɹ ɢɞɟɧɬɢɮɢɤɚɬɨɪɭ SID-History ɢ ɜɚɲɟɦɭ ɨɩɵɬɭ ɤɨɧɟɱɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɧɟ ɩɨɱɭɜɫɬɜɭɸɬ, ɱɬɨ ɫɪɟɞɚ, ɜ ɤɨɬɨɪɨɣ ɨɧɢ ɪɚɛɨɬɚɸɬ, ɹɜɥɹɟɬɫɹ ɫɦɟɲɚɧɧɨɣ, ɢ ɛɭɞɭɬ ɪɚɛɨɬɚɬɶ ɤɚɤ ɨɛɵɱɧɨ. ɑɬɨɛɵ ɡɚɜɟɪɲɢɬɶ ɩɪɨɟɤɬ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɜɚɲɢɦ ɝɪɚɮɢɤɨɦ ɪɚɛɨɬ, ɬɟɩɟɪɶ ɦɨɠɧɨ ɩɟɪɟɦɟɳɚɬɶ ɞɨɦɟɧɵ ɪɟɫɭɪɫɨɜ ɜ Windows Server 2003.
ɑɬɨɛɵ ɩɟɪɟɦɟɫɬɢɬɶ ɞɨɦɟɧɵ ɪɟɫɭɪɫɨɜ, ɧɟɨɛɯɨɞɢɦɨ ɜɵɩɨɥɧɢɬɶ ɫɥɟɞɭɸɳɟɟ. ɍɞɨɜɥɟɬɜɨɪɢɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɬɪɟɛɨɜɚɧɢɹ ɡɚɳɢɬɵ. ɂɞɟɧɬɢɮɢɰɢɪɨɜɚɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ, ɜɵɩɨɥɧɹɸɳɢɯɫɹ ɧɚ ɫɟɪɜɟɪɚɯ-ɱɥɟɧɚɯ ɞɨɦɟɧɚ. ɉɟɪɟɦɟɫɬɢɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɨɜ (ɫɟɪɜɟɪɵ-ɱɥɟɧɵ ɞɨɦɟɧɚ ɢ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ). ɉɟɪɟɦɟɫɬɢɬɶ ɫɨɜɦɟɫɬɧɨ ɢɫɩɨɥɶɡɭɟɦɵɟ ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ. ɉɟɪɟɦɟɫɬɢɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ. ɉɪɟɤɪɚɬɢɬɶ ɷɤɫɩɥɭɚɬɚɰɢɸ ɜɫɟɯ ɢɫɯɨɞɧɵɯ ɞɨɦɟɧɨɜ. ɑɬɨɛɵ ɪɚɡɪɟɲɢɬɶ ɩɟɪɟɦɟɳɟɧɢɟ ɪɟɫɭɪɫɨɜ Windows NT 4 ɜ Windows Server 2003, ɜɵɩɨɥɧɢɬɟ ɞɟɣɫɬɜɢɹ, ɫɜɹɡɚɧɧɵɯ ɫ ɡɚɳɢɬɨɣ. 1. ɍɞɨɫɬɨɜɟɪɶɬɟɫɶ, ɱɬɨ ɝɪɭɩɩɚ Domain Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ) ɰɟɥɟɜɨɝɨ ɞɨɦɟɧɚ ɹɜɥɹɟɬɫɹ ɱɥɟɧɨɦ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɵ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɧɚ ɞɨɦɟɧɟ ɪɟɫɭɪɫɨɜ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4. ɗɬɨ ɨɛɟɫɩɟɱɢɬ ɧɟɨɛɯɨɞɢɦɵɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɚɜɚ ɧɚ ɤɚɠɞɨɦ ɫɟɪɜɟɪɟɱɥɟɧɟ ɞɨɦɟɧɚ ɢ ɧɚ ɤɚɠɞɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɜ ɞɨɦɟɧɟ ɪɟɫɭɪɫɨɜ, ɱɬɨɛɵ ɜɵ ɦɨɝɥɢ ɩɟɪɟɦɟɳɚɬɶ ɪɟɫɭɪɫɵ ɞɨɦɟɧɚ. 2. ɋɨɡɞɚɣɬɟ ɜɬɨɪɨɟ ɞɨɜɟɪɢɬɟɥɶɧɨɟ ɨɬɧɨɲɟɧɢɟ ɨɬ ɰɟɥɟɜɨɝɨ ɞɨɦɟɧɚ ɤ ɞɨɦɟɧɭ ɪɟɫɭɪɫɨɜ. ȼ ɪɚɡɞɟɥɟ «ɋɨɡɞɚɧɢɟ ɱɢɫɬɨɝɨ ɥɟɫɚ» ɷɬɨɣ ɝɥɚɜɵ ɪɚɫɫɤɚɡɵɜɚɥɨɫɶ, ɤɚɤ ɷɬɨ ɫɞɟɥɚɬɶ. ɍɫɬɚɧɚɜɥɢɜɚɹ ɜɬɨɪɨɟ ɞɨɜɟɪɢɬɟɥɶɧɨɟ ɨɬɧɨɲɟɧɢɟ, ɜɵ ɫɨɡɞɚɟɬɟ ɞɜɚ ɨɞɧɨɫɬɨɪɨɧɧɢɯ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɨɦɟɧɨɦ ɪɟɫɭɪɫɨɜ ɢ ɰɟɥɟɜɵɦ ɞɨɦɟɧɨɦ. ɂɫɩɨɥɶɡɭɣɬɟ ɨɫɧɚɫɬɤɭ Active Directory Domains And Trusts (Ⱦɨɦɟɧɵ ɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ Active Directory) ɞɥɹ ɩɪɨɜɟɪɤɢ ɬɨɝɨ, ɱɬɨ ɷɬɨ ɞɨɜɟɪɢɬɟɥɶɧɨɟ ɨɬɧɨɲɟɧɢɟ ɛɵɥɨ ɭɫɬɚɧɨɜɥɟɧɨ.
ɍɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ - ɷɬɨ ɫɩɟɰɢɚɥɶɧɵɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɨɩɟɪɢɪɨɜɚɧɢɹ ɫɥɭɠɛɚɦɢ, ɜɵɩɨɥɧɹɸɳɢɦɢɫɹ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ ɫ ɫɢɫɬɟɦɚɦɢ Windows NT 4 ɢ Windows Server 2003. Ȼɨɥɶɲɢɧɫɬɜɨ ɫɥɭɠɛ ɪɚɛɨɬɚɸɬ ɩɨɞ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ Local System Authority (LSA) (ȼɥɚɫɬɢ ɥɨɤɚɥɶɧɨɣ ɫɢɫɬɟɦɵ). ɉɪɢ ɦɨɞɟɪɧɢɡɚɰɢɢ ɞɨɦɟɧɚ ɪɟɫɭɪɫɨɜ ɫɧɚɱɚɥɚ ɧɭɠɧɨ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɬɶ ɫɥɭɠɛɵ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɟ ɬɚɤ, ɱɬɨɛɵ ɧɟ ɜɵɩɨɥɧɹɬɶɫɹ ɩɨɞ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ LSA. Ɇɨɞɟɪɧɢɡɚɰɢɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫɥɭɠɛ ɫɨɫɬɨɢɬ ɢɡ ɞɜɭɯ ɷɬɚɩɨɜ. ɋɧɚɱɚɥɚ ɧɭɠɧɨ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ. ɉɨɫɥɟ ɩɟɪɟɦɟɳɟɧɢɹ ɤɨɦɩɶɸɬɟɪɨɜ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɟɬɫɹ ɫɢɫɬɟɦɚ Windows NT 4, ɜ ɰɟɥɟɜɨɣ ɞɨɦɟɧ ɫ Windows Server 2003 ɦɨɠɧɨ ɩɟɪɟɧɨɫɢɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɧɧɵɯ ɫɥɭɠɛ. ɑɬɨɛɵ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ, ɪɚɛɨɬɚɸɳɢɯ ɧɚ ɢɫɯɨɞɧɵɯ ɞɨɦɟɧɚɯ ɫ Windows NT 4, ɢɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬ ADMT, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ: 1. Ɉɬɤɪɨɣɬɟ Service Account Migration Wizard (Ɇɚɫɬɟɪ ɦɨɞɟɪɧɢɡɚɰɢɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ). 2. ȼɵɛɟɪɢɬɟ ɢɫɯɨɞɧɵɣ ɢ ɰɟɥɟɜɨɣ ɞɨɦɟɧɵ. 3. ȼ ɢɫɯɨɞɧɨɦ ɞɨɦɟɧɟ ɜɵɛɟɪɢɬɟ ɜɫɟ ɤɨɦɩɶɸɬɟɪɵ, ɧɚ ɤɨɬɨɪɵɯ ɧɭɠɧɨ ɧɚɣɬɢ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ. ɑɬɨɛɵ ɜɵɩɨɥɧɢɬɶ ɷɬɭ ɡɚɞɚɱɭ, ɜɵ ɞɨɥɠɧɵ ɩɨɫɦɨɬɪɟɬɶ ɞɨɤɭɦɟɧɬɚɰɢɸ, ɤɚɫɚɸɳɭɸɫɹ ɫɪɟɞɵ ɞɨɦɟɧɚ, ɤɨɬɨɪɚɹ ɫɭɳɟɫɬɜɨɜɚɥɚ ɞɨ ɦɨɞɟɪɧɢɡɚɰɢɢ. 4. Ɂɚɜɟɪɲɢɬɟ ɜɵɩɨɥɧɟɧɢɟ Service Account Migration Wizard. ȼɫɹ ɢɧɮɨɪɦɚɰɢɹ ɛɭɞɟɬ ɫɨɯɪɚɧɟɧɚ ɜ ɛɚɡɟ ɞɚɧɧɵɯ ADMT, ɩɨɤɚ ɨɧɚ ɧɟ ɩɨɬɪɟɛɭɟɬɫɹ ɞɥɹ ɮɚɤɬɢɱɟɫɤɨɝɨ ɩɟɪɟɦɟɳɟɧɢɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ. ɉɟɪɟɦɟɳɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫɥɭɠɛ ɩɪɨɢɫɯɨɞɢɬ ɩɨɫɥɟ ɩɟɪɟɦɟɳɟɧɢɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫɚɦɢɯ ɤɨɦɩɶɸɬɟɪɨɜ. ɍɱɟɬɧɵɟ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɨɜ, ɤɨɬɨɪɵɟ ɩɨɫɬɨɹɧɧɨ ɧɚɯɨɞɹɬɫɹ ɜ ɞɨɦɟɧɟ ɪɟɫɭɪɫɨɜ Windows NT 4, ɜɤɥɸɱɚɸɬ ɫɟɪɜɟɪɵ-ɱɥɟɧɵ ɞɨɦɟɧɚ ɫ Windows NT 4 Server, ɚ ɬɚɤɠɟ ɤɨɦɩɶɸɬɟɪɵ ɫ Windows NT Workstation 4, Windows 2000 Professional ɢ Windows XP Professional. ɉɪɢ ɦɨɞɟɪɧɢɡɚɰɢɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɛɭɞɭɬ ɤɥɨɧɢɪɨɜɚɧɵ ɜɫɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɨɜ ɢɡ ɢɫɯɨɞɧɨɝɨ ɞɨɦɟɧɚ ɜ OU ɰɟɥɟɜɨɝɨ ɞɨɦɟɧɚ. . , , Windows NT 4 . « » Windows Server 2003. Э « » Windows Server 2003 . Active Directory, ., ɑɬɨɛɵ ɩɟɪɟɦɟɫɬɢɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɨɜ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ ADMT, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. Ɉɬɤɪɨɣɬɟ Computer Migration Wizard (Ɇɚɫɬɟɪ ɦɨɞɟɪɧɢɡɚɰɢɢ ɤɨɦɩɶɸɬɟɪɨɜ). ȼɵɛɟɪɢɬɟ ɢɫɯɨɞɧɵɣ ɢ ɰɟɥɟɜɨɣ ɞɨɦɟɧɵ. ȼ ɢɫɯɨɞɧɨɦ ɞɨɦɟɧɟ ɜɵɛɟɪɢɬɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɨɜ, ɤɨɬɨɪɵɟ ɧɭɠɧɨ ɩɟɪɟɧɟɫɬɢ. ȼɵɛɟɪɢɬɟ ɜ ɰɟɥɟɜɨɦ ɞɨɦɟɧɟ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɟ ɟɞɢɧɢɰɵ OU, ɜ ɤɨɬɨɪɵɟ ɧɭɠɧɨ ɩɟɪɟɧɟɫɬɢ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɨɜ. ȼɵɛɟɪɢɬɟ ɥɸɛɵɟ ɤɨɦɩɶɸɬɟɪɧɵɟ ɨɛɴɟɤɬɵ, ɞɥɹ ɤɨɬɨɪɵɯ ɧɭɠɧɨ ɩɟɪɟɦɟɫɬɢɬɶ ɡɚɳɢɬɭ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ. ɉɪɢ ɷɬɨɦ ɨɛɧɨɜɹɬɫɹ ɫɩɢɫɤɢ ɪɚɡɝɪɚɧɢɱɢɬɟɥɶɧɨɝɨ ɤɨɧɬɪɨɥɹ ɞɨɫɬɭɩɚ (DACL) ɞɥɹ ɪɟɫɭɪɫɨɜ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɧɚ ɩɟɪɟɧɟɫɟɧɧɵɯ ɤɨɦɩɶɸɬɟɪɚɯ, ɧɨɜɵɦɢ ɢɞɟɧɬɢɮɢɤɚɬɨɪɚɦɢ SID ɰɟɥɟɜɵɯ ɞɨɦɟɧɨɜ ɞɥɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɟɪɟɦɟɳɟɧɧɵɯ ɝɪɭɩɩ ɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Ⱦɨɫɬɭɩɧɵ ɫɥɟɞɭɸɳɢɟ ɨɛɴɟɤɬɵ: • ɮɚɣɥɵ ɢ ɩɚɩɤɢ; • ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ; • ɩɪɢɧɬɟɪɵ; • ɫɢɫɬɟɦɧɵɣ ɪɟɟɫɬɪ; • ɫɨɜɦɟɫɬɧɨ ɢɫɩɨɥɶɡɭɟɦɵɟ ɪɟɫɭɪɫɵ; • ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɪɨɮɢɥɢ; • ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɪɚɜɚ. . Computer Migration Wizard, , Security Translation
Wizard (
) Translate Objects ( .
ADMT. ), ,
. , Previously Migrated Objects ( ). ɍɫɬɚɧɨɜɢɬɟ ɩɟɪɟɡɚɩɭɫɤ ɩɟɪɟɦɟɳɟɧɧɨɝɨ ɤɨɦɩɶɸɬɟɪɚ. ɑɬɨɛɵ ɩɟɪɟɦɟɫɬɢɬɶ ɤɨɦɩɶɸɬɟɪɧɭɸ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɫ ɨɞɧɨɝɨ ɞɨɦɟɧɚ ɧɚ ɞɪɭɝɨɣ, ɢɧɫɬɪɭɦɟɧɬ ADMT ɩɨɫɵɥɚɟɬ ɚɝɟɧɬɚ, ɱɬɨɛɵ ɫɞɟɥɚɬɶ ɢɡɦɟɧɟɧɢɟ ɧɚ ɫɚɦɨɦ ɤɨɦɩɶɸɬɟɪɟ. ɉɪɨɰɟɫɫ ɦɨɞɟɪɧɢɡɚɰɢɢ ɤɨɦɩɶɸɬɟɪɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɡɚɜɟɪɲɚɟɬɫɹ ɩɨɫɥɟ ɩɟɪɟɡɚɩɭɫɤɚ ɩɟɪɟɦɟɳɟɧɧɨɝɨ ɤɨɦɩɶɸɬɟɪɚ. ɂɧɫɬɪɭɦɟɧɬ ADMT ɩɨɡɜɨɥɹɟɬ ɡɚɞɚɬɶ ɢɧɬɟɪɜɚɥ ɜɪɟɦɟɧɢ ɦɟɠɞɭ ɨɤɨɧɱɚɧɢɟɦ ɪɚɛɨɬɵ ɦɚɫɬɟɪɚ ɢ ɩɟɪɟɡɚɩɭɫɤɨɦ ɤɨɦɩɶɸɬɟɪɚ. ȼɵɩɨɥɧɢɬɟ Computer Migration Wizard (Ɇɚɫɬɟɪ ɦɨɞɟɪɧɢɡɚɰɢɢ ɤɨɦɩɶɸɬɟɪɨɜ). ɉɨɫɥɟ ɨɤɨɧɱɚɧɢɹ ɟɝɨ ɪɚɛɨɬɵ ɳɟɥɤɧɢɬɟ ɧɚ View Dispatch Log (ɉɪɨɫɦɨɬɪ ɠɭɪɧɚɥɚ ɨɬɩɪɚɜɤɢ), ɱɬɨɛɵ ɩɪɨɜɟɪɢɬɶ ɭɪɩɟɲɧɨɫɬɶ ɪɚɛɨɬɵ (dispatch agent). ɗɬɨɬ ɤɨɦɩɨɧɟɧɬ ɨɛɧɨɜɥɹɟɬ ɱɥɟɧɫɬɜɨ ɤɨɦɩɶɸɬɟɪɚ ɜ ɞɨɦɟɧɟ, ɚ ɡɚɬɟɦ ɩɟɪɟɡɚɩɭɫɤɚɟɬ ɤɨɦɩɶɸɬɟɪ. ɀɭɪɧɚɥ ɪɟɝɢɫɬɪɚɰɢɢ ɨɬɩɪɚɜɤɢ ɚɝɟɧɬɚ ɩɨɥɟɡɟɧ ɞɥɹ ɩɨɢɫɤɚ ɧɟɢɫɩɪɚɜɧɨɫɬɟɣ ɩɪɢ ɧɟɭɞɚɜɲɟɣɫɹ ɦɨɞɟɪɧɢɡɚɰɢɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɚ. Ɉɛɳɢɟ ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ (shared local groups) — ɷɬɨ ɩɪɨɫɬɨ ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɫ Windows NT 4. Ɉɧɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɨɪɝɚɧɢɡɚɰɢɢ ɩɪɚɜ ɞɨɫɬɭɩɚ. ȿɫɥɢ ɧɚ ɜɚɲɟɦ ɩɪɟɞɩɪɢɹɬɢɢ ɫɭɳɟɫɬɜɭɸɬ ɬɚɤɢɟ ɝɪɭɩɩɵ, ɬɨ ɜɵ ɞɨɥɠɧɵ ɩɟɪɟɧɟɫɬɢ ɢɯ ɧɚ ɰɟɥɟɜɨɣ ɞɨɦɟɧ ɞɥɹ ɫɨɯɪɚɧɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ ɞɥɹ ɩɟɪɟɦɟɳɟɧɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɉɪɨɰɟɫɫ ɦɨɞɟɪɧɢɡɚɰɢɢ ɨɛɳɢɯ ɥɨɤɚɥɶɧɵɯ ɝɪɭɩɩ ɧɟ ɫɢɥɶɧɨ ɨɬɥɢɱɚɟɬɫɹ ɨɬ ɩɪɨɰɟɫɫɚ ɦɨɞɟɪɧɢɡɚɰɢɢ ɝɥɨɛɚɥɶɧɵɯ ɝɪɭɩɩ, ɤɨɬɨɪɵɣ ɛɵɥ ɨɩɢɫɚɧ ɜɵɲɟ. . , , . Э , , SAM . SAM , . , SID . Computer Migration Wizard, , . ɑɬɨɛɵ ɩɟɪɟɦɟɫɬɢɬɶ ɨɛɳɢɟ ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ, ɢɫɩɨɥɶɡɭɹ ADMT, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. Ɉɬɤɪɨɣɬɟ Group Account Migration Wizard (Ɇɚɫɬɟɪ ɦɨɞɟɪɧɢɡɚɰɢɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɝɪɭɩɩ). 2. ȼɵɛɟɪɢɬɟ ɢɫɯɨɞɧɵɟ ɢ ɰɟɥɟɜɵɟ ɞɨɦɟɧɵ. 3. ȼɵɛɟɪɢɬɟ ɨɛɳɭɸ ɥɨɤɚɥɶɧɭɸ ɝɪɭɩɩɭ, ɤɨɬɨɪɭɸ ɧɭɠɧɨ ɩɟɪɟɦɟɫɬɢɬɶ. 4. ȼɵɛɟɪɢɬɟ ɨɪɝɚɧɢɡɚɰɢɨɧɧɭɸ ɟɞɢɧɢɰɭ OU, ɜ ɤɨɬɨɪɭɸ ɧɭɠɧɨ ɩɟɪɟɦɟɫɬɢɬɶ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɝɪɭɩɩɵ. 5. Ɉɛɹɡɚɬɟɥɶɧɨ ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ Migrate Group SIDs To Target Domain (ɉɟɪɟɦɟɫɬɢɬɶ SID ɝɪɭɩɩɵ ɜ ɰɟɥɟɜɨɣ ɞɨɦɟɧ). 6. ɉɨɡɜɨɥɶɬɟ ɦɚɫɬɟɪɭ ɩɟɪɟɦɟɳɟɧɢɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɝɪɭɩɩɵ ɜɵɩɨɥɧɹɬɶɫɹ ɞɨ ɡɚɜɟɪɲɟɧɢɹ ɦɨɞɟɪɧɢɡɚɰɢɢ ɨɛɳɢɯ ɥɨɤɚɥɶɧɵɯ ɝɪɭɩɩ ɜ ɰɟɥɟɜɨɣ ɞɨɦɟɧ. ɉɨɫɥɟ ɩɟɪɟɦɟɳɟɧɢɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɤɨɦɩɶɸɬɟɪɚ ɧɚ ɰɟɥɟɜɨɣ ɞɨɦɟɧ ɦɨɠɧɨ ɡɚɜɟɪɲɚɬɶ ɜɬɨɪɭɸ ɫɬɚɞɢɸ ɩɪɨɰɟɫɫɚ ɩɟɪɟɦɟɳɟɧɢɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫɥɭɠɛ. ȼ ɧɚɱɚɥɟ ɩɪɨɰɟɫɫɚ ɦɨɞɟɪɧɢɡɚɰɢɢ ɞɨɦɟɧɚ ɪɟɫɭɪɫɨɜ ɜɵ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɥɢ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɨɜɚɥɢɫɶ ɞɥɹ ɨɩɟɪɢɪɨɜɚɧɢɹ ɫɥɭɠɛɚɦɢ ɫɟɪɜɟɪɨɜ-ɱɥɟɧɨɜ ɞɨɦɟɧɚ. Ɍɟɩɟɪɶ ɜɵ ɛɭɞɟɬɟ ɩɟɪɟɧɨɫɢɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ ɞɨɦɟɧɚ ɪɟɫɭɪɫɨɜ ɫ Windows NT 4 ɧɚ ɰɟɥɟɜɨɣ ɞɨɦɟɧ Windows Server 2003. ɗɬɚ ɩɪɨɰɟɞɭɪɚ ɝɚɪɚɧɬɢɪɭɟɬ, ɱɬɨ ɜɫɟ ɫɥɭɠɛɵ, ɧɟ ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɩɨɞ LSA, ɛɭɞɭɬ ɡɚɩɭɫɤɚɬɶ ɬɪɟɛɭɟɦɵɟ ɫɥɭɠɛɵ ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɫɟɪɜɟɪ-ɱɥɟɧ ɞɨɦɟɧɚ ɩɟɪɟɦɟɫɬɢɬɫɹ ɜ ɰɟɥɟɜɨɣ ɞɨɦɟɧ. ɑɬɨɛɵ ɩɟɪɟɦɟɫɬɢɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ, ɢɫɩɨɥɶɡɭɹ ADMT, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. Ɉɬɤɪɨɣɬɟ User Account Migration Wizard (Ɇɚɫɬɟɪ ɦɨɞɟɪɧɢɡɚɰɢɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ).
2. ȼɵɛɟɪɢɬɟ ɢɫɯɨɞɧɵɟ ɢ ɰɟɥɟɜɵɟ ɞɨɦɟɧɵ. 3. ȼɵɛɟɪɢɬɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ, ɤɨɬɨɪɵɟ ɧɭɠɧɨ ɩɟɪɟɦɟɫɬɢɬɶ. 1. ɋɨɜɟɬ. ȿɫɥɢ ɜɵ ɧɟ ɩɨɦɧɢɬɟ ɢɦɟɧɚ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɪɚɧɟɟ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫɥɭɠɛ, ɦɨɠɧɨ ɩɪɨɫɦɨɬɪɟɬɶ ɠɭɪɧɚɥ ɚɝɟɧɬɨɜ ɨɬɩɪɚɜɤɢ (Dctlog.txt), ɤɨɬɨɪɵɣ ɪɚɫɩɨɥɨɠɟɧ ɜ ɩɚɩɤɟ %userprofile %\Temp. ȿɫɥɢ ɜɵ ɜɨɲɥɢ ɜ ɫɢɫɬɟɦɭ Windows 2. Server 2003 ɤɚɤ Migratorl, ɜɵ ɧɚɣɞɟɬɟ ɷɬɨɬ ɮɚɣɥ ɜ ɩɚɩɤɟ C:\Documents and Settings\Migratorl\Temp. 3. ȼɵɛɟɪɢɬɟ ɨɪɝɚɧɢɡɚɰɢɨɧɧɭɸ ɟɞɢɧɢɰɭ OU ɜ ɰɟɥɟɜɨɦ ɞɨɦɟɧɟ, ɜ ɤɨɬɨɪɭɸ ɧɭɠɧɨ ɩɟɪɟɧɟɫɬɢ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɥɭɠɛ. 4. Ƚɟɧɟɪɚɰɢɹ ɫɥɨɠɧɨɝɨ ɩɚɪɨɥɹ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɦɨɞɟɪɧɢɡɚɰɢɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫɥɭɠɛ. ɇɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɤɚɤɭɸ ɨɩɰɢɸ ɦɨɞɟɪɧɢɡɚɰɢɢ ɩɚɪɨɥɹ ɜɵ ɜɵɛɟɪɟɬɟ ɜ ɨɤɧɟ Password Options (Ɉɩɰɢɢ ɩɚɪɨɥɹ), ɢɧɫɬɪɭɦɟɧɬ ADMT ɛɭɞɟɬ ɜɫɟɝɞɚ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɩɰɢɸ ɫɥɨɠɧɨɝɨ ɩɚɪɨɥɹ. ADMT ɪɚɫɩɨɡɧɚɟɬ, ɱɬɨ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɤɨɬɨɪɭɸ ɜɵ ɩɟɪɟɦɟɳɚɟɬɟ, ɹɜɥɹɟɬɫɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ ɫɥɭɠɛɵ, ɢ ɩɪɟɞɨɫɬɚɜɢɬ ɟɣ ɩɪɚɜɨ ɜɯɨɞɢɬɶ ɜ ɫɢɫɬɟɦɭ ɜ ɤɚɱɟɫɬɜɟ ɫɥɭɠɛɵ. . , , , , , «log on as a service» ( ), . Security Translation Wizard ( ). Translate Objects ( ) Local Groups ( ) User Rights ( ) , , . Э , . Ɍɟɩɟɪɶ, ɤɨɝɞɚ ɜɫɟ ɞɨɦɟɧɵ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɢ ɞɨɦɟɧɵ ɪɟɫɭɪɫɨɜ ɛɵɥɢ ɩɟɪɟɦɟɳɟɧɵ ɜ Windows Server 2003 ɢ ɜ Active Directory, ɦɨɠɧɨ ɩɪɟɤɪɚɬɢɬɶ ɷɤɫɩɥɭɚɬɚɰɢɸ ɢɫɯɨɞɧɵɯ ɞɨɦɟɧɨɜ Windows NT 4. ȼɟɞɶ ɟɞɢɧɫɬɜɟɧɧɵɟ ɤɨɦɩɶɸɬɟɪɵ, ɨɫɬɚɜɲɢɟɫɹ ɜ ɢɫɯɨɞɧɵɯ ɞɨɦɟɧɚɯ - ɷɬɨ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɚɲ ɩɥɚɧ ɩɟɪɟɯɨɞɚ ɬɪɟɛɭɟɬ ɩɟɪɟɦɟɳɟɧɢɹ ɷɬɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɰɟɥɟɜɨɣ ɞɨɦɟɧ Windows Server 2003, ɦɨɠɧɨ ɩɟɪɟɦɟɫɬɢɬɶ ɢɯ. ɋɭɳɟɫɬɜɭɟɬ ɞɨɜɨɥɶɧɨ ɫɥɨɠɧɵɣ ɩɪɨɰɟɫɫ ɩɟɪɟɜɨɞɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɚɜɬɨɧɨɦɧɵɣ ɪɟɠɢɦ, ɢɯ ɨɛɧɨɜɥɟɧɢɹ, ɧɚɡɧɚɱɟɧɢɹ ɧɚ ɪɨɥɶ ɤɨɧɬɪɨɥɟɪɚ, ɨɬɦɟɧɚ ɷɬɨɣ ɪɨɥɢ, ɩɨɜɬɨɪɧɨɝɨ ɧɚɡɧɚɱɟɧɢɹ, ɱɬɨɛɵ ɫɞɟɥɚɬɶ ɢɯ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɜ ɧɨɜɨɦ ɞɨɦɟɧɟ. Ȼɭɞɟɬ ɥɭɱɲɟ, ɟɫɥɢ ɜɵ ɭɛɟɞɢɬɟɫɶ, ɱɬɨ ɜɫɟ ɧɟɨɛɯɨɞɢɦɵɟ ɞɚɧɧɵɟ ɩɟɪɟɦɟɳɟɧɵ ɫ ɷɬɢɯ ɫɟɪɜɟɪɨɜ, ɚ ɡɚɬɟɦ ɜɵɩɨɥɧɢɬɟ ɧɨɜɭɸ ɢɧɫɬɚɥɥɹɰɢɸ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ Windows Server 2003. Ɂɚɤɥɸɱɢɬɟɥɶɧɚɹ ɡɚɞɚɱɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɭɞɚɥɢɬɶ ɜɫɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɫɨɡɞɚɧɵ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɦɨɞɟɪɧɢɡɚɰɢɢ. ɂɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬ Active Directory Domains And Trusts, ɜɵɛɟɪɢɬɟ ɤɚɠɞɨɟ ɞɨɜɟɪɢɬɟɥɶɧɨɟ ɨɬɧɨɲɟɧɢɟ ɫ ɛɨɥɟɟ ɧɟ ɫɭɳɟɫɬɜɭɸɳɢɦ ɞɨɦɟɧɨɦ ɫɢɫɬɟɦɵ Windows NT 4 ɢ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Remove (ɍɞɚɥɢɬɶ).
Ɍɪɟɬɢɣ ɩɭɬɶ, ɤɨɬɨɪɵɣ ɦɵ ɪɚɫɫɦɨɬɪɢɦ, — ɨɛɧɨɜɥɟɧɢɟ ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ, ɢɥɢ ɩɟɪɟɦɟɳɟɧɢɟ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ. ȼɵɲɟ ɝɨɜɨɪɢɥɨɫɶ, ɱɬɨ ɜ ɩɪɨɰɟɫɫɟ ɨɛɧɨɜɥɟɧɢɹ ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ ɫɧɚɱɚɥɚ ɨɛɧɨɜɥɹɸɬɫɹ ɞɨ Windows Server 2003 (ɩɪɢ ɷɬɨɦ ɫɨɯɪɚɧɹɟɬɫɹ ɩɟɪɜɨɧɚɱɚɥɶɧɚɹ ɢɟɪɚɪɯɢɹ ɞɨɦɟɧɚ), ɚ ɡɚɬɟɦ ɩɪɨɢɫɯɨɞɢɬ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɞɨɦɟɧɚ, ɩɪɢ ɤɨɬɨɪɨɣ ɨɛɴɟɤɬɵ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɩɟɪɟɧɨɫɹɬɫɹ ɫ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɧɵɯ ɢɫɯɨɞɧɵɯ ɞɨɦɟɧɨɜ ɜ ɰɟɥɟɜɨɣ ɞɨɦɟɧ (ɢɥɢ ɞɨɦɟɧɵ). ȼɵ ɭɠɟ ɡɧɚɤɨɦɵ ɫ ɡɚɞɚɱɚɦɢ, ɤɨɬɨɪɵɟ ɧɟɨɛɯɨɞɢɦɨ ɜɵɩɨɥɧɢɬɶ ɩɪɢ ɦɨɞɟɪɧɢɡɚɰɢɢ ɞɨ Active Directory ɩɭɬɟɦ ɨɛɧɨɜɥɟɧɢɹ ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ. Ɉɞɧɚɤɨ, ɜ ɫɜɹɡɢ ɫ ɬɪɟɛɨɜɚɧɢɹɦɢ ɡɚɳɢɬɵ Windows Server 2003, ɜɵ ɭɜɢɞɢɬɟ, ɱɬɨ ɩɟɪɟɦɟɳɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ ɪɚɛɨɬɚɟɬ ɢɧɚɱɟ, ɱɟɦ ɜ ɫɰɟɧɚɪɢɢ ɦɨɞɟɪɧɢɡɚɰɢɢ ɦɟɠɞɭ ɥɟɫɚɦɢ. ɉɪɨɰɟɫɫ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ ɩɨɫɥɟ ɨɛɧɨɜɥɟɧɢɹ ɤ Windows Server 2003 ɧɟ ɨɛɹɡɚɬɟɥɶɧɨ ɩɪɨɢɫɯɨɞɢɬ ɫɪɚɡɭ ɠɟ. Ɋɟɫɬɪɭɤɬɭɪɢɪɨɜɚɧɢɟ ɞɨɦɟɧɚ ɦɨɠɟɬ ɛɵɬɶ ɩɪɨɜɟɞɟɧɨ, ɤɨɝɞɚ ɜɵ ɩɨɥɭɱɢɬɟ ɧɚɜɵɤ ɭɩɪɚɜɥɟɧɢɹ ɫɥɭɠɛɨɣ Active Directory, ɩɨɫɤɨɥɶɤɭ ɫɬɪɭɤɬɭɪɚ Active Directory ɦɨɠɟɬ ɢɡɦɟɧɹɬɶɫɹ ɩɪɢ ɢɡɦɟɧɟɧɢɢ ɜɚɲɟɝɨ ɛɢɡɧɟɫɚ. ɗɬɨɬ ɪɚɡɞɟɥ ɩɨɤɚɡɵɜɚɟɬ ɨɬɥɢɱɢɹ ɨɛɧɨɜɥɟɧɢɹ ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ ɨɬ
ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ, ɤɨɬɨɪɭɸ ɜɵ ɭɠɟ ɡɧɚɟɬɟ. ȼ ɷɬɨɦ ɪɚɡɞɟɥɟ ɧɟ ɨɛɫɭɠɞɚɸɬɫɹ ɢɧɫɬɪɭɦɟɧɬɵ, ɩɨɫɤɨɥɶɤɭ ɬɟɯɧɢɱɟɫɤɢɟ ɪɚɡɥɢɱɢɹ ɨɬɧɨɫɹɬɫɹ ɤ ɥɸɛɨɦɭ ɢɧɫɬɪɭɦɟɧɬɭ ɦɨɞɟɪɧɢɡɚɰɢɢ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɜɵ ɜɵɛɟɪɢɬɟ. Ɇɨɞɟɪɧɢɡɚɰɢɹ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ ɢ ɦɨɞɟɪɧɢɡɚɰɢɹ ɦɟɠɞɭ ɥɟɫɚɦɢ ɢɦɟɸɬ ɫɥɟɞɭɸɳɢɟ ɨɬɥɢɱɢɹ. • ɉɪɢ ɦɨɞɟɪɧɢɡɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ ɞɥɹ ɫɨɯɪɚɧɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ, ɢɫɩɨɥɶɡɭɸɳɢɦ SID-History, ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɞɨɥɠɧɵ ɛɵɬɶ ɩɟɪɟɦɟɳɟɧɵ, ɚ ɧɟ ɤɥɨɧɢɪɨɜɚɧɵ. ɉɟɪɟɦɟɳɟɧɢɟ ɨɛɴɟɤɬɨɜ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ ɹɜɥɹɟɬɫɹ ɞɟɫɬɪɭɤɬɢɜɧɵɦ ɩɪɨɰɟɫɫɨɦ, ɬɚɤ ɤɚɤ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɝɪɭɩɩ ɢ ɤɨɦɩɶɸɬɟɪɨɜ ɢɫɯɨɞɧɨɝɨ ɞɨɦɟɧɚ ɭɞɚɥɹɸɬɫɹ ɩɨ ɦɟɪɟ ɫɨɡɞɚɧɢɹ ɧɨɜɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɜ ɰɟɥɟɜɨɦ ɞɨɦɟɧɟ. ȼ ɪɟɡɭɥɶɬɚɬɟ ɜɵ ɧɟ ɫɦɨɠɟɬɟ ɩɨɞɞɟɪɠɢɜɚɬɶ «ɩɚɪɚɥɥɟɥɶɧɭɸ ɫɪɟɞɭ», ɤɨɬɨɪɚɹ ɩɪɟɞɥɚɝɚɟɬ ɭɞɨɛɧɵɟ ɜɚɪɢɚɧɬɵ ɨɬɫɬɭɩɥɟɧɢɹ, ɤɨɬɨɪɚɹ ɢɦɟɟɬɫɹ ɜ ɫɰɟɧɚɪɢɢ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɦɟɠɞɭ ɥɟɫɚɦɢ. • ɉɪɢ ɦɨɞɟɪɧɢɡɚɰɢɢ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ ɞɥɹ ɩɨɞɞɟɪɠɤɢ ɩɪɚɜɢɥ ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ ɧɭɠɧɨ ɩɟɪɟɦɟɫɬɢɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ, ɤɨɬɨɪɵɦ ɨɧɢ ɩɪɢɧɚɞɥɟɠɚɬ, ɨɞɧɨɜɪɟɦɟɧɧɨ. ɗɬɨ ɧɚɡɵɜɚɟɬɫɹ (closed set). ɗɬɨɬ ɩɪɨɰɟɫɫ ɨɬɥɢɱɚɟɬɫɹ ɨɬ ɦɨɞɟɪɧɢɡɚɰɢɢ ɢɫɯɨɞɧɨɝɨ ɞɨɦɟɧɚ Windows NT 4 ɞɨ ɰɟɥɟɜɨɝɨ ɞɨɦɟɧɚ Windows, ɜ ɤɨɬɨɪɨɦ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɝɪɭɩɩɵ ɦɨɠɧɨ ɩɟɪɟɧɨɫɢɬɶ ɢɥɢ ɜɦɟɫɬɟ, ɢɥɢ ɩɨ ɨɬɞɟɥɶɧɨɫɬɢ. Ɉɞɧɚɤɨ ɢɧɫɬɪɭɦɟɧɬ ADMT ɧɟ ɜɵɱɢɫɥɹɟɬ ɩɨɥɧɵɣ ɡɚɦɤɧɭɬɵɣ ɧɚɛɨɪ, ɬɚɤ ɱɬɨ ɧɭɠɧɨ ɨɱɟɧɶ ɨɫɬɨɪɨɠɧɨ ɩɟɪɟɦɟɳɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɤɨɬɨɪɵɟ ɹɜɥɹɸɬɫɹ ɱɥɟɧɚɦɢ ɝɥɨɛɚɥɶɧɵɯ ɝɪɭɩɩ. ȿɫɥɢ ɜɵ ɩɟɪɟɧɨɫɢɬɟ ɝɪɭɩɩɭ, ɤɨɬɨɪɚɹ ɜɤɥɸɱɚɟɬ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɹɜɥɹɸɳɭɸɫɹ ɱɥɟɧɨɦ ɞɪɭɝɨɣ ɝɥɨɛɚɥɶɧɨɣ ɝɪɭɩɩɵ, ɢ ɟɫɥɢ ɬɚ ɝɥɨɛɚɥɶɧɚɹ ɝɪɭɩɩɚ ɧɟ ɹɜɥɹɟɬɫɹ ɪɟɤɭɪɫɢɜɧɨ ɱɥɟɧɨɦ ɤɚɤɨɣ-ɥɢɛɨ ɝɪɭɩɩɵ, ɩɟɪɟɦɟɳɚɟɦɨɣ ɜ ɷɬɨ ɠɟ ɜɪɟɦɹ, ɬɨ ɛɭɞɟɬ ɧɚɪɭɲɟɧɨ ɱɥɟɧɫɬɜɨ ɞɚɧɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɝɥɨɛɚɥɶɧɨɣ ɝɪɭɩɩɟ, ɤɨɬɨɪɚɹ ɧɟ ɜɤɥɸɱɟɧɚ ɜ ɦɨɞɟɪɧɢɡɚɰɢɸ. Ⱦɪɭɝɢɟ ɬɢɩɵ ɝɪɭɩɩ (ɬɢɩɚ ɭɧɢɜɟɪɫɚɥɶɧɵɯ ɝɪɭɩɩ) ɞɨɩɭɫɤɚɸɬ ɧɚɥɢɱɢɟ ɱɥɟɧɨɜ, ɧɟ ɩɪɢɧɚɞɥɟɠɚɳɢɯ ɢɯ ɫɨɛɫɬɜɟɧɧɵɦ ɞɨɦɟɧɚɦ.
ȼ ɤɚɱɟɫɬɜɟ ɚɥɶɬɟɪɧɚɬɢɜɵ ɦɨɞɟɪɧɢɡɚɰɢɢ ɦɟɠɞɭ ɥɟɫɚɦɢ, ɨɩɢɫɚɧɧɨɣ ɜ ɩɪɟɞɲɟɫɬɜɭɸɳɟɦ ɪɚɡɞɟɥɟ, ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɨɜɟɪɢɬɟɥɶɧɨɟ ɨɬɧɨɲɟɧɢɟ ɦɟɠɞɭ ɥɟɫɚɦɢ, ɧɚɩɪɚɜɥɟɧɧɨɟ ɨɬ ɨɞɧɨɝɨ ɥɟɫɚ Windows Server 2003 ɤ ɞɪɭɝɨɦɭ, ɨɛɨɫɨɛɥɟɧɧɨɦɭ, ɥɟɫɭ Windows Server 2003, ɜ ɤɨɬɨɪɨɦ ɪɚɫɩɨɥɨɠɟɧɵ ɪɟɫɭɪɫɵ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɟ ɞɥɹ ɞɨɫɬɭɩɚ. Ɉɞɧɢɦ ɢɡ ɫɭɳɟɫɬɜɟɧɧɵɯ ɭɥɭɱɲɟɧɢɣ ɜ Active Directory Windows Server 2003 ɩɨ ɫɪɚɜɧɟɧɢɸ ɫ Windows 2000 ɹɜɥɹɟɬɫɹ ɨɩɰɢɹ ɫɨɡɞɚɧɢɹ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɦɟɠɞɭ ɥɟɫɚɦɢ Active Directory. ȼ Active Directory Windows 2000 ɦɨɠɧɨ ɫɨɡɞɚɜɚɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɬɨɥɶɤɨ ɦɟɠɞɭ ɨɬɞɟɥɶɧɵɦ ɞɨɦɟɧɨɦ ɜ ɨɞɧɨɦ ɥɟɫɭ ɢ ɨɬɞɟɥɶɧɵɦ ɞɨɦɟɧɨɦ ɜ ɞɪɭɝɨɦ ɥɟɫɭ. ȼ Active Directory Windows Server 2003 ɦɨɠɧɨ ɭɫɬɚɧɨɜɢɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɤɨɪɧɟɜɵɦɢ ɞɨɦɟɧɚɦɢ ɥɟɫɚ. Ɉɧɢ ɦɨɝɭɬ ɛɵɬɶ ɨɞɧɨɫɬɨɪɨɧɧɢɦɢ ɢɥɢ ɞɜɭɯɫɬɨɪɨɧɧɢɦɢ ɞɨɜɟɪɢɬɟɥɶɧɵɦɢ ɨɬɧɨɲɟɧɢɹɦɢ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɫɨɡɞɚɧɵ, ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ ɢɥɢ ɭɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ ɨɞɧɨɝɨ ɥɟɫɚ ɞɥɹ ɩɪɟɞɨɫɬɚɜɥɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ ɞɪɭɝɨɝɨ ɥɟɫɚ. . . , , . , , (GC) . Ʉɨɝɞɚ ɜɵ ɫɨɡɞɚɟɬɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ ɜ Active Directory, ɨɧɢ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɞɨɩɭɫɤɚɸɬ ɦɚɪɲɪɭɬɢɡɚɰɢɸ ɫɭɮɮɢɤɫɚ ɢɦɟɧɢ (name suffix routing) ɦɟɠɞɭ ɷɬɢɦɢ ɥɟɫɚɦɢ. ɂɫɩɨɥɶɡɭɹ ɦɚɪɲɪɭɬɢɡɚɰɢɸ ɫɭɮɮɢɤɫɚ ɢɦɟɧɢ, ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɜɨɢ ɨɫɧɨɜɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɢɦɟɧɚ (UPN) ɩɪɢ ɜɯɨɞɟ ɧɚ ɥɸɛɨɣ ɞɨɦɟɧ ɥɸɛɨɝɨ ɥɟɫɚ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ ɦɟɠɞɭ ɥɟɫɨɦ NWTraders.com ɢ ɥɟɫɨɦ Contoso.com, ɩɨɥɶɡɨɜɚɬɟɥɢ ɥɟɫɚ Contoso.com ɦɨɝɭɬ ɜɯɨɞɢɬɶ ɧɚ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ ɜ ɥɟɫɟ NWTraders.com, ɢɫɩɨɥɶɡɭɹ ɫɜɨɢ UPN [email protected]. Ɇɚɪɲɪɭɬɢɡɚɰɢɹ ɫɭɮɮɢɤɫɚ ɢɦɟɧɢ ɩɪɢɦɟɧɹɟɬɫɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɤɨ ɜɫɟɦ ɢɦɟɧɚɦ ɞɨɦɟɧɨɜ ɩɟɪɜɨɝɨ ɭɪɨɜɧɹ, ɢɦɟɸɳɢɦɫɹ ɜ ɥɟɫɭ. ɗɬɨ ɜɤɥɸɱɚɟɬ ɡɚɞɚɧɧɵɣ ɩɨ ɭɦɨɥɱɚɧɢɸ UPN-ɫɭɮɮɢɤɫ ɢ ɥɸɛɵɟ ɚɥɶɬɟɪɧɚɬɢɜɧɵɟ ɫɭɮɮɢɤɫɵ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɟ ɜ ɥɟɫɭ. Ɇɚɪɲɪɭɬɢɡɚɰɢɹ ɫɭɮɮɢɤɫɚ ɢɦɟɧɢ ɧɟ ɪɚɛɨɬɚɟɬ ɦɟɠɞɭ ɥɟɫɚɦɢ, ɟɫɥɢ ɨɞɢɧ ɢ ɬɨɬ ɠɟ UPN-ɫɭɮɮɢɤɫ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɜ ɨɛɨɢɯ ɥɟɫɚɯ. ȿɫɥɢ UPN-ɫɭɮɮɢɤɫ Contoso.com ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɜ ɥɟɫɟ
NWTraders.com, ɩɨɥɶɡɨɜɚɬɟɥɢ ɥɟɫɚ Contoso.com ɧɟ ɫɦɨɝɭɬ ɜɯɨɞɢɬɶ ɜ ɥɟɫ NWTraders.com, ɢɫɩɨɥɶɡɭɹ ɫɜɨɢ UPN. Ʉɨɝɞɚ ɜɵ ɜɩɟɪɜɵɟ ɪɚɡɪɟɲɚɟɬɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ, ɜɫɟ ɫɭɮɮɢɤɫɵ ɞɨɦɟɧɚ ɩɟɪɜɨɝɨ ɭɪɨɜɧɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɧɚɩɪɚɜɥɹɸɬɫɹ ɧɚ UPN ɞɨɜɟɪɢɬɟɥɶɧɨɝɨ ɨɬɧɨɲɟɧɢɹ. ȼɫɟ ɞɨɱɟɪɧɢɟ ɫɭɮɮɢɤɫɵ ɞɨɦɟɧɚ ɧɚɩɪɚɜɥɹɸɬɫɹ ɧɟɹɜɧɨ ɱɟɪɟɡ ɫɭɮɮɢɤɫ ɪɨɞɢɬɟɥɶɫɤɨɝɨ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɞɨɛɚɜɥɹɟɬɟ ɞɪɭɝɨɣ UPN-ɫɭɮɮɢɤɫ ɤ ɥɟɫɭ, ɩɨɫɥɟ ɬɨɝɨ ɤɚɤ ɫɨɡɞɚɧɨ ɞɨɜɟɪɢɬɟɥɶɧɨɟ ɨɬɧɨɲɟɧɢɟ, ɜɵ ɞɨɥɠɧɵ ɪɚɡɪɟɲɢɬɶ ɦɚɪɲɪɭɬɢɡɚɰɢɸ ɫɭɮɮɢɤɫɚ ɢɦɟɧɢ ɞɥɹ ɧɨɜɨɝɨ ɫɭɮɮɢɤɫɚ. ȼɵ ɦɨɠɟɬɟ ɫɞɟɥɚɬɶ ɷɬɨ, ɩɪɨɜɟɪɹɹ ɞɨɜɟɪɢɬɟɥɶɧɨɟ ɨɬɧɨɲɟɧɢɟ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ ɢɥɢ ɜɪɭɱɧɭɸ ɞɨɛɚɜɥɹɹ ɧɨɜɵɣ ɫɭɮɮɢɤɫ ɧɚ ɜɤɥɚɞɤɭ Name Suffix Routing (Ɇɚɪɲɪɭɬɢɡɚɰɢɹ ɫɭɮɮɢɤɫɚ ɢɦɟɧɢ) ɜ ɨɤɧɟ ɫɜɨɣɫɬɜ ɞɨɜɟɪɢɬɟɥɶɧɨɝɨ ɨɬɧɨɲɟɧɢɹ. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɞɨɜɟɪɢɬɟɥɶɧɨɟ ɨɬɧɨɲɟɧɢɟ ɥɟɫɚ, ɥɟɫ ɞɨɥɠɟɧ ɪɚɛɨɬɚɬɶ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows Server 2003. Ɍɨɥɶɤɨ ɱɥɟɧɵ ɝɪɭɩɩɵ Enterprise Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɩɪɟɞɩɪɢɹɬɢɹ) ɢɦɟɸɬ ɪɚɡɪɟɲɟɧɢɟ ɫɨɡɞɚɜɚɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɟɟ. 1. Ɂɚɩɭɫɬɢɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Domains And Trusts. ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɢɦɟɧɢ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ ɢ ɜɵɛɟɪɢɬɟ Properties (ɋɜɨɣɫɬɜɚ). ȼɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Trusts (Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ). 2. ɓɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ New Trust (ɇɨɜɨɟ ɞɨɜɟɪɢɬɟɥɶɧɨɟ ɨɬɧɨɲɟɧɢɟ). Ɂɚɩɭɫɬɢɬɫɹ New Trust Wizard (Ɇɚɫɬɟɪ ɧɨɜɵɯ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ). ɇɚɩɟɱɚɬɚɣɬɟ ɢɦɹ ɤɨɪɧɟɜɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ ɜ ɞɪɭɝɨɦ ɥɟɫɭ. 3. Ɂɚɬɟɦ ɧɭɠɧɨ ɛɭɞɟɬ ɜɵɛɪɚɬɶ ɬɢɩ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ, ɤɨɬɨɪɵɟ ɜɵ ɯɨɬɢɬɟ ɭɫɬɚɧɨɜɢɬɶ (ɫɦ. ɪɢɫ. 7-4). Ɇɨɠɧɨ ɫɨɡɞɚɬɶ ɜɧɟɲɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɢɥɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ. ȼɧɟɲɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɧɟ ɹɜɥɹɸɬɫɹ ɬɪɚɧɡɢɬɢɜɧɵɦɢ ɞɨɜɟɪɢɬɟɥɶɧɵɦɢ ɨɬɧɨɲɟɧɢɹɦɢ, ɜ ɬɨ ɜɪɟɦɹ ɤɚɤ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ ɜɫɟɝɞɚ ɹɜɥɹɸɬɫɹ ɬɪɚɧɡɢɬɢɜɧɵɦɢ. ȼɵɛɟɪɢɬɟ Forest Trust (Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ). 4. ȼɵɛɟɪɢɬɟ ɧɚɩɪɚɜɥɟɧɢɹ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ (ɫɦ. ɪɢɫ. 7-5).
. 7-4.
. 7-5.
5. ȼɵɛɟɪɢɬɟ ɜɚɪɢɚɧɬ, ɫɨɡɞɚɜɚɬɶ ɥɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɬɨɥɶɤɨ ɞɥɹ ɷɬɨɝɨ ɞɨɦɟɧɚ ɢɥɢ ɬɚɤɠɟ ɞɥɹ ɞɪɭɝɨɝɨ ɞɨɦɟɧɚ. (ɗɬɢ ɞɜɚ ɞɨɦɟɧɚ -ɤɨɪɧɟɜɵɟ ɞɨɦɟɧɵ ɥɟɫɚ ɞɥɹ ɤɚɠɞɨɝɨ ɥɟɫɚ.) Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɥɟɫɚ ɦɨɝɭɬ ɛɵɬɶ ɭɫɬɚɧɨɜɥɟɧɵ ɬɨɥɶɤɨ ɦɟɠɞɭ ɤɨɪɧɟɜɵɦɢ ɞɨɦɟɧɚɦɢ ɥɟɫɚ (ɫɦ. ɪɢɫ. 7-6). ȿɫɥɢ ɧɭɠɧɨ ɭɫɬɚɧɨɜɢɬɶ ɨɛɟ ɫɬɨɪɨɧɵ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɨɞɧɨɜɪɟɦɟɧɧɨ, ɜɩɟɱɚɬɚɣɬɟ ɢɦɹ ɢ ɩɚɪɨɥɶ ɞɥɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ Enterprise Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɩɪɟɞɩɪɢɹɬɢɹ), ɤɨɬɨɪɚɹ ɫɭɳɟɫɬɜɭɟɬ ɜ ɞɪɭɝɨɦ ɥɟɫɭ. ȿɫɥɢ ɧɭɠɧɨ ɭɫɬɚɧɨɜɢɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɬɨɥɶɤɨ ɞɥɹ ɷɬɨɝɨ ɞɨɦɟɧɚ, ɧɚɩɟɱɚɬɚɣɬɟ ɩɚɪɨɥɶ, ɤɨɬɨɪɵɣ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɧɚɱɚɥɶɧɨɝɨ ɞɨɜɟɪɢɬɟɥɶɧɨɝɨ ɨɬɧɨɲɟɧɢɹ. Ɂɚɬɟɦ ɷɬɨ ɩɚɪɨɥɶ ɞɨɥɠɟɧ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɜ ɤɨɪɧɟɜɨɦ ɞɨɦɟɧɟ ɥɟɫɚ ɞɪɭɝɨɝɨ ɥɟɫɚ.
. 7-6.
6. ȼɵɛɟɪɢɬɟ ɭɪɨɜɟɧɶ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ, ɤɨɬɨɪɵɣ ɛɭɞɟɬ ɩɪɟɞɨɫɬɚɜɥɟɧ ɞɥɹ ɢɫɯɨɞɹɳɢɯ ɢ ɜɯɨɞɹɳɢɯ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ (ɫɦ. ɪɢɫ. 7-7). ɗɬɨ ɩɨɡɜɨɥɢɬ ɬɳɚɬɟɥɶɧɨ ɤɨɧɬɪɨɥɢɪɨɜɚɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɦɟɠɞɭ ɥɟɫɚɦɢ. ȿɫɥɢ ɧɭɠɧɨ ɩɪɢɦɟɧɢɬɶ ɚɭɬɟɧɬɢɮɢɤɚɰɢɸ ɩɨ ɜɫɟɦɭ ɥɟɫɭ, ɬɨ ɩɨɥɶɡɨɜɚɬɟɥɢ ɨɞɧɨɝɨ ɥɟɫɚ ɛɭɞɭɬ ɢɦɟɬɶ ɞɨɫɬɭɩ ɤɨ ɜɫɟɦ ɫɟɪɜɟɪɚɦ ɢ ɪɟɫɭɪɫɚɦ ɞɪɭɝɨɝɨ ɥɟɫɚ. ɗɬɨ ɬɚɤɚɹ ɠɟ ɤɨɧɮɢɝɭɪɚɰɢɹ, ɤɚɤ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ. ɉɨɥɶɡɨɜɚɬɟɥɢ ɢɡ ɨɞɧɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ ɦɨɝɭɬ ɨɛɪɚɳɚɬɶɫɹ ɤ ɪɟɫɭɪɫɚɦ ɜ ɥɸɛɨɦ ɞɪɭɝɨɦ ɞɨɦɟɧɟ ɥɸɛɨɝɨ ɥɟɫɚ ɩɪɢ ɭɫɥɨɜɢɢ, ɱɬɨ ɢɦ ɞɚɧɨ ɪɚɡɪɟɲɟɧɢɟ ɧɚ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɭ. Ɇɨɠɧɨ ɩɪɢɦɟɧɹɬɶ ɜɵɛɨɪɨɱɧɭɸ ɚɭɬɟɧɬɢɮɢɤɚɰɢɸ ɞɥɹ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɥɟɫɚ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɜɵ ɞɨɥɠɧɵ ɹɜɧɨ ɞɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɢɥɢ ɝɪɭɩɩɚɦ ɢɡ ɨɞɧɨɝɨ ɥɟɫɚ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɫɟɪɜɟɪɚɦ ɞɪɭɝɨɝɨ ɥɟɫɚ. ɗɬɨ ɦɨɠɧɨ ɫɞɟɥɚɬɶ, ɩɪɟɞɨɫɬɚɜɥɹɹ ɢɦ ɩɪɚɜɚ Allowed To Authenticate (Ɋɚɡɪɟɲɟɧɨ ɚɭɬɟɧɬɢɮɢɰɢɪɨɜɚɬɶ) ɜ Active
Directory. 7. ɉɨɫɥɟ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɛɭɞɟɬ ɜɵɩɨɥɧɟɧɚ ɚɜɬɨɦɚɬɢɱɟɫɤɚɹ ɩɪɨɜɟɪɤɚ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ.
. 7-7.
ȼ ɷɬɨɣ ɝɥɚɜɟ ɛɵɥɢ ɪɚɫɫɦɨɬɪɟɧɵ ɪɚɡɥɢɱɧɵɟ ɩɭɬɢ ɩɟɪɟɯɨɞɚ ɨɬ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Windows NT 4 ɢɥɢ Active Directory ɫɢɫɬɟɦɵ Windows 2000 ɤ Active Directory Windows Server 2003. Ȼɵɥɢ ɨɩɢɫɚɧɵ ɬɪɢ ɝɥɚɜɧɵɯ ɩɭɬɢ ɩɟɪɟɯɨɞɚ: ɨɛɧɨɜɥɟɧɢɟ, ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɹ ɢ ɨɛɧɨɜɥɟɧɢɟ ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ. ɋɭɳɟɫɬɜɭɟɬ ɧɟɫɤɨɥɶɤɨ ɤɪɢɬɟɪɢɟɜ, ɤɨɬɨɪɵɟ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɩɨɞɯɨɞɹɳɟɝɨ ɩɭɬɢ ɩɟɪɟɯɨɞɚ ɞɥɹ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. Ⱦɥɹ ɨɪɝɚɧɢɡɚɰɢɣ, ɤɨɬɨɪɵɟ ɭɞɨɜɥɟɬɜɨɪɟɧɵ ɫɜɨɟɣ ɬɟɤɭɳɟɣ ɞɨɦɟɧɧɨɣ ɫɬɪɭɤɬɭɪɨɣ, ɨɛɧɨɜɥɟɧɢɟ ɞɨɦɟɧɚ ɹɜɥɹɟɬɫɹ ɧɚɢɦɟɧɟɟ ɫɥɨɠɧɵɦ ɢ ɨɩɚɫɧɵɦ ɫɪɟɞɫɬɜɨɦ ɦɨɞɟɪɧɢɡɚɰɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ȿɫɥɢ ɜɚɲɚ ɞɨɦɟɧɧɚɹ ɫɬɪɭɤɬɭɪɚ ɧɟ ɫɨɨɬɜɟɬɫɬɜɭɟɬ ɨɪɝɚɧɢɡɚɰɢɨɧɧɨɣ ɦɨɞɟɥɢ, ɜɵ ɞɨɥɠɧɵ ɪɟɫɬɪɭɤɬɭɪɢɡɢɪɨɜɚɬɶ ɜɚɲ ɞɨɦɟɧ. ɇɟɡɚɜɢɫɢɦɨ ɨɬ ɜɵɛɪɚɧɧɨɝɨ ɩɭɬɢ, ɨɫɬɨɪɨɠɧɨɟ ɩɥɚɧɢɪɨɜɚɧɢɟ, ɬɟɫɬɢɪɨɜɚɧɢɟ ɢ ɩɪɨɛɧɚɹ ɪɟɚɥɢɡɚɰɢɹ ɜɚɲɟɝɨ ɩɥɚɧɚ ɩɟɪɟɯɨɞɚ ɹɜɥɹɸɬɫɹ ɜɚɠɧɵɦɢ ɭɫɥɨɜɢɹɦɢ ɞɥɹ ɭɫɩɟɯɚ ɜɚɲɟɝɨ ɩɪɨɟɤɬɚ ɦɨɞɟɪɧɢɡɚɰɢɢ. ȼ ɝɥɚɜɟ ɨɩɢɫɚɧɵ ɬɚɤɠɟ ɨɫɧɨɜɧɵɟ ɷɬɚɩɵ, ɧɟɨɛɯɨɞɢɦɵɟ ɩɪɢ ɪɟɚɥɢɡɚɰɢɢ ɨɛɧɨɜɥɟɧɢɹ ɫɢɫɬɟɦ Windows NT Server 4 ɢ Windows 2000 Server. Ɂɚɬɟɦ ɩɨɤɚɡɚɧ ɩɪɨɰɟɫɫ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɢ ɞɨɦɟɧɚ ɪɟɫɭɪɫɨɜ ɫ ɫɢɫɬɟɦɨɣ Windows NT 4 ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ ADMT. Ɉɛɫɭɠɞɟɧɵ ɨɬɥɢɱɢɹ ɩɭɬɢ ɨɛɧɨɜɥɟɧɢɹ ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɟɣ, ɢɡɜɟɫɬɧɨɝɨ ɤɚɤ ɩɟɪɟɦɟɳɟɧɢɟ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ, ɨɬ ɪɟɫɬɪɭɤɬɭɪɢɡɚɰɢɢ ɞɨɦɟɧɚ. Ɂɚɤɚɧɱɢɜɚɟɬ ɷɬɭ ɝɥɚɜɭ ɨɛɫɭɠɞɟɧɢɟ ɮɭɧɤɰɢɢ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɦɟɠɞɭ ɥɟɫɚɦɢ, ɢɦɟɸɳɟɣɫɹ ɜ Windows Server 2003.
III. Active Directory Windows Server 2003 ȼ ɱɚɫɬɹɯ I ɢ II ɷɬɨɣ ɤɧɢɝɢ ɛɵɥɢ ɨɛɴɹɫɧɟɧɵ ɤɨɧɰɟɩɰɢɢ ɢ ɤɨɦɩɨɧɟɧɬɵ Active Directory — ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Microsoft Windows Server 2003, ɚ ɬɚɤɠɟ ɞɚɧɚ ɢɧɮɨɪɦɚɰɢɹ ɨ ɬɨɦ, ɤɚɤ ɩɪɨɟɤɬɢɪɨɜɚɬɶ, ɪɟɚɥɢɡɨɜɵɜɚɬɶ, ɢ ɪɚɡɜɟɪɬɵɜɚɬɶ Active Directory. ɉɨɫɥɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ Active Directory ɜɵ ɞɨɥɠɧɵ ɭɩɪɚɜɥɹɬɶ ɟɸ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɦɚɤɫɢɦɚɥɶɧɨɣ ɜɵɝɨɞɵ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ. ȼ ɱɚɫɬɢ III ɩɨɤɚɡɚɧɵ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɨɰɟɫɫɵ, ɤɨɬɨɪɵɟ ɜɵ ɛɭɞɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɷɬɨɣ ɡɚɞɚɱɢ. Ɉɞɧɚ ɢɷ ɨɫɧɨɜɧɵɯ ɩɪɢɱɢɧ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɨɛɟɫɩɟɱɢɬɶ ɡɚɳɢɬɭ, ɩɨɷɬɨɦɭ ɝɥɚɜɚ 8 ɪɚɫɫɤɚɡɵɜɚɟɬ ɩɪɨ ɤɨɧɰɟɩɰɢɢ, ɥɟɠɚɳɢɟ ɜ ɨɫɧɨɜɟ ɛɟɡɨɩɚɫɧɨɫɬɢ Active Directory Windows Server 2003. ȼ ɝɥɚɜɟ 9 ɞɚɟɬɫɹ ɨɩɢɫɚɧɢɟ ɫɩɨɫɨɛɨɜ, ɤɨɬɨɪɵɦɢ ɜɵ ɦɨɠɟɬɟ ɞɟɥɟɝɢɪɨɜɚɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɪɚɡɪɟɲɟɧɢɹ ɜ ɩɪɟɞɟɥɚɯ ɜɚɲɟɝɨ ɞɨɦɟɧɚ. Ƚɥɚɜɚ 10 ɡɧɚɤɨɦɢɬ ɜɚɫ ɫ ɭɩɪɚɜɥɟɧɢɟɦ ɨɛɴɟɤɬɚɦɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory. Ɉɞɧɚ ɢɡ ɧɚɢɛɨɥɟɟ ɦɨɳɧɵɯ ɮɭɧɤɰɢɣ ɜ Active Directory - ɷɬɨ Group Policy (Ƚɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ), ɤɨɬɨɪɚɹ ɦɨɠɟɬ ɩɪɢɦɟɧɹɬɶɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɬɵɫɹɱɚɦɢ ɤɨɦɩɶɸɬɟɪɨɜ, ɢɫɩɨɥɶɡɭɸɳɢɯ Active Directory. Ƚɥɚɜɵ 11, 12 ɢ 13 ɩɨɫɜɹɳɟɧɵ ɝɪɭɩɩɨɜɵɦ ɩɨɥɢɬɢɤɚɦ, ɜ ɧɢɯ ɨɛɴɹɫɧɹɟɬɫɹ, ɤɚɤ ɢɫɩɨɥɶɡɨɜɚɬɶ ɷɬɢ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ, ɱɬɨɛɵ ɨɫɭɳɟɫɬɜɢɬɶ ɪɚɫɩɪɟɞɟɥɟɧɢɟ ɩɪɨɝɪɚɦɦ ɢ ɭɩɪɚɜɥɟɧɢɟ ɤɥɢɟɧɬɫɤɢɦɢ ɤɨɦɩɶɸɬɟɪɚɦɢ.
8.
Active Directory
Ɉɞɧɚ ɢɡ ɨɫɧɨɜɧɵɯ ɩɪɢɱɢɧ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory ɫɨɫɬɨɢɬ ɜ ɨɛɟɫɩɟɱɟɧɢɢ ɛɟɡɨɩɚɫɧɨɫɬɢ ɤɨɪɩɨɪɚɬɢɜɧɨɣ ɫɟɬɢ. Ʉɚɠɞɚɹ ɤɨɦɩɚɧɢɹ ɯɪɚɧɢɬ ɜɚɠɧɟɣɲɭɸ ɞɥɹ ɫɜɨɟɝɨ ɛɢɡɧɟɫɚ ɢɧɮɨɪɦɚɰɢɸ ɧɚ ɮɚɣɥɨɜɵɯ ɫɟɪɜɟɪɚɯ ɜ ɫɟɬɢ. ɍɩɪɚɜɥɟɧɢɟ ɛɟɡɨɩɚɫɧɵɦ ɞɨɫɬɭɩɨɦ ɤ ɢɧɮɨɪɦɚɰɢɢ ɞɨɥɠɧɨ ɝɚɪɚɧɬɢɪɨɜɚɬɶ, ɱɬɨ ɞɨɫɬɭɩ ɤ ɞɚɧɧɵɦ ɩɨɥɭɱɚɬ ɬɨɥɶɤɨ ɞɨɥɠɧɵɦ ɨɛɪɚɁɖɦ ɭɩɨɥɧɨɦɨɱɟɧɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ. ɉɨɱɬɢ ɜɫɟ ɤɨɦɩɚɧɢɢ ɪɚɡɜɟɪɬɵɜɚɸɬ ɩɨɱɬɨɜɵɟ ɫɟɪɜɟɪɵ ɬɢɩɚ Microsoft Exchange 2000 Server, ɢ ɨɧɢ ɞɨɥɠɧɵ ɝɚɪɚɧɬɢɪɨɜɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɛɟɡɨɩɚɫɧɵɣ ɞɨɫɬɭɩ ɤ ɩɨɱɬɨɜɵɦ ɹɳɢɤɚɦ. ɋɥɭɠɛɚ Active Directory Microsoft Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɬɚɤɨɣ ɭɪɨɜɟɧɶ ɡɚɳɢɬɵ. ɗɬɚ ɝɥɚɜɚ ɧɚɱɢɧɚɟɬɫɹ ɫ ɜɜɟɞɟɧɢɹ ɜ ɨɫɧɨɜɵ ɛɟɡɨɩɚɫɧɨɫɬɢ Active Directory. ɋɥɭɠɛɚ ɤɚɬɚɥɨɝɚ Active Directory ɢɫɩɨɥɶɡɭɟɬ ɧɟɫɤɨɥɶɤɨ ɨɫɧɨɜɧɵɯ ɤɨɧɰɟɩɰɢɣ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɛɟɡɨɩɚɫɧɨɫɬɢ ɫɟɬɢ Windows Server 2003. ɉɨɫɥɟ ɜɜɟɞɟɧɢɹ ɜ ɨɫɧɨɜɵ ɡɚɳɢɬɵ ɛɭɞɟɬ ɩɨɤɚɡɚɧ ɨɫɧɨɜɧɨɣ ɤɨɦɩɨɧɟɧɬ ɷɬɨɣ ɡɚɳɢɬɵ, ɫɨɫɬɨɹɳɢɣ ɢɡ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɢ ɮɭɧɤɰɢɣ ɪɚɡɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬɫɹ ɜ Active Directory ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɢ ɞɟɣɫɬɜɢɬɟɥɶɧɨ ɹɜɥɹɸɬɫɹ ɬɟɦɢ, ɤɟɦ ɨɧɢ ɫɟɛɹ ɩɪɟɞɫɬɚɜɥɹɸɬ (ɚɭɬɟɧɬɢɮɢɤɚɰɢɹ), ɢ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɬɟɦ ɪɟɫɭɪɫɚɦ, ɤ ɤɨɬɨɪɵɦ ɩɨɥɶɡɨɜɚɬɟɥɶ ɞɨɥɠɟɧ ɢɦɟɬɶ ɞɨɫɬɭɩ (ɪɚɡɪɟɲɟɧɢɟ). ɋɢɫɬɟɦɚ Windows Server 2003, ɩɨɞɨɛɧɨ Microsoft Windows 2000, ɢɫɩɨɥɶɡɭɟɬ Kerberos ɜ ɤɚɱɟɫɬɜɟ ɨɫɧɨɜɧɨɝɨ ɩɪɨɬɨɤɨɥɚ ɡɚɳɢɬɵ, ɩɨɷɬɨɦɭ ɛɨɥɶɲɚɹ ɱɚɫɬɶ ɷɬɨɣ ɝɥɚɜɵ ɩɨɫɜɹɳɟɧɚ ɪɨɥɢ Kerberos ɜ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɢ ɪɚɡɪɟɲɟɧɢɹɯ.
Active Directory
ɋɭɳɟɫɬɜɭɸɬ ɧɟɤɨɬɨɪɵɟ ɨɫɧɨɜɧɵɟ ɤɨɧɰɟɩɰɢɢ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɩɨɧɢɦɚɧɢɹ ɩɪɢɧɰɢɩɨɜ ɡɚɳɢɬɵ Active Directory ɜ ɫɟɬɢ Windows Server 2003. Ɂɚɳɢɬɚ Active Directory ɫɬɪɨɢɬɫɹ ɧɚ ɞɜɭɯ ɬɢɩɚɯ ɨɛɴɟɤɬɨɜ ɢ ɧɚ ɜɡɚɢɦɨɞɟɣɫɬɜɢɢ ɦɟɠɞɭ ɧɢɦɢ. ɉɟɪɜɵɣ ɨɛɴɟɤɬ - ɭɱɚɫɬɧɢɤ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɤɨɬɨɪɵɣ ɩɪɟɞɫɬɚɜɥɹɟɬ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɝɪɭɩɩɭ, ɫɥɭɠɛɭ ɢɥɢ ɤɨɦɩɶɸɬɟɪ, ɤɨɬɨɪɵɣ ɧɭɠɞɚɟɬɫɹ ɜ ɞɨɫɬɭɩɟ ɤ ɧɟɤɨɬɨɪɨɦɭ ɪɟɫɭɪɫɭ ɜ ɫɟɬɢ. ȼɬɨɪɨɣ ɨɛɴɟɤɬ -ɷɬɨ ɫɚɦ ɪɟɫɭɪɫ, ɹɜɥɹɸɳɢɣɫɹ ɨɛɴɟɤɬɨɦ, ɤ ɤɨɬɨɪɨɦɭ ɧɭɠɧɨ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɭɱɚɫɬɧɢɤɭ ɛɟɡɨɩɚɫɧɨɫɬɢ. ɑɬɨɛɵ ɨɛɟɫɩɟɱɢɬɶ ɧɚɞɥɟɠɚɳɢɣ ɭɪɨɜɟɧɶ ɡɚɳɢɬɵ, ɫɥɭɠɛɚ Active Directory ɞɨɥɠɧɚ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɬɶ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɚ ɡɚɬɟɦ ɩɪɟɞɨɫɬɚɜɥɹɬɶ ɩɪɚɜɢɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ.
Ɍɨɥɶɤɨ ɭɱɚɫɬɧɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ ɫɥɭɠɛɵ Active Directory ɦɨɝɭɬ ɜɯɨɞɢɬɶ ɜ Active Directory ɢ ɩɨɥɭɱɚɬɶ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɫɟɬɢ. ɍɱɚɫɬɧɢɤ ɛɟɡɨɩɚɫɧɨɫɬɢ - ɷɬɨ ɨɛɴɟɤɬ Active Directory, ɤɨɬɨɪɵɣ ɩɪɟɞɫɬɚɜɥɹɟɬ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɝɪɭɩɩɭ, ɫɥɭɠɛɭ ɢɥɢ ɤɨɦɩɶɸɬɟɪ. Ʉɚɠɞɨɦɭ ɭɱɚɫɬɧɢɤɭ ɛɟɡɨɩɚɫɧɨɫɬɢ ɩɪɢ ɫɨɡɞɚɧɢɢ ɨɛɴɟɤɬɚ ɧɚɡɧɚɱɚɟɬɫɹ ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɡɚɳɢɬɵ (SID). ɂɞɟɧɬɢɮɢɤɚɬɨɪ SID ɫɨɫɬɚɜɥɟɧ ɢɡ ɞɜɭɯ ɱɚɫɬɟɣ. ɉɟɪɜɚɹ ɱɚɫɬɶ -ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɞɨɦɟɧɚ, ɜɫɟ ɭɱɚɫɬɧɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ ɜ ɞɨɦɟɧɟ ɢɦɟɸɬ ɨɞɢɧ ɢ ɬɨɬ ɠɟ ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɞɨɦɟɧɚ. ȼɬɨɪɚɹ ɱɚɫɬɶ ɢɞɟɧɬɢɮɢɤɚɬɨɪɚ SID -ɨɬɧɨɫɢɬɟɥɶɧɵɣ ɢɞɟɧɬɢɮɢɤɚɬɨɪ (RID), ɤɨɬɨɪɵɣ ɹɜɥɹɟɬɫɹ ɭɧɢɤɚɥɶɧɵɦ ɞɥɹ ɤɚɠɞɨɝɨ ɭɱɚɫɬɧɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ ɜ ɞɨɦɟɧɟ Active Directory. ɂɞɟɧɬɢɮɢɤɚɬɨɪ SID ɹɜɥɹɟɬɫɹ ɨɫɧɨɜɧɵɦ ɤɨɦɩɨɧɟɧɬɨɦ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɡɚɳɢɬɵ ɞɥɹ ɪɟɫɭɪɫɨɜ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɜ ɫɟɬɢ Windows Server 2003. ɉɪɢ ɜɵɞɚɱɟ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɭ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɨɬɨɛɪɚɠɚɟɦɨɟ ɢɦɹ ɭɱɚɫɬɧɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɧɨ Windows Server 2003 ɮɚɤɬɢɱɟɫɤɢ ɢɫɩɨɥɶɡɭɟɬ SID ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ ɤ ɪɟɫɭɪɫɭ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɵɬɚɟɬɫɹ ɨɛɪɚɬɢɬɶɫɹ ɤ ɪɟɫɭɪɫɭ, ɪɚɫɩɨɥɨɠɟɧɧɨɦɭ ɧɚ ɫɟɪɜɟɪɟ ɜ ɞɨɦɟɧɟ, ɨɩɟɪɚɰɢɨɧɧɚɹ ɫɢɫɬɟɦɚ ɩɪɟɞɨɫɬɚɜɥɹɟɬ ɪɚɡɪɟɲɟɧɢɟ ɢɞɟɧɬɢɮɢɤɚɬɨɪɭ SID ɩɨɥɶɡɨɜɚɬɟɥɹ, ɚ ɧɟ ɢɦɟɧɢ ɱɟɥɨɜɟɤɚ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɟɫɥɢ ɨɬɨɛɪɚɠɚɟɦɨɟ ɢɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɡɦɟɧɟɧɨ, ɪɚɡɪɟɲɟɧɢɹ, ɩɪɟɞɫɬɚɜɥɟɧɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɸ, ɧɟ ɢɡɦɟɧɹɸɬɫɹ. Ɉɞɧɚɤɨ ɟɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɨɛɴɟɤɬ ɭɞɚɥɟɧ, ɚ ɡɚɬɟɦ ɫɨɡɞɚɧ ɡɚɧɨɜɨ ɫ ɬɟɦ ɠɟ ɫɚɦɵɦ ɢɦɟɧɟɦ, ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɟ ɫɦɨɠɟɬ ɨɛɪɚɳɚɬɶɫɹ ɤ ɪɟɫɭɪɫɚɦ, ɬɚɤ ɤɚɤ SID ɢɡɦɟɧɢɬɫɹ.
ȿɳɟ ɨɞɢɧ ɤɨɦɩɨɧɟɧɬ, ɜɤɥɸɱɟɧɧɵɣ ɜ ɡɚɳɢɬɭ Active Directory, - ɷɬɨ ɨɛɴɟɤɬ, ɤ ɤɨɬɨɪɨɦɭ ɭɱɚɫɬɧɢɤ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɨɥɠɟɧ ɨɛɪɚɳɚɬɶɫɹ. ɗɬɨɬ ɦɨɠɟɬ ɛɵɬɶ ɞɪɭɝɨɣ ɨɛɴɟɤɬ Active Directory, ɧɚɩɪɢɦɟɪ, ɨɪɝɚɧɢɡɚɰɢɨɧɧɚɹ ɟɞɢɧɢɰɚ (OU), ɩɪɢɧɬɟɪ ɢɥɢ ɭɱɚɫɬɧɢɤ ɛɟɡɨɩɚɫɧɨɫɬɢ. Ɉɛɴɟɤɬ ɦɨɠɟɬ ɛɵɬɶ ɮɚɣɥɨɦ ɧɚ ɫɟɪɜɟɪɟ ɫ ɫɢɫɬɟɦɨɣ Windows Server 2003 ɢɥɢ ɩɨɱɬɨɜɵɦ ɹɳɢɤɨɦ ɧɚ ɫɟɪɜɟɪɟ ɫ Microsoft Exchange 2000 Server. Ɋɚɡɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɟ ɩɪɟɞɨɫɬɚɜɥɹɸɬɫɹ ɷɬɢɦ ɨɛɴɟɤɬɚɦ, ɪɚɫɩɨɥɨɠɟɧɵ ɜ ɫɩɢɫɤɟ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ (ACL - Access Control List), ɬɚɤɠɟ ɧɚɡɵɜɚɟɦɨɦ (security descriptor). Ʉɚɠɞɵɣ ɨɛɴɟɤɬ ɜ Active Directory ɢɥɢ ɜ ɪɚɡɞɟɥɟ ɮɚɣɥɨɜɨɣ ɫɢɫɬɟɦɵ NTFS ɢɦɟɟɬ ɞɟɫɤɪɢɩɬɨɪ ɡɚɳɢɬɵ. Ⱦɟɫɤɪɢɩɬɨɪ ɡɚɳɢɬɵ ɜɤɥɸɱɚɟɬ ɢɞɟɧɬɢɮɢɤɚɬɨɪ SID ɭɱɚɫɬɧɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɤɨɬɨɪɵɣ ɜɥɚɞɟɟɬ ɨɛɴɟɤɬɨɦ, ɚ ɬɚɤɠɟ SID ɞɥɹ ɨɫɧɨɜɧɨɣ ɝɪɭɩɩɵ ɨɛɴɟɤɬɚ. Ʉɪɨɦɟ ɬɨɝɨ, ɤɚɠɞɵɣ ɨɛɴɟɤɬ ɢɦɟɟɬ ɞɜɚ ɨɬɞɟɥɶɧɵɯ ɫɩɢɫɤɚ ACL: ɫɩɢɫɨɤ ɭɩɪɚɜɥɟɧɢɹ ɪɚɡɝɪɚɧɢɱɢɬɟɥɶɧɵɦ ɞɨɫɬɭɩɨɦ (DACL — Discretionary Access Control List) ɢ ɫɩɢɫɨɤ ɭɩɪɚɜɥɟɧɢɹ ɫɢɫɬɟɦɧɵɦ ɞɨɫɬɭɩɨɦ (SACL - System Access Control List). ɋɩɢɫɨɤ DACL ɩɟɪɟɱɢɫɥɹɟɬ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɤɨɬɨɪɵɦ ɛɵɥɢ ɧɚɡɧɚɱɟɧɵ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɨɛɴɟɤɬɭ, ɚ ɬɚɤɠɟ ɭɪɨɜɟɧɶ ɪɚɡɪɟɲɟɧɢɣ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɧɚɡɧɚɱɟɧɵ ɤɚɠɞɨɦɭ ɭɱɚɫɬɧɢɤɭ ɛɟɡɨɩɚɫɧɨɫɬɢ. ɋɩɢɫɨɤ DACL ɫɨɫɬɨɢɬ ɢɡ ɡɚɩɢɫɟɣ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ (Ⱥɋȿ — Access Control Entries). Ʉɚɠɞɚɹ ɡɚɩɢɫɶ Ⱥɋȿ ɫɨɞɟɪɠɢɬ ɢɞɟɧɬɢɮɢɤɚɬɨɪ SID ɢ ɨɩɪɟɞɟɥɹɟɬ ɭɪɨɜɟɧɶ ɞɨɫɬɭɩɚ ɤ ɨɛɴɟɤɬɭ, ɤɨɬɨɪɵɣ ɪɚɡɪɟɲɟɧ ɞɚɧɧɨɦɭ SID. ɋɩɢɫɨɤ Ⱥɋȿ ɜɤɥɸɱɚɟɬ ɡɚɩɢɫɢ ɞɥɹ ɜɫɟɯ ɬɢɩɨɜ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ. ɇɚɩɪɢɦɟɪ, ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɦɨɠɟɬ ɢɦɟɬɶ ɪɚɡɪɟɲɟɧɢɟ Read (ɑɬɟɧɢɟ) ɞɥɹ ɮɚɣɥɚ, ɚ ɝɪɭɩɩɚ ɡɚɳɢɬɵ -ɪɚɡɪɟɲɟɧɢɟ Full Control (ɉɨɥɧɨɟ ɭɩɪɚɜɥɟɧɢɟ). ɋɩɢɫɨɤ DACL ɞɥɹ ɮɚɣɥɚ ɢɦɟɟɬ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɞɜɟ ɡɚɩɢɫɢ Ⱥɋȿ, ɨɞɧɭ - ɧɚ ɩɪɟɞɨɫɬɚɜɥɟɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɸ ɪɚɡɪɟɲɟɧɢɹ Read, ɞɪɭɝɭɸ - ɧɚ ɩɪɟɞɨɫɬɚɜɥɟɧɢɟ ɝɪɭɩɩɟ ɪɚɡɪɟɲɟɧɢɹ Full Control. ɋɩɢɫɨɤ SACL ɩɟɪɟɱɢɫɥɹɟɬ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɱɟɣ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɭ ɞɨɥɠɟɧ ɩɨɞɜɟɪɝɚɬɶɫɹ ɚɭɞɢɬɭ. ɋɩɢɫɨɤ ɡɚɩɢɫɟɣ Ⱥɋȿ ɜ SACL ɭɤɚɡɵɜɚɟɬ, ɱɟɣ ɞɨɫɬɭɩ ɞɨɥɠɟɧ ɩɨɞɜɟɪɝɚɬɶɫɹ ɚɭɞɢɬɭ, ɚ ɬɚɤɠɟ ɧɟɨɛɯɨɞɢɦɵɣ ɭɪɨɜɟɧɶ ɚɭɞɢɬɚ. . DACL , , , . , , ACL, . , , . . , , , SID.
ɋɜɹɡɭɸɳɟɣ ɬɨɱɤɨɣ ɦɟɠɞɭ SID ɭɱɚɫɬɧɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ ɢ ACL ɹɜɥɹɟɬɫɹ . Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɚɭɬɟɧɬɢɮɢɰɢɪɭɟɬɫɹ ɱɟɪɟɡ Active Directory, ɜ ɩɪɨɰɟɫɫɟ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɟɦɭ ɧɚɡɧɚɱɚɟɬɫɹ ɥɟɤɫɟɦɚ ɞɨɫɬɭɩɚ. ɗɬɚ ɥɟɤɫɟɦɚ ɜɤɥɸɱɚɟɬ ɨɫɧɨɜɧɨɣ SID ɩɨɥɶɡɨɜɚɬɟɥɹ, ɢɞɟɧɬɢɮɢɤɚɬɨɪɵ SID ɜɫɟɯ ɝɪɭɩɩ, ɤɨɬɨɪɵɦ ɩɪɢɧɚɞɥɟɠɢɬ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɚ ɬɚɤɠɟ ɩɪɚɜɚ ɢ ɩɪɢɜɢɥɟɝɢɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ʌɟɤɫɟɦɚ ɞɨɫɬɭɩɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɩɨɞɫɢɫɬɟɦɨɣ ɡɚɳɢɬɵ ɜɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɵɬɚɟɬɫɹ ɨɛɪɚɬɢɬɶɫɹ ɤ ɪɟɫɭɪɫɭ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɥɟɤɫɟɦɚ ɩɪɟɞɴɹɜɥɹɟɬɫɹ ɤɨɦɩɶɸɬɟɪɨɦ ɤɥɢɟɧɬɚ ɥɸɛɨɦɭ ɩɪɨɰɟɫɫɭ ɢɥɢ ɩɪɢɥɨɠɟɧɢɸ, ɤɨɬɨɪɵɟ ɡɚɩɪɚɲɢɜɚɸɬ ɢɧɮɨɪɦɚɰɢɸ, ɤɚɫɚɸɳɭɸɫɹ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɩɟɪɟɞ ɩɨɥɭɱɟɧɢɟɦ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɭ. ɇɚɩɪɢɦɟɪ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɵɬɚɟɬɫɹ ɨɛɪɚɬɢɬɶɫɹ ɤ ɩɨɱɬɨɜɨɦɭ ɹɳɢɤɭ ɫɟɪɜɟɪɚ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ Exchange 2000 Server, ɥɟɤɫɟɦɚ ɞɨɫɬɭɩɚ ɩɪɟɞɴɹɜɥɹɟɬɫɹ ɫɟɪɜɟɪɭ. ɉɨɞɫɢɫɬɟɦɚ ɡɚɳɢɬɵ Exchange 2000 Server ɫɪɚɜɧɢɜɚɟɬ ɢɞɟɧɬɢɮɢɤɚɬɨɪɵ SID ɜ ɥɟɤɫɟɦɟ ɞɨɫɬɭɩɚ ɫ ɪɚɡɪɟɲɟɧɢɹɦɢ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɩɪɟɞɨɫɬɚɜɥɟɧɵ ɜ ɫɩɢɫɤɟ ACL. ɉɨɥɶɡɨɜɚɬɟɥɶ ɫɦɨɠɟɬ ɨɬɤɪɵɬɶ ɩɨɱɬɨɜɵɣ ɹɳɢɤ, ɟɫɥɢ ɷɬɨ ɩɨɡɜɨɥɹɸɬ ɪɚɡɪɟɲɟɧɢɹ, ɩɪɟɞɨɫɬɚɜɥɟɧɧɵɟ ɞɚɧɧɨɦɭ ɢɞɟɧɬɢɮɢɤɚɬɨɪɭ SID.
ɑɬɨɛɵ ɩɪɨɰɟɫɫɵ ɡɚɳɢɬɵ, ɜɤɥɸɱɚɸɳɢɟ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ SID ɢ ɡɚɩɢɫɟɣ ACL, ɪɚɛɨɬɚɥɢ ɞɨɥɠɧɵɦ ɨɛɪɚɡɨɦ, ɞɨɥɠɟɧ ɫɭɳɟɫɬɜɨɜɚɬɶ ɤɚɤɨɣ-ɬɨ ɫɩɨɫɨɛ, ɤɨɬɨɪɵɦ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɨɥɭɱɚɟɬ ɞɨɫɬɭɩ ɤ ɫɟɬɢ. ɉɨ ɫɭɳɟɫɬɜɭ, ɩɨɥɶɡɨɜɚɬɟɥɢ ɞɨɥɠɧɵ ɢɦɟɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɞɨɤɚɡɚɬɶ, ɱɬɨ ɨɧɢ ɹɜɥɹɸɬɫɹ ɬɟɦɢ, ɤɟɦ ɨɧɢ ɫɟɛɹ ɩɪɟɞɫɬɚɜɥɹɸɬ, ɱɬɨɛɵ ɢɡɜɥɟɱɶ ɫɜɨɸ ɥɟɤɫɟɦɭ ɞɨɫɬɭɩɚ ɫ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɗɬɨɬ ɩɪɨɰɟɫɫ ɧɚɡɵɜɚɟɬɫɹ . Ⱥɭɬɟɧɬɢɮɢɤɚɰɢɹ ɩɪɨɢɫɯɨɞɢɬ ɩɟɪɟɞ ɜɯɨɞɨɦ ɤɥɢɟɧɬɚ ɜ ɫɢɫɬɟɦɭ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɫɚɞɢɬɫɹ ɡɚ ɤɨɦɩɶɸɬɟɪ ɫ ɫɢɫɬɟɦɚɦɢ Windows 2000 ɢɥɢ Microsoft Windows XP Professional ɢ ɜɜɨɞɢɬ Ctrl+Alt+Del, ɫɥɭɠɛɚ Winlogon ɥɨɤɚɥɶɧɨɝɨ ɤɨɦɩɶɸɬɟɪɚ ɩɟɪɟɤɥɸɱɚɟɬɫɹ ɧɚ ɷɤɪɚɧ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɢ ɡɚɝɪɭɠɚɟɬ ɮɚɣɥ Graphic Identification and Authentication (GINA) (Ƚɪɚɮɢɱɟɫɤɚɹ ɢɞɟɧɬɢɮɢɤɚɰɢɹ ɢ ɚɭɬɟɧɬɢɮɢɤɚɰɢɹ) ɢɡ ɛɢɛɥɢɨɬɟɤɢ ɞɢɧɚɦɢɱɟɫɤɨɣ ɤɨɦɩɨɧɨɜɤɢ (DLL). ɉɨ ɭɦɨɥɱɚɧɢɸ ɷɬɨɬ ɮɚɣɥ — Msgina.dll. Ɉɞɧɚɤɨ ɫɬɨɪɨɧɧɢɟ ɩɪɨɢɡɜɨɞɢɬɟɥɢ ɦɨɝɭɬ ɫɨɡɞɚɜɚɬɶ ɚɥɶɬɟɪɧɚɬɢɜɧɵɟ ɮɚɣɥɵ GINA (ɧɚɩɪɢɦɟɪ, ɤɥɢɟɧɬ ɫɢɫɬɟɦɵ Netware ɢɫɩɨɥɶɡɭɟɬ ɮɚɣɥ Nwgina.dll). ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɩɟɱɚɬɚɥ ɢɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɩɚɪɨɥɶ ɢ ɜɵɛɪɚɥ ɞɨɦɟɧ, GINA ɩɟɪɟɞɚɟɬ ɜɜɟɞɟɧɧɵɟ «ɜɟɪɢɬɟɥɶɧɵɟ ɝɪɚɦɨɬɵ» ɫɥɭɠɛɟ Winlogon. Winlogon ɩɟɪɟɞɚɟɬ ɢɧɮɨɪɦɚɰɢɸ ɥɨɤɚɥɶɧɨɣ ɫɥɭɠɛɟ ɛɟɡɨɩɚɫɧɨɫɬɢ LSA (Local Security Authority). ɋɥɭɠɛɚ LSA ɧɟɦɟɞɥɟɧɧɨ ɩɪɢɦɟɧɹɟɬ ɤ ɩɚɪɨɥɸ ɩɨɥɶɡɨɜɚɬɟɥɹ ɨɩɟɪɚɰɢɸ ɨɞɧɨɫɬɨɪɨɧɧɟɝɨ ɤɷɲɢɪɨɜɚɧɢɹ ɢ ɭɞɚɥɹɟɬ ɩɨɧɹɬɧɵɣ ɬɟɤɫɬɨɜɵɣ ɩɚɪɨɥɶ, ɤɨɬɨɪɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɚɩɟɱɚɬɚɥ. Ɂɚɬɟɦ ɜɵɡɵɜɚɟɬɫɹ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɩɪɨɜɚɣɞɟɪ ɡɚɳɢɬɵ (SSP — Security Support Provider) ɱɟɪɟɡ ɢɧɬɟɪɮɟɣɫ ɩɪɨɜɚɣɞɟɪɨɜ ɡɚɳɢɬɵ (SSPI - Security Support Provider Interface). Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɞɜɭɯ ɨɫɧɨɜɧɵɯ SSP-ɩɪɨɜɚɣɞɟɪɨɜ ɞɥɹ ɫɟɬɟɜɨɣ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ — KerbeVos SSP ɢ NT LAN Manager (NTLM) SSP. ȿɫɥɢ ɤɥɢɟɧɬɵ ɫ ɫɢɫɬɟɦɨɣ Windows 2000, ɢɥɢ ɛɨɥɟɟ ɩɨɡɞɧɟɣ, ɜɯɨɞɹɬ ɜ ɫɟɬɶ ɫɢɫɬɟɦɵ Windows 2000 ɢɥɢ Windows Server 2003, ɜɵɛɢɪɚɟɬɫɹ SSP Kerberos, ɢ ɢɧɮɨɪɦɚɰɢɹ ɩɟɪɟɞɚɟɬɫɹ SSP. Ɂɚɬɟɦ SSP ɫɜɹɡɵɜɚɟɬɫɹ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɞɥɹ ɩɨɞɬɜɟɪɠɞɟɧɢɹ ɩɨɞɥɢɧɧɨɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɉɩɨɡɧɚɜɚɬɟɥɶɧɵɣ ɩɪɨɰɟɫɫ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɩɪɨɬɨɤɨɥɚ Kerberos ɛɭɞɟɬ ɨɩɢɫɚɧ ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ. ȿɫɥɢ ɩɪɨɰɟɞɭɪɚ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɩɪɨɲɥɚ ɭɫɩɟɲɧɨ, ɡɧɚɱɢɬ, ɩɨɥɶɡɨɜɚɬɟɥɶ ɚɭɬɟɧɬɢɮɢɰɢɪɨɜɚɧ, ɢ ɟɦɭ ɩɪɟɞɨɫɬɚɜɥɟɧ ɞɨɫɬɭɩ ɤ ɫɟɬɢ. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɨɲɟɥ ɜ ɞɨɦɟɧ ɢ ɜɫɟ ɪɟɫɭɪɫɵ, ɤ ɤɨɬɨɪɵɦ ɩɨɥɶɡɨɜɚɬɟɥɸ ɧɭɠɧɨ ɨɛɪɚɬɢɬɶɫɹ, ɧɚɯɨɞɹɬɫɹ ɜ ɬɨɦ ɠɟ ɫɚɦɨɦ ɥɟɫɭ, ɬɨ ɷɬɨ ɟɞɢɧɫɬɜɟɧɧɵɣ ɦɨɦɟɧɬ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɉɨɤɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɟ ɜɵɣɞɟɬ ɢɡ ɫɢɫɬɟɦɵ, ɜɫɟ ɪɚɡɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɟ ɨɧ ɩɨɥɭɱɢɬ ɜ ɫɟɬɢ, ɛɭɞɭɬ ɨɫɧɨɜɚɧɵ ɧɚ ɧɚɱɚɥɶɧɨɣ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ.
Ɋɚɡɪɟɲɟɧɢɟ (authorization) — ɷɬɨ ɜɬɨɪɨɣ ɲɚɝ ɜ ɩɪɨɰɟɫɫɟ ɩɨɥɭɱɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ, ɨɧ ɩɪɨɢɫɯɨɞɢɬ ɩɨɫɥɟ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ. ȼ ɩɪɨɰɟɫɫɟ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɜɵ ɞɨɤɚɡɵɜɚɟɬɟ ɫɜɨɸ ɢɞɟɧɬɢɱɧɨɫɬɶ, ɜɩɟɱɚɬɵɜɚɹ ɩɪɚɜɢɥɶɧɨɟ ɢɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢ ɩɚɪɨɥɶ. ȼ ɩɪɨɰɟɫɫɟ ɪɚɡɪɟɲɟɧɢɹ ɜɚɦ ɞɚɟɬɫɹ ɞɨɫɬɭɩ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ. ȼ ɩɪɨɰɟɫɫɟ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɞɥɹ ɜɚɫ ɫɨɡɞɚɟɬɫɹ ɥɟɤɫɟɦɚ ɞɨɫɬɭɩɚ. ȼ ɩɪɨɰɟɫɫɟ ɪɚɡɪɟɲɟɧɢɹ ɜɵ ɩɪɟɞɴɹɜɥɹɟɬɟ ɥɟɤɫɟɦɭ ɞɨɫɬɭɩɚ ɫɟɪɜɟɪɭ ɢɥɢ ɫɥɭɠɛɟ ɢ ɡɚɩɪɚɲɢɜɚɟɬɟ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɭ. ȿɫɥɢ ɢɞɟɧɬɢɮɢɤɚɬɨɪ SID ɜ ɜɚɲɟɣ ɥɟɤɫɟɦɟ ɞɨɫɬɭɩɚ ɫɨɨɬɜɟɬɫɬɜɭɟɬ ɢɞɟɧɬɢɮɢɤɚɬɨɪɭ SID ɜ ɡɚɩɢɫɢ ACL, ɤɨɬɨɪɚɹ ɩɪɟɞɨɫɬɚɜɥɹɟɬ ɞɨɫɬɭɩ, ɜɚɦ ɩɪɟɞɨɫɬɚɜɥɹɟɬɫɹ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɭ.
Kerberos
Ⱦɨ ɫɢɯ ɩɨɪ ɜ ɷɬɨɣ ɝɥɚɜɟ ɨɩɢɫɵɜɚɥɢɫɶ ɨɫɧɨɜɵ ɡɚɳɢɬɵ Active Directory ɛɟɡ ɨɛɫɭɠɞɟɧɢɹ ɮɚɤɬɢɱɟɫɤɨɝɨ ɦɟɯɚɧɢɡɦɚ, ɤɨɬɨɪɵɣ ɨɫɭɳɟɫɬɜɥɹɟɬ ɡɚɳɢɬɭ. Ɉɫɧɨɜɧɨɣ ɦɟɯɚɧɢɡɦ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɜ Active Directory — ɷɬɨ ɩɪɨɬɨɤɨɥ Kerberos. ɉɪɨɬɨɤɨɥ Kerberos ɛɵɥ ɜɩɟɪɜɵɟ ɪɚɡɪɚɛɨɬɚɧ ɢɧɠɟɧɟɪɚɦɢ Ɇɚɫɫɚɱɭɫɟɬɫɤɨɝɨ Ɍɟɯɧɨɥɨɝɢɱɟɫɤɨɝɨ ɢɧɫɬɢɬɭɬɚ (MIT) ɜ ɤɨɧɰɟ 80-ɯ ɝɨɞɨɜ. Ɍɟɤɭɳɚɹ ɜɟɪɫɢɹ Kerberos - ɷɬɨ ɜɟɪɫɢɹ 5 (Kerberos v5), ɤɨɬɨɪɚɹ ɨɩɢɫɚɧɚ ɜ ɞɨɤɭɦɟɧɬɟ RFC 1510. Ɋɟɚɥɢɡɚɰɢɹ Kerberos ɜ Windows Server 2003 ɩɨɥɧɨɫɬɶɸ ɫɨɜɦɟɫɬɢɦɚ ɫ ɞɨɤɭɦɟɧɬɨɦ RFC-1510 ɫ ɧɟɤɨɬɨɪɵɦɢ ɪɚɫɲɢɪɟɧɢɹɦɢ ɞɥɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɨɬɤɪɵɬɵɯ (public) ɤɥɸɱɟɣ. ɉɪɨɬɨɤɨɥ Kerberos ɹɜɥɹɟɬɫɹ ɡɚɞɚɧɧɵɦ ɩɨ ɭɦɨɥɱɚɧɢɸ ɨɩɨɡɧɚɜɚɬɟɥɶɧɵɦ ɩɪɨɬɨɤɨɥɨɦ ɞɥɹ Active Directory ɫɢɫɬɟɦ Windows 2000 Windows Server 2003. ȼɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɤɥɢɟɧɬ ɫ ɫɢɫɬɟɦɨɣ Windows 2000, ɢɥɢ ɛɨɥɟɟ ɩɨɡɞɧɟɣ, ɩɨɞɬɜɟɪɠɞɚɟɬ ɫɜɨɸ ɩɨɞɥɢɧɧɨɫɬɶ ɜ Active Directory, ɨɧ ɢɫɩɨɥɶɡɭɟɬ ɩɪɨɬɨɤɨɥ Kerberos. Ⱦɪɭɝɨɣ ɩɪɨɬɨɤɨɥ, ɢɫɩɨɥɶɡɭɸɳɢɣɫɹ ɞɥɹ ɩɨɞɬɜɟɪɠɞɟɧɢɹ ɩɨɞɥɢɧɧɨɫɬɢ ɜ Active Directory, - ɷɬɨ NTLM, ɤɨɬɨɪɵɣ ɩɨɞɞɟɪɠɢɜɚɟɬɫɹ ɞɥɹ ɨɛɪɚɬɧɨɣ ɫɨɜɦɟɫɬɢɦɨɫɬɢ ɫ ɤɥɢɟɧɬɚɦɢ, ɩɨɥɶɡɭɸɳɢɦɢɫɹ ɛɨɥɟɟ ɫɬɚɪɵɦɢ ɜɟɪɫɢɹɦɢ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦ. ɉɪɨɬɨɤɨɥ Kerberos ɢɦɟɟɬ ɦɧɨɠɟɫɬɜɨ ɩɪɟɢɦɭɳɟɫɬɜ ɩɨ ɫɪɚɜɧɟɧɢɸ ɫ NTLM. • ȼɡɚɢɦɧɚɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɹ. ɉɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɩɪɨɬɨɤɨɥɚ NTLM ɚɭɬɟɧɬɢɮɢɤɚɰɢɹ ɩɪɨɢɫɯɨɞɢɬ ɬɨɥɶɤɨ ɜ ɨɞɧɨɦ ɧɚɩɪɚɜɥɟɧɢɢ, ɬ.ɟ. ɫɟɪɜɟɪ ɩɨɞɬɜɟɪɠɞɚɟɬ ɩɨɞɥɢɧɧɨɫɬɶ ɤɥɢɟɧɬɚ. ɉɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɩɪɨɬɨɤɨɥɚ Kerberos ɤɥɢɟɧɬ ɦɨɠɟɬ ɬɚɤɠɟ ɩɨɞɬɜɟɪɠɞɚɬɶ ɩɨɞɥɢɧɧɨɫɬɶ ɫɟɪɜɟɪɚ, ɝɚɪɚɧɬɢɪɭɹ, ɱɬɨ ɫɟɪɜɟɪ, ɤɨɬɨɪɵɣ ɨɬɜɟɱɚɟɬ ɧɚ ɡɚɩɪɨɫ ɤɥɢɟɧɬɚ, ɹɜɥɹɟɬɫɹ ɩɪɚɜɢɥɶɧɵɦ ɫɟɪɜɟɪɨɦ. • Ȼɨɥɟɟ ɷɮɮɟɤɬɢɜɧɵɣ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɨɛɪɚɳɚɟɬɫɹ ɤ ɫɟɬɟɜɨɦɭ ɪɟɫɭɪɫɭ ɜ ɫɟɬɢ, ɢɫɩɨɥɶɡɭɸɳɟɦɭ ɩɪɨɬɨɤɨɥ NTLM (ɧɚɩɪɢɦɟɪ, Microsoft Windows NT 4), ɬɨ ɫɟɪɜɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɪɚɫɩɨɥɨɠɟɧ ɪɟɫɭɪɫ, ɞɨɥɠɟɧ ɤɨɧɬɚɤɬɢɪɨɜɚɬɶ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɞɥɹ ɩɪɨɜɟɪɤɢ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɞɚɧɧɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȼ ɫɟɬɢ, ɢɫɩɨɥɶɡɭɸɳɟɣ Kerberos, ɤɥɢɟɧɬ ɫɨɟɞɢɧɹɟɬɫɹ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɢ ɩɨɥɭɱɚɟɬ ɛɢɥɟɬ ɧɚ ɫɟɬɟɜɨɟ ɫɨɟɞɢɧɟɧɢɟ, ɱɬɨɛɵ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɫɟɪɜɟɪɭ ɪɟɫɭɪɫɚ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɫɟɪɜɟɪ ɪɟɫɭɪɫɚ ɧɟ ɞɨɥɠɟɧ ɫɨɟɞɢɧɹɬɶɫɹ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. • ɍɥɭɱɲɟɧɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɞɨɜɟɪɢɬɟɥɶɧɵɦɢ ɨɬɧɨɲɟɧɢɹɦɢ. Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ NTLM ɜɫɟɝɞɚ ɨɞɧɨɫɬɨɪɨɧɧɢɟ, ɧɟ ɬɪɚɧɡɢɬɢɜɧɵɟ, ɨɧɢ ɤɨɧɮɢɝɭɪɢɪɭɸɬɫɹ ɜɪɭɱɧɭɸ. Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ Kerberos ɤɨɧɮɢɝɭɪɢɪɭɸɬɫɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ, ɩɨɞɞɟɪɠɢɜɚɸɬɫɹ ɦɟɠɞɭ ɜɫɟɦɢ ɞɨɦɟɧɚɦɢ ɥɟɫɚ ɢ ɹɜɥɹɸɬɫɹ ɬɪɚɧɡɢɬɢɜɧɵɦɢ ɢ ɞɜɭɫɬɨɪɨɧɧɢɦɢ. Ʉɪɨɦɟ ɬɨɝɨ, ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ Kerberos ɦɨɝɭɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɦɟɠɞɭ ɥɟɫɚɦɢ ɢ ɞɨɦɟɧɚɦɢ Kerberos Windows Server 2003 ɢ ɞɪɭɝɢɦɢ ɪɟɚɥɢɡɚɰɢɹɦɢ ɩɪɨɬɨɤɨɥɚ Kerberos. • Ⱦɟɥɟɝɢɪɨɜɚɧɧɚɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɹ. Ʉɨɝɞɚ ɤɥɢɟɧɬ ɩɨɞɤɥɸɱɚɟɬɫɹ ɤ ɫɟɪɜɟɪɭ, ɢɫɩɨɥɶɡɭɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɸ NTLM, ɫɟɪɜɟɪ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɟɪɬɢɮɢɤɚɬɵ ɤɥɢɟɧɬɚ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɬɨɥɶɤɨ ɧɚ ɥɨɤɚɥɶɧɨɦ ɫɟɪɜɟɪɟ. ɋ ɚɭɬɟɧɬɢɮɢɤɚɰɢɟɣ Kerberos ɫɟɪɜɟɪ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɟɪɬɢɮɢɤɚɬɵ ɤɥɢɟɧɬɚ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɧɚ ɞɪɭɝɨɦ ɫɟɪɜɟɪɟ. . Windows Server 2003 SSL/TLS (Secure Sockets Layer/Transport Layer Security — / ), Digest Passport. Microsoft (IIS - Internet Information Services) 6.0, .
Kerberos
ȼ ɫɢɫɬɟɦɟ, ɨɫɧɨɜɚɧɧɨɣ ɧɚ ɩɪɨɬɨɤɨɥɟ Kerberos, ɢɦɟɟɬɫɹ ɬɪɢ ɤɨɦɩɨɧɟɧɬɚ. ȼɨ-ɩɟɪɜɵɯ, ɤɥɢɟɧɬ, ɤɨɬɨɪɵɣ ɞɨɥɠɟɧ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɫɟɬɟɜɨɦ ɪɟɫɭɪɫɚɦ. ȼɨ-ɜɬɨɪɵɯ, ɫɟɪɜɟɪ, ɤɨɬɨɪɵɣ ɭɩɪɚɜɥɹɟɬ ɫɟɬɟɜɵɦɢ ɪɟɫɭɪɫɚɦɢ ɢ ɝɚɪɚɧɬɢɪɭɟɬ, ɱɬɨ ɬɨɥɶɤɨ ɞɨɥɠɧɵɦ ɨɛɪɚɡɨɦ ɡɚɜɟɪɟɧɧɵɟ ɢ ɭɩɨɥɧɨɦɨɱɟɧɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɩɨɥɭɱɚɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɭ. Ɍɪɟɬɢɣ ɤɨɦɩɨɧɟɧɬ — ɰɟɧɬɪ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɤɥɸɱɟɣ (KDC - Key Distribution Center), ɤɨɬɨɪɵɣ ɫɥɭɠɢɬ ɰɟɧɬɪɚɥɶɧɵɦ ɦɟɫɬɨɦ ɯɪɚɧɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɣ ɢɧɮɨɪɦɚɰɢɢ ɢ ɝɥɚɜɧɨɣ ɫɥɭɠɛɨɣ, ɩɨɞɬɜɟɪɠɞɚɸɳɟɣ ɩɨɞɥɢɧɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɉɪɨɬɨɤɨɥ Kerberos ɨɩɪɟɞɟɥɹɟɬ ɬɨ, ɤɚɤ ɷɬɢ ɬɪɢ ɤɨɦɩɨɧɟɧɬɚ ɜɡɚɢɦɨɞɟɣɫɬɜɭɸɬ ɦɟɠɞɭ ɫɨɛɨɣ. ɗɬɨ ɜɡɚɢɦɨɞɟɣɫɬɜɢɟ ɨɫɧɨɜɚɧɨ ɧɚ ɞɜɭɯ ɤɥɸɱɟɜɵɯ ɩɪɢɧɰɢɩɚɯ. ɉɪɟɠɞɟ ɜɫɟɝɨ, Kerberos ɪɚɛɨɬɚɟɬ, ɨɫɧɨɜɵɜɚɹɫɶ ɧɚ ɩɪɟɞɩɨɥɨɠɟɧɢɢ, ɱɬɨ ɨɩɨɡɧɚɜɚɬɟɥɶɧɵɣ ɬɪɚɮɢɤ ɦɟɠɞɭ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɟɣ ɢ ɫɟɪɜɟɪɨɦ
ɩɟɪɟɫɟɤɚɟɬ ɧɟɡɚɳɢɳɟɧɧɭɸ ɫɟɬɶ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɧɢɤɚɤɨɣ ɤɨɧɮɢɞɟɧɰɢɚɥɶɧɵɣ ɨɩɨɡɧɚɜɚɬɟɥɶɧɵɣ ɬɪɚɮɢɤ ɧɢɤɨɝɞɚ ɧɟ ɩɨɫɵɥɚɟɬɫɹ ɩɨ ɫɟɬɢ ɨɬɤɪɵɬɵɦ, ɧɟɡɚɲɢɮɪɨɜɚɧɧɵɦ ɬɟɤɫɬɨɦ, ɚ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɩɚɪɨɥɶ ɧɢɤɨɝɞɚ ɧɟ ɩɨɫɵɥɚɟɬɫɹ ɩɨ ɫɟɬɢ, ɞɚɠɟ ɜ ɡɚɲɢɮɪɨɜɚɧɧɨɣ ɮɨɪɦɟ. ȼɬɨɪɨɣ ɩɪɢɧɰɢɩ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɩɪɨɬɨɤɨɥ Kerberos ɢɦɟɟɬ ɜ ɫɜɨɟɣ ɨɫɧɨɜɟ ɨɩɨɡɧɚɜɚɬɟɥɶɧɭɸ ɦɨɞɟɥɶ ɫ ɨɛɳɢɦ ɫɟɤɪɟɬɨɦ. ȼ ɷɬɨɣ ɦɨɞɟɥɢ ɤɥɢɟɧɬ ɢ ɨɩɨɡɧɚɸɳɢɣ ɫɟɪɜɟɪ ɜɥɚɞɟɸɬ ɨɛɳɢɦ ɫɟɤɪɟɬɨɦ, ɤɨɬɨɪɵɣ ɧɟɢɡɜɟɫɬɟɧ ɤɨɦɭ-ɥɢɛɨ ɟɳɟ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɨɛɳɢɣ ɫɟɤɪɟɬ — ɷɬɨ ɩɚɪɨɥɶ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɫɟɬɶ, ɡɚɳɢɳɟɧɧɭɸ ɩɪɨɬɨɤɨɥɨɦ Kerberos, ɩɚɪɨɥɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɲɢɮɪɨɜɚɧɢɹ ɩɚɤɟɬɚ ɢɧɮɨɪɦɚɰɢɢ. Ʉɨɝɞɚ ɫɟɪɜɟɪ Kerberos ɩɨɥɭɱɚɟɬ ɩɚɤɟɬ, ɨɧ ɪɚɫɲɢɮɪɨɜɵɜɚɟɬ ɢɧɮɨɪɦɚɰɢɸ, ɢɫɩɨɥɶɡɭɹ ɤɨɩɢɸ ɩɚɪɨɥɹ, ɯɪɚɧɹɳɟɝɨɫɹ ɧɚ ɫɟɪɜɟɪɟ. ȿɫɥɢ ɪɚɫɲɢɮɪɨɜɤɚ ɩɪɨɲɥɚ ɭɫɩɟɲɧɨ, ɬɨ ɨɩɨɡɧɚɸɳɢɣ ɫɟɪɜɟɪ ɡɧɚɟɬ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɸ ɢɡɜɟɫɬɟɧ ɨɛɳɢɣ ɫɟɤɪɟɬ, ɢ ɟɦɭ ɩɪɟɞɨɫɬɚɜɥɹɟɬɫɹ ɞɨɫɬɭɩ. . , . . Kerberos , , . Ɉɞɧɨɣ ɢɡ ɩɪɨɛɥɟɦ ɨɛɳɟɝɨ ɫɟɤɪɟɬɚ ɹɜɥɹɟɬɫɹ ɬɨ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢ ɫɟɪɜɟɪ, ɭɩɪɚɜɥɹɸɳɢɣ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɨɦ, ɞɨɥɠɧɵ ɢɦɟɬɶ ɤɚɤɨɣ-ɥɢɛɨ ɫɩɨɫɨɛ ɜɥɚɞɟɧɢɹ ɨɛɳɢɦ ɫɟɤɪɟɬɨɦ. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɪɨɛɭɟɬ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɭ ɧɚ ɨɩɪɟɞɟɥɟɧɧɨɦ ɫɟɪɜɟɪɟ, ɬɨ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɦɨɠɟɬ ɛɵɬɶ ɫɨɡɞɚɧɚ ɧɚ ɫɟɪɜɟɪɟ ɫ ɩɚɪɨɥɟɦ, ɤɨɬɨɪɵɣ ɡɧɚɟɬ ɬɨɥɶɤɨ ɩɨɥɶɡɨɜɚɬɟɥɶ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɨɩɵɬɚɟɬɫɹ ɨɛɪɚɬɢɬɶɫɹ ɤ ɪɟɫɭɪɫɚɦ ɧɚ ɷɬɨɦ ɫɟɪɜɟɪɟ, ɨɧ ɦɨɠɟɬ ɩɪɟɞɫɬɚɜɢɬɶ ɨɛɳɢɣ ɫɟɤɪɟɬ (ɩɚɪɨɥɶ) ɢ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɭ. Ɉɞɧɚɤɨ ɜ ɤɨɪɩɨɪɚɬɢɜɧɨɣ ɫɪɟɞɟ ɦɨɝɭɬ ɛɵɬɶ ɬɵɫɹɱɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɫɨɬɧɢ ɫɟɪɜɟɪɨɜ. ɍɩɪɚɜɥɟɧɢɟ ɪɚɡɥɢɱɧɵɦɢ ɨɛɳɢɦɢ ɫɟɤɪɟɬɚɦɢ ɜɫɟɯ ɷɬɢɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɛɵɥɨ ɛɵ ɧɟɩɪɚɤɬɢɱɧɵɦ. ɉɪɨɬɨɤɨɥ Kerberos ɫɩɪɚɜɥɹɟɬɫɹ ɫ ɷɬɨɣ ɩɪɨɛɥɟɦɨɣ, ɢɫɩɨɥɶɡɭɹ ɰɟɧɬɪ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɤɥɸɱɟɣ (KDC - Key Distribution Center). ɋɥɭɠɛɚ KDC ɜɵɩɨɥɧɹɟɬɫɹ ɤɚɤ ɫɥɭɠɛɚ ɫɟɪɜɟɪɚ ɜ ɫɟɬɢ ɢ ɭɩɪɚɜɥɹɟɬ ɨɛɳɢɦɢ ɫɟɤɪɟɬɚɦɢ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɫɟɬɢ. KDC ɢɦɟɟɬ ɨɞɧɭ ɰɟɧɬɪɚɥɶɧɭɸ ɛɚɡɭ ɞɚɧɧɵɯ ɞɥɹ ɜɫɟɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɫɟɬɢ ɢ ɯɪɚɧɢɬ ɨɛɳɢɣ ɫɟɤɪɟɬ ɤɚɠɞɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ (ɜ ɮɨɪɦɟ ɨɞɧɨɫɬɨɪɨɧɧɟɝɨ ɤɷɲɚ ɩɚɪɨɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ). Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɸ ɬɪɟɛɭɟɬɫɹ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɫɟɬɢ ɢ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ, ɫɥɭɠɛɚ KDC ɩɨɞɬɜɟɪɠɞɚɟɬ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɶ ɡɧɚɟɬ ɨɛɳɢɣ ɫɟɤɪɟɬ, ɚ ɡɚɬɟɦ ɩɨɞɬɜɟɪɠɞɚɟɬ ɩɨɞɥɢɧɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹ. . Kerberos , , KDC. Kerberos Windows Server 2003 . Active Directory KDC. Kerberos , , KDC, (realm). Windows Server 2003 . Ʉɚɠɞɚɹ ɫɥɭɠɛɚ KDC ɫɨɫɬɨɢɬ ɢɡ ɞɜɭɯ ɨɬɞɟɥɶɧɵɯ ɫɥɭɠɛ: ɫɥɭɠɛɵ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ (AS Authentication Service) ɢ ɫɥɭɠɛɵ ɩɪɟɞɨɫɬɚɜɥɟɧɢɹ ɛɢɥɟɬɨɜ (TGS — Ticket-Granting Service). ɋɥɭɠɛɚ AS ɨɬɜɟɱɚɟɬ ɡɚ ɧɚɱɚɥɶɧɵɣ ɜɯɨɞ ɤɥɢɟɧɬɚ ɜ ɫɢɫɬɟɦɭ ɢ ɜɵɞɚɟɬ ɛɢɥɟɬ TGT (TGT - Ticket-Granting Ticket) ɤɥɢɟɧɬɭ. ɋɥɭɠɛɚ TGS ɨɬɜɟɱɚɟɬ ɡɚ ɜɫɟ ɛɢɥɟɬɵ ɫɟɚɧɫɚ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ ɜ ɫɟɬɢ Windows Server 2003. ɋɥɭɠɛɚ KDC ɯɪɚɧɢɬ ɛɚɡɭ ɞɚɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ, ɤɨɬɨɪɚɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɩɪɨɬɨɤɨɥɨɦ Kerberos. ȼ ɪɟɚɥɢɡɚɰɢɢ Kerberos Windows Server 2003 ɛɚɡɚ ɞɚɧɧɵɯ ɭɩɪɚɜɥɹɟɬɫɹ ɚɝɟɧɬɨɦ ɫɢɫɬɟɦɵ ɤɚɬɚɥɨɝɚ (DSA - Directory System Agent), ɤɨɬɨɪɵɣ ɜɵɩɨɥɧɹɟɬɫɹ ɜ ɩɪɟɞɟɥɚɯ ɩɪɨɰɟɫɫɚ LSA ɧɚ ɤɚɠɞɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. Ʉɥɢɟɧɬɵ ɢ ɩɪɢɥɨɠɟɧɢɹ ɧɢɤɨɝɞɚ ɧɟ ɩɨɥɭɱɚɸɬ ɩɪɹɦɨɣ ɞɨɫɬɭɩ ɤ ɛɚɡɟ ɞɚɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ - ɜɫɟ ɡɚɩɪɨɫɵ ɢɞɭɬ ɱɟɪɟɡ ɚɝɟɧɬɚ DSA, ɢɫɩɨɥɶɡɭɹ ɨɞɢɧ ɢɡ ɢɧɬɟɪɮɟɣɫɨɜ Active Directory. Ʉɚɠɞɵɣ ɨɛɴɟɤɬ ɜ ɩɪɟɞɟɥɚɯ ɛɚɡɵ ɞɚɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ (ɮɚɤɬɢɱɟɫɤɢ, ɤɚɠɞɵɣ ɚɬɪɢɛɭɬ ɤɚɠɞɨɝɨ ɨɛɴɟɤɬɚ) ɡɚɳɢɳɟɧ ɫ ɩɨɦɨɳɶɸ ɫɩɢɫɤɚ ACL. Ⱥɝɟɧɬ DSA ɝɚɪɚɧɬɢɪɭɟɬ, ɱɬɨ ɥɸɛɵɟ ɩɨɩɵɬɤɢ ɨɛɪɚɳɟɧɢɹ ɤ ɛɚɡɟ ɞɚɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɞɨɥɠɧɵɦ ɨɛɪɚɡɨɦ ɫɚɧɤɰɢɨɧɢɪɨɜɚɧɵ. ɋɨɜɟɬ. Ʉɨɝɞɚ Active Directory ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɧɚ ɩɟɪɜɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ, ɫɨɡɞɚɟɬɫɹ ɫɩɟɰɢɚɥɶɧɚɹ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ, ɤɨɬɨɪɚɹ ɧɚɡɵɜɚɟɬɫɹ krbtgt. ɗɬɚ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɭɞɚɥɟɧɚ ɢɥɢ ɩɟɪɟɢɦɟɧɨɜɚɧɚ, ɟɟ ɧɢɤɨɝɞɚ ɧɟɥɶɡɹ ɪɚɡɪɟɲɚɬɶ (enable). ɉɪɢ ɫɨɡɞɚɧɢɢ ɷɬɨɣ ɡɚɩɢɫɢ ɧɚɡɧɚɱɚɟɬɫɹ ɩɚɪɨɥɶ, ɤɨɬɨɪɵɣ ɪɟɝɭɥɹɪɧɵɦ ɨɛɪɚɡɨɦ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɢɡɦɟɧɹɟɬɫɹ. ɗɬɨɬ ɩɚɪɨɥɶ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɫɨɡɞɚɧɢɹ ɫɟɤɪɟɬɧɨɝɨ ɤɥɸɱɚ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɨɝɨ ɞɥɹ ɲɢɮɪɨɜɚɧɢɹ ɢ ɪɚɫɲɢɮɪɨɜɤɢ ɛɢɥɟɬɨɜ TGT, ɜɵɞɚɜɚɟɦɵɯ ɜɫɟɦɢ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ.
Kerberos
ɇɚ ɤɨɦɩɶɸɬɟɪɚɯ ɫ ɫɢɫɬɟɦɨɣ Microsoft Windows 2000 Professional ɢɥɢ Windows XP Professional, ɧɚ ɫɟɪɜɟɪɚɯ ɫ Windows 2000 Server ɢɥɢ Windows Server 2003 ɚɭɬɟɧɬɢɮɢɤɚɰɢɹ ɩɨ ɩɪɨɬɨɤɨɥɭ Kerberos ɧɚɱɢɧɚɟɬɫɹ ɫ ɬɨɝɨ, ɱɬɨ ɫɥɭɠɛɚ LSA ɜɵɡɵɜɚɟɬ ɩɪɨɜɚɣɞɟɪɚ ɡɚɳɢɬɵ Kerberos. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɫɢɫɬɟɦɭ, ɜɩɟɱɚɬɵɜɚɹ ɢɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢ ɩɚɪɨɥɶ, ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɩɪɢɦɟɧɹɟɬ ɨɞɧɨɫɬɨɪɨɧɧɟɟ ɯɷɲɢɪɨɜɚɧɢɟ ɤ ɩɚɪɨɥɸ ɩɨɥɶɡɨɜɚɬɟɥɹ ɞɥɹ ɫɨɡɞɚɧɢɹ ɫɟɤɪɟɬɧɨɝɨ ɤɥɸɱɚ, ɤɨɬɨɪɵɣ ɤɷɲɢɪɭɟɬɫɹ ɜ ɧɚɞɟɠɧɨɣ ɩɚɦɹɬɢ ɧɚ ɤɨɦɩɶɸɬɟɪɟ. Ɉɞɧɨɫɬɨɪɨɧɧɟɟ ɯɷɲɢɪɨɜɚɧɢɟ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɩɚɪɨɥɶ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧ ɢɫɯɨɞɹ ɢɡ ɯɷɲ-ɡɧɚɱɟɧɢɹ (hash). Ⱦɥɹ ɨɫɭɳɟɫɬɜɥɟɧɢɹ ɩɪɨɰɟɫɫɚ ɜɯɨɞɚ ɤɥɢɟɧɬɚ ɜ ɫɢɫɬɟɦɭ ɤɥɢɟɧɬ ɢ ɫɟɪɜɟɪ ɜɵɩɨɥɧɹɸɬ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. ɉɪɨɜɚɣɞɟɪ Kerberos SSP ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɩɨɫɵɥɚɟɬ ɨɩɨɡɧɚɜɚɬɟɥɶɧɨɟ ɫɨɨɛɳɟɧɢɟ ɫɥɭɠɛɟ KDC (ɫɦ. ɪɢɫ. 8-1). ɗɬɨ ɫɨɨɛɳɟɧɢɟ ɜɤɥɸɱɚɟɬ: • ɢɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹ; • ɨɛɥɚɫɬɶ (realm) ɩɨɥɶɡɨɜɚɬɟɥɹ (ɢɦɹ ɞɨɦɟɧɚ); • ɡɚɩɪɨɫ ɧɚ TGT-ɛɢɥɟɬ; • ɩɪɟɞɜɚɪɢɬɟɥɶɧɵɟ ɨɩɨɡɧɚɜɚɬɟɥɶɧɵɟ ɞɚɧɧɵɟ, ɤɨɬɨɪɵɟ ɜɤɥɸɱɚɸɬ ɦɟɬɤɭ ɜɪɟɦɟɧɢ. ɉɪɟɞɜɚɪɢɬɟɥɶɧɵɟ ɨɩɨɡɧɚɜɚɬɟɥɶɧɵɟ ɞɚɧɧɵɟ ɡɚɲɢɮɪɨɜɚɧɵ ɫ ɩɨɦɨɳɶɸ ɫɟɤɪɟɬɧɨɝɨ ɤɥɸɱɚ, ɩɨɥɭɱɟɧɧɨɝɨ ɢɡ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɩɚɪɨɥɹ.
. 8-1.
Kerberos TGT
2. Ʉɨɝɞɚ ɫɨɨɛɳɟɧɢɟ ɞɨɫɬɢɝɞɟɬ ɫɟɪɜɟɪɚ, ɫɟɪɜɟɪ ɢɫɫɥɟɞɭɟɬ ɢɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɚ ɡɚɬɟɦ ɩɪɨɜɟɪɹɟɬ
ɛɚɡɭ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ ɜ ɩɨɢɫɤɚɯ ɫɜɨɟɣ ɤɨɩɢɢ ɫɟɤɪɟɬɧɨɝɨ ɤɥɸɱɚ, ɫɜɹɡɚɧɧɨɝɨ ɫ ɞɚɧɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɋɟɪɜɟɪ ɪɚɫɲɢɮɪɨɜɵɜɚɟɬ ɡɚɲɢɮɪɨɜɚɧɧɵɟ ɜ ɫɨɨɛɳɟɧɢɢ ɞɚɧɧɵɟ ɫ ɩɨɦɨɳɶɸ ɫɟɤɪɟɬɧɨɝɨ ɤɥɸɱɚ ɢ ɩɪɨɜɟɪɹɟɬ ɜɪɟɦɟɧɧɭɸ ɦɟɬɤɭ. ȿɫɥɢ ɪɚɫɲɢɮɪɨɜɤɚ ɩɪɨɲɥɚ ɭɫɩɟɲɧɨ, ɢ ɜɪɟɦɟɧɧɚɹ ɦɟɬɤɚ ɨɬɥɢɱɚɟɬɫɹ ɨɬ ɬɟɤɭɳɟɝɨ ɜɪɟɦɟɧɢ ɧɚ ɫɟɪɜɟɪɟ ɜ ɩɪɟɞɟɥɚɯ 5 ɦɢɧɭɬ, ɫɟɪɜɟɪ ɝɨɬɨɜ ɩɨɞɬɜɟɪɞɢɬɶ ɩɨɞɥɢɧɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȿɫɥɢ ɪɚɫɲɢɮɪɨɜɤɚ ɨɤɚɠɟɬɫɹ ɧɟɭɞɚɱɧɨɣ, ɷɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɜɟɥ ɧɟɩɪɚɜɢɥɶɧɵɣ ɩɚɪɨɥɶ, ɢ ɚɭɬɟɧɬɢɮɢɤɚɰɢɹ ɩɨɬɟɪɩɢɬ ɧɟɭɞɚɱɭ. ȿɫɥɢ ɜɪɟɦɟɧɧɚɹ ɦɟɬɤɚ ɨɬɥɢɱɚɟɬɫɹ ɛɨɥɟɟ ɱɟɦ ɧɚ 5 ɦɢɧɭɬ ɨɬ ɬɟɤɭɳɟɝɨ ɜɪɟɦɟɧɢ ɧɚ ɫɟɪɜɟɪɟ, ɬɨ ɚɭɬɟɧɬɢɮɢɤɚɰɢɹ ɬɚɤɠɟ ɩɨɬɟɪɩɢɬ ɧɟɭɞɚɱɭ. ɉɪɢɱɢɧɚ ɬɚɤɨɣ ɦɚɥɟɧɶɤɨɣ ɪɚɡɧɢɰɵ ɜɨ ɜɪɟɦɟɧɢ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɧɚ ɞɨɥɠɧɚ ɩɪɟɞɨɬɜɪɚɬɢɬɶ ɜɨɡɦɨɠɧɭɸ ɩɨɩɵɬɤɭ ɩɟɪɟɯɜɚɬɚ ɨɩɨɡɧɚɜɚɬɟɥɶɧɨɝɨ ɩɚɤɟɬɚ ɫ ɩɨɫɥɟɞɭɸɳɢɦ ɩɨɜɬɨɪɟɧɢɟɦ ɟɝɨ ɜ ɛɨɥɟɟ ɩɨɡɞɧɟɟ ɜɪɟɦɹ. Ɂɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɦɚɤɫɢɦɚɥɶɧɚɹ ɞɨɩɭɫɬɢɦɚɹ ɪɚɡɧɢɰɚ ɜɨ ɜɪɟɦɟɧɢ, ɫɨɫɬɚɜɥɹɸɳɚɹ 5 ɦɢɧɭɬ, ɦɨɠɟɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ ɜ ɩɨɥɢɬɢɤɟ ɡɚɳɢɬɵ ɞɨɦɟɧɚ. 3. ɉɨɫɥɟ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɫɟɪɜɟɪ ɩɨɫɵɥɚɟɬ ɤɥɢɟɧɬɭ ɫɨɨɛɳɟɧɢɟ, ɤɨɬɨɪɨɟ ɜɤɥɸɱɚɟɬ ɤɥɸɱ ɫɟɚɧɫɚ ɢ TGT (ɫɦ. ɪɢɫ. 8-1). Ʉɥɸɱ ɫɟɚɧɫɚ - ɷɬɨ ɤɥɸɱ ɲɢɮɪɨɜɚɧɢɹ, ɤɨɬɨɪɵɣ ɤɥɢɟɧɬ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɜɡɚɢɦɨɞɟɣɫɬɜɢɹ ɫ KDC ɜɦɟɫɬɨ ɫɟɤɪɟɬɧɨɝɨ ɤɥɸɱɚ ɤɥɢɟɧɬɚ. TGT — ɷɬɨ ɛɢɥɟɬ ɫɟɚɧɫɚ, ɤɨɬɨɪɵɣ ɩɪɟɞɨɫɬɚɜɥɹɟɬ ɩɨɥɶɡɨɜɚɬɟɥɸ ɞɨɫɬɭɩ ɤ ɤɨɧɬɪɨɥɥɟɪɭ
(
ɞɨɦɟɧɚ. ȼ ɬɟɱɟɧɢɟ ɫɪɨɤɚ ɫɥɭɠɛɵ TGT ɤɥɢɟɧɬ ɩɪɟɞɴɹɜɥɹɟɬ TGT ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ ɜɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɟɦɭ ɬɪɟɛɭɟɬɫɹ ɨɛɪɚɬɢɬɶɫɹ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ. ɉɨɥɧɨɟ ɫɨɨɛɳɟɧɢɟ ɨɬ ɫɟɪɜɟɪɚ ɡɚɲɢɮɪɨɜɚɧɨ ɫ ɩɨɦɨɳɶɸ ɫɟɤɪɟɬɧɨɝɨ ɤɥɸɱɚ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ʉɪɨɦɟ ɬɨɝɨ, ɛɢɥɟɬ TGT ɡɚɲɢɮɪɨɜɚɧ ɫ ɩɨɦɨɳɶɸ ɞɨɥɝɨɫɪɨɱɧɨɝɨ ɫɟɤɪɟɬɧɨɝɨ ɤɥɸɱɚ ɫɟɪɜɟɪɚ. 4. Ʉɨɝɞɚ ɩɚɤɟɬ ɩɪɢɛɵɜɚɟɬ ɧɚ ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ, ɫɟɤɪɟɬɧɵɣ ɤɥɸɱ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɪɚɫɲɢɮɪɨɜɤɢ ɩɚɤɟɬɚ. ȿɫɥɢ ɪɚɫɲɢɮɪɨɜɤɚ ɩɪɨɲɥɚ ɭɫɩɟɲɧɨ ɢ ɜɪɟɦɟɧɧɚɹ ɦɟɬɤɚ ɞɨɩɭɫɬɢɦɚ, ɬɨ ɤɨɦɩɶɸɬɟɪ ɩɨɥɶɡɨɜɚɬɟɥɹ ɩɪɟɞɩɨɥɚɝɚɟɬ, ɱɬɨ ɰɟɧɬɪ KDC ɧɚɞɟɠɧɨ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɥ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɩɨɬɨɦɭ ɱɬɨ ɟɦɭ ɡɧɚɤɨɦ ɟɝɨ ɫɟɤɪɟɬɧɵɣ ɤɥɸɱ. Ʉɥɸɱ ɫɟɚɧɫɚ ɡɚɬɟɦ ɤɷɲɢɪɭɟɬɫɹ ɧɚ ɥɨɤɚɥɶɧɨɦ ɤɨɦɩɶɸɬɟɪɟ, ɩɨɤɚ ɧɟ ɤɨɧɱɢɬɫɹ ɫɪɨɤ ɟɝɨ ɞɟɣɫɬɜɢɹ ɢɥɢ ɩɨɤɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɟ ɫɞɟɥɚɟɬ ɜɵɯɨɞ ɢɡ ɫɢɫɬɟɦɵ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ. ɗɬɨɬ ɤɥɸɱ ɫɟɚɧɫɚ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɲɢɮɪɨɜɚɧɢɹ ɜɫɟɯ ɛɭɞɭɳɢɯ ɩɨɞɤɥɸɱɟɧɢɣ ɤ ɰɟɧɬɪɭ KDC, ɬ.ɟ. ɤɥɢɟɧɬ ɛɨɥɶɲɟ ɧɟ ɞɨɥɠɟɧ ɩɨɦɧɢɬɶ ɫɟɤɪɟɬɧɵɣ ɤɥɸɱ, ɢ ɨɧ ɭɞɚɥɹɟɬɫɹ ɢɡ ɤɷɲɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ. Ȼɢɥɟɬ TGT ɫɨɯɪɚɧɹɟɬɫɹ ɜ ɡɚɲɢɮɪɨɜɚɧɧɨɣ ɮɨɪɦɟ ɜ ɤɷɲɟ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ. . Kerberos Authentication Service (AS) Exchange ), , . AS Exchange. , KDC, KRB_AS_REQ. KRB_AS_REP. *• 5. ɉɨɥɶɡɨɜɚɬɟɥɶ ɛɵɥ ɨɩɨɡɧɚɧ, ɧɨ ɨɧ ɜɫɟ ɟɳɟ ɧɟ ɢɦɟɟɬ ɧɢɤɚɤɨɝɨ ɞɨɫɬɭɩɚ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ. TGT - ɷɬɨ ɛɢɥɟɬ ɫɟɚɧɫɚ, ɤɨɬɨɪɵɣ ɩɪɟɞɨɫɬɚɜɥɹɟɬ ɞɨɫɬɭɩ ɤ ɰɟɧɬɪɭ KDC, ɧɨ ɱɬɨɛɵ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɤɚɤɢɦ-ɥɢɛɨ ɞɪɭɝɢɦ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ, ɩɨɥɶɡɨɜɚɬɟɥɶ ɞɨɥɠɟɧ ɩɨɥɭɱɢɬɶ ɞɪɭɝɨɣ ɛɢɥɟɬ ɫɟɚɧɫɚ ɨɬ KDC ɰɟɧɬɪɚ (ɫɦ. ɪɢɫ. 8-2.) Ɋɚɛɨɱɚɹ ɫɬɚɧɰɢɹ ɤɥɢɟɧɬɚ ɩɨɫɵɥɚɟɬ ɡɚɩɪɨɫ ɧɚ ɛɢɥɟɬ ɫɟɚɧɫɚ ɤ ɰɟɧɬɪɭ KDC. Ɂɚɩɪɨɫ ɜɤɥɸɱɚɟɬ ɢɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɛɢɥɟɬ TGT, ɩɪɟɞɨɫɬɚɜɥɟɧɧɵɣ ɜ ɩɪɨɰɟɫɫɟ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ, ɢɦɹ ɫɟɬɟɜɨɣ ɫɥɭɠɛɵ, ɤ ɤɨɬɨɪɨɣ ɩɨɥɶɡɨɜɚɬɟɥɶ ɯɨɱɟɬ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ, ɢ ɜɪɟɦɟɧɧɭɸ ɦɟɬɤɭ, ɤɨɬɨɪɚɹ ɡɚɲɢɮɪɨɜɚɧɚ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɤɥɸɱɚ ɫɟɚɧɫɚ, ɩɨɥɭɱɟɧɧɨɝɨ ɜ ɩɪɨɰɟɫɫɟ AS Exchange.
. 8-2.
Kerberos
6. ɋɥɭɠɛɚ KDC ɪɚɫɲɢɮɪɨɜɵɜɚɟɬ ɛɢɥɟɬ TGT, ɢɫɩɨɥɶɡɭɹ ɫɜɨɣ ɞɨɥɝɨɫɪɨɱɧɵɣ ɤɥɸɱ. Ɂɚɬɟɦ ɨɧɚ ɢɡɜɥɟɤɚɟɬ ɤɥɸɱ ɫɟɚɧɫɚ ɢɡ ɛɢɥɟɬɚ TGT ɢ ɪɚɫɲɢɮɪɨɜɵɜɚɟɬ ɜɪɟɦɟɧɧɭɸ ɦɟɬɤɭ, ɱɬɨɛɵ ɭɛɟɞɢɬɶɫɹ, ɱɬɨ ɤɥɢɟɧɬ ɢɫɩɨɥɶɡɭɟɬ ɩɪɚɜɢɥɶɧɵɣ ɤɥɸɱ ɫɟɚɧɫɚ, ɢ ɝɚɪɚɧɬɢɪɨɜɚɬɶ, ɱɬɨ ɜɪɟɦɟɧɧɚɹ ɦɟɬɤɚ ɞɨɩɭɫɬɢɦɚ. ȿɫɥɢ ɤɥɸɱ ɫɟɚɧɫɚ ɢ ɜɪɟɦɟɧɧɚɹ ɦɟɬɤɚ ɩɪɢɟɦɥɟɦɵ, ɬɨ KDC ɝɨɬɨɜɢɬ ɛɢɥɟɬ ɫɟɚɧɫɚ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɫɟɬɟɜɨɣ ɫɥɭɠɛɟ. 7. Ȼɢɥɟɬ ɫɟɚɧɫɚ ɜɤɥɸɱɚɟɬ ɞɜɟ ɤɨɩɢɢ ɤɥɸɱɚ ɫɟɚɧɫɚ, ɤɨɬɨɪɵɣ ɤɥɢɟɧɬ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɫɨɟɞɢɧɟɧɢɹ ɫ ɬɪɟɛɭɟɦɵɦ ɪɟɫɭɪɫɨɦ. ɉɟɪɜɚɹ ɤɨɩɢɹ ɤɥɸɱɚ ɫɟɚɧɫɚ ɡɚɲɢɮɪɨɜɚɧɚ, ɢɫɩɨɥɶɡɭɹ
ɤɥɸɱ ɫɟɚɧɫɚ ɤɥɢɟɧɬɚ, ɩɨɥɭɱɟɧɧɵɣ ɜ ɩɪɨɰɟɫɫɟ ɧɚɱɚɥɶɧɨɝɨ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. ȼɬɨɪɚɹ ɤɨɩɢɹ ɤɥɸɱɚ ɫɟɚɧɫɚ ɩɪɟɞɧɚɡɧɚɱɟɧɚ ɞɥɹ ɫɟɬɟɜɨɣ ɫɥɭɠɛɵ ɢ ɜɤɥɸɱɚɟɬ ɢɧɮɨɪɦɚɰɢɸ ɨ ɞɨɫɬɭɩɟ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɗɬɚ ɱɚɫɬɶ ɛɢɥɟɬɚ ɫɟɚɧɫɚ ɡɚɲɢɮɪɨɜɚɧɚ, ɢɫɩɨɥɶɡɭɹ ɫɟɤɪɟɬɧɵɣ ɤɥɸɱ ɫɟɬɟɜɨɣ ɫɥɭɠɛɵ, ɤɨɬɨɪɵɣ ɧɟɢɡɜɟɫɬɟɧ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɤɥɢɟɧɬɚ, ɧɨ ɢɡɜɟɫɬɟɧ ɢ ɫɥɭɠɛɟ KDC ɢ ɫɟɬɟɜɨɣ ɫɥɭɠɛɟ, ɩɨɬɨɦɭ ɱɬɨ ɫɟɪɜɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɪɚɫɩɨɥɨɠɟɧ ɪɟɫɭɪɫ, ɹɜɥɹɟɬɫɹ ɱɥɟɧɨɦ ɫɮɟɪɵ KDC. 8. Ɋɚɛɨɱɚɹ ɫɬɚɧɰɢɹ ɤɥɢɟɧɬɚ ɤɷɲɢɪɭɟɬ ɨɛɟ ɱɚɫɬɢ ɛɢɥɟɬɚ ɫɟɚɧɫɚ ɜ ɩɚɦɹɬɢ. . , 58- , Ticket-Granting Service Exchange ( ). , , KRB_TGS_REQ; KRB_TGS_REP. 9. Ɍɟɩɟɪɶ ɤɥɢɟɧɬ ɩɪɟɞɴɹɜɥɹɟɬ ɛɢɥɟɬ ɫɟɚɧɫɚ ɫɟɬɟɜɨɣ ɫɥɭɠɛɟ ɞɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɫɬɭɩɚ (ɫɦ. ɪɢɫ. 8-3.)
. 8-3.
10. ɋɟɬɟɜɚɹ ɫɥɭɠɛɚ ɪɚɫɲɢɮɪɨɜɵɜɚɟɬ ɤɥɸɱ ɫɟɚɧɫɚ, ɡɚɲɢɮɪɨɜɚɧɧɵɣ ɜ ɛɢɥɟɬɟ ɫɟɚɧɫɚ, ɢɫɩɨɥɶɡɭɹ
ɞɨɥɝɨɫɪɨɱɧɵɣ ɤɥɸɱ, ɤɨɬɨɪɵɦ ɨɧɚ ɜɥɚɞɟɟɬ ɫɨɜɦɟɫɬɧɨ ɫ ɰɟɧɬɪɨɦ KDC. ȿɫɥɢ ɷɬɚ ɪɚɫɲɢɮɪɨɜɤɚ ɩɪɨɲɥɚ ɭɫɩɟɲɧɨ, ɬɨ ɫɟɬɟɜɚɹ ɫɥɭɠɛɚ ɡɧɚɟɬ, ɱɬɨ ɛɢɥɟɬ ɜɵɞɚɧ ɞɨɜɟɪɟɧɧɨɣ ɫɥɭɠɛɨɣ KDC. Ɂɚɬɟɦ ɫɟɬɟɜɚɹ ɫɥɭɠɛɚ ɪɚɫɲɢɮɪɨɜɵɜɚɟɬ ɥɟɤɫɟɦɭ ɞɨɫɬɭɩɚ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɢɫɩɨɥɶɡɭɹ ɤɥɸɱ ɫɟɚɧɫɚ, ɢ ɩɪɨɜɟɪɹɟɬ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɭɪɨɜɟɧɶ ɞɨɫɬɭɩɚ. Ɂɚɩɪɨɫ ɤɥɢɟɧɬɚ ɜɤɥɸɱɚɟɬ ɬɚɤɠɟ ɜɪɟɦɟɧɧɭɸ ɦɟɬɤɭ, ɤɨɬɨɪɚɹ ɡɚɲɢɮɪɨɜɚɧɚ ɫ ɩɨɦɨɳɶɸ ɤɥɸɱɚ ɫɟɚɧɫɚ ɢ ɩɪɨɜɟɪɟɧɚ ɫɟɪɜɟɪɨɦ. . , 9 10, Client/Server (CS) Exchange. KRB_AP_REQ. ȼ ɩɪɟɞɩɨɥɨɠɟɧɢɢ, ɱɬɨ ɚɭɬɟɧɬɢɮɢɤɚɰɢɹ ɢ ɩɪɨɜɟɪɤɚ ɪɚɡɪɟɲɟɧɢɹ ɩɪɨɲɥɢ ɭɫɩɟɲɧɨ, ɤɥɢɟɧɬɭ ɩɪɟɞɨɫɬɚɜɥɹɟɬɫɹ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɫɟɪɜɟɪɚ. ȿɫɥɢ ɤɥɢɟɧɬ ɧɭɠɞɚɟɬɫɹ ɜ ɞɚɥɶɧɟɣɲɟɦ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɪɟɫɭɪɫɚ ɢɥɢ ɫɥɭɠɛɵ, ɬɨ ɛɢɥɟɬ ɫɟɚɧɫɚ ɩɟɪɟɦɟɳɚɟɬɫɹ ɢɡ ɤɷɲɚ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɨɝɨ ɞɥɹ ɛɢɥɟɬɚ ɤɥɢɟɧɬɚ, ɢ ɩɟɪɟɞɚɟɬɫɹ ɧɚ ɰɟɥɟɜɨɣ ɫɟɪɜɟɪ ɪɟɫɭɪɫɚ. ȿɫɥɢ ɫɪɨɤ ɞɟɣɫɬɜɢɹ ɛɢɥɟɬɚ ɫɟɚɧɫɚ ɢɫɬɟɤ, ɤɥɢɟɧɬ ɞɨɥɠɟɧ ɨɛɪɚɬɢɬɶɫɹ ɤ KDC ɞɥɹ ɩɨɥɭɱɟɧɢɹ ɧɨɜɨɝɨ ɛɢɥɟɬɚ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. ȼɵ ɦɨɠɟɬɟ ɩɨɫɦɨɬɪɟɬɶ ɫɨɞɟɪɠɢɦɨɟ ɤɷɲɚ ɤɥɢɟɧɬɚ, ɢɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬɵ, ɞɨɫɬɭɩɧɵɟ ɞɥɹ ɡɚɝɪɭɡɤɢ ɧɚ ɜɟɛ-ɫɚɣɬɟ Microsoft. ɂɧɫɬɪɭɦɟɧɬ KList.exe ɩɪɟɞɨɫɬɚɜɥɹɟɬ ɢɧɬɟɪɮɟɣɫ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ ɞɥɹ ɩɪɨɫɦɨɬɪɚ ɢ ɭɞɚɥɟɧɢɹ ɛɢɥɟɬɨɜ Kerberos. ɂɧɫɬɪɭɦɟɧɬ Kerberos Tray (Kerbtray.exe) ɨɛɟɫɩɟɱɢɜɚɟɬ ɞɥɹ ɩɪɨɫɦɨɬɪɚ ɛɢɥɟɬɨɜ ɝɪɚɮɢɱɟɫɤɢɣ ɢɧɬɟɪɮɟɣɫ ɩɨɥɶɡɨɜɚɬɟɥɹ (GUI). ɇɚ ɪɢɫɭɧɤɟ 8-4 ɩɨɤɚɡɚɧ ɩɪɢɦɟɪ ɢɧɮɨɪɦɚɰɢɢ, ɩɪɟɞɨɫɬɚɜɥɟɧɧɨɣ ɢɧɫɬɪɭɦɟɧɬɨɦ Kerberos Tray. ɂɧɫɬɪɭɦɟɧɬ Kerberos Tray ɞɨɫɬɭɩɟɧ ɩɨ ɚɞɪɟɫɭ http://www.microsoft.com/ windows2000/techinjo/reskit/tools/existing/kerbtray-o.asp , ɚ ɢɧɫɬɪɭɦɟɧɬ KList ɞɨɫɬɭɩɟɧ ɩɨ ɚɞɪɟɫɭ http://www.microsoft.co7n/windows2000/techinfo/reskit/tools/ existing /klist-o. asp.
. 8-4.
Kerberos
Kerberos Tray
ɉɪɨɰɟɫɫ ɩɨɥɭɱɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɫɟɬɟɜɨɦɭ ɪɟɫɭɪɫɭ ɩɨɤɚɡɵɜɚɟɬ, ɱɬɨ ɰɟɧɬɪ KDC ɜɨɜɥɟɱɟɧ ɬɨɥɶɤɨ ɜ ɩɪɨɰɟɫɫ ɧɚɱɚɥɶɧɨɝɨ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɤɥɢɟɧɬɚ, ɤɨɝɞɚ ɤɥɢɟɧɬ ɩɟɪɜɵɣ ɪɚɡ ɩɪɨɛɭɟɬ ɨɛɪɚɳɚɬɶɫɹ ɤ ɪɟɫɭɪɫɭ, ɪɚɫɩɨɥɨɠɟɧɧɨɦɭ ɧɚ ɨɩɪɟɞɟɥɟɧɧɨɦ ɫɟɪɜɟɪɟ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɩɟɪɜɵɟ ɜɯɨɞɢɬ ɜ ɫɢɫɬɟɦɭ, ɟɦɭ ɜɵɞɚɟɬɫɹ ɛɢɥɟɬ TGT, ɤɨɬɨɪɵɣ ɩɪɟɞɨɫɬɚɜɥɹɟɬ ɤɥɢɟɧɬɭ ɞɨɫɬɭɩ ɤ ɰɟɧɬɪɭ KDC ɜ ɬɟɱɟɧɢɟ ɫɪɨɤɚ ɫɥɭɠɛɵ ɛɢɥɟɬɚ. Ʉɨɝɞɚ ɤɥɢɟɧɬ ɩɪɨɛɭɟɬ ɫɨɟɞɢɧɢɬɶɫɹ ɫ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɨɦ, ɨɧ ɫɧɨɜɚ ɜɯɨɞɢɬ ɜ ɤɨɧɬɚɤɬ ɫ KDC ɢ ɩɨɥɭɱɚɟɬ ɛɢɥɟɬ ɫɟɚɧɫɚ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɷɬɨɦɭ ɪɟɫɭɪɫɭ. Ȼɢɥɟɬ ɫɟɚɧɫɚ ɜɤɥɸɱɚɟɬ ɥɟɤɫɟɦɭ ɞɨɫɬɭɩɚ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ʉɨɝɞɚ ɷɬɚ ɥɟɤɫɟɦɚ ɩɪɟɞɴɹɜɥɹɟɬɫɹ ɫɟɪɜɟɪɭ, ɧɚ ɤɨɬɨɪɨɦ ɪɚɫɩɨɥɨɠɟɧ ɪɟɫɭɪɫ, ɫɟɪɜɟɪ ɨɩɪɟɞɟɥɹɟɬ ɭɪɨɜɟɧɶ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɭ, ɤɨɬɨɪɵɣ ɞɨɥɠɟɧ ɢɦɟɬɶ ɞɚɧɧɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ.
,
Ɍɨɬ ɠɟ ɫɚɦɵɣ ɨɩɨɡɧɚɜɚɬɟɥɶɧɵɣ ɩɪɨɰɟɫɫ ɩɪɢɦɟɧɹɟɬɫɹ ɢ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɤɨɝɞɚ ɩɪɢ ɩɨɞɬɜɟɪɠɞɟɧɢɢ ɩɨɞɥɢɧɧɨɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɩɟɪɟɫɟɤɚɸɬɫɹ ɝɪɚɧɢɰɵ ɞɨɦɟɧɚ. ɇɚɩɪɢɦɟɪ, ɤɨɦɩɚɧɢɹ ɦɨɠɟɬ ɢɦɟɬɶ ɥɟɫ ɫ ɬɪɟɦɹ ɞɨɦɟɧɚɦɢ, ɤɚɤ ɩɨɤɚɡɚɧɨ ɧɚ ɪɢɫɭɧɤɟ 8-5.
. 8-5.
,
ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɢɦɟɸɳɢɣ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶɸ ɜ ɞɨɦɟɧɟ Fabrikam.com, ɩɟɪɟɣɞɟɬ ɜ ɞɨɦɟɧ NAmerica.Contoso.com ɢ ɩɨɩɵɬɚɟɬɫɹ ɜɨɣɬɢ ɜ ɫɟɬɶ, ɪɚɛɨɱɚɹ ɫɬɚɧɰɢɹ ɤɥɢɟɧɬɚ ɫɦɨɠɟɬ ɫɨɟɞɢɧɢɬɶɫɹ ɫ
ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ Fabrikam.com. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɩɨɫɵɥɚɟɬ ɧɚɱɚɥɶɧɵɣ ɡɚɩɪɨɫ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ NAmerica.Contoso.com. Ʉɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɨɩɪɟɞɟɥɹɟɬ, ɱɬɨ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɪɚɫɩɨɥɨɠɟɧɚ ɜ ɞɨɦɟɧɟ Fabrikam.com, ɬɚɤ ɱɬɨ ɧɭɠɧɨ ɩɟɪɟɩɪɚɜɢɬɶ ɡɚɩɪɨɫɵ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɤɥɢɟɧɬɚ ɤ ɷɬɨɦɭ ɞɨɦɟɧɭ. ȿɫɥɢ ɜɫɟ ɞɨɦɟɧɵ ɛɵɥɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɫ ɩɪɹɦɵɦɢ ɞɨɜɟɪɢɬɟɥɶɧɵɦɢ ɨɬɧɨɲɟɧɢɹɦɢ (shortcut trusts), ɬɨ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɦɨɠɟɬ ɧɚɩɪɹɦɭɸ ɧɚɩɪɚɜɢɬɶ ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɤ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ Fabrikam.com. Ɉɞɧɚɤɨ ɟɫɥɢ ɩɪɹɦɵɯ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɧɟ ɛɵɥɨ ɫɨɡɞɚɧɨ, ɬɨ ɧɟɬ ɢ ɩɪɹɦɨɝɨ ɞɨɜɟɪɢɬɟɥɶɧɨɝɨ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ NAmerica.Contoso.com ɢ Fabrikam.com. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ NAmerica ɧɚɩɪɚɜɢɬ ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɤ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ Contoso.com. ɇɚɩɪɚɜɥɟɧɢɟ ɜɤɥɸɱɚɟɬ ɤɥɸɱ ɫɟɚɧɫɚ, ɩɪɟɞɨɫɬɚɜɥɹɸɳɢɣ ɞɨɫɬɭɩ ɤ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ Contoso.com. Ʉɥɸɱ ɫɟɚɧɫɚ ɫɨɡɞɚɟɬɫɹ, ɤɨɝɞɚ ɞɨɦɟɧ NAmerica ɞɨɛɚɜɥɹɟɬɫɹ ɤ ɥɟɫɭ Contoso.com ɢ ɫɨɡɞɚɸɬɫɹ ɧɚɱɚɥɶɧɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɷɬɢɦɢ ɞɜɭɦɹ ɞɨɦɟɧɚɦɢ. Ʉɥɸɱ ɫɟɚɧɫɚ ɝɚɪɚɧɬɢɪɭɟɬ, ɱɬɨ ɡɚɩɪɨɫ ɧɚ ɜɯɨɞ ɜ ɫɢɫɬɟɦɭ ɢɫɯɨɞɢɬ ɨɬ ɞɨɜɟɪɟɧɧɨɝɨ ɞɨɦɟɧɚ. Ɂɚɬɟɦ ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɩɨɫɵɥɚɟɬ ɨɩɨɡɧɚɜɚɬɟɥɶɧɵɣ ɡɚɩɪɨɫ ɤ ɞɨɦɟɧɭ Contoso.com. Ɍɟɩɟɪɶ ɤɥɢɟɧɬ ɧɚɩɪɚɜɥɹɟɬɫɹ ɤ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ Fabrikam.com. ɋɧɨɜɚ ɷɬɨ ɧɚɩɪɚɜɥɟɧɢɟ ɜɤɥɸɱɚɟɬ ɤɥɸɱ ɫɟɚɧɫɚ, ɧɟɨɛɯɨɞɢɦɵɣ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ. Ⱦɚɥɟɟ ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɩɨɫɵɥɚɟɬ ɡɚɩɪɨɫ TGT ɧɚ ɫɜɨɣ ɞɨɦɚɲɧɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ Fabrikam.com. Ⱥɧɚɥɨɝɢɱɧɵɣ ɩɪɨɰɟɫɫ ɩɪɨɢɫɯɨɞɢɬ ɬɨɝɞɚ, ɤɨɝɞɚ ɤɥɢɟɧɬ ɩɪɨɛɭɟɬ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɭ, ɪɚɫɩɨɥɨɠɟɧɧɨɦɭ ɡɚ ɩɪɟɞɟɥɚɦɢ ɞɨɦɚɲɧɟɝɨ ɞɨɦɟɧɚ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɤɥɢɟɧɬ ɞɨɥɠɟɧ ɩɨɥɭɱɢɬɶ ɛɢɥɟɬ ɫɟɚɧɫɚ ɨɬ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɪɚɫɩɨɥɨɠɟɧɧɨɝɨ ɜ ɬɨɦ ɞɨɦɟɧɟ, ɝɞɟ ɧɚɯɨɞɢɬɫɹ ɪɟɫɭɪɫ, ɩɨɤɚ ɨɧ ɧɟ ɫɦɨɠɟɬ ɫɨɟɞɢɧɢɬɶɫɹ ɫ ɩɪɚɜɢɥɶɧɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. Ɉɩɨɡɧɚɜɚɬɟɥɶɧɵɣ ɩɪɨɰɟɫɫ ɜɥɢɹɟɬ ɧɚ ɩɪɨɟɤɬ ɥɟɫɚ, ɨɫɨɛɟɧɧɨ ɟɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɱɚɫɬɨ ɜɯɨɞɹɬ ɧɚ ɞɨɦɟɧɵ, ɤ ɤɨɬɨɪɵɦ ɨɧɢ ɫɚɦɢ ɧɟ ɩɪɢɧɚɞɥɟɠɚɬ, ɢɥɢ ɨɛɪɚɳɚɸɬɫɹ ɤ ɪɟɫɭɪɫɚɦ ɞɪɭɝɢɯ ɞɨɦɟɧɨɜ. ȿɫɥɢ ɜɵ ɪɚɡɪɚɛɚɬɵɜɚɟɬɟ ɥɟɫ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɞɨɦɟɧɚɦɢ, ɤɥɢɟɧɬɭ, ɜɟɪɨɹɬɧɨ, ɩɪɢɞɟɬɫɹ ɩɟɪɟɫɟɤɚɬɶ ɜɟɫɶ ɩɭɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ. ȿɫɥɢ ɷɬɨ ɫɥɭɱɚɟɬɫɹ ɱɚɫɬɨ, ɧɭɠɧɨ ɩɨɦɟɫɬɢɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɤɨɪɧɟɜɵɯ ɞɨɦɟɧɨɜ ɛɥɢɠɟ ɤ ɩɨɥɶɡɨɜɚɬɟɥɹɦ. Ɇɨɠɧɨ ɬɚɤɠɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɩɪɹɦɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ, ɱɬɨɛɵ ɧɚɩɪɚɜɥɟɧɢɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɩɨɫɵɥɚɥɢɫɶ ɧɭɠɧɵɦ ɞɨɦɟɧɚɦ ɧɚɩɪɹɦɭɸ.
Ɉɞɧɚ ɢɡ ɩɪɢɱɢɧ ɫɥɨɠɧɨɫɬɢ ɞɨɫɬɭɩɚ ɤ ɫɟɬɟɜɵɦ ɫɥɭɠɛɚɦ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɫɟɬɟɜɚɹ ɫɥɭɠɛɚ ɦɨɠɟɬ ɛɵɬɶ ɪɚɫɩɪɟɞɟɥɟɧɚ ɦɟɠɞɭ ɧɟɫɤɨɥɶɤɢɦɢ ɫɟɪɜɟɪɚɦɢ. ɇɚɩɪɢɦɟɪ, ɤɥɢɟɧɬ ɞɥɹ ɩɨɥɭɱɟɧɢɹ ɢɧɮɨɪɦɚɰɢɢ ɫɨɟɞɢɧɹɟɬɫɹ ɫ ɤɪɚɣɧɢɦ ɫɟɪɜɟɪɨɦ ɜɧɟɲɧɟɝɨ ɢɧɬɟɪɮɟɣɫɚ ɰɟɩɨɱɤɢ ɫɟɪɜɟɪɨɜ, ɤɨɬɨɪɵɣ ɞɨɥɠɟɧ ɩɨɞɤɥɸɱɢɬɶɫɹ ɤ ɫɟɪɜɟɪɭ ɛɚɡɵ ɞɚɧɧɵɯ, ɹɜɥɹɸɳɢɦɫɹ ɞɪɭɝɢɦ ɤɨɧɰɨɦ ɷɬɨɣ ɰɟɩɨɱɤɢ. ɑɬɨɛɵ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɨɥɭɱɢɥ ɞɨɫɬɭɩ ɬɨɥɶɤɨ ɤ ɫɚɧɤɰɢɨɧɢɪɨɜɚɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ, ɞɥɹ ɨɛɪɚɳɟɧɢɹ ɤ ɤɪɚɣɧɟɦɭ ɫɟɪɜɟɪɭ ɛɚɡɵ ɞɚɧɧɵɯ ɞɨɥɠɧɵ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ «ɜɟɪɢɬɟɥɶɧɵɟ ɝɪɚɦɨɬɵ» ɩɨɥɶɡɨɜɚɬɟɥɹ (ɜɦɟɫɬɨ «ɜɟɪɢɬɟɥɶɧɵɯ ɝɪɚɦɨɬ» ɫɟɪɜɟɪɚ ɜɧɟɲɧɟɝɨ ɢɧɬɟɪɮɟɣɫɚ). ȼ ɫɢɫɬɟɦɟ Windows 2000 ɩɪɨɬɨɤɨɥ Kerberos ɨɛɟɫɩɟɱɢɜɚɟɬ ɷɬɨ ɞɜɭɦɹ ɫɩɨɫɨɛɚɦɢ: ɩɭɬɟɦ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɩɪɨɤɫɢ-ɛɢɥɟɬɨɜ (proxy tickets) ɢ ɪɟɬɪɚɧɫɥɢɪɨɜɚɧɧɵɯ ɛɢɥɟɬɨɜ (forwarded tickets). ȿɫɥɢ ɩɪɨɤɫɢ-ɛɢɥɟɬɵ ɪɚɡɪɟɲɟɧɵ, ɬɨ ɤɥɢɟɧɬ ɩɨɲɥɟɬ ɡɚɩɪɨɫ ɧɚ ɛɢɥɟɬ ɫɟɚɧɫɚ ɤ ɰɟɧɬɪɭ KDC, ɬɪɟɛɭɹ ɞɨɫɬɭɩ ɤ ɤɪɚɣɧɟɦɭ ɫɟɪɜɟɪɭ. ɋɥɭɠɛɚ KDC ɩɪɟɞɨɫɬɚɜɢɬ ɛɢɥɟɬ ɫɟɚɧɫɚ ɢ ɭɫɬɚɧɨɜɢɬ ɧɚ ɛɢɥɟɬɟ ɮɥɚɠɨɤ PROXIABLE. Ɂɚɬɟɦ ɤɥɢɟɧɬ ɩɪɟɞɫɬɚɜɢɬ ɛɢɥɟɬ ɫɟɚɧɫɚ ɫɟɪɜɟɪɭ ɜɧɟɲɧɟɝɨ ɢɧɬɟɪɮɟɣɫɚ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬ ɟɝɨ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɢɧɮɨɪɦɚɰɢɢ, ɪɚɫɩɨɥɨɠɟɧɧɨɣ ɧɚ ɤɪɚɣɧɟɦ ɫɟɪɜɟɪɟ. Ƚɥɚɜɧɚɹ ɩɪɨɛɥɟɦɚ ɫ ɩɪɨ-ɤɫɢ-ɛɢɥɟɬɚɦɢ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɤɥɢɟɧɬ ɞɨɥɠɟɧ ɡɧɚɬɶ ɨɬɥɢɱɢɬɟɥɶɧɵɟ ɯɚɪɚɤɬɟɪɢɫɬɢɤɢ ɤɪɚɣɧɟɝɨ ɫɟɪɜɟɪɚ. Ⱦɪɭɝɨɣ ɜɚɪɢɚɧɬ ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɪɟɬɪɚɧɫɥɢɪɨɜɚɧɧɵɯ ɛɢɥɟɬɨɜ. ȿɫɥɢ ɷɬɢ ɛɢɥɟɬɵ ɪɚɡɪɟɲɟɧɵ, ɬɨ ɤɥɢɟɧɬ ɩɨɫɵɥɚɟɬ ɡɚɩɪɨɫ AS Exchange ɤ ɰɟɧɬɪɭ KDC, ɬɪɟɛɭɹ ɛɢɥɟɬ TGT, ɩɨɡɜɨɥɹɸɳɢɣ ɫɟɪɜɟɪɭ ɜɧɟɲɧɟɝɨ ɢɧɬɟɪɮɟɣɫɚ ɨɛɪɚɬɢɬɶɫɹ ɤ ɤɪɚɣɧɢɦ ɫɟɪɜɟɪɚɦ. ɋɥɭɠɛɚ KDC ɫɨɡɞɚɟɬ ɛɢɥɟɬ TGT ɢ ɩɨɫɵɥɚɟɬ ɟɝɨ ɤɥɢɟɧɬɭ ɞɥɹ ɩɟɪɟɫɵɥɤɢ ɫɟɪɜɟɪɭ ɜɧɟɲɧɟɝɨ ɢɧɬɟɪɮɟɣɫɚ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬ ɛɢɥɟɬ TGT ɞɥɹ ɩɨɥɭɱɟɧɢɹ ɛɢɥɟɬɚ ɫɟɚɧɫɚ, ɩɨɡɜɨɥɹɸɳɟɝɨ ɨɛɪɚɬɢɬɶɫɹ ɤ ɤɪɚɣɧɟɦɭ ɫɟɪɜɟɪɭ ɨɬ ɢɦɟɧɢ ɤɥɢɟɧɬɚ. ɂɦɟɟɬɫɹ ɞɜɚ ɫɭɳɟɫɬɜɟɧɧɵɯ ɧɟɞɨɫɬɚɬɤɚ, ɫɜɹɡɚɧɧɵɯ ɫ ɪɟɚɥɢɡɚɰɢɟɣ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɜ ɫɢɫɬɟɦɟ Windows 2000. ɉɟɪɜɵɣ ɧɟɞɨɫɬɚɬɨɤ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɬɨɥɶɤɨ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɤɥɢɟɧɬ ɚɭɬɟɧɬɢɮɢɰɢɪɨɜɚɧ ɱɟɪɟɡ ɩɪɨɬɨɤɨɥ Kerberos. Ʉɥɢɟɧɬɵ ɫ ɫɢɫɬɟɦɚɦɢ Windows NT, Microsoft Windows 95 ɢ Windows 98 ɧɟ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ. ȼ Windows Server 2003 ɤɥɢɟɧɬ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɥɸɛɨɣ ɨɩɨɡɧɚɜɚɬɟɥɶɧɵɣ ɩɪɨɬɨɤɨɥ. ȼɬɨɪɨɣ ɧɟɞɨɫɬɚɬɨɤ ɫɢɫɬɟɦɵ Windows 2000 ɤɚɫɚɟɬɫɹ ɡɚɳɢɬɵ ɞɟɥɟɝɢɪɨɜɚɧɢɹ. ȼ Windows 2000 ɩɨɫɥɟ ɩɨɥɭɱɟɧɢɹ ɫɟɪɜɟɪɨɦ ɜɧɟɲɧɟɝɨ ɢɧɬɟɪɮɟɣɫɚ
ɪɟɬɪɚɧɫɥɢɪɨɜɚɧɧɨɝɨ ɛɢɥɟɬɚ ɨɬ ɰɟɧɬɪɚ KDC ɨɧ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɟɝɨ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɥɸɛɨɣ ɫɟɬɟɜɨɣ ɫɥɭɠɛɟ ɨɬ ɢɦɟɧɢ ɤɥɢɟɧɬɚ. Windows Server 2003 ɢɦɟɟɬ ɨɩɰɢɸ, ɨɝɪɚɧɢɱɢɜɚɸɳɭɸ ɞɟɥɟɝɢɪɨɜɚɧɢɟ, ɬ.ɟ. ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɬɚɤ, ɱɬɨ ɷɬɨ ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɛɭɞɟɬ ɩɪɢɦɟɧɹɬɶɫɹ ɬɨɥɶɤɨ ɞɥɹ ɨɩɪɟɞɟɥɟɧɧɵɯ ɫɟɬɟɜɵɯ ɫɥɭɠɛ (ɨɫɧɨɜɵɜɚɹɫɶ ɧɚ ɨɫɧɨɜɧɵɯ ɢɦɟɧɚɯ ɫɥɭɠɛ). Ɉɝɪɚɧɢɱɟɧɧɨɟ ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɞɨɫɬɭɩɧɨ ɜ ɫɥɭɱɚɟ, ɟɫɥɢ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ ɞɨɦɟɧɚ ɭɫɬɚɧɨɜɥɟɧ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ Windows Server 2003. Ⱦɥɹ ɭɫɩɟɲɧɨɝɨ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɧɭɠɧɚ ɝɚɪɚɧɬɢɹ, ɱɬɨ ɢ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɢ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɤɨɦɩɶɸɬɟɪɚ (ɢɥɢ ɫɥɭɠɛɵ) ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɬɚɤ, ɱɬɨɛɵ ɩɨɞɞɟɪɠɢɜɚɬɶ ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ. Ⱦɥɹ ɷɬɨɝɨ ɨɛɪɚɬɢɬɟɫɶ ɤ ɨɤɧɭ Properties (ɋɜɨɣɫɬɜɚ) ɩɨɥɶɡɨɜɚɬɟɥɹ ɱɟɪɟɡ ɢɧɫɬɪɭɦɟɧɬ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory), ɜɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Account (ɍɱɟɬɧɚɹ ɡɚɩɢɫɶ), ɚ ɡɚɬɟɦ ɩɪɨɫɦɨɬɪɢɬɟ ɫɩɢɫɨɤ Account Options (Ɉɩɰɢɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ). ɍɞɨɫɬɨɜɟɪɶɬɟɫɶ, ɱɬɨ oɩɰɢɹ Account Is Sensitive And Cannot Be Delegated (ɍɱɟɬɧɚɹ ɡɚɩɢɫɶ ɬɨɱɧɚ ɢ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɞɟɥɟɝɢɪɨɜɚɧɚ) ɧɟ ɜɵɛɪɚɧɚ. (ɉɨ ɭɦɨɥɱɚɧɢɸ ɨɩɰɢɹ ɧɟ ɜɵɛɪɚɧɚ.) ɑɬɨɛɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɫɥɭɠɛɵ ɞɥɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ, ɧɭɠɧɨ ɨɩɪɟɞɟɥɢɬɶ, ɹɜɥɹɟɬɫɹ ɥɢ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ, ɢɫɩɨɥɶɡɭɟɦɚɹ ɫɥɭɠɛɨɣ ɞɥɹ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɧɨɪɦɚɥɶɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɢɥɢ ɨɧɚ ɹɜɥɹɟɬɫɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ LocalSystem. ȿɫɥɢ ɫɥɭɠɛɚ ɜɵɩɨɥɧɹɟɬɫɹ ɩɨɞ ɧɨɪɦɚɥɶɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɨɛɪɚɬɢɬɟɫɶ ɤ ɜɤɥɚɞɤɟ Account ɩɨɥɶɡɨɜɚɬɟɥɹ ɢ ɭɞɨɫɬɨɜɟɪɶɬɟɫɶ, ɱɬɨ ɨɩɰɢɹ Account Is Sensitive And Cannot Be Delegated ɧɟ ɜɵɛɪɚɧɚ. (ɉɨ ɭɦɨɥɱɚɧɢɸ ɨɧɚ ɧɟ ɜɵɛɪɚɧɚ.) ȿɫɥɢ ɫɥɭɠɛɚ ɜɵɩɨɥɧɹɟɬɫɹ ɩɨɞ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ LocalSystem, ɬɨ ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɛɵɥɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɨ ɜ ɨɤɧɟ Properties ɤɨɦɩɶɸɬɟɪɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ (ɫɦ. ɪɢɫ. 8-6). ɑɬɨɛɵ ɪɟɚɥɢɡɨɜɚɬɶ ɭɪɨɜɟɧɶ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ Windows 2000, ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ Trust This Computer For Delegation To Any Service (Kerberos Only) (Ⱦɨɜɟɪɹɬɶ ɷɬɨɦɭ ɤɨɦɩɶɸɬɟɪɭ ɩɪɢ ɞɟɥɟɝɢɪɨɜɚɧɢɢ ɤ ɥɸɛɨɣ ɫɥɭɠɛɟ (Ɍɨɥɶɤɨ ɩɪɨɬɨɤɨɥ Kerberos)). ɑɬɨɛɵ ɪɟɚɥɢɡɨɜɚɬɶ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɧɵɣ ɭɪɨɜɟɧɶ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ Windows Server 2003, ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ Trust This Computer For Delegation To Specified Services Only (Ⱦɨɜɟɪɹɬɶ ɷɬɨɦɭ ɤɨɦɩɶɸɬɟɪɭ ɬɨɥɶɤɨ ɩɪɢ ɞɟɥɟɝɢɪɨɜɚɧɢɢ ɤ ɭɤɚɡɚɧɧɨɣ ɫɥɭɠɛɟ). Ɂɚɬɟɦ ɭɤɚɠɢɬɟ, ɞɨɥɠɟɧ ɥɢ ɤɥɢɟɧɬ ɩɨɞɬɜɟɪɠɞɚɬɶ ɩɨɞɥɢɧɧɨɫɬɶ ɬɨɥɶɤɨ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɩɪɨɬɨɤɨɥɚ Kerberos, ɢɥɢ ɨɧ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɥɸɛɨɣ ɞɪɭɝɨɣ ɩɪɨɬɨɤɨɥ, ɚ ɡɚɬɟɦ ɜɵɛɪɚɬɶ ɫɥɭɠɛɵ (ɨɫɧɨɜɵɜɚɹɫɶ ɧɚ ɨɫɧɨɜɧɵɯ ɢɦɟɧɚɯ ɫɥɭɠɛ, ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɵɯ ɜ Active Directory), ɤɨɬɨɪɵɦ ɤɨɦɩɶɸɬɟɪ ɦɨɠɟɬ ɩɪɟɞɫɬɚɜɥɹɬɶ ɞɟɥɟɝɢɪɨɜɚɧɧɵɟ «ɜɟɪɢɬɟɥɶɧɵɟ ɝɪɚɦɨɬɵ».
. 8-6.
Kerberos
Windows Server
2003
Ʉɚɤ ɝɨɜɨɪɢɥɨɫɶ ɜɵɲɟ, ɩɪɨɬɨɤɨɥ Kerberos ɩɨ ɭɦɨɥɱɚɧɢɸ ɡɚɞɚɧ ɜ ɤɚɱɟɫɬɜɟ ɨɩɨɡɧɚɜɚɬɟɥɶɧɨɝɨ ɩɪɨɬɨɤɨɥɚ ɞɥɹ ɤɥɢɟɧɬɨɜ ɫ ɫɢɫɬɟɦɚɦɢ Windows 2000, ɢɥɢ ɛɨɥɟɟ ɩɨɡɞɧɢɦɢ, ɤɨɬɨɪɵɟ ɜɯɨɞɹɬ ɜ Active Directory. ȼɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɧɟɫɤɨɥɶɤɨ ɫɜɨɣɫɬɜ Kerberos ɱɟɪɟɡ ɩɨɥɢɬɢɤɭ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɨɦɟɧɚ. ɑɬɨɛɵ ɨɛɪɚɬɢɬɶɫɹ ɤ ɩɚɪɚɦɟɬɪɚɦ ɧɚɫɬɪɨɣɤɢ ɩɨɥɢɬɢɤɢ Kerberos, ɨɬɤɪɨɣɬɟ ɩɭɧɤɬ Domain Security Policy (ɉɨɥɢɬɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɨɦɟɧɚ) ɢɡ ɢɧɫɬɪɭɦɟɧɬɨɜ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ ɢ ɪɚɡɜɟɪɧɢɬɟ ɩɚɩɤɭ Account Policies (ɉɨɥɢɬɢɤɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ) (ɫɦ. ɪɢɫ. 8-7). ȼɚɦ ɫɬɚɧɭɬ ɞɨɫɬɭɩɧɵ ɫɥɟɞɭɸɳɢɟ ɩɨɥɢɬɢɤɢ.
. 8-7. Security Policy (
•
•
•
• •
Kerberos
Domain
)
Enforce User Logon Restrictions (ɍɫɢɥɟɧɢɟ ɨɝɪɚɧɢɱɟɧɢɣ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ). ɗɬɚ ɩɨɥɢɬɢɤɚ ɭɫɬɚɧɚɜɥɢɜɚɟɬ ɨɩɰɢɸ ɫɥɭɠɛɵ KDC, ɩɨ ɤɨɬɨɪɨɣ ɩɪɢ ɤɚɠɞɨɦ ɡɚɩɪɨɫɟ ɧɚ ɛɢɥɟɬ ɫɟɚɧɫɚ ɩɪɨɜɟɪɹɸɬɫɹ ɭɫɬɚɧɨɜɤɢ ɩɪɚɜ ɩɨɥɶɡɨɜɚɬɟɥɹ ɧɚ ɰɟɥɟɜɨɦ ɤɨɦɩɶɸɬɟɪɟ. ȿɫɥɢ ɷɬɚ ɩɨɥɢɬɢɤɚ ɜɤɥɸɱɟɧɚ, ɬɨ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɡɚɩɪɚɲɢɜɚɸɳɢɣ ɛɢɥɟɬ ɫɟɚɧɫɚ, ɞɨɥɠɟɧ ɢɦɟɬɶ ɩɪɚɜɚ Allow Log On Locally (Ɋɚɡɪɟɲɢɬɶ ɥɨɤɚɥɶɧɵɣ ɜɯɨɞ), ɟɫɥɢ ɨɧ ɜɨɲɟɥ ɜ ɫɢɫɬɟɦɭ ɜ ɢɧɬɟɪɚɤɬɢɜɧɨɦ ɪɟɠɢɦɟ, ɢɥɢ ɩɪɚɜɚ Access This Computer From The Network (Ⱦɨɫɬɭɩ ɤ ɷɬɨɦɭ ɤɨɦɩɶɸɬɟɪɭ ɢɡ ɫɟɬɢ) ɧɚ ɰɟɥɟɜɨɦ ɤɨɦɩɶɸɬɟɪɟ. ɗɬɢ ɩɪɚɜɚ ɧɚɡɧɚɱɚɸɬɫɹ ɜ ɦɟɧɸ Local Policies\User Rights Assignment (Ʌɨɤɚɥɶɧɵɟ ɩɨɥɢɬɢɤɢ\ ɇɚɡɧɚɱɟɧɢɟ ɩɪɚɜ ɩɨɥɶɡɨɜɚɬɟɥɟɣ) ɜ ɩɭɧɤɬɟ Domain Security Policy (ɉɨɥɢɬɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɨɦɟɧɚ). ɉɨ ɭɦɨɥɱɚɧɢɸ ɷɬɚ ɩɨɥɢɬɢɤɚ ɜɤɥɸɱɟɧɚ. Maximum Lifetime For Service Ticket (Ɇɚɤɫɢɦɚɥɶɧɵɣ ɫɪɨɤ ɝɨɞɧɨɫɬɢ ɫɥɭɠɟɛɧɨɝɨ ɛɢɥɟɬɚ). ɗɬɚ ɩɨɥɢɬɢɤɚ ɭɫɬɚɧɚɜɥɢɜɚɟɬ ɦɚɤɫɢɦɚɥɶɧɨɟ ɜɪɟɦɹ (ɜ ɦɢɧɭɬɚɯ), ɜ ɬɟɱɟɧɢɟ ɤɨɬɨɪɨɝɨ ɛɢɥɟɬ ɫɟɚɧɫɚ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɨɩɪɟɞɟɥɟɧɧɨɣ ɫɥɭɠɛɟ. ȿɫɥɢ ɭɫɬɚɧɨɜɥɟɧ ɧɭɥɶ ɦɢɧɭɬ, ɬɨ ɫɪɨɤ ɝɨɞɧɨɫɬɢ ɛɢɥɟɬɚ ɧɢɤɨɝɞɚ ɧɟ ɨɤɨɧɱɢɬɫɹ. ȿɫɥɢ ɭɫɬɚɧɨɜɥɟɧɨ ɧɟɧɭɥɟɜɨɟ ɤɨɥɢɱɟɫɬɜɨ ɦɢɧɭɬ, ɬɨ ɨɧɨ ɞɨɥɠɧɨ ɛɵɬɶ ɛɨɥɶɲɟ, ɱɟɦ 10 ɦɢɧɭɬ, ɢ ɦɟɧɶɲɟ ɢɥɢ ɪɚɜɧɨ ɡɧɚɱɟɧɢɸ, ɭɫɬɚɧɨɜɥɟɧɧɨɦɭ ɞɥɹ ɩɚɪɚɦɟɬɪɚ Maximum Lifetime For User Ticket (Ɇɚɤɫɢɦɚɥɶɧɵɣ ɫɪɨɤ ɝɨɞɧɨɫɬɢ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɛɢɥɟɬɚ). ɉɨ ɭɦɨɥɱɚɧɢɸ ɷɬɚ ɭɫɬɚɧɨɜɤɚ ɫɨɫɬɚɜɥɹɟɬ 600 ɦɢɧɭɬ (10 ɱɚɫɨɜ). Maximum Lifetime For User Ticket (Ɇɚɤɫɢɦɚɥɶɧɵɣ ɫɪɨɤ ɝɨɞɧɨɫɬɢ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɛɢɥɟɬɚ). ɗɬɚ ɩɨɥɢɬɢɤɚ ɭɫɬɚɧɚɜɥɢɜɚɟɬ ɦɚɤɫɢɦɚɥɶɧɨɟ ɜɪɟɦɹ (ɜ ɱɚɫɚɯ), ɜ ɬɟɱɟɧɢɟ ɤɨɬɨɪɨɝɨ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ TGT-ɛɢɥɟɬ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɢɫɬɟɱɟɬ ɫɪɨɤ ɝɨɞɧɨɫɬɢ TGT-ɛɢɥɟ-ɬɚ, ɫɭɳɟɫɬɜɭɸɳɢɣ ɛɢɥɟɬ ɞɨɥɠɟɧ ɛɵɬɶ ɜɨɡɨɛɧɨɜɥɟɧ, ɢɧɚɱɟ ɧɭɠɧɨ ɡɚɬɪɟɛɨɜɚɬɶ ɧɨɜɵɣ ɛɢɥɟɬ ɜ ɰɟɧɬɪɟ KDC. ɉɨ ɭɦɨɥɱɚɧɢɸ ɷɬɚ ɭɫɬɚɧɨɜɤɚ ɫɨɫɬɚɜɥɹɟɬ 10 ɱɚɫɨɜ. Maximum Lifetime For User Ticket Renewal (Ɇɚɤɫɢɦɚɥɶɧɵɣ ɫɪɨɤ, ɜ ɬɟɱɟɧɢɟ ɤɨɬɨɪɨɝɨ ɜɨɡɦɨɠɧɨ ɨɛɧɨɜɥɟɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɛɢɥɟɬɚ). ɗɬɚ ɩɨɥɢɬɢɤɚ ɭɫɬɚɧɚɜɥɢɜɚɟɬ ɜɪɟɦɹ (ɜ ɞɧɹɯ), ɜ ɬɟɱɟɧɢɟ ɤɨɬɨɪɨɝɨ TGT-ɛɢɥɟɬ ɦɨɠɟɬ ɛɵɬɶ ɜɨɡɨɛɧɨɜɥɟɧ (ɜɦɟɫɬɨ ɩɨɥɭɱɟɧɢɹ ɧɨɜɨɝɨ TGT-ɛɢɥɟ-ɬɚ). ɉɨ ɭɦɨɥɱɚɧɢɸ ɷɬɚ ɭɫɬɚɧɨɜɤɚ ɫɨɫɬɚɜɥɹɟɬ 7 ɞɧɟɣ. Maximum Tolerance For Computer Clock Synchronization (Ɇɚɤɫɢɦɚɥɶɧɨ ɞɨɩɭɫɬɢɦɨɟ ɪɚɫɯɨɠɞɟɧɢɟ ɜ ɩɨɤɚɡɚɧɢɹɯ ɤɨɦɩɶɸɬɟɪɧɵɯ ɱɚɫɨɜ). ɗɬɚ ɩɨɥɢɬɢɤɚ ɭɫɬɚɧɚɜɥɢɜɚɟɬ
ɦɚɤɫɢɦɚɥɶɧɭɸ ɪɚɡɧɢɰɭ ɜɨ ɜɪɟɦɟɧɢ (ɜ ɦɢɧɭɬɚɯ) ɦɟɠɞɭ ɜɪɟɦɟɧɟɦ ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɤɥɢɟɧɬɚ ɢ ɜɪɟɦɟɧɟɦ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɨɛɟɫɩɟɱɢɜɚɸɳɟɦ ɚɭɬɟɧɬɢɮɢɤɚɰɢɸ ɩɨ ɩɪɨɬɨɤɨɥɭ Kerberos, ɤɨɬɨɪɭɸ ɩɪɨɬɨɤɨɥ Kerberos ɫɱɢɬɚɟɬ ɞɨɩɭɫɬɢɦɨɣ. ȿɫɥɢ ɪɚɡɧɢɰɚ ɜɨ ɜɪɟɦɟɧɢ ɦɟɠɞɭ ɩɨɤɚɡɚɧɢɹɦɢ ɷɬɢɯ ɞɜɭɯ ɤɨɦɩɶɸɬɟɪɨɜ ɛɨɥɶɲɟ, ɱɟɦ ɞɨɩɭɫɬɢɦɵɣ ɭɪɨɜɟɧɶ, ɜɫɟ ɛɢɥɟɬɵ Kerberos ɛɭɞɭɬ ɨɬɜɟɪɝɧɭɬɵ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɷɬɚ ɭɫɬɚɧɨɜɤɚ ɫɨɫɬɚɜɥɹɟɬ 5 ɦɢɧɭɬ. ɂɦɟɣɬɟ ɜ ɜɢɞɭ, ɱɬɨ ɜ ɫɥɭɱɚɟ ɢɡɦɟɧɟɧɢɹ ɷɬɨɣ ɭɫɬɚɧɨɜɤɢ ɩɪɢ ɩɟɪɟɡɚɩɭɫɤɟ ɤɨɦɩɶɸɬɟɪɚ ɨɧɚ ɜɨɡɜɪɚɬɢɬɫɹ ɤ ɡɚɞɚɧɧɨɦɭ ɩɨ ɭɦɨɥɱɚɧɢɸ ɡɧɚɱɟɧɢɸ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɩɪɨɬɨɤɨɥɚ Kerberos, ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ, ɹɜɥɹɸɬɫɹ ɩɪɢɟɦɥɟɦɵɦɢ. ȼ ɫɪɟɞɚɯ ɫ ɜɵɫɨɤɢɦ ɭɪɨɜɧɟɦ ɛɟɡɨɩɚɫɧɨɫɬɢ ɦɨɠɧɨ ɭɦɟɧɶɲɢɬɶ ɫɪɨɤɢ ɫɥɭɠɛɵ ɛɢɥɟɬɨɜ. Ɉɞɧɚɤɨ ɜ ɷɬɨɦ ɫɥɭɱɚɟ ɤɥɢɟɧɬɵ ɞɨɥɠɧɵ ɛɭɞɭɬ ɛɨɥɟɟ ɱɚɫɬɨ ɩɨɞɤɥɸɱɚɬɶɫɹ ɤ ɰɟɧɬɪɭ KDC, ɫɨɡɞɚɜɚɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɫɟɬɟɜɨɣ ɬɪɚɮɢɤ ɢ ɥɢɲɧɸɸ ɧɚɝɪɭɡɤɭ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ.
ȼ ɨɫɧɨɜɟ ɩɪɨɬɨɤɨɥɚ Kerberos ɥɟɠɢɬ ɨɩɨɡɧɚɜɚɬɟɥɶɧɚɹ ɦɨɞɟɥɶ ɫ ɨɛɳɢɦ ɫɟɤɪɟɬɨɦ. ɗɬɨ ɨɛɟɫɩɟɱɢɜɚɟɬ ɩɪɟɜɨɫɯɨɞɧɭɸ ɡɚɳɢɬɭ, ɧɨ ɧɚɥɚɝɚɟɬ ɨɞɧɨ ɜɚɠɧɨɟ ɨɝɪɚɧɢɱɟɧɢɟ ɧɚ ɨɛɟɫɩɟɱɟɧɢɟ ɞɨɫɬɭɩɚ ɤ ɫɟɬɢ Windows Server 2003. ɗɬɨ ɨɝɪɚɧɢɱɟɧɢɟ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɤɚɠɞɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɤɨɬɨɪɵɣ ɨɛɪɚɳɚɟɬɫɹ ɤ ɫɟɬɢ, ɞɨɥɠɟɧ ɢɦɟɬɶ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɜ ɛɚɡɟ ɞɚɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫɥɭɠɛɵ KDC. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɟ ɫɭɳɟɫɬɜɭɟɬ ɜ ɛɚɡɟ ɞɚɧɧɵɯ, ɟɦɭ ɧɟɥɶɡɹ ɩɪɟɞɨɫɬɚɜɢɬɶ ɞɨɫɬɭɩ ɤ ɫɟɬɢ. ɗɬɚ ɦɨɞɟɥɶ ɯɨɪɨɲɨ ɪɚɛɨɬɚɟɬ ɜ ɬɟɯ ɤɨɦɩɚɧɢɹɯ, ɜ ɤɨɬɨɪɵɯ ɜɫɟ ɩɨɥɶɡɨɜɚɬɟɥɢ, ɜɯɨɞɹɳɢɟ ɜ ɫɟɬɶ, ɢɡɜɟɫɬɧɵ, ɢ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɦɨɠɟɬ ɛɵɬɶ ɫɨɡɞɚɧɚ ɞɥɹ ɤɚɠɞɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɉɞɧɚɤɨ ɦɧɨɝɢɟ ɤɨɦɩɚɧɢɢ ɪɚɫɲɢɪɹɸɬ ɫɩɢɫɨɤ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɢɦɟɸɳɢɯ ɞɨɫɬɭɩ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ, ɜɤɥɸɱɚɹ ɜ ɧɟɝɨ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɤɨɬɨɪɵɟ ɧɟ ɹɜɥɹɸɬɫɹ ɫɥɭɠɚɳɢɦɢ. Ʉɨɦɩɚɧɢɹ ɦɨɠɟɬ ɜɫɬɭɩɢɬɶ ɜ ɤɪɚɬɤɨɫɪɨɱɧɨɟ ɩɚɪɬɧɟɪɫɬɜɨ ɫ ɞɪɭɝɨɣ ɤɨɦɩɚɧɢɟɣ, ɢ ɟɣ ɩɨɬɪɟɛɭɟɬɫɹ ɨɛɟɫɩɟɱɢɬɶ ɞɨɫɬɭɩ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ ɞɥɹ ɫɥɭɠɚɳɢɯ ɞɪɭɝɨɣ ɤɨɦɩɚɧɢɢ. ɂɥɢ ɤɨɦɩɚɧɢɹ ɡɚɯɨɱɟɬ ɩɪɟɞɨɫɬɚɜɢɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ, ɢɦɟɸɳɢɦɫɹ ɜ ɫɟɬɢ ɤɨɦɩɚɧɢɢ, ɨɩɪɟɞɟɥɟɧɧɵɦ ɤɥɢɟɧɬɚɦ. ȼ ɷɬɢɯ ɫɰɟɧɚɪɢɹɯ ɫɩɢɫɨɤ ɥɸɞɟɣ, ɤɨɬɨɪɵɦ ɬɪɟɛɭɟɬɫɹ ɞɨɫɬɭɩ ɤ ɫɟɬɢ, ɦɨɠɟɬ ɛɵɬɶ ɨɱɟɧɶ ɞɥɢɧɧɵɦ, ɬɚɤ ɱɬɨ ɫɨɡɞɚɧɢɟ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɞɥɹ ɤɚɠɞɨɝɨ ɢɡ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɛɭɞɟɬ ɧɟɩɪɚɤɬɢɱɧɵɦ. ɂɧɮɪɚɫɬɪɭɤɬɭɪɚ ɨɬɤɪɵɬɵɯ ɤɥɸɱɟɣ (PKI - Public Key Infrastructure) ɫɬɚɥɚ ɨɫɧɨɜɧɵɦ ɫɪɟɞɫɬɜɨɦ ɞɥɹ ɪɟɲɟɧɢɹ ɩɪɨɛɥɟɦɵ ɩɪɟɞɨɫɬɚɜɥɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɫɟɬɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦ, ɧɟ ɢɦɟɸɳɢɦ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɋɢɫɬɟɦɚ PKI ɨɬɯɨɞɢɬ ɨɬ ɦɨɞɟɥɢ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɫ ɨɛɳɢɦ ɫɟɤɪɟɬɨɦ ɢ ɡɚɦɟɧɹɟɬ ɟɟ ɨɩɨɡɧɚɜɚɬɟɥɶɧɨɣ ɦɨɞɟɥɶɸ, ɨɫɧɨɜɚɧɧɨɣ ɧɚ ɫɟɪɬɢɮɢɤɚɬɟ. ȼ ɫɢɫɬɟɦɟ PKI ɩɨɥɶɡɨɜɚɬɟɥɢ ɚɭɬɟɧɬɢɮɢɰɢɪɭɸɬɫɹ ɧɚ ɨɫɧɨɜɚɧɢɢ ɬɨɝɨ ɮɚɤɬɚ, ɱɬɨ ɨɧɢ ɢɦɟɸɬ ɩɪɚɜɢɥɶɧɵɣ ɫɟɪɬɢɮɢɤɚɬ. ɋɢɫɬɟɦɚ PKI ɨɫɧɨɜɚɧɚ ɧɚ ɬɪɟɯ ɨɫɧɨɜɧɵɯ ɤɨɧɰɟɩɰɢɹɯ: ɨɬɤɪɵɬɵɟ (public) ɢ ɥɢɱɧɵɟ (private) ɤɥɸɱɢ, ɰɢɮɪɨɜɵɟ ɫɟɪɬɢɮɢɤɚɬɵ ɢ ɫɟɪɬɢɮɢɤɚɰɢɨɧɧɵɟ ɜɥɚɫɬɢ (ɋȺ - certificate authorities). PKI ɧɚɱɢɧɚɟɬɫɹ ɫ ɤɨɧɰɟɩɰɢɢ, ɫɨɝɥɚɫɧɨ ɤɨɬɨɪɨɣ ɤɚɠɞɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢɥɢ ɤɨɦɩɶɸɬɟɪ, ɜɨɜɥɟɱɟɧɧɵɣ ɜ ɢɧɮɨɪɦɚɰɢɨɧɧɵɣ ɨɛɦɟɧ, ɢɦɟɸɬ ɞɜɚ ɤɥɸɱɚ: ɥɢɱɧɵɣ ɤɥɸɱ ɢ ɨɬɤɪɵɬɵɣ ɤɥɸɱ. Ʌɢɱɧɵɣ ɤɥɸɱ ɢɡɜɟɫɬɟɧ ɬɨɥɶɤɨ ɨɞɧɨɦɭ ɩɨɥɶɡɨɜɚɬɟɥɸ. ȿɝɨ ɦɨɠɧɨ ɫɨɯɪɚɧɢɬɶ ɧɚ ɠɟɫɬɤɨɦ ɞɢɫɤɟ ɤɨɦɩɶɸɬɟɪɚ, ɤɚɤ ɱɚɫɬɶ ɪɨɭɦɢɧɝɨɜɨɝɨ (roaming) ɩɪɨɮɢɥɹ, ɢɥɢ ɧɚ ɭɫɬɪɨɣɫɬɜɟ ɬɢɩɚ ɫɦɚɪɬ-ɤɚɪɬɵ. Ɉɬɤɪɵɬɵɣ ɤɥɸɱ ɞɨɫɬɭɩɟɧ ɥɸɛɨɦɭ, ɤɬɨ ɟɝɨ ɩɨɩɪɨɫɢɬ. Ʌɢɱɧɵɟ ɢ ɨɬɤɪɵɬɵɟ ɤɥɸɱɢ ɫɜɹɡɚɧɵ, ɧɨ ɧɟɬ ɧɢɤɚɤɨɝɨ ɫɩɨɫɨɛɚ ɢɡɜɥɟɱɶ ɥɢɱɧɵɣ ɤɥɸɱ ɢɡ ɨɬɤɪɵɬɨɝɨ ɤɥɸɱɚ. ɗɬɢ ɤɥɸɱɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɪɚɡɥɢɱɧɵɦɢ ɫɩɨɫɨɛɚɦɢ. Ɉɞɢɧ ɢɡ ɫɩɨɫɨɛɨɜ ɫɨɫɬɨɢɬ ɜ ɲɢɮɪɨɜɤɟ ɢɧɮɨɪɦɚɰɢɢ ɩɪɢ ɩɟɪɟɫɵɥɤɟ ɟɟ ɩɨ ɫɟɬɢ. Ɉɬɤɪɵɬɵɣ ɤɥɸɱ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɲɢɮɪɨɜɤɢ ɫɨɨɛɳɟɧɢɹ. ɉɨɫɤɨɥɶɤɭ ɨɬɤɪɵɬɵɣ ɤɥɸɱ ɞɨɫɬɭɩɟɧ ɥɸɛɨɦɭ, ɤɬɨ ɟɝɨ ɡɚɩɪɨɫɢɬ, ɬɨ ɜɫɟ ɦɨɝɭɬ ɩɨɫɵɥɚɬɶ ɫɨɨɛɳɟɧɢɟ, ɡɚɲɢɮɪɨɜɚɧɧɨɟ ɫ ɩɨɦɨɳɶɸ ɨɬɤɪɵɬɨɝɨ ɤɥɸɱɚ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɉɞɧɚɤɨ, ɟɞɢɧɫɬɜɟɧɧɵɣ ɤɥɸɱ, ɫ ɩɨɦɨɳɶɸ ɤɨɬɨɪɨɝɨ ɦɨɠɧɨ ɪɚɫɲɢɮɪɨɜɚɬɶ ɫɨɨɛɳɟɧɢɟ, — ɷɬɨ ɥɢɱɧɵɣ ɤɥɸɱ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɉɧ ɹɜɥɹɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɵɦ ɱɟɥɨɜɟɤɨɦ, ɫɩɨɫɨɛɧɵɦ ɪɚɫɲɢɮɪɨɜɵɜɚɬɶ ɫɨɨɛɳɟɧɢɟ. Ʉɬɨ-ɬɨ ɞɪɭɝɨɣ, ɩɟɪɟɯɜɚɬɢɜɲɢɣ ɷɬɨɬ ɩɚɤɟɬ ɜ ɫɟɬɢ, ɧɟ ɢɦɟɟɬ ɩɪɚɜɢɥɶɧɨɝɨ ɥɢɱɧɨɝɨ ɤɥɸɱɚ ɢ ɧɟ ɫɦɨɠɟɬ ɩɪɨɱɢɬɚɬɶ ɫɨɨɛɳɟɧɢɟ. Ⱦɪɭɝɨɣ ɫɩɨɫɨɛ ɩɪɢɦɟɧɟɧɢɹ ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɰɢɮɪɨɜɨɣ ɩɨɞɩɢɫɢ ɢ ɩɟɱɚɬɢ ɞɥɹ ɫɨɨɛɳɟɧɢɣ, ɩɨɫɵɥɚɟɦɵɯ ɦɟɠɞɭ ɞɜɭɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ. ɐɢɮɪɨɜɚɹ ɩɨɞɩɢɫɶ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɝɚɪɚɧɬɢɢ ɩɨɞɥɢɧɧɨɫɬɢ ɨɬɩɪɚɜɢɬɟɥɹ ɫɨɨɛɳɟɧɢɹ ɢ ɰɟɥɨɫɬɧɨɫɬɢ ɫɨɨɛɳɟɧɢɹ. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɰɢɮɪɨɜɭɸ ɩɨɞɩɢɫɶ, ɜɫɟ ɫɨɨɛɳɟɧɢɟ ɩɨɞɜɟɪɝɚɟɬɫɹ ɦɚɬɟɦɚɬɢɱɟɫɤɨɦɭ ɯɷɲɢɪɨɜɚɧɢɸ. ɏɷɲ ɹɜɥɹɟɬɫɹ «ɫɜɟɪɬɤɨɣ ɫɨɨɛɳɟɧɢɹ», ɢɥɢ ɰɢɮɪɨɜɵɦ ɞɚɣɞɠɟɫɬɨɦ (digest), ɤɨɬɨɪɵɣ ɡɚɲɢɮɪɨɜɚɧ ɫ ɩɨɦɨɳɶɸ ɥɢɱɧɨɝɨ ɤɥɸɱɚ ɨɬɩɪɚɜɢɬɟɥɹ ɫɨɨɛɳɟɧɢɹ. Ɂɚɲɢɮɪɨɜɚɧɧɵɣ ɯɷɲ ɩɨɫɵɥɚɟɬɫɹ ɜɦɟɫɬɟ ɫ ɫɨɨɛɳɟɧɢɟɦ ɤɚɤ ɰɢɮɪɨɜɚɹ ɩɨɞɩɢɫɶ. Ʉɨɝɞɚ ɚɞɪɟɫɚɬ ɩɨɥɭɱɚɟɬ ɫɨɨɛɳɟɧɢɟ, ɤ ɧɟɦɭ ɩɪɢɦɟɧɹɟɬɫɹ ɬɨɬ ɠɟ ɫɚɦɵɣ ɯɷɲ, ɫɨɡɞɚɜɚɹ ɜɬɨɪɨɣ ɞɚɣɞɠɟɫɬ ɫɨɨɛɳɟɧɢɹ. Ɂɚɬɟɦ ɢɫɩɨɥɶɡɭɟɬɫɹ ɨɬɤɪɵɬɵɣ ɤɥɸɱ ɨɬɩɪɚɜɢɬɟɥɹ ɞɥɹ ɪɚɫɲɢɮɪɨɜɤɢ ɰɢɮɪɨɜɨɣ ɩɨɞɩɢɫɢ. ȿɫɥɢ ɞɚɣɞɠɟɫɬ ɫɨɨɛɳɟɧɢɹ ɩɨɥɭɱɚɬɟɥɹ ɢɞɟɧɬɢɱɟɧ ɪɚɫɲɢɮɪɨɜɚɧɧɨɣ ɩɨɞɩɢɫɢ, ɬɨ ɰɟɥɨɫɬɧɨɫɬɶ ɢ ɩɨɞɥɢɧɧɨɫɬɶ ɫɨɨɛɳɟɧɢɹ ɩɨɞɬɜɟɪɠɞɟɧɵ.
ȼɬɨɪɨɣ ɤɨɦɩɨɧɟɧɬ PKI — ɰɢɮɪɨɜɨɣ ɫɟɪɬɢɮɢɤɚɬ. ɐɟɥɶ ɩɪɢɦɟɧɟɧɢɹ ɫɟɪɬɢɮɢɤɚɬɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɬɶ ɜɥɚɞɟɥɶɰɚ ɫɟɪɬɢɮɢɤɚɬɚ. Ʉɨɝɞɚ ɱɟɥɨɜɟɤ ɢɥɢ ɤɨɦɩɚɧɢɹ ɨɛɪɚɳɚɸɬɫɹ ɤ ɫɟɪɬɢɮɢɤɚɰɢɨɧɧɵɦ ɜɥɚɫɬɹɦ (ɋȺ) ɞɥɹ ɩɨɥɭɱɟɧɢɹ ɫɟɪɬɢɮɢɤɚɬɚ, ɋȺ-ɜɥɚɫɬɢ ɩɨɞɬɜɟɪɠɞɚɸɬ ɩɨɞɥɢɧɧɨɫɬɶ ɱɟɥɨɜɟɤɚ ɢɥɢ ɤɨɦɩɚɧɢɢ, ɡɚɩɪɚɲɢɜɚɸɳɟɣ ɫɟɪɬɢɮɢɤɚɬ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɸ ɩɪɟɞɨɫɬɚɜɥɹɟɬɫɹ ɫɟɪɬɢɮɢɤɚɬ, ɨɧ ɩɨɥɭɱɚɟɬ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɨɬɤɪɵɬɵɣ ɤɥɸɱ, ɚ ɬɚɤɠɟ ɥɢɱɧɵɣ ɤɥɸɱ ɞɥɹ ɫɟɪɬɢɮɢɤɚɬɚ. ɋɟɪɬɢɮɢɤɚɬ ɩɨɞɩɢɫɚɧ ɫɟɪɬɢɮɢɤɚɰɢɨɧɧɵɦɢ ɜɥɚɫɬɹɦɢ ɫ ɩɨɦɨɳɶɸ ɰɢɮɪɨɜɨɣ ɩɨɞɩɢɫɢ, ɞɨɛɚɜɥɹɹ ɤ ɫɟɪɬɢɮɢɤɚɬɭ ɲɬɚɦɩ ɩɨɞɥɢɧɧɨɫɬɢ ɋȺ-ɜɥɚɫɬɟɣ. Ɍɟɤɭɳɢɣ ɫɬɚɧɞɚɪɬ ɞɥɹ ɫɟɪɬɢɮɢɤɚɬɨɜ -ɏ.509 v3. ɋɟɪɬɢɮɢɤɚɬ ɜɤɥɸɱɚɟɬ ɢɧɮɨɪɦɚɰɢɸ ɨ ɱɟɥɨɜɟɤɟ, ɤɨɦɩɶɸɬɟɪɟ ɢɥɢ ɫɥɭɠɛɟ, ɞɥɹ ɤɨɬɨɪɵɯ ɨɧ ɛɵɥ ɜɵɩɭɳɟɧ, ɢɧɮɨɪɦɚɰɢɸ ɨ ɫɚɦɨɦ ɫɟɪɬɢɮɢɤɚɬɟ (ɞɚɬɚ ɢɫɬɟɱɟɧɢɹ ɫɪɨɤɚ ɝɨɞɧɨɫɬɢ) ɢ ɢɧɮɨɪɦɚɰɢɸ ɨɛ ɋȺ-ɜɥɚɫɬɹɯ, ɜɵɩɭɫɬɢɜɲɢɯ ɞɚɧɧɵɣ ɫɟɪɬɢɮɢɤɚɬ. ɋɟɪɬɢɮɢɤɚɬɵ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ PKI, ɜɵɩɭɫɤɚɸɬɫɹ ɜɥɚɫɬɹɦɢ ɋȺ, ɤɨɬɨɪɵɟ ɹɜɥɹɸɬɫɹ ɫɟɬɟɜɵɦɢ ɫɟɪɜɟɪɚɦɢ, ɭɩɪɚɜɥɹɸɳɢɦɢ ɩɪɟɞɨɫɬɚɜɥɟɧɢɟɦ ɢ ɨɬɦɟɧɨɣ ɭɞɨɫɬɨɜɟɪɟɧɢɣ. ɂɡ-ɡɚ ɜɚɠɧɨɫɬɢ PKI ɞɥɹ ɢɧɬɟɪɧɟɬɚ ɜ ɧɚɫɬɨɹɳɟɟ ɜɪɟɦɹ ɞɨɫɬɭɩɧɨ ɦɧɨɠɟɫɬɜɨ ɋȺ-ɜɥɚɫɬɟɣ, ɜɤɥɸɱɚɹ ɩɨɩɭɥɹɪɧɵɟ ɤɨɦɦɟɪɱɟɫɤɢɟ ɋȺ ɬɢɩɚ Verisign ɢ Thawte. Ȼɨɥɶɲɢɧɫɬɜɨ ɢɧɬɟɪɧɟɬ-ɤɥɢɟɧɬɨɜ, ɬɚɤɢɯ ɤɚɤ Microsoft Internet Explorer, ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɞɨɜɟɪɹɬɶ ɭɞɨɫɬɨɜɟɪɟɧɢɹɦ, ɜɵɩɭɳɟɧɧɵɦ ɤɨɦɦɟɪɱɟɫɤɢɦɢ ɜɥɚɫɬɹɦɢ ɋ Ⱥ. ȼɵ ɦɨɠɟɬɟ ɭɫɬɚɧɨɜɢɬɶ ɫɜɨɢ ɫɨɛɫɬɜɟɧɧɵɟ ɋȺ-ɜɥɚ-ɫɬɢ, ɢɫɩɨɥɶɡɭɹ Windows Server 2003. ɋɟɪɬɢɮɢɤɚɰɢɨɧɧɚɹ ɫɥɭɠɛɚ, ɩɨɫɬɚɜɥɹɟɦɚɹ ɫ Windows Server 2003, ɹɜɥɹɟɬɫɹ ɋȺ-ɜɥɚɫɬɶɸ ɫ ɩɨɥɧɨɣ ɮɭɧɤɰɢɨɧɚɥɶɧɨɫɬɶɸ, ɤɨɬɨɪɚɹ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɜɵɞɚɱɢ ɭɞɨɫɬɨɜɟɪɟɧɢɣ ɥɸɞɹɦ, ɪɚɛɨɬɚɸɳɢɦ ɜ ɩɪɟɞɟɥɚɯ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ, ɩɪɟɞɫɬɚɜɥɹɸɳɢɦ ɨɪɝɚɧɢɡɚɰɢɢ ɩɚɪɬɧɟɪɚ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. ɉɥɚɧɢɪɨɜɚɧɢɟ ɢ ɪɚɡɜɟɪɬɵɜɚɧɢɟ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ PKI ɬɪɟɛɭɟɬ ɡɧɚɱɢɬɟɥɶɧɵɯ ɭɫɢɥɢɣ. Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɨɩɰɢɸ ɞɥɹ ɫɨɡɞɚɧɢɹ PKI ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɋȺ-ɜɥɚɫɬɟɣ ɩɪɟɞɩɪɢɹɬɢɹ, ɢɧɬɟɝɪɢɪɨɜɚɧɧɵɯ ɜ Active Directory. Ɋɚɡɜɟɪɬɵɜɚɹ ɋȺ-ɜɥɚɫɬɢ ɩɪɟɞɩɪɢɹɬɢɹ, ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɨɥɢɬɢɤɢ ɞɥɹ ɚɜɬɨɦɚɬɢɡɚɰɢɢ ɛɨɥɶɲɢɧɫɬɜɚ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɭɫɢɥɢɣ, ɫɜɹɡɚɧɧɵɯ ɫ ɜɵɞɚɱɟɣ ɢ ɜɨɡɨɛɧɨɜɥɟɧɢɟɦ ɭɞɨɫɬɨɜɟɪɟɧɢɣ. ȼɟɛ-ɫɚɣɬ ɤɨɦɩɚɧɢɢ Microsoft ɢ Help And Support Center (ɐɟɧɬɪ ɫɩɪɚɜɤɢ ɢ ɩɨɞɞɟɪɠɤɢ) ɜ Windows Server 2003 ɫɨɞɟɪɠɚɬ ɞɟɬɚɥɶɧɭɸ ɢɧɮɨɪɦɚɰɢɸ, ɧɟɨɛɯɨɞɢɦɭɸ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ PKI. Ɉɞɧɚ ɢɡ ɝɥɚɜɧɵɯ ɩɪɢɱɢɧ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɫɟɪɬɢɮɢɤɚɬɨɜ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɩɨɡɜɨɥɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹɦ, ɧɟ ɢɦɟɸɳɢɦ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɜ Active Directory, ɩɨɥɭɱɚɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɜ ɫɟɬɢ Windows Server 2003. ɇɚɩɪɢɦɟɪ, ɜɵ ɡɚɯɨɬɢɬɟ ɭɫɬɚɧɨɜɢɬɶ ɛɟɡɨɩɚɫɧɵɣ ɜɟɛ-ɫɚɣɬ, ɱɬɨɛɵ ɩɚɪɬɧɟɪɫɤɢɟ ɨɪɝɚɧɢɡɚɰɢɢ ɢɥɢ ɤɥɢɟɧɬɵ ɦɨɝɥɢ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɧɟɤɨɬɨɪɨɣ ɤɨɧɮɢɞɟɧɰɢɚɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ, ɤɚɫɚɸɳɟɣɫɹ ɜɚɲɟɣ ɫɟɬɢ. Ɉɞɧɚɤɨ ɜ Windows Server 2003 ɪɚɡɪɟɲɟɧɢɟ ɧɚ ɞɨɫɬɭɩ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ ɦɨɠɧɨ ɩɪɟɞɨɫɬɚɜɥɹɬɶ ɬɨɥɶɤɨ ɭɱɚɫɬɧɢɤɚɦ ɛɟɡɨɩɚɫɧɨɫɬɢ. ɇɟɬ ɧɢɤɚɤɨɣ ɨɩɰɢɢ, ɩɨɡɜɨɥɹɸɳɟɣ ɧɚɡɧɚɱɢɬɶ ɪɚɡɪɟɲɟɧɢɹ, ɨɫɧɨɜɵɜɚɹɫɶ ɢɫɤɥɸɱɢɬɟɥɶɧɨ ɧɚ ɫɟɪɬɢɮɢɤɚɬɚɯ. ȼɵ ɦɨɠɟɬɟ ɩɪɟɞɨɫɬɚɜɢɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɢɦɟɸɳɢɯ ɭɞɨɫɬɨɜɟɪɟɧɢɹ ɢ ɧɟ ɢɦɟɸɳɢɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ Active Directory, ɩɭɬɟɦ ɨɬɨɛɪɚɠɟɧɢɹ ɫɟɪɬɢɮɢɤɚɬɚ ɧɚ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ. Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɞɜɚ ɪɚɡɥɢɱɧɵɯ ɫɩɨɫɨɛɚ ɨɬɨɛɪɚɠɟɧɢɹ ɫɟɪɬɢɮɢɤɚɬɚ ɧɚ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ. • Ɉɞɧɨɡɧɚɱɧɨɟ ɨɬɨɛɪɚɠɟɧɢɟ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɨɞɢɧ ɫɟɪɬɢɮɢɤɚɬ ɨɬɨɛɪɚɠɚɟɬɫɹ ɧɚ ɨɞɧɭ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ Windows Server 2003. ɉɪɢ ɨɞɧɨɡɧɚɱɧɨɦ ɨɬɨɛɪɚɠɟɧɢɢ ɜɵ ɞɨɥɠɧɵ ɧɚɡɧɚɱɢɬɶ ɫɟɪɬɢɮɢɤɚɬ ɢ ɫɨɡɞɚɬɶ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɞɥɹ ɤɚɠɞɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɗɬɨ ɦɨɠɟɬ ɛɵɬɶ ɯɨɪɨɲɢɦ ɪɟɲɟɧɢɟɦ, ɟɫɥɢ ɜɵ ɯɨɬɢɬɟ ɞɚɬɶ ɞɨɫɬɭɩ ɭɞɚɥɟɧɧɵɦ ɫɥɭɠɚɳɢɦ ɤɨɦɩɚɧɢɢ ɤ ɛɟɡɨɩɚɫɧɵɦ ɪɟɫɭɪɫɚɦ ɱɟɪɟɡ ɛɟɡɨɩɚɫɧɵɣ ɜɟɛ-ɫɚɣɬ. ɗɬɨ ɧɟ ɭɩɪɨɳɚɟɬ ɜɚɲɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ, ɬɟɦ ɧɟ ɦɟɧɟɟ, ɫ ɩɨɦɨɳɶɸ ɨɞɧɨɡɧɚɱɧɨɝɨ ɨɬɨɛɪɚɠɟɧɢɹ ɢɦɟɧ ɦɨɠɧɨ ɭɩɪɚɜɥɹɬɶ ɭɪɨɜɧɟɦ ɞɨɫɬɭɩɚ ɤɚɠɞɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ. • Ɇɧɨɝɨɡɧɚɱɧɨɟ ɨɬɨɛɪɚɠɟɧɢɟ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɧɟɫɤɨɥɶɤɨ ɫɟɪɬɢɮɢɤɚɬɨɜ ɨɬɨɛɪɚɠɚɸɬɫɹ ɧɚ ɨɞɧɨ ɢɦɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ Active Directory. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ ɩɚɪɬɧɟɪɫɤɢɟ ɨɬɧɨɲɟɧɢɹ ɫ ɞɪɭɝɨɣ ɤɨɦɩɚɧɢɟɣ, ɢ ɫɥɭɠɚɳɢɦ ɤɨɦɩɚɧɢɢ ɧɭɠɟɧ ɞɨɫɬɭɩ ɤ ɛɟɡɨɩɚɫɧɨɦɭ ɜɟɛɫɚɣɬɭ, ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɨɞɧɭ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɂɚɬɟɦ ɜɵ ɦɨɠɟɬɟ ɫ ɷɬɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ ɫɜɹɡɚɬɶ ɬɚɤɨɟ ɤɨɥɢɱɟɫɬɜɨ ɫɟɪɬɢɮɢɤɚɬɨɜ, ɤɚɤɨɟ ɡɚɯɨɬɢɬɟ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɬɚ ɤɨɦɩɚɧɢɹ ɢɦɟɟɬ ɫɜɨɸ ɫɨɛɫɬɜɟɧɧɭɸ ɜɥɚɫɬɶ ɋȺ, ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɩɪɚɜɢɥɨ, ɩɨ ɤɨɬɨɪɨɦɭ ɜɫɟ ɜɵɞɚɧɧɵɟ ɟɸ ɭɞɨɫɬɨɜɟɪɟɧɢɹ ɛɭɞɭɬ ɨɬɨɛɪɚɠɚɬɶɫɹ ɧɚ ɨɞɧɭ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɜɚɲɟɦ ɞɨɦɟɧɟ. Ɂɚɬɟɦ, ɢɫɩɨɥɶɡɭɹ ɷɬɭ ɡɚɩɢɫɶ, ɜɵ ɫɦɨɠɟɬɟ ɧɚɡɧɚɱɚɬɶ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɫɟɬɟɜɵɟ ɪɟɫɭɪɫɵ.
С . Active Directory Users And Computers Microsoft. Active Directory Users And Computers ( ^, .
(IIS) Name Mappings
-
ɋɦɚɪɬ-ɤɚɪɬɵ ɨɛɟɫɩɟɱɢɜɚɸɬ ɞɪɭɝɨɣ ɫɩɨɫɨɛ ɨɛɴɟɞɢɧɟɧɢɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ PKI ɫ ɚɭɬɟɧɬɢɮɢɤɚɰɢɟɣ ɩɨ ɩɪɨɬɨɤɨɥɭ Kerberos. Ʉɨɝɞɚ Kerberos ɢɫɩɨɥɶɡɭɟɬɫɹ ɛɟɡ PKI, ɨɛɳɢɣ ɫɟɤɪɟɬ ɦɟɠɞɭ ɤɥɢɟɧɬɨɦ ɢ ɫɥɭɠɛɨɣ KDC ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɲɢɮɪɨɜɚɧɢɹ ɨɛɦɟɧɚ ɢɧɮɨɪɦɚɰɢɟɣ ɫ ɨɩɨɡɧɚɜɚɬɟɥɶɧɨɣ ɫɥɭɠɛɨɣ ɩɪɢ ɧɚɱɚɥɶɧɨɦ ɜɯɨɞɟ ɜ ɫɢɫɬɟɦɭ. ɗɬɨɬ ɤɥɸɱ ɩɨɥɭɱɟɧ ɢɡ ɩɚɪɨɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɬɨɬ ɠɟ ɫɚɦɵɣ ɤɥɸɱ ɢɫɩɨɥɶɡɭɟɬɫɹ ɩɪɢ ɲɢɮɪɨɜɚɧɢɢ ɢ ɪɚɫɲɢɮɪɨɜɤɢ ɢɧɮɨɪɦɚɰɢɢ. ɋɦɚɪɬ-ɤɚɪɬɵ ɢɫɩɨɥɶɡɭɸɬ ɦɨɞɟɥɶ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ PKI, ɜ ɤɨɬɨɪɨɣ ɢ ɨɬɤɪɵɬɵɣ, ɢ ɥɢɱɧɵɣ ɤɥɸɱɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɲɢɮɪɨɜɚɧɢɹ ɢ ɪɚɫɲɢɮɪɨɜɤɢ ɢɧɮɨɪɦɚɰɢɢ, ɤɚɫɚɸɳɟɣɫɹ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. ɋɦɚɪɬ-ɤɚɪɬɚ ɫɨɞɟɪɠɢɬ ɨɬɤɪɵɬɵɣ ɢ ɥɢɱɧɵɣ ɤɥɸɱɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɩɥɸɫ ɫɟɪɬɢɮɢɤɚɬ ɏ.509 v3. ȼɫɟ ɷɬɨ ɩɪɢɦɟɧɹɟɬɫɹ ɩɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɩɨɥɶɡɨɜɚɬɟɥɟɦ ɫɦɚɪɬ-ɤɚɪɬɵ ɞɥɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɜ Active Directory. ɉɪɨɰɟɫɫ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɧɚɱɢɧɚɟɬɫɹ ɜ ɬɨɬ ɦɨɦɟɧɬ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɫɬɚɜɥɹɟɬ ɫɦɚɪɬɤɚɪɬɭ ɜ ɭɫɬɪɨɣɫɬɜɨ ɱɬɟɧɢɹ ɫɦɚɪɬ-ɤɚɪɬ ɢ ɜɜɨɞɢɬ ɫɜɨɣ ɥɢɱɧɵɣ ɢɞɟɧɬɢɮɢɤɚɰɢɨɧɧɵɣ ɧɨɦɟɪ (PIN — personal identification number). ɗɬɨ ɢɧɬɟɪɩɪɟɬɢɪɭɟɬɫɹ ɜɥɚɫɬɹɦɢ LSA ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɤɚɤ ɩɨɫɥɟɞɨɜɚɬɟɥɶɧɨɫɬɶ Ctrl+Alt+Del, ɢ ɩɪɨɰɟɫɫ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɧɚɱɢɧɚɟɬɫɹ. ɇɨɦɟɪ PIN ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɱɬɟɧɢɹ ɫɟɪɬɢɮɢɤɚɬɚ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢ ɨɬɤɪɵɬɨɝɨ ɢ ɥɢɱɧɨɝɨ ɤɥɸɱɟɣ ɫɨ ɫɦɚɪɬ-ɤɚɪɬɵ. Ɂɚɬɟɦ ɤɥɢɟɧɬ ɩɨɫɵɥɚɟɬ ɨɛɵɱɧɵɣ TGT-ɡɚɩɪɨɫ ɤ ɫɥɭɠɛɟ KDC. ȼɦɟɫɬɨ ɩɨɫɵɥɤɢ ɞɚɧɧɵɯ ɩɪɟɞɜɚɪɢɬɟɥɶɧɨɣ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ (ɜɪɟɦɟɧɧɚɹ ɦɟɬɤɚ), ɡɚɲɢɮɪɨɜɚɧɧɵɯ ɫ ɩɨɦɨɳɶɸ ɫɟɤɪɟɬɧɨɝɨ ɤɥɸɱɚ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɩɨɥɭɱɟɧɧɨɝɨ ɢɡ ɩɚɪɨɥɹ, ɤɥɢɟɧɬ ɩɨɫɵɥɚɟɬ ɫɥɭɠɛɟ KDC ɨɬɤɪɵɬɵɣ ɤɥɸɱ ɢ ɫɟɪɬɢɮɢɤɚɬ. Ɂɚɩɪɨɫ TGT ɜɫɟ ɟɳɟ ɜɤɥɸɱɚɟɬ ɜ ɫɟɛɹ ɞɚɧɧɵɟ ɩɪɟɞɜɚɪɢɬɟɥɶɧɨɣ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ, ɧɨ ɨɧ ɩɨɞɩɢɫɚɧ ɫ ɩɨɦɨɳɶɸ ɥɢɱɧɨɝɨ ɤɥɸɱɚ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ʉɨɝɞɚ ɫɨɨɛɳɟɧɢɟ ɞɨɫɬɢɝɚɟɬ ɫɥɭɠɛɵ KDC, ɨɧɚ ɩɪɨɜɟɪɹɟɬ ɫɟɪɬɢɮɢɤɚɬ ɤɥɢɟɧɬɚ, ɱɬɨɛɵ ɭɛɟɞɢɬɶɫɹ ɜ ɟɝɨ ɩɪɚɜɢɥɶɧɨɫɬɢ ɢ ɜ ɬɨɦ, ɱɬɨ ɋȺ-ɜɥɚɫɬɢ, ɜɵɞɚɜɲɢɟ ɫɟɪɬɢɮɢɤɚɬ, ɹɜɥɹɸɬɫɹ ɞɨɜɟɪɟɧɧɵɦɢ ɜɥɚɫɬɹɦɢ. ɋɥɭɠɛɚ KDC ɩɪɨɜɟɪɹɟɬ ɬɚɤɠɟ ɰɢɮɪɨɜɭɸ ɩɨɞɩɢɫɶ ɞɚɧɧɵɯ ɩɪɟɞɜɚɪɢɬɟɥɶɧɨɣ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ, ɱɬɨɛɵ ɝɚɪɚɧɬɢɪɨɜɚɬɶ ɩɨɞɥɢɧɧɨɫɬɶ ɨɬɩɪɚɜɢɬɟɥɹ ɫɨɨɛɳɟɧɢɹ ɢ ɰɟɥɨɫɬɧɨɫɬɶ ɫɨɨɛɳɟɧɢɹ. ȿɫɥɢ ɨɛɟ ɷɬɢ ɩɪɨɜɟɪɤɢ ɞɚɸɬ ɩɨɥɨɠɢɬɟɥɶɧɵɣ ɪɟɡɭɥɶɬɚɬ, ɫɥɭɠɛɚ KDC ɢɫɩɨɥɶɡɭɟɬ ɨɫɧɨɜɧɨɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɟ ɢɦɹ (UPN), ɜɤɥɸɱɟɧɧɨɟ ɜ ɫɟɪɬɢɮɢɤɚɬ ɤɥɢɟɧɬɚ, ɱɬɨɛɵ ɢɫɤɚɬɶ ɢɦɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɜ Active Directory. ȿɫɥɢ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɩɪɚɜɢɥɶɧɚ, ɬɨ ɫɥɭɠɛɚ KDC ɩɨɞɬɜɟɪɠɞɚɟɬ ɩɨɞɥɢɧɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢ ɩɨɫɵɥɚɟɬ ɜ ɨɬɜɟɬ ɤɥɢɟɧɬɭ ɛɢɥɟɬ TGT, ɜɤɥɸɱɚɸɳɢɣ ɤɥɸɱ ɫɟɚɧɫɚ. Ʉɥɸɱ ɫɟɚɧɫɚ ɡɚɲɢɮɪɨɜɚɧ ɫ ɩɨɦɨɳɶɸ ɨɬɤɪɵɬɨɝɨ ɤɥɸɱɚ ɤɥɢɟɧɬɚ, ɢ ɤɥɢɟɧɬ ɢɫɩɨɥɶɡɭɟɬ ɫɜɨɣ ɥɢɱɧɵɣ ɤɥɸɱ ɞɥɹ ɪɚɫɲɢɮɪɨɜɤɢ ɢɧɮɨɪɦɚɰɢɢ. Ɂɚɬɟɦ ɷɬɨɬ ɤɥɸɱ ɫɟɚɧɫɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɜɫɟɯ ɩɨɞɤɥɸɱɟɧɢɣ ɤ ɫɥɭɠɛɟ KDC. . . , . , , . , . , .
Kerberos
ɉɨɫɤɨɥɶɤɭ ɜ ɨɫɧɨɜɟ ɩɪɨɬɨɤɨɥɚ Kerberos ɥɟɠɢɬ ɨɬɤɪɵɬɵɣ ɫɬɚɧɞɚɪɬ, ɨɧ ɨɛɟɫɩɟɱɢɜɚɟɬ ɩɪɟɜɨɫɯɨɞɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ ɞɥɹ ɜɡɚɢɦɨɞɟɣɫɬɜɢɹ ɫ ɞɪɭɝɢɦɢ ɫɢɫɬɟɦɚɦɢ, ɨɫɧɨɜɚɧɧɵɦɢ ɧɚ ɩɪɨɬɨɤɨɥɟ Kerberos. Ʌɸɛɨɣ ɢɡ ɤɨɦɩɨɧɟɧɬɨɜ, ɤɨɬɨɪɵɣ ɹɜɥɹɸɬɫɹ ɱɚɫɬɶɸ ɪɟɚɥɢɡɚɰɢɢ ɩɪɨɬɨɤɨɥɚ Kerberos Windows Server 2003, ɦɨɠɟɬ ɛɵɬɶ ɡɚɦɟɧɟɧ ɷɤɜɢɜɚɥɟɧɬɧɵɦ ɷɥɟɦɟɧɬɨɦ, ɧɟ ɩɪɢɧɚɞɥɟɠɚɳɢɦ ɫɢɫɬɟɦɟ Windows. ɗɬɢ ɬɪɢ ɤɨɦɩɨɧɟɧɬɚ ɫɥɟɞɭɸɳɢɟ: • ɤɥɢɟɧɬ Kerberos; • ɰɟɧɬɪ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɤɥɸɱɟɣ Kerberos;
• ɫɟɬɟɜɨɣ ɪɟɫɭɪɫ, ɢɫɩɨɥɶɡɭɸɳɢɣ ɩɪɨɬɨɤɨɥ Kerberos ɞɥɹ ɪɚɡɪɟɲɟɧɢɣ. ɂɦɟɸɬɫɹ ɱɟɬɵɪɟ ɜɨɡɦɨɠɧɵɯ ɫɰɟɧɚɪɢɹ ɜɡɚɢɦɨɞɟɣɫɬɜɢɹ. • Ʉɥɢɟɧɬɵ Windows 2000 ɢɥɢ Windows XP Professional ɦɨɝɭɬ ɜɯɨɞɢɬɶ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ Windows Server 2003 ɢ ɢɦɟɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɧɚ Windows Server 2003 ɢɥɢ ɧɚ ɞɪɭɝɢɯ ɫɥɭɠɛɚɯ, ɜ ɨɫɧɨɜɟ ɤɨɬɨɪɵɯ ɧɚɯɨɞɢɬɫɹ ɩɪɨɬɨɤɨɥ Kerberos. • Ʉɥɢɟɧɬɵ Windows 2000 ɢɥɢ Windows XP Professional ɦɨɝɭɬ ɜɯɨɞɢɬɶ ɧɚ KDC-ɰɟɧɬɪɵ, ɧɟ ɩɪɢɧɚɞɥɟɠɚɳɢɟ Windows-ɩɥɚɬɮɨɪɦɟ, ɢ ɢɦɟɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɧɚ Windows Server 2003 ɢɥɢ ɧɚ ɞɪɭɝɢɯ ɫɥɭɠɛɚɯ, ɜ ɨɫɧɨɜɟ ɤɨɬɨɪɵɯ ɧɚɯɨɞɢɬɫɹ ɩɪɨɬɨɤɨɥ Kerberos. • Ʉɥɢɟɧɬɵ Kerberos, ɧɟ ɩɪɢɧɚɞɥɟɠɚɳɢɟ Windows-ɩɥɚɬɮɨɪɦɟ, ɦɨɝɭɬ ɜɯɨɞɢɬɶ ɧɚ KDC-ɰɟɧɬɪɵ Windows Server 2003 ɢ ɢɦɟɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɧɚ Windows Server 2003 ɢɥɢ ɧɚ ɞɪɭɝɢɯ ɫɥɭɠɛɚɯ, ɜ ɨɫɧɨɜɟ ɤɨɬɨɪɵɯ ɧɚɯɨɞɢɬɫɹ ɩɪɨɬɨɤɨɥ Kerberos. • Ʉɥɢɟɧɬɵ Kerberos, ɧɟ ɩɪɢɧɚɞɥɟɠɚɳɢɟ Windows-ɩɥɚɬɮɨɪɦɟ, ɦɨɝɭɬ ɜɡɚɢɦɨɞɟɣɫɬɜɨɜɚɬɶ ɫ ɪɟɚɥɢɡɚɰɢɹɦɢ Kerberos, ɧɟ ɩɪɢɧɚɞɥɟɠɚɳɢɦɢ Windows-ɩɥɚɬɮɨɪɦɟ, ɢ ɢɦɟɬɶ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɧɚ Windows Server 2003 ɢɥɢ ɧɚ ɞɪɭɝɢɯ ɫɥɭɠɛɚɯ, ɜ ɨɫɧɨɜɟ ɤɨɬɨɪɵɯ ɧɚɯɨɞɢɬɫɹ ɩɪɨɬɨɤɨɥ Kerberos. Windows Server 2003 ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɞɥɹ ɭɱɚɫɬɢɹ ɜ ɥɸɛɨɦ ɢɡ ɷɬɢɯ ɫɰɟɧɚɪɢɟɜ. ɋɚɦɵɣ ɥɟɝɤɢɣ ɜɚɪɢɚɧɬ — ɷɬɨ ɨɞɧɨɪɨɞɧɨɟ ɪɟɲɟɧɢɟ, ɜ ɤɨɬɨɪɨɦ ɜɫɹ ɫɪɟɞɚ ɨɫɧɨɜɚɧɚ ɢɥɢ ɧɚ Kerberos Windows Server 2003, ɢɥɢ ɧɚ ɪɟɚɥɢɡɚɰɢɢ Kerberos, ɧɟ ɩɪɢɧɚɞɥɟɠɚɳɟɣ Windows-ɩɥɚɬɮɨɪɦɟ. Ɉɞɧɚɤɨ ɪɟɚɥɢɡɚɰɢɹ Kerberos Windows Server 2003 ɩɨɡɜɨɥɹɟɬ ɥɟɝɤɨ ɜɡɚɢɦɨɞɟɣɫɬɜɨɜɚɬɶ ɫ ɞɪɭɝɢɦɢ ɪɟɚɥɢɡɚɰɢɹɦɢ Kerberos. Ⱦɥɹ ɷɬɨɝɨ ɧɭɠɧɨ ɫɨɡɞɚɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɨɛɥɚɫɬɹɦɢ ɞɨɦɟɧɚ Windows Server 2003 ɢ ɨɛɥɚɫɬɶɸ Kerberos, ɧɟ ɩɪɢɧɚɞɥɟɠɚɳɟɣ Windows-ɩɥɚɬɮɨɪɦɟ. Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɫɮɟɪɵ ɦɨɝɭɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɤɚɤ ɬɪɚɧɡɢɬɢɜɧɵɟ ɢɥɢ ɧɟɬɪɚɧɡɢɬɢɜɧɵɟ, ɚ ɬɚɤ ɠɟ ɤɚɤ ɨɞɧɨɫɬɨɪɨɧɧɢɟ ɢɥɢ ɞɜɭɯɫɬɨɪɨɧɧɢɟ. ɑɬɨɛɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɫ ɞɪɭɝɨɣ ɨɛɥɚɫɬɶɸ, ɨɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Domains And Trusts (Ⱦɨɦɟɧɵ ɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ Active Directory) ɢ ɩɟɪɟɣɞɢɬɟ ɜ ɨɤɧɨ Properties (ɋɜɨɣɫɬɜɚ) ɬɨɝɨ ɞɨɦɟɧɚ, ɜ ɤɨɬɨɪɨɦ ɜɵ ɯɨɬɢɬɟ ɫɨɡɞɚɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ. ɇɚ ɜɤɥɚɞɤɟ Trusts (Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ) ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ New Trust, ɡɚɩɭɫɬɢɜ New Trust Wizard. ɋ ɩɨɦɨɳɶɸ ɦɚɫɬɟɪɚ ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɫɨ ɫɬɨɪɨɧɵ Windows Server 2003 ɫ ɞɪɭɝɨɣ ɨɛɥɚɫɬɶɸ Kerberos. ɇɚ ɪɢɫɭɧɤɟ 8-8 ɩɨɤɚɡɚɧɨ ɨɤɧɨ Properties ɞɨɜɟɪɢɬɟɥɶɧɨɝɨ ɨɬɧɨɲɟɧɢɹ ɨɛɥɚɫɬɢ ɩɨɫɥɟ ɟɝɨ ɫɨɡɞɚɧɢɹ.
. 8-8.
Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. Microsoft ɨɛɟɫɩɟɱɢɜɚɟɬ ɩɨɲɚɝɨɜɨɟ ɪɭɤɨɜɨɞɫɬɜɨ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ Kerberos ɦɟɠɞɭ ɨɛɥɚɫɬɹɦɢ. ɗɬɨ ɪɭɤɨɜɨɞɫɬɜɨ, ɨɡɚɝɥɚɜɥɟɧɧɨɟ ɤɚɤ «Step-by-Step Guide to Kerberos 5 (krb5 1.0) Interoperability» ɞɨɫɬɭɩɧɨ ɧɚ ɜɟɛ-ɫɚɣɬɟ Microsoft ɩɨ ɚɞɪɟɫɭ http:// www.microsoft.com/technet/prodtechnol/windows2000serv/ howto/kerbstep.asp.
NTLM
ȼɬɨɪɨɣ ɜɚɪɢɚɧɬ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ Windows Server 2003 ɞɨɥɠɟɧ ɢɫɩɨɥɶɡɨɜɚɬɶ NTLM-ɚɭɬɟɧɬɢɮɢɤɚɰɢɸ. Ɉɧɚ ɩɨɞɞɟɪɠɢɜɚɟɬɫɹ ɞɥɹ ɫɨɜɦɟɫɬɢɦɨɫɬɢ ɫ ɤɥɢɟɧɬɫɤɢɦɢ ɤɨɦɩɶɸɬɟɪɚɦɢ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɸɬɫɹ ɫɢɫɬɟɦɵ Windows NT 4, Windows 95 ɢ Windows 98. ɗɬɨɬ ɩɪɨɬɨɤɨɥ ɢɫɩɨɥɶɡɭɟɬɫɹ ɜ ɫɥɟɞɭɸɳɢɯ ɫɢɬɭɚɰɢɹɯ.
•
Ʉɨɝɞɚ ɤɨɦɩɶɸɬɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɸɬɫɹ ɫɢɫɬɟɦɵ Windows 95, Windows 98 ɢɥɢ Windows NT, ɩɨɞɬɜɟɪɠɞɚɟɬ ɫɜɨɸ ɩɨɞɥɢɧɧɨɫɬɶ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ Windows Server 2003. ɇɚ ɤɨɦɩɶɸɬɟɪɚɯ ɫ ɫɢɫɬɟɦɚɦɢ Windows 95 ɢ Windows 98 ɞɨɥɠɧɚ ɛɵɬɶ ɭɫɬɚɧɨɜɥɟɧɚ ɫɥɭɠɛɚ Directory Services Client, ɢɥɢ ɷɬɢ ɨɩɟɪɚɰɢɨɧɧɵɟ ɫɢɫɬɟɦɵ ɫɦɨɝɭɬ ɩɨɞɬɜɟɪɠɞɚɬɶ ɩɨɞɥɢɧɧɨɫɬɶ ɬɨɥɶɤɨ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɩɪɨɬɨɤɨɥɚ LAN Manager. • Ʉɨɝɞɚ ɤɨɦɩɶɸɬɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɸɬɫɹ ɫɢɫɬɟɦɵ Windows XP Professional ɢɥɢ Windows Server 2003, ɩɨɞɬɜɟɪɠɞɚɟɬ ɩɨɞɥɢɧɧɨɫɬɶ ɧɚ Windows NT 4 Server. • Ʉɨɝɞɚ ɥɸɛɨɣ ɤɥɢɟɧɬ ɨɛɪɚɳɚɟɬɫɹ ɤ ɚɜɬɨɧɨɦɧɨɦɭ ɫɟɪɜɟɪɭ ɫ ɫɢɫɬɟɦɨɣ Windows Server 2003. • Ʉɨɝɞɚ ɤɥɢɟɧɬ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɸɬɫɹ ɫɢɫɬɟɦɵ Windows XP Professional ɢɥɢ Windows 2000, ɩɪɨɛɭɟɬ ɜɨɣɬɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫ Windows Server 2003, ɧɨ ɧɟ ɫɩɨɫɨɛɟɧ ɩɨɞɬɜɟɪɞɢɬɶ ɩɨɞɥɢɧɧɨɫɬɶ, ɢɫɩɨɥɶɡɭɹ ɩɪɨɬɨɤɨɥ Kerberos. ȼ ɷɬɨɦ ɫɥɭɱɚɟ NTLM ɚɭɬɟɧɬɢɮɢɤɚɰɢɹ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɤɚɤ ɚɥɶɬɟɪɧɚɬɢɜɧɵɣ ɩɪɨɬɨɤɨɥ. ɉɪɨɬɨɤɨɥ NTLM ɡɧɚɱɢɬɟɥɶɧɨ ɦɟɧɟɟ ɛɟɡɨɩɚɫɟɧ, ɱɟɦ Kerberos. ɋ ɩɚɤɟɬɨɦ Windows NT 4 Service Pack 4 ɤɨɦɩɚɧɢɹ Microsoft ɩɪɟɞɫɬɚɜɢɥɚ ɧɨɜɭɸ ɜɟɪɫɢɸ ɩɪɨɬɨɤɨɥɚ NTLM ɫ ɢɦɟɧɟɦ NTLMv2. ɗɬɚ ɧɨɜɚɹ ɜɟɪɫɢɹ ɜɤɥɸɱɚɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɭɸ ɡɚɳɢɬɭ, ɬɚɤɭɸ ɤɚɤ ɫɨɡɞɚɧɢɟ ɭɧɢɤɚɥɶɧɨɝɨ ɤɥɸɱɚ ɫɟɚɧɫɚ ɤɚɠɞɵɣ ɪɚɡ ɩɪɢ ɭɫɬɚɧɨɜɥɟɧɢɢ ɧɨɜɨɝɨ ɩɨɞɤɥɸɱɟɧɢɹ, ɚ ɬɚɤɠɟ ɪɚɫɲɢɪɟɧɧɵɣ ɩɪɨɰɟɫɫ ɨɛɦɟɧɚ ɤɥɸɱɚɦɢ ɞɥɹ ɡɚɳɢɬɵ ɤɥɸɱɟɣ ɫɟɚɧɫɚ.
ȼ ɷɬɨɣ ɝɥɚɜɟ ɫɞɟɥɚɧ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɨɫɧɨɜɧɵɯ ɤɨɧɰɟɩɰɢɣ ɛɟɡɨɩɚɫɧɨɫɬɢ ɫɥɭɠɛɵ Active Directory Windows Server 2003, ɜɤɥɸɱɚɹ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɫɩɢɫɤɢ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ, ɚɭɬɟɧɬɢɮɢɤɚɰɢɸ ɢ ɪɚɡɪɟɲɟɧɢɹ. Ȼɨɥɶɲɚɹ ɱɚɫɬɶ ɷɬɨɣ ɝɥɚɜɵ ɩɨɫɜɹɳɟɧɚ ɨɫɧɨɜɧɵɦ ɫɪɟɞɫɬɜɚɦ ɨɛɟɫɩɟɱɟɧɢɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ ɢ ɪɚɡɪɟɲɟɧɢɣ ɫɥɭɠɛɵ Active Directory ɱɟɪɟɡ ɩɪɨɬɨɤɨɥ Kerberos. ɉɪɨɬɨɤɨɥ Kerberos ɩɪɟɞɥɚɝɚɟɬ ɛɟɡɨɩɚɫɧɵɣ ɦɟɯɚɧɢɡɦ ɩɨɞɬɜɟɪɠɞɟɧɢɹ ɩɨɞɥɢɧɧɨɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ Active Directory ɢ ɩɨɥɭɱɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ. Ɉɛɫɭɠɞɟɧɚ ɬɚɤɠɟ ɢɧɬɟɝɪɚɰɢɹ ɩɪɨɬɨɤɨɥɚ Kerberos ɫ ɢɧɮɪɚɫɬɪɭɤɬɭɪɨɣ ɨɬɤɪɵɬɵɯ ɤɥɸɱɟɣ PKI, ɫɦɚɪɬ-ɤɚɪɬɚɦɢ ɢ ɞɪɭɝɢɦɢ ɪɟɚɥɢɡɚɰɢɹɦɢ Kerberos.
9. Active Directory Ʉɚɤ ɝɨɜɨɪɢɥɨɫɶ ɜ ɩɪɟɞɵɞɭɳɢɯ ɝɥɚɜɚɯ, ɫɥɭɠɛɚ Active Directory ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ Microsoft Windows Server 2003 ɛɨɥɶɲɟ ɧɟ ɩɨɞɞɟɪɠɢɜɚɟɬ ɟɞɢɧɨɟ ɧɟɫɬɪɭɤɬɭɪɢɪɨɜɚɧɧɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɦɟɧ, ɤɨɬɨɪɨɟ ɢɫɩɨɥɶɡɨɜɚɥɨɫɶ ɜ ɞɨɦɟɧɚɯ Microsoft Windows NT. ȼɦɟɫɬɨ ɷɬɨɝɨ ɨɧɚ ɨɛɟɫɩɟɱɢɜɚɟɬ ɢɟɪɚɪɯɢɱɟɫɤɨɟ ɩɪɟɞɫɬɚɜɥɟɧɢɟ ɤɚɬɚɥɨɝɚ, ɫɧɚɱɚɥɚ ɱɟɪɟɡ ɢɟɪɚɪɯɢɸ ɞɨɦɟɧɧɨɣ ɫɢɫɬɟɦɵ ɢɦɟɧ (DNS) ɦɧɨɠɟɫɬɜɚ ɞɨɦɟɧɨɜ, ɚ ɡɚɬɟɦ ɱɟɪɟɡ ɫɬɪɭɤɬɭɪɭ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɣ (OU) ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɨɜ. ɗɬɚ ɢɟɪɚɪɯɢɹ ɫɨɡɞɚɟɬ ɜɚɠɧɭɸ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɭɸ ɜɨɡɦɨɠɧɨɫɬɶ: ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɪɚɡɪɟɲɟɧɢɣ. ȼ ɞɨɦɟɧɚɯ Windows NT ɬɚɤɨɣ ɜɨɡɦɨɠɧɨɫɬɢ ɧɟ ɛɵɥɨ. Ɋɚɡɪɟɲɟɧɢɹ, ɩɨɥɭɱɟɧɧɵɟ ɜ ɨɞɧɨɣ ɱɚɫɬɢ ɞɨɦɟɧɚ, ɞɟɣɫɬɜɨɜɚɥɢ ɩɨɜɫɸɞɭ ɜ ɞɨɦɟɧɟ. Ɍɟɩɟɪɶ ɷɬɨ ɩɨɥɧɨɫɬɶɸ ɢɡɦɟɧɢɥɨɫɶ. ɋɥɭɠɛɚ Active Directory Windows Server 2003 ɢɦɟɟɬ ɦɨɳɧɵɟ ɨɩɰɢɢ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɪɚɡɪɟɲɟɧɢɹɦɢ ɢ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ. Ⱦɚɧɧɚɹ ɝɥɚɜɚ ɩɨɫɬɪɨɟɧɚ ɧɚ ɨɛɫɭɠɞɟɧɢɢ ɛɟɡɨɩɚɫɧɨɫɬɢ Active Directory, ɧɚɱɚɬɨɣ ɜ ɝɥɚɜɟ 8. Ƚɥɚɜɚ ɧɚɱɢɧɚɟɬɫɹ ɫ ɩɨɜɬɨɪɧɨɝɨ ɪɚɫɫɦɨɬɪɟɧɢɹ ɡɚɳɢɬɵ Active Directory ɫ ɰɟɥɶɸ ɭɬɨɱɧɟɧɢɹ ɫɩɢɫɤɨɜ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ (ACL) ɧɚ ɨɛɴɟɤɬɚɯ Active Directory. ɉɨɫɥɟ ɷɬɨɝɨ ɜ ɝɥɚɜɟ ɨɛɫɭɠɞɚɟɬɫɹ ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɩɪɚɜ. Ⱦɥɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɜɵ ɦɨɠɟɬɟ ɧɚɩɪɹɦɭɸ ɨɛɪɚɳɚɬɶɫɹ ɤ ɫɩɢɫɤɚɦ ACL ɢɧɞɢɜɢɞɭɚɥɶɧɵɯ ɨɛɴɟɤɬɨɜ. Ⱦɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɫɥɭɠɛɚ Active Directory Windows Server 2003 ɢɦɟɟɬ.ɬɚɤɠɟ Delegation Of Control Wizard (Ɇɚɫɬɟɪ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɭɩɪɚɜɥɟɧɢɹ).
Active Directory
Ʉɚɤ ɨɩɢɫɚɧɨ ɜ ɝɥɚɜɟ 8, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɫɟɬɶ Windows Server 2003, ɟɦɭ ɩɪɟɞɨɫɬɚɜɥɹɟɬɫɹ ɥɟɤɫɟɦɚ ɞɨɫɬɭɩɚ. Ʌɟɤɫɟɦɚ ɞɨɫɬɭɩɚ ɜɤɥɸɱɚɟɬ ɢɞɟɧɬɢɮɢɤɚɬɨɪɵ ɡɚɳɢɬɵ (SID) ɞɥɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɚ ɬɚɤɠɟ SID ɞɥɹ ɜɫɟɯ ɝɪɭɩɩ, ɤ ɤɨɬɨɪɵɦ ɩɪɢɧɚɞɥɟɠɢɬ ɩɨɥɶɡɨɜɚɬɟɥɶ. Ʉɚɤ ɬɨɥɶɤɨ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɨɲɟɥ, ɨɧ ɩɵɬɚɟɬɫɹ ɨɛɪɚɬɢɬɶɫɹ ɤ ɫɟɬɟɜɨɦɭ ɪɟɫɭɪɫɭ, ɤɨ-
ɬɨɪɵɣ ɜɤɥɸɱɚɟɬ ɨɛɴɟɤɬ Active Directory. Ʉɚɠɞɵɣ ɫɟɬɟɜɨɣ ɪɟɫɭɪɫ ɢɥɢ ɨɛɴɟɤɬ Active Directory ɢɦɟɟɬ ɫɩɢɫɨɤ ACL, ɯɪɚɧɹɳɢɣɫɹ ɜ ɟɝɨ ɚɬɪɢɛɭɬɟ NT Security Descriptor, ɤɨɬɨɪɵɣ ɫɨɫɬɨɢɬ ɢɡ ɨɞɧɨɣ ɢɥɢ ɛɨɥɟɟ ɡɚɩɢɫɟɣ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ (Ⱥɋȿ), ɨɩɪɟɞɟɥɹɸɳɟɣ, ɤɚɤɢɟ ɩɪɚɜɚ ɧɚ ɞɚɧɧɵɣ ɨɛɴɟɤɬ ɢɦɟɟɬ ɤɚɠɞɵɣ ɢɞɟɧɬɢɮɢɤɚɬɨɪ SID. Ⱦɟɫɤɪɢɩɬɨɪ ɡɚɳɢɬɵ ɫɨɞɟɪɠɢɬ ɜɥɚɞɟɥɶɰɚ ɨɛɴɟɤɬɚ, ɚ ɬɚɤɠɟ ɫɩɢɫɨɤ ɭɩɪɚɜɥɟɧɢɹ ɪɚɡɝɪɚɧɢɱɢɬɟɥɶɧɵɦ ɞɨɫɬɭɩɨɦ (DACL) ɢ ɫɩɢɫɨɤ ɭɩɪɚɜɥɟɧɢɹ ɫɢɫɬɟɦɧɵɦ ɞɨɫɬɭɩɨɦ (SACL). ɋɩɢɫɨɤ DACL ɨɩɪɟɞɟɥɹɟɬ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɨɛɴɟɤɬ, ɤɨɬɨɪɵɟ ɢɦɟɸɬ ɜɫɟ ɭɱɚɫɬɧɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ. ɋɩɢɫɨɤ SACL ɨɩɪɟɞɟɥɹɟɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɚɭɞɢɬɚ ɨɛɴɟɤɬɚ. . Active Directory ACL, . . .Э , Active Directory Users And Computers ( Active Directory), Active Directory Sites And Services ( Active Directory), ADSI Edit Ldp.exe. , Active Directory Users And Computers, . , , Active Directory. , , ACL, Active Directory Sites And Services. Delegation Of Control Wizard, . ȿɫɬɶ ɦɧɨɠɟɫɬɜɨ ɪɚɡɥɢɱɧɵɯ ɢɧɫɬɪɭɦɟɧɬɨɜ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɩɪɨɫɦɨɬɪɚ ɞɟɫɤɪɢɩɬɨɪɚ ɡɚɳɢɬɵ ɥɸɛɨɝɨ ɨɛɴɟɤɬɨɜ Active Directory. Ɉɛɵɱɧɨ ɢɫɩɨɥɶɡɭɟɬɫɹ ɢɧɫɬɪɭɦɟɧɬ Active Directory Users And Computers. Ɉɧ ɦɨɠɟɬ ɞɚɜɚɬɶ ɧɟɫɤɨɥɶɤɨ ɪɚɡɥɢɱɧɵɯ ɩɪɟɞɫɬɚɜɥɟɧɢɣ ɫɩɢɫɤɨɜ ACL. ɗɬɨ ɫɜɹɡɚɧɨ ɫ ɬɟɦ, ɱɬɨ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɨɛɴɟɤɬɚɦ Active Directory ɪɚɡɛɢɬɵ ɧɚ ɞɜɟ ɤɚɬɟɝɨɪɢɢ: (standard) ɢ (special). ɉɪɨɫɦɨɬɪ ɢɧɮɨɪɦɚɰɢɢ ɨ ɡɚɳɢɬɟ ɱɟɪɟɡ Active Directory Users And Computers ɨɫɥɨɠɧɹɟɬɫɹ, ɟɫɥɢ ɜɵ ɦɨɠɟɬɟ ɩɪɟɞɨɫɬɚɜɥɹɬɶ ɪɚɡɪɟɲɟɧɢɹ ɨɛɴɟɤɬɚɦ ɜɧɭɬɪɢ ɤɨɧɬɟɣɧɟɪɧɨɝɨ ɨɛɴɟɤɬɚ ɢɥɢ ɚɬɪɢɛɭɬɚɦ ɨɛɴɟɤɬɚ.
ɑɬɨɛɵ ɩɪɨɫɦɨɬɪɟɬɶ ɫɬɚɧɞɚɪɬɧɵɟ ɪɚɡɪɟɲɟɧɢɹ ɞɥɹ ɥɸɛɨɝɨ ɨɛɴɟɤɬɚ Active Directory ɜ ɪɚɡɞɟɥɟ ɞɨɦɟɧɚ ɤɚɬɚɥɨɝɚ, ɨɛɪɚɬɢɬɟɫɶ ɤ ɜɤɥɚɞɤɟ Security (Ȼɟɡɨɩɚɫɧɨɫɬɶ) ɜ ɨɤɧɟ Properties (ɋɜɨɣɫɬɜɚ) ɧɭɠɧɨɝɨ ɨɛɴɟɤɬɚ ɜ ɢɧɫɬɪɭɦɟɧɬɟ Active Directory Users And Computers. (ȿɫɥɢ ɜɤɥɚɞɤɚ Security ɧɟ
ɜɢɞɧɚ, ɜɵɛɟɪɢɬɟ Advanced Features (Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɮɭɧɤɰɢɢ) ɜ ɦɟɧɸ View (ȼɢɞ), ɩɨɜɬɨɪɧɨ ɜɵɛɟɪɢɬɟ ɨɛɴɟɤɬ ɢ ɨɬɤɪɨɣɬɟ ɨɤɧɨ Properties). ȼɤɥɚɞɤɚ Security(Ȼɟɡɨɩɚɫɧɨɫɬɶ) ɩɨɤɚɡɵɜɚɟɬ ɫɬɚɧɞɚɪɬɧɵɟ ɪɚɡɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɟ ɞɨɫɬɭɩɧɵ ɞɥɹ ɤɚɠɞɨɝɨ ɨɛɴɟɤɬɚ (ɫɦ. ɪɢɫ. 9-1).
. 9-1.
«
»
Ʉɚɠɞɵɣ ɤɥɚɫɫ ɨɛɴɟɤɬɨɜ ɜ Active Directory ɢɦɟɟɬ ɫɜɨɣ ɧɚɛɨɪ ɫɬɚɧɞɚɪɬɧɵɯ ɪɚɡɪɟɲɟɧɢɣ. ɇɚɩɪɢɦɟɪ, ɨɪɝɚɧɢɡɚɰɢɨɧɧɚɹ ɟɞɢɧɢɰɚ (OU) - ɷɬɨ ɤɨɧɬɟɣɧɟɪɧɵɣ ɨɛɴɟɤɬ, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɫɨɞɟɪɠɚɬɶ ɞɨɱɟɪɧɢɟ ɨɛɴɟɤɬɵ, ɩɨɷɬɨɦɭ ɨɧ ɢɦɟɟɬ ɧɚɛɨɪ ɪɚɡɪɟɲɟɧɢɣ, ɩɪɢɦɟɧɹɟɦɵɯ ɤ ɞɨɱɟɪɧɢɦ ɨɛɴɟɤɬɚɦ, ɤɨɬɨɪɵɟ ɧɟ ɩɨɞɯɨɞɹɬ ɞɥɹ ɨɛɴɟɤɬɨɜ «ɩɨɥɶɡɨɜɚɬɟɥɶ». Ɉɞɧɚɤɨ, ɧɟɤɨɬɨɪɵɟ ɫɬɚɧɞɚɪɬɧɵɟ ɪɚɡɪɟɲɟɧɢɹ, ɧɚɩɪɢɦɟɪ, Full Control (ɉɨɥɧɵɣ ɤɨɧɬɪɨɥɶ), Read (ɑɬɟɧɢɟ), Write (Ɂɚɩɢɫɶ), Create All Child Objects (ɋɨɡɞɚɧɢɟ ɜɫɟɯ ɞɨɱɟɪɧɢɯ ɨɛɴɟɤɬɨɜ) ɢ Delete All Child Objects (ɍɞɚɥɟɧɢɟ ɜɫɟɯ ɞɨɱɟɪɧɢɯ ɨɛɴɟɤɬɨɜ), ɩɪɢɦɟɧɢɦɵ ɤɨ ɜɫɟɦ ɨɛɴɟɤɬɚɦ. ɇɟɤɨɬɨɪɵɟ ɨɛɴɟɤɬɵ Active Directory ɢɦɟɸɬ ɫɬɚɧɞɚɪɬɧɵɟ ɪɚɡɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɟ ɩɪɢɦɟɧɹɸɬɫɹ ɤ ɫɝɪɭɩɩɢɪɨɜɚɧɧɵɦ ɧɚɛɨɪɚɦ ɫɜɨɣɫɬɜ. ɇɚɩɪɢɦɟɪ, ɤɚɠɞɵɣ ɨɛɴɟɤɬ «ɩɨɥɶɡɨɜɚɬɟɥɶ» ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɧɚɛɨɪɨɜ ɫɜɨɣɫɬɜ ɬɢɩɚ Public Information (Ɉɬɤɪɵɬɚɹ ɢɧɮɨɪɦɚɰɢɹ), Personal Information (Ʌɢɱɧɚɹ ɢɧɮɨɪɦɚɰɢɹ) ɢɥɢ Web Information (ȼɟɛ-ɢɧɮɨɪɦɚɰɢɹ). Ʉɚɠɞɵɣ ɢɡ ɷɬɢɯ ɧɚɛɨɪɨɜ ɫɜɨɣɫɬɜ ɨɬɧɨɫɢɬɫɹ ɤ ɧɚɛɨɪɭ ɚɬɪɢɛɭɬɨɜ, ɬɚɤ ɱɬɨ ɩɪɟɞɨɫɬɚɜɥɟɧɢɟ ɞɨɫɬɭɩɚ ɤ ɧɟɦɭ ɨɛɟɫɩɟɱɢɜɚɟɬ ɞɨɫɬɭɩ ɤ ɧɚɛɨɪɭ ɚɬɪɢɛɭɬɨɜ. ɇɚɩɪɢɦɟɪ, ɧɚɛɨɪ ɫɜɨɣɫɬɜ Personal Information ɜɤɥɸɱɚɟɬ ɚɬɪɢɛɭɬɵ homePhone, homePostalAddress, streetAddress ɢ ɬɚɤ ɞɚɥɟɟ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɧɚɛɨɪɨɜ ɫɜɨɣɫɬɜ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɝɪɭɩɩɚɦ ɚɬɪɢɛɭɬɨɜ ɭɩɪɨɳɚɟɬ ɩɪɨɰɟɫɫ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. ɑɬɨɛɵ ɧɚɣɬɢ ɩɨɥɧɵɣ ɫɩɢɫɨɤ ɚɬɪɢɛɭɬɨɜ, ɜɤɥɸɱɟɧɧɵɯ ɜ ɤɚɠɞɵɣ ɧɚɛɨɪ ɫɜɨɣɫɬɜɚ, ɫɞɟɥɚɣɬɟ ɩɨɢɫɤ ɜɵɪɚɠɟɧɢɹ "property sets" (ɜɤɥɸɱɚɹ ɨɬɤɪɵɜɚɸɳɢɟ ɢ ɡɚɤɪɵɜɚɸɳɢɟ ɤɚɜɵɱɤɢ) ɜ Help And Support Center (ɐɟɧɬɪ ɫɩɪɚɜɤɢ ɢ ɩɨɞɞɟɪɠɤɢ). ɋɯɟɦɚ Active Directory ɨɩɪɟɞɟɥɹɟɬ ɬɨ, ɤɚɤɢɟ ɚɬɪɢɛɭɬɵ ɹɜɥɹɸɬɫɹ ɱɚɫɬɶɸ ɤɚɠɞɨɝɨ ɫɜɨɣɫɬɜɚ, ɭɫɬɚɧɨɜɥɟɧɧɨɝɨ ɫ ɩɨɦɨɳɶɸ ɡɧɚɱɟɧɢɹ rightsGuid ɞɥɹ ɤɚɬɟɝɨɪɢɢ ɫɜɨɣɫɬɜɚ (ɜ ɪɚɡɞɟɥɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ) ɢ ɡɧɚɱɟɧɢɹ attributesSecurityGUID ɞɥɹ ɨɛɴɟɤɬɚ ɫɯɟɦɵ. ɇɚɩɪɢɦɟɪ, ɡɧɚɱɟɧɢɟ rightsGuid ɞɥɹ cn=PersonalInformation, cn=Extended-Rights, cn=conf iguration, dc=forestname ɪɚɜɧɨ ɡɧɚɱɟɧɢɸ attributes ecurityGUID ɞɥɹ cn=Telephone-Number, cn=Schema, cn=Configuration, dc=forestname. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɧɨɦɟɪ ɬɟɥɟɮɨɧɚ ɜɤɥɸɱɟɧ ɜ ɧɚɛɨɪ ɫɜɨɣɫɬɜ Personal Information. ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɫɬɚɧɞɚɪɬɧɵɦ ɪɚɡɪɟɲɟɧɢɹɦ ɜɤɥɚɞɤɚ Security ɩɨɤɚɡɵɜɚɟɬ ɧɟɤɨɬɨɪɵɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɩɪɚɜɚ, ɬɚɤɢɟ ɤɚɤ Receive As, Send As, Send To (ɜɫɟ ɩɪɚɜɚ, ɫɜɹɡɚɧɧɵɟ ɫ Microsoft Exchange 2000 Server), Change Password ɢ Reset Password. ɋɩɢɫɨɤ ɪɚɡɪɟɲɟɧɢɣ ɦɨɠɟɬ ɬɚɤɠɟ ɜɤɥɸɱɚɬɶ ɪɚɡɪɟɲɟɧɢɟ Validated Write (Ɂɚɩɢɫɶ ɫ ɩɪɨɜɟɪɤɨɣ ɟɟ ɞɨɫɬɨɜɟɪɧɨɫɬɢ). ɇɚɩɪɢɦɟɪ, ɨɛɴɟɤɬɚɦ Group ɬɪɟɛɭɟɬɫɹ ɪɚɡɪɟɲɟɧɢɟ Validated Write ɧɚ ɬɨ, ɱɬɨɛɵ ɞɨɛɚɜɢɬɶ/ɭɞɚɥɢɬɶ ɫɟɛɹ ɤɚɤ ɱɥɟɧɚ. Ɋɚɡɥɢɱɢɟ ɦɟɠɞɭ ɪɚɡɪɟɲɟɧɢɟɦ Validated Write ɢ ɨɛɵɱɧɵɦ Write ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ Validated Write ɝɚɪɚɧɬɢɪɭɟɬ, ɱɬɨ ɡɚɩɢɫɚɧɧɨɟ ɡɧɚɱɟɧɢɟ ɞɨɩɭɫɬɢɦɨ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɢɦɟɸɳɢɣ ɪɚɡɪɟɲɟɧɢɟ ɞɨɛɚɜɥɹɬɶ/ɭɞɚɥɹɬɶ ɫɟɛɹ ɤɚɤ ɱɥɟɧɚ ɝɪɭɩɩɵ, ɫɦɨɠɟɬ ɞɨɛɚɜɥɹɬɶ ɤ ɝɪɭɩɩɟ ɬɨɥɶɤɨ ɫɟɛɹ ɫɚɦɨɝɨ.
Ɉɞɧɚ ɢɡ ɡɚɩɢɫɟɣ ɜ ɫɬɚɧɞɚɪɬɧɨɦ ɫɩɢɫɤɟ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɜɤɥɚɞɤɟ Security (Ȼɟɡɨɩɚɫɧɨɫɬɶ) - Special Permissions (ɋɩɟɰɢɚɥɶɧɵɟ ɪɚɡɪɟɲɟɧɢɹ). ȼɵ ɦɨɠɟɬɟ ɩɪɟɞɨɫɬɚɜɥɹɬɶ ɨɛɴɟɤɬɚɦ Active Directory ɧɟ ɬɨɥɶɤɨ ɫɬɚɧɞɚɪɬɧɵɟ ɪɚɡɪɟɲɟɧɢɹ, ɧɨ ɢ ɫɩɟɰɢɚɥɶɧɵɟ. Ɉɧɢ ɛɨɥɟɟ ɞɟɬɚɥɢɡɢɪɨɜɚɧɵ ɢ ɫɩɟɰɢɮɢɱɧɵ, ɱɟɦ ɫɬɚɧɞɚɪɬɧɵɟ ɪɚɡɪɟɲɟɧɢɹ. ɑɬɨɛɵ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɧɢɦ, ɳɟɥɤɧɢɬɟ ɧɚ Advanced (Ⱦɨɩɨɥɧɢɬɟɥɶɧɨ) ɧɚ ɜɤɥɚɞɤɟ Security (ɪɢɫ. 9-2). ȼ ɬɚɛɥɢɰɟ 9-1 ɨɛɴɹɫɧɹɟɬɫɹ ɧɚɡɧɚɱɟɧɢɟ ɫɬɨɥɛɰɨɜ ɜ ɨɤɧɟ. . Default ( ) Advanced , , .
. 9-2. Settings . 9-1.
ɋɬɨɥɛɟɰ Ɍɭɪɟ (Ɍɢɩ)
Advanced Security
Ɉɛɴɹɫɧɟɧɢɟ
Ɂɧɚɱɟɧɢɟ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɞɥɹ ɪɚɡɪɟɲɟɧɢɣ Allow (Ɋɚɡɪɟɲɢɬɶ) ɢɥɢ Deny (Ɂɚɩɪɟɬɢɬɶ). Ɉɛɵɱɧɨ ɪɚɡɪɟɲɟɧɢɹ ɨɬɫɨɪɬɢɪɨɜɚɧɵ ɬɚɤ, ɱɬɨ ɫɧɚɱɚɥɚ ɩɟɪɟɱɢɫɥɹɸɬɫɹ ɜɫɟ ɪɚɡɪɟɲɟɧɢɹ Deny (Ɂɚɩɪɟɬɢɬɶ). ɉɨɪɹɞɨɤ ɫɨɪɬɢɪɨɜɤɢ ɦɨɠɟɬ ɛɵɬɶ ɢɡɦɟɧɟɧ ɳɟɥɱɤɨɦ ɧɚ ɥɸɛɨɦ ɡɚɝɨɥɨɜɤɟ ɫɬɨɥɛɰɚ. ɇɟɡɚɜɢɫɢɦɨ ɨɬ ɩɨɪɹɞɤɚ ɩɨɹɜɥɟɧɢɹ ɜ ɷɬɨɦ ɫɬɨɥɛɰɟ ɫɧɚɱɚɥɚ ɜɫɟɝɞɚ ɨɰɟɧɢɜɚɸɬɫɹ ɪɚɡɪɟɲɟɧɢɹ Deny (Ɂɚɩɪɟɬɢɬɶ). Name (ɂɦɹ) ɂɦɹ ɭɱɚɫɬɧɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɤ ɤɨɬɨɪɨɦɭ ɩɪɢɦɟɧɹɟɬɫɹ ɡɚɩɢɫɶ Ⱥɋȿ. Permission (Ɋɚɡɪɟɲɟɧɢɟ) ɋɬɨɥɛɟɰ ɩɟɪɟɱɢɫɥɹɟɬ ɭɪɨɜɟɧɶ ɪɚɡɪɟɲɟɧɢɹ, ɩɪɟɞɨɫɬɚɜɥɟɧɧɨɝɨ ɭɱɚɫɬɧɢɤɭ ɛɟɡɨɩɚɫɧɨɫɬɢ. ɍɪɨɜɧɢ ɪɚɡɪɟɲɟɧɢɣ ɦɨɝɭɬ ɛɵɬɶ ɫɬɚɧɞɚɪɬɧɵɦɢ, ɧɚɩɪɢɦɟɪ Full Control, ɫɩɟɰɢɚɥɶɧɵɦɢ, ɧɚɩɪɢɦɟɪ, Create/Delete User Objects (ɋɨɡɞɚɜɚɬɶ/ɍɞɚɥɹɬɶ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɨɛɴɟɤɬɵ), ɢɥɢ ɬɨɥɶɤɨ Special (ɋɩɟɰɢɚɥɶɧɵɣ). Ⱦɨɫɬɭɩɧɵɟ ɬɢɩɵ ɪɚɡɪɟɲɟɧɢɣ ɡɚɜɢɫɹɬ ɨɬ ɬɢɩɚ ɨɛɴɟɤɬɚ. Inherited From ɋɬɨɥɛɟɰ ɭɤɚɡɵɜɚɟɬ ɦɟɫɬɨ, ɜ ɤɨɬɨɪɨɦ (ɍɧɚɫɥɟɞɨɜɚɧɧɵɣ ɨɬ) ɭɫɬɚɧɨɜɥɟɧɨ ɷɬɨ ɪɚɡɪɟɲɟɧɢɟ.
Apply To (ɉɪɢɦɟɧɹɟɬɫɹ ɤ)
ɋɬɨɥɛɟɰ ɨɩɪɟɞɟɥɹɟɬ ɝɥɭɛɢɧɭ ɩɪɢɦɟɧɟɧɢɹ ɪɚɡɪɟɲɟɧɢɟ. Ɉɧɚ ɢɦɟɟɬ ɪɚɡɧɨɨɛɪɚɡɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɜɤɥɸɱɚɹ This Object Only (Ɍɨɥɶɤɨ ɷɬɨɬ ɨɛɴɟɤɬ), This Object And All Child (ɗɬɨɬ ɨɛɴɟɤɬ ɢ ɜɫɟ ɞɨɱɟɪɧɢɟ ɨɛɴɟɤɬɵ) ɢɥɢ Only Child Objects (Ɍɨɥɶɤɨ ɞɨɱɟɪɧɢɟ ɨɛɴɟɤɬɵ).
ɗɬɨ ɨɤɧɨ ɩɟɪɟɱɢɫɥɹɟɬ ɜɫɟ Ⱥɋȿ-ɡɚɩɢɫɢ ɞɥɹ ɨɛɴɟɤɬɚ. ȼɨ ɦɧɨɝɢɯ ɫɥɭɱɚɹɯ ɨɞɧɢ ɢ ɬɟ ɠɟ ɭɱɚɫɬɧɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ ɦɨɝɭɬ ɛɵɬɶ ɩɟɪɟɱɢɫɥɟɧɵ ɜ ɧɟɫɤɨɥɶɤɢɯ ɡɚɩɢɫɹɯ Ⱥɋȿ. ɇɚɩɪɢɦɟɪ, ɝɪɭɩɩɟ Authenticated Users (ɍɞɨɫɬɨɜɟɪɟɧɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ) ɞɚɧɨ ɪɚɡɪɟɲɟɧɢɟ Read Permissions (ɑɢɬɚɬɶ ɪɚɡɪɟɲɟɧɢɹ), Read General Information (ɑɢɬɚɬɶ ɢɧɮɨɪɦɚɰɢɸ ɨɛɳɟɝɨ ɯɚɪɚɤɬɟɪɚ), Read Personal Information (ɑɢɬɚɬɶ ɥɢɱɧɭɸ ɢɧɮɨɪɦɚɰɢɸ), Read Web Information (ɑɢɬɚɬɶ ɜɟɛ-ɢɧɮɨɪɦɚɰɢɸ) ɢ Read Public Information (ɑɢɬɚɬɶ ɨɬɤɪɵɬɭɸ ɢɧɮɨɪɦɚɰɢɸ) ɜ ɨɬɞɟɥɶɧɵɯ ɡɚɩɢɫɹɯ Ⱥɋȿ. ȼɵ ɦɨɠɟɬɟ ɞɨɛɚɜɥɹɬɶ ɢ ɭɞɚɥɹɬɶ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ ɢɥɢ ɪɟɞɚɤɬɢɪɨɜɚɬɶ ɬɟɤɭɳɢɟ ɪɚɡɪɟɲɟɧɢɹ, ɩɪɟɞɨɫɬɚɜɥɟɧɧɵɟ ɭɱɚɫɬɧɢɤɭ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɢɫɩɨɥɶɡɭɹ ɨɤɧɨ Advanced Security Settings (Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ). ȿɫɥɢ ɜɵ ɞɨɛɚɜɥɹɟɬɟ ɢɥɢ ɪɟɞɚɤɬɢɪɭɟɬɟ ɪɚɡɪɟɲɟɧɢɹ, ɩɪɟɞɨɫɬɚɜɥɟɧɧɵɟ ɭɱɚɫɬɧɢɤɭ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɜɚɦ ɞɚɟɬɫɹ ɞɜɚ ɫɩɨɫɨɛɚ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ. ɇɚ ɪɢɫɭɧɤɟ 9-3 ɩɨɤɚɡɚɧ ɩɟɪɜɵɣ ɫɩɨɫɨɛ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɨɛɴɟɤɬ.
. 9-3.
Active Directory
ȼɤɥɚɞɤɚ Object (Ɉɛɴɟɤɬ) ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ, ɤɨɬɨɪɵɟ ɩɪɢɦɟɧɹɸɬɫɹ ɬɨɥɶɤɨ ɤ ɨɛɴɟɤɬɭ, ɤɨ ɜɫɟɦ ɞɨɱɟɪɧɢɦ ɨɛɴɟɤɬɚɦ ɢɥɢ ɤ ɨɩɪɟɞɟɥɟɧɧɵɦ ɞɨɱɟɪɧɢɦ ɨɛɴɟɤɬɚɦ. ɇɚɩɪɢɦɟɪ, ɧɚ ɭɪɨɜɧɟ OU ɦɨɠɧɨ ɩɪɟɞɨɫɬɚɜɥɹɬɶ ɪɚɡɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɟ ɩɪɢɦɟɧɹɸɬɫɹ ɤ ɨɛɴɟɤɬɭ (OU), ɤ ɨɛɴɟɤɬɭ ɢ ɜɫɟɦ ɟɝɨ ɞɨɱɟɪɧɢɦ ɨɛɴɟɤɬɚɦ, ɤɨ ɜɫɟɦ ɞɨɱɟɪɧɢɦ ɨɛɴɟɤɬɚɦ ɢɥɢ ɤ ɨɩɪɟɞɟɥɟɧɧɵɦ ɞɨɱɟɪɧɢɦ ɨɛɴɟɤɬɚɦ (ɬɚɤɢɦ ɤɚɤ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɝɪɭɩɩɵ ɢ ɤɨɦɩɶɸɬɟɪɚ). ɋɩɢɫɨɤ ɪɚɡɪɟɲɟɧɢɣ ɢɡɦɟɧɹɟɬɫɹ ɜ ɡɚɜɢɫɢɦɨɫɬɢ ɨɬ ɬɢɩɚ ɨɛɴɟɤɬɚ, ɫ ɤɨɬɨɪɵɦ ɜɵ ɪɚɛɨɬɚɟɬɟ. ȼɬɨɪɨɣ ɫɩɨɫɨɛ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɩɪɟɞɧɚɡɧɚɱɟɧ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɚɪɚɦɟɬɪɚɦɢ ɧɚɫɬɪɨɣɤɢ ɫɜɨɣɫɬɜ ɨɛɴɟɤɬɚ (ɫɦ. ɪɢɫ. 9-4).
. 9-4.
,
ȼɤɥɚɞɤɚ Properties (ɋɜɨɣɫɬɜɚ) ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɢɧɞɢɜɢɞɭɚɥɶɧɵɟ ɫɜɨɣɫɬɜɚ ɨɛɴɟɤɬɚ, ɜɵɛɪɚɧɧɨɝɨ ɜ ɩɨɥɟ Name (ɂɦɹ) ɨɤɧɚ Advanced Security Settings (Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ). ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɩɪɢɦɟɧɹɟɬɟ ɪɚɡɪɟɲɟɧɢɹ ɤ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦ ɨɛɴɟɤɬɚɦ, ɜɚɦ ɩɪɟɞɨɫɬɚɜɥɹɟɬɫɹ ɨɩɰɢɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ Read ɢ Write ɞɥɹ ɤɚɠɞɨɝɨ ɚɬɪɢɛɭɬɚ, ɞɨɫɬɭɩɧɨɝɨ ɞɥɹ ɞɚɧɧɨɝɨ ɤɥɚɫɫɚ ɨɛɴɟɤɬɨɜ. . , , , . , , - , , . , . . , , , .
Ldp.exe
Ƚɪɚɮɢɱɟɫɤɢɣ ɢɧɬɟɪɮɟɣɫ ɩɨɥɶɡɨɜɚɬɟɥɹ (GUI) ɹɜɥɹɟɬɫɹ ɢɧɫɬɪɭɦɟɧɬɨɦ, ɤɨɬɨɪɵɣ ɨɱɟɧɶ ɭɞɨɛɟɧ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɨɝɪɨɦɧɨɣ ɫɨɜɨɤɭɩɧɨɫɬɶɸ Ⱥɋȿ-ɡɚɩɢɫɟɣ. ɑɬɨɛɵ ɩɨɥɭɱɢɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨ-ɧɚɫɬɨɹɳɟɦɭ ɨɰɟɧɢɬɶ ɡɧɚɱɟɧɢɟ GUI, ɩɨɬɪɚɬɶɬɟ ɧɟɤɨɬɨɪɨɟ ɜɪɟɦɹ ɧɚ ɡɧɚɤɨɦɫɬɜɨ ɫ ɢɧɫɬɪɭɦɟɧɬɨɦ Ldp.exe. ɑɬɨɛɵ ɩɪɨɫɦɨɬɪɟɬɶ ɫɩɢɫɨɤ ACL ɫ ɩɨɦɨɳɶɸ Ldp.exe, ɨɬɤɪɨɣɬɟ ɞɢɚɥɨɝɨɜɨɟ ɨɤɧɨ Run (ȼɵɩɨɥɧɢɬɶ) ɢ ɧɚɩɟɱɚɬɚɣɬɟ ldp. (ȿɫɥɢ Ldp.exe ɧɟ ɛɵɥ ɭɫɬɚɧɨɜɥɟɧ ɧɚ ɤɨɦɩɶɸɬɟɪɟ, ɨɬɤɪɨɣɬɟ ɩɚɩɤɭ \SUPPORT\TOOLS ɧɚ ɤɨɦɩɚɤɬ-ɞɢɫɤɟ Windows Server 2003 ɢ ɞɜɚɠɞɵ ɳɟɥɤɧɟɬɟ ɧɚ ɮɚɣɥɟ Suptools.msi, ɱɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ ɫɪɟɞɫɬɜɚ ɩɨɞɞɟɪɠɤɢ Active Directory.) ȼɵɛɟɪɢɬɟ ɪɚɫɤɪɵɜɚɸɳɟɟɫɹ ɦɟɧɸ Connection (ɉɨɞɤɥɸɱɟɧɢɹ), ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ Connect (ɉɨɞɤɥɸɱɢɬɶɫɹ). ȿɫɥɢ ɜɵ ɨɫɬɚɜɢɬɟ ɩɭɫɬɵɦ ɩɨɥɟ ɫɟɪɜɟɪɚ, ɬɨ ɫɟɪɜɟɪ ɫɨɟɞɢɧɢɬɫɹ ɫ ɥɨɤɚɥɶɧɵɦ ɤɨɦɩɶɸɬɟɪɨɦ. ȼɵ ɦɨɠɟɬɟ ɧɚɩɟɱɚɬɚɬɶ ɢɦɹ ɫɟɪɜɟɪɚ. Ʉɚɤ ɬɨɥɶɤɨ ɜɵ ɫɜɹɠɟɬɟɫɶ ɫ ɫɟɪɜɟɪɨɦ, ɜɵɛɟɪɢɬɟ ɪɚɫɤɪɵɜɚɸɳɟɟɫɹ ɦɟɧɸ Connection (ɉɨɞɤɥɸɱɟɧɢɹ) ɢ ɜɵɛɟɪɢɬɟ Bind (ɋɜɹɡɚɬɶɫɹ). ȿɫɥɢ ɜɵ ɜɯɨɞɢɬɟ ɧɟ ɫ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɢɦɟɸɳɟɣ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɚɜɚ, ɜɜɟɞɢɬɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɦɚɧɞɚɬɵ. Ⱦɪɭɝɢɦ ɫɩɨɫɨɛɨɦ, ɨɫɬɚɜɶɬɟ ɩɪɨɛɟɥɵ ɜ ɩɨɥɹɯ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɢɧɮɨɪɦɚɰɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. ɉɨɫɥɟ ɩɨɞɤɥɸɱɟɧɢɹ ɤ ɞɨɦɟɧɭ ɳɟɥɤɧɢɬɟ ɧɚ ɪɚɫɤɪɵɜɚɸɳɟɦɫɹ ɦɟɧɸ View (ȼɢɞ), ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ Tree (Ⱦɟɪɟɜɨ). ɑɬɨɛɵ ɩɪɨɫɦɨɬɪɟɬɶ ɜɟɫɶ ɞɨɦɟɧ, ɳɟɥɤɧɢɬɟ ɧɚ ɈɄ. ɋɬɪɭɤɬɭɪɚ OU ɞɨɦɟɧɚ ɛɭɞɟɬ ɩɪɟɞɫɬɚɜɥɟɧɚ ɜ ɥɟɜɨɣ ɨɛɥɚɫɬɢ ɨɤɧɚ (ɫɦ. ɪɢɫ. 9-5). ɑɬɨɛɵ ɩɪɨɫɦɨɬɪɟɬɶ ɫɩɢɫɨɤ ACL ɞɥɹ ɥɸɛɨɝɨ ɨɛɴɟɤɌɚ, ɧɚɣɞɢɬɟ ɨɛɴɟɤɬ ɜ ɞɟɪɟɜɟ ɜ ɥɟɜɨɣ ɨɛɥɚɫɬɢ ɨɤɧɚ. Ɂɚɬɟɦ ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɨɛɴɟɤɬɟ ɢ ɜɵɛɟɪɢɬɟ Advanced (Ⱦɨɩɨɥɧɢɬɟɥɶɧɨ), ɡɚɬɟɦ - Security Descriptor (Ⱦɟɫɤɪɢɩɬɨɪ ɡɚɳɢɬɵ). ɋɩɢɫɨɤ ACL ɯɪɚɧɢɬɫɹ ɜ ɡɧɚɱɟɧɢɢ NT Security Descriptor ɤɚɠɞɨɝɨ ɨɛɴɟɤɬɚ Active Directory. Ɂɚɬɟɦ ɢɧɫɬɪɭɦɟɧɬ Ldp.exe ɡɚɩɢɲɟɬ ɤɚɠɞɵɣ Ⱥɋȿ ɜ ɩɪɚɜɭɸ ɨɛɥɚɫɬɶ ɨɤɧɚ ɜ ɡɚɲɢɮɪɨɜɚɧɧɨɦ ɮɨɪɦɚɬɟ:
(A;; CCDCLCSWRPWPDTLOCRSDRCWDWO;;; DA)
Ʉɚɠɞɚɹ ɩɚɪɚ ɛɭɤɜ ɜ ɩɟɪɜɨɦ ɫɩɢɫɤɟ Ⱥɋȿ-ɡɚɩɢɫɟɣ ɫɨɨɬɜɟɬɫɬɜɭɟɬ ɨɩɪɟɞɟɥɟɧɧɨɦɭ ɪɚɡɪɟɲɟɧɢɸ. ɇɚɩɪɢɦɟɪ, ɋɋ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢɦɟɟɬ ɩɪɚɜɨ ɫɨɡɞɚɬɶ ɜɫɟ ɞɨɱɟɪɧɢɟ ɨɛɴɟɤɬɵ. ɉɨɫɥɟɞɧɢɟ ɞɜɟ ɛɭɤɜɵ ɜ Ⱥɋȿ ɡɚɩɢɫɢ ɨɬɧɨɫɹɬɫɹ ɤ ɝɪɭɩɩɟ ɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɸ, ɤɨɬɨɪɵɣ ɢɦɟɟɬ ɪɚɡɪɟɲɟɧɢɹ DA, ɬ.ɟ. ɨɬɧɨɫɢɬɫɹ ɤ ɝɪɭɩɩɟ Domain Admins. ȿɫɥɢ ɪɚɡɪɟɲɟɧɢɹ ɧɚɡɧɚɱɟɧɵ ɩɨɥɶɡɨɜɚɬɟɥɸ ɢɥɢ ɝɪɭɩɩɟ, ɤɨɬɨɪɚɹ ɧɟ ɢɦɟɟɬ ɢɡɜɟɫɬɧɨɝɨ ɢɞɟɧɬɢɮɢɤɚɬɨɪɚ SID, ɬɨ ɩɨɫɥɟɞɧɹɹ ɱɚɫɬɶ ɤɚɠɞɨɣ ɡɚɩɢɫɢ Ⱥɋȿ ɫɨɞɟɪɠɢɬ SID ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɝɪɭɩɩɵ. (ɑɬɨɛɵ ɭɜɢɞɟɬɶ ɩɨɥɧɵɣ ɫɩɢɫɨɤ ɜɫɟɯ ɜɨɡɦɨɠɧɵɯ ɪɚɡɪɟɲɟɧɢɣ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɛɵɬɶ ɧɚɡɧɚɱɟɧɵ ɜ ɡɚɩɢɫɹɯ Ⱥɋȿ, ɩɪɨɫɦɨɬɪɢɬɟ ɫɩɪɚɜɨɱɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɞɥɹ ɤɨɦɚɧɞɵ DsAcls, ɫɨɩɪɨɜɨɠɞɚɸɳɭɸ ɢɧɫɬɪɭɦɟɧɬɵ Active Directory. ɂɧɫɬɪɭɦɟɧɬ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ DsAcls ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɢɥɢ ɭɞɚɥɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɤ ɥɸɛɨɦɭ ɨɛɴɟɤɬɭ ɜ Active Directory).
. 9-5.
Ldp.exe
ɉɨɫɥɟ ɫɬɪɨɤ ɬɚɤɨɝɨ ɬɢɩɚ ɢɧɮɨɪɦɚɰɢɢ ɢɧɫɬɪɭɦɟɧɬ Ldp.exe ɞɚɫɬ ɛɨɥɟɟ ɩɨɧɹɬɧɨɟ ɨɛɴɹɫɧɟɧɢɟ ɤɚɠɞɨɣ ɡɚɩɢɫɢ Ⱥɋȿ. ɇɚɩɪɢɦɟɪ, ɞɥɹ ɫɬɪɨɤɢ, ɩɪɢɜɟɞɟɧɧɨɣ ɜɵɲɟ, ɷɬɨ ɛɭɞɟɬ ɜɵɝɥɹɞɟɬɶ ɬɚɤ: А [ ] А Т : 0x0 - ACCESS_ALLOWED_ACE_TYPE А Size: 36 bytes А Flags: 0x0 А Mask: OxOOOfOiff DELETE READ CONTROL WRITE DAC WRITE_OWNER ACTRL DS CREATE_CHILD ACTRL DS DELETE CHILD ACTRL DS LIST ACTRL DS SELF ACTRL DS READ_PROP ACTRL DS WRITE_PROP ACTRL_DS_DELETE_TREE ACTRL_DS_UST_OBJECT ACTRL_DS_CONTROL_ACCESS Ace Sid: Contoso\Domain Admins S-1 -5-21 -602162358-688789844-1957994488-512
ɋɥɭɠɛɚ Active Directory Windows Server 2003 ɢɫɩɨɥɶɡɭɟɬ ɫɬɚɬɢɱɟɫɤɭɸ ɦɨɞɟɥɶ ɧɚɫɥɟɞɨɜɚɧɢɹ ɪɚɡɪɟɲɟɧɢɣ. Ʉɨɝɞɚ ɢɡɦɟɧɹɟɬɫɹ ɪɚɡɪɟɲɟɧɢɟ ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɨɛɴɟɤɬɟ ɜ ɫɬɪɭɤɬɭɪɟ Active Directory, ɬɨ ɨɧɨ ɪɚɫɫɱɢɬɵɜɚɟɬɫɹ ɢ ɩɪɢɦɟɧɹɟɬɫɹ ɤ ɞɟɫɤɪɢɩɬɨɪɭ ɡɚɳɢɬɵ ɜɫɟɯ ɨɛɴɟɤɬɨɜ, ɧɚɯɨɞɹɳɢɯɫɹ ɜ ɷɬɨɦ ɤɨɧɬɟɣɧɟɪɟ. ȿɫɥɢ ɢɡɦɟɧɹɸɬɫɹ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɜɵɫɲɟɦ ɭɪɨɜɧɟ ɢ ɩɪɢɦɟɧɹɸɬɫɹ ɤɨ ɜɫɟɦ ɞɨɱɟɪɧɢɦ ɨɛɴɟɤɬɚɦ, ɬɨ ɜɵɱɢɫɥɟɧɢɟ ɧɨɜɨɝɨ ɫɩɢɫɤɚ ACL ɞɥɹ ɤɚɠɞɨɝɨ ɨɛɴɟɤɬɚ ɦɨɠɟɬ ɛɵɬɶ ɡɧɚɱɢɬɟɥɶɧɨɣ ɧɚɝɪɭɡɤɨɣ ɧɚ ɩɪɨɰɟɫɫɨɪ. Ɉɞɧɚɤɨ ɷɬɨ ɧɟ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɪɚɡɪɟɲɟɧɢɹ ɧɟ ɞɨɥɠɧɵ ɪɚɫɫɱɢɬɵɜɚɬɶɫɹ ɩɨɜɬɨɪɧɨ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢɥɢ ɩɪɨɰɟɫɫ ɨɛɪɚɳɚɸɬɫɹ ɤ ɨɛɴɟɤɬɭ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɜɫɟ ɪɚɡɪɟɲɟɧɢɹ ɜ Active Directory ɧɚɫɥɟɞɭɸɬɫɹ. Ȼɨɥɶɲɢɧɫɬɜɨ ɪɚɡɪɟɲɟɧɢɣ, ɭɫɬɚɧɨɜɥɟɧɧɵɯ ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɭɪɨɜɧɟ, ɧɚɫɥɟɞɭɟɬɫɹ ɜɫɟɦɢ ɨɛɴɟɤɬɚɦɢ ɜ ɩɪɟɞɟɥɚɯ ɷɬɨɝɨ
ɤɨɧɬɟɣɧɟɪɚ, ɜɤɥɸɱɚɹ ɞɪɭɝɢɟ ɤɨɧɬɟɣɧɟɪɧɵɟ ɨɛɴɟɤɬɵ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢɦɟɟɬ ɪɚɡɪɟɲɟɧɢɟ ɫɨɡɞɚɜɚɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ OU, ɨɧ ɬɚɤɠɟ ɦɨɠɟɬ ɫɨɡɞɚɜɚɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɜ ɥɸɛɨɣ ɞɨɱɟɪɧɟɣ OU ɜ ɩɪɟɞɟɥɚɯ ɷɬɨɣ OU. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɜɵ, ɜɟɪɨɹɬɧɨ, ɩɪɢɦɟɬɟ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɧɚɫɥɟɞɨɜɚɧɢɟ ɪɚɡɪɟɲɟɧɢɣ. ȿɫɥɢ ɜɵ ɪɚɡɪɚɛɨɬɚɥɢ ɫɜɨɸ ɫɬɪɭɤɬɭɪɭ OU ɫ ɰɟɥɶɸ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ, ɬɨ ɧɭɠɧɨ ɫɨɡɞɚɬɶ OU-ɫɬɪɭɤɬɭ-ɪɭ, ɜ ɤɨɬɨɪɨɣ ɧɚ ɜɵɫɲɟɦ ɢɟɪɚɪɯɢɱɟɫɤɨɦ ɭɪɨɜɧɟ ɩɪɟɞɨɫɬɚɜɥɹɸɬɫɹ ɪɚɡɪɟɲɟɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ, ɧɭɠɞɚɸɳɢɦɫɹ ɜ ɪɚɡɪɟɲɟɧɢɹɯ ɤɨ ɜɫɟɦ ɨɛɴɟɤɬɚɦ Active Directory. ɉɨ ɦɟɪɟ ɩɪɨɞɜɢɠɟɧɢɹ ɜɧɢɡ ɩɨ ɢɟɪɚɪɯɢɢ ɜɵ ɦɨɠɟɬɟ ɧɚɡɧɚɱɚɬɶ ɪɚɡɪɟɲɟɧɢɹ ɞɥɹ ɞɪɭɝɢɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ, ɤɨɬɨɪɵɟ ɞɨɥɠɧɵ ɢɦɟɬɶ ɤɨɧɬɪɨɥɶ ɧɚɞ ɦɟɧɶɲɟɣ ɱɚɫɬɶɸ ɞɨɦɟɧɚ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɦɨɠɧɨ ɛɥɨɤɢɪɨɜɚɬɶ ɥɸɛɵɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɪɚɡɪɟɲɟɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɜɵɫɨɤɨɝɨ ɭɪɨɜɧɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɧɨɣ ɞɨɱɟɪɧɟɣ OU. ɇɚɩɪɢɦɟɪ, ɜɵ ɫɨɡɞɚɥɢ ɞɨɱɟɪɧɸɸ OU ɞɥɹ ɮɢɥɢɚɥɚ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ ɢ ɞɚɥɢ ɥɨɤɚɥɶɧɨɣ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɣ ɝɪɭɩɩɟ ɩɨɥɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɧɚɞ ɷɬɨɣ OU. ȼɨɡɦɨɠɧɨ, ɜɵ ɧɟ ɯɨɬɢɬɟ, ɱɬɨɛɵ ɷɬɢ ɥɨɤɚɥɶɧɵɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɢɦɟɥɢ ɞɨɫɬɭɩ ɤ ɭɱɟɬɧɵɦ ɡɚɩɢɫɹɦ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɩɪɟɞɫɬɚɜɥɹɸɳɢɯ ɢɫɩɨɥɧɢɬɟɥɶɧɭɸ ɜɥɚɫɬɶ ɜ ɷɬɨɣ OU. ȼɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ OU Executives (Ɋɭɤɨɜɨɞɫɬɜɨ) ɜ ɩɪɟɞɟɥɚɯ OU-ɮɢɥɢɚɥɚ, ɚ ɡɚɬɟɦ ɛɥɨɤɢɪɨɜɚɬɶ ɧɚɫɥɟɞɨɜɚɧɢɟ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɭɪɨɜɧɟ Executives OU. ɑɬɨɛɵ ɛɥɨɤɢɪɨɜɚɬɶ ɧɚɫɥɟɞɨɜɚɧɢɟ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɨɛɴɟɤɬɟ Active Directory, ɨɛɪɚɬɢɬɟɫɶ ɤ ɨɤɧɭ Advanced Security Settings ɞɥɹ ɞɚɧɧɨɝɨ ɨɛɴɟɤɬɚ (ɫɦ. ɪɢɫ. 9-2). Ɂɚɬɟɦ ɨɱɢɫɬɢɬɟ ɨɩɰɢɸ Allow Inheritable Permissions From The Parent To Propagate To This Object And All Child Objects (Ɋɚɡɪɟɲɢɬɶ ɧɚɫɥɟɞɨɜɚɧɧɵɦ ɪɚɡɪɟɲɟɧɢɹɦ ɪɚɫɩɪɨɫɬɪɚɧɹɬɶɫɹ ɨɬ ɪɨɞɢɬɟɥɹ ɤ ɷɬɨɦɭ ɨɛɴɟɤɬɭ ɢ ɜɫɟɦ ɞɨɱɟɪɧɢɦ ɨɛɴɟɤɬɚɦ). ɉɨɫɥɟ ɨɱɢɫɬɤɢ ɷɬɨɣ ɨɩɰɢɢ ɜɚɦ ɛɭɞɟɬ ɩɪɟɞɫɬɚɜɥɟɧɚ ɨɩɰɢɹ, ɩɨɡɜɨɥɹɸɳɚɹ ɤɨɩɢɪɨɜɚɬɶ ɫɭɳɟɫɬɜɭɸɳɢɟ ɪɚɡɪɟɲɟɧɢɹ ɢɥɢ ɭɞɚɥɹɬɶ ɪɚɡɪɟɲɟɧɢɹ ɩɟɪɟɞ ɹɜɧɵɦ ɧɚɡɧɚɱɟɧɢɟɦ ɧɨɜɵɯ ɪɚɡɪɟɲɟɧɢɣ (ɫɦ. ɪɢɫ. 9-6).
.
9-6.
,
ɉɨɫɥɟ ɛɥɨɤɢɪɨɜɤɢ ɧɚɫɥɟɞɨɜɚɧɢɹ ɜɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɨɛɴɟɤɬɚɯ. Ȼɥɨɤɢɪɨɜɤɚ ɧɚɫɥɟɞɨɜɚɧɢɹ ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɫɥɟɞɫɬɜɢɣ. • Ɋɚɡɪɟɲɟɧɢɹ ɛɥɨɤɢɪɭɸɬɫɹ ɞɥɹ ɨɛɴɟɤɬɚ ɢ ɥɸɛɵɯ ɞɨɱɟɪɧɢɯ ɨɛɴɟɤɬɨɜ. ȼɵ ɧɟ ɦɨɠɟɬɟ ɛɥɨɤɢɪɨɜɚɬɶ ɧɚɫɥɟɞɨɜɚɧɢɟ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɭɪɨɜɧɟ, ɚ ɡɚɬɟɦ ɩɨɜɬɨɪɧɨ ɩɪɢɦɟɧɹɬɶ ɧɚɫɥɟɞɨɜɚɧɢɟ ɨɬ ɛɨɥɟɟ ɜɵɫɨɤɨɝɨ ɤɨɧɬɟɣɧɟɪɚ ɧɚ ɛɨɥɟɟ ɧɢɡɤɢɣ ɭɪɨɜɟɧɶ. • ȿɫɥɢ ɜɵ ɪɟɲɢɬɟ ɤɨɩɢɪɨɜɚɬɶ ɪɚɡɪɟɲɟɧɢɹ ɩɟɪɟɞ ɦɨɞɢɮɢɤɚɰɢɟɣ, ɧɚɫɥɟɞɨɜɚɧɢɟ ɪɚɡɪɟɲɟɧɢɣ ɧɚɱɢɧɚɟɬɫɹ ɬɚɦ, ɝɞɟ ɜɵ ɛɥɨɤɢɪɭɟɬɟ ɪɚɡɪɟɲɟɧɢɹ. ȿɫɥɢ ɜɵ ɢɡɦɟɧɢɬɟ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɛɨɥɟɟ ɜɵɫɨɤɨɦ ɭɪɨɜɧɟ, ɪɚɡɪɟɲɟɧɢɹ ɧɟ ɛɭɞɭɬ ɭɧɚɫɥɟɞɨɜɚɧɵ ɜ ɨɛɯɨɞ ɛɥɨɤɢɪɨɜɚɧɧɵɯ ɪɚɡɪɟɲɟɧɢɣ. • ɍ ɜɚɫ ɧɟɬ ɛɨɥɶɲɨɝɨ ɜɵɛɨɪɚ ɬɨɝɨ, ɤɚɤɢɟ ɪɚɡɪɟɲɟɧɢɹ ɛɭɞɭɬ ɛɥɨɤɢɪɨɜɚɧɵ. Ʉɨɝɞɚ ɜɵ ɛɥɨɤɢɪɭɟɬɟ ɪɚɡɪɟɲɟɧɢɹ, ɬɨ ɜɫɟ ɧɚɫɥɟɞɨɜɚɧɧɵɟ ɪɚɡɪɟɲɟɧɢɹ ɬɚɤɠɟ ɛɥɨɤɢɪɭɸɬɫɹ. Ɋɚɡɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɧɚɡɧɚɱɟɧɵ ɧɚ ɨɛɴɟɤɬ ɢɥɢ ɞɨɱɟɪɧɢɟ ɨɛɴɟɤɬɵ ɹɜɧɨ, ɧɟ ɛɥɨɤɢɪɭɸɬɫɹ. . , « » , . , OU . Domain Admins ACL OU, Domain Admins ɬɟɥɶɫɬɜɚɯ, ɢ ɜ OU ɧɟ ɛɭɞɟɬ ɝɪɭɩɩ ɫ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɦ ɭɩɪɚɜɥɟɧɢɟɦ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɝɪɭɩɩɚ Domain Admins ɜɫɟɝɞɚ ɦɨɠɟɬ ɜɡɹɬɶ ɨɛɴɟɤɬ ɜ ɫɨɛɫɬɜɟɧɧɨɫɬɶ ɢ ɩɨɜɬɨɪɧɨ ɧɚɡɧɚɱɢɬɶ ɪɚɡɪɟɲɟɧɢɹ.
Ʉɚɤ ɨɩɢɫɚɧɨ ɜ ɷɬɨɣ ɝɥɚɜɟ ɤ ɧɚɫɬɨɹɳɟɦɭ ɦɨɦɟɧɬɭ, ɩɨɥɶɡɨɜɚɬɟɥɶ ɦɨɠɟɬ ɩɨɥɭɱɢɬɶ ɪɚɡɪɟɲɟɧɢɹ ɤ ɨɛɴɟɤɬɭ ɜ Active Directory ɧɟɫɤɨɥɶɤɢɦɢ ɫɩɨɫɨɛɚɦɢ. • ɍɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɦɨɠɧɨ ɩɪɟɞɨɫɬɚɜɢɬɶ ɹɜɧɵɟ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɨɛɴɟɤɬɭ. • Ɉɞɧɨɣ ɢɥɢ ɛɨɥɟɟ ɝɪɭɩɩɚɦ, ɤ ɤɨɬɨɪɵɦ ɩɪɢɧɚɞɥɟɠɢɬ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɦɨɠɧɨ ɩɪɟɞɨɫɬɚɜɢɬɶ ɹɜɧɵɟ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɨɛɴɟɤɬɭ. • ɍɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɝɪɭɩɩɚɦ, ɤ ɤɨɬɨɪɵɦ ɩɪɢɧɚɞɥɟɠɢɬ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɦɨɝɭɬ ɛɵɬɶ ɞɚɧɵ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɭɪɨɜɧɟ ɤɨɧɬɟɣɧɟɪɧɨɝɨ ɨɛɴɟɤɬɚ ɢ ɪɚɡɪɟɲɟɧɢɹ, ɭɧɚɫɥɟɞɨɜɚɧɧɵɟ ɨɛɴɟɤɬɚɦɢ ɧɢɡɲɟɝɨ ɭɪɨɜɧɹ. ȼɫɟ ɪɚɡɪɟɲɟɧɢɹ ɫɭɦɦɢɪɭɸɬɫɹ, ɬ.ɟ. ɩɨɥɶɡɨɜɚɬɟɥɸ ɩɪɟɞɨɫɬɚɜɥɹɟɬɫɹ ɫɚɦɵɣ ɜɵɫɨɤɢɣ ɭɪɨɜɟɧɶ ɪɚɡɪɟɲɟɧɢɣ ɨɬ ɥɸɛɨɣ ɢɡ ɷɬɢɯ ɤɨɧɮɢɝɭɪɚɰɢɣ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɸ ɹɜɧɨ ɞɚɧɨ ɪɚɡɪɟɲɟɧɢɟ Read (ɑɬɟɧɢɹ) ɤ ɨɩɪɟɞɟɥɟɧɧɨɦɭ ɨɛɴɟɤɬɭ, ɩɪɢ ɷɬɨɦ ɨɧ ɩɪɢɧɚɞɥɟɠɢɬ ɤ ɝɪɭɩɩɟ ɫ ɪɚɡɪɟɲɟɧɢɟɦ Modify (ɂɡɦɟɧɹɬɶ) ɢ ɝɪɭɩɩɟ ɫ ɪɚɡɪɟɲɟɧɢɟɦ Full Control (ɉɨɥɧɨɟ ɭɩɪɚɜɥɟɧɢɟ) ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɭɪɨɜɧɟ, ɬɨ ɷɬɨɬ ɩɨɥɶɡɨɜɚɬɟɥɶ ɛɭɞɟɬ ɢɦɟɬɶ ɪɚɡɪɟɲɟɧɢɟ Full Control. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɨɛɪɚɳɚɟɬɫɹ ɤ ɨɛɴɟɤɬɭ, ɩɨɞɫɢɫɬɟɦɚ ɡɚɳɢɬɵ ɢɫɫɥɟɞɭɟɬ ɜɫɟ ɡɚɩɢɫɢ Ⱥɋȿ, ɤɨɬɨɪɵɟ ɩɪɢɤɪɟɩɥɟɧɵ ɤ ɨɛɴɟɤɬɭ. Ɉɧɢ ɨɰɟɧɢɜɚɸɬɫɹ, ɢ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɫɚɦɵɣ ɜɵɫɨɤɢɣ ɭɪɨɜɟɧɶ ɪɚɡɪɟɲɟɧɢɹ. ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɡɚɩɢɫɹɦ Ⱥɋȿ, ɤɨɬɨɪɵɟ ɩɪɟɞɨɫɬɚɜɥɹɸɬ ɪɚɡɪɟɲɟɧɢɹ, Active Directory ɩɨɞɞɟɪɠɢɜɚɟɬ ɬɚɤɠɟ ɛɥɨɤɢɪɨɜɚɧɢɟ ɪɚɡɪɟɲɟɧɢɣ. Ȼɥɨɤɢɪɨɜɚɧɢɟ ɪɚɡɪɟɲɟɧɢɣ ɦɨɠɟɬ ɩɪɢɦɟɧɹɬɶɫɹ ɧɚ ɞɜɭɯ ɭɪɨɜɧɹɯ. • ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɨɦɭ ɨɛɴɟɤɬɭ ɢɥɢ ɝɪɭɩɩɟ, ɤ ɤɨɬɨɪɨɣ ɩɪɢɧɚɞɥɟɠɢɬ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɦɨɠɟɬ ɛɵɬɶ ɛɥɨɤɢɪɨɜɚɧɨ ɪɚɡɪɟɲɟɧɢɟ ɧɚ ɞɨɫɬɭɩ ɤ ɨɩɪɟɞɟɥɟɧɧɨɦɭ ɨɛɴɟɤɬɭ ɹɜɧɨ. • ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɨɦɭ ɨɛɴɟɤɬɭ ɢɥɢ ɝɪɭɩɩɟ, ɤ ɤɨɬɨɪɨɣ ɩɪɢɧɚɞɥɟɠɢɬ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɦɨɠɟɬ ɛɵɬɶ ɛɥɨɤɢɪɨɜɚɧɨ ɪɚɡɪɟɲɟɧɢɟ ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɭɪɨɜɧɟ, ɢ ɨɧɨ ɦɨɠɟɬ ɛɵɬɶ ɭɧɚɫɥɟɞɨɜɚɧɨ ɨɛɴɟɤɬɚɦɢ ɧɢɡɲɟɝɨ ɭɪɨɜɧɹ. Ȼɥɨɤɢɪɨɜɚɧɢɟ ɪɚɡɪɟɲɟɧɢɹ (Deny) ɜɫɟɝɞɚ ɨɬɦɟɧɹɟɬ ɪɚɡɪɟɲɟɧɢɟ (Allow). ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɹɜɥɹɟɬɫɹ ɱɥɟɧɨɦ ɝɪɭɩɩɵ, ɤɨɬɨɪɚɹ ɢɦɟɟɬ ɪɚɡɪɟɲɟɧɢɟ Modify ɞɥɹ ɨɛɴɟɤɬɚ Active Directory, ɢ ɟɫɥɢ ɪɚɡɪɟɲɟɧɢɟ Modify ɤ ɷɬɨɦɭ ɨɛɴɟɤɬɭ ɹɜɧɨ ɛɥɨɤɢɪɨɜɚɧɨ ɞɥɹ ɞɚɧɧɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɬɨ ɨɧ ɧɟ ɫɦɨɠɟɬ ɢɡɦɟɧɹɬɶ ɨɛɴɟɤɬ. ɗɬɨ ɩɪɨɢɫɯɨɞɢɬ ɩɨɬɨɦɭ, ɱɬɨ ɡɚɩɢɫɢ Ⱥɋȿ, ɤɨɬɨɪɵɟ ɛɥɨɤɢɪɭɸɬ ɪɚɡɪɟɲɟɧɢɹ, ɨɰɟɧɢɜɚɸɬɫɹ ɩɟɪɟɞ ɨɰɟɧɤɨɣ ɡɚɩɢɫɟɣ Ⱥɋȿ, ɤɨɬɨɪɵɟ ɩɨɡɜɨɥɹɸɬ ɪɚɡɪɟɲɟɧɢɹ. ȿɫɥɢ ɨɞɧɚ ɢɡ ɡɚɩɢɫɟɣ Ⱥɋȿ ɛɥɨɤɢɪɭɟɬ ɪɚɡɪɟɲɟɧɢɟ ɭɱɚɫɬɧɢɤɭ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɬɨ ɞɪɭɝɢɟ ɡɚɩɢɫɢ Ⱥɋȿ ɞɥɹ ɞɚɧɧɨɝɨ ɨɛɴɟɤɬɚ ɧɟ ɨɰɟɧɢɜɚɸɬɫɹ. ɋɢɬɭɚɰɢɹ, ɜ ɤɨɬɨɪɨɣ ɪɚɡɪɟɲɟɧɢɹ ɨɬɦɟɧɹɸɬ ɛɥɨɤɢɪɨɜɚɧɢɟ ɪɚɡɪɟɲɟɧɢɹ, ɜɨɡɧɢɤɚɟɬ ɬɨɝɞɚ, ɤɨɝɞɚ ɪɚɡɪɟɲɟɧɢɹ Deny ɭɧɚɫɥɟɞɨɜɚɧɵ, ɚ ɪɚɡɪɟɲɟɧɢɹ Allow ɧɚɡɧɚɱɟɧɵ ɹɜɧɨ. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɛɥɨɤɢɪɨɜɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ ɪɚɡɪɟɲɟɧɢɟ ɢɡɦɟɧɹɬɶ ɥɸɛɵɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɤɨɧɬɟɣɧɟɪɟ. ɇɨ ɟɫɥɢ ɜɵ ɹɜɧɨ ɩɨɡɜɨɥɢɬɟ ɪɚɡɪɟɲɟɧɢɟ Modify ɞɥɹ ɨɛɴɟɤɬɭ ɜ ɩɪɟɞɟɥɚɯ ɤɨɧɬɟɣɧɟɪɚ, ɬɨ ɞɚɧɧɚɹ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɛɭɞɟɬ ɢɦɟɬɶ ɪɚɡɪɟɲɟɧɢɟ Modify ɞɥɹ ɷɬɨɝɨ ɨɛɴɟɤɬɚ.
:
ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɛɥɨɤɢɪɨɜɚɧɢɹ ɪɚɡɪɟɲɟɧɢɹ ɦɨɠɟɬ ɩɪɢɜɟɫɬɢ ɤ ɬɨɦɭ, ɱɬɨ ɪɚɛɨɬɚɬɶ ɫ ɦɨɞɟɥɶɸ ɡɚɳɢɬɵ ɜɚɲɟɣ ɫɥɭɠɛɵ Active Directory ɛɭɞɟɬ ɨɱɟɧɶ ɬɪɭɞɧɨ. ȿɫɬɶ ɦɧɨɠɟɫɬɜɨ ɪɚɡɥɢɱɧɵɯ ɫɰɟɧɚɪɢɟɜ, ɜ ɤɨɬɨɪɵɯ ɜɵ ɦɨɠɟɬɟ ɩɪɟɞɭɫɦɨɬɪɟɬɶ ɛɥɨɤɢɪɨɜɤɭ ɪɚɡɪɟɲɟɧɢɹ. Ɉɞɢɧ ɢɡ ɧɢɯ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɜɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ Deny (Ɂɚɩɪɟɬɢɬɶ) ɞɥɹ ɭɞɚɥɟɧɢɹ ɧɟɤɨɬɨɪɵɯ ɭɧɚɫɥɟɞɨɜɚɧɧɵɯ ɪɚɡɪɟɲɟɧɢɣ. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɩɪɟɞɨɫɬɚɜɢɬɶ ɪɚɡɪɟɲɟɧɢɹ Modify ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɭɪɨɜɧɟ, ɧɨ ɡɚɦɟɧɢɬɶ ɟɝɨ ɧɚ Read-Only (Ɍɨɥɶɤɨ ɞɥɹ ɱɬɟɧɢɹ) ɞɚɥɟɟ ɜɧɢɡ ɩɨ ɢɟɪɚɪɯɢɢ. ȼ ɷɬɨɦ ɠɟ ɫɰɟɧɚɪɢɢ ɜɵ ɦɨɠɟɬɟ ɛɥɨɤɢɪɨɜɚɬɶ ɪɚɡɪɟɲɟɧɢɟ Write ɧɚ ɥɸɛɵɯ ɨɛɴɟɤɬɚɯ ɢɥɢ ɫɜɨɣɫɬɜɚɯ ɞɚɥɟɟ ɜɧɢɡ ɩɨ ɢɟɪɚɪɯɢɢ. ȿɳɟ ɨɞɧɢɦ ɫɰɟɧɚɪɢɟɦ, ɜ ɤɨɬɨɪɨɦ ɦɨɠɧɨ ɛɵɥɨ ɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ Deny, ɹɜɥɹɟɬɫɹ ɫɨɡɞɚɧɢɟ ɤɨɧɬɟɣɧɟɪɚ, ɬɪɟɛɭɸɳɟɝɨ ɛɨɥɟɟ ɜɵɫɨɤɨɣ ɡɚɳɢɬɵ. ɇɚɩɪɢɦɟɪ, ɢɦɟɟɬɫɹ ɤɨɧɬɟɣɧɟɪ ɞɥɹ ɜɫɟɯ ɞɨɥɠɧɨɫɬɧɵɯ ɥɢɰ, ɢ ɧɭɠɧɨ ɫɞɟɥɚɬɶ ɬɚɤ, ɱɬɨɛɵ ɨɛɵɱɧɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɟ ɫɦɨɝ ɱɢɬɚɬɶ ɫɜɨɣɫɬɜɚ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɞɨɥɠɧɨɫɬɧɵɯ ɥɢɰ. ȼɵ ɦɨɠɟɬɟ ɛɥɨɤɢɪɨɜɚɬɶ ɪɚɡɪɟɲɟɧɢɟ Read ɞɥɹ ɤɨɧɬɟɣɧɟɪɚ, ɢɫɩɨɥɶɡɭɹ ɝɪɭɩɩɭ Domain Users (ɉɨɥɶɡɨɜɚɬɟɥɢ ɞɨɦɟɧɚ). ȼ ɪɟɡɭɥɶɬɚɬɟ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɛɭɞɟɬ ɡɚɩɪɟɳɟɧɨ ɱɢɬɚɬɶ ɨɛɴɟɤɬɵ ɤɚɬɚɥɨɝɚ, ɜɤɥɸɱɚɹ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ. ɂɡ-ɡɚ ɨɫɥɨɠɧɟɧɢɣ, ɤɨɬɨɪɵɟ ɦɨɠɟɬ ɜɵɡɜɚɬɶ ɢɫɩɨɥɶɡɨɜɚɧɢɟ Deny, ɜɵ ɞɨɥɠɧɵ ɩɪɢɦɟɧɹɬɶ ɷɬɭ ɨɩɰɢɸ ɫ ɨɫɬɨɪɨɠɧɨɫɬɶɸ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɜɦɟɫɬɨ ɛɥɨɤɢɪɨɜɤɢ ɪɚɡɪɟɲɟɧɢɣ ɦɨɠɧɨ ɭɞɨɫɬɨɜɟɪɢɬɶɫɹ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɸ ɢɥɢ ɝɪɭɩɩɟ ɧɟ ɛɵɥɢ ɞɚɧɵ ɷɬɢ ɪɚɡɪɟɲɟɧɢɹ. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɪɢ ɷɬɨɦ ɧɟ ɹɜɥɹɟɬɫɹ ɱɥɟɧɨɦ ɝɪɭɩɩɵ, ɤɨɬɨɪɨɣ ɛɵɥɢ ɩɪɟɞɨɫɬɚɜɥɟɧɵ ɪɚɡɪɟɲɟɧɢɹ, ɨɧ ɧɟ ɛɭɞɟɬ ɢɦɟɬɶ ɞɨɫɬɭɩɚ ɤ ɨɛɴɟɤɬɚɦ. ȼɚɦ ɧɟ ɨɛɹɡɚɬɟɥɶɧɨ ɛɥɨɤɢɪɨɜɚɬɶ ɪɚɡɪɟɲɟɧɢɟ ɞɥɹ ɩɪɟɞɨɬɜɪɚɳɟɧɢɹ ɞɨɫɬɭɩɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɤ ɨɛɴɟɤɬɚɦ Active Directory.
Ɉɞɢɧ ɢɡ ɧɟɦɧɨɝɢɯ ɫɰɟɧɚɪɢɟɜ, ɜ ɤɨɬɨɪɵɯ ɜɵɝɨɞɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ Deny, ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɝɪɭɩɩɚ ɞɨɥɠɧɚ ɢɦɟɬɶ ɨɩɪɟɞɟɥɟɧɧɵɟ ɪɚɡɪɟɲɟɧɢɹ, ɚ ɨɞɢɧ ɢɥɢ ɛɨɥɟɟ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɷɬɨɣ ɠɟ ɝɪɭɩɩɵ ɞɨɥɠɧɵ ɢɦɟɬɶ ɪɚɡɪɟɲɟɧɢɹ ɛɨɥɟɟ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɝɪɭɩɩɭ ɩɨ ɢɦɟɧɢ Account Admins, ɤɨɬɨɪɚɹ ɨɬɜɟɱɚɟɬ ɡɚ ɭɩɪɚɜɥɟɧɢɟ ɜɫɟɦɢ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɞɨɦɟɧɟ. ɇɟɤɨɬɨɪɵɟ ɱɥɟɧɵ ɷɬɨɣ ɝɪɭɩɩɵ ɦɨɝɭɬ ɛɵɬɶ ɜɪɟɦɟɧɧɵɦɢ ɫɥɭɠɚɳɢɦɢ, ɤɨɬɨɪɵɟ ɞɨɥɠɧɵ ɭɩɪɚɜɥɹɬɶ ɜɫɟɦɢ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɞɨɦɟɧɟ, ɧɨ ɧɟ ɢɦɟɸɬ ɩɪɚɜɚ ɢɡɦɟɧɹɬɶ ɫɜɨɣɫɬɜɚ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɞɨɥɠɧɨɫɬɧɵɯ ɥɢɰ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɜɵ ɦɨɠɟɬɟ ɧɚɡɧɚɱɢɬɶ ɝɪɭɩɩɟ Account Admins ɪɚɡɪɟɲɟɧɢɟ ɭɩɪɚɜɥɹɬɶ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɞɨɦɟɧɟ, ɡɚɬɟɦ ɫɨɡɞɚɬɶ OU ɞɥɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɞɨɥɠɧɨɫɬɧɵɯ ɥɢɰ ɢ ɝɪɭɩɩɭ ɞɥɹ ɜɪɟɦɟɧɧɵɯ ɱɥɟɧɨɜ ɝɪɭɩɩɵ Account Admins. Ɂɚɬɟɦ ɦɨɠɧɨ ɡɚɛɥɨɤɢɪɨɜɚɬɶ ɩɪɚɜɨ ɜɪɟɦɟɧɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɡɦɟɧɹɬɶ ɤɚɤɢɟ-ɥɢɛɨ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ OU ɞɨɥɠɧɨɫɬɧɵɯ ɥɢɰ. Ɍɚɤɢɦ ɨɛɪɚɡɨɦ, ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɡɚɳɢɬɵ ɨɛɴɟɤɬɨɜ Active Directory ɦɨɠɟɬ ɡɚɬɪɚɝɢɜɚɬɶ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɜɡɚɢɦɨɫɜɹɡɚɧɧɵɯ ɩɟɪɟɦɟɧɧɵɯ. Ɇɧɨɝɢɟ ɤɨɦɩɚɧɢɢ ɦɨɝɭɬ ɧɚɱɢɧɚɬɶ ɫ ɞɨɜɨɥɶɧɨ ɩɪɨɫɬɨɝɨ ɩɪɨɟɤɬɚ ɡɚɳɢɬɵ, ɜ ɤɨɬɨɪɨɦ ɦɚɥɟɧɶɤɨɣ ɝɪɭɩɩɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɩɪɟɞɨɫɬɚɜɥɹɸɬɫɹ ɜɫɟ ɪɚɡɪɟɲɟɧɢɹ ɜ Active Directory. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɧɚɱɚɥɶɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ ɡɚɳɢɬɵ Active Directory ɹɫɧɨ ɡɚɞɨɤɭɦɟɧɬɢɪɨɜɚɧɚ. Ɉɞɧɚɤɨ ɫɨ ɜɪɟɦɟɧɟɦ ɨɧɚ ɫɬɚɧɨɜɢɬɫɹ ɛɨɥɟɟ ɡɚɩɭɬɚɧɧɨɣ. ɂɧɨɝɞɚ ɞɪɭɝɨɣ ɝɪɭɩɩɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɩɪɟɞɨɫɬɚɜɥɹɟɬɫɹ ɧɚɛɨɪ ɪɚɡɪɟɲɟɧɢɣ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɨɩɪɟɞɟɥɟɧɧɨɣ ɡɚɞɚɱɢ ɜ ɬɟɱɟɧɢɟ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɩɟɪɢɨɞɚ ɜɪɟɦɟɧɢ. ɉɪɟɞɨɫɬɚɜɢɬɶ ɪɚɡɪɟɲɟɧɢɟ ɩɪɨɫɬɨ, ɧɨ ɱɚɫɬɨ ɫɥɭɱɚɟɬɫɹ ɬɚɤ, ɱɬɨ ɜɩɨɫɥɟɞɫɬɜɢɢ ɪɚɡɪɟɲɟɧɢɹ ɡɚɛɵɜɚɸɬ ɭɞɚɥɢɬɶ. ɑɚɫɬɨ ɦɨɞɢɮɢɤɚɰɢɢ ɡɚɳɢɬɵ, ɫɞɟɥɚɧɧɵɟ ɩɨɫɥɟ ɧɚɱɚɥɶɧɨɝɨ ɪɚɡɜɟɪɬɵɜɚɧɢɹ Active Directory, ɧɟ ɞɨɤɭɦɟɧɬɢɪɭɸɬɫɹ. Ⱦɥɹ ɥɸɛɨɣ ɫɬɪɭɤɬɭɪɵ Active Directory ɫɭɳɟɫɬɜɭɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɬɨɝɨ, ɱɬɨ ɬɟɤɭɳɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ ɡɚɳɢɬɵ ɨɤɚɠɟɬɫɹ ɛɨɥɟɟ ɫɥɨɠɧɨɣ, ɱɟɦ ɩɟɪɜɨɧɚɱɚɥɶɧɨ ɪɚɡɪɚɛɨɬɚɧɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ. ɂɧɨɝɞɚ ɷɬɨ ɤɨɧɱɚɟɬɫɹ ɬɟɦ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɢ ɢɦɟɸɬ ɛɨɥɶɲɟ ɪɚɡɪɟɲɟɧɢɣ, ɱɟɦ ɫɥɟɞɭɟɬ. Ʉ ɫɱɚɫɬɶɸ, ɜ Windows Server 2003 ɟɫɬɶ ɢɧɫɬɪɭɦɟɧɬ, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɮɚɤɬɢɱɟɫɤɢɯ ɪɚɡɪɟɲɟɧɢɣ, ɩɪɟɞɫɬɚɜɥɟɧɧɵɯ ɭɱɚɫɬɧɢɤɭ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɨɛɴɟɤɬɚɦ Active Directory. Ɉɛɪɚɬɢɬɟɫɶ ɤ ɫɜɨɣɫɬɜɚɦ ɨɛɴɟɤɬɚ ɱɟɪɟɡ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory. ȼɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Security (Ȼɟɡɨɩɚɫɧɨɫɬɶ), ɳɟɥɤɧɢɬɟ ɧɚ Advanced (Ⱦɨɩɨɥɧɢɬɟɥɶɧɨ), ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Effective Permissions (Ɏɚɤɬɢɱɟɫɤɢɟ ɪɚɡɪɟɲɟɧɢɹ). ɇɚ ɪɢɫɭɧɤɟ 9-7 ɩɨɤɚɡɚɧɨ ɨɤɧɨ ɢɧɫɬɪɭɦɟɧɬɚ Active Directory Users And Computers. ɑɬɨɛɵ ɨɩɪɟɞɟɥɢɬɶ ɮɚɤɬɢɱɟɫɤɢɟ ɪɚɡɪɟɲɟɧɢɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɝɪɭɩɩɵ, ɳɟɥɤɧɢɬɟ Select (ȼɵɛɨɪɏ ɚ ɡɚɬɟɦ ɧɚɣɞɢɬɟ ɢɦɹ ɝɪɭɩɩɵ ɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȼɵɛɪɚɜ ɢɦɹ, ɳɟɥɤɧɢɬɟ ɧɚ ɈɄ. Ɉɤɧɨ Effective Permissions (Ɏɚɤɬɢɱɟɫɤɢɟ ɪɚɡɪɟɲɟɧɢɹ) ɨɬɨɛɪɚɠɚɟɬ ɜɫɟ ɪɚɡɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɟ ɩɪɟɞɨɫɬɚɜɥɟɧɵ ɜɵɛɪɚɧɧɨɦɭ ɭɱɚɫɬɧɢɤɭ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɥɹ ɞɨɫɬɭɩɚ ɤ ɞɚɧɧɨɦɭ ɨɛɴɟɤɬɭ Active Directory. ɉɪɢɦɟɱɚɧɢɟ. Ⱦɚɧɧɵɣ ɢɧɫɬɪɭɦɟɧɬ ɢɦɟɟɬ ɧɟɤɨɬɨɪɵɟ ɨɝɪɚɧɢɱɟɧɢɹ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɜɥɢɹɬɶ ɧɚ ɨɬɨɛɪɚɠɚɟɦɵɟ ɮɚɤɬɢɱɟɫɤɢɟ ɪɚɡɪɟɲɟɧɢɹ. ɂɧɫɬɪɭɦɟɧɬ ɨɩɪɟɞɟɥɹɟɬ ɮɚɤɬɢɱɟɫɤɢɟ ɪɚɡɪɟɲɟɧɢɹ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɧɚɫɥɟɞɨɜɚɧɢɢ ɢ ɹɜɧɨ ɨɩɪɟɞɟɥɟɧɧɵɯ ɪɚɡɪɟɲɟɧɢɹɯ ɞɥɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢ ɟɝɨ ɝɪɭɩɩɵ. Ɉɞɧɚɤɨ ɩɨɥɶɡɨɜɚɬɟɥɶ ɦɨɠɟɬ ɬɚɤɠɟ ɩɨɥɭɱɢɬɶ ɧɟɤɨɬɨɪɵɟ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɨɫɧɨɜɚɧɢɢ ɬɨɝɨ, ɤɚɤ ɨɧ ɜɯɨɞɢɬ ɜ ɫɢɫɬɟɦɭ ɢ ɫɨɟɞɢɧɹɟɬɫɹ ɫ ɨɛɴɟɤɬɨɦ. ɇɚɩɪɢɦɟɪ, ɜ Windows Server 2003 ɜɵ ɦɨɠɟɬɟ ɧɚɡɧɚɱɚɬɶ ɪɚɡɪɟɲɟɧɢɹ ɞɥɹ ɝɪɭɩɩɵ Interactive (ɱɥɟɧɨɦ ɷɬɨɣ ɝɪɭɩɩɵ ɫɬɚɧɨɜɢɬɫɹ ɤɚɠɞɵɣ, ɤɬɨ cɞɟɥɚɥ ɜɯɨɞ ɧɚ ɤɨɦɩɶɸɬɟɪ) ɢɥɢ ɝɪɭɩɩɵ Network Login (ɤɚɠɞɵɣ, ɤɬɨ ɨɛɪɚɳɚɟɬɫɹ ɤ ɢɧɮɨɪɦɚɰɢɢ ɩɨ ɫɟɬɢ). Ɉɩɢɫɚɧɧɵɣ ɜɵɲɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory ɧɟ ɦɨɠɟɬ ɨɩɪɟɞɟɥɹɬɶ ɪɚɡɪɟɲɟɧɢɹ, ɩɪɟɞɨɫɬɚɜɥɟɧɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɸ ɧɚ ɨɫɧɨɜɚɧɢɢ ɩɪɢɧɚɞɥɟɠɧɨɫɬɢ ɤ ɷɬɢɦ ɬɢɩɚɦ ɝɪɭɩɩ. Ʉɪɨɦɟ ɬɨɝɨ, ɨɧ ɦɨɠɟɬ ɨɩɪɟɞɟɥɹɬɶ ɪɚɡɪɟɲɟɧɢɹ, ɢɫɩɨɥɶɡɭɹ ɬɨɥɶɤɨ ɪɚɡɪɟɲɟɧɢɹ ɱɟɥɨɜɟɤɚ, ɜɵɩɨɥɧɹɸɳɟɝɨ ɢɧɫɬɪɭɦɟɧɬ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɤɨɬɨɪɵɣ ɜɵɩɨɥɧɹɟɬ ɢɧɫɬɪɭɦɟɧɬ, ɧɟ ɢɦɟɟɬ ɪɚɡɪɟɲɟɧɢɹ ɱɢɬɚɬɶ ɫɨɫɬɚɜ ɧɟɤɨɬɨɪɵɯ ɝɪɭɩɩ, ɤ ɤɨɬɨɪɵɦ ɩɪɢɧɚɞɥɟɠɢɬ ɢɧɬɟɪɟɫɭɸɳɢɣ ɟɝɨ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɬɨ ɢɧɫɬɪɭɦɟɧɬ ɧɟ ɫɩɨɫɨɛɟɧ ɬɨɱɧɨ ɨɩɪɟɞɟɥɢɬɶ ɪɚɡɪɟɲɟɧɢɹ.
. 9-7.
Active Directory
Active Directory
К
Active ,
Directory ,
. ,
. В
. В ,
, ,
ɱɟɧɢɟ - ɷɬɨ ɤɨɝɞɚ ɨɛɴɟɤɬ ɫɨɡɞɚɧ ɱɥɟɧɨɦ ɝɪɭɩɩɵ Domain Admins. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɜɥɚɞɟɥɶɰɟɦ ɨɛɴɟɤɬɚ ɧɚɡɧɚɱɚɟɬɫɹ ɝɪɭɩɩɚ Domain Admins. ȿɫɥɢ ɜɥɚɞɟɥɟɰ ɨɛɴɟɤɬɚ ɹɜɥɹɟɬɫɹ ɱɥɟɧɨɦ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɵ Administrators, a ɧɟ ɱɥɟɧɨɦ ɝɪɭɩɩɵ Domain Admins, ɬɨ ɜɥɚɞɟɥɶɰɟɦ ɨɛɴɟɤɬɚ ɧɚɡɧɚɱɚɟɬɫɹ ɝɪɭɩɩɚ Administrators. ɑɬɨɛɵ ɨɩɪɟɞɟɥɢɬɶ ɜɥɚɞɟɥɶɰɚ ɨɛɴɟɤɬɚ Active Directory, ɨɛɪɚɬɢɬɟɫɶ ɤ ɫɜɨɣɫɬɜɚɦ ɨɛɴɟɤɬɚ, ɢɫɩɨɥɶɡɭɹ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɢɧɫɬɪɭɦɟɧɬ Active Directory. ȼɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Security (Ȼɟɡɨɩɚɫɧɨɫɬɶ), ɳɟɥɤɧɢɬɟ ɧɚ Advanced (Ⱦɨɩɨɥɧɢɬɟɥɶɧɨ), ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Owner (ȼɥɚɞɟɥɟɰ). ɇɚ ɪɢɫɭɧɤɟ 9-8 ɩɨɤɚɡɚɧɨ ɨɤɧɨ ɢɧɫɬɪɭɦɟɧɬɚ Active Directory Users And Computers. . Е
. 9-8.
Active Directory
ȿɫɥɢ ɜɵ ɢɦɟɟɬɟ ɪɚɡɪɟɲɟɧɢɟ Modify Owner (Ɇɨɞɢɮɢɤɚɰɢɹ ɜɥɚɞɟɥɶɰɚ) ɞɥɹ ɨɛɴɟɤɬɚ, ɜɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɷɬɨ ɨɤɧɨ ɞɥɹ ɢɡɦɟɧɟɧɢɹ ɜɥɚɞɟɥɶɰɚ ɨɛɴɟɤɬɚ. ȼɵ ɦɨɠɟɬɟ ɧɚɡɧɚɱɢɬɶ ɜɥɚɞɟɥɶɰɟɦ ɫɜɨɸ ɫɨɛɫɬɜɟɧɧɭɸ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ, ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɞɪɭɝɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɝɪɭɩɩɭ. ɗɬɚ ɩɨɫɥɟɞɧɹɹ ɜɨɡɦɨɠɧɨɫɬɶ ɭɧɢɤɚɥɶɧɚ ɞɥɹ Active Directory Windows Server 2003. ȼ Active Directory ɫɢɫɬɟɦɵ Microsoft Windows 2000 ɜɵ ɫɚɦɢ ɦɨɠɟɬɟ ɫɬɚɬɶ ɜɥɚɞɟɥɶɰɟɦ ɢɥɢ ɧɚɡɧɚɱɚɬɶ ɜɥɚɞɟɥɶɰɟɦ ɞɪɭɝɨɝɨ ɭɱɚɫɬɧɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ. Ⱥɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɪɚɡɪɟɲɟɧɢɹ ɹɜɥɹɸɬɫɹ ɫɩɟɰɢɮɢɱɟɫɤɢɦɢ ɞɥɹ ɨɛɴɟɤɬɨɜ Active Directory ɢ ɨɩɪɟɞɟɥɹɸɬ, ɤɚɤɢɟ ɞɟɣɫɬɜɢɹ ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɦɨɠɟɬ ɜɵɩɨɥɧɹɬɶ ɫ ɷɬɢɦɢ ɨɛɴɟɤɬɚɦɢ. Ɋɚɡɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɟ ɨɛɫɭɠɞɚɥɢɫɶ ɞɨ ɫɢɯ ɩɨɪ, ɨɫɧɨɜɚɧɵ ɧɚ ɫɩɢɫɤɚɯ ACL, ɩɪɢɥɨɠɟɧɧɵɯ ɤ ɤɚɠɞɨɦɭ ɨɛɴɟɤɬɭ Active Directory. ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɪɢɜɢɥɟɝɢɢ ɨɬɥɢɱɚɸɬɫɹ ɬɟɦ, ɱɬɨ ɨɧɢ ɩɪɢɦɟɧɹɸɬɫɹ ɤ ɭɱɟɬɧɵɦ ɡɚɩɢɫɹɦ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɪɢɜɢɥɟɝɢɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɨɥɭɱɚɟɬ ɡɚ ɬɨ, ɤɟɦ ɨɧ ɹɜɥɹɟɬɫɹ, ɚ ɧɟ ɡɚ ɬɨ, ɱɬɨ ɨɧ ɢɦɟɟɬ ɪɚɡɪɟɲɟɧɢɹ ɢɡɦɟɧɹɬɶ ɫɩɟɰɢɮɢɱɟɫɤɢɣ ɨɛɴɟɤɬ Active Directory. ɇɚɩɪɢɦɟɪ, ɟɫɬɶ ɞɜɚ ɫɩɨɫɨɛɚ ɞɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ (ɢɥɢ ɝɪɭɩɩɟ) ɩɪɚɜɨ ɞɨɛɚɜɥɹɬɶ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ ɤ ɞɨɦɟɧɭ. Ɉɞɢɧ ɫɩɨɫɨɛ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɞɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ (ɢɥɢ ɝɪɭɩɩɟ) ɪɚɡɪɟɲɟɧɢɟ Create Computer Objects (ɋɨɡɞɚɧɢɟ ɤɨɦɩɶɸɬɟɪɧɵɯ ɨɛɴɟɤɬɨɜ) ɧɚ ɭɪɨɜɧɟ OU ɢɥɢ ɤɨɧɬɟɣɧɟɪɚ Computers (Ʉɨɦɩɶɸɬɟɪɵ). ɗɬɨ ɩɨɡɜɨɥɢɬ ɩɨɥɶɡɨɜɚɬɟɥɸ ɞɨɛɚɜɢɬɶ ɧɟɨɛɯɨɞɢɦɨɟ ɤɨɥɢɱɟɫɬɜɨ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ ɤ ɞɨɦɟɧɭ ɜ ɭɤɚɡɚɧɧɨɦ ɤɨɧɬɟɣɧɟɪɟ. Ⱦɪɭɝɨɣ ɫɩɨɫɨɛ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɞɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ ɩɪɢɜɢɥɟɝɢɸ ɞɨɛɚɜɥɟɧɢɹ ɤɨɦɩɶɸɬɟɪɨɜ ɤ ɞɨɦɟɧɭ. Ɉɧɚ ɹɜɥɹɟɬɫɹ ɱɚɫɬɶɸ ɩɨɥɢɬɢɤɢ Default Domain Controllers Policy (Ɂɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɥɢɬɢɤɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ). Ʌɸɛɨɣ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɢɦɟɸɳɢɣ ɷɬɭ ɩɪɢɜɢɥɟɝɢɸ, ɦɨɠɟɬ ɞɨɛɚɜɢɬɶ ɤ ɞɨɦɟɧɭ ɞɨ ɞɟɫɹɬɢ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɷɬɨ ɪɚɡɪɟɲɟɧɢɟ ɩɪɟɞɨɫɬɚɜɥɹɟɬɫɹ ɝɪɭɩɩɟ Domain Users (ɉɨɥɶɡɨɜɚɬɟɥɢ ɞɨɦɟɧɚ).
ȼɚɠɧɵɦ ɚɫɩɟɤɬɨɦ ɨɛɟɫɩɟɱɟɧɢɹ ɛɟɡɨɩɚɫɧɨɫɬɢ ɫɥɭɠɛɵ Active Directory ɹɜɥɹɟɬɫɹ ɫɨɡɞɚɧɢɟ ɬɳɚɬɟɥɶɧɨ ɫɩɥɚɧɢɪɨɜɚɧɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɡɚɳɢɬɵ ɜɫɟɝɨ ɞɨɦɟɧɚ. ɗɬɨɬ ɩɥɚɧ ɞɨɥɠɟɧ ɹɫɧɨ ɢ ɬɨɱɧɨ ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤɢɟ ɪɚɡɪɟɲɟɧɢɹ ɞɨɥɠɧɚ ɢɦɟɬɶ ɤɚɠɞɚɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɚɹ ɝɪɭɩɩɚ. Ⱦɪɭɝɢɦ ɫɭɳɟɫɬɜɟɧɧɵɦ ɤɨɦɩɨɧɟɧɬɨɦ ɡɚɳɢɬɵ ɞɨɦɟɧɚ ɹɜɥɹɟɬɫɹ ɚɭɞɢɬ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɷɬɢɯ ɪɚɡɪɟɲɟɧɢɣ. Ⱥɭɞɢɬ ɫɥɭɠɢɬ ɞɨɫɬɢɠɟɧɢɸ ɞɜɭɯ ɰɟɥɟɣ. ȼɨ-ɩɟɪɜɵɯ, ɨɧ ɨɛɟɫɩɟɱɢɜɚɟɬ ɫɜɢɞɟɬɟɥɶɫɬɜɨ ɢɡɦɟɧɟɧɢɣ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɫɞɟɥɚɧɵ ɤ ɤɚɬɚɥɨɝɭ. ȿɫɥɢ ɜ ɤɚɬɚɥɨɝɟ ɛɵɥɢ ɫɞɟɥɚɧɵ ɢɡɦɟɧɟɧɢɹ, ɜɵ ɞɨɥɠɧɵ ɩɪɨɫɥɟɞɢɬɶ, ɤɬɨ ɢɯ ɫɞɟɥɚɥ. ɗɬɨ ɨɫɨɛɟɧɧɨ ɜɚɠɧɨ, ɟɫɥɢ ɜ ɢɧɮɨɪɦɚɰɢɢ ɞɨɦɟɧɚ ɩɪɨɢɡɜɟɞɟɧɵ ɧɟɩɪɚɜɢɥɶɧɵɟ ɢɥɢ ɡɥɨɧɚɦɟɪɟɧɧɵɟ ɢɡɦɟɧɟɧɢɹ. ȼɬɨɪɨɣ ɰɟɥɶɸ ɚɭɞɢɬɚ ɹɜɥɹɟɬɫɹ ɨɛɟɫɩɟɱɟɧɢɟ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɩɪɨɜɟɪɤɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɩɪɚɜ, ɩɪɢɦɟɧɹɟɦɵɯ ɩɨ ɜɫɟɦɭ ɞɨɦɟɧɭ. ɉɟɪɢɨɞɢɱɟɫɤɢ ɢɫɫɥɟɞɭɹ ɪɟɝɢɫɬɪɚɰɢɨɧɧɵɟ ɠɭɪɧɚɥɵ ɚɭɞɢɬɚ, ɜɵ ɫɦɨɠɟɬɟ ɨɩɪɟɞɟɥɢɬɶ, ɩɪɢɦɟɧɹɟɬ ɥɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɚɜɚ ɬɨɬ, ɤɬɨ ɧɟ ɞɨɥɠɟɧ ɢɯ ɢɦɟɬɶ. ȼɤɥɸɱɟɧɢɟ ɚɭɞɢɬɚ ɢɡɦɟɧɟɧɢɣ, ɫɞɟɥɚɧɧɵɯ ɞɥɹ ɨɛɴɟɤɬɨɜ Active Directory, ɫɨɫɬɨɢɬ ɢɡ ɞɜɭɯ ɲɚɝɨɜ. ɉɟɪɜɵɣ ɲɚɝ ɫɨɫɬɨɢɬ ɜɨ ɜɤɥɸɱɟɧɢɢ ɚɭɞɢɬɚ ɧɚ ɭɪɨɜɧɟ OU Domain Controllers (Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ). ɗɬɨ ɞɟɥɚɟɬɫɹ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Domain Controller Security Policy (ɉɨɥɢɬɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ). ɇɚ ɤɨɧɫɨɥɢ Microsoft Management Console (ɆɆɋ) ɜɵɛɟɪɢɬɟ ɨɫɧɚɫɬɤɭ File>Add/ Remove (Ɏɚɣɥ>Ⱦɨɛɚɜɥɟɧɢɟ/ɍɞɚɥɟɧɢɟ), ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Add (Ⱦɨɛɚɜɢɬɶ), ɚ ɡɚɬɟɦ ɞɨɛɚɜɶɬɟ Group Policy Object Editor (Ɋɟɞɚɤɬɨɪ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ). ȼ Group Policy Wizard (Ɇɚɫɬɟɪ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ), ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Browse (ɉɪɨɫɦɨɬɪ), ɡɚɬɟɦ ɬɪɢɠɞɵ ɳɟɥɤɧɢɬɟ ɧɚ Domain Controllers.domainname.com (ɝɞɟ domainname — ɢɦɹ ɞɨɦɟɧɚ, ɜ ɤɨɬɨɪɨɦ ɜɵ ɜɤɥɸɱɚɟɬɟ ɚɭɞɢɬ). ɇɚ ɪɢɫɭɧɤɟ 9-9 ɩɨɤɚɡɚɧɚ ɡɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɤɨɧɮɢɝɭɪɚɰɢɹ ɚɭɞɢɬɚ ɜ Active Directory Windows Server 2003.
. 9-9.
Default Domain Controllers
ȿɫɥɢ ɧɭɠɧɨ ɩɪɨɢɡɜɨɞɢɬɶ ɚɭɞɢɬ ɢɡɦɟɧɟɧɢɣ ɞɥɹ ɨɛɴɟɤɬɨɜ Active Directory, ɜɵ ɞɨɥɠɧɵ ɝɚɪɚɧɬɢɪɨɜɚɬɶ, ɱɬɨ ɜɤɥɸɱɟɧɚ ɮɭɧɤɰɢɹ Audit Account Management (Ⱥɭɞɢɬ ɭɩɪɚɜɥɟɧɢɹ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ). ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɜɫɟ ɦɨɞɢɮɢɤɚɰɢɢ, ɫɞɟɥɚɧɧɵɟ ɞɥɹ ɨɛɴɟɤɬɨɜ Active Directory, ɦɨɝɭɬ ɛɵɬɶ ɩɪɨɜɟɪɟɧɵ. ȼɵ ɦɨɠɟɬɟ ɞɟɥɚɬɶ ɚɭɞɢɬ ɭɫɩɟɲɧɵɯ ɢɡɦɟɧɟɧɢɣ ɤ Active Directory, ɚ ɬɚɤɠɟ ɧɟɭɞɚɜɲɢɯɫɹ ɩɨɩɵɬɨɤ ɢɡɦɟɧɟɧɢɹ Active Directory. ɉɨ ɭɦɨɥɱɚɧɢɸ ɫɥɭɠɛɚ Active Directory Windows Server 2003 ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ ɞɥɹ ɩɪɨɜɟɞɟɧɢɹ ɚɭɞɢɬɚ ɜɫɟɯ ɭɫɩɟɲɧɵɯ ɞɟɣɫɬɜɢɣ ɩɨ ɭɩɪɚɜɥɟɧɢɸ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ. Ɋɚɡɪɟɲɟɧɢɟ ɚɭɞɢɬɚ ɧɚ ɭɪɨɜɧɟ OU ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɹɜɥɹɟɬɫɹ ɩɟɪɜɵɦ ɲɚɝɨɦ ɜ ɩɪɟɞɨɫɬɚɜɥɟɧɢɢ ɚɭɞɢɬɚ. ɗɬɨ ɞɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɚɭɞɢɬ ɞɥɹ ɪɟɚɥɶɧɵɯ ɨɛɴɟɤɬɨɜ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɜ ɩɪɟɞɟɥɚɯ ɞɚɧɧɨɝɨ ɞɨɦɟɧɚ. ɑɬɨɛɵ ɪɚɡɪɟɲɢɬɶ ɚɭɞɢɬ ɨɛɴɟɤɬɚ Active Directory, ɨɛɪɚɬɢɬɟɫɶ ɤ ɨɤɧɭ Properties (ɋɜɨɣɫɬɜɚ) ɷɬɨɝɨ ɨɛɴɟɤɬɚ ɱɟɪɟɡ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɢɧɫɬɪɭɦɟɧɬ Active Directory. Ɂɚɬɟɦ ɜɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Security (Ȼɟɡɨɩɚɫɧɨɫɬɶ), ɳɟɥɤɧɢɬɟ ɧɚ Advanced (Ⱦɨɩɨɥɧɢɬɟɥɶɧɨ) ɢ ɜɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Auditing (Ⱥɭɞɢɬ). ɇɚ ɪɢɫɭɧɤɟ 9-10 ɩɨɤɚɡɚɧɨ ɨɤɧɨ ɢɧɫɬɪɭɦɟɧɬɚ Active Directory Users And Computers ɢ ɡɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɭɫɬɚɧɨɜɤɚ ɞɥɹ ɚɭɞɢɬɚ OU ɜ Active Directory.
. 9-10.
Active Directory
ɑɬɨɛɵ ɞɨɛɚɜɢɬɶ ɛɨɥɶɲɟ ɡɚɩɢɫɟɣ ɞɥɹ ɚɭɞɢɬɚ, ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Add (Ⱦɨɛɚɜɢɬɶ) ɢ ɜɵɛɟɪɢɬɟ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɥɢ ɝɪɭɩɩɵ, ɞɟɣɫɬɜɢɹ ɤɨɬɨɪɵɯ ɜɵ ɯɨɬɢɬɟ ɤɨɧɬɪɨɥɢɪɨɜɚɬɶ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɜɵ ɞɨɥɠɧɵ ɜɵɛɪɚɬɶ ɝɪɭɩɩɭ Everyone, ɱɬɨɛɵ ɦɨɞɢɮɢɤɚɰɢɢ, ɫɞɟɥɚɧɧɵɟ ɥɸɛɵɦ ɩɨɥɶɡɨɜɚɬɟɥɟɦ, ɩɨɞɜɟɪɝɚɥɢɫɶ ɚɭɞɢɬɭ. Ɂɚɬɟɦ ɜɵ ɦɨɠɟɬɟ ɜɵɛɪɚɬɶ, ɤɚɤɢɟ ɞɟɣɫɬɜɢɹ ɜɵ ɯɨɬɢɬɟ ɩɨɞɜɟɪɝɚɬɶ ɚɭɞɢɬɭ. ȼɵ ɦɨɠɟɬɟ ɞɟɥɚɬɶ ɚɭɞɢɬ ɜɫɟɯ ɦɨɞɢɮɢɤɚɰɢɣ, ɫɞɟɥɚɧɧɵɯ ɞɥɹ ɥɸɛɨɝɨ ɨɛɴɟɤɬɚ ɜ ɤɨɧɬɟɣɧɟɪɟ, ɞɥɹ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɬɢɩɚ ɨɛɴɟɤɬɨɜ ɢɥɢ ɞɥɹ ɨɩɪɟɞɟɥɟɧɧɵɯ ɫɜɨɣɫɬɜ ɨɛɴɟɤɬɨɜ. ȼɵ ɦɨɠɟɬɟ ɞɨɩɭɫɬɢɬɶ ɚɭɞɢɬ ɜɫɟɯ ɭɫɩɟɲɧɵɯ ɦɨɞɢɮɢɤɚɰɢɣ, ɜɫɟɯ ɧɟɭɞɚɜɲɢɯɫɹ ɩɨɩɵɬɨɤ ɦɨɞɢɮɢɤɚɰɢɢ ɢɥɢ ɨɛɚ ɜɚɪɢɚɧɬɚ. ȿɫɥɢ ɜɵ ɜɤɥɸɱɢɬɟ ɚɭɞɢɬ ɜɫɟɯ ɭɫɩɟɲɧɵɯ ɦɨɞɢɮɢɤɚɰɢɣ, ɜɵ ɛɭɞɟɬɟ ɨɬɫɥɟɠɢɜɚɬɶ ɜɫɟ ɢɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɤ ɤɚɬɚɥɨɝɭ. ȿɫɥɢ ɜɵ ɜɤɥɸɱɢɬɟ ɚɭɞɢɬ ɧɟɭɞɚɜɲɢɯɫɹ ɩɨɩɵɬɨɤ ɦɨɞɢɮɢɤɚɰɢɣ, ɜɵ ɫɦɨɠɟɬɟ ɤɨɧɬɪɨɥɢɪɨɜɚɬɶ ɥɸɛɵɟ ɧɟɡɚɤɨɧɧɵɟ ɩɨɩɵɬɤɢ ɢɡɦɟɧɢɬɶ ɢɧɮɨɪɦɚɰɢɸ ɤɚɬɚɥɨɝɚ. Ʉɚɤ ɬɨɥɶɤɨ ɚɭɞɢɬ ɜɤɥɸɱɟɧ, ɜɫɟ ɤɨɧɬɪɨɥɶɧɵɟ ɫɨɛɵɬɢɹ ɡɚɩɢɫɵɜɚɸɬɫɹ ɜ ɮɚɣɥɟ ɪɟɝɢɫɬɪɚɰɢɢ Security, ɞɨɫɬɭɩɧɨɦ ɱɟɪɟɡ ɢɧɫɬɪɭɦɟɧɬ Event Viewer (ɋɪɟɞɫɬɜɨ ɩɪɨɫɦɨɬɪɚ ɫɨɛɵɬɢɣ). Ɋɚɡɪɟɲɟɧɢɟ ɚɭɞɢɬɚ ɞɟɥɚɟɬɫɹ ɩɪɨɫɬɨ. ɍɩɪɚɜɥɹɬɶ ɚɭɞɢɬɨɦ ɝɨɪɚɡɞɨ ɫɥɨɠɧɟɟ. ȿɫɥɢ ɜɵ ɪɚɡɪɟɲɚɟɬɟ ɚɭɞɢɬ ɜɫɟɯ ɦɨɞɢɮɢɤɚɰɢɣ ɤɚɬɚɥɨɝɚ ɧɚ ɭɪɨɜɧɟ OU ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɬɨ ɮɚɣɥ ɪɟɝɢɫɬɪɚɰɢɢ Security ɛɭɞɟɬ ɪɚɫɬɢ ɨɱɟɧɶ ɛɵɫɬɪɨ. ɉɨɱɬɢ ɜɫɟ ɫɨɛɵɬɢɹ ɛɭɞɭɬ ɡɚɤɨɧɧɵɦɢ ɢɡɦɟɧɟɧɢɹɦɢ, ɢ ɧɟ ɛɭɞɭɬ ɩɪɟɞɫɬɚɜɥɹɬɶ ɞɥɹ ɜɚɫ ɧɢɤɚɤɨɝɨ ɢɧɬɟɪɟɫɚ, ɤɪɨɦɟ ɤɚɤ ɨɬɫɥɟɠɢɜɚɧɢɟ ɫɨɛɵɬɢɣ. Ɉɞɧɚɤɨ ɫɪɟɞɢ ɡɚɤɨɧɧɵɯ ɢɡɦɟɧɟɧɢɣ ɦɨɠɟɬ ɛɵɬɶ ɪɚɡɛɪɨɫɚɧɨ ɧɟɫɤɨɥɶɤɨ ɢɡɦɟɧɟɧɢɣ, ɨ ɤɨɬɨɪɵɯ ɜɵ ɞɨɥɠɧɵ ɡɧɚɬɶ. ɉɪɨɛɥɟɦɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɫɪɟɞɢ ɛɨɥɶɲɨɝɨ ɤɨɥɢɱɟɫɬɜɚ ɨɛɵɱɧɵɯ ɫɨɛɵɬɢɣ ɧɚɣɬɢ ɧɟɫɤɨɥɶɤɨ ɢɧɬɟɪɟɫɧɵɯ ɤɨɧɬɪɨɥɶɧɵɯ ɫɨɛɵɬɢɣ. ȼ ɧɟɤɨɬɨɪɵɯ ɤɨɦɩɚɧɢɹɯ ɨɞɧɨɦɭ ɚɞɦɢɧɢɫɬɪɚɬɨɪɭ ɤɚɠɞɵɣ ɞɟɧɶ ɩɨɪɭɱɚɸɬ ɩɪɨɫɦɨɬɪ ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɵɯ ɫɨɛɵɬɢɣ. ɇɚɢɥɭɱɲɢɣ ɫɩɨɫɨɛ ɫɩɪɚɜɢɬɶɫɹ ɫ ɷɬɨɣ ɩɪɨɛɥɟɦɨɣ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɫɨɡɞɚɬɶ ɧɟɤɨɬɨɪɵɣ ɚɜɬɨɦɚɬɢɡɢɪɨɜɚɧɧɵɣ ɫɩɨɫɨɛ ɚɧɚɥɢɡɚ ɮɚɣɥɨɜ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ. Ⱦɪɭɝɨɣ ɩɭɬɶ ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɢɧɫɬɪɭɦɟɧɬɚ Microsoft Operations Manager (Ɇɟɧɟɞɠɟɪ ɨɩɟɪɚɰɢɣ) (ɨɬɞɟɥɶɧɨ ɩɪɨɞɚɜɚɟɦɵɣ ɩɪɨɞɭɤɬ) ɞɥɹ ɮɢɥɶɬɪɚɰɢɢ ɫɨɛɵɬɢɣ ɢ ɜɵɧɟɫɟɧɢɹ ɩɪɟɞɭɩɪɟɠɞɟɧɢɣ ɬɨɥɶɤɨ ɜ ɫɥɭɱɚɟ ɢɧɬɟɪɟɫɧɵɯ ɫɨɛɵɬɢɣ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. ȿɫɥɢ ɜɵ ɯɨɬɢɬɟ ɛɨɥɶɲɟ ɭɡɧɚɬɶ ɨ ɩɪɨɞɭɤɬɟ Microsoft Operations Manager (MOM), ɩɨɫɟɬɢɬɟ ɜɟɛ-ɫɚɣɬ http://www.microsoft.com/mom. MOM ɨɛɟɫɩɟɱɢɜɚɟɬ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɜɨɡɦɨɠɧɨɫɬɟɣ, ɤɨɬɨɪɵɟ ɜɵɯɨɞɹɬ ɞɚɥɟɤɨ ɡɚ ɩɪɟɞɟɥɵ ɩɪɨɛɥɟɦɵ ɤɨɧɬɪɨɥɹ ɠɭɪɧɚɥɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ.
ȼ ɷɬɨɣ ɝɥɚɜɟ ɦɵ ɢɦɟɟɦ ɞɟɥɨ ɫ ɝɚɪɚɧɬɢɟɣ ɛɟɡɨɩɚɫɧɨɫɬɢ ɨɛɴɟɤɬɨɜ Active Directory. ȼɫɟ ɫɤɚɡɚɧɧɨɟ ɞɨ ɫɢɯ ɩɨɪ ɹɜɥɹɥɨɫɶ ɩɨɞɝɨɬɨɜɤɨɣ ɤ ɞɚɧɧɨɦɭ ɪɚɡɞɟɥɭ, ɤɨɬɨɪɵɣ ɩɨɫɜɹɳɟɧ ɢɫɩɨɥɶɡɨɜɚɧɢɸ ɨɩɰɢɣ ɡɚɳɢɬɵ ɞɥɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ. ɉɨɫɤɨɥɶɤɭ ɜɫɟ ɨɛɴɟɤɬɵ ɜ Active Directory ɢɦɟɸɬ ACL-ɫɩɢɫɨɤ, ɜɵ ɦɨɠɟɬɟ ɭɩɪɚɜɥɹɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɦ ɞɨɫɬɭɩɨɦ ɤ ɥɸɛɨɦɭ ɫɜɨɣɫɬɜɭ ɥɸɛɨɝɨ ɨɛɴɟɤɬɚ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɵ ɦɨɠɟɬɟ ɩɪɟɞɨɫɬɚɜɥɹɬɶ ɞɪɭɝɢɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ Active Directory ɨɱɟɧɶ ɬɨɱɧɵɟ ɪɚɡɪɟɲɟɧɢɹ, ɱɬɨɛɵ ɨɧɢ ɦɨɝɥɢ ɜɵɩɨɥɧɹɬɶ ɬɨɥɶɤɨ ɞɟɥɟɝɢɪɨɜɚɧɧɵɟ ɢɦ ɡɚɞɚɱɢ. ɏɨɬɹ ɩɪɢ ɞɟɥɟɝɢɪɨɜɚɧɢɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɩɪɚɜ ɦɨɠɧɨ ɨɱɟɧɶ ɫɢɥɶɧɨ ɢɯ ɞɟɬɚɥɢɡɢɪɨɜɚɬɶ, ɧɟɨɛɯɨɞɢɦɨ ɩɨɞɞɟɪɠɢɜɚɬɶ ɪɚɜɧɨɜɟɫɢɟ ɦɟɠɞɭ ɫɨɯɪɚɧɟɧɢɟɦ ɦɚɤɫɢɦɚɥɶɧɨ ɜɨɡɦɨɠɧɨɣ ɩɪɨɫɬɨɬɵ ɜɟɳɟɣ ɢ ɭɞɨɜɥɟɬɜɨɪɟɧɢɟɦ ɬɪɟɛɨɜɚɧɢɣ ɛɟɡɨɩɚɫɧɨɫɬɢ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɪɚɡɪɟɲɟɧɢɣ ɜ Active Directory ɩɨɞɩɚɞɚɟɬ ɩɨɞ ɨɞɢɧ ɢɡ ɫɥɟɞɭɸɳɢɯ ɫɰɟɧɚɪɢɟɜ. • ɇɚɡɧɚɱɟɧɢɟ ɩɨɥɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ ɨɞɧɨɣ OU. Ⱦɨɜɨɥɶɧɨ ɬɢɩɢɱɧɚ ɫɢɬɭɚɰɢɹ, ɤɨɝɞɚ ɤɨɦɩɚɧɢɹ ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɨɮɢɫɨɜ ɫ ɥɨɤɚɥɶɧɵɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɦ ɜ ɤɚɠɞɨɦ ɨɮɢɫɟ, ɤɨɬɨɪɵɣ ɞɨɥɠɟɧ ɭɩɪɚɜɥɹɬɶ ɜɫɟɦɢ ɨɛɴɟɤɬɚɦɢ ɥɨɤɚɥɶɧɨɝɨ ɨɮɢɫɚ. ɗɬɨɬ ɜɚɪɢɚɧɬ ɦɨɠɟɬ ɬɚɤɠɟ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɤɨɦɩɚɧɢɹɦɢ, ɤɨɬɨɪɵɟ ɫɥɢɥɢ ɞɨɦɟɧɵ ɪɟɫɭɪɫɨɜ Windows NT ɜ OU ɨɞɧɨɝɨ ɞɨɦɟɧɚ Active Directory. ɉɪɟɠɧɢɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ ɞɨɦɟɧɨɜ ɪɟɫɭɪɫɨɜ ɦɨɠɧɨ ɞɚɬɶ ɩɨɥɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɜɫɟɦɢ ɨɛɴɟɤɬɚɦɢ, ɪɚɫɩɨɥɨɠɟɧɧɵɦɢ ɜ ɨɩɪɟɞɟɥɟɧɧɨɣ OU. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɷɬɨɣ ɨɩɰɢɢ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɦɨɠɧɨ ɩɪɚɤɬɢɱɟɫɤɢ ɩɨɥɧɨɫɬɶɸ ɞɟɰɟɧɬɪɚɥɢɡɨɜɚɬɶ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ, ɢɦɟɹ ɟɞɢɧɫɬɜɟɧɧɵɣ ɞɨɦɟɧ. • ɇɚɡɧɚɱɟɧɢɟ ɩɨɥɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ ɨɩɪɟɞɟɥɟɧɧɵɦɢ ɨɛɴɟɤɬɚɦɢ ɜ OU. ɗɬɨ ɪɚɡɧɨɜɢɞɧɨɫɬɶ ɩɟɪɜɨɝɨ ɫɰɟɧɚɪɢɹ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɤɨɦɩɚɧɢɹ ɦɨɠɟɬ ɢɦɟɬɶ ɧɟɫɤɨɥɶɤɨ ɨɮɢɫɨɜ, ɧɨ ɥɨɤɚɥɶɧɵɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɥɠɧɵ ɭɩɪɚɜɥɹɬɶ ɬɨɥɶɤɨ ɨɩɪɟɞɟɥɟɧɧɵɦɢ ɨɛɴɟɤɬɚɦɢ ɜ OU ɞɚɧɧɨɝɨ ɨɮɢɫɚ. ɇɚɩɪɢɦɟɪ, ɦɨɠɧɨ ɩɨɡɜɨɥɢɬɶ ɥɨɤɚɥɶɧɨɦɭ ɚɞɦɢɧɢɫɬɪɚɬɨɪɭ ɭɩɪɚɜɥɹɬɶ ɜɫɟɦɢ ɨɛɴɟɤɬɚɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ, ɧɨ ɧɟ ɤɨɦɩɶɸɬɟɪɧɵɦɢ ɨɛɴɟɤɬɚɦɢ. ȼ ɫɢɬɭɚɰɢɢ, ɤɨɝɞɚ ɞɨɦɟɧɵ ɪɟɫɭɪɫɨɜ ɫɬɚɥɢ ɨɪɝɚɧɢɡɚɰɢɨɧ-ɧɶɲɢ ɟɞɢɧɢɰɚɦɢ (OU), ɜɵ, ɜɨɡɦɨɠɧɨ, ɡɚɯɨɬɢɬɟ, ɱɬɨɛɵ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ OU ɭɩɪɚɜɥɹɥɢ ɜɫɟɦɢ ɤɨɦɩɶɸɬɟɪɧɵɦɢ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ ɢ
ɥɨɤɚɥɶɧɵɦɢ ɝɪɭɩɩɚɦɢ ɜ OU, ɧɨ ɧɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦɢ ɨɛɴɟɤɬɚɦɢ. • ɇɚɡɧɚɱɟɧɢɟ ɩɨɥɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ ɨɩɪɟɞɟɥɟɧɧɵɦɢ ɨɛɴɟɤɬɚɦɢ ɜɫɟɝɨ ɞɨɦɟɧɚ. ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɢɦɟɸɬ ɜɵɫɨɤɨ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ ɢ ɝɪɭɩɩɚɦɢ, ɤɨɝɞɚ ɬɨɥɶɤɨ ɨɞɧɚ ɝɪɭɩɩɚ ɢɦɟɟɬ ɪɚɡɪɟɲɟɧɢɟ ɞɨɛɚɜɥɹɬɶ ɢ ɭɞɚɥɹɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɝɪɭɩɩ ɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ȼ ɷɬɨɦ ɫɰɟɧɚɪɢɢ ɞɚɧɧɨɣ ɝɪɭɩɩɟ ɦɨɠɧɨ ɞɚɜɚɬɶ ɩɨɥɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɨɛɴɟɤɬɚɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɝɞɟ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ ɪɚɫɩɨɥɨɠɟɧɵ ɨɛɴɟɤɬɵ. ɗɬɨɬ ɫɰɟɧɚɪɢɣ ɞɨɜɨɥɶɧɨ ɬɢɩɢɱɟɧ ɞɥɹ ɤɨɦɩɚɧɢɢ ɫ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨɣ ɝɪɭɩɩɨɣ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ ɤɨɦɩɶɸɬɟɪɚɦɢ ɢ ɛɟɪɜɟɪɚɦɢ. Ʉɨɦɩɶɸɬɟɪɧɨɣ ɝɪɭɩɩɟ ɦɨɠɧɨ ɞɚɬɶ ɩɨɥɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɜɫɟɦɢ ɤɨɦɩɶɸɬɟɪɧɵɦɢ ɨɛɴɟɤɬɚɦɢ ɜ ɞɨɦɟɧɟ. • ɇɚɡɧɚɱɟɧɢɟ ɩɪɚɜ ɧɚ ɦɨɞɢɮɢɤɚɰɢɸ ɬɨɥɶɤɨ ɧɟɤɨɬɨɪɵɯ ɫɜɨɣɫɬɜ ɨɛɴɟɤɬɨɜ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɦɨɠɧɨ ɩɪɟɞɨɫɬɚɜɢɬɶ ɝɪɭɩɩɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɟ ɪɚɡɪɟɲɟɧɢɟ ɭɩɪɚɜɥɹɬɶ ɩɨɞɧɚɛɨɪɨɦ ɫɜɨɣɫɬɜ ɨɛɴɟɤɬɚ. ɇɚɩɪɢɦɟɪ, ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɩɚɪɨɥɢ ɞɥɹ ɜɫɟɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɧɨ ɧɟ ɢɦɟɬɶ ɞɪɭɝɢɯ ɪɚɡɪɟɲɟɧɢɣ. Ɉɬɞɟɥɭ ɤɚɞɪɨɜ ɦɨɠɧɨ ɞɚɬɶ ɪɚɡɪɟɲɟɧɢɟ ɧɚ ɦɨɞɢɮɢɤɚɰɢɸ ɥɢɱɧɨɣ ɢ ɨɬɤɪɵɬɨɣ ɢɧɮɨɪɦɚɰɢɢ, ɤɚɫɚɸɳɟɣɫɹ ɜɫɟɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɞɨɦɟɧɟ, ɧɨ ɧɟ ɞɚɜɚɬɶ ɪɚɡɪɟɲɟɧɢɟ ɧɚ ɫɨɡɞɚɧɢɟ ɢɥɢ ɭɞɚɥɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɇɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɷɬɢ ɨɩɰɢɢ ɢ ɥɸɛɭɸ ɢɯ ɤɨɦɛɢɧɚɰɢɸ ɜ Active Directory Windows Server 2003. Ɉɞɢɧ ɢɡ ɫɩɨɫɨɛɨɜ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɞɟɥɟɝɢɪɨɜɚɧɧɵɯ ɪɚɡɪɟɲɟɧɢɣ ɫɨɫɬɨɢɬ ɜ ɩɪɹɦɨɦ ɨɛɪɚɳɟɧɢɢ ɤ ɫɩɢɫɤɭ ACL ɞɥɹ ɨɛɴɟɤɬɚ ɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɢ ɪɚɡɪɟɲɟɧɢɣ. ɗɬɨ ɦɨɠɟɬ ɛɵɬɶ ɞɨɫɬɚɬɨɱɧɨ ɫɥɨɠɧɵɦ ɢɡ-ɡɚ ɛɨɥɶɲɨɝɨ ɱɢɫɥɚ ɞɨɫɬɭɩɧɵɯ ɨɩɰɢɣ ɢ ɪɟɚɥɶɧɨɣ ɜɨɡɦɨɠɧɨɫɬɢ ɫɞɟɥɚɬɶ ɨɲɢɛɤɭ. ɑɬɨɛɵ ɫɞɟɥɚɬɶ ɷɬɭ ɡɚɞɚɱɭ ɛɨɥɟɟ ɥɟɝɤɨɣ, Active Directory Windows Server 2003 ɜɤɥɸɱɚɟɬ Delegation Of Control Wizard (Ɇɚɫɬɟɪ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɭɩɪɚɜɥɟɧɢɹ). ɑɬɨɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ Delegation Of Control Wizard, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. Ɉɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Users And Computers ɢ ɧɚɣɞɢɬɟ ɪɨɞɢɬɟɥɶɫɤɢɣ ɨɛɴɟɤɬ, ɤɨɬɨɪɨɦɭ ɧɭɠɧɨ ɞɟɥɟɝɢɪɨɜɚɬɶ ɭɩɪɚɜɥɟɧɢɟ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɞɟɥɟɝɢɪɨɜɚɬɶ ɭɩɪɚɜɥɟɧɢɟ ɦɨɠɧɨ ɧɚ ɭɪɨɜɧɟ OU, ɞɨɦɟɧɚ ɢɥɢ ɤɨɧɬɟɣɧɟɪɚ, ɧɚɩɪɢɦɟɪ, ɧɚ ɭɪɨɜɧɟ ɤɨɧɬɟɣɧɟɪɨɜ Computers (Ʉɨɦɩɶɸɬɟɪɵ) ɢɥɢ Users (ɉɨɥɶɡɨɜɚɬɟɥɢ). ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɪɨɞɢɬɟɥɶɫɤɨɦ ɨɛɴɟɤɬɟ ɢ ɜɵɛɟɪɢɬɟ Delegate Control (Ⱦɟɥɟɝɢɪɨɜɚɬɶ ɭɩɪɚɜɥɟɧɢɟ). ɓɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Next (Ⱦɚɥɟɟ). 2. ɇɚ ɫɬɪɚɧɢɰɟ Users Or Groups (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢɥɢ ɝɪɭɩɩɵ) ɜɵɛɟɪɢɬɟ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɥɢ ɝɪɭɩɩɵ, ɤɨɬɨɪɵɦ ɜɵ ɯɨɬɢɬɟ ɞɟɥɟɝɢɪɨɜɚɬɶ ɭɩɪɚɜɥɟɧɢɟ. ɓɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Add (Ⱦɨɛɚɜɢɬɶ), ɱɬɨɛɵ ɩɪɨɫɦɨɬɪɟɬɶ Active Directory ɞɥɹ ɩɨɢɫɤɚ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɥɢ ɝɪɭɩɩ. 3. Ɂɚɬɟɦ ɜɵɛɟɪɢɬɟ ɡɚɞɚɱɢ, ɤɨɬɨɪɵɟ ɜɵ ɯɨɬɢɬɟ ɞɟɥɟɝɢɪɨɜɚɬɶ. Ɉɤɧɨ (ɪɢɫ. 9-11) ɞɚɟɬ ɜɚɦ ɜɨɡɦɨɠɧɨɫɬɶ ɜɵɛɪɚɬɶ ɡɚɞɚɱɢ ɢɡ ɫɩɢɫɤɚ ɨɛɵɱɧɵɯ ɢɥɢ ɫɨɡɞɚɬɶ ɫɨɛɫɬɜɟɧɧɭɸ ɡɚɞɚɱɭ ɞɥɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ.
. 9-11.
Delegation Of Control Wizard (
)
4. ȿɫɥɢ ɜɵ ɜɵɛɟɪɢɬɟ ɫɨɡɞɚɧɢɟ ɫɨɛɫɬɜɟɧɧɨɣ ɡɚɞɚɱɢ, ɦɨɠɟɬɟ ɡɚɞɚɬɶ ɬɢɩ ɨɛɴɟɤɬɨɜ, ɤɨɬɨɪɵɦ ɜɵ ɯɨɬɢɬɟ ɞɟɥɟɝɢɪɨɜɚɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɪɚɡɪɟɲɟɧɢɹ (ɪɢɫ. 9-12).
. 9-12.
,
5. Ɇɨɠɧɨ ɜɵɛɪɚɬɶ ɭɪɨɜɧɢ ɪɚɡɪɟɲɟɧɢɣ, ɤɨɬɨɪɵɟ ɜɵ ɯɨɬɢɬɟ ɩɪɢɦɟɧɢɬɶ ɤ ɨɛɴɟɤɬɭ: ɩɨɥɧɵɣ ɤɨɧɬɪɨɥɶ ɧɚɞ ɨɛɴɟɤɬɨɦ ɢɥɢ ɞɨɫɬɭɩ ɤ ɨɩɪɟɞɟɥɟɧɧɵɦ ɫɜɨɣɫɬɜɚɦ (ɪɢɫ. 9-13).
. 9-13.
Delegation Of Control Wizard ɡɧɚɱɢɬɟɥɶɧɨ ɨɛɥɟɝɱɚɟɬ ɞɟɥɟɝɢɪɨɜɚɧɢɟ ɭɩɪɚɜɥɟɧɢɹ ɩɨ ɫɪɚɜɧɟɧɢɸ ɫ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟɦ ɪɚɡɪɟɲɟɧɢɣ ɱɟɪɟɡ ACL-ɫɩɢɫɤɢ. Ɉɞɧɚɤɨ ɷɮɮɟɤɬ ɨɬ ɩɪɢɦɟɧɟɧɢɹ ɨɛɨɢɯ ɦɟɬɨɞɨɜ ɨɞɢɧɚɤɨɜ, ɬ.ɟ. ACL-ɫɩɢɫɤɢ ɨɛɴɟɤɬɨɜ ɢɡɦɟɧɹɸɬɫɹ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɝɨ ɭɪɨɜɧɹ ɞɨɫɬɭɩɚ.
ɋɥɭɠɛɚ Active Directory Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɦɨɳɧɵɟ ɫɩɨɫɨɛɵ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ ɢ ɧɚɡɧɚɱɟɧɢɹ ɨɱɟɧɶ ɬɨɱɧɵɯ ɪɚɡɪɟɲɟɧɢɣ, ɤɨɬɨɪɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɞɨɥɠɧɵ ɢɦɟɬɶ ɩɪɢ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɜɵɩɨɥɧɢɬɶ ɫɩɟɰɢɮɢɱɟɫɤɢɟ ɡɚɞɚɱɢ. ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɷɬɢɦ ɫɩɨɫɨɛɚɦ Active Directory ɨɛɥɟɝɱɚɟɬ ɪɚɡɜɢɬɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɫɪɟɞɫɬɜ, ɤɨɬɨɪɵɟ ɫɨɨɬɜɟɬɫɬɜɭɸɬ ɤɨɧɤɪɟɬɧɨɣ ɡɚɞɚɱɟ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɞɟɥɟɝɢɪɭɟɬɟ ɩɪɚɜɨ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɩɚɪɨɥɢ ɞɥɹ ɨɬɞɟɥɶɧɨɣ OU, ɜɵ ɦɨɠɟɬɟ ɜɨɫɩɨɥɶɡɨɜɚɬɶɫɹ ɩɪɨɫɬɵɦ ɢɧɫɬɪɭɦɟɧɬɨɦ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɬɨɥɶɤɨ ɞɥɹ ɷɬɨɣ ɡɚɞɚɱɢ. Windows Server 2003 ɢɦɟɟɬ ɞɜɚ ɫɩɨɫɨɛɚ ɫɨɡɞɚɧɢɹ ɫɩɟɰɢɚɥɶɧɨ ɧɚɫɬɪɨɟɧɧɵɯ ɢɧɫɬɪɭɦɟɧɬɨɜ. ȼɵ ɦɨɠɟɬɟ ɧɚɫɬɪɨɢɬɶ ɜɧɟɲɧɢɣ ɜɢɞ ɫɪɟɞɫɬɜ ɨɛɵɱɧɵɯ ɤɨɧɫɨɥɟɣ ɆɆɋ ɢɥɢ ɫɨɡɞɚɬɶ ɩɚɧɟɥɶ ɡɚɞɚɱ (taskpad), ɤɨɬɨɪɚɹ ɹɜɥɹɟɬɫɹ ɩɨɥɧɨɫɬɶɸ ɧɚɫɬɪɨɟɧɧɵɦ
ɢɧɫɬɪɭɦɟɧɬɨɦ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ.
Microsoft
ɉɟɪɜɵɣ ɜɚɪɢɚɧɬ ɪɚɡɪɚɛɨɬɤɢ ɢɧɫɬɪɭɦɟɧɬɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ ɫɨɫɬɨɢɬ ɜ ɧɚɫɬɪɨɣɤɟ ɤɨɧɫɨɥɢ ɭɩɪɚɜɥɟɧɢɹ Microsoft (ɆɆɋ - Microsoft Management Console) ɫ ɩɨɦɨɳɶɸ ɨɞɧɨɣ ɢɡ ɡɚɞɚɧɧɵɯ ɩɨ ɭɦɨɥɱɚɧɢɸ ɨɫɧɚɫɬɨɤ. ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. ɉɪɨɫɬɨɟ ɫɨɡɞɚɧɢɟ ɧɚɫɬɪɨɟɧɧɨɣ ɆɆɋ-ɤɨɧɫɨ-ɥɢ ɧɟ ɩɪɟɞɨɫɬɚɜɥɹɟɬ ɢ ɧɟ ɨɝɪɚɧɢɱɢɜɚɟɬ ɩɪɚɜɚ ɩɨɥɶɡɨɜɚɬɟɥɹ ɧɚ ɜɵɩɨɥɧɟɧɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ. ɉɟɪɟɞ ɫɨɡɞɚɧɢɟɦ ɧɚɫɬɪɨɟɧɧɨɝɨ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɝɨ ɢɧɬɟɪɮɟɣɫɚ ɧɭɠɧɨ ɞɟɥɟɝɢɪɨɜɚɬɶ ɩɪɚɜɢɥɶɧɵɣ ɭɪɨɜɟɧɶ ɪɚɡɪɟɲɟɧɢɣ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɞɚɟɬɟ ɩɨɥɶɡɨɜɚɬɟɥɸ ɩɪɚɜɨ ɫɨɡɞɚɧɢɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ ɧɚ ɭɪɨɜɧɟ ɞɨɦɟɧɚ, ɚ ɡɚɬɟɦ ɫɨɡɞɚɟɬɟ ɆɆɋ-ɤɨɧɫɨɥɶ, ɤɨɬɨɪɚɹ ɞɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ ɪɚɫɫɦɚɬɪɢɜɚɬɶ ɬɨɥɶɤɨ ɨɞɧɭ OU, ɬɨ ɨɧ ɫɦɨɠɟɬ ɫɨɡɞɚɜɚɬɶ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɥɸɛɨɣ OU. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɡɚɝɪɭɠɚɟɬ ɨɛɵɱɧɵɣ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Users And Computers ɢɥɢ ɫɚɞɢɬɫɹ ɡɚ ɞɪɭɝɨɣ ɪɚɛɨɱɢɣ ɫɬɨɥ ɫ ɞɪɭɝɨɣ ɆɆɋ-ɤɨɧɫɨɥɶɸ, ɨɧ ɫɦɨɠɟɬ ɫɨɡɞɚɬɶ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɝɞɟ ɭɝɨɞɧɨ. Ⱦɥɹ ɫɨɡɞɚɧɢɹ ɧɚɫɬɪɨɟɧɧɨɣ ɆɆɋ-ɤɨɧɫɨɥɢ ɨɬɤɪɨɣɬɟ ɞɢɚɥɨɝɨɜɨɟ ɨɤɧɨ Run (ȼɵɩɨɥɧɢɬɶ) ɢ ɧɚɩɟɱɚɬɚɣɬɟ . Ȼɭɞɟɬ ɨɬɤɪɵɬɚ ɩɭɫɬɚɹ ɆɆɋ-ɤɨɧɫɨɥɶ. ɂɡ ɦɟɧɸ File (Ɏɚɣɥ) ɞɨɛɚɜɶɬɟ ɧɭɠɧɭɸ ɨɫɧɚɫɬɤɭ ɢɧɫɬɪɭɦɟɧɬɚ Active Directory. ȿɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ ɫɨɛɫɬɜɟɧɧɭɸ ɤɨɧɫɨɥɶ ɆɆɋ, ɢɫɩɨɥɶɡɭɹ ɨɫɧɚɫɬɤɭ Active Directory Users And Computers, ɪɚɡɜɟɪɧɢɬɟ ɞɨɦɟɧ ɢ ɧɚɣɞɟɬɟ ɤɨɧɬɟɣɧɟɪɧɵɣ ɨɛɴɟɤɬ, ɤɨɬɨɪɨɦɭ ɜɵ ɞɟɥɟɝɢɪɨɜɚɥɢ ɪɚɡɪɟɲɟɧɢɹ. ȼ ɥɟɜɨɣ ɨɛɥɚɫɬɢ ɨɤɧɚ ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɨɛɴɟɤɬɟ ɢ ɜɵɛɟɪɢɬɟ New Window From Here (Ɉɬɫɸɞɚ ɧɨɜɨɟ ɨɤɧɨ). Ɉɬɤɪɨɟɬɫɹ ɧɨɜɨɟ ɨɤɧɨ, ɜ ɤɨɬɨɪɨɦ ɛɭɞɭɬ ɜɢɞɧɵ ɬɨɥɶɤɨ ɤɨɧɬɟɣɧɟɪɧɵɣ ɨɛɴɟɤɬ ɢ ɜɫɟ ɞɨɱɟɪɧɢɟ ɨɛɴɟɤɬɵ. Ɂɚɬɟɦ ɜɵ ɦɨɠɟɬɟ ɩɟɪɟɤɥɸɱɢɬɶɫɹ ɧɚɡɚɞ ɤ ɨɤɧɭ, ɤɨɬɨɪɨɟ ɨɬɨɛɪɚɠɚɟɬ ɜɟɫɶ ɞɨɦɟɧ, ɢ ɡɚɤɪɵɬɶ ɨɤɧɨ. Ⱦɚɥɟɟ ɫɨɯɪɚɧɢɬɟ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ ɢ ɩɪɟɞɨɫɬɚɜɶɬɟ ɟɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹɦ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɭɩɪɚɜɥɹɬɶ ɬɨɥɶɤɨ ɱɚɫɬɶɸ ɞɨɦɟɧɚ, ɜɢɞɢɦɨɝɨ ɜ ɆɆɋ-ɤɨɧɫɨ-ɥɢ. Ʉɨɧɫɨɥɶ ɆɆɋ ɦɨɠɟɬ ɛɵɬɶ ɩɪɟɞɨɫɬɚɜɥɟɧɚ ɩɨɥɶɡɨɜɚɬɟɥɸ ɧɟɫɤɨɥɶɤɢɦɢ ɫɩɨɫɨɛɚɦɢ. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɭɫɬɚɧɨɜɢɬɶ ɤɨɧɫɨɥɶ ɆɆɋ ɧɚ ɪɚɛɨɱɢɣ ɫɬɨɥ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɫɨɡɞɚɬɶ ɹɪɥɵɤ ɤ ɢɧɫɬɪɭɦɟɧɬɭ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ ɧɚ ɫɟɬɟɜɨɦ ɪɟɫɭɪɫɟ. ɑɬɨɛɵ ɛɵɬɶ ɭɜɟɪɟɧɧɵɦ, ɱɬɨ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɤɨɧɬɟɣɧɟɪɚ ɧɟ ɢɡɦɟɧɹɬ ɆɆɋ-ɤɨɧɫɜɥɶ, ɦɨɠɧɨ ɢɡɦɟɧɢɬɶ ɨɩɰɢɢ ɆɆɋ-ɤɨɧɫɨɥɢ, ɜɵɛɢɪɚɹ Options ɜ ɦɟɧɸ File. ȼɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɆɆɋɤɨɧɫɨɥɶ ɬɚɤ, ɱɬɨɛɵ ɨɧɚ ɫɨɯɪɚɧɹɥɚɫɶ ɜ ɪɟɠɢɦɟ User Mode (Ɋɟɠɢɦ ɩɨɥɶɡɨɜɚɬɟɥɹ), ɢ ɢɡɦɟɧɢɬɶ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɆɆɋ, ɱɬɨɛɵ ɤɨɧɟɱɧɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɟ ɦɨɝ ɫɨɯɪɚɧɹɬɶ ɢɡɦɟɧɟɧɢɹ ɆɆɋ-ɤɨɧɫɨɥɢ. ɇɚ ɪɢɫɭɧɤɟ 9-14 ɩɨɤɚɡɚɧ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɢɧɬɟɪɮɟɣɫ. Ⱦɥɹ ɭɬɨɱɧɟɧɢɹ ɞɟɬɚɥɟɣ ɧɚɫɬɪɨɣɤɢ ɆɆɋɤɨɧɫɨɥɟɣ ɫɦɨɬɪɢɬɟ Help And Support Center (ɐɟɧɬɪ ɫɩɪɚɜɤɢ ɢ ɩɨɞɞɟɪɠɤɢ).
. 9-14.
-
ɋɨɛɫɬɜɟɧɧɚɹ ɆɆɋ-ɤɨɧɫɨɥɶ ɩɨɥɟɡɧɚ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɸ ɬɪɟɛɭɟɬɫɹ ɩɨɥɧɨɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɫɩɟɰɢɮɢɱɟɫɤɨɣ OU. Ɉɞɧɚɤɨ ɟɫɥɢ ɪɚɡɪɟɲɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɹ ɨɝɪɚɧɢɱɟɧɵ ɜɵɩɨɥɧɟɧɢɟɦ ɨɩɪɟɞɟɥɟɧɧɵɯ ɡɚɞɚɱ ɜ ɤɨɧɬɟɣɧɟɪɟ, ɬɨ ɩɚɧɟɥɶ ɡɚɞɚɱ ɨɛɟɫɩɟɱɢɜɚɟɬ ɛɨɥɟɟ ɩɪɨɫɬɨɣ ɢɧɫɬɪɭɦɟɧɬ ɭɩɪɚɜɥɟɧɢɹ. ɋɨɡɞɚɧɢɟ ɩɚɧɟɥɢ ɡɚɞɚɱ ɫɨɫɬɨɢɬ ɢɡ ɞɜɭɯ ɲɚɝɨɜ. ɋɧɚɱɚɥɚ ɫɨɡɞɚɟɬɫɹ ɜɢɞ ɩɚɧɟɥɢ ɡɚɞɚɱ, ɚ ɡɚɬɟɦ ɧɚɡɧɚɱɚɸɬɫɹ ɡɚɞɚɱɢ, ɤɨɬɨɪɵɟ ɩɨɥɶɡɨɜɚɬɟɥɶ ɦɨɠɟɬ ɜɵɩɨɥɧɹɬɶ ɧɚ ɨɛɴɟɤɬɚɯ. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɩɚɧɟɥɶ ɡɚɞɚɱ, ɫɨɡɞɚɣɬɟ ɧɚɫɬɪɨɟɧɧɭɸ ɆɆɋ-ɤɨɧɫɨɥɶ, ɫɨɞɟɪɠɚɳɭɸ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɭɸ ɨɫɧɚɫɬɤɭ, ɤɨɬɨɪɭɸ ɜɵ ɯɨɬɢɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ. ɇɚɣɞɢɬɟ ɤɨɧɬɟɣɧɟɪ, ɜ ɤɨɬɨɪɵɣ ɜɵ ɞɟɥɟɝɢɪɨɜɚɥɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɪɚɡɪɟɲɟɧɢɹ, ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɢ ɜɵɛɟɪɢɬɟ New Taskpad View (ɇɨɜɵɣ ɜɢɞ ɩɚɧɟɥɢ ɡɚɞɚɱ). Ɂɚɩɭɫɬɢɬɫɹ ɦɚɫɬɟɪ New Taskpad View Wizard. Ɇɚɫɬɟɪ ɩɪɟɞɨɫɬɚɜɢɬ ɜɚɦ ɨɩɰɢɢ ɞɥɹ ɜɵɛɨɪɚ ɬɢɩɚ ɨɛɴɟɤɬɨɜ, ɨɬɨɛɪɚɠɚɟɦɵɯ ɧɚ ɩɚɧɟɥɢ ɡɚɞɚɱ, ɢ ɢɧɮɨɪɦɚɰɢɢ, ɨɬɨɛɪɚɠɚɟɦɨɣ ɧɚ ɷɤɪɚɧɟ. ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ ɜɢɞɚ ɩɚɧɟɥɢ ɜɵ ɦɨɠɟɬɟ ɞɨɛɚɜɥɹɬɶ ɡɚɞɚɱɢ ɫ ɩɨɦɨɳɶɸ ɦɚɫɬɟɪɚ ɧɨɜɵɯ ɡɚɞɚɱ. Ɇɚɫɬɟɪ ɨɩɪɟɞɟɥɢɬ, ɤɚɤɢɟ ɬɢɩɵ ɡɚɞɚɱ ɦɨɝɭɬ ɛɵɬɶ ɜɵɩɨɥɧɟɧɵ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ ɩɚɧɟɥɢ ɡɚɞɚɱ. ɋɩɢɫɨɤ ɞɨɫɬɭɩɧɵɯ ɡɚɞɚɱ ɡɚɜɢɫɢɬ ɨɬ ɬɢɩɨɜ ɨɛɴɟɤɬɨɜ, ɤɨɬɨɪɵɟ ɜɢɞɧɵ ɧɚ ɩɚɧɟɥɢ ɡɚɞɚɱ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɜɵɛɟɪɢɬɟ ɩɪɨɫɦɨɬɪ OU, ɤɨɬɨɪɚɹ ɫɨɞɟɪɠɢɬ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɜɵ ɩɨɥɭɱɢɬɟ ɨɩɰɢɸ ɧɚɡɧɚɱɟɧɢɹ ɡɚɞɚɱ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɛɵɬɶ ɜɵɩɨɥɧɟɧɵ ɫ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɂɚɤɨɧɱɢɜ ɫɨɡɞɚɧɢɟ ɩɚɧɟɥɢ ɡɚɞɚɱ, ɦɨɠɧɨ ɬɚɤɠɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɟɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɱɬɨɛɵ ɨɧɚ ɫɨɞɟɪɠɚɥɚ ɨɱɟɧɶ ɩɪɨɫɬɨɣ ɢɧɬɟɪɮɟɣɫ. ɇɚ ɪɢɫɭɧɤɟ 9-15 ɩɨɤɚɡɚɧɚ ɩɚɧɟɥɶ ɡɚɞɚɱ, ɤɨɬɨɪɚɹ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɦ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɚɪɨɥɟɣ ɜ ɨɩɪɟɞɟɥɟɧɧɨɣ OU. ɑɬɨɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɷɬɨɬ ɢɧɫɬɪɭɦɟɧɬ, ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɩɪɨɫɬɨ ɜɵɛɢɪɚɟɬ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɚ ɡɚɬɟɦ ɳɟɥɤɚɟɬ Reset Password (Ɂɚɧɨɜɨ ɭɫɬɚɧɨɜɢɬɶ ɩɚɪɨɥɶ).
. 9-15.
Active Directory Windows Server 2003 ɩɪɟɞɨɫɬɚɜɥɹɟɬ ɫɪɟɞɫɬɜɚ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɟ ɞɥɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɪɚɡɪɟɲɟɧɢɣ ɜ ɜɚɲɟɦ ɞɨɦɟɧɟ. Ɉɞɧɚɤɨ ɜɦɟɫɬɟ ɫ ɩɨɥɨɠɢɬɟɥɶɧɵɦɢ ɫɬɨɪɨɧɚɦɢ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɜɵ ɩɨɥɭɱɚɟɬɟ ɪɢɫɤ ɧɚɡɧɚɱɟɧɢɹ ɧɟɩɪɚɜɢɥɶɧɵɯ ɪɚɡɪɟɲɟɧɢɣ. ɉɨɥɶɡɨɜɚɬɟɥɹɦ ɦɨɠɧɨ ɩɪɟɞɨɫɬɚɜɢɬɶ ɫɥɢɲɤɨɦ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɪɚɡɪɟɲɟɧɢɣ, ɩɨɡɜɨɥɹɸɳɟɟ ɢɦ ɞɟɥɚɬɶ ɜ Active Directory ɬɨ, ɱɬɨ ɢɦ ɞɟɥɚɬɶ ɧɟ ɩɨɥɨɠɟɧɨ. ɉɨɥɶɡɨɜɚɬɟɥɹɦ ɦɨɠɧɨ ɩɪɟɞɨɫɬɚɜɢɬɶ ɫɥɢɲɤɨɦ ɦɚɥɨɟ ɤɨɥɢɱɟɫɬɜɨ ɪɚɡɪɟɲɟɧɢɣ, ɧɟ ɩɨɡɜɨɥɹɸɳɟɟ ɞɟɥɚɬɶ ɬɨ, ɱɬɨ ɨɧɢ ɞɨɥɠɧɵ ɞɟɥɚɬɶ. ɋɨɡɞɚɧɢɟ ɫɬɪɭɤɬɭɪɵ ɞɟɥɟɝɢɪɨɜɚɧɢɹ, ɤɨɬɨɪɚɹ ɨɛɟɫɩɟɱɢɬ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɬɨɱɧɵɦɢ ɪɚɡɪɟɲɟɧɢɹɦɢ, ɜ ɤɨɬɨɪɵɯ ɨɧɢ ɧɭɠɞɚɸɬɫɹ, ɬɪɟɛɭɟɬ ɫɟɪɶɟɡɧɨɝɨ ɩɥɚɧɢɪɨɜɚɧɢɹ. ɇɢɠɟ ɩɪɢɜɟɞɟɧɵ ɧɟɤɨɬɨɪɵɟ ɫɨɜɟɬɵ, ɩɨɦɨɝɚɸɳɢɟ ɷɬɨ ɫɞɟɥɚɬɶ. • Ɍɳɚɬɟɥɶɧɨ ɞɨɤɭɦɟɧɬɢɪɭɣɬɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɬɪɟɛɨɜɚɧɢɹ ɞɥɹ ɜɫɟɯ ɩɨɬɟɧɰɢɚɥɶɧɵɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɤɨɦɩɚɧɢɣ ɜɵ ɨɛɧɚɪɭɠɢɬɟ, ɱɬɨ ɢɦɟɸɬɫɹ ɪɚɡɥɢɱɧɵɟ ɝɪɭɩɩɵ, ɤɨɬɨɪɵɟ ɧɭɠɞɚɸɬɫɹ ɜ ɧɟɤɨɬɨɪɵɯ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɪɚɡɪɟɲɟɧɢɹɯ ɜ ɞɨɦɟɧɟ. ȿɫɥɢ ɤɨɦɩɚɧɢɹ ɢɫɩɨɥɶɡɨɜɚɥɚ Windows NT, ɦɧɨɝɢɟ ɢɡ ɷɬɢɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɦɨɝɥɢ ɛɵɬɶ ɱɥɟɧɚɦɢ ɝɪɭɩɩɵ Domain Admins. Ⱦɨɤɭɦɟɧɬɢɪɭɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɡɚɞɚɱɢ, ɤɨɬɨɪɵɟ ɷɬɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɞɨɥɠɧɵ ɜɵɩɨɥɧɹɬɶ, ɜɵ ɨɛɧɚɪɭɠɢɬɟ, ɱɬɨ ɧɚ ɫɚɦɨɦ ɞɟɥɟ ɨɧɢ ɧɭɠɞɚɸɬɫɹ ɜ
•
•
•
ɝɨɪɚɡɞɨ ɛɨɥɟɟ ɧɢɡɤɨɦ ɭɪɨɜɧɟ ɞɨɫɬɭɩɚ. ɑɚɫɬɨ ɟɞɢɧɫɬɜɟɧɧɵɣ ɫɩɨɫɨɛ ɞɨɤɭɦɟɧɬɢɪɨɜɚɧɢɹ ɭɪɨɜɧɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɪɚɡɪɟɲɟɧɢɣ, ɜ ɤɨɬɨɪɵɯ ɧɭɠɞɚɟɬɫɹ ɤɚɠɞɚɹ ɝɪɭɩɩɚ, ɫɨɫɬɨɢɬ ɜ ɞɨɤɭɦɟɧɬɢɪɨɜɚɧɢɢ ɜɫɟɣ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɣ ɪɚɛɨɬɵ, ɤɨɬɨɪɭɸ ɨɧɢ ɞɟɥɚɸɬ ɤɚɠɞɵɣ ɞɟɧɶ. Ⱦɨɤɭɦɟɧɬɢɪɭɹ ɞɟɣɫɬɜɢɹ, ɤɨɬɨɪɵɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɥɠɧɵ ɜɵɩɨɥɧɹɬɶ, ɜɵ ɫɦɛɠɟɬɟ ɪɚɡɪɚɛɨɬɚɬɶ ɬɨɱɧɵɟ ɪɚɡɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɟ ɞɥɹ ɷɬɨɝɨ ɫɥɟɞɭɟɬ ɢɦɟɬɶ. ɉɟɪɟɞ ɬɟɦ ɤɚɤ ɫɞɟɥɚɬɶ ɤɚɤɢɟ-ɥɢɛɨ ɢɡɦɟɧɟɧɢɹ ɜ ɩɪɨɢɡɜɨɞɫɬɜɟɧɧɨɣ ɫɪɟɞɟ, ɩɪɨɜɟɪɶɬɟ ɜɫɟ ɦɨɞɢɮɢɤɚɰɢɢ ɡɚɳɢɬɵ ɜ ɢɫɩɵɬɚɬɟɥɶɧɨɣ ɫɪɟɞɟ. ɋɨɡɞɚɧɢɟ ɧɟɩɪɚɜɢɥɶɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɡɚɳɢɬɵ ɦɨɠɟɬ ɢɦɟɬɶ ɫɟɪɶɟɡɧɵɟ ɩɨɫɥɟɞɫɬɜɢɹ ɞɥɹ ɜɚɲɟɣ ɫɟɬɢ. ɂɫɩɨɥɶɡɭɣɬɟ ɢɫɩɵɬɚɬɟɥɶɧɭɸ ɥɚɛɨɪɚɬɨɪɢɸ ɞɥɹ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɦɨɞɢɮɢɤɚɰɢɢ ɪɚɡɪɟɲɟɧɢɣ ɨɬɜɟɱɚɸɬ ɧɟɨɛɯɨɞɢɦɵɦ ɬɪɟɛɨɜɚɧɢɹɦ, ɧɨ ɧɟ ɞɚɸɬ ɪɚɡɪɟɲɟɧɢɣ, ɤɨɬɨɪɵɟ ɧɟ ɹɜɥɹɸɬɫɹ ɧɟɨɛɯɨɞɢɦɵɦɢ. ɂɫɩɨɥɶɡɭɣɬɟ Effective Permissions (Ɏɚɤɬɢɱɟɫɤɢɟ ɪɚɡɪɟɲɟɧɢɹ) ɜ ɨɤɧɟ Advanced Security Settings (Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ) ɞɥɹ ɦɨɧɢɬɨɪɢɧɝɚ ɢ ɩɪɨɜɟɪɤɢ ɪɚɡɪɟɲɟɧɢɣ, ɤɨɬɨɪɵɟ ɢɦɟɸɬ ɩɨɥɶɡɨɜɚɬɟɥɢ. Ɉɤɧɨ Effective Permissions ɹɜɥɹɟɬɫɹ ɨɬɥɢɱɧɵɦ ɧɨɜɵɦ ɢɧɫɬɪɭɦɟɧɬɨɦ ɫɥɭɠɛɵ Active Directory Windows Server 2003, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɬɨɱɧɵɯ ɪɚɡɪɟɲɟɧɢɣ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɝɪɭɩɩɵ. ɂɫɩɨɥɶɡɭɣɬɟ ɷɬɨɬ ɢɧɫɬɪɭɦɟɧɬ ɜ ɢɫɩɵɬɚɬɟɥɶɧɨɣ ɫɪɟɞɟ ɞɥɹ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɜɚɲɚ ɤɨɧɮɢɝɭɪɚɰɢɹ ɬɨɱɧɚ, ɚ ɡɚɬɟɦ ɢɫɩɨɥɶɡɭɣɬɟ ɟɝɨ ɜ ɩɪɨɢɡɜɨɞɫɬɜɟɧɧɨɣ ɫɪɟɞɟ, ɱɬɨɛɵ ɭɞɨɫɬɨɜɟɪɢɬɶɫɹ, ɱɬɨ ɜɚɲɚ ɪɟɚɥɢɡɚɰɢɹ ɫɨɨɬɜɟɬɫɬɜɭɟɬ ɩɥɚɧɭ. Ⱦɨɤɭɦɟɧɬɢɪɭɣɬɟ ɜɫɟ ɪɚɡɪɟɲɟɧɢɹ, ɤɨɬɨɪɵɟ ɜɵ ɧɚɡɧɚɱɚɟɬɟ. ɂɡ ɜɫɟɯ ɡɚɞɚɱ, ɜɨɡɥɨɠɟɧɧɵɯ ɧɚ ɫɟɬɟɜɵɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ, ɞɨɤɭɦɟɧɬɢɪɨɜɚɧɢɟ ɢɡɦɟɧɟɧɢɣ, ɫɞɟɥɚɧɧɵɯ ɜ ɫɟɬɢ, ɨɬɧɨɫɢɬɫɹ ɤ ɫɚɦɵɦ ɧɟɩɪɢɹɬɧɵɦ, ɩɨɬɨɦɭ ɱɬɨ ɷɬɨ ɨɱɟɧɶ ɭɬɨɦɢɬɟɥɶɧɨ ɢ ɤɚɠɟɬɫɹ ɧɟ ɨɫɨɛɨ ɜɚɠɧɵɦ. ȼ ɪɟɡɭɥɶɬɚɬɟ ɞɨɤɭɦɟɧɬɚɰɢɹ ɱɚɫɬɨ ɨɤɚɡɵɜɚɟɬɫɹ ɧɟɩɨɥɧɨɣ ɢɥɢ ɭɫɬɚɪɟɜɲɟɣ. ȿɞɢɧɫɬɜɟɧɧɵɣ ɩɭɬɶ ɷɮɮɟɤɬɢɜɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ ɤɨɧɮɢɝɭɪɚɰɢɟɣ ɡɚɳɢɬɵ ɜɚɲɟɣ ɫɟɬɢ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɞɨɤɭɦɟɧɬɢɪɨɜɚɬɶ ɧɚɱɚɥɶɧɭɸ ɤɨɧɮɢɝɭɪɚɰɢɸ, ɚ ɡɚɬɟɦ ɜɡɹɬɶ ɨɛɹɡɚɬɟɥɶɫɬɜɨ ɨɛɧɨɜɥɹɬɶ ɞɨɤɭɦɟɧɬɚɰɢɸ ɜɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɨɞɢɧ ɢɡ ɩɟɪɜɨɧɚɱɚɥɶɧɵɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɢɡɦɟɧɟɧ.
ȼɨɡɦɨɠɧɨɫɬɶ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɪɚɡɪɟɲɟɧɢɣ ɜ Active Directory Windows Server 2003 ɞɚɟɬ ɛɨɥɶɲɭɸ ɝɢɛɤɨɫɬɶ ɜ ɭɩɪɚɜɥɟɧɢɢ ɜɚɲɢɦ ɞɨɦɟɧɨɦ. Ɉɧɨ ɨɫɧɨɜɚɧɨ ɧɚ ɦɨɞɟɥɢ ɛɟɡɨɩɚɫɧɨɫɬɢ Active Directory, ɜ ɤɨɬɨɪɨɣ ɜɫɟ ɨɛɴɟɤɬɵ ɢ ɜɫɟ ɚɬɪɢɛɭɬɵ ɨɛɴɟɤɬɨɜ ɢɦɟɸɬ ɫɩɢɫɨɤ ACL, ɤɨɧɬɪɨɥɢɪɭɸɳɢɣ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɨɛɴɟɤɬɭ ɞɥɹ ɪɚɡɥɢɱɧɵɯ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ. ɋɨɝɥɚɫɧɨ ɷɬɨɣ ɦɨɞɟɥɢ ɩɨ ɭɦɨɥɱɚɧɢɸ ɜɫɟ ɪɚɡɪɟɲɟɧɢɹ ɧɚɫɥɟɞɭɸɬɫɹ ɨɬ ɤɨɧɬɟɣɧɟɪɧɵɯ ɨɛɴɟɤɬɨɜ ɤ ɨɛɴɟɤɬɚɦ, ɧɚɯɨɞɹɳɢɦɫɹ ɜ ɩɪɟɞɟɥɚɯ ɤɨɧɬɟɣɧɟɪɚ. ɗɬɢ ɨɫɨɛɟɧɧɨɫɬɢ ɦɨɞɟɥɢ ɡɚɳɢɬɵ ɩɨɞɪɚɡɭɦɟɜɚɸɬ, ɱɬɨ ɜɵ ɦɨɠɟɬɟ ɧɚɡɧɚɱɢɬɶ ɥɸɛɨɣ ɭɪɨɜɟɧɶ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɞɨɫɬɭɩ ɤ ɥɸɛɨɦɭ ɨɛɴɟɤɬɭ Active Directory. Ɍɚɤɚɹ ɝɢɛɤɨɫɬɶ ɦɨɠɟɬ ɩɪɢɜɟɫɬɢ ɤ ɭɜɟɥɢɱɟɧɢɸ ɫɥɨɠɧɨɫɬɢ, ɟɫɥɢ ɡɚɳɢɬɚ Active Directory ɧɟ ɩɨɞɞɟɪɠɢɜɚɟɬɫɹ ɧɚɫɬɨɥɶɤɨ ɩɪɨɫɬɨɣ, ɧɚɫɤɨɥɶɤɨ ɷɬɨ ɜɨɡɦɨɠɧɨ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɛɵɥ ɞɚɧ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɪɚɡɪɟɲɟɧɢɣ ɡɚɳɢɬɵ, ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɩɪɚɜ ɜ Active Directory ɢ ɧɟɤɨɬɨɪɵɯ ɢɡ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɯ ɫɪɟɞɫɬɜ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɷɬɨɣ ɪɚɛɨɬɵ.
10. Directory
Active
Ɉɛɵɱɧɵɟ ɡɚɞɚɱɢ, ɤɨɬɨɪɵɟ ɜɵ ɛɭɞɟɬɟ ɜɵɩɨɥɧɹɬɶ ɫ ɩɨɦɨɳɶɸ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Microsoft Active Directory ɫɢɫɬɟɦɵ Windows Server 2003, ɜɨɜɥɟɤɭɬ ɜɚɫ ɜ ɭɩɪɚɜɥɟɧɢɟ ɬɚɤɢɦɢ ɨɛɴɟɤɬɚɦɢ Active Directory ɤɚɤ ɢ . Ȼɨɥɶɲɢɧɫɬɜɨ ɤɨɦɩɚɧɢɣ ɫɨɡɞɚɟɬ ɢ ɪɟɚɥɢɡɭɟɬ ɩɪɨɟɤɬ Active Directory ɨɞɢɧ ɪɚɡ. ɉɨɫɥɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɫ ɛɨɥɶɲɢɧɫɬɜɨɦ ɨɛɴɟɤɬɨɜ Active Directory ɩɪɨɢɡɨɣɞɭɬ ɧɟɛɨɥɶɲɢɟ ɢɡɦɟɧɟɧɢɹ. Ɉɞɧɚɤɨ ɪɚɛɨɬɚ ɫ ɨɛɴɟɤɬɚɦɢ user (ɩɨɥɶɡɨɜɚɬɟɥɶ) ɢ ɨɛɴɟɤɬɚɦɢ group (ɝɪɭɩɩɚ) ɹɜɥɹɟɬɫɹ ɢɫɤɥɸɱɟɧɢɟɦ ɢɡ ɷɬɨɝɨ ɩɪɚɜɢɥɚ. ɉɨ ɦɟɪɟ ɬɨɝɨ ɤɚɤ ɫɥɭɠɚɳɢɟ ɩɪɢɫɨɟɞɢɧɹɸɬɫɹ ɤ ɤɨɦɩɚɧɢɢ ɢɥɢ ɨɫɬɚɜɥɹɸɬ ɟɟ, ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɬɪɚɬɢɬ ɜɪɟɦɹ ɧɚ ɭɩɪɚɜɥɟɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ ɢ ɝɪɭɩɩɚɦɢ. ɋɥɭɠɛɚ Active Directory ɫɨɞɟɪɠɢɬ ɞɪɭɝɢɟ ɨɛɴɟɤɬɵ, ɬɚɤɢɟ ɤɚɤ printer (ɩɪɢɧɬɟɪ), computer (ɤɨɦɩɶɸɬɟɪ) ɢ shared folder (ɨɛɳɢɟ ɩɚɩɤɢ), ɤɨɬɨɪɵɟ ɬɚɤɠɟ ɬɪɟɛɭɸɬ ɱɚɫɬɨɝɨ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɨɛɫɭɠɞɚɸɬɫɹ ɤɨɧɰɟɩɰɢɢ ɢ ɩɪɨɰɟɞɭɪɵ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɨɛɴɟɤɬɚɦɢ Active Directory. ȼ ɧɟɣ ɨɛɫɭɠɞɚɸɬɫɹ ɬɢɩɵ ɨɛɴɟɤɬɨɜ, ɤɨɬɨɪɵɟ ɦɨɠɧɨ ɯɪɚɧɢɬɶ ɜ Active Directory ɢ ɨɛɴɹɫɧɹɟɬɫɹ, ɤɚɤ ɭɩɪɚɜɥɹɬɶ ɷɬɢɦɢ ɨɛɴɟɤɬɚɦɢ. ɉɨɤɚɡɚɧ ɨɫɧɨɜɧɨɣ ɢɧɬɟɪɮɟɣɫ, ɤɨɬɨɪɵɣ ɜɵ ɛɭɞɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɪɚɛɨɬɵ ɫ ɨɛɴɟɤɬɚɦɢ, ɢɧɫɬɪɭɦɟɧɬ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory) ɢ ɧɟɤɨɬɨɪɵɟ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɢɹ, ɤɨɬɨɪɵɟ ɫɞɟɥɚɧɵ ɞɥɹ ɷɬɨɝɨ ɢɧɫɬɪɭɦɟɧɬɚ ɜ Windows Server 2003.
ȼ ɫɥɭɠɛɟ Active Directory Windows Server 2003 ɫɭɳɟɫɬɜɭɸɬ ɬɪɢ ɨɛɴɟɤɬɚ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɩɪɟɞɫɬɚɜɥɟɧɢɹ ɢɧɞɢɜɢɞɭɚɥɶɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɤɚɬɚɥɨɝɟ. Ⱦɜɚ ɢɡ ɧɢɯ, ɨɛɴɟɤɬ user (ɩɨɥɶɡɨɜɚɬɟɥɶ) ɢ ɨɛɴɟɤɬ inetOrgPerson, ɹɜɥɹɸɬɫɹ ɭɱɚɫɬɧɢɤɚɦɢ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ ɜɚɲɟɣ ɫɟɬɢ. Ɍɪɟɬɢɣ ɨɛɴɟɤɬ contact (ɤɨɧɬɚɤɬ) ɧɟ ɹɜɥɹɟɬɫɹ ɭɱɚɫɬɧɢɤɨɦ ɛɟɡɨɩɚɫɧɨɫɬɢ ɢ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɷɥɟɤɬɪɨɧɧɨɣ ɩɨɱɬɵ.
User
Ɉɞɢɧ ɢɡ ɧɚɢɛɨɥɟɟ ɬɢɩɢɱɧɵɯ ɨɛɴɟɤɬɨɜ ɜ ɥɸɛɨɣ ɛɚɡɟ ɞɚɧɧɵɯ Active Directory — ɨɛɴɟɤɬ user. Ɉɛɴɟɤɬ user, ɩɨɞɨɛɧɨ ɥɸɛɨɦɭ ɞɪɭɝɨɦɭ ɨɛɴɟɤɬɭ ɤɥɚɫɫɚ Active Directory, ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɫɨɜɨɤɭɩɧɨɫɬɶ ɚɬɪɢɛɭɬɨɜ. Ɏɚɤɬɢɱɟɫɤɢ, ɨɧ ɦɨɠɟɬ ɢɦɟɬɶ ɛɨɥɟɟ 250-ɬɢ ɚɬɪɢɛɭɬɨɜ. ɗɬɢɦ ɫɥɭɠɛɚ Active Directory Windows Server 2003 ɫɢɥɶɧɨ ɨɬɥɢɱɚɟɬɫɹ ɨɬ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Microsoft Windows NT, ɜ ɤɨɬɨɪɨɣ ɨɛɴɟɤɬɵ user ɢɦɟɸɬ ɨɱɟɧɶ ɦɚɥɨ ɚɬɪɢɛɭɬɨɜ. ɉɨɫɤɨɥɶɤɭ Active Directory ɦɨɠɟɬ ɨɛɟɫɩɟɱɢɬɶ ɷɬɢ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɚɬɪɢɛɭɬɵ, ɨɧɚ ɩɨɥɟɡɧɚ ɢɦɟɧɧɨ ɤɚɤ ɫɥɭɠɛɚ ɤɚɬɚɥɨɝɚ, ɚ ɧɟ ɩɪɨɫɬɨ ɤɚɤ ɛɚɡɚ ɞɚɧɧɵɯ ɞɥɹ ɯɪɚɧɟɧɢɹ ɨɩɨɡɧɚɜɚɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ. Active Directory ɦɨɠɟɬ ɫɬɚɬɶ ɨɫɧɨɜɧɵɦ ɦɟɫɬɨɦ ɯɪɚɧɟɧɢɹ ɛɨɥɶɲɟɣ ɱɚɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɣ ɢɧɮɨɪɦɚɰɢɢ ɜ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ. Ʉɚɬɚɥɨɝ ɛɭɞɟɬ ɫɨɞɟɪɠɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɭɸ ɢɧɮɨɪɦɚɰɢɸ: ɧɨɦɟɪɚ ɬɟɥɟɮɨɧɚ, ɚɞɪɟɫɚ ɢ ɨɪɝɚɧɢɡɚɰɢɨɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ. Ʉɚɤ ɬɨɥɶɤɨ ɩɨɥɶɡɨɜɚɬɟɥɢ ɧɚɭɱɚɬɶɫɹ ɞɟɥɚɬɶ ɩɨɢɫɤ ɜ Active Directory, ɨɧɢ ɫɦɨɝɭɬ ɧɚɣɬɢ ɩɪɚɤɬɢɱɟɫɤɢ ɥɸɛɭɸ ɢɧɮɨɪɦɚɰɢɸ ɨ ɞɪɭɝɢɯ ɩɨɥɶɡɨɜɚɬɟɥɹɯ. Ʉɨɝɞɚ ɜɵ ɫɨɡɞɚɟɬɟ ɨɛɴɟɤɬ user , ɧɭɠɧɨ ɡɚɩɨɥɧɢɬɶ ɧɟɤɨɬɨɪɵɟ ɢɡ ɟɝɨ ɚɬɪɢɛɭɬɨɜ. Ʉɚɤ ɩɨɤɚɡɚɧɨ ɧɚ ɪɢɫɭɧɤɟ 10-1, ɩɪɢ ɫɨɡɞɚɧɢɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɬɪɟɛɭɟɬɫɹ ɬɨɥɶɤɨ ɲɟɫɬɶ ɚɬɪɢɛɭɬɨɜ, ɩɪɢɱɟɦ ɚɬɪɢɛɭɬɵ ɢ sAMAccountName ɤɨɧɮɢɝɭɪɢɪɭɸɬɫɹ ɧɚ ɨɫɧɨɜɟ ɞɚɧɧɵɯ, ɤɨɬɨɪɵɟ ɜɵ ɜɜɨɞɢɬɟ ɩɪɢ ɫɨɡɞɚɧɢɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ. Ɉɫɬɚɥɶɧɵɟ ɚɬɪɢɛɭɬɵ, ɜɤɥɸɱɚɹ ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɛɟɡɨɩɚɫɧɨɫɬɢ (SID), ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɡɚɩɨɥɧɹɸɬɫɹ ɫɢɫɬɟɦɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ.
.
10-1.
, Adsiedit.msc
ɉɪɢ ɫɨɡɞɚɧɢɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜɵ ɦɨɠɟɬɟ ɧɚɡɧɚɱɢɬɶ ɡɧɚɱɟɧɢɹ ɦɧɨɝɢɦ ɚɬɪɢɛɭɬɚɦ ɨɛɴɟɤɬɚ user. ɇɟɤɨɬɨɪɵɟ ɢɡ ɚɬɪɢɛɭɬɨɜ ɧɟɥɶɡɹ ɭɜɢɞɟɬɶ ɱɟɪɟɡ ɢɧɬɟɪɮɟɣɫ ɩɨɥɶɡɨɜɚɬɟɥɹ (UI), ɧɚɩɪɢɦɟɪ, ɚɬɪɢɛɭɬ Assistant (ɉɨɦɨɳɧɢɤ). ȿɝɨ ɦɨɠɧɨ ɡɚɩɨɥɧɹɬɶ, ɢɫɩɨɥɶɡɭɹ ɫɤɪɢɩɬ ɢɥɢ ɢɧɫɬɪɭɦɟɧɬ Adsiedit.msc, ɤɨɬɨɪɵɣ ɨɛɪɚɳɚɟɬɫɹ ɤ ɚɬɪɢɛɭɬɭ ɧɚɩɪɹɦɭɸ. Ɇɨɠɧɨ ɡɚɩɨɥɧɹɬɶ ɫɤɪɵɬɵɟ ɚɬɪɢɛɭɬɵ ɜ ɩɪɨɰɟɫɫɟ ɨɛɳɟɝɨ ɢɦɩɨɪɬɚ ɢɧɮɨɪɦɚɰɢɢ ɤɚɬɚɥɨɝɚ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɭɬɢɥɢɬ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ Csvde ɢɥɢ Ldifde. Ⱦɟɬɚɥɶɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɩɨ ɢɫɩɨɥɶɡɨɜɚɧɢɸ ɷɬɢɯ ɭɬɢɥɢɬ ɫɦɨɬɪɢɬɟ ɜ Help And Support Center (ɐɟɧɬɪ ɫɩɪɚɜɤɢ ɢ ɩɨɞɞɟɪɠɤɢ). Ɂɚɩɨɥɧɹɬɶ ɧɟɜɢɞɢɦɵɟ ɜ UI ɚɬɪɢɛɭɬɵ ɧɟɨɛɯɨɞɢɦɨ, ɬɚɤ ɤɚɤ ɨɧɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɩɨɢɫɤɚ ɢ ɢɡɦɟɧɟɧɢɹ ɨɛɴɟɤɬɨɜ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɫɤɪɵɬɵɣ ɚɬɪɢɛɭɬ ɞɨɫɬɭɩɟɧ ɱɟɪɟɡ ɞɢɚɥɨɝɨɜɨɟ ɨɤɧɨ Find (ɉɨɢɫɤ). ɇɚɩɪɢɦɟɪ, ɜ ɢɧɫɬɪɭɦɟɧɬɟ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory) ɞɥɹ ɩɨɢɫɤɚ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɤɨɬɨɪɵɟ ɢɦɟɸɬ ɨɞɢɧ ɢ ɬɨɬ ɠɟ ɚɬɪɢɛɭɬ Assistant, ɢɫɩɨɥɶɡɭɣɬɟ ɜɤɥɚɞɤɭ Advanced (Ⱦɨɩɨɥɧɢɬɟɥɶɧɨ) ɜ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Find, ɱɬɨɛɵ ɫɨɡɞɚɬɶ ɡɚɩɪɨɫ, ɨɫɧɨɜɚɧɧɵɣ ɧɚ ɚɬɪɢɛɭɬɟ Assistant (ɫɦ. ɪɢɫ. 10-2). ȼ ɷɬɨɦ ɨɤɧɟ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Field (ɉɨɥɟ), ɜɵɛɟɪɢɬɟ User (ɉɨɥɶɡɨɜɚɬɟɥɶ), ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ ɚɬɪɢɛɭɬ, ɩɨ ɤɨɬɨɪɨɦɭ ɜɵ ɯɨɬɢɬɟ ɫɞɟɥɚɬɶ ɩɨɢɫɤ. Ɍɚɤ ɦɨɠɧɨ ɧɚɣɬɢ ɦɧɨɝɢɟ ɫɤɪɵɬɵɟ ɚɬɪɢɛɭɬɵ.
. 10-2.
,
Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. ȼɵ ɦɨɠɟɬɟ ɩɪɨɫɦɚɬɪɢɜɚɬɶ ɢ ɢɡɦɟɧɹɬɶ ɥɸɛɨɣ ɚɬɪɢɛɭɬ ɨɛɴɟɤɬɚ user, ɢɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬɵ Adsiedit.msc ɢɥɢ Ldp.exe. Ȼɨɥɟɟ ɷɮɮɟɤɬɢɜɧɵɣ ɫɩɨɫɨɛ ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɫɤɪɢɩɬɨɜ. Ɉɬ ɷɬɨɝɨ ɦɨɠɧɨ ɩɨɥɭɱɢɬɶ ɡɧɚɱɢɬɟɥɶɧɭɸ ɜɵɝɨɞɭ, ɩɨɫɤɨɥɶɤɭ Active Directory ɧɚɩɢɫɚɧɚ ɬɚɤ, ɱɬɨɛɵ ɪɚɡɪɟɲɚɬɶ ɢ ɩɨɨɳɪɹɬɶ ɢɫɩɨɥɶɡɨɜɚɧɢɟ
ɫɤɪɢɩɬɨɜ. ɂɧɮɨɪɦɚɰɢɸ ɨɛ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɫɤɪɢɩɬɨɜ ɞɥɹ ɚɜɬɨɦɚɬɢɡɚɰɢɢ ɡɚɞɚɱ ɭɩɪɚɜɥɟɧɢɹ ɫɥɭɠɛɨɣ Active Directory ɫɦɨɬɪɢɬɟ ɜ ɰɟɧɬɪɟ TechNet Script Center ɩɨ ɚɞɪɟɫɭ http://www.microsoft.com/technet/scriptcenter/default.asp. TechNet Script Center ɫɨɞɟɪɠɢɬ ɪɟɫɭɪɫɵ ɞɥɹ ɫɨɡɞɚɧɢɹ ɫɤɪɢɩɬɨɜ ɢ ɬɢɩɨɜɵɟ ɫɰɟɧɚɪɢɢ, ɢɫɩɨɥɶɡɭɟɦɵɟ ɞɥɹ ɪɚɫɲɢɪɟɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ, ɤɨɬɨɪɵɟ ɢɧɚɱɟ ɜɵɩɨɥɧɹɸɬɫɹ ɱɟɪɟɡ ɤɨɧɫɨɥɢ ɭɩɪɚɜɥɟɧɢɹ ɫɥɭɠɛɨɣ Active Directory. ɋɦɨɬɪɢɬɟ ɬɚɤɠɟ ɜɟɛ-ɫɚɣɬ Microsoft Press Online ɩɨ ɚɞɪɟɫɭ http:// www.microsoft.com/mspress/, ɝɞɟ ɧɚɯɨɞɢɬɫɹ ɛɨɧɭɫ-ɝɥɚɜɚ ɩɨ ɫɨɡɞɚɧɢɸ ɫɰɟɧɚɪɢɟɜ «Introduction to ADSI Scripting Using VBScript» (ȼɜɟɞɟɧɢɟ ɜ ADSI ɫɰɟɧɚɪɢɢ ɧɚ ɹɡɵɤɟ VBScript), ɧɚɩɢɫɚɧɧɚɹ Ɇɚɣɤɨɦ Ɇɚɥɤɟɪɨɦ (Mike Mulcare). Ȼɨɥɶɲɢɧɫɬɜɨ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ, ɫɜɹɡɚɧɧɵɯ ɫ ɨɛɵɱɧɵɦɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ, ɜɵɩɨɥɧɹɸɬɫɹ ɩɪɢ ɩɨɦɨɳɢ ɢɧɫɬɪɭɦɟɧɬɚ Active Directory Users And Computers. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɫ ɟɝɨ ɩɨɦɨɳɶɸ ɨɛɴɟɤɬ user, ɧɚɣɞɢɬɟ ɤɨɧɬɟɣɧɟɪ, ɜ ɤɨɬɨɪɨɦ ɜɵ ɯɨɬɢɬɟ ɫɨɡɞɚɬɶ ɨɛɴɟɤɬ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɢ ɜɵɛɟɪɢɬɟ New>User (ɇɨɜɵɣ>ɉɨɥɶɡɨɜɚɬɟɥɶ). ɉɪɢ ɫɨɡɞɚɧɢɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜɵ ɞɨɥɠɧɵ ɜɜɟɫɬɢ Full Name (ɉɨɥɧɨɟ ɢɦɹ) ɢ User Logon Name (ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɨɟ ɢɦɹ ɞɥɹ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ). Ⱦɚɧɧɵɟ Full Name ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɡɚɩɨɥɧɟɧɢɹ ɚɬɪɢɛɭɬɚ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɞɚɧɧɵɟ User Logon Name ɫɬɚɧɨɜɹɬɫɹ ɡɧɚɱɟɧɢɟɦ sAMAccountName. ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɹ ɦɨɠɧɨ ɨɛɪɚɳɚɬɶɫɹ ɤ ɫɜɨɣɫɬɜɚɦ ɨɛɴɟɤɬɚ ɞɥɹ ɡɚɩɨɥɧɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɚɬɪɢɛɭɬɨɜ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɧɚɡɧɚɱɟɧɢɟ ɤɨɬɨɪɵɯ ɜɩɨɥɧɟ ɩɨɧɹɬɧɨ. ɇɚɢɛɨɥɟɟ ɜɚɠɧɚɹ ɜɤɥɚɞɤɚ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɚɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ ɩɨɥɶɡɨɜɚɬɟɥɹ — ɷɬɨ ɜɤɥɚɞɤɚ Account (ɍɱɟɬɧɚɹ ɡɚɩɢɫɶ) (ɫɦ. ɪɢɫ. 10-3). ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɞɨɫɬɭɩɧɵɟ ɧɚ ɜɤɥɚɞɤɟ Account, ɨɩɢɫɚɧɵ ɜ ɬɚɛɥɢɰɟ 10-1.
. 10-3.
Account
user
Ɍɚɛɥ. 10-1. ɋɜɨɣɫɬɜɚ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɨɛɴɟɤɬɚ User ɉɚɪɚɦɟɬɪɵ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ UserLogonName ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɨɫɧɨɜɧɨɟ ɢɦɹ (ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɨɟ ɢɦɹ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ (UPN) ɞɥɹ ɞɚɧɧɨɝɨ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ) ɩɨɥɶɡɨɜɚɬɟɥɹ. User Logon Name ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɢɦɹ, ɩɪɢɦɟɧɹɸɳɟɟɫɹ (ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɨɟ ɢɦɹ ɞɥɹ ɞɥɹ ɜɯɨɞɚ ɜ ɛɨɥɟɟ ɪɚɧɧɢɟ, ɱɟɦ Microsoft ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ) Windows 2000, ɫɢɫɬɟɦɵ, ɢɫɩɨɥɶɡɭɹ (ɢɫɩɨɥɶɡɨɜɚɥɨɫɶ ɞɨ Windows ɮɨɪɦɚɬ domain\username. 2000) Logon Hours (ɑɚɫɵ ɜɯɨɞɚ ɜ ɍɫɬɚɧɚɜɥɢɜɚɟɬ ɱɚɫɵ, ɜ ɤɨɬɨɪɵɟ ɫɢɫɬɟɦɭ) ɩɨɥɶɡɨɜɚɬɟɥɶ ɦɨɠɟɬ ɜɯɨɞɢɬɶ ɜ ɞɨɦɟɧ. Log On To (ȼɯɨɞ ɧɚ) ɉɟɪɟɱɢɫɥɹɟɬ ɤɨɦɩɶɸɬɟɪɵ (ɢɫɩɨɥɶɡɭɹ ɢɦɟɧɚ NetBIOS ɤɨɦɩɶɸɬɟɪɨɜ), ɧɚ ɤɨɬɨɪɵɟ ɩɨɥɶɡɨɜɚɬɟɥɸ ɪɚɡɪɟɲɚɟɬɫɹ ɜɯɨɞ.
ɉɨɹɫɧɟɧɢɟ
Account Is Locked Out ɍɤɚɡɵɜɚɟɬ ɧɚ ɬɨ, ɱɬɨ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ (ɍɱɟɬɧɚɹ ɡɚɩɢɫɶ ɛɥɨɤɢɪɨɜɚɧɚ) ɛɵɥɚ ɛɥɨɤɢɪɨɜɚɧɚ ɢɡ-ɡɚ ɫɥɢɲɤɨɦ ɛɨɥɶɲɨɝɨ ɱɢɫɥɚ ɧɟɭɞɚɜɲɢɯɫɹ ɩɨɩɵɬɨɤ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. Account Options (Ɉɩɰɢɢ Ɉɛɟɫɩɟɱɢɜɚɟɬ ɧɚɫɬɪɨɣɤɭ ɬɚɤɢɯ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ) ɩɚɪɚɦɟɬɪɨɜ, ɤɚɤ ɩɨɥɢɬɢɤɢ ɩɚɪɨɥɹ ɢ ɨɩɨɡɧɚɜɚɬɟɥɶɧɵɟ ɬɪɟɛɨɜɚɧɢɹ. Account Expires (ɍɱɟɬɧɚɹ Ɉɩɪɟɞɟɥɹɟɬ ɜɪɟɦɹ ɨɤɨɧɱɚɧɢɹ ɫɪɨɤɚ ɡɚɩɢɫɶ ɧɟɞɟɣɫɬɜɢɬɟɥɶɧɚ) ɞɟɣɫɬɜɢɹ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ.
user
Active Directory
Ʉɚɠɞɵɣ ɨɛɴɟɤɬ ɜ Active Directory ɞɨɥɠɟɧ ɢɦɟɬɶ ɭɧɢɤɚɥɶɧɨɟ ɢɦɹ, ɧɨ ɞɥɹ ɨɛɴɟɤɬɚ user ɷɬɨ ɩɪɨɫɬɨɟ ɭɬɜɟɪɠɞɟɧɢɟ ɦɨɠɟɬ ɫɬɚɬɶ ɞɨɜɨɥɶɧɨ ɫɥɨɠɧɵɦ, ɩɨɬɨɦɭ ɱɬɨ ɨɛɴɟɤɬ user ɮɚɤɬɢɱɟɫɤɢ ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɜɨɡɦɨɠɧɵɯ ɢɦɟɧ. ȼ ɬɚɛɥɢɰɟ 10-2 ɩɟɪɟɱɢɫɥɟɧɵ ɜɫɟ ɢɦɟɧɚ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɛɵɬɶ ɫɜɹɡɚɧɵ ɫ ɢɦɟɧɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹ username, ɢ ɨɛɥɚɫɬɶ ɞɟɣɫɬɜɢɹ, ɜ ɩɪɟɞɟɥɚɯ ɤɨɬɨɪɨɣ ɷɬɨ ɢɦɹ ɞɨɥɠɧɨ ɛɵɬɶ ɭɧɢɤɚɥɶɧɵɦ. . 10-2.
Username (ɂɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹ)
Ɍɪɟɛɨɜɚɧɢɟ ɭɧɢɤɚɥɶɧɨɫɬɢ
First name, initials, last name (ɂɦɹ, ɍɧɢɤɚɥɶɧɨɫɬɶ ɧɟ ɬɪɟɛɭɟɬɫɹ. ɢɧɢɰɢɚɥɵ, ɮɚɦɢɥɢɹ) Display name (Ɉɬɨɛɪɚɠɚɟɦɨɟ ɢɦɹ) ɍɧɢɤɚɥɶɧɨɫɬɶ ɧɟ ɬɪɟɛɭɟɬɫɹ. Full name (ɉɨɥɧɨɟ ɢɦɹ) - ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɡɚɩɨɥɧɟɧɢɹ ɚɬɪɢɛɭɬɚ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɩɨɥɧɨɟ ɢɦɹ ɫɨɡɞɚɟɬɫɹ ɢɡ ɩɨɥɟɣ First Name, Initials ɢ Last Name ɞɢɚɥɨɝɨɜɨɝɨ ɨɤɧɚ New Object-User (ɇɨɜɵɣ ɨɛɴɟɤɬɩɨɥɶɡɨɜɚɬɟɥɶ). ȿɝɨ ɦɨɠɧɨ ɢɡɦɟɧɢɬɶ, ɢɫɩɨɥɶɡɭɹ Adsiedit.msc Username (ɂɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹ)
Ⱦɨɥɠɧɨ ɛɵɬɶ ɭɧɢɤɚɥɶɧɵɦ ɜ ɩɪɟɞɟɥɚɯ ɨɪɝɚɧɢɡɚɰɢɨɧɧɨɣ ɟɞɢɧɢɰɵ (OU).
User principal name (Ɉɫɧɨɜɧɨɟ ɢɦɹ ɩɨɥɶɡɨɜɚɬɟɥɹ). UPN ɫɨɫɬɚɜɥɟɧɨ ɢɡ ɢɦɟɧɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɢ DNS-ɢɦɟɧɢ ɞɨɦɟɧɚ ɢɥɢ ɚɥɶɬɟɪɧɚɬɢɜɧɨɝɨ UPN, ɟɫɥɢ ɞɥɹ ɥɟɫɚ ɛɵɥɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ UPN-ɫɭɮɮɢɤɫɵ. User Logon Name (Pre-Windows 2000) (ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɨɟ ɢɦɹ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɢɫɩɨɥɶɡɭɟɦɨɟ ɞɨ Windows 2000)
Ⱦɨɥɠɧɨ ɛɵɬɶ ɭɧɢɤɚɥɶɧɵɦ ɜ ɩɪɟɞɟɥɚɯ ɥɟɫɚ.
Ɍɪɟɛɨɜɚɧɢɟ ɭɧɢɤɚɥɶɧɨɫɬɢ
Ⱦɨɥɠɧɨ ɛɵɬɶ ɭɧɢɤɚɥɶɧɵɦ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ.
UPN ɹɜɥɹɟɬɫɹ ɨɱɟɧɶ ɩɨɥɟɡɧɵɦ ɢɦɟɧɟɦ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɉɨɥɶɡɨɜɚɬɟɥɶ ɦɨɠɟɬ ɩɟɪɟɣɬɢ ɜ ɥɸɛɨɣ ɞɨɦɟɧ ɥɟɫɚ ɢ ɜɨɣɬɢ ɜ ɫɢɫɬɟɦɭ, ɢɫɩɨɥɶɡɭɹ ɫɜɨɟ UPN-ɢɦɹ, ɜɦɟɫɬɨ ɬɨɝɨ ɱɬɨɛɵ ɩɪɢ ɜɯɨɞɟ ɜɵɛɢɪɚɬɶ ɫɜɨɣ ɞɨɦɚɲɧɢɣ ɰɨɦɟɧ. ɉɨ ɭɦɨɥɱɚɧɢɸ UPN-ɫɭɮɮɢɤɫ ɹɜɥɹɟɬɫɹ ɬɚɤɠɟ DNS-ɢɦɟɧɟɦ ɞɥɹ ɰɨɦɟɧɚ. ȼɵ ɦɨɠɟɬɟ ɢɡɦɟɧɹɬɶ UPN-ɫɭɮɮɢɤɫ, ɧɚɩɪɢɦɟɪ, ɢɫɩɨɥɶɡɨɜɚɬɶ ɪɚɡɥɢɱɧɵɟ DNS-ɢɦɟɧɚ ɜɧɭɬɪɢ ɢ ɜɧɟ ɫɢɫɬɟɦɵ ɞɥɹ ɨɬɨɛɪɚɠɟɧɢɹ ɜ ɢɧɬɟɪɧɟɬɟ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ SMTP-ɚɞɪɟɫ ɷɥɟɤɬɪɨɧɧɨɣ ɩɨɱɬɵ ɞɥɹ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɫɨɨɬɜɟɬɫɬɜɭɟɬ ɜɧɟɲɧɟɦɭ ɢɦɟɧɢ DNS. ȼɚɲɢ ɩɨɥɶɡɨɜɚɬɟɥɢ, ɜɨɡɦɨɠɧɨ, ɡɚɯɨɬɹɬ ɜɯɨɞɢɬɶ ɜ ɞɨɦɟɧ, ɢɫɩɨɥɶɡɭɹ ɫɜɨɢ ɚɞɪɟɫɚ SMTP. ȼɵ ɦɨɠɟɬɟ ɜɤɥɸɱɢɬɶ ɷɬɭ ɨɩɰɢɸ, ɞɨɛɚɜɥɹɹ ɚɥɶɬɟɪɧɚɬɢɜɧɵɣ UPN-ɫɭɮɮɢɤɫ ɤ ɥɟɫɭ ɢ ɧɚɡɧɚɱɚɹ ɟɝɨ ɜɫɟɦ ɭɱɟɬɧɵɦ ɡɚɩɢɫɹɦ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ UPN-ɫɭɮɮɢɤɫ, ɨɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Domains And Trusts (Ⱦɨɦɟɧɵ ɢ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ Active Directory), ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɡɚɩɢɫɢ Active Directory Domains And Trusts, ɪɚɫɩɨɥɨɠɟɧɧɨɣ ɜ ɜɟɪɯɧɟɣ ɥɟɜɨɣ ɨɛɥɚɫɬɢ ɨɤɧɚ, ɢ ɜɵɛɟɪɢɬɟ Properties (ɋɜɨɣɫɬɜɚ) (ɫɦ. ɪɢɫ. 10-4). ɇɚɩɟɱɚɬɚɣɬɟ ɥɸɛɨɣ ɚɥɶɬɟɪɧɚɬɢɜɧɵɣ UPN-ɫɭɮɮɢɤɫ, ɤɨɬɨɪɵɣ ɜɵ ɠɟɥɚɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ.
. 10-4.
UPN-
inetOrgPerson
Ɉɞɧɢɦ ɢɡ ɧɨɜɵɯ ɨɛɴɟɤɬɨɜ Active Directory Windows Server 2003 ɹɜɥɹɟɬɫɹ ɨɛɴɟɤɬ inetOrgPerson. Ɉɧ ɹɜɥɹɟɬɫɹ ɨɫɧɨɜɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɤɨɬɨɪɚɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɪɭɝɢɦɢ ɤɚɬɚɥɨɝɚɦɢ ɫ ɩɪɢɦɟɧɟɧɢɟɦ ɨɛɥɟɝɱɟɧɧɨɝɨ ɩɪɨɬɨɤɨɥɚ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɨɜ (Lightweight Directory Access Protocol — LDAP) ɢ ɏ.500, ɫɨɜɦɟɫɬɢɦɵɦɢ ɫ ɬɪɟɛɨɜɚɧɢɹɦɢ ɞɨɤɭɦɟɧɬɚ Request for Comments (RFC) 2798. ȼɜɨɞɹ ɨɛɴɟɤɬ inetOrgPerson, Microsoft ɨɛɥɟɝɱɢɥ ɢɧɬɟɝɪɚɰɢɸ ɫɥɭɠɛɵ Active Directory ɫ ɞɪɭɝɢɦɢ ɤɚɬɚɥɨɝɚɦɢ ɢ ɭɩɪɨɫɬɢɥ ɩɟɪɟɦɟɳɟɧɢɟ ɢɡ ɤɚɬɚɥɨɝɨɜ ɜ Active Directory. . Windows 2000 Windows Server 2003 inetOrgPerson, Adprep.exe /forestprep. Adprep.exe \I386 Windows Server 2003. Ɉɛɴɟɤɬ inetOrgPerson ɦɨɠɟɬ ɛɵɬɶ ɫɨɡɞɚɧ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ Active Directory Users And Computers. Ⱦɥɹ ɷɬɨɝɨ ɧɚɣɞɢɬɟ ɤɨɧɬɟɣɧɟɪ, ɜ ɤɨɬɨɪɨɦ ɜɵ ɯɨɬɢɬɟ ɫɨɡɞɚɬɶ ɨɛɴɟɤɬ, ɳɟɥɤɧɢɬɟ ɧɚ ɧɟɦ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɢ ɜɵɛɟɪɢɬɟ New>InetOrgPerson. ɉɪɢ ɫɨɡɞɚɧɢɢ ɨɛɴɟɤɬɚ inetOrgPerson ɜɵ ɞɨɥɠɧɵ ɜɜɟɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɟ ɢɦɹ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɢ ɩɨɥɧɨɟ ɢɦɹ. Ɉɛɴɟɤɬ inetOrgPerson ɹɜɥɹɟɬɫɹ ɩɨɞɤɥɚɫɫɨɦ ɨɛɴɟɤɬɚ user, ɬ.ɟ. ɨɧ ɢɦɟɟɬ ɜɫɟ ɯɚɪɚɤɬɟɪɢɫɬɢɤɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɤɥɚɫɫɚ, ɜɤɥɸɱɚɹ ɢ ɬɨ, ɱɬɨ ɨɧ ɞɟɣɫɬɜɭɟɬ ɤɚɤ ɭɱɚɫɬɧɢɤ ɛɟɡɨɩɚɫɧɨɫɬɢ. Ɉɛɴɟɤɬɵ inetOrgPerson ɭɩɪɚɜɥɹɸɬɫɹ ɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɬɟɦɢ ɠɟ ɫɩɨɫɨɛɚɦɢ, ɤɚɤ ɢ ɨɛɴɟɤɬ user.
Contact
Ɍɪɟɬɢɣ ɬɢɩ ɨɛɴɟɤɬɨɜ, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɩɪɟɞɫɬɚɜɥɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ Active Directory, — ɷɬɨ ɨɛɴɟɤɬ contact (ɤɨɧɬɚɤɬ). Ɉɛɴɟɤɬɵ contact ɨɬɥɢɱɚɸɬɫɹ ɨɬ ɨɛɴɟɤɬɨɜ user ɢ inetOrgPerson ɬɟɦ, ɱɬɨ ɨɧɢ ɧɟ ɹɜɥɹɟɬɫɹ ɭɱɚɫɬɧɢɤɚɦɢ ɛɟɡɨɩɚɫɧɨɫɬɢ (security principal). Ɉɛɵɱɧɨ ɨɛɴɟɤɬɵ contact ɢɫɩɨɥɶɡɭɸɬɫɹ ɬɨɥɶɤɨ ɞɥɹ ɢɧɮɨɪɦɚɰɢɨɧɧɵɯ ɰɟɥɟɣ. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɨɛɴɟɤɬ contact ɜ ɢɧɫɬɪɭɦɟɧɬɟ Active Directory Users And Computers, ɧɚɣɞɢɬɟ ɤɨɧɬɟɣɧɟɪ, ɜ ɤɨɬɨɪɨɦ ɜɵ ɯɨɬɢɬɟ ɫɨɡɞɚɬɶ ɨɛɴɟɤɬ, ɳɟɥɤɧɢɬɟ ɧɚ ɧɟɦ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɢ ɜɵɛɟɪɢɬɟ New>Contact. ɉɪɢ ɫɨɡɞɚɧɢɢ ɨɛɴɟɤɬɚ contact ɜɵ ɞɨɥɠɧɵ ɜɜɟɫɬɢ ɩɨɥɧɨɟ ɢɦɹ, ɦɨɠɧɨ ɬɚɤɠɟ ɡɚɩɨɥɧɢɬɶ ɦɧɨɠɟɫɬɜɨ ɚɬɪɢɛɭɬɨɜ ɨɛɴɟɤɬɚ, ɜɤɥɸɱɚɹ ɧɨɦɟɪɚ ɬɟɥɟɮɨɧɚ ɢ ɚɞɪɟɫ. Ʉɨɧɬɚɤɬɵ ɩɨɥɟɡɧɵ ɜ ɧɟɫɤɨɥɶɤɢɯ ɫɰɟɧɚɪɢɹɯ. ɇɚɩɪɢɦɟɪ, ɢɦɟɟɬɫɹ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɤɨɬɨɪɵɣ ɧɟ ɹɜɥɹɟɬɫɹ ɭɱɚɫɬɧɢɤɨɦ ɛɟɡɨɩɚɫɧɨɫɬɢ ɜ ɜɚɲɟɦ ɞɨɦɟɧɟ, ɧɨ ɱɶɹ ɤɨɧɬɚɤɬɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɞɨɥɠɧɚ ɛɵɬɶ ɞɨɫɬɭɩɧɨɣ. ɗɬɨ ɦɨɝɭɬ ɛɵɬɶ ɤɨɧɫɭɥɶɬɚɧɬɵ, ɪɚɛɨɬɚɸɳɢɟ ɜ ɜɚɲɟɦ ɨɮɢɫɟ ɢ ɧɟ ɢɦɟɸɳɢɟ ɩɪɚɜ ɧɚ ɜɯɨɞ ɜ ɫɟɬɶ, ɧɨ ɢɯ ɤɨɧɬɚɤɬɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɞɨɥɠɧɚ ɯɪɚɧɢɬɶɫɹ ɜ ɤɨɦɩɚɧɢɢ, ɱɬɨɛɵ ɟɟ ɦɨɝɥɢ ɥɟɝɤɨ ɧɚɣɬɢ ɜɫɟ ɫɨɬɪɭɞɧɢɤɢ. Ʉɨɧɬɚɤɬɚɦɢ ɦɨɠɧɨ ɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɯɪɚɧɟɧɢɹ ɨɛɳɟɣ ɢɧɮɨɪɦɚɰɢɢ ɥɟɫɨɜ. ɉɪɟɞɩɨɥɨɠɢɦ, ɱɬɨ ɜɚɲɚ ɤɨɦɩɚɧɢɹ ɫɥɢɥɚɫɶ ɫ ɞɪɭɝɨɣ ɤɨɦɩɚɧɢɟɣ, ɤɨɬɨɪɚɹ ɭɠɟ ɪɚɡɜɟɪɧɭɥɚ Active Directory. Ɇɨɠɧɨ ɫɨɡɞɚɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɜɭɦɹ ɥɟɫɚɦɢ ɬɚɤ, ɱɬɨɛɵ ɫɨɜɦɟɫɬɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɟɬɟɜɵɟ ɪɟɫɭɪɫɵ, ɧɨ ɝɥɨɛɚɥɶɧɵɣ ɤɚɬɚɥɨɝ (GC) ɤɚɠɞɨɝɨ ɥɟɫɚ ɛɭɞɟɬ ɫɨɞɟɪɠɚɬɶ ɬɨɥɶɤɨ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɷɬɨɝɨ ɥɟɫɚ. Ɉɞɧɚɤɨ ɜɚɲɚ ɪɚɛɨɬɚ ɦɨɠɟɬ ɬɪɟɛɨɜɚɬɶ, ɱɬɨɛɵ ɜɫɟ ɢɥɢ ɧɟɤɨɬɨɪɵɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɨɛɨɢɯ ɥɟɫɨɜ ɛɵɥɢ ɜɢɞɧɵ ɩɨɥɶɡɨɜɚɬɟɥɹɦ. Ⱦɥɹ ɪɚɡɪɟɲɟɧɢɹ ɷɬɨɝɨ ɢɫɩɨɥɶɡɭɟɬɫɹ ɢɧɫɬɪɭɦɟɧɬ Microsoft Metadirectory Services (MMS), ɱɬɨɛɵ ɫɨɡɞɚɬɶ ɨɛɴɟɤɬɵ contact ɞɥɹ ɤɚɠɞɨɣ
ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɡ ɞɪɭɝɨɝɨ ɥɟɫɚ ɢ ɡɚɩɨɥɧɢɬɶ ɷɬɢ ɨɛɴɟɤɬɵ ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɣ ɤɨɧɬɚɤɬɧɨɣ ɢɧɮɨɪɦɚɰɢɟɣ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. ɂɧɫɬɪɭɦɟɧɬ MMS ɞɨɫɬɭɩɟɧ ɱɟɪɟɡ Microsoft Consulting Services (Ʉɨɧɫɭɥɶɬɚɰɢɨɧɧɚɹ ɫɥɭɠɛɚ) ɢɥɢ ɱɟɪɟɡ ɫɭɳɟɫɬɜɭɸɳɟɝɨ ɩɚɪɬɧɟɪɚ MMS. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɫɦɨɬɪɢɬɟ ɜɟɛ-ɫɬɪɚɧɢɰɭ http:// www.microsoft.com/windows2000 /technologies/directory / mms/'default, asp. Ⱦɪɭɝɨɣ ɜɚɪɢɚɧɬ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɨɛɴɟɤɬɚ contact ɜɨɡɧɢɤɚɟɬ ɩɪɢ ɪɟɚɥɢɡɚɰɢɢ Microsoft Exchange 2000 Server, ɤɨɬɨɪɵɣ, ɜ ɨɬɥɢɱɢɟ ɨɬ ɛɨɥɟɟ ɪɚɧɧɢɯ ɜɟɪɫɢɣ, ɧɟ ɢɦɟɟɬ ɫɜɨɟɣ ɫɨɛɫɬɜɟɧɧɨɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ȼɦɟɫɬɨ ɷɬɨɝɨ Exchange 2000 Server ɬɪɟɛɭɟɬ ɧɚɥɢɱɢɹ Active Directory, ɢ ɜɫɹ ɢɧɮɨɪɦɚɰɢɹ ɫɟɪɜɟɪɚ ɯɪɚɧɢɬɫɹ ɜ ɤɚɬɚɥɨɝɟ Active Directory. ȼ Exchange Server 5.5 ɢ ɛɨɥɟɟ ɪɚɧɧɢɯ ɜɟɪɫɢɹɯ ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɜɚɬɶ ɫɨɛɫɬɜɟɧɧɨɝɨ ɩɨɥɭɱɚɬɟɥɹ. ɋɨɛɫɬɜɟɧɧɵɣ ɩɨɥɭɱɚɬɟɥɶ ɢɦɟɟɬ ɚɞɪɟɫ ɷɥɟɤɬɪɨɧɧɨɣ ɩɨɱɬɵ, ɜɵ ɦɨɠɟɬɟ ɩɨɫɵɥɚɬɶ ɟɦɭ ɩɨɱɬɭ, ɧɨ ɭ ɧɟɝɨ ɧɟɬ ɩɨɱɬɨɜɨɝɨ ɹɳɢɤɚ ɧɚ ɜɚɲɟɦ Exchange-ɫɟɪɜɟɪɟ. ȿɫɥɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ Exchange 2000 Server, ɬɨ ɨɛɴɟɤɬ contact ɫ ɩɨɞɞɟɪɠɤɨɣ ɷɥɟɤɬɪɨɧɧɨɣ ɩɨɱɬɵ ɡɚɦɟɧɢɬ ɨɛɴɟɤɬ ɫɨɛɫɬɜɟɧɧɨɝɨ ɩɨɥɭɱɚɬɟɥɹ. Ʉɨɝɞɚ ɜɵ ɜɤɥɸɱɚɟɬɟ ɩɨɱɬɭ ɞɥɹ ɨɛɴɟɤɬɚ contact, ɜɵ ɧɚɡɧɚɱɚɟɬɟ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɚɞɪɟɫ ɷɥɟɤɬɪɨɧɧɨɣ ɩɨɱɬɵ, ɢ ɨɧ ɫɬɚɧɨɜɢɬɫɹ ɜɢɞɢɦɵɦ ɞɥɹ ɩɨɱɬɨɜɨɝɨ ɤɥɢɟɧɬɚ. Ʉɨɝɞɚ ɜɵ ɩɨɫɵɥɚɟɬɟ ɩɨɱɬɭ ɨɛɴɟɤɬɭ contact, ɨɧɚ ɞɨɫɬɚɜɥɹɟɬɫɹ ɩɨ ɩɪɚɜɢɥɶɧɨɦɭ ɚɞɪɟɫɭ ɷɥɟɤɬɪɨɧɧɨɣ ɩɨɱɬɵ.
Ɉɫɧɨɜɧɚɹ ɮɭɧɤɰɢɹ Active Directory ɫɨɫɬɨɢɬ ɜ ɫɚɧɤɰɢɨɧɢɪɨɜɚɧɢɢ ɞɨɫɬɭɩɚ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ. ȼ ɤɨɧɟɱɧɨɦ ɫɱɟɬɟ, ɞɨɫɬɭɩ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ ɨɫɧɨɜɚɧ ɧɚ ɢɧɞɢɜɢɞɭɚɥɶɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɹɯ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɜɵ ɧɟ ɡɚɯɨɬɢɬɟ ɭɩɪɚɜɥɹɬɶ ɞɨɫɬɭɩɨɦ ɤ. ɪɟɫɭɪɫɚɦ ɫ ɢɯ ɩɨɦɨɳɶɸ. ȼ ɤɪɭɩɧɨɣ ɤɨɦɩɚɧɢɢ ɷɬɨ ɦɨɠɟɬ ɩɪɢɜɟɫɬɢ ɤ ɫɥɢɲɤɨɦ ɛɨɥɶɲɨɣ ɡɚɝɪɭɡɤɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚ, ɤɪɨɦɟ ɬɨɝɨ, ɫɩɢɫɤɢ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ (ACL) ɧɚ ɫɟɬɟɜɵɯ ɪɟɫɭɪɫɚɯ ɛɵɫɬɪɨ ɫɬɚɥɢ ɛɵ ɧɟɭɩɪɚɜɥɹɟɦɵɦɢ. ɉɨɫɤɨɥɶɤɭ ɭɩɪɚɜɥɟɧɢɟ ɞɨɫɬɭɩɨɦ ɤ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɚɦ ɫ ɩɨɦɨɳɶɸ ɢɧɞɢɜɢɞɭɚɥɶɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɬɪɭɞɧɨ ɩɨɞɞɚɟɬɫɹ ɨɛɪɚɛɨɬɤɟ, ɜɵ ɛɭɞɟɬɟ ɫɨɡɞɚɜɚɬɶ ɨɛɴɟɤɬɵ group ɞɥɹ ɨɞɧɨɜɪɟɦɟɧɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ ɛɨɥɶɲɢɦɢ ɫɨɜɨɤɭɩɧɨɫɬɹɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ.
ȼ ɫɢɫɬɟɦɟ Windows Server 2003 ɢɦɟɟɬɫɹ ɞɜɚ ɬɢɩɚ ɝɪɭɩɩ, ɧɚɡɵɜɚɟɦɵɯ (distribution group) ɢ (security group). Ʉɨɝɞɚ ɜɵ ɫɨɡɞɚɟɬɟ ɧɨɜɵɣ ɨɛɴɟɤɬ group, ɜɚɦ ɧɟɨɛɯɨɞɢɦɨ ɜɵɛɪɚɬɶ ɬɢɩ ɫɨɡɞɚɜɚɟɦɨɣ ɝɪɭɩɩɵ (ɫɦ. ɪɢɫ. 10-5).
. 10-5.
Active Directory Users And Computers
ɋɬɚɧɞɚɪɬɧɵɦ ɬɢɩɨɦ ɝɪɭɩɩɵ ɜ Active Directory ɹɜɥɹɟɬɫɹ ɝɪɭɩɩɚ ɛɟɡɨɩɚɫɧɨɫɬɢ. Ƚɪɭɩɩɚ ɛɟɡɨɩɚɫɧɨɫɬɢ ɹɜɥɹɟɬɫɹ ɭɱɚɫɬɧɢɤɨɦ ɛɟɡɨɩɚɫɧɨɫɬɢ ɢ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɫɟɬɟɜɵɟ ɪɟɫɭɪɫɵ. Ƚɪɭɩɩɚ ɪɚɫɩɪɨɫɬɪɚɧɟɧɢɹ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɭɱɚɫɬɧɢɤɨɦ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɩɨɷɬɨɦɭ ɨɧɚ ɧɟ ɨɱɟɧɶ ɩɨɥɟɡɧɚ. ȼɵ ɢɫɩɨɥɶɡɭɟɬɟ ɞɚɧɧɭɸ ɝɪɭɩɩɭ, ɟɫɥɢ ɭɫɬɚɧɨɜɢɥɢ Exchange 2000 Server ɢ ɞɨɥɠɧɵ ɨɛɴɟɞɢɧɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜɦɟɫɬɟ, ɱɬɨɛɵ ɦɨɠɧɨ ɛɵɥɨ ɩɨɫɵɥɚɬɶ ɷɥɟɤɬɪɨɧɧɭɸ ɩɨɱɬɭ ɜɫɟɣ ɝɪɭɩɩɟ. Ɍɚɤɢɦ ɨɛɪɚɡɨɦ, ɝɪɭɩɩɚ ɪɚɫɩɪɨɫɬɪɚɧɟɧɢɹ ɢɦɟɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨɥɭɱɚɬɶ ɩɨɱɬɭ, ɚ ɜɵ ɦɨɠɟɬɟ
ɞɨɛɚɜɥɹɬɶ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɩɨɞɞɟɪɠɢɜɚɸɳɢɯ ɷɥɟɤɬɪɨɧɧɭɸ ɩɨɱɬɭ, ɢ ɤɨɧɬɚɤɬɵ ɤ ɷɬɨɣ ɝɪɭɩɩɟ, ɚ ɬɚɤɠɟ ɩɨɫɵɥɚɬɶ ɷɥɟɤɬɪɨɧɧɵɟ ɫɨɨɛɳɟɧɢɹ ɨɞɧɨɜɪɟɦɟɧɧɨ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɝɪɭɩɩɵ. . Exchange Server 5.5, Exchange 2000 Server. Exchange Server 5.5 , , Exchange. Exchange 2000 Server , . ȼɵ ɦɨɠɟɬɟ ɩɪɟɨɛɪɚɡɨɜɵɜɚɬɶ ɝɪɭɩɩɵ ɪɚɫɩɪɨɫɬɪɚɧɟɧɢɹ ɜ ɝɪɭɩɩɵ ɛɟɡɨɩɚɫɧɨɫɬɢ ɢ ɨɛɪɚɬɧɨ, ɩɨɤɚ ɜɚɲ ɞɨɦɟɧ ɪɚɛɨɬɚɟɬ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000 native (ɟɫɬɟɫɬɜɟɧɧɵɣ). (Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɭɪɨɜɧɹɯ ɫɦ. ɬɚɛɥ. 2-1, 2-2 ɜ ɝɥ. 2.) ȿɫɥɢ ɝɪɭɩɩɚ ɫɨɞɟɪɠɢɬ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɥɢ ɤɨɧɬɚɤɬɵ, ɬɨ ɨɛɴɟɤɬɵ user ɢɥɢ contact ɧɟ ɢɡɦɟɧɹɸɬɫɹ, ɤɨɝɞɚ ɢɡɦɟɧɹɟɬɫɹ ɬɢɩ ɝɪɭɩɩɵ. . Active Directory, .
ȼ Active Directory Windows Server 2003 ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɜɚɬɶ ɝɪɭɩɩɵ ɫ ɬɪɟɦɹ ɪɚɡɥɢɱɧɵɦɢ ɨɛɥɚɫɬɹɦɢ ɞɟɣɫɬɜɢɹ: ɞɨɦɟɧɧɨɣ ɥɨɤɚɥɶɧɨɣ, ɝɥɨɛɚɥɶɧɨɣ ɢ ɭɧɢɜɟɪɫɚɥɶɧɨɣ. ȼ ɬɚɛɥɢɰɟ 10-3 ɩɟɪɟɱɢɫɥɟɧɵ ɯɚɪɚɤɬɟɪɢɫɬɢɤɢ ɤɚɠɞɨɣ ɨɛɥɚɫɬɢ ɞɟɣɫɬɜɢɹ ɝɪɭɩɩɵ. . , Windows 2000 native. (nested groups} — , . , , . , | , , Windows 2000 native, . Ʌɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ ɞɨɦɟɧɚ ɹɜɥɹɸɬɫɹ ɩɨɥɧɨɮɭɧɤɰɢɨɧɚɥɶɧɵɦɢ ɬɨɥɶɤɨ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɤɨɝɞɚ ɞɨɦɟɧ ɩɨɞɧɹɬ ɧɚ ɭɪɨɜɟɧɶ Windows 2000 native. ȿɫɥɢ ɞɨɦɟɧ ɜɵɩɨɥɧɹɟɬɫɹ ɧɚ ɫɦɟɲɚɧɧɨɦ (mixed) ɭɪɨɜɧɟ Windows 2000, ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ ɞɨɦɟɧɚ ɪɚɛɨɬɚɸɬ ɬɨɱɧɨ ɬɚɤ ɠɟ, ɤɚɤ ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɜ Windows NT 4. Ƚɪɭɩɩɚ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɪɟɫɭɪɫɵ ɬɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɧɨ ɧɟ ɞɪɭɝɢɯ ɤɨɦɩɶɸɬɟɪɨɜ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɜ ɞɨɦɟɧɟ. ȿɫɥɢ ɞɨɦɟɧ ɛɵɥ ɩɟɪɟɤɥɸɱɟɧ ɧɚ ɟɫɬɟɫɬɜɟɧɧɵɣ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ Windows 2000, ɬɨ ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ ɞɨɦɟɧɚ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɩɪɟɞɨɫɬɚɜɥɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɧɚ ɥɸɛɨɦ ɫɟɪɜɟɪɟ ɫ Windows 2000 ɢɥɢ ɫ Windows Server 2003. . 10-3.
Ɉɛɥɚɫɬɶ ɞɟɣɫɬɜɢɹ ɝɪɭɩɩɵ Domain Local (Ʌɨɤɚɥɶɧɚɹ Ⱦɨɦɟɧɧɚɹ)
Active Directory
ɑɥɟɧɫɬɜɨ ɝɪɭɩɩɵ Ɉɛɥɚɫɬɶ ɞɟɣɫɬɜɢɹ ɜɤɥɸɱɚɟɬ ɝɪɭɩɩɵ ɜɤɥɸɱɚɟɬ ɍɱɟɬɧɵɟ ɡɚɩɢɫɢ ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɡ ɥɸɛɨɝɨ ɧɚɡɧɚɱɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɞɨɦɟɧɚ ɥɟɫɚ ɪɟɫɭɪɫɚɦ ɬɨɥɶɤɨ ɜ ɥɨɤɚɥɶɧɨɦ ɞɨɦɟɧɟ. Ƚɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ ɢɥɢ ɂɫɩɨɥɶɡɭɟɬɫɹ ɧɚ ɜɫɟɯ ɭɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ ɢɡ ɫɟɪɜɟɪɚɯ Windows 2000 ɥɸɛɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ ɢɥɢ Windows Server 2003. ɍɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɝɥɨɛɚɥɶɧɵɟ ɢ ɭɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ ɢɡ ɥɸɛɨɝɨ ɞɨɦɟɧɚ ɞɨɜɟɪɟɧɧɨɝɨ ɥɟɫɚ ȼɥɨɠɟɧɧɵɟ ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ ɞɨɦɟɧɚ ɢɡ ɥɨɤɚɥɶɧɨɝɨ ɞɨɦɟɧɚ
ɍɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɡ ɞɨɦɟɧɚ, ɜ ɤɨɬɨɪɨɦ ɞɚɧɧɚɹ ɝɪɭɩɩɚ ɫɨɡɞɚɧɚ
Global (Ƚɥɨɛɚɥɶɧɚɹ)
ȼɥɨɠɟɧɧɵɟ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ ɢɡ ɬɨɝɨ ɠɟ ɞɨɦɟɧɚ
Universal (ɍɧɢɜɟɪɫɚɥɶɧɚɹ)
ɍɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɡ ɥɸɛɨɝɨ ɞɨɦɟɧɚ ɜ ɥɟɫɟ
Ƚɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ ɢɡ ɥɸɛɨɝɨ ɞɨɦɟɧɚ ɥɟɫɚ ɢɥɢ ɢɡ ɞɨɜɟɪɟɧɧɨɝɨ ɥɟɫɚ ȼɥɨɠɟɧɧɵɟ ɭɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ ɢɡ ɥɸɛɨɝɨ ɞɨɦɟɧɚ ɜ ɥɟɫɟ ɢɥɢ ɢɡ ɞɨɜɟɪɟɧɧɨɝɨ ɥɟɫɚ -
. . Server 2003,
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɜɨ ɜɫɟɯ ɞɨɦɟɧɚɯ ɥɟɫɚ, ɢɥɢ ɦɟɠɞɭ ɞɨɜɟɪɟɧɧɵɦɢ ɥɟɫɚɦɢ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɧɚ ɥɸɛɨɦ ɫɟɪɜɟɪɟ-ɱɥɟɧɟ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ Windows. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɜɨ ɜɫɟɯ ɞɨɦɟɧɚɯ ɥɟɫɚ, ɢɥɢ ɦɟɠɞɭ ɞɨɜɟɪɟɧɧɵɦɢ ɥɟɫɚɦɢ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɬɨɥɶɤɨ ɧɚ ɫɟɪɜɟɪɚɯ Windows 2000 ɢɥɢ Windows Server 2003.
,
, Windows 2000
Windows ,
. . , Windows NT. . Windows 2000 Windows Server 2003, . Ɏɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ ɝɥɨɛɚɥɶɧɵɯ ɝɪɭɩɩ ɜ Active Directory Windows Server 2003 ɢ Active Directory Windows 2000 ɨɫɬɚɸɬɫɹ ɫɨɝɥɚɫɭɸɳɢɦɢɫɹ ɦɟɠɞɭ ɫɨɛɨɣ. ȿɫɥɢ ɞɨɦɟɧ ɛɵɥ ɩɟɪɟɤɥɸɱɟɧ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ Windows 2000 native, ɜɵ ɦɨɠɟɬɟ ɜɤɥɚɞɵɜɚɬɶ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ ɢɡ ɬɨɝɨ ɠɟ ɫɚɦɨɝɨ ɞɨɦɟɧɚ ɜɧɭɬɪɶ ɞɪɭɝɢɯ ɝɥɨɛɚɥɶɧɵɯ ɝɪɭɩɩ. ȿɫɥɢ ɜɚɲ ɞɨɦɟɧ ɪɚɛɨɬɚɟɬ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000 mixed ɢɥɢ native, ɜɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɷɬɭ ɨɩɰɢɸ, ɱɬɨɛɵ ɩɪɟɨɞɨɥɟɬɶ ɨɝɪɚɧɢɱɟɧɢɟ ɱɢɫɥɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɩɹɬɶ ɬɵɫɹɱ ɧɚ ɝɪɭɩɩɭ. ȿɫɥɢ ɝɪɭɩɩɚ ɨɱɟɧɶ ɛɨɥɶɲɚɹ, ɦɨɠɧɨ ɫɨɡɞɚɬɶ ɧɟɫɤɨɥɶɤɨ ɩɨɞɝɪɭɩɩ ɢ ɜɥɨɠɢɬɶ ɢɯ ɜ ɨɞɧɭ ɝɪɭɩɩɭ. ȼɥɨɠɟɧɢɟ ɝɪɭɩɩ ɦɨɠɟɬ ɛɵɬɶ ɩɨɥɟɡɧɵɦ ɢ ɜ ɞɪɭɝɢɯ ɨɛɫɬɨɹɬɟɥɶɫɬɜɚɯ. ɇɚɩɪɢɦɟɪ, ɜɚɲɚ ɤɨɦɩɚɧɢɹ ɫɨɞɟɪɠɢɬ ɧɟɫɤɨɥɶɤɨ ɭɧɢɤɚɥɶɧɵɯ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɣ, ɜ ɤɚɠɞɨɦ ɢɡ ɤɨɬɨɪɵɯ ɟɫɬɶ ɦɟɧɟɞɠɟɪɵ ɢ ɢɫɩɨɥɧɢɬɟɥɢ. ȼɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɝɥɨɛɚɥɶɧɭɸ ɝɪɭɩɩɭ Managers ɞɥɹ ɤɚɠɞɨɝɨ ɩɨɞɪɚɡɞɟɥɟɧɢɹ, ɚ ɡɚɬɟɦ ɜɥɨɠɢɬɶ ɷɬɢ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ ɜ ɟɞɢɧɭɸ ɞɥɹ ɤɨɦɩɚɧɢɢ ɝɪɭɩɩɭ ɦɟɧɟɞɠɟɪɨɜ. ɍɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ ɹɜɥɹɸɬɫɹ ɧɚɢɛɨɥɟɟ ɝɢɛɤɢɦɢ ɝɪɭɩɩɚɦɢ ɜ Active Directory, ɧɨ ɷɬɚ ɝɢɛɤɨɫɬɶ ɞɚɟɬɫɹ «ɧɟ ɛɟɫɩɥɚɬɧɨ». Ɉɧɢ ɦɨɝɭɬ ɫɨɞɟɪɠɚɬɶ ɥɸɛɨɝɨ ɱɥɟɧɚ ɞɨɦɟɧɚ ɥɟɫɚ ɢ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɪɟɫɭɪɫɵ, ɪɚɫɩɨɥɨɠɟɧɧɵɟ ɜ ɥɸɛɨɦ ɞɨɦɟɧɟ ɥɟɫɚ. Ⱦɥɹ ɷɬɨɝɨ ɫɩɢɫɨɤ ɱɥɟɧɫɬɜɚ ɞɥɹ ɜɫɟɯ ɭɧɢɜɟɪɫɚɥɶɧɵɯ ɝɪɭɩɩ ɞɨɥɠɟɧ ɯɪɚɧɢɬɶɫɹ ɜ ɝɥɨɛɚɥɶɧɨɦ ɤɚɬɚɥɨɝɟ (GC) ɤɚɤ ɨɬɞɟɥɶɧɵɣ ɚɬɪɢɛɭɬ. ȿɫɥɢ ɜɚɲ ɞɨɦɟɧ ɪɚɛɨɬɚɟɬ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000 native, ɬɨ ɤɚɠɞɵɣ ɪɚɡ ɩɨɫɥɟ ɞɨɛɚɜɥɟɧɢɹ ɤ ɭɧɢɜɟɪɫɚɥɶɧɨɣ ɝɪɭɩɩɟ ɧɨɜɨɝɨ ɱɥɟɧɚ ɜɟɫɶ ɫɩɢɫɨɤ ɱɥɟɧɨɜ ɞɨɥɠɟɧ ɤɨɩɢɪɨɜɚɬɶɫɹ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. Ⱦɥɹ ɭɧɢɜɟɪɫɚɥɶɧɨɣ ɝɪɭɩɩɵ ɫ ɬɵɫɹɱɚɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɷɬɨ ɦɨɠɟɬ ɩɪɢɜɟɫɬɢ ɤ ɡɧɚɱɢɬɟɥɶɧɨɣ ɪɟɩɥɢɤɚɰɢɢ. Ɉɞɧɚɤɨ ɟɫɥɢ ɞɨɦɟɧ ɛɵɥ ɩɨɞɧɹɬ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ Windows Server 2003, ɬɨ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɟɬɫɹ Windows Server 2003, ɛɭɞɭɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶ ɬɨɥɶɤɨ ɢɡɦɟɧɟɧɢɹ ɜ ɫɩɢɫɤɟ ɱɥɟɧɫɬɜɚ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɭɧɢɜɟɪɫɚɥɶɧɵɯ ɝɪɭɩɩ ɫɨɡɞɚɟɬ ɢ ɞɪɭɝɢɟ ɨɫɥɨɠɧɟɧɢɹ. ɉɨɫɤɨɥɶɤɭ ɨɧɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɜ ɥɸɛɨɦ ɦɟɫɬɟ ɥɟɫɚ, ɚ ɱɥɟɧɵ ɝɪɭɩɩɵ ɦɨɝɭɬ ɧɚɯɨɞɢɬɫɹ ɬɚɤɠɟ ɜ ɥɸɛɨɣ ɱɚɫɬɢ ɥɟɫɚ, ɬɨ GC-ɫɟɪɜɟɪ ɞɨɥɠɟɧ ɛɵɬɶ ɞɨɫɬɭɩɟɧ ɜɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ
ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɞɨɦɟɧ, ɢɧɚɱɟ ɜɯɨɞ ɧɟ ɛɭɞɟɬ ɜɵɩɨɥɧɟɧ. ɗɬɚ ɩɪɨɛɥɟɦɚ ɪɟɲɟɧɚ ɜ Active Directory Windows Server 2003. ȿɫɥɢ ɞɨɦɟɧ ɩɟɪɟɤɥɸɱɟɧ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɭɪɨɜɟɧɶ Windows Server 2003, ɜɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫɚɣɬɚ ɬɚɤ, ɱɬɨɛɵ ɨɧɢ ɤɷɲɢɪɨɜɚɥɢ ɭɧɢɜɟɪɫɚɥɶɧɨɟ ɝɪɭɩɩɨɜɨɟ ɱɥɟɧɫɬɜɨ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɞɨɦɟɧ. ȿɫɥɢ GCɫɟɪɜɟɪ ɧɟɞɨɫɬɭɩɟɧ, ɥɨɤɚɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɤɷɲɢɪɨɜɚɧɧɨɟ ɭɧɢɜɟɪɫɚɥɶɧɨɟ ɝɪɭɩɩɨɜɨɟ ɱɥɟɧɫɬɜɨ ɞɥɹ ɩɨɞɬɜɟɪɠɞɟɧɢɹ ɩɨɞɥɢɧɧɨɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɪɚɧɟɟ ɧɟ ɜɯɨɞɢɥ ɧɚ ɥɨɤɚɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɬɨ ɷɬɚ ɢɧɮɨɪɦɚɰɢɹ ɛɭɞɟɬ ɧɟɞɨɫɬɭɩɧɚ, ɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɟ ɫɦɨɠɟɬ ɜɨɣɬɢ ɜ ɫɢɫɬɟɦɭ. ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɫɢɫɬɟɦɭ, ɢɫɩɨɥɶɡɭɹ ɤɷɲɢɪɨɜɚɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɭɧɢɜɟɪɫɚɥɶɧɨɣ ɝɪɭɩɩɵ, ɧɨ ɪɚɡɪɟɲɟɧɢɹ ɭɧɢɜɟɪɫɚɥɶɧɨɣ ɝɪɭɩɩɵ ɛɵɥɢ ɢɡɦɟɧɟɧɵ, ɬɨ ɧɨɜɵɟ ɪɚɡɪɟɲɟɧɢɹ ɧɟ ɩɪɢɦɟɧɹɬɫɹ ɤ ɥɨɤɚɥɶɧɨɦɭ ɩɨɥɶɡɨɜɚɬɟɥɸ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɭɧɢɜɟɪɫɚɥɶɧɚɹ ɝɪɭɩɩɨɜɚɹ ɢɧɮɨɪɦɚɰɢɹ ɧɟ ɛɭɞɟɬ ɦɨɞɢɮɢɰɢɪɨɜɚɧɚ ɫ GC-ɫɟɪɜɟɪɚ. Active Directory Windows Server 2003 ɫɨɞɟɪɠɢɬ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɜɫɬɪɨɟɧɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɝɪɭɩɩ ɜ ɤɨɧɬɟɣɧɟɪɟ Users (ɉɨɥɶɡɨɜɚɬɟɥɢ) ɢ Builtin (ȼɫɬɪɨɟɧɧɵɣ). ɗɬɢ ɝɪɭɩɩɵ ɢɦɟɸɬ ɪɚɡɧɨɨɛɪɚɡɧɵɟ ɰɟɥɢ ɢ ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɪɚɡɪɟɲɟɧɢɹ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ. Ɍɨɥɶɤɨ ɞɜɟ ɝɪɭɩɩɵ ɩɪɢ ɭɫɬɚɧɨɜɤɟ ɞɨɦɟɧɚ ɫɨɞɟɪɠɚɬ ɧɟɤɨɬɨɪɵɯ ɱɥɟɧɨɜ - ɥɨɤɚɥɶɧɚɹ ɝɪɭɩɩɚ ɞɨɦɟɧɚ Administrators (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ) ɢ ɝɥɨɛɚɥɶɧɚɹ ɝɪɭɩɩɚ Domain Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ). ɍɱɟɬɧɚɹ ɡɚɩɢɫɶ Administrator, ɩɨɞ ɤɨɬɨɪɨɣ ɫɨɡɞɚɜɚɥɫɹ ɞɨɦɟɧ, ɞɨɛɚɜɥɹɟɬɫɹ ɤ ɨɛɟɢɦ ɝɪɭɩɩɚɦ, ɚ ɝɪɭɩɩɚ Domain Admins ɞɨɛɚɜɥɹɟɬɫɹ ɤ ɝɪɭɩɩɟ Administrators. ȿɫɥɢ ɞɨɦɟɧ ɹɜɥɹɟɬɫɹ ɩɟɪɜɵɦ ɞɨɦɟɧɨɦ ɜ ɥɟɫɟ, ɬɨ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ Administrator ɬɚɤɠɟ ɞɨɛɚɜɥɹɟɬɫɹ ɤ ɝɥɨɛɚɥɶɧɨɣ ɝɪɭɩɩɟ Enterprise Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɩɪɟɞɩɪɢɹɬɢɹ) ɢ ɤ ɝɥɨɛɚɥɶɧɨɣ ɝɪɭɩɩɟ Schema Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɫɯɟɦɵ).
ȼ ɪɟɚɥɢɡɚɰɢɢ Active Directory ɩɪɨɟɤɬ ɝɪɭɩɩɵ ɛɟɡɨɩɚɫɧɨɫɬɢ ɹɜɥɹɟɬɫɹ ɧɚɢɛɨɥɟɟ ɞɟɬɚɥɶɧɵɦ ɜ ɪɚɦɤɚɯ ɜɫɟɝɨ ɩɪɨɟɤɬɚ. ȿɝɨ ɫɨɡɞɚɧɢɟ ɦɨɠɟɬ ɛɵɬɶ ɨɱɟɧɶ ɨɛɫɬɨɹɬɟɥɶɧɨɣ ɢ ɤɪɨɩɨɬɥɢɜɨɣ ɪɚɛɨɬɨɣ, ɨɫɨɛɟɧɧɨ ɜ ɛɨɥɶɲɨɣ ɨɪɝɚɧɢɡɚɰɢɢ. ȼ ɞɚɧɧɨɦ ɪɚɡɞɟɥɟ ɨɛɫɭɠɞɚɸɬɫɹ ɨɛɳɢɟ ɩɪɢɧɰɢɩɵ ɫɨɡɞɚɧɢɹ ɩɪɨɟɤɬɚ ɝɪɭɩɩɵ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɥɹ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. ɇɚ ɩɟɪɜɨɦ ɷɬɚɩɟ ɫɨɡɞɚɧɢɹ ɩɪɨɟɤɬɚ ɧɭɠɧɨ ɨɩɪɟɞɟɥɢɬɶ ɨɛɥɚɫɬɶ ɞɟɣɫɬɜɢɹ ɝɪɭɩɩɵ. ȼɨ ɦɧɨɝɢɯ ɤɨɦɩɚɧɢɹɯ ɜɨɡɧɢɤɚɸɬ ɫɟɪɶɟɡɧɵɟ ɞɢɫɤɭɫɫɢɢ ɨ ɬɨɦ, ɤɚɤ ɢɫɩɨɥɶɡɨɜɚɬɶ ɪɚɡɥɢɱɧɵɟ ɝɪɭɩɩɵ. Ⱥ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɵ ɜ Active Directory ɦɨɠɧɨ ɨɱɟɧɶ ɝɢɛɤɨ. ɇɚɩɪɢɦɟɪ, ɜ ɟɞɢɧɫɬɜɟɧɧɨɦ ɞɨɦɟɧɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɛɵɬɶ ɞɨɛɚɜɥɟɧɵ ɤ ɝɪɭɩɩɟ ɫ ɥɸɛɨɣ ɨɛɥɚɫɬɶɸ ɞɟɣɫɬɜɢɹ ɜ ɞɨɦɟɧɟ, ɝɪɭɩɩɵ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɥɸɛɨɣ ɪɟɫɭɪɫ, ɧɚɯɨɞɹɳɢɣɫɹ ɜ ɞɨɦɟɧɟ. ȼ ɫɪɟɞɟ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɞɨɦɟɧɚɦɢ ɢɦɟɟɬɫɹ ɧɟɫɤɨɥɶɤɨ ɜɚɪɢɚɧɬɨɜ ɞɥɹ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɭɧɢɜɟɪɫɚɥɶɧɵɯ, ɝɥɨɛɚɥɶɧɵɯ ɢ ɥɨɤɚɥɶɧɵɯ ɝɪɭɩɩ ɞɨɦɟɧɚ. Ⱦɥɹ ɛɨɥɶɲɢɧɫɬɜɚ ɤɨɦɩɚɧɢɣ ɥɭɱɲɢɣ ɫɩɨɫɨɛ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɛɥɚɫɬɢ ɞɟɣɫɬɜɢɹ ɝɪɭɩɩ ɫɨɫɬɨɢɬ ɜ ɜɵɩɨɥɧɟɧɢɢ ɫɥɟɞɭɸɳɢɯ ɞɟɣɫɬɜɢɣ. • Ⱦɨɛɚɜɶɬɟ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɤ ɝɥɨɛɚɥɶɧɵɦ ɢɥɢ ɭɧɢɜɟɪɫɚɥɶɧɵɦ ɝɪɭɩɩɚɦ. • Ⱦɨɛɚɜɶɬɟ ɝɥɨɛɚɥɶɧɵɟ ɢɥɢ ɭɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ ɤ ɥɨɤɚɥɶɧɵɦ ɝɪɭɩɩɚɦ ɞɨɦɟɧɚ. • ɇɚɡɧɚɱɶɬɟ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ, ɢɫɩɨɥɶɡɭɹ ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ ɞɨɦɟɧɚ. ɇɟɤɨɬɨɪɵɯ ɤɨɦɩɚɧɢɢ ɫɨɩɪɨɬɢɜɥɹɸɬɫɹ ɫɨɡɞɚɧɢɸ ɝɪɭɩɩ ɞɨɦɟɧɚ, ɞɚɠɟ ɟɫɥɢ ɪɟɱɶ ɢɞɟɬ ɨɛ ɨɞɧɨɣ ɝɪɭɩɩɟ, ɧɨ ɢɦɟɸɬɫɹ ɫɟɪɶɟɡɧɵɟ ɩɪɢɱɢɧɵ, ɩɨ ɤɨɬɨɪɵɦ ɥɭɱɲɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɜɟ ɝɪɭɩɩɵ. ȿɫɥɢ ɧɭɠɧɨ ɫɨɡɞɚɬɶ ɝɪɭɩɩɵ ɞɨɦɟɧɚ, ɬɨ ɢɦɟɣɬɟ ɜ ɜɢɞɭ, ɱɬɨ ɝɥɨɛɚɥɶɧɵɟ ɢɥɢ ɭɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ ɞɨɥɠɧɵ ɜɤɥɸɱɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɢɦɟɸɳɢɯ ɱɬɨ-ɥɢɛɨ ɨɛɳɟɟ. Ɉɛɵɱɧɨ ɨɧɢ ɫɨɡɞɚɸɬɫɹ ɧɚ ɛɚɡɟ ɞɟɥɨɜɨɝɨ ɩɨɞɪɚɡɞɟɥɟɧɢɹ ɢɥɢ ɧɚ ɨɫɧɨɜɟ ɨɛɳɟɣ ɮɭɧɤɰɢɨɧɚɥɶɧɨɣ ɰɟɥɢ. ɇɚɩɪɢɦɟɪ, ɜɫɟ ɱɥɟɧɵ ɤɨɦɦɟɪɱɟɫɤɨɝɨ ɨɬɞɟɥɚ ɨɛɵɱɧɨ ɢɦɟɸɬ ɛɨɥɶɲɟ ɨɛɳɟɝɨ ɞɪɭɝ ɫ ɞɪɭɝɨɦ, ɱɟɦ ɫ ɱɥɟɧɚɦɢ ɞɪɭɝɢɯ ɨɬɞɟɥɨɜ. ɂɦ ɬɪɟɛɭɟɬɫɹ ɞɨɫɬɭɩ ɤ ɨɞɧɢɦ ɢ ɬɟɦ ɠɟ ɪɟɫɭɪɫɚɦ ɢ ɨɞɢɧɚɤɨɜɨɟ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ. Ƚɪɭɩɩɨɜɨɟ ɱɥɟɧɫɬɜɨ ɱɚɫɬɨ ɬɚɤɠɟ ɨɪɝɚɧɢɡɭɟɬɫɹ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɣ ɨɫɧɨɜɟ. ȼɫɟ ɦɟɧɟɞɠɟɪɵ ɦɨɝɭɬ ɛɵɬɶ ɫɝɪɭɩɩɢɪɨɜɚɧɵ ɜɦɟɫɬɟ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɤ ɤɚɤɨɦɭ ɩɨɞɪɚɡɞɟɥɟɧɢɸ ɨɧɢ ɩɪɢɧɚɞɥɟɠɚɬ. ȼɫɟ ɱɥɟɧɵ ɩɪɨɟɤɬɧɨɣ ɝɪɭɩɩɵ, ɜɟɪɨɹɬɧɨ, ɛɭɞɭɬ ɧɭɠɞɚɬɶɫɹ ɜ ɞɨɫɬɭɩɟ ɤ ɨɞɧɢɦ ɢ ɬɟɦ ɠɟ ɪɟɫɭɪɫɚɦ ɩɪɨɟɤɬɚ. Ⱦɨɦɟɧɧɵɟ ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ ɨɛɵɱɧɨ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ. ȼɨ ɦɧɨɝɢɯ ɫɥɭɱɚɹɯ ɪɚɡɪɟɲɟɧɢɹ ɬɟɫɧɨ ɫɜɹɡɚɧɵ ɫ ɞɟɥɨɜɵɦɢ ɨɬɞɟɥɚɦɢ ɢɥɢ ɮɭɧɤɰɢɹɦɢ. ɇɚɩɪɢɦɟɪ, ɜɫɟɦ ɱɥɟɧɚɦ ɤɨɦɦɟɪɱɟɫɤɨɝɨ ɨɬɞɟɥɚ ɬɪɟɛɭɟɬɫɹ ɞɨɫɬɭɩ ɤ ɨɞɧɢɦ ɢ ɬɟɦ ɠɟ ɨɛɳɢɦ ɩɚɩɤɚɦ ɩɪɨɞɚɠ, ɜɫɟɦ ɱɥɟɧɚɦ ɩɪɨɟɤɬɧɨɣ ɝɪɭɩɩɵ - ɤ ɨɞɧɨɣ ɢ ɬɨɣ ɠɟ ɩɪɨɟɤɬɧɨɣ ɢɧɮɨɪɦɚɰɢɢ. ȼ ɞɪɭɝɢɯ ɫɥɭɱɚɹɯ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ ɦɨɠɟɬ ɩɟɪɟɫɟɤɚɬɶ ɨɛɵɱɧɵɟ ɞɟɥɨɜɵɟ ɢɥɢ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɝɪɚɧɢɰɵ. Ʉɨɦɩɚɧɢɹ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɛɳɭɸ ɩɚɩɤɭ, ɤ ɤɨɬɨɪɨɣ ɤɚɠɞɵɣ ɜ ɤɨɦɩɚɧɢɢ ɢɦɟɟɬ ɞɨɫɬɭɩ Read
Only (Ɍɨɥɶɤɨ ɞɥɹ ɱɬɟɧɢɹ), ɢɥɢ ɧɟɫɤɨɥɶɤɢɦ ɨɬɞɟɥɚɦ ɢ ɩɪɨɟɤɬɧɵɦ ɝɪɭɩɩɚɦ ɧɭɠɟɧ ɞɨɫɬɭɩ ɤ ɨɞɧɨɣ ɢ ɬɨɣ ɠɟ ɨɛɳɟɣ ɩɚɩɤɟ. ɋɨɡɞɚɜɚɹ ɞɨɦɟɧɧɭɸ ɥɨɤɚɥɶɧɭɸ ɝɪɭɩɩɭ, ɤɨɬɨɪɚɹ ɨɬɧɨɫɢɬɫɹ ɤ ɨɩɪɟɞɟɥɟɧɧɨɦɭ ɫɩɟɰɢɮɢɱɟɫɤɨɦɭ ɪɟɫɭɪɫɭ, ɜɵ ɦɨɠɟɬɟ ɥɟɝɤɨ ɭɩɪɚɜɥɹɬɶ ɞɨɫɬɭɩɨɦ ɤ ɧɟɦɭ: ɞɨɛɚɜɥɹɬɶ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɟ ɝɥɨɛɚɥɶɧɵɟ ɢɥɢ ɭɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ ɤ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɟ ɞɨɦɟɧɚ. ɑɚɫɬɨ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɬɪɟɛɭɟɬɫɹ ɪɚɡɥɢɱɧɵɣ ɭɪɨɜɟɧɶ ɞɨɫɬɭɩɚ ɤ ɫɨɜɦɟɫɬɧɨ ɢɫɩɨɥɶɡɭɟɦɵɦ ɩɚɩɤɚɦ. ɇɚɩɪɢɦɟɪ, ɤɨɦɩɚɧɢɹ ɢɦɟɟɬ ɨɛɳɭɸ ɩɚɩɤɭ Human Resource (Ʉɚɞɪɵ), ɝɞɟ ɯɪɚɧɢɬɫɹ ɜɫɹ ɢɧɮɨɪɦɚɰɢɹ ɨ ɩɨɥɢɫɚɯ ɫɥɭɠɚɳɢɯ. ȼɫɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɞɨɥɠɧɵ ɢɦɟɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɱɢɬɚɬɶ ɢɧɮɨɪɦɚɰɢɸ, ɯɪɚɧɹɳɭɸɫɹ ɜ ɩɚɩɤɟ, ɧɨ ɬɨɥɶɤɨ ɱɥɟɧɵ ɨɬɞɟɥɚ ɤɚɞɪɨɜ ɦɨɝɭɬ ɢɡɦɟɧɹɬɶ ɷɬɭ ɢɧɮɨɪɦɚɰɢɸ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɫɨɡɞɚɸɬɫɹ ɞɜɟ ɞɨɦɟɧɧɵɟ ɥɨɤɚɥɶɧɵɟ ɝɪɭɩɩɵ ɞɥɹ ɨɛɳɟɣ ɩɚɩɤɢ. Ɉɞɧɨɣ ɝɪɭɩɩɟ ɧɚɡɧɚɱɚɟɬɫɹ ɪɚɡɪɟɲɟɧɢɟ Read Only (Ɍɨɥɶɤɨ ɞɥɹ ɱɬɟɧɢɹ), ɞɪɭɝɨɣ - Full Control (ɉɨɥɧɨɟ ɭɩɪɚɜɥɟɧɢɟ) ɢɥɢ Modify (ɂɡɦɟɧɟɧɢɟ). Ɂɚɬɟɦ ɝɥɨɛɚɥɶɧɚɹ ɝɪɭɩɩɚ Human Resources ɦɨɠɟɬ ɛɵɬɶ ɞɨɛɚɜɥɟɧɚ ɤ ɞɨɦɟɧɧɨɣ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɟ, ɤɨɬɨɪɨɣ ɛɵɥɨ ɧɚɡɧɚɱɟɧɨ ɪɚɡɪɟɲɟɧɢɟ Full Control, ɚ ɜɫɟ ɞɪɭɝɢɟ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ, ɤɨɬɨɪɵɟ ɧɭɠɞɚɸɬɫɹ ɬɨɥɶɤɨ ɜ ɞɨɫɬɭɩɟ Read Only, - ɤ ɞɨɦɟɧɧɨɣ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɟ Read Only. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɝɥɨɛɚɥɶɧɵɯ ɢ ɞɨɦɟɧɧɵɯ ɥɨɤɚɥɶɧɵɯ ɝɪɭɩɩ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɵ ɦɨɠɟɬɟ ɪɚɡɞɟɥɹɬɶ ɜɥɚɞɟɧɢɟ ɝɥɨɛɚɥɶɧɵɦɢ ɝɪɭɩɩɚɦɢ ɢ ɞɨɦɟɧɧɵɦɢ ɥɨɤɚɥɶɧɵɦɢ ɝɪɭɩɩɚɦɢ. ȼɚɠɧɨɣ ɩɪɨɛɥɟɦɨɣ ɛɟɡɨɩɚɫɧɨɫɬɢ ɜ ɥɸɛɨɣ ɛɨɥɶɲɨɣ ɤɨɪɩɨɪɚɰɢɢ ɹɜɥɹɟɬɫɹ ɨɛɟɫɩɟɱɟɧɢɟ ɬɨɝɨ, ɱɬɨɛɵ ɬɨɥɶɤɨ ɩɪɚɜɢɥɶɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɢɦɟɥɢ ɞɨɫɬɭɩ ɤ ɥɸɛɨɣ ɨɛɳɟɣ ɢɧɮɨɪɦɚɰɢɢ. ɉɟɪɜɵɣ ɲɚɝ ɡɚɤɥɸɱɚɟɬɫɹ ɜ ɫɨɡɞɚɧɢɢ ɜɥɚɞɟɥɶɰɚ (owner) ɝɪɭɩɩɵ, ɬɚɤɠɟ ɢɡɜɟɫɬɧɨɝɨ ɤɚɤ authorizer (ɭɩɨɥɧɨɦɨɱɟɧɧɵɣ). Ɍɨɥɶɤɨ ɜɥɚɞɟɥɟɰ ɦɨɠɟɬ ɪɚɡɪɟɲɚɬɶ ɥɸɛɭɸ ɦɨɞɢɮɢɤɚɰɢɸ ɜ ɤɨɧɮɢɝɭɪɚɰɢɢ ɝɪɭɩɩɵ. ȼɥɚɞɟɥɶɰɟɦ ɝɥɨɛɚɥɶɧɨɣ ɝɪɭɩɩɵ ɨɛɵɱɧɨ ɹɜɥɹɟɬɫɹ ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɨɬɞɟɥɚ. ȼɥɚɞɟɥɶɰɟɦ ɝɥɨɛɚɥɶɧɨɣ ɝɪɭɩɩɵ, ɨɫɧɨɜɚɧɧɨɣ ɧɚ ɭɱɚɫɬɢɢ ɜ ɩɪɨɟɤɬɟ, — ɦɟɧɟɞɠɟɪ ɩɪɨɟɤɬɚ. Ɍɨɥɶɤɨ ɨɧɢ ɦɨɝɭɬ ɪɚɡɪɟɲɢɬɶ ɥɸɛɨɟ ɢɡɦɟɧɟɧɢɟ ɜ ɫɩɢɫɤɟ ɱɥɟɧɨɜ. ȼɥɚɞɟɥɶɰɟɦ ɞɨɦɟɧɧɨɣ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɵ ɹɜɥɹɟɬɫɹ ɜɥɚɞɟɥɟɰ ɞɚɧɧɵɯ ɢɥɢ ɪɟɫɭɪɫɨɜ*. ȿɫɥɢ ɤɚɠɞɵɣ ɪɟɫɭɪɫ ɜ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ ɢɦɟɟɬ ɜɥɚɞɟɥɶɰɚ, ɹɜɥɹɸɳɟɝɨɫɹ ɟɞɢɧɫɬɜɟɧɧɵɦ ɱɟɥɨɜɟɤɨɦ, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɪɚɡɪɟɲɢɬɶ ɦɨɞɢɮɢɤɚɰɢɢ ɤ ɪɚɡɪɟɲɟɧɢɹɦ ɧɚ ɞɨɫɬɭɩ ɤ ɨɛɳɟɦɭ ɪɟɫɭɪɫɭ, ɬɨ ɨɧ ɬɚɤɠɟ ɫɬɚɧɨɜɢɬɫɹ ɜɥɚɞɟɥɶɰɟɦ ɞɨɦɟɧɧɨɣ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɵ, ɤɨɬɨɪɚɹ ɫɜɹɡɚɧɚ ɫ ɪɟɫɭɪɫɨɦ. ɉɪɟɠɞɟ ɱɟɦ ɝɥɨɛɚɥɶɧɚɹ ɢɥɢ ɭɧɢɜɟɪɫɚɥɶɧɚɹ ɝɪɭɩɩɚ ɛɭɞɟɬ ɞɨɛɚɜɥɟɧɚ ɤ ɞɨɦɟɧɧɨɣ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɟ, ɷɬɨɬ ɜɥɚɞɟɥɟɰ ɞɨɥɠɟɧ ɨɞɨɛɪɢɬɶ ɦɨɞɢɮɢɤɚɰɢɸ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɞɜɭɯ ɭɪɨɜɧɟɣ ɝɪɭɩɩ ɨɫɨɛɟɧɧɨ ɜɚɠɧɨ ɜ ɫɰɟɧɚɪɢɹɯ, ɤɨɝɞɚ ɢɦɟɟɬɫɹ ɧɟɫɤɨɥɶɤɨ ɞɨɦɟɧɨɜ ɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɤɚɠɞɨɝɨ ɞɨɦɟɧɚ ɬɪɟɛɭɟɬɫɹ ɞɨɫɬɭɩ ɤ ɨɛɳɟɦɭ ɪɟɫɭɪɫɭ ɜ ɨɞɧɨɦ ɢɡ ɞɨɦɟɧɨɜ. Ʉɚɤ ɩɨɤɚɡɚɧɨ ɧɚ ɪɢɫɭɧɤɟ 10-6, ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɝɥɨɛɚɥɶɧɭɸ ɝɪɭɩɩɭ ɜ ɤɚɠɞɨɦ ɞɨɦɟɧɟ, ɚ ɡɚɬɟɦ ɞɨɛɚɜɢɬɶ ɷɬɭ ɝɥɨɛɚɥɶɧɭɸ ɝɪɭɩɩɭ ɤ ɞɨɦɟɧɧɨɣ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɟ ɬɨɝɨ ɞɨɦɟɧɚ, ɜ ɤɨɬɨɪɨɦ ɪɚɫɩɨɥɨɠɟɧ ɪɟɫɭɪɫ. . Windows NT , . Windows NT, . Windows 2000 Windows Server 2003, Windows 2000 native, , . , .
. 10-6.
Ɉɞɧɢɦ ɢɡ ɨɫɧɨɜɧɵɯ ɜɨɩɪɨɫɨɜ ɩɪɢ ɫɨɡɞɚɧɢɢ ɩɪɨɟɤɬɚ ɝɪɭɩɩɵ ɛɟɡɨɩɚɫɧɨɫɬɢ ɹɜɥɹɟɬɫɹ ɜɨɩɪɨɫ ɨ ɬɨɦ, ɤɨɝɞɚ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɥɨɛɚɥɶɧɵɟ ɝɪɭɩɩɵ, ɚ ɤɨɝɞɚ - ɭɧɢɜɟɪɫɚɥɶɧɵɟ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɭ ɜɚɫ ɧɟɬ ɜɵɛɨɪɚ. ɇɚɩɪɢɦɟɪ, ɜ Exchange 2000 Server ɝɪɭɩɩɵ, ɩɨɞɞɟɪɠɢɜɚɸɳɢɟ ɷɥɟɤɬɪɨɧɧɭɸ ɩɨɱɬɭ, ɡɚɦɟɧɹɸɬ ɫɩɢɫɤɢ ɪɚɫɫɵɥɤɢ, ɢɫɩɨɥɶɡɭɟɦɵɟ ɜ Exchange Server 5.5 ɞɥɹ ɝɪɭɩɩɢɪɨɜɤɢ ɩɨɥɭɱɚɬɟɥɟɣ ɷɥɟɤɬɪɨɧɧɨɣ ɩɨɱɬɵ ɢ ɧɚɡɧɚɱɟɧɢɹ ɞɨɫɬɭɩɚ ɤ ɨɛɳɢɦ ɩɚɩɤɚɦ. ȿɫɥɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɝɪɭɩɩɵ, ɩɨɞɞɟɪɠɢɜɚɸɳɢɟ ɷɥɟɤɬɪɨɧɧɭɸ ɩɨɱɬɭ ɞɥɹ Exchange 2000 Server, ɜɵ ɞɨɥɠɧɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɭɧɢɜɟɪɫɚɥɶɧɭɸ ɝɪɭɩɩɭ. ɉɪɢ ɩɟɪɟɯɨɞɟ ɨɬ Exchange Server 5.5 ɤ Exchange 2000 Server ɫɥɟɞɭɟɬ ɡɚɦɟɧɢɬɶ ɤɚɠɞɵɣ ɫɩɢɫɨɤ ɪɚɫɫɵɥɤɢ ɢɡ Exchange Server 5.5 ɭɧɢɜɟɪɫɚɥɶɧɨɣ ɝɪɭɩɩɨɣ, ɩɨɞɞɟɪɠɢɜɚɸɳɟɣ ɷɥɟɤɬɪɨɧɧɭɸ ɩɨɱɬɭ. ȿɫɥɢ ɢɦɟɟɬɫɹ ɛɨɥɟɟ ɨɞɧɨɝɨ ɞɨɦɟɧɚ, ɨɛɹɡɚɬɟɥɶɧɨ ɢɫɩɨɥɶɡɭɣɬɟ ɭɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ ɞɥɹ ɝɪɭɩɩ, ɩɨɞɞɟɪɠɢɜɚɸɳɢɯ ɷɥɟɤɬɪɨɧɧɭɸ ɩɨɱɬɭ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɧɚɢɥɭɱɲɟɣ ɩɪɚɤɬɢɤɨɣ ɩɪɢ ɫɨɡɞɚɧɢɢ ɩɪɨɟɤɬɚ ɭɧɢɜɟɪɫɚɥɶɧɨɣ ɝɪɭɩɩɵ ɜ Active Directory Windows 2000 ɹɜɥɹɥɚɫɶ ɦɢɧɢɦɢɡɚɰɢɹ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɭɧɢɜɟɪɫɚɥɶɧɵɯ ɝɪɭɩɩ, ɨɫɨɛɟɧɧɨ ɟɫɥɢ ɢɦɟɥɢɫɶ ɫɚɣɬɵ, ɫɜɹɡɚɧɧɵɟ ɦɟɞɥɟɧɧɵɦɢ ɫɟɬɟɜɵɦɢ ɩɨɞɤɥɸɱɟɧɢɹɦɢ. ɉɪɢɱɢɧɚ ɷɬɨɝɨ ɛɵɥɚ ɫɜɹɡɚɧɚ ɫ ɩɪɨɛɥɟɦɚɦɢ ɪɟɩɥɢɤɚɰɢɢ GC-ɤɚɬɚɥɨɝɚ. ɗɬɚ ɪɟɤɨɦɟɧɞɚɰɢɹ ɜɫɟ ɟɳɟ ɜɟɪɧɚ ɞɥɹ ɥɟɫɚ, ɪɚɛɨɬɚɸɳɟɝɨ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000. ȿɫɥɢ ɜɚɲ ɥɟɫ Windows Server 2003 ɛɵɥ ɩɟɪɟɤɥɸɱɟɧ ɧɚ ɭɪɨɜɟɧɶ Windows Server 2003 ɢɥɢ Windows Server 2003 interim (ɜɪɟɦɟɧɧɵɣ), ɬɨ ɩɪɨɛɥɟɦɚ, ɫɜɹɡɚɧɧɚɹ ɫ ɪɟɩɥɢɤɚɰɢɟɣ, ɛɨɥɶɲɟ ɧɟ ɫɭɳɟɫɬɜɭɟɬ. Ʉɪɨɦɟ ɬɨɝɨ, ɨɩɰɢɹ, ɜɤɥɸɱɚɸɳɚɹ ɤɷɲɢɪɨɜɚɧɢɟ GC-ɤɚɬɚɥɨɝɚ, ɭɦɟɧɶɲɚɟɬ ɩɨɬɪɟɛɧɨɫɬɶ ɜ ɪɚɡɜɟɪɬɵɜɚɧɢɢ GC-ɫɟɪɜɟɪɨɜ ɜ ɤɚɠɞɨɦ ɫɚɣɬɟ. ɉɨɷɬɨɦɭ ɪɟɲɟɧɢɟ, ɤɚɫɚɸɳɟɟɫɹ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɭɧɢɜɟɪɫɚɥɶɧɵɯ ɢɥɢ ɝɥɨɛɚɥɶɧɵɯ ɝɪɭɩɩ, ɧɟ ɨɫɨɛɨ ɤɪɢɬɢɱɧɨ ɞɥɹ Active Directory Windows Server 2003. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɥɨɛɚɥɶɧɵɟ ɢ ɭɧɢɜɟɪɫɚɥɶɧɵɟ ɝɪɭɩɩɵ ɩɨɱɬɢ ɜɡɚɢɦɨɡɚɦɟɧɹɟɦɨ.
ȿɳɟ ɨɞɢɧ ɬɢɩ ɨɛɴɟɤɬɨɜ Active Directory - ɷɬɨ ɨɛɴɟɤɬ computer (ɤɨɦɩɶɸɬɟɪ). ȼ Active Directory ɢɦɟɟɬɫɹ ɞɜɚ ɬɢɩɚ ɬɚɤɢɯ ɨɛɴɟɤɬɨɜ. ɉɟɪɜɵɣ - ɷɬɨ ɨɛɴɟɤɬ domain controller (ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ), ɤɨɬɨɪɵɣ ɫɨɡɞɚɟɬɫɹ ɩɪɢ ɧɚɡɧɚɱɟɧɢɢ ɫɟɪɜɟɪɚ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɨɛɴɟɤɬɵ domain controller ɪɚɫɩɨɥɨɠɟɧɵ ɜ OU Domain Controllers. ȼɵ ɦɨɠɟɬɟ ɩɟɪɟɦɟɳɚɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɢɡ ɷɬɨɣ OU, ɧɨ ɞɟɥɚɬɶ ɷɬɨ ɫɥɟɞɭɟɬ ɫ ɨɫɬɨɪɨɠɧɨɫɬɶɸ. Ɇɧɨɝɢɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɜ OU Domain Controllers, ɢ ɩɟɪɟɦɟɳɟɧɢɟ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɢɡ ɷɬɨɝɨ ɤɨɧɬɟɣɧɟɪɚ ɦɨɠɟɬ ɫɟɪɶɟɡɧɨ ɢɡɦɟɧɢɬɶ ɧɚɫɬɪɨɣɤɭ ɛɟɡɨɩɚɫɧɨɫɬɢ. ȼɬɨɪɨɣ ɬɢɩ ɨɛɴɟɤɬɨɜ computer - ɷɬɨ ɨɛɴɟɤɬɵ, ɩɪɟɞɫɬɚɜɥɹɸɳɢɟ ɜɫɟ ɩɪɨɱɢɟ ɤɨɦɩɶɸɬɟɪɵ, ɤɨɬɨɪɵɟ ɹɜɥɹɸɬɫɹ ɱɥɟɧɚɦɢ ɞɨɦɟɧɚ. ɍɱɟɬɧɵɟ ɡɚɩɢɫɢ ɷɬɢɯ ɤɨɦɩɶɸɬɟɪɨɜ ɫɨɡɞɚɸɬɫɹ ɜ Active Directory ɜ ɡɚɞɚɧɧɨɦ ɩɨ ɭɦɨɥɱɚɧɢɸ ɤɨɧɬɟɣɧɟɪɟ Computers. Ɉɛɵɱɧɨ ɨɛɴɟɤɬɵ computer ɢɡ ɷɬɨɝɨ ɤɨɧɬɟɣɧɟɪɚ ɩɟɪɟɦɟɳɚɸɬɫɹ ɜ ɨɩɪɟɞɟɥɟɧɧɵɟ OU, ɱɬɨɛɵ ɜɵ ɦɨɝɥɢ ɭɩɪɚɜɥɹɬɶ ɤɨɦɩɶɸɬɟɪɚɦɢ ɪɚɡɧɵɦɢ ɫɩɨɫɨɛɚɦɢ. ɇɚɩɪɢɦɟɪ, ɛɭɞɟɬ ɪɚɡɥɢɱɚɬɶɫɹ ɭɩɪɚɜɥɟɧɢɟ ɫɟɪɜɟɪɚɦɢ ɢ ɪɚɛɨɱɢɦɢ ɫɬɚɧɰɢɹɦɢ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ, ɩɨɷɬɨɦɭ ɧɭɠɧɨ ɫɨɡɞɚɬɶ ɞɜɟ ɨɬɞɟɥɶɧɵɯ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɯ ɟɞɢɧɢɰɵ (OU). Ɂɚɱɚɫɬɭɸ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ ɪɚɡɛɢɜɚɸɬɫɹ ɧɚ ɛɨɥɟɟ ɦɟɥɤɢɟ ɝɪɭɩɩɵ. Ɋɚɛɨɱɢɦ ɫɬɚɧɰɢɹɦ ɤɨɦɦɟɪɱɟɫɤɨɝɨ ɨɬɞɟɥɚ ɛɭɞɭɬ ɬɪɟɛɨɜɚɬɶɫɹ ɩɪɢɥɨɠɟɧɢɹ, ɨɬɥɢɱɧɵɟ ɨɬ ɩɪɢɥɨɠɟɧɢɣ, ɧɟɨɛɯɨɞɢɦɵɯ ɪɚɛɨɱɢɦ ɫɬɚɧɰɢɹɦ ɬɟɯɧɢɱɟɫɤɨɝɨ ɨɬɞɟɥɚ. ɋɨɡɞɚɜɚɹ ɞɜɟ OU ɢ ɩɨɦɟɳɚɹ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ ɜ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɟ OU, ɜɵ ɦɨɠɟɬɟ ɪɚɡɧɵɦɢ ɫɩɨɫɨɛɚɦɢ ɭɩɪɚɜɥɹɬɶ ɞɜɭɦɹ ɬɢɩɚɦɢ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ. Ʉɨɦɩɶɸɬɟɪɧɵɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɫɨɡɞɚɸɬɫɹ ɜ ɞɨɦɟɧɟ ɩɪɢ ɩɪɢɫɨɟɞɢɧɟɧɢɢ ɤɨɦɩɶɸɬɟɪɚ ɤ ɞɨɦɟɧɭ, ɧɨ ɦɨɝɭɬ ɫɨɡɞɚɜɚɬɶɫɹ ɢ ɩɪɟɞɜɚɪɢɬɟɥɶɧɨ. . , Windows NT, Windows 2000, Microsoft Windows XP Professional Windows Server 2003, . , Microsoft Windows 95 Microsoft Windows 98, . ȼɵ ɛɭɞɟɬɟ ɪɟɞɤɨ ɭɩɪɚɜɥɹɬɶ ɤɨɦɩɶɸɬɟɪɧɵɦɢ ɨɛɴɟɤɬɚɦɢ ɜ Active Directory ɧɚɩɪɹɦɭɸ. ȿɫɥɢ ɳɟɥɤɧɭɬɶ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɤɨɦɩɶɸɬɟɪɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɜ Active Directory, ɜɵ ɭɜɢɞɢɬɟ, ɱɬɨ ɢɦɟɟɬɫɹ ɫɨɜɫɟɦ ɧɟɦɧɨɝɨ ɨɩɰɢɣ ɭɩɪɚɜɥɟɧɢɹ. Ɉɞɧɚ ɢɡ ɨɩɰɢɣ - ɩɟɪɟɭɫɬɚɧɨɜɤɚ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɚ. ɂɫɩɨɥɶɡɭɣɬɟ ɟɟ ɨɫɬɨɪɨɠɧɨ, ɩɨɬɨɦɭ ɱɬɨ ɩɪɢ ɩɟɪɟɭɫɬɚɧɨɜɤɟ ɧɚɪɭɲɚɟɬɫɹ ɫɜɹɡɶ ɤɨɦɩɶɸɬɟɪɚ ɫ ɨɩɪɟɞɟɥɟɧɧɵɦ ɞɨɦɟɧɨɦ, ɢ ɤɨɦɩɶɸɬɟɪ ɞɨɥɠɟɧ ɡɚɧɨɜɨ ɩɪɢɫɨɟɞɢɧɹɬɶɫɹ ɤ ɞɨɦɟɧɭ. Ɉɱɟɧɶ ɩɨɥɟɡɧɚɹ ɨɩɰɢɹ ɩɨɡɜɨɥɹɟɬ ɥɸɛɨɦɭ ɤɨɦɩɶɸɬɟɪɭ ɢɡ Active Directory ɨɛɪɚɬɢɬɶɫɹ ɤ ɩɪɢɥɨɠɟɧɢɸ Computer Management (ɍɩɪɚɜɥɟɧɢɟ ɤɨɦɩɶɸɬɟɪɨɦ). ɇɚɣɞɢɬɟ ɤɨɦɩɶɸɬɟɪ ɜ ɢɧɫɬɪɭɦɟɧɬɟ Active Directory Users And Computers, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɡɧɚɱɤɟ ɧɭɠɧɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɢɥɢ ɫɟɪɜɟɪɚ ɢ ɜɵɛɟɪɢɬɟ Manage (ɍɩɪɚɜɥɟɧɢɟ). Ɉɬɤɪɨɟɬɫɹ ɆɆɋ-ɤɨɧɫɨɥɶ Computer Management, ɫɨɞɟɪɠɚɳɚɹ ɩɚɪɚɦɟɬɪɵ ɜɵɛɪɚɧɧɨɣ ɜɚɦɢ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɢɥɢ ɫɟɪɜɟɪɚ. . , Active Directory, , Active Directory . 11, 12 13 , .
printer
Ɍɪɟɬɶɹ ɝɪɭɩɩɚ ɨɛɴɟɤɬɨɜ Active Directory ɫɨɫɬɨɢɬ ɢɡ ɨɛɴɟɤɬɨɜ printer. ȼɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɨɛɴɟɤɬ printer ɩɭɬɟɦ ɨɩɭɛɥɢɤɨɜɚɧɢɹ ɩɪɢɧɬɟɪɚ ɜ Active Directory, ɩɪɢ ɷɬɨɦ ɫɨɯɪɚɧɹɸɬɫɹ ɬɚɤɢɟ ɚɬɪɢɛɭɬɵ ɩɪɢɧɬɟɪɚ, ɤɚɤ ɦɟɫɬɨ ɟɝɨ ɪɚɫɩɨɥɨɠɟɧɢɹ, ɚ ɬɚɤɠɟ ɫɜɨɣɫɬɜɚ ɩɪɢɧɬɟɪɚ (ɫɤɨɪɨɫɬɶ ɩɟɱɚɬɢ, ɜɨɡɦɨɠɧɨɫɬɶ ɰɜɟɬɧɨɣ ɩɟɱɚɬɢ ɢ ɞɪɭɝɢɟ). Ɉɫɧɨɜɚɧɢɟɦ ɞɥɹ ɩɭɛɥɢɤɚɰɢɢ ɨɛɴɟɤɬɨɜ printer ɜ Active Directory ɹɜɥɹɟɬɫɹ ɨɛɥɟɝɱɟɧɢɟ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɩɨɢɫɤɚ ɢ ɫɨɟɞɢɧɟɧɢɹ ɫ ɫɟɬɟɜɵɦɢ ɩɪɢɧɬɟɪɚɦɢ.
Active Directory
ɉɨ ɭɦɨɥɱɚɧɢɸ ɥɸɛɨɣ ɩɪɢɧɬɟɪ, ɭɫɬɚɧɨɜɥɟɧɧɵɣ ɧɚ ɫɟɪɜɟɪɟ ɫ Windows 2000 ɢɥɢ Windows Server 2003, ɤ ɤɨɬɨɪɨɦɭ ɪɚɡɪɟɲɟɧ ɨɛɳɢɣ ɞɨɫɬɭɩ, ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɩɭɛɥɢɤɭɟɬɫɹ ɜ Active Directory. ȿɫɥɢ ɷɬɨɝɨ ɧɟ ɬɪɟɛɭɟɬɫɹ, ɦɨɠɧɨ ɨɱɢɫɬɢɬɶ ɨɩɰɢɸ List In The Directory (Ɂɚɪɟɝɢɫɬɪɢɪɨɜɚɬɶ ɜ ɤɚɬɚɥɨɝɟ) ɜ ɨɤɧɟ Properties (ɋɜɨɣɫɬɜɚ) ɩɪɢɧɬɟɪɚ. Ɉɞɧɚɤɨ ɟɫɥɢ ɩɪɢɧɬɟɪ ɪɚɫɩɨɥɨɠɟɧ ɧɚ ɫɟɪɜɟɪɟ ɫ ɫɢɫɬɟɦɨɣ Windows NT ɢɥɢ ɞɪɭɝɨɣ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɨɣ, ɜɵ ɞɨɥɠɧɵ ɜɪɭɱɧɭɸ ɨɩɭɛɥɢɤɨɜɚɬɶ ɩɪɢɧɬɟɪ ɜ Active Directory. ɑɬɨɛɵ ɜɵɩɨɥɧɢɬɶ ɷɬɨ, ɧɚɣɞɢɬɟ ɨɛɴɟɤɬ container, ɜ ɤɨɬɨɪɨɦ ɜɵ ɯɨɬɢɬɟ ɨɩɭɛɥɢɤɨɜɚɬɶ ɨɛɴɟɤɬ printer, ɳɟɥɤɧɢɬɟ ɧɚ ɧɟɦ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɢ ɜɵɛɟɪɢɬɟ New
(ɇɨɜɵɣ)>Printer (ɉɪɢɧɬɟɪ). Ɂɚɬɟɦ ɧɚɩɟɱɚɬɚɣɬɟ UNC-ɩɭɬɶ ɧɚ ɨɛɳɟɞɨɫɬɭɩɧɵɣ ɤɨɦɩɶɸɬɟɪ. С . Windows NT Windows 2000 Windows Server 2003, Windows NT Active Directory. Microsoft Pubprn.vbs, .Э %systemroot %\system32. ɉɭɛɥɢɤɚɰɢɹ ɩɪɢɧɬɟɪɚ ɜ Active Directory ɧɭɠɧɚ ɞɥɹ ɩɨɢɫɤɚ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ ɨɛɴɟɤɬɨɜ printer ɜ Active Directory. ɉɨɫɥɟ ɩɭɛɥɢɤɚɰɢɢ ɩɪɢɧɬɟɪɚ ɢɧɮɨɪɦɚɰɢɹ ɨ ɧɟɦ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɪɟɝɢɫɬɪɢɪɭɟɬɫɹ ɜ ɨɤɧɟ Properties (ɋɜɨɣɫɬɜɚ) ɩɪɢɧɬɟɪɚ, ɞɨɫɬɭɩɧɨɝɨ ɢɡ ɢɧɫɬɪɭɦɟɧɬɚ Active Directory Users And Computers. ɗɬɚ ɢɧɮɨɪɦɚɰɢɹ ɧɭɠɧɚ ɩɨɥɶɡɨɜɚɬɟɥɸ, ɤɨɬɨɪɵɣ ɢɳɟɬ ɨɩɪɟɞɟɥɟɧɧɵɣ ɩɪɢɧɬɟɪ, ɧɚɩɪɢɦɟɪ, ɰɜɟɬɧɨɣ ɩɪɢɧɬɟɪ, ɤɨɬɨɪɵɣ ɩɟɱɚɬɚɟɬ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɲɟɫɬɶ ɫɬɪɚɧɢɰ ɜ ɦɢɧɭɬɭ. ȿɫɥɢ ɷɬɚ ɢɧɮɨɪɦɚɰɢɹ ɯɪɚɧɢɬɫɹ ɜ Active Directory, ɤɥɢɟɧɬ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɩɰɢɸ A Printer On The Network (ɋɟɬɟɜɨɣ ɩɪɢɧɬɟɪ) ɨɩɟɪɚɰɢɢ Search (ɉɨɢɫɤ), ɜɵɛɪɚɧɧɨɣ ɢɡ ɦɟɧɸ Start (ɉɭɫɤ), ɱɬɨɛɵ ɧɚɣɬɢ ɜɫɟ ɩɪɢɧɬɟɪɵ, ɭɞɨɜɥɟɬɜɨɪɹɸɳɢɟ ɷɬɢɦ ɬɪɟɛɨɜɚɧɢɹɦ. ɇɚ ɪɢɫɭɧɤɟ 10-7 ɩɨɤɚɡɚɧɨ ɨɤɧɨ ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɫ ɫɢɫɬɟɦɨɣ Windows ɏɊ Professional. Ʉɚɤ ɬɨɥɶɤɨ ɫɟɬɟɜɨɣ ɩɪɢɧɬɟɪ ɧɚɣɞɟɧ, ɩɨɥɶɡɨɜɚɬɟɥɶ ɦɨɠɟɬ ɳɟɥɤɧɭɬɶ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɩɪɢɧɬɟɪɟ ɢ ɜɵɛɪɚɬɶ Connect (ɉɨɞɤɥɸɱɢɬɶ), ɱɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ ɩɪɢɧɬɟɪ ɧɚ ɦɚɲɢɧɟ ɤɥɢɟɧɬɚ. ȿɫɥɢ ɨɛɴɟɤɬɵ printer ɨɩɭɛɥɢɤɨɜɚɧɵ ɜ Active Directory, ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɢɦɢ ɢɫɩɨɥɶɡɭɟɬɫɹ ɪɟɞɚɤɬɨɪ Group Policy Object Editor (ɫɦ. ɪɢɫ. 10-8). Ⱦɜɟ ɨɩɰɢɢ, ɤɨɬɨɪɵɟ ɜɵ ɦɨɠɟɬɟ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ, ɢɫɩɨɥɶɡɭɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ, ɭɩɪɚɜɥɹɸɬ ɭɞɚɥɟɧɢɟɦ ɩɪɢɧɬɟɪɚ. Ɉɧɢ ɤɚɫɚɸɬɫɹ ɚɜɬɨɦɚɬɢɱɟɫɤɨɝɨ ɭɞɚɥɟɧɢɹ ɨɛɴɟɤɬɨɜ printer Active Directory, ɟɫɥɢ ɨɛɴɟɤɬ printer ɭɫɬɚɪɟɜɚɟɬ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɩɪɢɧɬɟɪ ɭɞɚɥɟɧ ɢɡ ɫɟɪɜɟɪɚ ɩɟɱɚɬɢ, ɢɥɢ ɟɫɥɢ ɨɧ ɛɨɥɶɲɟ ɧɟɞɨɫɬɭɩɟɧ ɧɚ ɫɟɪɜɟɪɟ ɞɥɹ ɫɨɜɦɟɫɬɧɨɝɨ ɩɨɥɶɡɨɜɚɧɢɹ, ɭɞɚɥɟɧɢɟ ɩɪɢɧɬɟɪɚ ɭɞɚɥɢɬ ɨɛɴɟɤɬ printer. ɉɨ ɭɦɨɥɱɚɧɢɸ ɨɞɢɧ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ Active Directory ɩɪɨɛɭɟɬ ɜɯɨɞɢɬɶ ɜ ɤɨɧɬɚɤɬ ɫ ɤɚɠɞɵɦ ɫɟɪɜɟɪɨɦ ɩɟɱɚɬɢ ɤɚɠɞɵɟ 8 ɱɚɫɨɜ, ɱɬɨɛɵ ɩɨɞɬɜɟɪɞɢɬɶ ɩɪɚɜɢɥɶɧɨɫɬɶ ɢɧɮɨɪɦɚɰɢɢ ɨ ɩɪɢɧɬɟɪɟ. ȿɫɥɢ ɫɟɪɜɟɪ ɩɟɱɚɬɢ ɧɟ ɨɬɜɟɱɚɟɬ, ɨɛɴɟɤɬ printer ɭɞɚɥɹɟɬɫɹ ɢɡ Active Directory. ɉɪɢ ɤɚɠɞɨɦ ɡɚɩɭɫɤɟ ɫɟɪɜɟɪɚ ɩɟɱɚɬɢ Windows 2000, ɢɥɢ ɛɨɥɟɟ ɩɨɡɞɧɟɣ ɜɟɪɫɢɢ, ɨɧ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɩɨɜɬɨɪɧɨ ɪɟɝɢɫɬɪɢɪɭɟɬ ɨɛɳɢɟ ɩɪɢɧɬɟɪɵ ɧɚ ɫɟɪɜɟɪɟ ɜ Active Directory. ȼɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɚɪɚɦɟɬɪɵ ɭɞɚɥɟɧɢɹ ɩɪɢɧɬɟɪɚ, ɢɫɩɨɥɶɡɭɹ ɪɟɞɚɤɬɨɪ Group Policy Object Editor.
. 10-7.
Active Directory
. 10-8. Policy Object Editor
Group
Ɉɞɧɚ ɢɡ ɧɚɢɛɨɥɟɟ ɢɧɬɟɪɟɫɧɵɯ ɨɩɰɢɣ Active Directory, ɩɪɟɞɧɚɡɧɚɱɟɧɧɚɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɨɛɴɟɤɬɚɦɢ printer — ɷɬɨ ɨɩɰɢɹ, ɩɨɡɜɨɥɹɸɳɚɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɩɨɤɚɡɵɜɚɬɶ ɦɟɫɬɨɩɨɥɨɠɟɧɢɟ ɩɪɢɧɬɟɪɚ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɜɵɩɨɥɧɹɸɳɢɯ ɩɨɢɫɤ ɩɪɢɧɬɟɪɚ. ȼɨ ɦɧɨɝɢɯ ɤɨɦɩɚɧɢɹɯ, ɢɦɟɸɳɢɯ ɧɟɫɤɨɥɶɤɨ ɨɮɢɫɨɜ, ɟɫɬɶ ɫɥɭɠɚɳɢɟ, ɤɨɬɨɪɵɟ ɩɭɬɟɲɟɫɬɜɭɸɬ ɦɟɠɞɭ ɧɢɦɢ. Ȼɨɥɶɲɢɧɫɬɜɨ ɤɨɦɩɚɧɢɣ ɢɦɟɟɬ ɤɨɦɧɚɬɵ ɞɥɹ ɫɨɛɪɚɧɢɣ, ɤɨɬɨɪɵɟ ɧɚɯɨɞɹɬɫɹ ɜ ɪɚɡɥɢɱɧɵɯ ɱɚɫɬɹɯ ɡɞɚɧɢɹ. ȼɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɢ ɩɟɪɟɦɟɳɚɸɬɫɹ ɢɡ ɨɞɧɨɣ ɱɚɫɬɢ ɤɨɦɩɚɧɢɢ ɜ ɞɪɭɝɭɸ, ɨɧɢ ɞɨɥɠɧɵ ɢɦɟɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɩɟɱɚɬɚɬɶ. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɟ ɡɧɚɟɬ, ɝɞɟ ɧɚɯɨɞɹɬɫɹ ɩɪɢɧɬɟɪɵ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɟ ɞɥɹ ɩɟɱɚɬɢ ɜ ɞɚɧɧɨɦ ɦɟɫɬɟ, ɬɨ ɩɨɢɫɤ ɛɥɢɠɚɣɲɟɝɨ ɩɪɢɧɬɟɪɚ ɦɨɠɟɬ ɡɚɧɹɬɶ ɧɟɤɨɬɨɪɨɟ ɜɪɟɦɹ. ɉɨɢɫɤ ɩɪɢɧɬɟɪɨɜ ɦɨɠɧɨ ɭɩɪɨɫɬɢɬɶ, ɧɚɡɧɚɱɚɹ ɤɚɠɞɨɦɭ ɩɪɢɧɬɟɪɭ ɦɟɫɬɨ ɜ Active Directory, ɚ ɡɚɬɟɦ ɢɫɩɨɥɶɡɭɹ ɪɚɫɩɨɥɨɠɟɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɞɥɹ ɩɪɟɞɨɫɬɚɜɥɟɧɢɹ ɫɩɢɫɤɚ ɩɪɢɧɬɟɪɨɜ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɛɥɢɡɤɨ ɤ ɧɟɦɭ. ɗɬɢ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ ɨɫɧɨɜɚɧɵ ɧɚ ɤɨɧɮɢɝɭɪɚɰɢɢ ɫɚɣɬɚ ɜ ɜɚɲɟɣ ɫɟɬɢ. ɑɬɨɛɵ ɜɤɥɸɱɢɬɶ ɦɨɧɢɬɨɪɢɧɝ ɦɟɫɬɚ ɪɚɫɩɨɥɨɠɟɧɢɹ ɩɪɢɧɬɟɪɚ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. Ɉɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Sites And Services ɢ ɧɚɣɞɢɬɟ ɨɛɴɟɤɬ subnet (ɩɨɞɫɟɬɶ), ɜ ɤɨɬɨɪɨɦ ɜɤɥɸɱɢɬɟ ɦɨɧɢɬɨɪɢɧɝ ɦɟɫɬɨɩɨɥɨɠɟɧɢɹ ɩɪɢɧɬɟɪɨɜ. ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɨɛɴɟɤɬɟ subnet ɢ ɜɵɛɟɪɢɬɟ Properties (ɋɜɨɣɫɬɜɚ). ɓɟɥɤɧɢɬɟ ɧɚ ɜɤɥɚɞɤɟ Location (Ɇɟɫɬɨɩɨɥɨɠɟɧɢɟ) ɢ ɜɜɟɞɢɬɟ ɡɧɚɱɟɧɢɟ location (ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ) ɞɥɹ ɷɬɨɣ ɩɨɞɫɟɬɢ. Ɂɚɩɢɫɶ ɦɟɫɬɚ ɪɚɫɩɨɥɨɠɟɧɢɹ ɞɨɥɠɧɚ ɢɦɟɬɶ ɮɨɪɦɚɬ: location/sublocation (Ɉɛɳɟɟ ɪɚɫɩɨɥɨɠɟɧɢɟ/ɞɟɬɚɥɢɡɢɪɨɜɚɧɧɨɟ ɪɚɫɩɨɥɨɠɟɧɢɟ) (ɧɚɩɪɢɦɟɪ, Ƚɥɚɜɧɵɣ ɨɮɢɫ/Ɍɪɟɬɢɣ ɷɬɚɠ). 2. ɂɫɩɨɥɶɡɭɣɬɟ ɪɟɞɚɤɬɨɪ Group Policy Object Editor ɞɥɹ ɜɤɥɸɱɟɧɢɹ ɩɨɥɢɬɢɤɢ Pre-Popula-te Printer Search Location Text (ɉɪɟɞɜɚɪɢɬɟɥɶɧɨ ɡɚɩɨɥɧɢɬɶ ɬɟɤɫɬ, ɭɤɚɡɵɜɚɸɳɢɣ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɩɪɢɧɬɟɪɚ ɩɪɢ ɩɨɢɫɤɟ) ɞɥɹ ɜɵɛɪɚɧɧɨɝɨ ɤɨɧɬɟɣɧɟɪɚ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɷɬɨ ɞɟɥɚɟɬɫɹ ɧɚ ɭɪɨɜɧɟ ɞɨɦɟɧɚ. 3. ɇɚ ɜɚɲɟɦ ɫɟɪɜɟɪɟ ɩɟɱɚɬɢ ɨɛɪɚɬɢɬɟɫɶ ɤ ɨɤɧɭ Properties ɞɥɹ ɤɚɠɞɨɝɨ ɩɪɢɧɬɟɪɚ. ɇɚ ɜɤɥɚɞɤɟ General (Ɉɛɳɟɟ) ɜɵ ɦɨɠɟɬɟ ɡɚɩɨɥɧɢɬɶ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɩɪɢɧɬɟɪɚ. ȿɫɥɢ ɩɟɪɜɵɟ ɞɜɚ ɲɚɝɚ ɷɬɨɣ ɩɪɨɰɟɞɭɪɵ ɡɚɜɟɪɲɟɧɵ, ɦɨɠɟɬɟ ɳɟɥɤɧɭɬɶ ɧɚ Browse (ɉɪɨɫɦɨɬɪ), ɱɬɨɛɵ ɧɚɣɬɢ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɩɪɢɧɬɟɪɚ. Ɇɨɠɧɨ ɞɨɛɚɜɢɬɶ ɛɨɥɶɲɟ ɞɟɬɚɥɟɣ ɤ ɨɩɢɫɚɧɢɸ ɦɟɫɬɚ ɪɚɫɩɨɥɨɠɟɧɢɹ ɩɪɢɧɬɟɪɚ, ɱɬɨɛɵ ɨɧɨ ɛɵɥɨ ɥɭɱɲɟ ɨɩɪɟɞɟɥɟɧɨ (ɧɚɩɪɢɦɟɪ, Ƚɥɚɜɧɵɣ ɨɮɢɫ/Ɍɪɟɬɢɣ ɷɬɚɠ/ȼɧɟɲɧɹɹ ɤɨɦɧɚɬɚ ɞɥɹ ɫɨɛɪɚɧɢɣ 5). 4. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɜɤɥɸɱɢɥɢ ɦɨɧɢɬɨɪɢɧɝ ɦɟɫɬɚ ɪɚɫɩɨɥɨɠɟɧɢɹ ɩɪɢɧɬɟɪɨɜ, ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɥɟɝɤɨ ɧɚɯɨɞɢɬɶ ɛɥɢɠɚɣɲɢɣ ɤ ɧɢɦ ɩɪɢɧɬɟɪ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɡɚɩɭɫɤɚɟɬ Add Printer Wizard (Ɇɚɫɬɟɪ ɞɨɛɚɜɥɟɧɢɹ ɩɪɢɧɬɟɪɚ) ɢ ɢɳɟɬ ɩɪɢɧɬɟɪ ɜ ɤɚɬɚɥɨɝɟ, ɚɬɪɢɛɭɬ Location (Ɇɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ) ɡɚɩɨɥɧɹɟɬɫɹ ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɬɟɤɭɳɢɦ ɫɚɣɬɨɦ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɇɚ ɪɢɫɭɧɤɟ 10-9 ɩɨɤɚɡɚɧɨ ɨɤɧɨ ɤɥɢɟɧɬɚ Windows ɏɊ Professional. ɉɨɥɶɡɨɜɚɬɟɥɶ ɦɨɠɟɬ ɳɟɥɤɧɭɬɶ Browse ɞɥɹ ɧɚɯɨɠɞɟɧɢɹ ɛɨɥɟɟ ɬɨɱɧɨɝɨ ɦɟɫɬɚ ɪɚɫɩɨɥɨɠɟɧɢɹ ɩɪɢɧɬɟɪɚ.
. 10-9.
printer
Active Directory
Location
ȿɳɟ ɨɞɢɧ ɨɛɴɟɤɬ, ɤɨɬɨɪɵɣ ɦɨɠɧɨ ɩɭɛɥɢɤɨɜɚɬɶ ɜ Active Directory - ɷɬɨ ɨɛɴɟɤɬ shared folder (ɨɛɳɚɹ ɩɚɩɤɚ). ɑɬɨɛɵ ɨɩɭɛɥɢɤɨɜɚɬɶ ɨɛɳɭɸ ɩɚɩɤɭ ɜ Active Directory, ɧɚɣɞɢɬɟ ɧɭɠɧɵɣ ɤɨɧɬɟɣɧɟɪ. ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɤɨɧɬɟɣɧɟɪɟ ɢ ɜɵɛɟɪɢɬɟ New (HoBbm)>Shared Folder (Ɉɛɳɚɹ ɩɚɩɤɚ). Ɂɚɬɟɦ ɧɚɩɟɱɚɬɚɣɬɟ ɢɦɹ ɨɛɴɟɤɬɚ Active Directory, ɚ ɬɚɤɠɟ UNC-ɩɭɬɶ ɞɥɹ ɨɛɳɟɣ ɩɚɩɤɢ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜ Active Directory ɛɭɞɟɬ ɫɨɡɞɚɧ ɨɛɴɟɤɬ shared folder, ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɩɪɨɫɦɚɬɪɢɜɚɬɶ ɢ ɢɫɤɚɬɶ ɟɝɨ ɜ Active Directory. ɇɚɣɞɹ ɨɛɴɟɤɬ shared folder, ɩɨɥɶɡɨɜɚɬɟɥɢ ɳɟɥɱɤɨɦ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɨɛɴɟɤɬɟ ɦɨɝɭɬ ɨɬɨɛɪɚɡɢɬɶ ɞɢɫɤ ɧɚ ɨɛɳɭɸ ɩɚɩɤɭ. Ɉɫɧɨɜɧɨɟ ɩɪɟɢɦɭɳɟɫɬɜɨ ɩɭɛɥɢɤɚɰɢɢ ɨɛɳɟɣ ɩɚɩɤɢ ɜ Active Directory ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɢɫɤɚɬɶ ɨɛɳɢɟ ɪɟɫɭɪɫɵ, ɨɫɧɨɜɵɜɚɹɫɶ ɧɚ ɪɚɡɧɨɨɛɪɚɡɧɵɯ ɫɜɨɣɫɬɜɚɯ. Ʉɨɝɞɚ ɜɵ ɫɨɡɞɚɟɬɟ ɨɛɴɟɤɬ shared folder, ɜɵ ɦɨɠɟɬɟ ɞɚɬɶ ɨɩɢɫɚɧɢɟ ɨɛɳɟɣ ɩɚɩɤɢ (ɫɦ. ɪɢɫ. 10-10). ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ ɨɛɳɟɣ ɩɚɩɤɢ ɨɬɤɪɨɣɬɟ ɨɤɧɨ Properties (ɋɜɨɣɫɬɜɚ) ɞɥɹ ɭɤɚɡɚɧɢɹ ɤɥɸɱɟɜɵɯ ɫɥɨɜ, ɫɜɹɡɚɧɧɵɯ ɫ ɨɛɳɟɣ ɩɚɩɤɨɣ. Ʉɨɝɞɚ ɤɥɢɟɧɬɚɦ ɩɨɬɪɟɛɭɟɬɫɹ ɧɚɣɬɢ ɨɛɳɭɸ ɩɚɩɤɭ, ɨɧɢ ɦɨɝɭɬ ɫɞɟɥɚɬɶ ɩɨɢɫɤ ɜ Active Directory, ɢɫɩɨɥɶɡɭɹ ɩɚɪɚɦɟɬɪ, ɨɫɧɨɜɚɧɧɵɣ ɧɚ ɢɦɟɧɢ ɨɛɴɟɤɬɚ, ɤɥɸɱɟɜɵɯ ɫɥɨɜɚɯ ɢɥɢ ɨɩɢɫɚɧɢɢ.
. 10-10.
Active Directory
Ɉɝɪɚɧɢɱɟɧɢɟ, ɫɜɹɡɚɧɧɨɟ ɫ ɩɭɛɥɢɤɚɰɢɟɣ ɨɛɳɢɯ ɩɚɩɨɤ ɜ Active Directory, ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ, ɟɫɥɢ ɨɛɳɚɹ ɩɚɩɤɚ ɩɟɪɟɦɟɫɬɢɬɫɹ ɧɚ ɞɪɭɝɨɣ ɫɟɪɜɟɪ, ɬɨ ɜɫɟ ɤɥɢɟɧɬɵ, ɢɦɟɸɳɢɟ ɞɢɫɤɢ, ɨɬɨɛɪɚɠɟɧɧɵɟ ɧɚ ɷɬɭ ɨɛɳɭɸ ɩɚɩɤɭ, ɨɛɧɚɪɭɠɚɬ, ɱɬɨ ɨɬɨɛɪɚɠɟɧɢɟ ɛɨɥɶɲɟ ɧɟ ɪɚɛɨɬɚɟɬ. ɗɬɨ ɩɪɨɢɡɨɣɞɟɬ, ɩɨɬɨɦɭ ɱɬɨ ɩɪɢ ɨɬɨɛɪɚɠɟɧɢɢ ɤɥɢɟɧɬɫɤɨɝɨ ɞɢɫɤɚ ɧɚ ɨɛɳɭɸ ɩɚɩɤɭ ɜ Active Directory ɢɫɩɨɥɶɡɭɟɬɫɹ UNC-ɩɭɬɶ ɤ ɪɟɫɭɪɫɭ. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɢ ɨɩɭɛɥɢɤɨɜɚɬɶ ɨɛɳɭɸ ɩɚɩɤɭ ɩɨ ɢɦɟɧɢ Saleslnfo, ɤɨɬɨɪɚɹ ɭɤɚɡɵɜɚɟɬ ɧɚ \\Server1\SalesInfo. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɚɯɨɞɢɬ ɷɬɭ ɨɛɳɭɸ ɩɚɩɤɭ ɜ Active Directory ɢ ɨɬɨɛɪɚɠɚɟɬ ɞɢɫɤ, ɬɨ ɞɥɹ ɨɬɨɛɪɚɠɟɧɢɹ ɞɢɫɤɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɫɢɧɬɚɤɫɢɫ \\Serverl\SalesInfo. ȿɫɥɢ ɩɚɩɤɚ ɩɟɪɟɦɟɫɬɢɬɫɹ, ɨɬɨɛɪɚɠɟɧɢɟ ɞɢɫɤɚ ɩɟɪɟɫɬɚɧɟɬ ɞɟɣɫɬɜɨɜɚɬɶ, ɞɚɠɟ ɟɫɥɢ ɜɵ ɫɞɟɥɚɟɬɟ ɢɡɦɟɧɟɧɢɹ ɜ Active Directory ɬɚɤ, ɱɬɨɛɵ ɨɛɴɟɤɬ ɭɤɚɡɵɜɚɥ ɧɚ ɧɨɜɨɟ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ.
Active Directory Windows Server 2003
ɋɢɫɬɟɦɚ Windows 2000 ɫɨɞɟɪɠɚɥɚ ɩɟɪɜɵɣ ɜɵɩɭɫɤ Active Directory, ɢ ɦɧɨɝɢɟ ɢɡ ɫɪɟɞɫɬɜ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ, ɤɨɬɨɪɵɟ ɩɨɫɬɚɜɥɹɥɢɫɶ ɫ Windows 2000, ɢɦɟɥɢ ɨɝɪɚɧɢɱɟɧɢɹ ɜ ɧɟɤɨɬɨɪɵɯ ɜɚɠɧɵɯ ɚɫɩɟɤɬɚɯ. ɋɪɟɞɫɬɜɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɸɬ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɧɵɟ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ. • Ɏɭɧɤɰɢɨɧɚɥɶɧɨɫɬɶ Drag and drop. ɇɚɢɛɨɥɟɟ ɩɨɩɭɥɹɪɧɨɣ ɧɨɜɨɣ ɮɭɧɤɰɢɟɣ Active Directory Windows Server 2003 ɹɜɥɹɟɬɫɹ ɩɟɪɟɬɚɫɤɢɜɚɧɢɟ ɨɛɴɟɤɬɨɜ ɜ ɩɪɟɞɟɥɚɯ ɢɧɫɬɪɭɦɟɧɬɨɜ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory. Ɍɟɩɟɪɶ ɜɵ ɦɨɠɟɬɟ ɩɟɪɟɦɟɳɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɡ ɨɞɧɨɣ OU ɜ ɞɪɭɝɭɸ ɩɭɬɟɦ ɩɟɪɟɬɚɫɤɢɜɚɧɢɹ ɡɧɚɱɤɚ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȼɵ ɦɨɠɟɬɟ ɞɨɛɚɜɢɬɶ ɫɭɳɟɫɬɜɭɸɳɟɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɤ ɝɪɭɩɩɟ ɩɟɪɟɦɟɳɟɧɢɟɦ ɡɧɚɱɤɚ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɝɪɭɩɩɵ. • Ɉɞɧɨɜɪɟɦɟɧɧɨɟ ɪɟɞɚɤɬɢɪɨɜɚɧɢɟ ɧɟɫɤɨɥɶɤɢɯ ɷɥɟɦɟɧɬɨɜ. ȿɳɟ ɨɞɧɚ ɧɨɜɚɹ ɮɭɧɤɰɢɹ — ɜɨɡɦɨɠɧɨɫɬɶ ɪɟɞɚɤɬɢɪɨɜɚɬɶ ɧɟɫɤɨɥɶɤɨ ɨɛɴɟɤɬɨɜ ɨɞɧɨɜɪɟɦɟɧɧɨ. ȼ Active Directory Windows 2000 ɜɵ ɦɨɠɟɬɟ ɢɡɦɟɧɹɬɶ ɬɨɥɶɤɨ ɨɞɢɧ ɨɛɴɟɤɬ ɡɚ ɪɚɡ. ɋ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Users And Computers Windows Server 2003 ɦɨɠɧɨ ɢɡɦɟɧɹɬɶ ɨɞɧɨɜɪɟɦɟɧɧɨ ɛɨɥɶɲɨɟ ɱɢɫɥɨ ɨɛɴɟɤɬɨɜ. ɉɪɟɞɩɨɥɨɠɢɦ, ɱɬɨ ɜɫɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɨɬɞɟɥɚ Marketing (Ɇɚɪɤɟɬɢɧɝ) ɩɟɪɟɟɡɠɚɸɬ ɜ ɞɪɭɝɨɟ ɨɮɢɫɧɨɟ ɡɞɚɧɢɟ, ɢ ɜɵ ɞɨɥɠɧɵ ɡɚɦɟɧɢɬɶ ɚɞɪɟɫ ɞɥɹ ɜɫɟɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɂɫɩɨɥɶɡɭɣɬɟ ɫɪɟɞɫɬɜɨ ɩɨɢɫɤɚ, ɱɬɨɛɵ ɧɚɣɬɢ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɭ ɤɨɬɨɪɵɯ ɚɬɪɢɛɭɬ Department ɭɫɬɚɧɨɜɥɟɧ ɧɚ ɡɧɚɱɟɧɢɟ Marketing. Ɂɚɬɟɦ ɜɵɞɟɥɢɬɟ ɜɫɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɜ ɨɤɧɟ ɪɟɡɭɥɶɬɚɬɨɜ ɩɨɢɫɤɚ, ɳɟɥɤɧɢɬɟ ɧɚ ɧɢɯ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɢ ɜɵɛɟɪɢɬɟ Properties (ɋɜɨɣɫɬɜɚ). Ɍɟɩɟɪɶ ɜɵ ɦɨɠɟɬɟ ɢɡɦɟɧɹɬɶ ɨɛɳɢɟ ɚɬɪɢɛɭɬɵ ɞɥɹ ɜɫɟɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɨɞɧɨɜɪɟɦɟɧɧɨ. ȼɚɲ ɞɨɦɟɧ ɞɨɥɠɟɧ ɪɚɛɨɬɚɬɶ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows Server 2003, ɱɬɨɛɵ ɩɨɡɜɨɥɢɬɶ ɨɞɧɨɜɪɟɦɟɧɧɨɟ ɪɟɞɚɤɬɢɪɨɜɚɧɢɟ ɧɟɫɤɨɥɶɤɢɯ ɷɥɟɦɟɧɬɨɜ. • ɋɨɯɪɚɧɟɧɢɟ ɡɚɩɪɨɫɨɜ. ȼ ɛɨɥɶɲɢɯ ɨɪɝɚɧɢɡɚɰɢɹɯ ɫ ɬɵɫɹɱɚɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɜɫɟɝɞɚ ɧɚɯɨɞɹɬ ɨɛɴɟɤɬɵ Active Directory ɫ ɩɨɦɨɳɶɸ ɩɨɢɫɤɚ, ɚ ɧɟ ɩɪɨɫɦɨɬɪɚ. Ɉɩɰɢɹ ɫɨɯɪɚɧɟɧɢɹ ɡɚɩɪɨɫɨɜ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɜɵ ɦɨɠɟɬɟ ɨɞɧɚɠɞɵ ɫɨɡɞɚɬɶ ɡɚɩɪɨɫ ɧɚ ɩɨɢɫɤ, ɚ ɡɚɬɟɦ ɫɨɯɪɚɧɢɬɶ ɟɝɨ ɞɥɹ ɩɨɜɬɨɪɧɨɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɜ ɞɪɭɝɨɟ ɜɪɟɦɹ. ȼɨɡɦɨɠɧɨ, ɜɵ ɡɚɯɨɬɢɬɟ ɜɵɩɨɥɧɹɬɶ ɟɠɟɦɟɫɹɱɧɭɸ ɩɪɨɜɟɪɤɭ, ɱɬɨɛɵ ɭɡɧɚɬɶ, ɤɚɤɢɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɧɟ ɢɫɩɨɥɶɡɨɜɚɥɢɫɶ ɞɥɹ ɜɯɨɞɚ ɜ ɞɨɦɟɧ ɜ ɩɨɫɥɟɞɧɢɟ 30 ɞɧɟɣ. ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɤɨɧɬɟɣɧɟɪɟ Saved Query (ɋɨɯɪɚɧɟɧɧɵɟ ɡɚɩɪɨɫɵ) ɢ ɜɵɛɟɪɢɬɟ New (ɇɨɜɵɣ)>Ȼɋ Options (ȼɵɛɨɪ DC) ɜ ɪɟɞɚɤɬɨɪɟ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ.) ȿɫɥɢ ɜɵ ɜɵɛɟɪɟɬɟ ɫɨɟɞɢɧɟɧɢɟ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɢɦɟɸɳɢɦ ɥɟɤɫɟɦɭ Operations Master (ɏɨɡɹɢɧ ɨɩɟɪɚɰɢɣ) ɞɥɹ ɷɦɭɥɹɬɨɪɚ PDC, ɬɨ ɫɨɟɞɢɧɢɬɟɫɶ ɫ ɷɦɭɥɹɬɨɪɨɦ PDC. ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɞɟɥɚɬɶ ɢɡɦɟɧɟɧɢɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɫ ɤɨɬɨɪɵɦ ɫɜɹɡɚɧɵ ɜ ɬɟɤɭɳɢɣ ɦɨɦɟɧɬ, ɢɥɢ ɧɚ ɥɸɛɨɦ ɞɪɭɝɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ.
. 11 -3.
,
GPO
GPO
ɋɭɳɟɫɬɜɭɟɬ ɞɜɚ ɫɩɨɫɨɛɚ ɫɨɡɞɚɧɢɹ ɧɨɜɵɯ ɨɛɴɟɤɬɨɜ GPO. ɉɟɪɜɵɣ ɫɩɨɫɨɛ ɡɚɤɥɸɱɚɟɬɫɹ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɢɧɫɬɪɭɦɟɧɬɚ Active Directory ɞɥɹ ɩɨɢɫɤɚ ɤɨɧɬɟɣɧɟɪɚ, ɜ ɤɨɬɨɪɨɦ ɧɭɠɧɨ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɨɛɴɟɤɬ GPO. Ɂɚɬɟɦ ɧɭɠɧɨ ɳɟɥɤɧɭɬɶ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɨɛɴɟɤɬɟ ɢ ɜɵɛɪɚɬɶ Properties (ɋɜɨɣɫɬɜɚ). ȼɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Group Policy (Ƚɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ) (ɫɦ. ɪɢɫ. 114). ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɨɛɴɟɤɬ GPO, ɤɨɬɨɪɵɣ ɛɭɞɟɬ ɫɜɹɡɚɧ ɫ ɷɬɢɦ ɤɨɧɬɟɣɧɟɪɨɦ, ɳɟɥɤɧɢɬɟ ɧɚ New (ɇɨɜɵɣ).
. 11 -4.
GPO,
OU
ȼɬɨɪɨɣ ɫɩɨɫɨɛ — ɷɬɨ ɫɨɡɞɚɧɢɟ ɫɨɛɫɬɜɟɧɧɨɣ ɤɨɧɫɨɥɢ ɆɆɋ (Microsoft Management Console) ɢ ɞɨɛɚɜɥɟɧɢɟ ɤ ɧɟɣ ɨɫɧɚɫɬɤɢ Group Policy Object Editor (Ɋɟɞɚɤɬɨɪ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ). ɉɪɢ ɜɵɛɨɪɟ ɷɬɨɣ ɨɫɧɚɫɬɤɢ ɧɟɨɛɯɨɞɢɦɨ ɭɤɚɡɚɬɶ ɨɛɴɟɤɬ GPO, ɤɨɬɨɪɵɣ ɜɵ ɩɥɚɧɢɪɭɟɬɟ ɢɡɦɟɧɢɬɶ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɨɫɧɚɫɬɤɚ ɡɚɝɪɭɡɢɬ Local Computer Policy (Ʌɨɤɚɥɶɧɚɹ ɤɨɦɩɶɸɬɟɪɧɚɹ ɩɨɥɢɬɢɤɚ). ɓɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Browse (ɉɪɨɫɦɨɬɪ), ɱɬɨɛɵ ɡɚɝɪɭɡɢɬɶ ɥɸɛɨɣ ɨɛɴɟɤɬ GPO ɢɡ ɜɚɲɟɝɨ ɞɨɦɟɧɚ ɢɥɢ ɫɚɣɬɚ. ɂɫɩɨɥɶɡɭɣɬɟ ɷɬɨɬ ɢɧɫɬɪɭɦɟɧɬ ɞɥɹ ɢɡɦɟɧɟɧɢɹ ɥɨɤɚɥɶɧɨɝɨ ɨɛɴɟɤɬɚ GPO ɞɥɹ ɥɸɛɨɝɨ ɤɨɦɩɶɸɬɟɪɚ, ɧɚ ɤɨɬɨɪɨɦ ɭ ɜɚɫ ɟɫɬɶ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɩɪɚɜɚ (ɫɦ. ɪɢɫ. 11-5).
. 11 -5. GPOPolicy Object Editor
Group -
ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɨɛɴɟɤɬ GPO ɫ ɩɨɦɨɳɶɸ Welcome To The Group Policy Wizard (Ɇɚɫɬɟɪ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ), ɩɟɪɟɣɞɢɬɟ ɜ ɧɭɠɧɨɟ ɦɟɫɬɨ ɜɚɲɟɝɨ ɞɨɦɟɧɚ ɢ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Create New Group Policy Object (ɋɨɡɞɚɬɶ ɧɨɜɵɣ ɨɛɴɟɤɬ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ). ɇɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɤɚɤɨɣ ɢɧɫɬɪɭɦɟɧɬ ɢɫɩɨɥɶɡɭɟɬɫɹ ɩɪɢ ɫɨɡɞɚɧɢɢ ɧɨɜɨɝɨ ɨɛɴɟɤɬɚ GPO, ɫɨɡɞɚɟɬɫɹ ɧɨɜɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɢ ɫɜɹɡɵɜɚɟɬɫɹ ɫ ɨɛɴɟɤɬɨɦ, ɜ ɤɨɬɨɪɨɦ ɜɵ ɫɨɡɞɚɟɬɟ GPO. ɇɚ ɪɢɫɭɧɤɟ 11-6
ɩɨɤɚɡɚɧ ɧɟɞɚɜɧɨ ɫɨɡɞɚɧɧɵɣ ɨɛɴɟɤɬ GPO. ɉɨɡɠɟ ɨɛɴɟɤɬ GPO ɦɨɠɧɨ ɢɡɦɟɧɢɬɶ ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɜɚɲɢɦɢ ɬɪɟɛɨɜɚɧɢɹɦɢ.
Ʉɚɤ ɬɨɥɶɤɨ ɨɛɴɟɤɬ GPO ɫɨɡɞɚɧ, ɜɵ ɦɨɠɟɬɟ ɢɡɦɟɧɹɬɶ ɟɝɨ ɤɨɧɮɢɝɭɪɚɰɢɸ. Ȼɨɥɶɲɢɧɫɬɜɨ ɷɬɢɯ ɦɨɞɢɮɢɤɚɰɢɣ ɛɭɞɟɬ ɨɫɭɳɟɫɬɜɥɹɬɶɫɹ ɧɚ ɜɤɥɚɞɤɟ Group Policy ɨɤɧɚ Properties (ɋɜɨɣɫɬɜɚ) ɤɨɧɬɟɣɧɟɪɧɨɝɨ ɨɛɴɟɤɬɚ, ɫ ɤɨɬɨɪɵɦ ɫɜɹɡɚɧ ɨɛɴɟɤɬ GPO (ɫɦ. ɪɢɫ. 11-4). ȼ ɬɚɛɥɢɰɟ 11-3 ɨɛɴɹɫɧɹɸɬɫɹ ɨɩɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ, ɞɨɫɬɭɩɧɵɟ ɜ ɷɬɨɦ ɨɤɧɟ.
. 11-6. . 11 -3.
GPOGPO
Ɉɩɰɢɹ ɢɧɬɟɪɮɟɣɫɚ
ɉɨɹɫɧɟɧɢɟ
Add (Ⱦɨɛɚɜɢɬɶ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɫɜɹɡɢ ɩɪɟɞɜɚɪɢɬɟɥɶɧɨ ɫɨɡɞɚɧɧɨɝɨ ɨɛɴɟɤɬɚ GPO ɫ ɤɨɧɬɟɣɧɟɪɧɵɦ ɨɛɴɟɤɬɨɦ. Ʉɨɝɞɚ ɜɵ ɳɟɥɤɧɟɬɟ ɧɚ ɤɧɨɩɤɟ Add, ɩɨɹɜɢɬɫɹ ɨɤɧɨ, ɩɨɞɨɛɧɨɟ ɨɤɧɭ ɧɚ ɪɢɫɭɧɤɟ 11*5. ȼɵ ɦɨɠɟɬɟ ɧɚɣɬɢ ɥɸɛɨɣ ɨɛɴɟɤɬ GPO ɜ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ ɢ ɫɜɹɡɚɬɶ ɟɝɨ ɫ ɷɬɢɦ ɤɨɧɬɟɣɧɟɪɨɦ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɦɨɞɢɮɢɤɚɰɢɢ ɨɩɰɢɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɨɛɴɟɤɬɚ GPO, ɢɡɦɟɧɹɹ ɫɨɞɟɪɠɚɧɢɟ GPO. Ʉɨɝɞɚ ɜɵ ɳɟɥɤɧɟɬɟ ɧɚ ɤɧɨɩɤɟ Edit, ɩɨɹɜɢɬɫɹ ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɟ ɨɤɧɨ (ɫɦ. ɪɢɫ. 11-6). ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɨɩɰɢɢ No Override (He ɩɨɞɦɟɧɹɬɶ) ɢ ɞɥɹ ɨɬɤɥɸɱɟɧɢɹ ɨɛɴɟɤɬɚ GPO. Ɉɧɢ ɛɭɞɭɬ ɩɨɞɪɨɛɧɨ ɨɛɫɭɠɞɚɬɶɫɹ ɜ ɪɚɡɞɟɥɟ «ɇɚɫɥɟɞɨɜɚɧɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɢ ɩɪɢɦɟɧɟɧɢɟ» ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ.
Edit (Ɋɟɞɚɤɬɢɪɨɜɚɧɢɟ)
Options (Ɉɩɰɢɢ)
Ɉɩɰɢɹ ɢɧɬɟɪɮɟɣɫɚ Delete (ɍɞɚɥɢɬɶ)
ɉɨɹɫɧɟɧɢɟ ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɞɚɥɟɧɢɹ ɨɛɴɟɤɬɚ GP ɉɪɢ ɜɵɛɨɪɟ ɷɬɨɣ ɨɩɰɢɢ ɜɵ ɦɨɠɟɬɟ ɢɥɢ ɩɨ ɧɨɫɬɶɸ ɭɞɚɥɢɬɶ GPO ɢɡ Active Directory, ɢ. ɭɞɚɥɢɬɶ ɬɨɥɶɤɨ ɫɜɹɡɢ ɫ ɞɚɧɧɵɦ ɤɨɧɬɟɣɧɟ ɧɵɦ ɨɛɴɟɤɬɨɦ.
Properties (ɋɜɨɣɫɬɜɚ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɬɨ] ɩɪɢɦɟɧɹɟɬɫɹ ɥɢ ɷɬɨɬ ɨɛɴɟɤɬ GPO ɤ ɤɨɦɩɵ ɬɟɪɚɦ ɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɢɥɢ ɤ ɨɛɨɢɦ. Ʉɪɨ: ɬɨɝɨ, ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧ: ɨɩɰɢɣ ɡɚɳɢɬɵ ɨɛɴɟɤɬɚ GPO. ɗɬɢ ɨɩɰɢɢ ɤɨ ɮɢɝɭɪɢɪɨɜɚɧɢɹ ɛɭɞɭɬ ɩɨɞɪɨɛɧɨ ɨɛɫɭɠɞɚɬɶ ɜ ɪɚɡɞɟɥɟ «Ɏɢɥɶɬɪɚɰɢɹ ɩɪɢɦɟɧɟɧɢɹ ɝɪɭɩɩ ɜɨɣ ɩɨɥɢɬɢɤɢ» ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ.
Ɉɛɴɟɤɬɵ GPO ɦɨɝɭɬ ɛɵɬɶ ɫɜɹɡɚɧɵ ɫ ɨɛɴɟɤɬɚɦɢ ɫɚɣɬɨɜ, ɞɨɦɟɧɨɜ ɢ ɨɛɴɟɤɬɚɦɢ OU ɜ Active Directory. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɫɜɹɡɵɜɚɸɬɫɹ ɬɨɥɶɤɨ ɫ ɷɬɢɦɢ ɤɨɧɬɟɣɧɟɪɚɦɢ ɢ ɧɟ ɦɨɝɭɬ ɫɜɹɡɵɜɚɬɶɫɹ ɫ ɤɨɧɬɟɣɧɟɪɚɦɢ Users ɢɥɢ Computers. ɉɨ ɭɦɨɥɱɚɧɢɸ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɧɚɫɥɟɞɭɸɬɫɹ ɨɬ ɤɨɧɬɟɣɧɟɪɨɜ ɜɵɫɨɤɨɝɨ ɭɪɨɜɧɹ ɤ ɤɨɧɬɟɣɧɟɪɚɦ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ. ɋɥɟɞɨɜɚɬɟɥɶɧɨ, ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ, ɧɚɡɧɚɱɟɧɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɸ ɢɥɢ ɤɨɦɩɶɸɬɟɪɭ, ɩɪɢɦɟɧɹɸɬɫɹ ɩɪɢ ɤɚɠɞɨɦ ɡɚɩɭɫɤɟ ɤɨɦɩɶɸɬɟɪɚ ɢɥɢ ɩɪɢ ɤɚɠɞɨɦ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɢɫɬɟɦɭ. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɩɪɢɦɟɧɹɸɬɫɹ ɜ ɫɥɟɞɭɸɳɟɦ ɩɨɪɹɞɤɟ. 1. Local group policy (Ʌɨɤɚɥɶɧɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ). ɉɟɪɜɨɣ ɜɫɟɝɞɚ ɩɪɢɦɟɧɹɟɬɫɹ ɥɨɤɚɥɶɧɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ. 2. Site-level group policies (Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɭɪɨɜɧɹ ɫɚɣɬɚ). ɗɬɢ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɫɜɹɡɚɧɵ ɫ ɨɛɴɟɤɬɨɦ ɫɚɣɬɚ ɜ Active Directory. 3. Domain-level group policies (Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɭɪɨɜɧɹ ɞɨɦɟɧɚ). ɗɬɢ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɫɜɹɡɚɧɵ ɫ ɨɛɴɟɤɬɨɦ ɞɨɦɟɧɚ ɜ Active Directory. 4. OU-level group policies (Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɭɪɨɜɧɹ OU). ȿɫɥɢ ɞɨɦɟɧ ɫɨɞɟɪɠɢɬ ɧɟɫɤɨɥɶɤɨ ɭɪɨɜɧɟɣ OU, ɜɧɚɱɚɥɟ ɩɪɢɦɟɧɹɸɬɫɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɛɨɥɟɟ ɜɵɫɨɤɢɯ ɭɪɨɜɧɟɣ OU, ɚ ɡɚɬɟɦ — OU ɧɢɡɲɟɝɨ ɭɪɨɜɧɹ. ɂɧɨɝɞɚ ɧɚ ɥɸɛɨɦ ɢɡ ɭɪɨɜɧɟɣ Active Directory ɦɨɠɟɬ ɩɪɢɦɟɧɹɬɶɫɹ ɫɜɵɲɟ ɨɞɧɨɣ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɩɨɪɹɞɨɤ ɢɯ ɩɪɢɦɟɧɟɧɢɹ ɨɩɪɟɞɟɥɹɟɬɫɹ ɩɨɪɹɞɤɨɦ, ɜ ɤɨɬɨɪɨɦ ɨɛɴɟɤɬɵ GPO ɩɟɪɟɱɢɫɥɟɧɵ ɜ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɦ ɨɤɧɟ ɫɧɢɡɭ ɜɜɟɪɯ. ɇɚ ɪɢɫɭɧɤɟ 11-7 ɩɨɤɚɡɚɧɵ ɬɪɢ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ, ɩɪɢɦɟɧɹɟɦɵɟ ɤ OU. ɋɧɚɱɚɥɚ ɛɭɞɟɬ ɩɪɢɦɟɧɹɬɶɫɹ Scripts Policy (ɉɨɥɢɬɢɤɚ ɫɰɟɧɚɪɢɟɜ), ɡɚɬɟɦ - Desktop Policy (ɉɨɥɢɬɢɤɚ ɪɚɛɨɱɢɯ ɫɬɨɥɨɜ), ɚ ɞɚɥɟɟ - Office Installation Policy (ɉɨɥɢɬɢɤɚ ɢɧɫɬɚɥɥɹɰɢɢ ɨɮɢɫɚ).
. 11-7.
,
, ,
ɉɨɪɹɞɨɤ ɩɪɢɦɟɧɟɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɜɚɠɟɧ, ɟɫɥɢ ɨɧɢ ɢɡɦɟɧɹɸɬ ɨɞɧɢ ɢ ɬɟ ɠɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɨɛɴɟɤɬ GPO ɭɪɨɜɧɹ ɞɨɦɟɧɚ ɭɞɚɥɹɟɬ ɤɨɦɚɧɞɭ Run ɫɨ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɨɜ, ɚ ɨɛɴɟɤɬ GPO ɨɪɝɚɧɢɡɚɰɢɨɧɧɨɣ ɟɞɢɧɢɰɵ ɛɨɥɟɟ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ ɞɨɛɚɜɥɹɟɬ ɤɨɦɚɧɞɭ Run, ɬɨ ɤɨɦɚɧɞɚ Run ɛɭɞɟɬ ɞɨɫɬɭɩɧɚ ɧɚ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɚɯ OU. Ɍɚɤɨɣ ɤɨɧɮɥɢɤɬ ɜɨɡɧɢɤɚɟɬ, ɟɫɥɢ ɞɜɟ ɩɨɥɢɬɢɤɢ ɢɡɦɟɧɹɸɬ ɨɞɧɭ ɢ ɬɭ ɠɟ ɭɫɬɚɧɨɜɤɭ. ɂɭɲ ɨɛɴɟɤɬ GPO ɛɨɥɟɟ ɜɵɫɨɤɨɝɨ ɭɪɨɜɧɹ ɦɨɠɟɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɞɥɹ ɭɞɚɥɟɧɢɹ ɤɨɦɚɧɞɵ Run, ɚ ɨɛɴɟɤɬ GPO ɛɨɥɟɟ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ — ɞɥɹ ɭɞɚɥɟɧɢɹ ɡɧɚɱɤɚ ɤɨɧɮɢɝɭɪɚɰɢɢ ɫ ɩɚɧɟɥɢ ɭɩɪɚɜɥɟɧɢɹ. ɉɨɫɤɨɥɶɤɭ ɧɟɬ ɧɢɤɚɤɨɝɨ ɤɨɧɮɥɢɤɬɚ ɦɟɠɞɭ ɷɬɢɦɢ ɩɚɪɚɦɟɬɪɚɦɢ ɧɚɫɬɪɨɣɤɢ, ɩɪɢɦɟɧɹɬɫɹ ɨɛɟ ɧɚɫɬɪɨɣɤɢ. Ȼɨɥɶɲɢɧɫɬɜɨ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɨɛɴɟɤɬɚ GPO ɜɤɥɸɱɚɟɬ ɬɪɢ ɨɩɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ: Enabled (ȼɤɥɸɱɟɧ), Disabled (Ɂɚɛɥɨɤɢɪɨɜɚɧ) ɢ Not Configured (He ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɨ). ȿɫɥɢ ɭɫɬɚɧɨɜɥɟɧɚ ɨɩɰɢɹ Enabled, ɬɨ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɤɚɤɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ, ɨɧɚ ɛɭɞɟɬ ɩɪɢɦɟɧɟɧɚ. ȿɫɥɢ ɭɫɬɚɧɨɜɥɟɧɚ ɨɩɰɢɹ Disabled, ɬɨ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɤɚɤɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ, ɨɧɚ ɛɭɞɟɬ ɡɚɛɥɨɤɢɪɨɜɚɧɚ. ȿɫɥɢ ɭɫɬɚɧɨɜɤɚ ɛɵɥɚ ɜɤɥɸɱɟɧɚ ɜ ɨɛɴɟɤɬɟ GPO, ɤɨɬɨɪɵɣ ɩɪɢɦɟɧɹɥɫɹ ɪɚɧɟɟ, ɨɧɚ ɜɫɟ ɪɚɜɧɨ ɛɭɞɟɬ ɢɡɦɟɧɟɧɚ ɧɚ Disabled. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɜɤɥɸɱɢɬɶ ɭɫɬɚɧɨɜɤɭ ɩɨ ɭɞɚɥɟɧɢɸ ɤɨɦɚɧɞɵ Run ɜ ɨɛɴɟɤɬ GPO, ɫɜɹɡɚɧɧɵɣ ɫ OU ɜɵɫɨɤɨɝɨ ɭɪɨɜɧɹ. Ɂɚɬɟɦ ɜɵ ɛɥɨɤɢɪɭɟɬɟ ɭɫɬɚɧɨɜɤɭ ɩɨ ɭɞɚɥɟɧɢɸ ɤɨɦɚɧɞɵ Run ɜ OU ɛɨɥɟɟ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ, ɩɨɫɥɟ ɱɟɝɨ ɤɨɦɚɧɞɚ Run ɛɭɞɟɬ ɞɨɫɬɭɩɧɚ ɞɥɹ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ OU ɧɢɡɲɟɝɨ ɭɪɨɜɧɹ. ȿɫɥɢ ɭɫɬɚɧɨɜɥɟɧɨ Not Configured, ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɩɨɥɢɬɢɤɢ ɧɟ ɢɡɦɟɧɹɬɫɹ, ɢ ɛɭɞɭɬ ɩɨɞɞɟɪɠɢɜɚɬɶɫɹ ɭɫɬɚɧɨɜɤɢ, ɭɧɚɫɥɟɞɨɜɚɧɧɵɟ ɨɬ ɛɨɥɟɟ ɜɵɫɨɤɨɝɨ ɭɪɨɜɧɹ.
ɉɨ ɭɦɨɥɱɚɧɢɸ ɜɫɟ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɞɥɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɤɨɦɩɶɸɬɟɪɨɜ ɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɩɪɢɦɟɧɹɸɬɫɹ ɜ ɩɨɪɹɞɤɟ Ʌɨɤɚɥɶɧɵɣ/ɋɚɣɬ/Ⱦɨɦɟɧ/ Ɉɪɝɚɧɢɡɚɰɢɨɧɧɚɹ ɟɞɢɧɢɰɚ (Local/Site/Domain/Organizational Unit -LSDOU). ȼ ɩɪɟɞɟɥɚɯ ɤɨɧɬɟɣɧɟɪɚ ɤɚɠɞɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢ ɤɨɦɩɶɸɬɟɪ ɛɭɞɭɬ ɡɚɬɪɨɧɭɬɵ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɨɣ. Ɉɞɧɚɤɨ ɜ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɷɬɨɝɨ ɩɪɨɢɫɯɨɞɢɬɶ ɧɟ ɞɨɥɠɧɨ, ɢ ɜɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɢɫɤɥɸɱɟɧɢɹ ɤ ɡɚɞɚɧɧɨɦɭ ɩɨ ɭɦɨɥɱɚɧɢɸ ɫɩɨɫɨɛɭ ɩɪɢɦɟɧɟɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ.
OU
Ʉɚɤ ɭɠɟ ɲɜɨɪɢɥɨɫɶ ɜ ɝɥ. 5, ɨɫɧɨɜɧɨɣ ɞɜɢɠɭɳɟɣ ɫɢɥɨɣ ɩɪɢ ɫɨɡɞɚɧɢɢ ɩɪɨɟɤɬɚ OU ɹɜɥɹɟɬɫɹ ɜɨɡɦɨɠɧɨɫɬɶ ɩɪɢɦɟɧɟɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɨɫɨɛɟɧɧɨ ɞɥɹ OU ɧɢɡɲɟɝɨ ɭɪɨɜɧɹ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɷɬɨɬ ɩɪɨɟɤɬ ɞɨɥɠɟɧ ɢɫɩɨɥɶɡɨɜɚɬɶ ɩɪɟɢɦɭɳɟɫɬɜɚ ɡɚɞɚɧɧɨɝɨ ɩɨ ɭɦɨɥɱɚɧɢɸ ɧɚɫɥɟɞɨɜɚɧɢɹ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. ȼ ɞɚɧɧɨɦ ɪɚɡɞɟɥɟ ɤɨɧɤɪɟɬɢɡɢɪɭɸɬɫɹ ɫɩɨɫɨɛɵ
ɦɨɞɢɮɢɰɢɪɨɜɚɧɢɹ ɡɚɞɚɧɧɨɝɨ ɩɨ ɭɦɨɥɱɚɧɢɸ ɫɩɨɫɨɛɚ ɩɪɢɦɟɧɟɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɧɨ ɨɞɧɨɣ ɢɡ ɰɟɥɟɣ ɜɚɲɟɝɨ ɩɪɨɟɤɬɚ ɞɨɥɠɧɚ ɛɵɬɶ ɦɢɧɢɦɢɡɚɰɢɹ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɷɬɢɯ ɨɩɰɢɣ. ɋɬɪɭɤɬɭɪɚ ɛɨɥɶɲɢɧɫɬɜɚ ɤɪɭɩɧɵɯ ɩɪɟɞɩɪɢɹɬɢɣ ɫɥɢɲɤɨɦ ɫɥɨɠɧɚ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɧɚɫɥɟɞɨɜɚɧɢɟ. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɩɪɨɟɤɬ OU, ɨɫɧɨɜɚɧɧɵɣ ɧɚ ɞɟɥɨɜɵɯ ɩɨɞɪɚɡɞɟɥɟɧɢɹɯ, ɩɨɬɨɦɭ ɱɬɨ ɛɨɥɶɲɢɧɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɨɞɧɨɝɨ ɢ ɬɨɝɨ ɠɟ ɩɨɞɪɚɡɞɟɥɟɧɢɹ ɧɭɠɞɚɸɬɫɹ ɜ ɨɞɢɧɚɤɨɜɵɯ ɩɚɪɚɦɟɬɪɚɯ ɧɚɫɬɪɨɣɤɢ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ ɢ ɜ ɨɞɢɧɚɤɨɜɨɦ ɧɚɛɨɪɟ ɩɪɢɥɨɠɟɧɢɣ. Ɉɞɧɚɤɨ ɧɟɤɨɬɨɪɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɛɵɬɶ ɱɚɫɬɶɸ ɝɪɭɩɩɵ, ɩɟɪɟɫɟɤɚɸɳɟɣ ɝɪɚɧɢɰɵ ɨɬɞɟɥɚ ɞɥɹ ɭɱɚɫɬɢɹ ɜ ɩɨɫɬɨɹɧɧɵɯ ɢɥɢ ɫɩɟɰɢɮɢɱɟɫɤɢɯ ɩɪɨɟɤɬɚɯ. Ɉɫɬɚɥɶɧɵɟ ɨɬɞɟɥɵ ɦɨɝɭɬ ɢɦɟɬɶ ɫɜɨɢ ɬɪɟɛɨɜɚɧɢɹ ɤ ɧɚɛɨɪɭ ɩɪɨɝɪɚɦɦ, ɬɚɤ ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɸ ɧɟɨɛɯɨɞɢɦ ɞɨɫɬɭɩ ɤ ɨɛɨɢɦ ɧɚɛɨɪɚɦ ɩɪɢɥɨɠɟɧɢɣ. Ɍɚɤɢɟ ɫɥɨɠɧɵɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɹɜɥɹɸɬɫɹ ɫɬɚɧɞɚɪɬɧɵɦɢ ɞɥɹ ɛɨɥɶɲɢɧɫɬɜɚ ɩɪɟɞɩɪɢɹɬɢɣ, ɩɨɷɬɨɦɭ Active Directory Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɢɡɦɟɧɟɧɢɹ ɡɚɞɚɧɧɨɝɨ ɩɨ ɭɦɨɥɱɚɧɢɸ ɫɩɨɫɨɛɚ ɩɪɢɦɟɧɟɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. ȿɫɬɶ ɞɜɚ ɫɩɨɫɨɛɚ ɢɡɦɟɧɢɬɶ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɧɚɫɥɟɞɨɜɚɧɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. ɉɟɪɜɵɣ ɜɚɪɢɚɧɬ ɫɨɫɬɨɢɬ ɜ ɛɥɨɤɢɪɨɜɚɧɢɢ ɧɚɫɥɟɞɨɜɚɧɢɹ ɩɨɥɢɬɢɤɢ ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɭɪɨɜɧɟ. Ⱦɥɹ ɷɬɨɝɨ ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɤɨɧɬɟɣɧɟɪɟ, ɜ ɤɨɬɨɪɨɦ ɜɵ ɯɨɬɢɬɟ ɢɡɦɟɧɢɬɶ ɧɚɫɥɟɞɨɜɚɧɢɟ, ɢ ɜɵɛɟɪɢɬɟ Properties (ɋɜɨɣɫɬɜɚ). ɓɟɥɤɧɢɬɟ ɧɚ ɜɤɥɚɞɤɟ Group Policy (Ƚɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ) ɢ ɨɬɦɟɬɶɬɟ ɮɥɚɠɨɤ Block Policy Inheritance (Ȼɥɨɤɢɪɨɜɚɬɶ ɧɚɫɥɟɞɨɜɚɧɢɟ ɩɨɥɢɬɢɤɢ) (ɫɦ. ɪɢɫ. 11-8). ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɭɧɚɫɥɟɞɨɜɚɧɧɵɟ ɨɬ ɤɨɧɬɟɣɧɟɪɨɜ ɛɨɥɟɟ ɜɵɫɨɤɨɝɨ ɭɪɨɜɧɹ, ɛɭɞɭɬ ɛɥɨɤɢɪɨɜɚɧɵ. Ɉɩɰɢɹ ɛɥɨɤɢɪɨɜɤɢ ɧɚɫɥɟɞɨɜɚɧɢɹ ɩɨɥɢɬɢɤɢ ɩɨɥɟɡɧɚ, ɤɨɝɞɚ ɜɚɲɚ ɩɨɥɢɬɢɤɚ ɞɨɥɠɧɚ ɩɪɢɦɟɧɹɬɶɫɹ ɤ ɛɨɥɶɲɨɣ ɝɪɭɩɩɟ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɤɨɦɩɶɸɬɟɪɨɜ ɜ ɧɟɫɤɨɥɶɤɢɯ OU, ɧɨ ɩɪɢ ɷɬɨɦ ɜɵ ɧɟ ɯɨɬɢɬɟ ɩɪɢɦɟɧɹɬɶ ɟɟ ɤ ɨɩɪɟɞɟɥɟɧɧɨɣ ɝɪɭɩɩɟ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Ɍɢɩɢɱɧɵɦ ɩɪɢɦɟɪɨɦ ɹɜɥɹɟɬɫɹ ɫɰɟɧɚɪɢɣ, ɜ ɤɨɬɨɪɨɦ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɜ ɨɪɝɚɧɢɡɚɰɢɢ ɧɭɠɧɨ, ɱɬɨɛɵ ɱɚɫɬɶ ɢɯ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ (ɤɨɦɚɧɞɚ Run ɢɥɢ ɪɟɞɚɤɬɨɪ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ) ɛɵɥɢ ɡɚɛɥɨɤɢɪɨɜɚɧɵ, ɚ ɫɟɬɟɜɵɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ ɬɪɟɛɭɟɬɫɹ ɩɨɥɧɵɣ ɞɨɫɬɭɩ ɤɨ ɜɫɟɦ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɦ ɫɪɟɞɫɬɜɚɦ. ȼ ɷɬɨɦ ɫɰɟɧɚɪɢɢ ɜɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɬɚɤɭɸ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɧɚ ɭɪɨɜɧɟ ɞɨɦɟɧɚ, ɤɨɬɨɪɚɹ ɛɥɨɤɢɪɭɟɬ ɱɚɫɬɶ ɢɧɫɬɪɭɦɟɧɬɨɜ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ ɧɚ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɚɯ, ɡɚɬɟɦ ɫɨɡɞɚɬɶ ɨɬɞɟɥɶɧɭɸ OU ɞɥɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫɟɬɟɜɵɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɢ ɛɥɨɤɢɪɨɜɚɬɶ ɧɚɫɥɟɞɨɜɚɧɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɧɚ ɷɬɨɦ ɭɪɨɜɧɟ.
. 11 -8.
0U
ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. Ɉɞɧɨ ɢɡ ɨɝɪɚɧɢɱɟɧɢɣ ɛɥɨɤɢɪɨɜɤɢ ɧɚɫɥɟɞɨɜɚɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɩɨɫɥɟ ɜɵɛɨɪɚ ɛɥɨɤɢɪɨɜɤɢ ɜɫɟ ɧɚɫɥɟɞɨɜɚɧɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɛɭɞɟɬ ɛɥɨɤɢɪɨɜɚɧɨ. ɇɟɬ ɧɢɤɚɤɨɝɨ ɫɩɨɫɨɛɚ ɜɵɛɨɪɨɱɧɨ ɛɥɨɤɢɪɨɜɚɬɶ ɧɚɫɥɟɞɨɜɚɧɢɟ ɬɨɥɶɤɨ ɨɩɪɟɞɟɥɟɧɧɵɯ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. ȼɬɨɪɨɣ ɫɩɨɫɨɛ ɢɡɦɟɧɹɬɶ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɧɚɫɥɟɞɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɨɩɰɢɢ No Override (He ɩɨɞɦɟɧɹɬɶ). ɗɬɚ ɨɩɰɢɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɪɟɞɩɢɫɚɧɢɹ ɩɪɢɦɟɧɟɧɢɹ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɞɚɠɟ ɜ ɬɟɯ ɤɨɧɬɟɣɧɟɪɚɯ, ɜ ɤɨɬɨɪɵɯ ɭɫɬɚɧɨɜɥɟɧɚ ɨɩɰɢɹ ɛɥɨɤɢ-
ɪɨɜɤɢ ɧɚɫɥɟɞɨɜɚɧɢɹ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. ɑɬɨɛɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ, ɧɟ ɩɨɞɥɟɠɚɳɭɸ ɨɬɦɟɧɟ, ɧɚɣɞɢɬɟ ɤɨɧɬɟɣɧɟɪɧɵɣ ɨɛɴɟɤɬ, ɫ ɤɨɬɨɪɵɦ ɫɜɹɡɚɧɚ ɞɚɧɧɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ, ɚ ɡɚɬɟɦ ɨɬɤɪɨɣɬɟ ɨɤɧɨ Properties (ɋɜɨɣɫɬɜɚ) ɷɬɨɝɨ ɤɨɧɬɟɣɧɟɪɚ. ȼɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Group Policy, ɜɵɛɟɪɢɬɟ ɩɨɥɢɬɢɤɭ ɝɪɭɩɩɵ, ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Options ɢ ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ No Override (ɫɦ. ɪɢɫ. 11-9).
. 11-9.
No Override
Ɉɩɰɢɹ No Override ɦɨɠɟɬ ɛɵɬɶ ɩɨɥɟɡɧɚ, ɤɨɝɞɚ ɜɚɲɚ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɩɪɢɦɟɧɹɟɬɫɹ ɤɨ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɝɞɟ ɨɧɢ ɪɚɫɩɨɥɨɠɟɧɵ. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɚɧɬɢɜɢɪɭɫɧɵɦ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɧɚ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɚɯ-ɤɥɢɟɧɬɚɯ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɧɭɠɧɨ ɜɵɛɪɚɬɶ ɤɨɧɬɟɣɧɟɪ ɜɵɫɨɤɨɝɨ ɭɪɨɜɧɹ, ɫɨɞɟɪɠɚɳɢɣ ɜɫɟ ɤɨɦɩɶɸɬɟɪɵ ɜɚɲɟɝɨ ɞɨɦɟɧɚ, ɢ ɩɪɢɦɟɧɢɬɶ ɩɨɥɢɬɢɤɭ ɧɚ ɷɬɨɦ ɭɪɨɜɧɟ. Ɂɚɬɟɦ ɫɤɨɧɮɢɝɭɪɢɪɭɣɬɟ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɨɩɰɢɟɣ No Override, ɱɬɨɛɵ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɩɪɢɦɟɧɹɥɢɫɶ ɤɨ ɜɫɟɦ ɤɨɦɩɶɸɬɟɪɚɦ ɤɥɢɟɧɬɚɦ. Ɉɩɰɢɹ No Override ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɜ ɬɨɦ ɦɟɫɬɟ, ɝɞɟ ɨɛɴɟɤɬ GPO ɫɜɹɡɵɜɚɟɬɫɹ ɫ ɤɨɧɬɟɣɧɟɪɨɦ, ɚ ɧɟ ɜ ɫɚɦɨɦ ɨɛɴɟɤɬɟ GPO. ȿɫɥɢ ɜɵ ɫɜɹɡɵɜɚɟɬɟ ɨɛɴɟɤɬ GPO ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɦɟɫɬɚɦɢ ɜɚɲɟɝɨ ɞɨɦɟɧɚ ɢ ɤɨɧɮɢɝɭɪɢɪɭɟɬɟ ɨɞɧɭ ɢɡ ɫɜɹɡɟɣ ɫ ɩɪɢɦɟɧɟɧɢɟɦ ɨɩɰɢɢ No Override, ɞɪɭɝɢɟ ɫɜɹɡɢ ɧɟ ɛɭɞɭɬ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɫ ɷɬɨɣ ɨɩɰɢɟɣ ɚɜɬɨɦɚɬɢɱɟɫɤɢ. Ɉɩɰɢɹ No Override ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɩɪɢɦɟɧɢɬɟɥɶɧɨ ɤ ɨɞɧɨɦɭ ɨɛɴɟɤɬɭ GPO, ɬ.ɟ. ɟɟ ɭɫɬɚɧɨɜɤɚ ɧɚ ɨɞɧɨɦ ɨɛɴɟɤɬɟ GPO, ɫɜɹɡɚɧɧɨɦ ɫ OU, ɧɟ ɡɚɬɪɚɝɢɜɚɟɬ ɨɩɰɢɸ No Override ɞɥɹ ɞɪɭɝɢɯ ɨɛɴɟɤɬɨɜ GPO, ɫɜɹɡɚɧɧɵɯ ɫ ɷɬɨɣ ɠɟ OU. . No Override , . .
.
Ɍɪɟɬɢɣ ɫɩɨɫɨɛ ɢɡɦɟɧɟɧɢɹ ɧɚɫɥɟɞɨɜɚɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɫɨɫɬɨɢɬ ɜ ɮɢɥɶɬɪɚɰɢɢ ɩɪɢɦɟɧɟɧɢɣ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩ Active Directory. ɉɨ ɭɦɨɥɱɚɧɢɸ ɩɪɢ ɫɨɡɞɚɧɢɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɨɧɚ ɩɪɢɦɟɧɹɟɬɫɹ ɤɨ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɢ ɤɨɦɩɶɸɬɟɪɚɦ ɜ ɤɨɧɬɟɣɧɟɪɟ. Ɋɚɫɫɦɨɬɪɢɬɟ ɜɤɥɚɞɤɭ Security (Ȼɟɡɨɩɚɫɧɨɫɬɶ) ɞɥɹ ɧɟɞɚɜɧɨ ɫɨɡɞɚɧɧɨɣ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. Ʉɚɤ ɩɨɤɚɡɚɧɨ ɧɚ ɪɢɫɭɧɤɟ 11-10, ɜɤɥɚɞɤɚ Security ɞɥɹ ɜɫɟɯ ɨɛɴɟɤɬɨɜ GPO ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ ɬɚɤ, ɱɬɨ ɝɪɭɩɩɚ Authenticated Users (ɍɞɨɫɬɨɜɟɪɟɧɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ) ɢɦɟɟɬ ɪɚɡɪɟɲɟɧɢɹ Read (ɑɬɟɧɢɟ) ɢ Apply Group Policy (ɉɪɢɦɟɧɟɧɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ). ɉɨɷɬɨɦɭ ɜɫɟ ɭɞɨɫɬɨɜɟɪɟɧɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ, ɜɤɥɸɱɚɹ ɢ ɤɨɦɩɶɸɬɟɪɵ, ɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɛɭɞɭɬ ɡɚɬɪɨɧɭɬɵ ɷɬɨɣ ɩɨɥɢɬɢɤɨɣ. Ɇɨɠɧɨ ɢɡɦɟɧɢɬɶ ɜɨɡɞɟɣɫɬɜɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɧɚ ɤɨɦɩɶɸɬɟɪ ɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɦɨɞɢɮɢɰɢɪɭɹ ɭɫɬɚɧɨɜɤɭ ɪɚɡɪɟɲɟɧɢɹ Apply Group Policy ɞɥɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ. Ⱦɥɹ ɷɬɨɝɨ ɫɧɚɱɚɥɚ ɭɞɚɥɢɬɟ ɝɪɭɩɩɭ Authenticated Users ɫ ɜɤɥɚɞɤɢ Security ɢɥɢ ɨɱɢɫɬɢɬɟ ɮɥɚɠɨɤ Apply Group Policy. Ɂɚɬɟɦ ɞɨɛɚɜɶɬɟ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɤ ɫɩɢɫɤɭ ɭɩɪɚɜɥɟɧɢɹ ɞɨɫɬɭɩɨɦ (ACL) ɢ ɩɪɟɞɨɫɬɚɜɶɬɟ ɢɦ ɪɚɡɪɟɲɟɧɢɹ Read ɢ Apply Group Policy. Ɇɨɠɟɬɟ ɢɡɦɟɧɢɬɶ ɪɚɡɪɟɲɟɧɢɹ, ɞɨɛɚɜɥɹɹ ɤɚɤɨɝɨ-ɥɢɛɨ ɭɱɚɫɬɧɢɤɚ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɧɨ ɧɚɢɥɭɱɲɚɹ ɩɪɚɤɬɢɤɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɜɫɟɝɞɚ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɵ Active Directory ɜɦɟɫɬɨ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɢɧɞɢɜɢɞɭɚɥɶɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɥɢ ɤɨɦɩɶɸɬɟɪɨɜ.
. 11-10. GPO
Security(
) GPO
.
Properties (
)
, . ,
, ,
,
, .
, . Ɉɩɰɢɹ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɚɹ ɞɥɹ ɩɪɢɦɟɧɟɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɤ ɜɵɛɪɚɧɧɨɣ ɝɪɭɩɩɟ, ɩɨɥɟɡɧɚ ɜɨ ɦɧɨɠɟɫɬɜɟ ɪɚɡɥɢɱɧɵɯ ɫɰɟɧɚɪɢɟɜ. ɇɚɩɪɢɦɟɪ, ɜɵ ɩɥɚɧɢɪɭɟɬɟ ɭɫɬɚɧɨɜɢɬɶ ɫɩɟɰɢɮɢɱɟɫɤɢɣ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ ɞɥɹ ɝɪɭɩɩɵ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɤɨɬɨɪɵɯ ɪɚɫɫɟɹɧɵ ɜ ɪɚɡɥɢɱɧɵɯ OU ɩɨ ɜɫɟɦɭ ɞɨɦɟɧɭ. ɑɬɨɛɵ ɢɧɫɬɚɥɥɢɪɨɜɚɬɶ ɩɪɢɥɨɠɟɧɢɟ, ɢɫɩɨɥɶɡɭɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ, ɫɜɹɠɢɬɟ ɨɛɴɟɤɬ GPO ɫ ɤɨɧɬɟɣɧɟɪɧɵɦ ɨɛɴɟɤɬɨɦ, ɤɨɬɨɪɵɣ ɫɨɞɟɪɠɢɬ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɚ ɡɚɬɟɦ ɢɡɦɟɧɢɬɟ ɡɚɳɢɬɭ GPO-ɨɛɴɟɤɬɚ ɬɚɤ, ɱɬɨɛɵ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɩɪɢɦɟɧɹɥɚɫɶ ɬɨɥɶɤɨ ɤ ɭɤɚɡɚɧɧɨɣ ɝɪɭɩɩɟ. Ⱦɪɭɝɢɦ ɩɪɢɦɟɪɨɦ ɹɜɥɹɟɬɫɹ ɫɢɬɭɚɰɢɹ, ɤɨɝɞɚ ɢɦɟɟɬɫɹ ɨɛɴɟɤɬ GPO, ɤɨɬɨɪɵɣ ɧɚɡɧɚɱɟɧ ɨɩɪɟɞɟɥɟɧɧɨɣ OU, ɧɨ ɜɵ ɧɟ ɯɨɬɢɬɟ, ɱɬɨɛɵ ɷɬɨɬ ɨɛɴɟɤɬ ɩɪɢɦɟɧɹɥɫɹ ɤɨ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɷɬɨɣ OU. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɜɵ ɦɨɠɟɬɟ, ɜɨ-ɩɟɪɜɵɯ, ɫɨɡɞɚɬɶ ɝɪɭɩɩɭ, ɫɨɞɟɪɠɚɳɭɸ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɤɨɬɨɪɵɦ ɬɪɟɛɭɟɬɫɹ ɞɚɧɧɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ, ɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɪɚɡɪɟɲɟɧɢɟ Apply Group Policy ɬɨɥɶɤɨ ɞɥɹ ɷɬɨɣ ɝɪɭɩɩɵ. ȼɨ-ɜɬɨɪɵɯ, ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɝɪɭɩɩɭ, ɤɨɬɨɪɚɹ ɫɨɞɟɪɠɢɬ ɜɫɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɤɨɬɨɪɵɦ ɧɟ ɬɪɟɛɭɟɬɫɹ ɞɚɧɧɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ, ɢ ɢɫɩɨɥɶɡɨɜɚɬɶ ɭɫɬɚɧɨɜɤɭ Deny (Ɂɚɩɪɟɬɢɬɶ) ɧɚ ɪɚɡɪɟɲɟɧɢɢ Apply Group Policy (ɉɪɢɦɟɧɢɬɶ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ) ɞɥɹ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɧɟ ɛɭɞɟɬ ɩɪɢɦɟɧɹɬɶɫɹ ɤ ɷɬɢɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ. С . Apply Group Policy , Read Access ( ). , , , . С
. Active Directory Windows Server 2003 , Windows Management Instrumentation ( Windows) (WMI). WMI, WMI, , . , , , 200 , , 64 . (Help And Support Center) WMI Software Development Kit Microsoft http: // msdn.microsoft.com/ library/default.asp?url=/library/en-us/wmidsk/wmi/ wmi_start_page.asp.
Ɇɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɬɚɤ, ɱɬɨɛɵ ɨɧɚ ɩɪɢɦɟɧɹɥɚɫɶ ɬɨɥɶɤɨ ɤ ɤɨɦɩɶɸɬɟɪɚɦ ɢɥɢ ɬɨɥɶɤɨ ɤ ɩɨɥɶɡɨɜɚɬɟɥɹɦ, ɚ ɧɟ ɤ ɬɟɦ ɢ ɞɪɭɝɢɦ. ɑɬɨɛɵ ɫɞɟɥɚɬɶ ɷɬɨ, ɨɛɪɚɬɢɬɟɫɶ ɤ ɨɤɧɭ Properties (ɋɜɨɣɫɬɜɚ) ɨɛɴɟɤɬɚ GPO (ɫɦ. ɪɢɫ. 11-11), ɜ ɤɨɬɨɪɨɦ ɦɨɠɧɨ ɨɬɤɥɸɱɢɬɶ ɢɥɢ ɤɨɦɩɶɸɬɟɪɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɤɨɧɮɢɝɭɪɚɰɢɢ, ɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ.
. 11-11.
GPO
ɋɨɜɟɬ. ɂɫɩɨɥɶɡɨɜɚɧɢɹ ɛɨɥɶɲɢɧɫɬɜɚ ɨɩɰɢɣ, ɨɛɫɭɠɞɚɟɦɵɯ ɜ ɷɬɨɦ ɪɚɡɞɟɥɟ ɢ ɢɡɦɟɧɹɸɳɢɯ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɪɢɦɟɧɟɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɫɥɟɞɭɟɬ ɢɡɛɟɝɚɬɶ, ɬɚɤ ɤɚɤ ɷɬɨ ɦɨɠɟɬ ɩɪɢɜɟɫɬɢ ɤ ɫɥɨɠɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɫ ɤɨɬɨɪɨɣ ɬɪɭɞɧɨ ɪɚɛɨɬɚɬɶ. Ɉɩɰɢɹ, ɩɨɡɜɨɥɹɸɳɚɹ ɩɪɢɦɟɧɹɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɬɨɥɶɤɨ ɤ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɢɥɢ ɬɨɥɶɤɨ ɤ ɤɨɦɩɶɸɬɟɪɚɦ, ɢɫɩɨɥɶɡɭɟɬɫɹ ɱɚɳɟ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɤɨɧɮɢɝɭɪɢɪɭɸɬɫɹ ɥɢɛɨ ɞɥɹ ɬɟɯ, ɥɢɛɨ ɞɥɹ ɞɪɭɝɢɯ, ɧɨ ɧɟ ɞɥɹ ɨɛɨɢɯ ɨɞɧɨɜɪɟɦɟɧɧɨ. ȿɳɟ ɨɞɧɚ ɨɩɰɢɹ, ɤɨɬɨɪɭɸ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɢɡɦɟɧɟɧɢɹ ɨɛɥɚɫɬɢ ɩɪɢɥɨɠɟɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɫɨɫɬɨɢɬ ɜ ɨɬɤɥɸɱɟɧɢɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. ɑɬɨɛɵ ɫɞɟɥɚɬɶ ɷɬɨ, ɨɛɪɚɬɢɬɟɫɶ ɤ ɨɤɧɭ Properties (ɋɜɨɣɫɬɜɚ) ɨɛɴɟɤɬɚ GPO ɢ ɜɵɛɟɪɢɬɟ Options (Ɉɩɰɢɢ) (ɫɦ. ɪɢɫ. 11-9). ɉɭɬɟɦ ɨɬɤɥɸɱɟɧɢɹ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɦɨɠɧɨ ɩɪɟɞɨɬɜɪɚɳɚɬɶ ɟɟ ɩɪɢɦɟɧɟɧɢɟ ɛɟɡ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɢɡɦɟɧɹɬɶ ɞɪɭɝɢɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ. ɇɚɩɪɢɦɟɪ, ɭ ɜɚɫ ɟɫɬɶ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ, ɤɨɬɨɪɭɸ ɬɪɟɛɭɟɬɫɹ ɩɪɢɦɟɧɹɬɶ ɥɢɲɶ ɜɪɟɦɹ ɨɬ ɜɪɟɦɟɧɢ, ɢɥɢ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ, ɤɨɬɨɪɚɹ ɧɚɯɨɞɢɬɫɹ ɜ ɷɤɫɩɟɪɢɦɟɧɬɚɥɶɧɨɣ ɫɬɚɞɢɢ. ȼɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ, ɫɜɹɡɚɬɶ ɟɟ ɫ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɦ ɤɨɧɬɟɣɧɟɪɨɦ, ɚ ɡɚɬɟɦ ɨɬɤɥɸɱɢɬɶ ɟɟ. ɉɪɢ ɧɟɨɛɯɨɞɢɦɨɫɬɢ ɦɨɠɧɨ ɫɧɨɜɚ ɟɟ ɜɤɥɸɱɢɬɶ.
Ɍɟɩɟɪɶ, ɤɨɝɞɚ ɜɵ ɡɧɚɟɬɟ, ɤɚɤ ɫɨɡɞɚɜɚɬɶ ɨɛɴɟɤɬɵ GPO ɢ ɫɜɹɡɵɜɚɬɶ ɢɯ ɫ ɤɨɧɬɟɣɧɟɪɚɦɢ ɜ ɩɪɟɞɟɥɚɯ Active Directory Windows Server 2003, ɫɥɟɞɭɸɳɢɣ ɲɚɝ ɫɨɫɬɨɢɬ ɜ ɩɨɧɢɦɚɧɢɢ ɬɨɝɨ, ɤɚɤ ɧɚ ɫɚɦɨɦ ɞɟɥɟ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɩɪɢɦɟɧɹɸɬɫɹ ɤ ɤɨɦɩɶɸɬɟɪɚɦ. Ʉɨɝɞɚ ɤɨɦɩɶɸɬɟɪ ɡɚɩɭɫɤɚɟɬɫɹ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɫɢɫɬɟɦɭ, ɩɪɨɢɫɯɨɞɢɬ ɩɪɢɦɟɧɟɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɫɥɟɞɭɸɳɢɦ ɨɛɪɚɡɨɦ. 1. ȼɨ ɜɪɟɦɹ ɡɚɩɭɫɤɚ ɤɨɦɩɶɸɬɟɪɚ ɤɥɢɟɧɬɚ ɫɱɢɬɵɜɚɟɬɫɹ ɫɢɫɬɟɦɧɵɣ ɪɟɟɫɬɪ ɢ ɨɩɪɟɞɟɥɹɟɬɫɹ ɫɚɣɬ, ɜ ɤɨɬɨɪɨɦ ɪɚɫɩɨɥɨɠɟɧ ɤɨɦɩɶɸɬɟɪ. Ʉɨɦɩɶɸɬɟɪ ɩɨɫɵɥɚɟɬ ɡɚɩɪɨɫ DNS-ɫɟɪɜɟɪɭ, ɡɚɩɪɚɲɢɜɚɹ IP-ɚɞɪɟɫɚ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɜ ɷɬɨɦ ɫɚɣɬɟ. 2. ɉɨɥɭɱɢɜ ɨɬɜɟɬ DNS-ɫɟɪɜɟɪɚ, ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɫɨɟɞɢɧɹɟɬɫɹ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜ ɫɜɨɟɦ ɫɚɣɬɟ. ȼ ɩɪɨɰɟɫɫɟ ɨɩɨɡɧɚɧɢɹ, ɩɪɨɜɨɞɢɦɨɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɡɚɩɪɚɲɢɜɚɟɬ ɫɩɢɫɨɤ ɜɫɟɯ GPO-ɨɛɴɟɤɬɨɜ, ɤɨɬɨɪɵɟ ɩɪɢɦɟɧɹɸɬɫɹ ɤ ɤɨɦɩɶɸɬɟɪɭ. 3. Ʉɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɪɢɫɵɥɚɟɬ ɤɥɢɟɧɬɭ ɫɩɢɫɨɤ ɜɫɟɯ GPO-ɨɛɴɟɤɬɨɜ ɜ ɬɨɦ ɩɨɪɹɞɤɟ, ɜ ɤɨɬɨɪɨɦ ɩɨɥɢɬɢɤɢ ɞɨɥɠɧɵ ɩɪɢɦɟɧɹɬɶɫɹ. Ɂɚɬɟɦ ɤɨɦɩɶɸɬɟɪ ɢɡɜɥɟɤɚɟɬ ɨɛɴɟɤɬ GPO ɫ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɢ ɩɪɢɦɟɧɹɟɬ ɩɨɥɢɬɢɤɭ. ɉɨɪɹɞɨɤ, ɜ ɤɨɬɨɪɨɦ ɩɪɢɦɟɧɹɸɬɫɹ ɝɪɭɩɩɨɜɵɟ
ɩɨɥɢɬɢɤɢ, ɨɫɧɨɜɚɧ ɧɚ LSDOU-ɤɨɧɮɢɝɭɪɚɰɢɢ. 4. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɫɢɫɬɟɦɭ, ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɫɧɨɜɚ ɨɛɪɚɳɚɟɬɫɹ ɤ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ ɢ ɡɚɩɪɚɲɢɜɚɟɬ ɜɫɟ ɨɛɴɟɤɬɵ GPO, ɤɨɬɨɪɵɟ ɩɪɢɦɟɧɹɸɬɫɹ ɤ ɩɨɥɶɡɨɜɚɬɟɥɹɦ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɨɧɢ ɬɚɤɠɟ ɩɪɢɦɟɧɹɸɬɫɹ ɜ ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɦ ɩɨɪɹɞɤɟ. . Windows XP , Windows 2000 , . . , , , ɹɜɢɬɫɹ ɪɚɛɨɱɢɣ ɫɬɨɥ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ⱥɫɢɧɯɪɨɧɧɨɟ ɩɪɢɦɟɧɟɧɢɟ ɩɨɥɢɬɢɤ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɡɚɝɪɭɡɤɚ ɫɢɫɬɟɦɵ Windows XP ɢ ɜɯɨɞ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɫɢɫɬɟɦɭ ɩɪɨɢɫɯɨɞɢɬ ɛɨɥɟɟ ɛɵɫɬɪɨ. ȼɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɞɥɹ ɦɨɞɢɮɢɤɚɰɢɢ ɩɪɢɦɟɧɟɧɢɹ ɞɪɭɝɢɯ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. Ɉɩɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɭɫɬɚɧɚɜɥɢɜɚɸɬɫɹ ɜ ɩɚɩɤɚɯ UserConfiguration\Administrative Templates\System\ Group Policy ɢɥɢ Computer Configuration\Administrative Templates\ System\Group Policy. ɇɚ ɪɢɫɭɧɤɟ 11-12 ɩɨɤɚɡɚɧɵ ɨɩɰɢɢ, ɢɦɟɸɳɢɟɫɹ ɜ ɜɟɬɜɢ Computer Configuration ɞɟɪɟɜɚ ɩɚɩɨɤ.
. 11-12.
Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɩɪɢɦɟɧɹɸɬɫɹ ɩɪɢ ɡɚɩɭɫɤɟ ɤɨɦɩɶɸɬɟɪɚ ɩɪɢ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɢɫɬɟɦɭ. ɉɨɫɥɟ ɜɯɨɞɚ ɨɧɢ ɨɛɧɨɜɥɹɸɬɫɹ ɩɟɪɢɨɞɢɱɟɫɤɢ, ɩɨ ɭɦɨɥɱɚɧɢɸ ɤɚɠɞɵɟ 90 ɦɢɧɭɬ, ɫ 30-ɬɢ ɦɢɧɭɬɧɨɣ ɜɚɪɢɚɰɢɟɣ ɞɥɹ ɢɡɛɟɠɚɧɢɹ ɩɟɪɟɝɪɭɡɤɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɫɢɬɭɚɰɢɢ, ɤɨɝɞɚ ɦɧɨɝɨ ɤɥɢɟɧɬɨɜ ɡɚɩɪɚɲɢɜɚɸɬ ɨɛɧɨɜɥɟɧɢɟ ɨɞɧɨɜɪɟɦɟɧɧɨ. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɨɛɧɨɜɥɹɸɬɫɹ ɤɚɠɞɵɟ 5 ɦɢɧɭɬ. ȼɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɞɥɹ ɨɬɤɥɸɱɟɧɢɹ ɜɫɟɯ ɮɨɧɨɜɵɯ ɨɛɧɨɜɥɟɧɢɣ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɢɥɢ ɞɥɹ ɢɡɦɟɧɟɧɢɹ ɜɪɟɦɟɧɢ ɨɛɧɨɜɥɟɧɢɹ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. ɋɭɳɟɫɬɜɭɟɬ ɞɜɟ ɩɪɢɱɢɧɵ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɢɡɦɟɧɢɬɶ ɡɚɞɚɧɧɭɸ ɩɨ ɭɦɨɥɱɚɧɢɸ ɨɛɪɚɛɨɬɤɭ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɩɪɢɦɟɧɹɟɦɵɯ ɤ ɤɨɦɩɶɸɬɟɪɚɦ ɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦ. ɉɟɪɜɚɹ ɩɪɢɱɢɧɚ — ɷɬɨ ɨɛɧɚɪɭɠɟɧɢɟ ɤɨɦɩɶɸɬɟɪɨɦ ɤɥɢɟɧɬɚ ɦɟɞɥɟɧɧɨɝɨ ɫɟɬɟɜɨɝɨ ɩɨɞɤɥɸɱɟɧɢɹ ɜ ɩɪɨɰɟɫɫɟ ɡɚɩɭɫɤɚ, ɜ ɷɬɨɦ ɫɥɭɱɚɟ ɩɪɢɦɟɧɹɸɬɫɹ ɬɨɥɶɤɨ ɜɵɛɨɪɨɱɧɵɟ ɱɚɫɬɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ (ɩɨ ɭɦɨɥɱɚɧɢɸ ɷɬɨ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ ɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɲɚɛɥɨɧɵ). ɑɬɨɛɵ ɨɩɪɟɞɟɥɢɬɶ, ɢɫɩɨɥɶɡɭɟɬɫɹ ɥɢ ɦɟɞɥɟɧɧɨɟ ɫɟɬɟɜɨɟ ɩɨɞɤɥɸɱɟɧɢɟ, ɤɨɦɩɶɸɬɟɪ ɩɨɫɵɥɚɟɬ ɩɚɤɟɬ ɭɬɢɥɢɬɵ ping ɫ ɧɭɥɟɜɵɦ ɛɚɣɬɨɦ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɪɟɦɹ ɨɬɜɟɬɚ ɫɨɫɬɚɜɥɹɟɬ ɦɟɧɶɲɟ ɞɟɫɹɬɢ ɦɢɥɥɢɫɟɤɭɧɞ, ɬɨ ɫɟɬɶ ɫɱɢɬɚɟɬɫɹ ɛɵɫɬɪɨɣ, ɢ ɩɪɢɦɟɧɹɸɬɫɹ ɜɫɟ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ. ȿɫɥɢ ɜɪɟɦɹ ɨɬɜɟɬɚ ɫɨɫɬɚɜɥɹɟɬ ɛɨɥɶɲɟ ɞɟɫɹɬɢ ɦɢɥɥɢɫɟɤɭɧɞ, ɤɨɦɩɶɸɬɟɪ ɩɪɨ-ɡɜɚɧɢɜɚɟɬ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɬɪɢ ɪɚɡɚ ɫ ɩɨɦɨɳɶɸ ɭɬɢɥɢɬɵ ping ɫ ɞɜɭɯ-ɤɢɥɨɛɚɣɬɧɵɦɢ ɩɚɤɟɬɚɦɢ. Ʉɨɦɩɶɸɬɟɪ ɭɫɪɟɞɧɹɟɬ ɜɪɟɦɟɧɚ ɨɬɜɟɬɨɜ ɢ ɢɫɩɨɥɶɡɭɟɬ ɷɬɨ ɭɫɪɟɞɧɟɧɧɨɟ ɡɧɚɱɟɧɢɟ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɫɟɬɟɜɨɣ ɫɤɨɪɨɫɬɢ ɫɜɹɡɢ. Ecjfti ɩɪɨɩɭɫɤɧɚɹ ɫɩɨɫɨɛɧɨɫɬɶ ɫɟɬɟɜɨɝɨ ɩɨɞɤɥɸɱɟɧɢɹ ɫɨɫɬɚɜɥɹɟɬ ɛɨɥɶɲɟɟ 500 Ʉɛ/ɫ, ɬɨ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɪɢɦɟɧɹɸɬɫɹ ɜɫɟ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ. ȿɫɥɢ ɤɨɦɩɶɸɬɟɪ ɨɛɧɚɪɭɠɢɜɚɟɬ ɫɟɬɟɜɨɟ ɩɨɞɤɥɸɱɟɧɢɟ, ɫɤɨɪɨɫɬɶ ɤɨɬɨɪɨɝɨ ɦɟɧɶɲɟ 500 Ʉɛ/ɫ, ɬɨ ɩɪɢɦɟɧɹɸɬɫɹ ɬɨɥɶɤɨ ɩɨɥɢɬɢɤɢ ɫ ɩɚɪɚɦɟɬɪɚɦɢ ɧɚɫɬɪɨɣɤɢ
ɡɚɳɢɬɵ ɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɦɢ ɲɚɛɥɨɧɚɦɢ. Ɇɨɠɧɨ ɢɡɦɟɧɢɬɶ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɨɩɪɟɞɟɥɟɧɢɟ ɦɟɞɥɟɧɧɨɣ ɫɜɹɡɢ. Ɉɧɨ ɦɨɠɟɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɨ ɞɥɹ ɤɨɦɩɶɸɬɟɪɨɜ ɜ ɩɚɩɤɟ Computer Conf iguration\Administrative Templates\System\Group Policy. ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ Group Policy Slow Link Detection (Ɉɛɧɚɪɭɠɟɧɢɟ ɦɟɞɥɟɧɧɨɣ ɫɜɹɡɢ ɞɥɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ) ɢ ɜɵɛɟɪɢɬɟ Properties (ɋɜɨɣɫɬɜɚ) (ɫɦ. ɪɢɫ. 11-13). Ⱦɥɹ ɢɡɦɟɧɟɧɢɹ ɡɧɚɱɟɧɢɹ ɫɤɨɪɨɫɬɢ ɩɟɪɟɞɚɱɢ ɞɥɹ ɦɟɞɥɟɧɧɨɣ ɫɜɹɡɢ ɜɵɛɟɪɢɬɟ Enabled (ȼɤɥɸɱɟɧɨ), ɚ ɡɚɬɟɦ ɜɜɟɞɢɬɟ ɡɧɚɱɟɧɢɟ, ɤɨɬɨɪɨɟ ɜɵ ɯɨɬɢɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ.
. 11-13. ȿɫɥɢ ɤɨɦɩɶɸɬɟɪ ɨɛɧɚɪɭɠɢɜɚɟɬ ɦɟɞɥɟɧɧɨɟ ɫɟɬɟɜɨɟ ɩɨɞɤɥɸɱɟɧɢɟ, ɬɨ ɩɨ ɭɦɨɥɱɚɧɢɸ ɨɛɪɚɛɚɬɵɜɚɸɬɫɹ ɬɨɥɶɤɨ ɤɨɦɩɨɧɟɧɬɵ ɡɚɳɢɬɵ ɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɲɚɛɥɨɧɨɜ, ɢ ɧɟɬ ɧɢɤɚɤɨɝɨ ɫɩɨɫɨɛɚ ɜɵɤɥɸɱɢɬɶ ɷɬɢ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ. Ɉɞɧɚɤɨ ɜɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɞɪɭɝɢɟ ɩɚɪɚɦɟɬɪɵ ɬɚɤ, ɱɬɨɛɵ ɨɧɢ ɨɛɪɚɛɚɬɵɜɚɥɢɫɶ ɞɚɠɟ ɩɨ ɦɟɞɥɟɧɧɨɦɭ ɫɟɬɟɜɨɦɭ ɩɨɞɤɥɸɱɟɧɢɸ. ɉɚɩɤɚ Computer Conf iguration\Administrative Templates\System\Group Policy ɫɨɞɟɪɠɢɬ ɢ ɞɪɭɝɢɟ ɨɩɰɢɢ. ɇɚɩɪɢɦɟɪ, ɜɵ ɪɟɲɢɬɟ ɩɪɢɦɟɧɢɬɶ ɨɛɪɚɛɨɬɤɭ ɩɨɥɢɬɢɤɢ ɨɛɫɥɭɠɢɜɚɧɢɹ ɩɪɨɝɪɚɦɦɵ Internet Explorer ɩɨ ɦɟɞɥɟɧɧɨɦɭ ɫɟɬɟɜɨɦɭ ɩɨɞɤɥɸɱɟɧɢɸ. ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɷɬɨɣ ɭɫɬɚɧɨɜɤɟ ɜ ɩɚɩɤɟ Group Policy (Ƚɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ) ɢ ɜɵɛɟɪɢɬɟ Properties. Ɂɚɬɟɦ ɳɟɥɤɧɢɬɟ Enabled (ȼɤɥɸɱɟɧɨ) ɢ ɜɵɛɟɪɢɬɟ, ɤɚɤ ɜɵ ɯɨɬɢɬɟ ɩɪɢɦɟɧɹɬɶ ɷɬɭ ɩɨɥɢɬɢɤɭ (ɫɦ. ɪɢɫ. 11-14).
. 11-14. Explorer
Internet
ɑɬɨɛɵ ɩɪɢɦɟɧɹɬɶ ɷɬɭ ɩɨɥɢɬɢɤɭ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɫɟɬɟɜɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ, ɜɵɛɟɪɢɬɟ Allow Processing Across A Slow Network Connection (Ɋɚɡɪɟɲɢɬɶ ɨɛɪɚɛɨɬɤɭ ɩɨ ɦɟɞɥɟɧɧɨɦɭ ɫɟɬɟɜɨɦɭ ɩɨɞɤɥɸɱɟɧɢɸ). Ⱦɪɭɝɢɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɞɚɸɬ, ɛɭɞɭɬ ɥɢ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɨɛɪɚɛɚɬɵɜɚɬɶɫɹ ɤɚɠɞɵɣ ɪɚɡ, ɤɨɝɞɚ ɨɛɧɨɜɥɹɟɬɫɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ, ɢ ɛɭɞɟɬ ɥɢ ɩɨɥɢɬɢɤɚ ɩɪɢɦɟɧɹɬɶɫɹ ɜ ɫɥɭɱɚɟ, ɟɫɥɢ ɨɧɚ ɧɟ ɛɵɥɚ ɢɡɦɟɧɟɧɚ. ȼɬɨɪɨɣ ɫɩɨɫɨɛ ɢɡɦɟɧɟɧɢɹ ɩɪɢɦɟɧɟɧɢɹ ɨɛɴɟɤɬɚ GPO ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɨɩɰɢɢ loojpback. ɗɬɚ ɨɩɰɢɹ ɢɡɦɟɧɹɟɬ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɪɢɦɟɧɟɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɩɪɢ ɤɨɬɨɪɨɦ ɫɧɚɱɚɥɚ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɤɨɦɩɶɸɬɟɪɧɚɹ ɩɨɥɢɬɢɤɚ, ɚ ɡɚɬɟɦ ɩɨɥɢɬɢɤɚ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɩɟɪɟɩɢɫɵɜɚɹ ɜɫɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɩɪɨɬɢɜɨɪɟɱɚɳɢɟ ɤɨɦɩɶɸɬɟɪɧɨɣ ɩɨɥɢɬɢɤɟ. ȼɵ ɦɨɠɟɬɟ ɭɫɬɚɧɨɜɢɬɶ ɩɨɥɢɬɢɤɭ loopback, ɱɬɨɛɵ ɤɨɦɩɶɸɬɟɪɧɚɹ ɩɨɥɢɬɢɤɚ ɩɪɢɦɟɧɹɥɚɫɶ ɩɨɫɥɟɞɧɟɣ ɢ ɩɟɪɟɩɢɫɵɜɚɥɚ ɜɫɟ ɩɨɥɢɬɢɤɢ, ɩɪɢɦɟɧɟɧɧɵɟ ɤ ɩɨɥɶɡɨɜɚɬɟɥɸ. Ƚɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ loopback ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɫ ɩɨɦɨɳɶɸ ɨɩɰɢɢ User group Policy Loopback Processing Mode (Ɋɟɠɢɦ Loopback ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ) ɜ ɤɨɧɬɟɣɧɟɪɟ Computer Configuration\Administrative Templates\System\ Group Policy (ɫɦ. ɪɢɫ. 11-15).
. 11-15.
loopback
Ʉɨɝɞɚ ɜɵ ɪɚɡɪɟɲɚɟɬɟ ɨɛɪɚɛɨɬɤɭ loopback, ɜɚɦ ɩɪɟɞɨɫɬɚɜɥɹɸɬɫɹ ɞɜɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɨɩɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ. ɉɟɪɜɚɹ ɨɩɰɢɹ Merge (ɋɨɟɞɢɧɢɬɶ) ɨɡɧɚɱɚɟɬ, ɱɬɨ ɫɧɚɱɚɥɚ ɩɪɢɦɟɧɹɟɬɫɹ ɤɨɦɩɶɸɬɟɪɧɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ, ɡɚɬɟɦ — ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ, ɚ ɡɚɬɟɦ ɤɨɦɩɶɸɬɟɪɧɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɩɪɢɦɟɧɹɟɬɫɹ ɫɧɨɜɚ. ɇɟɤɨɬɨɪɵɟ ɢɡ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɦɨɝɭɬ ɧɟ ɢɡɦɟɧɹɬɶɫɹ ɤɨɦɩɶɸɬɟɪɧɨɣ ɩɨɥɢɬɢɤɨɣ. ɉɟɪɟɩɢɫɵɜɚɸɬɫɹ ɬɨɥɶɤɨ ɩɪɨɬɢɜɨɪɟɱɢɜɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ. ȼɬɨɪɚɹ ɨɩɰɢɹ Replace (Ɂɚɦɟɧɢɬɶ) ɨɡɧɚɱɚɟɬ, ɱɬɨ ɛɭɞɟɬ ɨɛɪɚɛɨɬɚɧɚ ɬɨɥɶɤɨ ɤɨɦɩɶɸɬɟɪɧɚɹ ɩɨɥɢɬɢɤɚ. Ɉɩɰɢɹ loopback ɩɨɥɟɡɧɚ ɜɨ ɦɧɨɝɢɯ ɫɥɭɱɚɹɯ. ɇɚɩɪɢɦɟɪ, ɧɭɠɧɨ ɛɥɨɤɢɪɨɜɚɬɶ ɤɨɦɩɶɸɬɟɪ, ɤɨɬɨɪɵɣ ɪɚɫɩɨɥɨɠɟɧ ɜ ɨɛɳɟɞɨɫɬɭɩɧɨɦ ɦɟɫɬɟ, ɢ ɡɚɩɪɟɬɢɬɶ ɫɥɭɠɚɳɢɦ ɜɯɨɞɢɬɶ ɧɚ ɧɟɝɨ. ɉɨɫɤɨɥɶɤɭ ɷɬɨɬ ɤɨɦɩɶɸɬɟɪ ɨɛɳɟɞɨɫɬɭɩɟɧ, ɜɚɦ ɧɭɠɧɚ ɝɚɪɚɧɬɢɹ ɬɨɝɨ, ɱɬɨ ɨɧ ɜɫɟɝɞɚ ɛɭɞɟɬ ɛɥɨɤɢɪɨɜɚɧ, ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɤɬɨ ɜɨɣɞɟɬ ɧɚ ɷɬɨɬ ɤɨɦɩɶɸɬɟɪ. ȼɵ ɦɨɠɟɬɟ ɜɤɥɸɱɢɬɶ ɛɥɨɤɢɪɨɜɤɭ, ɩɨɦɟɳɚɹ ɨɛɳɟɞɨɫɬɭɩɧɵɟ ɤɨɦɩɶɸɬɟɪɵ ɜ OU ɢ ɤɨɧɮɢɝɭɪɢɪɭɹ ɨɝɪɚɧɢɱɢɬɟɥɶɧɭɸ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɞɥɹ ɷɬɨɣ OU. Ɂɚɬɟɦ ɫɤɨɧɮɢɝɭɪɢɪɭɣɬɟ ɨɛɪɚɛɨɬɤɭ loopback ɞɥɹ ɷɬɨɣ OU. Ɍɟɩɟɪɶ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɨɣɞɟɬ ɜ ɫɢɫɬɟɦɭ ɷɬɨɝɨ ɤɨɦɩɶɸɬɟɪɚ, ɨɧ ɩɨɥɭɱɢɬ ɨɝɪɚɧɢɱɟɧɧɵɣ ɪɚɛɨɱɢɣ ɫɬɨɥ, ɩɨɫɤɨɥɶɤɭ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ loopback ɡɚɳɢɳɚɟɬ ɨɛɳɟɫɬɜɟɧɧɵɣ ɤɨɦɩɶɸɬɟɪ.
GPO
Ʉɚɤ ɝɨɜɨɪɢɥɨɫɶ ɜ ɝɥɚɜɟ 9, ɨɞɧɢɦ ɢɡ ɨɫɧɨɜɧɵɯ ɩɪɟɢɦɭɳɟɫɬɜ Active Directory ɹɜɥɹɟɬɫɹ ɮɭɧɤɰɢɹ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɦɧɨɝɢɯ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɞɚɱ ɜ ɩɪɟɞɟɥɚɯ ɨɪɝɚɧɢɡɚɰɢɢ. ɍɩɪɚɜɥɟɧɢɟ ɝɪɭɩɩɨɜɵɦɢ ɩɨɥɢɬɢɤɚɦɢ ɧɟ ɹɜɥɹɟɬɫɹ ɢɫɤɥɸɱɟɧɢɟɦ - ɜɵ ɦɨɠɟɬɟ ɞɟɥɟɝɢɪɨɜɚɬɶ ɭɩɪɚɜɥɟɧɢɟ ɷɬɢɦ ɜɚɠɧɵɦ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɦ ɢɧɫɬɪɭɦɟɧɬɨɦ. ɂɦɟɸɬɫɹ ɬɪɢ ɨɩɰɢɢ, ɩɨɡɜɨɥɹɸɳɢɟ ɞɟɥɟɝɢɪɨɜɚɬɶ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɦɢ ɩɨɥɢɬɢɤɚɦɢ. ɋ
ɩɨɦɨɳɶɸ ɩɟɪɜɨɣ ɨɩɰɢɢ ɦɨɠɧɨ ɞɟɥɟɝɢɪɨɜɚɬɶ ɪɚɡɪɟɲɟɧɢɟ ɫɨɡɞɚɜɚɬɶ, ɭɞɚɥɹɬɶ ɢ ɢɡɦɟɧɹɬɶ ɨɛɴɟɤɬɵ GPO. ɉɨ ɭɦɨɥɱɚɧɢɸ ɷɬɨ ɩɪɚɜɨ ɢɦɟɸɬ ɬɨɥɶɤɨ ɱɥɟɧɵ ɝɪɭɩɩ Domain Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ) ɢ Group Policy Creator Owners (ȼɥɚɞɟɥɶɰɵ-ɫɨɡɞɚɬɟɥɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ). Ƚɪɭɩɩɚ Group Policy Creator Owners ɢɦɟɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɨɟ ɨɝɪɚɧɢɱɟɧɢɟ, ɫɨɫɬɨɹɳɟɟ ɜ ɬɨɦ, ɱɬɨ ɱɥɟɧɵ ɷɬɨɣ ɝɪɭɩɩɵ ɢɦɟɸɬ ɪɚɡɪɟɲɟɧɢɟ ɢɡɦɟɧɹɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɬɨɥɶɤɨ ɬɨɣ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɤɨɬɨɪɭɸ ɨɧɢ ɫɨɡɞɚɜɚɥɢ ɫɚɦɢ. ȿɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ ɜ ɫɜɨɟɣ ɨɪɝɚɧɢɡɚɰɢɢ ɫɩɟɰɢɚɥɶɧɭɸ ɝɪɭɩɩɭ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɭɩɪɚɜɥɹɬɶ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɨɣ, ɜɵ ɦɨɠɟɬɟ ɞɨɛɚɜɢɬɶ ɷɬɢɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɤ ɨɞɧɨɣ ɢɡ ɝɪɭɩɩ. ȼɵ ɦɨɠɟɬɟ ɩɪɟɞɨɫɬɚɜɢɬɶ ɩɪɚɜɨ ɫɨɡɞɚɜɚɬɶ ɢ ɭɞɚɥɹɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɥɸɛɨɣ ɞɪɭɝɨɣ ɝɪɭɩɩɟ, ɧɨ ɩɪɟɞɨɫɬɚɜɢɬɶ ɪɚɡɪɟɲɟɧɢɹ ɫɨɡɞɚɜɚɬɶ ɢɥɢ ɭɞɚɥɹɬɶ ɨɛɴɟɤɬɵ GPO ɫɥɨɠɧɟɟ, ɱɟɦ ɛɨɥɶɲɢɧɫɬɜɨ ɫɰɟɧɚɪɢɟɜ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɪɚɡɪɟɲɟɧɢɣ. ȼɵ ɞɨɥɠɧɵ ɞɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ ɪɚɡɪɟɲɟɧɢɟ ɫɨɡɞɚɜɚɬɶ ɜ Active Directory ɨɛɴɟɤɬɵ GPO ɢ ɪɚɡɪɟɲɟɧɢɟ ɡɚɩɢɫɵɜɚɬɶ ɞɚɧɧɵɟ ɜ ɩɚɩɤɭ %systemroot%\Sysvol\domainname\ Policies, ɜ ɤɨɬɨɪɨɣ ɯɪɚɧɹɬɫɹ ɨɛɴɟɤɬɵ GPT. ȼɵ ɦɨɠɟɬɟ ɞɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɢɥɢ ɝɪɭɩɩɚɦ ɪɚɡɪɟɲɟɧɢɟ ɢɡɦɟɧɹɬɶ ɨɩɪɟɞɟɥɟɧɧɵɟ ɨɛɴɟɤɬɵ GPO, ɩɪɟɞɨɫɬɚɜɥɹɹ ɢɦ ɪɚɡɪɟɲɟɧɢɹ Read (ɑɬɟɧɢɟ) ɢ Write (Ɂɚɩɢɫɶ) ɞɥɹ ɨɛɴɟɤɬɨɜ GPO. ȼɬɨɪɚɹ ɨɩɰɢɹ ɩɨɡɜɨɥɹɟɬ ɞɟɥɟɝɢɪɛɜɚɬɶ ɩɪɚɜɚ ɭɩɪɚɜɥɟɧɢɹ ɫɜɹɡɹɦɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. ɗɬɚ ɨɩɰɢɹ ɧɟ ɪɚɡɪɟɲɚɟɬ ɢɡɦɟɧɹɬɶ ɤɚɤɨɣ-ɥɢɛɨ ɨɛɴɟɤɬ GPO, ɧɨ ɩɨɡɜɨɥɹɟɬ ɞɨɛɚɜɥɹɬɶ ɢɥɢ ɭɞɚɥɹɬɶ ɫɜɹɡɢ ɨɛɴɟɤɬɨɜ GPO ɫ ɤɨɧɬɟɣɧɟɪɧɵɦ ɨɛɴɟɤɬɨɦ. ɋɚɦɵɣ ɩɪɨɫɬɨɣ ɫɩɨɫɨɛ ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ Delegation Of Control Wizard (Ɇɚɫɬɟɪ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɭɩɪɚɜɥɟɧɢɹ). ȼ ɢɧɫɬɪɭɦɟɧɬɟ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory) ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɨɛɴɟɤɬɟ, ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɤɨɬɨɪɵɦ ɜɵ ɯɨɬɢɬɟ ɧɚɡɧɚɱɢɬɶ ɞɪɭɝɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɝɪɭɩɩɭ, ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ Delegate Control (Ⱦɟɥɟɝɢɪɨɜɚɬɶ ɭɩɪɚɜɥɟɧɢɟ), ɱɬɨɛɵ ɡɚɩɭɫɬɢɬɶ ɦɚɫɬɟɪ. ɉɪɢ ɡɚɩɭɫɤɟ ɦɚɫɬɟɪɚ ɧɚ ɭɪɨɜɧɟ OU ɨɞɧɨɣ ɢɡ ɫɬɚɧɞɚɪɬɧɵɯ ɡɚɞɚɱ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɹɜɥɹɟɬɫɹ ɪɚɡɪɟɲɟɧɢɟ ɧɚ ɭɩɪɚɜɥɟɧɢɟ ɫɜɹɡɹɦɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ (ɫɦ. ɪɢɫ. 11-16). Ɍɪɟɬɢɣ ɫɩɨɫɨɛ ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɫɨɫɬɨɢɬ ɜ ɩɪɟɞɨɫɬɚɜɥɟɧɢɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɩɪɚɜɚ ɝɟɧɟɪɢɪɨɜɚɬɶ ɢɧɮɨɪɦɚɰɢɸ Resultant Set of Policy (RSoP) (Ɋɟɡɭɥɶɬɢɪɭɸɳɢɣ ɧɚɛɨɪ ɩɨɥɢɬɢɤ). ɂɫɩɨɥɶɡɭɣɬɟ Delegation Of Control Wizard ɞɥɹ ɩɪɟɞɨɫɬɚɜɥɟɧɢɹ ɩɪɚɜɚ ɝɟɧɟɪɢɪɨɜɚɬɶ ɢɧɫɬɪɭɦɟɧɬ RSoP ɜ ɪɟɠɢɦɟ ɪɟɝɢɫɬɪɚɰɢɢ ɢɥɢ ɩɥɚɧɢɪɨɜɚɧɢɹ (ɫɦ. ɪɢɫ. 11-16). ȼɵ ɦɨɠɟɬɟ ɧɚɡɧɚɱɚɬɶ ɷɬɢ ɪɚɡɪɟɲɟɧɢɹ, ɪɟɞɚɤɬɢɪɭɹ ɫɩɢɫɨɤ ACL ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɨɛɴɟɤɬɟ, ɩɪɟɞɨɫɬɚɜɥɹɹ ɩɨɥɶɡɨɜɚɬɟɥɸ ɪɚɡɪɟɲɟɧɢɟ Write ɤ ɚɬɪɢɛɭɬɭ gPLink. ɗɬɨ ɮɚɤɬɢɱɟɫɤɢ ɞɚɟɬ ɩɨɥɶɡɨɜɚɬɟɥɸ ɪɚɡɪɟɲɟɧɢɟ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɛɥɨɤɢɪɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɭɪɨɜɧɟ.
. 11-16.
, ȼɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ Windows Server 2003 ɞɥɹ ɩɪɟɞɩɢɫɚɧɢɹ ɩɪɢɦɟɧɟɧɢɹ ɩɨɥɢɬɢɤ, ɞɟɣɫɬɜɭɸɳɢɯ ɜ ɧɟɫɤɨɥɶɤɢɯ ɞɨɦɟɧɚɯ ɢ ɞɨɜɟɪɟɧɧɵɯ ɥɟɫɚɯ. ȼ ɨɛɨɢɯ ɫɥɭɱɚɹɯ ɢɦɟɸɬɫɹ ɧɟɤɨɬɨɪɵɟ ɩɪɨɛɥɟɦɵ, ɫ ɤɨɬɨɪɵɦɢ ɜɵ ɫɬɨɥɤɧɟɬɟɫɶ ɩɟɪɟɞ ɨɫɭɳɟɫɬɜɥɟɧɢɟɦ ɬɚɤɨɣ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ ɨɛɴɟɤɬɚ GPO ɜ Active Directory Windows Server 2003 ɜɵ ɦɨɠɟɬɟ ɫɜɹɡɚɬɶ ɟɝɨ ɫ
ɥɸɛɵɦ ɫɚɣɬɨɦ, ɞɨɦɟɧɨɦ ɢɥɢ OU. Ɉɫɧɨɜɧɨɟ ɨɝɪɚɧɢɱɟɧɢɟ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɛɴɟɤɬɵ GPO ɯɪɚɧɹɬɫɹ ɬɨɥɶɤɨ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɜ ɬɨɦ ɞɨɦɟɧɟ, ɝɞɟ ɛɵɥ ɫɨɡɞɚɧ ɨɛɴɟɤɬ GPO. ȿɫɥɢ ɜɵ ɡɚɯɨɬɢɬɟ ɫɜɹɡɚɬɶ ɨɛɴɟɤɬ GPO ɫ ɤɨɧɬɟɣɧɟɪɨɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɜ ɞɪɭɝɨɦ ɞɨɦɟɧɟ, ɜɵ ɫɬɨɥɤɧɟɬɟɫɶ ɫ ɩɪɨɛɥɟɦɚɦɢ ɡɚɳɢɬɵ ɢ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɫɟɬɢ. Ʉ ɩɪɢɦɟɪɭ, ɜɫɟ ɤɨɦɩɶɸɬɟɪɵ ɜ OU ɞɨɥɠɧɵ ɢɦɟɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɫɨɟɞɢɧɹɬɶɫɹ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɪɚɫɩɨɥɨɠɟɧɧɨɦ ɜ ɢɫɯɨɞɧɨɦ ɞɨɦɟɧɟ GPO, ɞɥɹ ɡɚɝɪɭɡɤɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. ȿɫɥɢ ɨɞɢɧ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɧɚɯɨɞɢɬɫɹ ɜ ɬɨɦ ɠɟ ɫɚɣɬɟ, ɝɞɟ ɢ ɤɨɦɩɶɸɬɟɪɵ-ɤɥɢɟɧɬɵ, ɷɬɨ ɧɟ ɨɱɟɧɶ ɫɢɥɶɧɨ ɨɬɪɚɡɢɬɫɹ ɧɚ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɫɟɬɢ. Ɉɞɧɚɤɨ ɟɫɥɢ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɢɦɟɸɳɢɟ ɤɨɩɢɸ GPO ɨɛɴɟɤɬɚ, ɧɚɯɨɞɹɬɫɹ ɜ ɞɪɭɝɨɦ ɫɚɣɬɟ, ɫɨɟɞɢɧɟɧɧɵɦ ɦɟɞɥɟɧɧɵɦ WAN-ɩɨɞɤɥɸɱɟɧɢɟɦ, ɬɨ ɩɪɢɦɟɧɟɧɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɛɭɞɟɬ ɩɪɨɢɫɯɨɞɢɬɶ ɨɱɟɧɶ ɦɟɞɥɟɧɧɨ ɢ ɦɨɠɟɬ ɫɟɪɶɟɡɧɨ ɜɨɡɞɟɣɫɬɜɨɜɚɬɶ ɧɚ ɩɪɨɩɭɫɤɧɭɸ ɫɩɨɫɨɛɧɨɫɬɶ. Ʉɪɨɦɟ ɬɨɝɨ, ɟɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɢ, ɩɪɢɧɚɞɥɟɠɚɳɢɟ ɨɞɧɨɦɭ ɞɨɦɟɧɭ, ɞɨɥɠɧɵ ɩɪɢɦɟɧɹɬɶ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ, ɫɨɡɞɚɧɧɭɸ ɜ ɞɪɭɝɨɦ ɞɨɦɟɧɟ, ɬɨ ɩɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ, ɩɪɢɧɚɞɥɟɠɚɳɢɟ ɞɨɦɟɧɭɚɞɪɟɫɚɬɭ, ɞɨɥɠɧɵ ɢɦɟɬɶ ɪɚɡɪɟɲɟɧɢɟ Read ɤ ɨɛɴɟɤɬɚɦ GPC ɜ Active Directory ɢ ɤ ɨɛɴɟɤɬɚɦ GPT ɜ ɩɚɩɤɟ Sysvol. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɧɚɢɥɭɱɲɟɣ ɩɪɚɤɬɢɤɨɣ ɹɜɥɹɟɬɫɹ ɫɨɡɞɚɧɢɟ ɨɛɴɟɤɬɨɜ GPO ɜ ɤɚɠɞɨɦ ɞɨɦɟɧɟ ɜɦɟɫɬɨ ɫɨɜɦɟɫɬɧɨɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɨɞɧɨɝɨ ɨɛɴɟɤɬɚ GPO ɜ ɧɟɫɤɨɥɶɤɢɯ ɞɨɦɟɧɚɯ. Ɍɟ ɠɟ ɩɪɨɛɥɟɦɵ ɜɨɡɧɢɤɚɸɬ ɩɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɞɟɣɫɬɜɭɸɳɢɯ ɜ ɧɟɫɤɨɥɶɤɢɯ ɥɟɫɚɯ. ȼ Active Directory Windows Server 2003 ɢɦɟɟɬɫɹ ɨɩɰɢɹ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɚɹ ɞɥɹ ɫɨɜɦɟɫɬɧɨɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɨɜɟɪɟɧɧɵɦɢ ɥɟɫɚɦɢ. Ɉɧɚ ɩɨɥɟɡɧɚ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɢ ɩɭɬɟɲɟɫɬɜɭɸɬ ɦɟɠɞɭ ɪɚɡɥɢɱɧɵɦɢ ɨɮɢɫɚɦɢ ɤɨɦɩɚɧɢɢ, ɧɚɯɨɞɹɳɢɦɢɫɹ ɜ ɨɬɞɟɥɶɧɵɯ ɥɟɫɚɯ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɤ ɩɨɥɶɡɨɜɚɬɟɥɸ, ɜɨɲɟɞɲɟɦɭ ɧɚ ɤɨɦɩɶɸɬɟɪ ɜ ɞɪɭɝɨɦ ɥɟɫɭ, ɦɨɝɭɬ ɩɪɢɦɟɧɹɬɶɫɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɟɝɨ ɞɨɦɚɲɧɟɝɨ ɞɨɦɟɧɚ. Ⱦɪɭɝɢɟ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ, ɞɨɫɬɭɩɧɵɟ ɧɟɫɤɨɥɶɤɢɦ ɥɟɫɚɦ, ɜɤɥɸɱɚɸɬ ɫɥɟɞɭɸɳɟɟ. • Ɋɟɫɭɪɫɵ, ɢɫɩɨɥɶɡɭɟɦɵɟ ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɦɨɝɭɬ ɧɚɯɨɞɢɬɶɫɹ ɜ ɪɚɡɥɢɱɧɵɯ ɥɟɫɚɯ. • ɋɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɦɨɝɭɬ ɪɚɫɩɨɥɚɝɚɬɶɫɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɞɪɭɝɨɝɨ ɥɟɫɚ ɢ ɱɢɬɚɬɶɫɹ ɨɬɬɭɞɚ. • ɉɟɪɟɚɞɪɟɫɨɜɚɧɧɵɟ ɩɚɩɤɢ ɢ ɮɚɣɥɵ ɩɪɨɮɢɥɹ ɩɟɪɟɞɜɢɝɚɸɳɟɝɨɫɹ ɩɨɥɶɡɨɜɚɬɟɥɹ ɦɨɝɭɬ ɛɵɬɶ ɪɚɫɩɨɥɨɠɟɧɵ ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɞɪɭɝɨɝɨ ɥɟɫɚ. • ȼ ɤɚɠɞɨɦ ɫɥɭɱɚɟ ɭɱɟɬ ɫɟɬɟɜɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɢ ɩɪɨɛɥɟɦɵ ɡɚɳɢɬɵ ɦɨɝɭɬ ɩɨɞɪɚɡɭɦɟɜɚɬɶ, ɱɬɨ ɜɵ ɩɪɟɞɩɨɱɬɟɬɟ ɪɟɚɥɢɡɨɜɚɬɶ ɨɬɞɟɥɶɧɵɟ ɨɛɴɟɤɬɵ GPO ɜ ɤɚɠɞɨɦ ɥɟɫɭ.
Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɨɛɟɫɩɟɱɢɜɚɸɬ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɜɨɡɦɨɠɧɨɫɬɟɣ ɢ ɝɢɛɤɨɫɬɶ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɤɨɦɩɶɸɬɟɪɚɦɢ ɤɥɢɟɧɬɚ ɢ ɫɟɪɜɟɪɚɦɢ. Ⱦɨ ɫɢɯ ɩɨɪ ɜ ɷɬɨɣ ɝɥɚɜɟ ɪɚɫɫɤɚɡɵɜɚɥɨɫɶ ɬɨɥɶɤɨ ɨɛ ɨɞɧɨɦ ɢɡ ɢɧɫɬɪɭɦɟɧɬɨɜ ɭɩɪɚɜɥɟɧɢɹ ɝɪɭɩɩɨɜɵɦɢ ɩɨɥɢɬɢɤɚɦɢ - ɪɟɞɚɤɬɨɪɟ Group Policy Object Editor. ȼ ɷɬɨɦ ɪɚɡɞɟɥɟ ɛɭɞɭɬ ɩɪɟɞɫɬɚɜɥɟɧɵ ɞɪɭɝɢɟ ɫɪɟɞɫɬɜɚ.
RSoP
Ʉɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɹɜɥɹɟɬɫɹ ɫɥɨɠɧɵɦ ɞɟɥɨɦ. ɇɚɩɪɢɦɟɪ, ɬɪɭɞɧɨ ɨɩɪɟɞɟɥɢɬɶ ɬɨɱɧɨ, ɤɚɤɚɹ ɩɨɥɢɬɢɤɚ ɩɪɢɦɟɧɹɟɬɫɹ ɤ ɨɩɪɟɞɟɥɟɧɧɨɦɭ ɩɨɥɶɡɨɜɚɬɟɥɸ ɢɥɢ ɝɪɭɩɩɟ. ȿɫɥɢ ɜɵ ɫɨɡɞɚɥɢ ɧɟɫɤɨɥɶɤɨ ɨɛɴɟɤɬɨɜ GPO ɢ ɫɜɹɡɚɥɢ ɢɯ ɫ ɪɚɡɥɢɱɧɵɦɢ ɤɨɧɬɟɣɧɟɪɚɦɢ ɜ ɜɚɲɟɦ ɞɨɦɟɧɟ, ɬɨ ɧɟɩɪɨɫɬɨ ɩɨɧɹɬɶ, ɤɚɤɢɦɢ ɹɜɥɹɸɬɫɹ ɪɟɡɭɥɶɬɢɪɭɸɳɢɟ ɩɚɪɚɦɟɬɪɵ ɭɫɬɚɧɨɜɤɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɢ ɨɬ ɤɚɤɨɝɨ ɨɛɴɟɤɬɚ GPO ɩɪɨɢɫɯɨɞɢɬ ɭɫɬɚɧɨɜɤɚ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɩɚɪɚɦɟɬɪɚ. Ɉɞɧɢɦ ɢɡ ɢɧɫɬɪɭɦɟɧɬɨɜ ɞɥɹ ɪɟɲɟɧɢɹ ɷɬɨɣ ɡɚɞɚɱɢ ɹɜɥɹɟɬɫɹ ɢɧɫɬɪɭɦɟɧɬ RSoP, ɩɨɡɜɨɥɹɸɳɢɣ ɬɨɱɧɨ ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤɨɜɚ ɪɟɡɭɥɶɬɢɪɭɸɳɚɹ ɩɨɥɢɬɢɤɚ, ɩɪɢɦɟɧɹɟɦɚɹ ɤ ɥɸɛɨɦɭ ɩɨɥɶɡɨɜɚɬɟɥɸ ɢɥɢ ɤɨɦɩɶɸɬɟɪɭ. ɂɧɫɬɪɭɦɟɧɬ RSoP ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɜ ɞɜɭɯ ɪɟɠɢɦɚɯ: ɜ ɪɟɠɢɦɟ ɪɟɝɢɫɬɪɚɰɢɢ ɢ ɩɥɚɧɢɪɨɜɚɧɢɹ. ȼ ɪɟɠɢɦɟ ɪɟɝɢɫɬɪɚɰɢɢ ɢɧɫɬɪɭɦɟɧɬ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɨɢɫɤɚ ɢ ɩɟɪɟɱɢɫɥɟɧɢɹ ɜɫɟɯ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɤɨɬɨɪɵɟ ɩɪɢɦɟɧɹɸɬɫɹ ɤ ɤɨɦɩɶɸɬɟɪɭ ɢɥɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȼ ɪɟɠɢɦɟ ɩɥɚɧɢɪɨɜɚɧɢɹ ɨɧ ɨɩɪɟɞɟɥɹɟɬ ɜɥɢɹɧɢɟ ɧɚ ɞɚɧɧɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɤɨɦɩɶɸɬɟɪ ɦɨɞɢɮɢɤɚɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. Ɉɧɚ ɦɨɠɟɬ ɜɤɥɸɱɚɬɶ ɩɟɪɟɦɟɳɟɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɡ ɨɞɧɨɝɨ ɤɨɧɬɟɣɧɟɪɚ ɜ ɞɪɭɝɨɣ ɢɥɢ ɞɨɛɚɜɥɟɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɹ (ɢɥɢ ɤɨɦɩɶɸɬɟɪɚ) ɤ ɪɚɡɧɵɦ ɝɪɭɩɩɚɦ ɛɟɡɨɩɚɫɧɨɫɬɢ.
ɑɬɨɛɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɢɧɫɬɪɭɦɟɧɬ RSoP, ɫɨɡɞɚɣɬɟ ɫɨɛɫɬɜɟɧɧɭɸ ɆɆɋ-ɤɨɧɫɨɥɶ ɢ ɞɨɛɚɜɶɬɟ ɨɫɧɚɫɬɤɭ Resultant Set of Policy (Ɋɟɡɭɥɶɬɢɪɭɸɳɢɣ ɧɚɛɨɪ ɩɨɥɢɬɢɤ). Ɂɚɬɟɦ ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ Resultant Set Of Policy ɢ ɜɵɛɟɪɢɬɟ Generate RSoP Data (ɋɝɟɧɟɪɢɪɨɜɚɬɶ ɞɚɧɧɵɟ RsoP). Resultant Set Of Policy Wizard ɞɚɫɬ ɜɚɦ ɜɨɡɦɨɠɧɨɫɬɶ ɜɵɩɨɥɧɢɬɶ ɢɧɫɬɪɭɦɟɧɬ ɜ ɨɞɧɨɦ ɢɡ ɞɜɭɯ ɪɟɠɢɦɨɜ. ȼ ɪɟɠɢɦɟ ɪɟɝɢɫɬɪɚɰɢɢ ɜɵ ɜɵɛɢɪɚɟɬɟ ɤɨɦɩɶɸɬɟɪ ɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɂɚɬɟɦ ɢɧɫɬɪɭɦɟɧɬ ɜɵɱɢɫɥɹɟɬ ɜɫɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɤɨɬɨɪɵɟ ɩɪɢɦɟɧɹɸɬɫɹ ɤ ɧɢɦ. ȼɦɟɫɬɟ ɫ ɤɚɠɞɨɣ ɭɫɬɚɧɨɜɤɨɣ ɢɧɫɬɪɭɦɟɧɬ ɨɩɪɟɞɟɥɹɟɬ, ɤɚɤɨɣ ɨɛɴɟɤɬ GPO ɩɨɫɬɚɜɥɹɟɬ ɮɚɤɬɢɱɟɫɤɭɸ ɢɧɮɨɪɦɚɰɢɸ ɞɥɹ ɷɬɨɣ ɭɫɬɚɧɨɜɤɢ. ȼ ɪɟɠɢɦɟ ɩɥɚɧɢɪɨɜɚɧɢɹ ɜɵ ɜɵɛɢɪɚɟɬɟ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɤɨɦɩɶɸɬɟɪ, ɢɥɢ ɬɨ ɢ ɞɪɭɝɨɟ; ɤɨɧɬɟɣɧɟɪɧɵɣ ɨɛɴɟɤɬ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɣ ɢɥɢ ɤɨɦɩɶɸɬɟɪɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ, ɢɥɢ ɞɥɹ ɨɛɨɢɯ (ɫɦ. ɪɢɫ. 11-17). ɉɨɫɥɟ ɷɬɨɝɨ ɦɨɠɧɨ ɩɪɨɜɟɪɢɬɶ ɪɚɡɥɢɱɧɵɟ ɫɰɟɧɚɪɢɢ ɢɡɦɟɧɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɢɥɢ ɤɨɦɩɶɸɬɟɪɧɵɯ ɨɛɴɟɤɬɨɜ. ɇɚɩɪɢɦɟɪ, ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤɚɹ ɮɚɤɬɢɱɟɫɤɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɛɭɞɟɬ ɩɪɢɦɟɧɹɬɶɫɹ, ɟɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɛɭɞɟɬ ɩɨɞɤɥɸɱɟɧ ɤ ɞɨɦɟɧɭ ɩɨ ɦɟɞɥɟɧɧɨɣ ɫɜɹɡɢ, ɢɥɢ ɤɚɤ ɩɨɜɥɢɹɟɬ ɧɚ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɭɫɬɚɧɨɜɤɢ loopback. ȼɵ ɦɨɠɟɬɟ ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤ ɩɨɜɥɢɹɟɬ ɧɚ ɩɨɥɶɡɨɜɚɬɟɥɹ ɩɟɪɟɦɟɳɟɧɢɟ ɟɝɨ ɢɥɢ ɤɨɦɩɶɸɬɟɪɚ ɜ ɞɪɭɝɨɣ ɤɨɧɬɟɣɧɟɪ Active Directory ɢɥɢ ɞɨɛɚɜɥɟɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɤɨɦɩɶɸɬɟɪɚ ɤ ɞɪɭɝɨɣ ɝɪɭɩɩɟ ɛɟɡɨɩɚɫɧɨɫɬɢ. ɂɧɫɬɪɭɦɟɧɬ ɜɵɱɢɫɥɢɬ ɮɚɤɬɢɱɟɫɤɭɸ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢ ɤɨɦɩɶɸɬɟɪɚ ɜ ɧɨɜɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ.
. 11-17. RSoP
GPResult
GPResult - ɷɬɨ ɢɧɫɬɪɭɦɟɧɬ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ, ɨɛɟɫɩɟɱɢɜɚɸɳɢɣ ɱɚɫɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɜɨɡɦɨɠɧɨɫɬɟɣ ɢɧɫɬɪɭɦɟɧɬɚ RSoP. ȿɫɥɢ ɜɵ ɜɵɩɨɥɧɢɬɟ ɤɨɦɚɧɞɭ Gpresult ɛɟɡ ɤɚɤɢɯ-ɥɢɛɨ ɩɚɪɚɦɟɬɪɨɜ, ɬɨ ɩɨɥɭɱɢɬɟ ɢɧɮɨɪɦɚɰɢɸ ɨ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɟ ɞɥɹ ɤɨɦɩɶɸɬɟɪɚ, ɧɚ ɤɨɬɨɪɨɦ ɜɵ ɜɵɩɨɥɧɢɥɢ ɤɨɦɚɧɞɭ, ɢ ɞɥɹ ɬɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɤɨɬɨɪɵɣ ɜɨɲɟɥ ɜ ɫɢɫɬɟɦɭ. ɂɧɮɨɪɦɚɰɢɹ ɜɤɥɸɱɚɟɬ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ, ɩɪɢɦɟɧɹɸɳɢɟɫɹ ɤ ɤɨɦɩɶɸɬɟɪɚɦ, ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɢ ɝɪɭɩɩɚɦ, ɤ ɤɨɬɨɪɵɦ ɩɪɢɧɚɞɥɟɠɢɬ ɤɚɷɹɞɵɣ ɨɛɴɟɤɬ. Ʉɨɦɚɧɞɚ ɦɨɠɟɬ ɜɵɩɨɥɧɹɬɶɫɹ ɜ ɩɨɞɪɨɛɧɨɦ ɪɟɠɢɦɟ, ɬ.ɟ. ɪɟɡɭɥɶɬɚɬɵ ɛɭɞɭɬ ɜɤɥɸɱɚɬɶ ɜɫɟ ɮɚɤɬɢɱɟɫɤɢɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɚ ɬɚɤɠɟ ɩɪɢɜɢɥɟɝɢɢ, ɤɨɬɨɪɵɟ ɢɦɟɟɬ ɩɨɥɶɡɨɜɚɬɟɥɶ. ɂɧɫɬɪɭɦɟɧɬ ɦɨɠɧɨ ɬɚɤɠɟ ɜɵɩɨɥɧɹɬɶ ɫ ɨɞɧɨɝɨ ɤɨɦɩɶɸɬɟɪɚ ɞɥɹ ɚɧɚɥɢɡɚ ɮɚɤɬɢɱɟɫɤɨɣ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɞɪɭɝɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɤɨɦɩɶɸɬɟɪɚ. ɂɧɫɬɪɭɦɟɧɬ GPResult ɭɫɬɚɧɨɜɥɟɧ ɧɚ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɚɯ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɸɬɫɹ ɫɢɫɬɟɦɵ Windows XP Professional ɢ Windows Server 2003. ɉɨɥɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɩɨ ɢɧɫɬɪɭɦɟɧɬɭ GPResult ɫɦɨɬɪɢɬɟ ɜ ɐɟɧɬɪɟ ɫɩɪɚɜɤɢ ɢ ɩɨɞɞɟɪɠɤɢ (Help And Support Center).
GPUpdate
ɂɧɫɬɪɭɦɟɧɬ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ GPUpdate ɡɚɦɟɧɹɟɬ ɤɨɦɚɧɞɭ Secedit/ refreshpolicy, ɤɨɬɨɪɚɹ ɢɦɟɟɬɫɹ ɜ Active Directory Windows 2000. Ɉɧɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɪɢɧɭɞɢɬɟɥɶɧɨɝɨ ɜɵɩɨɥɧɟɧɢɹ ɨɛɧɨɜɥɟɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɤɨɦɩɶɸɬɟɪɚ ɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȿɫɥɢ ɜɵ ɧɚɩɟɱɚɬɚɟɬɟ gpupdate ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ, ɬɨ ɨɛɧɨɜɹɬɫɹ ɢ ɤɨɦɩɶɸɬɟɪɧɚɹ, ɢ
ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɧɚ ɦɟɫɬɧɨɦ ɤɨɦɩɶɸɬɟɪɟ. ɂɧɫɬɪɭɦɟɧɬ ɢɫɩɨɥɶɡɭɟɬɫɹ ɬɚɤɠɟ ɞɥɹ ɨɛɧɨɜɥɟɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɧɚ ɞɪɭɝɢɯ ɤɨɦɩɶɸɬɟɪɚɯ. Ɉɞɧɨ ɢɡ ɩɪɟɢɦɭɳɟɫɬɜ ɤɨɦɚɧɞɵ Gpupdate ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɷɬɚ ɤɨɦɚɧɞɚ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɜɵɯɨɞɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɡ ɫɢɫɬɟɦɵ ɢɥɢ ɞɚɠɟ ɞɥɹ ɩɟɪɟɡɚɩɭɫɤɚ ɤɨɦɩɶɸɬɟɪɚ ɩɨɫɥɟ ɨɛɧɨɜɥɟɧɢɹ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɱɬɨ ɩɨɥɟɡɧɨ ɩɪɢ ɨɛɧɨɜɥɟɧɢɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɤɨɬɨɪɵɟ ɩɪɢɦɟɧɹɸɬɫɹ ɬɨɥɶɤɨ ɩɪɢ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɢɫɬɟɦɭ ɢɥɢ ɩɪɢ ɩɟɪɟɡɚɩɭɫɤɟ ɤɨɦɩɶɸɬɟɪɚ. ɇɚɩɪɢɦɟɪ, ɩɨɥɢɬɢɤɢ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɢ ɩɨɥɢɬɢɤɢ ɩɟɪɟɧɚɡɧɚɱɟɧɢɹ ɩɚɩɨɤ ɩɪɢɦɟɧɹɸɬɫɹ ɬɨɥɶɤɨ ɩɪɢ ɡɚɩɭɫɤɟ ɤɨɦɩɶɸɬɟɪɚ ɢɥɢ ɜɯɨɞɟ ɜ ɫɢɫɬɟɦɭ. ɂɫɩɨɥɶɡɭɹ ɩɚɪɚɦɟɬɪɵ /logoff ɢɥɢ / , ȼɕ ɦɨɠɟɬɟ ɜɵɡɜɚɬɶ ɩɪɢɦɟɧɟɧɢɟ ɷɬɢɯ ɩɨɥɢɬɢɤ ɜ ɥɸɛɨɟ ɜɪɟɦɹ.
ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɜɫɬɪɨɟɧɧɵɯ ɢɧɫɬɪɭɦɟɧɬɨɜ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɨɣ ɩɨɞɯɨɞɢɬ ɞɥɹ ɦɚɥɟɧɶɤɨɣ ɨɪɝɚɧɢɡɚɰɢɢ, ɝɞɟ ɢɦɟɟɬɫɹ ɬɨɥɶɤɨ ɧɟɫɤɨɥɶɤɨ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɢ ɩɪɨɫɬɚɹ ɢɟɪɚɪɯɢɹ OU, ɜ ɤɨɬɨɪɵɯ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɩɪɢɦɟɧɹɸɬɫɹ ɬɨɥɶɤɨ ɧɚ ɨɞɧɨɦ ɢɥɢ ɞɜɭɯ ɭɪɨɜɧɹɯ. Ɉɞɧɚɤɨ ɜ ɛɨɥɶɲɢɯ ɩɪɟɞɩɪɢɹɬɢɹɯ, ɝɞɟ ɫɭɳɟɫɬɜɭɟɬ ɦɧɨɠɟɫɬɜɨ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɢ ɦɟɫɬ, ɜ ɤɨɬɨɪɵɯ ɩɨɥɢɬɢɤɚ ɫɜɹɡɚɧɚ ɫ ɤɨɧɬɟɣɧɟɪɚɦɢ, ɭɩɪɚɜɥɟɧɢɟ ɝɪɭɩɩɨɜɵɦɢ ɩɨɥɢɬɢɤɚɦɢ ɡɧɚɱɢɬɟɥɶɧɨ ɭɫɥɨɠɧɹɟɬɫɹ. ɉɨɷɬɨɦɭ ɤɨɦɩɚɧɢɹ Microsoft ɪɚɡɪɚɛɨɬɚɥɚ ɧɨɜɵɣ ɢɧɫɬɪɭɦɟɧɬ — ɤɨɧɫɨɥɶ ɭɩɪɚɜɥɟɧɢɹ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɨɣ (GPMC - Group Policy Management Console) (ɫɦ. ɪɢɫ. 11-18).
. 11-18. GPMC
,
Microsoft
. GPMC Э
GPMC. , . GPMC ɹɜɥɹɟɬɫɹ ɨɬɞɟɥɶɧɵɦ ɢɧɫɬɪɭɦɟɧɬɨɦ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɜɫɟɦɢ ɤɨɧɮɢɝɭɪɚɰɢɹɦɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɜɫɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. ȼ ɬɚɛɥɢɰɟ 11-4 ɩɨɤɚɡɚɧɵ ɜɫɟ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ ɢɧɫɬɪɭɦɟɧɬɚ GPMC. . 11 -4.
Ɏɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ GPO Settings (ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ GPO) GPO Links (ɋɜɹɡɢ GPO)
-
2
, Windows Server 2003.
GPMC
Ɉɩɰɢɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ
ɂɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ GPO.
ɜɫɟɯ
ɂɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɩɪɨɫɦɨɬɪɚ ɢ ɢɡɦɟɧɟɧɢɹ ɜɫɟɯ ɦɟɫɬ, ɝɞɟ ɨɛɴɟɤɬ GPO ɫɜɹɡɚɧ ɫ ɤɨɧɬɟɣɧɟɪɧɵɦɢ ɨɛɴɟɤɬɚɦɢ.
GPO Delegation ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɪɨɫɦɨɬɪɚ ɢ ɢɡɦɟɧɟɧɢɹ (Ⱦɟɥɟɝɢɪɨɜɚɧɢɟ GPO) ɞɟɥɟɝɢɪɨɜɚɧɢɹ ɫɨɡɞɚɧɢɹ, ɭɞɚɥɟɧɢɹ ɢ ɦɨɞɢɮɢɤɚɰɢɢ ɫɜɹɡɟɣ GPO ɨɛɴɟɤɬɨɜ ɢ ɪɚɡɪɟɲɟɧɢɣ ɧɚ ɝɟɧɟɪɚɰɢɸ ɞɚɧɧɵɯ RSoP.
Security Filtering ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɪɨɫɦɨɬɪɚ ɢ ɦɨɞɢɮɢɤɚɰɢɢ (Ɏɢɥɶɬɪɚɰɢɹ ɡɚɳɢɬɵ) ɜɫɟɣ ɮɢɥɶɬɪɚɰɢɢ, ɨɫɧɨɜɚɧɧɨɣ ɧɚ ɝɪɭɩɩɚɯ ɛɟɡɨɩɚɫɧɨɫɬɢ. RSoP Planning (RSoP ɇɚɡɜɚɧ ɤɚɤ «Group Policy Modeling ɩɥɚɧɢɪɨɜɚɧɢɟ) (Ɇɨɞɟɥɢɪɨɜɚɧɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ)», ɧɨ ɢɫɩɨɥɶɡɭɟɬ ɦɚɫɬɟɪ ɪɟɠɢɦɚ ɩɥɚɧɢɪɨɜɚɧɢɹ ɜ ɢɧɫɬɪɭɦɟɧɬɟ RSoP. RSoP Logging (RSoP ɇɚɡɜɚɧ ɤɚɤ «Group Policy Results (Ɋɟɡɭɥɶɬɚɬɵ ɪɟɝɢɫɬɪɚɰɢɹ) ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ) », ɧɨ ɢɫɩɨɥɶɡɭɟɬ ɦɚɫɬɟɪ ɪɟɠɢɦɟ ɪɟɝɢɫɬɪɚɰɢɢ ɜ ɢɧɫɬɪɭɦɟɧɬɟ RSoP. Modify Inheritance ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɚɪɚɦɟɬɪɨɜ (ɂɡɦɟɧɢɬɶ ɧɚɫɬɪɨɣɤɢ No Override (He ɩɨɞɦɟɧɹɬɶ) ɢ Block ɧɚɫɥɟɞɨɜɚɧɢɟ) Inheritance (Ȼɥɨɤɢɪɨɜɤɚ ɧɚɫɥɟɞɨɜɚɧɢɹ). Search (ɉɨɢɫɤ) ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɨɢɫɤɚ ɥɸɛɵɯ ɬɢɩɨɜ ɨɛɴɟɤɬɨɜ, ɫɜɹɡɚɧɧɵɯ ɫ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɨɣ. ɇɚɩɪɢɦɟɪ, ɦɨɠɧɨɟ ɧɚɣɬɢ ɜɫɟ ɨɛɴɟɤɬɵ GPO, ɜ ɤɨɬɨɪɵɯ ɜɤɥɸɱɟɧɚ ɨɩɰɢɹ Folder Redirection (ɉɟɪɟɧɚɡɧɚɱɟɧɢɟ ɩɚɩɤɢ). Backup And Restore ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɪɟɡɟɪɜɧɨɝɨ ɤɨɩɢɪɨɜɚɧɢɹ ɢ GPOs (Ɋɟɡɟɪɜɧɨɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɢɧɞɢɜɢɞɭɚɥɶɧɵɯ ɨɛɴɟɤɬɨɜ GPO ɤɨɩɢɪɨɜɚɧɢɟ ɢ ɢɥɢ ɜɫɟɯ ɨɛɴɟɤɬɨɜ GPO ɜ ɞɨɦɟɧɟ. Ȼɟɡ ɷɬɨɝɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɢɧɫɬɪɭɦɟɧɬɚ ɟɞɢɧɫɬɜɟɧɧɵɦ ɫɩɨɫɨɛɨɦ ɪɟɡɟɪɜɧɨɝɨ ɨɛɴɟɤɬɨɜ GPO) ɤɨɩɢɪɨɜɚɧɢɹ ɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɨɛɴɟɤɬɨɜ GPO ɹɜɥɹɟɬɫɹ ɤɨɩɢɪɨɜɚɧɢɟ ɞɚɧɧɵɯ ɫɨɫɬɨɹɧɢɹ ɫɢɫɬɟɦɵ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. Scripting Interface ɂɧɫɬɪɭɦɟɧɬ GPMC ɩɪɟɞɫɬɚɜɥɹɟɬ ɧɟɫɤɨɥɶɤɨ (ɂɧɬɟɪɮɟɣɫ ɫɨɡɞɚɧɢɹ ɋɈɆ-ɨɛɴɟɤɬɨɜ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɫɰɟɧɚɪɢɟɜ) ɞɥɹ ɧɚɩɢɫɚɧɢɹ ɫɰɟɧɚɪɢɟɜ ɭɩɪɚɜɥɟɧɢɹ ɝɪɭɩɩɨɜɵɦɢ ɩɨɥɢɬɢɤɚɦɢ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɨɛɪɚɬɢɬɟɫɶ ɜ ɜɟɛ-ɫɚɣɬɭ Microsoft ɩɨ ɚɞɪɟɫɭ http:// www.microsoft.com/windowsserver2003/gpmc/ default.mspx. Ʉɚɤ ɜɢɞɢɬɟ, GPMC ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɦɨɳɧɵɣ ɢɧɫɬɪɭɦɟɧɬ ɭɩɪɚɜɥɟɧɢɹ ɝɪɭɩɩɨɜɵɦɢ ɩɨɥɢɬɢɤɚɦɢ ɜ ɫɪɟɞɟ ɩɪɟɞɩɪɢɹɬɢɹ.
Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɹɜɥɹɸɬɫɹ ɦɨɳɧɵɦ ɫɪɟɞɫɬɜɨɦ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɦ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɤɨɧɮɢɝɭɪɚɰɢɟɣ ɤɨɦɩɶɸɬɟɪɨɜ ɜ ɜɚɲɟɣ ɫɟɬɢ. Ɋɟɚɥɢɡɚɰɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɦɨɠɟɬ ɛɵɬɶ ɞɨɫɬɚɬɨɱɧɨ ɫɥɨɠɧɨɣ, ɢ ɟɫɥɢ ɨɧɚ ɜɵɩɨɥɧɟɧɚ ɧɟɩɪɚɜɢɥɶɧɨ, ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɦɨɠɟɬ ɫɢɥɶɧɨ ɜɨɡɞɟɣɫɬɜɨɜɚɬɶ ɧɚ ɪɚɛɨɱɭɸ ɫɪɟɞɭ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. ȼ ɞɚɧɧɨɦ ɪɚɡɞɟɥɟ ɨɩɢɫɵɜɚɸɬɫɹ ɦɟɬɨɞɢɤɢ, ɩɨɡɜɨɥɹɸɳɢɯ ɪɚɡɪɚɛɨɬɚɬɶ ɪɟɚɥɢɡɚɰɢɸ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɜ ɜɚɲɟɣ ɫɟɬɢ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. Ƚɥɚɜɵ 12 ɢ 13 ɨɩɢɫɵɜɚɸɬ ɬɚɤ ɠɟ ɦɟɬɨɞɢɤɢ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɢ ɭɩɪɚɜɥɟɧɢɹ ɪɚɛɨɱɢɦ ɫɬɨɥɨɦ. Ɉɞɢɧ ɢɡ ɜɚɠɧɵɯ ɜɨɩɪɨɫɨɜ, ɫ ɤɨɬɨɪɵɦɢ ɜɵ ɫɬɨɥɤɧɟɬɟɫɶ ɩɪɢ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɫɤɨɥɶɤɨ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɜɚɦ ɫɥɟɞɭɟɬ ɪɟɚɥɢɡɨɜɚɬɶ. ɉɨɫɤɨɥɶɤɭ ɜɫɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɞɨɫɬɭɩɧɵ ɜ ɤɚɠɞɨɦ ɨɛɴɟɤɬɟ GPO, ɜɵ ɬɟɨɪɟɬɢɱɟɫɤɢ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɢɯ ɜ ɟɞɢɧɫɬɜɟɧɧɨɦ ɨɛɴɟɤɬɟ GPO ɢɥɢ ɪɚɡɜɟɪɧɭɬɶ ɨɬɞɟɥɶɧɵɣ ɨɛɴɟɤɬ GPO ɞɥɹ ɤɚɠɞɨɣ ɭɫɬɚɧɨɜɤɢ, ɤɨɬɨɪɭɸ ɧɭɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ. ȼ ɥɸɛɨɦ ɫɥɭɱɚɟ ɨɩɬɢɦɚɥɶɧɨɟ ɤɨɥɢɱɟɫɬɜɨ ɨɛɴɟɤɬɨɜ GPO ɛɭɞɟɬ ɪɚɫɩɨɥɨɠɟɧɨ ɦɟɠɞɭ ɷɬɢɦɢ ɤɪɚɣɧɨɫɬɹɦɢ, ɢ ɧɢɤɚɤɨɟ ɪɟɲɟɧɢɟ ɧɟ ɛɭɞɟɬ ɜɟɪɧɵɦ ɞɥɹ ɜɫɟɯ ɫɢɬɭɚɰɢɣ. Ʉɨɝɞɚ ɡɚɩɭɫɤɚɟɬɫɹ ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɫɢɫɬɟɦɭ, ɜɫɟ ɩɪɢɦɟɧɹɟɦɵɟ ɨɛɴɟɤɬɵ GPO ɞɨɥɠɧɵ ɛɵɬɶ ɡɚɝɪɭɠɟɧɵ ɢ ɩɪɢɦɟɧɟɧɵ ɤ ɦɟɫɬɧɨɦɭ ɤɨɦɩɶɸɬɟɪɭ. ɉɨɷɬɨɦɭ ɦɟɧɶɲɟɟ ɤɨɥɢɱɟɫɬɜɨ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɭɥɭɱɲɚɟɬ ɡɚɩɭɫɤ ɢ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɶ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. Ɉɞɧɚɤɨ
ɧɚɥɢɱɢɟ ɬɨɥɶɤɨ ɧɟɫɤɨɥɶɤɢɯ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɜɵɩɨɥɧɹɸɳɢɯ ɦɧɨɠɟɫɬɜɨ ɪɚɡɥɢɱɧɵɯ ɮɭɧɤɰɢɣ, ɹɜɥɹɟɬɫɹ ɛɨɥɟɟ ɬɪɭɞɧɵɦ ɞɥɹ ɞɨɤɭɦɟɧɬɢɪɨɜɚɧɢɹ ɢ ɭɩɪɚɜɥɟɧɢɹ. ȿɫɥɢ ɜɚɲɚ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɢɦɟɟɬ ɬɨɥɶɤɨ ɧɟɫɤɨɥɶɤɨ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ, ɟɟ ɥɟɝɱɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɩɨɜɬɨɪɧɨ ɞɥɹ ɧɟɫɤɨɥɶɤɢɯ OU. ɏɨɪɨɲɟɣ ɩɪɚɤɬɢɤɨɣ ɹɜɥɹɟɬɫɹ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɨɛɴɟɤɬɚ GPO ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɬɨɥɶɤɨ ɨɞɧɨɣ ɝɪɭɩɩɵ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɞɢɧ ɨɛɴɟɤɬ GPO ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɡɚɳɢɬɵ, ɞɪɭɝɨɣ -ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɲɚɛɥɨɧɨɜ, ɟɳɟ ɨɞɢɧ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ. Ⱦɪɭɝɚɹ ɩɪɨɛɥɟɦɚ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ ɫɜɹɡɚɧɚ ɫ ɬɟɦ, ɝɞɟ ɜɵ ɯɨɬɢɬɟ ɪɚɡɜɟɪɧɭɬɶ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ. Ɉɛɵɱɧɨ ɭ ɜɚɫ ɟɫɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɪɚɡɜɟɪɧɭɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɧɚ ɜɵɫɲɟɦ ɭɪɨɜɧɟ OU ɩɨɞɪɚɡɞɟɥɟɧɢɣ, ɚ ɡɚɬɟɦ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɮɢɥɶɬɪɚɰɢɸ rpytm ɢ ɛɥɨɤɢɪɨɜɚɧɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɱɬɨɛɵ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɩɪɢɦɟɧɹɥɢɫɶ ɤ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɦ ɤɨɦɩɶɸɬɟɪɚɦ ɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦ. ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɩɪɢɦɟɧɹɬɶ ɛɨɥɶɲɢɧɫɬɜɨ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɧɢɠɟ ɜ ɢɟɪɚɪɯɢɢ, ɱɬɨɛɵ ɢɡɛɟɠɚɬɶ ɤɨɧɮɢɝɭɪɚɰɢɢ ɫɨ ɫɥɨɠɧɵɦ ɧɚɫɥɟɞɨɜɚɧɢɟɦ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɤɨɦɛɢɧɚɰɢɹ ɷɬɢɯ ɫɬɪɚɬɟɝɢɣ ɞɚɟɬ ɩɪɚɜɢɥɶɧɵɣ ɨɬɜɟɬ. ȿɫɥɢ ɜɚɲɚ ɩɨɥɢɬɢɤɚ ɞɨɥɠɧɚ ɩɪɢɦɟɧɹɬɶɫɹ ɤɨ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɜ ɜɚɲɟɦ ɞɨɦɟɧɟ, ɭɫɬɚɧɨɜɢɬɟ ɟɟ ɧɚɫɬɨɥɶɤɨ ɜɵɫɨɤɨ, ɧɚɫɤɨɥɶɤɨ ɷɬɨ ɜɨɡɦɨɠɧɨ. ɉɨ ɦɟɪɟ ɩɪɨɞɜɢɠɟɧɢɹ ɜɧɢɡ ɩɨ ɢɟɪɚɪɯɢɢ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɛɭɞɭɬ ɝɨɪɚɡɞɨ ɛɨɥɟɟ ɫɩɟɰɢɮɢɱɧɵɦɢ.
ɗɬɚ ɝɥɚɜɚ ɨɛɴɹɫɧɹɟɬ ɨɩɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɜ Active Directory Windows Server 2003, ɫɨɡɞɚɜɚɹ ɩɪɟɞɩɨɫɵɥɤɢ ɞɥɹ ɩɨɧɢɦɚɧɢɹ ɩɨɫɥɟɞɭɸɳɢɯ ɝɥɚɜ. ȼ ɧɟɣ ɨɛɫɭɠɞɚɸɬɫɹ ɜɨɩɪɨɫɵ ɫɨɡɞɚɧɢɹ ɢ ɭɩɪɚɜɥɟɧɢɹ ɝɪɭɩɩɨɜɵɦɢ ɩɨɥɢɬɢɤɚɦɢ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɨɜ, ɩɨɫɬɚɜɥɹɟɦɵɯ ɜɦɟɫɬɟ ɫ Windows Server 2003, ɜɨɩɪɨɫɵ ɧɚɫɥɟɞɨɜɚɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɢ ɩɪɢɦɟɧɟɧɢɹ ɢɯ ɤ ɤɨɦɩɶɸɬɟɪɚɦ ɤɥɢɟɧɬɨɜ. ȼɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɡɚɞɚɧɧɭɸ ɩɨ ɭɦɨɥɱɚɧɢɸ ɦɨɞɟɥɶ ɧɚɫɥɟɞɨɜɚɧɢɹ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɭɫɬɚɧɨɜɥɟɧɧɨɣ ɜɵɫɨɤɨ ɜ ɢɟɪɚɪɯɢɢ OU, ɢ ɩɨɥɭɱɢɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ GPO ɞɥɹ ɦɧɨɝɢɯ ɨɛɴɟɤɬɨɜ ɞɨɦɟɧɚ. ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɢɡɦɟɧɢɬɶ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɧɚɫɥɟɞɨɜɚɧɢɟ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɛɥɨɤɢɪɭɹ ɢɥɢ ɮɢɥɶɬɪɭɹ ɧɚɫɥɟɞɨɜɚɧɢɟ. Ƚɥɚɜɵ 12 ɢ 13 ɩɨɫɜɹɳɟɧɵ ɬɨɦɭ, ɱɬɨ ɜɵ ɮɚɤɬɢɱɟɫɤɢ ɦɨɠɟɬɟ ɞɟɥɚɬɶ ɫ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɨɣ. Ƚɥɚɜɚ 12 ɩɨɤɚɡɵɜɚɟɬ, ɤɚɤ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɩɪɢ ɪɚɫɩɪɨɫɬɪɚɧɟɧɢɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɧɚ ɤɨɦɩɶɸɬɟɪɵ-ɤɥɢɟɧɬɵ, ɝɥɚɜɚ 13 — ɤɚɤ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɪɚɡɧɨɨɛɪɚɡɧɵɦɢ ɨɩɰɢɹɦɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ.
12. ȼ ɝɥɚɜɟ 11 ɛɵɥ ɫɞɟɥɚɧ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɨɫɧɨɜɧɵɯ ɮɭɧɤɰɢɣ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɢ ɫɩɨɫɨɛɨɜ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɢ ɭɩɪɚɜɥɟɧɢɹ ɝɪɭɩɩɨɜɵɦɢ ɩɨɥɢɬɢɤɚɦɢ ɜ Adive Directory Microsoft Windows Server 2003. ȼ ɷɬɨɣ ɝɥɚɜɟ ɨɛɫɭɠɞɚɟɬɫɹ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ ɤɥɢɟɧɬɨɜ, ɜ ɝɥɚɜɟ 13 — ɩɭɬɢ ɭɩɪɚɜɥɟɧɢɹ ɪɚɛɨɱɢɦɢ ɫɬɨɥɚɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɍɩɪɚɜɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ ɤɥɢɟɧɬɨɜ - ɷɬɨ ɨɞɧɚ ɢɡ ɧɚɢɛɨɥɟɟ ɜɚɠɧɵɯ ɡɚɞɚɱ, ɤɨɬɨɪɭɸ ɜɵ ɛɭɞɟɬɟ ɜɵɩɨɥɧɹɬɶ ɩɪɢ ɭɩɪɚɜɥɟɧɢɢ ɤɨɪɩɨɪɚɬɢɜɧɨɣ ɫɟɬɶɸ. ɉɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ, ɭɫɬɚɧɨɜɥɟɧɧɨɟ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ ɤɥɢɟɧɬɨɜ, ɜɤɥɸɱɚɟɬ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɫɜɨɟɣ ɪɚɛɨɬɵ. ȼɨ ɦɧɨɝɢɯ ɤɨɦɩɚɧɢɹɯ ɤɨɦɩɶɸɬɟɪɵ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɫɨɞɟɪɠɚɬ ɫɬɚɧɞɚɪɬɧɵɣ ɧɚɛɨɪ ɨɮɢɫɧɵɯ ɩɪɢɥɨɠɟɧɢɣ, ɬɚɤɢɯ ɤɚɤ Microsoft Office, ɢ ɞɪɭɝɢɯ ɩɪɢɥɨɠɟɧɢɣ, ɫɩɟɰɢɮɢɱɧɵɯ ɞɥɹ ɢɯ ɛɢɡɧɟɫɚ. ɋɬɚɧɞɚɪɬɧɨɦɭ ɤɥɢɟɧɬɫɤɨɦɭ ɤɨɦɩɶɸɬɟɪɭ ɬɪɟɛɭɸɬɫɹ ɬɚɤɠɟ ɩɪɢɥɨɠɟɧɢɹ ɞɥɹ ɫɠɚɬɢɹ ɮɚɣɥɨɜ ɢ ɚɧɬɢɜɢɪɭɫɧɨɟ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ. ɍɩɪɚɜɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɧɚ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɪɚɛɨɱɢɯ ɫɬɨɥɚɯ ɦɨɠɟɬ ɫɬɚɬɶ ɨɱɟɧɶ ɬɪɭɞɨɟɦɤɨɣ ɡɚɞɚɱɟɣ, ɟɫɥɢ ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɛɭɞɟɬ ɩɨɫɟɳɚɬɶ ɤɚɠɞɵɣ ɪɚɛɨɱɢɣ ɫɬɨɥ ɜɫɹɤɢɣ ɪɚɡ ɩɪɢ ɭɫɬɚɧɨɜɤɟ ɢɥɢ ɦɨɞɟɪɧɢɡɚɰɢɢ ɧɨɜɨɝɨ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ. ȼ ɛɨɥɶɲɨɣ ɤɨɦɩɚɧɢɢ ɬɨɥɶɤɨ ɞɥɹ ɪɟɲɟɧɢɹ ɩɪɨɛɥɟɦ, ɫɜɹɡɚɧɧɵɯ ɫ ɨɲɢɛɤɚɦɢ ɩɪɢɥɨɠɟɧɢɣ, ɦɨɠɟɬ ɩɨɬɪɟɛɨɜɚɬɶɫɹ ɧɟɫɤɨɥɶɤɨ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɧɚ ɩɨɥɧɵɣ ɪɚɛɨɱɢɣ ɞɧɟɶ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɨɛɧɨɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦ ɞɨɥɠɧɵ ɜɵɩɨɥɧɹɬɶɫɹ ɟɠɟɞɧɟɜɧɨ ɢɥɢ ɟɠɟɧɟɞɟɥɶɧɨ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɞɥɹ ɚɧɬɢɜɢɪɭɫɧɨɝɨ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɦɨɠɟɬ ɡɧɚɱɢɬɟɥɶɧɨ ɭɦɟɧɶɲɢɬɶ ɭɫɢɥɢɹ, ɤɨɬɨɪɵɟ ɬɪɟɛɭɸɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦɢ ɪɚɛɨɱɢɦɢ ɫɬɨɥɚɦɢ. Ɏɚɤɬɢɱɟɫɤɢ ɫɟɪɶɟɡɧɨɟ ɭɦɟɧɶɲɟɧɢɟ ɡɚɬɪɚɬ, ɩɨɥɭɱɚɟɦɨɟ ɨɬ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory ɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɧɚɯɨɞɢɬɫɹ ɜ ɨɛɥɚɫɬɢ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ. ɍɩɪɚɜɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɜ ɤɨɪɩɨɪɚɬɢɜɧɨɣ ɫɪɟɞɟ ɩɪɟɞɩɨɥɚɝɚɟɬ ɝɨɪɚɡɞɨ ɛɨɥɶɲɟ ɞɟɥ, ɱɟɦ ɟɝɨ ɩɪɨɫɬɨɟ ɪɚɡɜɟɪɬɵɜɚɧɢɟ. Ɇɧɨɝɢɟ ɤɨɦɩɚɧɢɢ ɢɦɟɸɬ ɱɟɬɤɨ ɨɩɪɟɞɟɥɟɧɧɵɣ ɩɪɨɰɟɫɫ ɭɩɪɚɜɥɟɧɢɹ ɠɢɡɧɟɧɧɵɦ ɰɢɤɥɨɦ ɩɪɨɝɪɚɦɦ, ɤɨɬɨɪɵɣ ɜɤɥɸɱɚɟɬ ɩɨɤɭɩɤɭ (ɢɥɢ ɫɨɡɞɚɧɢɟ) ɢ ɢɫɩɵɬɚɧɢɟ ɩɪɢɥɨɠɟɧɢɹ ɜ ɦɚɥɟɧɶɤɨɣ ɝɪɭɩɩɟ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɡɚɬɟɦ ɤɪɭɩɧɨɦɚɫɲɬɚɛɧɨɟ ɪɚɡɜɟɪɬɵɜɚɧɢɟ ɩɪɢɥɨɠɟɧɢɹ, ɟɝɨ ɨɛɫɥɭɠɢɜɚɧɢɟ ɢ, ɧɚɤɨɧɟɰ, ɭɞɚɥɟɧɢɟ. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɜ Active Directory ɪɟɲɚɸɬ ɷɬɢ ɡɚɞɚɱɢ ɛɨɥɟɟ ɷɮɮɟɤɬɢɜɧɨ.
Windows
ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɭɩɪɚɜɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɱɟɪɟɡ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɩɨɥɚɝɚɟɬɫɹ ɧɚ ɬɟɯɧɨɥɨɝɢɸ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows ɨɬ Microsoft. Ɍɟɯɧɨɥɨɝɢɹ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɫɬɚɧɨɜɤɢ, ɭɩɪɚɜɥɟɧɢɹ ɢ ɭɞɚɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ Windows. Ɉɧɚ ɜɤɥɸɱɚɟɬ ɞɜɚ ɤɨɦɩɨɧɟɧɬɚ. • ɉɚɤɟɬɧɵɣ ɮɚɣɥ ɭɫɬɚɧɨɜɤɢ ɩɪɨɝɪɚɦɦ (.msi-ɮɚɣɥ). ɉɚɤɟɬɧɵɣ ɮɚɣɥ .msi ɫɨɫɬɨɢɬ ɢɡ ɢɧɮɨɪɦɚɰɢɨɧɧɨɣ ɛɚɡɵ ɞɚɧɧɵɯ, ɤɨɬɨɪɚɹ ɫɨɞɟɪɠɢɬ ɜɫɟ ɤɨɦɚɧɞɵ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɢ ɭɞɚɥɟɧɢɹ ɩɪɢɥɨɠɟɧɢɣ. • ɋɥɭɠɛɚ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows (Msiexec. exe). ɗɬɚ ɫɥɭɠɛɚ ɭɩɪɚɜɥɹɟɬ ɮɚɤɬɢɱɟɫɤɨɣ ɢɧɫɬɚɥɥɹɰɢɟɣ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ. ɋɥɭɠɛɚ ɢɫɩɨɥɶɡɭɟɬ ɮɚɣɥ ɛɢɛɥɢɨɬɟɤɢ ɞɢɧɚɦɢɱɟɫɤɨɣ ɤɨɦɩɨɧɨɜɤɢ (DLL) ɫ ɢɦɟɧɟɦ Msi.dll ɞɥɹ ɱɬɟɧɢɹ ɮɚɣɥɨɜ ɩɚɤɟɬɚ .msi. ȼ ɡɚɜɢɫɢɦɨɫɬɢ ɨɬ ɫɨɞɟɪɠɢɦɨɝɨ ɩɚɤɟɬɧɨɝɨ ɮɚɣɥɚ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦ ɫɥɭɠɛɚ ɤɨɩɢɪɭɟɬ ɮɚɣɥɵ ɩɪɢɥɨɠɟɧɢɣ ɧɚ ɥɨɤɚɥɶɧɵɣ ɠɟɫɬɤɢɣ ɞɢɫɤ, ɫɨɡɞɚɟɬ ɹɪɥɵɤɢ, ɢɡɦɟɧɹɟɬ ɡɚɩɢɫɢ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ ɢ ɜɵɩɨɥɧɹɟɬ ɜɫɟ ɡɚɞɚɱɢ, ɩɟɪɟɱɢɫɥɟɧɧɵɟ ɜ ɮɚɣɥɟ msi. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɬɟɯɧɨɥɨɝɢɢ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows ɢɦɟɟɬ ɦɧɨɠɟɫɬɜɨ ɩɪɟɢɦɭɳɟɫɬɜ. Ɉɞɧɨ ɢɡ ɧɚɢɛɨɥɟɟ ɜɚɠɧɵɯ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɥɸɛɨɟ ɩɪɢɥɨɠɟɧɢɟ ɦɨɠɟɬ ɫɚɦɨɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶɫɹ. ɉɨɫɤɨɥɶɤɭ ɮɚɣɥ .ɬɷɅɸɞɟɪɠɢɬ ɜɫɸ ɢɧɮɨɪɦɚɰɢɸ, ɧɟɨɛɯɨɞɢɦɭɸ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɪɢɥɨɠɟɧɢɹ, ɬɨ ɨɧ ɦɨɠɟɬ ɬɚɤɠɟ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɩɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɨɟ ɜɵɲɥɨ ɢɡ ɫɬɪɨɹ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɩɪɢɥɨɠɟɧɢɟ ɩɟɪɟɫɬɚɥɨ ɪɚɛɨɬɚɬɶ ɢɡ-ɡɚ ɭɞɚɥɟɧɢɹ ɤɪɢɬɢɱɟɫɤɨɝɨ ɮɚɣɥɚ, ɬɨ ɨɧɨ ɧɟ ɫɦɨɠɟɬ ɡɚɩɭɫɬɢɬɶɫɹ ɜ ɫɥɟɞɭɸɳɢɣ ɪɚɡ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɵɛɟɪɟɬ ɷɬɨ ɩɪɢɥɨɠɟɧɢɟ. ȿɫɥɢ ɩɪɢɥɨɠɟɧɢɟ ɛɵɥɨ ɭɫɬɚɧɨɜɥɟɧɨ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows, ɬɨ ɮɚɣɥ .msi, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɨɜɚɥɫɹ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɪɢɥɨɠɟɧɢɹ, ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɟɝɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɩɭɬɟɦ ɩɨɜɬɨɪɧɨɣ ɭɫɬɚɧɨɜɤɢ ɨɬɫɭɬɫɬɜɭɸɳɟɝɨ ɮɚɣɥɚ. Ɏɚɣɥ .msi ɮɚɣɥ ɬɚɤɠɟ ɞɨɩɭɫɤɚɟɬ ɨɱɢɫɬɤɭ ɩɭɬɟɦ ɞɟɢɧɫɬɚɥɥɹɰɢɢ ɩɪɢɥɨɠɟɧɢɣ.
. Windows Server 2003, Microsoft Windows XP Professional Windows Windows, .
Windows Microsoft Windows 2000, . Windows
Microsoft Windows NT, Windows 95
Windows 98.
Windows Server 2003, Windows XP Professional Windows 2000. ɋɟɣɱɚɫ ɩɪɨɢɡɜɨɞɢɬɟɥɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɩɨɫɬɚɜɥɹɸɬ ɩɚɤɟɬɧɵɣ ɮɚɣɥ .msi ɞɥɹ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦ ɫɨ ɜɫɟɦɢ ɧɨɜɵɦɢ ɩɪɨɝɪɚɦɦɧɵɦɢ ɩɪɨɞɭɤɬɚɦɢ. Ɉɧ ɢɡɜɟɫɬɟɧ ɤɚɤ ɮɚɣɥ «ɪɨɞɧɨɝɨ» (native) ɢɧɫɬɚɥɥɹɬɨɪɚ Windows.
.msi
ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɮɚɣɥ «ɪɨɞɧɨɝɨ» ɢɧɫɬɚɥɥɹɬɨɪɚ Windows ɦɨɠɟɬ ɨɬ-ɫɭɬɫɬɜɪɜɚɬɶ, ɧɚɩɪɢɦɟɪ, ɭ ɛɨɥɟɟ ɫɬɚɪɨɝɨ ɩɪɢɥɨɠɟɧɢɹ. ȿɫɥɢ ɧɟɨɛɯɨɞɢɦɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɬɟɯɧɨɥɨɝɢɸ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɩɪɢɥɨɠɟɧɢɣ, ɦɨɠɧɨ ɫɨɡɞɚɬɶ ɮɚɣɥ .msi ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɮɚɣɥ .msi, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. • ȼɵɩɨɥɧɢɬɟ ɱɢɫɬɭɸ ɢɧɫɬɚɥɥɹɰɢɸ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ ɬɚɦ, ɝɞɟ ɜɵ ɫɨɛɢɪɚɟɬɟɫɶ ɫɨɡɞɚɜɚɬɶ ɩɚɤɟɬɧɵɣ ɮɚɣɥ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦ. ȼ ɷɬɨɣ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɟ ɧɟ ɞɨɥɠɧɨ ɛɵɬɶ ɭɫɬɚɧɨɜɥɟɧɨ ɧɢɤɚɤɨɝɨ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. Ɉɩɟɪɚɰɢɨɧɧɚɹ ɫɢɫɬɟɦɚ ɧɚ ɷɬɨɦ ɤɨɦɩɶɸɬɟɪɟ ɞɨɥɠɧɚ ɛɵɬɶ ɬɨɣ ɠɟ ɫɚɦɨɣ, ɱɬɨ ɢ ɧɚ ɤɨɦɩɶɸɬɟɪɟ, ɝɞɟ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ ɩɪɢɥɨɠɟɧɢɟ. ȿɫɥɢ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ ɩɪɢɥɨɠɟɧɢɟ ɜ ɫɢɫɬɟɦɚɯ Windows 2000 ɢ Windows XP, ɬɨ ɫɨɡɞɚɸɬɫɹ ɞɜɚ ɨɬɞɟɥɶɧɵɯ ɮɚɣɥɚ .msi. • ɂɫɩɨɥɶɡɭɣɬɟ ɢɧɫɬɪɭɦɟɧɬ ɞɥɹ ɭɩɚɤɨɜɤɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɱɬɨɛɵ ɡɚɮɢɤɫɢɪɨɜɚɬɶ ɫɨɫɬɨɹɧɢɟ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ, ɩɪɟɠɞɟ ɱɟɦ ɜɵ ɭɫɬɚɧɨɜɢɬɟ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ. ɋɭɳɟɫɬɜɭɟɬ ɧɟɫɤɨɥɶɤɨ ɬɚɤɢɯ ɢɧɫɬɪɭɦɟɧɬɨɜ (ɧɚɩɪɢɦɟɪ, Wise). • ɍɫɬɚɧɨɜɢɬɟ ɩɪɢɥɨɠɟɧɢɟ ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ. Ɉɛɵɱɧɨ ɢɫɩɨɥɶɡɭɟɬɫɹ «ɪɨɞɧɨɣ» ɩɪɨɰɟɫɫ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦ. • ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɭɫɬɚɧɨɜɢɥɢ ɩɪɢɥɨɠɟɧɢɟ, ɧɚɫɬɪɨɣɬɟ ɟɝɨ ɩɨ ɜɚɲɟɦɭ ɠɟɥɚɧɢɸ. ɇɚɩɪɢɦɟɪ, ɦɨɠɧɨ ɫɨɡɞɚɬɶ ɢɥɢ ɭɞɚɥɢɬɶ ɹɪɥɵɤɢ, ɞɨɛɚɜɢɬɶ ɲɚɛɥɨɧɵ ɢɥɢ ɧɚɫɬɪɨɢɬɶ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɭɸ ɩɚɧɟɥɶ ɩɪɢɥɨɠɟɧɢɹ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɧɭɠɧɨ ɯɨɬɹ ɛɵ ɪɚɡ ɨɬɤɪɵɬɶ ɩɪɢɥɨɠɟɧɢɟ, ɱɬɨɛɵ ɩɨɥɧɨɫɬɶɸ ɭɫɬɚɧɨɜɢɬɶ ɜɫɟ ɤɨɦɩɨɧɟɧɬɵ. • ɂɫɩɨɥɶɡɭɣɬɟ ɢɧɫɬɪɭɦɟɧɬɵ ɞɥɹ ɭɩɚɤɨɜɤɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɱɬɨɛɵ ɜɨ ɜɬɨɪɨɣ ɪɚɡ ɡɚɮɢɤɫɢɪɨɜɚɬɶ ɫɨɫɬɨɹɧɢɟ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ. ɗɬɨɬ ɩɪɨɰɟɫɫ ɫɨɡɞɚɟɬ ɭɩɚɤɨɜɨɱɧɵɣ ɮɚɣɥ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦ .msi. Ʉɚɤ ɬɨɥɶɤɨ ɜɵ ɫɨɡɞɚɥɢ .msi ɮɚɣɥ, ɢɫɩɨɥɶɡɭɣɬɟ ɩɪɨɰɟɫɫ Group Policy Software Installation (ɂɧɫɬɚɥɥɹɰɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ) ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɧɚ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ.
ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ ɮɚɣɥɚ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows ɜɵ ɦɨɠɟɬɟ ɪɚɡɜɟɪɬɵɜɚɬɶ ɩɪɢɥɨɠɟɧɢɹ, ɢɫɩɨɥɶɡɭɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ Active Directory Windows Server 2003. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɨɛɟɫɩɟɱɢɜɚɸɬ ɫɪɟɞɫɬɜɚ, ɩɨɡɜɨɥɹɸɳɢɟ ɩɭɛɥɢɤɨɜɚɬɶ ɩɪɢɥɨɠɟɧɢɟ ɢɥɢ ɞɟɥɚɬɶ ɟɝɨ ɞɨɫɬɭɩɧɵɦ ɞɥɹ ɢɧɫɬɚɥɥɹɰɢɢ ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ. ɉɨɫɥɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɣ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɩɪɢ ɩɨɫɥɟɞɭɸɳɟɣ ɡɚɝɪɭɡɤɟ ɤɨɦɩɶɸɬɟɪɚ ɢɥɢ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɢɫɬɟɦɭ ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɩɨɹɜɢɬɫɹ ɢɡɜɟɳɟɧɢɟ ɨ ɧɨɜɨɦ ɩɚɤɟɬɟ ɩɪɨɝɪɚɦɦ, ɢ ɡɚɬɟɦ ɩɪɢɥɨɠɟɧɢɟ ɦɨɠɟɬ ɛɵɬɶ ɭɫɬɚɧɨɜɥɟɧɨ. ɉɪɟɠɞɟ ɱɟɦ ɜɵ ɫɦɨɠɟɬɟ ɨɩɭɛɥɢɤɨɜɚɬɶ ɩɪɢɥɨɠɟɧɢɟ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɫɟɬɢ, ɧɭɠɧɨ ɫɤɨɩɢɪɨɜɚɬɶ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɟ ɮɚɣɥɵ ɩɪɨɝɪɚɦɦ, ɜɤɥɸɱɚɹ .msi-ɮɚɣɥ, ɧɚ ɞɨɫɬɭɩɧɵɣ ɫɟɬɟɜɨɣ ɪɟɫɭɪɫ. ɇɟɨɛɯɨɞɢɦɚ ɝɚɪɚɧɬɢɹ ɬɨɝɨ, ɱɬɨ ɜɫɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɢɥɢ ɤɨɦɩɶɸɬɟɪɵ ɢɦɟɸɬ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɭ. ȿɫɥɢ ɜɵ ɧɚɡɧɚɱɚɟɬɟ ɩɪɢɥɨɠɟɧɢɟ ɞɥɹ ɤɨɦɩɶɸɬɟɪɨɜ, ɤɨɦɩɶɸɬɟɪɧɵɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɞɨɥɠɧɵ ɢɦɟɬɶ ɞɨɫɬɭɩ Read (ɑɬɟɧɢɟ). ȿɫɥɢ ɜɵ ɧɚɡɧɚɱɚɟɬɟ ɢɥɢ ɩɭɛɥɢɤɭɟɬɟ ɩɪɢɥɨɠɟɧɢɟ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɬɨ ɩɨɥɶɡɨɜɚɬɟɥɢ ɞɨɥɠɧɵ ɢɦɟɬɶ ɞɨɫɬɭɩ Read. (ɋɦɨɬɪɢɬɟ ɫɥɟɞɭɸɳɢɣ ɪɚɡɞɟɥ ɞɥɹ ɫɪɚɜɧɟɧɢɹ ɞɟɬɚɥɟɣ ɧɚɡɧɚɱɟɧɢɹ ɩɪɢɥɨɠɟɧɢɣ ɢ ɩɭɛɥɢɤɚɰɢɢ ɩɪɢɥɨɠɟɧɢɣ.)
ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ ɫɟɬɟɜɨɝɨ ɪɟɫɭɪɫɚ ɢ ɤɨɩɢɪɨɜɚɧɢɹ ɧɚ ɧɟɝɨ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɯ ɮɚɣɥɨɜ ɜɵ ɝɨɬɨɜɵ ɤ ɪɟɚɥɢɡɚɰɢɢ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ GPO, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɩɭɛɥɢɤɨɜɚɬɶ ɩɪɢɥɨɠɟɧɢɟ ɞɥɹ ɤɥɢɟɧɬɨɜ. ȼɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɨɛɴɟɤɬ GPO ɢɥɢ ɢɡɦɟɧɢɬɶ ɫɭɳɟɫɬɜɭɸɳɢɣ. ɉɪɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɢ GPO ɜɵ ɞɨɥɠɧɵ ɫɧɚɱɚɥɚ ɨɩɪɟɞɟɥɢɬɶ, ɧɟɨɛɯɨɞɢɦɨ ɥɢ ɩɭɛɥɢɤɨɜɚɬɶ ɩɪɢɥɨɠɟɧɢɟ ɞɥɹ ɤɨɦɩɶɸɬɟɪɨɜ ɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɂɫɩɨɥɶɡɭɣɬɟ ɤɨɧɬɟɣɧɟɪ Computer Configuration\Software Settings ɜ Group Policy Object Editor (Ɋɟɞɚɤɬɨɪ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ), ɢ ɩɪɢɥɨɠɟɧɢɟ ɛɭɞɟɬ ɭɫɬɚɧɨɜɥɟɧɨ ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ, ɤɨɝɞɚ ɨɧɚ ɩɟɪɟɡɚɝɪɭɡɢɬɫɹ ɜ ɫɥɟɞɭɸɳɢɣ ɪɚɡ. ȿɫɥɢ ɜɵ ɪɟɲɢɬɟ ɩɭɛɥɢɤɨɜɚɬɶ ɩɪɢɥɨɠɟɧɢɟ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɢɫɩɨɥɶɡɭɣɬɟ ɤɨɧɬɟɣɧɟɪ User Conf iguration\Sof tware Settings ɜ ɪɟɞɚɤɬɨɪɟ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɢ ɩɪɢɥɨɠɟɧɢɟ ɛɭɞɟɬ ɞɨɫɬɭɩɧɨ ɩɨɥɶɡɨɜɚɬɟɥɸ ɩɪɢ ɟɝɨ ɫɥɟɞɭɸɳɟɦ ɜɯɨɞɟ ɜ ɫɢɫɬɟɦɭ. . 11 Microsoft Group Policy Management Console (GPMC), . , , , Active Directory. GPMC, , 11, 12 13, , Windows Server 2003. Ʉɨɝɞɚ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɞɥɹ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɢɥɨɠɟɧɢɣ, ɭ ɜɚɫ ɢɦɟɟɬɫɹ ɞɜɚ ɜɚɪɢɚɧɬɚ ɢɡɜɟɳɟɧɢɹ ɨ ɩɪɢɥɨɠɟɧɢɢ ɞɥɹ ɤɥɢɟɧɬɚ. ɉɟɪɜɵɣ ɜɚɪɢɚɧɬ ɫɨɫɬɨɢɬ ɜ ɧɚɡɧɚɱɟɧɢɢ ɩɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɨɟ ɦɨɠɟɬ ɚɞɪɟɫɨɜɚɬɶɫɹ ɢɥɢ ɤɨɦɩɶɸɬɟɪɭ, ɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɸ. ȼɬɨɪɨɣ ɜɚɪɢɚɧɬ ɫɨɫɬɨɢɬ ɜ ɩɭɛɥɢɤɚɰɢɢ ɩɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɚɹ ɞɟɥɚɟɬ ɟɝɨ ɞɨɫɬɭɩɧɵɦ, ɧɨ ɬɨɥɶɤɨ ɞɥɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Ʉɨɝɞɚ ɜɵ ɧɚɡɧɚɱɚɟɬɟ ɩɪɢɥɨɠɟɧɢɟ ɤɨɦɩɶɸɬɟɪɭ, ɨɧɨ ɛɭɞɟɬ ɩɨɥɧɨɫɬɶɸ ɭɫɬɚɧɨɜɥɟɧɨ ɩɪɢ ɫɥɟɞɭɸɳɟɣ ɡɚɝɪɭɡɤɟ ɤɨɦɩɶɸɬɟɪɚ, ɱɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɩɪɢɥɨɠɟɧɢɟ ɛɭɞɟɬ ɭɫɬɚɧɨɜɥɟɧɨ ɞɥɹ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɤɨɦɩɶɸɬɟɪɚ, ɤɨɝɞɚ ɨɧɢ ɜ ɫɥɟɞɭɸɳɢɣ ɪɚɡ ɜɨɣɞɭɬ ɜ ɫɢɫɬɟɦɭ. Ʉɨɝɞɚ ɜɵ ɧɚɡɧɚɱɚɟɬɟ ɩɪɢɥɨɠɟɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɸ, ɨɧɨ ɛɭɞɟɬ ɨɩɭɛɥɢɤɨɜɚɧɨ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜ ɫɥɟɞɭɸɳɢɣ ɪɚɡ ɜɨɣɞɟɬ ɜ ɫɟɬɶ. Ɇɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɬɨ, ɤɚɤɢɦ ɨɛɪɚɡɨɦ ɷɬɨ ɛɭɞɟɬ ɩɪɨɢɫɯɨɞɢɬɶ, ɧɨ ɨɛɵɱɧɨ ɩɪɢɥɨɠɟɧɢɟ ɞɨɛɚɜɥɹɟɬɫɹ ɤ ɦɟɧɸ Start (ɉɭɫɤ). ɉɪɢɥɨɠɟɧɢɟ ɛɭɞɟɬ ɬɚɤɠɟ ɞɨɛɚɜɥɟɧɨ ɤ ɫɩɢɫɤɭ ɨɩɭɛɥɢɤɨɜɚɧɧɵɯ ɩɪɢɥɨɠɟɧɢɣ ɜ ɩɚɧɟɥɢ ɭɩɪɚɜɥɟɧɢɹ Add Or Remove Programs (Ⱦɨɛɚɜɥɟɧɢɟ ɢɥɢ ɭɞɚɥɟɧɢɟ ɩɪɨɝɪɚɦɦ). ɉɨ ɭɦɨɥɱɚɧɢɸ ɩɪɢɥɨɠɟɧɢɟ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɧɟ ɩɪɢ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɢɫɬɟɦɭ, ɚ ɩɪɢ ɚɤɬɢɜɚɰɢɢ ɢɡ ɦɟɧɸ Start ɢɥɢ ɱɟɪɟɡ ɩɚɧɟɥɶ Add Or Remove Programs. Ɇɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɬɚɤɭɸ ɥɨɝɢɤɭ ɭɫɬɚɧɨɜɤɢ, ɱɬɨ ɩɪɢɥɨɠɟɧɢɟ ɭɫɬɚɧɨɜɢɬɫɹ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɨɩɵɬɚɟɬɫɹ ɨɬɤɪɵɬɶ ɮɚɣɥ ɫ ɪɚɫɲɢɪɟɧɢɟɦ, ɤɨɬɨɪɨɟ ɚɫɫɨɰɢɢɪɨɜɚɧɨ ɫ ɞɚɧɧɵɦ ɩɪɢɥɨɠɟɧɢɟɦ. ɇɚɩɪɢɦɟɪ, ɩɪɢɥɨɠɟɧɢɟ Microsoft Word ɨɬɫɭɬɫɬɜɭɟɬ ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȿɫɥɢ ɨɧ ɳɟɥɤɧɟɬ ɞɜɚ ɪɚɡɚ ɧɚ ɮɚɣɥɟ ɫ ɪɚɫɲɢɪɟɧɢɟɦ .doc, ɬɨ Word ɛɭɞɟɬ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɭɫɬɚɧɨɜɥɟɧ. ɗɬɨɬ ɩɪɨɰɟɫɫ ɱɚɫɬɨ ɧɚɡɵɜɚɸɬ ɚɤɬɢɜɚɰɢɟɣ ɪɚɫɲɢɪɟɧɢɣ (extension activation). Ɉɞɧɚ ɢɡ ɧɨɜɵɯ ɮɭɧɤɰɢɣ ɜ Active Directory Windows Server 2003, ɨɬɫɭɬɫɬɜɭɸɳɚɹ ɜ Active Directory Windows 2000, — ɜɨɡɦɨɠɧɨɫɬɶ ɩɨɥɧɨɣ ɭɫɬɚɧɨɜɤɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɩɪɢɥɨɠɟɧɢɹ ɩɪɢ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɢɫɬɟɦɭ ɜɦɟɫɬɨ ɭɫɬɚɧɨɜɤɢ ɟɝɨ ɜ ɪɟɡɭɥɶɬɚɬɟ ɚɤɬɢɜɚɰɢɢ ɮɚɣɥɚ. ȼɵɛɨɪ ɷɬɨɣ ɨɩɰɢɢ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɩɪɨɰɟɫɫ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɡɚɣɦɟɬ ɛɨɥɶɲɟ ɜɪɟɦɟɧɢ, ɩɨɫɤɨɥɶɤɭ ɩɪɨɢɡɨɣɞɟɬ ɭɫɬɚɧɨɜɤɚ ɩɪɢɥɨɠɟɧɢɹ, ɧɨ ɡɚɬɟɦ ɩɪɢɥɨɠɟɧɢɟ ɛɭɞɟɬ ɞɨɫɬɭɩɧɨ ɤɥɢɟɧɬɭ ɞɥɹ ɢɫɩɨɥɶɡɨɜɚɧɢɹ. ɗɬɚ ɨɩɰɢɹ ɞɨɫɬɭɩɧɚ ɬɨɥɶɤɨ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɤɨɝɞɚ ɩɪɢɥɨɠɟɧɢɟ ɧɚɡɧɚɱɟɧɨ ɩɨɥɶɡɨɜɚɬɟɥɸ. Ɉɩɭɛɥɢɤɨɜɚɧɧɵɟ ɩɪɢɥɨɠɟɧɢɹ ɧɟ ɛɭɞɭɬ ɭɫɬɚɧɨɜɥɟɧɵ ɩɨɥɧɨɫɬɶɸ, ɩɨɤɚ ɨɧɢ ɧɟ ɢɧɫɬɚɥɥɢɪɭɸɬɫɹ ɱɟɪɟɡ ɩɚɧɟɥɶ Add Or Remove Programs ɢɥɢ ɱɟɪɟɡ ɚɤɬɢɜɚɰɢɸ ɪɚɫɲɢɪɟɧɢɹ. ɗɬɚ ɨɩɰɢɹ ɧɟ ɢɫɩɨɥɶɡɭɟɬɫɹ, ɟɫɥɢ ɩɪɢɥɨɠɟɧɢɟ ɧɚɡɧɚɱɟɧɨ ɤɨɦɩɶɸɬɟɪɭ, ɩɨɬɨɦɭ ɱɬɨ ɩɪɢɥɨɠɟɧɢɟ ɩɨɥɧɨɫɬɶɸ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɬɨɥɶɤɨ ɩɪɢ ɩɟɪɟɡɚɝɪɭɡɤɟ ɤɨɦɩɶɸɬɟɪɚ. Ʉɨɝɞɚ ɜɵ ɩɭɛɥɢɤɭɟɬɟ ɩɪɢɥɨɠɟɧɢɟ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɨɧɨ ɢɡɜɟɳɚɟɬ ɨ ɫɟɛɟ ɩɪɢ ɫɥɟɞɭɸɳɟɦ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɟɬɶ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɩɪɢɥɨɠɟɧɢɟ ɩɨɹɜɥɹɟɬɫɹ ɬɨɥɶɤɨ ɜ ɩɚɧɟɥɢ ɭɩɪɚɜɥɟɧɢɹ Add Or Remove Programs. ɑɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ ɩɪɢɥɨɠɟɧɢɟ, ɩɨɥɶɡɨɜɚɬɟɥɶ ɞɨɥɠɟɧ ɜɵɛɪɚɬɶ ɟɝɨ ɜ ɷɬɨɣ ɩɚɧɟɥɢ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɨɩɭɛɥɢɤɨɜɚɧɧɵɟ ɩɪɢɥɨɠɟɧɢɹ ɭɫɬɚɧɚɜɥɢɜɚɸɬɫɹ ɬɚɤɠɟ ɱɟɪɟɡ ɚɤɬɢɜɚɰɢɸ ɪɚɫɲɢɪɟɧɢɹ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɩɭɛɥɢɤɚɰɢɹ ɩɪɢɥɨɠɟɧɢɹ ɹɜɥɹɟɬɫɹ ɧɚɢɥɭɱɲɢɦ ɜɚɪɢɚɧɬɨɦ, ɟɫɥɢ ɞɚɧɧɨɟ ɩɪɢɥɨɠɟɧɢɟ ɬɪɟɛɭɟɬɫɹ ɬɨɥɶɤɨ ɧɟɤɨɬɨɪɵɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ. ɇɚɩɪɢɦɟɪ, ɢɦɟɟɬɫɹ ɝɪɚɮɢɱɟɫɤɨɟ ɩɪɢɥɨɠɟɧɢɟ ɬɢɩɚ Microsoft Visio, ɤɨɬɨɪɨɟ ɩɨɫɬɨɹɧɧɨ ɢɫɩɨɥɶɡɭɸɬ ɬɨɥɶɤɨ ɫɟɬɟɜɵɟ ɚɪɯɢɬɟɤɬɨɪɵ.
Ɉɞɧɚɤɨ ɧɟɤɨɬɨɪɵɦ ɞɪɭɝɢɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɬɚɤɠɟ ɦɨɠɟɬ ɩɨɬɪɟɛɨɜɚɬɶɫɹ Visio. ɉɭɛɥɢɤɭɹ ɩɪɢɥɨɠɟɧɢɟ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɜɵ ɧɟ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ ɟɝɨ ɧɚ ɢɯ ɪɚɛɨɱɢɯ ɫɬɨɥɚɯ ɢ ɧɟ ɞɨɛɚɜɥɹɟɬɟ ɟɝɨ ɤ ɢɯ ɹɪɥɵɤɚɦ, ɚ ɞɟɥɚɟɬɟ ɟɝɨ ɞɨɫɬɭɩɧɵɦ ɞɥɹ ɬɟɯ, ɤɬɨ ɜ ɧɟɦ ɧɭɠɞɚɟɬɫɹ. Ⱦɥɹ ɩɭɛɥɢɤɚɰɢɢ ɩɪɢɥɨɠɟɧɢɹ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɢɫɩɨɥɶɡɭɣɬɟ ɫɥɟɞɭɸɳɭɸ ɩɪɨɰɟɞɭɪɭ. 1. ɋɤɨɩɢɪɭɣɬɟ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɟ ɮɚɣɥɵ ɩɪɨɝɪɚɦɦɵ ɧɚ ɫɟɬɟɜɨɣ ɪɟɫɭɪɫ. ɋɤɨɧɮɢɝɭɪɢɪɭɣɬɟ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɭ, ɝɚɪɚɧɬɢɪɭɹ, ɱɬɨ ɜɫɟ ɧɭɠɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ ɢɦɟɸɬ ɞɨɫɬɭɩ Read (ɑɬɟɧɢɟ) ɞɥɹ ɱɬɟɧɢɹ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɯ ɮɚɣɥɨɜ. 2. ɇɚɣɞɢɬɟ ɤɨɧɬɟɣɧɟɪ: ɫɚɣɬ, ɞɨɦɟɧ ɢɥɢ ɨɪɝɚɧɢɡɚɰɢɨɧɧɭɸ ɟɞɢɧɢɰɭ (OU), ɜ ɤɨɬɨɪɨɦ ɜɵ ɯɨɬɢɬɟ ɨɩɭɛɥɢɤɨɜɚɬɶ ɩɪɢɥɨɠɟɧɢɟ, ɢ ɨɛɪɚɬɢɬɟɫɶ ɤ ɫɜɨɣɫɬɜɚɦ ɤɨɧɬɟɣɧɟɪɚ. ɓɟɥɤɧɢɬɟ ɧɚ ɜɤɥɚɞɤɟ Group Policy (Ƚɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ). ɋɨɡɞɚɣɬɟ ɧɨɜɵɣ ɨɛɴɟɤɬ GPO ɢɥɢ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Edit (ɉɪɚɜɤɚ) ɞɥɹ ɢɡɦɟɧɟɧɢɹ ɫɜɨɣɫɬɜ ɫɭɳɟɫɬɜɭɸɳɟɝɨ ɨɛɴɟɤɬɚ GPO. 3. ȿɫɥɢ ɜɵ ɩɭɛɥɢɤɭɟɬɟ ɩɪɢɥɨɠɟɧɢɟ ɞɥɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɪɚɫɤɪɨɣɬɟ ɤɨɧɬɟɣɧɟɪ User Conf iguration\Sof tware Settings (Ʉɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɩɨɥɶɡɨɜɚɬɟɥɟɣ\ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɩɪɨɝɪɚɦɦ) ɜ ɪɟɞɚɤɬɨɪɟ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɤɧɨɩɤɟ Software Installation (ɂɧɫɬɚɥɥɹɰɢɹ ɩɪɨɝɪɚɦɦ), ɜɵɛɟɪɢɬɟ New (ɇɨɜɵɣ), ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ Package (ɉɚɤɟɬ). ȿɫɥɢ ɜɵ ɩɭɛɥɢɤɭɟɬɟ ɩɪɢɥɨɠɟɧɢɟ ɞɥɹ ɤɨɦɩɶɸɬɟɪɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ, ɬɨ ɪɚɫɤɪɨɣɬɟ ɤɨɧɬɟɣɧɟɪ Computer Configuration\Software Settings (Ʉɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɤɨɦɩɶɸɬɟɪɨɜ\ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɩɪɨɝɪɚɦɦ) ɜ ɪɟɞɚɤɬɨɪɟ GPO, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɤɧɨɩɤɟ Software Installation (ɂɧɫɬɚɥɥɹɰɢɹ ɩɪɨɝɪɚɦɦ), ɜɵɛɟɪɢɬɟ New (ɇɨɜɵɣ), ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ Package (ɉɚɤɟɬ). 4. ɇɚɣɞɢɬɟ ɦɟɫɬɨ ɜ ɫɟɬɢ ɢɥɢ ɧɚɩɟɱɚɬɚɣɬɟ ɫɟɬɟɜɨɣ ɩɭɬɶ ɤ ɦɟɫɬɭ ɪɚɫɩɨɥɨɠɟɧɢɹ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɯ ɮɚɣɥɨɜ. ȼɵ ɞɨɥɠɧɵ ɢɫɩɨɥɶɡɨɜɚɬɶ ɦɟɫɬɨ ɜ ɫɟɬɢ, ɚ ɧɟ ɥɨɤɚɥɶɧɨɟ ɢɦɹ ɞɢɫɤɚ ɧɚ ɫɟɪɜɟɪɟ, ɩɨɬɨɦɭ ɱɬɨ ɞɥɹ ɤɥɢɟɧɬɫɤɢɯ ɤɨɦɩɶɸɬɟɪɨɜ ɩɭɛɥɢɤɭɟɬɫɹ ɦɟɫɬɨ ɜ ɫɟɬɢ. ȼɵɛɟɪɢɬɟ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɮɚɣɥ .msi. . , . , . 5. ɉɪɢ ɜɵɛɨɪɟ ɮɚɣɥɚ .msi ɜɵ ɦɨɠɟɬɟ ɭɤɚɡɚɬɶ ɫɩɨɫɨɛ, ɤɨɬɨɪɵɦ ɜɵ ɯɨɬɢɬɟ ɩɭɛɥɢɤɨɜɚɬɶ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ. ɇɚ ɪɢɫɭɧɤɟ 12-1 ɩɨɤɚɡɚɧɵ ɫɩɨɫɨɛɵ ɩɭɛɥɢɤɚɰɢɢ ɩɪɢɥɨɠɟɧɢɹ ɞɥɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȿɫɥɢ ɜɵ ɩɭɛɥɢɤɭɟɬɟ ɩɪɢɥɨɠɟɧɢɟ ɞɥɹ, ɤɨɦɩɶɸɬɟɪɨɜ, ɦɨɠɧɨ ɬɨɥɶɤɨ ɧɚɡɧɚɱɚɬɶ ɩɪɢɥɨɠɟɧɢɟ.
. 12-1.
6. ȿɫɥɢ ɜɵ ɯɨɬɢɬɟ ɧɚɡɧɚɱɢɬɶ ɢɥɢ ɨɩɭɛɥɢɤɨɜɚɬɶ ɩɪɢɥɨɠɟɧɢɟ, ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ ɈɄ. ȿɫɥɢ ɜɵ ɜɵɛɟɪɟɬɟ ɨɩɰɢɸ Advanced (Ⱦɨɩɨɥɧɢɬɟɥɶɧɨ), ɩɨɹɜɢɬɫɹ ɨɤɧɨ ɫɜɨɣɫɬɜ ɞɚɧɧɨɝɨ ɩɚɤɟɬɚ Properties, ɨɩɰɢɢ ɤɨɬɨɪɨɝɨ ɨɛɫɭɠɞɚɸɬɫɹ ɜ ɪɚɡɞɟɥɟ «Ʉɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɫɜɨɣɫɬɜ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ» ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ. Ʉɚɤ ɬɨɥɶɤɨ ɨɛɴɟɤɬ GPO ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ, ɩɪɢɥɨɠɟɧɢɟ ɛɭɞɟɬ ɨɩɭɛɥɢɤɨɜɚɧɨ ɞɥɹ ɜɫɟɯ ɤɥɢɟɧɬɨɜ ɤɨɧɬɟɣɧɟɪɧɨɝɨ ɨɛɴɟɤɬɚ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɩɪɨɝɪɚɦɦɧɵɣ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɣ ɤɨɦɩɨɧɟɧɬ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɩɪɢɦɟɧɹɟɬɫɹ ɬɨɥɶɤɨ ɩɪɢ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɢɫɬɟɦɭ (ɟɫɥɢ ɩɨɥɢɬɢɤɚ ɩɪɢɦɟɧɹɟɬɫɹ ɤ ɭɱɟɬɧɵɦ ɡɚɩɢɫɹɦ ɩɨɥɶɡɨɜɚɬɟɥɟɣ) ɢɥɢ ɩɪɢ ɩɟɪɟɡɚɝɪɭɡɤɟ ɤɨɦɩɶɸɬɟɪɚ (ɟɫɥɢ ɩɨɥɢɬɢɤɚ ɩɪɢɦɟɧɹɟɬɫɹ ɤ ɤɨɦɩɶɸɬɟɪɧɵɦ ɭɱɟɬɧɵɦ ɡɚɩɢɫɹɦ). ɂɧɫɬɪɭɦɟɧɬ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ GPUpdate, ɤɨɬɨɪɵɣ ɢɦɟɟɬɫɹ ɧɚ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɚɯ ɫ ɫɢɫɬɟɦɚɦɢ Windows XP Professional ɢ Windows Server 2003, ɦɨɠɟɬ ɜɵɡɜɚɬɶ ɩɪɢɧɭɞɢɬɟɥɶɧɵɣ ɜɵɯɨɞ ɢɡ ɫɢɫɬɟɦɵ ɢɥɢ ɩɟɪɟɡɚɝɪɭɡɤɭ ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɤɚɤ ɱɚɫɬɶ ɨɛɧɨɜɥɟɧɢɹ, ɫɜɹɡɚɧɧɨɝɨ ɫ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɨɣ. ɑɬɨɛɵ ɜɵɡɜɚɬɶ ɜɵɯɨɞ ɢɡ ɫɢɫɬɟɦɵ ɢɥɢ ɩɟɪɟɡɚɝɪɭɡɤɭ, ɢɫɩɨɥɶɡɭɣɬɟ ɤɨɦɚɧɞɭ gpupdate /logoff ɢɥɢ gpupdate /reboot.
Ɉɞɢɧ ɢɡ ɧɚɢɛɨɥɟɟ ɬɪɭɞɧɵɯ ɚɫɩɟɤɬɨɜ ɭɩɪɚɜɥɟɧɢɹ ɪɚɫɩɪɟɞɟɥɟɧɢɟɦ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɫɨɫɬɨɢɬ ɜ ɭɩɪɚɜɥɟɧɢɢ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɫɟɬɢ. ȿɫɥɢ ɜɵ ɧɚɡɧɚɱɢɬɟ ɛɨɥɶɲɨɟ ɩɪɢɥɨɠɟɧɢɟ ɪɚɡɦɟɪɨɦ ɜ ɧɟɫɤɨɥɶɤɨ ɦɟɝɚɛɚɣɬ ɧɚ ɛɨɥɶɲɭɸ ɝɪɭɩɩɭ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɢ ɜɫɟ ɨɧɢ ɧɚɱɧɭɬ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɟɝɨ ɨɞɧɨɜɪɟɦɟɧɧɨ, ɷɬɚ ɭɫɬɚɧɨɜɤɚ ɡɚɣɦɟɬ ɱɚɫɵ ɢɡ-ɡɚ ɫɭɳɟɫɬɜɟɧɧɨɝɨ ɭɜɟɥɢɱɟɧɢɹ ɨɛɴɟɦɚ ɫɟɬɟɜɨɝɨ ɬɪɚɮɢɤɚ. ȿɫɬɶ ɦɧɨɠɟɫɬɜɨ ɨɩɰɢɣ, ɩɨɡɜɨɥɹɸɳɢɯ ɭɩɪɚɜɥɹɬɶ ɫɟɬɟɜɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɶɸ. Ɉɞɧɚ ɢɡ ɨɩɰɢɣ ɫɨɫɬɨɢɬ ɜ ɧɚɡɧɚɱɟɧɢɢ ɩɪɢɥɨɠɟɧɢɹ ɧɚ ɤɨɦɩɶɸɬɟɪɵ ɫ ɩɪɨɫɶɛɨɣ ɤ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɩɟɪɟɡɚɝɪɭɡɢɬɶ ɤɨɦɩɶɸɬɟɪɵ ɜ ɤɨɧɰɟ ɞɧɹ. ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɜɵɧɭɠɞɚɬɶ ɩɟɪɟɡɚɝɪɭɡɤɭ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ, ɢɫɩɨɥɶɡɭɹ ɤɨɦɚɧɞɭ GPUpdate. ȿɫɥɢ ɜɵ ɩɪɢɦɟɧɢɬɟ ɷɬɭ ɤɨɦɚɧɞɭ ɨɞɧɨɜɪɟɦɟɧɧɨ ɥɢɲɶ ɤ ɧɟɫɤɨɥɶɤɢɦ ɪɚɛɨɱɢɦ ɫɬɚɧɰɢɹɦ, ɜɥɢɹɧɢɟ ɧɚ ɫɟɬɶ ɦɨɠɟɬ ɛɵɬɶ ɫɜɟɞɟɧɨ ɤ ɦɢɧɢɦɭɦɭ. Ⱦɪɭɝɚɹ ɨɩɰɢɹ ɫɨɫɬɨɢɬ ɜ ɧɚɡɧɚɱɟɧɢɢ ɩɪɢɥɨɠɟɧɢɹ ɦɚɥɟɧɶɤɨɣ ɝɪɭɩɩɟ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɡɚ ɨɞɢɧ ɪɚɡ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɫɬɚɪɚɣɬɟɫɶ ɢɡɛɟɠɚɬɶ ɧɚɡɧɚɱɟɧɢɹ ɩɪɢɥɨɠɟɧɢɣ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɩɨɥɧɨɫɬɶɸ ɭɫɬɚɧɚɜɥɢɜɚɬɶɫɹ ɩɪɢ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɢɫɬɟɦɭ. ȿɫɥɢ ɜɵ ɩɭɛɥɢɤɭɟɬɟ ɩɪɢɥɨɠɟɧɢɟ, ɧɨ ɩɨɡɜɨɥɹɟɬɟ ɩɨɥɶɡɨɜɚɬɟɥɸ ɢɧɢɰɢɢɪɨɜɚɬɶ ɢɧɫɬɚɥɥɹɰɢɸ, ɩɨɹɜɢɬɫɹ ɜɨɡɦɨɠɧɨɫɬɶ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɪɚɫɬɹɧɭɬɶ ɢɧɫɬɚɥɥɹɰɢɸ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɧɚ ɧɟɤɨɬɨɪɨɟ ɜɪɟɦɹ. ɏɨɬɹ ɧɢ ɨɞɧɚ ɢɡ ɷɬɢɯ ɨɩɰɢɣ ɧɟ ɹɜɥɹɟɬɫɹ ɢɞɟɚɥɶɧɨɣ, ɢɯ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ, ɱɬɨɛɵ ɞɨ ɧɟɤɨɬɨɪɨɣ ɫɬɟɩɟɧɢ ɭɩɪɚɜɥɹɬɶ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɶɸ ɫɟɬɢ. Ⱦɪɭɝɨɣ ɫɩɨɫɨɛ ɭɩɪɚɜɥɹɬɶ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɫɟɬɢ ɞɥɹ ɧɟɫɤɨɥɶɤɢɯ ɫɚɣɬɨɜ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɩɪɢɦɟɧɢɬɶ ɪɚɫɩɪɟɞɟɥɟɧɧɭɸ ɮɚɣɥɨɜɭɸ ɫɢɫɬɟɦɭ (Distributed File System - DFS). ɋ ɩɨɦɨɳɶɸ DFS ɦɨɠɧɨ ɫɨɡɞɚɬɶ ɫɬɪɭɤɬɭɪɭ ɥɨɝɢɱɟɫɤɨɝɨ ɤɚɬɚɥɨɝɚ, ɧɟ ɡɚɜɢɫɹɳɭɸ ɨɬ ɬɨɝɨ, ɜ ɤɚɤɨɦ ɦɟɫɬɟ ɫɟɬɢ ɮɚɤɬɢɱɟɫɤɢ ɯɪɚɧɹɬɫɹ ɮɚɣɥɵ. ɇɚɩɪɢɦɟɪ, ɦɨɠɧɨ ɫɨɡɞɚɬɶ ɤɨɪɟɧɶ DFS ɫ ɢɦɟɧɟɦ \\serverl\softinst, ɚ ɡɚɬɟɦ ɞɥɹ ɜɫɟɯ ɩɪɢɥɨɠɟɧɢɣ ɫɨɡɞɚɬɶ ɩɨɞɤɚɬɚɥɨɝɢ ɧɢɠɟ ɷɬɨɣ ɨɛɳɟɣ ɬɨɱɤɢ. ɋ ɩɨɦɨɳɶɸ ɫɢɫɬɟɦɵ D*FS ɦɨɠɧɨ ɧɚɣɬɢ ɩɨɞɤɚɬɚɥɨɝɢ ɧɚ ɧɟɫɤɨɥɶɤɢɯ ɫɟɪɜɟɪɚɯ ɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɮɢɡɢɱɟɫɤɢɟ ɫɜɹɡɢ ɤ ɨɞɧɢɦ ɢ ɬɟɦ ɠɟ ɥɨɝɢɱɟɫɤɢɦ ɤɚɬɚɥɨɝɚɦ. ȿɫɥɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɢɧɬɟɝɪɢɪɨɜɚɧɧɭɸ ɫɢɫɬɟɦɭ DFS, ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɚɜɬɨɦɚɬɢɱɟɫɤɭɸ ɪɟɩɥɢɤɚɰɢɸ ɫɨɞɟɪɠɚɧɢɹ ɩɚɩɤɢ ɦɟɠɞɭ ɤɨɩɢɹɦɢ ɨɞɧɨɝɨ ɢ ɬɨɝɨ ɠɟ ɤɚɬɚɥɨɝɚ. ɋɢɫɬɟɦɚ DFS ɹɜɥɹɟɬɫɹ ɩɪɢɥɨɠɟɧɢɟɦ, ɭɱɢɬɵɜɚɸɳɢɦ ɧɚɥɢɱɢɟ ɫɚɣɬɨɜ, ɬ.ɟ. ɟɫɥɢ ɭ ɜɚɫ ɢɦɟɟɬɫɹ ɧɟɫɤɨɥɶɤɨ ɫɚɣɬɨɜ, ɬɨ ɤɨɦɩɶɸɬɟɪɵ ɤɥɢɟɧɬɨɜ ɛɭɞɭɬ ɜɫɟɝɞɚ ɩɨɞɤɥɸɱɚɬɶɫɹ ɤ ɤɨɩɢɢ DFS ɩɚɩɤɢ, ɪɚɫɩɨɥɨɠɟɧɧɨɣ ɜ ɢɯ ɫɨɛɫɬɜɟɧɧɨɦ ɫɚɣɬɟ, ɜɦɟɫɬɨ ɬɨɝɨ ɱɬɨɛɵ ɩɟɪɟɫɟɤɚɬɶ ɝɥɨɛɚɥɶɧɭɸ ɫɟɬɶ WAN ɞɥɹ ɨɛɪɚɳɟɧɢɹ ɤ ɩɚɩɤɟ, ɪɚɫɩɨɥɨɠɟɧɧɨɣ ɜ ɞɪɭɝɨɦ ɫɚɣɬɟ. Ɍɪɭɞɧɨ ɩɪɟɞɫɤɚɡɚɬɶ, ɤɚɤɢɦ ɛɭɞɟɬ ɷɮɮɟɤɬ ɫɟɬɟɜɨɣ ɢɧɫɬɚɥɥɹɰɢɢ. Ɉɞɧɨ ɢɡ ɩɪɟɢɦɭɳɟɫɬɜ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɦɨɠɧɨ ɥɟɝɤɨ ɜɵɩɨɥɧɢɬɶ ɬɟɫɬɢɪɨɜɚɧɢɟ, ɱɬɨɛɵ ɭɜɢɞɟɬɶ ɨɠɢɞɚɟɦɵɣ ɷɮɮɟɤɬ. ɇɚɩɪɢɦɟɪ, ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɨɛɴɟɤɬ GPO, ɤɨɬɨɪɵɣ ɜɤɥɸɱɚɟɬ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ, ɧɨ ɧɟ ɫɜɹɡɚɧ ɧɢ ɫ ɤɚɤɨɣ OU, ɡɚɬɟɦ ɫɨɡɞɚɬɶ ɜɪɟɦɟɧɧɭɸ OU, ɞɨɛɚɜɢɬɶ ɧɟɫɤɨɥɶɤɨ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɢɥɢ ɤɨɦɩɶɸɬɟɪɧɵɯ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɢ ɫɜɹɡɚɬɶ GPO-ɨɛɴɟɤɬ ɫ OU. ɗɬɚ ɤɨɧɮɢɝɭɪɚɰɢɹ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɩɪɨɜɟɪɤɢ ɬɨɝɨ, ɫɤɨɥɶɤɨ ɜɪɟɦɟɧɢ ɩɨɬɪɟɛɭɟɬɫɹ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɪɢɥɨɠɟɧɢɹ ɜ ɦɚɥɟɧɶɤɨɣ ɝɪɭɩɩɟ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Ɇɨɠɧɨ ɬɚɤɠɟ ɡɚɩɭɫɬɢɬɶ ɩɪɨɝɪɚɦɦɧɨɟ ɪɚɫɩɪɟɞɟɥɟɧɢɟ, ɫɜɹɡɚɜ ɨɛɴɟɤɬ GPO ɫ ɩɪɨɢɡɜɨɞɫɬɜɟɧɧɨɣ OU, ɢɫɩɨɥɶɡɭɹ ɮɢɥɶɬɪɚɰɢɸ ɝɪɭɩɩɵ ɞɥɹ ɨɝɪɚɧɢɱɟɧɢɹ ɤɨɥɢɱɟɫɬɜɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɥɢ ɤɨɦɩɶɸɬɟɪɨɜ, ɤ ɤɨɬɨɪɵɦ ɩɪɢɦɟɧɹɟɬɫɹ GPO-ɨɛɴɟɤɬ. ɇɟɡɚɜɢɫɢɦɨ ɨɬ ɤɨɥɢɱɟɫɬɜɚ ɭɫɢɥɢɣ, ɩɪɟɞɩɪɢɧɹɬɵɯ ɜɚɦɢ ɞɥɹ ɦɢɧɢɦɢɡɚɰɢɢ ɜɥɢɹɧɢɹ ɧɚ ɫɟɬɶ, ɪɚɡɜɟɪɬɵɜɚɧɢɟ ɨɛɴɟɦɧɨɝɨ ɩɪɢɥɨɠɟɧɢɹ ɞɥɹ ɛɨɥɶɲɨɝɨ ɤɨɥɢɱɟɫɬɜɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜɫɟɝɞɚ ɨɤɚɡɵɜɚɟɬ ɜɨɡɞɟɣɫɬɜɢɟ ɧɚ ɫɟɬɶ, ɩɨɷɬɨɦɭ ɧɭɠɧɨ ɡɚɩɥɚɧɢɪɨɜɚɬɶ ɜɵɩɨɥɧɟɧɢɟ ɢɧɫɬɚɥɥɹɰɢɢ ɜ ɬɟɱɟɧɢɟ ɧɟɫɤɨɥɶɤɨ ɞɧɟɣ.
, Windows
ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɜɵ ɦɨɠɟɬɟ ɧɟ ɫɨɡɞɚɜɚɬɶ ɮɚɣɥɚ .msi ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɪɢɥɨɠɟɧɢɹ, ɚ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɞɥɹ ɟɝɨ ɪɚɫɩɪɟɞɟɥɟɧɢɹ. ɇɚɩɪɢɦɟɪ, ɩɪɨɫɬɨɟ ɩɪɢɥɨɠɟɧɢɟ ɞɨɥɠɧɨ ɛɵɬɶ ɭɫɬɚɧɨɜɥɟɧɨ ɧɚ ɧɟɫɤɨɥɶɤɢɯ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ, ɨɧɨ ɧɟ ɬɪɟɛɭɟɬ ɧɢɤɚɤɨɣ ɧɚɫɬɪɨɣɤɢ ɢ ɦɨɞɟɪɧɢɡɚɰɢɢ. Ɇɨɠɧɨ ɫɨɡɞɚɬɶ ɢ ɢɫɩɨɥɶɡɨɜɚɬɶ ɮɚɣɥ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦɵ (.zap) ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɷɬɨɝɨ ɩɪɢɥɨɠɟɧɢɹ. Ɏɚɣɥ . zap ɹɜɥɹɟɬɫɹ ɬɟɤɫɬɨɜɵɦ ɮɚɣɥɨɦ, ɤɨɬɨɪɵɣ ɫɨɞɟɪɠɢɬ ɤɨɦɚɧɞɵ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɟ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɪɢɥɨɠɟɧɢɹ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ .zapɛɭɞɟɬ ɫɨɞɟɪɠɚɬɶ ɬɨɥɶɤɨ ɫɥɟɞɭɸɳɢɟ ɫɬɪɨɤɢ:
[Application] FriendlyName = "applicationname" SetupCommand = "\\servername\sharename\installapplication.exe""
Ɂɧɚɱɟɧɢɟ FriendlyName ɹɜɥɹɟɬɫɹ ɢɦɟɧɟɦ, ɨɬɨɛɪɚɠɚɟɦɵɦ ɜ ɩɚɧɟɥɢ ɭɩɪɚɜɥɟɧɢɹ Add Or Remove Programs ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɤɥɢɟɧɬɚ. Ɂɧɚɱɟɧɢɟ SetupCommand ~ ɩɭɬɶ ɤ ɢɧɫɬɚɥɥɹɰɢɨɧɧɨɦɭ ɮɚɣɥɭ ɞɥɹ ɩɪɢɥɨɠɟɧɢɹ. Ɇɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ UNC-ɩɭɬɶ ɢɥɢ ɨɬɨɛɪɚɠɟɧɧɵɣ ɞɢɫɤ ɞɥɹ ɡɧɚɱɟɧɢɹ SetupCommand. ȿɫɥɢ ɩɪɢɥɨɠɟɧɢɟ ɨɛɟɫɩɟɱɢɜɚɟɬ ɫɪɟɞɫɬɜɚ ɞɥɹ ɧɚɫɬɪɨɣɤɢ ɢɧɫɬɚɥɥɹɰɢɢ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɩɚɪɚɦɟɬɪɨɜ ɭɫɬɚɧɨɜɤɢ, ɦɨɠɧɨ ɜɤɥɸɱɢɬɶ ɷɬɢ ɩɚɪɚɦɟɬɪɵ ɜ ɡɧɚɱɟɧɢɟ SetupCommand, ɭɤɚɡɵɜɚɹ ɟɝɨ ɜɫɥɟɞ ɡɚ ɩɚɪɚɦɟɬɪɨɦ, ɨɩɪɟɞɟɥɹɸɳɢɦ ɩɭɬɶ ɭɫɬɚɧɨɜɤɢ, ɡɚɤɥɸɱɟɧɧɵɦ ɜ ɞɜɨɣɧɵɟ ɤɚɜɵɱɤɢ. ɇɚɩɪɢɦɟɪ: SetupCommand = "\\servername\sharename\se\up.exe" /parameter
Ɉɛɪɚɬɢɬɟ ɜɧɢɦɚɧɢɟ, ɟɫɥɢ ɤɨɦɚɧɞɧɚɹ ɫɬɪɨɤɚ ɜɤɥɸɱɚɟɬ ɩɚɪɚɦɟɬɪ, ɬɨ ɩɭɬɶ ɭɫɬɚɧɨɜɤɢ ɢɫɩɨɥɶɡɭɟɬ ɨɞɢɧɚɪɧɵɣ ɧɚɛɨɪ ɞɜɨɣɧɵɯ ɤɚɜɵɱɟɤ ɜɦɟɫɬɨ ɞɜɨɣɧɨɝɨ ɧɚɛɨɪɚ ɞɜɨɣɧɵɯ ɤɚɜɵɱɟɤ, ɤɨɬɨɪɵɟ ɬɪɟɛɨɜɚɥɢɫɶ ɜ ɩɪɟɞɵɞɭɳɟɦ ɩɪɢɦɟɪɟ. ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ ɮɚɣɥɚ .zap ɢ ɤɨɩɢɪɨɜɚɧɢɹ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɯ ɮɚɣɥɨɜ ɩɪɢɥɨɠɟɧɢɹ ɧɚ ɫɟɬɟɜɨɣ ɪɟɫɭɪɫ ɦɨɠɧɨ ɨɩɭɛɥɢɤɨɜɚɬɶ ɩɪɢɥɨɠɟɧɢɟ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɉɪɢɥɨɠɟɧɢɟ ɞɨɛɚɜɥɹɟɬɫɹ ɤ ɫɩɢɫɤɭ ɞɨɫɬɭɩɧɵɯ ɩɪɢɥɨɠɟɧɢɣ ɜ ɩɚɧɟɥɢ ɭɩɪɚɜɥɟɧɢɹ Add Or Remove Programs, ɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɜɵɛɪɚɬɶ ɟɝɨ ɞɥɹ ɭɫɬɚɧɨɜɤɢ. ɉɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɵɟ ɪɚɫɩɪɟɞɟɥɹɸɬɫɹ ɱɟɪɟɡ ɮɚɣɥɵ .zap, ɧɟ ɦɨɝɭɬ ɛɵɬɶ ɧɚɡɧɚɱɟɧɵ ɧɢ ɤɨɦɩɶɸɬɟɪɚɦ, ɧɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦ, ɢɯ ɧɟɥɶɡɹ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɫ ɩɨɦɨɳɶɸ ɚɤɬɢɜɚɰɢɢ ɪɚɫɲɢɪɟɧɢɹ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɮɚɣɥɚ .zap ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɜɚɠɧɵɯ ɨɝɪɚɧɢɱɟɧɢɣ ɩɨ ɫɪɚɜɧɟɧɢɸ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɮɚɣɥɨɜ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows. ȼɨ-ɩɟɪɜɵɯ, ɢɧɫɬɚɥɥɹɰɢɹ ɩɪɢɥɨɠɟɧɢɹ ɫ ɩɨɦɨɳɶɸ ɮɚɣɥɚ .zap ɡɚɩɭɫɤɚɟɬ ɧɨɪɦɚɥɶɧɭɸ ɢɧɫɬɚɥɥɹɰɢɨɧɧɭɸ ɩɪɨɝɪɚɦɦɭ ɞɥɹ ɩɪɢɥɨɠɟɧɢɹ, ɬ.ɟ. ɧɟɥɶɡɹ ɧɚɫɬɪɚɢɜɚɬɶ ɢɧɫɬɚɥɥɹɰɢɸ, ɟɫɥɢ ɩɪɢɥɨɠɟɧɢɟ ɧɟ ɨɛɟɫɩɟɱɢɜɚɟɬ ɩɚɪɚɦɟɬɪɵ ɭɫɬɚɧɨɜɤɢ ɞɥɹ ɷɬɨɝɨ. Ⱦɚɥɟɟ, ɢɧɫɬɚɥɥɹɰɢɹ ɩɪɢɥɨɠɟɧɢɹ ɫ ɩɨɦɨɳɶɸ ɮɚɣɥɚ .zap ɧɟ ɦɨɠɟɬ ɜɵɩɨɥɧɹɬɶɫɹ ɫ ɪɚɡɪɟɲɟɧɢɹɦɢ, ɜɤɥɸɱɟɧɧɵɦɢ ɜ ɩɪɨɰɟɫɫɟ ɢɧɫɬɚɥɥɹɰɢɢ, ɬ.ɟ. ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɪɢɥɨɠɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶ ɞɨɥɠɟɧ ɛɵɬɶ ɦɟɫɬɧɵɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɦ. ɉɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɭɫɬɚɧɨɜɥɟɧɵ ɫ ɩɨɦɨɳɶɸ ɮɚɣɥɚ .zap, ɧɟ ɦɨɝɭɬ ɫɚɦɨɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶɫɹ. ȿɫɥɢ ɩɪɢɥɨɠɟɧɢɟ ɩɟɪɟɫɬɚɧɟɬ ɪɚɛɨɬɚɬɶ ɢɡ-ɡɚ ɩɨɪɱɢ ɢɥɢ ɭɞɚɥɟɧɢɹ ɮɚɣɥɚ, ɩɨɥɶɡɨɜɚɬɟɥɸ ɩɪɢɞɟɬɫɹ ɫɧɨɜɚ ɜɵɩɨɥɧɢɬɶ ɩɟɪɜɨɧɚɱɚɥɶɧɭɸ ɢɧɫɬɚɥɥɹɰɢɨɧɧɭɸ ɩɪɨɰɟɞɭɪɭ ɜɪɭɱɧɭɸ ɞɥɹ ɩɨɜɬɨɪɧɨɣ ɭɫɬɚɧɨɜɤɢ ɩɪɢɥɨɠɟɧɢɹ. Ʉɪɨɦɟ ɬɨɝɨ, ɩɪɢɥɨɠɟɧɢɟ, ɤɨɬɨɪɨɟ ɛɵɥɨ ɭɫɬɚɧɨɜɥɟɧɨ ɫ ɩɨɦɨɳɶɸ ɮɚɣɥɚ .zap, ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɥɟɝɤɨ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɨ ɢɥɢ ɢɫɩɪɚɜɥɟɧɨ. ɂɡ-ɡɚ ɩɟɪɟɱɢɫɥɟɧɧɵɯ ɧɟɞɨɫɬɚɬɤɨɜ ɬɟɯɧɨɥɨɝɢɹ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦ ɢɦɟɟɬ ɨɝɪɚɧɢɱɟɧɧɭɸ ɩɪɢɝɨɞɧɨɫɬɶ ɢ ɞɨɥɠɧɚ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɬɨɥɶɤɨ ɬɨɝɞɚ, ɤɨɝɞɚ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ ɩɪɨɫɬɨɟ ɩɪɢɥɨɠɟɧɢɟ, ɤɨɬɨɪɨɟ ɜɪɹɞ ɥɢ ɛɭɞɟɬ ɨɛɧɨɜɥɹɬɶɫɹ.
ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ ɦɨɠɧɨ ɢɡɦɟɧɢɫɶ ɟɝɨ ɫɜɨɣɫɬɜɚ. Ⱦɥɹ ɷɬɨɝɨ ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɩɚɤɟɬɟ ɢ ɜɵɛɟɪɢɬɟ Properties. ɇɚ ɪɢɫɭɧɤɟ 12-2 ɩɨɤɚɡɚɧɚ ɜɤɥɚɞɤɚ Deployment (Ɋɚɡɜɟɪɬɵɜɚɧɢɟ). ȼ ɬɚɛɥɢɰɟ 12-1 ɨɩɢɫɚɧɵ ɨɩɰɢɢ ɨɤɧɚ Properties. . 12-1.
ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ
Ɉɛɴɹɫɧɟɧɢɟ
Deployment Type (Ɍɢɩ ɪɚɡɜɟɪɬɵɜɚɧɢɹ) Auto-Install This Application By File Extension Activation (Ⱥɜɬɨɦɚɬɢɱɟɫɤɢ ɭɫɬɚɧɨɜɢɬɶ ɷɬɨ ɩɪɢɥɨɠɟɧɢɟ ɩɭɬɟɦ ɚɤɬɢɜɚɰɢɢ ɪɚɫɲɢɪɟɧɢɹ ɮɚɣɥɚ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɤɚɡɚɧɢɹ ɬɨɝɨ, ɤɚɤ ɩɪɢɥɨɠɟɧɢɟ ɛɭɞɟɬ ɩɭɛɥɢɤɨɜɚɬɶɫɹ ɞɥɹ ɤɥɢɟɧɬɨɜ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɜɤɥɸɱɟɧɢɹ ɢɥɢ ɛɥɨɤɢɪɨɜɤɢ ɮɭɧɤɰɢɢ, ɭɫɬɚɧɚɜɥɢɜɚɸɳɟɣ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɨɬɤɪɵɜɚɟɬ ɮɚɣɥ ɫ ɨɩɪɟɞɟɥɟɧɧɵɦ ɪɚɫɲɢɪɟɧɢɟɦ. ɗɬɚ ɨɩɰɢɹ ɧɟɞɨɫɬɭɩɧɚ, ɟɫɥɢ ɜɵ ɧɚɡɧɚɱɚɟɬɟ ɩɪɢɥɨɠɟɧɢɟ.
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɫɢɬɭɚɰɢɟɣ, ɤɨɝɞɚ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɛɨɥɟɟ ɧɟ ɩɪɢɦɟɧɹɟɬɫɹ ɤ ɩɨɥɶɡɨɜɚɬɟɥɸ ɢɥɢ ɤɨɦɩɶɸɬɟɪɭ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɫɜɹɡɚɧɚ ɫ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɤɚɤɨɣ-ɥɢɛɨ OU, ɜɵɛɨɪ ɷɬɨɣ ɨɩɰɢɢ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɩɪɢɥɨɠɟɧɢɟ ɛɭɞɟɬ ɞɟɢɧɫɬɚɥɥɢɪɨɜɚɬɶɫɹ, ɟɫɥɢ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɩɟɪɟɦɟɫɬɢɬɫɹ ɢɡ ɷɬɨɣ ɨɪɝɚɧɢɡɚɰɢɨɧɧɨɣ ɟɞɢɧɢɰɵ. Do Not Display This Package In ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɨɬɨɛɪɚɠɟɧɢɟɦ The Add/ Remove Programs ɩɪɢɥɨɠɟɧɢɹ ɜ ɩɚɧɟɥɢ ɭɩɪɚɜɥɟɧɢɹ Add/ Remove Control Panel (He ɨɬɨɛɪɚɠɚɬɶ Programs (Ⱦɨɛɚɜɥɟɧɢɟ/ɍɞɚɥɟɧɢɟ ɩɪɨɝɪɚɦɦ). ɷɬɨɬ ɩɚɤɟɬ ɜ ɩɚɧɟɥɢ ɭɩɪɚɜɥɟɧɢɹ Add/Remove Programs ) Uninstall This Application When It Falls Out Of The Scope Of Manage ment (Ⱦɟɢɧɫɬɚɥɥɢɪɨɜɚɬɶ ɩɪɢɥɨɠɟɧɢɟ, ɤɨɝɞɚ ɨɧɨ ɜɵɯɨɞɢɬ ɢɡ ɤɨɧɬɟɤɫɬɚ ɭɩɪɚɜɥɟɧɢɹ )
Install This Application At Logon ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɨɥɧɨɣ ɭɫɬɚɧɨɜɤɢ (ɍɫɬɚɧɨɜɢɬɶ ɷɬɨ ɩɪɢɥɨɠɟɧɢɟ ɩɪɢɥɨɠɟɧɢɹ ɩɪɢ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɢɫɬɟɦɭ ɩɪɢ ɜɯɨɞɟ ɜ ɫɢɫɬɟɦɭ) ɜɦɟɫɬɨ ɬɨɝɨ, ɱɬɨɛɵ ɨɠɢɞɚɬɶ ɢɧɢɰɢɚɰɢɸ ɢɧɫɬɚɥɥɹɰɢɢ ɩɨɥɶɡɨɜɚɬɟɥɟɦ. ɗɬɚ ɨɩɰɢɹ ɧɟɞɨɫɬɭɩɧɚ, ɤɨɝɞɚ ɩɪɢɥɨɠɟɧɢɟ ɨɩɭɛɥɢɤɨɜɚɧɨ. Installation User Interface ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɬɟɦ, ɤɚɤɚɹ Options (Ɉɩɰɢɢ ɢɧɮɨɪɦɚɰɢɹ ɛɭɞɟɬ ɨɬɨɛɪɚɠɚɬɶɫɹ ɩɪɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɢɧɬɟɪɮɟɣɫɚ ɭɫɬɚɧɨɜɤɟ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ȼɵɛɨɪ ɜɨ ɜɪɟɦɹ ɢɧɫɬɚɥɥɹɰɢɢ) ɨɩɰɢɢ Basic (Ɉɫɧɨɜɧɨɣ) ɨɡɧɚɱɚɟɬ, ɱɬɨ ɛɭɞɭɬ ɨɬɨɛɪɚɠɟɧɵ ɬɨɥɶɤɨ ɫɨɨɛɳɟɧɢɹ ɨɛ ɨɲɢɛɤɚɯ ɢ ɨ ɡɚɜɟɪɲɟɧɢɢ ɢɧɫɬɚɥɥɹɰɢɢ. ȼɵɛɨɪ ɨɩɰɢɢ Maximum (Ɇɚɤɫɢɦɭɦ) ɨɡɧɚɱɚɟɬ ɨɬɨɛɪɚɠɟɧɢɟ ɜɫɟɯ ɷɤɪɚɧɨɜ ɭɫɬɚɧɨɜɤɢ ɩɪɨɝɪɚɦɦɵ. Advanced (Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɨɩɰɢɢ) ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. Ɉɩɰɢɢ ɜɤɥɸɱɚɸɬ ɢɧɫɬɚɥɥɢɪɨɜɚɧɢɟ 32-ɛɢɬɧɵɯ ɩɪɢɥɨɠɟɧɢɣ ɜ 64ɛɢɬɧɵɯ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦɚɯ, ɭɫɬɚɧɨɜɤɭ ɩɪɢɥɨɠɟɧɢɹ, ɞɚɠɟ ɟɫɥɢ ɨɧɨ ɢɫɩɨɥɶɡɭɟɬ ɹɡɵɤ, ɨɬɥɢɱɚɸɳɢɣɫɹ ɨɬ ɹɡɵɤɚ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ ɚɞɪɟɫɚɬɚ, ɢ ɜɤɥɸɱɟɧɢɟ ɜ ɩɚɤɟɬ ɋɈɆɤɨɦɩɨɧɟɧɬ, ɱɬɨɛɵ ɤɥɢɟɧɬ ɦɨɝ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɤɨɦɩɨɧɟɧɬɵ ɢɡ Active Directory (ɫɦ. ɪɢɫ. 12-3).
. 12-2.
. 12-3. )
Advanced Deployment Options ( ,
Ʉɨɝɞɚ ɜɵ ɝɨɬɨɜɢɬɟɫɶ ɭɫɬɚɧɨɜɢɬɶ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ, ɢɫɩɨɥɶɡɭɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ, ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɚɪɚɦɟɬɪɵ, ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɞɥɹ ɜɫɟɯ ɩɚɤɟɬɨɜ ɩɪɨɝɪɚɦɦ, ɪɚɡɜɟɪɬɵɜɚɟɦɵɯ ɫ ɩɨɦɨɳɶɸ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɨɛɴɟɤɬɚ GPO. Ɉɬɤɪɨɣɬɟ ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɟ ɨɤɧɨ, ɳɟɥɤɧɭɜ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɤɨɧɬɟɣɧɟɪɟ Software Installation (ɂɧɫɬɚɥɥɹɰɢɹ ɩɪɨɝɪɚɦɦ) ɢ ɜɵɛɪɚɜ Properties (ɋɜɨɣɫɬɜɚ) (ɫɦ. ɪɢɫ. 12-4).
. 12-4.
,
ȼɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɷɬɭ ɩɪɨɰɟɞɭɪɭ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɨɩɰɢɣ, ɨɬɨɛɪɚɠɚɟɦɵɯ ɩɪɢ ɫɨɡɞɚɧɢɢ ɧɨɜɨɝɨ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ ɫ ɞɚɧɧɵɦ ɨɛɴɟɤɬɨɦ GPO. Ɇɨɠɧɨ ɭɫɬɚɧɨɜɢɬɶ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɯ ɮɚɣɥɨɜ ɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɢɧɫɬɚɥɥɹɰɢɨɧɧɨɝɨ ɢɧɬɟɪɮɟɣɫɚ ɩɨɥɶɡɨɜɚɬɟɥɹ.
ɂɧɨɝɞɚ ɤɨɦɩɚɧɢɢ ɦɨɠɟɬ ɩɨɧɚɞɨɛɢɬɶɫɹ ɧɚɫɬɪɨɣɤɚ ɢɧɫɬɚɥɥɹɰɢɢ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ, ɞɚɠɟ ɟɫɥɢ ɨɧ ɩɨɫɬɚɜɥɹɟɬɫɹ ɫ «ɪɨɞɧɵɦ» ɩɚɤɟɬɨɦ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows. ɇɚɩɪɢɦɟɪ, ɬɪɟɛɭɟɬɫɹ ɫɨɡɞɚɬɶ ɧɚɫɬɪɨɟɧɧɭɸ ɢɧɫɬɚɥɥɹɰɢɸ ɫɜɨɟɝɨ ɩɪɢɥɨɠɟɧɢɹ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɨɝɨ ɞɥɹ ɨɛɪɚɛɨɬɤɢ ɬɟɤɫɬɨɜ, ɱɬɨɛɵ ɜɤɥɸɱɢɬɶ ɜ ɧɟɝɨ ɫɨɛɫɬɜɟɧɧɵɟ ɫɥɨɜɚɪɢ ɢɥɢ ɲɚɛɥɨɧɵ. ɂɥɢ ɧɚɫɬɪɨɢɬɶ ɢɧɫɬɚɥɥɹɰɢɸ ɩɪɢɥɨɠɟɧɢɹ Microsoft Office, ɱɬɨɛɵ ɧɚ ɤɚɠɞɨɦ ɪɚɛɨɱɟɦ ɫɬɨɥɟ ɭɫɬɚɧɚɜɥɢɜɚɥɢɫɶ ɬɨɥɶɤɨ Microsoft Word ɢ Microsoft Excel, ɚ ɩɨɥɧɵɣ ɩɚɤɟɬ ɪɚɡɜɟɪɬɵɜɚɥɫɹ ɥɢɲɶ ɞɥɹ ɨɩɪɟɞɟɥɟɧɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ȿɫɥɢ ɜɵ ɪɚɛɨɬɚɟɬɟ ɜ ɦɟɠɞɭɧɚɪɨɞɧɨɣ ɤɨɦɩɚɧɢɢ, ɜɚɦ ɩɨɬɪɟɛɭɟɬɫɹ ɪɚɡɜɟɪɧɭɬɶ ɨɞɧɨ ɢ ɬɨ ɠɟ ɩɪɢɥɨɠɟɧɢɟ ɧɚ ɧɟɫɤɨɥɶɤɢɯ ɹɡɵɤɚɯ. ȼɵ ɦɨɠɟɬɟ ɧɚɫɬɪɨɢɬɶ ɢɧɫɬɚɥɥɹɰɢɸ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ, ɫɨɡɞɚɜɚɹ ɮɚɣɥ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ (.mst). ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɮɚɣɥɭ .msi ɮɚɣɥ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ ɫɨɞɟɪɠɢɬ ɤɨɦɚɧɞɵ ɧɚɫɬɪɨɣɤɢ ɢɧɫɬɚɥɥɹɰɢɢ. ɋɚɦɵɣ ɥɟɝɤɢɣ ɫɩɨɫɨɛ ɫɨɡɞɚɧɢɹ ɮɚɣɥɚ .mst ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɫɩɟɰɢɚɥɶɧɨ ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɷɬɨɝɨ ɢɧɫɬɪɭɦɟɧɬɨɜ, ɟɫɥɢ ɨɧɢ ɩɪɟɞɨɫɬɚɜɥɟɧɵ ɢɡɝɨɬɨɜɢɬɟɥɟɦ ɩɪɨɝɪɚɦɦɵ. ɇɚɩɪɢɦɟɪ, Microsoft ɜɤɥɸɱɚɟɬ Custom Installation Wizard (Ɇɚɫɬɟɪ ɜɵɛɨɪɨɱɧɨɣ ɢɧɫɬɚɥɥɹɰɢɢ) ɜ ɤɨɦɩɥɟɤɬɵ ɪɟɫɭɪɫɨɜ Microsoft Office 2000 Resource Kit ɢ Microsoft Office XP Resource Kit. ɉɨɫɥɟ ɡɚɩɭɫɤɚ ɦɚɫɬɟɪɚ ɧɭɠɧɨ ɜɵɛɪɚɬɶ ɮɚɣɥ .msi, ɢɦɹ ɢ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɮɚɣɥɚ .mst. Ɍɨɝɞɚ ɦɚɫɬɟɪ ɩɪɟɞɫɬɚɜɥɹɟɬ ɜɫɟ ɨɩɰɢɢ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɟ ɞɥɹ ɧɚɫɬɪɨɣɤɢ ɡɚɞɚɧɧɨɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ȼɵ ɦɨɠɟɬɟ ɧɚɫɬɪɨɢɬɶ ɩɪɚɤɬɢɱɟɫɤɢ ɤɚɠɞɵɣ ɚɫɩɟɤɬ ɢɧɫɬɚɥɥɹɰɢɢ, ɜɤɥɸɱɚɹ ɭɞɚɥɟɧɢɟ ɩɪɟɞɵɞɭɳɢɯ ɜɟɪɫɢɣ Microsoft Office, ɜɵɛɨɪ ɭɫɬɚɧɚɜɥɢɜɚɟɦɵɯ ɤɨɦɩɨɧɟɧɬ ɢ ɦɟɫɬɨ ɭɫɬɚɧɨɜɤɢ ɤɨɦɩɨɧɟɧɬɨɜ. Ɇɨɠɧɨ ɩɟɪɟɧɨɫɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɟɫɥɢ ɢɧɫɬɚɥɥɹɰɢɹ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɨɛɧɨɜɥɟɧɢɟ ɫɭɳɟɫɬɜɭɸɳɟɝɨ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɢɥɢ ɜɵɛɨɪɨɱɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɟɪɫɨɧɚɥɶɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɢ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ. Ɇɨɠɧɨ ɞɨɛɚɜɥɹɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɮɚɣɥɵ ɤ ɢɧɫɬɚɥɥɹɰɢɢ (ɧɚɩɪɢɦɟɪ, ɫɨɛɫɬɜɟɧɧɵɟ ɲɚɛɥɨɧɵ), ɋɨɡɞɚɜɚɬɶ ɢɥɢ ɭɞɚɥɹɬɶ ɤɥɸɱɢ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ, ɞɨɛɚɜɥɹɬɶ ɢɥɢ ɭɞɚɥɹɬɶ ɹɪɥɵɤɢ ɤ ɩɪɢɥɨɠɟɧɢɹɦ Microsoft Office ɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɷɥɟɤɬɪɨɧɧɨɣ ɩɨɱɬɵ ɤɥɢɟɧɬɚ. ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ ɮɚɣɥɚ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ ɧɭɠɧɨ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɜɵɛɨɪɨɱɧɨɣ ɢɧɫɬɚɥɥɹɰɢɢ. Ⱦɥɹ ɷɬɨɝɨ ɩɪɢ ɜɵɛɨɪɟ ɦɟɬɨɞɚ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ Advanced (Ⱦɨɩɨɥɧɢɬɟɥɶɧɨ) ɞɥɹ ɞɨɛɚɜɥɟɧɢɹ ɮɚɣɥɚ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ, ɩɪɟɠɞɟ ɱɟɦ ɫɨɡɞɚɧɢɟ ɩɚɤɟɬɚ ɛɭɞɟɬ ɡɚɤɨɧɱɟɧɨ. ȼ ɨɤɧɟ Properties (ɋɜɨɣɫɬɜɚ) ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ ɜɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Modifications
(Ɇɨɞɢɮɢɤɚɰɢɢ), ɚ ɡɚɬɟɦ ɞɨɛɚɜɶɬɟ ɮɚɣɥɵ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ. ɇɚ ɪɢɫɭɧɤɟ 12-5 ɩɨɤɚɡɚɧɚ ɜɤɥɚɞɤɚ Modifications.
. 12-5.
Ʉɨɝɞɚ ɜɵ ɩɪɢɦɟɧɹɟɬɟ ɤ ɩɚɤɟɬɭ ɩɪɨɝɪɚɦɦ ɮɚɣɥ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ, ɜɫɟ ɤɥɢɟɧɬɵ, ɢɧɫɬɚɥɥɢɪɭɸɳɢɟ ɩɪɢɥɨɠɟɧɢɟ ɜ ɩɪɟɞɟɥɚɯ ɨɛɴɟɤɬɚ GPO, ɭɫɬɚɧɨɜɹɬ ɧɚɫɬɪɨɟɧɧɭɸ ɜɟɪɫɢɸ. ɋ ɩɚɤɟɬɨɦ ɩɪɨɝɪɚɦɦ ɦɨɠɧɨ ɜɤɥɸɱɚɬɶ ɧɟɫɤɨɥɶɤɨ ɮɚɣɥɨɜ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɮɚɣɥɵ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ ɩɪɢɦɟɧɹɸɬɫɹ, ɧɚɱɢɧɚɹ ɫ ɜɟɪɲɢɧɵ ɫɩɢɫɤɚ, ɬ.ɟ. ɬɟ ɮɚɣɥɵ, ɤɨɬɨɪɵɟ ɩɪɢɦɟɧɹɸɬɫɹ ɜ ɢɧɫɬɚɥɥɹɰɢɨɧɧɨɦ ɩɪɨɰɟɫɫɟ ɩɨɡɠɟ, ɦɨɝɭɬ ɡɚɩɢɫɵɜɚɬɶɫɹ ɩɨɜɟɪɯ ɛɨɥɟɟ ɪɚɧɧɢɯ ɦɨɞɢɮɢɤɚɰɢɣ.
ȿɳɟ ɨɞɧɚ ɩɨɥɟɡɧɚɹ ɮɭɧɤɰɢɹ, ɞɨɫɬɭɩɧɚɹ ɩɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɩɪɟɞɧɚɡɧɚɱɟɧɚ ɞɥɹ ɨɛɧɨɜɥɟɧɢɹ ɫɭɳɟɫɬɜɭɸɳɟɝɨ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ. ɂɦɟɟɬɫɹ ɞɜɚ ɫɩɨɫɨɛɚ ɨɛɧɨɜɥɟɧɢɹ: ɜɧɟɫɟɧɢɟ ɢɫɩɪɚɜɥɟɧɢɣ (ɡɚɩɥɚɬɨɤ) ɢɥɢ ɭɫɬɚɧɨɜɤɚ ɫɟɪɜɢɫɧɨɝɨ ɩɚɤɟɬɚ (service pack) ɧɚ ɫɭɳɟɫɬɜɭɸɳɟɟ ɩɪɢɥɨɠɟɧɢɟ ɢ ɨɛɧɨɜɥɟɧɢɟ ɩɪɢɥɨɠɟɧɢɹ ɞɨ ɧɨɜɨɣ ɜɟɪɫɢɢ. ȿɫɥɢ ɭ ɜɚɫ ɪɚɛɨɬɚɟɬ Microsoft Office 2000, ɬɨ ɭɫɬɚɧɨɜɤɚ ɩɚɤɟɬɚ Service Release I for Office 2000 ɹɜɥɹɟɬɫɹ ɩɪɢɦɟɪɨɦ ɩɟɪɜɨɝɨ ɬɢɩɚ ɦɨɞɢɮɢɤɚɰɢɢ, ɚ ɢɧɫɬɚɥɥɹɰɢɹ ɩɪɨɝɪɚɦɦɵ Office XP ɞɚɟɬ ɩɪɢɦɟɪ ɜɬɨɪɨɝɨ ɬɢɩɚ. ɗɬɢ ɦɟɬɨɞɵ ɨɛɧɨɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɬɪɟɛɭɸɬ ɩɪɢɦɟɧɟɧɢɹ ɪɚɡɥɢɱɧɵɯ ɩɪɨɰɟɞɭɪ. ȿɫɥɢ ɜɵ ɩɪɢɦɟɧɹɟɬɟ ɡɚɩɥɚɬɤɢ (patch file) ɢɥɢ ɫɟɪɜɢɫɧɵɣ ɩɚɤɟɬ ɤ ɫɭɳɟɫɬɜɭɸɳɟɦɭ ɩɪɢɥɨɠɟɧɢɸ, ɫɧɚɱɚɥɚ ɧɭɠɧɨ ɩɨɥɭɱɢɬɶ ɮɚɣɥ .msi ɢɥɢ patch-ɮɚɣɥ (.msp) ɞɥɹ ɨɛɧɨɜɥɟɧɧɨɝɨ ɩɪɢɥɨɠɟɧɢɹ. (ȼ ɢɞɟɚɥɶɧɨɦ ɫɥɭɱɚɟ ɷɬɨɬ ɮɚɣɥ ɩɨɫɬɚɜɥɹɟɬɫɹ ɢɡɝɨɬɨɜɢɬɟɥɟɦ ɩɪɨɝɪɚɦɦɵ, ɧɨ ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɫɜɨɣ ɫɨɛɫɬɜɟɧɧɵɣ.) ɋɤɨɩɢɪɭɣɬɟ ɧɨɜɵɣ ɮɚɣɥ .msi ɢ ɞɪɭɝɢɟ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɟ ɮɚɣɥɵ ɜ ɬɭ ɠɟ ɫɚɦɭɸ ɩɚɩɤɭ, ɜ ɤɨɬɨɪɨɣ ɧɚɯɨɞɢɬɫɹ ɨɪɢɝɢɧɚɥɶɧɵɣ ɮɚɣɥ .msi, ɡɚɩɢɫɵɜɚɹ ɥɸɛɵɟ ɞɭɛɥɢɪɨɜɚɧɧɵɟ ɮɚɣɥɵ ɩɨɜɟɪɯ ɫɬɚɪɵɯ. Ɂɚɬɟɦ ɩɨɜɬɨɪɧɨ ɪɚɡɜɟɪɧɢɬɟ ɩɪɢɥɨɠɟɧɢɟ. ɑɬɨɛɵ ɷɬɨ ɫɞɟɥɚɬɶ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɩɚɤɟɬɟ ɩɪɨɝɪɚɦɦ ɜ ɪɟɞɚɤɬɨɪɟ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɜɵɞɟɥɢɬɟ All Tasks (ȼɫɟ ɡɚɞɚɱɢ), ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ Redeploy Application (ɉɨɜɬɨɪɧɨ ɪɚɡɜɟɪɧɭɬɶ ɩɪɢɥɨɠɟɧɢɟ). ɉɚɤɟɬ ɩɪɨɝɪɚɦɦ ɛɭɞɟɬ ɩɨɜɬɨɪɧɨ ɪɚɡɜɟɪɧɭɬ ɞɥɹ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɤɨɦɩɶɸɬɟɪɨɜ, ɧɚɯɨɞɹɳɢɯɫɹ ɩɨɞ ɭɩɪɚɜɥɟɧɢɟɦ ɷɬɨɣ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. ɉɪɢ ɨɛɧɨɜɥɟɧɢɢ ɫɭɳɟɫɬɜɭɸɳɟɝɨ ɩɪɢɥɨɠɟɧɢɹ ɞɨ ɧɨɜɨɣ ɜɟɪɫɢɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɜɚɦ ɩɨɬɪɟɛɭɟɬɫɹ ɞɪɭɝɨɣ ɩɨɞɯɨɞ. ɇɭɠɧɨ ɛɭɞɟɬ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɩɪɢɥɨɠɟɧɢɹ. Ɂɚɬɟɦ ɦɨɠɧɨ ɨɛɪɚɬɢɬɶɫɹ ɤ ɫɜɨɣɫɬɜɚɦ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ ɧɨɜɨɝɨ ɩɪɢɥɨɠɟɧɢɹ ɢ ɜɵɛɪɚɬɶ ɜɤɥɚɞɤɭ Upgrades (Ɉɛɧɨɜɥɟɧɢɹ). ɂɫɩɨɥɶɡɭɹ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɩɪɟɞɫɬɚɜɥɟɧɧɵɟ ɧɚ ɷɬɨɣ ɜɤɥɚɞɤɟ, ɫɨɡɞɚɣɬɟ ɫɫɵɥɤɭ ɧɚ ɫɭɳɟɫɬɜɭɸɳɢɣ ɩɚɤɟɬ ɜ ɧɨɜɨɦ ɩɚɤɟɬɟ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ɓɟɥɤɧɭɜ ɧɚ ɤɧɨɩɤɟ Add (Ⱦɨɛɚɜɢɬɶ) ɜɨ ɜɤɥɚɞɤɟ Upgrades, ɜɵɛɟɪɢɬɟ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ, ɤɨɬɨɪɵɣ ɛɭɞɟɬ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧ ɫ ɩɨɦɨɳɶɸ ɧɨɜɨɝɨ ɩɚɤɟɬɚ. ȼɵ ɫɦɨɠɟɬɟ ɬɚɤɠɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ, ɞɨɥɠɧɨ ɥɢ ɫɬɚɪɨɟ ɩɪɢɥɨɠɟɧɢɟ ɞɟɢɧɫɬɚɥɥɢɪɨɜɚɬɶɫɹ, ɩɪɟɠɞɟ ɱɟɦ ɛɭɞɟɬ ɭɫɬɚɧɨɜɥɟɧɨ ɧɨɜɨɟ ɩɪɢɥɨɠɟɧɢɟ. ɇɚ ɪɢɫɭɧɤɟ 12-6 ɩɨɤɚɡɚɧ ɩɪɢɦɟɪ ɨɛɧɨɜɥɟɧɢɹ ɩɪɢɥɨɠɟɧɢɹ Office 2000.
. 12-6.
Ʉɨɝɞɚ ɫɜɹɡɶ ɫ ɨɛɧɨɜɥɟɧɢɟɦ ɫɨɡɞɚɧɚ, ɜɤɥɚɞɤɚ Upgrades ɩɨɤɚɡɵɜɚɟɬ ɧɨɜɭɸ ɢɧɮɨɪɦɚɰɢɸ (ɫɦ. ɪɢɫ. 127). ɋ ɩɨɦɨɳɶɸ ɜɤɥɚɞɤɢ Upgrades ɦɨɠɧɨ ɫɞɟɥɚɬɶ ɷɬɨ ɨɛɧɨɜɥɟɧɢɟ ɨɛɹɡɚɬɟɥɶɧɵɦ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɜɫɟ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ, ɪɚɫɩɪɟɞɟɥɟɧɧɨɟ ɩɪɟɞɵɞɭɳɢɦ ɨɛɴɟɤɬɨɦ GPO, ɛɭɞɟɬ ɨɛɧɨɜɥɟɧɨ ɜɨ ɜɪɟɦɹ ɫɥɟɞɭɸɳɟɣ ɩɟɪɟɡɚɝɪɭɡɤɢ ɤɨɦɩɶɸɬɟɪɚ ɢɥɢ ɩɪɢ ɫɥɟɞɭɸɳɟɦ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɢɫɬɟɦɭ. ȿɫɥɢ ɨɛɧɨɜɥɟɧɢɟ ɧɟ ɫɞɟɥɚɬɶ ɨɛɹɡɚɬɟɥɶɧɵɦ, ɩɨɥɶɡɨɜɚɬɟɥɶ ɫɦɨɠɟɬ ɜɵɛɢɪɚɬɶ ɜɪɟɦɹ ɭɫɬɚɧɨɜɤɢ ɧɨɜɨɝɨ ɩɪɢɥɨɠɟɧɢɹ, ɚɤɬɢɜɢɡɢɪɭɹ ɩɪɢɥɨɠɟɧɢɟ ɜ ɦɟɧɸ Start (ɉɭɫɤ) ɢɥɢ ɱɟɪɟɡ ɩɚɧɟɥɶ ɭɩɪɚɜɥɟɧɢɹ Add Or Remove Programs (ɍɫɬɚɧɨɜɤɚ ɢ ɭɞɚɥɟɧɢɟ ɩɪɨɝɪɚɦɦ). ȿɫɥɢ ɞɥɹ ɩɚɤɟɬɚ ɨɛɧɨɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɢ ɞɥɹ ɧɚɱɚɥɶɧɨɝɨ ɩɪɢɥɨɠɟɧɢɹ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɨɞɢɧ ɢ ɬɨɬ ɠɟ ɨɛɴɟɤɬ GPO, ɬɨ ɩɟɪɜɨɧɚɱɚɥɶɧɵɣ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ ɩɨɤɚɠɟɬ, ɱɬɨ ɧɨɜɵɣ ɩɚɤɟɬ ɟɝɨ ɦɨɞɟɪɧɢɡɢɪɭɟɬ. . , , , , , . , . , . , . , , , , , , , . , .
. 12-7.
Upgrades
Properties (
)
ȼ ɛɨɥɶɲɨɣ ɨɪɝɚɧɢɡɚɰɢɢ ɦɨɠɧɨ ɪɚɡɜɟɪɧɭɬɶ ɦɧɨɠɟɫɬɜɨ ɩɪɢɥɨɠɟɧɢɣ, ɢɫɩɨɥɶɡɭɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ. ȿɫɥɢ ɜɵ ɡɚɯɨɬɢɬɟ ɨɩɭɛɥɢɤɨɜɚɬɶ ɛɨɥɶɲɢɧɫɬɜɨ ɷɬɢɯ ɩɪɢɥɨɠɟɧɢɣ ɧɚ ɜɟɪɯɧɟɦ ɭɪɨɜɧɟ ɜ ɢɟɪɚɪɯɢɢ ɞɨɦɟɧɚ, ɝɞɟ ɨɛɴɟɤɬ GPO ɩɪɢɦɟɧɹɟɬɫɹ ɤ ɛɨɥɶɲɢɧɫɬɜɭ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɬɨ ɩɨɥɶɡɨɜɚɬɟɥɢ ɛɭɞɭɬ ɜɢɞɟɬɶ ɞɥɢɧɧɵɣ ɫɩɢɫɨɤ ɞɨɫɬɭɩɧɵɯ ɩɪɢɥɨɠɟɧɢɣ, ɨɬɤɪɵɜɚɹ ɩɚɧɟɥɶ ɭɩɪɚɜɥɟɧɢɹ Add Or Remove Programs, ɱɬɨ ɦɨɠɟɬ ɩɪɢɜɟɫɬɢ ɤ ɡɚɦɟɲɚɬɟɥɶɫɬɜɭ. ɑɬɨɛɵ ɫɜɟɫɬɢ ɟɝɨ ɤ ɦɢɧɢɦɭɦɭ, ɢɫɩɨɥɶɡɭɣɬɟ ɩɪɨɝɪɚɦɦɧɵɟ ɤɚɬɟɝɨɪɢɢ, ɞɚɸɳɢɟ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɛɨɥɟɟ ɩɪɨɫɬɨɟ ɩɪɟɞɫɬɚɜɥɟɧɢɟ ɨ ɬɟɯ ɩɪɢɥɨɠɟɧɢɹɯ, ɤɨɬɨɪɵɟ ɨɧɢ ɦɨɝɭɬ ɭɫɬɚɧɨɜɢɬɶ. ɋ ɩɨɦɨɳɶɸ ɩɪɨɝɪɚɦɦɧɵɯ ɤɚɬɟɝɨɪɢɣ ɦɨɠɧɨ ɩɪɟɞɫɬɚɜɥɹɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ ɫɝɪɭɩɩɢɪɨɜɚɧɧɵɟ ɫɩɢɫɤɢ ɩɪɢɥɨɠɟɧɢɣ. ɇɚɩɪɢɦɟɪ, ɧɚ ɪɢɫɭɧɤɟ 12-8 ɩɨɤɚɡɚɧɨ, ɱɬɨ ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɤɚɬɟɝɨɪɢɸ ɞɥɹ ɤɚɠɞɨɣ ɝɪɭɩɩɵ ɞɟɥɨɜɵɯ ɩɪɢɥɨɠɟɧɢɣ. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɚɯɨɞɢɬɫɹ ɜ ɩɨɞɪɚɡɞɟɥɟɧɢɢ Administration (Ⱥɞɦɢɧɢɫɬɪɚɰɢɹ), ɨɧ ɦɨɠɟɬ ɜɵɛɪɚɬɶ ɤɚɬɟɝɨɪɢɸ Administration ɢ ɛɪɚɬɶ ɨɬɬɭɞɚ ɩɪɢɥɨɠɟɧɢɹ ɞɥɹ ɢɧɫɬɚɥɥɹɰɢɢ. Active Directory Windows Server 2003 ɩɨɫɬɚɜɥɹɟɬɫɹ ɛɟɡ ɤɚɤɢɯ-ɥɢɛɨ ɩɪɟɞɨɩɪɟɞɟɥɟɧɧɵɯ ɩɪɨɝɪɚɦɦɧɵɯ ɤɚɬɟɝɨɪɢɣ, ɬɚɤ ɱɬɨ ɦɨɠɧɨ ɫɨɡɞɚɬɶ ɥɸɛɵɟ. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɤɚɬɟɝɨɪɢɸ, ɨɬɤɪɨɣɬɟ ɥɸɛɨɣ ɫɭɳɟɫɬɜɭɸɳɢɣ ɨɛɴɟɤɬ GPO, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ Software Installation (ɂɧɫɬɚɥɥɹɰɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ) ɜ ɪɚɡɞɟɥɟ Computer Configuration ɢɥɢ User Configuration, ɜɵɛɟɪɢɬɟ Properties, ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ Categories (Ʉɚɬɟɝɨɪɢɢ) (ɫɦ. ɪɢɫ. 12-9). ɉɪɨɝɪɚɦɦɧɵɟ ɤɚɬɟɝɨɪɢɢ ɩɪɢɦɟɧɹɸɬɫɹ ɧɟ ɤ ɢɧɞɢɜɢɞɭɚɥɶɧɵɦ GPO-ɨɛɴɟɤɬɚɦ, ɚ ɤɨ ɜɫɟɦ GPO-ɨɛɴɟɤɬɚɦ ɜ ɞɨɦɟɧɟ. ɉɨɫɥɟ ɫɨɡɞɚɧɢɹ ɩɪɨɝɪɚɦɦɧɵɯ ɤɚɬɟɝɨɪɢɣ ɜɵ ɦɨɠɟɬɟ ɫɜɹɡɵɜɚɬɶ ɤɚɠɞɵɣ ɢɡ ɩɚɤɟɬɨɜ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɫ ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɣ ɤɚɬɟɝɨɪɢɟɣ.
. 12-8.
Add Or Remove Programs
. 12-9.
GPO-
Ɉɞɧɢɦ ɢɡ ɫɪɟɞɫɬɜ, ɫ ɩɨɦɨɳɶɸ ɤɨɬɨɪɵɯ ɩɨɥɶɡɨɜɚɬɟɥɶ ɦɨɠɟɬ ɧɚɱɚɬɶ ɢɧɫɬɚɥɥɹɰɢɸ ɩɪɢɥɨɠɟɧɢɹ, ɹɜɥɹɟɬɫɹ ɚɤɬɢɜɚɰɢɹ ɪɚɫɲɢɪɟɧɢɹ ɮɚɣɥɚ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɫ ɤɚɠɞɵɦ ɨɩɪɟɞɟɥɟɧɧɵɦ ɪɚɫɲɢɪɟɧɢɟɦ ɮɚɣɥɚ ɫɜɹɡɚɧɨ ɬɨɥɶɤɨ ɨɞɧɨ ɩɪɢɥɨɠɟɧɢɟ. Ɉɞɧɚɤɨ ɜ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɦɨɠɧɨ ɢɦɟɬɶ ɛɨɥɟɟ ɨɞɧɨɝɨ ɩɪɢɥɨɠɟɧɢɹ. ɇɚɩɪɢɦɟɪ, ɨɛɧɨɜɢɬɶ Word 2000 ɞɨ Word XP ɢ ɜ ɬɟɱɟɧɢɟ ɧɟɫɤɨɥɶɤɢɯ ɦɟɫɹɰɟɜ ɞɟɪɠɚɬɶ ɨɛɟ ɜɟɪɫɢɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɞɨɫɬɭɩɧɵɦɢ ɞɥɹ ɢɧɫɬɚɥɥɹɰɢɢ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ, ɤɚɤɚɹ ɢɡ ɞɜɭɯ ɜɟɪɫɢɣ ɩɪɢɥɨɠɟɧɢɹ ɛɭɞɟɬ ɭɫɬɚɧɚɜɥɢɜɚɬɶɫɹ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɚɱɧɟɬ ɟɝɨ ɭɫɬɚɧɨɜɤɭ ɱɟɪɟɡ ɚɤɬɢɜɚɰɢɸ ɪɚɫɲɢɪɟɧɢɹ ɮɚɣɥɚ. Ⱦɥɹ ɷɬɨɝɨ ɜ ɪɟɞɚɤɬɨɪɟ Group Policy Object Editor ɨɛɪɚɬɢɬɟɫɶ ɤ ɨɤɧɭ Software Installation Properties (ɪɜɨɣɫɬɜɚ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɯ ɩɪɨɝɪɚɦɦ) ɜ ɪɚɡɞɟɥɟ Computer Configuration ɢɥɢ User Configuration. ȼɵɛɟɪɢɬɟ ɜɤɥɚɞɤɭ File Extensions (Ɋɚɫɲɢɪɟɧɢɹ ɮɚɣɥɚ) (ɫɦ. ɪɢɫ. 12-10). ɉɪɢ ɚɤɬɢɜɢɡɚɰɢɢ ɪɚɫɲɢɪɟɧɢɹ ɮɚɣɥɚ ɛɭɞɟɬ ɭɫɬɚɧɨɜɥɟɧɨ ɩɪɢɥɨɠɟɧɢɟ, ɤɨɬɨɪɨɟ ɭɤɚɡɚɧɨ ɩɟɪɜɵɦ ɜ ɫɩɢɫɤɟ.
. 12-10.
Ƚɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɧɟ ɬɨɥɶɤɨ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɪɢɥɨɠɟɧɢɹ, ɧɨ ɢ ɞɥɹ ɟɝɨ ɭɞɚɥɟɧɢɹ. ɂɦɟɸɬɫɹ ɬɪɢ ɨɩɰɢɢ ɭɞɚɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ. 1. ɍɞɚɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɜ ɤɚɱɟɫɬɜɟ ɩɪɟɞɜɚɪɢɬɟɥɶɧɨɝɨ ɲɚɝɚ ɩɟɪɟɞ ɭɫɬɚɧɨɜɤɨɣ ɛɨɥɟɟ ɧɨɜɨɣ ɜɟɪɫɢɢ ɬɨɝɨ ɠɟ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. 2. ɍɞɚɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢɥɢ ɤɨɦɩɶɸɬɟɪ ɜɵɜɟɞɟɧɵ ɡɚ ɩɪɟɞɟɥɵ ɨɛɥɚɫɬɢ ɭɩɪɚɜɥɟɧɢɹ. 3. ɍɞɚɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ ɩɪɢ ɭɞɚɥɟɧɢɢ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ. ɉɟɪɜɵɟ ɞɜɟ ɨɩɰɢɢ ɨɛɫɭɠɞɚɥɢɫɶ ɪɚɧɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ. ɉɨɫɥɟɞɧɹɹ ɨɩɰɢɹ ɬɪɟɛɭɟɬ ɧɟɤɨɬɨɪɨɝɨ ɨɛɴɹɫɧɟɧɢɹ. Ʉɨɝɞɚ ɜɵ ɭɞɚɥɹɟɬɟ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ ɢɡ ɨɛɴɟɤɬɚ GPO, ɫɭɳɟɫɬɜɭɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɜɵɛɨɪɚ ɫɩɨɫɨɛɚ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ, ɭɫɬɚɧɨɜɥɟɧɧɵɦ ɩɨɞ ɭɩɪɚɜɥɟɧɢɟɦ ɷɬɨɝɨ ɨɛɴɟɤɬɚ GPO. ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɩɚɤɟɬɟ ɩɪɨɝɪɚɦɦ, ɧɚɯɨɞɹɳɟɦɫɹ ɜ ɫɩɢɫɤɟ ɜ Software Installation (ɂɧɫɬɚɥɥɹɰɢɹ ɩɪɨɝɪɚɦɦ), ɜɵɛɟɪɢɬɟ All Tasks (ȼɫɟ ɡɚɞɚɱɢ), ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ Remove (ɍɞɚɥɢɬɶ). ɇɚ ɪɢɫɭɧɤɟ 12-11 ɩɨɤɚɡɚɧɨ ɞɢɚɥɨɝɨɜɨɟ ɨɤɧɨ, ɤɨɬɨɪɨɟ ɩɨɹɜɥɹɟɬɫɹ ɩɪɢ ɜɵɛɨɪɟ ɭɞɚɥɟɧɢɹ ɢɧɫɬɚɥɥɹɰɢɨɧɧɨɝɨ ɩɚɤɟɬɚ. ȿɫɥɢ ɛɭɞɟɬ ɜɵɛɪɚɧɚ ɨɩɰɢɹ Immediately Uninstall The Software From Users And Computers (Ⱦɟɢɧɫɬɚɥɥɢɪɨɜɚɬɶ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ ɭ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ), ɬɨ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ ɛɭɞɟɬ ɞɟɢɧɫɬɚɥɥɢɪɨɜɚɬɶɫɹ ɩɪɢ ɫɥɟɞɭɸɳɟɣ ɩɟɪɟɡɚɝɪɭɡɤɟ ɤɨɦɩɶɸɬɟɪɚ ɢɥɢ ɩɪɢ ɫɥɟɞɭɸɳɟɦ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɫɢɫɬɟɦɭ. ȿɫɥɢ ɛɭɞɟɬ ɜɵɛɪɚɧɚ ɨɩɰɢɹ Allow Users To Continue To Use The Software, But Prevent New Installations (Ɋɚɡɪɟɲɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɩɪɨɞɨɥɠɚɬɶ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɧɨ ɩɪɟɞɨɬɜɪɚɬɢɬɶ ɧɨɜɵɟ ɢɧɫɬɚɥɥɹɰɢɢ), ɩɪɢɥɨɠɟɧɢɟ ɧɟ ɛɭɞɟɬ ɭɞɚɥɟɧɨ ɫ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ, ɧɨ ɩɨɥɶɡɨɜɚɬɟɥɢ ɛɨɥɶɲɟ ɧɟ ɫɦɨɝɭɬ ɭɫɬɚɧɨɜɢɬɶ ɩɪɢɥɨɠɟɧɢɟ, ɢɫɩɨɥɶɡɭɹ ɷɬɨɬ GPO-ɨɛɴɟɤɬ.
. 12-11.
Windows
ɉɨɫɤɨɥɶɤɭ ɛɨɥɶɲɢɧɫɬɜɨ ɩɪɢɥɨɠɟɧɢɣ, ɤɨɬɨɪɵɟ ɜɵ ɛɭɞɟɬɟ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɛɭɞɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɬɟɯɧɨɥɨɝɢɸ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows, ɜɚɦ, ɜɨɡɦɨɠɧɨ, ɩɨɧɚɞɨɛɢɬɫɹ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɭɫɬɚɧɨɜɤɭ ɩɪɢɥɨɠɟɧɢɣ, ɢɦɟɸɳɢɯ Windows Installer. Active Directory Windows Server 2003 ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɨɩɰɢɣ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɷɬɨɝɨ. Ȼɨɥɶɲɢɧɫɬɜɨ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ, ɨɬɤɪɵɜ ɨɛɴɟɤɬ GPO ɜ ɪɟɞɚɤɬɨɪɟ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɢ ɪɚɡɜɟɪɧɭɜ Computer Configuration (Ʉɨɧɮɢɝɭɪɚɰɢɹ ɤɨɦɩɶɸɬɟɪɚ). Ⱦɚɥɟɟ ɜɵɛɟɪɢɬɟ Administrative Templates (Ⱥɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɲɚɛɥɨɧɵ), ɩɨɬɨɦ ɜɵɛɟɪɢɬɟ Windows Components (Ʉɨɦɩɨɧɟɧɬɵ Windows), ɡɚɬɟɦ - Windows Installer (ɂɧɫɬɚɥɥɹɬɨɪ Windows) (ɫɦ. ɪɢɫ. 12-12). ɇɟɤɨɬɨɪɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɪɚɫɩɨɥɨɠɟɧɵ ɜ ɞɪɭɝɨɦ ɦɟɫɬɟ: User Configuration\ Administrative Templates\Windows Components\Windows Installer. ȼ ɬɚɛɥɢɰɟ 12-2 ɨɛɴɹɫɧɹɟɬɫɹ ɧɚɡɧɚɱɟɧɢɟ ɷɬɢɯ ɨɩɰɢɣ.
.
12-12. . 12-2.
Windows Windows
ɉɚɪɚɦɟɬɪ ɧɚɫɬɪɨɣɤɢ Disable Windows Installer (Ɉɬɤɥɸɱɟɧɢɟ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows) (Ɍɨɥɶɤɨ ɤɨɧɮɢɝɭɪɚɰɢɹ ɤɨɦɩɶɸɬɟɪɚ)
Ɉɛɴɹɫɧɟɧɢɟ ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɜɤɥɸɱɟɧɢɹ ɢɥɢ ɨɬɤɥɸɱɟɧɢɹ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows. ȿɫɥɢ ɜɵ ɜɤɥɸɱɢɬɟ ɩɨɥɢɬɢɤɭ, ɬɨ ɡɚɬɟɦ ɦɨɠɧɨ ɢɥɢ ɩɨɥɧɨɫɬɶɸ ɨɬɤɥɸɱɢɬɶ ɢɧɫɬɚɥɥɹɬɨɪ Windows, ɢɥɢ ɜɤɥɸɱɢɬɶ ɟɝɨ ɞɥɹ ɜɫɟɯ ɩɪɢɥɨɠɟɧɢɣ, ɢɥɢ ɨɬɤɥɸɱɚɬɶ ɞɥɹ ɬɟɯ ɩɪɢɥɨɠɟɧɢɣ, ɤɨɬɨɪɵɟ ɧɟ ɪɚɫɩɪɟɞɟɥɹɸɬɫɹ ɱɟɪɟɡ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ.
Always Install With Elevated Privileges (ȼɫɟɝɞɚ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɫ ɩɪɢɜɢɥɟɝɢɹɦɢ) (Ʉɨɦɩɶɸɬɟɪɧɚɹ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɪɚɡɪɟɲɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɩɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɵɟ ɬɪɟɛɭɸɬ ɞɨɫɬɭɩɚ ɤ ɤɚɬɚɥɨɝɚɦ ɢɥɢ ɤɥɸɱɚɦ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ, ɤ ɤɨɬɨɪɵɦ ɩɨɥɶɡɨɜɚɬɟɥɶ ɨɛɵɱɧɨ ɧɟ ɦɨɠɟɬ ɨɛɪɚɳɚɬɶɫɹ. ȼɤɥɸɱɟɧɢɟ ɷɬɨɣ ɨɩɰɢɢ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɢɧɫɬɚɥɥɹɬɨɪ Windows ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɢɫɬɟɦɧɵɟ ɪɚɡɪɟɲɟɧɢɹ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ɂɫɩɨɥɶɡɭɣɬɟ ɷɬɭ ɨɩɰɢɸ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɨɬɤɥɸɱɢɬɶ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɜɟɞɟɧɢɟ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows ɫɨɡɞɚɸɳɟɝɨ ɮɚɣɥɵ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ««ɬɤɚɬɚ» ɧɟɩɨɥɧɨɣ ɢɧɫɬɚɥɥɹɰɢɢ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɬɤɥɸɱɟɧɢɹ ɤɧɨɩɤɢ Browse (Ɉɛɡɨɪ), ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɡɚɯɨɱɟɬ ɭɫɬɚɧɨɜɢɬɶ ɧɨɜɭɸ ɮɭɧɤɰɢɸ, ɢɫɩɨɥɶɡɭɹ ɢɧɫɬɚɥɥɹɬɨɪ Windows. ȼɤɥɸɱɟɧɢɟ ɷɬɨɣ ɨɩɰɢɢ ɨɬɤɥɸɱɚɟɬ ɤɧɨɩɤɭ Browse, ɬ.ɟ. ɩɨɥɶɡɨɜɚɬɟɥɶ ɦɨɠɟɬ ɩɨɥɶɡɨɜɚɬɶɫɹ ɬɨɥɶɤɨ ɢɫɬɨɱɧɢɤɚɦɢ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɦɢ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɦ.
Prohibit Rollback (Ɂɚɩɪɟɬɢɬɶ «ɨɬɤɚɬ») (Ʉɨɦɩɶɸɬɟɪɧɚɹ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
Remove Browse Dialog Box For New Source (ɍɞɚɥɟɧɢɟ ɞɢɚɥɨɝɨɜɨɝɨ ɨɤɧɚ ɨɛɡɨɪɚ ɞɥɹ ɧɨɜɨɝɨ ɢɫɬɨɱɧɢɤɚ) (Ɍɨɥɶɤɨ ɤɨɦɩɶɸɬɟɪɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
Prohibit Patching (Ɂɚɩɪɟɬɢɬɶ ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɡɚɩɪɟɬɚ ɭɫɬɚɧɨɜɤɢ ɢɫɩɨɥɶɡɨɜɚɧɢɟ «ɡɚɩɥɚɬ») (Ɍɨɥɶɤɨ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ ɡɚɩɥɚɬ ɤ ɩɪɨɝɪɚɦɦɚɦ, ɤɨɦɩɶɸɬɟɪɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ) ɢɫɩɨɥɶɡɭɸɳɢɦ ɢɧɫɬɚɥɥɹɬɨɪ Windows. ȼɤɥɸɱɟɧɢɟ ɷɬɨɣ ɨɩɰɢɢ ɨɛɟɫɩɟɱɢɜɚɟɬ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɧɭɸ ɡɚɳɢɬɭ, ɩɨɬɨɦɭ ɨɧɚ ɧɟ ɩɨɡɜɨɥɹɟɬ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɡɚɩɥɚɬɵ, ɤɨɬɨɪɵɟ ɦɨɝɥɢ ɛɵ ɢɡɦɟɧɹɬɶ ɫɢɫɬɟɦɧɵɟ ɮɚɣɥɵ. Disable IE Security Prompt For Windows ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɬɤɥɸɱɟɧɢɹ Installer Scripts (Ɉɬɤɥɸɱɢɬɶ IE ɩɨɞɫɤɚɡɤɭ ɩɪɟɞɭɩɪɟɠɞɟɧɢɣ, ɤɨɬɨɪɵɟ ɩɨɥɭɱɚɟɬ ɤɥɢɟɧɬ, ɡɚɳɢɬɵ ɞɥɹ ɫɰɟɧɚɪɢɟɜ ɢɧɫɬɚɥɥɹɬɨɪɚ ɭɫɬɚɧɚɜɥɢɜɚɹ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ Windows) (Ɍɨɥɶɤɨ ɤɨɦɩɶɸɬɟɪɧɚɹ ɱɟɪɟɡ ɢɧɬɟɪɮɟɣɫ ɛɪɚɭɡɟɪɚ ɬɢɩɚ Microsoft ɤɨɧɮɢɝɭɪɚɰɢɹ) Internet Explorer. ɗɬɭ ɨɩɰɢɸ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ, ɟɫɥɢ ɛɨɥɶɲɚɹ ɱɚɫɬɶ ɜɚɲɟɝɨ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɪɚɫɩɪɟɞɟɥɟɧɚ ɱɟɪɟɡ ɜɟɛ-ɫɚɣɬ. Enable User Control Over Installs ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɜɟɥɢɱɟɧɢɹ ɫɬɟɩɟɧɢ (ȼɤɥɸɱɢɬɶ ɤɨɧɬɪɨɥɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɧɚɞ ɤɨɧɬɪɨɥɹ ɡɚ ɢɧɫɬɚɥɥɹɰɢɟɣ ɩɪɢɥɨɠɟɧɢɹ. ȿɫɥɢ ɢɧɫɬɚɥɥɹɰɢɟɣ) (Ɍɨɥɶɤɨ ɤɨɦɩɶɸɬɟɪɧɚɹ ɨɩɰɢɹ ɜɤɥɸɱɟɧɚ, ɩɪɨɰɟɫɫ ɢɧɫɬɚɥɥɹɰɢɢ ɛɭɞɟɬ ɤɨɧɮɢɝɭɪɚɰɢɹ) ɨɫɬɚɧɚɜɥɢɜɚɬɶɫɹ ɧɚ ɤɚɠɞɨɦ ɷɤɪɚɧɟ, ɱɬɨɛɵ ɩɨɥɶɡɨɜɚɬɟɥɶ ɦɨɝ ɢɡɦɟɧɹɬɶ ɩɚɪɚɦɟɬɪɵ ɭɫɬɚɧɨɜɤɢ. Enable User To Browse For Source While ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɨɢɫɤɚ ɚɥɶɬɟɪɧɚɬɢɜɧɵɯ Elevated (Ⱦɚɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɯ ɢɫɬɨɱɧɢɤɨɜ, ɟɫɥɢ ɩɪɨɫɦɨɬɪɟɬɶ ɢɫɬɨɱɧɢɤɢ, ɟɫɥɢ ɨɧ ɢɦɟɟɬ ɩɪɢɥɨɠɟɧɢɟ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɫ ɩɨɜɵɲɟɧɧɵɟ ɪɚɡɪɟɲɟɧɢɹ) (Ɍɨɥɶɤɨ ɩɨɜɵɲɟɧɧɵɦɢ ɪɚɡɪɟɲɟɧɢɹɦɢ. ɤɨɦɩɶɸɬɟɪɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
Enable User To Use Media Source While Elevated (Ⱦɚɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɦɟɧɧɵɟ ɧɨɫɢɬɟɥɢ ɢɧɮɨɪɦɚɰɢɢ, ɟɫɥɢ ɨɧ ɢɦɟɟɬ ɩɨɜɵɲɟɧɧɵɟ ɪɚɡɪɟɲɟɧɢɹ) (Ɍɨɥɶɤɨ ɤɨɦɩɶɸɬɟɪɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɪɚɡɪɟɲɟɧɢɹ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɦɟɧɧɵɟ ɧɨɫɢɬɟɥɢ ɢɧɮɨɪɦɚɰɢɢ ɜ ɤɚɱɟɫɬɜɟ ɢɧɫɬɚɥɥɹɰɢɨɧɧɨɝɨ ɢɫɬɨɱɧɢɤɚ, ɟɫɥɢ ɩɪɢɥɨɠɟɧɢɟ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɫ ɩɨɜɵɲɟɧɧɵɦɢ ɪɚɡɪɟɲɟɧɢɹɦɢ.
Enable-User To Patch Elevated Products (Ⱦɚɬɶ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ ɩɪɢɦɟɧɹɬɶ ɡɚɩɥɚɬɵ, ɟɫɥɢ ɢɦɟɸɬɫɹ ɩɨɜɵɲɟɧɧɵɟ ɪɚɡɪɟɲɟɧɢɹ) (Ɍɨɥɶɤɨ ɤɨɦɩɶɸɬɟɪɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɪɚɡɪɟɲɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɸ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɡɚɩɥɚɬɵ, ɤɨɝɞɚ ɢɧɫɬɚɥɥɹɰɢɹ ɜɵɩɨɥɧɹɟɬɫɹ ɫ ɩɨɜɵɲɟɧɧɵɦɢ ɪɚɡɪɟɲɟɧɢɹɦɢ.
Allow Admin To Install From Terminal Services Session (Ɋɚɡɪɟɲɢɬɶ ɚɞɦɢɧɢɫɬɪɚɬɨɪɭ ɢɧɫɬɚɥɥɹɰɢɸ ɢɡ ɫɟɚɧɫɚ ɫɥɭɠɛɵ ɬɟɪɦɢɧɚɥɚ) (Ɍɨɥɶɤɨ ɤɨɦɩɶɸɬɟɪɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɪɚɡɪɟɲɟɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚɦ ɫɥɭɠɛɵ ɬɟɪɦɢɧɚɥɚ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ, ɢɫɩɨɥɶɡɭɹ ɫɟɚɧɫɚ ɫɥɭɠɛɵ ɬɟɪɦɢɧɚɥɚ.
Cache Transforms In Secure Location On Workstation (Ʉɷɲɢ-ɪɨɜɚɬɶ ɮɚɣɥ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ ɜ ɛɟɡɨɩɚɫɧɨɦ ɦɟɫɬɟ ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ) (Ɍɨɥɶɤɨ ɤɨɦɩɶɸɬɟɪɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɷɲɢɪɨɜɚɧɢɹ ɮɚɣɥɨɜ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ, ɢɫɩɨɥɶɡɭɟɦɵɯ ɩɪɢ ɢɧɫɬɚɥɥɹɰɢɢ ɧɚɫɬɪɚɢɜɚɟɦɵɯ ɩɪɢɥɨɠɟɧɢɣ ɧɚ ɦɟɫɬɧɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ. Ɏɚɣɥ ɩɪɟɨɛɪɚɡɨɜɚɧɢɹ ɬɪɟɛɭɟɬɫɹ ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɢɥɢ ɩɨɜɬɨɪɟɧɢɹ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦ.
(Ɍɨɥɶɤɨ ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows ɧɚ ɭɜɟɥɢɱɟɧɢɟ ɡɚɞɚɧɧɨɝɨ ɩɨ ɭɦɨɥɱɚɧɢɸ ɭɪɨɜɧɹ ɪɟɝɢɫɬɪɚɰɢɢ ɩɪɨɰɟɫɫɚ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦ. Prohibit User Installs (Ɂɚɩɪɟɬɢɬɶ ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɬɟɦ, ɛɭɞɭɬ ɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɢɧɫɬɚɥɥɹɰɢɢ) (Ɍɨɥɶɤɨ ɭɫɬɚɧɨɜɥɟɧɵ ɩɪɢɥɨɠɟɧɢɹ, ɧɚɡɧɚɱɟɧɧɵɟ ɤɨɦɩɶɸɬɟɪɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ) ɩɨɥɶɡɨɜɚɬɟɥɸ. ȿɫɥɢ ɨɩɰɢɹ ɜɤɥɸɱɟɧɚ, ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɚɪɚɦɟɬɪɵ ɭɫɬɚɧɨɜɤɢ ɬɚɤ, ɱɬɨɛɵ ɭɫɬɚɧɚɜɥɢɜɚɥɢɫɶ ɬɨɥɶɤɨ ɩɪɢɥɨɠɟɧɢɹ, ɧɚɡɧɚɱɟɧɧɵɟ ɞɥɹ ɤɨɦɩɶɸɬɟɪɨɜ. ɗɬɚ ɭɫɬɚɧɨɜɤɚ ɦɨɠɟɬ ɛɵɬɶ ɩɨɥɟɡɧɚ, ɟɫɥɢ ɤɨɦɩɶɸɬɟɪ ɩɨɞɫɨɟɞɢɧɟɧ ɤ ɢɧɬɟɪɧɟɬɭ ɢɥɢ ɹɜɥɹɟɬɫɹ ɨɛɳɟɞɨɫɬɭɩɧɵɦ ɤɨɦɩɶɸɬɟɪɨɦ. ɉɪɢɦɟɧɹɟɬɫɹ ɬɨɥɶɤɨ ɤ ɤɥɢɟɧɬɚɦ, ɢɦɟɸɳɢɦ ɢɧɫɬɚɥɥɹɬɨɪ Windows v2.0 (ɢɥɢ ɛɨɥɟɟ ɩɨɡɞɧɸɸ ɜɟɪɫɢɸ). Logging (Ɋɟɝɢɫɬɪɚɰɢɹ) ɤɨɦɩɶɸɬɟɪɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
Turn Off Creation Of System Restore Checkpoints (ȼɵɤɥɸɱɢɬɟ ɫɨɡɞɚɧɢɟ ɤɨɧɬɪɨɥɶɧɵɯ ɬɨɱɟɤ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɢɫɬɟɦɵ) (Ɍɨɥɶɤɨ ɤɨɦɩɶɸɬɟɪɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɢɡɦɟɧɟɧɢɹ ɡɚɞɚɧɧɨɝɨ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɜɟɞɟɧɢɹ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ ɫ ɫɢɫɬɟɦɨɣ Windows XP Professional, ɝɞɟ ɩɟɪɟɞ ɥɸɛɨɣ ɢɧɫɬɚɥɥɹɰɢɟɣ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɫɨɡɞɚɟɬɫɹ ɤɨɧɬɪɨɥɶɧɚɹ ɬɨɱɤɚ System Restore (ȼɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫɢɫɬɟɦɵ).
Search Order (ɉɨɪɹɞɨɤ ɩɨɢɫɤɚ) (Ɍɨɥɶɤɨ ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɢɡɦɟɧɟɧɢɹ ɡɚɞɚɧɧɨɝɨ ɩɨ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ) ɭɦɨɥɱɚɧɢɸ ɩɨɪɹɞɤɚ ɩɨɢɫɤɚ, ɩɪɢ ɤɨɬɨɪɨɦ ɢɧɫɬɚɥɥɹɬɨɪ Windows ɢɳɟɬ ɢɧɫɬɚɥɥɹɰɢɨɧɧɵɟ ɮɚɣɥɵ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɢɧɫɬɚɥɥɹɬɨɪ Windows ɛɭɞɟɬ ɩɪɨɫɦɚɬɪɢɜɚɬɶ ɫɟɬɶ, ɡɚɬɟɦ — ɫɴɟɦɧɵɟ ɧɨɫɢɬɟɥɢ ɢɧɮɨɪɦɚɰɢɢ, ɚ ɡɚɬɟɦ - URL ɢɧɬɟɪɧɟɬɚ. Prevent Removable Media Source For Any Install (Ɂɚɩɪɟɬɢɬɶ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɫɴɟɦɧɵɯ ɧɨɫɢɬɟɥɟɣ ɢɧɮɨɪɦɚɰɢɢ ɞɥɹ ɢɧɫɬɚɥɥɹɰɢɢ) (Ɍɨɥɶɤɨ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɡɚɩɪɟɬɚ^ɢɫɩɨɥɶɡɨɜɚ-ɧɢɹ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɪɢɥɨɠɟɧɢɣ ɫɨ ɫɴɟɦɧɵɯ ɧɨɫɢɬɟɥɟɣ ɢɧɮɨɪɦɚɰɢɢ.
ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɦɨɠɟɬ ɭɦɟɧɶɲɢɬɶ ɭɫɢɥɢɹ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɢ ɨɛɫɥɭɠɢɜɚɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ ɤɥɢɟɧɬɚ. Ɉɞɧɚɤɨ ɢɡɜɥɟɱɟɧɢɟ ɜɵɝɨɞɵ ɨɬ ɩɪɢɦɟɧɟɧɢɹ ɷɬɨɝɨ ɢɧɫɬɪɭɦɟɧɬɚ ɭɫɥɨɠɧɹɟɬɫɹ ɞɥɹ ɛɨɥɶɲɨɣ ɤɨɦɩɚɧɢɢ ɫ ɧɟɫɤɨɥɶɤɢɦɢ ɪɚɡɥɢɱɧɵɦɢ ɩɪɨɝɪɚɦɦɧɵɦɢ ɤɨɧɮɢɝɭɪɚɰɢɹɦɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɪɚɛɨɱɢɯ ɫɬɨɥɨɜ. Ɋɚɡɜɟɪɬɵɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɧɚɢɛɨɥɟɟ ɷɮɮɟɤɬɢɜɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɬɪɟɛɭɟɬ ɨɫɬɨɪɨɠɧɨɝɨ ɩɥɚɧɢɪɨɜɚɧɢɹ. ɗɬɨɬ ɪɚɡɞɟɥ ɩɨɫɜɹɳɟɧ ɬɨɦɭ, ɱɬɨ ɜɵ ɞɨɥɠɧɵ ɭɱɢɬɵɜɚɬɶ ɩɪɢ ɜɵɩɨɥɧɟɧɢɢ ɷɬɨɝɨ ɩɥɚɧɢɪɨɜɚɧɢɹ. Ɉɞɢɧ ɢɡ ɮɚɤɬɨɪɨɜ, ɤɨɬɨɪɵɣ ɜɵ ɞɨɥɠɧɵ ɭɱɢɬɵɜɚɬɶ ɩɪɢ ɪɚɡɜɟɪɬɵɜɚɧɢɢ ɩɪɢɥɨɠɟɧɢɣ, ɧɟɨɛɯɨɞɢɦɨɫɬɶ ɩɭɛɥɢɤɚɰɢɢ ɩɪɢɥɨɠɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɢɥɢ ɤɨɦɩɶɸɬɟɪɚɦ. ȿɫɥɢ ɛɨɥɶɲɢɧɫɬɜɨ ɤɨɦɩɶɸɬɟɪɨɜ ɹɜɥɹɸɬɫɹ ɨɛɳɟɞɨɫɬɭɩɧɵɦɢ ɢ ɤɚɠɞɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ ɬɪɟɛɭɟɬ ɫɩɟɰɢɮɢɱɟɫɤɨɝɨ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ, ɬɨ ɜɵ ɞɨɥɠɧɵ ɧɚɡɧɚɱɢɬɶ ɩɨɥɢɬɢɤɭ ɧɚ ɤɨɦɩɶɸɬɟɪɵ. ɉɪɢ ɧɚɡɧɚɱɟɧɢɢ ɩɨɥɢɬɢɤɢ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ ɩɨɥɧɨɫɬɶɸ ɭɫɬɚɧɨɜɢɬɫɹ ɧɚ ɪɚɛɨɱɭɸ ɫɬɚɧɰɢɸ ɩɪɢ ɟɟ ɫɥɟɞɭɸɳɟɣ ɩɟɪɟɡɚɝɪɭɡɤɟ ɢ ɛɭɞɟɬ ɞɨɫɬɭɩɧɨ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ. ɇɚɡɧɚɱɟɧɢɟ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ ɧɚ ɤɨɦɩɶɸɬɟɪɵ
ɨɛɟɫɩɟɱɢɜɚɟɬ ɛɨɥɶɲɟ ɨɩɰɢɣ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɶɸ ɫɟɬɢ. ɂɫɩɨɥɶɡɭɹ ɷɬɭ ɨɩɰɢɸ, ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɜ ɬɟɱɟɧɢɟ ɞɧɹ, ɚ ɡɚɬɟɦ ɩɨɩɪɨɫɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɟɣ (ɢɥɢ ɢɫɩɨɥɶɡɨɜɚɬɶ ɭɞɚɥɟɧɧɵɣ ɢɧɫɬɪɭɦɟɧɬ), ɱɬɨɛɵ ɨɧɢ ɩɟɪɟɡɚɝɪɭɡɢɥɢ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ ɜ ɤɨɧɰɟ ɨɛɵɱɧɨɝɨ ɪɚɛɨɱɟɝɨ ɜɪɟɦɟɧɢ. ȿɫɥɢ ɤɚɤɨɣ-ɥɢɛɨ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ ɬɪɟɛɭɟɬɫɹ ɬɨɥɶɤɨ ɧɟɫɤɨɥɶɤɢɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ, ɬɨ ɛɨɥɟɟ ɷɮɮɟɤɬɢɜɧɵɦ ɹɜɥɹɟɬɫɹ ɧɚɡɧɚɱɟɧɢɟ ɢɥɢ ɩɭɛɥɢɤɚɰɢɹ ɩɪɢɥɨɠɟɧɢɹ ɞɥɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ ɞɨɥɠɟɧ ɛɵɬɶ ɪɚɫɩɪɟɞɟɥɟɧ ɩɨɥɶɡɨɜɚɬɟɥɹɦ, ɩɪɢɧɚɞɥɟɠɚɳɢɦ ɧɟɫɤɨɥɶɤɢɦ OU. ɇɚɢɥɭɱɲɢɦ ɫɩɨɫɨɛɨɦ ɞɥɹ ɷɬɨɝɨ ɹɜɥɹɟɬɫɹ ɧɚɡɧɚɱɟɧɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɧɚ ɜɵɫɲɟɦ ɭɪɨɜɧɟ ɢɟɪɚɪɯɢɢ Active Directory ɫ ɩɨɫɥɟɞɭɸɳɟɣ ɮɢɥɶɬɪɚɰɢɟɣ ɩɪɢɦɟɧɟɧɢɹ ɨɛɴɟɤɬɚ GPO ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩ ɡɚɳɢɬɵ. Ⱦɪɭɝɨɟ ɜɚɠɧɨɟ ɪɟɲɟɧɢɟ, ɤɨɬɨɪɨɟ ɧɚɞɨ ɩɪɢɧɹɬɶ ɩɪɢ ɩɥɚɧɢɪɨɜɚɧɢɢ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɫɤɨɥɶɤɨ ɨɛɴɟɤɬɨɜ GPO ɫɥɟɞɭɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ. Ɉɞɧɚ ɢɡ ɤɪɚɣɧɨɫɬɟɣ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɞɢɧ ɨɛɴɟɤɬ GPO ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɜɫɟɝɨ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɜ ɩɪɟɞɟɥɚɯ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɤɨɧɬɟɣɧɟɪɚ, ɷɬɨ ɭɥɭɱɲɢɬ ɜɵɩɨɥɧɟɧɢɟ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɤɥɢɟɧɬɚ, ɧɨ ɦɨɠɟɬ ɫɨɡɞɚɬɶ ɫɥɨɠɧɵɟ ɤɨɧɮɢɝɭɪɚɰɢɢ GPO-ɨɛɴɟɤɬɨɜ. Ⱦɪɭɝɚɹ ɤɪɚɣɧɨɫɬɶ ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɦɧɨɠɟɫɬɜɚ GPO-ɨɛɴɟɤɬɨɜ, ɤɚɠɞɵɣ ɢɡ ɤɨɬɨɪɵɯ ɪɚɫɩɪɟɞɟɥɹɟɬ ɟɞɢɧɫɬɜɟɧɧɨɟ ɩɪɢɥɨɠɟɧɢɟ. ɗɬɨ ɦɨɠɟɬ ɨɤɚɡɚɬɶ ɜɥɢɹɧɢɟ ɧɚ ɩɪɨɰɟɫɫ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɤɥɢɟɧɬɨɜ, ɩɨɬɨɦɭ ɱɬɨ ɤɨɦɩɶɸɬɟɪ ɞɨɥɠɟɧ ɱɢɬɚɬɶ ɦɧɨɠɟɫɬɜɨ ɨɛɴɟɤɬɨɜ GPO. Ʉɨɦɩɚɧɢɢ ɢɫɩɨɥɶɡɭɸɬ ɪɚɡɧɨɨɛɪɚɡɧɵɟ ɩɨɞɯɨɞɵ ɞɥɹ ɪɟɲɟɧɢɹ ɷɬɨɣ ɩɪɨɛɥɟɦɵ. Ɍɢɩɢɱɧɵɣ ɩɨɞɯɨɞ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɫɨɡɞɚɬɶ ɨɞɢɧ ɨɛɴɟɤɬ GPO ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɫɬɚɧɞɚɪɬɧɨɝɨ ɧɚɛɨɪɚ ɩɪɢɥɨɠɟɧɢɣ, ɜ ɤɨɬɨɪɵɯ ɤɚɠɞɵɣ ɧɭɠɞɚɟɬɫɹ, ɢ ɤɨɬɨɪɵɟ ɪɟɞɤɨ ɢɡɦɟɧɹɸɬɫɹ. Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɨɛɴɟɤɬɵ GPO ɫɨɡɞɚɸɬɫɹ ɞɥɹ ɩɪɢɥɨɠɟɧɢɣ, ɤɨɬɨɪɵɟ ɱɚɫɬɨ ɨɛɧɨɜɥɹɸɬɫɹ (ɬɢɩɚ ɚɧɬɢɜɢɪɭɫɧɨɝɨ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ), ɢ ɞɥɹ ɩɪɢɥɨɠɟɧɢɣ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɦɚɥɟɧɶɤɢɦɢ ɝɪɭɩɩɚɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ȼɨɡɦɨɠɧɨ, ɱɬɨ ɜɚɦ ɩɪɢɞɟɬɫɹ ɩɥɚɧɢɪɨɜɚɬɶ ɪɚɫɩɪɟɞɟɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɩɨ ɫɟɬɢ ɫ ɧɢɡɤɨɣ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɶɸ. ȼɨ ɦɧɨɝɢɯ ɤɨɦɩɚɧɢɹɯ ɢɦɟɸɬɫɹ ɭɞɚɥɟɧɧɵɟ ɨɮɢɫɵ ɢɥɢ ɭɞɚɥɟɧɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ, ɤɨɬɨɪɵɟ ɩɨɞɤɥɸɱɚɸɬɫɹ ɤ Active Directory, ɢɫɩɨɥɶɡɭɹ ɦɟɞɥɟɧɧɵɟ ɫɟɬɟɜɵɟ ɩɨɞɤɥɸɱɟɧɢɹ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɤɨɦɩɨɧɟɧɬ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɣ ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɧɟ ɩɪɢɦɟɧɹɟɬɫɹ, ɟɫɥɢ ɤɥɢɟɧɬ ɫɨɟɞɢɧɹɟɬɫɹ ɱɟɪɟɡ ɫɟɬɟɜɨɟ ɩɨɞɤɥɸɱɟɧɢɟ ɫɨ ɫɤɨɪɨɫɬɶɸ ɩɟɪɟɞɚɱɢ ɦɟɧɶɲɟ 500 Ʉɛ/ɫ. ȿɫɥɢ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ ɜɚɲɟɣ ɫɟɬɢ ɨɛɵɱɧɨ ɩɨɞɤɥɸɱɟɧɵ ɤ ɥɨɤɚɥɶɧɨɣ ɫɟɬɢ (LAN) ɢ ɬɨɥɶɤɨ ɢɧɨɝɞɚ ɫɨɟɞɢɧɹɸɬɫɹ ɱɟɪɟɡ ɦɟɞɥɟɧɧɨɟ ɫɟɬɟɜɨɟ ɩɨɞɤɥɸɱɟɧɢɟ, ɷɬɨ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɡɧɚɱɟɧɢɟ ɩɪɢɟɦɥɟɦɨ. Ɉɞɧɚɤɨ ɟɫɥɢ ɜɚɲɢ ɫɟɬɟɜɵɟ ɤɥɢɟɧɬɵ ɫɨɟɞɢɧɹɸɬɫɹ ɱɟɪɟɡ ɦɟɞɥɟɧɧɨɟ ɫɟɬɟɜɨɟ ɩɨɞɤɥɸɱɟɧɢɟ, ɢɯ ɧɭɠɧɨ ɩɨɞɝɨɬɨɜɢɬɶ, ɜɵɩɨɥɧɢɜ ɞɨɩɨɥɧɢɬɟɥɶɧɨɟ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ. Ɉɞɧɚ ɢɡ ɨɩɰɢɣ ɨɫɬɚɜɥɹɟɬ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɪɚɫɩɪɟɞɟɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɬɚɤɢɦ, ɤɚɤ ɨɧɨ ɟɫɬɶ, ɢɧɢɰɢɢɪɭɹ ɩɨɥɧɭɸ ɢɧɫɬɚɥɥɹɰɢɸ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɫɨɟɞɢɧɹɟɬɫɹ ɫ LAN. ɂɫɩɨɥɶɡɭɣɬɟ ɷɬɭ ɨɩɰɢɸ, ɟɫɥɢ ɤɥɢɟɧɬɵ ɢɡɪɟɞɤɚ ɫɨɟɞɢɧɹɸɬɫɹ ɫ ɜɚɲɟɣ LAN. ȿɫɥɢ ɤɥɢɟɧɬɵ ɧɢɤɨɝɞɚ ɧɟ ɫɨɟɞɢɧɹɸɬɫɹ ɫ LAN, ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɢɫɩɨɥɶɡɭɣɬɟ ɫɪɟɞɫɬɜɚ ɜɧɟ Active Directory. ɇɚɩɪɢɦɟɪ, ɢɫɩɨɥɶɡɭɹ ɫɦɟɧɧɵɟ ɧɨɫɢɬɟɥɢ ɢɧɮɨɪɦɚɰɢɢ ɢɥɢ ɱɟɪɟɡ ɛɟɡɨɩɚɫɧɵɣ ɜɟɛ-ɫɚɣɬ, ɟɫɥɢ ɭ ɤɥɢɟɧɬɨɜ ɟɫɬɶ ɛɵɫɬɪɨɟ ɩɨɞɤɥɸɱɟɧɢɟ ɤ ɢɧɬɟɪɧɟɬɭ. ɍ ɛɨɥɶɲɢɧɫɬɜɚ ɤɪɭɩɧɵɯ ɤɨɦɩɚɧɢɣ ɟɫɬɶ ɫɩɨɫɨɛɵ ɚɜɬɨɦɚɬɢɡɢɪɨɜɚɬɶ ɩɪɨɰɟɫɫ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɣ ɞɥɹ ɤɨɦɩɨɧɨɜɤɢ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ. Ʉɨɦɩɚɧɢɢ ɢɫɩɨɥɶɡɭɸɬ ɬɟɯɧɨɥɨɝɢɢ ɤɥɨɧɢɪɨɜɚɧɢɹ ɞɢɫɤɚ ɢɥɢ ɫɥɭɠɛɭ ɭɞɚɥɟɧɧɨɣ ɢɧɫɬɚɥɥɹɰɢɢ (RIS — Remote Installation Services) ɞɥɹ ɛɵɫɬɪɨɣ ɤɨɦɩɨɧɨɜɤɢ ɫɬɚɧɞɚɪɬɧɨɝɨ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Ɇɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɷɬɭ ɬɟɯɧɨɥɨɝɢɸ ɜ ɤɨɦɛɢɧɚɰɢɢ ɫ ɝɪɭɩɩɨɜɵɦɢ ɩɨɥɢɬɢɤɚɦɢ, ɱɬɨɛɵ ɨɩɬɢɦɢɡɢɪɨɜɚɬɶ ɪɚɫɩɪɟɞɟɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɢɧɫɬɪɭɦɟɧɬ ɤɥɨɧɢɪɨɜɚɧɢɹ ɞɢɫɤɚ ɞɥɹ ɤɨɦɩɨɧɨɜɤɢ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ ɤɥɢɟɧɬɨɜ, ɫɤɨɦɩɨɧɭɣɬɟ ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ, ɚ ɡɚɬɟɦ ɢɫɩɨɥɶɡɭɣɬɟ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɫɬɚɧɞɚɪɬɧɨɝɨ ɧɚɛɨɪɚ ɩɪɢɥɨɠɟɧɢɣ ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ. Ʉɨɝɞɚ ɷɬɨ ɢɡɨɛɪɚɠɟɧɢɟ ɛɭɞɟɬ ɪɚɡɜɟɪɧɭɬɨ ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ, ɢɦɢ ɦɨɠɧɨ ɭɩɪɚɜɥɹɬɶ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. ȿɫɥɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ RIS ɞɥɹ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦ ɧɚ ɤɥɢɟɧɬɫɤɢɯ ɤɨɦɩɶɸɬɟɪɚɯ, ɜɤɥɸɱɢɬɟ ɭɩɪɚɜɥɹɟɦɨɟ ɩɪɢɥɨɠɟɧɢɟ ɜ RIS-ɢɡɨɛɪɚɠɟɧɢɟ ɞɥɹ ɤɚɠɞɨɝɨ ɨɬɞɟɥɚ. ɇɚɢɛɨɥɟɟ ɜɚɠɧɵɣ ɲɚɝ ɜ ɩɨɞɝɨɬɨɜɤɟ ɤ ɢɫɩɨɥɶɡɨɜɚɧɢɸ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɫɨɫɬɨɢɬ ɜ ɬɳɚɬɟɥɶɧɨɦ ɬɟɫɬɢɪɨɜɚɧɢɢ ɤɚɠɞɨɝɨ ɩɪɨɝɪɚɦɦɧɨɝɨ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɟɪɟɞ ɟɝɨ ɪɚɡɜɟɪɬɵɜɚɧɢɟɦ. Ȼɨɥɶɲɢɧɫɬɜɨ ɤɨɦɩɚɧɢɣ ɩɨɞɞɟɪɠɢɜɚɸɬ ɥɚɛɨɪɚɬɨɪɢɸ ɞɥɹ ɬɟɫɬɢɪɨɜɚɧɢɹ ɪɚɫɩɪɟɞɟɥɟɧɢɣ, ɤɨɬɨɪɚɹ ɫɨɞɟɪɠɢɬ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ, ɩɪɟɞɫɬɚɜɥɹɸɳɢɟ ɚɧɚɥɨɝɢ ɬɟɯ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ, ɤɨɬɨɪɵɟ ɢɦɟɸɬɫɹ ɜ ɩɪɨɢɡɜɨɞɫɬɜɟɧɧɨɣ ɫɪɟɞɟ. ȼɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɢɫɩɵɬɚɬɟɥɶɧɭɸ OU ɜ Active Directory ɢ ɩɟɪɟɦɟɫɬɢɬɶ ɫɸɞɚ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɷɬɢɯ ɤɨɦɩɶɸɬɟɪɨɜ ɢ
ɧɟɤɨɬɨɪɵɟ ɬɟɫɬɢɪɭɟɦɵɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɂɫɩɨɥɶɡɭɣɬɟ ɷɬɭ ɢɫɩɵɬɚɬɟɥɶɧɭɸ ɫɪɟɞɭ ɞɥɹ ɩɪɨɜɟɪɤɢ ɤɚɠɞɨɝɨ ɩɪɨɝɪɚɦɦɧɨɝɨ ɪɚɫɩɪɟɞɟɥɟɧɢɹ.
.
Ɉɞɧɨɣ ɢɡ ɤɪɢɬɢɱɟɫɤɢɯ ɡɚɞɚɱ, ɜɵɩɨɥɧɹɟɦɵɯ ɫɟɬɟɜɵɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɦ, ɹɜɥɹɟɬɫɹ ɨɛɫɥɭɠɢɜɚɧɢɟ ɡɚɩɥɚɬ ɧɚ ɭɪɨɜɧɟ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ ɞɥɹ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɨɜ ɜ ɫɟɬɢ. ɂɡ-ɡɚ ɦɚɫɲɬɚɛɚ ɧɟɨɛɯɨɞɢɦɵɯ ɞɥɹ ɷɬɨɝɨ ɭɫɢɥɢɣ ɧɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɜɨɨɛɳɟ ɧɟ ɨɛɧɨɜɥɹɸɬ ɧɚɫɬɨɥɶɧɵɟ ɤɨɦɩɶɸɬɟɪɵ ɢɥɢ ɩɪɢɦɟɧɹɸɬ ɬɨɥɶɤɨ ɧɚɢɛɨɥɟɟ ɤɪɢɬɢɱɟɫɤɢɟ ɦɨɞɢɮɢɤɚɰɢɢ. Ɉɧɢ ɨɛɵɱɧɨ ɨɛɧɨɜɥɹɸɬ ɜɫɟ ɫɟɪɜɟɪɵ, ɧɨ ɞɥɹ ɡɚɳɢɬɵ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ ɩɨɥɚɝɚɸɬɫɹ ɧɚ ɛɪɚɧɞɦɚɭɷɪ ɢɧɬɟɪɧɟɬɚ ɢ ɚɧɬɢɜɢɪɭɫɧɨɟ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ. ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɩɪɢɦɟɧɹɸɬ ɞɪɭɝɨɣ ɩɨɞɯɨɞ ɢ ɤɨɧɮɢɝɭɪɢɪɭɸɬ ɜɫɟ ɤɨɦɩɶɸɬɟɪɵ ɫɜɨɢɯ ɤɥɢɟɧɬɨɜ ɧɚ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɫɚɣɬɚ Windows Update (Ɉɛɧɨɜɥɟɧɢɟ Windows) ɞɥɹ ɡɚɝɪɭɡɤɢ ɡɚɩɥɚɬ. ɗɬɢ ɤɨɦɩɚɧɢɢ, ɜɨɡɦɨɠɧɨ, ɞɚɠɟ ɩɨɡɜɨɥɹɸɬ ɨɛɵɱɧɵɦ ɞɟɥɨɜɵɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɫɚɦɢɦ ɭɩɪɚɜɥɹɬɶ ɩɪɢɦɟɧɟɧɢɟɦ ɡɚɩɥɚɬ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɦɨɠɟɬ ɨɛɥɟɝɱɢɬɶ ɭɩɪɚɜɥɟɧɢɟ ɡɚɩɥɚɬɚɦɢ, ɧɨ ɨɧɨ ɧɟ ɪɟɲɢɬ ɩɪɨɛɥɟɦɭ. Ʉɨɦɩɚɧɢɹ Microsoft ɫɨɡɞɚɟɬ .msi ɮɚɣɥɵ ɬɨɥɶɤɨ ɞɥɹ ɫɭɳɟɫɬɜɟɧɧɵɯ ɦɨɞɢɮɢɤɚɰɢɣ ɬɢɩɚ ɫɟɪɜɢɫɧɵɯ ɩɚɤɟɬɨɜ, ɬɚɤ ɱɬɨ ɭɩɪɚɜɥɟɧɢɟ ɡɚɩɥɚɬɚɦɢ ɩɨɩɪɟɠɧɟɦɭ ɫɜɹɡɚɧɨ ɫ ɛɨɥɶɲɢɦ ɤɨɥɢɱɟɫɬɜɨɦ ɪɚɛɨɬɵ. ɉɨɷɬɨɦɭ ɤɨɦɩɚɧɢɹ Microsoft ɫɨɡɞɚɥɚ ɫɥɭɠɛɭ ɨɛɧɨɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ (Software Update Service — SUS) ɤɚɤ ɚɥɶɬɟɪɧɚɬɢɜɧɨɟ ɫɪɟɞɫɬɜɨ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɨɟ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɨɛɧɨɜɥɟɧɢɣ ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ. ɋɥɭɠɛɚ SUS ɫɨɫɬɨɢɬ ɢɡ ɫɟɪɜɟɪɧɨɝɨ ɤɨɦɩɨɧɟɧɬɚ ɢ ɤɨɦɩɨɧɟɧɬɚ ɤɥɢɟɧɬɚ. ɑɬɨɛɵ ɜɤɥɸɱɢɬɶ ɫɥɭɠɛɭ SUS, ɜɵ ɞɨɥɠɧɵ ɭɫɬɚɧɨɜɢɬɶ ɫɟɪɜɟɪɧɵɣ ɤɨɦɩɨɧɟɧɬ ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɫ ɫɢɫɬɟɦɨɣ Windows 2000 ɢɥɢ Windows Server 2003. Ɂɚɬɟɦ ɫɤɨɧɮɢɝɭɪɢɪɭɣɬɟ ɫɟɪɜɟɪɧɵɣ ɤɨɦɩɨɧɟɧɬ ɫɥɭɠɛɵ ɞɥɹ ɡɚɝɪɭɡɤɢ ɜɫɟɯ ɤɪɢɬɢɱɟɫɤɢɯ ɦɨɞɢɮɢɤɚɰɢɣ ɫ ɫɚɣɬɚ Windows Update. ɗɬɚ ɡɚɝɪɭɡɤɚ ɦɨɠɟɬ ɛɵɬɶ ɚɜɬɨɦɚɬɢɱɟɫɤɨɣ ɢɥɢ ɪɭɱɧɨɣ. Ʉɚɤ ɬɨɥɶɤɨ ɦɨɞɢɮɢɤɚɰɢɢ ɛɭɞɭɬ ɡɚɝɪɭɠɟɧɵ ɢ ɩɪɨɜɟɪɟɧɵ, ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɫɥɭɠɛɭ ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɦɨɞɢɮɢɤɚɰɢɣ ɜɫɟɦ ɤɥɢɟɧɬɚɦ. Ʉɥɢɟɧɬɫɤɢɣ ɤɨɦɩɨɧɟɧɬ ɫɥɭɠɛɵ SUS ɦɨɠɧɨ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ ɫ ɫɢɫɬɟɦɚɦɢ Windows 2000 Professional ɢ Server (ɫ Service Pack 2 ɢɥɢ ɛɨɥɟɟ ɩɨɡɞɧɢɦ), Windows XP Professional ɢɥɢ Windows Server 2003. ɋɢɫɬɟɦɵ Windows 2000 Service Pack 3 ɢ Windows XP Professional Service Pack 1 ɜɤɥɸɱɚɸɬ ɤɥɢɟɧɬɫɤɢɣ SUS-ɤɨɦɩɨɧɟɧɬ. Ʉɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ ɢɫɩɨɥɶɡɭɟɬ ɤɥɢɟɧɬɫɤɢɣ ɤɨɦɩɨɧɟɧɬ ɫɥɭɠɛɵ SUS ɞɥɹ ɫɨɟɞɢɧɟɧɢɹ ɫ ɫɟɪɜɟɪɧɵɦ ɤɨɦɩɨɧɟɧɬɨɦ ɫɥɭɠɛɵ SUS, ɱɬɨɛɵ ɡɚɝɪɭɡɢɬɶ ɢ ɭɫɬɚɧɨɜɢɬɶ ɡɚɩɥɚɬɵ. ɋɥɭɠɛɚ SUS ɦɨɠɟɬ ɭɩɪɚɜɥɹɬɶɫɹ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. ȼ ɪɟɞɚɤɬɨɪɟ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɢɫɩɨɥɶɡɭɣɬɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɪɚɫɩɨɥɨɠɟɧɧɵɟ ɜ ɪɚɡɞɟɥɟ Computer Configuration, ɜɵɛɟɪɢɬɟ Administrative Templates, ɞɚɥɟɟ ɜɵɛɟɪɢɬɟ Windows Components, ɚ ɡɚɬɟɦ — Windows Update ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɭɩɪɚɜɥɟɧɢɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢɦɢ ɦɨɞɢɮɢɤɚɰɢɹɦɢ ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ (ɫɦ. ɪɢɫ. 12-13). ȼɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɬɨɝɨ, ɫ ɤɚɤɢɦ SUSɫɟɪɜɟɪɨɦ ɛɭɞɭɬ ɫɨɟɞɢɧɹɬɶɫɹ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ.
. 12-13.
ɑɬɨɛɵ ɭɡɧɚɬɶ ɛɨɥɶɲɟ ɨɛ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɫɥɭɠɛɵ SUS ɢ ɟɟ ɢɧɬɟɝɪɚɰɢɢ ɫ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɨɣ, ɡɚɝɪɭɡɢɬɟ ɫ ɜɟɛ-ɫɚɣɬɚ Microsoft ɫɬɚɬɶɸ, ɪɚɫɩɨɥɨɠɟɧɧɭɸ ɩɨ ɚɞɪɟɫɭ http://www.microsoft.com/windows2000/ windowsupdate/sus/susoverview.asp.
ɏɨɬɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɨɛɟɫɩɟɱɢɜɚɸɬ ɦɨɳɧɵɟ ɦɟɯɚɧɢɡɦɵ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ ɤɥɢɟɧɬɨɜ, ɭ ɷɬɨɣ ɬɟɯɧɨɥɨɝɢɢ ɢɦɟɸɬɫɹ ɧɟɤɨɬɨɪɵɟ ɨɝɪɚɧɢɱɟɧɢɹ. ɗɬɢ ɨɝɪɚɧɢɱɟɧɢɹ ɨɱɟɜɢɞɧɵ ɩɪɢ ɫɪɚɜɧɟɧɢɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɫ ɢɧɫɬɪɭɦɟɧɬɚɦɢ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ Microsoft Systems Management Server (SMS) ɢɥɢ LANDesk ɨɬ Intel. Ɉɞɧɨ ɢɡ ɨɝɪɚɧɢɱɟɧɢɣ ɞɥɹ ɦɧɨɝɢɯ ɤɨɦɩɚɧɢɣ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɬɨɥɶɤɨ ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɧɚ ɤɥɢɟɧɬɫɤɢɟ ɤɨɦɩɶɸɬɟɪɵ ɫ ɫɢɫɬɟɦɚɦɢ Windows 2000 ɢɥɢ Windows XP Professional. ɏɨɬɹ ɛɨɥɶɲɢɧɫɬɜɨ ɤɨɦɩɚɧɢɣ ɩɟɪɟɲɥɨ ɧɚ ɫɚɦɵɟ ɩɨɫɥɟɞɧɢɟ ɨɩɟɪɚɰɢɨɧɧɵɟ ɫɢɫɬɟɦɵ, ɦɧɨɝɢɟ ɜɫɟ ɟɳɟ ɢɫɩɨɥɶɡɭɸɬ ɫɢɫɬɟɦɵ Windows NT Workstation, Windows 95 ɢɥɢ Windows 98 ɧɚ ɤɥɢɟɧɬɫɤɢɯ ɤɨɦɩɶɸɬɟɪɚɯ. ȿɫɥɢ ɬɚɤɢɟ ɤɨɦɩɚɧɢɢ ɡɚɯɨɬɹɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɤɥɢɟɧɬɚɦ ɫ ɛɨɥɟɟ ɧɨɜɵɦɢ ɫɢɫɬɟɦɚɦɢ, ɨɧɢ ɜɫɟ ɪɚɜɧɨ ɛɭɞɭɬ ɩɨɞɞɟɪɠɢɜɚɬɶ ɚɥɶɬɟɪɧɚɬɢɜɧɵɣ ɦɟɬɨɞ ɞɥɹ ɛɨɥɟɟ ɫɬɚɪɵɯ ɤɥɢɟɧɬɨɜ. Ȼɨɥɟɟ ɫɭɳɟɫɬɜɟɧɧɨɟ ɨɝɪɚɧɢɱɟɧɢɟ ɫɨɫɬɨɢɬ ɜ ɧɟɞɨɫɬɚɬɤɟ ɝɢɛɤɨɫɬɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɩɪɢ ɧɚɡɧɚɱɟɧɢɢ ɝɪɚɮɢɤɚ ɢɧɫɬɚɥɥɹɰɢɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ɉɪɢɥɨɠɟɧɢɹ ɧɟ ɩɭɛɥɢɤɭɸɬɫɹ ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɧɟ ɫɞɟɥɚɟɬ ɧɨɜɵɣ ɜɯɨɞ ɜ ɫɢɫɬɟɦɭ ɢɥɢ ɩɨɤɚ ɧɟ ɩɪɨɢɡɨɣɞɟɬ ɩɟɪɟɡɚɝɪɭɡɤɚ ɤɨɦɩɶɸɬɟɪɚ. ɂɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦ, ɨɛɥɚɞɚɸɳɢɟ ɩɨɥɧɵɦ ɧɚɛɨɪɨɦ ɮɭɧɤɰɢɣ, ɬɚɤɢɟ ɤɚɤ SMS, ɢɦɟɸɬ ɢ ɞɪɭɝɢɟ ɨɩɰɢɢ. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ SMS ɢɥɢ LANDesk ɞɥɹ ɡɚɩɭɫɤɚ ɤɨɦɩɶɸɬɟɪɚ ɜ ɬɟɱɟɧɢɟ ɧɨɱɢ, ɢɫɩɨɥɶɡɭɹ ɬɟɯɧɨɥɨɝɢɸ wake-on-LAN, ɭɫɬɚɧɚɜɥɢɜɚɸɳɭɸ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ ɫ ɩɨɫɥɟɞɭɸɳɢɦ ɜɵɤɥɸɱɟɧɢɟɦ ɤɨɦɩɶɸɬɟɪɚ. Ɋɚɫɩɪɟɞɟɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɣ ɦɨɠɟɬ ɛɵɬɶ ɧɚɦɟɱɟɧɨ ɧɚ ɥɸɛɨɟ ɜɪɟɦɹ ɜ ɬɟɱɟɧɢɟ ɞɧɹ, ɩɨɥɶɡɨɜɚɬɟɥɸ ɧɟ ɨɛɹɡɚɬɟɥɶɧɨ ɞɚɠɟ ɜɵɯɨɞɢɬɶ ɢɡ ɫɢɫɬɟɦɵ, ɨɧ ɦɨɠɟɬ ɢ ɧɟ ɡɧɚɬɶ, ɱɬɨ ɢɞɟɬ ɪɚɫɩɪɟɞɟɥɟɧɢɟ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ȿɳɟ ɨɞɧɨ ɨɝɪɚɧɢɱɟɧɢɟ, ɫɜɹɡɚɧɧɨɟ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ, ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɧɚ ɧɟ ɩɨɞɞɟɪɠɢɜɚɟɬ ɜɨɡɦɨɠɧɨɫɬɟɣ ɦɭɥɶɬɢɜɟ-ɳɚɧɢɹ ɜ ɫɟɬɢ. Ȼɨɥɶɲɚɹ ɱɚɫɬɶ ɫɟɬɟɜɨɝɨ ɬɪɚɮɢɤɚ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɨɞɧɨɧɚɩɪɚɜɥɟɧɧɵɣ ɬɪɚɮɢɤ, ɬɨ ɟɫɬɶ ɬɪɚɮɢɤ, ɤɨɬɨɪɵɣ ɬɟɱɟɬ ɦɟɠɞɭ ɞɜɭɦɹ ɨɩɪɟɞɟɥɟɧɧɵɦɢ ɤɨɦɩɶɸɬɟɪɚɦɢ. ɉɪɢ ɦɭɥɶɬɢɜɟɳɚɧɢɢ ɫɟɪɜɟɪ ɜɵɩɭɫɤɚɟɬ ɨɞɢɧ ɩɨɬɨɤ ɫɟɬɟɜɨɝɨ ɬɪɚɮɢɤɚ, ɚ ɧɟɫɤɨɥɶɤɨ ɤɥɢɟɧɬɫɤɢɯ ɤɨɦɩɶɸɬɟɪɨɜ ɩɨɥɭɱɚɸɬ ɨɞɧɢ ɢ ɬɟ ɠɟ ɞɚɧɧɵɟ. ɉɨɫɤɨɥɶɤɭ ɤɚɠɞɨɟ ɪɚɫɩɪɟɞɟɥɟɧɢɟ ɩɪɨɝɪɚɦɦɵ ɢɧɢɰɢɢɪɭɟɬɫɹ ɞɟɣɫɬɜɢɟɦ ɤɥɢɟɧɬɚ, ɬɨ ɨɧɨ ɧɟ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶ ɦɭɥɶɬɢɜɟɳɚɧɢɟ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɦɭɥɶɬɢɜɟɳɚɧɢɹ ɫɨɯɪɚɧɹɟɬ ɜɵɫɨɤɭɸ ɩɪɨɩɭɫɤɧɭɸ ɫɩɨɫɨɛɧɨɫɬɶ ɫɟɬɢ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ ɢɦɟɟɬɫɹ ɧɟɫɤɨɥɶɤɨ ɬɵɫɹɱ ɤɥɢɟɧɬɨɜ, ɢ ɧɭɠɧɨ ɪɚɫɩɪɟɞɟɥɢɬɶ ɫɪɨɱɧɭɸ ɚɧɬɢɜɢɪɭɫɧɭɸ ɦɨɞɢɮɢɤɚɰɢɸ, ɢɫɩɨɥɶɡɭɹ ɪɟɲɟɧɢɟ ɫ ɨɞɧɨɧɚɩɪɚɜɥɟɧɧɨɣ ɩɟɪɟɞɚɱɟɣ ɞɚɧɧɵɯ, ɬɟɦ ɫɚɦɵɦ ɫɧɢɡɢɬɫɹ ɩɪɨɩɭɫɤɧɚɹ ɫɩɨɫɨɛɧɨɫɬɶ ɞɚɠɟ ɫɚɦɨɣ ɛɵɫɬɪɨɣ ɫɟɬɢ. ɉɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɦɭɥɶɬɢɜɟɳɚɧɢɹ ɜɫɟ ɫɟɬɟɜɵɟ ɤɥɢɟɧɬɵ ɩɨɥɭɱɚɬ ɦɨɞɢɮɢɤɚɰɢɸ, ɯɨɬɹ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ ɩɨɫɵɥɚɟɬɫɹ ɬɨɥɶɤɨ ɨɞɢɧ ɪɚɡ. ɂ ɟɳɟ ɨɞɧɨ ɨɝɪɚɧɢɱɟɧɢɟ ɫɨɫɬɨɢɬ ɜ ɧɟɞɨɫɬɚɬɨɱɧɨɦ ɤɨɥɢɱɟɫɬɜɟ ɮɭɧɤɰɢɣ, ɫɨɨɛɳɚɸɳɢɯ ɨ ɪɟɡɭɥɶɬɚɬɚɯ. ɋɥɭɠɛɚ Active Directory ɧɟ ɩɨɡɜɨɥɹɟɬ ɨɩɪɟɞɟɥɢɬɶ, ɭɫɩɟɲɧɨ ɥɢ ɭɫɬɚɧɨɜɥɟɧɨ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɢɥɢ ɧɟɬ, ɨɧɚ ɧɟ ɫɨɨɛɳɚɟɬ ɨɛ ɭɫɩɟɯɚɯ ɢɥɢ ɨɬɤɚɡɚɯ ɢɧɫɬɚɥɥɹɰɢɢ. ɉɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɧɟɥɶɡɹ ɭɤɚɡɚɬɶ, ɤɚɤɢɟ ɢɦɟɧɧɨ ɤɥɢɟɧɬɵ ɞɨɥɠɧɵ ɩɨɥɭɱɢɬɶ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ ɢɧɵɦ ɫɩɨɫɨɛɨɦ, ɤɪɨɦɟ ɤɚɤ ɱɟɪɟɡ ɧɚɡɧɚɱɟɧɢɟ ɨɛɴɟɤɬɚ GPO ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɭɪɨɜɧɟ ɢɥɢ ɱɟɪɟɡ ɮɢɥɶɬɪɚɰɢɸ, ɨɫɧɨɜɚɧɧɭɸ ɧɚ ɝɪɭɩɩɚɯ. Ȼɨɥɟɟ ɩɨɥɧɨɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɢɧɫɬɪɭɦɟɧɬɵ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ (ɧɚɩɪɢɦɟɪ, SMS ɢ LANDesk) ɫɨɡɞɚɸɬ ɨɩɢɫɶ ɜɫɟɯ ɤɥɢɟɧɬɫɤɢɯ ɤɨɦɩɶɸɬɟɪɨɜ. Ɉɧɚ ɜɤɥɸɱɚɟɬ ɬɚɤɠɟ ɬɚɤɢɟ ɤɨɦɩɶɸɬɟɪɧɵɟ ɚɬɪɢɛɭɬɵ, ɤɚɤ ɨɛɴɟɦ ɩɪɨɫɬɪɚɧɫɬɜɚ ɠɟɫɬɤɨɝɨ ɞɢɫɤɚ, ɯɚɪɚɤɬɟɪɢɫɬɢɤɢ ɩɪɨɰɟɫɫɨɪɚ ɢ ɨɩɟɪɚɬɢɜɧɨɣ ɩɚɦɹɬɢ, ɚ ɬɚɤɠɟ ɫɩɢɫɨɤ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɭɫɬɚɧɨɜɥɟɧɧɨɝɨ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ. ɂɫɩɨɥɶɡɭɣɬɟ ɷɬɭ ɨɩɢɫɶ ɞɥɹ ɭɤɚɡɚɧɢɹ ɬɨɝɨ, ɤɚɤɢɟ ɤɥɢɟɧɬɫɤɢɟ ɤɨɦɩɶɸɬɟɪɵ ɩɨɥɭɱɚɬ ɨɩɪɟɞɟɥɟɧɧɵɣ ɩɚɤɟɬ ɩɪɨɝɪɚɦɦ. ɇɚɩɪɢɦɟɪ, ɜɵ ɦɨɝɥɢ ɛɵ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɫɚɦɭɸ ɩɨɫɥɟɞɧɸɸ ɜɟɪɫɢɸ ɩɪɢɥɨɠɟɧɢɹ Office ɬɨɥɶɤɨ ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ,
ɢɦɟɸɳɢɯ ɧɟɨɛɯɨɞɢɦɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɧɚ ɠɟɫɬɤɨɦ ɞɢɫɤɟ ɢ ɞɨɫɬɚɬɨɱɧɵɣ ɨɛɴɟɦ ɨɩɟɪɚɬɢɜɧɨɣ ɩɚɦɹɬɢ. ɉɪɨɛɥɟɦɵ, ɫɜɹɡɚɧɧɵɟ ɫ ɪɚɫɩɪɟɞɟɥɟɧɢɟɦ ɩɪɨɝɪɚɦɦ, ɜɨɡɧɢɤɚɸɬ ɬɚɤɠɟ ɩɪɢ ɧɚɥɢɱɢɢ «ɨɬɫɨɟɞɢɧɟɧɧɵɯ» ɤɥɢɟɧɬɨɜ. ȼ ɧɟɤɨɬɨɪɵɯ ɤɨɦɩɚɧɢɹɯ ɢɦɟɟɬɫɹ ɦɧɨɝɨ ɤɥɢɟɧɬɫɤɢɯ ɤɨɦɩɶɸɬɟɪɨɜ, ɫɨɟɞɢɧɹɸɳɢɯɫɹ ɫ ɤɨɪɩɨɪɚɬɢɜɧɨɣ ɫɟɬɶɸ ɬɨɥɶɤɨ ɢɧɨɝɞɚ ɢ ɬɨɥɶɤɨ ɱɟɪɟɡ ɦɨɞɟɦɧɭɸ ɫɜɹɡɶ ɢɥɢ VPNɩɨɞɤɥɸɱɟɧɢɟ. ɉɨɥɧɨɮɭɧɤɰɢɨɧɚɥɶɧɵɣ ɢɧɫɬɪɭɦɟɧɬ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɨɫɭɳɟɫɬɜɥɹɟɬ ɦɧɨɝɨɫɬɨɪɨɧɧɸɸ ɩɨɞɞɟɪɠɤɭ ɬɚɤɢɯ ɤɥɢɟɧɬɨɜ. Ɉɞɧɚ ɢɡ ɨɩɰɢɣ ɫɨɫɬɨɢɬ ɜ ɨɛɟɫɩɟɱɟɧɢɢ ɜɟɛ-ɫɚɣɬɚ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɢ ɭɩɪɚɜɥɟɧɢɹ ɢɦ ɩɨɫɥɟ ɢɧɫɬɚɥɥɹɰɢɢ. Ⱦɪɭɝɚɹ ɨɩɰɢɹ — ɪɚɡɭɦɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɪɚɫɩɪɟɞɟɥɟɧɢɟɦ ɩɪɨɝɪɚɦɦ, ɤɨɝɞɚ ɤɥɢɟɧɬ ɧɚɯɨɞɢɬɫɹ ɧɚ ɫɜɹɡɢ. ɇɚɩɪɢɦɟɪ, ɦɨɠɧɨ ɪɚɫɩɪɟɞɟɥɹɬɶ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ ɜɫɟɦ ɤɥɢɟɧɬɚɦ ɫ ɦɨɞɟɦɧɨɣ ɫɜɹɡɶɸ, ɧɨ ɫɬɪɨɝɨ ɨɝɪɚɧɢɱɢɜɚɬɶ ɨɛɴɟɦ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɫɟɬɢ, ɤɨɬɨɪɭɸ ɢɫɩɨɥɶɡɭɟɬ ɷɬɨɬ ɩɪɨɰɟɫɫ. ɉɪɨɰɟɫɫ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦ ɦɨɠɟɬ ɬɚɤɠɟ ɨɛɧɚɪɭɠɢɜɚɬɶ ɧɚɪɭɲɟɧɢɹ ɫɟɬɟɜɨɝɨ ɩɨɞɤɥɸɱɟɧɢɹ ɢ ɩɪɢ ɫɥɟɞɭɸɳɟɦ ɫɨɟɞɢɧɟɧɢɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɫ ɫɟɬɶɸ ɡɚɩɭɫɤɚɬɶ ɪɚɫɩɪɟɞɟɥɟɧɢɟ ɩɪɨɝɪɚɦɦ ɫ ɬɨɝɨ ɦɟɫɬɚ, ɜ ɤɨɬɨɪɨɦ ɩɨɞɤɥɸɱɟɧɢɟ ɛɵɥɨ ɧɚɪɭɲɟɧɨ. Ɍɚɤɢɦ ɨɛɪɚɡɨɦ, ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɧɟ ɩɨɞɞɟɪɠɢɜɚɟɬ ɠɟɥɚɟɦɵɣ ɧɚɛɨɪ ɮɭɧɤɰɢɣ. Ɉɞɧɚɤɨ ɞɥɹ ɦɚɥɟɧɶɤɢɯ ɤɨɦɩɚɧɢɣ ɢ ɤɨɦɩɚɧɢɣ ɫɪɟɞɧɟɝɨ ɪɚɡɦɟɪɚ, ɭ ɤɨɬɨɪɵɯ ɧɚ ɛɨɥɶɲɢɧɫɬɜɟ ɤɨɦɩɶɸɬɟɪɨɜ ɭɫɬɚɧɨɜɥɟɧɵ ɫɢɫɬɟɦɵ Windows 2000 ɢɥɢ Windows XP Professional, ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɦɨɝɭɬ ɪɟɲɢɬɶ ɦɧɨɝɢɟ ɩɪɨɛɥɟɦɵ, ɫɜɹɡɚɧɧɵɯ ɫ ɪɚɫɩɪɟɞɟɥɟɧɢɟɦ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ɂ ɰɟɧɚ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɛɟɡɭɫɥɨɜɧɨ ɨɩɪɚɜɞɚɧɚ, ɟɫɥɢ ɫɪɚɜɧɢɬɶ ɟɟ ɫ ɞɨɜɨɥɶɧɨ ɞɨɪɨɝɢɦɢ ɡɚɬɪɚɬɚɦɢ ɩɨ ɥɢɰɟɧɡɢɪɨɜɚɧɢɸ ɤɥɢɟɧɬɨɜ ɩɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɞɪɭɝɢɯ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɯ ɫɪɟɞɫɬɜ.
Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɜ Active Directory Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɸɬ ɦɨɳɧɵɟ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɢ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ. ɂɫɩɨɥɶɡɭɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɢ ɬɟɯɧɨɥɨɝɢɸ ɢɧɫɬɚɥɥɹɬɨɪɚ Windows, ɜɵ ɦɨɠɟɬɟ ɪɚɡɜɟɪɬɵɜɚɬɶ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ, ɚ ɡɚɬɟɦ ɭɩɪɚɜɥɹɬɶ ɷɬɢɦ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɜ ɬɟɱɟɧɢɟ ɜɫɟɝɨ ɠɢɡɧɟɧɧɨɝɨ ɰɢɤɥɚ ɩɪɨɝɪɚɦɦɵ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɪɚɫɫɦɨɬɪɟɧɵ ɜɨɩɪɨɫɵ, ɤɚɫɚɸɳɢɟɫɹ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɢ ɭɩɪɚɜɥɟɧɢɹ ɢɦ.
13. ȼ ɝɥɚɜɟ 12 ɨɩɢɫɚɧ ɨɞɢɧ ɢɡ ɫɩɨɫɟɛɨɜ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɜ ɫɥɭɠɛɟ ɤɚɬɚɥɨɝɚ Active Directory ɫɢɫɬɟɦɵ Microsoft Windows Server 2003 ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɜɚɲɟɣ ɫɟɬɶɸ — ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ, ɤɨɬɨɪɨɟ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ ɜɚɲɟɣ ɫɟɬɢ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨɝɨ ɢɧɫɬɪɭɦɟɧɬɚ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɪɨɝɪɚɦɦɧɵɦ ɨɛɟɫɩɟɱɟɧɢɟɦ ɤɥɢɟɧɬɨɜ ɞɚɟɬ ɫɭɳɟɫɬɜɟɧɧɭɸ ɜɵɝɨɞɭ ɞɥɹ ɨɪɝɚɧɢɡɚɰɢɢ. Ɉɞɧɚɤɨ ɫ ɭɩɪɚɜɥɟɧɢɟɦ ɤɨɦɩɶɸɬɟɪɚɦɢ ɤɥɢɟɧɬɨɜ ɫɜɹɡɚɧɨ ɦɧɨɝɨ ɯɥɨɩɨɬ, ɜɤɥɸɱɚɸɳɢɯ ɡɚɳɢɬɭ ɧɚɫɬɨɥɶɧɵɯ ɤɨɦɩɶɸɬɟɪɨɜ, ɭɩɪɚɜɥɟɧɢɟ ɩɪɨɮɢɥɹɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɞɚɧɧɵɦɢ, ɛɥɨɤɢɪɨɜɤɭ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɪɚɛɨɱɢɯ ɫɬɨɥɨɜ ɞɥɹ ɭɦɟɧɶɲɟɧɢɹ ɤɨɥɢɱɟɫɬɜɚ ɢɡɦɟɧɟɧɢɣ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɞɟɥɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɢ ɧɚ ɫɜɨɢɯ ɤɨɦɩɶɸɬɟɪɚɯ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɨɛɴɹɫɧɹɟɬɫɹ, ɤɚɤ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɤɨɦɩɨɧɟɧɬɚɦɢ ɪɚɛɨɱɢɯ ɫɬɨɥɨɜ ɤɨɦɩɶɸɬɟɪɨɜ ɤɥɢɟɧɬɨɜ. ȼ ɛɨɥɶɲɢɯ ɨɪɝɚɧɢɡɚɰɢɹɯ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɟ ɤɨɦɩɶɸɬɟɪɨɜ ɤɥɢɟɧɬɨɜ - ɷɬɨ ɨɞɧɚ ɢɡ ɫɚɦɵɯ ɫɟɪɶɟɡɧɵɯ ɡɚɞɚɱ ɜ ɭɩɪɚɜɥɟɧɢɢ. ɍɫɬɚɧɨɜɤɚ ɢ ɪɚɡɜɟɪɬɵɜɚɧɢɟ ɤɨɦɩɶɸɬɟɪɨɜ ɬɪɟɛɭɸɬ ɛɨɥɶɲɢɯ ɭɫɢɥɢɣ, ɧɨ ɢ ɭɩɪɚɜɥɟɧɢɟ ɪɚɛɨɱɢɦɢ ɫɬɚɧɰɢɹɦɢ ɩɨɫɥɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɹɜɥɹɟɬɫɹ ɧɟ ɦɟɧɟɟ ɬɪɭɞɨɟɦɤɨɣ ɡɚɞɚɱɟɣ. ȼ ɤɪɭɩɧɵɯ ɤɨɦɩɚɧɢɹɯ ɢɦɟɟɬɫɹ ɰɟɥɵɣ ɫɟɪɜɢɫɧɵɣ ɨɬɞɟɥ, ɩɨɫɜɹɳɟɧɧɵɣ ɪɟɲɟɧɢɸ ɩɪɨɛɥɟɦ, ɫ ɤɨɬɨɪɵɦɢ ɫɬɚɥɤɢɜɚɸɬɫɹ ɩɨɥɶɡɨɜɚɬɟɥɢ. ɑɚɫɬɨ ɷɬɨɬ ɨɬɞɟɥ ɩɨɞɤɪɟɩɥɹɟɬɫɹ ɝɪɭɩɩɨɣ ɩɨɞɞɟɪɠɤɢ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ, ɤɨɬɨɪɚɹ ɦɨɠɟɬ ɩɨɫɟɳɚɬɶ ɤɨɦɩɶɸɬɟɪɵ ɤɥɢɟɧɬɨɜ, ɟɫɥɢ ɩɪɨɛɥɟɦɭ ɧɟɥɶɡɹ ɪɟɲɢɬɶ ɩɨ ɬɟɥɟɮɨɧɭ. Ɂɜɨɧɨɤ ɜ ɫɟɪɜɢɫɧɵɣ ɨɬɞɟɥ ɨɛɵɱɧɨ ɫɜɹɡɚɧ ɫ ɬɟɦ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɶ ɫɞɟɥɚɥ ɱɬɨ-ɬɨ ɬɚɤɨɟ, ɱɬɨ ɜɵɡɜɚɥɨ ɩɪɨɛɥɟɦɵ. ɉɨɥɶɡɨɜɚɬɟɥɶ ɦɨɠɟɬ ɢɡɦɟɧɢɬɶ ɭɫɬɚɧɨɜɤɢ ɫɢɫɬɟɦɵ ɬɚɤ, ɱɬɨ ɛɨɥɶɲɟ ɧɟ ɫɦɨɠɟɬ ɫɨɟɞɢɧɹɬɶɫɹ ɫ ɫɟɬɶɸ. Ⱦɪɭɝɢɟ ɡɜɨɧɤɢ ɫɜɹɡɚɧɵ ɫ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟɦ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ, ɧɚɩɪɢɦɟɪ, ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɛɵɥɢ ɧɟɩɪɚɜɢɥɶɧɨ ɡɚɞɚɧɵ ɩɪɢ ɭɫɬɚɧɨɜɤɟ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɢɥɢ ɩɪɢɥɨɠɟɧɢɹ ɢ ɩɨɫɥɟ ɢɧɫɬɚɥɥɹɰɢɢ ɞɨɥɠɧɵ ɛɵɬɶ ɢɡɦɟɧɟɧɵ. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɭɦɟɧɶɲɟɧɢɹ ɤɨɥɢɱɟɫɬɜɚ ɬɚɤɢɯ ɡɜɨɧɤɨɜ, ɩɨɡɜɨɥɹɹ ɰɟɧɬɪɚɥɢɡɨɜɚɧɨ ɭɩɪɚɜɥɹɬɶ ɤɨɦɩɶɸɬɟɪɚɦɢ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ. ȼɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ, ɱɬɨɛɵ ɡɚɩɪɟɬɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɢɡɦɟɧɟɧɢɹ ɧɚ ɫɜɨɢɯ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ, ɧɚɪɭɲɚɸɳɢɟ ɩɪɚɜɢɥɶɧɨɟ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɟ. Ɇɨɠɧɨ ɬɚɤɠɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɞɥɹ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨɝɨ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɦɧɨɝɢɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ. П че ы .
, .
,
, , .
, ,
-
, .
,
,
. , .
. Microsoft Windows NT 4 2000, . . ,
Active Directory Microsoft Windows
. . Э ,
, . , ,
. ,
, . .
-
, .
,
, ,
,
,
.
ɋɥɭɠɛɚ Active Directory Windows Server 2003 ɢɦɟɟɬ ɦɧɨɠɟɫɬɜɨ ɨɩɰɢɣ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɤɨɬɨɪɵɟ ɦɪɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɤɨɦɩɶɸɬɟɪɨɜ. ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɪɚɫɩɨɥɨɠɟɧɵ ɜ ɧɟɫɤɨɥɶɤɢɯ ɦɟɫɬɚɯ ɜ ɫɬɪɭɤɬɭɪɟ Group Policy. ɉɨɷɬɨɦɭ ɩɟɪɟɞ ɧɚɱɚɥɨɦ ɞɟɬɚɥɶɧɨɝɨ ɨɩɢɫɚɧɢɹ ɧɟɤɨɬɨɪɵɯ ɢɡ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɜ ɷɬɨɦ ɪɚɡɞɟɥɟ ɞɚɟɬɫɹ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɞɨɫɬɭɩɧɵɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ. ɇɚ ɪɢɫɭɧɤɟ 13-1 ɩɨɤɚɡɚɧɨ ɪɚɫɲɢɪɟɧɧɨɟ ɩɪɟɞɫɬɚɜɥɟɧɢɟ ɨɩɰɢɣ ɭɩɪɚɜɥɟɧɢɹ ɪɚɛɨɱɢɦɢ ɫɬɨɥɚɦɢ ɜ ɩɪɟɞɟɥɚɯ ɨɬɞɟɥɶɧɨɝɨ ɨɛɴɟɤɬɚ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ GPO. ȼ ɬɚɛɥɢɰɟ 13-1 ɞɚɧɨ ɤɪɚɬɤɨɟ ɩɨɹɫɧɟɧɢɟ ɞɥɹ ɤɨɧɬɟɣɧɟɪɨɜ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ.
. 13-1.
Default Domain Policy ( )
Т . 13-1. Ʉɨɧɬɟɣɧɟɪ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ Computer Configuration and User Configuration (Ʉɨɦɩɶɸɬɟɪɧɚɹ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ) Computer Configuration and User Configuration (Ʉɨɦɩɶɸɬɟɪɧɚɹ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ) Computer Configuration and User Configuration (Ʉɨɦɩɶɸɬɟɪɧɚɹ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
Ⱦɨɱɟɪɧɢɟ ɤɨɧɬɟɣɧɟɪɵ
ɋɨɞɟɪɠɢɦɨɟ
Software Settings (ɉɚɪɚɦɟɬɪɵ ɋɨɞɟɪɠɢɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɞɥɹ ɧɚɫɬɪɨɣɤɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɩɚɤɟɬɨɜ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɨɛɟɫɩɟɱɟɧɢɹ) ɢɫɩɨɥɶɡɭɟɦɵɯ ɞɥɹ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɩɪɨɝɪɚɦɦ. Windows Settings\ Scripts ɋɨɞɟɪɠɢɬ ɫɰɟɧɚɪɢɢ ɡɚɩɭɫɤɚ ɢ (ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɜɵɤɥɸɱɟɧɢɹ ɞɥɹ ɤɨɦɩɶɸɬɟɪɨɜ ɢ Windows\ɋɰɟɧɚɪɢɢ) ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɢ ɜɵɯɨɞɚ ɢɡ ɧɟɟ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Windows Settings\ Security Settings (ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ Windows\ ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ)
ɋɨɞɟɪɠɢɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɢɫɩɨɥɶɡɭɟɦɵɟ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɡɚɳɢɬɵ ɤɨɦɩɶɸɬɟɪɚ. ɇɟɤɨɬɨɪɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɫɩɟɰɢɮɢɱɧɵ ɞɥɹ ɞɨɦɟɧɧɨɝɨ ɭɪɨɜɧɹ, ɚ ɧɟɤɨɬɨɪɵɟ ɦɨɠɧɨ ɭɫɬɚɧɨɜɢɬɶ ɧɚ ɤɨɧɬɟɣɧɟɪɧɨɦ ɭɪɨɜɧɟ. Ȼɨɥɶɲɢɧɫɬɜɨ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ ɤɨɧɮɢɝɭɪɢɪɭɸɬɫɹ ɜ ɪɚɡɞɟɥɟ ɤɨɦɩɶɸɬɟɪɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ
User Configuration Windows Settings\ Folder (ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ Redirection (ɉɚɪɚɦɟɬɪɵ ɤɨɧɮɢɝɭɪɚɰɢɹ) ɧɚɫɬɪɨɣɤɢ Windows \ɉɟɪɟɧɚɡɧɚɱɟɧɢɟ ɩɚɩɤɢ)
ɋɨɞɟɪɠɢɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɤɨɬɨɪɵɟ ɩɟɪɟɚɞɪɟɫɨɜɵɜɚɸɬ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɚɩɤɢ, ɬɚɤɢɟ ɤɚɤ ɩɚɩɤɢ My Documents (Ɇɨɢ ɞɨɤɭɦɟɧɬɵ), ɧɚ ɫɟɬɟɜɨɣ ɪɟɫɭɪɫ.
User Configuration Windows Settings\ Remote ɋɨɞɟɪɠɢɬ ɨɬɞɟɥɶɧɭɸ ɨɩɰɢɸ (ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ Installation Services (ɉɚɪɚɦɟɬɪɵ ɤɨɧɮɢɝɭɪɚɰɢɢ ɞɥɹ ɫɥɭɠɛɵ ɤɨɧɮɢɝɭɪɚɰɢɹ) ɧɚɫɬɪɨɣɤɢ Windows \ɋɥɭɠɛɚ ɭɞɚɥɟɧɧɨɣ ɢɧɫɬɚɥɥɹɰɢɢ (RIS). ɭɞɚɥɟɧɧɨɣ ɢɧɫɬɚɥɥɹɰɢɢ)
User Configuration Windows Settings\ Internet (ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ Explorer Maintenance ɤɨɧɮɢɝɭɪɚɰɢɹ) (ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ Windows\Ɉɛɫɥɭɠɢɜɚɧɢɟ Internet Explorer)
ɋɨɞɟɪɠɢɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɤɨɧɮɢɝɭɪɚɰɢɟɣ ɩɪɢɥɨɠɟɧɢɹ Microsoft Internet Explorer ɧɚ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɪɚɛɨɱɢɯ ɫɬɨɥɚɯ.
Computer Administrative Templates Configuration and (Ⱥɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɲɚɛɥɨɧɵ) User Configuration (Ʉɨɦɩɶɸɬɟɪɧɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɤɨɧɮɢɝɭɪɚɰɢɹ)
ɋɨɞɟɪɠɢɬ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɵɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ ɤɨɦɩɶɸɬɟɪɚ.
ɉɨɫɥɟɞɭɸɳɢɣ ɦɚɬɟɪɢɚɥ ɫɨɞɟɪɠɢɬ ɞɟɬɚɥɶɧɨɟ ɨɩɢɫɚɧɢɟ ɦɧɨɝɢɯ ɤɨɧɬɟɣɧɟɪɨɜ ɜɵɫɲɟɝɨ ɭɪɨɜɧɹ.
Ɉɞɧɚ ɢɡ ɩɪɨɛɥɟɦ, ɫ ɤɨɬɨɪɵɦɢ ɫɬɚɥɤɢɜɚɸɬɫɹ ɫɟɬɟɜɵɟ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ, ɫɨɫɬɨɢɬ ɜ ɭɩɪɚɜɥɟɧɢɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦɢ ɞɚɧɧɵɦɢ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦɢ ɩɪɨɮɢɥɹɦɢ. Ⱦɚɧɧɵɟ, ɫ ɤɨɬɨɪɵɦɢ ɪɚɛɨɬɚɸɬ ɩɨɥɶɡɨɜɚɬɟɥɢ, ɱɚɫɬɨ ɹɜɥɹɸɬɫɹ ɤɪɢɬɢɱɟɫɤɢɦɢ ɫ ɬɨɱɤɢ ɡɪɟɧɢɹ ɛɢɡɧɟɫɚ, ɨɧɢ ɞɨɥɠɧɵ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɦ ɨɛɪɚɡɨɦ ɡɚɳɢɳɚɬɶɫɹ ɢ ɭɩɪɚɜɥɹɬɶɫɹ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɨɧɢ ɞɨɥɠɧɵ ɯɪɚɧɢɬɶɫɹ ɰɟɧɬɪɚɥɢɡɨɜɚɧɨ ɫ ɩɨɞɞɟɪɠɤɨɣ ɪɟɝɭɥɹɪɧɨɝɨ ɪɟɡɟɪɜɧɨɝɨ ɤɨɩɢɪɨɜɚɧɢɹ. ɂɦɟɟɬɫɹ ɦɧɨɝɨ ɫɩɨɫɨɛɨɜ ɨɛɪɚɳɟɧɢɹ ɫ ɷɬɢɦɢ ɞɚɧɧɵɦɢ. Ɉɛɵɱɧɨ ɞɚɧɧɵɟ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɯɪɚɧɹɬɫɹ ɧɚ ɫɟɬɟɜɨɦ ɪɟɫɭɪɫɟ. Ɉɞɧɚɤɨ ɦɧɨɝɢɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɯɪɚɧɹɬ ɧɟɤɨɬɨɪɵɟ ɞɚɧɧɵɟ, ɤɨɬɨɪɵɟ ɧɭɠɧɵ ɜ ɫɥɭɱɚɟ ɨɬɫɭɬɫɬɜɢɹ ɫɟɬɢ, ɧɚ ɫɜɨɢɯ ɤɨɦɩɶɸɬɟɪɚɯ, ɨɫɨɛɟɧɧɨ ɧɚ ɩɨɪɬɚɬɢɜɧɵɯ Ⱦɪɭɝɨɣ ɚɫɩɟɤɬ ɭɩɪɚɜɥɟɧɢɹ ɪɚɛɨɱɢɦɢ ɫɬɨɥɚɦɢ ɤɨɦɩɶɸɬɟɪɨɜ ɫɨɫɬɨɢɬ ɜ ɭɩɪɚɜɥɟɧɢɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦɢ ɩɪɨɮɢɥɹɦɢ, ɤɨɬɨɪɵɟ ɱɚɫɬɨ ɛɨɥɶɲɟ ɛɟɫɩɨɤɨɹɬ ɤɨɧɟɱɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɱɟɦ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ. ɇɟɤɨɬɨɪɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɩɪɨɜɨɞɹɬ ɡɧɚɱɢɬɟɥɶɧɨɟ ɜɪɟɦɹ, ɤɨɧɮɢɝɭɪɢɪɭɹ ɫɜɨɢ ɩɪɢɥɨɠɟɧɢɹ ɢ ɪɚɛɨɱɢɟ ɫɬɨɥɵ ɞɥɹ ɭɞɨɜɥɟɬɜɨɪɟɧɢɹ ɫɨɛɫɬɜɟɧɧɵɯ ɩɪɟɞɩɨɱɬɟɧɢɣ. Ⱦɥɹ ɷɬɢɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɤɨɧɮɢɝɭɪɚɰɢɹ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ ɨɱɟɧɶ ɜɚɠɧɚ, ɢ ɨɧɢ ɯɨɬɹɬ, ɱɬɨɛɵ ɞɚɧɧɵɣ ɪɚɛɨɱɢɣ ɫɬɨɥ ɩɨɹɜɥɹɥɫɹ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɫ ɤɚɤɨɝɨ ɤɨɦɩɶɸɬɟɪɚ ɨɧɢ ɜɨɣɞɭɬ ɜ ɫɢɫɬɟɦɭ. Ⱦɨ ɩɨɹɜɥɟɧɢɹ Active Directory ɨɫɧɨɜɧɵɦ ɦɟɬɨɞɨɦ ɭɩɪɚɜɥɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦɢ ɞɚɧɧɵɦɢ ɢ ɩɚɪɚɦɟɬɪɚɦɢ ɧɚɫɬɪɨɣɤɢ ɛɵɥɚ ɪɟɚɥɢɡɚɰɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɩɪɨɮɢɥɟɣ. ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɪɟɚɥɢɡɨɜɵɜɚɥɢ ɪɨɭ-ɦɢɧɝɨɜɵɟ ɩɪɨɮɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɤɨɬɨɪɵɟ ɫɨɯɪɚɧɹɥɢɫɶ ɧɚ ɫɟɬɟɜɨɦ ɪɟɫɭɪɫɟ ɢ ɛɵɥɢ ɞɨɫɬɭɩɧɵ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɫ ɥɸɛɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɜ ɨɪɝɚɧɢɡɚɰɢɢ. ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɧɚɥɚɝɚɸɬ ɨɝɪɚɧɢɱɟɧɢɹ ɧɚ ɩɪɨɮɢɥɢ ɫɜɨɢɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɪɟɚɥɢɡɭɹ ɩɪɢɧɭɞɢɬɟɥɶɧɵɟ ɩɪɨɮɢɥɢ. ɂɫɩɨɥɶɡɭɹ ɩɪɢɧɭɞɢɬɟɥɶɧɵɟ ɩɪɨɮɢɥɢ, ɚɞɦɢɧɢɫɬɪɚɬɨɪ ɦɨɠɟɬ ɫɨɡɞɚɬɶ ɫɬɚɧɞɚɪɬɧɵɣ ɩɪɨɮɢɥɶ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɝɪɭɩɩɵ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɚ ɡɚɬɟɦ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɪɨɮɢɥɶ ɬɚɤ, ɱɬɨɛɵ ɩɨɥɶɡɨɜɚɬɟɥɢ ɧɟ ɦɨɝɥɢ ɟɝɨ ɢɡɦɟɧɹɬɶ. Ɋɨɭɦɢɧɝɨɜɵɟ ɢ ɩɪɢɧɭɞɢɬɟɥɶɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɪɨɮɢɥɢ ɦɨɝɭɬ ɛɵɬɶ ɪɟɚɥɢɡɨɜɚɧɵ, ɢɫɩɨɥɶɡɭɹ Active Directory, ɚ ɧɟɤɨɬɨɪɵɟ ɢɡ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɟ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɢɦɢ, ɦɨɝɭɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɱɟɪɟɡ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ. ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦ ɩɪɨɮɢɥɹɦ Active Directory ɨɛɟɫɩɟɱɢɜɚɟɬ ɬɚɤɠɟ ɩɟɪɟɧɚɡɧɚɱɟɧɢɟ ɩɚɩɤɢ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦɢ ɞɚɧɧɵɦɢ ɢ ɩɚɪɚɦɟɬɪɚɦɢ ɧɚɫɬɪɨɣɤɢ, ɱɬɨ ɫɨɡɞɚɟɬ ɫɭɳɟɫɬɜɟɧɧɵɟ ɜɵɝɨɞɵ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɩɪɨɮɢɥɟɣ.
ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɩɪɨɮɢɥɶ ɫɨɞɟɪɠɢɬ ɜɫɸ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɞɥɹ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɗɬɚ ɢɧɮɨɪɦɚɰɢɹ ɜɤɥɸɱɚɟɬ ɫɨɞɟɪɠɚɧɢɟ ɩɨɞɞɟɪɟɜɚ HKEY_CURRENT_USER ɜ ɫɢɫɬɟɦɧɨɦ ɪɟɟɫɬɪɟ (ɯɪɚɧɹɳɟɟɫɹ ɤɚɤ ɮɚɣɥ Ntuser.dat), ɤɨɬɨɪɵɣ ɜɤɥɸɱɚɟɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɞɥɹ ɩɪɢɥɨɠɟɧɢɣ ɢ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ. Ʉɪɨɦɟ ɬɨɝɨ, ɩɪɨɮɢɥɶ ɫɨɞɟɪɠɢɬ ɩɚɩɤɢ My Documents (Ɇɨɢ ɞɨɤɭɦɟɧɬɵ), Start Menu (Ɇɟɧɸ ɉɭɫɤ), Desktop (Ɋɚɛɨɱɢɣ ɫɬɨɥ) ɢ Application Data (Ⱦɚɧɧɵɟ ɩɪɢɥɨɠɟɧɢɣ). ɇɚ ɪɢɫɭɧɤɟ 13-2 ɩɨɤɚɡɚɧɨ ɫɨɞɟɪɠɢɦɨɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɩɪɨɮɢɥɹ ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɫ ɫɢɫɬɟɦɨɣ Windows Server 2003.
.
13-2.
ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɩɪɨɮɢɥɶ ɫɨɡɞɚɟɬɫɹ ɧɚ ɤɚɠɞɨɦ ɤɨɦɩɶɸɬɟɪɟ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɟɪɜɵɣ ɪɚɡ ɜɯɨɞɢɬ ɜ ɫɢɫɬɟɦɭ. ɇɚɱɚɥɶɧɵɣ ɩɪɨɮɢɥɶ ɨɫɧɨɜɚɧ ɧɚ ɡɚɞɚɧɧɨɦ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɦ ɩɪɨɮɢɥɟ, ɤɨɬɨɪɵɣ ɯɪɚɧɢɬɫɹ ɜ ɩɚɩɤɟ %systemdrive%\Documents And Settings. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɵɯɨɞɢɬ ɢɡ ɫɢɫɬɟɦɵ, ɩɪɨɮɢɥɶ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɜɤɥɸɱɚɹ ɥɸɛɵɟ ɫɞɟɥɚɧɧɵɟ ɢɦ ɢɡɦɟɧɟɧɢɹ ɤ ɡɚɞɚɧɧɨɦɭ ɩɨ ɭɦɨɥɱɚɧɢɸ, ɫɨɯɪɚɧɹɟɬɫɹ ɜ ɩɚɩɤɟ ɫ ɢɦɟɧɟɦ, ɩɨɞ ɤɨɬɨɪɵɦ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɥ ɜ ɫɢɫɬɟɦɭ, ɜ ɩɚɩɤɟ Documents And Settings (Ⱦɨɤɭɦɟɧɬɵ ɢ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ). Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɫɧɨɜɚ ɜɨɣɞɟɬ ɧɚ ɬɨɬ ɠɟ ɫɚɦɵɣ ɤɨɦɩɶɸɬɟɪ, ɟɝɨ ɩɪɨɮɢɥɶ ɛɭɞɟɬ ɧɚɣɞɟɧ, ɢ ɩɨɥɶɡɨɜɚɬɟɥɸ ɛɭɞɟɬ ɩɪɟɞɫɬɚɜɥɟɧ ɬɨɬ ɠɟ ɫɚɦɵɣ ɪɚɛɨɱɢɣ ɫɬɨɥ, ɤɨɬɨɪɵɣ ɛɵɥ ɩɟɪɟɞ ɜɵɯɨɞɨɦ ɢɡ ɫɢɫɬɟɦɵ. ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɪɟɚɥɢɡɨɜɚɥɢ ɪɨɭ-ɦɢɧɝɨɜɵɟ ɩɪɨɮɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɋɨɭɦɢɧɝɨɜɵɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɪɨɮɢɥɢ ɯɪɚɧɹɬɫɹ ɧɚ ɫɟɬɟɜɨɦ ɪɟɫɭɪɫɟ, ɱɬɨɛɵ ɛɵɬɶ ɞɨɫɬɭɩɧɵɦɢ ɩɨɥɶɡɨɜɚɬɟɥɸ, ɤɨɝɞɚ ɨɧ ɩɟɪɟɦɟɳɚɟɬɫɹ ɦɟɠɞɭ ɤɨɦɩɶɸɬɟɪɚɦɢ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɞɥɹ ɤɨɬɨɪɨɝɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɪɨɭɦɢɧɝɨɜɵɣ ɩɪɨɮɢɥɶ, ɜɩɟɪɜɵɟ ɜɯɨɞɢɬ ɧɚ ɤɨɦɩɶɸɬɟɪ, ɷɬɨɬ ɩɪɨɮɢɥɶ ɡɚɝɪɭɠɚɟɬɫɹ ɫ ɫɟɬɟɜɨɝɨ ɪɟɫɭɪɫɚ ɢ ɩɪɢɦɟɧɹɟɬɫɹ ɤ ɤɨɦɩɶɸɬɟɪɭ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɵɯɨɞɢɬ ɢɡ ɫɢɫɬɟɦɵ, ɫɞɟɥɚɧɧɵɟ ɢɦ ɢɡɦɟɧɟɧɢɹ ɤ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɦɭ ɩɪɨɮɢɥɸ ɤɨɩɢɪɭɸɬɫɹ ɧɚɡɚɞ ɧɚ ɫɟɬɟɜɨɣ ɪɟɫɭɪɫ. Ʉɨɩɢɹ ɩɪɨɮɢɥɹ ɬɚɤɠɟ ɤɷɲɢɪɭɟɬɫɹ ɧɚ ɦɟɫɬɧɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɭɠɟ ɜɯɨɞɢɥ ɧɚ ɪɚɛɨɱɭɸ ɫɬɚɧɰɢɸ ɩɪɟɠɞɟ, ɬɨ ɜɪɟɦɟɧɧɚɹ ɦɟɬɤɚ ɩɪɨɮɢɥɹ, ɯɪɚɧɹɳɟɝɨɫɹ ɧɚ ɦɟɫɬɧɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ, ɫɪɚɜɧɢɬɫɹ ɫ ɜɪɟɦɟɧɧɨɣ ɦɟɬɤɨɣ ɩɪɨɮɢɥɹ, ɯɪɚɧɹɳɟɝɨɫɹ ɧɚ ɫɟɬɟɜɨɦ ɪɟɫɭɪɫɟ. ȼ ɫɢɫɬɟɦɚɯ Windows 2000 ɢ Windows XP Professional ɜɪɟɦɟɧɧɚɹ ɦɟɬɤɚ ɧɚ ɢɧɞɢɜɢɞɭɚɥɶɧɵɯ ɮɚɣɥɚɯ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɬɨɝɨ, ɤɚɤɨɣ ɢɡ ɮɚɣɥɨɜ ɩɪɨɮɢɥɹ ɹɜɥɹɟɬɫɹ ɛɨɥɟɟ ɧɨɜɵɦ. ȿɫɥɢ ɩɪɨɮɢɥɶ, ɯɪɚɧɹɳɢɣɫɹ ɧɚ ɫɟɪɜɟɪɟ, ɧɨɜɟɟ, ɱɟɦ ɦɟɫɬɧɵɣ ɩɪɨɮɢɥɶ, ɬɨ ɜɟɫɶ ɩɪɨɮɢɥɶ ɛɭɞɟɬ ɫɤɨɩɢɪɨɜɚɧ ɫ ɫɟɪɜɟɪɚ ɧɚ ɦɟɫɬɧɭɸ ɪɚɛɨɱɭɸ ɫɬɚɧɰɢɸ. ȼɤɥɸɱɢɬɶ ɪɨɭɦɢɧɝɨɜɵɣ ɩɪɨɮɢɥɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɦɨɠɧɨ, ɤɨɧɮɢɝɭɪɢɪɭɹ ɩɭɬɶ ɩɪɨɮɢɥɹ ɧɚ ɜɤɥɚɞɤɟ Profile (ɉɪɨɮɢɥɶ) ɨɤɧɚ Properties (ɋɜɨɣɫɬɜɚ) ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɢɧɫɬɪɭɦɟɧɬɟ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory). ɇɟɤɨɬɨɪɵɟ ɤɨɦɩɚɧɢɢ ɪɟɚɥɢɡɭɸɬ ɩɪɢɧɭɞɢɬɟɥɶɧɵɟ ɩɪɨɮɢɥɢ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɩɪɢɧɭɞɢɬɟɥɶɧɵɟ ɩɪɨɮɢɥɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɜ ɤɨɦɛɢɧɚɰɢɢ ɫ ɪɨɭɦɢɧɝɨɜɵɦɢ ɩɪɨɮɢɥɹɦɢ ɞɥɹ ɫɨɡɞɚɧɢɹ ɫɬɚɧɞɚɪɬɧɨɣ ɧɚɫɬɨɥɶɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɞɥɹ ɝɪɭɩɩɵ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɇɚɩɪɢɦɟɪ, ɜɵ ɢɦɟɟɬɫɹ ɝɪɭɩɩɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɢɫɩɨɥɧɹɸɳɢɯ ɨɞɧɢ ɢ ɬɟ ɠɟ ɮɭɧɤɰɢɢ ɢ ɧɭɠɞɚɸɳɢɯɫɹ ɜ ɨɱɟɧɶ ɨɝɪɚɧɢɱɟɧɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ. ȿɫɥɢ ɜɵ ɹɜɥɹɟɬɟɫɶ ɱɥɟɧɨɦ ɝɪɭɩɩ Account Operators (Ɉɩɟɪɚɬɨɪɵ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ), Domain Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɞɨɦɟɧɚ) ɢɥɢ Enterprise Admins (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪɵ ɩɪɟɞɩɪɢɹɬɢɹ), ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɨɞɢɧ ɫɬɚɧɞɚɪɬɧɵɣ ɪɚɛɨɱɢɣ ɫɬɨɥ ɞɥɹ ɷɬɨɣ ɝɪɭɩɩɵ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɢɫɩɨɥɶɡɨɜɚɬɶ ɩɪɢɧɭɞɢɬɟɥɶɧɵɟ ɩɪɨɮɢɥɢ, ɱɬɨɛɵ ɩɨɦɟɲɚɬɶ ɢɡɦɟɧɟɧɢɸ ɤɨɧɮɢɝɭɪɚɰɢɢ. ɑɬɨɛɵ ɜɤɥɸɱɢɬɶ ɨɩɰɢɸ ɩɪɢɧɭɞɢɬɟɥɶɧɵɯ ɩɪɨɮɢɥɟɣ, ɫɧɚɱɚɥɚ ɫɨɡɞɚɣɬɟ ɠɟɥɚɬɟɥɶɧɭɸ ɫɬɚɧɞɚɪɬɧɭɸ ɤɨɧɮɢɝɭɪɚɰɢɸ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ. Ɂɚɬɟɦ ɫɨɯɪɚɧɢɬɟ ɜɫɟ ɫɨɞɟɪɠɢɦɨɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɩɪɨɮɢɥɹ ɧɚ ɫɟɬɟɜɨɦ ɪɟɫɭɪɫɟ ɢ ɩɟɪɟɢɦɟɧɭɣɬɟ ɮɚɣɥ Ntuser.dat ɜ Ntuser.man. Ⱦɚɥɟɟ ɫɤɨɧɮɢɝɭɪɢɪɭɣɬɟ ɜɫɟɯ ɧɟɨɛɯɨɞɢɦɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɱɬɨɛɵ ɷɬɨɬ ɩɪɨɮɢɥɶ ɛɵɥ ɢɯ ɪɨɭɦɢɧɝɨɜɵɦ ɩɪɨɮɢɥɟɦ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜɨɣɞɭɬ ɜ ɫɟɬɶ, ɢɦ ɛɭɞɟɬ ɩɪɟɞɫɬɚɜɥɟɧ ɫɬɚɧɞɚɪɬɧɵɣ ɩɪɨɮɢɥɶ, ɢ ɩɨɫɤɨɥɶɤɭ ɷɬɨɬ ɩɪɨɮɢɥɶ ɹɜɥɹɟɬɫɹ ɩɪɢɧɭɞɢɬɟɥɶɧɵɦ, ɨɧɢ ɧɟ ɫɦɨɝɭɬ ɫɨɯɪɚɧɢɬɶ ɧɢɤɚɤɢɟ ɢɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɤ ɧɟɦɭ. Ɋɨɭɦɢɧɝɨɜɵɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɪɨɮɢɥɢ ɫɭɳɟɫɬɜɭɸɬ ɢ ɜ Windows Server 2003. ȿɫɥɢ ɜ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ ɪɟɚɥɢɡɨɜɚɧɵ ɪɨɭɦɢɧɝɨɜɵɟ ɢɥɢ ɩɪɢɧɭɞɢɬɟɥɶɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɪɨɮɢɥɢ, ɦɨɠɧɨ ɩɪɨɞɨɥɠɚɬɶ ɢɯ ɢɫɩɨɥɶɡɨɜɚɧɢɟ. Ⱦɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦɢ ɩɪɨɮɢɥɹɦɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ. Ȼɨɥɶɲɢɧɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɩɪɨɮɢɥɹ ɪɚɫɩɨɥɨɠɟɧɨ ɜ ɩɚɩɤɟ Computer Configuration\ Administrative Templates\ System\User Profiles. Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɪɚɫɩɨɥɨɠɟɧɵ ɜ ɩɨɞɩɚɩɤɟ ɬɨɝɨ ɠɟ ɧɚɡɜɚɧɢɹ ɜ ɪɚɡɞɟɥɟ ɩɚɪɚɦɟɬɪɨɜ User Configuration. ȼ ɬɚɛɥɢɰɟ 13-2 ɨɛɴɹɫɧɹɸɬɫɹ ɨɩɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ.
. 13-2.
Ɉɩɰɢɹ ɤɨɧɮɢɝɭɪɚɰɢɢ
ɉɨɹɫɧɟɧɢɟ
Do Not Check For User Ownership Of Roaming Profile Folders (He ɩɪɨɜɟɪɹɬɶ ɩɪɚɜɨ ɫɨɛɫɬɜɟɧɧɨɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɧɚ ɩɚɩɤɢ ɪɨɭ-ɦɢɧɝɨɜɵɯ ɩɪɨɮɢɥɟɣ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɞɟɣɫɬɜɢɣ ɜ ɫɥɭɱɚɟ, ɟɫɥɢ ɩɚɩɤɚ ɪɨɭɦɢɧɝɨɜɵɯ ɩɪɨɮɢɥɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ ɭɠɟ ɫɭɳɟɫɬɜɭɟɬ ɢ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ ɦɨɞɟɪɧɢɡɢɪɨɜɚɧɵ ɞɨ Microsoft Windows 2000 Service Pack 4 ɢɥɢ Microsoft Windows XP Professional Service Pack. ɗɬɢ ɧɨɜɵɟ ɫɟɪɜɢɫɧɵɟ ɩɚɤɟɬɵ ɭɜɟɥɢɱɢɜɚɸɬ ɡɚɞɚɧɧɭɸ ɩɨ ɭɦɨɥɱɚɧɢɸ ɡɚɳɢɬɭ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɩɪɨɮɢɥɟɣ. ȼɤɥɸɱɟɧɢɟ ɷɬɨɣ ɨɩɰɢɢ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɩɨɞɞɟɪɠɢɜɚɟɬɫɹ ɛɨɥɟɟ ɪɚɧɧɹɹ ɡɚɳɢɬɚ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɞɚɥɟɧɢɹ ɜ ɦɟɫɬɧɨɦ ɦɚɫɲɬɚɛɟ ɤɷɲɢɪɨɜɚɧɧɨɣ ɤɨɩɢɢ ɪɨɭɦɢɧɝɨɜɨɝɨ ɩɪɨɮɢɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɵɣɞɟɬ ɢɡ ɫɢɫɬɟɦɵ. ɇɟ ɜɤɥɸɱɚɣɬɟ ɷɬɭ ɨɩɰɢɸ, ɟɫɥɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɮɭɧɤɰɢɸ ɨɛɧɚɪɭɠɟɧɢɹ ɦɟɞɥɟɧɧɵɯ ɫɜɹɡɟɣ ɜ ɫɢɫɬɟɦɚɯ Windows 2000 ɢɥɢ Windows XP Professional, ɩɨɬɨɦɭ ɱɬɨ ɷɬɨɣ ɮɭɧɤɰɢɢ ɬɪɟɛɭɟɬɫɹ ɥɨɤɚɥɶɧɨ ɤɷɲɢɪɨɜɚɧɧɚɹ ɤɨɩɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɩɪɨɮɢɥɹ.
Delete Cached Copies Of Roaming Profiles (ɍɞɚɥɢɬɶ ɤɷɲɢɪɨɜɚɧ-ɧɵɟ ɤɨɩɢɢ ɪɨɭɦɢɧɝɨ-ɜɵɯ ɩɪɨɮɢɥɟɣ)
Do Not Detect Slow Network Connections (He ɨɛɧɚɪɭɠɢɜɚɬɶ ɦɟɞɥɟɧɧɵɟ ɫɟɬɟɜɵɟ ɩɨɞɤɥɸɱɟɧɢɹ)
Slow Network Connection Timeout For User Profiles (Ʌɢɦɢɬ ɜɪɟɦɟɧɢ ɜ ɦɟɞɥɟɧɧɨɦ ɫɟɬɟɜɨɦ ɩɨɞɤɥɸɱɟɧɢɢ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɩɪɨɮɢɥɟɣ) Wait For Remote User Profile (ɀɞɚɬɶ ɭɞɚɥɟɧɧɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɩɪɨɮɢɥɶ)
Prompt User When Slow Link Is Detected (ɉɪɟɞɭɩɪɟɞɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɟɫɥɢ ɨɛɧɚɪɭɠɟɧɵ ɦɟɞɥɟɧɧɵɟ ɫɜɹɡɢ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɪɟɞɨɬɜɪɚɳɟɧɢɹ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɮɭɧɤɰɢɢ ɨɛɧɚɪɭɠɟɧɢɹ ɦɟɞɥɟɧɧɵɯ ɫɜɹɡɟɣ ɩɪɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɢ ɫɩɨɫɨɛɨɜ ɭɩɪɚɜɥɟɧɢɹ ɪɨɭɦɢɧɝɨɜɵɦɢ ɩɪɨɮɢɥɹɦɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȿɫɥɢ ɨɩɰɢɹ ɜɤɥɸɱɟɧɚ, ɬɨ ɪɨɭɦɢɧɝɨɜɵɟ ɩɪɨɮɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɛɭɞɭɬ ɡɚɝɪɭɠɚɬɶɫɹ ɜɫɟɝɞɚ, ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɫɤɨɪɨɫɬɢ ɩɟɪɟɞɚɱɢ ɜ ɫɟɬɢ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɦɟɞɥɟɧɧɨɝɨ ɫɟɬɟɜɨɝɨ ɩɨɞɤɥɸɱɟɧɢɹ. ȿɫɥɢ ɨɩɰɢɹ ɜɤɥɸɱɟɧɚ, ɬɨ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɨɩɪɟɞɟɥɟɧɢɟ ɦɟɞɥɟɧɧɨɝɨ ɫɟɬɟɜɨɝɨ ɩɨɞɤɥɸɱɟɧɢɹ - ɦɟɧɟɟ 500 Ʉɛ/ɫ, ɢɥɢ (ɞɥɹ ɤɨɦɩɶɸɬɟɪɨɜ, ɧɟ ɢɫɩɨɥɶɡɭɸɳɢɯ IP-ɚɞɪɟɫ) ɟɫɥɢ ɫɟɪɜɟɪɭ ɧɚ ɨɬɜɟɬ ɬɪɟɛɭɟɬɫɹ ɛɨɥɟɟ 120 ɦɫ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɜɫɟɝɞɚ ɡɚɝɪɭɠɚɬɶ ɪɨɭɦɢɧɝɨɜɵɣ ɩɪɨɮɢɥɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɫ ɫɟɪɜɟɪɚ. ȿɫɥɢ ɨɩɰɢɹ ɜɤɥɸɱɟɧɚ, ɪɚɛɨɱɚɹ ɫɬɚɧɰɢɹ ɡɚɝɪɭɡɢɬ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɩɪɨɮɢɥɶ, ɞɚɠɟ ɟɫɥɢ ɛɭɞɟɬ ɨɛɧɚɪɭɠɟɧɨ ɦɟɞɥɟɧɧɨɟ ɫɟɬɟɜɨɟ ɩɨɞɤɥɸɱɟɧɢɟ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɪɟɞɭɩɪɟɠɞɟɧɢɹ ɨɛ ɨɛɧɚɪɭɠɟɧɧɨɦ ɦɟɞɥɟɧɧɨɦ ɫɟɬɟɜɨɦ ɩɨɞɤɥɸɱɟɧɢɢ, ɱɬɨɛɵ ɞɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ ɜɨɡɦɨɠɧɨɫɬɶ ɜɵɛɨɪɚ ɦɟɠɞɭ ɡɚɝɪɭɡɤɨɣ ɦɟɫɬɧɨɝɨ ɩɪɨɮɢɥɹ ɢɥɢ ɩɪɨɮɢɥɹ, ɪɚɫɩɨɥɨɠɟɧɧɨɝɨ ɧɚ ɫɟɪɜɟɪɟ. ȿɫɥɢ ɨɩɰɢɹ ɧɟ ɜɤɥɸɱɟɧɚ, ɦɟɫɬɧɵɣ ɩɪɨɮɢɥɶ ɛɭɞɟɬ ɡɚɝɪɭɠɟɧ ɛɟɡ ɭɜɟɞɨɦɥɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɹ.
Timeout For Dialog Boxes ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɜɪɟɦɟɧɢ (Ʌɢɦɢɬ ɜɪɟɦɟɧɢ ɞɥɹ ɨɠɢɞɚɧɢɹ ɫɢɫɬɟɦɚ ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɩɨɥɶɡɨɜɚɬɟɥɶ ɛɭɞɟɬ ɞɢɚɥɨɝɨɜɵɯ ɨɤɨɧ) ɩɪɟɞɭɩɪɟɠɞɟɧ ɨɛ ɨɛɧɚɪɭɠɟɧɢɢ ɦɟɞɥɟɧɧɨɝɨ ɫɟɬɟɜɨɝɨ ɩɨɞɤɥɸɱɟɧɢɹ. ȿɫɥɢ ɥɢɦɢɬ ɜɪɟɦɟɧɢ ɢɫɬɟɤɚɟɬ, ɬɨ ɩɪɢɦɟɧɹɟɬɫɹ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɡɧɚɱɟɧɢɟ ɢɥɢ ɞɟɣɫɬɜɢɟ, ɫɜɹɡɚɧɧɨɟ ɫ ɞɢɚɥɨɝɨɜɵɦ ɨɤɧɨɦ.
Log Users Off When Roaming Profile Fails (ɉɪɟɞɨɬɜɪɚɬɢɬɶ ɜɯɨɞ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɟɫɥɢ ɪɨɭɦɢɧɝɨɜɵɣ ɩɪɨɮɢɥɶ ɧɟ ɞɨɫɬɭɩɟɧ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɡɚɩɪɟɬɚ ɜɯɨɞɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɫɢɫɬɟɦɭ, ɟɫɥɢ ɪɨɭɦɢɧɝɨɜɵɣ ɩɪɨɮɢɥɶ ɧɟɞɨɫɬɭɩɟɧ. ȿɫɥɢ ɨɩɰɢɹ ɧɟ ɜɤɥɸɱɟɧɚ, ɛɭɞɟɬ ɡɚɝɪɭɠɟɧ ɩɪɨɮɢɥɶ, ɤɨɬɢɪɭɟɦɵɣ ɜ ɦɟɫɬɧɨɦ ɦɚɫɲɬɚɛɟ, ɟɫɥɢ ɨɧ ɞɨɫɬɭɩɟɧ. (ɂɧɚɱɟ ɡɚɝɪɭɠɚɟɬɫɹ ɦɟɫɬɧɵɣ ɡɚɞɚɧɧɵɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɩɪɨɮɢɥɶ.)
Maximum Retries To Unload And Update User Profile (Ɇɚɤɫɢɦɚɥɶɧɨɟ ɤɨɥɢɱɟɫɬɜɨ ɩɨɜɬɨɪɧɵɯ ɩɨɩɵɬɨɤ ɞɥɹ ɜɵɝɪɭɡɤɢ ɢ ɨɛɧɨɜAdd The Administrators Security Group To Roaming User Profiles (Ⱦɨɛɚɜɶɬɟ ɝɪɭɩɩɭ ɛɟɡɨɩɚɫɧɨɫɬɢ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɤ ɪɨɭɦɢɧɝɨɜɵɦ ɩɪɨɮɢɥɹɦ ɩɨɥɶɡɨɜɚɬɟɥɟɣ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɤɨɥɢɱɟɫɬɜɚ ɩɨɩɵɬɨɤ ɫɢɫɬɟɦɵ ɨɛɧɨɜɢɬɶ ɮɚɣɥ Ntuser.dat, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɵɯɨɞɢɬ ɢɡ ɫɢɫɬɟɦɵ ɢ ɨɛɧɨɜɥɟɧɢɟ ɬɟɪɩɢɬ ɧɟɭɞɚɱɭ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɫɢɫɬɟɦɚ ɛɭɞɟɬ ɩɪɨɛɨɜɚɬɶ ɨɛɧɨɜɢɬɶ ɮɚɣɥ ɨɞɢɧ ɪɚɡ ɜ ɫɟɤɭɧɞɭ ɜ ɬɟɱɟɧɢɟ 60 ɫ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɝɨ ɞɨɫɬɭɩɚ ɤ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦ ɩɪɨɮɢɥɹɦ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɜ ɫɢɫɬɟɦɚɯ Windows 2000 ɢ Windows XP Professional ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɞɚɟɬɫɹ ɩɨɥɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɩɪɨɮɢɥɟɦ, ɚ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɧɟ ɢɦɟɸɬ ɧɢɤɚɤɨɝɨ ɞɨɫɬɭɩɚ
Prevent Roaming Profile Changes From Propagating To The Server (ɉɪɟɞɨɬɜɪɚɬɢɬɶ ɩɟɪɟɦɟɳɟɧɢɟ ɢɡɦɟɧɟɧɢɣ ɪɨɭɦɢɧɝɨɜɨɝɨ ɩɪɨɮɢɥɹ ɧɚ ɫɟɪɜɟɪ) Only Allow Local User Profiles (Ɋɚɡɪɟɲɢɬɶ ɬɨɥɶɤɨ ɦɟɫɬɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɪɨɮɢɥɢ)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɞɟɣɫɬɜɢɣ ɩɪɢ ɜɵɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɡ ɫɢɫɬɟɦɵ. ȿɫɥɢ ɷɬɚ ɨɩɰɢɹ ɜɤɥɸɱɟɧɚ, ɬɨ ɪɨɭɦɢɧɝɨɜɵɣ ɩɪɨɮɢɥɶ ɧɚ ɫɟɪɜɟɪɟ ɧɟ ɦɨɞɢɮɢɰɢɪɭɟɬɫɹ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɵɯɨɞɢɬ ɢɡ ɫɢɫɬɟɦɵ.
Connect Home Directory To Root Of The Share (ɉɨɞɤɥɸɱɢɬɶ ɞɨɦɚɲɧɢɣ ɤɚɬɚɥɨɝ ɤ ɤɨɪɧɸ ɪɟɫɭɪɫɚ) (ɜ ɪɚɡɞɟɥɟ User Configuration)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɨɬɨɛɪɚɠɟɧɢɹ ɞɨɦɚɲɧɟɝɨ ɞɢɫɤɚ ɬɚɤ, ɤɚɤ ɨɧ ɛɵɥ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɜ Windows NT. ȿɫɥɢ ɨɩɰɢɹ ɜɤɥɸɱɟɧɚ, ɬɨ ɞɨɦɚɲɧɢɦ ɞɢɫɤɨɦ' ɞɥɹ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɛɭɞɟɬ ɫɟɬɟɜɨɣ ɪɟɫɭɪɫ, ɧɚ ɤɨɬɨɪɨɦ ɪɚɫɩɨɥɨɠɟɧɵ ɞɨɦɚɲɧɢɟ ɩɚɩɤɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ȿɫɥɢ ɨɩɰɢɹ ɨɬɤɥɸɱɟɧɚ (ɡɚɞɚɧɨ ɩɨ ɭɦɨɥɱɚɧɢɸ), ɞɨɦɚɲɧɢɟ ɞɢɫɤɢ ɛ^ɭɞɭɬ ɨɬɨɛɪɚɠɚɬɶ ɫɩɟɰɢɮɢɱɧɵɟ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ ɩɚɩɤɢ, ɚ ɧɟ ɪɟɫɭɪɫ ɛɨɥɟɟ ɜɵɫɨɤɨɝɨ ɭɪɨɜɧɹ.
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɬɨɝɨ, ɛɭɞɭɬ ɥɢ ɪɨɭɦɢɧɝɨɜɵɟ ɩɪɨɮɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɫɤɨɩɢɪɨɜɚɧɵ ɫ ɫɟɪɜɟɪɚ. ȿɫɥɢ ɨɩɰɢɹ ɜɤɥɸɱɟɧɚ, ɪɨɭɦɢɧɝɨɜɵɣ ɩɪɨɮɢɥɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɧɟ ɛɭɞɟɬ ɩɪɢɦɟɧɹɬɶɫɹ
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɝɪɚɧɢɱɟɧɢɹ ɪɚɡɦɟɪɚ ɪɨɭɦɢɧɝɨɜɨɝɨ ɩɪɨɮɢɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɚ ɬɚɤɠɟ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɬɨɝɨ, ɤɚɤɨɟ ɩɪɟɞɭɩɪɟɠɞɟɧɢɟ ɩɨɥɭɱɢɬ ɩɨɥɶɡɨɜɚɬɟɥɶ, ɟɫɥɢ ɪɚɡɦɟɪ ɟɝɨ ɩɪɨɮɢɥɹ ɛɭɞɟɬ ɩɪɟɜɵɲɟɧ. Exclude Directories In ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɪɟɞɨɬɜɪɚɳɟɧɢɹ ɜɤɥɸɱɟɧɢɹ Roaming Profile ɨɩɪɟɞɟɥɟɧɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɤɚɬɚɥɨɝɨɜ ɜ (ɂɫɤɥɸɱɢɬɶ ɤɚɬɚɥɨɝɢ ɢɡ ɪɨɭɦɢɧɝɨɜɵɣ ɩɪɨɮɢɥɶ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɪɨɭɦɢɧɝɨɜɵɯ ɩɪɨɮɢɥɟɣ) (ɜ ɪɚɡɞɟɥɟ User Configuration) Limit Profile Size (Ɉɝɪɚɧɢɱɢɬɶ ɪɚɡɦɟɪ ɩɪɨɮɢɥɹ) (ɜ ɪɚɡɞɟɥɟ User Configuration)
Ʉɚɤ ɩɨɤɚɡɚɧɨ ɜ ɬɚɛɥɢɰɟ 13-2, Active Directory Windows Server 2003 ɢɦɟɟɬ ɦɨɳɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɪɨɭɦɢɧɝɨɜɵɦɢ ɩɪɨɮɢɥɹɦɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɉɧɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ
ɫɩɟɰɢɮɢɱɧɵɯ ɤɨɧɮɢɝɭɪɚɰɢɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ. ɇɚɩɪɢɦɟɪ, ɞɥɹ ɛɨɥɶɲɢɧɫɬɜɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜɚɲɟɣ ɤɨɦɩɚɧɢɢ, ɤɨɬɨɪɵɟ ɜɯɨɞɹɬ ɜ ɞɨɦɟɧ ɱɟɪɟɡ ɛɵɫɬɪɵɟ ɫɟɬɟɜɵɟ ɩɨɞɤɥɸɱɟɧɢɹ, ɦɨɠɧɨ ɢɡɦɟɧɢɬɶ ɧɟɤɨɬɨɪɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɪɨɭɦɢɧɝɨɜɵɯ ɩɪɨɮɢɥɟɣ, ɬɚɤɢɯ ɤɚɤ ɨɝɪɚɧɢɱɟɧɢɟ ɪɚɡɦɟɪɚ ɩɪɨɮɢɥɹ, ɧɨ ɩɪɢɧɹɬɶ ɨɫɬɚɥɶɧɵɟ ɡɧɚɱɟɧɢɹ ɡɚɞɚɧɧɵɦɢ ɩɨ ɭɦɨɥɱɚɧɢɸ. Ⱦɥɹ ɬɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɤɨɬɨɪɵɦ ɬɪɟɛɭɸɬɫɹ ɫɩɟɰɢɚɥɶɧɵɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ, ɦɨɝɭɬ ɩɨɧɚɞɨɛɢɬɶɫɹ ɨɫɨɛɟɧɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɧɚɩɪɢɦɟɪ, ɡɚɩɪɟɬ ɧɚ ɡɚɝɪɭɡɤɭ ɪɨɭɦɢɧɝɨɜɵɯ ɩɪɨɮɢɥɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɥɢ ɨɛɹɡɚɬɟɥɶɧɚɹ ɡɚɝɪɭɡɤɚ ɩɪɨɮɢɥɹ. Ⱦɥɹ ɬɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɤɨɬɨɪɵɟ ɜɯɨɞɹɬ ɜ ɫɟɬɶ ɱɟɪɟɡ ɦɟɞɥɟɧɧɵɟ ɫɟɬɟɜɵɟ ɩɨɞɤɥɸɱɟɧɢɹ, ɧɭɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɚɪɚɦɟɬɪɵ ɦɟɞɥɟɧɧɵɯ ɫɟɬɟɜɵɯ ɩɨɞɤɥɸɱɟɧɢɣ. ɋɨɡɞɚɜɚɹ ɫɬɪɭɤɬɭɪɭ ɨɪɝɚɧɢɡɚɰɢɨɧɧɵɯ ɟɞɢɧɢɰ (OU), ɤɨɬɨɪɚɹ ɫɨɨɬɜɟɬɫɬɜɭɟɬ ɬɪɟɛɨɜɚɧɢɹɦ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɩɪɨɮɢɥɟɣ, ɦɨɠɧɨ ɪɟɚɥɢɡɨɜɚɬɶ ɨɫɨɛɵɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɪɨɭɦɢɧɝɨɜɵɯ ɩɪɨɮɢɥɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɋɨɭɦɢɧɝɨɜɵɟ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɩɪɨɮɢɥɢ ɩɨɥɟɡɧɵ ɞɥɹ ɤɨɦɩɚɧɢɣ, ɜ ɤɨɬɨɪɵɯ ɩɨɥɶɡɨɜɚɬɟɥɢ ɧɟ ɩɨɥɶɡɭɸɬɫɹ ɜɫɟ ɜɪɟɦɹ ɨɞɧɢɦ ɢ ɬɟɦ ɠɟ ɤɨɦɩɶɸɬɟɪɨɦ. Ʉɨɝɞɚ ɮɭɧɤɰɢɹ ɪɨɭɦɢɧɝɨɜɵɯ ɩɪɨɮɢɥɟɣ ɜɤɥɸɱɟɧɚ, ɪɚɛɨɱɚɹ ɫɪɟɞɚ ɩɨɥɶɡɨɜɚɬɟɥɹ ɨɫɬɚɟɬɫɹ ɨɞɧɨɣ ɢ ɬɨɣ ɠɟ, ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɜ ɤɚɤɨɦ ɦɟɫɬɟ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɫɢɫɬɟɦɭ. Ɉɞɧɚɤɨ ɪɨɭɦɢɧɝɨɜɵɟ ɩɪɨɮɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɦɟɸɬ ɧɟɤɨɬɨɪɵɟ ɨɝɪɚɧɢɱɟɧɢɹ. ɋɚɦɚɹ ɛɨɥɶɲɚɹ ɩɪɨɛɥɟɦɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɩɪɨɮɢɥɶ ɦɨɠɟɬ ɫɬɚɬɶ ɨɱɟɧɶ ɛɨɥɶɲɢɦ. ɇɚɩɪɢɦɟɪ, ɩɨɥɶɡɨɜɚɬɟɥɶ ɯɪɚɧɢɬ ɛɨɥɶɲɢɧɫɬɜɨ ɫɜɨɢɯ ɞɨɤɭɦɟɧɬɨɜ ɜ ɩɚɩɤɟ My Documents (Ɇɨɢ ɞɨɤɭɦɟɧɬɵ) ɢɥɢ ɧɚ ɪɚɛɨɱɟɦ ɫɬɨɥɟ. ȼɪɟɦɟɧɧɵɟ ɢɧɬɟɪɧɟɬ-ɮɚɣɥɵ ɦɨɝɭɬ ɜɵɪɚɫɬɚɬɶ ɞɨ ɪɚɡɦɟɪɨɜ, ɫɨɫɬɚɜɥɹɸɳɢɯ ɞɟɫɹɬɤɢ ɦɟɝɚɛɚɣɬ. ȼɫɟ ɷɬɢ ɮɚɣɥɵ ɫɨɯɪɚɧɹɸɬɫɹ ɜ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɦ ɩɪɨɮɢɥɟ. ɉɪɨɛɥɟɦɚ ɡɚɤɥɸɱɚɟɬɫɹ ɜ ɬɨɦ, ɱɬɨ ɜɟɫɶ ɩɪɨɮɢɥɶ ɞɨɥɠɟɧ ɛɵɬɶ ɫɤɨɩɢɪɨɜɚɧ ɧɚ ɥɨɤɚɥɶɧɭɸ ɪɚɛɨɱɭɸ ɫɬɚɧɰɢɸ ɜɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɜɯɨɞɢɬ ɜ ɫɢɫɬɟɦɭ, ɢ ɤɨɦɩɶɸɬɟɪ ɨɛɧɚɪɭɠɢɜɚɟɬ, ɱɬɨ ɩɪɨɮɢɥɶ, ɧɚɯɨɞɹɳɢɣɫɹ ɧɚ ɫɟɪɜɟɪɟ, ɧɨɜɟɟ, ɱɟɦ ɩɪɨɮɢɥɶ, ɧɚɯɨɞɹɳɢɣɫɹ ɧɚ ɥɨɤɚɥɶɧɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɞɟɥɚɟɬ ɢɡɦɟɧɟɧɢɹ ɩɪɨɮɢɥɹ, ɬɨ ɩɪɢ ɜɵɯɨɞɟ ɩɪɨɮɢɥɶ ɤɨɩɢɪɭɟɬɫɹ ɧɚɡɚɞ ɧɚ ɫɟɪɜɟɪ. ɗɬɨɬ ɩɪɨɰɟɫɫ ɫɨɡɞɚɟɬ ɫɭɳɟɫɬɜɟɧɧɵɣ ɨɛɴɟɦ ɫɟɬɟɜɨɝɨ ɬɪɚɮɢɤɚ.
Active Directory Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɩɟɪɟɧɚɡɧɚɱɟɧɢɟ ɩɚɩɤɢ ɤɚɤ ɫɩɨɫɨɛ ɩɨɥɭɱɟɧɢɹ ɜɵɝɨɞɵ ɨɬ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɪɨɭɦɢɧɝɨɜɵɯ ɩɪɨɮɢɥɟɣ ɩɪɢ ɭɦɟɧɶɲɟɧɢɢ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɫɟɬɢ. ȿɫɥɢ ɜɤɥɸɱɟɧɚ ɮɭɧɤɰɢɹ ɩɟɪɟɧɚɡɧɚɱɟɧɢɹ ɩɚɩɤɢ, ɬɨ ɩɚɩɤɢ, ɤɨɬɨɪɵɟ ɨɛɵɱɧɨ ɹɜɥɹɸɬɫɹ ɱɚɫɬɶɸ ɦɟɫɬɧɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɩɪɨɮɢɥɹ, ɩɟɪɟɦɟɳɚɸɬɫɹ ɢɡ ɦɟɫɬɧɨɝɨ ɩɪɨɮɢɥɹ ɢ ɫɨɯɪɚɧɹɸɬɫɹ ɧɚ ɫɟɬɟɜɨɦ ɪɟɫɭɪɫɟ. ɇɚɩɪɢɦɟɪ, ɨɞɧɚ ɢɡ ɬɢɩɢɱɧɵɯ ɩɚɩɨɤ, ɤɨɬɨɪɚɹ ɤɨɧɮɢɝɭɪɢɪɭɟɬɫɹ ɞɥɹ ɩɟɪɟɧɚɡɧɚɱɟɧɢɹ ɩɚɩɤɢ, — ɷɬɨ ɩɚɩɤɚ My Documents. ȼɨ ɦɧɨɝɢɯ ɤɨɦɩɚɧɢɹɯ ɷɬɚ ɩɚɩɤɚ ɹɜɥɹɟɬɫɹ ɥɨɝɢɱɟɫɤɨɣ
ɩɚɩɤɨɣ, ɢɫɩɨɥɶɡɭɸɳɟɣɫɹ ɞɥɹ ɩɟɪɟɚɞɪɟɫɨɜɚɧɢɹ, ɬɚɤ ɤɚɤ ɨɧɚ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɦɟɫɬɨ ɞɥɹ ɯɪɚɧɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɮɚɣɥɨɜ. Ʉɨɝɞɚ ɷɬɚ ɩɚɩɤɚ ɤɨɧɮɢɝɭɪɢɪɭɟɬɫɹ ɞɥɹ ɩɟɪɟɧɚɡɧɚɱɟɧɢɹ, ɜɵ ɫɨɯɪɚɧɹɟɬɟ ɟɟ ɧɚ ɫɟɬɟɜɨɦ ɪɟɫɭɪɫɟ, ɝɞɟ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨ ɩɨɞɞɟɪɠɢɜɚɟɬɫɹ ɟɟ ɪɟɡɟɪɜɧɨɟ ɤɨɩɢɪɨɜɚɧɢɟ ɢ ɨɞɧɨɜɪɟɦɟɧɧɨ ɨɛɫɥɭɠɢɜɚɟɬɫɹ ɫɪɟɞɚ ɤɨɧɟɱɧɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɉɟɪɟɧɚɡɧɚɱɟɧɢɟ ɩɚɩɤɢ ɩɨɥɧɨɫɬɶɸ ɩɪɨɡɪɚɱɧɨ ɞɥɹ ɤɨɧɟɱɧɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɟɞɢɧɫɬɜɟɧɧɵɣ ɫɩɨɫɨɛ ɭɡɧɚɬɶ, ɱɬɨ ɩɚɩɤɚ ɛɵɥɚ ɩɟɪɟɚɞɪɟɫɨɜɚɧɚ, - ɩɨɫɦɨɬɪɟɬɶ ɫɜɨɣɫɬɜɚ ɩɚɩɤɢ My Documents. Ⱦɪɭɝɚɹ ɩɪɢɱɢɧɚ ɩɟɪɟɧɚɡɧɚɱɟɧɢɹ ɩɚɩɤɢ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɜɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɷɬɭ ɨɩɰɢɸ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɫɬɚɧɞɚɪɬɧɨɣ ɫɪɟɞɵ ɪɚɛɨɱɟɝɨ ɫɬɨɥɚ ɜɦɟɫɬɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɩɪɢɧɭɞɢɬɟɥɶɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɩɪɨɮɢɥɟɣ. ɇɚɩɪɢɦɟɪ, ɦɨɠɧɨ ɩɟɪɟɚɞɪɟɫɨɜɚɬɶ ɩɚɩɤɢ Start Menu ɢɥɢ Desktop ɧɚ ɫɟɬɟɜɨɣ ɪɟɫɭɪɫ, ɡɚɬɟɦ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɝɪɭɩɩɭ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɢɫɩɨɥɶɡɭɸɳɢɯ ɨɞɧɭ ɢ ɬɭ ɠɟ ɩɚɩɤɭ. Ⱦɚɜɚɹ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɪɚɡɪɟɲɟɧɢɹ Read (ɑɬɟɧɢɟ) ɤ ɷɬɢɦ ɩɚɩɤɚɦ, ɧɨ ɧɟ ɞɚɜɚɹ ɪɚɡɪɟɲɟɧɢɹ Write (ɉɢɫɚɬɶ), ɜɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɫɬɚɧɞɚɪɬɧɵɣ ɪɚɛɨɱɢɣ ɫɬɨɥ ɞɥɹ ɝɪɭɩɩɵ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Ɇɨɠɧɨ ɩɟɪɟɧɚɡɧɚɱɢɬɶ ɱɟɬɵɪɟ ɪɚɡɥɢɱɧɵɟ ɩɚɩɤɢ ɜ Active Directory Windows Server 2003: Application Data, Desktop, My Documents ɢ Start Menu ɉɟɪɟɧɚɡɧɚɱɟɧɢɟ ɩɚɩɤɢ ɤɨɧɮɢɝɭɪɢɪɭɟɬɫɹ ɜ ɪɟɞɚɤɬɨɪɟ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɜɵɛɨɪɨɦ User Configuration (Ʉɨɧɮɢɝɭɪɚɰɢɹ ɩɨɥɶɡɨɜɚɬɟɥɹ), ɞɚɥɟɟ - Windows Settings (ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ Windows), ɡɚɬɟɦ - Folder Redirection (ɉɟɪɟɧɚɩɪɚɜɥɟɧɢɟ ɩɚɩɚɤɢ). ɉɚɩɤɢ ɩɟɪɟɱɢɫɥɟɧɵ ɬɚɤɢɦ ɨɛɪɚɡɨɦ, ɱɬɨ ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɤɚɠɞɭɸ ɩɚɩɤɭ ɨɬɞɟɥɶɧɨ. ɑɬɨɛɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɚɩɤɭ My Documents ɞɥɹ ɩɟɪɟɧɚɡɧɚɱɟɧɢɹ, ɧɚɣɞɢɬɟ ɨɛɴɟɤɬ My Documents ɜ ɩɚɩɤɟ Folder Redirection (ɉɟɪɟɧɚɡɧɚɱɟɧɢɟ ɩɚɩɤɢ), ɳɟɥɤɧɢɬɟ ɧɚ ɧɟɦ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ, ɚ ɡɚɬɟɦ ɜɵɛɟɪɢɬɟ Properties (ɋɜɨɣɫɬɜɚ). ɉɟɪɜɚɹ ɜɤɥɚɞɤɚ ɥɢɫɬɚ Properties ɨɛɴɟɤɬɚ - ɷɬɨ ɜɤɥɚɞɤɚ Target (ɐɟɥɶ) (ɫɦ. ɪɢɫ. 13-3). ɇɚ ɷɬɨɣ ɜɤɥɚɞɤɟ ɢɦɟɟɬɫɹ ɬɪɢ ɤɨɧɮɢɝɭɪɚɰɢɨɧɧɵɟ ɨɩɰɢɢ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɨɩɰɢɹ Setting (ɉɚɪɚɦɟɬɪɵ ɭɫɬɚɧɨɜɤɢ) ɭɫɬɚɧɨɜɥɟɧɚ ɤɚɤ Not Configured (He ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ), ɬ.ɟ. ɩɚɩɤɚ ɧɟ ɩɟɪɟɚɞɪɟɫɨɜɚɧɚ ɧɚ ɫɟɬɟɜɨɣ ɪɟɫɭɪɫ. Ⱦɜɟ ɞɪɭɝɢɟ ɨɩɰɢɢ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɟ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ, ɫɥɟɞɭɸɳɢɟ. • Basic - Redirect Everyone's Folder To The Same Location (Ɉɫɧɨɜɧɚɹ -ɩɟɪɟɚɞɪɟɫɨɜɚɬɶ ɜɫɟ ɩɚɩɤɢ ɜ ɨɞɧɨ ɢ ɬɨ ɠɟ ɦɟɫɬɨ). ɂɫɩɨɥɶɡɭɟɬɫɹ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɜɵ ɯɨɬɢɬɟ ɫɨɡɞɚɬɶ ɨɞɧɨ ɦɟɫɬɨ, ɤɭɞɚ ɛɭɞɭɬ ɩɟɪɟɚɞɪɟɫɨɜɚɧɵ ɜɫɟ ɩɚɩɤɢ. ɇɚɩɪɢɦɟɪ, ɩɚɩɤɢ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɧɚ ɤɨɬɨɪɵɯ ɞɟɣɫɬɜɭɟɬ ɷɬɚ
•
ɩɨɥɢɬɢɤɚ, ɛɭɞɭɬ ɪɚɫɩɨɥɨɠɟɧɵ ɧɚ ɫɟɬɟɜɨɦ ɪɟɫɭɪɫɟ \ \servernam \sharenam . Advanced - Specify Locations For Various User Groups (Ɋɚɫɲɢɪɟɧɧɚɹ -ɭɤɚɡɚɬɶ ɦɟɫɬɨɩɨɥɨɠɟɧɢɟ ɞɥɹ ɪɚɡɥɢɱɧɵɯ ɝɪɭɩɩ ɩɨɥɶɡɨɜɚɬɟɥɟɣ). ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɚɥɶɬɟɪɧɚɬɢɜɧɵɯ ɦɟɫɬɨɩɨɥɨɠɟɧɢɣ ɞɥɹ ɩɟɪɟɚɞɪɟɫɨɜɚɧɧɨɣ ɩɚɩɤɢ ɜ ɡɚɜɢɫɢɦɨɫɬɢ ɨɬ ɬɨɝɨ, ɤɚɤɨɣ ɝɪɭɩɩɟ Active
Directory ɩɪɢɧɚɞɥɟɠɢɬ ɩɨɥɶɡɨɜɚɬɟɥɶ. ȿɫɥɢ ɨɩɰɢɹ ɜɵɛɪɚɧɚ, ɦɨɠɧɨ ɚɥɶɬɟɪɧɚɬɢɜɧɨɟ ɰɟɥɟɜɨɟ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɩɚɩɤɢ ɞɥɹ ɤɚɠɞɨɣ ɝɪɭɩɩɵ.
ɧɚɡɧɚɱɚɬɶ
. 13-3.
С
Advanced
.
.
,
, ,
.
Advanced,
, , .
, . Ʉɚɤ ɬɨɥɶɤɨ ɜɵɛɪɚɧɵ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɞɥɹ ɩɟɪɟɚɞɪɟɫɨɜɚɧɢɹ ɩɚɩɨɤ, ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɰɟɥɟɜɨɟ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɩɚɩɤɢ. ɂɦɟɟɬɫɹ ɧɟɫɤɨɥɶɤɨ ɨɩɰɢɣ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɜɵɛɨɪɚ ɦɟɫɬɚ ɯɪɚɧɟɧɢɹ ɩɚɩɤɢ. • Redirect To The User's Home Directory (ɉɟɪɟɚɞɪɟɫɨɜɚɬɶ ɜ ɨɫɧɨɜɧɨɣ ɤɚɬɚɥɨɝ ɩɨɥɶɡɨɜɚɬɟɥɹ). ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɟɪɟɚɞɪɟɫɚɰɢɢ ɩɚɩɤɢ My Documents ɜ ɨɫɧɨɜɧɨɣ (ɞɨɦɚɲɧɢɣ) ɤɚɬɚɥɨɝ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɤɨɬɨɪɵɣ ɨɩɪɟɞɟɥɟɧ ɜ ɫɜɨɣɫɬɜɚɯ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɂɫɩɨɥɶɡɭɣɬɟ ɷɬɭ ɨɩɰɢɸ, ɬɨɥɶɤɨ ɟɫɥɢ ɜɵ ɭɠɟ ɫɨɡɞɚɥɢ ɨɫɧɨɜɧɨɣ ɤɚɬɚɥɨɝ. ȿɫɥɢ ɨɫɧɨɜɧɨɣ ɤɚɬɚɥɨɝ ɧɟ ɫɨɡɞɚɧ, ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɷɬɨɣ ɨɩɰɢɢ ɟɝɨ ɧɟ ɫɨɡɞɚɫɬ. Ɉɩɰɢɹ ɞɨɫɬɭɩɧɚ ɬɨɥɶɤɨ ɞɥɹ ɩɚɩɤɢ My Documents. • Create a Folder For Each User Under The Root Path (ɋɨɡɞɚɬɶ ɩɚɩɤɭ ɞɥɹ ɤɚɠɞɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ ɜ ɤɨɪɧɟɜɨɦ ɤɚɬɚɥɨɝɟ). ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɤɚɡɚɧɢɹ ɤɨɪɧɟɜɨɝɨ ɤɚɬɚɥɨɝɚ, ɜ ɤɨɬɨɪɨɦ ɛɭɞɭɬ ɯɪɚɧɢɬɶɫɹ ɩɚɩɤɢ. Ʉɨɝɞɚ ɜɵ ɜɵɛɢɪɚɟɬɟ ɷɬɭ ɨɩɰɢɸ, ɩɚɩɤɚ ɛɭɞɟɬ ɫɨɡɞɚɧɚ ɜ ɤɨɪɧɟɜɨɦ ɤɚɬɚɥɨɝɟ ɤɚɠɞɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɂɦɹ ɩɚɩɤɢ ɛɭɞɟɬ ɨɫɧɨɜɚɧɨ ɧɚ ɩɟɪɟɦɟɧɧɨɣ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ %username %. • Redirect To The Following Location (ɉɟɪɟɚɞɪɟɫɨɜɚɬɶ ɩɨ ɫɥɟɞɭɸɳɟɦɭ ɚɞɪɟɫɭ). ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɤɚɡɚɧɢɹ ɤɨɪɧɟɜɨɝɨ ɤɚɬɚɥɨɝɚ ɢ ɦɟɫɬɚ ɪɚɫɩɨɥɨɠɟɧɢɹ ɩɚɩɤɢ ɞɥɹ ɤɚɠɞɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȼɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ UNC-ɩɭɬɶ ɢɥɢ ɩɭɬɶ ɤ ɥɨɤɚɥɶɧɨɦɭ ɞɢɫɤɭ. ɂɫɩɨɥɶɡɭɣɬɟ ɩɟɪɟɦɟɧɧɭɸ %username % ɞɥɹ ɫɨɡɞɚɧɢɹ ɢɧɞɢɜɢɞɭɚɥɶɧɵɯ ɩɚɩɨɤ. ɗɬɚ ɨɩɰɢɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɬɚɤɠɟ ɞɥɹ ɩɟɪɟɚɞɪɟɫɚɰɢɢ ɧɟɫɤɨɥɶɤɢɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɤ ɨɞɧɨɣ ɢ ɬɨɣ ɠɟ ɩɚɩɤɟ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɧɭɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɫɬɚɧɞɚɪɬɧɨɟ Start Menu ɞɥɹ ɝɪɭɩɩɵ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɦɨɠɧɨ ɭɤɚɡɚɬɶ ɞɥɹ ɜɫɟɯ ɨɞɢɧ ɢ ɬɨɬ ɠɟ ɮɚɣɥ.
•
Redirect To The Local Userprofile Location (ɉɟɪɟɚɞɪɟɫɨɜɚɬɶ ɜ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɥɨɤɚɥɶɧɨɝɨ ɩɪɨɮɢɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ). ɗɬɚ ɭɫɬɚɧɨɜɤɟ ɹɜɥɹɟɬɫɹ ɡɚɞɚɧɧɨɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɤɨɧɮɢɝɭɪɚɰɢɟɣ, ɟɫɥɢ ɧɢɤɚɤɢɟ ɩɨɥɢɬɢɤɢ ɧɟ ɜɤɥɸɱɟɧɵ. ɉɨɫɥɟ ɭɫɬɚɧɨɜɤɢ ɨɩɰɢɢ ɩɚɩɤɢ ɧɟ ɛɭɞɭɬ ɩɟɪɟɚɞɪɟɫɨɜɵɜɚɬɶɫɹ ɧɚ ɫɟɬɟɜɨɣ ɪɟɫɭɪɫ. ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɞɪɭɝɢɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɞɥɹ ɩɟɪɟɚɞɪɟɫɨɜɚɧɧɵɯ ɩɚɩɨɤ. ɑɬɨɛɵ ɫɞɟɥɚɬɶ ɷɬɨ, ɳɟɥɤɧɢɬɟ ɧɚ ɜɤɥɚɞɤɟ Settings ɜ ɨɤɧɟ Properties ɨɛɴɟɤɬɚ (ɫɦ. ɪɢɫ. 13-4).
Р
. 13-4. К
а
е
а а е
а
е е а
аче
я
а
ȼɤɥɚɞɤɚ Settings (ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ) ɢɦɟɟɬ ɧɟɫɤɨɥɶɤɨ ɨɩɰɢɣ ɤɨɧɮɢɝɭɪɚɰɢɢ. • Grant The User Exclusive Rights To foldername (ɉɪɟɞɨɫɬɚɜɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɸ ɢɫɤɥɸɱɢɬɟɥɶɧɵɟ ɩɪɚɜɚ ɧɚ ). ɉɪɟɞɨɫɬɚɜɥɹɟɬ ɩɨɥɶɡɨɜɚɬɟɥɸ ɢ ɫɢɫɬɟɦɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɧɵɣ ɤɨɧɬɪɨɥɶ ɧɚɞ ɩɚɩɤɨɣ. ɍɱɟɬɧɚɹ ɡɚɩɢɫɶ Administrator (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪ) ɧɟ ɛɭɞɟɬ ɢɦɟɬɶ ɧɢɤɚɤɨɝɨ ɞɨɫɬɭɩɚ ɤ ɷɬɨɣ ɩɚɩɤɟ. ȿɫɥɢ ɜɵ ɨɱɢɫɬɢɬɟ ɮɥɚɠɨɤ, ɬɨ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɩɚɩɤɟ ɛɭɞɭɬ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɧɚ ɨɫɧɨɜɟ ɭɧɚɫɥɟɞɨɜɚɧɧɵɯ ɪɚɡɪɟɲɟɧɢɣ. • Move The Contents Of foldername To The New Location (ɉɟɪɟɦɟɫɬɢɬɶ ɫɨɞɟɪɠɢɦɨɟ ɩɚɩɤɢ ɜ ɧɨɜɨɟ ɦɟɫɬɨ). ɉɟɪɟɦɟɳɚɟɬ ɬɟɤɭɳɟɟ ɫɨɞɟɪɠɢɦɨɟ ɩɟɪɟɚɞɪɟɫɨɜɚɧɧɨɣ ɩɚɩɤɢ ɜ ɰɟɥɟɜɨɟ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ. ȿɫɥɢ ɨɩɰɢɹ ɧɟ ɜɵɛɪɚɧɚ, ɫɨɞɟɪɠɢɦɨɟ ɬɟɤɭɳɟɣ ɩɚɩɤɢ ɧɟ ɛɭɞɟɬ ɫɤɨɩɢɪɨɜɚɧɨ ɜ ɰɟɥɟɜɨɟ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ. • Policy Removal (ɍɞɚɥɟɧɢɟ ɩɨɥɢɬɢɤɢ). ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɜɵɛɨɪɚ ɞɟɣɫɬɜɢɣ ɜ ɫɥɭɱɚɟ ɭɞɚɥɟɧɢɹ ɩɨɥɢɬɢɤɢ. ȿɫɥɢ ɜɵ ɩɪɢɦɟɬɟ ɡɚɞɚɧɧɭɸ ɩɨ ɭɦɨɥɱɚɧɢɸ ɨɩɰɢɸ Leave The Folder In The New Location When Policy Is Removed (Ɉɫɬɚɜɢɬɶ ɩɚɩɤɭ ɜ ɧɨɜɨɦ ɦɟɫɬɟ, ɤɨɝɞɚ ɩɨɥɢɬɢɤɚ ɭɞɚɥɟɧɚ), ɬɨ ɫɨɞɟɪɠɢɦɨɟ ɩɟɪɟɚɞɪɟɫɨɜɚɧɧɨɣ ɩɚɩɤɢ ɧɟ ɛɭɞɟɬ ɩɟɪɟɦɟɳɟɧɨ ɜ ɥɨɤɚɥɶɧɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɩɪɨɮɢɥɶ, ɟɫɥɢ ɩɨɥɢɬɢɤɚ ɭɞɚɥɟɧɚ. ȼɵɛɨɪ ɨɩɰɢɢ Redirect The Folder Back To The Local Userprof ile Location When Policy Is Removed (ɉɟɪɟɚɞɪɟɫɨɜɚɬɶ ɩɚɩɤɭ ɧɚɡɚɞ ɤ ɦɟɫɬɭ ɪɚɫɩɨɥɨɠɟɧɢɹ ɥɨɤɚɥɶɧɨɝɨ ɩɪɨɮɢɥɹ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɤɨɝɞɚ ɩɨɥɢɬɢɤɚ ɭɞɚɥɟɧɚ) ɩɟɪɟɦɟɫɬɢɬ ɫɨɞɟɪɠɢɦɨɟ ɩɚɩɤɢ, ɤɨɝɞɚ ɩɨɥɢɬɢɤɚ ɛɭɞɟɬ ɭɞɚɥɟɧɚ. • My Pictures Preferences (ɉɪɟɞɩɨɱɬɟɧɢɹ, ɤɚɫɚɸɳɢɟɫɹ ɩɚɩɚɤɢ My Pictures). ɗɬɚ ɭɫɬɚɧɨɜɤɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɬɨɝɨ, ɛɭɞɟɬ ɥɢ ɩɚɩɤɚ My Pictures ɜɤɥɸɱɟɧɚ ɜ ɩɟɪɟɧɚɡɧɚɱɟɧɢɟ ɩɚɩɤɢ My Documents. Ʉɨɝɞɚ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɩɟɪɟɧɚɡɧɚɱɟɧɢɟ, ɱɬɨɛɵ ɩɟɪɟɚɞɪɟɫɨɜɚɬɶ ɩɚɩɤɭ My Documents, ɫɨɞɟɪɠɢɦɨɟ ɩɚɩɤɢ ɧɟ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɫɟɪɜɟɪ ɢ ɨɛɪɚɬɧɨ, ɤɚɤ ɷɬɨ ɞɟɥɚɟɬɫɹ ɜ ɫɥɭɱɚɟ ɫ ɪɨɭɦɢɧɝɨɜɵɦɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦɢ ɩɪɨɮɢɥɹɦɢ. ɋɨɞɟɪɠɢɦɨɟ ɩɚɩɤɢ ɪɚɫɩɨɥɨɠɟɧɨ ɧɚ ɫɟɪɜɟɪɟ, ɤɚɤ ɢ ɥɸɛɵɟ ɞɪɭɝɢɟ ɞɚɧɧɵɟ ɫɟɬɟɜɨɝɨ ɪɟɫɭɪɫɚ. ɋɥɟɞɨɜɚɬɟɥɶɧɨ, ɱɚɫɬɶ ɫɨɞɟɪɠɢɦɨɝɨ ɩɚɩɤɢ ɩɟɪɟɫɟɤɚɟɬ ɫɟɬɶ ɬɨɥɶɤɨ ɬɨɝɞɚ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɨɬɤɪɵɜɚɟɬ ɮɚɣɥ ɜ ɩɚɩɤɟ. ɗɬɨ ɫɩɪɚɜɟɞɥɢɜɨ ɢ ɞɥɹ ɩɚɩɤɢ Desktop (Ɋɚɛɨɱɢɣ ɫɬɨɥ). ȿɫɥɢ ɧɚ ɪɚɛɨɱɟɦ ɫɬɨɥɟ ɢɦɟɟɬɫɹ ɛɨɥɶɲɨɣ ɮɚɣɥ, ɬɨ ɷɬɨɬ ɮɚɣɥ ɯɪɚɧɢɬɫɹ ɧɚ ɫɟɬɟɜɨɦ ɪɟɫɭɪɫɟ ɢ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɤɨɦɩɶɸɬɟɪ ɤɥɢɟɧɬɚ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɨɬɤɪɵɜɚɟɬ ɮɚɣɥ. Ɍɨɬ ɮɚɤɬ, ɱɬɨ ɞɚɧɧɵɟ ɩɟɪɟɫɟɤɚɸɬ ɫɟɬɶ ɬɨɥɶɤɨ ɩɨ ɬɪɟɛɨɜɚɧɢɸ, ɦɨɠɟɬ ɡɧɚɱɢɬɟɥɶɧɨ ɭɥɭɱɲɚɬɶ ɜɵɩɨɥɧɟɧɢɟ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɨɫɨɛɟɧɧɨ ɟɫɥɢ ɭ ɜɚɫ ɢɦɟɟɬɫɹ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɨɞɧɨɜɪɟɦɟɧɧɨ ɡɚɝɪɭɠɚɸɳɢɯ ɫɜɨɢ ɪɨɭɦɢɧɝɨɜɵɟ ɩɪɨɮɢɥɢ.
Ɉɞɧɨ ɢɡ ɩɪɟɢɦɭɳɟɫɬɜ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɩɪɨɮɢɥɟɣ ɞɥɹ ɫɨɯɪɚɧɟɧɢɹ ɩɚɩɨɤ ɬɢɩɚ ɩɚɩɤɢ My Documents ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɩɨɫɥɟ ɧɚɱɚɥɶɧɨɝɨ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɤɨɩɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɩɪɨɮɢɥɹ ɜɫɟɝɞɚ ɫɨɯɪɚɧɹɟɬɫɹ ɜ ɦɟɫɬɧɨɦ ɦɚɫɲɬɚɛɟ, ɬ.ɟ. ɟɫɥɢ ɫɟɪɜɟɪ ɩɪɨɮɢɥɹ ɧɟɞɨɫɬɭɩɟɧ ɢɥɢ ɪɚɛɨɱɚɹ ɫɬɚɧɰɢɹ ɨɬɤɥɸɱɟɧɚ ɨɬ ɫɟɬɢ, ɬɨ ɩɪɨɮɢɥɶ, ɭɤɨɦɩɥɟɤɬɨɜɚɧɧɵɣ ɩɚɩɤɨɣ My Documents, ɛɭɞɟɬ ɞɨɫɬɭɩɟɧ ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ. Ʉɨɝɞɚ ɪɚɛɨɱɚɹ ɫɬɚɧɰɢɹ ɩɨɜɬɨɪɧɨ ɫɜɹɡɵɜɚɟɬɫɹ ɫ ɫɟɬɶɸ, ɢɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɤ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɦɭ ɩɪɨɮɢɥɸ, ɤɨɩɢɪɭɸɬɫɹ ɧɚ ɫɟɪɜɟɪ. ȼɵ ɦɨɠɟɬɟ ɞɨɫɬɢɱɶ ɷɬɨɝɨ, ɤɨɦɛɢɧɢɪɭɹ ɩɟɪɟɧɚɡɧɚɱɟɧɢɟ ɩɚɩɤɢ ɫ ɚɜɬɨɧɨɦɧɵɦɢ ɮɚɣɥɚɦɢ. Ⱥɜɬɨɧɨɦɧɵɟ ɮɚɣɥɵ ɞɨɫɬɭɩɧɵ ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ ɫ ɫɢɫɬɟɦɚɦɢ Windows 2000, ɢɥɢ ɛɨɥɟɟ ɩɨɡɞɧɢɦɢ, ɢ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɩɨɞɞɟɪɠɤɢ ɫɢɧɯɪɨɧɢɡɢɪɨɜɚɧɧɨɣ ɤɨɩɢɢ ɨɛɳɟɣ ɩɚɩɤɢ ɦɟɠɞɭ ɥɨɤɚɥɶɧɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɟɣ ɢ ɫɟɬɟɜɵɦ ɪɟɫɭɪɫɨɦ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɩɟɪɟɚɞɪɟɫɨɜɚɧɧɵɟ ɩɚɩɤɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɞɥɹ ɚɜɬɨɧɨɦɧɨɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɫ ɤɥɢɟɧɬɚɦɢ, ɢɦɟɸɳɢɦɢ ɫɢɫɬɟɦɭ Windows XP Professional. ȿɫɥɢ ɢɦɟɸɬɫɹ ɤɥɢɟɧɬɵ ɫ ɫɢɫɬɟɦɨɣ Windows 2000, ɦɨɠɧɨ ɳɟɥɤɧɭɬɶ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɩɚɩɤɟ My Documents, ɪɚɫɩɨɥɨɠɟɧɧɨɣ ɧɚ ɪɚɛɨɱɟɦ ɫɬɨɥɟ, ɢ ɜɵɛɪɚɬɶ Make Available Offline (ɋɞɟɥɚɬɶ ɞɨɫɬɭɩɧɵɦ ɜ ɚɜɬɨɧɨɦɧɨɦ ɪɟɠɢɦɟ). ȼɤɥɸɱɟɧɢɟ ɚɜɬɨɧɨɦɧɵɯ ɮɚɣɥɨɜ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɩɟɪɟɚɞɪɟɫɨɜɚɧɧɚɹ ɩɚɩɤɚ ɛɭɞɟɬ ɫɤɨɩɢɪɨɜɚɧɚ ɤɥɢɟɧɬɚɦ, ɞɟɥɚɹ ɩɚɩɤɭ ɞɨɫɬɭɩɧɨɣ ɞɚɠɟ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɫɟɬɟɜɨɟ ɦɟɫɬɨ, ɜ ɤɨɬɨɪɨɟ ɛɵɥɚ ɩɟɪɟɚɞɪɟɫɨɜɚɧɚ ɩɚɩɤɚ, ɧɟɞɨɫɬɭɩɧɨ.
Ɉɞɢɧ ɢɡ ɤɪɢɬɢɱɟɫɤɢɯ ɦɨɦɟɧɬɨɜ ɜ ɭɩɪɚɜɥɟɧɢɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦ ɪɚɛɨɱɢɦ ɫɬɨɥɨɦ ɫɨɫɬɨɢɬ ɜ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɢ ɧɚ ɧɢɯ ɡɚɳɢɬɵ. ɉɨɞɞɟɪɠɚɧɢɟ ɫɨɝɥɚɫɨɜɚɧɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɡɚɳɢɬɵ ɞɥɹ ɬɵɫɹɱ ɪɚɛɨɱɢɯ ɫɬɨɥɨɜ ɩɨɱɬɢ ɧɟɜɨɡɦɨɠɧɨ ɛɟɡ ɰɟɧɬɪɚɥɶɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ. Ⱦɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ. ɇɟɤɨɬɨɪɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɟ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɦɨɝɭɬ ɛɵɬɶ ɪɟɚɥɢɡɨɜɚɧɵ ɬɨɥɶɤɨ ɧɚ ɭɪɨɜɧɟ ɞɨɦɟɧɚ, ɧɟɤɨɬɨɪɵɟ - ɧɚ ɥɸɛɨɦ ɤɨɧɬɟɣɧɟɪɧɨɦ ɭɪɨɜɧɟ.
Account Policies (ɉɨɥɢɬɢɤɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ), ɪɚɫɩɨɥɨɠɟɧɧɵɟ ɜ ɤɨɧɬɟɣɧɟɪɟ Computer Conf iguration\ Windows Settings\Security Settings, ɫɨɞɟɪɠɚɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɬɨɥɶɤɨ ɧɚ ɭɪɨɜɧɟ ɞɨɦɟɧɚ. Account Policies ɜɤɥɸɱɚɟɬ ɬɪɢ ɝɪɭɩɩɵ ɩɨɥɢɬɢɤ: Password Policy (ɉɨɥɢɬɢɤɚ ɩɚɪɨɥɟɣ), Account Lockout Policy (ɉɨɥɢɬɢɤɚ ɛɥɨɤɢɪɨɜɤɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ) ɢ Kerberos Policy (ɉɨɥɢɬɢɤɚ Kerberos) (ɫɦ. ɪɢɫ. 13-5). ɗɬɢ ɩɨɥɢɬɢɤɢ, ɡɚ ɢɫɤɥɸɱɟɧɢɟɦ Kerberos Policy, ɩɪɢɦɟɧɹɸɬɫɹ ɤɨ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɜ ɞɨɦɟɧɟ, ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɫ ɤɚɤɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜɨɲɥɢ ɜ ɫɟɬɶ. ɉɨɥɢɬɢɤɚ Kerberos Policy ɩɪɢɦɟɧɹɟɬɫɹ ɬɨɥɶɤɨ ɧɚ ɬɟɯ ɤɨɦɩɶɸɬɟɪɚɯ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɸɬɫɹ ɫɢɫɬɟɦɵ Windows 2000, Windows XP Professional ɢɥɢ Windows Server 2003.
. 13-5.
Ɉɩɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɩɨɥɢɬɢɤɢ ɩɚɪɨɥɟɣ ɫɨɞɟɪɠɚɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɞɥɹ ɢɫɬɨɪɢɢ ɩɚɪɨɥɹ, ɟɝɨ ɞɥɢɧɵ ɢ ɫɥɨɠɧɨɫɬɢ. ȼ ɬɚɛɥɢɰɟ 13-3 ɨɩɢɫɵɜɚɟɬɫɹ ɤɚɠɞɚɹ ɭɫɬɚɧɨɜɤɚ.
. 13-3.
ɉɚɪɚɦɟɬɪɵ ɭɫɬɚɧɨɜɤɢ Ɉɩɢɫɚɧɢɟ ɤɨɧɮɢɝɭɪɚɰɢɢ
Ɂɧɚɱɟɧɢɟ ɩɨ ɭɦɨɥɱɚɧɢɸ
Enforce Password History Ɉɩɪɟɞɟɥɹɟɬ ɤɨɥɢɱɟɫɬɜɨ ɧɨɜɵɯ (ɉɪɟɞɩɢɫɚɧɧɚɹ ɢɫɬɨɪɢɹ ɭɧɢɤɚɥɶɧɵɯ ɩɚɪɨɥɟɣ, ɤɨɬɨɪɵɟ ɩɚɪɨɥɹ) ɞɨɥɠɧɵ ɛɵɬɶ ɜɜɟɞɟɧɵ, ɩɪɟɠɞɟ ɱɟɦ ɩɨɥɶɡɨɜɚɬɟɥɶ ɫɦɨɠɟɬ ɩɨɜɬɨɪɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɬɚɪɵɣ ɩɚɪɨɥɶ. ȼɨɡɦɨɠɧɵɟ ɡɧɚɱɟɧɢɹ: ɨɬ 0 ɞɨ 24 Maximum Password Age Ɉɩɪɟɞɟɥɹɟɬ ɤɨɥɢɱɟɫɬɜɨ ɞɧɟɣ, ɜ (Ɇɚɤɫɢɦɚɥɶɧɨɟ ɜɪɟɦɹ ɬɟɱɟɧɢɟ ɤɨɬɨɪɵɯ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɩɚɪɨɥɹ) ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɩɚɪɨɥɶ, ɩɪɟɠɞɟ ɱɟɦ ɩɨɥɶɡɨɜɚɬɟɥɶ ɞɨɥɠɟɧ ɛɭɞɟɬ ɟɝɨ ɢɡɦɟɧɢɬɶ. ɑɬɨɛɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɚɪɨɥɶ ɞɥɹ ɛɟɫɤɨɧɟɱɧɨ ɞɨɥɝɨɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ, ɭɫɬɚɧɨɜɢɬɟ ɱɢɫɥɨ ɞɧɟɣ ɧɚ 0. ȼɨɡɦɨɠɧɵɟ ɡɧɚɱɟɧɢɹ: ɨɬ 0 ɞɨ 999
24 ɩɚɪɨɥɹ ɡɚɩɨɦɢɧɚɟɬɫɹ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɢ ɤɨɦɩɶɸɬɟɪɨɜ-ɱɥɟɧɨɜ ɞɨɦɟɧɚ; 0 ɞɥɹ ɚɜɬɨɧɨɦɧɵɯ ɫɟɪɜɟɪɨɜ.
Minimum Password Age Ɉɩɪɟɞɟɥɹɟɬ ɤɨɥɢɱɟɫɬɜɨ ɞɧɟɣ, ɜ (Ɇɢɧɢɦɚɥɶɧɨɟ ɜɪɟɦɹ ɬɟɱɟɧɢɟ ɤɨɬɨɪɵɯ ɩɚɪɨɥɶ ɞɨɥɠɟɧ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɩɚɪɨɥɹ) ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ, ɩɪɟɠɞɟ ɱɟɦ ɩɨɥɶɡɨɜɚɬɟɥɶ ɫɦɨɠɟɬ ɟɝɨ ɢɡɦɟɧɢɬɶ. ɑɬɨɛɵ ɩɨɡɜɨɥɢɬɶ ɧɟɦɟɞɥɟɧɧɨɟ ɢɡɦɟɧɟɧɢɟ ɩɚɪɨɥɹ, ɭɫɬɚɧɨɜɢɬɟ ɷɬɨ ɡɧɚɱɟɧɢɟ ɧɚ 0. ȼɨɡɦɨɠɧɵɟ ɡɧɚɱɟɧɢɹ: ɨɬ 0 ɞɨ 998
1 ɞɟɧɶ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɢ ɤɨɦɩɶɸɬɟɪɨɜɱɥɟɧɨɜ ɞɨɦɟɧɚ; 0 -ɞɥɹ ɚɜɬɨɧɨɦɧɵɯ ɫɟɪɜɟɪɨɜ.
Minimum Password Length Ɉɩɪɟɞɟɥɹɟɬ ɧɚɢɦɟɧɶɲɟɟ (Ɇɢɧɢɦɚɥɶɧɚɹ ɞɥɢɧɚ ɤɨɥɢɱɟɫɬɜɨ ɫɢɦɜɨɥɨɜ, ɩɚɪɨɥɹ) ɬɪɟɛɭɟɦɵɯ ɞɥɹ ɩɚɪɨɥɹ. ȿɫɥɢ ɧɢɤɚɤɨɝɨ ɩɚɪɨɥɹ ɧɟ ɬɪɟɛɭɟɬɫɹ, ɭɫɬɚɧɨɜɢɬɟ ɡɧɚɱɟɧɢɟ ɧɚ 0. ȼɨɡɦɨɠɧɵɟ ɡɧɚɱɟɧɢɹ: ɨɬ 0 ɞɨ 14 Passwords Must Meet ɍɜɟɥɢɱɟɧɢɟ ɫɥɨɠɧɨɫɬɢ ɩɚɪɨɥɹ Complexity Requirements ɡɚ ɫɱɟɬ ɩɪɟɞɩɢɫɚɧɢɹ : (ɉɚɪɨɥɢ ɞɨɥɠɧɵ ɭɫɥɨɜɢɹ, ɱɬɨ ɩɚɪɨɥɶ ɧɟ ɞɨɥɠɟɧ ɭɞɨɜɥɟɬɜɨɪɹɬɶ ɫɨɞɟɪɠɚɬɶ ɤɚɤɭɸ-ɥɢɛɨ ɱɚɫɬɶ ɬɪɟɛɨɜɚɧɢɹɦ ɢɦɟɧɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɷɬɨɣ ɨɩɪɟɞɟɥɟɧɧɨɣ ɫɥɨɠɧɨɫɬɢ) ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ, ɞɨɥɠɟɧ ɫɨɞɟɪɠɚɬɶ ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ 6 ɫɢɦɜɨɥɨɜ, ɫɨɞɟɪɠɚɬɶ ɫɢɦɜɨɥɵ, ɩɪɢɧɚɞɥɟɠɚɳɢɟ ɬɪɟɦ ɢɡ ɱɟɬɵɪɟɯ ɩɟɪɟɱɢɫɥɟɧɧɵɯ ɧɢɠɟ ɤɚɬɟɝɨɪɢɣ: ɚɧɝɥɢɣɫɤɢɟ ɩɪɨɩɢɫɧɵɟ ɛɭɤɜɵ, ɚɧɝɥɢɣɫɤɢɟ ɛɭɤɜɵ ɧɢɠɧɟɝɨ ɪɟɝɢɫɬɪɚ, ɰɢɮɪɵ ɨɬ 0 ɞɨ 10, ɫɩɟɰɢɚɥɶɧɵɟ ɫɢɦɜɨɥɵ (ɬɢɩɚ !, $,#)
7 ɫɢɦɜɨɥɨɜ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɢ ɤɨɦɩɶɸɬɟɪɨɜ-ɱɥɟɧɨɜ ɞɨɦɟɧɚ; 0 ɞɥɹ ɚɜɬɨɧɨɦɧɵɯ ɫɟɪɜɟɪɨɜ.
42 ɞɧɹ.
ȼɤɥɸɱɟɧɨ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɢ ɤɨɦɩɶɸɬɟɪɨɜ-ɱɥɟɧɨɜ ɞɨɦɟɧɚ. ȼɵɤɥɸɱɟɧɨ ɞɥɹ ɚɜɬɨɧɨɦɧɵɯ ɫɟɪɜɟɪɨɜ.
Store Password Using Reversible Encryption (ɏɪɚɧɢɬɶ ɩɚɪɨɥɶ, ɢɫɩɨɥɶɡɭɹ ɨɛɪɚɬɢɦɨɟ ɤɨɞɢɪɨɜɚɧɢɟ)
ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɷɬɨɣ ɭɫɬɚɧɨɜɤɢ Ɂɚɛɥɨɤɢɪɨɜɚɧɨ. ɨɡɧɚɱɚɟɬ ɬɨ ɠɟ ɫɚɦɨɟ, ɱɬɨ ɢ ɫɨɯɪɚɧɟɧɢɟ ɩɚɪɨɥɟɣ ɜ ɨɬɤɪɵɬɨɦ ɬɟɤɫɬɟ. ɗɬɚ ɩɨɥɢɬɢɤɚ ɨɛɟɫɩɟɱɢɜɚɟɬ ɩɨɞɞɟɪɠɤɭ ɞɥɹ ɩɪɢɥɨɠɟɧɢɣ, ɤɨɬɨɪɵɟ ɬɪɟɛɭɸɬ ɞɨɫɬɭɩɚ ɤ ɩɚɪɨɥɸ ɞɥɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ.
Ɉɩɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɩɨɥɢɬɢɤɢ ɛɥɨɤɢɪɨɜɤɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɫɨɞɟɪɠɚɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɞɥɹ ɩɨɪɨɝɚ ɢ ɩɪɨɞɨɥɠɢɬɟɥɶɧɨɫɬɢ ɛɥɨɤɢɪɨɜɤɢ ɩɚɪɨɥɹ, ɚ ɬɚɤɠɟ ɞɥɹ ɩɨɜɬɨɪɧɨɣ ɭɫɬɚɨɜɤɢ ɩɚɪɨɥɹ. ȼ ɬɚɛɥɢɰɟ 13-4 ɨɩɢɫɚɧɵ ɜɫɟ ɭɫɬɚɧɨɜɤɢ. . 13-4.
ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ Ɉɛɴɹɫɧɟɧɢɟ ɤɨɧɮɢɝɭɪɚɰɢɢ Account Lockout Duration (ɉɪɨɞɨɥɠɢɬɟɥɶɧɨɫɬɢ ɛɥɨɤɢɪɨɜɤɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ)
Account Threshold ɛɥɨɤɢɪɨɜɤɢ ɡɚɩɢɫɢ)
Lockout (ɉɨɪɨɝ ɭɱɟɬɧɨɣ
Reset Account Lockout Counter After (ɋɛɪɨɫ ɫɱɟɬɱɢɤɚ ɛɥɨɤɢɪɨɜɤɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ)
Ɉɩɪɟɞɟɥɹɟɬ ɤɨɥɢɱɟɫɬɜɨ ɦɢɧɭɬ, ɜ ɬɟɱɟɧɢɟ ɤɨɬɨɪɵɯ ɡɚɛɥɨɤɢɪɨɜɚɧɧɚɹ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɨɫɬɚɟɬɫɹ ɡɚɛɥɨɤɢɪɨɜɚɧɧɨɣ. ɉɨɫɥɟ ɭɤɚɡɚɧɧɨɝɨ ɱɢɫɥɚ ɦɢɧɭɬ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɛɭɞɟɬ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɪɚɡɛɥɨɤɢɪɨɜɚɧɚ. Ɋɚɡɛɥɨɤɢɪɨɜɚɬɶ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɞɨɥɠɟɧ ɚɞɦɢɧɢɫɬɪɚɬɨɪ, ɭɫɬɚɧɨɜɢɜ ɷɬɨ ɡɧɚɱɟɧɢɟ ɧɚ 0. Ʌɸɛɨɟ ɡɧɚɱɟɧɢɟ, ɨɬɥɢɱɧɨɟ ɨɬ ɧɭɥɹ ɞɨɥɠɧɨ ɛɵɬɶ ɪɚɜɧɨ ɢɥɢ ɛɨɥɶɲɟ, ɱɟɦ ɡɧɚɱɟɧɢɟ, ɭɫɬɚɧɨɜɥɟɧɧɨɟ ɜ ɨɩɰɢɢ Reset Account Lockout Counter After. ȼɨɡɦɨɠɧɵɟ ɡɧɚɱɟɧɢɹ: ɨɬ 0 ɞɨ 99999 Ɉɩɪɟɞɟɥɹɟɬ ɤɨɥɢɱɟɫɬɜɨ ɧɟɭɞɚɜɲɢɯɫɹ ɩɨɩɵɬɨɤ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɤɨɬɨɪɨɟ ɩɨɡɜɨɥɹɟɬɫɹ ɫɞɟɥɚɬɶ, ɩɪɟɠɞɟ ɱɟɦ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɛɭɞɟɬ ɡɚɛɥɨɤɢɪɨɜɚɧɚ. Ɂɧɚɱɟɧɢɟ 0 ɨɡɧɚɱɚɟɬ, ɱɬɨ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɧɢɤɨɝɞɚ ɧɟ ɛɭɞɟɬ ɡɚɛɥɨɤɢɪɨɜɚɧɚ. ȼɨɡɦɨɠɧɵɟ ɡɧɚɱɟɧɢɹ: ɨɬ 0 ɞɨ 999 Ɉɩɪɟɞɟɥɹɟɬ ɱɢɫɥɨ ɦɢɧɭɬ, ɤɨɬɨɪɵɟ ɞɨɥɠɧɵ ɩɪɨɣɬɢ ɩɨɫɥɟ ɧɟɭɞɚɜɲɟɣɫɹ ɩɨɩɵɬɤɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɩɪɟɠɞɟ ɱɟɦ ɫɱɟɬɱɢɤ ɧɟɭɞɚɱɧɵɯ ɜɯɨɞɨɜ ɜ ɫɢɫɬɟɦɭ ɛɭɞɟɬ ɫɛɪɨɲɟɧ ɧɚ 0. Ʌɸɛɨɟ ɡɧɚɱɟɧɢɟ, ɨɬɥɢɱɧɨɟ ɨɬ ɧɭɥɹ, ɞɨɥɠɧɨ ɛɵɬɶ ɪɚɜɧɨ ɢɥɢ ɦɟɧɶɲɟ, ɱɟɦ ɡɧɚɱɟɧɢɟ, ɡɚɞɚɧɧɨɟ ɞɥɹ Account Lockout Duration. ȼɨɡɦɨɠɧɵɟ ɡɧɚɱɟɧɢɹ: ɨɬ 1 ɞɨ 99999
Ɂɧɚɱɟɧɢɟ ɩɨ ɭɦɨɥɱɚɧɢɸ
ɇɢɤɚɤɨɝɨ ɡɧɚɱɟɧɢɹ. ɍɫɬɚɧɨɜɢɬɟ ɡɧɚɱɟɧɢɟ ɧɚ 30 ɦɢɧɭɬ, ɟɫɥɢ ɩɨɪɨɝ ɛɥɨɤɢɪɨɜɤɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɭɫɬɚɧɨɜɥɟɧ ɧɚ 1, ɢɥɢ ɛɨɥɶɲɟ.
0 ɧɟɞɨɩɭɫɬɢɦɵɯ ɩɨɩɵɬɨɤ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ.
ɇɢɤɚɤɨɝɨ ɡɧɚɱɟɧɢɹ. ɍɫɬɚɧɨɜɢɬɟ ɡɧɚɱɟɧɢɟ ɧɚ 30 ɦɢɧɭɬ, ɟɫɥɢ ɩɨɪɨɝ ɛɥɨɤɢɪɨɜɤɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɭɫɬɚɧɨɜɥɟɧ ɧɚ 1 ɢɥɢ ɛɨɥɶɲɟ.
Kerberos
Ɉɩɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɩɨɥɢɬɢɤ Kerberos ɫɨɞɟɪɠɚɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɛɢɥɟɬɚ Kerberos TicketGranting Ticket (TGT), ɫɪɨɤɨɜ ɫɥɭɠɛɵ ɛɢɥɟɬɚ ɫɟɚɧɫɚ ɢ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɜɪɟɦɟɧɧɨɣ ɦɟɬɤɢ. ȼ ɬɚɛɥɢɰɟ 13-5 ɨɩɢɫɚɧɵ ɜɫɟ ɭɫɬɚɧɨɜɤɢ. . 13-5.
Kerberos
ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ Ɉɛɴɹɫɧɟɧɢɟ ɤɨɧɮɢɝɭɪɚɰɢɢ Enforce User Logon Restrictions (ɉɪɟɞɩɢɫɚɬɶ ɜɵɩɨɥɧɟɧɢɟ ɨɝɪɚɧɢɱɟɧɢɣ ɧɚ ɜɯɨɞ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɫɢɫɬɟɦɭ)
Ɂɧɚɱɟɧɢɟ ɩɨ ɭɦɨɥɱɚɧɢɸ
Ɍɪɟɛɭɟɬ, ɱɬɨɛɵ ɰɟɧɬɪ ɪɚɫɩɪɟɞɟɥɟɧɢɹ ȼɤɥɸɱɟɧɨ. ɤɥɸɱɟɣ (Key Distribu tion Center - KDC) ɩɨɞɬɜɟɪɠɞɚɥ ɤɚɠɞɵɣ ɡɚɩɪɨɫ ɧɚ ɛɢɥɟɬ ɫɟɚɧɫɚ ɩɨ ɨɬɧɨɲɟɧɢɸ ɤ ɩɨɥɢɬɢɤɟ User Rights (ɉɪɚɜɚ ɩɨɥɶɡɨɜɚɬɟɥɹ) ɰɟɥɟɜɨɝɨ ɤɨɦɩɶɸɬɟɪɚ
Ɉɩɪɟɞɟɥɹɟɬ ɦɚɤɫɢɦɚɥɶɧɨɟ ɜɪɟɦɹ ɜ ɦɢɧɭɬɚɯ, 600 ɦɢɧɭɬ (10 ɱɚɫɨɜ). ɜ ɬɟɱɟɧɢɟ ɤɨɬɨɪɨɝɨ ɛɢɥɟɬ ɫɥɭɠɛɵ ɩɪɢɝɨɞɟɧ ɞɥɹ ɨɛɪɚɳɟɧɢɹ ɤ ɪɟɫɭɪɫɭ. ȼɨɡɦɨɠɧɵɟ ɡɧɚɱɟɧɢɹ: 10, ɜɩɥɨɬɶ ɞɨ ɡɧɚɱɟɧɢɣ, ɦɟɧɶɲɢɯ ɢɥɢ ɪɚɜɧɵɯ ɡɧɚɱɟɧɢɸ ɜ ɦɢɧɭɬɚɯ ɩɚɪɚɦɟɬɪɚ Maximum Lifetime For User Ticket, ɧɨ ɧɟ ɩɪɟɜɵɲɚɸɳɢɯ 99999. Ɂɧɚɱɟɧɢɟ 0 ɩɪɢɜɟɞɟɬ ɤ ɬɨɦɭ, ɱɬɨ ɜɪɟɦɹ ɩɪɢɝɨɞɧɨɫɬɢ ɛɢɥɟɬɚ ɫɬɚɧɟɬ ɛɟɫɤɨɧɟɱɧɵɦ, ɡɧɚɱɟɧɢɟ Maximum Lifetime For User Ticket ɛɭɞɟɬ ɭɫɬɚɧɨɜɥɟɧɨ^ɧɚ 1, a ɡɧɚɱɟɧɢɟ Maximum Lifetime For User Ticket Renewal ɛɭɞɟɬ ɭɫɬɚɧɨɜɥɟɧɨ ɧɚ 23 Maximum Lifetime For Ɉɩɪɟɞɟɥɹɟɬ ɦɚɤɫɢɦɚɥɶɧɨɟ ɜɪɟɦɹ ɜ ɱɚɫɚɯ, ɜ 10 ɱɚɫɨɜ. User Ticket ɬɟɱɟɧɢɟ ɤɨɬɨɪɨɝɨ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ (Ɇɚɤɫɢɦɚɥɶɧɵɣ ɫɪɨɤ ɛɢɥɟɬ TGT. Ʉɨɝɞɚ ɷɬɨ ɜɪɟɦɹ ɢɫɬɟɤɚɟɬ, ɫɥɭɠɛɵ ɪɚɛɨɱɚɹ ɫɬɚɧɰɢɹ ɞɨɥɠɧɚ ɩɨɥɭɱɢɬɶ ɧɨɜɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɛɢɥɟɬ TGT. ȼɨɡɦɨɠɧɵɟ ɡɧɚɱɟɧɢɹ: ɨɬ 0 ɞɨ ɛɢɥɟɬɚ) 99999. Ɂɧɚɱɟɧɢɟ 0 ɭɤɚɡɵɜɚɟɬ, ɱɬɨ ɫɪɨɤ ɫɥɭɠɛɵ ɛɢɥɟɬɚ ɧɟ ɛɭɞɟɬ ɢɫɬɟɤɚɬɶ, ɚ ɨɩɰɢɹ Maximum Lifetime For User Ticket Renewal ɛɭɞɟɬ ɭɫɬɚɧɨɜɥɟɧɚ ɧɚ ɡɧɚɱɟɧɢɟ Not Defined Maximum Lifetime For Service Ticket (Ɇɚɤɫɢɦɚɥɶɧɵɣ ɫɪɨɤ ɩɪɢɝɨɞɧɨɫɬɢ ɛɢɥɟɬɚ ɫɥɭɠɛɵ)
Maximum Lifetime For User Ticket Renewal (Ɇɚɤɫɢɦɚɥɶɧɵɣ ɫɪɨɤ, ɜ ɬɟɱɟɧɢɟ ɤɨɬɨɪɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɛɢɥɟɬ ɦɨɠɟɬ ɛɵɬɶ ɜɨɡɨɛɧɨɜɥɟɧ)
Ɉɩɪɟɞɟɥɹɟɬ ɜɪɟɦɹ ɜ ɞɧɹɯ, ɜ ɬɟɱɟɧɢɟ 7 ɞɧɟɣ. ɤɨɬɨɪɨɝɨ ɛɢɥɟɬ TGT ɩɨɥɶɡɨɜɚɬɟɥɹ ɦɨɠɟɬ ɛɵɬɶ ɜɨɡɨɛɧɨɜɥɟɧ ɜɦɟɫɬɨ ɩɨɥɭɱɟɧɢɹ ɧɨɜɨɝɨ ɛɢɥɟɬɚ. Ɂɧɚɱɟɧɢɟ 0 ɭɤɚɡɵɜɚɟɬ, ɱɬɨ ɜɨɡɨɛɧɨɜɥɟɧɢɟ ɛɢɥɟɬɚ ɡɚɛɥɨɤɢɪɨɜɚɧɨ
Maximum Tolerance For Computer Clock Synchronization (Ɇɚɤɫɢɦɚɥɶɧɵɣ ɞɨɩɭɫɤ ɜ ɫɢɧɯɪɨɧɢɡɚɰɢɢ ɤɨɦɩɶɸɬɟɪɧɵɯ ɱɚɫɨɜ)
Ɉɩɪɟɞɟɥɹɟɬ ɪɚɡɥɢɱɢɟ ɦɟɠɞɭ ɜɪɟɦɟɧɟɦ ɧɚ 5 ɦɢɧɭɬ. ɤɨɦɩɶɸɬɟɪɟ ɤɥɢɟɧɬɚ ɢ ɜɪɟɦɟɧɟɦ ɧɚ ɱɚɫɚɯ ɫɟɪɜɟɪɚ ɜ ɦɢɧɭɬɚɯ, ɤɨɬɨɪɨɟ ɞɨɩɭɫɤɚɟɬ ɩɪɨɬɨɤɨɥ Kerberos. Ɉɛɪɚɬɢɬɟ ɜɧɢɦɚɧɢɟ, ɱɬɨ ɷɬɚ ɭɫɬɚɧɨɜɤɚ ɩɟɪɟɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɧɚ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɡɧɚɱɟɧɢɟ ɩɪɢ ɤɚɠɞɨɦ ɩɟɪɟɡɚɩɭɫɤɟ ɤɨɦɩɶɸɬɟɪɚ
ɉɨɥɢɬɢɤɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɞɨɥɠɧɵ ɛɵɬɶ ɭɫɬɚɧɨɜɥɟɧɵ ɧɚ ɭɪɨɜɧɟ Domain Security Policy (ɉɨɥɢɬɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɨɦɟɧɚ) ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. ɗɬɢ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɬɪɚɝɢɜɚɸɬ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɜɫɟ ɤɨɦɩɶɸɬɟɪɵ ɜ ɞɨɦɟɧɟ. ɏɨɬɹ ɷɬɢ ɩɨɥɢɬɢɤɢ ɦɨɝɭɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɧɚ ɭɪɨɜɧɟ OU, ɨɧɢ ɧɟ ɛɭɞɭɬ ɜɥɢɹɬɶ ɧɚ ɬɟɯ, ɤɬɨ ɜɯɨɞɢɬ ɜ ɫɢɫɬɟɦɭ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ ɩɨɥɢɬɢɤɭ ɞɥɹ OU, ɨɧɚ ɡɚɬɪɨɧɟɬ ɬɨɥɶɤɨ ɦɟɫɬɧɭɸ ɛɚɡɭ ɞɚɧɧɵɯ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɥɹ ɤɨɦɩɶɸɬɟɪɨɜ, ɜɯɨɞɹɳɢɯ ɜ ɷɬɭ OU. Ʉɨɝɞɚ ɷɬɢ ɩɨɥɢɬɢɤɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɧɚ ɭɪɨɜɧɟ OU, ɨɧɢ ɩɪɢɦɟɧɹɸɬɫɹ ɬɨɥɶɤɨ ɬɨɝɞɚ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜɯɨɞɹɬ ɜ ɫɢɫɬɟɦɭ ɜ ɦɟɫɬɧɨɦ ɦɚɫɲɬɚɛɟ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɢ ɜɯɨɞɹɬ ɜ ɞɨɦɟɧ, ɩɨɥɢɬɢɤɢ ɞɨɦɟɧɚ ɜɫɟɝɞɚ ɩɨɞɦɟɧɹɸɬ ɥɨɤɚɥɶɧɭɸ ɩɨɥɢɬɢɤɭ.
ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɩɨɥɢɬɢɤɟ ɛɟɡɨɩɚɫɧɨɫɬɢ ɭɪɨɜɧɹ ɞɨɦɟɧɚ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɨɛɟɫɩɟɱɢɜɚɸɬ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɫɜɹɡɚɧɧɵɯ ɫ ɛɟɡɨɩɚɫɧɨɫɬɶɸ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ. Ʉɚɤ ɢ ɜ ɫɥɭɱɚɟ ɫ ɩɨɥɢɬɢɤɚɦɢ Account Policies, ɦɧɨɝɢɟ ɢɡ ɷɬɢɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɤɨɧɮɢɝɭɪɢɪɭɸɬɫɹ ɩɪɢ ɜɵɛɨɪɟ ɤɨɧɬɟɣɧɟɪɚ Computer Conf iguration\Windows Settings\Security Settings. ɇɟɤɨɬɨɪɵɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɤɨɧɮɢɝɭɪɢɪɭɸɬɫɹ ɩɪɢ ɜɵɛɨɪɟ ɤɨɧɬɟɣɧɟɪɚ User Configuration\Windows Settings\Security Settings. ɇɚ ɪɢɫɭɧɤɟ 13-6 ɩɨɤɚɡɚɧɵ ɨɩɰɢɢ, ɧɚɯɨɞɹɳɢɟɫɹ ɜ ɤɚɠɞɨɣ ɢɡ ɩɚɩɨɤ Security Settings (ɉɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ), ɜ ɬɚɛɥɢɰɟ 13-6 ɨɧɢ ɫɭɦɦɢɪɨɜɚɧɵ ɞɥɹ ɤɚɠɞɨɝɨ ɡɚɝɨɥɨɜɤɚ.
. 13-6.
,
Security Settings
ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɞɥɹ ɧɚɫɬɪɨɣɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ ɤɨɦɩɶɸɬɟɪɨɜ ɜɚɲɟɣ ɫɟɬɢ ɡɧɚɱɢɬɟɥɶɧɨ ɨɛɥɟɝɱɚɟɬ ɫɨɡɞɚɧɢɟ ɢ ɩɨɞɞɟɪɠɚɧɢɟ ɛɟɡɨɩɚɫɧɨɣ ɫɟɬɟɜɨɣ ɫɪɟɞɵ. ɇɚɦɧɨɝɨ ɥɟɝɱɟ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɛɟɡɨɩɚɫɧɨɫɬɶ, ɢɫɩɨɥɶɡɭɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ, ɱɟɦ ɢɦɟɬɶ ɞɟɥɨ ɫ ɤɚɠɞɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɟɣ ɢɧɞɢɜɢɞɭɚɥɶɧɨ. ȼɫɟ, ɱɬɨ ɜɵ ɞɨɥɠɧɵ ɫɞɟɥɚɬɶ, - ɷɬɨ ɫɨɡɞɚɬɶ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɵɟ ɩɨɥɢɬɢɤɢ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɢɯ ɜ ɨɛɴɟɤɬɟ GPO ɢ ɫɜɹɡɚɬɶ ɟɝɨ ɫ ɤɨɧɬɟɣɧɟɪɧɵɦ ɨɛɴɟɤɬɨɦ Active Directory. ȼ ɫɥɟɞɭɸɳɢɣ ɪɚɡ, ɤɨɝɞɚ ɛɭɞɟɬ ɩɪɢɦɟɧɹɬɶɫɹ ɨɛɴɟɤɬ GPO, ɡɚɳɢɬɚ ɛɭɞɟɬ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ ɧɚ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɚɯ ɜ ɤɨɧɬɟɣɧɟɪɟ. ɂɫɩɨɥɶɡɨɜɚɧɢɟ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɨɛɥɟɝɱɢɬ ɩɨɫɬɨɹɧɧɨɟ ɭɩɪɚɜɥɟɧɢɟ ɩɚɪɚɦɟɬɪɚɦɢ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ ɞɥɹ ɜɚɲɢɯ ɤɨɦɩɶɸɬɟɪɨɜ. ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ, ɤɨɬɨɪɵɟ ɭɫɬɚɧɚɜɥɢɜɚɸɬɫɹ ɩɨɥɢɬɢɤɚɦɢ, ɧɟɩɪɟɪɵɜɧɨ ɨɛɧɨɜɥɹɸɬɫɹ. Ⱦɚɠɟ ɟɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢɡɦɟɧɢɬ ɤɨɧɮɢɝɭɪɚɰɢɸ ɡɚɳɢɬɵ ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ, ɩɨɥɢɬɢɤɚ ɛɭɞɟɬ ɩɨɜɬɨɪɧɨ ɩɪɢɦɟɧɟɧɚ ɜ ɫɥɟɞɭɸɳɟɦ ɰɢɤɥɟ ɨɛɧɨɜɥɟɧɢɹ. ɂɡɦɟɧɢɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ ɩɪɨɫɬɨ, ɩɨɬɨɦɭ ɱɬɨ ɜɵ ɦɨɠɟɬɟ ɢɡɦɟɧɢɬɶ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɢ ɩɪɢɦɟɧɢɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɤɨ ɜɫɟɦ ɤɨɦɩɶɸɬɟɪɚɦ, ɧɚ ɤɨɬɨɪɵɟ ɜɨɡɞɟɣɫɬɜɭɟɬ ɞɚɧɧɚɹ ɩɨɥɢɬɢɤɚ.
. 13-6.
Ɉɩɰɢɹ ɤɨɧɮɢɝɭɪɚɰɢɢ Local Policies\Audit Policy (Ʌɨɤɚɥɶɧɵɟ ɩɨɥɢɬɢɤɢ\ɉɨɥɢɬɢɤɚ ɚɭɞɢɬɚ)
Local Policies\User Rights Assignment (Ʌɨɤɚɥɶɧɵɟ ɩɨɥɢɬɢɤɢ\ɇɚɡɧɚɱɟɧɢɟ ɩɪɚɜ ɩɨɥɶɡɨɜɚɬɟɥɟɣ)
ɉɨɹɫɧɟɧɢɟ ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɚɭɞɢɬɚ. Ɇɨɠɧɨ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɩɨɥɢɬɢɤɭ ɚɭɞɢɬɚ ɞɥɹ ɬɚɤɢɯ ɨɩɰɢɣ, ɤɚɤ ɞɟɣɫɬɜɢɹ ɩɨ ɭɩɪɚɜɥɟɧɢɸ ɭɱɟɬɧɵɦɢ ɡɚɩɢɫɹɦɢ, ɫɨɛɵɬɢɹ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɢɡɦɟɧɟɧɢɹ ɩɨɥɢɬɢɤ, ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɩɪɢɜɢɥɟɝɢɣ ɢ ɫɢɫɬɟɦɧɵɯ ɫɨɛɵɬɢɣ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɩɪɚɜ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ, ɩɨɞɜɟɪɠɟɧɧɵɯ ɜɨɡɞɟɣɫɬɜɢɸ ɷɬɨɣ ɩɨɥɢɬɢɤɢ. Ɇɨɠɧɨ ɭɫɬɚɧɚɜɥɢɜɚɬɶ ɪɚɡɧɨɨɛɪɚɡɧɵɟ ɩɨɥɢɬɢɤɢ, ɜɤɥɸɱɚɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɥɨɤɚɥɶɧɨɝɨ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɞɨɫɬɭɩɚ ɤ ɤɨɦɩɶɸɬɟɪɭ ɢɡ ɫɟɬɢ, ɪɟɡɟɪɜɧɨɝɨ ɤɨɩɢɪɨɜɚɧɢɹ ɮɚɣɥɨɜ ɢ ɩɚɩɨɤ, ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɞɥɹ ɫɥɭɠɟɛɧɵɯ ɰɟɥɟɣ ɢ ɬ.ɩ.
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɨɩɰɢɣ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɥɹ ɤɨɦɩɶɸɬɟɪɨɜ, ɧɚ ɤɨɬɨɪɵɟ ɜɨɡɞɟɣɫɬɜɭɟɬ ɷɬɚ ɩɨɥɢɬɢɤɚ. Ɇɨɠɧɨ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɟɪɟɢɦɟɧɨɜɚɧɢɟ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɥɨɤɚɥɶɧɨɝɨ ɚɞɦɢɧɢɫɬɪɚɬɨɪɚ, ɭɩɪɚɜɥɟɧɢɟ ɭɫɬɚɧɨɜɤɨɣ ɩɪɢɧɬɟɪɚ, ɭɫɬɚɧɨɜɤɨɣ ɞɪɚɣɜɟɪɨɜ, ɧɟ ɢɦɟɸɳɢɯ ɩɨɞɩɢɫɢ, ɜɨɡɦɨɠɧɨɫɬɶɸ ɯɪɚɧɟɧɢɹ ɩɚɫɩɨɪɬɚ Microsoft .NET ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ ɢ ɬ.ɩ. Event Log (ɀɭɪɧɚɥ ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɩɚɪɚɦɟɬɪɨɜ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ) ɠɭɪɧɚɥɚ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ ɞɥɹ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɨɜ, ɧɚ ɤɨɬɨɪɵɟ ɜɨɡɞɟɣɫɬɜɭɟɬ ɞɚɧɧɚɹ ɩɨɥɢɬɢɤɚ. Ɇɨɠɧɨ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɦɚɤɫɢɦɚɥɶɧɵɣ ɪɚɡɦɟɪ ɠɭɪɧɚɥɚ, ɪɚɡɪɟɲɟɧɢɟ ɧɚ ɩɪɨɫɦɨɬɪ, ɫɨɯɪɚɧɟɧɢɟ ɜɫɟɯ ɠɭɪɧɚɥɨɜ. Local Policies\Security Options (Ʌɨɤɚɥɶɧɵɟ ɩɨɥɢɬɢɤɢ\Ɉɩɰɢɢ ɛɟɡɨɩɚɫɧɨɫɬɢ)
Restricted Groups ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɝɪɚɧɢɱɟɧɢɹ ɱɥɟɧɫɬɜɚ ɥɨɤɚɥɶɧɵɯ (Ɉɝɪɚɧɢɱɟɧɧɵɟ ɝɪɭɩɩɵ) ɝɪɭɩɩ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ, ɤɨɬɨɪɵɟ ɩɨɜɟɪɠɟɧɵ ɜɨɡɞɟɣɫɬɜɢɸ ɞɚɧɧɨɣ ɩɨɥɢɬɢɤɢ. ɗɬɚ ɨɩɰɢɹ ɨɛɵɱɧɨ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɱɥɟɧɫɬɜɚ ɜ ɝɪɭɩɩɟ ɥɨɤɚɥɶɧɵɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ ɫ ɫɢɫɬɟɦɚɦɢ Windows 2000 ɢɥɢ ɛɨɥɟɟ ɩɨɡɞɧɢɯ. ȿɫɥɢ ɷɬɚ ɨɩɰɢɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɱɥɟɧɫɬɜɚ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɵ, ɬɨ ɜɫɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɢɥɢ ɝɪɭɩɩɵ, ɤɨɬɨɪɵɟ ɹɜɥɹɸɬɫɹ ɱɚɫɬɶɸ ɥɨɤɚɥɶɧɨɣ ɝɪɭɩɩɵ, ɧɨ ɧɟ ɜɯɨɞɹɬ ɜ ɫɩɢɫɨɤ ɱɥɟɧɨɜ, ɩɨɞɜɟɪɠɟɧɧɵɯ ɜɥɢɹɧɢɸ ɷɬɨɣ ɩɨɥɢɬɢɤɢ, ɛɭɞɭɬ ɭɞɚɥɟɧɵ ɩɪɢ ɫɥɟɞɭɸɳɟɦ ɨɛɧɨɜɥɟɧɢɢ ɩɨɥɢɬɢɤɢ. System Services ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɫɥɭɠɛɚɦɢ ɧɚ (ɋɢɫɬɟɦɧɵɟ ɫɥɭɠɛɵ) ɤɨɦɩɶɸɬɟɪɚɯ: ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɡɚɩɭɫɤɚɟɦɵɯ ɫɥɭɠɛɵ ɢɥɢ ɞɥɹ ɜɵɤɥɸɱɟɧɢɹ ɫɥɭɠɛ. Registry ɪɟɟɫɬɪ)
(ɋɢɫɬɟɦɧɵɣ ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɡɚɳɢɬɵ ɧɚ ɤɥɸɱɚɯ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ. ȼɵ ɦɨɠɟɬɟ ɞɨɛɚɜɢɬɶ ɥɸɛɨɣ ɤɥɸɱ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ ɤ ɩɨɥɢɬɢɤɟ, ɚ ɡɚɬɟɦ ɩɪɢɦɟɧɢɬ ɨɩɪɟɞɟɥɟɧɧɭɸ ɡɚɳɢɬɭ ɤ ɷɬɨɦɭ ɤɥɸɱɭ.
File System(Ɏɚɣɥɨɜɚɹ ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɡɚɳɢɬɵ ɧɚ ɮɚɣɥɚɯ ɫɢɫɬɟɦɚ ) ɢ ɩɚɩɤɚɯ. Ɇɨɠɧɨ ɞɨɛɚɜɢɬɶ ɥɸɛɵɟ ɮɚɣɥɵ ɢɥɢ ɩɚɩɤɢ ɤ ɩɨɥɢɬɢɤɟ, ɚ ɡɚɬɟɦ ɩɪɢɦɟɧɢɬɶ ɭɩɪɚɜɥɟɧɢɟ ɞɨɫɬɭɩɨɦ ɢ ɚɭɞɢɬ ɞɥɹ ɷɬɢɯ ɨɛɴɟɤɬɨɜ ɮɚɣɥɨɜɨɣɫɢɫɬɟɦɵ.
Wireless Network (IEEE 802.11) Policies (ɉɨɥɢɬɢɤɚ ɛɟɫɩɪɨɜɨɞɧɵɯ ɫɟɬɟɣ) Public Key Policies (ɉɨɥɢɬɢɤɚ ɨɬɤɪɵɬɵɯ ɤɥɸɱɟɣ). ɗɬɚ ɭɫɬɚɧɨɜɤɚ ɜɤɥɸɱɟɧɚ ɤɚɤ ɜ ɪɚɡɞɟɥ Computer Configuration, ɬɚɤ ɢ ɜ ɪɚɡɞɟɥ User Configuration. Ɋɚɡɞɟɥ User Configuration ɜɤɥɸɱɚɟɬ ɬɨɥɶɤɨ ɨɩɰɢɸ Enterprise Trust (Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɩɪɟɞɩɪɢɹɬɢɹ). IP Security Policies On Active Directory (domainname) (ɉɨɥɢɬɢɤɚ IP ɛɟɡɨɩɚɫɧɨɫɬɢ ɜ Active Directory)
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɫɨɡɞɚɧɢɹ ɛɟɫɩɪɨɜɨɞɧɵɯ ɫɟɬɟɜɵɯ ɩɨɥɢɬɢɤ, ɤɨɬɨɪɵɟ ɡɚɬɟɦ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɬɪɟɛɨɜɚɧɢɹɦɢ ɛɟɡɨɩɚɫɧɨɫɬɢ ɞɥɹ ɤɨɦɩɶɸɬɟɪɨɜ, ɢɫɩɨɥɶɡɭɸɳɢɯ ɛɟɫɩɪɨɜɨɞɧɵɟ ɫɟɬɟɜɵɟ ɩɨɞɤɥɸɱɟɧɢɹ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɩɨɥɢɬɢɤ, ɫɜɹɡɚɧɧɵɯ ɫ ɰɢɮɪɨɜɵɦɢ ɫɟɪɬɢɮɢɤɚɬɚɦɢ ɢ ɫ ɭɩɪɚɜɥɟɧɢɟɦ ɫɟɪɬɢɮɢɤɚɬɚɦɢ. Ɇɨɠɧɨ ɬɚɤɠɟ ɫɨɡɞɚɜɚɬɶ ɚɝɟɧɬɨɜ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɞɚɧɧɵɯ, ɢɫɩɨɥɶɡɭɸɳɢɯɫɹ ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɮɚɣɥɨɜ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɡɚɲɢɮɪɨɜɚɧɵ ɧɚ ɥɨɤɚɥɶɧɵɯ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ ɫ ɩɨɦɨɳɶɸ ɫɢɫɬɟɦɵ ɲɢɮɪɨɜɚɧɢɹ ɮɚɣɥɨɜ (Encrypting File System - EFS).
ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɩɨɥɢɬɢɤ IPɛɟɡɨɩɚɫɧɨɫɬɢ (IP Security - IPSec). Ɇɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɨɥɢɬɢɤɭ, ɬɨɱɧɨ ɨɩɪɟɞɟɥɹɸɳɭɸ, ɤɚɤɨɣ ɫɟɬɟɜɨɣ ɬɪɚɮɢɤ ɞɨɥɠɟɧ ɛɵɬɶ ɡɚɳɢɳɟɧ ɫ ɩɨɦɨɳɶɸ IPSec, ɧɚ ɤɚɤɨɦ ɤɨɦɩɶɸɬɟɪɟ ɨɧɚ ɞɨɥɠɧɚ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɜ ɨɛɹɡɚɬɟɥɶɧɨɦ ɩɨɪɹɞɤɟ.
. Software Restriction ( Security Settings Configuration.
) User Configuration, .
Computer
ȼ Active Directory Windows Server 2003 ɢɦɟɟɬɫɹ ɨɞɢɧ ɫɩɟɰɢɚɥɶɧɵɣ ɬɢɩ ɤɨɧɮɢɝɭɪɚɰɢɢ ɡɚɳɢɬɵ, ɤɨɬɨɪɨɝɨ ɧɟ ɛɵɥɨ ɜ Active Directory Windows 2000 -ɷɬɨ ɩɨɥɢɬɢɤɢ ɨɝɪɚɧɢɱɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. Ɉɞɧɨ ɢɡ ɫɚɦɵɯ ɛɨɥɶɲɢɯ ɛɟɫɩɨɤɨɣɫɬɜ ɫɜɹɡɚɧɨ ɫ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ, ɡɚɩɭɫɤɚɸɳɢɦɢ ɧɟɢɡɜɟɫɬɧɨɟ ɢɥɢ%ɟ ɩɨɥɶɡɭɸɳɟɟɫɹ ɞɨɜɟɪɢɟɦ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ. ȼɨ ɦɧɨɝɢɯ ɫɥɭɱɚɹɯ ɩɨɥɶɡɨɜɚɬɟɥɢ ɡɚɩɭɫɤɚɸɬ ɩɨɬɟɧɰɢɚɥɶɧɨ ɨɩɚɫɧɨɟ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ ɧɟɩɪɟɞɧɚɦɟɪɟɧɧɨ. ɇɚɩɪɢɦɟɪ, ɦɢɥɥɢɨɧɵ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɡɚɩɭɫɤɚɥɢ ɜɢɪɭɫɵ ɢɥɢ ɭɫɬɚɧɚɜɥɢɜɚɥɢ ɩɪɢɥɨɠɟɧɢɹ ɬɢɩɚ «ɬɪɨɹɧɫɤɢɣ ɤɨɧɶ», ɧɟ ɢɦɟɹ ɧɢ ɦɚɥɟɣɲɢɯ ɧɚɦɟɪɟɧɢɣ ɜɵɩɨɥɧɹɬɶ ɨɩɚɫɧɨɟ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ. ɉɨɥɢɬɢɤɚ ɨɝɪɚɧɢɱɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɩɪɟɞɧɚɡɧɚɱɟɧɚ ɞɥɹ ɩɪɟɞɨɬɜɪɚɳɟɧɢɹ ɬɚɤɢɯ ɫɥɭɱɚɟɜ. ɉɨɥɢɬɢɤɚ ɨɝɪɚɧɢɱɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɡɚɳɢɳɚɟɬ ɜɚɲɢɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɨɬ ɜɵɩɨɥɧɟɧɢɹ ɨɩɚɫɧɵɯ ɩɪɨɝɪɚɦɦ, ɨɩɪɟɞɟɥɹɹ, ɤɚɤɢɟ ɩɪɢɥɨɠɟɧɢɹ ɦɨɠɧɨ ɜɵɩɨɥɧɹɬɶ, ɚ ɤɚɤɢɟ -ɧɟɬ. ɗɬɚ ɩɨɥɢɬɢɤɚ ɩɨɡɜɨɥɹɟɬ ɜɵɩɨɥɧɹɬɶɫɹ ɥɸɛɨɦɭ ɩɪɨɝɪɚɦɦɧɨɦɭ ɨɛɟɫɩɟɱɟɧɢɸ, ɡɚ ɢɫɤɥɸɱɟɧɢɟɦ ɬɨɝɨ, ɤɨɬɨɪɨɟ ɜɵ ɫɩɟɰɢɚɥɶɧɨ ɡɚɛɥɨɤɢɪɭɟɬɟ. ɂɥɢ ɦɨɠɧɨ ɨɩɪɟɞɟɥɢɬɶ ɩɨɥɢɬɢɤɭ, ɧɟ ɩɨɡɜɨɥɹɸɳɭɸ ɜɵɩɨɥɧɹɬɶ ɧɢɤɚɤɨɟ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ ɡɚ ɢɫɤɥɸɱɟɧɢɟɦ ɬɨɝɨ, ɤɨɬɨɪɨɟ ɜɵ ɹɜɧɨ ɩɨɡɜɨɥɢɬɟ ɜɵɩɨɥɧɹɬɶ. ɏɨɬɹ ɜɬɨɪɚɹ ɨɩɰɢɹ ɛɨɥɟɟ ɛɟɡɨɩɚɫɧɚ, ɭɫɢɥɢɹ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɩɟɪɟɱɢɫɥɟɧɢɹ ɜɫɟɯ ɩɪɢɥɨɠɟɧɢɣ, ɤɨɬɨɪɵɦ ɩɨɡɜɨɥɹɟɬɫɹ ɜɵɩɨɥɧɹɬɶɫɹ ɜ ɫɪɟɞɟ ɋɥɨɠɧɨɝɨ ɩɪɟɞɩɪɢɹɬɢɹ, ɫɥɢɲɤɨɦ ɫɟɪɶɟɡɧɵ. Ȼɨɥɶɲɢɧɫɬɜɨ ɤɨɦɩɚɧɢɣ ɜɵɛɟɪɭɬ ɩɟɪɜɭɸ ɨɩɰɢɸ, ɪɚɡɪɟɲɚɸɳɭɸ ɜɵɩɨɥɧɟɧɢɟ ɜɫɟɝɨ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɢ ɛɥɨɤɢɪɭɸɳɭɸ ɬɨɥɶɤɨ ɢɡɛɪɚɧɧɨɟ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ. Ɉɞɧɚɤɨ ɟɫɥɢ ɜɵ ɪɚɡɜɟɪɬɵɜɚɟɬɟ ɫɪɟɞɭ ɫ ɜɵɫɨɤɢɦ ɭɪɨɜɧɟɦ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɩɪɢɦɟɧɢɬɟ ɛɨɥɟɟ ɛɟɡɨɩɚɫɧɭɸ ɨɩɰɢɸ. ɉɪɢ ɫɨɡɞɚɧɢɢ ɩɨɥɢɬɢɤɢ ɨɝɪɚɧɢɱɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɹɬɶ ɬɢɩɨɜ ɩɪɚɜɢɥ, ɯɚɪɚɤɬɟɪɢɡɭɸɳɢɯ ɩɪɢɥɨɠɟɧɢɹ, ɧɚ ɤɨɬɨɪɵɟ ɜɨɡɞɟɣɫɬɜɭɟɬ ɞɚɧɧɚɹ ɩɨɥɢɬɢɤɚ. • Hash rules (ɯɷɲ-ɩɪɚɜɢɥɚ). ɏɷɲ-ɩɪɚɜɢɥɨ — ɷɬɨ ɤɪɢɩɬɨɝɪɚɮɢɱɟɫɤɢɣ ɢɞɟɧɬɢɮɢɤɚɬɨɪ, ɤɨɬɨɪɵɣ ɭɧɢɤɚɥɶɧɨ ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ ɨɩɪɟɞɟɥɟɧɧɵɣ ɮɚɣɥ ɩɪɢɥɨɠɟɧɢɹ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɢɦɟɧɢ ɮɚɣɥɚ ɢɥɢ ɟɝɨ ɦɟɫɬɨɩɨɥɨɠɟɧɢɹ. ȿɫɥɢ ɜ ɩɚɩɤɟ Security Levels (ɍɪɨɜɧɢ ɛɟɡɨɩɚɫɧɨɫɬɢ) ɛɵɥ ɜɵɛɪɚɧ ɨɛɴɟɤɬ Unrestricted (He ɨɝɪɚɧɢɱɟɧ), ɢ ɧɭɠɧɨ ɨɝɪɚɧɢɱɢɬɶ ɜɵɩɨɥɧɟɧɢɟ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɩɪɢɥɨɠɟɧɢɹ, ɫɨɡɞɚɣɬɟ ɯɷɲ-ɩɪɚɜɢɥɨ, ɢɫɩɨɥɶɡɭɹ ɩɨɥɢɬɢɤɭ ɨɝɪɚɧɢɱɟɧɢɹ
ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. Ʉɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɨɩɵɬɚɟɬɫɹ ɜɵɩɨɥɧɢɬɶ ɷɬɨ ɩɪɢɥɨɠɟɧɢɟ, ɪɚɛɨɱɚɹ ɫɬɚɧɰɢɹ ɩɪɨɜɟɪɢɬ ɟɝɨ ɯɷɲ-ɡɧɚɱɟɧɢɟ ɢ ɩɪɟɞɨɬɜɪɚɬɢɬ ɜɵɩɨɥɧɟɧɢɟ. ȿɫɥɢ ɩɨɥɢɬɢɤɚ ɛɥɨɤɢɪɭɟɬ ɜɵɩɨɥɧɟɧɢɟ ɜɫɟɯ ɩɪɢɥɨɠɟɧɢɣ, ɢɫɩɨɥɶɡɭɣɬɟ ɯɷɲ-ɩɪɚɜɢɥɨ ɞɥɹ ɞɨɩɭɫɤɚ ɨɩɪɟɞɟɥɟɧɧɵɯ ɩɪɢɥɨɠɟɧɢɣ. • Certificate rules (ɉɪɚɜɢɥɚ ɫɟɪɬɢɮɢɤɚɬɚ). Ɇɨɠɧɨ ɫɨɡɞɚɜɚɬɶ ɩɪɚɜɢɥɚ ɫɟɪɬɢɮɢɤɚɬɚ ɬɚɤ, ɱɬɨ ɤɪɢɬɟɪɢɟɦ ɜɵɛɨɪɚ ɩɪɢɥɨɠɟɧɢɣ ɛɭɞɟɬ ɫɟɪɬɢɮɢɤɚɬ ɢɡɞɚɬɟɥɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɭ ɜɚɫ ɟɫɬɶ ɫɨɛɫɬɜɟɧɧɨɟ ɩɪɢɥɨɠɟɧɢɟ, ɤɨɬɨɪɨɟ ɜɵ ɫɚɦɢ ɪɚɡɪɚɛɨɬɚɥɢ, ɧɚɡɧɚɱɶɬɟ ɫɟɪɬɢɮɢɤɚɬ ɷɬɨɦɭ ɩɪɢɥɨɠɟɧɢɸ, ɚ ɡɚɬɟɦ ɫɤɨɧɮɢɝɭɪɢɪɭɣɬɟ ɩɪɚɜɢɥɨ ɨɝɪɚɧɢɱɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɫɨɫɬɨɹɳɟɟ ɜ ɞɨɜɟɪɢɢ ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɦɭ ɫɟɪɬɢɮɢɤɚɬɭ. • Path rules (ɉɪɚɜɢɥɨ ɩɭɬɟɣ). Ɇɨɠɧɨ ɫɨɡɞɚɜɚɬɶ ɩɪɚɜɢɥɚ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɩɭɬɢ, ɯɚɪɚɤɬɟɪɢɡɭɸɳɟɦ ɦɟɫɬɨ, ɝɞɟ ɪɚɫɩɨɥɨɠɟɧɨ ɜɵɩɨɥɧɹɟɦɨɟ ɩɪɢɥɨɠɟɧɢɟ. ȿɫɥɢ ɜɵ ɜɵɛɟɪɟɬɟ ɩɚɩɤɭ, ɬɨ ɷɬɨ ɩɪɚɜɢɥɨ ɛɭɞɟɬ ɪɚɫɩɪɨɫɬɪɚɧɹɬɶɫɹ ɧɚ ɩɪɢɥɨɠɟɧɢɹ, ɪɚɫɩɨɥɨɠɟɧɧɵɟ ɜ ɷɬɨɣ ɩɚɩɤɟ. Ɇɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɩɟɪɟɦɟɧɧɵɟ ɫɪɟɞɵ (ɬɢɩɚ %systemroot %), ɱɬɨɛɵ ɨɩɪɟɞɟɥɢɬɶ ɩɭɬɶ ɢ ɩɨɞɫɬɚɧɨɜɨɱɧɵɟ ɡɧɚɤɢ (ɬɢɩɚ *.vbs). • Registry path rules (ɉɪɚɜɢɥɨ ɩɭɬɢ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ). Ɇɨɠɧɨ ɫɨɡɞɚɜɚɬɶ ɩɪɚɜɢɥɚ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɦɟɫɬɟ ɪɚɫɩɨɥɨɠɟɧɢɹ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɟɬ ɞɚɧɧɨɟ ɩɪɢɥɨɠɟɧɢɟ. Ʉɚɠɞɨɟ ɩɪɢɥɨɠɟɧɢɟ ɢɦɟɟɬ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɦɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɜ ɩɪɟɞɟɥɚɯ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ, ɝɞɟ ɨɧɨ ɯɪɚɧɢɬ ɫɩɟɰɢɮɢɱɟɫɤɭɸ ɞɥɹ ɩɪɢɥɨɠɟɧɢɹ ɢɧɮɨɪɦɚɰɢɸ, ɩɨɡɜɨɥɹɸɳɭɸ ɫɨɡɞɚɜɚɬɶ ɩɪɚɜɢɥɚ, ɛɥɨɤɢɪɭɸɳɢɟ ɢɥɢ ɪɚɡɪɟɲɚɸɳɢɟ ɜɵɩɨɥɧɟɧɢɟ ɩɪɢɥɨɠɟɧɢɣ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɷɬɢɯ ɤɥɸɱɚɯ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ. ȼ ɦɟɧɸ ɧɟ ɢɦɟɟɬɫɹ ɧɢɤɚɤɨɣ ɨɩɰɢɢ, ɫɩɟɰɢɮɢɱɧɨɣ ɞɥɹ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɨɣ ɞɥɹ ɫɨɡɞɚɧɢɹ ɩɪɚɜɢɥ ɩɭɬɢ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ, ɧɨ ɨɩɰɢɹ New Path Rule (ɇɨɜɨɟ ɩɪɚɜɢɥɨ ɩɭɬɢ) ɩɨɡɜɨɥɹɟɬ ɫɨɡɞɚɜɚɬɶ ɷɬɨɬ ɭɧɢɤɚɥɶɧɵɣ ɧɚɛɨɪ ɩɪɚɜɢɥ. ɉɪɢ ɫɨɡɞɚɧɢɢ ɧɨɜɨɣ ɩɨɥɢɬɢɤɢ ɨɝɪɚɧɢɱɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɮɨɪɦɢɪɭɸɬɫɹ ɱɟɬɵɪɟ ɡɚɞɚɧɧɵɯ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɪɚɜɢɥɚ ɩɭɬɢ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ. ɗɬɢ ɩɪɚɜɢɥɚ ɤɨɧɮɢɝɭɪɢɪɭɸɬ ɧɟɨɝɪɚɧɢɱɟɧɧɭɸ ɩɪɨɝɪɚɦɦɧɭɸ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɞɥɹ ɩɪɢɥɨɠɟɧɢɣ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɜ ɫɢɫɬɟɦɧɨɣ ɤɨɪɧɟɜɨɣ ɩɚɩɤɟ ɢ ɜ ɡɚɞɚɧɧɨɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɚɩɤɟ ɩɪɨɝɪɚɦɦɧɵɯ ɮɚɣɥɨɜ. • Internet zone rules (ɉɪɚɜɢɥɨ ɡɨɧ ɢɧɬɟɪɧɟɬɚ). Ɂɚɤɥɸɱɢɬɟɥɶɧɵɣ ɬɢɩ ɩɪɚɜɢɥ ɨɫɧɨɜɚɧ ɧɚ ɢɧɬɟɪɧɟ-ɡɨɧɟ, ɢɡ ɤɨɬɨɪɨɣ ɛɵɥɨ ɡɚɝɪɭɠɟɧɨ ɩɪɨɝɪɚɦɦɧɨɟ ɨɛɟɫɩɟɱɟɧɢɟ. ɇɚɩɪɢɦɟɪ, ɧɭɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɪɚɜɢɥɨ, ɩɨɡɜɨɥɹɸɳɟɟ ɜɵɩɨɥɧɟɧɢɟ ɜɫɟɯ ɩɪɢɥɨɠɟɧɢɣ, ɡɚɝɪɭɠɟɧɧɵɯ ɢɡ ɡɨɧɵ Trusted Sites (Ⱦɨɜɟɪɟɧɧɵɟ ɫɚɣɬɵ), ɢɥɢ ɩɪɚɜɢɥɨ, ɩɪɟɞɨɬɜɪɚɳɚɸɳɟɟ ɜɵɩɨɥɧɟɧɢɟ ɥɸɛɨɝɨ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɡɚɝɪɭɠɟɧɧɨɝɨ ɢɡ ɡɨɧɵ Restricted Sites (Ɉɝɪɚɧɢɱɟɧɧɵɟ ɫɚɣɬɵ). ȿɫɥɢ ɜɵ ɫɤɨɧɮɢɝɭɪɢɪɭɟɬɟ ɫɜɨɟ ɨɝɪɚɧɢɱɟɧɢɟ ɬɚɤ, ɱɬɨ ɜɫɟ ɩɪɢɥɨɠɟɧɢɹ ɞɨɥɠɧɵ ɜɵɩɨɥɧɹɬɶɫɹ, ɡɚ ɢɫɤɥɸɱɟɧɢɟɦ ɭɤɚɡɚɧɧɵɯ ɩɪɢɥɨɠɟɧɢɣ, ɬɨ ɷɬɢ ɩɪɚɜɢɥɚ ɨɩɪɟɞɟɥɹɬ ɬɟ ɩɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɵɟ ɧɟ ɛɭɞɭɬ ɜɵɩɨɥɧɹɬɶɫɹ. ȿɫɥɢ ɜɵ ɫɨɡɞɚɟɬɟ ɛɨɥɟɟ ɨɝɪɚɧɢɱɢɬɟɥɶɧɨɟ ɩɪɚɜɢɥɨ, ɛɥɨɤɢɪɭɸɳɟɟ ɜɫɟ ɩɪɢɥɨɠɟɧɢɹ, ɬɨ ɨɧɨ ɨɩɪɟɞɟɥɹɟɬ ɬɟ ɩɪɢɥɨɠɟɧɢɹ, ɤɨɬɨɪɵɦ ɩɨɡɜɨɥɟɧɨ ɜɵɩɨɥɧɹɬɶɫɹ. ɉɨɥɢɬɢɤɢ ɨɝɪɚɧɢɱɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɦɨɝɭɬ ɛɵɬɶ ɨɩɪɟɞɟɥɟɧɵ ɞɥɹ ɤɨɦɩɶɸɬɟɪɨɜ ɜ ɪɚɡɞɟɥɟ Computer Configuration\Windows Settings\Security Settings, ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɟɣ - ɜ ɪɚɡɞɟɥɟ User Configuration\Windows Settings\Security Settings. ɉɨ ɭɦɨɥɱɚɧɢɸ ɜ Active Directory ɧɟ ɭɫ ɬɚɧɚɜɥɢɜɚɟɬɫɹ ɩɨɥɢɬɢɤɢ ɨɝɪɚɧɢɱɟɧɢɹ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɩɨɥɢɬɢɤɭ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɩɚɩɤɟ Software Restrictions Policies (ɉɨɥɢɬɢɤɢ ɨɝɪɚɧɢɱɟɧɢɣ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ) ɢ ɜɵɛɟɪɢɬɟ New Software Restrictions Policy (ɇɨɜɚɹ ɩɨɥɢɬɢɤɚ). ȼ ɪɟɡɭɥɶɬɚɬɟ ɛɭɞɟɬ ɫɨɡɞɚɧɚ ɡɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɥɢɬɢɤɚ (ɫɦ. ɪɢɫ. 13-7).
. 13-7.
ɉɚɩɤɚ Security Levels (ɍɪɨɜɧɢ ɛɟɡɨɩɚɫɧɨɫɬɢ) ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɡɚɞɚɧɧɨɝɨ ɩɨ ɭɦɨɥɱɚɧɢɸ ɭɪɨɜɧɹ ɡɚɳɢɬɵ. ȼɧɭɬɪɢ ɩɚɩɤɢ ɢɦɟɸɬɫɹ ɞɜɚ ɨɛɴɟɤɬɚ: Disallowed (Ɂɚɩɪɟɳɟɧɧɵɣ) ɢ Unrestricted (ɇɟɨɝɪɚɧɢɱɟɧɧɵɣ). ȿɫɥɢ ɧɭɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɡɚɳɢɬɭ ɬɚɤ, ɱɬɨɛɵ ɜɵɩɨɥɧɹɥɢɫɶ ɜɫɟ ɩɪɢɥɨɠɟɧɢɹ ɡɚ ɢɫɤɥɸɱɟɧɢɟɦ ɫɩɟɰɢɚɥɶɧɨ ɭɤɚɡɚɧɧɵɯ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɨɛɴɟɤɬɟ Unrestricted ɢ ɜɵɛɟɪɢɬɟ Set As Default (ɍɫɬɚɧɨɜɢɬɶ ɩɨ ɭɦɨɥɱɚɧɢɸ). ȿɫɥɢ ɜɵ ɯɨɬɢɬɟ ɡɚɞɚɬɶ ɛɨɥɟɟ ɨɝɪɚɧɢɱɢɬɟɥɶɧɭɸ ɭɫɬɚɧɨɜɤɭ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ Disallowed ɢ ɭɫɬɚɧɨɜɢɬɟ ɟɝɨ ɡɚɞɚɧɧɵɦ ɩɨ ɭɦɨɥɱɚɧɢɸ. ɉɚɩɤɚ Additional Rules (Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɩɪɚɜɢɥɚ) ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɩɪɚɜɢɥ ɨɝɪɚɧɢɱɟɧɢɣ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ. ɑɬɨɛɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɪɚɜɢɥɨ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɩɚɩɤɟ Additional Rules ɢ ɜɵɛɟɪɢɬɟ ɬɢɩ ɩɪɚɜɢɥɚ, ɤɨɬɨɪɨɟ ɜɵ ɯɨɬɢɬɟ ɫɨɡɞɚɬɶ. ɇɚɩɪɢɦɟɪ, ɞɥɹ ɧɨɜɨɝɨ ɯɷɲ-ɩɪɚɜɢɥɚ ɜɵɛɟɪɢɬɟ New Hash Rule. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɧɨɜɨɟ ɯɷɲ-ɩɪɚɜɢɥɨ, ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Browse (Ɉɛɡɨɪ) ɢ ɧɚɣɞɢɬɟ ɮɚɣɥ, ɤɨɬɨɪɵɣ ɜɵ ɯɨɬɢɬɟ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɬɶ ɯɷɲɡɧɚɱɟɧɢɟɦ. ɉɪɢ ɜɵɛɨɪɟ ɮɚɣɥɚ ɯɷɲ-ɡɧɚɱɟɧɢɟ ɮɚɣɥɚ ɛɭɞɟɬ ɫɨɡɞɚɧɨ ɚɜɬɨɦɚɬɢɱɟɫɤɢ. Ɂɚɬɟɦ ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ, ɛɭɞɟɬ ɥɢ ɷɬɨ ɩɪɢɥɨɠɟɧɢɟ ɪɚɡɪɟɲɟɧɨ ɞɥɹ ɜɵɩɨɥɧɟɧɢɹ ɢɥɢ ɡɚɛɥɨɤɢɪɨɜɚɧɨ (ɫɦ. ɪɢɫ. 13-8).
. 13-8.
-
Ɉɛɴɟɤɬ Enforcement (ɉɪɢɧɭɠɞɟɧɢɟ) ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɭɤɚɡɚɧɢɹ ɩɪɢɥɨɠɟɧɢɹ, ɧɚ ɤɨɬɨɪɨɟ ɨɤɚɡɵɜɚɟɬɫɹ ɜɨɡɞɟɣɫɬɜɢɟ. Ɇɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɪɚɜɢɥɚ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɩɪɢɦɟɧɹɬɶɫɹ ɢɥɢ ɤɨ ɜɫɟɦ ɩɪɢɥɨɠɟɧɢɹɦ, ɢɥɢ ɤɨ ɜɫɟɦ ɩɪɢɥɨɠɟɧɢɹɦ, ɤɪɨɦɟ DLL. ɉɪɚɜɢɥɚ ɦɨɝɭɬ ɩɪɢɦɟɧɹɬɶɫɹ ɢɥɢ ɤɨ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ, ɢɥɢ ɤɨ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ, ɤɪɨɦɟ ɦɟɫɬɧɵɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ. Ɉɛɴɟɤɬ Designated File Types (Ɉɬɦɟɱɟɧɧɵɟ ɬɢɩɵ ɮɚɣɥɨɜ) ɨɩɪɟɞɟɥɹɟɬ ɜɫɟ ɪɚɫɲɢɪɟɧɢɹ ɮɚɣɥɨɜ, ɤɨɬɨɪɵɟ ɪɚɫɫɦɚɬɪɢɜɚɸɬɫɹ ɤɚɤ ɪɚɫɲɢɪɟɧɢɹ ɢɫɩɨɥɧɹɟɦɵɯ ɮɚɣɥɨɜ ɢ ɩɨɷɬɨɦɭ ɩɨɞɱɢɧɹɸɬɫɹ ɷɬɨɣ ɩɨɥɢɬɢɤɟ. ȼɵ ɦɨɠɟɬɟ ɞɨɛɚɜɥɹɬɶ ɢɥɢ ɭɞɚɥɹɬɶ ɮɚɣɥɨɜɵɟ ɪɚɫɲɢɪɟɧɢɹ ɢɡ ɷɬɨɝɨ ɫɩɢɫɤɚ.
Ɉɛɴɟɤɬ Trusted Publishers (Ⱦɨɜɟɪɟɧɧɵɟ ɢɡɞɚɬɟɥɢ) ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɬɨɝɨ, ɤɬɨ ɦɨɠɟɬ ɜɵɛɢɪɚɬɶ, ɹɜɥɹɟɬɫɹ ɥɢ ɢɡɞɚɬɟɥɶ ɞɨɜɟɪɟɧɧɵɦ ɢɥɢ ɧɟɬ. ȼɵ ɦɨɠɟɬɟ ɭɤɚɡɚɬɶ ɜɫɟɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɬɨɥɶɤɨ ɥɨɤɚɥɶɧɵɯ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɢɥɢ ɬɨɥɶɤɨ ɚɞɦɢɧɢɫɬɪɚɬɨɪɨɜ ɩɪɟɞɩɪɢɹɬɢɹ. ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ, ɞɨɥɠɧɚ ɥɢ ɪɚɛɨɱɚɹ ɫɬɚɧɰɢɹ ɩɪɨɜɟɪɹɬɶ ɮɚɤɬ ɜɨɡɦɨɠɧɨɣ ɨɬɦɟɧɵ ɞɟɣɫɬɜɢɹ ɫɟɪɬɢɮɢɤɚɬɚ ɩɟɪɟɞ ɜɵɩɨɥɧɟɧɢɟɦ ɩɪɢɥɨɠɟɧɢɹ.
Ʉɚɤ ɩɨɤɚɡɚɧɨ ɜ ɩɪɟɞɵɞɭɳɢɯ ɪɚɡɞɟɥɚɯ, ɫɭɳɟɫɬɜɭɸɬ ɫɨɬɧɢ ɨɩɰɢɣ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɛɟɡɨɩɚɫɧɨɫɬɢ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɜ ɫɟɬɢ Windows Server 2003. ɇɚ ɩɟɪɜɵɣ ɜɡɝɥɹɞ ɦɨɠɟɬɟ ɩɨɤɚɡɚɬɶɫɹ, ɱɬɨ ɤɨɥɢɱɟɫɬɜɨ ɨɩɰɢɣ ɧɟɩɨɦɟɪɧɨ ɜɟɥɢɤɨ. Ɍɪɭɞɧɨ ɞɚɠɟ ɨɩɪɟɞɟɥɢɬɶ, ɫ ɧɟɝɨ ɧɚɱɚɬɶ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɨɩɰɢɣ ɛɟɡɨɩɚɫɧɨɫɬɢ. Ʉ ɫɱɚɫɬɶɸ, ɤɨɦɩɚɧɢɹ Microsoft ɪɚɡɪɚɛɨɬɚɥɚ ɲɚɛɥɨɧɵ ɡɚɳɢɬɵ, ɤɨɬɨɪɵɟ ɩɨɡɜɨɥɹɸɬ ɫɩɪɚɜɢɬɶɫɹ ɫ ɷɬɨɣ ɡɚɞɚɱɟɣ. ɒɚɛɥɨɧɵ ɡɚɳɢɬɵ ɩɪɟɞɨɩɪɟɞɟɥɹɸɬ ɧɚɛɨɪɵ ɤɨɧɮɢɝɭɪɚɰɢɣ ɡɚɳɢɬɵ, ɤɨɬɨɪɵɟ ɜɵ ɦɨɠɟɬɟ ɩɪɢɦɟɧɹɬɶ ɤ ɤɨɦɩɶɸɬɟɪɚɦ ɜɚɲɟɣ ɫɟɬɢ. ȼɦɟɫɬɨ ɬɨɝɨ ɱɬɨɛɵ ɩɪɨɫɦɚɬɪɢɜɚɬɶ ɤɚɠɞɵɣ ɩɚɪɚɦɟɬɪ ɡɚɳɢɬɵ, ɦɨɠɧɨ ɜɵɛɪɚɬɶ ɲɚɛɥɨɧ ɡɚɳɢɬɵ, ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɬɨɦɭ, ɱɟɝɨ ɜɵ ɯɨɬɢɬɟ ɞɨɛɢɬɶɫɹ, ɚ ɡɚɬɟɦ ɩɪɢɦɟɧɢɬɶ ɷɬɨɬ ɲɚɛɥɨɧ, ɢɫɩɨɥɶɡɭɹ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɪɚɡɜɟɪɬɵɜɚɟɬɟ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ ɜ ɫɪɟɞɟ, ɝɞɟ ɬɪɟɛɭɸɬɫɹ ɫɬɪɨɝɢɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ, ɜɵɛɟɪɢɬɟ ɨɞɢɧ ɢɡ ɲɚɛɥɨɧɨɜ ɫɢɥɶɧɨɣ ɡɚɳɢɬɵ. ȿɫɥɢ ɜɵ ɪɚɡɜɟɪɬɵɜɚɟɬɟ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ, ɤɨɬɨɪɵɟ ɧɭɠɞɚɸɬɫɹ ɜ ɦɟɧɶɲɟɣ ɡɚɳɢɬɟ, ɬɨ ɞɥɹ ɷɬɢɯ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ ɜɵɛɟɪɢɬɟ ɞɪɭɝɨɣ ɲɚɛɥɨɧ. ɒɚɛɥɨɧɵ ɡɚɳɢɬɵ ɦɨɠɧɨ ɦɨɞɢɮɢɰɢɪɨɜɚɬɶ. ȿɫɥɢ ɜɵ ɧɟ ɧɚɣɞɟɬɟ ɲɚɛɥɨɧ ɡɚɳɢɬɵ, ɤɨɬɨɪɵɣ ɬɨɱɧɨ ɨɬɜɟɱɚɟɬ ɜɚɲɢɦ ɩɨɬɪɟɛɧɨɫɬɹɦ, ɦɨɠɧɨ ɜɵɛɪɚɬɶ ɨɞɢɧ ɢɡ ɩɪɟɞɨɩɪɟɞɟɥɟɧɧɵɯ ɲɚɛɥɨɧɨɜ, ɚ ɡɚɬɟɦ ɢɡɦɟɧɢɬɶ ɧɟɫɤɨɥɶɤɨ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ. ɉɨɱɬɢ ɜɫɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɟ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɦɨɝɭɬ ɛɵɬɶ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɲɚɛɥɨɧ ɡɚɳɢɬɵ. (ɂɫɤɥɸɱɟɧɢɹ ɫɨɫɬɚɜɥɹɸɬ ɩɨɥɢɬɢɤɢ IPSec ɢ ɩɨɥɢɬɢɤɢ ɨɬɤɪɵɬɵɯ ɤɥɸɱɟɣ.) ȼɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɜɚɲ ɫɨɛɫɬɜɟɧɧɵɣ ɲɚɛɥɨɧ ɡɚɳɢɬɵ ɢɥɢ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɞɢɧ ɢɡ ɩɪɟɞɨɩɪɟɞɟɥɟɧɧɵɯ ɲɚɛɥɨɧɨɜ. ȿɫɥɢ ɜɵ ɢɡɦɟɧɹɟɬɟ ɲɚɛɥɨɧ, ɫɨɯɪɚɧɢɬɟ ɟɝɨ ɬɚɤ, ɱɬɨɛɵ ɨɧ ɛɵɥ ɞɨɫɬɭɩɟɧ ɞɪɭɝɢɦ ɨɛɴɟɤɬɚɦ GPO. ɉɪɢ ɫɨɯɪɚɧɟɧɢɢ ɲɚɛɥɨɧɚ ɨɧ ɡɚɩɢɫɵɜɚɟɬɫɹ ɜ ɜɢɞɟ ɬɟɤɫɬɨɜɨɝɨ .inf ɮɚɣɥɚ. ɑɬɨɛɵ ɨɛɥɟɝɱɢɬɶ ɩɪɢɦɟɧɟɧɢɟ ɡɚɳɢɬɵ, ɤɨɦɩɚɧɢɹ Microsoft ɫɨɡɞɚɥɚ ɪɚɡɧɨɨɛɪɚɡɧɵɟ ɩɪɟɞɨɩɪɟɞɟɥɟɧɧɵɟ ɲɚɛɥɨɧɵ ɡɚɳɢɬɵ. ɗɬɢ ɲɚɛɥɨɧɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɵ ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɤɚɬɟɝɨɪɢɹɦɢ ɡɚɳɢɬɵ, ɬɚɤɢɦɢ ɤɚɤ default (ɡɚɞɚɧɧɚɹ ɩɨ ɭɦɨɥɱɚɧɢɸ), secure (ɛɟɡɨɩɚɫɧɚɹ) ɢ high security (ɫɢɥɶɧɚɹ ɡɚɳɢɬɚ). ɒɚɛɥɨɧɵ ɯɪɚɧɹɬɫɹ ɜ ɩɚɩɤɟ %systemroot %\security\templates. Ʉɨɝɞɚ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɫɢɫɬɟɦɵ Windows Server 2003 ɢɥɢ Windows XP Professional, ɤ ɤɨɦɩɶɸɬɟɪɭ ɩɪɢɦɟɧɹɟɬɫɹ ɲɚɛɥɨɧ Setup Security.inf. ɗɬɨɬ ɲɚɛɥɨɧ ɪɚɡɥɢɱɟɧ ɞɥɹ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ ɢ ɫɟɪɜɟɪɨɜ, ɨɧ ɬɚɤɠɟ ɡɚɜɢɫɢɬ ɨɬ ɬɨɝɨ, ɛɵɥɚ ɥɢ ɜɚɲɚ ɨɩɟɪɚɰɢɨɧɧɚɹ ɫɢɫɬɟɦɚ ɭɫɬɚɧɨɜɥɟɧɚ ɤɚɤ ɨɛɧɨɜɥɟɧɢɟ ɢɥɢ ɤɚɤ ɱɢɫɬɚɹ ɢɧɫɬɚɥɥɹɰɢɹ. ȼɵ ɦɨɠɟɬɟ ɩɨɜɬɨɪɧɨ ɩɪɢɦɟɧɹɬɶ ɲɚɛɥɨɧ ɡɚɳɢɬɵ ɜ ɥɸɛɨɟ ɜɪɟɦɹ ɩɨɫɥɟ ɧɚɱɚɥɶɧɨɣ ɢɧɫɬɚɥɥɹɰɢɢ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɢɡɦɟɧɹɸɬɫɹ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɢ ɧɭɠɧɨ ɜɟɪɧɭɬɶ ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɚɪɚɦɟɬɪɵ, ɦɨɠɧɨ ɩɨɜɬɨɪɧɨ ɩɪɢɦɟɧɢɬɶ ɷɬɨɬ ɲɚɛɥɨɧ. Ɉɧ ɫɨɡɞɚɟɬɫɹ ɜ ɩɪɨɰɟɫɫɟ ɭɫɬɚɧɨɜɤɢ ɞɥɹ ɤɚɠɞɨɝɨ ɤɨɦɩɶɸɬɟɪɚ ɢ ɞɨɥɠɟɧ ɩɪɢɦɟɧɹɬɶɫɹ ɬɨɥɶɤɨ ɥɨɤɚɥɶɧɨ. Ɉɧ ɫɨɞɟɪɠɢɬ ɦɧɨɝɨ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ, ɤɨɬɨɪɵɟ ɧɟ ɤɨɧɮɢɝɭɪɢɪɭɸɬɫɹ ɜ ɫɨɫɬɚɜɟ ɤɚɤɨɝɨ-ɥɢɛɨ ɞɪɭɝɨɝɨ ɲɚɛɥɨɧɚ. ɋɥɟɞɨɜɚɬɟɥɶɧɨ, ɧɟ ɧɭɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɡɚɞɚɧɧɨɝɨ ɩɨ ɭɦɨɥɱɚɧɢɸ ɲɚɛɥɨɧɚ. ɂɯ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɲɚɛɥɨɧɨɜ ɡɚɳɢɬɵ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɢɡɦɟɧɹɬɶ ɧɟɤɨɬɨɪɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɟ ɜ ɡɚɞɚɧɧɨɦ ɩɨ ɭɦɨɥɱɚɧɢɸ ɲɚɛɥɨɧɟ. ȿɫɥɢ ɜɵ ɭɫɬɚɧɚɜɥɢɜɚɟɬɟ ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɫɢɫɬɟɦɵ Windows Server 2003 ɢɥɢ Windows XP Professional ɤɚɤ ɨɛɧɨɜɥɟɧɢɟ ɩɪɟɞɵɞɭɳɟɣ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ, ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɲɚɛɥɨɧɵ ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɧɟ ɩɪɢɦɟɧɹɸɬɫɹ. ɗɬɨ ɝɚɪɚɧɬɢɪɭɟɬ, ɱɬɨ ɩɨɫɥɟ ɨɛɧɨɜɥɟɧɢɹ ɛɭɞɭɬ ɩɨɞɞɟɪɠɢɜɚɬɶɫɹ ɥɸɛɵɟ ɩɪɟɞɵɞɭɳɢɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɡɚɳɢɬɵ. ȿɫɥɢ ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ ɧɟ ɨɬɜɟɱɚɸɬ ɜɚɲɢɦ ɩɨɬɪɟɛɧɨɫɬɹɦ, ɩɪɢɦɟɧɢɬɟ ɞɪɭɝɢɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɡɚɳɢɬɵ, ɢɫɩɨɥɶɡɭɹ ɲɚɛɥɨɧɵ. Ɉɧɢ ɩɪɟɞɧɚɡɧɚɱɟɧɵ ɞɥɹ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɧɚ ɬɟɯ ɤɨɦɩɶɸɬɟɪɚɯ, ɝɞɟ ɭɠɟ ɜɵɩɨɥɧɹɸɬɫɹ ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɲɚɛɥɨɧɵ ɡɚɳɢɬɵ. Ʉɨɦɩɚɧɢɹ Microsoft ɜɤɥɸɱɢɥɚ ɫɥɟɞɭɸɳɢɟ ɲɚɛɥɨɧɵ ɜ ɫɢɫɬɟɦɭ Windows Server 2003. • Compatwsinf. ɗɬɨɬ ɲɚɛɥɨɧ ɦɨɠɟɬ ɩɪɢɦɟɧɹɬɶɫɹ ɤ ɪɚɛɨɱɢɦ ɫɬɚɧɰɢɹɦ ɢɥɢ ɫɟɪɜɟɪɚɦ. Windows Server 2003 ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɬɚɤ, ɱɬɨɛɵ ɛɵɬɶ ɛɨɥɟɟ ɛɟɡɨɩɚɫɧɵɦ, ɱɟɦ
ɩɪɟɞɵɞɭɳɢɟ ɜɟɪɫɢɢ Windows. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɧɟɤɨɬɨɪɵɟ ɩɪɢɥɨɠɟɧɢɹ, ɪɚɛɨɬɚɸɳɢɟ ɜ ɩɪɟɞɵɞɭɳɢɯ ɨɩɟɪɚɰɢɨɧɧɵɯ ɫɢɫɬɟɦɚɯ, ɧɟ ɛɭɞɭɬ ɜɵɩɨɥɧɹɬɶɫɹ ɜ ɫɢɫɬɟɦɚɯ Windows Server 2003 ɢɥɢ Windows XP Professional. Ɉɫɨɛɟɧɧɨ ɫɩɪɚɜɟɞɥɢɜɨ ɷɬɨ ɞɥɹ ɧɟɫɟɪ-ɬɢɮɢɰɢɪɨɜɚɧɧɵɯ ɩɪɢɥɨɠɟɧɢɣ, ɤɨɬɨɪɵɦ ɬɪɟɛɭɟɬɫɹ ɞɨɫɬɭɩ ɩɨɥɶɡɨɜɚɬɟɥɹ ɤ ɫɢɫɬɟɦɧɨɦɭ ɪɟɟɫɬɪɭ. Ɉɞɢɧ ɢɡ ɫɩɨɫɨɛɨɜ ɜɵɩɨɥɧɢɬɶ ɬɚɤɢɟ ɩɪɢɥɨɠɟɧɢɹ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɫɞɟɥɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɱɥɟɧɨɦ ɝɪɭɩɩɵ Power Users (ɉɨɥɧɨɦɨɱɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ), ɤɨɬɨɪɚɹ ɢɦɟɟɬ ɛɨɥɟɟ ɜɵɫɨɤɢɣ ɭɪɨɜɟɧɶ ɪɚɡɪɟɲɟɧɢɣ, ɱɟɦ ɨɛɵɱɧɵɣ ɩɨɥɶɡɨɜɚɬɟɥɶ. Ⱦɪɭɝɨɣ ɜɚɪɢɚɧɬ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɨɫɥɚɛɢɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ ɧɚ ɜɵɛɪɚɧɧɵɯ ɮɚɣɥɚɯ ɢ ɤɥɸɱɚɯ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ ɬɚɤ, ɱɬɨɛɵ ɝɪɭɩɩɚ Users (ɉɨɥɶɡɨɜɚɬɟɥɢ) ɢɦɟɥɚ ɛɨɥɶɲɟ ɪɚɡɪɟɲɟɧɢɣ. ɒɚɛɥɨɧ Compatws.inf ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɩɪɢɦɟɧɟɧɢɹ ɜɬɨɪɨɝɨ ɜɚɪɢɚɧɬɚ. ɉɪɢɦɟɧɟɧɢɟ ɷɬɨɝɨ ɲɚɛɥɨɧɚ ɢɡɦɟɧɹɟɬ ɡɚɞɚɧɧɵɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɮɚɣɥ ɢ ɪɚɡɪɟɲɟɧɢɹ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ ɬɚɤ, ɱɬɨɛɵ ɱɥɟɧɵ ɝɪɭɩɩɵ Users ɦɨɝɥɢ ɜɵɩɨɥɧɹɬɶ ɛɨɥɶɲɢɧɫɬɜɨ ɩɪɢɥɨɠɟɧɢɣ. • Securewsinf ɢ Securedcinf. ɗɬɢ ɲɚɛɥɨɧɵ ɨɛɟɫɩɟɱɢɜɚɸɬ ɭɫɢɥɟɧɧɭɸ ɡɚɳɢɬɭ ɞɥɹ ɩɨɥɢɬɢɤɢ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ, ɚɭɞɢɬɚ ɢ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɞɨɫɬɭɩ ɤ ɫɢɫɬɟɦɧɨɦɭ ɪɟɟɫɬɪɭ. Ɉɧɢ ɨɝɪɚɧɢɱɢɜɚɸɬ ɢɫɩɨɥɶɡɨɜɚɧɢɟ NTLM-ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ, ɜɤɥɸɱɚɹ ɩɨɞɩɢɫɢ ɧɚ ɫɟɪɜɟɪɚɯ ɩɚɤɟɬɨɜ ɛɥɨɤɚ ɫɟɪɜɟɪɧɵɯ ɫɨɨɛɳɟɧɢɣ (Server Message Block - SMB). ɒɚɛɥɨɧ Securews.inf ɩɪɢɦɟɧɢɦ ɞɥɹ ɥɸɛɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɢɥɢ ɫɟɪɜɟɪɚ, ɚ ɲɚɛɥɨɧ Securedcinf - ɬɨɥɶɤɨ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. • Hisecwsinf ɢ Hisecdc.inf. ɗɬɢ ɲɚɛɥɨɧɵ ɩɨɫɥɟɞɨɜɚɬɟɥɶɧɨ ɭɜɟɥɢɱɢɜɚɸɬ ɡɚɳɢɬɭ, ɤɨɬɨɪɚɹ ɫɨɡɞɚɟɬɫɹ ɞɪɭɝɢɦɢ ɲɚɛɥɨɧɚɦɢ. Ɂɚɳɢɬɚ ɭɫɢɥɢɜɚɟɬɫɹ ɜ ɨɛɥɚɫɬɹɯ, ɡɚɬɪɚɝɢɜɚɸɳɢɯ ɫɟɬɟɜɵɟ ɩɪɨɬɨɤɨɥɵ ɫɜɹɡɢ. Ɉɧɢ ɞɨɥɠɧɵ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɬɨɥɶɤɨ ɜ ɫɟɬɹɯ, ɜɤɥɸɱɚɸɳɢɯ ɤɨɦɩɶɸɬɟɪɵ ɫ ɫɢɫɬɟɦɚɦɢ Windows Server 2003, Windows 2000 ɢɥɢ Windows XP, ɢ ɞɨɥɠɧɵ ɛɵɬɶ ɩɪɨɬɟɫɬɢɪɨɜɚɧɵ ɢ ɩɪɢɦɟɧɟɧɵ ɧɚ ɜɫɟɯ ɤɨɦɩɶɸɬɟɪɚɯ, ɱɬɨɛɵ ɭɛɟɞɢɬɶɫɹ, ɱɬɨ ɜɫɟ ɨɧɢ ɪɚɛɨɬɚɸɬ ɧɚ ɨɞɧɨɦ ɢ ɬɨɦ ɠɟ ɭɪɨɜɧɟ ɡɚɳɢɬɵ. ɒɚɛɥɨɧ Hisecws.inf ɩɪɢɦɟɧɹɟɬɫɹ ɞɥɹ ɥɸɛɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɢɥɢ ɫɟɪɜɟɪɟ, ɚ ɲɚɛɥɨɧ Hisecdc.inf - ɬɨɥɶɤɨ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. • DC security.inf. ɗɬɨɬ ɲɚɛɥɨɧ ɩɪɢɦɟɧɹɟɬɫɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɜɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɫɟɪɜɟɪ-ɱɥɟɧ ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows Server 2003 ɧɚɡɧɚɱɚɟɬɫɹ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. Ɉɧ ɞɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɚɞɦɢɧɢɫɬɪɚɬɨɪɭ ɩɨɜɬɨɪɧɨ ɩɪɢɦɟɧɢɬɶ ɧɚɱɚɥɶɧɭɸ ɡɚɳɢɬɭ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɟɫɥɢ ɜɨɡɧɢɤɚɟɬ ɬɚɤɚɹ ɩɨɬɪɟɛɧɨɫɬɶ. • Notssid.inf. ɗɬɨɬ ɲɚɛɥɨɧ ɭɞɚɥɹɟɬ ɢɞɟɧɬɢɮɢɤɚɬɨɪ ɛɟɡɨɩɚɫɧɨɫɬɢ SID ɝɪɭɩɩɵ ɛɟɡɨɩɚɫɧɨɫɬɢ Terminal Users (ɉɨɥɶɡɨɜɚɬɟɥɢ ɬɟɪɦɢɧɚɥɚ) ɢɡ ɜɫɟɯ «ɬɢɫɤɨɜ ɭɩɪɚɜɥɟɧɢɹ ɪɚɡɝɪɚɧɢɱɢɬɟɥɶɧɵɦ ɞɨɫɬɭɩɨɦ DACL ɧɚ ɫɟɪɜɟɪɟ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɨɜɵɲɟɧɢɹ ɛɟɡɨɩɚɫɧɨɫɬɢ ɬɟɪɦɢɧɚɥɶɧɵɯ ɫɟɪɜɟɪɨɜ, ɩɨɬɨɦɭ ɱɬɨ ɜɫɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɬɟɪɦɢɧɚɥɶɧɨɝɨ ɫɟɪɜɟɪɚ ɛɭɞɭɬ ɢɦɟɬɶ ɪɚɡɪɟɲɟɧɢɹ, ɩɨɥɭɱɟɧɧɵɟ ɱɟɪɟɡ ɱɥɟɧɫɬɜɨ ɢɧɞɢɜɢɞɭɚɥɶɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ, ɚ ɧɟ ɱɟɪɟɡ ɨɛɳɭɸ ɝɪɭɩɩɭ ɛɟɡɨɩɚɫɧɨɫɬɢ Terminal Users. ɗɬɨɬ ɲɚɛɥɨɧ ɜɤɥɸɱɟɧ ɬɨɥɶɤɨ ɜ Windows Server 2003, ɤɨɬɨɪɵɣ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɤɚɤ ɬɟɪɦɢɧɚɥɶɧɵɣ ɫɟɪɜɟɪ ɜ ɪɟɠɢɦɟ ɩɪɢɥɨɠɟɧɢɣ. • Rootsec.inf. ɗɬɨɬ ɲɚɛɥɨɧ ɩɟɪɟɭɫɬɚɧɚɜɥɢɜɚɟɬ ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɪɚɡɪɟɲɟɧɢɹ ɫɢɫɬɟɦɧɨɣ ɤɨɪɧɟɜɨɣ ɩɚɩɤɢ ɢ ɪɚɫɩɪɨɫɬɪɚɧɹɟɬ ɭɧɚɫɥɟɞɨɜɚɧɧɵɟ ɪɚɡɪɟɲɟɧɢɹ ɧɚ ɜɫɟ ɩɨɞɩɚɩɤɢ ɢ ɮɚɣɥɵ, ɪɚɫɩɨɥɨɠɟɧɧɵɟ ɜ ɤɨɪɧɟɜɨɣ ɩɚɩɤɟ. ɉɪɢɦɟɧɟɧɢɟ ɷɬɨɝɨ ɲɚɛɥɨɧɚ ɧɟ ɢɡɦɟɧɹɟɬ ɹɜɧɵɟ ɪɚɡɪɟɲɟɧɢɹ, ɧɚɡɧɚɱɟɧɧɵɟ ɧɚ ɮɚɣɥɵ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɪɟɲɢɥɢ, ɤɚɤɨɣ ɲɚɛɥɨɧ ɡɚɳɢɬɵ ɢɫɩɨɥɶɡɨɜɚɬɶ, ɢɦɢ ɦɨɠɧɨ ɭɩɪɚɜɥɹɬɶ ɱɟɪɟɡ ɪɟɞɚɤɬɨɪ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. ȿɫɥɢ ɧɭɠɧɨ ɭɫɬɚɧɨɜɢɬɶ ɨɞɢɧ ɢɡ ɧɚɫɬɪɨɟɧɧɵɯ ɲɚɛɥɨɧɨɜ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɩɚɩɤɟ Security Settings ɢ ɜɵɛɟɪɢɬɟ Import Policy (ɂɦɩɨɪɬ ɩɨɥɢɬɢɤɢ). ɉɨ ɭɦɨɥɱɚɧɢɸ ɞɢɚɥɨɝɨɜɨɟ ɨɤɧɨ ɨɬɤɪɨɟɬ ɩɚɩɤɭ %systemroot %\Security\Templates, ɝɞɟ ɪɚɫɩɨɥɨɠɟɧɵ ɩɪɟɞɨɩɪɟɞɟɥɟɧɧɵɟ ɲɚɛɥɨɧɵ ɡɚɳɢɬɵ. Ʉɨɝɞɚ ɜɵ ɜɵɛɟɪɟɬɟ ɨɞɢɧ ɢɡ ɲɚɛɥɨɧɨɜ, ɨɧ ɡɚɝɪɭɡɢɬɫɹ ɜ ɪɟɞɚɤɬɨɪ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. Ɂɚɬɟɦ ɦɨɠɧɨ ɩɪɢɦɟɧɢɬɶ ɷɬɭ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ ɤ ɜɵɛɪɚɧɧɨɦɭ ɤɨɧɬɟɣɧɟɪɧɨɦɭ ɨɛɴɟɤɬɭ. ȼɵ ɦɨɠɟɬɟ ɢɡɦɟɧɢɬɶ ɢɦɩɨɪɬɢɪɨɜɚɧɧɵɣ ɲɚɛɥɨɧ ɡɚɳɢɬɵ ɬɚɤ, ɱɬɨɛɵ ɨɧ ɬɨɱɧɨ ɭɞɨɜɥɟɬɜɨɪɹɥ ɜɚɲɢɦ ɬɪɟɛɨɜɚɧɢɹɦ. ɉɨɫɥɟ ɷɬɨɝɨ ɷɤɫɩɨɪɬɢɪɭɣɬɟ ɲɚɛɥɨɧ, ɱɬɨɛɵ ɨɧ ɛɵɥ ɞɨɫɬɭɩɟɧ ɞɥɹ ɢɦɩɨɪɬɢɪɨɜɚɧɢɹ ɜ ɞɪɭɝɭɸ ɝɪɭɩɩɨɜɭɸ ɩɨɥɢɬɢɤɭ.
ɋɢɫɬɟɦɚ Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɲɚɛɥɨɧɚɦɢ ɡɚɳɢɬɵ. Ɉɞɧɨ ɢɡ ɷɬɢɯ ɫɪɟɞɫɬɜ - ɨɫɧɚɫɬɤɚ Security Configuration And Analysis (Ʉɨɧɮɢɝɭɪɚɰɢɹ ɡɚɳɢɬɵ ɢ ɚɧɚɥɢɡ), ɤɨɬɨɪɚɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɫɨɡɞɚɧɢɹ ɢɥɢ ɢɡɦɟɧɟɧɢɹ ɫɭɳɟɫɬɜɭɸɳɢɯ
ɲɚɛɥɨɧɨɜ ɡɚɳɢɬɵ. Ɂɚɬɟɦ ɲɚɛɥɨɧ ɡɚɝɪɭɠɚɟɬɫɹ ɜ ɨɫɧɚɫɬɤɭ Security Configuration And Analysis ɢ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɚɧɚɥɢɡɚ ɨɩɪɟɞɟɥɟɧɧɵɯ ɤɨɦɩɶɸɬɟɪɨɜ. ɇɚɩɪɢɦɟɪ, ɦɨɠɧɨ ɡɚɝɪɭɡɢɬɶ ɲɚɛɥɨɧ ɫɢɥɶɧɨɣ ɡɚɳɢɬɵ, ɚ ɡɚɬɟɦ ɩɪɨɚɧɚɥɢɡɢɪɨɜɚɬɶ, ɢɦɟɸɬɫɹ ɥɢ ɪɚɡɥɢɱɢɹ ɦɟɠɞɭ ɲɚɛɥɨɧɨɦ ɢ ɬɟɤɭɳɟɣ ɤɨɦɩɶɸɬɟɪɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɟɣ. ɇɚ ɪɢɫɭɧɤɟ 13-9 ɩɨɤɚɡɚɧ ɩɪɢɦɟɪ ɪɟɡɭɥɶɬɚɬɨɜ ɬɚɤɨɝɨ ɚɧɚɥɢɡɚ. ȼɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɷɬɨɬ ɢɧɫɬɪɭɦɟɧɬ ɢ ɞɥɹ ɩɪɢɦɟɧɟɧɢɹ ɲɚɛɥɨɧɚ ɡɚɳɢɬɵ ɤ ɤɨɦɩɶɸɬɟɪɭ. ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ Security Configuration And Analysis ɢ ɜɵɛɟɪɢɬɟ Configure Computer Now (ɋɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɤɨɦɩɶɸɬɟɪ ɫɟɣɱɚɫ). ȼɫɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ ɧɚ ɤɨɦɩɶɸɬɟɪɟ ɛɭɞɭɬ ɢɡɦɟɧɟɧɵ ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɲɚɛɥɨɧɨɦ ɡɚɳɢɬɵ.
. 13-9. Configuration And Analysis
Security
Ɉɫɧɚɫɬɤɚ Security Configuration And Analysis ɧɟ ɩɪɟɞɧɚɡɧɚɱɟɧɚ ɞɥɹ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɫ ɝɪɭɩɩɨɜɵɦɢ ɩɨɥɢɬɢɤɚɦɢ. ɗɬɨɬ ɢɧɫɬɪɭɦɟɧɬ ɢɫɩɨɥɶɡɭɟɬ ɬɟ ɠɟ ɫɚɦɵɟ ɩɪɟɞɨɩɪɟɞɟɥɟɧɧɵɟ ɲɚɛɥɨɧɵ ɡɚɳɢɬɵ, ɱɬɨ ɢ ɪɟɞɚɤɬɨɪ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɧɨ ɨɧ ɩɪɟɞɥɚɝɚɟɬ ɚɥɶɬɟɪɧɚɬɢɜɧɵɟ ɫɪɟɞɫɬɜɚ ɞɥɹ ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɲɚɛɥɨɧɨɜ. Ɉɧ ɩɪɟɞɧɚɡɧɚɱɟɧ ɩɪɟɠɞɟ ɜɫɟɝɨ ɞɥɹ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɫ ɚɜɬɨɧɨɦɧɵɦɢ ɤɨɦɩɶɸɬɟɪɚɦɢ. ɂɧɫɬɪɭɦɟɧɬ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ Secedit ɨɛɟɫɩɟɱɢɜɚɟɬ ɩɨɯɨɠɢɟ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ. ɋ ɩɨɦɨɳɶɸ ɧɟɝɨ ɦɨɠɧɨ ɚɧɚɥɢɡɢɪɨɜɚɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɤɨɦɩɶɸɬɟɪɚ, ɨɫɧɨɜɚɧɧɵɟ ɧɚ ɲɚɛɥɨɧɟ, ɚ ɡɚɬɟɦ ɩɪɢɦɟɧɹɬɶ ɷɬɢ ɩɚɪɚɦɟɬɪɵ. Ɉɞɧɚ ɢɡ ɩɨɥɟɡɧɵɯ ɮɭɧɤɰɢɣ ɢɧɫɬɪɭɦɟɧɬɚ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ Secedit ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɜɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɟɝɨ ɞɥɹ ɝɟɧɟɪɚɰɢɢ ɨɬɤɚɬɚ ɤɨɧɮɢɝɭɪɚɰɢɢ ɩɟɪɟɞ ɩɪɢɦɟɧɟɧɢɟɦ ɲɚɛɥɨɧɚ ɡɚɳɢɬɵ. ɗɬɚ ɨɩɰɢɹ ɨɛɟɫɩɟɱɢɜɚɟɬ ɩɪɨɫɬɨɣ ɩɥɚɧ ɜɨɡɜɪɚɬɚ, ɟɫɥɢ ɩɪɢɦɟɧɹɟɦɵɣ ɜɚɦɢ ɲɚɛɥɨɧ ɡɚɳɢɬɵ ɨɤɚɠɟɬɫɹ ɧɟɩɨɞɯɨɞɹɳɢɦ.
Ɉɞɧɚ ɢɡ ɧɚɢɛɨɥɟɟ ɦɨɳɧɵɯ ɨɩɰɢɣ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɪɚɛɨɱɢɦɢ ɫɬɨɥɚɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɫ ɩɨɦɨɳɶɸ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ, ɫɨɫɬɨɢɬ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɲɚɛɥɨɧɨɜ. Ⱥɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɲɚɛɥɨɧɵ ɩɪɢɦɟɧɹɸɬɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ ɧɚ ɤɨɦɩɶɸɬɟɪɚɯ ɫ ɫɢɫɬɟɦɚɦɢ Windows 2000 Server, Windows 2000 Professional, Windows XP Professional ɢɥɢ Windows Server 2003. Ⱥɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɲɚɛɥɨɧɵ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɛɨɥɶɲɨɝɨ ɤɨɥɢɱɟɫɬɜɚ ɪɚɡɧɨɨɛɪɚɡɧɵɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ, ɤɨɬɨɪɵɯ ɫɭɳɟɫɬɜɭɟɬ ɛɨɥɟɟ 700. ɂɯ ɬɚɤ ɦɧɨɝɨ, ɱɬɨ ɷɬɨɬ ɪɚɡɞɟɥ, ɜɨɡɦɨɠɧɨ, ɧɟ ɫɦɨɠɟɬ ɨɯɜɚɬɢɬɶ ɢɯ ɜɫɟ. ȼ ɬɚɛɥɢɰɟ 13-7 ɩɪɢɜɨɞɢɬɫɹ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɬɨɥɶɤɨ ɧɟɫɤɨɥɶɤɢɯ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɲɚɛɥɨɧɨɜ, ɱɬɨɛɵ ɜɵ ɩɨɱɭɜɫɬɜɨɜɚɥɢ ɫɢɥɭ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ. Ⱥɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɲɚɛɥɨɧɵ ɢɦɟɸɬɫɹ ɬɚɤɠɟ ɢ ɜ Active Directory Windows 2000, ɧɨ ɜ Windows Server 2003 ɞɨɛɚɜɥɟɧɨ ɨɤɨɥɨ 150 ɧɨɜɵɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ. ȼ ɬɚɛɥɢɰɟ 13-7 ɩɟɪɟɱɢɫɥɹɸɬɫɹ ɬɚɤɠɟ ɧɟɤɨɬɨɪɵɟ ɧɨɜɵɟ ɮɭɧɤɰɢɢ, ɤɨɬɨɪɵɟ ɞɨɫɬɭɩɧɵ ɜ Active Directory Windows Server 2003 ɤɥɢɟɧɬɚɦ ɫ Windows XP Professional.
. 13-7.
Ɇɟɫɬɨ ɪɚɫɩɨɥɨɠɟɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɝɨ ɲɚɛɥɨɧɚ Computer Conf iguration\ Administrative Templates\ System\Net Logon
ɉɨɹɫɧɟɧɢɟ Ɉɛɟɫɩɟɱɢɜɚɟɬ ɪɚɡɧɨɨɛɪɚɡɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɭɩɪɚɜɥɹɸɳɢɟ ɦɟɫɬɨɦ ɪɚɫɩɨɥɨɠɟɧɢɹ ɤɥɢɟɧɬɫɤɨɝɨ ɤɨɦɩɶɸɬɟɪɚ ɢ ɤɷɲɢɪɨɜɚɧɢɟɦ ɡɚɩɢɫɟɣ DNS ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ.
Ɉɛɟɫɩɟɱɢɜɚɟɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɞɥɹ ɮɭɧɤɰɢɢ Remote Assistance (ɍɞɚɥɟɧɧɚɹ ɩɨɦɨɳɶ), ɢɦɟɸɳɟɣɫɹ ɜ ɫɢɫɬɟɦɟ Windows ɏɊ Professional. Computer Conf iguration\ Ɉɛɟɫɩɟɱɢɜɚɟɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɤɨɬɨɪɵɟ Administrative Templates\ Windows ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ Components\ Terminal Services ɫɥɭɠɛ ɬɟɪɦɢɧɚɥɚ Terminal Services ɧɚ ɫɟɪɜɟɪɟ ɢ ɧɚ ɤɥɢɟɧɬɚɯ. User Conf iguration\ Administrative Ɉɛɟɫɩɟɱɢɜɚɟɬ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɟ ɩɚɪɚɦɟɬɪɨɜ Templates\ Network\Network ɧɚɫɬɪɨɣɤɢ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ Connections ɫɟɬɟɜɵɦɢ ɫɜɹɡɹɦɢ, ɢ ɨɝɪɚɧɢɱɟɧɢɹ ɞɨɫɬɭɩɚ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɤ ɫɟɬɟɜɵɦ ɩɨɞɤɥɸɱɟɧɢɹɦ. Computer Configuration\ Administrative Templates\ System\Remote Assistance
User Conf iguration\ Admin istrative Templates\Control Panel User Conf iguration\ Administrative Templates\ Windows Components\ Internet Explorer
Ɉɛɟɫɩɟɱɢɜɚɟɬ ɤɨɧɮɢɝɭɪɚɰɢɸ ɱɚɫɬɟɣ ɩɚɧɟɥɢ ɭɩɪɚɜɥɟɧɢɹ ɢ ɜɨɡɦɨɠɧɨɫɬɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɩɨ ɢɡɦɟɧɟɧɢɸ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɱɟɪɟɡ ɩɚɧɟɥɶ ɭɩɪɚɜɥɟɧɢɹ. Ɉɛɟɫɩɟɱɢɜɚɟɬ ɪɚɡɧɨɨɛɪɚɡɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɟ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɤɨɧɮɢɝɭɪɚɰɢɟɣ ɩɪɢɥɨɠɟɧɢɹ Internet Explorer. Ɍɪɟɛɭɟɬɫɹ Internet Explorer ɜɟɪɫɢɢ 5.01 ɢɥɢ ɛɨɥɟɟ ɩɨɡɞɧɟɣ.
Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. ɉɨɥɧɵɣ ɫɩɢɫɨɤ ɜɫɟɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɫɦɨɬɪɢɬɟ ɩɨ ɚɞɪɟɫɭ http:// www.microsoft.com/windowsxp/prdytechinfo/administration/ policy /winxpgpset.xls. Ɉɞɧɨ ɢɡ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɢɣ Active Directory Windows Server 2003 — ɷɬɨ ɭɥɭɱɲɟɧɧɚɹ ɫɩɪɚɜɤɚ ɩɨ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɦ ɲɚɛɥɨɧɚɦ. Ɍɟɩɟɪɶ Active Directory ɩɨɫɬɚɜɥɹɟɬɫɹ ɫ ɩɨɥɧɵɦ ɧɚɛɨɪɨɦ ɫɩɪɚɜɨɱɧɵɯ ɮɚɣɥɨɜ, ɞɟɬɚɥɢɡɢɪɭɸɳɢɯ ɤɚɠɞɭɸ ɩɨɞɛɨɪɤɭ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɲɚɛɥɨɧɨɜ. ɑɬɨɛɵ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɪɚɫɲɢɪɟɧɧɨɣ ɫɩɪɚɜɤɟ ɩɨ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɦ ɲɚɛɥɨɧɚɦ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɩɚɩɤɟ Administrative Templates ɜ ɪɟɞɚɤɬɨɪɟ ɨɛɴɟɤɬɨɜ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɢ ɜɵɛɟɪɢɬɟ Help (ɋɩɪɚɜɤɚ). Ɂɚɬɟɦ ɜɵɛɟɪɢɬɟ ɩɨɞɯɨɞɹɳɭɸ ɤɚɬɟɝɨɪɢɸ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɝɨ ɲɚɛɥɨɧɚ. ɇɚ ɪɢɫɭɧɤɟ 13-10 ɩɨɤɚɡɚɧɵ ɞɟɬɚɥɢ, ɤɚɫɚɸɳɢɟɫɹ ɤɚɬɟɝɨɪɢɢ System (ɋɢɫɬɟɦɚ). ɋɢɫɬɟɦɧɵɟ ɩɨɥɢɬɢɤɢ ɜ Windows NT ɨɛɟɫɩɟɱɢɜɚɸɬ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ, ɩɨɞɨɛɧɵɟ ɮɭɧɤɰɢɨɧɚɥɶɧɨɫɬɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɲɚɛɥɨɧɨɜ ɜ Active Directory Windows Server 2003. Ɉɛɚ ɢɧɫɬɪɭɦɟɧɬɚ ɩɨɡɜɨɥɹɸɬ ɞɟɥɚɬɶ ɢɡɦɟɧɟɧɢɹ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ ɜ ɫɢɫɬɟɦɟ ɤɥɢɟɧɬɨɜ ɞɥɹ ɦɨɞɢɮɢɤɚɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ. Ɉɞɧɚɤɨ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɲɚɛɥɨɧɵ ɨɛɟɫɩɟɱɢɜɚɸɬ ɫɭɳɟɫɬɜɟɧɧɵɟ ɩɪɟɢɦɭɳɟɫɬɜɚ ɩɨ ɫɪɚɜɧɟɧɢɸ ɫ ɫɢɫɬɟɦɧɵɦɢ ɩɨɥɢɬɢɤɚɦɢ. Ɉɞɧɨ ɢɡ ɫɚɦɵɯ ɛɨɥɶɲɢɯ ɩɪɟɢɦɭɳɟɫɬɜ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɧɢ ɧɟ ɨɫɬɚɜɥɹɸɬ ɧɟɭɞɚɥɹɟɦɵɯ ɫɥɟɞɨɜ ɜ ɫɢɫɬɟɦɧɨɦ ɪɟɟɫɬɪɟ, ɤɚɤ ɷɬɨ ɞɟɥɚɸɬ ɫɢɫɬɟɦɧɵɟ ɩɨɥɢɬɢɤɢ. Ʉɨɝɞɚ ɜɵ ɞɟɥɚɟɬɟ ɢɡɦɟɧɟɧɢɟ, ɢɫɩɨɥɶɡɭɹ ɫɢɫɬɟɦɧɭɸ ɩɨɥɢɬɢɤɭ, ɨɧɨ ɡɚɩɢɫɵɜɚɟɬɫɹ ɜ ɫɢɫɬɟɦɧɵɣ ɪɟɟɫɬɪ, ɢ ɞɥɹ ɬɨɝɨ ɱɬɨɛɵ ɢɡɦɟɧɢɬɶ ɷɬɭ ɭɫɬɚɧɨɜɤɭ ɫɧɨɜɚ, ɧɚɞɨ ɞɟɥɚɬɶ ɷɬɨ ɜɪɭɱɧɭɸ ɢɥɢ ɢɫɩɨɥɶɡɨɜɚɬɶ ɫɢɫɬɟɦɧɭɸ ɩɨɥɢɬɢɤɭ. ȿɫɥɢ ɜɵ ɭɞɚɥɢɬɟ ɫɢɫɬɟɦɧɭɸ ɩɨɥɢɬɢɤɭ, ɢɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɤ ɫɢɫɬɟɦɧɨɦɭ ɪɟɟɫɬɪɭ, ɧɟ ɛɭɞɭɬ ɭɞɚɥɟɧɵ. ȼ Active Directory ɢɡɦɟɧɟɧɢɹ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ, ɫɞɟɥɚɧɧɵɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɦɢ ɲɚɛɥɨɧɚɦɢ, ɡɚɩɢɫɵɜɚɸɬɫɹ ɜ ɫɩɟɰɢɚɥɶɧɵɟ ɩɨɞɤɥɸɱɢ ɜ ɫɢɫɬɟɦɧɨɦ ɪɟɟɫɬɪɟ. Ʌɸɛɵɟ ɢɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɜ ɪɚɡɞɟɥɟ User Configuration, ɡɚɩɢɫɵɜɚɸɬɫɹ ɜ ɤɥɸɱɟ HKEY_CURRENT_USER ɢ ɫɨɯɪɚɧɹɸɬɫɹ ɜ ɩɚɩɤɟ \Software\Policies ɢɥɢ \Software\Microsoft\Windows\CurrentVersion\Policies. ɂɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɜ ɪɚɡɞɟɥɟ Computer Configuration, ɫɨɯɪɚɧɹɸɬɫɹ ɩɨɞ ɬɟɦɢ ɠɟ ɫɚɦɵɦɢ ɩɨɞɤɥɸɱɚɦɢ ɜ
ɤɥɸɱɟ ɇɄȿY_LOCAL_MACHINE. ɉɪɢ ɧɚɱɚɥɶɧɨɣ ɡɚɝɪɭɡɤɟ ɤɨɦɩɶɸɬɟɪɚ ɢɥɢ ɩɪɢ ɜɯɨɞɟ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ ɫɢɫɬɟɦɭ ɡɚɝɪɭɠɚɸɬɫɹ ɨɛɵɱɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ, ɚ ɡɚɬɟɦ ɷɬɢ ɤɥɸɱɢ ɢɫɫɥɟɞɭɸɬɫɹ ɧɚ ɧɚɥɢɱɢɟ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ. ȿɫɥɢ ɷɬɢ ɩɚɪɚɦɟɬɪɵ ɛɭɞɭɬ ɧɚɣɞɟɧɵ, ɬɨ ɨɧɢ ɡɚɝɪɭɡɹɬɫɹ ɜ ɫɢɫɬɟɦɧɵɣ ɪɟɟɫɬɪ, ɡɚɩɢɫɵɜɚɹɫɶ ɩɨɜɟɪɯ ɫɭɳɟɫɬɜɭɸɳɢɯ ɡɚɩɢɫɟɣ, ɟɫɥɢ ɬɚɤɢɟ ɡɚɩɢɫɢ ɢɦɟɸɬɫɹ. ȿɫɥɢ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɣ ɲɚɛɥɨɧ ɭɞɚɥɟɧ, ɢɥɢ ɤɨɦɩɶɸɬɟɪ (ɩɨɥɶɡɨɜɚɬɟɥɶ) ɛɭɞɟɬ ɩɟɪɟɦɟɳɟɧ ɜ ɞɪɭɝɨɣ ɤɨɧɬɟɣɧɟɪ, ɝɞɟ ɞɚɧɧɵɣ ɲɚɛɥɨɧ ɧɟ ɩɪɢɦɟɧɹɟɬɫɹ, ɢɧɮɨɪɦɚɰɢɹ ɜ ɤɥɸɱɚɯ Policies ɭɞɚɥɹɟɬɫɹ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɲɚɛɥɨɧɵ ɛɨɥɶɲɟ ɧɟ ɩɪɢɦɟɧɹɸɬɫɹ, ɧɨ ɨɛɵɱɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ ɛɭɞɭɬ ɩɪɢɦɟɧɹɬɶɫɹ.
. 13-10.
Ⱥɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɲɚɛɥɨɧɵ ɯɪɚɧɹɬɫɹ ɜ ɧɟɫɤɨɥɶɤɢɯ ɬɟɤɫɬɨɜɵɯ ɮɚɣɥɚɯ .adm. ɉɨ ɭɦɨɥɱɚɧɢɸ ɷɬɢ ɮɚɣɥɵ ɪɚɫɩɨɥɨɠɟɧɵ ɜ ɩɚɩɤɟ %systemroot %\Inf . ȼ ɬɚɛɥɢɰɟ 13-8 ɩɟɪɟɱɢɫɥɟɧɵ ɮɚɣɥɵ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɲɚɛɥɨɧɨɜ, ɤɨɬɨɪɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɭɫɬɚɧɚɜɥɢɜɚɸɬɫɹ ɫ ɫɢɫɬɟɦɨɣ Windows Server 2003. . 13-8.
,
Windows Server 2003
Ⱥɞɦɢɧɢɫɬɪɚɬɢɜɧɵɣ ɲɚɛɥɨɧ
ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɤɨɧɮɢɝɭɪɚɰɢɢ
System.adm
ɋɢɫɬɟɦɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ.
Inetres.adm
ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɩɪɢɥɨɠɟɧɢɹ Internet Explorer. ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɩɪɢɥɨɠɟɧɢɹ Microsoft Windows Media Player. ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɩɪɢɥɨɠɟɧɢɹ Microsoft NetMeeting. ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ Windows Update.
Wmplayer.adm Conf.adm Wuau.adm
Ɏɚɣɥɵ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɲɚɛɥɨɧɨɜ ɫɨɫɬɨɹɬ ɢɡ ɡɚɩɢɫɟɣ, ɨɩɪɟɞɟɥɹɸɳɢɯ ɨɩɰɢɢ, ɤɨɬɨɪɵɟ ɞɨɫɬɭɩɧɵ ɱɟɪɟɡ ɞɚɧɧɵɣ ɲɚɛɥɨɧ. Ʉɚɠɞɚɹ ɡɚɩɢɫɶ ɜ ɮɚɣɥɟ .adm ɜɵɝɥɹɞɢɬ ɬɚɤ ɤɚɤ ɩɨɤɚɡɚɧɨ ɧɚ ɪɢɫɭɧɤɟ 13-11. ȼ ɬɚɛɥɢɰɟ 13-9 ɩɨɹɫɧɹɸɬɫɹ ɡɚɩɢɫɢ, ɨɬɧɨɫɹɳɢɟɫɹ ɤ ɲɚɛɥɨɧɭ.
. 13-11.
System.adm
Ⱥɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɲɚɛɥɨɧɵ ɞɥɹ ɤɚɠɞɨɣ ɝɪɭɩɩɨɜɨɣ ɩɨɥɢɬɢɤɢ ɯɪɚɧɹɬɫɹ ɜ ɩɚɩɤɟ Sysvol, ɪɚɫɩɨɥɨɠɟɧɧɨɣ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɢ ɪɟɩɥɢɰɢɪɭɸɬɫɹ ɧɚ ɜɫɟ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. ɒɚɛɥɨɧɵ ɯɪɚɧɹɬɫɹ ɜ ɮɚɣɥɟ Registry.pol, ɪɚɫɩɨɥɨɠɟɧɧɨɦ ɜ ɩɚɩɤɟ %systemroot%\ SYSVOL\ sysvol\ domainname\ Policies\ GroupPolicyGUID\ Machine ɞɥɹ ɤɨɦɩɶɸɬɟɪɧɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ ɢ ɜ ɩɚɩɤɟ %systemroot%\ SYSVOL\ sysvol\ domainname\ Policies\ GroupPolicyGUID\ User ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɣ ɤɨɧɮɢɝɭɪɚɰɢɢ. . 13-9.
Ʉɨɦɩɨɧɟɧɬ ɲɚɛɥɨɧɚ Ɉɛɴɹɫɧɟɧɢɟ Policy (ɉɨɥɢɬɢɤɚ) ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɧɚɡɜɚɧɢɟ ɩɨɥɢɬɢɤɢ. Keyname (Ʉɥɸɱ) ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɤɥɸɱ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ, ɤɨɬɨɪɵɣ ɢɡɦɟɧɹɟɬɫɹ ɫ ɩɨɦɨɳɶɸ ɷɬɨɣ ɭɫɬɚɧɨɜɤɢ. Ʉɨɦɩɨɧɟɧɬ ɲɚɛɥɨɧɚ
Ɉɛɴɹɫɧɟɧɢɟ
ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɩɨɞɞɟɪɠɢɜɚɟɦɵɟ ɪɚɛɨɱɢɟ ɫɬɚɧɰɢɢ ɢɥɢ ɜɟɪɫɢɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɷɬɨɣ ɭɫɬɚɧɨɜɤɢ. ȼɤɥɸɱɚɸɬ ɩɨɞɞɟɪɠɤɭ Windows XP Professional, Windows 2000 ɢɥɢ Windows 2000 ɫ ɫɟɪɜɢɫɧɵɦ ɩɚɤɟɬɨɦ, Microsoft Windows Media Player, ɜɟɪɫɢɹ 9. Explain (Ɉɛɴɹɫɧɟɧɢɟ) ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɬɟɤɫɬ, ɤɨɬɨɪɵɣ ɨɛɴɹɫɧɹɟɬ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɩɨɥɢɬɢɤɢ. Ɏɚɤɬɢɱɟɫɤɢɣ ɬɟɤɫɬ ɞɚɧ ɧɢɠɟ ɜ ɮɚɣɥɟ .adm. Part (ɑɚɫɬɶ) ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɡɚɩɢɫɢ, ɤɨɬɨɪɵɟ ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɞɥɹ ɷɬɨɣ ɩɨɥɢɬɢɤɢ. Valuename (^Ɂɧɚɱɟɧɢɟ) ɂɞɟɧɬɢɮɢɰɢɪɭɟɬ ɡɧɚɱɟɧɢɟ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ, ɤɨɬɨɪɨɟ ɛɭɞɟɬ ɡɚɩɨɥɧɟɧɨ ɢɧɮɨɪɦɚɰɢɟɣ ɢɡ ɷɬɨɝɨ ɩɚɪɚɦɟɬɪɚ ɧɚɫɬɪɨɣɤɢ. Supported (ɉɨɞɞɟɪɠɚɧɧɵɣ)
Ⱥɞɦɢɧɢɫɬɪɚɬɢɜɧɵɟ ɲɚɛɥɨɧɵ ɢɦɟɸɬ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɨɩɰɢɣ. Ɍɨɥɶɤɨ ɚɧɚɥɢɡ ɜɫɟɯ ɩɨɥɢɬɢɤ ɢ ɜɵɞɟɥɟɧɢɟ ɬɟɯ, ɤɨɬɨɪɵɟ ɧɟɨɛɯɨɞɢɦɵ ɞɥɹ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ, ɦɨɠɟɬ ɫɬɚɬɶ ɫɨɜɟɪɲɟɧɧɨ ɨɛɟɫɤɭɪɚɠɢɜɚɸɳɟɣ ɡɚɞɚɱɟɣ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɥɭɱɲɢɦ ɩɨɞɯɨɞɨɦ ɤ ɢɫɩɨɥɶɡɨɜɚɧɢɸ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɲɚɛɥɨɧɨɜ ɹɜɥɹɟɬɫɹ ɦɟɞɥɟɧɧɨɟ ɢ ɨɫɬɨɪɨɠɧɨɟ ɧɚɱɚɥɨ. ȼɨɡɦɨɠɧɨ, ɜɵ ɡɚɯɨɬɢɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɧɟɤɨɬɨɪɵɟ ɨɫɧɨɜɧɵɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɧɚɩɪɢɦɟɪ, ɡɚɩɪɟɬɢɬɶ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɢɧɫɬɪɭɦɟɧɬɨɜ ɪɟɞɚɤɬɢɪɨɜɚɧɢɹ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ ɢ ɢɡɦɟɧɟɧɢɟ ɫɢɫɬɟɦɵ ɱɟɪɟɡ ɛɨɥɶɲɭɸ ɱɚɫɬɶ ɩɚɧɟɥɟɣ ɭɩɪɚɜɥɟɧɢɹ. Ⱦɪɭɝɨɣ ɫɩɨɫɨɛ ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤɢɟ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɹɜɥɹɸɬɫɹ ɧɚɢɛɨɥɟɟ ɤɪɢɬɢɱɟɫɤɢɦɢ ɞɥɹ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ, ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɩɪɨɫɥɟɞɢɬɶ ɡɜɨɧɤɢ, ɩɨɫɬɭɩɚɸɳɢɟ ɜ ɫɟɪɜɢɫɧɵɣ ɨɬɞɟɥ. ɉɪɨɫɦɚɬɪɢɜɚɹ ɢɯ, ɦɨɠɧɨ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɬɶ ɦɧɨɝɢɟ ɩɪɨɛɥɟɦɵ. Ɂɚɬɟɦ ɦɨɠɧɨ ɨɩɪɟɞɟɥɢɬɶ, ɢɦɟɟɬɫɹ ɥɢ ɬɚɤɨɣ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɣ ɲɚɛɥɨɧ, ɤɨɬɨɪɵɣ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɞɥɹ ɢɡɦɟɧɟɧɢɹ ɷɬɨɣ ɭɫɬɚɧɨɜɤɢ ɢɥɢ ɩɪɟɞɨɬɜɪɚɳɟɧɢɹ ɜɨɡɦɨɠɧɨɝɨ ɟɟ ɢɡɦɟɧɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɜɵ ɫɚɦɢ ɟɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɥɢ. Ɍɚɤɢɦ ɨɛɪɚɡɨɦ, ɜɵ ɫɦɨɠɟɬɟ ɦɟɞɥɟɧɧɨ ɜɧɟɞɪɢɬɶ ɩɨɥɢɬɢɤɭ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɨɝɨ ɲɚɛɥɨɧɚ, ɤɨɬɨɪɚɹ ɫɦɨɠɟɬ ɫɩɪɚɜɢɬɶɫɹ ɫ ɧɚɢɛɨɥɟɟ ɤɪɢɬɢɱɟɫɤɢɦɢ ɩɪɨɛɥɟɦɚɦɢ, ɜɨɡɧɢɤɚɸɳɢɦɢ ɜ ɜɚɲɟɣ ɫɟɬɢ.
Ⱦɪɭɝɨɣ ɢɧɫɬɪɭɦɟɧɬ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɦɢ ɪɚɛɨɱɢɦɢ ɫɬɨɥɚɦɢ - ɷɬɨ ɫɰɟɧɚɪɢɢ. ɇɚɢɛɨɥɟɟ ɬɢɩɢɱɧɨɟ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɫɰɟɧɚɪɢɟɜ ɫɨɫɬɨɢɬ ɜ ɫɨɡɞɚɧɢɢ ɩɪɨɫɬɨɣ ɪɚɛɨɱɟɣ ɫɪɟɞɵ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ɉɛɵɱɧɨ ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɨɬɨɛɪɚɠɟɧɢɹ ɫɟɬɟɜɵɯ ɞɢɫɤɨɜ ɢɥɢ ɩɪɢɧɬɟɪɨɜ. Ɉɧɢ ɩɨɦɨɝɚɸɬ ɭɩɪɨɫɬɢɬɶ ɫɪɟɞɭ ɤɨɧɟɱɧɨɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹ. ɉɨɥɶɡɨɜɚɬɟɥɶɫɤɢɟ ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɛɵɥɢ ɞɨɫɬɭɩɧɵ ɜ ɫɢɫɬɟɦɟ Windows NT. Ɉɞɧɚɤɨ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɫɰɟɧɚɪɢɟɜ ɜ Active Directory Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɦɧɨɠɟɫɬɜɨ ɫɭɳɟɫɬɜɟɧɧɵɯ ɩɪɟɢɦɭɳɟɫɬɜ ɩɨ ɫɪɚɜɧɟɧɢɸ ɫ Windows NT 4, ɜɤɥɸɱɚɹ ɫɥɟɞɭɸɳɢɟ. • ȼɨɡɦɨɠɧɨɫɬɶ ɧɚɡɧɚɱɚɬɶ ɫɰɟɧɚɪɢɢ ɞɥɹ ɡɚɩɭɫɤɚ ɢ ɡɚɜɟɪɲɟɧɢɹ ɪɚɛɨɬɵ ɫɢɫɬɟɦɵ. ȼ Active Directory ɦɨɠɧɨɟ ɧɚɡɧɚɱɚɬɶ ɜɵɩɨɥɧɟɧɢɟ ɫɰɟɧɚɪɢɟɜ ɧɚ ɦɨɦɟɧɬ ɡɚɩɭɫɤɚ ɢ ɜɵɤɥɸɱɟɧɢɹ ɤɨɦɩɶɸɬɟɪɨɜ. ȼ ɫɢɫɬɟɦɟ Windows NT ɫɞɟɥɚɬɶ ɷɬɨ ɛɵɥɨ ɨɱɟɧɶ ɬɪɭɞɧɨ. ɗɬɢ ɫɰɟɧɚɪɢɢ ɜɵɩɨɥɧɹɸɬɫɹ ɜ ɤɨɧɬɟɤɫɬɟ ɛɟɡɨɩɚɫɧɨɫɬɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ LocalSystem. • ȼɨɡɦɨɠɧɨɫɬɶ ɧɚɡɧɚɱɚɬɶ ɫɰɟɧɚɪɢɢ ɞɥɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɨɝɨ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɢ ɜɵɯɨɞɚ ɢɡ ɫɢɫɬɟɦɵ. ɋɢɫɬɟɦɚ Windows NT ɨɛɟɫɩɟɱɢɜɚɥɚ ɬɨɥɶɤɨ ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. ȼ Active Directory ɦɨɠɧɨ ɬɚɤɠɟ ɜɵɩɨɥɧɹɬɶ ɫɰɟɧɚɪɢɢ ɜɵɯɨɞɚ ɢɡ ɫɢɫɬɟɦɵ. • ȼɨɡɦɨɠɧɨɫɬɶ ɧɚɡɧɚɱɚɬɶ ɫɰɟɧɚɪɢɢ ɧɚ ɤɨɧɬɟɣɧɟɪɵ ɜɦɟɫɬɨ ɨɬɞɟɥɶɧɵɯ ɢɧɞɢɜɢɞɭɭɦɨɜ. ɗɬɨ ɨɞɧɨ ɢɡ ɫɚɦɵɯ ɛɨɥɶɲɢɯ ɩɪɟɢɦɭɳɟɫɬɜ ɢɫɩɨɥɶɡɨɜɚɧɢɹ Active Directory ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɫɰɟɧɚɪɢɟɜ. ȼ Windows NT ɟɞɢɧɫɬɜɟɧɧɵɦ ɜɚɪɢɚɧɬɨɦ ɜɵɩɨɥɧɟɧɢɹ ɫɰɟɧɚɪɢɟɜ ɹɜɥɹɥɨɫɶ ɧɚɡɧɚɱɟɧɢɟ ɢɧɞɢɜɢɞɭɚɥɶɧɵɯ ɫɰɟɧɚɪɢɟɜ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɧɚ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. Ʉɨɝɞɚ ɜɵ ɧɚɡɧɚɱɚɟɬɟ ɫɰɟɧɚɪɢɣ ɧɚ ɤɨɧɬɟɣɧɟɪ ɜ Active Directory, ɫɰɟɧɚɪɢɣ ɩɪɢɦɟɧɹɟɬɫɹ ɤɨ ɜɫɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɢɥɢ ɤɨɦɩɶɸɬɟɪɚɦ, ɧɚɯɨɞɹɳɢɦɫɹ ɜɧɭɬɪɢ ɤɨɧɬɟɣɧɟɪɚ. • ɇɚɥɢɱɢɟ «ɪɨɞɧɨɣ» ɩɨɞɞɟɪɠɤɢ ɞɥɹ ɫɰɟɧɚɪɢɟɜ Windows Script Host. ȼ ɫɢɫɬɟɦɟ Windows NT ɛɨɥɶɲɢɧɫɬɜɨ ɤɥɢɟɧɬɨɜ ɜɵɩɨɥɧɹɥɢ ɬɨɥɶɤɨ ɩɚɤɟɬɧɵɟ ɮɚɣɥɵ MS-DOS ɞɥɹ ɪɟɚɥɢɡɚɰɢɢ ɫɰɟɧɚɪɢɟɜ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. ȼ ɫɢɫɬɟɦɚɯ Windows Server 2003, Windows XP ɢ Windows 2000 ɤɥɢɟɧɬɵ ɨɛɟɫɩɟɱɢɜɚɸɬ ɪɨɞɧɭɸ ɩɨɞɞɟɪɠɤɭ ɞɥɹ ɫɰɟɧɚɪɢɟɜ Windows Script Host (WSH). ɉɪɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɪɚɛɨɱɢɯ ɫɬɨɥɨɜ ɫɰɟɧɚɪɢɢ WSH ɨɤɚɡɵɜɚɸɬɫɹ ɝɨɪɚɡɞɨ ɛɨɥɟɟ ɝɢɛɤɢɦɢ ɢ ɦɨɳɧɵɦɢ. ɋ ɩɨɦɨɳɶɸ WSH ɫɰɟɧɚɪɢɢ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɜ ɛɨɥɟɟ ɲɢɪɨɤɢɯ ɰɟɥɹɯ, ɱɟɦ ɩɪɨɫɬɨɟ ɨɬɨɛɪɚɠɟɧɢɟ ɫɟɬɟɜɵɯ ɞɢɫɤɨɜ. ɋɥɭɠɛɚ Active Directory Windows Server 2003 ɩɨɞɞɟɪɠɢɜɚɟɬ ɥɢɱɧɵɟ ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɧɚɡɧɚɱɟɧɧɵɟ ɧɚ ɢɧɞɢɜɢɞɭɚɥɶɧɵɟ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȿɫɥɢ ɜ ɜɚɲɟɣ ɫɟɬɢ ɢɦɟɸɬɫɹ ɤɥɢɟɧɬɵ ɫ ɫɢɫɬɟɦɨɣ Windows NT Workstation, ɢɫɩɨɥɶɡɭɣɬɟ ɢɯ ɞɥɹ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. Ʉɥɢɟɧɬɵ ɫ ɫɢɫɬɟɦɚɦɢ Windows 2000 ɢ Windows XP Professional ɬɚɤɠɟ ɦɨɝɭɬ ɨɛɪɚɛɨɬɚɬɶ ɢɧɞɢɜɢɞɭɚɥɶɧɵɟ ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. ȿɫɥɢ ɜɵ ɢɦɟɟɬɟ ɢɧɞɢɜɢɞɭɚɥɶɧɵɟ ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɧɚɡɧɚɱɟɧɧɵɟ ɭɱɟɬɧɵɦ ɡɚɩɢɫɹɦ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɨɧɢ ɛɭɞɭɬ ɜɵɩɨɥɧɹɬɶɫɹ ɩɨɫɥɟ ɜɵɩɨɥɧɟɧɢɹ ɫɰɟɧɚɪɢɟɜ ɡɚɩɭɫɤɚ ɤɨɦɩɶɸɬɟɪɚ ɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɯ ɫɰɟɧɚɪɢɟɜ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɧɚɡɧɚɱɟɧɧɵɯ ɝɪɭɩɩɨɜɵɦɢ ɩɨɥɢɬɢɤɚɦɢ. ɑɬɨɛɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɫɰɟɧɚɪɢɣ ɞɥɹ Active Directory, ɧɭɠɧɨ ɟɝɨ ɫɨɡɞɚɬɶ, ɚ ɡɚɬɟɦ ɫɤɨɩɢɪɨɜɚɬɶ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ɋɰɟɧɚɪɢɢ ɦɨɠɧɨ ɯɪɚɧɢɬɶ ɜ ɥɸɛɨɦ ɦɟɫɬɟ ɧɚ ɫɟɪɜɟɪɟ, ɞɨɫɬɭɩɧɨɦ ɞɥɹ ɤɥɢɟɧɬɨɜ. Ɍɢɩɢɱɧɨɟ ɦɟɫɬɨ ɯɪɚɧɟɧɢɹ ɫɰɟɧɚɪɢɟɜ - ɩɚɩɤɚ %systemroot %\SYSVOL\sysvol\ domainname\scripts. Ɉɧɚ ɨɬɤɪɵɬɚ ɞɥɹ ɨɛɳɟɝɨ ɞɨɫɬɭɩɚ ɩɨɞ ɫɟɬɟɜɵɦ ɢɦɟɧɟɦ NETLOGON, ɢ ɹɜɥɹɟɬɫɹ ɡɚɞɚɧɧɵɦ ɩɨ ɭɦɨɥɱɚɧɢɸ ɦɟɫɬɨɦ, ɜ ɤɨɬɨɪɨɦ ɤɥɢɟɧɬɵ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ ɢɳɭɬ ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ. ȼɵ ɦɨɠɟɬɟ ɯɪɚɧɢɬɶ ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɜ ɩɚɩɤɟ %systemroot %\SYSVOL\ sysvol\domainname\GlobalPolicy GUID\Machine\Scripts ɢɥɢ ɜ ɩɚɩɤɟ %systemroot %\SYSVOL\sysvol\domainname\GlobalPolicy GUID\User\ Scripts. ɉɨɫɥɟ ɤɨɩɢɪɨɜɚɧɢɹ ɮɚɣɥɨɜ ɫɰɟɧɚɪɢɹ ɧɚ ɫɟɪɜɟɪ ɨɬɤɪɨɣɬɟ ɨɛɴɟɤɬ GPO ɢ ɧɚɣɞɢɬɟ ɩɚɩɤɭ Scripts (Startup/Shutdown) (ɋɰɟɧɚɪɢɢ (Ɂɚɩɭɫɤ/ Ɂɚɜɟɪɲɟɧɢɟ), ɪɚɫɩɨɥɨɠɟɧɧɭɸ ɜ ɩɚɩɤɟ Computer Conf iguration\ Windows Settings, ɢɥɢ ɩɚɩɤɭ Scripts (Logon/Logoff) (ɋɰɟɧɚɪɢɢ (ȼɯɨɞ ɜ ɫɢɫɬɟɦɭ/ ɜɵɯɨɞ ɢɡ ɫɢɫɬɟɦɵ)), ɪɚɫɩɨɥɨɠɟɧɧɭɸ ɜ ɩɚɩɤɟ User Conf iguration\Windows Settings. ɇɚɩɪɢɦɟɪ, ɱɬɨɛɵ ɫɨɡɞɚɬɶ ɡɚɩɢɫɶ ɞɥɹ ɫɰɟɧɚɪɢɹ ɡɚɩɭɫɤɚ, ɪɚɡɜɟɪɧɢɬɟ ɰɚɩɤɭ Scripts (Startup/Shutdown) ɢ ɞɜɚɠɞɵ ɳɟɥɤɧɢɬɟ ɧɚ Startup. Ɂɚɬɟɦ ɦɨɠɧɨ ɞɨɛɚɜɥɹɬɶ ɥɸɛɵɟ ɫɰɟɧɚɪɢɢ ɡɚɩɭɫɤɚ ɤ ɨɛɴɟɤɬɭ GPO. Active Directory Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɦɧɨɠɟɫɬɜɨ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɲɚɛɥɨɧɨɜ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɫɰɟɧɚɪɢɟɜ ɧɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɹɯ ɤɥɢɟɧɬɨɜ. Ȼɨɥɶɲɢɧɫɬɜɨ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɪɚɫɩɨɥɨɠɟɧɨ ɜ ɩɚɩɤɟ Computer Configuration\ Administrative Templates\System\Scripts, ɚ ɧɟɤɨɬɨɪɵɟ - ɜ nanKeUser Conf iguration\ Administrative Templates\System\Scripts. Ɉɩɰɢɢ ɤɨɧɮɢɝɭɪɚɰɢɢ ɜɤɥɸɱɚɸɬ ɨɩɰɢɸ,
ɩɨɡɜɨɥɹɸɳɭɸ ɜɵɩɨɥɧɹɬɶ ɫɰɟɧɚɪɢɢ ɡɚɩɭɫɤɚ ɚɫɢɧɯɪɨɧɧɨ, ɬ.ɟ. ɧɟɫɤɨɥɶɤɨ ɫɰɟɧɚɪɢɟɜ ɡɚɩɭɫɤɚ ɫɦɨɝɭɬ ɜɵɩɨɥɧɹɬɶɫɹ ɨɞɧɨɜɪɟɦɟɧɧɨ. Ɇɨɠɧɨ ɜɵɩɨɥɧɹɬɶ ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɫɢɧɯɪɨɧɧɨ, ɬ.ɟ. ɜɫɟ ɫɰɟɧɚɪɢɢ ɡɚɩɭɫɤɚ ɡɚɜɟɪɲɚɸɬɫɹ, ɩɪɟɠɞɟ ɱɟɦ ɩɨɹɜɢɬɫɹ ɪɚɛɨɱɢɣ ɫɬɨɥ ɩɨɥɶɡɨɜɚɬɟɥɹ. ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɦɚɤɫɢɦɚɥɶɧɨɟ ɜɪɟɦɹ ɨɠɢɞɚɧɢɹ ɨɤɨɧɱɚɧɢɹ ɜɵɩɨɥɧɟɧɢɹ ɜɫɟɯ ɫɰɟɧɚɪɢɟɜ. ɂ, ɧɚɤɨɧɟɰ, ɦɨɠɧɨ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ, ɛɭɞɭɬ ɥɢ ɫɰɟɧɚɪɢɢ ɜɵɩɨɥɧɹɬɶɫɹ ɜ ɮɨɧɨɜɨɦ ɪɟɠɢɦɟ, ɱɬɨɛɵ ɛɵɬɶ ɧɟɡɚɦɟɬɧɵɦɢ, ɢɥɢ ɨɧɢ ɛɭɞɭɬ ɜɢɞɢɦɵɦɢ ɩɪɢ ɜɵɩɨɥɧɟɧɢɢ.
ȼ Active Directory Windows Server 2003 ɢɦɟɟɬɫɹ ɦɧɨɠɟɫɬɜɨ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɯ ɫɪɟɞɫɬɜ ɢ ɨɩɰɢɣ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɪɚɛɨɱɢɦɢ ɫɬɨɥɚɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɦɨɝɭɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɞɚɧɧɵɦɢ ɢ ɩɪɨɮɢɥɹɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɱɬɨɛɵ ɨɛɟɫɩɟɱɢɬɶ ɢɦ ɡɧɚɤɨɦɭɸ ɪɚɛɨɱɭɸ ɫɪɟɞɭ, ɨɫɬɚɜɥɹɹ ɰɟɧɬɪɚɥɢɡɨɜɚɧɧɵɦ ɭɩɪɚɜɥɟɧɢɟ ɧɟɤɨɬɨɪɵɦɢ ɞɚɧɧɵɦɢ. Ɉɧɢ ɩɪɢɦɟɧɹɸɬɫɹ ɬɚɤɠɟ ɞɥɹ ɤɨɧɮɢɝɭɪɢɪɨɜɚɧɢɹ ɩɚɪɚɦɟɬɪɨɜ ɧɚɫɬɪɨɣɤɢ ɡɚɳɢɬɵ, ɱɬɨɛɵ ɜɫɟ ɤɨɦɩɶɸɬɟɪɵ, ɧɚ ɤɨɬɨɪɵɟ ɜɨɡɞɟɣɫɬɜɭɟɬ ɞɚɧɧɚɹ ɝɪɭɩɩɨɜɚɹ ɩɨɥɢɬɢɤɚ, ɢɦɟɥɢ ɫɬɚɧɞɚɪɬɧɭɸ ɢ ɩɨɫɬɨɹɧɧɭɸ ɤɨɧɮɢɝɭɪɚɰɢɸ ɡɚɳɢɬɵ. Ƚɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɲɚɛɥɨɧɨɜ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɪɚɛɨɱɢɦɢ ɫɬɨɥɚɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɞɚɧ ɤɪɚɬɤɢɣ ɨɛɡɨɪ ɬɨɝɨ, ɤɚɤ ɦɨɠɧɨ ɪɟɚɥɢɡɨɜɚɬɶ ɷɬɢ ɜɚɪɢɚɧɬɵ ɭɩɪɚɜɥɟɧɢɹ ɪɚɛɨɱɢɦɢ ɫɬɨɥɚɦɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ.
IV. Active Directory Windows Server 2003 ɑɚɫɬɢ I, II ɢ III ɷɬɨɣ ɤɧɢɝɢ ɞɚɥɢ ɜɚɦ ɩɨɧɹɬɢɟ ɨɛ ɨɫɧɨɜɧɵɯ ɤɨɧɰɟɩɰɢɹɯ ɢ ɤɨɦɩɨɧɟɧɬɚɯ, ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ ɢ ɪɟɚɥɢɡɚɰɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory ɜ ɫɢɫɬɟɦɟ Microsoft Windows Server 2003, ɚ ɬɚɤɠɟ ɨɡɧɚɤɨɦɢɥɢ ɫ ɭɩɪɚɜɥɟɧɢɟɦ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ ɢ ɤɨɦɩɶɸɬɟɪɚɦɢ ɜɚɲɟɣ ɫɟɬɢ. ɗɬɚ ɡɚɤɥɸɱɢɬɟɥɶɧɚɹ ɱɚɫɬɶ ɤɧɢɝɢ ɩɨɞɝɨɬɨɜɢɬ ɜɚɫ ɤ ɨɛɫɥɭɠɢɜɚɧɢɸ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ Active Directory ɩɨɫɥɟ ɟɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ. ȼ ɝɥɚɜɟ 14 ɞɟɬɚɥɶɧɨ ɪɚɫɫɤɚɡɵɜɚɟɬɫɹ, ɤɚɤ ɫɥɟɞɢɬɶ ɡɚ ɫɨɫɬɨɹɧɢɟɦ Active Directory, ɜɤɥɸɱɚɹ ɢɧɮɨɪɦɚɰɢɸ ɨ ɦɨɧɢɬɨɪɢɧɝɟ ɷɤɫɩɥɭɚɬɚɰɢɨɧɧɵɯ ɤɚɱɟɫɬɜ Active Directory ɢ ɟɟ ɪɟɩɥɢɤɚɰɢɢ. Ɉɛɫɭɠɞɚɟɬɫɹ ɬɚɤɠɟ ɭɩɪɚɜɥɟɧɢɟ ɛɚɡɨɣ ɞɚɧɧɵɯ Active Directory. ȼ ɝɥɚɜɟ 15 ɨɛɫɭɠɞɚɟɬɫɹ ɫɨɡɞɚɧɢɟ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ Active Directory. Active Directory — ɷɬɨ ɤɪɢɬɢɱɟɫɤɚɹ ɫɥɭɠɛɚ ɜ ɜɚɲɟɣ ɫɟɬɢ, ɢ ɜɵ ɞɨɥɠɧɵ ɭɦɟɬɶ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɟɟ ɩɨɫɥɟ ɥɸɛɵɯ ɜɢɞɨɜ ɫɛɨɹ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɩɪɨɢɡɨɣɬɢ ɜɨ ɜɪɟɦɹ ɪɚɛɨɬɵ.
14. Directory
Active
Ⱦɚɠɟ ɩɪɟɤɪɚɫɧɨ ɪɚɡɪɚɛɨɬɚɧɧɚɹ, ɫɩɥɚɧɢɪɨɜɚɧɧɚɹ ɢ ɪɟɚɥɢɡɨɜɚɧɧɚɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɚ Active Directory ɧɟ ɛɭɞɟɬ ɨɫɬɚɜɚɬɶɫɹ ɜ ɨɩɬɢɦɚɥɶɧɨɦ ɫɨɫɬɨɹɧɢɢ ɛɟɡ ɩɨɜɫɟɞɧɟɜɧɨɝɨ ɦɨɧɢɬɨɪɢɧɝɚ ɢ ɨɛɫɥɭɠɢɜɚɧɢɹ. Active Directory ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɫɥɨɠɧɭɸ ɪɚɫɩɪɟɞɟɥɟɧɧɭɸ ɫɟɬɟɜɭɸ ɫɥɭɠɛɭ, ɜ ɛɨɥɶɲɢɯ ɨɪɝɚɧɢɡɚɰɢɹɯ ɨɧɚ ɛɭɞɟɬ ɩɨɞɜɟɪɠɟɧɚ ɬɵɫɹɱɚɦ ɢɡɦɟɧɟɧɢɣ ɤɚɠɞɵɣ ɞɟɧɶ (ɫɨɡɞɚɧɢɟ ɢɥɢ ɭɞɚɥɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢ ɢɯ ɚɬɪɢɛɭɬɨɜ, ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ ɢ ɪɚɡɪɟɲɟɧɢɣ). Ⱦɥɹ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɷɬɢ ɢɡɦɟɧɟɧɢɹ ɜ ɫɟɬɢ ɢ ɪɚɛɨɱɟɣ ɫɪɟɞɟ ɧɟ ɛɭɞɭɬ ɨɬɪɢɰɚɬɟɥɶɧɨ ɜɥɢɹɬɶ ɧɚ ɪɚɛɨɬɭ Active Directory, ɧɭɠɧɨ ɟɠɟɞɧɟɜɧɨ ɩɪɟɞɩɪɢɧɢɦɚɬɶ ɩɪɨɮɢɥɚɤɬɢɱɟɫɤɢɟ ɞɟɣɫɬɜɢɹ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɢɫɫɥɟɞɭɸɬɫɹ ɞɜɚ ɮɭɧɞɚɦɟɧɬɚɥɶɧɵɯ ɷɥɟɦɟɧɬɚ ɩɨɞɞɟɪɠɤɢ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ Active Directory: ɦɨɧɢɬɨɪɢɧɝ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɢ ɨɛɫɥɭɠɢɜɚɧɢɟ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory.
Active Directory
Ɇɨɧɢɬɨɪɢɧɝ ɫɨɫɬɨɹɧɢɹ Active Directory ɧɟɨɛɯɨɞɢɦ ɞɥɹ ɩɨɞɞɟɪɠɚɧɢɹ ɧɚɞɟɠɧɨɝɨ ɭɪɨɜɧɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɜɚɲɟɣ ɨɪɝɚɧɢɡɚɰɢɢ. ȼɚɲɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɩɨɥɚɝɚɸɬɫɹ ɧɚ ɷɮɮɟɤɬɢɜɧɨɟ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɢ ɫɱɢɬɚɸɬ ɫɚɦɨ ɫɨɛɨɣ ɪɚɡɭɦɟɸɳɢɦɫɹ ɬɨ, ɱɬɨ ɨɧɢ ɢɦɟɸɬ ɜɨɡɦɨɠɧɨɫɬɶ ɜɨɣɬɢ ɜ ɫɟɬɶ, ɨɛɪɚɬɢɬɶɫɹ ɤ ɨɛɳɟɞɨɫɬɭɩɧɵɦ ɪɟɫɭɪɫɚɦ, ɩɨɥɭɱɢɬɶ ɢ ɩɨɫɥɚɬɶ ɷɥɟɤɬɪɨɧɧɭɸ ɩɨɱɬɭ. ɂɯ ɞɟɹɬɟɥɶɧɨɫɬɶ ɰɟɥɢɤɨɦ ɡɚɜɢɫɢɬ ɨɬ ɡɞɨɪɨɜɨɝɨ ɫɨɫɬɨɹɧɢɹ ɢ ɮɭɧɤɰɢɨɧɚɥɶɧɨɫɬɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory. Ɉɬɞɟɥɶɧɨɝɨ ɢɧɫɬɪɭɦɟɧɬɚ ɢɥɢ ɩɚɤɟɬɚ ɩɪɨɝɪɚɦɦ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɨɝɨ ɞɥɹ ɦɨɧɢɬɨɪɢɧɝɚ Active Directory, ɧɟ ɫɭɳɟɫɬɜɭɟɬ. ɋɤɨɪɟɟ ɦɨɧɢɬɨɪɢɧɝ ɡɞɨɪɨɜɨɝɨ ɫɨɫɬɨɹɧɢɹ Active Directory ɹɜɥɹɟɬɫɹ ɤɨɦɛɢɧɚɰɢɟɣ ɡɚɞɚɱ, ɢɦɟɸɳɢɯ ɨɛɳɭɸ ɰɟɥɶ - ɢɡɦɟɪɟɧɢɟ ɬɟɤɭɳɟɣ ɯɚɪɚɤɬɟɪɢɫɬɢɤɢ ɧɟɤɨɬɨɪɨɝɨ ɤɥɸɱɟɜɨɝɨ ɢɧɞɢɤɚɬɨɪɚ (ɡɚɧɢɦɚɟɦɵɣ ɨɛɴɟɦ ɞɢɫɤɚ, ɫɬɟɩɟɧɶ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɩɪɨɰɟɫɫɨɪɚ, ɩɟɪɢɨɞ ɪɚɛɨɬɨɫɩɨɫɨɛɧɨɝɨ ɫɨɫɬɨɹɧɢɹ ɫɥɭɠɛɵ ɢ ɬ.ɞ.) ɩɨ ɫɪɚɜɧɟɧɢɸ ɫ ɢɡɜɟɫɬɧɵɦ ɫɨɫɬɨɹɧɢɟɦ (ɨɬɩɪɚɜɧɚɹ ɬɨɱɤɚ). ɉɨɷɬɨɦɭ ɜɚɲ ɦɨɧɢɬɨɪɢɧɝ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɛɭɞɟɬ ɫɨɫɬɨɹɬɶ ɢɡ ɪɚɡɥɢɱɧɵɯ ɡɚɞɚɱ ɢ ɢɧɫɬɪɭɦɟɧɨɜ. (ɋɭɳɟɫɬɜɭɸɬ ɧɚɛɨɪɵ ɢɧɫɬɪɭɦɟɧɬɨɜ, ɤɨɬɨɪɵɟ ɦɨɝɭɬ ɫɨɟɞɢɧɢɬɶ ɦɨɧɢɬɨɪɢɧɝ ɷɬɢɯ ɤɥɸɱɟɜɵɯ ɢɧɞɢɤɚɬɨɪɨɜ ɜɦɟɫɬɟ ɜ ɥɟɝɤɨ ɭɩɪɚɜɥɹɟɦɵɣ ɢɧɬɟɪɮɟɣɫ, ɢ ɞɥɹ ɛɨɥɶɲɢɯ ɨɪɝɚɧɢɡɚɰɢɣ ɧɚɥɢɱɢɟ ɬɚɤɢɯ ɫɪɟɞɫɬɜ ɨɱɟɧɶ ɫɭɳɟɫɬɜɟɧɧɨ, ɧɨ ɨɧɢ ɞɨɪɨɝɢ, ɫɥɨɠɧɵ ɢ ɬɪɟɛɭɸɬ ɦɧɨɝɨ ɪɟɫɭɪɫɨɜ.) ȼ ɷɬɨɣ ɝɥɚɜɟ ɨɛɫɭɠɞɚɟɬɫɹ, ɱɬɨ ɢɦɟɧɧɨ ɜɵ ɞɨɥɠɧɵ ɨɬɫɥɟɠɢɜɚɬɶ, ɢ ɪɚɫɫɦɚɬɪɢɜɚɸɬɫɹ ɧɟɤɨɬɨɪɵɟ ɢɧɫɬɪɭɦɟɧɬɵ ɞɥɹ ɷɬɢɯ ɰɟɥɟɣ, ɞɨɫɬɭɩɧɵɟ ɜ ɫɢɫɬɟɦɟ Microsoft Windows Server 2003. ȼɵ ɫɚɦɢ ɦɨɠɟɬɟ ɪɟɲɢɬɶ, ɤɚɤɢɟ ɢɡ ɷɬɢɯ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɯ ɫɪɟɞɫɬɜ ɭɩɪɚɜɥɟɧɢɹ ɫɥɭɠɛɨɣ Active Directory ɭɞɨɜɥɟɬɜɨɪɹɬ ɜɚɲɢ ɩɨɬɪɟɛɧɨɫɬɢ. ɑɬɨɛɵ ɪɚɡɛɢɪɚɬɶɫɹ ɜ ɦɨɧɢɬɨɪɢɧɝɟ Active Directory, ɜɵ ɞɨɥɠɧɵ ɡɧɚɬɶ, ɩɨɱɟɦɭ ɟɝɨ ɫɥɟɞɭɟɬ ɩɪɨɜɨɞɢɬɶ, ɤɚɤ ɷɬɨ ɞɟɥɚɬɶ ɢ ɱɬɨ ɤɨɧɤɪɟɬɧɨ ɧɭɠɧɨ ɨɬɫɥɟɠɢɜɚɬɶ. ɑɬɨɛɵ ɫɨɯɪɚɧɢɬɶ ɦɚɤɫɢɦɚɥɶɧɭɸ
ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɶ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɧɟɨɛɯɨɞɢɦɨ ɬɚɤɠɟ ɡɧɚɬɶ, ɱɬɨ ɩɪɟɞɩɪɢɧɢɦɚɬɶ ɜ ɨɬɜɟɬ ɧɚ ɩɪɨɜɟɞɟɧɧɵɣ ɦɨɧɢɬɨɪɢɧɝ. ɐɟɥɶ ɷɬɨɣ ɝɥɚɜɵ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɜɵ ɦɨɝɥɢ ɞɟɥɚɬɶ ɜɫɟ ɧɟɨɛɯɨɞɢɦɨɟ, ɱɬɨ ɬɪɟɛɭɟɬɫɹ ɞɥɹ ɩɨɞɞɟɪɠɚɧɢɹ ɮɭɧɤɰɢɨɧɚɥɶɧɨɝɨ ɫɨɫɬɨɹɧɢɹ ɫɥɭɠɛɵ ɜ ɩɪɟɞɟɥɚɯ ɧɨɪɦɚɥɶɧɵɯ ɪɚɛɨɱɢɯ ɩɚɪɚɦɟɬɪɨɜ, ɤɨɬɨɪɵɟ ɜɵ ɭɫɬɚɧɨɜɢɥɢ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɦɨɧɢɬɨɪɢɧɝ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ ɩɨɤɚɡɵɜɚɟɬ, ɱɬɨ ɞɢɫɤ, ɧɚ ɤɨɬɨɪɨɦ ɪɚɫɩɨɥɨɠɟɧɚ ɛɚɡɚ ɞɚɧɧɵɯ Active Directory, ɮɪɚɝɦɟɧɬɢɪɨɜɚɧ, ɜɵ ɞɨɥɠɧɵ ɟɝɨ ɞɟɮɪɚɝɦɟɧɬɢɪɨɜɚɬɶ.
Active Directory?
Ɍɪɚɞɢɰɢɨɧɧɚɹ ɩɪɢɱɢɧɚ ɩɪɨɜɟɞɟɧɢɹ ɦɨɧɢɬɨɪɢɧɝɚ Active Directory ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɧ ɢɞɟɧɬɢɮɢɰɢɪɭɟɬ ɩɨɬɟɧɰɢɚɥɶɧɵɟ ɩɪɨɛɥɟɦɵ ɩɪɟɠɞɟ, ɱɟɦ ɨɧɢ ɩɪɨɹɜɹɬɫɹ ɢ ɡɚɤɨɧɱɚɬɫɹ ɞɥɢɬɟɥɶɧɵɦɢ ɩɟɪɢɨɞɚɦɢ ɩɪɨɫɬɨɹ ɫɥɭɠɛɵ. Ɇɨɧɢɬɨɪɢɧɝ ɞɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɩɨɞɞɟɪɠɢɜɚɬɶ ɫɨɝɥɚɲɟɧɢɟ ɨɛ ɭɪɨɜɧɟ ɫɟɪɜɢɫɚ (service-level agreement - SLA) ɫ ɜɚɲɢɦ ɤɥɢɟɧɬɨɦ (ɩɨɥɶɡɨɜɚɬɟɥɟɦ ɫɟɬɢ). ȼ ɥɸɛɨɦ ɫɥɭɱɚɟ ɜɵ ɞɨɥɠɧɵ ɫɥɟɞɢɬɶ ɡɚ «ɡɞɨɪɨɜɶɟɦ» Active Directory, ɱɬɨɛɵ ɪɚɡɪɟɲɚɬɶ ɜɨɡɧɢɤɚɸɳɢɟ ɩɪɨɛɥɟɦɵ ɤɚɤ ɦɨɠɧɨ ɫɤɨɪɟɟ, ɞɨ ɬɨɝɨ, ɤɚɤ ɩɪɨɢɡɨɣɞɟɬ ɩɪɟɪɵɜɚɧɢɟ ɪɚɛɨɬɵ ɫɥɭɠɛɵ. . SLA ( ) , , . Active Directory SLA (IT ) , , . , , , 10000 Active Directory. ȿɳɟ ɨɞɧɚ ɩɪɢɱɢɧɚ ɞɥɹ ɩɪɨɜɟɞɟɧɢɹ ɦɨɧɢɬɨɪɢɧɝɚ Active Directory ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɧɭɠɧɨ ɨɬɫɥɟɠɢɜɚɬɶ ɢɡɦɟɧɟɧɢɹ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ. ɍɜɟɥɢɱɢɥɫɹ ɥɢ ɪɚɡɦɟɪ ɛɚɡɵ ɞɚɧɧɵɯ ɜɚɲɟɣ Active Directory ɫ ɩɪɨɲɥɨɝɨ ɝɨɞɚ? ȼɫɟ ɥɢ ɜɚɲɢ ɫɟɪɜɟɪɵ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ (GC) ɪɚɛɨɬɚɸɬ ɜ ɢɧɬɟɪɚɤɬɢɜɧɨɦ ɪɟɠɢɦɟ? ɋɤɨɥɶɤɨ ɜɪɟɦɟɧɢ ɬɪɟɛɭɟɬɫɹ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɢɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɜɨ Ɏɪɚɧɰɢɢ, ɛɵɥɢ ɪɟɩɥɢɰɢɪɨɜɚɧɵ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ Ⱥɜɫɬɪɚɥɢɢ? ȼɨɡɦɨɠɧɨ, ɷɬɚ ɢɧɮɨɪɦɚɰɢɹ ɧɟ ɩɨɦɨɠɟɬ ɜɚɦ ɩɪɟɞɨɬɜɪɚɬɢɬɶ ɜɨɡɧɢɤɧɨɜɟɧɢɟ ɫɟɝɨɞɧɹɲɧɟɣ ɨɲɢɛɤɢ, ɧɨ ɨɧɚ ɨɛɟɫɩɟɱɢɬ ɜɚɫ ɰɟɧɧɵɦɢ ɞɚɧɧɵɦɢ, ɫ ɤɨɬɨɪɵɦɢ ɜɵ ɫɦɨɠɟɬɟ ɫɬɪɨɢɬɶ ɩɥɚɧɵ ɧɚ ɛɭɞɭɳɟɟ.
Active Directory
ȼɵɝɨɞɵ, ɤɨɬɨɪɵɟ ɦɨɠɧɨ ɩɨɥɭɱɢɬɶ ɨɬ ɩɪɨɜɟɞɟɧɢɹ ɦɨɧɢɬɨɪɢɧɝɚ Active Directory, ɜɤɥɸɱɚɸɬ ɫɥɟɞɭɸɳɟɟ. • ɋɩɨɫɨɛɧɨɫɬɶ ɩɨɞɞɟɪɠɢɜɚɬɶ SLA-ɫɨɝɥɚɲɟɧɢɟ ɫ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ, ɢɡɛɟɝɚɹ ɩɪɨɫɬɨɹ ɫɥɭɠɛɵ. • Ⱦɨɫɬɢɠɟɧɢɟ ɜɵɫɨɤɨɣ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɢ ɫɥɭɠɛɵ Active Directory ɩɭɬɟɦ ɭɫɬɪɚɧɟɧɢɹ «ɭɡɤɢɯ ɦɟɫɬ» ɜ ɪɚɛɨɬɟ, ɤɨɬɨɪɵɟ ɢɧɚɱɟ ɧɟɥɶɡɹ ɨɛɧɚɪɭɠɢɬɶ. • ɋɧɢɠɟɧɢɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɡɚɬɪɚɬ ɫ ɩɨɦɨɳɶɸ ɩɪɨɮɢɥɚɤɬɢɱɟɫɤɢɯ ɦɟɪ ɜ ɨɛɫɥɭɠɢɜɚɧɢɢ ɫɢɫɬɟɦɵ. • ɉɨɜɵɲɟɧɧɚɹ ɤɨɦɩɟɬɟɧɬɧɨɫɬɶ ɩɪɢ ɦɚɫɲɬɚɛɢɪɨɜɚɧɢɢ ɢ ɩɥɚɧɢɪɨɜɚɧɢɢ ɛɭɞɭɳɢɯ ɢɡɦɟɧɟɧɢɣ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɜ ɪɟɡɭɥɶɬɚɬɟ ɝɥɭɛɨɤɨɝɨ ɡɧɚɧɢɹ ɤɨɦɩɨɧɟɧɬɨɜ Active Directory, ɢɯ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɜɨɡɦɨɠɧɨɫɬɟɣ ɢ ɬɟɤɭɳɟɝɨ ɭɪɨɜɧɹ ɢɫɩɨɥɶɡɨɜɚɧɢɹ. • ɍɜɟɥɢɱɟɧɢɟ ɞɨɛɪɨɠɟɥɚɬɟɥɶɧɨɫɬɢ ɜ ɨɬɧɨɲɟɧɢɢ IT-ɨɬɞɟɥɚ ɜ ɪɟɡɭɥɶɬɚɬɟ ɭɞɨɜɥɟɬɜɨɪɟɧɢɹ ɤɥɢɟɧɬɨɜ.
Active Directory
Ɇɨɧɢɬɨɪɢɧɝ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɜɚɲɟɣ ɫɥɭɠɛɵ Active Directory ɫɜɹɡɚɧ ɫ ɡɚɬɪɚɬɚɦɢ. ɇɢɠɟ ɩɟɪɟɱɢɫɥɟɧɵ ɧɟɤɨɬɨɪɵɟ ɡɚɬɪɚɬɵ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɟɝɨ ɷɮɮɟɤɬɢɜɧɨɣ ɪɟɚɥɢɡɚɰɢɢ. • Ⱦɥɹ ɩɪɨɟɤɬɢɪɨɜɚɧɢɹ, ɪɚɡɜɟɪɬɵɜɚɧɢɹ ɢ ɭɩɪɚɜɥɟɧɢɹ ɫɢɫɬɟɦɨɣ ɦɨɧɢɬɨɪɢɧɝɚ ɬɪɟɛɭɸɬɫɹ ɱɟɥɨɜɟɤɨ-ɱɚɫɵ. • ɇɚ ɩɪɢɨɛɪɟɬɟɧɢɟ ɧɟɨɛɯɨɞɢɦɵɯ ɫɪɟɞɫɬɜ ɭɩɪɚɜɥɟɧɢɹ, ɧɚ ɨɛɭɱɟɧɢɟ ɢ ɧɚ ɚɩɩɚɪɚɬɧɵɟ ɫɪɟɞɫɬɜɚ, ɤɨɬɨɪɵɟ ɩɪɟɞɧɚɡɧɚɱɟɧɵ ɞɥɹ ɪɟɚɥɢɡɚɰɢɢ ɦɨɧɢɬɨɪɢɧɝɚ, ɬɪɟɛɭɸɬɫɹ ɨɩɪɟɞɟɥɟɧɧɵɟ ɮɨɧɞɵ. • ɑɚɫɬɶ ɩɪɨɩɭɫɤɧɨɣ ɫɩɨɫɨɛɧɨɫɬɢ ɜɚɲɟɣ ɫɟɬɢ ɛɭɞɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɦɨɧɢɬɨɪɢɧɝɚ «ɡɞɨɪɨɜɶɹ» Active Directory ɧɚ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ ɩɪɟɞɩɪɢɹɬɢɹ.
•
Ⱦɥɹ ɜɵɩɨɥɧɟɧɢɹ ɩɪɢɥɨɠɟɧɢɣ-ɚɝɟɧɬɨɜ ɧɚ ɰɟɥɟɜɵɯ ɫɟɪɜɟɪɚɯ ɢ ɧɚ ɤɨɦɩɶɸɬɟɪɟ, ɹɜɥɹɸɳɟɦɫɹ ɰɟɧɬɪɚɥɶɧɵɦ ɩɭɥɶɬɨɦ ɦɨɧɢɬɨɪɢɧɝɚ, ɢɫɩɨɥɶɡɭɸɬɫɹ ɩɚɦɹɬɶ ɢ ɪɟɫɭɪɫɵ ɩɪɨɰɟɫɫɨɪɚ. ɋɬɨɢɬ ɨɬɦɟɬɢɬɶ, ɱɬɨ ɫɬɨɢɦɨɫɬɶ ɦɨɧɢɬɨɪɢɧɝɚ ɛɵɫɬɪɨ ɩɨɜɵɲɚɟɬɫɹ, ɤɨɝɞɚ ɜɵ ɩɟɪɟɦɟɳɚɟɬɟɫɶ ɧɚ ɩɥɚɬɮɨɪɦɭ ɝɥɨɛɚɥɶɧɨɝɨ ɦɨɧɢɬɨɪɢɧɝɚ ɩɪɟɞɩɪɢɹɬɢɹ ɬɢɩɚ Microsoft Operations Manager (MOM). ɂɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ MOM ɞɨɪɨɝɢ, ɬɪɟɛɭɸɬ ɨɛɭɱɟɧɢɹ ɨɩɟɪɚɬɨɪɚ ɢ ɪɚɫɯɨɞɭɸɬ ɛɨɥɶɲɟɟ ɤɨɥɢɱɟɫɬɜɨ ɫɢɫɬɟɦɧɵɯ ɪɟɫɭɪɫɨɜ ɜ ɨɬɥɢɱɢɢ ɨɬ ɦɨɧɢɬɨɪɢɧɝɨɜɵɯ ɪɟɲɟɧɢɣ Windows Server 2003, ɧɨ ɨɧɢ ɹɜɥɹɸɬɫɹ ɩɪɨɜɟɪɟɧɧɵɦɢ, ɢɧɬɟɝɪɢɪɨɜɚɧɧɵɦɢ ɢ ɩɨɞɞɟɪɠɢɜɚɟɦɵɦɢ ɩɪɨɞɭɤɬɚɦɢ. ɍɪɨɜɟɧɶ ɜɚɲɟɝɨ ɦɨɧɢɬɨɪɢɧɝɚ ɛɭɞɟɬ ɡɚɜɢɫɟɬɶ ɨɬ ɪɟɡɭɥɶɬɚɬɨɜ ɚɧɚɥɢɡɚ ɜɵɝɨɞ ɢ ɡɚɬɪɚɬ. ȼ ɥɸɛɨɦ ɫɥɭɱɚɟ ɫɬɨɢɦɨɫɬɶ ɪɟɫɭɪɫɨɜ, ɤɨɬɨɪɵɟ ɜɵ ɡɚɞɟɣɫɬɜɭɟɬɟ ɜ ɫɢɫɬɟɦɟ ɦɨɧɢɬɨɪɢɧɝɚ, ɧɟ ɞɨɥɠɧɚ ɩɪɟɜɵɲɚɬɶ ɨɠɢɞɚɟɦɭɸ ɨɬ ɦɨɧɢɬɨɪɢɧɝɚ ɷɤɨɧɨɦɢɸ. ɉɨ ɷɬɨɣ ɩɪɢɱɢɧɟ ɛɨɥɶɲɢɟ ɨɪɝɚɧɢɡɚɰɢɢ ɧɚɯɨɞɹɬ ɛɨɥɟɟ ɪɟɧɬɚɛɟɥɶɧɵɦ ɜɤɥɚɞɵɜɚɬɶ ɤɚɩɢɬɚɥ ɜ ɤɨɦɩɥɟɤɫɧɵɟ ɪɟɲɟɧɢɹ ɩɨ ɭɩɪɚɜɥɟɧɢɸ ɩɪɟɞɩɪɢɹɬɢɟɦ. Ⱦɥɹ ɦɟɧɟɟ ɤɪɭɩɧɵɯ ɨɪɝɚɧɢɡɚɰɢɣ ɛɨɥɟɟ ɨɩɪɚɜɞɚɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɵɟ ɫɪɟɞɫɬɜɚ ɦɨɧɢɬɨɪɢɧɝɚ, ɜɫɬɪɨɟɧɧɵɟ ɜ ɫɢɫɬɟɦɭ Windows Server 2003. Ⱦɨɩɨɥɧɢɬɟɥɶɧɚɹ ɢɧɮɨɪɦɚɰɢɹ. MOM ɜɤɥɸɱɚɟɬ ɭɩɪɚɜɥɟɧɢɟ ɫɨɛɵɬɢɹɦɢ, ɦɨɧɢɬɨɪɢɧɝ ɫɥɭɠɛ ɢ ɩɪɟɞɭɩɪɟɠɞɟɧɢɣ, ɝɟɧɟɪɚɰɢɸ ɨɬɱɟɬɨɜ ɢ ɚɧɚɥɢɡ ɬɟɧɞɟɧɰɢɣ. ɗɬɨ ɞɟɥɚɟɬɫɹ ɱɟɪɟɡ ɰɟɧɬɪɚɥɶɧɵɣ ɩɭɥɶɬ, ɜ ɤɨɬɨɪɨɦ ɚɝɟɧɬɵ, ɜɵɩɨɥɧɹɸɳɢɟɫɹ ɧɚ ɭɩɪɚɜɥɹɟɦɵɯ ɭɡɥɚɯ (ɫɟɪɜɟɪɚɯ, ɹɜɥɹɸɳɢɯɫɹ ɨɛɴɟɤɬɚɦɢ ɦɨɧɢɬɨɪɢɧɝɚ), ɩɨɫɵɥɚɸɬ ɞɚɧɧɵɟ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɩɪɨɚɧɚɥɢɡɢɪɨɜɚɧɵ, ɨɬɫɥɟɠɟɧɵ ɢ ɨɬɨɛɪɚɠɟɧɵ ɧɚ ɟɞɢɧɨɦ ɩɭɥɶɬɟ ɭɩɪɚɜɥɟɧɢɹ. ɗɬɚ ɰɟɧɬɪɚɥɢɡɚɰɢɹ ɞɚɟɬ ɜɨɡɦɨɠɧɨɫɬɶ ɫɟɬɟɜɨɦɭ ɚɞɦɢɧɢɫɬɪɚɬɨɪɭ ɭɩɪɚɜɥɹɬɶ ɛɨɥɶɲɨɣ ɫɨɜɨɤɭɩɧɨɫɬɶɸ ɫɟɪɜɟɪɨɜ ɢɡ ɨɞɧɨɝɨ ɦɟɫɬɚ ɫ ɩɨɦɨɳɶɸ ɦɨɳɧɵɯ ɢɧɫɬɪɭɦɟɧɬɨɜ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɯ ɞɥɹ ɭɞɚɥɟɧɧɨɝɨ ɭɩɪɚɜɥɟɧɢɹ ɫɟɪɜɟɪɚɦɢ. ɋɢɫɬɟɦɵ MOM ɢɫɩɨɥɶɡɭɸɬ ɩɚɤɟɬɵ ɭɩɪɚɜɥɟɧɢɹ ɞɥɹ ɪɚɫɲɢɪɟɧɢɹ ɛɚɡɨɜɨɣ ɢɧɮɨɪɦɚɰɢɢ, ɤɚɫɚɸɳɟɣɫɹ ɨɩɪɟɞɟɥɟɧɧɵɯ ɫɟɬɟɜɵɯ ɭɫɥɭɝ, ɚ ɬɚɤɠɟ ɫɟɪɜɟɪɧɵɯ ɩɪɢɥɨɠɟɧɢɣ. ɉɚɤɟɬ ɭɩɪɚɜɥɟɧɢɹ Base Management Pack ɫɨɞɟɪɠɢɬ ɯɚɪɚɤɬɟɪɢɫɬɢɤɢ ɜɫɟɯ ɫɥɭɠɛ ɫɟɪɜɟɪɚ Windows Server 12003, ɜɤɥɸɱɚɹ Active Directory, ɫɥɭɠɛɭ ɞɨɦɟɧɧɵɯ ɢɦɟɧ (DNS) ɢ ɢɧɬɟɪɧɟɬ-ɫɥɭɠɛɭ Microsoft Internet Information Services (IIS). ɉɚɤɟɬ ɭɩɪɚɜɥɟɧɢɹ Application Management Pack ɜɤɥɸɱɚɟɬ ɯɚɪɚɤɬɟɪɢɫɬɢɤɢ ɫɟɪɜɟɪɨɜ Microsoft .NET Enterprise Servers, ɬɚɤɢɯ ɤɚɤ Microsoft Exchange 2000 Server ɢ Microsoft SQL Server 2000. Ⱦɨɩɨɥɧɢɬɟɥɶɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɨ MOM ɫɦɨɬɪɢɬɟ ɧɚ ɫɚɣɬɟ http://www.microsoft.com/mom.
Active Directory
Ɉɫɭɳɟɫɬɜɥɹɹ ɦɨɧɢɬɨɪɢɧɝ Active Directory, ɜɵ ɛɭɞɟɬɟ ɨɬɫɥɟɠɢɜɚɬɶ ɤɥɸɱɟɜɵɟ ɢɧɞɢɤɚɬɨɪɵ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɢ ɢ ɫɪɚɜɧɢɜɚɬɶ ɢɯ ɫ ɛɚɡɨɜɵɦɢ ɩɨɤɚɡɚɬɟɥɹɦɢ, ɤɨɬɨɪɵɟ ɩɪɟɞɫɬɚɜɥɹɸɬ ɪɚɛɨɬɭ ɫɥɭɠɛɵ ɜ ɩɪɟɞɟɥɚɯ ɧɨɪɦɚɥɶɧɵɯ ɩɚɪɚɦɟɬɪɨɜ. Ʉɨɝɞɚ ɢɧɞɢɤɚɬɨɪ ɪɚɛɨɬɨɫɩɨɫɨɛɧɨɫɬɢ ɩɪɟɜɵɲɚɟɬ ɭɤɚɡɚɧɧɵɣ ɩɨɪɨɝ, ɜɵɞɚɟɬɫɹ ɩɪɟɞɭɩɪɟɠɞɟɧɢɟ, ɭɜɟɞɨɦɥɹɸɳɟɟ ɚɞɦɢɧɢɫɬɪɚɰɢɸ ɫɟɬɢ (ɢɥɢ ɨɩɟɪɚɬɨɪɚ ɦɨɧɢɬɨɪɢɧɝɚ) ɨ ɬɟɤɭɳɟɦ ɫɨɫɬɨɹɧɢɢ ɫɢɫɬɟɦɵ. ɉɪɟɞɭɩɪɟɠɞɟɧɢɟ ɦɨɠɟɬ ɬɚɤɠɟ ɢɧɢɰɢɢɪɨɜɚɬɶ ɚɜɬɨɦɚɬɢɱɟɫɤɢɟ ɞɟɣɫɬɜɢɹ, ɧɚɩɪɚɜɥɟɧɧɵɟ ɧɚ ɪɟɲɟɧɢɟ ɩɪɨɛɥɟɦɵ ɢɥɢ ɭɦɟɧɶɲɟɧɢɟ ɞɚɥɶɧɟɣɲɟɝɨ ɭɯɭɞɲɟɧɢɹ «ɡɞɨɪɨɜɶɹ » ɫɢɫɬɟɦɵ ɢ ɬ.ɞɟ. ɇɢɠɟ ɩɪɢɜɨɞɢɬɫɹ ɫɯɟɦɚ ɩɪɨɰɟɫɫɚ ɦɨɧɢɬɨɪɢɧɝɚ ɫɥɭɠɛɵ Active Directory ɜɵɫɨɤɨɝɨ ɭɪɨɜɧɹ. 1. Ɉɩɪɟɞɟɥɢɬɟ, ɤɚɤɨɣ ɢɡ ɢɧɞɢɤɚɬɨɪɨɜ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ ɜɵ ɞɨɥɠɧɵ ɨɬɫɥɟɠɢɜɚɬɶ. (ɇɚɱɧɢɬɟ ɫ ɩɪɨɫɦɨɬɪɚ ɫɜɨɢɯ SLA-ɫɨɝɥɚɲɟɧɢɣ ɫ ɤɥɢɟɧɬɚɦɢ.) 2. ȼɵɩɨɥɧɢɬɟ ɦɨɧɢɬɨɪɢɧɝ ɢɧɞɢɤɚɬɨɪɨɜ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ, ɱɬɨɛɵ ɭɫɬɚɧɨɜɢɬɶ ɢ ɡɚɞɨɤɭɦɟɧɬɢɪɨɜɚɬɶ ɫɜɨɣ ɛɚɡɨɜɵɣ ɭɪɨɜɟɧɶ. 3. Ɉɩɪɟɞɟɥɢɬɟ ɫɜɨɣ ɩɨɪɨɝɢ ɞɥɹ ɷɬɢɯ ɢɧɞɢɤɚɬɨɪɨɜ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ. (Ⱦɪɭɝɢɦɢ ɫɥɨɜɚɦɢ, ɨɩɪɟɞɟɥɢɬɟ, ɩɪɢ ɤɚɤɨɦ ɭɪɨɜɧɟ ɢɧɞɢɤɚɬɨɪɚ ɜɵ ɞɨɥɠɧɵ ɩɪɢɧɢɦɚɬɶ ɦɟɪɵ, ɩɪɟɞɨɬɜɪɚɳɚɸɳɢɟ ɪɚɫɫɬɪɨɣɫɬɜɨ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ.) 4. ɋɩɪɨɟɤɬɢɪɭɣɬɟ ɧɟɨɛɯɨɞɢɦɭɸ ɚɜɚɪɢɣɧɭɸ ɫɢɫɬɟɦɭ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɭɸ ɞɥɹ ɨɛɪɚɛɨɬɤɢ ɫɨɛɵɬɢɣ ɞɨɫɬɢɠɟɧɢɹ ɩɨɪɨɝɨɜɨɝɨ ɭɪɨɜɧɹ. ȼɚɲɚ ɚɜɚɪɢɣɧɚɹ ɫɢɫɬɟɦɚ ɞɨɥɠɧɚ ɜɤɥɸɱɚɬɶ: • ɭɜɟɞɨɦɥɟɧɢɹ ɨɩɟɪɚɬɨɪɚ; • ɚɜɬɨɦɚɬɢɱɟɫɤɢɟ ɞɟɣɫɬɜɢɹ, ɟɫɥɢ ɨɧɢ ɜɨɡɦɨɠɧɵ; • ɞɟɣɫɬɜɢɹ, ɢɧɢɰɢɢɪɭɟɦɵɟ ɨɩɟɪɚɬɨɪɨɦ. 5. ɋɩɪɨɟɤɬɢɪɭɣɬɟ ɫɢɫɬɟɦɭ ɫɨɡɞɚɧɢɹ ɨɬɱɟɬɚ, ɮɢɤɫɢɪɭɸɳɭɸ ɢɫɬɨɪɢɸ ɫɢɫɬɟɦɧɨɝɨ «ɡɞɨɪɨɜɶɹ» Active Directory. 6. Ɋɟɚɥɢɡɭɣɬɟ ɫɜɨɟ ɪɟɲɟɧɢɟ, ɱɬɨɛɵ ɢɡɦɟɪɹɬɶ ɜɵɛɪɚɧɧɵɟ ɤɥɸɱɟɜɵɟ ɢɧɞɢɤɚɬɨɪɵ ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɪɚɫɩɢɫɚɧɢɟɦ, ɨɬɪɚɠɚɸɳɢɦ ɢɡɦɟɧɟɧɢɹ ɞɚɧɧɵɯ ɢɧɞɢɤɚɬɨɪɨɜ ɢ ɢɯ ɜɨɡɞɟɣɫɬɜɢɟ ɧɚ «ɡɞɨɪɨɜɶɟ» Active Directory. Ⱦɚɥɟɟ ɜ ɪɚɡɞɟɥɟ ɢɫɫɥɟɞɭɟɬɫɹ ɤɚɠɞɨɟ ɢɡ ɷɬɢɯ ɞɟɣɫɬɜɢɣ. ɂɞɟɧɬɢɮɢɤɚɰɢɹ ɢɧɞɢɤɚɬɨɪɨɜ
ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɨɩɢɫɚɧɚ ɜ ɪɚɡɞɟɥɟ «ɑɬɨ ɫɥɟɞɭɟɬ ɨɬɫɥɟɠɢɜɚɬɶ».
ɉɨɫɥɟ ɨɩɪɟɞɟɥɟɧɢɹ ɢɧɞɢɤɚɬɨɪɨɜ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ, ɤɨɬɨɪɵɟ ɫɥɟɞɭɟɬ ɩɨɞɜɟɪɝɧɭɬɶ ɦɨɧɢɬɨɪɢɧɝɭ, ɧɭɠɧɨ ɫɨɛɪɚɬɶ ɛɚɡɨɜɵɟ ɞɚɧɧɵɟ ɞɥɹ ɷɬɢɯ ɢɧɞɢɤɚɬɨɪɨɜ. Ȼɚɡɨɜɵɣ ɭɪɨɜɟɧɶ ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɭɪɨɜɟɧɶ ɢɧɞɢɤɚɬɨɪɚ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ, ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɩɪɟɞɟɥɚɦ ɧɨɪɦɚɥɶɧɨɣ ɪɚɛɨɬɵ ɫɢɫɬɟɦɵ. ɉɪɟɞɟɥɵ ɧɨɪɦɚɥɶɧɨɣ ɪɚɛɨɬɵ ɞɨɥɠɧɵ ɜɤɥɸɱɚɬɶ ɢ ɧɢɡɤɢɟ, ɢ ɜɵɫɨɤɢɟ ɡɧɚɱɟɧɢɹ, ɤɨɬɨɪɵɟ ɨɠɢɞɚɸɬɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɫɱɟɬɱɢɤɚ. ɑɬɨɛɵ ɬɨɱɧɟɟ ɮɢɤɫɢɪɨɜɚɬɶ ɛɚɡɨɜɵɟ ɞɚɧɧɵɟ, ɜɵ ɞɨɥɠɧɵ ɫɨɛɢɪɚɬɶ ɢɧɮɨɪɦɚɰɢɸ ɨ ɪɚɛɨɬɟ ɫɢɫɬɟɦɵ ɜ ɬɟɱɟɧɢɟ ɞɨɫɬɚɬɨɱɧɨ ɞɥɢɬɟɥɶɧɨɝɨ ɩɟɪɢɨɞɚ ɜɪɟɦɟɧɢ, ɱɬɨɛɵ ɨɬɪɚɡɢɬɶ ɞɢɚɩɚɡɨɧ ɡɧɚɱɟɧɢɣ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɚɦ ɬɪɟɛɭɟɬɫɹ ɭɫɬɚɧɨɜɢɬɶ ɛɚɡɨɜɵɣ ɭɪɨɜɟɧɶ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɢ ɞɥɹ ɚɭɬɟɧɬɢɮɢɤɚɰɢɨɧɧɵɯ ɡɚɩɪɨɫɨɜ, ɭɛɟɞɢɬɟɫɶ, ɱɬɨ ɜɵ ɨɬɫɥɟɠɢɜɚɥɢ ɡɧɚɱɟɧɢɹ ɷɬɨɝɨ ɢɧɞɢɤɚɬɨɪɚ ɜ ɬɟ ɩɟɪɢɨɞɵ ɜɪɟɦɟɧɢ, ɤɨɝɞɚ ɛɨɥɶɲɢɧɫɬɜɨ ɜɚɲɢɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜɯɨɞɢɬ ɜ ɫɢɫɬɟɦɭ. ɉɪɢ ɨɩɪɟɞɟɥɟɧɢɢ ɫɜɨɢɯ ɛɚɡɨɜɵɯ ɡɧɚɱɟɧɢɣ ɞɨɤɭɦɟɧɬɢɪɭɣɬɟ ɷɬɭ ɢɧɮɨɪɦɚɰɢɸ ɢ ɞɚɬɭ ɫɨɡɞɚɧɢɹ ɞɚɧɧɨɣ ɜɟɪɫɢɢ ɞɨɤɭɦɟɧɬɚ. ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɬɨɦɭ, ɱɬɨ ɷɬɢ ɡɧɚɱɟɧɢɹ ɢɫɩɨɥɶɡɭɸɬɫɹ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɩɨɪɨɝɨɜ, ɱɟɪɟɡ ɤɚɤɨɟ-ɬɨ ɜɪɟɦɹ ɨɧɢ ɛɭɞɭɬ ɩɨɥɟɡɧɵ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɬɟɧɞɟɧɰɢɣ ɜ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɢ ɫɢɫɬɟɦɵ. Ⱦɥɹ ɞɨɤɭɦɟɧɬɢɪɨɜɚɧɢɹ ɯɨɪɨɲɨ ɩɨɞɯɨɞɢɬ ɬɚɛɥɢɰɚ ɫɨ ɫɬɨɥɛɰɚɦɢ, ɫɨɞɟɪɠɚɳɢɦɢ ɧɢɡɤɨɟ, ɫɪɟɞɧɟɟ ɢ ɜɵɫɨɤɨɟ ɡɧɚɱɟɧɢɹ ɞɥɹ ɤɚɠɞɨɝɨ ɫɱɟɬɱɢɤɚ, ɚ ɬɚɤɠɟ ɩɨɪɨɝɢ ɞɥɹ ɩɪɟɞɭɩɪɟɠɞɟɧɢɣ. С . Active Directory ( , ), . Active Directory, . . ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɨɩɪɟɞɟɥɢɥɢ ɛɚɡɨɜɵɟ ɡɧɚɱɟɧɢɹ, ɨɩɪɟɞɟɥɢɬɟ ɩɨɪɨɝɨɜɵɟ ɡɧɚɱɟɧɢɹ, ɤɨɬɨɪɵɟ ɞɨɥɠɧɵ ɜɵɡɵɜɚɬɶ ɩɪɟɞɭɩɪɟɠɞɟɧɢɹ. Ʉɪɨɦɟ ɪɟɤɨɦɟɧɞɚɰɢɣ, ɫɞɟɥɚɧɧɵɯ ɤɨɦɩɚɧɢɟɣ Microsoft, ɧɟ ɫɭɳɟɫɬɜɭɟɬ ɧɢɤɚɤɨɣ ɜɨɥɲɟɛɧɨɣ ɮɨɪɦɭɥɵ ɞɥɹ ɷɬɨɝɨ. Ɉɫɧɨɜɵɜɚɹɫɶ ɧɚ ɢɧɮɪɚɫɬɪɭɤɬɭɪɟ ɜɚɲɟɣ ɫɟɬɢ, ɜɵ ɞɨɥɠɧɵ ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤɨɟ ɡɧɚɱɟɧɢɟ ɫɱɟɬɱɢɤɚ ɭɤɚɡɵɜɚɟɬ ɧɚ ɬɨ, ɱɬɨ ɬɟɧɞɟɧɰɢɹ ɜ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɢ ɫɥɭɠɛɵ ɧɚɩɪɚɜɥɟɧɚ ɧɚ ɩɪɟɤɪɚɳɟɧɢɟ ɟɟ ɪɚɛɨɬɵ. ɉɪɢ ɭɫɬɚɧɨɜɥɟɧɢɢ ɫɜɨɢɯ ɩɨɪɨɝɨɜ ɞɥɹ ɧɚɱɚɥɚ ɛɭɞɶɬɟ ɤɨɧɫɟɪɜɚɬɢɜɧɵ. (ɂɫɩɨɥɶɡɭɣɬɟ ɢɥɢ ɡɧɚɱɟɧɢɹ, ɪɟɤɨɦɟɧɞɭɟɦɵɟ Microsoft, ɢɥɢ ɞɚɠɟ ɛɨɥɟɟ ɧɢɡɤɢɟ ɡɧɚɱɟɧɢɹ.) ȼ ɪɟɡɭɥɶɬɚɬɟ ɜɚɦ ɩɪɢɞɟɬɫɹ ɨɛɪɚɛɚɬɵɜɚɬɶ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɩɪɟɞɭɩɪɟɠɞɟɧɢɣ. ɉɨ ɦɟɪɟ ɬɨɝɨ ɤɚɤ ɜɵ ɫɨɛɟɪɟɬɟ ɛɨɥɶɲɟ ɞɚɧɧɵɯ ɨ ɫɱɟɬɱɢɤɟ, ɜɵ ɫɦɨɠɟɬɟ ɩɨɞɧɹɬɶ ɩɨɪɨɝ ɞɥɹ ɭɦɟɧɶɲɟɧɢɹ ɤɨɥɢɱɟɫɬɜɚ ɩɪɟɞɭɩɪɟɠɞɟɧɢɣ. ɗɬɨɬ ɩɪɨɰɟɫɫ ɦɨɠɟɬ ɡɚɧɢɦɚɬɶ ɧɟɫɤɨɥɶɤɨ ɦɟɫɹɰɟɜ, ɧɨ, ɜ ɤɨɧɟɱɧɨɦ ɫɱɟɬɟ, ɜɵ ɧɚɫɬɪɨɢɬɟ ɫɜɨɸ ɪɟɚɥɢɡɚɰɢɸ ɫɥɭɠɛɵ Active Directory. ɋɥɟɞɭɸɳɢɟ ɬɚɛɥɢɰɵ ɩɟɪɟɱɢɫɥɹɸɬ ɤɥɸɱɟɜɵɟ ɫɱɟɬɱɢɤɢ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɢ ɢ ɩɨɪɨɝɨɜɵɟ ɡɧɚɱɟɧɢɹ, ɤɨɬɨɪɵɟ ɩɨɥɟɡɧɵ ɞɥɹ ɦɨɧɢɬɨɪɢɧɝɚ Active Directory, ɜ ɫɨɨɬɜɟɬɫɬɜɢɢ ɫ ɪɟɤɨɦɟɧɞɚɰɢɹɦɢ ɤɨɦɩɚɧɢɢ Microsoft. ɂɦɟɣɬɟ ɜ ɜɢɞɭ, ɱɬɨ ɫɪɟɞɚ ɤɚɠɞɨɝɨ ɩɪɟɞɩɪɢɹɬɢɹ ɛɭɞɟɬ ɢɦɟɬɶ ɫɜɨɢ ɭɧɢɤɚɥɶɧɵɟ ɯɚɪɚɤɬɟɪɢɫɬɢɤɢ, ɤɨɬɨɪɵɟ ɜɥɢɹɸɬ ɧɚ ɩɪɢɦɟɧɢɦɨɫɬɶ ɷɬɢɯ ɡɧɚɱɟɧɢɣ. ɋɱɢɬɚɣɬɟ ɷɬɢ ɩɨɪɨɝɢ ɨɬɩɪɚɜɧɨɣ ɬɨɱɤɨɣ ɢ ɫ ɩɨɦɨɳɶɸ ɨɩɢɫɚɧɧɨɝɨ ɪɚɧɟɟ ɦɨɧɢɬɨɪɢɧɝɚ ɭɬɨɱɧɢɬɟ, ɱɬɨɛɵ ɨɧɢ ɨɬɪɚɠɚɥɢ ɨɫɨɛɟɧɧɨɫɬɢ ɜɚɲɟɣ ɫɪɟɞɵ. ɉɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɶ Active Directory ɋɱɟɬɱɢɤɢ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɢ (ɫɦ. ɬɚɛɥ. 14-1) ɜɵɩɨɥɧɹɸɬ ɦɨɧɢɬɨɪɢɧɝ ɨɫɧɨɜɧɵɯ ɮɭɧɤɰɢɣ ɢ ɫɥɭɠɛ Active Directory. ȿɫɥɢ ɧɟ ɭɤɚɡɚɧɨ ɞɪɭɝɨɝɨ, ɩɨɪɨɝɢ ɨɩɪɟɞɟɥɹɸɬɫɹ ɜ ɪɟɡɭɥɶɬɚɬɟ ɦɨɧɢɬɨɪɢɧɝɚ ɛɚɡɨɜɵɯ ɡɧɚɱɟɧɢɣ. ɑɬɨɛɵ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɤ ɷɬɢɦ ɫɱɟɬɱɢɤɚɦ, ɨɬɤɪɨɣɬɟ Start (ɉɭɫɤ) >Administrative Tools (ɋɪɟɞɫɬɜɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ)>Ɋɟɝfɨmance(ɉɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɶ), ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Add (Ⱦɨɛɚɜɢɬɶ) ɧɚɞ ɞɢɚɝɪɚɦɦɨɣ. Ɋɚɡɞɟɥɵ, ɞɚɧɧɵɟ ɩɨɫɥɟ ɷɬɨɣ ɬɚɛɥɢɰɵ, ɨɩɢɫɵɜɚɸɬ ɭɫɬɚɧɨɜɤɭ ɫɜɨɣɫɬɜ ɫɱɟɬɱɢɤɚ.
. 14-1.
Active Directory
Ɉɛɴɟɤɬ NTDS
ɋɱɟɬɱɢɤ ɂɧɬɟɪɜɚɥ DS Search subɄɚɠɞɵɟ 15 operations/sec ɦɢɧɭɬ (DS ɩɨɢɫɤɨɜɵɟ ɩɨɞɨɩɟɪɚɰɢɢ/ɫɟɤ ɭɧɞɚ)
ɉɪɨɰɟɫɫ
% Processor Time(Instance=ls ass) (% ɜɪɟɦɟɧɢ ɩɪɨɰɟɫɫɨɪɚ) LDAP Searches/ sec (LDAP ɩɨɢɫɤ/ ɫɟɤɭɧɞɚ)
NTDS
ɉɨɱɟɦɭ ɷɬɨɬ ɫɱɟɬɱɢɤ ɜɚɠɟɧ Ɂɚɩɪɨɫɵ ɧɚ ɩɨɢɫɤ ɩɨɞɞɟɪɟɜɶɟɜ ɨɱɟɧɶ ɢɧɬɟɧɫɢɜɧɨ ɢɫɩɨɥɶɡɭɸɬ ɪɟɫɭɪɫɵ ɫɢɫɬɟɦɵ. Ʌɸɛɨɟ ɟɝɨ ɭɜɟɥɢɱɟɧɢɟ ɦɨɠɟɬ ɭɤɚɡɵɜɚɬɶ ɧɚ ɩɪɨɛɥɟɦɵ ɫ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɶɸ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɉɪɨɜɟɪɹɣɬɟ, ɩɪɨɢɫɯɨɞɹɬ ɥɢ ɫɥɭɱɚɢ ɧɟɩɪɚɜɢɥɶɧɨɝɨ ɨɛɪɚɳɟɧɢɹ ɩɪɢɥɨɠɟɧɢɣ ɤ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ.
Ʉɚɠɞɭɸ ɦɢɧɭɬɭ
ɍɤɚɡɵɜɚɟɬ ɩɪɨɰɟɧɬ ɨɬ ɜɪɟɦɟɧɢ ɩɪɨɰɟɫɫɨɪɚ, ɢɫɩɨɥɶɡɭɟɦɨɝɨ ɫɥɭɠɛɨɣ Active Directory.
Ʉɚɠɞɵɟ 15 ɦɢɧɭɬ
əɜɥɹɟɬɫɹ ɯɨɪɨɲɢɦ ɢɧɞɢɤɚɬɨɪɨɦ ɨɛɴɟɦɚ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ȼ ɢɞɟɚɥɟ ɨɧ ɞɨɥɠɟɧ ɢɦɟɬɶ ɨɞɢɧɚɤɨɜɵɟ ɡɧɚɱɟɧɢɹ ɞɥɹ ɜɫɟɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. ɍɜɟɥɢɱɟɧɢɟ ɡɧɚɱɟɧɢɹ ɭɤɚɡɵɜɚɟɬ ɧɚ ɬɨ, ɱɬɨ ɧɨɜɨɟ ɩɪɢɥɨɠɟɧɢɟ ɨɛɪɚɳɚɟɬɫɹ ɤ ɷɬɨɦɭ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ, ɢɥɢ ɱɬɨ ɛɨɥɶɲɟ ɤɥɢɟɧɬɨɜ ɛɵɥɨ ɞɨɛɚɜɥɟɧɨ ɤ ɫɟɬɢ.
Ʉɚɠɞɵɟ 5 ɦɢɧɭɬ
ɍɤɚɡɵɜɚɟɬ ɬɟɤɭɳɟɟ ɤɨɥɢɱɟɫɬɜɨ ɤɥɢɟɧɬɨɜ, ɫɜɹɡɚɧɧɵɯ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. ȿɝɨ ɭɜɟɥɢɱɟɧɢɟ ɭɤɚɡɵɜɚɟɬ ɧɚ ɬɨ, ɱɬɨ ɞɪɭɝɢɟ ɦɚɲɢɧɵ ɧɟ ɜɵɩɨɥɧɹɸɬ ɫɜɨɸ ɪɚɛɨɬɭ, ɩɟɪɟɝɪɭɠɚɹ ɷɬɨɬ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. Ɉɛɟɫɩɟɱɢɜɚɟɬ ɩɨɥɟɡɧɨɣ ɢɧɮɨɪɦɚɰɢɟɣ ɨ ɬɨɦ, ɜ ɤɚɤɨɟ ɜɪɟɦɹ ɞɧɹ ɩɨɥɶɡɨɜɚɬɟɥɢ ɩɪɟɢɦɭɳɟɫɬɜɟɧɧɨ ɜɵɯɨɞɹɬ ɜ ɫɟɬɶ, ɢ ɦɚɤɫɢɦɚɥɶɧɨɦ ɱɢɫɥɟ ɤɥɢɟɧɬɨɜ, ɫɜɹɡɵɜɚɸɳɢɯɫɹ ɫ ɫɟɬɶɸ ɤɚɠɞɵɣ ɞɟɧɶ.
NTDS
LDAP Client Sessions (LDAP ɫɟɚɧɫɵ ɤɥɢɟɧɬɨɜ)
ɉɪɨɰɟɫɫ
Private Bytes Ʉɚɠɞɵɟ 15 (Instance=lsass) ɦɢɧɭɬ (Ʌɢɱɧɵɟ ɛɚɣɬɵ)
Ɉɬɫɥɟɠɢɜɚɟɬ ɨɛɴɟɦ ɩɚɦɹɬɢ, ɢɫɩɨɥɶɡɭɟɦɨɣ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ. ɇɟɩɪɟɪɵɜɧɵɣ ɪɨɫɬ ɡɧɚɱɟɧɢɹ ɭɤɚɡɵɜɚɟɬ ɧɚ ɭɜɟɥɢɱɟɧɢɟ ɩɨɬɪɟɛɧɨɫɬɢ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɡɚ ɫɱɟɬ ɩɨɜɟɞɟɧɢɹ ɩɪɢɥɨɠɟɧɢɣ (ɨɫɬɚɜɥɹɸɬ ɞɟɫɤɪɢɩɬɨɪɵ) ɢɥɢ ɧɚ ɭɜɟɥɢɱɟɧɢɟ ɱɢɫɥɚ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ, ɨɛɪɚɳɚɸɳɢɯɫɹ ɤ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ. ɉɪɢ ɡɧɚɱɢɬɟɥɶɧɨɦ ɨɬɤɥɨɧɟɧɢɢ ɡɧɚɱɟɧɢɹ ɷɬɨɝɨ ɫɱɟɬɱɢɤɚ ɨɬ ɧɨɪɦɚɥɶɧɨɝɨ ɡɧɚɱɟɧɢɹ, ɫɨɛɥɸɞɚɟɦɨɝɨ ɧɚ ɞɪɭɝɢɯ, ɪɚɜɧɵɯ ɩɨ ɩɨɥɨɠɟɧɢɸ, ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ, ɜɵ ɞɨɥɠɧɵ ɢɫɫɥɟɞɨɜɚɬɶ ɩɪɢɱɢɧɭ ɷɬɨɝɨ.
ɉɪɨɰɟɫɫ
Handle Count (Instance=lsass) ɋɱɟɬɱɢɤ ɞɟɫɤɪɢɩɬɨɪɨɜ)
Ʉɚɠɞɵɟ 15 ɦɢɧɭɬ
ɉɪɨɰɟɫɫ
Virtual Bytes (Instance=lsass) (ȼɢɪɬɭɚɥɶɧɵɟ ɛɚɣɬɵ)
Ʉɚɠɞɵɟ 15 ɦɢɧɭɬ
ɉɨɥɟɡɟɧ ɞɥɹ ɨɛɧɚɪɭɠɟɧɢɹ ɩɥɨɯɨɝɨ ɩɨɜɟɞɟɧɢɹ ɩɪɢɥɨɠɟɧɢɹ, ɧɟ ɡɚɤɪɵɜɚɸɳɟɝɨ ɞɟɫɤɪɢɩɬɨɪɵ ɞɨɥɠɧɵɦ ɨɛɪɚɡɨɦ. Ɂɧɚɱɟɧɢɟ ɷɬɨɝɨ ɫɱɟɬɱɢɤɚ ɭɜɟɥɢɱɢɜɚɟɬɫɹ ɥɢɧɟɣɧɨ ɩɨ ɦɟɪɟ ɞɨɛɚɜɥɟɧɢɹ ɤɥɢɟɧɬɫɤɢɯ ɪɚɛɨɱɢɯ ɫɬɚɧɰɢɣ. ɂɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɬɨɝɨ, ɱɬɨ Active Directory ɜɵɩɨɥɧɹɟɬɫɹ ɩɪɢ ɧɟɯɜɚɬɤɟ ɜɢɪɬɭɚɥɶɧɨɝɨ ɚɞɪɟɫɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ ɩɚɦɹɬɢ, ɱɬɨ ɧɚɡɵɜɚɟɬ ɧɚ ɭɬɟɱɤɭ ɩɚɦɹɬɢ. ɍɛɟɞɢɬɟɫɶ, ɱɬɨ ɭ ɜɚɫ ɜɵɩɨɥɧɹɟɬɫɹ ɫɚɦɵɣ ɩɨɫɥɟɞɧɢɣ ɫɟɪɜɢɫɧɵɣ ɩɚɤɟɬ (service pack), ɢ ɧɚɦɟɬɶɬɟ ɩɟɪɟɡɚɝɪɭɡɤɭ ɧɚ ɛɥɢɠɚɣɲɢɟ ɧɟɪɚɛɨɱɢɟ ɱɚɫɵ, ɱɬɨɛɵ ɢɡɛɟɠɚɬɶ ɩɪɨɫɬɨɹ ɫɢɫɬɟɦɵ. ɗɬɨɬ ɫɱɟɬɱɢɤ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɨɩɪɟɞɟɥɟɧɢɹ ɬɨɝɨ, ɱɬɨ ɨɫɬɚɸɬɫɹ ɞɨɫɬɭɩɧɵɦɢ ɦɟɧɟɟ 2-ɯ ɝɢɝɚɛɚɣɬ ɜɢɪɬɭɚɥɶɧɨɣ ɩɚɦɹɬɢ.
ɋɱɟɬɱɢɤɢ, ɯɚɪɚɤɬɟɪɢɡɭɸɳɢɟ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɟ ɪɟɩɥɢɤɚɰɢɢ ɋɱɟɬɱɢɤɢ (ɫɦ. ɬɚɛɥ. 14-2) ɨɬɫɥɟɠɢɜɚɸɬ ɤɨɥɢɱɟɫɬɜɨ ɪɟɩɥɢɰɢɪɭɟɦɵɯ ɞɚɧɧɵɯ. ɉɨɪɨɝɢ ɨɩɪɟɞɟɥɹɸɬɫɹ ɩɨ ɛɚɡɨɜɵɦ ɡɧɚɱɟɧɢɹɦ, ɭɫɬɚɧɨɜɥɟɧɧɵɦ ɪɚɧɟɟ, ɟɫɥɢ ɧɟ ɭɤɚɡɚɧɨ ɧɢɱɟɝɨ ɞɪɭɝɨɝɨ. . 14-2.
Ɉɛɴɟɤɬ ɋɱɟɬɱɢɤ
,
Ɋɟɤɨɦɟɧ ɉɨɱɟɦɭ ɷɬɨɬ ɫɱɟɬɱɢɤ ɜɚɠɟɧ ɞɭɟɦɵɣ ɢɧɬɟɪɜɚɥ
NTDS
DRA Inbound Ʉɚɠɞɵɟ Bytes Compressed 15 ɦɢɧɭɬ (DRA ɜɯɨɞɹɳɢɟ ɫɠɚɬɵɟ ɛɚɣɬɵ) (Ɇɟɠɞɭ ɫɚɣɬɚɦɢ ɩɨɫɥɟ ɫɠɚɬɢɹ/ ɫɟɤɭɧɞɵ)
ɍɤɚɡɵɜɚɟɬ ɤɨɥɢɱɟɫɬɜɨ ɪɟɩɥɢ-ɰɢɪɭɟɦɵɯ ɞɚɧɧɵɯ, ɜɯɨɞɹɳɢɯ ɜ ɷɬɨɬ ɫɚɣɬ. ɂɡɦɟɧɟɧɢɟ ɡɧɚɱɟɧɢɹ ɷɬɨɝɨ ɫɱɟɬɱɢɤɚ ɭɤɚɡɵɜɚɟɬ ɧɚ ɢɡɦɟɧɟɧɢɟ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ ɢɥɢ ɧɚ ɬɨ, ɱɬɨ ɫɭɳɟɫɬɜɟɧɧɵɟ ɞɚɧɧɵɟ ɛɵɥɢ ɞɨɛɚɜɥɟɧɵ ɢɥɢ ɢɡɦɟɧɟɧɵ ɜ Active Directory.
NTDS
DRA Outbound Ʉɚɠɞɵɟ Bytes Compressed 15 ɦɢɧɭɬ (DRA ɢɫɯɨɞɹɳɢɟ ɫɠɚɬɵɟ ɛɚɣɬɵ) (Ɇɟɠɞɭ ɫɚɣɬɚɦɢ ɩɨɫɥɟ ɫɠɚɬɢɹ/ ɫɟɤɭɧɞɵ)
ɍɤɚɡɵɜɚɟɬ ɤɨɥɢɱɟɫɬɜɨ ɪɟɩɥɢɰɢ-ɪɭɟɦɵɯ ɞɚɧɧɵɯ, ɜɵɯɨɞɹɳɢɯ ɢɡ ɷɬɨɝɨ ɫɚɣɬɚ. ɂɡɦɟɧɟɧɢɟ ɡɧɚɱɟɧɢɹ ɷɬɨɝɨ ɫɱɟɬɱɢɤɚ ɭɤɚɡɵɜɚɟɬ ɧɚ ɢɡɦɟɧɟɧɢɟ ɬɨɩɨɥɨɝɢɢ ɨɬɜɟɬɚ ɢɥɢ ɧɚ ɬɨ, ɱɬɨ ɫɭɳɟɫɬɜɟɧɧɵɟ ɞɚɧɧɵɟ ɛɵɥɢ ɞɨɛɚɜɥɟɧɵ ɢɥɢ ɢɡɦɟɧɟɧɵ ɜ Active Directory.
NTDS
DRA Outbound Ʉɚɠɞɵɟ ɍɤɚɡɵɜɚɟɬ ɤɨɥɢɱɟɫɬɜɨ ɪɟɩɥɢ-ɰɢɪɭɟɦɵɯ Bytes Not 15 ɦɢɧɭɬ ɞɚɧɧɵɯ, ɜɵɯɨɞɹɳɢɯ ɢɡ ɷɬɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ Compressed ɞɨɦɟɧɚ, ɧɨ ɚɞɪɟɫɨɜɚɧɧɵɯ ɜ ɩɪɟɞɟɥɚɯ ɫɚɣɬɚ. (ɂɫɯɨɞɹɳɢɟ ɧɟɫɠɚɬɵɟ DRA ɛɚɣɬɵ )
NTDS
DRA Outbound Ʉɚɠɞɵɟ Bytes Total/sec 15 ɦɢɧɭɬ (Ɉɛɳɟɟ ɤɨɥɢɱɟɫɬɜɨ ɢɫɯɨɞɹɳɢɯ DRA ɛɚɣɬɨɜ/ ɫɟɤɭɧɞɚ)
ɍɤɚɡɵɜɚɟɬ ɤɨɥɢɱɟɫɬɜɨ ɪɟɩɥɢɰɢ-ɪɭɟɦɵɯ ɞɚɧɧɵɯ, ɜɵɯɨɞɹɳɢɯ ɢɡ ɷɬɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɂɡɦɟɧɟɧɢɟ ɡɧɚɱɟɧɢɹ ɷɬɨɝɨ ɫɱɟɬɱɢɤɚ ɭɤɚɡɵɜɚɟɬ ɧɚ ɢɡɦɟɧɟɧɢɟ ɬɨɩɨɥɨɝɢɢ ɪɟɩɥɢɤɚɰɢɢ ɢɥɢ ɧɚ ɬɨ, ɱɬɨ ɫɭɳɟɫɬɜɟɧɧɵɟ ɞɚɧɧɵɟ ɛɵɥɢ ɞɨɛɚɜɥɟɧɵ ɢɥɢ ɢɡɦɟɧɟɧɵ ɜ Active Directory. ɗɬɨ ɜɚɠɧɵɣ ɫɱɟɬɱɢɤ, ɤɨɬɨɪɵɣ ɫɥɟɞɭɟɬ ɨɬɫɥɟɠɢɜɚɬɶ.
Ɋɚɛɨɬɚ ɩɨɞɫɢɫɬɟɦɵ ɡɚɳɢɬɵ ɋɱɟɬɱɢɤɢ (ɫɦ. ɬɚɛɥ. 14-3) ɨɬɫɥɟɠɢɜɚɸɬ ɤɥɸɱɟɜɵɟ ɨɛɴɟɦɵ, ɫɜɹɡɚɧɧɵɟ ɫ ɡɚɳɢɬɨɣ. ɉɨɪɨɝɢ ɨɩɪɟɞɟɥɟɧɵ ɜ ɪɟɡɭɥɶɬɚɬɟ ɦɨɧɢɬɨɪɢɧɝɚ ɛɚɡɨɜɵɯ ɡɧɚɱɟɧɢɣ, ɟɫɥɢ ɧɟ ɭɤɚɡɚɧɨ ɞɪɭɝɨɝɨ. . 14-3.
Ɉɛɴɟɤɬ ɋɱɟɬɱɢɤ
,
Ɋɟɤɨɦɟɧɞɭ ɉɨɱɟɦɭ ɷɬɨɬ ɫɱɟɬɱɢɤ ɜɚɠɟɧ ɟɦɵɣ ɢɧɬɟɪɜɚɥ
NTDS
NTLM Ʉɚɠɞɵɟ 15 ɍɤɚɡɵɜɚɟɬ ɤɨɥɢɱɟɫɬɜɨ ɤɥɢɟɧɬɨɜ ɜ ɫɟɤɭɧɞɭ, Authentications ɦɢɧɭɬ ɤɨɬɨɪɵɟ ɚɭɬɟɧɬɢ-ɮɢɰɢɪɭɸɬɫɹ ɧɚ (NTLM ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɢɫɩɨɥɶɡɭɹ NTLM ɚɭɬɟɧɬɢɮɢɤɚɰɢɢ) ɜɦɟɫɬɨ Kerberos (ɤɥɢɟɧɬɵ, ɢɦɟɸɳɢɟ ɛɨɥɟɟ ɪɚɧɧɢɟ, ɱɟɦ Windows 2000, ɫɢɫɬɟɦɵ ɢɥɢ ɚɭɬɟɧɬɢɮɢɤɚɰɢɹ ɦɟɠɞɭ ɥɟɫɚɦɢ).
NTDS
KDC AS Requests Ʉɚɠɞɵɟ 15 ɍɤɚɡɵɜɚɟɬ ɤɨɥɢɱɟɫɬɜɨ ɛɢɥɟɬɨɜ ɫɟɚɧɫɚ, (Ɂɚɩɪɨɫɵ KDC ɦɢɧɭɬ ɜɵɩɭɫɤɚɟɦɵɯ ɜ ɫɟɤɭɧɞɭ ɰɟɧɬɪɨɦ AS) ɪɚɫɩɪɟɞɟɥɟɧɢɹ ɤɥɸɱɟɣ (KDC). ɉɨɡɜɨɥɹɟɬ ɧɚɛɥɸɞɚɬɶ ɜɨɡɞɟɣɫɬɜɢɟ ɢɡɦɟɧɟɧɢɹ ɫɪɨɤɚ ɫɥɭɠɛɵ ɛɢɥɟɬɚ.
NTDS
Kerberos Ʉɚɠɞɵɟ 15 ɍɤɚɡɵɜɚɟɬ ɤɨɥɢɱɟɫɬɜɨ ɧɚɝɪɭɡɤɢ, ɫɜɹɡɚɧɧɨɣ Authentications ɦɢɧɭɬ ɫ ɚɭɬɟɧɬɢɮɢɤɚɰɢɟɣ, ɩɨɥɭɱɚɟɦɨɣ ɰɟɧɬɪɨɦ (Ⱥɭɬɟɧɬɢɮɢɤɚɰɢɢ KDC. ɉɨɡɜɨɥɹɟɬ ɧɚɛɥɸɞɚɬɶ ɬɟɧɞɟɧɰɢɢ Kerberos) ɪɨɫɬɚ.
NTDS
KDC TGS Ʉɚɠɞɵɟ 15 ɍɤɚɡɵɜɚɟɬ ɤɨɥɢɱɟɫɬɜɨ TGT ɛɢɥɟɬɨɜ, Requests (Ɂɚɩɪɨɫɵ ɦɢɧɭɬ ɜɵɩɭɫɤɚɟɦɵɯ ɫɥɭɠɛɨɣ KDC. ɂɫɩɨɥɶɡɭɟɬɫɹ KDC TGS) ɞɥɹ ɧɚɛɥɸɞɟɧɢɹ ɡɚ ɢɡɦɟɧɟɧɢɟɦ ɫɪɨɤɚ ɫɥɭɠɛɵ ɛɢɥɟɬɚ.
Ɏɭɧɤɰɢɨɧɢɪɨɜɚɧɢɟ ɹɞɪɚ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ ɋɱɟɬɱɢɤɢ (ɫɦ. ɬɚɛɥ. 14-4) ɨɬɫɥɟɠɢɜɚɸɬ ɢɧɞɢɤɚɬɨɪɵ, ɯɚɪɚɤɬɟɪɢɡɭɸɳɢɟ ɪɚɛɨɬɭ ɹɞɪɚ ɨɩɟɪɚɰɢɨɧɧɨɣ ɫɢɫɬɟɦɵ, ɨɧɢ ɩɪɹɦɨ ɜɨɡɞɟɣɫɬɜɭɸɬ ɧɚ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɶ Active Directory.
. 14-4.
Ɉɛɴɟɤɬ
ɋɱɟɬɱɢɤ
ɉɨɪɨɝ
Ɂɧɚɱɢɦɨɫɬɶ ɩɪɟɜɵɲɟɧɢɹ ɩɨɪɨɝɨɜɨɝɨ ɡɧɚɱɟɧɢɹ
Memory (ɉɚɦɹɬɶ)
Page Faults/ sec Ʉɚɠɞɵɟ 5 (Ɉɲɢɛɤɢ ɫɬɪɚɧɢɰɵ/ ɦɢɧɭɬ ɫɟɤɭɧɞɵ)
700/ɫ
ȼɵɫɨɤɚɹ ɫɬɟɩɟɧɶ ɨɲɢɛɨɤ ɫɬɪɚɧɢɰɵ ɭɤɚɡɵɜɚɟɬ ɧɚ ɧɟɞɨɫɬɚɬɨɱɧɭɸ ɮɢɡɢɱɟɫɤɭɸ ɩɚɦɹɬɶ.
Physical Disk (Ⱦɢɫɤ)
Current DiskQueue «length (Ɍɟɤɭɳɚɹ ɞɥɢɧɚ ɨɱɟɪɟɞɢ ɤ Ⱦɢɫɤɭ)
ɍɞɜɨɟɧɧɨɟ ɫɪɟɞɧɟɟ ɡɧɚɱɟɧɢɟ ɜ ɬɟɱɟɧɢɟ ɬɪɟɯ ɢɧɬɟɪɜɚɥɨɜ
Ɉɬɫɥɟɠɢɜɚɟɬ ɨɛɴɟɦɵ ɮɚɣɥɨɜ Ntds.dit ɢ .log. ɍɤɚɡɵɜɚɟɬ, ɱɬɨ ɢɦɟɟɬɫɹ ɨɬɫɬɚɜɚɧɢɟ ɞɢɫɤɨɜɵɯ ɡɚɩɪɨɫɨɜ ɜɜɨɞɚ/ ɜɵɜɨɞɚ. Ɋɚɫɫɦɨɬɪɢɬɟ ɜɨɡɦɨɠɧɨɫɬɶ ɭɜɟɥɢɱɟɧɢɹ ɞɢɫɤɚ ɢ ɩɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɢ ɤɨɧɬɪɨɥɥɟɪɚ.
Processor % DPC Time Ʉɚɠɞɵɟ 15 (ɉɪɨɰɟɫɫɨ (Instance=_Total) (% ɦɢɧɭɬ ɪ) ɜɪɟɦɟɧɢ DPC)
10
ɍɤɚɡɵɜɚɟɬ ɨɬɥɨɠɟɧɧɭɸ ɪɚɛɨɬɭ, ɢɡ-ɡɚ ɡɚɧɹɬɨɫɬɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɉɪɟɜɵɲɟɧɢɟ ɩɨɪɨɝɨɜɨɝɨ ɡɧɚɱɟɧɢɹ ɭɤɚɡɵɜɚɟɬ ɧɚ ɜɨɡɦɨɠɧɭɸ ɩɟɪɟɝɪɭɡɤɭ ɩɪɨɰɟɫɫɨɪɚ.
System Processor Queue Ʉɚɠɞɭɸ (ɋɢɫɬɟɦɚ) Length (Ⱦɥɢɧɚ ɦɢɧɭɬɭ ɨɱɟɪɟɞɢ ɤ ɩɪɨɰɟɫɫɨɊɍ)
ɒɟɫɬɶ ɫɪɟɞɧɢɯ ɡɧɚɱɟɧɢɣ ɜ ɬɟɱɟɧɢɟ ɩɹɬɢ ɢɧɬɟɪɜɚɥɨɜ
ɉɪɨɰɟɫɫɨɪ ɧɟɞɨɫɬɚɬɨɱɧɨ ɛɵɫɬɪ, ɱɬɨɛɵ ɨɛɪɚɛɚɬɵɜɚɬɶ ɡɚɩɪɨɫɵ ɩɨ ɦɟɪɟ ɢɯ ɩɨɫɬɭɩɥɟɧɢɹ. ȿɫɥɢ ɬɨɩɨɥɨɝɢɹ ɪɟɩɥɢɤɚɰɢɢ ɩɪɚɜɢɥɶɧɚ, ɢ ɞɚɧɧɨɟ ɫɨɫɬɨɹɧɢɟ ɧɟ ɜɵɡɜɚɧɨ ɨɬɤɚɡɚɦɢ ɞɪɭɝɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɪɚɫɫɦɨɬɪɢɬɟ ɜɨɡɦɨɠɧɨɫɬɶ ɨɛɧɨɜɥɟɧɢɹ ɩɪɨɰɟɫɫɨɪɚ.
4 Ɇɛ
ɍɤɚɡɵɜɚɟɬ, ɱɬɨ ɫɢɫɬɟɦɚ ɢɫɱɟɪɩɚɥɚ ɞɨɫɬɭɩɧɭɸ ɩɚɦɹɬɶ. ȼɟɪɨɹɬɟɧ ɧɚɞɜɢɝɚɸɳɢɣɫɹ ɨɬɤɚɡ ɜ ɪɚɛɨɬɟ ɫɥɭɠɛɵ.
Memory (ɉɚɦɹɬɶ)
Available MBytes (Ⱦɨɫɬɭɩɧɵɟ ɦɟɝɚɛɚɣɬɵ)
ɂɧɬɟɪɜɚɥ
Ʉɚɠɞɭɸ ɦɢɧɭɬɭ
Ʉɚɠɞɵɟ 15 ɦɢɧɭɬ
Processor % Processor Time Ʉɚɠɞɭɸ (ɉɪɨɰɟɫɫɨ (Instance=_Total) (% ɦɢɧɭɬɭ ɪ) ɜɪɟɦɟɧɢ ɩɪɨɰɟɫɨɪɚ)
85 % ɨɬ ɫɥɟɞɧɟɝɨ ɡɧɚɱɟɧɢɹ ɜ ɬɟɱɟɧɢɟ ɬɪɟɯ ɢɧɬɟɪɜɚɥɨɜ
ɍɤɚɡɵɜɚɟɬ ɧɚ ɩɟɪɟɝɪɭɡɤɭ ɰɟɧɬɪɚɥɶɧɨɝɨ ɩɪɨɰɟɫɫɨɪɚ. Ɉɩɪɟɞɟɥɢɬɟ, ɜɵɡɜɚɧɚ ɥɢ ɩɟɪɟɝɪɭɡɤɚ ɩɪɨɰɟɫɫɨɪɚ ɫɥɭɠɛɨɣ Active Directory, ɢɫɫɥɟɞɭɹ ɨɛɴɟɤɬ Process, ɫɱɟɬɱɢɤ % Processor Time, Isass instance.
System Context Switches/sec Ʉɚɠɞɵɟ 15 (ɋɢɫɬɟɦɚ) (ɉɟɪɟɤɥɸɱɟɧɢɟ ɦɢɧɭɬ ɤɨɧɬɟɤɫɬɚ/ ɫɟɤɭɧɞɚ)
70000
ɍɤɚɡɵɜɚɟɬ ɧɚ ɱɪɟɡɦɟɪɧɨɟ ɤɨɥɢɱɟɫɬɜɨ ɩɟɪɟɯɨɞɨɜ. ȼɨɡɦɨɠɧɨ, ɱɬɨ ɪɚɛɨɬɚɟɬ ɫɥɢɲɤɨɦ ɦɧɨɝɨ ɩɪɢɥɨɠɟɧɢɣ ɲɳ ɫɥɭɠɛ, ɢɥɢ ɢɯ ɧɚɝɪɭɡɤɚ ɧɚ ɫɢɫɬɟɦɭ ɫɥɢɲɤɨɦ ɜɵɫɨɤɚ. Ɋɚɫɫɦɨɬɪɢɬɟ ɜɨɡɦɨɠɧɨɫɬɶ ɪɚɡɝɪɭɡɤɢ ɫɢɫɬɟɦɵ ɨɬ ɱɚɫɬɢ ɷɬɢɯ ɬɪɟɛɨɜɚɧɢɣ.
System System Up Time (ɋɢɫɬɟɦɚ) (ȼɪɟɦɹ ɪɚɛɨɬɵ ɫɢɫɬɟɦɵ)
Ʉɚɠɞɵɟ 15 ɦɢɧɭɬ
ȼɚɠɧɵɣ ɫɱɟɬɱɢɤ, ɩɨɤɚɡɵɜɚɸɳɢɣ ɧɚɞɟɠɧɨɫɬɶ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ.
ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. ɉɪɢɜɟɞɟɧɧɵɟ ɜɵɲɟ ɡɧɚɱɟɧɢɹ ɨɫɧɨɜɚɧɵ ɧɚ ɩɨɪɨɝɨɜɵɯ ɡɧɚɱɟɧɢɹɯ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɪɟɤɨɦɟɧɞɨɜɚɧɵ ɤɨɦɩɚɧɢɟɣ Microsoft ɧɚ ɦɨɦɟɧɬ ɩɟɱɚɬɢ ɷɬɨɣ ɤɧɢɝɢ, ɢ ɞɨɥɠɧɵ ɪɚɫɫɦɚɬɪɢɜɚɬɶɫɹ ɤɚɤ ɩɪɟɞɜɚɪɢɬɟɥɶɧɵɟ ɡɧɚɱɟɧɢɹ. ɂɧɮɨɪɦɚɰɢɹ ɫɨɞɟɪɠɢɬɫɹ ɜ ɪɭɤɨɜɨɞɫɬɜɟ Directory Services Guide ɤɨɦɩɥɟɤɬɚ Microsoft Windows Server 2003 Resource Kit. ɋɜɟɠɭɸ ɢɧɮɨɪɦɚɰɢɸ ɨ ɜɵɩɭɫɤɟ ɤɨɦɩɥɟɤɬɚ ɪɟɫɭɪɫɨɜ ɫɦɨɬɪɢɬɟ ɩɨ ɚɞɪɟɫɭ http:// www.microsoft.com/windowsserver2003/techinfo/reskit/reso urcekit.mspx. ɉɪɟɞɭɩɪɟɠɞɟɧɢɟ ɨɩɪɟɞɟɥɹɟɬɫɹ ɤɚɤ ɭɜɟɞɨɦɥɟɧɢɟ, ɤɨɬɨɪɨɟ ɜɵɡɵɜɚɟɬɫɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ, ɤɨɝɞɚ ɡɧɚɱɟɧɢɟ ɫɱɟɬɱɢɤɚ ɞɨɫɬɢɝɚɟɬ ɩɨɪɨɝɨɜɨɝɨ ɭɪɨɜɧɹ. ɂɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Performance, ɢɦɟɸɳɢɣɫɹ ɜ ɫɢɫɬɟɦɟ Windows Server 2003, ɜɵ ɦɨɠɟɬ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɩɪɟɞɭɩɪɟɠɞɟɧɢɟ ɞɥɹ ɥɸɛɨɝɨ ɞɨɫɬɭɩɧɨɝɨ ɫɱɟɬɱɢɤɚ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɫɢɫɬɟɦɵ. . Active Directory Installation Wizard Active Directory, NTDS Performance, .Э , GC. ɋɱɟɬɱɢɤɢ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory ɞɥɹ ɛɚɡɵ ɞɚɧɧɵɯ ESENT (Ntds.dit) ɧɟ ɭɫɬɚɧɚɜɥɢɜɚɸɬɫɹ ɜɨ ɜɪɟɦɹ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. ȼɵ ɞɨɥɠɧɵ ɞɨɛɚɜɢɬɶ ɢɯ ɜɪɭɱɧɭɸ. ɑɬɨɛɵ ɧɚɣɬɢ ɚɜɬɨɦɚɬɢɡɢɪɨɜɚɧɧɵɣ ɫɰɟɧɚɪɢɣ, ɤɨɬɨɪɵɣ ɭɫɬɚɧɚɜɥɢɜɚɟɬ ɫɱɟɬɱɢɤɢ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory, ɫɦɨɬɪɢɬɟ ɫɬɚɬɶɸ Install Active Directory Database Performance Counters (ɍɫɬɚɧɨɜɤɚ ɫɱɟɬɱɢɤɨɜ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory) ɜ ɐɟɧɬɪɟ ɫɰɟɧɚɪɢɟɜ Microsoft ɩɨ ɚɞɪɟɫɭ http://www.microsoft.com/technet/treeview/defa ult.asp? url —/technet/scriptcenter /monitor/ScrMonO8.asp. ȼɵ ɦɨɠɟɬɟ ɫɤɨɩɢɪɨɜɚɬɶ ɷɬɨɬ ɫɰɟɧɚɪɢɣ ɜ ɬɟɤɫɬɨɜɨɣ ɮɚɣɥ, ɞɚɬɶ ɮɚɣɥɭ ɫɜɨɟ ɧɚɡɜɚɧɢɟ ɢ ɪɚɫɲɢɪɟɧɢɟ .vbs, ɚ ɡɚɬɟɦ ɜɵɩɨɥɧɢɬɶ ɟɝɨ ɞɥɹ ɭɫɬɚɧɨɜɤɢ ɫɱɟɬɱɢɤɨɜ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ ESENT. ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɩɪɟɞɭɩɪɟɠɞɟɧɢɟ ɩɨ ɩɨɜɨɞɭ ɩɪɟɜɵɲɟɧɢɹ ɱɢɫɥɚ ɚɭɬɟɧ-ɬɢɮɢɤɚɰɢɨɧɧɵɯ ɡɚɩɪɨɫɨɜ ɩɪɨɬɨɤɨɥɚ Kerberos (ɩɨɪɨɝ ɪɚɜɟɧ 20-ɬɢ ɡɚɩɪɨɫɚɦ ɜ ɫɟɤɭɧɞɭ) ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɲɚɝɢ.
1. 2. 3.
Ɉɬɤɪɨɣɬɟ Performance (ɉɪɨɢɡɜɨɞɢɬɟɥɶɧɨɫɬɶ) ɜ ɩɚɩɤɟ Administrative Tools (ɋɪɟɞɫɬɜɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ). Ⱦɜɚɠɞɵ ɳɟɥɤɧɢɬɟ ɧɚ Performance Logs And Alerts (ɀɭɪɧɚɥɵ ɪɚɛɨɬɵ ɢ ɩɪɟɞɭɩɪɟɠɞɟɧɢɹ), ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ Alerts (ɉɪɟɞɭɩɪɟɠɞɟɧɢɹ). ɂɡ ɦɟɧɸ Action (Ⱦɟɣɫɬɜɢɹ) ɜɵɛɟɪɢɬɟ New Alert Settings (ɉɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɧɨɜɵɯ ɩɪɟɞɭɩɪɟɠɞɟɧɢɣ).
ȼ ɩɨɥɟ Name (ɂɦɹ) ɧɚɩɟɱɚɬɚɣɬɟ ɧɚɡɜɚɧɢɟ ɩɪɟɞɭɩɪɟɠɞɟɧɢɹ, ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ ɈɄ. ɗɬɨ ɧɚɡɜɚɧɢɟ ɛɭɞɟɬ ɩɨɤɚɡɚɧɨ ɜ ɤɨɧɬɟɣɧɟɪɟ Performance Logs And Alerts, ɩɨɷɬɨɦɭ ɢɫɩɨɥɶɡɭɣɬɟ ɬɚɤɨɟ ɢɦɹ, ɤɨɬɨɪɨɟ ɨɩɪɟɞɟɥɹɟɬ ɨɬɫɥɟɠɢɜɚɟɦɵɣ ɫɱɟɬɱɢɤ. 5. ɇɚ ɜɤɥɚɞɤɟ General (Ɉɛɳɟɟ) ɞɚɣɬɟ ɤɨɦɦɟɧɬɚɪɢɣ ɤ ɜɚɲɟɦɭ ɩɪɟɞɭɩɪɟɠɞɟɧɢɸ, ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ ADD (Ⱦɨɛɚɜɢɬɶ), ɱɬɨɛɵ ɞɨɛɚɜɢɬɶ ɧɟɨɛɯɨɞɢɦɵɣ ɨɛɴɟɤɬ Performance ɢ ɫɱɟɬɱɢɤɢ (ɫɦ. ɪɢɫ. 14-1). 4.
. 14-1. 6.
ȼɜɟɞɢɬɟ ɩɨɪɨɝɨɜɵɣ ɩɪɟɞɟɥ, ɡɚɩɭɫɤɚɸɳɢɣ ɩɪɟɞɭɩɪɟɠɞɟɧɢɟ. ɍɫɬɚɧɨɜɢɬɟ ɢɧɬɟɪɜɚɥ ɜɪɟɦɟɧɢ ɞɥɹ ɜɵɛɨɪɤɢ ɞɚɧɧɵɯ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ (ɫɦ. ɪɢɫ. 14-2).
. 14-2. 7.
ɇɚ ɜɤɥɚɞɤɟ Action (Ⱦɟɣɫɬɜɢɹ) ɨɩɪɟɞɟɥɢɬɟ ɫɨɛɵɬɢɹ, ɤɨɬɨɪɵɟ ɞɨɥɠɧɵ ɩɪɨɢɫɯɨɞɢɬɶ, ɤɨɝɞɚ ɡɧɚɱɟɧɢɟ ɫɱɟɬɱɢɤɚ ɞɨɫɬɢɝɧɟɬ ɩɨɪɨɝɨɜɨɝɨ ɡɧɚɱɟɧɢɹ. ɑɬɨɛɵ ɨɩɪɟɞɟɥɢɬɶ ɜɪɟɦɹ, ɤɨɝɞɚ ɫɥɭɠɛɚ ɞɨɥɠɧɚ ɧɚɱɚɬɶ ɩɪɨɫɦɚɬɪɢɜɚɬɶ ɩɪɟɞɭɩɪɟɠɞɟɧɢɹ, ɢɫɩɨɥɶɡɭɣɬɟ ɜɤɥɚɞɤɭ Schedule (Ɋɚɫɩɢɫɚɧɢɟ). ȼɤɥɚɞɤɚ Action ɩɨɤɚɡɵɜɚɟɬ, ɱɬɨ ɩɪɟɞɭɩɪɟɠɞɟɧɢɟ ɦɨɠɟɬ ɜɵɡɜɚɬɶ ɧɟɫɤɨɥɶɤɨ ɞɟɣɫɬɜɢɣ, ɜɤɥɸɱɚɹ ɫɥɟɞɭɸɳɢɟ (ɫɦ. ɪɢɫ. 14-3): • ɫɨɡɞɚɧɢɟ ɡɚɩɢɫɢ ɜ ɩɪɢɤɥɚɞɧɨɦ ɠɭɪɧɚɥɟ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ; • ɝɟɧɟɪɢɪɨɜɚɧɢɟ ɩɪɟɞɭɩɪɟɠɞɚɸɳɟɝɨ ɫɨɨɛɳɟɧɢɹ. ɗɬɨ ɫɨɨɛɳɟɧɢɟ ɦɨɠɟɬ ɛɵɬɶ ɩɨɫɥɚɧɨ ɢɥɢ ɩɨ IP- ɚɞɪɟɫɭ ɢɥɢ ɧɚ ɢɦɹ ɤɨɦɩɶɸɬɟɪɚ;
• •
ɡɚɩɭɫɤ ɪɟɝɢɫɬɪɚɰɢɢ ɯɚɪɚɤɬɟɪɢɫɬɢɤ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ; ɜɵɩɨɥɧɟɧɢɟ ɩɪɨɝɪɚɦɦɵ.
. 14-3.
,
ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɨɩɰɢɹɦ, ɭɤɚɡɚɧɧɵɦ ɧɚ ɜɤɥɚɞɤɟ Actions, ɞɥɹ ɷɮɮɟɤɬɢɜɧɨɝɨ ɦɨɧɢɬɨɪɢɧɝɚ ɠɟɥɚɬɟɥɶɧɨ ɢɦɟɬɶ ɝɨɬɨɜɵɣ ɩɥɚɧ ɞɟɣɫɬɜɢɣ ɜ ɨɬɜɟɬ ɧɚ ɩɪɟɞɭɩɪɟɠɞɟɧɢɟ. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɨɩɪɟɞɟɥɢɬɟ ɜɚɲɢ ɫɱɟɬɱɢɤɢ, ɚ ɬɚɤɠɟ ɛɚɡɨɜɵɟ ɢ ɩɨɪɨɝɨɜɵɟ ɡɧɚɱɟɧɢɹ, ɨɛɹɡɚɬɟɥɶɧɨ ɡɚɞɨɤɭɦɟɧɬɢɪɭɣɬɟ ɤɨɪɪɟɤɬɢɪɭɸɳɢɟ ɞɟɣɫɬɜɢɹ, ɤɨɬɨɪɵɟ ɜɵ ɩɪɟɞɩɪɢɦɢɬɟ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɜɟɪɧɭɬɶ ɢɧɞɢɤɚɬɨɪ ɜ ɩɪɟɞɟɥɵ ɧɨɪɦɵ. Ɉɧɢ ɦɨɝɭɬ ɜɤɥɸɱɚɬɶ ɩɨɢɫɤ ɧɟɢɫɩɪɚɜɧɨɫɬɟɣ (ɧɚɩɪɢɦɟɪ, ɜɨɡɜɪɚɳɟɧɢɟ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɢɧɬɟɪɚɤɬɢɜɧɵɣ ɪɟɠɢɦ) ɢɥɢ ɩɟɪɟɞɚɱɭ ɪɨɥɢ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ. ȿɫɥɢ ɜɚɲɚ ɫɢɫɬɟɦɚ ɞɨɫɬɢɝɥɚ ɫɜɨɢɯ ɦɚɤɫɢɦɚɥɶɧɵɯ ɜɨɡɦɨɠɧɨɫɬɟɣ, ɜɨɡɦɨɠɧɨ, ɞɥɹ ɢɫɩɪɚɜɥɟɧɢɹ ɬɟɤɭɳɟɝɨ ɫɨɫɬɨɹɧɢɹ ɩɪɢɞɟɬɫɹ ɞɨɛɚɜɢɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɨɟ ɞɢɫɤɨɜɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɢɥɢ ɩɚɦɹɬɶ. Ⱦɪɭɝɢɟ ɩɪɟɞɭɩɪɟɠɞɟɧɢɹ ɩɨɬɪɟɛɭɸɬ ɨɬ ɜɚɫ ɜɵɩɨɥɧɟɧɢɹ ɞɟɣɫɬɜɢɣ ɩɨ ɨɛɫɥɭɠɢɜɚɧɢɸ Active Directory, ɬɚɤɢɯ ɤɚɤ ɞɟɮɪɚɝɦɟɧɬɚɰɢɹ ɮɚɣɥɚ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. ɗɬɢ ɫɢɬɭɚɰɢɢ ɨɛɫɭɠɞɚɸɬɫɹ ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ ɜ ɪɚɡɞɟɥɟ «Ⱥɜɬɨɧɨɦɧɚɹ ɞɟɮɪɚɝɦɟɧɬɚɰɢɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory».
«
»
ɂɧɫɬɪɭɦɟɧɬ System Monitor (ɋɢɫɬɟɦɧɵɣ ɦɨɧɢɬɨɪ) ɜɤɥɸɱɟɧ ɜ ɫɪɟɞɫɬɜɚ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Performance. ɂɫɩɨɥɶɡɭɹ ɷɬɨɬ ɢɧɫɬɪɭɦɟɧɬ, ɦɨɠɧɨ ɫɨɛɢɪɚɬɶ ɢ ɪɚɫɫɦɚɬɪɢɜɚɬɶ ɜ ɪɟɚɥɶɧɨɦ ɦɚɫɲɬɚɛɟ ɜɪɟɦɟɧɢ ɞɚɧɧɵɟ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɦɟɫɬɧɨɝɨ ɤɨɦɩɶɸɬɟɪɚ ɢɥɢ ɧɟɫɤɨɥɶɤɢɯ ɭɞɚɥɟɧɧɵɯ ɤɨɦɩɶɸɬɟɪɨɜ. ɋɢɫɬɟɦɧɵɣ ɦɨɧɢɬɨɪ ɞɚɟɬ ɝɪɚɮɢɱɟɫɤɨɟ ɩɪɟɞɫɬɚɜɥɟɧɢɟ ɬɟɯ ɠɟ ɫɚɦɵɯ ɞɚɧɧɵɯ, ɤɨɬɨɪɵɟ ɨɬɫɥɟɠɢɜɚɸɬɫɹ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ Performance Logs And Alerts. ɗɬɨɬ ɢɧɫɬɪɭɦɟɧɬ ɡɧɚɱɢɬɟɥɶɧɨ ɨɛɥɟɝɱɚɟɬ ɨɩɪɟɞɟɥɟɧɢɟ ɬɟɧɞɟɧɰɢɣ ɜ ɪɚɛɨɬɟ ɫɥɭɠɛɵ. ɇɢɠɟ ɩɟɪɟɱɢɫɥɟɧɵ ɬɪɢ ɫɱɟɬɱɢɤɚ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ, ɡɚɞɚɧɧɵɯ ɩɨ ɭɦɨɥɱɚɧɢɸ ɜ ɫɢɫɬɟɦɧɨɦ ɦɨɧɢɬɨɪɟ. • Memory\Pages/sec (ɉɚɦɹɬɶ\ɋɬɪɚɧɢɰɵ/ɫ). • PhysicalDisk (_Total)\Avg. Disk Queue Length (Ɏɢɡɢɱɟɫɤɢɣ ɞɢɫɤ (__Ɍotɚ1)\ɫɪɟɞɧɹɹ ɞɥɢɧɚ ɨɱɟɪɟɞɢ ɤ ɞɢɫɤɭ). • Processor (_Total)\%Processor Time (ɉɪɨɰɟɫɫɨɪ (_Totɚ1)\ȼɪɟɦɹ ɩɪɨɰɟɫɫɨɪɚ). . , ( ). . Ʉɚɠɞɵɣ ɢɡ ɷɬɢɯ ɫɱɟɬɱɢɤɨɜ ɩɨɤɚɡɚɧ ɜ ɫɢɫɬɟɦɟ ɤɨɨɪɞɢɧɚɬ «ɜɪɟɦɹ/ɪɚɛɨɬɚ» ɥɢɧɢɟɣ ɫɜɨɟɝɨ ɰɜɟɬɚ. Ɉɧɢ ɨɱɟɧɶ ɩɨɥɟɡɧɵ ɞɥɹ ɦɨɧɢɬɨɪɢɧɝɚ ɫɢɫɬɟɦɧɨɝɨ «ɡɞɨɪɨɜɶɹ» ɫɟɪɜɟɪɚ (ɜ ɞɚɧɧɨɦ ɫɥɭɱɚɟ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ). ɇɚ ɪɢɫɭɧɤɟ 14-4 ɩɨɤɚɡɚɧɨ ɡɚɞɚɧɧɨɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɪɟɞɫɬɚɜɥɟɧɢɟ ɫɢɫɬɟɦɧɨɝɨ ɦɨɧɢɬɨɪɚ. ȼɵ ɦɨɠɟɬɟ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɧɟɫɤɨɥɶɤɨ ɩɨɥɟɡɧɵɯ ɨɩɰɢɢ ɞɥɹ ɫɢɫɬɟɦɧɨɝɨ ɦɨɧɢɬɨɪɚ. ɑɬɨɛɵ ɨɩɬɢɦɢɡɢɪɨɜɚɬɶ ɩɪɟɞɫɬɚɜɥɟɧɢɟ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɫɱɟɬɱɢɤɚ, ɜɵɛɟɪɢɬɟ ɨɩɢɫɚɧɢɟ ɫɱɟɬɱɢɤɚ,
ɪɚɫɩɨɥɨɠɟɧɧɨɟ ɜ ɧɢɠɧɟɣ ɱɚɫɬɢ ɨɤɧɚ, ɢ ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Highlight (ȼɵɞɟɥɢɬɶ) ɧɚ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɨɣ ɩɚɧɟɥɢ. Ɍɚɤ ɜɵ ɢɡɦɟɧɢɬɟ ɝɪɚɮɢɤ, ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɜɵɛɪɚɧɧɨɦɭ ɫɱɟɬɱɢɤɭ, ɩɪɟɞɫɬɚɜɢɜ ɟɝɨ ɩɨɥɭɠɢɪɧɨɣ ɛɟɥɨɣ ɥɢɧɢɟɣ, ɱɬɨɛɵ ɟɝɨ ɛɵɥɨ ɥɟɝɱɟ ɪɚɫɫɦɚɬɪɢɜɚɬɶ. ȼɵ ɦɨɠɟɬɟ ɩɟɪɟɤɥɸɱɚɬɶɫɹ ɦɟɠɞɭ ɬɚɤɢɦɢ ɩɪɟɞɫɬɚɜɥɟɧɢɹɦɢ ɞɚɧɧɵɯ, ɤɚɤ ɝɪɚɮɢɤ, ɝɢɫɬɨɝɪɚɦɦɚ ɢ ɨɬɱɟɬ, ɜɵɛɢɪɚɹ ɫɨɨɬɜɟɬɫɬɜɭɸɳɭɸ ɤɧɨɩɤɭ ɧɚ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɨɣ ɩɚɧɟɥɢ. Ɇɨɠɧɨ ɫɨɯɪɚɧɢɬɶ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɝɪɚɮɢɤɚ ɫɢɫɬɟɦɧɨɝɨ ɦɨɧɢɬɨɪɚ ɜ ɜɢɞɟ HTML-ɫɬɪɚɧɢɰɵ. Ⱦɥɹ ɷɬɨɝɨ ɫɤɨɧɮɢɝɭɪɢɪɭɣɬɟ ɝɪɚɮɢɤ ɧɟɨɛɯɨɞɢɦɵɦɢ ɫɱɟɬɱɢɤɚɦɢ, ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɝɪɚɮɢɤɟ ɢ ɜɵɛɟɪɢɬɟ Save As (ɋɨɯɪɚɧɢɬɶ ɤɚɤ). Ƚɪɚɮɢɤ ɛɭɞɟɬ ɫɨɯɪɚɧɟɧ ɜ ɜɢɞɟ ɮɚɣɥɚ HTML, ɤɨɬɨɪɵɣ ɜɵ ɫɦɨɠɟɬɟ ɨɬɤɪɵɬɶ ɜ ɛɪɚɭɡɟɪɟ. Ʉɨɝɞɚ ɜɵ ɨɬɤɪɵɜɚɟɬɟ HTML-ɜɟɪɫɢɸ ɝɪɚɮɢɤɚ, ɞɢɫɩɥɟɣ ɡɚɦɨɪɚɠɢɜɚɟɬɫɹ. ɑɬɨɛɵ ɩɟɪɟɡɚɩɭɫɬɢɬɶ ɦɨɧɢɬɨɪɢɧɝ, ɳɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Freeze Display, ɪɚɫɩɨɥɨɠɟɧɧɨɣ ɧɚ ɢɧɫɬɪɭɦɟɧɬɚɥɶɧɨɣ ɩɚɧɟɥɢ Performance ɜ ɛɪɚɭɡɟɪɟ.
. 14-4.
,
ȼɵ ɦɨɠɟɬɟ ɢɦɩɨɪɬɢɪɨɜɚɬɶ ɫɨɯɪɚɧɟɧɧɵɣ ɝɪɚɮɢɤ ɧɚɡɚɞ ɜ ɫɢɫɬɟɦɧɵɣ ɦɨɧɢɬɨɪ, ɩɟɪɟɦɟɳɚɹ ɮɚɣɥ HTML ɜ ɨɤɧɨ System Monitor. ɗɬɨɬ ɫɩɨɫɨɛ ɭɞɨɛɟɧ ɞɥɹ ɫɨɯɪɚɧɟɧɢɹ ɢ ɩɟɪɟɡɚɝɪɭɡɤɢ ɱɚɫɬɨ ɢɫɩɨɥɶɡɭɟɦɵɯ ɝɪɚɮɢɤɨɜ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ. ȼ ɫɢɫɬɟɦɟ Windows Server 2003 ɢɦɟɸɬɫɹ ɞɜɟ ɧɨɜɵɟ ɝɪɭɩɩɵ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɤɨɬɨɪɵɟ ɝɚɪɚɧɬɢɪɭɸɬ, ɱɬɨ ɬɨɥɶɤɨ ɧɚɞɟɠɧɵɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɦɨɝɭɬ ɩɨɥɭɱɢɬɶ ɞɨɫɬɭɩ ɢ ɭɩɪɚɜɥɹɬɶ ɞɚɧɧɵɦɢ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɫɥɭɠɛɵ: ɝɪɭɩɩɵ Performance Log Users (ɉɨɥɶɡɨɜɚɬɟɥɢ, ɪɟɝɢɫɬɪɢɪɭɸɳɢɟ ɪɚɛɨɬɭ) ɢ Performance Monitor Users (ɉɨɥɶɡɨɜɚɬɟɥɢ, ɜɵɩɨɥɧɹɸɳɢɟ ɦɨɧɢɬɨɪɢɧɝ). ɑɬɨɛɵ ɞɨɛɚɜɢɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɫɱɟɬɱɢɤɢ ɤ ɫɢɫɬɟɦɧɨɦɭ ɦɨɧɢɬɨɪɭ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. ɓɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɩɚɧɟɥɢ ɞɟɬɚɥɟɣ ɫɢɫɬɟɦɧɨɝɨ ɦɨɧɢɬɨɪɚ, ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ Add Counters (Ⱦɨɛɚɜɢɬɶ ɤɨɦɩɶɸɬɟɪɵ). 2. ȼ ɞɢɚɥɨɝɨɜɨɦ ɨɤɧɟ Add Counters ɳɟɥɤɧɢɬɟ ɧɚ Use Local Computer Counters (ɋɱɟɬɱɢɤɢ ɥɨɤɚɥɶɧɨɝɨ ɤɨɦɩɶɸɬɟɪɚ ɩɨɥɶɡɨɜɚɬɟɥɹ), ɱɬɨɛɵ ɨɬɫɥɟɠɢɜɚɬɶ ɪɚɛɨɬɭ ɤɨɦɩɶɸɬɟɪɚ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ
ɤɨɧɫɨɥɶ ɦɨɧɢɬɨɪɢɧɝɚ. ɑɬɨɛɵ ɨɬɫɥɟɠɢɜɚɬɶ ɪɚɛɨɬɭ ɨɩɪɟɞɟɥɟɧɧɨɝɨ ɤɨɦɩɶɸɬɟɪɚ ɧɟɡɚɜɢɫɢɦɨ ɨɬ ɬɨɝɨ, ɝɞɟ ɜɵɩɨɥɧɹɟɬɫɹ ɤɨɧɫɨɥɶ ɦɨɧɢɬɨɪɢɧɝɚ, ɳɟɥɤɧɢɬɟ ɧɚ Select Counters From Computer (ȼɵɛɪɚɬɶ ɫɱɟɬɱɢɤ ɧɚ ɤɨɦɩɶɸɬɟɪɟ) ɢ ɭɤɚɠɢɬɟ ɢɦɹ ɤɨɦɩɶɸɬɟɪɚ ɢɥɢ ɟɝɨ IP-ɚɞɪɟɫ. 3. ȼɵɛɟɪɢɬɟ ɧɭɠɧɵɣ ɨɛɴɟɤɬ Performance, ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ ɫɱɟɬɱɢɤɟ, ɤɨɬɨɪɵɣ ɜɵ ɯɨɬɢɬɟ ɞɨɛɚɜɢɬɶ. Ɂɞɟɫɶ ɢɫɩɨɥɶɡɭɟɬɫɹ ɬɨɬ ɠɟ ɫɚɦɵɣ ɢɧɬɟɪɮɟɣɫ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɨɜɚɥɫɹ ɞɥɹ ɞɨɛɚɜɥɟɧɢɹ ɫɱɟɬɱɢɤɨɜ ɤ ɧɨɜɨɦɭ ɩɪɟɞɭɩɪɟɠɞɟɧɢɸ, ɨɩɢɫɚɧɧɵɣ ɪɚɧɟɟ. 4. ɓɟɥɤɧɢɬɟ ɧɚ ɤɧɨɩɤɟ Add (Ⱦɨɛɚɜɢɬɶ), ɚ ɡɚɬɟɦ ɳɟɥɤɧɢɬɟ ɧɚ Close (Ɂɚɤɪɵɬɶ). 5.
Active Directory
Event Viewer
ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɢɫɩɨɥɶɡɨɜɚɧɢɸ ɢɧɫɬɪɭɦɟɧɬɚ Performance ɞɥɹ ɦɨɧɢɬɨɪɢɧɝɚ Active Directory ɜɵ ɞɨɥɠɧɵ ɩɟɪɢɨɞɢɱɟɫɤɢ ɪɚɫɫɦɚɬɪɢɜɚɬɶ ɫɨɞɟɪɠɢɦɨɟ ɠɭɪɧɚɥɨɜ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ, ɢɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Event Viewer (ɋɪɟɞɫɬɜɨ ɩɪɨɫɦɨɬɪɚ ɫɨɛɵɬɢɣ). ɉɨ ɭɦɨɥɱɚɧɢɸ ɫɪɟɞɫɬɜɨ ɩɪɨɫɦɨɬɪɚ ɫɨɛɵɬɢɣ ɨɬɨɛɪɚɠɚɟɬ ɫɥɟɞɭɸɳɢɟ ɬɪɢ ɪɟɝɢɫɬɪɚɰɢɨɧɧɵɯ ɠɭɪɧɚɥɚ.
•
Application log (ɀɭɪɧɚɥ ɩɪɢɥɨɠɟɧɢɣ). ɋɨɞɟɪɠɢɬ ɫɨɛɵɬɢɹ, ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɵɟ ɩɪɢɥɨɠɟɧɢɹɦɢ ɢɥɢ ɩɪɨɝɪɚɦɦɚɦɢ. • System log (ɋɢɫɬɟɦɧɵɣ ɠɭɪɧɚɥ). ɋɨɞɟɪɠɢɬ ɩɪɚɜɨɦɟɪɧɵɟ ɢ ɧɟɩɪɚɜɨɦɟɪɧɵɟ ɩɨɩɵɬɤɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɚ ɬɚɤɠɟ ɫɨɛɵɬɢɹ, ɫɜɹɡɚɧɧɵɟ ɫ ɢɫɩɨɥɶɡɨɜɚɧɢɟɦ ɪɟɫɭɪɫɨɜ, ɬɚɤɢɟ ɤɚɤ ɫɨɡɞɚɧɢɟ, ɨɬɤɪɵɬɢɟ ɢ ɭɞɚɥɟɧɢɟ ɮɚɣɥɨɜ ɢɥɢ ɞɪɭɝɢɯ ɨɛɴɟɤɬɨɜ. • Security log (ɀɭɪɧɚɥ ɛɟɡɨɩɚɫɧɨɫɬɢ). ɋɨɞɟɪɠɢɬ ɫɨɛɵɬɢɹ, ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɵɟ ɤɨɦɩɨɧɟɧɬɚɦɢ ɫɢɫɬɟɦɵ Windows. Ⱦɥɹ ɫɟɪɜɟɪɨɜ, ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɧɵɯ ɤɚɤ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɜɵɩɨɥɧɹɟɬɫɹ ɫɢɫɬɟɦɚ Windows Server 2003, ɛɭɞɭɬ ɨɬɨɛɪɚɠɚɬɶɫɹ ɫɥɟɞɭɸɳɢɟ ɠɭɪɧɚɥɵ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ. • Directory Service log (ɀɭɪɧɚɥ ɪɟɝɢɫɬɪɚɰɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ). ɋɨɞɟɪɠɢɬ ɫɨɛɵɬɢɹ, ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɵɟ ɫɥɭɠɛɨɣ Active Directory. • File Replication Service log (ɀɭɪɧɚɥ ɪɟɝɢɫɬɪɚɰɢɢ ɫɥɭɠɛɵ ɪɟɩɥɢɤɚɰɢɢ ɮɚɣɥɨɜ) ɋɨɞɟɪɠɢɬ ɫɨɛɵɬɢɹ, ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɵɟ ɫɥɭɠɛɨɣ ɪɟɩɥɢɤɚɰɢɢ ɮɚɣɥɨɜ. ȿɫɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows Server 2003 ɹɜɥɹɟɬɫɹ ɬɚɤɠɟ ɫɟɪɜɟɪɨɦ DNS, ɬɨ ɛɭɞɟɬ ɨɬɨɛɪɚɠɚɬɶɫɹ ɫɥɟɞɭɸɳɢɣ ɠɭɪɧɚɥ ɪɟɝɢɫɬɪɚɰɢɢ. • DNS Server log (ɀɭɪɧɚɥ ɫɟɪɜɟɪɚ DNS). ɋɨɞɟɪɠɢɬ ɫɨɛɵɬɢɹ, ɡɚɪɟɝɢɫɬɪɢɪɨɜɚɧɧɵɟ ɫɥɭɠɛɨɣ ɫɟɪɜɟɪɚ DNS. Ⱦɥɹ ɩɪɨɫɦɨɬɪɚ ɠɭɪɧɚɥɚ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ ɜɵɛɟɪɢɬɟ ɢɧɫɬɪɭɦɟɧɬ Event Viewer ɢɡ ɩɚɩɤɢ Administrative Tools. ȼɵɛɟɪɢɬɟ ɠɭɪɧɚɥ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɣ ɞɥɹ ɬɨɣ ɫɥɭɠɛɵ, ɪɚɛɨɬɭ ɤɨɬɨɪɨɣ ɜɵ ɯɨɬɢɬɟ ɨɬɫɥɟɠɢɜɚɬɶ. Ʌɟɜɚɹ ɨɛɥɚɫɬɶ ɨɤɧɚ ɧɚ ɪɢɫɭɧɤɟ 14-5 ɩɨɤɚɡɵɜɚɟɬ ɜɫɟ ɠɭɪɧɚɥɵ ɫɨɛɵɬɢɣ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows Server 2003, ɤɨɬɨɪɵɟ ɹɜɥɹɸɬɫɹ ɬɚɤɠɟ ɫɟɪɜɟɪɚɦɢ DNS.
. 14-5.
Event Viewer
ȼ ɠɭɪɧɚɥɟ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ ɪɚɫɫɦɨɬɪɢɬɟ ɬɢɩɵ ɫɨɛɵɬɢɣ Errors (Ɉɲɢɛɤɢ) ɢ Warnings (ɉɪɟɞɭɩɪɟɠɞɟɧɢɹ). ɑɬɨɛɵ ɨɬɨɛɪɚɡɢɬɶ ɞɟɬɚɥɢ ɫɨɛɵɬɢɣ ɜ ɠɭɪɧɚɥɟ ɪɟɝɢɫɬɪɚɰɢɢ, ɞɜɚɠɞɵ ɳɟɥɤɧɢɬɟ ɧɚ ɷɬɨɦ ɫɨɛɵɬɢɢ. ɇɚ ɪɢɫɭɧɤɟ 14-6 ɩɨɤɚɡɚɧɵ ɞɟɬɚɥɢ ɫɨɛɵɬɢɹ Warnings (ID-ɫɨɛɵɬɢɟ 13562) ɢɡ ɠɭɪɧɚɥɚ File Replication Service (ɋɥɭɠɛɚ ɪɟɩɥɢɤɚɰɢɢ ɮɚɣɥɨɜ).
Ⱦɥɹ ɦɨɧɢɬɨɪɢɧɝɚ ɨɛɳɟɝɨ ɫɢɫɬɟɦɧɨɝɨ «ɡɞɨɪɨɜɶɹ» Active Directory ɧɭɠɧɨ ɨɬɫɥɟɠɢɜɚɬɶ ɪɚɛɨɬɭ, ɫɜɹɡɚɧɧɭɸ ɫɨ ɫɥɭɠɛɨɣ, ɢ ɢɧɞɢɤɚɬɨɪɵ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ, ɫɜɹɡɚɧɧɵɟ ɫ ɫɟɪɜɟɪɨɦ, ɚ ɬɚɤɠɟ ɫɨɛɵɬɢɹ. ȼɵ ɞɨɥɠɧɵ ɝɚɪɚɧɬɢɪɨɜɚɬɶ, ɱɬɨ Active Directory ɢ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɨɧɚ ɜɵɩɨɥɧɹɟɬɫɹ, ɪɚɛɨɬɚɸɬ ɜ ɨɩɬɢɦɚɥɶɧɨɦ ɪɟɠɢɦɟ. ɉɪɢ ɩɪɨɟɤɬɢɪɨɜɚɧɢɢ ɫɜɨɟɣ ɫɢɫɬɟɦɵ ɦɨɧɢɬɨɪɢɧɝɚ
ɩɥɚɧɢɪɭɣɬɟ ɧɚɛɥɸɞɟɧɢɟ ɡɚ ɫɥɟɞɭɸɳɢɦɢ ɨɛɥɚɫɬɹɦɢ ɪɚɛɨɬɵ.
. 14-6.
• • • • • • • • •
Event Properties (
)
Ɋɟɩɥɢɤɚɰɢɹ Active Directory. Ɏɭɧɤɰɢɨɧɢɪɨɜɚɧɢɟ ɪɟɩɥɢɤɚɰɢɢ ɫɭɳɟɫɬɜɟɧɧɨ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɫɨɯɪɚɧɧɨɫɬɢ ɞɚɧɧɵɯ ɜ ɩɪɟɞɟɥɚɯ ɞɨɦɟɧɚ. ɋɥɭɠɛɵ Active Directory. ɗɬɢ ɢɧɞɢɤɚɬɨɪɵ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɨɬɫɥɟɠɢɜɚɸɬɫɹ ɫ ɩɨɦɨɳɶɸ ɫɱɟɬɱɢɤɨɜ NTDS ɜ ɢɧɫɬɪɭɦɟɧɬɟ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Performance. ɏɪɚɧɢɥɢɳɟ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. Ⱦɢɫɤɨɜɵɟ ɬɨɦɚ, ɤɨɬɨɪɵɟ ɫɨɞɟɪɠɚɬ ɮɚɣɥ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory Ntds.dit ɢ ɮɚɣɥɵ ɠɭɪɧɚɥɨɜ .log, ɞɨɥɠɧɵ ɢɦɟɬɶ ɞɨɫɬɚɬɨɱɧɨ ɫɜɨɛɨɞɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ, ɱɬɨɛɵ ɞɨɩɭɫɤɚɬɶ ɧɨɪɦɚɥɶɧɵɣ ɪɨɫɬ ɢ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɟ. Ɏɭɧɤɰɢɨɧɢɪɨɜɚɧɢɟ ɫɥɭɠɛɵ DNS ɢ «ɡɞɨɪɨɜɶɟ» ɫɟɪɜɟɪɚ. ɉɨɫɤɨɥɶɤɭ Active Directory ɩɨɥɚɝɚɟɬɫɹ ɧɚ DNS ɩɪɢ ɩɨɢɫɤɟ ɪɟɫɭɪɫɨɜ ɜ ɫɟɬɢ, ɬɨ ɫɟɪɜɟɪ DNS ɢ ɫɚɦɚ ɫɥɭɠɛɚ ɞɨɥɠɧɵ ɪɚɛɨɬɚɬɶ ɜ ɧɨɪɦɚɥɶɧɵɯ ɩɪɟɞɟɥɚɯ, ɱɬɨɛɵ Active Directory ɭɞɨɜɥɟɬɜɨɪɹɥɚ ɡɚɞɚɧɧɨɦɭ ɭɪɨɜɧɸ ɤɚɱɟɫɬɜɚ ɨɛɫɥɭɠɢɜɚɧɢɹ. ɋɥɭɠɛɚ ɪɟɩɥɢɤɚɰɢɢ ɮɚɣɥɨɜ (File Replication Service - FRS). ɋɥɭɠɛɚ FRS ɞɨɥɠɧɚ ɪɚɛɨɬɚɬɶ ɜ ɩɪɟɞɟɥɚɯ ɧɨɪɦɵ, ɱɬɨɛɵ ɝɚɪɚɧɬɢɪɨɜɚɬɶ, ɱɬɨ ɨɛɳɢɣ ɫɢɫɬɟɦɧɵɣ ɬɨɦ (Sysvol) ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɩɨ ɜɫɟɦɭ ɞɨɦɟɧɭ. «Ɂɞɨɪɨɜɶɟ» ɫɢɫɬɟɦɵ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ɇɨɧɢɬɨɪɢɧɝ ɷɬɨɣ ɨɛɥɚɫɬɢ ɞɨɥɠɟɧ ɨɯɜɚɬɵɜɚɬɶ ɜɫɟ ɚɫɩɟɤɬɵ ɡɞɨɪɨɜɶɹ ɫɟɪɜɟɪɚ, ɜɤɥɸɱɚɹ ɫɱɟɬɱɢɤɢ, ɯɚɪɚɤɬɟɪɢɡɭɸɳɢɟ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɩɚɦɹɬɢ, ɩɪɨɰɟɫɫɨɪɚ ɢ ɪɚɡɛɢɟɧɢɟ ɧɚ ɫɬɪɚɧɢɰɵ. «Ɂɞɨɪɨɜɶɟ» ɥɟɫɚ. ɗɬɚ ɨɛɥɚɫɬɶ ɞɨɥɠɧɚ ɨɬɫɥɟɠɢɜɚɬɶɫɹ ɞɥɹ ɬɨɝɨ, ɱɬɨɛɵ ɩɪɨɜɟɪɢɬɶ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɢ ɞɨɫɬɭɩɧɨɫɬɶ ɫɚɣɬɚ. ɏɨɡɹɟɜɚ ɨɩɟɪɚɰɢɣ. Ɉɬɫɥɟɠɢɜɚɣɬɟ ɤɚɠɞɨɝɨ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ FSMO, ɱɬɨɛɵ ɝɚɪɚɧɬɢɪɨɜɚɬɶ «ɡɞɨɪɨɜɶɟ» ɫɟɪɜɟɪɚ. Ʉɪɨɦɟ ɬɨɝɨ, ɩɪɨɜɨɞɢɬɟ ɦɨɧɢɬɨɪɢɧɝ ɞɥɹ ɨɛɟɫɩɟɱɟɧɢɹ ɞɨɫɬɭɩɧɨɫɬɢ GCɤɚɬɚɥɨɝɚ, ɩɨɡɜɨɥɹɸɳɟɝɨ ɩɨɥɶɡɨɜɚɬɟɥɹɦ ɜɯɨɞɢɬɶ ɜ ɫɢɫɬɟɦɭ ɢ ɩɨɞɞɟɪɠɢɜɚɬɶ ɱɥɟɧɫɬɜɨ ɭɧɢɜɟɪɫɚɥɶɧɵɯ ɝɪɭɩɩ.
Ɉɞɢɧ ɢɡ ɤɪɢɬɢɱɟɫɤɢɯ ɤɨɦɩɨɧɟɧɬɨɜ Active Directory, ɡɚ ɪɚɛɨɬɨɣ ɤɨɬɨɪɨɝɨ ɜɵ ɞɨɥɠɧɵ ɧɚɛɥɸɞɚɬɶ, ɷɬɨ ɪɟɩɥɢɤɚɰɢɹ. ȼ ɨɬɥɢɱɢɟ ɨɬ ɦɨɧɢɬɨɪɢɧɝɚ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬ ɢɧɫɬɪɭɦɟɧɬ Performance Monitor, ɪɟɩɥɢɤɚɰɢɹ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɱɚɳɟ ɜɫɟɝɨ ɨɬɫɥɟɠɢɜɚɟɬɫɹ ɫ ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ ɢɡ ɧɚɛɨɪɚ Windows Server 2003 Support Tools (ɋɪɟɞɫɬɜɚ ɨɛɫɥɭɠɢɜɚɧɢɹ Windows Server 2003): Repadmin.exe, Dcdiag.exe ɢ ɠɭɪɧɚɥɚ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ (ɫɦ. ɜɵɲɟ). Repadmin ɩɪɟɞɫɬɚɜɥɹɟɬ ɫɨɛɨɣ ɢɧɫɬɪɭɦɟɧɬ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ, ɤɨɬɨɪɵɣ ɫɨɨɛɳɚɟɬ ɨɛ ɨɬɤɚɡɚɯ ɪɟɩɥɢɤɚɰɢɨɧɧɵɯ ɫɜɹɡɟɣ ɦɟɠɞɭ ɞɜɭɦɹ ɩɚɪɬɧɟɪɚɦɢ ɩɨ ɪɟɩɥɢɤɚɰɢɢ. ɋɥɟɞɭɸɳɚɹ ɤɨɦɚɧɞɚ ɜɵɡɵɜɚɟɬ ɨɬɨɛɪɚɠɟɧɢɟ ɩɚɪɬɧɟɪɨɜ ɩɨ ɪɟɩɥɢɤɚɰɢɢ ɢ ɜɫɟ ɨɬɤɚɡɵ ɪɟɩɥɢɤɚɰɢɨɧɧɵɯ ɫɜɹɡɟɣ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ DC1, ɪɚɫɩɨɥɨɠɟɧɧɨɝɨ ɜ ɞɨɦɟɧɟ Contoso.com:
repadmin/showreps dd .contoso.com
Dcdiag - ɷɬɨ ɢɧɫɬɪɭɦɟɧɬ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ, ɤɨɬɨɪɵɣ ɦɨɠɟɬ ɩɪɨɜɟɪɹɬɶ DNS-ɪɟɝɢɫɬɪɚɰɢɸ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ɉɧ ɨɬɫɥɟɠɢɜɚɟɬ ɧɚɥɢɱɢɟ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ ɡɚɳɢɬɵ (SID) ɜ ɡɚɝɨɥɨɜɤɚɯ ɤɨɧɬɟɤɫɬɚ ɢɦɟɧɨɜɚɧɢɹ (naming context) ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɟ ɪɚɡɪɟɲɟɧɢɹ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ, ɚɧɚɥɢɡɢɪɭɟɬ ɫɨɫɬɨɹɧɢɟ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɜ ɥɟɫɟ ɢɥɢ ɩɪɟɞɩɪɢɹɬɢɢ ɢ ɦɧɨɝɨɟ ɞɪɭɝɨɟ. Ⱦɥɹ ɩɨɥɭɱɟɧɢɹ ɩɨɥɧɨɝɨ ɫɩɢɫɤɚ ɨɩɰɢɣ Dcdiag ɧɚɩɟɱɚɬɚɣɬɟ dcdiag/?. ɋ ɩɨɦɨɳɶɸ ɫɥɟɞɭɸɳɟɣ ɤɨɦɚɧɞɵ ɦɨɠɧɨ ɩɪɨɜɟɪɢɬɶ ɧɚɥɢɱɢɟ ɨɲɢɛɨɤ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ: dcdiag/test: replications
ɂ, ɧɚɤɨɧɟɰ, ɠɭɪɧɚɥ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɫɨɨɛɳɚɟɬ ɨɛ ɨɲɢɛɤɚɯ ɪɟɩɥɢɤɚɰɢɢ, ɤɨɬɨɪɵɟ ɩɪɨɢɫɯɨɞɹɬ ɩɨɫɥɟ ɭɫɬɚɧɨɜɥɟɧɢɹ ɪɟɩɥɢɤɚɰɢɨɧɧɨɣ ɫɜɹɡɢ. ɇɭɠɧɨ ɩɪɨɫɦɚɬɪɢɜɚɬɶ ɠɭɪɧɚɥ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ ɜ ɩɨɢɫɤɚɯ ɫɨɛɵɬɢɣ ɪɟɩɥɢɤɚɰɢɢ, ɢɦɟɸɳɢɯ ɬɢɩ Error (Ɉɲɢɛɤɚ) ɢɥɢ Warning (ɉɪɟɞɭɩɪɟɠɞɟɧɢɟ). Ⱦɚɥɟɟ ɩɪɢɜɨɞɢɬɫɹ ɞɜɚ ɩɪɢɦɟɪɚ ɬɢɩɢɱɧɵɯ ɨɲɢɛɨɤ ɪɟɩɥɢɤɚɰɢɢ ɜ ɬɨɦ ɜɢɞɟ, ɤɚɤ ɨɧɢ ɨɬɨɛɪɚɠɟɧɵ ɜ ɠɭɪɧɚɥɟ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. • ɋɨɛɵɬɢɟ ID 1311. ɂɧɮɨɪɦɚɰɢɹ ɨ ɤɨɧɮɢɝɭɪɚɰɢɢ ɪɟɩɥɢɤɚɰɢɢ, ɢɦɟɸɳɚɹɫɹ ɜ ɢɧɫɬɪɭɦɟɧɬɟ Active Directory Sites And Services (ɋɚɣɬɵ ɢ ɫɥɭɠɛɵ Active Directory), ɧɟ ɨɬɪɚɠɚɟɬ ɬɨɱɧɨ ɮɢɡɢɱɟɫɤɭɸ ɬɨɩɨɥɨɝɢɸ ɫɟɬɢ. ɗɬɚ ɨɲɢɛɤɚ ɭɤɚɡɵɜɚɟɬ ɧɚ ɬɨ, ɱɬɨ ɨɞɢɧ ɢɥɢ ɛɨɥɟɟ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɢɥɢ ɫɟɪɜɟɪ-ɩɥɚɰɞɚɪɦ (bridgehead) ɧɚɯɨɞɹɬɫɹ ɜ ɚɜɬɨɧɨɦɧɨɦ ɪɟɠɢɦɟ, ɢɥɢ ɱɬɨ ɫɟɪɜɟɪɵ-ɩɥɚɞɚɪɦɵ ɧɟ ɫɨɞɟɪɠɚɬ ɧɭɠɧɵɯ ɤɨɧɬɟɤɫɬɨɜ ɢɦɟɧɨɜɚɧɢɹ (NC). • ɋɨɛɵɬɢɟ ID 1265 (Access denied — Ⱦɨɫɬɭɩ ɡɚɩɪɟɳɟɧ). ɗɬɚ ɨɲɢɛɤɚ ɦɨɠɟɬ ɜɨɡɧɢɤɚɬɶ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɥɨɤɚɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɧɟ ɫɭɦɟɥ ɩɨɞɬɜɟɪɞɢɬɶ ɩɨɞɥɢɧɧɨɫɬɶ ɫɜɨɟɝɨ ɩɚɪɬɧɟɪɚ ɩɨ ɪɟɩɥɢɤɚɰɢɢ ɩɪɢ ɫɨɡɞɚɧɢɢ ɪɟɩɥɢɤɚɰɢɨɧɧɨɣ ɫɜɹɡɢ ɢɥɢ ɩɪɢ ɩɨɩɵɬɤɟ ɪɟɩɥɢɰɢɪɨɜɚɬɶ ɩɨ ɫɭɳɟɫɬɜɭɸɳɟɣ ɫɜɹɡɢ, ɨɧɚ ɜɨɡɧɢɤɚɟɬ ɬɨɝɞɚ, ɤɨɝɞɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɛɵɥ ɨɬɫɨɟɞɢɧɟɧ ɨɬ ɨɫɬɚɥɶɧɨɣ ɱɚɫɬɢ ɫɟɬɢ ɜ ɬɟɱɟɧɢɟ ɞɨɥɝɨɝɨ ɜɪɟɦɟɧɢ, ɢ ɟɝɨ ɩɚɪɨɥɶ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɚ ɧɟ ɫɢɧɯɪɨɧɢɡɢɪɨɜɚɧ ɫ ɩɚɪɨɥɟɦ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɤɨɦɩɶɸɬɟɪɚ, ɯɪɚɧɹɳɢɦɫɹ ɜ ɤɚɬɚɥɨɝɟ ɟɝɨ ɩɚɪɬɧɟɪɚ ɩɨ ɪɟɩɥɢɤɚɰɢɢ.
Active Directory
Ɉɞɧɢɦ ɢɡ ɜɚɠɧɵɯ ɷɥɟɦɟɧɬɨɜ ɭɩɪɚɜɥɟɧɢɹ ɫɥɭɠɛɨɣ Active Directory ɹɜɥɹɟɬɫɹ ɨɛɫɥɭɠɢɜɚɧɢɟ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. ɉɪɢ ɧɨɪɦɚɥɶɧɵɯ ɨɛɫɬɨɹɬɟɥɶɫɬɜɚɯ ɜɚɦ ɪɟɞɤɨ ɩɪɢɞɟɬɫɹ ɭɩɪɚɜɥɹɬɶ ɛɚɡɨɣ ɞɚɧɧɵɯ Active Directory ɧɚɩɪɹɦɭɸ, ɩɨɬɨɦɭ ɱɬɨ ɪɟɝɭɥɹɪɧɨɟ ɚɜɬɨɦɚɬɢɱɟɫɤɨɟ ɭɩɪɚɜɥɟɧɢɟ ɩɨɞɞɟɪɠɢɜɚɟɬ «ɡɞɨɪɨɜɶɟ» ɜɚɲɟɣ ɛɚɡɵ ɞɚɧɧɵɯ ɜɨ ɜɫɟɯ ɫɢɬɭɚɰɢɹɯ. ɗɬɢ ɚɜɬɨɦɚɬɢɱɟɫɤɢɟ ɩɪɨɰɟɫɫɵ ɜɤɥɸɱɚɸɬ ɨɧɥɚɣɧɨɜɭɸ ɞɟɮɪɚɝɦɟɧɬɚɰɢɸ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory, ɚ ɬɚɤɠɟ ɩɪɨɰɟɫɫ ɫɛɨɪɤɢ ɦɭɫɨɪɚ, ɨɱɢɳɚɸɳɢɣ ɭɞɚɥɟɧɧɵɟ ɷɥɟɦɟɧɬɵ. Ⱦɥɹ ɬɟɯ ɪɟɞɤɢɯ ɫɥɭɱɚɟɜ, ɤɨɝɞɚ ɜɵ ɞɟɣɫɬɜɢɬɟɥɶɧɨ ɛɭɞɟɬɟ ɧɚɩɪɹɦɭɸ ɭɩɪɚɜɥɹɬɶ ɛɚɡɨɣ ɞɚɧɧɵɯ Active Directory, Windows Server 2003 ɜɤɥɸɱɚɟɬ ɢɧɫɬɪɭɦɟɧɬ Ntdsutil.
Ɉɞɢɧ ɢɡ ɚɜɬɨɦɚɬɢɱɟɫɤɢɯ ɩɪɨɰɟɫɫɨɜ, ɤɨɬɨɪɵɣ ɨɛɵɱɧɨ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɨɛɫɥɭɠɢɜɚɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory, — ɷɬɨ ɫɛɨɪɤɚ ɦɭɫɨɪɚ. ɋɛɨɪɤɚ ɦɭɫɨɪɚ - ɷɬɨ ɩɪɨɰɟɫɫ, ɤɨɬɨɪɵɣ ɜɵɩɨɥɧɹɟɬɫɹ ɧɚ ɤɚɠɞɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɤɚɠɞɵɟ 12 ɱɚɫɨɜ. ȼ ɩɪɨɰɟɫɫɟ ɫɛɨɪɤɢ ɦɭɫɨɪɚ ɜɨɫɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɫɜɨɛɨɞɧɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ ɜ ɩɪɟɞɟɥɚɯ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. ɉɪɨɰɟɫɫ ɫɛɨɪɤɢ ɦɭɫɨɪɚ ɧɚɱɢɧɚɟɬɫɹ ɫ ɭɞɚɥɟɧɢɹ ɨɛɴɟɤɬɨɜ-ɩɚɦɹɬɧɢɤɨɜ (tombstone) ɢɡ ɛɚɡɵ ɞɚɧɧɵɯ. Ɉɛɴɟɤɬɵ-ɩɚɦɹɬɧɢɤɢ ɹɜɥɹɸɬɫɹ ɨɫɬɚɬɤɚɦɢ ɨɛɴɟɤɬɨɜ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɭɞɚɥɟɧɵ ɢɡ Active Directory. ɉɪɢ ɭɞɚɥɟɧɢɢ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ ɨɧɚ ɧɟ ɭɞɚɥɹɟɬɫɹ ɧɟɦɟɞɥɟɧɧɨ. ȼɦɟɫɬɨ ɷɬɨɝɨ ɚɬɪɢɛɭɬ isDeleted ɷɬɨɣ ɡɚɩɢɫɢ ɭɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɧɚ true, ɨɧɚ ɩɨɦɟɱɚɟɬɫɹ ɤɚɤ ɨɛɴɟɤɬ-ɩɚɦɹɬɧɢɤ, ɢ ɛɨɥɶɲɢɧɫɬɜɨ ɚɬɪɢɛɭɬɨɜ ɷɬɨɝɨ ɨɛɴɟɤɬɚ ɭɞɚɥɹɸɬɫɹ. Ɉɫɬɚɟɬɫɹ ɧɟɫɤɨɥɶɤɨ ɚɬɪɢɛɭɬɨɜ, ɧɟɨɛɯɨɞɢɦɵɯ ɞɥɹ ɢɞɟɧɬɢɮɢɤɚɰɢɢ ɨɛɴɟɤɬɚ: ɤɚɤ ɝɥɨɛɚɥɶɧɨ-ɭɧɢɤɚɥɶɧɵɣ ɢɞɟɧɬɢɮɢɤɚɬɨɪ (GUID), ɢɞɟɧɬɢɮɢɤɚɬɨɪ SID, ɩɨɪɹɞɤɨɜɵɣ ɧɨɦɟɪ ɨɛɧɨɜɥɟɧɢɣ (USN) ɢ ɨɬɥɢɱɢɬɟɥɶɧɨɟ ɢɦɹ. ɗɬɨɬ ɨɛɴɟɤɬ-ɩɚɦɹɬɧɢɤ ɡɚɬɟɦ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. Ʉɚɠɞɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɨɞɞɟɪɠɢɜɚɟɬ ɤɨɩɢɸ ɨɛɴɟɤɬɚ-ɩɚɦɹɬɧɢɤɚ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɧɟ ɢɫɬɟɱɟɬ ɫɪɨɤ ɟɝɨ ɫɥɭɠɛɵ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɫɪɨɤ ɫɥɭɠɛɵ ɨɛɴɟɤɬɚ-ɩɚɦɹɬɧɢɤɚ ɭɫɬɚɧɨɜɥɟɧ ɧɚ 60 ɞɧɟɣ. ȼ ɫɥɟɞɭɸɳɢɣ ɪɚɡ, ɤɨɝɞɚ ɩɪɨɰɟɫɫ ɫɛɨɪɤɢ ɦɭɫɨɪɚ ɛɭɞɟɬ ɡɚɩɭɳɟɧ ɩɨɫɥɟ ɢɫɬɟɱɟɧɢɹ ɫɪɨɤɚ ɫɥɭɠɛɵ ɨɛɴɟɤɬɚ-ɩɚɦɹɬɧɢɤɚ, ɷɬɨɬ ɨɛɴɟɤɬ ɛɭɞɟɬ ɭɞɚɥɟɧ ɢɡ ɛɚɡɵ ɞɚɧɧɵɯ. ɉɨɫɥɟ ɭɞɚɥɟɧɢɹ ɨɛɴɟɤɬɨɜ-ɩɚɦɹɬɧɢɤɨɜ ɩɪɨɰɟɫɫ ɫɛɨɪɤɢ ɦɭɫɨɪɚ ɭɞɚɥɹɟɬ ɜɫɟ ɧɟɧɭɠɧɵɟ ɮɚɣɥɵ ɫ ɠɭɪɧɚɥɚɦɢ ɬɪɚɧɡɚɤɰɢɣ. ȼɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɞɟɥɚɟɬɫɹ ɢɡɦɟɧɟɧɢɟ ɜ ɛɚɡɟ ɞɚɧɧɵɯ Active Directory, ɨɧɨ ɡɚɩɢɫɵɜɚɟɬɫɹ ɜ ɠɭɪɧɚɥ ɬɪɚɧɡɚɤɰɢɣ, ɚ ɡɚɬɟɦ
ɩɟɪɟɞɚɟɬɫɹ ɜ ɛɚɡɭ ɞɚɧɧɵɯ. ɉɪɨɰɟɫɫ ɫɛɨɪɤɢ ɦɭɫɨɪɚ ɭɞɚɥɹɟɬ ɜɫɟ ɠɭɪɧɚɥɵ ɬɪɚɧɡɚɤɰɢɣ, ɤɨɬɨɪɵɟ ɧɟ ɫɨɞɟɪɠɚɬ ɧɟɩɟɪɟ-ɞɚɧɧɵɯ ɜ ɛɚɡɭ ɞɚɧɧɵɯ ɬɪɚɧɡɚɤɰɢɣ. ɉɪɨɰɟɫɫ ɫɛɨɪɤɢ ɦɭɫɨɪɚ ɜɵɩɨɥɧɹɟɬɫɹ ɧɚ ɤɚɠɞɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɫ ɞɜɟɧɚɞɰɚɬɢɱɚɫɨɜɵɦ ɢɧɬɟɪɜɚɥɨɦ. Ɇɨɠɧɨ ɢɡɦɟɧɹɬɶ ɷɬɨɬ ɢɧɬɟɪɜɚɥ, ɦɨɞɢɮɢɰɢɪɭɹ ɚɬɪɢɛɭɬ garbageCollPeriod ɜ ɝɥɨɛɚɥɶɧɨɦ ɞɥɹ ɩɪɟɞɩɪɢɹɬɢɹ ɨɛɴɟɤɬɟ DS ɤɨɧɮɢɝɭɪɚɰɢɢ (NTDS). ɑɬɨɛɵ ɢɡɦɟɧɢɬɶ ɷɬɢ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ, ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɢɧɫɬɪɭɦɟɧɬ Adsiedit.msc. Ɉɬɤɪɨɣɬɟ ADSI Edit (Ɋɟɞɚɤɬɢɪɨɜɚɧɢɟ ADSI) ɢɡ ɞɢɚɥɨɝɨɜɨɝɨ ɨɤɧɚ Run (ȼɵɩɨɥɧɢɬɶ) ɢ ɜɵɛɟɪɢɬɟ ɨɛɴɟɤɬ CN=Directory Service,CN=Windows NT, CN=Services, CN=Configuration, DC=f orestname. Ɂɚɬɟɦ ɧɚɣɞɢɬɟ ɚɬɪɢɛɭɬ garbageCollPeriod ɢ ɭɫɬɚɧɨɜɢɬɟ ɟɝɨ ɡɧɚɱɟɧɢɟ ɬɚɤ, ɱɬɨɛɵ ɨɧɨ ɭɞɨɜɥɟɬɜɨɪɹɥɨ ɜɚɲɢɦ ɬɪɟɛɨɜɚɧɢɹɦ. ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɝɦɜɜ ɜɚɦ ɧɟ ɩɪɢɞɟɬɫɹ1 ɢɡɦɟɧɹɬɶ ɷɬɭ ɭɫɬɚɧɨɜɤɭ. ɇɚ ɪɢɫɭɧɤɟ 14-7 ɩɨɤɚɡɚɧ ɷɬɨɬ ɚɬɪɢɛɭɬ ɜ ɢɧɫɬɪɭɦɟɧɬɟ ADSI Edit.
. 14-7.
garbageCollPeriod
ADSI Edit
Ɂɚɤɥɸɱɢɬɟɥɶɧɵɣ ɲɚɝ ɜ ɩɪɨɰɟɫɫɟ ɫɛɨɪɤɢ ɦɭɫɨɪɚ — ɷɬɨ ɨɧɥɚɣɧɨɜɚɹ ɞɟɮɪɚɝɦɟɧɬɚɰɢɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. Ɉɧɚ ɨɫɜɨɛɨɠɞɚɟɬ ɦɟɫɬɨ ɜ ɩɪɟɞɟɥɚɯ ɛɚɡɵ ɞɚɧɧɵɯ ɢ ɩɟɪɟɫɬɪɚɢɜɚɟɬ ɪɚɫɩɨɥɨɠɟɧɢɟ ɯɪɚɧɹɳɢɯɫɹ ɨɛɴɟɤɬɨɜ Active Directory ɜ ɩɪɟɞɟɥɚɯ ɛɚɡɵ ɞɚɧɧɵɯ ɬɚɤ, ɱɬɨɛɵ ɭɥɭɱɲɢɬɶ ɟɟ ɷɮɮɟɤɬɢɜɧɨɫɬɶ. ȼɨ ɜɪɟɦɹ ɧɨɪɦɚɥɶɧɨɝɨ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɛɚɡɚ ɞɚɧɧɵɯ Active Directory ɨɩɬɢɦɢɡɢɪɨɜɚɧɚ ɬɚɤ, ɱɬɨɛɵ ɦɨɠɧɨ ɛɵɥɨ ɞɟɥɚɬɶ ɢɡɦɟɧɟɧɢɹ ɜ ɧɟɣ ɤɚɤ ɦɨɠɧɨ ɛɵɫɬɪɟɟ. ɉɪɢ ɭɞɚɥɟɧɢɢ ɨɛɴɟɤɬɚ ɢɡ Active Directory ɫɬɪɚɧɢɰɚ ɛɚɡɵ ɞɚɧɧɵɯ, ɧɚ ɤɨɬɨɪɨɣ ɨɧ ɯɪɚɧɢɬɫɹ, ɡɚɝɪɭɠɚɟɬɫɹ ɜ ɩɚɦɹɬɶ ɤɨɦɩɶɸɬɟɪɚ, ɢ ɨɛɴɟɤɬ ɭɞɚɥɹɟɬɫɹ ɫ ɷɬɨɣ ɫɬɪɚɧɢɰɵ. ɉɪɢ ɞɨɛɚɜɥɟɧɢɢ ɨɛɴɟɤɬɨɜ ɤ Active Directory ɨɧɢ ɡɚɩɢɫɵɜɚɸɬɫɹ ɧɚ ɫɬɪɚɧɢɰɭ ɛɚɡɵ ɞɚɧɧɵɯ ɛɟɡ ɭɱɟɬɚ ɨɩɬɢɦɢɡɚɰɢɢ ɩɨɫɥɟɞɭɸɳɟɝɨ ɩɨɢɫɤɚ ɷɬɨɣ ɢɧɮɨɪɦɚɰɢɢ. ɉɨɫɥɟ ɧɟɫɤɨɥɶɤɢɯ ɱɚɫɨɜ ɚɤɬɢɜɧɨɝɨ ɜɧɟɫɟɧɢɹ ɢɡɦɟɧɟɧɢɣ ɜ ɛɚɡɭ ɞɚɧɧɵɯ ɫɩɨɫɨɛ ɯɪɚɧɟɧɢɹ ɞɚɧɧɵɯ ɩɟɪɟɫɬɚɟɬ ɛɵɬɶ ɨɩɬɢɦɢɡɢɪɨɜɚɧɧɵɦ. Ȼɚɡɚ ɞɚɧɧɵɯ ɦɨɠɟɬ ɫɨɞɟɪɠɚɬɶ ɩɭɫɬɵɟ ɫɬɪɚɧɢɰɵ, ɫɬɪɚɧɢɰɵ, ɧɚ ɤɨɬɨɪɵɯ ɭɞɚɥɟɧɵ ɧɟɤɨɬɨɪɵɟ ɷɥɟɦɟɧɬɵ. Ɉɛɴɟɤɬɵ Active Directory, ɤɨɬɨɪɵɟ ɥɨɝɢɱɟɫɤɢ ɞɨɥɠɧɵ ɯɪɚɧɢɬɶɫɹ ɜɦɟɫɬɟ, ɦɨɝɭɬ ɯɪɚɧɢɬɶɫɹ ɧɚ ɧɟɫɤɨɥɶɤɢɯ ɪɚɡɥɢɱɧɵɯ ɫɬɪɚɧɢɰɚɯ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɩɨ ɜɫɟɣ ɛɚɡɟ ɞɚɧɧɵɯ. ɉɪɨɰɟɫɫ ɨɧɥɚɣɧɨɜɨɣ ɞɟɮɪɚɝɦɟɧɬɚɰɢɢ ɱɢɫɬɢɬ ɛɚɡɭ ɞɚɧɧɵɯ ɢ ɜɨɡɜɪɚɳɚɟɬ ɟɟ ɜ ɨɩɬɢɦɢɡɢɪɨɜɚɧɧɨɟ ɫɨɫɬɨɹɧɢɟ. ȿɫɥɢ ɧɟɤɨɬɨɪɵɟ ɡɚɩɢɫɢ ɛɵɥɢ ɭɞɚɥɟɧɵ ɫ ɤɚɤɨɣ-ɥɢɛɨ ɫɬɪɚɧɢɰɵ, ɬɨ ɡɚɩɢɫɢ, ɧɚɯɨɞɹɳɢɟɫɹ ɧɚ ɞɪɭɝɢɯ ɫɬɪɚɧɢɰɚɯ, ɩɟɪɟɦɟɳɚɸɬɫɹ ɧɚ ɧɟɟ ɞɥɹ ɨɩɬɢɦɢɡɚɰɢɢ ɯɪɚɧɟɧɢɹ ɢ ɩɨɢɫɤɚ ɢɧɮɨɪɦɚɰɢɢ. Ɍɟ ɨɛɴɟɤɬɵ, ɤɨɬɨɪɵɟ ɥɨɝɢɱɟɫɤɢ ɞɨɥɠɧɵ ɯɪɚɧɢɬɶɫɹ ɜɦɟɫɬɟ, ɩɟɪɟɦɟɳɚɸɬɫɹ ɧɚ ɨɞɧɭ ɢ ɬɭ ɠɟ ɫɬɪɚɧɢɰɭ ɛɚɡɵ ɞɚɧɧɵɯ ɢɥɢ ɧɚ ɫɦɟɠɧɵɟ. Ɉɞɧɨ ɢɡ ɨɝɪɚɧɢɱɟɧɢɣ ɩɪɨɰɟɫɫɚ ɨɧɥɚɣɧɨɜɨɣ ɞɟɮɪɚɝɦɟɧɬɚɰɢɢ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɨɧ ɧɟ ɫɨɤɪɚɳɚɟɬ ɪɚɡɦɟɪ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. ȿɫɥɢ ɜɵ ɭɞɚɥɢɥɢ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɨɛɴɟɤɬɨɜ ɢɡ Active Directory, ɬɨ ɨɧɥɚɣɧɨɜɚɹ ɞɟɮɪɚɝɦɟɧɬɚɰɢɹ ɫɨɡɞɚɫɬ ɦɧɨɝɨ ɩɭɫɬɵɯ ɫɬɪɚɧɢɰ, ɤɨɬɨɪɵɟ ɨɧɚ ɧɟ ɫɦɨɠɟɬ ɭɞɚɥɢɬɶ. Ⱦɥɹ ɷɬɨɝɨ ɢɫɩɨɥɶɡɭɟɬɫɹ ɩɪɨɰɟɫɫ ɚɜɬɨɧɨɦɧɨɣ ɞɟɮɪɚɝɦɟɧɬɚɰɢɢ. ɉɪɨɰɟɫɫ ɨɧɥɚɣɧɨɜɨɣ ɞɟɮɪɚɝɦɟɧɬɚɰɢɢ ɜɵɩɨɥɧɹɟɬɫɹ ɤɚɠɞɵɟ 12 ɱɚɫɨɜ ɤɚɤ ɱɚɫɬɶ ɩɪɨɰɟɫɫɚ ɫɛɨɪɤɢ ɦɭɫɨɪɚ. Ʉɨɝɞɚ ɩɪɨɰɟɫɫ ɨɧɥɚɣɧɨɜɨɣ ɞɟɮɪɚɝɦɟɧɬɚɰɢɢ ɡɚɤɨɧɱɟɧ, ɜ ɠɭɪɧɚɥ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ
ɡɚɩɢɫɵɜɚɟɬɫɹ ɫɨɛɵɬɢɟ, ɭɤɚɡɵɜɚɸɳɟɟ, ɱɬɨ ɩɪɨɰɟɫɫ ɡɚɜɟɪɲɢɥɫɹ ɭɫɩɟɲɧɨ. ɇɚ ɪɢɫɭɧɤɟ 14-8 ɩɨɤɚɡɚɧ ɩɪɢɦɟɪ ɬɚɤɨɝɨ ɫɨɨɛɳɟɧɢɹ ɜ ɠɭɪɧɚɥɟ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ.
.
14-8.
,
Active Directory
Ʉɚɤ ɝɨɜɨɪɢɥɨɫɶ ɜɵɲɟ, ɩɪɨɰɟɫɫ ɨɧɥɚɣɧɨɜɨɣ ɞɟɮɪɚɝɦɟɧɬɚɰɢɢ ɧɟ ɦɨɠɟɬ ɫɨɤɪɚɬɢɬɶ ɪɚɡɦɟɪ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. ɉɪɢ ɧɨɪɦɚɥɶɧɵɯ ɨɛɫɬɨɹɬɟɥɶɫɬɜɚɯ ɷɬɨ ɧɟ ɹɜɥɹɟɬɫɹ ɩɪɨɛɥɟɦɨɣ, ɩɨɬɨɦɭ ɱɬɨ ɫɬɪɚɧɢɰɵ ɛɚɡɵ ɞɚɧɧɵɯ, ɤɨɬɨɪɵɟ ɨɱɢɳɟɧɵ ɜ ɩɪɨɰɟɫɫɟ ɨɧɥɚɣɧɨɜɨɣ ɞɟɮɪɚɝɦɟɧɬɚɰɢɢ, ɩɪɨɫɬɨ ɫɧɨɜɚ ɢɫɩɨɥɶɡɭɸɬɫɹ ɩɨ ɦɟɪɟ ɞɨɛɚɜɥɟɧɢɹ ɧɨɜɵɯ ɨɛɴɟɤɬɨɜ ɤ Active Directory. Ɉɞɧɚɤɨ, ɜ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ, ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɚɜɬɨɧɨɦɧɭɸ ɞɟɮɪɚɝɦɟɧ-ɬɚɰɢɸ ɞɥɹ ɫɨɤɪɚɳɟɧɢɹ ɩɨɥɧɨɝɨ ɪɚɡɦɟɪɚ ɛɚɡɵ ɞɚɧɧɵɯ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵ ɭɞɚɥɹɟɬɟ GC-ɤɚɬɚɥɨɝ ɢɡ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɧɭɠɧɨ ɜɵɩɨɥɧɢɬɶ ɚɜɬɨɧɨɦɧɭɸ ɞɟɮɪɚɝɦɟɧɬɚɰɢɸ ɜ ɛɚɡɟ ɞɚɧɧɵɯ, ɱɬɨɛɵ ɨɱɢɫɬɢɬɶ ɦɟɫɬɨ, ɤɨɬɨɪɨɟ ɢɫ-ɩɨɥɶɡɨɜɚɥɨɫɶ ɜ ɛɚɡɟ ɞɚɧɧɵɯ ɞɥɹ ɯɪɚɧɟɧɢɹ ɢɧɮɨɪɦɚɰɢɢ GC. ɉɨɬɪɟɛɧɨɫɬɶ ɜ ɚɜɬɨɧɨɦɧɨɣ ɞɟɮɪɚɝɦɟɧɬɚɰɢɢ ɫɭɳɟɫɬɜɭɟɬ ɜ ɫɪɟɞɟ, ɫɨɫɬɨɹɳɟɣ ɢɡ ɧɟɫɤɨɥɶɤɢɯ ɞɨɦɟɧɨɜ, ɝɞɟ GC ɤɚɬɚɥɨɝ ɦɨɠɟɬ ɫɬɚɬɶ ɨɱɟɧɶ ɛɨɥɶɲɢɦ. ɑɬɨɛɵ ɜɵɩɨɥɧɢɬɶ ɚɜɬɨɧɨɦɧɭɸ ɞɟɮɪɚɝɦɟɧɬɚɰɢɸ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɲɚɝɢ. 1. ɋɞɟɥɚɣɬɟ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ ɢɧɮɨɪɦɚɰɢɢ Active Directory ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ (ɫɦ. ɝɥ. 15). 2. ɉɟɪɟɡɚɝɪɭɡɢɬɟ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ȼɨ ɜɪɟɦɹ ɡɚɝɪɭɡɤɢ ɫɟɪɜɟɪɚ ɧɚɠɦɢɬɟ ɤɥɚɜɢɲɭ F8, ɱɬɨɛɵ ɨɬɨɛɪɚɡɢɬɶ ɦɟɧɸ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɩɚɪɚɦɟɬɪɨɜ Windows. ȼɵɛɟɪɢɬɟ ɪɟɠɢɦ Directory Services Restore (ȼɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ) (Ɍɨɥɶɤɨ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows). 3. ȼɨɣɞɢɬɟ ɜ ɫɢɫɬɟɦɭ, ɢɫɩɨɥɶɡɭɹ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ Administrator (Ⱥɞɦɢɧɢɫɬɪɚɬɨɪ). ɂɫɩɨɥɶɡɭɣɬɟ ɩɚɪɨɥɶ, ɤɨɬɨɪɵɣ ɜɵ ɜɜɨɞɢɥɢ ɤɚɤ ɩɚɪɨɥɶ ɪɟɠɢɦɚ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɤɨɝɞɚ ɧɚɡɧɚɱɚɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. 4. Ɉɬɤɪɨɣɬɟ ɤɨɦɚɧɞɧɭɸ ɫɬɪɨɤɭ ɢ ɧɚɩɟɱɚɬɚɣɬɟ ntdsutil. 5. ȼ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɭɬɢɥɢɬɵ Ntdsutil ɧɚɩɟɱɚɬɚɣɬɟ files. 6. ȼ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɭɬɢɥɢɬɵ File Maintenance (Ɉɛɫɥɭɠɢɜɚɧɢɟ ɮɚɣɥɨɜ) ɧɚɩɟɱɚɬɚɣɬɟ info. ɗɬɚ ɨɩɰɢɹ ɨɬɨɛɪɚɠɚɟɬ ɬɟɤɭɳɭɸ ɢɧɮɨɪɦɚɰɢɸ ɨ ɩɭɬɢ ɢ ɪɚɡɦɟɪɟ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory ɢ ɟɟ ɠɭɪɧɚɥɨɜ. 7. ɇɚɩɟɱɚɬɚɣɬɟ compact to drive:\directory. ȼɵɛɟɪɢɬɟ ɞɢɫɤ ɢ ɤɚɬɚɥɨɝ, ɤɨɬɨɪɵɟ ɢɦɟɸɬ ɞɨɫɬɚɬɨɱɧɨ ɦɟɫɬɚ ɞɥɹ ɯɪɚɧɟɧɢɹ ɜɫɟɣ ɛɚɡɵ ɞɚɧɧɵɯ. ȿɫɥɢ ɧɚɡɜɚɧɢɟ ɩɭɬɢ ɤɚɬɚɥɨɝɚ ɫɨɞɟɪɠɢɬ ɩɪɨɛɟɥɵ, ɩɭɬɶ ɞɨɥɠɟɧ ɛɵɬɶ ɡɚɤɥɸɱɟɧ ɜ ɤɚɜɵɱɤɢ. 8. ɉɪɨɰɟɫɫ ɚɜɬɨɧɨɦɧɨɣ ɞɟɮɪɚɝɦɟɧɬɚɰɢɢ ɫɨɡɞɚɟɬ ɧɨɜɭɸ ɛɚɡɭ ɞɚɧɧɵɯ ɩɨ ɢɦɟɧɢ Ntds.dit ɜ ɭɤɚɡɚɧɧɨɦ ɜɚɦɢ ɦɟɫɬɟ. ɉɨ ɦɟɪɟ ɤɨɩɢɪɨɜɚɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ ɜ ɧɨɜɨɟ ɦɟɫɬɨ ɨɧɚ ɞɟɮɪɚɝɦɟɧɬɢɪɭɟɬɫɹ. 9. Ʉɨɝɞɚ ɞɟɮɪɚɝɦɟɧɬɚɰɢɹ ɡɚɤɨɧɱɟɧɚ, ɧɚɩɟɱɚɬɚɣɬɟ ɞɜɚɠɞɵ quit, ɱɬɨɛɵ ɜɨɡɜɪɚɬɢɬɶɫɹ ɤ ɩɪɢɝɥɚɲɟɧɢɸ ɤɨ ɜɜɨɞɭ ɤɨɦɚɧɞɵ. 10. ɋɤɨɩɢɪɭɣɬɟ ɞɟɮɪɚɝɦɟɧɬɢɪɨɜɚɧɧɵɣ ɮɚɣɥ Ntds.dit ɩɨɜɟɪɯ ɫɬɚɪɨɝɨ ɮɚɣɥɚ Ntds.dit ɜ ɦɟɫɬɨ
ɪɚɫɩɨɥɨɠɟɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. 11. ɉɟɪɟɡɚɝɪɭɡɢɬɟ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. . Active Directory,
, .
Active Directory Ntdsutil
ɍɬɢɥɢɬɭ Ntdsutil ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɧɟ ɬɨɥɶɤɨ ɞɥɹ ɞɟɮɪɚɝɦɟɧɬɚɰɢɢ ɛɚɡɵ ɞɚɧɧɵɯ ɫɜɨɟɣ ɫɥɭɠɛɵ Active Directory ɜ ɚɜɬɨɧɨɦɧɨɦ ɪɟɠɢɦɟ, ɧɨ ɢ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɛɚɡɨɣ ɞɚɧɧɵɯ Active Directory. ɂɧɫɬɪɭɦɟɧɬ Ntdsutil ɜɵɩɨɥɧɹɟɬ ɧɟɫɤɨɥɶɤɨ ɧɢɡɤɨɭɪɨɜɧɟɜɵɯ ɡɚɞɚɱ, ɜɨɡɧɢɤɚɸɳɢɯ ɩɪɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɢ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. ȼɫɟ ɨɩɰɢɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ ɹɜɥɹɸɬɫɹ ɧɟɪɚɡɪɭɲɚɸɳɢɦɢ, ɬ.ɟ. ɫɪɟɞɫɬɜɚ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɛɭɞɭɬ ɩɪɨɛɨɜɚɬɶ ɢɫɩɪɚɜɢɬɶ ɩɪɨɛɥɟɦɭ, ɜɨɡɧɢɤɲɭɸ ɜ ɛɚɡɟ ɞɚɧɧɵɯ Active Directory, ɬɨɥɶɤɨ ɧɟ ɡɚ ɫɱɟɬ ɭɞɚɥɟɧɢɹ ɞɚɧɧɵɯ. ȼɨɫɫɬɚɧɨɜɢɬɶ ɠɭɪɧɚɥɵ ɬɪɚɧɡɚɤɰɢɣ ɨɡɧɚɱɚɟɬ ɡɚɫɬɚɜɢɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɡɚɧɨɜɨ ɡɚɩɭɫɬɢɬɶ ɪɚɛɨɬɭ ɠɭɪɧɚɥɚ ɬɪɚɧɡɚɤɰɢɣ. ɗɬɚ ɨɩɰɢɹ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɜɵɩɨɥɧɹɟɬɫɹ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɤɨɝɞɚ ɨɧ ɩɟɪɟɡɚɩɭɫɤɚɟɬɫɹ ɩɨɫɥɟ ɩɪɢɧɭɞɢɬɟɥɶɧɨɝɨ ɜɵɤɥɸɱɟɧɢɹ. ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɜɵɩɨɥɧɹɬɶ ɦɹɝɤɨɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ, ɢɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬ Ntdsutil. . 15 , Active Directory. ɑɬɨɛɵ ɜɨɫɫɬɚɧɨɜɢɬɶ ɠɭɪɧɚɥ ɬɪɚɧɡɚɤɰɢɣ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. ɉɟɪɟɡɚɝɪɭɡɢɬɟ ɫɟɪɜɟɪ ɢ ɜɵɛɟɪɢɬɟ ɡɚɝɪɭɡɤɭ ɜ ɪɟɠɢɦɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. ɗɬɨ ɬɪɟɛɭɟɬɫɹ ɞɥɹ ɪɚɛɨɬɵ ɢɧɫɬɪɭɦɟɧɬɚ Ntdsutil. 2. Ɉɬɤɪɨɣɬɟ ɤɨɦɚɧɞɧɭɸ ɫɬɪɨɤɭ ɢ ɧɚɩɟɱɚɬɚɣɬɟ ntdsutil. 3. ȼ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɭɬɢɥɢɬɵ Ntdsutil ɧɚɩɟɱɚɬɚɣɬɟ files. 4. ȼ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ File Maintenance ɧɚɩɟɱɚɬɚɣɬɟ recover. Ɂɚɩɭɫɤ ɨɩɰɢɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɜɫɟɝɞɚ ɞɨɥɠɟɧ ɛɵɬɶ ɩɟɪɜɵɦ ɲɚɝɨɦ ɩɪɢ ɥɸɛɨɦ ɜɨɫɫɬɚɧɨɜɥɟɧɢɢ ɛɚɡɵ ɞɚɧɧɵɯ, ɷɬɨ ɝɚɪɚɧɬɢɪɭɟɬ, ɱɬɨ ɛɚɡɚ ɞɚɧɧɵɯ ɫɨɜɦɟɫɬɢɦɚ ɫ ɠɭɪɧɚɥɚɦɢ ɬɪɚɧɡɚɤɰɢɣ. Ʉɚɤ ɬɨɥɶɤɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɡɚɤɨɧɱɢɬɫɹ, ɦɨɠɧɨ ɜɵɩɨɥɧɹɬɶ ɞɪɭɝɢɟ ɨɩɰɢɢ ɛɚɡɵ ɞɚɧɧɵɯ, ɟɫɥɢ ɷɬɨ ɧɟɨɛɯɨɞɢɦɨ. ɉɪɨɜɟɪɤɚ ɰɟɥɨɫɬɧɨɫɬɢ ɛɚɡɵ ɞɚɧɧɵɯ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɛɚɡɚ ɞɚɧɧɵɯ ɩɪɨɜɟɪɟɧɚ ɧɚ ɧɢɡɤɨɦ (ɞɜɨɢɱɧɨɦ) ɭɪɨɜɧɟ ɧɚ ɩɪɟɞɦɟɬ ɟɟ ɢɫɤɚɠɟɧɢɣ. ɉɪɨɰɟɫɫ ɩɪɨɜɟɪɹɟɬ ɡɚɝɨɥɨɜɤɢ ɛɚɡɵ ɞɚɧɧɵɯ ɢ ɜɫɟ ɬɚɛɥɢɰɵ ɧɚ ɧɟɩɪɨɬɢɜɨɪɟɱɢɜɨɫɬɶ. ɉɨɫɤɨɥɶɤɭ ɜɨ ɜɪɟɦɹ ɷɬɨɝɨ ɩɪɨɰɟɫɫɚ ɩɪɨɜɟɪɹɟɬɫɹ ɤɚɠɞɵɣ ɛɚɣɬ ɛɚɡɵ ɞɚɧɧɵɯ, ɬɨ ɪɚɛɨɬɚ ɫ ɛɨɥɶɲɨɣ ɛɚɡɨɣ ɞɚɧɧɵɯ ɬɪɟɛɭɟɬ ɦɧɨɝɨ ɜɪɟɦɟɧɢ. ɑɬɨɛɵ ɜɵɩɨɥɧɢɬɶ ɩɪɨɜɟɪɤɭ ɰɟɥɨɫɬɧɨɫɬɢ, ɧɚɩɟɱɚɬɚɣɬɟ integrity ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ File Maintenance ɭɬɢɥɢɬɵ Ntdsutil. ɋɟɦɚɧɬɢɱɟɫɤɢɣ ɚɧɚɥɢɡ ɛɚɡɵ ɞɚɧɧɵɯ ɨɬɥɢɱɚɟɬɫɹ ɨɬ ɩɪɨɜɟɪɤɢ ɰɟɥɨɫɬɧɨɫɬɢ ɬɟɦ, ɱɬɨ ɨɧ ɧɟ ɢɫɫɥɟɞɭɟɬ ɛɚɡɭ ɞɚɧɧɵɯ ɧɚ ɞɜɨɢɱɧɨɦ ɭɪɨɜɧɟ. ȼɦɟɫɬɨ ɷɬɨɝɨ ɩɪɨɜɟɪɹɟɬɫɹ ɧɟɩɪɨɬɢɜɨɪɟɱɢɜɨɫɬɶ ɫɟɦɚɧɬɢɤɢ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. ɋɟɦɚɧɬɢɱɟɫɤɢɣ ɚɧɚɥɢɡ ɛɚɡɵ ɞɚɧɧɵɯ ɢɫɫɥɟɞɭɟɬ ɤɚɠɞɵɣ ɨɛɴɟɤɬ ɜ ɛɚɡɟ ɞɚɧɧɵɯ ɞɥɹ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɤɚɠɞɵɣ ɨɛɴɟɤɬ ɢɦɟɟɬ GUID, ɩɪɚɜɢɥɶɧɵɣ SID ɢ ɩɪɚɜɢɥɶɧɵɟ ɪɟɩɥɢɤɚɰɢɨɧɧɵɟ ɦɟɬɚɞɚɧɧɵɟ. ɑɬɨɛɵ ɫɞɟɥɚɬɶ ɫɟɦɚɧɬɢɱɟɫɤɢɣ ɚɧɚɥɢɡ ɛɚɡɵ ɞɚɧɧɵɯ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. Ɉɬɤɪɨɣɬɟ ɤɨɦɚɧɞɧɭɸ ɫɬɪɨɤɭ ɢ ɧɚɩɟɱɚɬɚɣɬɟ ntdsutil. 2. ȼ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɭɬɢɥɢɬɵ Ntdsutil ɧɚɩɟɱɚɬɚɣɬɟ semantic database analysis. 3. ȼ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ Semantic Checker (ɉɪɨɜɟɪɤɚ ɫɟɦɚɧɬɢɤɢ) ɧɚɩɟɱɚɬɚɣɬɟ verbose on. ɗɬɚ ɭɫɬɚɧɨɜɤɚ ɤɨɧɮɢɝɭɪɢɪɭɟɬ ɭɬɢɥɢɬɭ Ntdsutil ɞɥɹ ɜɵɜɟɞɟɧɢɹ ɧɚ ɷɤɪɚɧ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɢɧɮɨɪɦɚɰɢɢ ɩɪɢ ɜɵɩɨɥɧɟɧɢɢ ɫɟɦɚɧɬɢɱɟɫɤɨɣ ɩɪɨɜɟɪɤɢ. 4. ȼ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ Semantic Checker ɧɚɩɟɱɚɬɚɣɬɟ go. . Active Directory Windows 2000, , , , Windows 2000 Repair ( ). Э , Active Directory, Windows Server 2003.
ɂɧɫɬɪɭɦɟɧɬ Ntdsutil ɦɨɠɟɬ ɬɚɤɠɟ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɩɟɪɟɦɟɳɟɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory ɢ ɠɭɪɧɚɥɨɜ ɬɪɚɧɡɚɤɰɢɣ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɠɭɪɧɚɥɵ ɬɪɚɧɡɚɤɰɢɣ ɢ ɛɚɡɚ ɞɚɧɧɵɯ ɧɚɯɨɞɹɬɫɹ ɧɚ ɨɞɧɨɦ ɢ ɬɨɦ ɠɟ ɠɟɫɬɤɨɦ ɞɢɫɤɟ, ɜɵ ɦɨɠɟɬɟ ɩɟɪɟɦɟɫɬɢɬɶ ɨɞɢɧ ɢɡ ɤɨɦɩɨɧɟɧɬɨɜ ɧɚ ɞɪɭɝɨɣ ɠɟɫɬɤɢɣ ɞɢɫɤ. ȿɫɥɢ ɠɟɫɬɤɢɣ ɞɢɫɤ, ɫɨɞɟɪɠɚɳɢɣ ɮɚɣɥ ɛɚɡɵ ɞɚɧɧɵɯ, ɡɚɩɨɥɧɢɬɫɹ, ɧɭɠɧɨ ɛɭɞɟɬ ɩɟɪɟɦɟɫɬɢɬɶ ɛɚɡɭ ɞɚɧɧɵɯ. ɑɬɨɛɵ ɩɟɪɟɦɟɫɬɢɬɶ ɛɚɡɭ ɞɚɧɧɵɯ ɢ ɠɭɪɧɚɥ ɬɪɚɧɡɚɤɰɢɣ ɜ ɧɨɜɨɟ ɦɟɫɬɨ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ, ɤɨɝɞɚ ɫɟɪɜɟɪ ɧɚɯɨɞɢɬɫɹ ɜ ɪɟɠɢɦɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ. 1. Ɉɬɤɪɨɣɬɟ ɤɨɦɚɧɞɧɭɸ ɫɬɪɨɤɭ ɢ ɧɚɩɟɱɚɬɚɣɬɟ ntdsutil. 2. ȼ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ Ntdsutil ɧɚɩɟɱɚɬɚɣɬɟ files. 3. ɑɬɨɛɵ ɭɜɢɞɟɬɶ, ɝɞɟ ɧɚɯɨɞɹɬɫɹ ɮɚɣɥɵ ɜ ɧɚɫɬɨɹɳɟɟ ɜɪɟɦɹ, ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ Ntdsutil ɧɚɩɟɱɚɬɚɣɬɟ info. ɗɬɚ ɤɨɦɚɧɞɚ ɩɨɤɚɠɟɬ ɦɟɫɬɚ ɪɚɫɩɨɥɨɠɟɧɢɹ ɮɚɣɥɨɜ ɛɚɡɵ ɞɚɧɧɵɯ ɢ ɜɫɟɯ ɠɭɪɧɚɥɨɜ ɪɟɝɢɫɬɪɚɰɢɢ. 4. ɑɬɨɛɵ ɩɟɪɟɦɟɫɬɢɬɶ ɮɚɣɥ ɛɚɡɵ ɞɚɧɧɵɯ, ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ File Maintenance ɧɚɩɟɱɚɬɚɣɬɟ move db to director, ɝɞɟ dir ctor ɡɚɞɚɟɬ ɧɨɜɨɟ ɦɟɫɬɨ ɞɥɹ ɮɚɣɥɨɜ. ɗɬɚ ɤɨɦɚɧɞɚ ɩɟɪɟɦɟɳɚɟɬ ɛɚɡɭ ɞɚɧɧɵɯ ɜ ɭɤɚɡɚɧɧɨɟ ɦɟɫɬɨ ɢ ɪɟɤɨɧɮɢɝɭɪɢɪɭɟɬ ɫɢɫɬɟɦɧɵɣ ɪɟɟɫɬɪ ɬɚɤ, ɱɬɨɛɵ ɨɛɪɚɳɚɬɶɫɹ ɤ ɮɚɣɥɭ ɩɨ ɟɝɨ ɩɪɚɜɢɥɶɧɨɦɭ ɦɟɫɬɭ ɪɚɫɩɨɥɨɠɟɧɢɹ. 5. ɑɬɨɛɵ ɩɟɪɟɦɟɫɬɢɬɶ ɠɭɪɧɚɥ ɬɪɚɧɡɚɤɰɢɣ, ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ File Maintenance ɧɚɩɟɱɚɬɚɣɬɟ move logs to directory.
ȼ ɷɬɨɣ ɝɥɚɜɟ ɛɵɥɢ ɩɪɟɞɫɬɚɜɥɟɧɵ ɧɟɤɨɬɨɪɵɟ ɢɧɫɬɪɭɦɟɧɬɵ, ɤɨɬɨɪɵɟ ɧɟɨɛɯɨɞɢɦɵ ɞɥɹ ɦɨɧɢɬɨɪɢɧɝɚ Active Directory ɢ «ɡɞɨɪɨɜɶɹ» ɫɢɫɬɟɦ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɵɯ ɨɧɚ ɜɵɩɨɥɧɹɟɬɫɹ. ȼɵɩɨɥɧɹɹ ɪɟɝɭɥɹɪɧɵɣ ɦɨɧɢɬɨɪɢɧɝ ɪɚɛɨɬɵ ɫɥɭɠɛɵ, ɜɵ ɫɦɨɠɟɬɟ ɢɞɟɧɬɢɮɢɰɢɪɨɜɚɬɶ ɩɨɬɟɧɰɢɚɥɶɧɨ ɪɚɡɪɭɲɢɬɟɥɶɧɵɟ ɢ ɞɨɪɨɝɨɫɬɨɹɳɢɟ «ɭɡɤɢɟ ɦɟɫɬɚ» ɫɢɫɬɟɦɵ ɢ ɞɪɭɝɢɟ ɩɪɨɛɥɟɦɵ ɟɟ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ, ɩɪɟɠɞɟ ɱɟɦ ɨɧɢ ɩɪɨɢɡɨɣɞɭɬ. ɗɮɮɟɤɬɢɜɧɵɣ ɦɨɧɢɬɨɪɢɧɝ Active Directory ɨɛɟɫɩɟɱɢɬ ɜɚɫ ɰɟɧɧɵɦɢ ɞɚɧɧɵɦɢ ɨ ɬɟɧɞɟɧɰɢɹɯ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɹ ɫɢɫɬɟɦɵ, ɱɬɨɛɵ ɜɵ ɦɨɝɥɢ ɩɨɞɝɨɬɨɜɢɬɶɫɹ ɤ ɛɭɞɭɳɢɦ ɫɢɫɬɟɦɧɵɦ ɭɫɨɜɟɪɲɟɧɫɬɜɨɜɚɧɢɹɦ. Ɇɨɧɢɬɨɪɢɧɝ ɹɜɥɹɟɬɫɹ ɨɞɧɢɦ ɢɡ ɫɩɨɫɨɛɨɜ ɡɚɩɭɫɬɢɬɶ ɜɵɩɨɥɧɟɧɢɟ ɧɟɨɛɯɨɞɢɦɵɯ ɡɚɞɚɱ ɨɛɫɥɭɠɢɜɚɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ, ɤɨɬɨɪɵɟ ɧɭɠɧɨ ɜɵɩɨɥɧɹɬɶ, ɱɬɨɛɵ ɫɨɯɪɚɧɢɬɶ ɢɧɮɪɚɫɬɪɭɤɬɭɪɭ ɜɚɲɟɣ Active Directory ɧɚ ɜɵɫɨɤɨɦ ɪɚɛɨɱɟɦ ɭɪɨɜɧɟ. Ⱦɚɠɟ ɩɪɢ ɨɬɫɭɬɫɬɜɢɢ ɨɲɢɛɨɤ ɢ ɩɪɟɞɭɩɪɟɠɞɟɧɢɣ ɜ ɠɭɪɧɚɥɟ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ ɜɵ ɜɫɟ ɪɚɜɧɨ ɞɨɥɠɧɵ ɪɟɝɭɥɹɪɧɨ ɜɵɩɨɥɧɹɬɶ ɩɪɨɝɪɚɦɦɭ ɨɛɫɥɭɠɢɜɚɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ, ɱɬɨɛɵ ɫɨɯɪɚɧɢɬɶ ɟɟ ɷɮɮɟɤɬɢɜɧɨɟ ɮɭɧɤɰɢɨɧɢɪɨɜɚɧɢɟ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɨɩɢɫɚɧ ɬɚɤɠɟ ɩɪɨɰɟɫɫ ɨɧɥɚɣɧɨɜɨɣ ɢ ɚɜɬɨɧɨɦɧɨɣ ɞɟɮɪɚɝɦɟɧɬɚɰɢɢ, ɚ ɬɚɤɠɟ ɩɪɨɰɟɫɫ ɫɛɨɪɤɢ ɦɭɫɨɪɚ, ɩɪɟɞɧɚɡɧɚɱɟɧɧɵɣ ɞɥɹ ɭɞɚɥɟɧɢɹ ɢɡ Active Directory ɨɛɴɟɤɬɨɜ-ɩɚɦɹɬɧɢɤɨɜ.
15. ɋɥɭɠɛɚ ɤɚɬɚɥɨɝɚ Active Directory — ɷɬɨ ɧɚɢɛɨɥɟɟ ɤɪɢɬɢɱɟɫɤɚɹ ɫɟɬɟɜɚɹ ɫɥɭɠɛɚ, ɤɨɬɨɪɭɸ ɜɵ ɪɚɡɜɨɪɚɱɢɜɚɟɬɟ ɜ ɜɚɲɟɣ ɫɟɬɢ. ȿɫɥɢ ɢɧɮɪɚɫɬɪɭɤɬɭɪɚ Active Directory ɛɭɞɟɬ ɧɟɭɞɚɱɧɨɣ, ɩɨɥɶɡɨɜɚɬɟɥɢ ɫɟɬɢ ɛɭɞɭɬ ɱɪɟɡɜɵɱɚɣɧɨ ɨɝɪɚɧɢɱɟɧɵ ɜ ɬɨɦ, ɱɬɨ ɨɧɢ ɫɦɨɝɭɬ ɞɟɥɚɬɶ ɜ ɫɟɬɢ. ɉɨɱɬɢ ɜɫɟ ɫɟɬɟɜɵɟ ɫɥɭɠɛɵ ɜ Microsoft Windows Server 2003 ɜɵɩɨɥɧɹɸɬ ɚɭɬɟɧɬɢɮɢɤɚɰɢɸ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɜ Active Directory, ɩɪɟɠɞɟ ɱɟɦ ɨɧɢ ɩɨɥɭɱɚɬ ɞɨɫɬɭɩ ɤ ɤɚɤɨɦɭ-ɥɢɛɨ ɫɟɬɟɜɨɦɭ ɪɟɫɭɪɫɭ. ɉɨɷɬɨɦɭ ɜɵ ɞɨɥɠɧɵ ɩɨɞɝɨɬɨɜɢɬɶɫɹ ɤ ɩɪɟɞɨɬɜɪɚɳɟɧɢɸ ɨɬɤɚɡɨɜ ɢ ɟɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɸ ɧɚ ɬɨɦ ɠɟ ɫɚɦɨɦ ɭɪɨɜɧɟ, ɧɚ ɤɚɤɨɦ ɜɵ ɝɨɬɨɜɢɬɟɫɶ ɤ ɜɨɫɫɬɚɧɨɜɥɟɧɢɸ ɥɸɛɵɯ ɞɪɭɝɢɯ ɫɟɬɟɜɵɯ ɪɟɫɭɪɫɨɜ. ɉɪɢ ɪɚɡɜɟɪɬɵɜɚɧɢɢ Active Directory Windows Server 2003 ɜɚɠɧɨ ɩɨɞɝɨɬɨɜɢɬɶɫɹ ɤ ɡɚɳɢɬɟ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory ɢ ɨɫɭɳɟɫɬɜɢɬɶ ɩɥɚɧ ɩɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɸ ɛɚɡɵ ɞɚɧɧɵɯ ɜ ɫɥɭɱɚɟ ɤɪɢɬɢɱɟɫɤɨɝɨ ɨɬɤɚɡɚ. ɗɬɚ ɝɥɚɜɚ ɧɚɱɢɧɚɟɬɫɹ ɫ ɨɛɫɭɠɞɟɧɢɹ ɨɫɧɨɜɧɵɯ ɦɟɬɨɞɨɜ ɨɛɟɫɩɟɱɟɧɢɹ ɢɡɛɵɬɨɱɧɨɫɬɢ ɢ ɡɚɳɢɬɵ Active Directory. Ⱦɚɥɟɟ ɨɛɫɭɠɞɚɸɬɫɹ ɤɨɦɩɨɧɟɧɬɵ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory ɢ ɢɯ ɨɩɬɢɦɚɥɶɧɵɟ ɤɨɧɮɢɝɭɪɚɰɢɢ ɞɥɹ ɝɚɪɚɧɬɢɢ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɜɨɡɦɨɠɧɨɫɬɟɣ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɥɭɠɛɵ ɜ ɫɥɭɱɚɟ ɫɛɨɹ. ȼ ɨɫɧɨɜɧɨɣ ɱɚɫɬɢ ɷɬɨɣ ɝɥɚɜɵ ɨɛɫɭɠɞɚɸɬɫɹ ɨɩɰɢɢ ɢ ɩɪɨɰɟɞɭɪɵ ɩɨ ɫɨɡɞɚɧɢɸ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. ɉɪɢɦɟɱɚɧɢɟ. ȼ ɷɬɨɣ ɝɥɚɜɟ ɨɛɫɭɠɞɚɟɬɫɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɩɨɫɥɟ ɫɛɨɹ ɬɨɥɶɤɨ Active Directory. Ƚɥɚɜɚ ɧɟ ɤɚɫɚɟɬɫɹ ɜɨɩɪɨɫɨɜ, ɫɜɹɡɚɧɧɵɯ ɫ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟɦ ɫɟɪɜɟɪɨɜ ɫ ɫɢɫɬɟɦɚɦɢ Windows Server 2003. Ɉɧɚ ɩɨɫɜɹɳɟɧɚ ɬɨɥɶɤɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɸ Active Directory, ɩɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɜɨɫɫɬɚɧɨɜɢɥɢ ɫɟɪɜɟɪ.
ɉɟɪɜɵɟ ɲɚɝɢ ɜ ɜɨɫɫɬɚɧɨɜɥɟɧɢɢ ɫɢɫɬɟɦɵ ɩɨɫɥɟ ɨɬɤɚɡɚ ɜɵɩɨɥɧɹɸɬɫɹ ɧɚɦɧɨɝɨ ɪɚɧɶɲɟ, ɱɟɦ ɫɥɭɱɢɬɫɹ ɫɚɦ ɨɬɤɚɡ. ȿɫɥɢ ɜɵ ɧɟ ɩɨɞɝɨɬɨɜɢɥɢɫɶ ɤ ɩɨɬɟɧɰɢɚɥɶɧɨɦɭ ɛɟɞɫɬɜɢɸ ɧɚɞɥɟɠɚɳɢɦ ɨɛɪɚɡɨɦ, ɬɨ ɩɪɨɛɥɟɦɚ ɩɨɥɨɦɤɢ ɚɩɩɚɪɚɬɧɨɝɨ ɤɨɦɩɨɧɟɧɬɚ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɦɨɠɟɬ ɩɪɟɜɪɚɬɢɬɶɫɹ ɜ ɪɟɚɥɶɧɭɸ ɤɚɬɚɫɬɪɨɮɭ, ɜɦɟɫɬɨ ɬɨɝɨ ɱɬɨɛɵ ɩɪɨɫɬɨ ɜɵɡɜɚɬɶ ɧɟɛɨɥɶɲɨɟ ɧɟɭɞɨɛɫɬɜɨ. ɉɨɞɝɨɬɨɜɤɚ ɤ ɛɟɞɫɬɜɢɸ ɜɤɥɸɱɚɟɬ ɩɪɨɫɦɨɬɪ ɜɫɟɯ ɷɥɟɦɟɧɬɨɜ, ɫɨɫɬɚɜɥɹɸɳɢɯ ɧɨɪɦɚɥɶɧɭɸ ɫɟɬɟɜɭɸ ɢɧɮɪɚɫɬɪɭɤɬɭɪɭ, ɚ ɬɚɤɠɟ ɧɟɤɨɬɨɪɵɟ ɫɩɟɰɢɮɢɱɧɵɟ ɞɥɹ Active Directory ɜɟɳɢ. ɉɟɪɟɱɢɫɥɟɧɧɵɟ ɧɢɠɟ ɩɪɨɰɟɞɭɪɵ ɹɜɥɹɸɬɫɹ ɤɪɢɬɢɱɟɫɤɢ ɜɚɠɧɵɦɢ. • Ɋɚɡɪɚɛɨɬɚɣɬɟ ɩɨɫɥɟɞɨɜɚɬɟɥɶɧɨɟ ɫɨɡɞɚɧɢɟ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɢ ɜɨɫɫɬɚɧɨɜɢɬɟ ɭɩɪɚɜɥɟɧɢɟ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. ɉɟɪɜɵɣ ɲɚɝ ɜ ɥɸɛɨɦ ɩɥɚɧɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɨɫɬɨɢɬ ɜ ɭɫɬɚɧɨɜɤɟ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɯ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜ ɢ ɩɪɨɝɪɚɦɦɧɨɝɨ ɨɛɟɫɩɟɱɟɧɢɹ ɞɥɹ ɩɨɞɞɟɪɠɤɢ ɫɨɡɞɚɧɢɹ ɪɟɡɟɪɜɧɵɯ ɤɨɩɢɣ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. Ɂɚɬɟɦ ɜɵ ɞɨɥɠɧɵ ɫɨɡɞɚɬɶ ɢ ɩɪɨɬɟɫɬɢɪɨɜɚɬɶ ɩɥɚɧ ɪɟɡɟɪɜɢɪɨɜɚɧɢɹ ɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ. • ɉɪɨɜɟɪɶɬɟ ɫɜɨɣ ɩɥɚɧ ɪɟɡɟɪɜɢɪɨɜɚɧɢɹ ɞɨ ɢ ɩɨɫɥɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ Active Directory. ɉɨɫɥɟ ɪɚɡɜɟɪɬɵɜɚɧɢɹ Active Directory ɜɚɲɢ ɩɨɥɶɡɨɜɚɬɟɥɢ ɛɭɞɭɬ ɬɪɟɛɨɜɚɬɶ, ɱɬɨɛɵ ɨɧɚ ɛɵɥɚ ɞɨɫɬɭɩɧɚ ɜɫɟ ɜɪɟɦɹ. ɇɭɠɧɨ ɧɟɨɞɧɨɤɪɚɬɧɨ ɩɪɨɬɟɫɬɢɪɨɜɚɬɶ ɫɜɨɣ ɩɥɚɧ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ. ɇɚɢɥɭɱɲɢɦ ɨɛɪɚɡɨɦ ɭɩɪɚɜɥɹɟɦɚɹ ɫɟɬɟɜɚɹ ɫɪɟɞɚ ɢɦɟɟɬ ɩɨɫɥɟɞɨɜɚɬɟɥɶɧɭɸ ɩɪɨɰɟɞɭɪɭ ɬɟɫɬɢɪɨɜɚɧɢɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ, ɜ ɤɨɬɨɪɨɣ ɤɚɠɞɭɸ ɧɟɞɟɥɸ ɬɟɫɬɢɪɭɟɬɫɹ ɤɚɤɨɣ-ɥɢɛɨ ɤɨɦɩɨɧɟɧɬ ɷɬɨɣ ɩɪɨɰɟɞɭɪɵ. ȿɫɥɢ ɛɟɞɫɬɜɢɟ ɞɟɣɫɬɜɢɬɟɥɶɧɨ ɩɪɨɢɡɨɣɞɟɬ, ɜɵ ɛɭɞɟɬɟ ɜɵɧɭɠɞɟɧɵ ɜɨɫɫɬɚɧɨɜɢɬɶ Active Directory ɧɚɫɬɨɥɶɤɨ ɛɵɫɬɪɨ, ɧɚɫɤɨɥɶɤɨ ɷɬɨ ɜɨɡɦɨɠɧɨ. ɗɬɨ ɧɟ ɞɨɥɠɟɧ ɛɵɬɶ ɬɨɬ ɫɥɭɱɚɣ, ɤɨɝɞɚ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɩɪɨɰɟɞɭɪɭ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ Active Directory ɜ ɩɟɪɜɵɣ ɪɚɡ. • Ɋɚɡɜɟɪɧɢɬɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ Active Directory ɫ ɚɩɩɚɪɚɬɧɨɣ ɢɡɛɵɬɨɱɧɨɫɬɶɸ. Ȼɨɥɶɲɢɧɫɬɜɨ ɫɟɪɜɟɪɨɜ ɦɨɠɧɨ ɡɚɤɚɡɵɜɚɬɶ ɫ ɧɟɤɨɬɨɪɵɦ ɭɪɨɜɧɟɦ ɚɩɩɚɪɚɬɧɨɣ ɢɡɛɵɬɨɱɧɨɫɬɢ ɩɪɢ ɧɟɛɨɥɶɲɨɣ ɞɨɩɨɥɧɢɬɟɥɶɧɨɣ ɫɬɨɢɦɨɫɬɢ. ɇɚɩɪɢɦɟɪ, ɫɟɪɜɟɪ ɫ ɞɜɨɣɧɵɦ ɢɫɬɨɱɧɢɤɨɦ ɩɢɬɚɧɢɹ, ɢɡɛɵɬɨɱɧɵɦɢ ɫɟɬɟɜɵɦɢ ɤɚɪɬɚɦɢ ɢ ɢɡɛɵɬɨɱɧɨɣ ɚɩɩɚɪɚɬɧɨɣ ɫɢɫɬɟɦɨɣ ɠɟɫɬɤɨɝɨ ɞɢɫɤɚ ɞɨɥɠɟɧ ɛɵɬɶ ɫɬɚɧɞɚɪɬɧɵɦ ɨɛɨɪɭɞɨɜɚɧɢɟɦ ɞɥɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. ȿɫɥɢ ɷɬɚ ɢɡɛɵɬɨɱɧɨɫɬɶ ɩɪɟɞɨɯɪɚɧɢɬ ɜɚɫ ɯɨɬɹ ɛɵ ɨɬ ɨɞɧɨɣ ɬɪɭɞɨɜɨɣ ɧɨɱɢ ɩɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɸ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɬɨ ɷɬɨ ɛɭɞɟɬ ɥɭɱɲɚɹ ɢɧɜɟɫɬɢɰɢɹ, ɤɨɬɨɪɭɸ ɜɵ ɤɨɝɞɚ-ɥɢɛɨ ɞɟɥɚɥɢ. ȼɨ ɦɧɨɝɢɯ ɛɨɥɶɲɢɯ ɤɨɦɩɚɧɢɹɯ ɚɩɩɚɪɚɬɧɚɹ ɢɡɛɵɬɨɱɧɨɫɬɶ ɩɨɞɧɹɬɚ ɧɚ ɬɚɤɨɣ ɭɪɨɜɟɧɶ, ɤɨɝɞɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫɜɹɡɚɧɵ ɫ ɪɚɡɥɢɱɧɵɦɢ ɰɟɩɹɦɢ ɩɢɬɚɧɢɹ ɢ ɩɨɞɤɥɸɱɟɧɵ ɤ ɪɚɡɥɢɱɧɵɦ
•
ɤɨɦɦɭɬɚɬɨɪɚɦ Ethernet ɢɥɢ ɫɟɬɟɜɵɦ ɫɟɝɦɟɧɬɚɦɢ ȼɨ ɜɫɟɯ ɫɟɬɹɯ, ɤɪɨɦɟ ɫɚɦɵɯ ɦɚɥɟɧɶɤɢɯ, ɜɵ ɞɨɥɠɧɵ ɪɚɡɜɟɪɧɭɬɶ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɞɜɚ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Active Directory ɢɫɩɨɥɶɡɭɟɬ ɰɢɪɤɭɥɹɪɧɭɸ (circular) ɪɟɝɢɫɬɪɚɰɢɸ ɞɥɹ ɫɜɨɢɯ ɠɭɪɧɚɥɨɜ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɛɵɬɢɣ, ɢ ɷɬɨɬ ɡɚɞɚɧɧɵɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɨɪɹɞɨɤ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɢɡɦɟɧɟɧ. ɐɢɪɤɭɥɹɪɧɚɹ ɪɟɝɢɫɬɪɚɰɢɹ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɫ ɟɞɢɧɫɬɜɟɧɧɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜɵ ɦɨɠɟɬɟ ɩɨɬɟɪɹɬɶ ɞɚɧɧɵɟ Active Directory ɜ ɫɥɭɱɚɟ ɚɜɚɪɢɢ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɢ ɛɭɞɟɬɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɟɝɨ ɢɡ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ. Ⱦɚɠɟ ɜ ɦɚɥɟɧɶɤɨɣ ɤɨɦɩɚɧɢɢ ɜɚɠɧɨ ɢɦɟɬɶ ɧɟɫɤɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɯɨɬɢɬɟ, ɱɬɨɛɵ ɜɫɟ ɩɨɥɶɡɨɜɚɬɟɥɢ ɛɨɥɶɲɭɸ ɱɚɫɬɶ ɜɪɟɦɟɧɢ ɢɫɩɨɥɶɡɨɜɚɥɢ ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɜɵ ɦɨɠɟɬɟ ɢɡɦɟɧɢɬɶ ɡɚɩɢɫɢ DNS, ɪɟɝɭɥɢɪɭɹ ɩɪɢɨɪɢɬɟɬ ɤɚɠɞɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ɍɨɝɞɚ ɜɬɨɪɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɦɨɠɟɬ ɜɵɩɨɥɧɹɬɶ ɞɪɭɝɢɟ ɮɭɧɤɰɢɢ ɢ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɬɨɥɶɤɨ ɞɥɹ ɫɨɡɞɚɧɢɹ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɧɚ ɫɥɭɱɚɣ ɚɜɚɪɢɢ ɧɚ ɩɟɪɜɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ.
Active Directory
Ʉɚɤ ɝɨɜɨɪɢɥɨɫɶ ɜ ɝɥ. 2, ɛɚɡɚ ɞɚɧɧɵɯ Active Directory ɯɪɚɧɢɬɫɹ ɜ ɮɚɣɥɟ ɩɨ ɢɦɟɧɢ Ntds.dit, ɤɨɬɨɪɵɣ ɩɨ ɭɦɨɥɱɚɧɢɸ ɪɚɫɩɨɥɨɠɟɧ ɜ ɩɚɩɤɟ %systemroot %\NTDS. ɗɬɚ ɩɚɩɤɚ ɫɨɞɟɪɠɢɬ ɬɚɤɠɟ ɫɥɟɞɭɸɳɢɟ ɮɚɣɥɵ. • Edb.chk - ɮɚɣɥ ɤɨɧɬɪɨɥɶɧɵɯ ɬɨɱɟɤ, ɤɨɬɨɪɵɣ ɭɤɚɡɵɜɚɟɬ, ɤɚɤɢɟ ɬɪɚɧɡɚɤɰɢɢ ɢɡ ɠɭɪɧɚɥɨɜ ɪɟɝɢɫɬɪɚɰɢɢ ɛɵɥɢ ɡɚɩɢɫɚɧɵ ɜ ɛɚɡɭ ɞɚɧɧɵɯ Active Directory. • Edb.log - ɠɭɪɧɚɥ ɪɟɝɢɫɬɪɚɰɢɢ ɬɟɤɭɳɢɯ ɬɪɚɧɡɚɤɰɢɣ. ɂɦɟɟɬ ɮɢɤɫɢɪɨɜɚɧɧɭɸ ɞɥɢɧɭ - 10 Ɇɛ. • Edbxxxxx.log. ɉɨɫɥɟ ɬɨɝɨ ɤɚɤ Active Directory ɩɪɨɪɚɛɨɬɚɥɚ ɧɟɤɨɬɨɪɨɟ ɜɪɟɦɹ, ɦɨɝɭɬ ɩɨɹɜɢɬɶɫɹ ɨɞɢɧ ɢɥɢ ɛɨɥɟɟ ɠɭɪɧɚɥɨɜ, ɭ ɤɨɬɨɪɵɯ ɱɚɫɬɶ ɢɦɟɧɢ ɮɚɣɥɚ, ɨɛɨɡɧɚɱɟɧɧɚɹ ɤɚɤ ɯɯɯɯɯ, ɩɪɟɞɫɬɚɜɥɹɟɬɫɹ ɫɨɛɨɣ ɭɜɟɥɢɱɢɜɚɸɳɢɣɫɹ ɲɟɫɬɧɚɞɰɚɬɟɪɢɱɧɵɣ ɩɨɪɹɞɤɨɜɵɣ ɧɨɦɟɪ. ɗɬɢ ɠɭɪɧɚɥɵ ɹɜɥɹɸɬɫɹ ɩɪɟɞɲɟɫɬɜɭɸɳɢɦɢ ɠɭɪɧɚɥɚɦɢ; ɜɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɬɟɤɭɳɢɣ ɠɭɪɧɚɥ ɡɚɩɨɥɧɟɧ, ɨɧ ɩɟɪɟɢɦɟɧɨɜɵɜɚɟɬɫɹ ɜ ɫɥɟɞɭɸɳɢɣ ɩɪɟɞɲɟɫɬɜɭɸɳɢɣ ɠɭɪɧɚɥ, ɢ ɫɨɡɞɚɟɬɫɹ ɧɨɜɵɣ ɠɭɪɧɚɥ Edb.log. ɋɬɚɪɵɟ ɠɭɪɧɚɥɵ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɭɞɚɥɹɸɬɫɹ ɩɨ ɦɟɪɟ ɬɨɝɨ, ɤɚɤ ɢɡɦɟɧɟɧɢɹ, ɩɪɟɞɫɬɚɜɥɟɧɧɵɟ ɜ ɠɭɪɧɚɥɚɯ, ɩɟɪɟɧɨɫɹɬɫɹ ɜ ɛɚɡɭ ɞɚɧɧɵɯ Active Directory. Ʉɚɠɞɵɣ ɢɡ ɷɬɢɯ ɠɭɪɧɚɥɨɜ ɬɚɤɠɟ ɡɚɧɢɦɚɟɬ 10 Ɇɛ. • Edbtemp.log - ɜɪɟɦɟɧɧɵɣ ɠɭɪɧɚɥ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬɫɹ ɬɨɝɞɚ, ɤɨɝɞɚ ɡɚɩɨɥɧɟɧ ɬɟɤɭɳɢɣ ɠɭɪɧɚɥ (Edb.log). ɇɨɜɵɣ ɠɭɪɧɚɥ ɫɨɡɞɚɟɬɫɹ ɩɨɞ ɢɦɟɧɟɦ Edbtemp.log, ɜ ɧɟɦ ɯɪɚɧɹɬɫɹ ɜɫɟ ɬɪɚɧɡɚɤɰɢɢ, ɚ ɡɚɬɟɦ ɠɭɪɧɚɥ Edb.log ɩɟɪɟɢɦɟɧɨɜɵɜɚɟɬɫɹ ɜ ɫɥɟɞɭɸɳɢɣ ɩɪɟɞɲɟɫɬɜɭɸɳɢɣ ɠɭɪɧɚɥ. Ⱦɚɥɟɟ ɠɭɪɧɚɥ Edbtemp.log ɩɟɪɟɢɦɟɧɨɜɵɜɚɟɬɫɹ ɜ ɠɭɪɧɚɥ Edb.log. • Resl.log ɢ Res2.log — ɪɟɡɟɪɜɧɵɟ ɠɭɪɧɚɥɵ, ɤɨɬɨɪɵɟ ɢɫɩɨɥɶɡɭɸɬɫɹ ɬɨɥɶɤɨ ɜ ɫɢɬɭɚɰɢɢ, ɤɨɝɞɚ ɧɚ ɠɟɫɬɤɨɦ ɞɢɫɤɟ ɡɚɤɚɧɱɢɜɚɟɬɫɹ ɫɜɨɛɨɞɧɨɟ ɩɪɨɫɬɪɚɧɫɬɜɨ. ȿɫɥɢ ɬɟɤɭɳɢɣ ɠɭɪɧɚɥ ɡɚɩɨɥɧɟɧ, ɚ ɫɟɪɜɟɪ ɧɟ ɦɨɠɟɬ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɠɭɪɧɚɥ, ɩɨɬɨɦɭ ɱɬɨ ɧɚ ɠɟɫɬɤɨɦ ɞɢɫɤɟ ɧɟɬ ɫɜɨɛɨɞɧɨɝɨ ɩɪɨɫɬɪɚɧɫɬɜɚ, ɫɟɪɜɟɪ ɩɨɞɚɜɢɬ ɥɸɛɵɟ ɬɪɚɧɡɚɤɰɢɢ Active Directory, ɧɚɯɨɞɹɳɢɟɫɹ ɜ ɧɚɫɬɨɹɳɟɟ ɜɪɟɦɹ ɜ ɩɚɦɹɬɢ, ɢɫɩɨɥɶɡɭɟɬ ɦɟɫɬɨ ɞɥɹ ɪɟɡɟɪɜɧɵɯ ɠɭɪɧɚɥɨɜ, ɚ ɡɚɬɟɦ ɡɚɜɟɪɲɢɬ ɪɚɛɨɬɭ Active Directory. Ɋɚɡɦɟɪ ɤɚɠɞɨɝɨ ɢɡ ɷɬɢɯ ɠɭɪɧɚɥɨɜ ɬɚɤɠɟ 10 Ɇɛ. С . Microsoft Exchange Server, Active Directory . Active Directory , Exchange Server 4 . Ʉɚɠɞɚɹ ɦɨɞɢɮɢɤɚɰɢɹ ɤ ɛɚɡɟ ɞɚɧɧɵɯ Active Directory ɧɚɡɵɜɚɟɬɫɹ ɬɪɚɧɡɚɤɰɢɟɣ. Ɍɪɚɧɡɚɤɰɢɹ ɦɨɠɟɬ ɫɨɫɬɨɹɬɶ ɢɡ ɧɟɫɤɨɥɶɤɢɯ ɲɚɝɨɜ. ɇɚɩɪɢɦɟɪ, ɤɨɝɞɚ ɩɨɥɶɡɨɜɚɬɟɥɶ ɩɟɪɟɦɟɳɚɟɬɫɹ ɢɡ ɨɞɧɨɣ ɨɪɝɚɧɢɡɚɰɢɨɧɧɨɣ ɟɞɢɧɢɰɵ (OU) ɜ ɞɪɭɝɭɸ, ɜ OU-ɚɞɪɟɫɚɬɟ ɞɨɥɠɟɧ ɛɵɬɶ ɫɨɡɞɚɧ ɧɨɜɵɣ ɨɛɴɟɤɬ, ɚ ɜ OU-ɢɫɬɨɱɧɢɤɟ ɭɞɚɥɟɧ ɫɬɚɪɵɣ ɨɛɴɟɤɬ. ɑɬɨɛɵ ɬɪɚɧɡɚɤɰɢɹ ɛɵɥɚ ɡɚɤɨɧɱɟɧɚ, ɨɛɚ ɲɚɝɚ ɞɨɥɠɧɵ ɛɵɬɶ ɜɵɩɨɥɧɟɧɵ, ɟɫɥɢ ɨɞɢɧ ɢɡ ɲɚɝɨɜ ɩɨɬɟɪɩɢɬ ɧɟɭɞɚɱɭ, ɜɫɹ ɬɪɚɧɡɚɤɰɢɹ ɞɨɥɠɧɚ ɩɨɥɭɱɢɬɶ ɨɬɤɚɬ, ɱɬɨɛɵ ɧɢɤɚɤɨɣ ɲɚɝ ɧɟ ɛɵɥ ɡɚɫɱɢɬɚɧ. Ʉɨɝɞɚ ɜɫɟ ɲɚɝɢ ɜ ɬɪɚɧɡɚɤɰɢɢ ɜɵɩɨɥɧɟɧɵ, ɬɪɚɧɡɚɤɰɢɹ ɫɱɢɬɚɟɬɫɹ ɡɚɤɨɧɱɟɧɧɨɣ. ɂɫɩɨɥɶɡɭɹ ɦɨɞɟɥɶ ɬɪɚɧɡɚɤɰɢɣ, ɫɢɫɬɟɦɚ Windows Server 2003 ɝɚɪɚɧɬɢɪɭɟɬ, ɱɬɨ ɛɚɡɚ ɞɚɧɧɵɯ ɜɫɟɝɞɚ ɨɫɬɚɟɬɫɹ ɜ ɫɨɝɥɚɫɨɜɚɧɧɨɦ ɫɨɫɬɨɹɧɢɢ. ȼɫɹɤɢɣ ɪɚɡ, ɤɨɝɞɚ ɜ ɛɚɡɟ ɞɚɧɧɵɯ Active Directory ɞɟɥɚɟɬɫɹ ɤɚɤɨɟ-ɥɢɛɨ ɢɡɦɟɧɟɧɢɟ (ɧɚɩɪɢɦɟɪ, ɢɡɦɟɧɹɟɬɫɹ ɧɨɦɟɪ ɬɟɥɟɮɨɧɚ ɩɨɥɶɡɨɜɚɬɟɥɹ), ɨɧɨ ɫɧɚɱɚɥɚ ɡɚɩɢɫɵɜɚɟɬɫɹ ɜ ɠɭɪɧɚɥ ɬɪɚɧɡɚɤɰɢɣ. ɉɨɫɤɨɥɶɤɭ ɠɭɪɧɚɥ ɬɪɚɧɡɚɤɰɢɣ ɹɜɥɹɟɬɫɹ ɬɟɤɫɬɨɜɵɦ ɮɚɣɥɨɦ, ɜ ɤɨɬɨɪɨɦ ɢɡɦɟɧɟɧɢɹ ɡɚɩɢɫɵɜɚɸɬɫɹ ɩɨɫɥɟɞɨɜɚɬɟɥɶɧɨ, ɬɨ ɡɚɩɢɫɶ ɜ ɠɭɪɧɚɥ ɬɪɚɧɡɚɤɰɢɣ ɩɪɨɢɫɯɨɞɢɬ ɧɚɦɧɨɝɨ ɛɵɫɬɪɟɟ, ɱɟɦ ɡɚɩɢɫɶ ɜ ɛɚɡɭ ɞɚɧɧɵɯ. ɉɨɷɬɨɦɭ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɠɭɪɧɚɥɨɜ ɬɪɚɧɡɚɤɰɢɣ ɭɥɭɱɲɚɟɬ ɪɚɛɨɬɭ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ.
Ʉɚɤ ɬɨɥɶɤɨ ɬɪɚɧɡɚɤɰɢɹ ɛɵɥɚ ɡɚɩɢɫɚɧɚ ɜ ɠɭɪɧɚɥ ɬɪɚɧɡɚɤɰɢɣ, ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɡɚɝɪɭɠɚɟɬ ɫɬɪɚɧɢɰɭ ɛɚɡɵ ɞɚɧɧɵɯ, ɫɨɞɟɪɠɚɳɭɸ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɨɛɴɟɤɬ, ɜ ɩɚɦɹɬɶ (ɟɫɥɢ ɨɧɚ ɟɳɟ ɧɟ ɧɚɯɨɞɢɬɫɹ ɜ ɩɚɦɹɬɢ). ȼɫɟ ɢɡɦɟɧɟɧɢɹ ɤ ɛɚɡɟ ɞɚɧɧɵɯ Active Directory ɞɟɥɚɸɬɫɹ ɜ ɩɚɦɹɬɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ʉɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢɫɩɨɥɶɡɭɟɬ ɦɚɤɫɢɦɚɥɶɧɨ ɞɨɫɬɭɩɧɵɣ ɨɛɴɟɦ ɩɚɦɹɬɢ, ɢ ɯɪɚɧɢɬ ɜ ɩɚɦɹɬɢ ɦɚɤɫɢɦɚɥɶɧɨ ɛɨɥɶɲɭɸ ɱɚɫɬɶ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. Ʉɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɭɞɚɥɹɟɬ ɫɬɪɚɧɢɰɵ ɛɚɡɵ ɞɚɧɧɵɯ ɢɡ ɩɚɦɹɬɢ ɬɨɥɶɤɨ ɬɨɝɞɚ, ɤɨɝɞɚ ɫɜɨɛɨɞɧɚɹ ɩɚɦɹɬɶ ɫɬɚɧɨɜɢɬɫɹ ɨɝɪɚɧɢɱɟɧɧɨɣ, ɢɥɢ ɤɨɝɞɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜɵɤɥɸɱɚɟɬɫɹ. ɂɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɤ ɫɬɪɚɧɢɰɚɦ ɛɚɡɵ ɞɚɧɧɵɯ, ɩɟɪɟɩɢɫɵɜɚɸɬɫɹ ɜ ɛɚɡɭ ɞɚɧɧɵɯ ɬɨɥɶɤɨ ɬɨɝɞɚ, ɤɨɝɞɚ ɫɟɪɜɟɪ ɦɚɥɨ ɢɫɩɨɥɶɡɭɟɬɫɹ ɢɥɢ ɩɪɢ ɟɝɨ ɜɵɤɥɸɱɟɧɢɢ. ɀɭɪɧɚɥɵ ɬɪɚɧɡɚɤɰɢɣ ɧɟ ɬɨɥɶɤɨ ɭɥɭɱɲɚɸɬ ɪɚɛɨɬɭ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɨɛɟɫɩɟɱɢɜɚɹ ɦɟɫɬɨ ɞɥɹ ɛɵɫɬɪɨɣ ɡɚɩɢɫɢ ɢɡɦɟɧɟɧɢɣ, ɧɨ ɢ ɨɛɟɫɩɟɱɢɜɚɸɬ ɜɨɡɦɨɠɧɨɫɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɞɚɧɧɵɯ ɜ ɫɥɭɱɚɟ ɨɬɤɚɡɚ ɫɟɪɜɟɪɚ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɛɵɥɨ ɫɞɟɥɚɧɨ ɢɡɦɟɧɟɧɢɟ, ɨɬɧɨɫɹɳɟɟɫɹ ɤ Active Directory, ɬɨ ɨɧɨ ɡɚɩɢɫɵɜɚɟɬɫɹ ɜ ɠɭɪɧɚɥ ɬɪɚɧɡɚɤɰɢɣ, ɚ ɡɚɬɟɦ ɧɚ ɫɬɪɚɧɢɰɭ ɛɚɡɵ ɞɚɧɧɵɯ, ɧɚɯɨɞɹɳɭɸɫɹ ɜ ɩɚɦɹɬɢ ɫɟɪɜɟɪɚ. ȿɫɥɢ ɜ ɷɬɨɬ ɦɨɦɟɧɬ ɫɟɪɜɟɪ ɧɟɨɠɢɞɚɧɧɨ ɜɵɤɥɸɱɚɟɬɫɹ, ɬɨ ɢɡɦɟɧɟɧɢɹ ɧɟ ɛɭɞɭɬ ɩɟɪɟɞɚɧɵ ɢɡ ɩɚɦɹɬɢ ɫɟɪɜɟɪɚ ɜ ɛɚɡɭ ɞɚɧɧɵɯ. Ʉɨɝɞɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɛɭɞɟɬ ɩɟɪɟɡɚɩɭɳɟɧ, ɨɧ ɧɚɣɞɟɬ ɜ ɠɭɪɧɚɥɟ ɜɫɟ ɬɪɚɧɡɚɤɰɢɢ, ɤɨɬɨɪɵɟ ɟɳɟ ɧɟ ɛɵɥɢ ɩɟɪɟɞɚɧɵ ɜ ɛɚɡɭ ɞɚɧɧɵɯ. Ɂɚɬɟɦ ɷɬɢ ɢɡɦɟɧɟɧɢɹ ɩɪɢɦɟɧɹɬɫɹ ɤ ɛɚɡɟ ɞɚɧɧɵɯ ɩɪɢ ɡɚɩɭɫɤɟ ɫɥɭɠɛ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ȼ ɩɪɨɰɟɫɫɟ ɷɬɨɝɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɢɫɩɨɥɶɡɭɟɬɫɹ ɮɚɣɥ ɤɨɧɬɪɨɥɶɧɨɣ ɬɨɱɤɢ. Ɏɚɣɥ ɤɨɧɬɪɨɥɶɧɨɣ ɬɨɱɤɢ ɹɜɥɹɟɬɫɹ ɭɤɚɡɚɬɟɥɟɦ ɧɚ ɬɨ, ɤɚɤɢɟ ɬɪɚɧɡɚɤɰɢɢ ɢɡ ɢɦɟɸɳɢɯɫɹ ɜ ɠɭɪɧɚɥɟ ɬɪɚɧɡɚɤɰɢɣ, ɛɵɥɢ ɩɟɪɟɩɢɫɚɧɵ ɜ ɛɚɡɭ ɞɚɧɧɵɯ. ȼ ɩɪɨɰɟɫɫɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɱɢɬɚɟɬ ɮɚɣɥ ɤɨɧɬɪɨɥɶɧɨɣ ɬɨɱɤɢ, ɨɩɪɟɞɟɥɹɹ, ɤɚɤɢɟ ɬɪɚɧɡɚɤɰɢɢ ɛɵɥɢ ɩɟɪɟɞɚɧɵ ɛɚɡɟ ɞɚɧɧɵɯ, ɚ ɡɚɬɟɦ ɨɧ ɞɨɛɚɜɥɹɟɬ ɜ ɛɚɡɭ ɞɚɧɧɵɯ ɢɡɦɟɧɟɧɢɹ, ɤɨɬɨɪɵɟ ɟɳɟ ɧɟ ɛɵɥɢ ɩɟɪɟɞɚɧɵ. . . Э , . ɋɥɭɠɛɚ Active Directory Windows Server 2003 ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ ɞɥɹ ɰɢɪɤɭɥɹɪɧɨɣ (circular) ɪɟɝɢɫɬɪɚɰɢɢ, ɢ ɷɬɚ ɤɨɧɮɢɝɭɪɚɰɢɹ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɢɡɦɟɧɟɧɚ. ɉɪɢ ɰɢɪɤɭɥɹɪɧɨɣ ɪɟɝɢɫɬɪɚɰɢɢ ɫɨɯɪɚɧɹɸɬɫɹ ɬɨɥɶɤɨ ɬɟ ɩɪɟɞɲɟɫɬɜɭɸɳɢɟ ɠɭɪɧɚɥɵ, ɫɨɞɟɪɠɚɳɢɟ ɬɪɚɧɡɚɤɰɢɢ, ɤɨɬɨɪɵɟ ɧɟ ɛɵɥɢ ɩɟɪɟɩɢɫɚɧɵ ɜ ɛɚɡɭ ɞɚɧɧɵɯ. ɉɨ ɦɟɪɟ ɩɟɪɟɞɚɱɢ ɢɧɮɨɪɦɚɰɢɢ ɢɡ ɩɪɟɞɲɟɫɬɜɭɸɳɟɝɨ ɠɭɪɧɚɥɚ ɜ ɛɚɡɭ ɞɚɧɧɵɯ ɠɭɪɧɚɥ ɭɞɚɥɹɟɬɫɹ. ɐɢɪɤɭɥɹɪɧɚɹ ɪɟɝɢɫɬɪɚɰɢɹ ɩɪɟɞɨɬɜɪɚɳɚɟɬ ɩɨɬɟɪɸ ɞɚɧɧɵɯ ɜ ɫɥɭɱɚɟ ɫɛɨɹ ɧɚ ɠɟɫɬɤɨɦ ɞɢɫɤɟ ɜɚɲɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɤɨɝɞɚ ɜɵ ɛɭɞɟɬɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɛɚɡɭ ɞɚɧɧɵɯ ɢɡ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ. ɉɪɟɞɩɨɥɨɠɢɦ, ɱɬɨ ɜɵ ɜɵɩɨɥɧɹɟɬɟ ɪɟɡɟɪɜɧɨɟ ɤɨɩɢɪɨɜɚɧɢɟ Active Directory ɤɚɠɞɭɸ ɧɨɱɶ, ɧɨ ɠɟɫɬɤɢɣ ɞɢɫɤ ɜɚɲɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɫɥɨɦɚɥɫɹ ɜ 17:00, ɩɨɫɥɟ ɬɨɝɨ ɤɚɤ ɜɵ ɫɞɟɥɚɥɢ ɧɟɫɤɨɥɶɤɨ ɫɨɬɟɧ ɢɡɦɟɧɟɧɢɣ ɤ ɛɚɡɟ ɞɚɧɧɵɯ ɜ ɬɟɱɟɧɢɟ ɞɧɹ. ɉɨ ɦɟɪɟ ɜɵɩɨɥɧɟɧɢɹ ɢɡɦɟɧɟɧɢɣ ɩɪɟɞɲɟɫɬɜɭɸɳɢɟ ɠɭɪɧɚɥɵ ɬɪɚɧɡɚɤɰɢɣ ɭɞɚɥɹɥɢɫɶ, ɩɨɫɤɨɥɶɤɭ ɢɧɮɨɪɦɚɰɢɹ ɢɡ ɧɢɯ ɩɟɪɟɞɚɜɚɥɚɫɶ ɜ ɛɚɡɭ ɞɚɧɧɵɯ Active Directory. Ʉɨɝɞɚ ɜɵ ɜɨɫɫɬɚɧɨɜɢɬɟ ɛɚɡɭ ɞɚɧɧɵɯ ɤ ɫɨɫɬɨɹɧɢɸ, ɫɨɨɬɜɟɬɫɬɜɭɸɳɟɟ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɩɪɟɞɵɞɭɳɟɣ ɧɨɱɢ, ɜɫɟ ɢɡɦɟɧɟɧɢɹ, ɤɨɬɨɪɵɟ ɜɵ ɫɞɟɥɚɥɢ ɜ ɬɟɱɟɧɢɟ ɞɧɹ, ɛɭɞɭɬ ɩɨɬɟɪɹɧɵ. ȿɞɢɧɫɬɜɟɧɧɵɣ ɫɩɨɫɨɛ ɩɪɟɞɨɬɜɪɚɬɢɬɶ ɷɬɭ ɩɨɬɟɪɸ ɞɚɧɧɵɯ ɫɨɫɬɨɢɬ ɜ ɪɚɡɜɟɪɬɵɜɚɧɢɢ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɞɜɭɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɪɟɩɥɢɰɢɪɭɸɬ ɢɧɮɨɪɦɚɰɢɸ ɞɪɭɝ ɞɪɭɝɭ ɜ ɬɟɱɟɧɢɟ ɞɧɹ. ȿɫɥɢ ɩɪɨɢɡɨɣɞɟɬ ɫɛɨɣ ɧɚ ɨɞɧɨɦ ɢɡ ɜɚɲɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɬɨ ɜɵ ɫɦɨɠɟɬɟ ɜɨɫɫɬɚɧɨɜɢɬɶ ɧɚ ɧɟɦ ɛɚɡɭ ɞɚɧɧɵɯ ɢɡ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ, ɚ ɜɫɟ ɜɵ ɢɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɜ ɬɟɱɟɧɢɟ ɞɧɹ, ɛɭɞɭɬ ɫɤɨɩɢɪɨɜɚɧɵ ɧɚ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɣ ɫɟɪɜɟɪ.
Active Directory
ɉɪɨɟɤɬ Active Directory ɧɚɥɚɝɚɟɬ ɧɟɤɨɬɨɪɵɟ ɜɚɠɧɵɟ ɨɝɪɚɧɢɱɟɧɢɹ ɧɚ ɫɨɡɞɚɧɢɟ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ Active Directory. ɇɚɢɛɨɥɟɟ ɜɚɠɧɨɟ ɢɡ ɷɬɢɯ ɨɝɪɚɧɢɱɟɧɢɣ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ Active Directory ɦɨɠɟɬ ɤɨɩɢɪɨɜɚɬɶɫɹ ɬɨɥɶɤɨ ɤɚɤ ɱɚɫɬɶ ɞɚɧɧɵɯ ɫɢɫɬɟɦɧɨɝɨ ɫɨɫɬɨɹɧɢɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ⱦɚɧɧɵɟ ɫɢɫɬɟɦɧɨɝɨ ɫɨɫɬɨɹɧɢɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜɤɥɸɱɚɸɬ: • ɛɚɡɭ ɞɚɧɧɵɯ Active Directory ɢ ɠɭɪɧɚɥɵ ɬɪɚɧɡɚɤɰɢɣ; • ɫɢɫɬɟɦɧɵɟ ɮɚɣɥɵ ɢ ɮɚɣɥɵ ɡɚɩɭɫɤɚ, ɧɚɯɨɞɹɳɢɟɫɹ ɩɨɞ ɡɚɳɢɬɨɣ Windows; • ɫɢɫɬɟɦɧɵɣ ɪɟɟɫɬɪ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ; • ɜɫɸ ɡɨɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ DNS, ɢɧɬɟɝɪɢɪɨɜɚɧɧɭɸ ɫ Active Directory; • ɩɚɩɤɭ Sysvol;
• •
ɛɚɡɭ ɞɚɧɧɵɯ ɪɟɝɢɫɬɪɚɰɢɢ ɤɥɚɫɫɨɜ ɋɈɆ+; ɛɚɡɭ ɞɚɧɧɵɯ ɫɥɭɠɛɵ ɫɟɪɬɢɮɢɤɚɬɨɜ (ɟɫɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɹɜɥɹɟɬɫɹ ɬɚɤɠɟ ɫɟɪɜɟɪɨɦ ɫɥɭɠɛɵ ɫɟɪɬɢɮɢɤɚɬɨɜ); • ɢɧɮɨɪɦɚɰɢɸ ɤɥɚɫɬɟɪɧɨɣ ɫɥɭɠɛɵ; • ɦɟɬɚɤɚɬɚɥɨɝɢ ɢɧɮɨɪɦɚɰɢɨɧɧɨɣ ɢɧɬɟɪɧɟɬ-ɫɥɭɠɛɵ Microsoft (IIS) (ɟɫɥɢ ɫɥɭɠɛɚ IIS ɭɫɬɚɧɨɜɥɟɧɚ ɧɚ ɤɨɦɩɶɸɬɟɪɟ). ȼɫɟ ɷɬɢ ɤɨɦɩɨɧɟɧɬɵ ɞɨɥɠɧɵ ɤɨɩɢɪɨɜɚɬɶɫɹ ɢ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶɫɹ ɰɟɥɢɤɨɦ ɢɡ-ɡɚ ɢɯ ɬɟɫɧɨɣ ɢɧɬɟɝɪɚɰɢɢ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɧɚ ɫɟɪɜɟɪɟ ɫɥɭɠɛɵ ɫɟɪɬɢɮɢɤɚɬɨɜ ɛɵɥ ɫɨɡɞɚɧ ɫɟɪɬɢɮɢɤɚɬ, ɤɨɬɨɪɵɣ ɛɵɥ ɧɚɡɧɚɱɟɧ ɧɚ ɨɛɴɟɤɬ Active Directory, ɬɨ ɛɚɡɚ ɞɚɧɧɵɯ ɫɥɭɠɛɵ ɫɟɪɬɢɮɢɤɚɬɨɜ (ɫɨɞɟɪɠɚɳɚɹ ɡɚɩɢɫɶ ɨ ɫɨɡɞɚɧɢɢ ɨɛɴɟɤɬɚ) ɢ ɨɛɴɟɤɬ Active Directory (ɫɨɞɟɪɠɚɳɢɣ ɡɚɩɢɫɶ ɨ ɬɨɦ, ɱɬɨ ɫɟɪɬɢɮɢɤɚɬ ɧɚɡɧɚɱɟɧ ɧɚ ɨɛɴɟɤɬ) ɞɨɥɠɧɵ ɛɵɬɶ ɫɨɯɪɚɧɟɧɵ. ȿɫɥɢ ɜɨɫɫɬɚɧɨɜɥɟɧ ɬɨɥɶɤɨ ɨɞɢɧ ɢɡ ɷɬɢɯ ɤɨɦɩɨɧɟɧɬɨɜ, ɜɵ ɛɭɞɟɬɟ ɢɦɟɬɶ ɩɪɨɬɢɜɨɪɟɱɢɜɭɸ ɢɧɮɨɪɦɚɰɢɸ. ɉɪɨɝɪɚɦɦɵ ɪɟɡɟɪɜɧɨɝɨ ɤɨɩɢɪɨɜɚɧɢɹ (backup) ɦɨɝɭɬ ɞɟɥɚɬɶ ɪɚɡɥɢɱɧɵɟ ɬɢɩɵ ɪɟɡɟɪɜɧɵɯ ɤɨɩɢɣ, ɜɤɥɸɱɚɹ ɧɨɪɦɚɥɶɧɵɟ, ɞɨɛɚɜɨɱɧɵɟ, ɞɢɮɮɟɪɟɧɰɢɪɨɜɚɧɧɵɟ ɢ ɬ.ɞ. Ɋɟɡɟɪɜɧɨɟ ɤɨɩɢɪɨɜɚɧɢɟ ɫɢɫɬɟɦɧɨɝɨ ɫɨɫɬɨɹɧɢɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜɫɟɝɞɚ ɹɜɥɹɟɬɫɹ ɧɨɪɦɚɥɶɧɵɦ ɤɨɩɢɪɨɜɚɧɢɟɦ, ɤɨɝɞɚ ɜɫɟ ɮɚɣɥɵ, ɨɬɧɨɫɹɳɢɟɫɹ ɤ System State (ɋɨɫɬɨɹɧɢɟ ɫɢɫɬɟɦɵ) ɤɨɩɢɪɭɸɬɫɹ ɢ ɨɬɦɟɱɚɸɬɫɹ ɤɚɤ ɤɨɩɢɪɭɟɦɵɟ. . Administrators ( ) Backup Operators ( ) . Ʉɚɤɨɣ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɫɥɟɞɭɟɬ ɤɨɩɢɪɨɜɚɬɶ? Ɉɛɳɚɹ ɩɪɚɤɬɢɤɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɞɨɥɠɧɵ ɭɱɚɫɬɜɨɜɚɬɶ ɜ ɰɢɤɥɟ ɪɟɝɭɥɹɪɧɨɝɨ ɪɟɡɟɪɜɧɨɝɨ ɤɨɩɢɪɨɜɚɧɢɹ. Ɉɞɧɨ ɢɫɤɥɸɱɟɧɢɟ ɤ ɷɬɨɦɭ ɩɪɚɜɢɥɭ ɦɨɠɧɨ ɫɞɟɥɚɬɶ, ɟɫɥɢ ɭ ɜɚɫ ɢɦɟɟɬɫɹ ɧɟɫɤɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɜ ɨɞɧɨɦ ɨɮɢɫɟ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɜɵ ɦɨɠɟɬɟ ɨɫɭɳɟɫɬɜɥɹɬɶ ɬɚɤɭɸ ɩɪɨɰɟɞɭɪɭ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɜ ɤɨɬɨɪɨɣ ɜɧɚɱɚɥɟ ɛɭɞɟɬ ɭɫɬɚɧɚɜɥɢɜɚɬɶɫɹ ɧɨɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɚ ɡɚɬɟɦ ɡɚɩɨɥɧɹɬɶɫɹ ɟɝɨ ɤɚɬɚɥɨɝ ɩɭɬɟɦ ɪɟɩɥɢɤɚɰɢɢ. Ɉɞɧɚɤɨ ɞɚɠɟ ɜ ɷɬɨɦ ɫɰɟɧɚɪɢɢ ɫɥɟɞɭɟɬ ɫɨɡɞɚɜɚɬɶ ɪɟɡɟɪɜɧɵɟ ɤɨɩɢɢ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɧɟɤɨɬɨɪɵɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɧɚ ɫɥɭɱɚɣ ɬɚɤɨɣ ɤɚɬɚɫɬɪɨɮɵ, ɩɪɢ ɤɨɬɨɪɨɣ ɛɭɞɭɬ ɜɵɜɟɞɟɧɵ ɢɡ ɫɬɪɨɹ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɨɮɢɫɟ. ȼ ɥɸɛɨɦ ɫɥɭɱɚɟ ɜɵ ɞɨɥɠɧɵ ɫɨɡɞɚɬɶ ɪɟɡɟɪɜɧɵɟ ɤɨɩɢɢ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ. Ⱦɪɭɝɚɹ ɩɪɨɛɥɟɦɚ, ɤɨɬɨɪɭɸ ɧɭɠɧɨ ɪɚɫɫɦɨɬɪɟɬɶ ɜ ɫɜɹɡɢ ɫ ɪɟɡɟɪɜɧɵɦ ɤɨɩɢɪɨɜɚɧɢɟɦ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ - ɷɬɨ ɱɚɫɬɨɬɚ ɫɨɡɞɚɧɢɹ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ. ɋɥɭɠɛɚ Active Directory ɩɪɟɞɩɨɥɚɝɚɟɬ, ɱɬɨ ɞɚɜɧɨɫɬɶ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɧɟ ɦɨɠɟɬ ɩɪɟɜɵɲɚɬɶ ɜɪɟɦɹ ɠɢɡɧɢ ɨɛɴɟɤɬɨɜ-ɩɚɦɹɬɧɢɤɨɜ, ɤɨɬɨɪɚɹ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧɚ ɞɥɹ ɜɚɲɟɝɨ ɞɨɦɟɧɚ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɜɪɟɦɹ ɠɢɡɧɢ ɨɛɴɟɤɬɚ-ɩɚɦɹɬɧɢɤɚ ɫɨɫɬɚɜɥɹɟɬ 60 ɞɧɟɣ. ɉɪɢɱɢɧɚ ɷɬɨɝɨ ɨɝɪɚɧɢɱɟɧɢɹ ɫɜɹɡɚɧɚ ɫ ɬɟɦ ɫɩɨɫɨɛɨɦ, ɤɨɬɨɪɵɦ Active Directory ɢɫɩɨɥɶɡɭɟɬ ɨɛɴɟɤɬɵ-ɩɚɦɹɬɧɢɤɢ. Ʉɨɝɞɚ ɨɛɴɟɤɬ ɭɞɚɥɟɧ, ɨɧ ɮɚɤɬɢɱɟɫɤɢ ɧɟ ɭɞɚɥɹɟɬɫɹ ɢɡ ɤɚɬɚɥɨɝɚ ɞɨ ɬɟɯ ɩɨɪ, ɩɨɤɚ ɧɟ ɢɫɬɟɱɟɬ ɜɪɟɦɹ ɠɢɡɧɢ ɨɛɴɟɤɬɚ-ɩɚɦɹɬɧɢɤɚ. ȼɦɟɫɬɨ ɷɬɨɝɨ ɨɛɴɟɤɬ ɦɚɪɤɢɪɭɟɬɫɹ ɤɚɤ ɨɛɴɟɤɬɩɚɦɹɬɧɢɤ, ɢ ɛɨɥɶɲɢɧɫɬɜɨ ɟɝɨ ɚɬɪɢɛɭɬɨɜ ɭɞɚɥɹɸɬɫɹ. Ɂɚɬɟɦ ɨɛɴɟɤɬ-ɩɚɦɹɬɧɢɤ ɤɨɩɢɪɭɟɬɫɹ ɧɚ ɜɫɟ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. ɉɨ ɢɫɬɟɱɟɧɢɢ ɜɪɟɦɟɧɢ ɠɢɡɧɢ ɨɛɴɟɤɬɚ-ɩɚɦɹɬɧɢɤɚ ɨɧ, ɧɚɤɨɧɟɰ, ɭɞɚɥɹɟɬɫɹ ɢɡ ɤɚɬɚɥɨɝɚ ɧɚ ɤɚɠɞɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɨɫɫɬɚɧɨɜɢɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢɡ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ, ɞɚɜɧɨɫɬɶ ɤɨɬɨɪɨɣ ɩɪɟɜɵɲɚɟɬ ɜɪɟɦɹ ɠɢɡɧɢ ɨɛɴɟɤɬɚ-ɩɚɦɹɬɧɢɤɚ, ɬɨ ɜ ɤɚɬɚɥɨɝɟ ɦɨɠɧɨ ɨɛɧɚɪɭɠɢɬɶ ɢɧɮɨɪɦɚɰɢɸ, ɧɟɫɨɝɥɚɫɨɜɚɧɧɭɸ ɦɟɠɞɭ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ. Ⱦɨɩɭɫɬɢɦ, ɱɬɨ ɩɨɥɶɡɨɜɚɬɟɥɶ ɛɵɥ ɭɞɚɥɟɧ ɢɡ ɤɚɬɚɥɨɝɚ ɱɟɪɟɡ ɞɟɧɶ ɩɨɫɥɟ ɫɨɡɞɚɧɢɹ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ, ɚ ɫɨɨɬɜɟɬɫɬɜɭɸɳɢɣ ɨɛɴɟɤɬ-ɩɚɦɹɬɧɢɤ ɨɫɬɚɜɚɥɫɹ ɜ ɤɚɬɚɥɨɝɟ 60 ɞɧɟɣ. ȿɫɥɢ ɛɵ ɪɟɡɟɪɜɧɚɹ ɤɨɩɢɹ ɛɵɥɚ ɜɨɫɫɬɚɧɨɜɥɟɧɚ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɛɨɥɟɟ, ɱɟɦ ɱɟɪɟɡ 60 ɞɧɟɣ, ɩɨɫɥɟ ɬɨɝɨ ɤɚɤ ɨɛɴɟɤɬ ɫɬɚɥ ɨɛɴɟɤɬɨɦ-ɩɚɦɹɬɧɢɤɨɦ, ɬɨ ɧɚ ɜɨɫɫɬɚɧɨɜɥɟɧɧɨɦ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɛɵɥ ɛɵ ɷɬɨɬ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɢɣ ɨɛɴɟɤɬ, ɢ ɩɨɫɤɨɥɶɤɭ ɨɛɴɟɤɬ-ɩɚɦɹɬɧɢɤ ɛɨɥɟɟ ɧɟ ɫɭɳɟɫɬɜɭɟɬ, ɬɨ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɧɟ ɫɬɚɥ ɛɵ ɟɝɨ ɭɞɚɥɹɬɶ. ȼ ɬɚɤɨɦ ɫɰɟɧɚɪɢɢ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢɦɟɥ ɛɵ ɤɨɩɢɸ ɨɛɴɟɤɬɚ, ɤɨɬɨɪɵɣ ɧɟ ɫɭɳɟɫɬɜɭɟɬ ɧɢ ɜ ɤɚɤɨɦ ɞɪɭɝɨɦ ɤɚɬɚɥɨɝɟ. ɉɨ ɷɬɨɣ ɩɪɢɱɢɧɟ ɫɢɫɬɟɦɚ ɪɟɡɟɪɜɢɪɨɜɚɧɢɹ ɢ ɩɪɨɝɪɚɦɦɚ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɩɪɟɞɨɬɜɪɚɳɚɸɬ ɩɨɩɵɬɤɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɤɚɬɚɥɨɝɚ ɢɡ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ, ɯɪɚɧɹɳɟɣɫɹ ɞɨɥɶɲɟ, ɱɟɦ ɩɟɪɢɨɞ ɭɞɚɥɟɧɢɹ ɨɛɴɟɤɬɨɜ-ɩɚɦɹɬɧɢɤɨɜ. ɏɨɬɹ ɜɪɟɦɹ ɠɢɡɧɢ ɨɛɴɟɤɬɨɜ-ɩɚɦɹɬɧɢɤɨɜ ɧɚɤɥɚɞɵɜɚɟɬ ɠɟɫɬɤɨɟ ɨɝɪɚɧɢɱɟɧɢɟ ɧɚ ɱɚɫɬɨɬɭ ɪɟɡɟɪɜɧɨɝɨ ɤɨɩɢɪɨɜɚɧɢɹ, ɜɵ, ɨɱɟɜɢɞɧɨ, ɞɨɥɠɧɵ ɫɨɡɞɚɜɚɬɶ ɪɟɡɟɪɜɧɵɟ ɤɨɩɢɢ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɝɨɪɚɡɞɨ ɱɚɳɟ, ɱɟɦ ɤɚɠɞɵɟ 60 ɞɧɟɣ. ȼɨɡɧɢɤɧɟɬ ɦɧɨɝɨ ɩɪɨɛɥɟɦ, ɟɫɥɢ ɜɵ ɩɨɩɪɨɛɭɟɬɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢɡ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ, ɛɨɥɟɟ ɞɚɜɧɟɣ, ɱɟɦ ɩɚɪɚ ɞɧɟɣ. ɉɨɫɤɨɥɶɤɭ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ Active Directory ɜɤɥɸɱɚɟɬ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɜɫɟɣ ɢɧɮɨɪɦɚɰɢɢ ɨ ɫɨɫɬɨɹɧɢɢ ɫɢɫɬɟɦɵ, ɬɨ ɷɬɚ ɢɧɮɨɪɦɚɰɢɹ ɛɭɞɟɬ ɜɨɫɫɬɚɧɨɜɥɟɧɚ ɞɨ ɩɪɟɞɵɞɭɳɟɝɨ ɫɨɫɬɨɹɧɢɹ. ȿɫɥɢ ɫɟɪɜɟɪ ɹɜɥɹɟɬɫɹ ɬɚɤɠɟ ɫɟɪɜɟɪɨɦ ɫɥɭɠɛɵ ɫɟɪɬɢɮɢɤɚɬɨɜ, ɬɨ ɜɫɟ ɭɞɨɫɬɨɜɟɪɟɧɢɹ, ɜɵɩɭɳɟɧɧɵɟ ɞɨ ɬɨɝɨ, ɤɚɤ ɛɵɥɚ ɫɨɡɞɚɧɚ
ɪɟɡɟɪɜɧɚɹ ɤɨɩɢɹ, ɧɟ ɛɭɞɭɬ ɜɤɥɸɱɟɧɵ ɜ ɛɚɡɭ ɞɚɧɧɵɯ ɫɥɭɠɛɵ ɫɟɪɬɢɮɢɤɚɬɨɜ. ȿɫɥɢ ɜɵ ɨɛɧɨɜɢɥɢ ɞɪɚɣɜɟɪɵ ɢɥɢ ɭɫɬɚɧɨɜɢɥɢ ɤɚɤɢɟ-ɥɢɛɨ ɧɨɜɵɟ ɩɪɢɥɨɠɟɧɢɹ, ɨɧɢ ɧɟ ɫɦɨɝɭɬ ɪɚɛɨɬɚɬɶ, ɩɨɬɨɦɭ ɱɬɨ ɛɭɞɟɬ ɫɞɟɥɚɧ ɨɬɤɚɬ ɫɢɫɬɟɦɧɨɝɨ ɪɟɟɫɬɪɚ ɤ ɩɪɟɞɵɞɭɳɟɦɭ ɫɨɫɬɨɹɧɢɸ. ɉɨɱɬɢ ɜɫɟ ɤɨɦɩɚɧɢɢ ɩɨɞɞɟɪɠɢɜɚɸɬ ɬɚɤɨɣ ɪɟɠɢɦ ɪɟɡɟɪɜɧɨɝɨ ɤɨɩɢɪɨɜɚɧɢɹ, ɜ ɤɨɬɨɪɨɦ ɧɟɤɨɬɨɪɵɟ ɫɟɪɜɟɪɵ ɤɨɩɢɪɭɸɬɫɹ ɤɚɠɞɭɸ ɧɨɱɶ. Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɞɨɥɠɧɵ ɜɤɥɸɱɚɬɶɫɹ ɜ ɬɚɤɨɣ ɪɟɠɢɦ ɪɟɡɟɪɜɢɪɨɜɚɧɢɹ.
Active Directory
ȿɫɬɶ ɞɜɟ ɩɪɢɱɢɧɵ, ɩɨ ɤɨɬɨɪɵɦ ɜɚɦ ɩɪɢɞɟɬɫɹ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ Active Directory. ɉɟɪɜɚɹ ɩɪɢɱɢɧɚ ɜɨɡɧɢɤɧɟɬ, ɤɨɝɞɚ ɜɚɲɚ ɛɚɡɚ ɞɚɧɧɵɯ ɫɬɚɧɟɬ ɧɟɩɪɢɝɨɞɧɨɣ ɞɥɹ ɢɫɩɨɥɶɡɨɜɚɧɢɹ, ɩɨɬɨɦɭ ɱɬɨ ɧɚ ɨɞɧɨɦ ɢɡ ɜɚɲɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɩɪɨɢɡɨɲɟɥ ɨɬɤɚɡ ɜ ɪɚɛɨɬɟ ɠɟɫɬɤɨɝɨ ɞɢɫɤɚ, ɢɥɢ ɛɚɡɚ ɞɚɧɧɵɯ ɢɫɩɨɪɱɟɧɚ ɞɨ ɬɚɤɨɣ ɫɬɟɩɟɧɢ, ɱɬɨ ɟɟ ɛɨɥɶɲɟ ɧɟ ɭɞɚɟɬɫɹ ɡɚɝɪɭɡɢɬɶ. ȼɬɨɪɚɹ ɩɪɢɱɢɧɚ ɜɨɡɧɢɤɧɟɬ, ɤɨɝɞɚ ɜ ɪɟɡɭɥɶɬɚɬɟ ɨɲɢɛɤɢ ɤɬɨ-ɬɨ ɭɞɚɥɢɥ OU, ɫɨɞɟɪɠɚɳɭɸ ɧɟɫɤɨɥɶɤɨ ɫɨɬɟɧ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɜɵ ɫɤɨɪɟɟ ɡɚɯɨɬɢɬɟ ɜɨɫɫɬɚɧɨɜɢɬɶ ɢɧɮɨɪɦɚɰɢɸ, ɱɟɦ ɜɜɨɞɢɬɶ ɟɟ ɩɨɜɬɨɪɧɨ. ȿɫɥɢ ɜɵ ɜɨɫɫɬɚɧɚɜɥɢɜɚɟɬɟ Active Directory, ɩɨɬɨɦɭ ɱɬɨ ɛɚɡɭ ɞɚɧɧɵɯ ɧɚ ɨɞɧɨɦ ɢɡ ɜɚɲɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɛɨɥɶɲɟ ɧɟɥɶɡɹ ɢɫɩɨɥɶɡɨɜɚɬɶ, ɭ ɜɚɫ ɟɫɬɶ ɞɜɚ ɜɚɪɢɚɧɬɚ. ɉɟɪɜɵɣ ɜɚɪɢɚɧɬ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɜɨɨɛɳɟ ɧɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ Active Directory ɧɚ ɨɬɤɚɡɚɜɲɟɦ ɫɟɪɜɟɪɟ, ɚ ɫɨɡɞɚɬɶ ɟɳɟ ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɧɚɡɧɚɱɢɜ ɞɪɭɝɨɣ ɫɟɪɜɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ ɫɢɫɬɟɦɚ Windows Server 2003, ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. Ɍɚɤɢɦ ɫɩɨɫɨɛɨɦ ɜɵ ɜɨɫɫɬɚɧɨɜɢɬɟ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɚ ɧɟ ɫɥɭɠɛɭ Active Directory ɧɚ ɨɩɪɟɞɟɥɟɧɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. ȼɬɨɪɨɣ ɜɚɪɢɚɧɬ ɫɨɫɬɨɢɬ ɜ ɜɨɫɫɬɚɧɨɜɥɟɧɢɢ ɨɬɤɚɡɚɜɲɟɝɨ ɫɟɪɜɟɪɚ ɢ ɩɨɫɥɟɞɭɸɳɟɦ ɜɨɫɫɬɚɧɨɜɥɟɧɢɢ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory ɧɚ ɷɬɨɦ ɫɟɪɜɟɪɟ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɜɵ ɜɵɩɨɥɧɢɬɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɩɪɢ ɨɬɫɭɬɫɬɜɢɢ ɩɨɥɧɨɦɨɱɢɣ (nonauthoritative). ɉɪɢ ɬɚɤɨɦ ɜɨɫɫɬɚɧɨɜɥɟɧɢɢ ɛɚɡɚ ɞɚɧɧɵɯ Active Directory ɜɨɫɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɚ ɡɚɬɟɦ ɜɫɟ ɢɡɦɟɧɟɧɢɹ, ɫɞɟɥɚɧɧɵɟ ɤ Active Directory ɩɨɫɥɟ ɫɨɡɞɚɧɢɹ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ, ɪɟɩɥɢɰɢɪɭɸɬɫɹ ɧɚ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɜɨɫɫɬɚɧɚɜɥɢɜɚɟɬɟ Active Directory, ɩɨɬɨɦɭ ɱɬɨ ɤɬɨ-ɬɨ ɭɞɚɥɢɥ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɨɛɴɟɤɬɨɜ ɢɡ ɤɚɬɚɥɨɝɚ, ɭ ɜɚɫ ɟɫɬɶ ɬɨɥɶɤɨ ɨɞɢɧ ɫɩɨɫɨɛ. ȼɵ ɞɨɥɠɧɵ ɜɨɫɫɬɚɧɨɜɢɬɶ ɛɚɡɭ ɞɚɧɧɵɯ Active Directory ɧɚ ɨɞɧɨɦ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɢɫɩɨɥɶɡɭɹ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ, ɤɨɬɨɪɚɹ ɫɨɞɟɪɠɢɬ ɭɞɚɥɟɧɧɵɟ ɨɛɴɟɤɬɵ. Ɂɚɬɟɦ ɜɵ ɞɨɥɠɧɵ ɫɞɟɥɚɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɩɪɢ ɧɚɥɢɱɢɢ ɩɨɥɧɨɦɨɱɢɣ (authoritative), ɜ ɩɪɨɰɟɫɫɟ ɤɨɬɨɪɨɝɨ ɜɫɟ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɟ ɞɚɧɧɵɟ ɨɬɦɟɱɚɸɬɫɹ ɬɚɤ, ɱɬɨɛɵ ɨɧɢ ɪɟɩɥɢɰɢɪɨɜɚɥɢɫɶ ɧɚ ɜɫɟ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɩɟɪɟɡɚɩɢɫɵɜɚɹ ɭɞɚɥɟɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ.
Active Directory Ɉɞɢɧ ɢɡ ɜɚɪɢɚɧɬɨɜ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɮɭɧɤɰɢɨɧɚɥɶɧɨɫɬɢ Active Directory ɫɨɫɬɨɢɬ ɜ ɫɨɡɞɚɧɢɢ ɧɨɜɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɡɚɦɟɧɹɸɳɟɝɨ ɨɬɤɚɡɚɜɲɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ȿɫɥɢ ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜɵɣɞɟɬ ɢɡ ɫɬɪɨɹ, ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɞɪɭɝɨɣ ɫɟɪɜɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɛɭɞɟɬ ɜɵɩɨɥɧɹɬɶɫɹ Windows Server 2003 ɢ Active Directory 2003, ɢɥɢ ɧɚɡɧɚɱɢɬɶ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɨɞɢɧ ɢɡ ɭɠɟ ɢɦɟɸɳɢɯɫɹ ɫɟɪɜɟɪɨɜ. Ɂɚɬɟɦ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɨɛɵɱɧɭɸ ɪɟɩɥɢɤɚɰɢɸ Active Directory ɞɥɹ ɡɚɩɨɥɧɟɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory ɧɨɜɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɋɨɡɞɚɧɢɟ ɧɨɜɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɹɜɥɹɟɬɫɹ ɧɚɢɥɭɱɲɢɦ ɪɟɲɟɧɢɟɦ ɜ ɫɥɟɞɭɸɳɢɯ ɫɢɬɭɚɰɢɹɯ. • ȼ ɞɨɩɨɥɧɟɧɢɟ ɤ ɨɬɤɚɡɚɜɲɟɦɭ ɫɟɪɜɟɪɭ ɭ ɜɚɫ ɢɦɟɟɬɫɹ ɟɳɟ ɨɞɢɧ ɞɨɫɬɭɩɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ - ɷɬɨ ɧɟɨɛɯɨɞɢɦɨɟ ɬɪɟɛɨɜɚɧɢɟ. ȿɫɥɢ ɧɟɬ ɞɪɭɝɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɞɨɫɬɭɩɟɧ ɤɚɤ ɩɚɪɬɧɟɪ ɩɨ ɪɟɩɥɢɤɚɰɢɢ, ɬɨ ɨɫɬɚɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɵɣ ɜɚɪɢɚɧɬ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory ɧɚ ɧɨɜɨɦ ɢɥɢ ɧɚ ɨɬɪɟɦɨɧɬɢɪɨɜɚɧɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. • ɇɚ ɫɨɡɞɚɧɢɟ ɧɨɜɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɢ ɪɟɩɥɢɤɚɰɢɸ ɢɧɮɨɪɦɚɰɢɢ ɫ ɞɪɭɝɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɬɪɟɛɭɟɬɫɹ ɡɧɚɱɢɬɟɥɶɧɨ ɦɟɧɶɲɟ ɜɪɟɦɟɧɢ, ɱɟɦ ɧɚ ɪɟɦɨɧɬ ɨɬɤɚɡɚɜɲɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɢ ɧɚ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɛɚɡɵ ɞɚɧɧɵɯ. ɗɬɨɬ ɪɚɫɱɟɬ ɡɚɜɢɫɢɬ ɨɬ ɪɚɡɦɟɪɚ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory, ɫɤɨɪɨɫɬɢ ɫɟɬɟɜɨɣ ɩɟɪɟɞɚɱɢ ɞɚɧɧɵɯ ɦɟɠɞɭ ɜɚɲɢɦɢ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ ɢ ɫɤɨɪɨɫɬɶɸ, ɫ ɤɨɬɨɪɨɣ ɜɵ ɦɨɠɟɬɟ ɫɨɡɞɚɜɚɬɶ ɢ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. ȿɫɥɢ ɛɚɡɚ ɞɚɧɧɵɯ Active Directory ɨɬɧɨɫɢɬɟɥɶɧɨ ɦɚɥɚ (ɦɟɧɟɟ 100 Ɇɛ), ɚ ɜɬɨɪɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɧɚɯɨɞɢɬɫɹ ɜ ɬɨɣ ɠɟ ɫɚɦɨɣ ɥɨɤɚɥɶɧɨɣ ɫɟɬɢ, ɬɨ ɫɨɡɞɚɧɢɟ ɞɪɭɝɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɢ ɪɟɩɥɢɤɚɰɢɹ ɛɚɡɵ ɞɚɧɧɵɯ ɩɪɨɣɞɟɬ ɛɵɫɬɪɟɟ, ɱɟɦ ɪɟɦɨɧɬ ɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɨɬɤɚɡɚɜɲɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɚɲɚ ɛɚɡɚ ɞɚɧɧɵɯ ɜɟɥɢɤɚ ɢɥɢ ɟɞɢɧɫɬɜɟɧɧɵɣ ɞɨɫɬɭɩɧɵɣ ɩɚɪɬɧɟɪ
•
ɩɨ ɪɟɩɥɢɤɚɰɢɢ ɨɬɤɚɡɚɜɲɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɫɜɹɡɚɧ ɫ ɧɢɦ ɱɟɪɟɡ ɦɟɞɥɟɧɧɭɸ ɝɥɨɛɚɥɶɧɭɸ ɫɟɬɶ (WAN), ɬɨ ɪɟɦɨɧɬ ɜɵɲɟɞɲɟɝɨ ɢɡ ɫɬɪɨɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɛɚɡɵ ɞɚɧɧɵɯ ɛɭɞɟɬ ɛɨɥɟɟ ɛɵɫɬɪɵɦ ɫɩɨɫɨɛɨɦ. ȼɵ ɧɟ ɦɨɠɟɬɟ ɨɬɪɟɦɨɧɬɢɪɨɜɚɬɶ ɨɬɤɚɡɚɜɲɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ȼɨɡɦɨɠɧɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ Windows Server 2003 ɢ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory ɧɚ ɫɟɪɜɟɪɟ, ɢɦɟɸɳɟɦ ɚɩɩɚɪɚɬɧɵɟ ɫɪɟɞɫɬɜɚ, ɨɬɥɢɱɧɵɟ ɨɬ ɩɟɪɜɨɧɚɱɚɥɶɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɨɞɧɚɤɨ ɷɬɨɬ ɩɪɨɰɟɫɫ ɨɛɵɱɧɨ ɬɪɭɞɟɧ ɢ ɡɚɧɢɦɚɟɬ ɦɧɨɝɨ ɜɪɟɦɟɧɢ. ȿɫɥɢ ɜɵ ɧɟ ɦɨɠɟɬɟ ɜɨɫɫɨɡɞɚɬɶ ɨɬɤɚɡɚɜɲɢɣ ɫɟɪɜɟɪ ɬɚɤ, ɱɬɨɛɵ ɨɧ ɢɦɟɥ ɩɨɯɨɠɢɟ ɚɩɩɚɪɚɬɧɵɟ ɫɪɟɞɫɬɜɚ, ɬɨ ɫɨɡɞɚɧɢɟ ɞɪɭɝɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɡɚɣɦɟɬ ɦɟɧɶɲɟ ɜɪɟɦɟɧɢ. . , , , .
(
Windows Server , ) Safe Mode (
2003 Last Known Good Configuration ).
, , . ɑɬɨɛɵ ɫɨɡɞɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɡɚɦɟɧɢɬ ɨɬɤɚɡɚɜɲɢɣ ɫɟɪɜɟɪ, ɢɫɩɨɥɶɡɭɣɬɟ ɭɠɟ ɢɦɟɸɳɢɣɫɹ ɫɟɪɜɟɪ ɫ ɫɢɫɬɟɦɨɣ Windows Server 2003 (ɢɥɢ ɫɨɡɞɚɣɬɟ ɧɨɜɵɣ ɫɟɪɜɟɪ) ɢ ɧɚɡɧɚɱɶɬɟ ɟɝɨ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. ȼ ɩɪɨɰɟɫɫɟ ɧɚɡɧɚɱɟɧɢɹ ɫɟɪɜɟɪɚ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɤɚɬɚɥɨɝ ɛɭɞɟɬ ɪɟɩɥɢɰɢɪɨɜɚɧ ɫ ɨɞɧɨɝɨ ɢɡ ɞɪɭɝɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. ȿɫɥɢ ɨɬɤɚɡɚɜɲɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫɥɭɠɢɥ ɫɟɪɜɟɪɨɦ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ (GC) ɢɥɢ ɜɵɩɨɥɧɹɥ ɪɨɥɶ ɨɞɧɨɝɨ ɢɡ ɯɨɡɹɟɜ ɨɩɟɪɚɰɢɣ, ɜɵ ɞɨɥɠɧɵ ɩɨɞɭɦɚɬɶ ɨ ɬɨɦ, ɤɚɤ ɜɨɫɫɬɚɧɨɜɢɬɶ ɷɬɢ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ. ȼɨɫɫɬɚɧɨɜɥɟɧɢɟ GC-ɫɟɪɜɟɪɨɜ ɢ ɫɟɪɜɟɪɨɜ ɯɨɡɹɟɜ ɨɩɟɪɚɰɢɣ ɨɩɢɫɚɧɨ ɩɨɞɪɨɛɧɨ ɞɚɥɟɟ ɜ ɷɬɨɣ ɝɥɚɜɟ. Ʉɚɤ ɝɨɜɨɪɢɥɨɫɶ ɜ ɝɥɚɜɟ ɛ, Windows Server 2003 ɨɛɟɫɩɟɱɢɜɚɟɬ ɨɩɰɢɸ ɭɫɬɚɧɨɜɤɢ ɧɨɜɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɢ ɡɚɝɪɭɡɤɢ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory ɢɡ ɜɨɫɫɬɚɧɨɜɥɟɧɧɨɣ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɜɦɟɫɬɨ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɨɛɵɱɧɨɝɨ ɩɪɨɰɟɫɫɚ ɪɟɩɥɢɤɚɰɢɢ. ɗɬɚ ɨɩɰɢɹ ɨɱɟɧɶ ɩɨɥɟɡɧɚ ɩɪɢ ɫɨɡɞɚɧɢɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɭɞɚɥɟɧɧɨɦ ɨɮɢɫɟ, ɫɜɹɡɚɧɧɨɦ ɫ ɰɟɧɬɪɚɥɶɧɵɦ ɨɮɢɫɨɦ ɱɟɪɟɡ ɦɟɞɥɟɧɧɭɸ ɫɟɬɟɜɭɸ ɫɜɹɡɶ, ɩɨɬɨɦɭ ɱɬɨ ɩɨɥɧɵɣ ɨɛɴɟɦ ɞɚɧɧɵɯ, ɫɜɹɡɚɧɧɵɯ ɫ ɧɚɱɚɥɶɧɨɣ ɪɟɩɥɢɤɚɰɢɟɣ, ɧɟ ɞɨɥɠɟɧ ɩɟɪɟɫɟɤɚɬɶ ɝɥɨɛɚɥɶɧɭɸ ɫɜɹɡɶ WAN. ȿɫɥɢ ɜɵ ɢɦɟɟɬɟ ɯɨɪɨɲɭɸ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ ɨɬɤɚɡɚɜɲɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɭɞɚɥɟɧɧɨɦ ɨɮɢɫɟ, ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɬɚɤɭɸ ɠɟ ɦɟɬɨɞɢɤɭ ɞɥɹ ɫɨɡɞɚɧɢɹ ɧɨɜɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɪɟɲɢɬɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ Active Directory ɱɟɪɟɡ ɫɨɡɞɚɧɢɟ ɧɨɜɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɜɵ ɜɫɟ ɪɚɜɧɨ ɞɨɥɠɧɵ ɛɭɞɟɬɟ ɭɞɚɥɢɬɶ ɫɬɚɪɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢɡ ɤɚɬɚɥɨɝɚ ɢ ɢɡ DNS. ȿɫɥɢ ɜɵ ɩɥɚɧɢɪɭɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɢɦɹ ɨɬɤɚɡɚɜɲɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɜɵ ɞɨɥɠɧɵ ɨɱɢɫɬɢɬɶ ɤɚɬɚɥɨɝ ɩɟɪɟɞ ɧɚɱɚɥɨɦ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ. ȿɫɥɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɞɪɭɝɨɟ ɢɦɹ ɞɥɹ ɧɨɜɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɧɭɠɧɨ ɨɱɢɫɬɢɬɶ ɤɚɬɚɥɨɝ ɩɨɫɥɟ ɢɧɫɬɚɥɥɹɰɢɢ. ɑɬɨɛɵ ɨɱɢɫɬɢɬɶ ɤɚɬɚɥɨɝ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ ɧɚ ɥɸɛɨɣ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɢɥɢ ɫɟɪɜɟɪɟ ɫ ɫɢɫɬɟɦɨɣ Windows 2000, ɧɚ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ Windows XP Professional ɢɥɢ ɧɚ ɫɟɪɜɟɪɟ Windows Server 2003 /ɤɨɬɨɪɵɣ ɹɜɥɹɟɬɫɹ ɱɥɟɧɨɦ ɞɨɦɟɧɚ. Ɉɬɤɪɨɣɬɟ ɤɨɦɚɧɞɧɭɸ ɫɬɪɨɤɭ ɢ ɧɚɩɟɱɚɬɚɣɬɟ ntdsutil. ȼ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ɭɬɢɥɢɬɵ Ntdsutil ɧɚɩɟɱɚɬɚɣɬɟ metadata cleanup. ȼ ɨɤɧɟ Metadata Cleanup (Ɉɱɢɫɬɤɚ ɦɟɬɚ-ɞɚɧɧɵɯ) ɧɚɩɟɱɚɬɚɣɬɟ connections. ɗɬɚ ɤɨɦɚɧɞɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɫɨɟɞɢɧɟɧɢɹ ɫ ɬɟɤɭɳɢɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɫ ɰɟɥɶɸ ɭɞɚɥɟɧɢɹ ɨɬɤɚɡɚɜɲɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ȼ ɨɤɧɟ Server Connections (ɉɨɞɤɥɸɱɟɧɢɟ ɤ ɫɟɪɜɟɪɭ) ɧɚɩɟɱɚɬɚɣɬɟ connect to server servername (ɫɨɟɞɢɧɢɬɶɫɹ ɫ ɫɟɪɜɟɪɨɦ servername), ɝɞɟ servername - ɢɦɹ ɞɨɫɬɭɩɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɜɨɣɞɟɬ ɜ ɫɢɫɬɟɦɭ ɩɨɞ ɭɱɟɬɧɨɣ ɡɚɩɢɫɶɸ ɫ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɦɢ ɩɪɚɜɚɦɢ ɜ Active Directory, ɜɵ ɩɨɞɤɥɸɱɢɬɟɫɶ ɤ ɷɬɨɦɭ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɧɟ ɢɦɟɟɬɟ ɚɞɦɢɧɢɫɬɪɚɬɢɜɧɵɯ ɩɪɚɜ, ɢɫɩɨɥɶɡɭɣɬɟ ɤɨɦɚɧɞɭ set creds domain username password, ɱɬɨɛɵ ɜɜɟɫɬɢ «ɜɟɪɢɬɟɥɶɧɵɟ ɝɪɚɦɨɬɵ» ɩɨɥɶɡɨɜɚɬɟɥɹ, ɢɦɟɸɳɟɝɨ ɪɚɡɪɟɲɟɧɢɹ ɭɪɨɜɧɹ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɧɚɩɟɱɚɬɚɟɬɟ help ɜ ɨɤɧɟ Server Connections, ɬɨ ɭɜɢɞɢɬɟ, ɱɬɨ ɨɞɧɚ ɢɡ ɨɩɰɢɣ ɜɚɲɢɯ ɤɨɦɚɧɞ — ɷɬɨ connect to server %s (ɫɨɟɞɢɧɢɬɶɫɹ ɫ ɫɟɪɜɟɪɨɦ %s). ɉɟɪɟɦɟɧɧɚɹ %s ɞɨɥɠɧɚ ɜɫɟɝɞɚ ɡɚɦɟɧɹɬɶɫɹ ɡɧɚɱɟɧɢɟɦ, ɢɦɟɸɳɢɦ ɬɢɩ ɫɢɦɜɨɥɶɧɨɣ ɫɬɪɨɤɢ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɫɬɪɨɤɚ ɹɜɥɹɟɬɫɹ ɢɥɢ DNS-ɢɦɟɧɟɦ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɢɥɢ IP-ɚɞɪɟɫɨɦ ɫɟɪɜɟɪɚ. ȼ ɨɤɧɟ Server Connections ɧɚɩɟɱɚɬɚɣɬɟ quit, ɱɬɨɛɵ ɜɨɡɜɪɚɬɢɬɶɫɹ ɜ ɨɤɧɨ Metadata Cleanup. ɇɚɩɟɱɚɬɚɣɬɟ select operation target (ɜɵɛɪɚɬɶ ɚɞɪɟɫɚɬɚ ɨɩɟɪɚɰɢɢ). ɗɬɚ ɤɨɦɚɧɞɚ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ
ɜɵɛɨɪɚ ɞɨɦɟɧɚ, ɫɚɣɬɚ ɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɱɬɨɛɵ ɜɵ ɦɨɝɥɢ ɭɞɚɥɢɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ȼ ɨɤɧɟ Select Operation Target ɧɚɩɟɱɚɬɚɣɬɟ list domains (ɩɟɪɟɱɢɫɥɢɬɶ ɞɨɦɟɧɵ). ȼɫɟ ɞɨɦɟɧɵ ɜɚɲɟɝɨ ɥɟɫɚ ɩɟɪɟɱɢɫɥɹɸɬɫɹ ɫ ɧɚɡɧɚɱɟɧɧɵɦɢ ɤɚɠɞɨɦɭ ɢɯ ɧɢɯ ɧɨɦɟɪɚɦɢ. ɇɚɩɟɱɚɬɚɣɬɟ select domain number (ɜɵɛɪɚɬɶ ɧɨɦɟɪ ɞɨɦɟɧɚ), ɝɞɟ number ɭɤɚɡɵɜɚɟɬ ɞɨɦɟɧ, ɫɨɞɟɪɠɚɳɢɣ ɨɬɤɚɡɚɜɲɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɧɚɩɟɱɚɬɚɟɬɟ help ɩɟɪɟɞ ɬɟɦ, ɤɚɤ ɧɚɩɟɱɚɬɚɬɶ select domain number, ɬɨ ɭɜɢɞɢɬɟ, ɱɬɨ ɨɞɧɚ ɢɡ ɨɩɰɢɣ ɤɨɦɚɧɞɵ -select domain %d (ɜɵɛɪɚɬɶ ɞɨɦɟɧ %d). ɉɟɪɟɦɟɧɧɚɹ %d ɞɨɥɠɧɚ ɜɫɟɝɞɚ ɡɚɦɟɧɹɬɶɫɹ ɱɢɫɥɨɦ. ɇɚɩɟɱɚɬɚɣɬɟ list sites (ɩɟɪɟɱɢɫɥɢɬɶ ɫɚɣɬɵ). Ȼɭɞɭɬ ɩɟɪɟɱɢɫɥɟɧɵ ɜɫɟ ɫɚɣɬɵ ɥɟɫɚ. ɇɚɩɟɱɚɬɚɣɬɟ select site number (ɜɵɛɪɚɬɶ ɧɨɦɟɪ ɫɚɣɬɚ), ɱɬɨɛɵ ɜɵɛɪɚɬɶ ɫɚɣɬ, ɫɨɞɟɪɠɚɳɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɜɵ ɞɨɥɠɧɵ ɭɞɚɥɢɬɶ. ɇɚɩɟɱɚɬɚɣɬɟ list servers in site (ɩɟɪɟɱɢɫɥɢɬɶ ɫɟɪɜɟɪɵ ɜ ɫɚɣɬɟ). ȼɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɢɦɟɸɳɢɟɫɹ ɜ ɜɵɛɪɚɧɧɨɦ ɫɚɣɬɟ, ɛɭɞɭɬ ɩɟɪɟɱɢɫɥɟɧɵ. ɂɫɩɨɥɶɡɭɣɬɟ ɤɨɦɚɧɞɭ select server number, ɱɬɨɛɵ ɜɵɛɪɚɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɜɵ ɞɨɥɠɧɵ ɭɞɚɥɢɬɶ. ɍɬɢɥɢɬɚ Ntdsutil ɩɨɤɚɠɟɬ*ɜɵɛɪɚɧɧɵɣ ɞɨɦɟɧ, ɫɚɣɬ ɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ (ɫɦ. ɪɢɫ. 15-1.)
. 15-1.
,
Ntdsutil
ɇɚɩɟɱɚɬɚɣɬɟ quit. ȼɵ ɜɮɧɟɬɟɫɶ ɜ ɨɤɧɨ Metadata Cleanup. ɇɚɩɟɱɚɬɚɣɬɟ remove selected server (ɭɞɚɥɢɬɟ ɜɵɛɪɚɧɧɵɣ ɫɟɪɜɟɪ). ȼɚɫ ɩɨɩɪɨɫɹɬ ɩɨɞɬɜɟɪɞɢɬɶ, ɱɬɨ ɜɵ ɯɨɬɢɬɟ ɭɞɚɥɢɬɶ ɫɟɪɜɟɪ ɢɡ ɤɚɬɚɥɨɝɚ. ɓɟɥɤɧɢɬɟ ɧɚ Yes (Ⱦɚ). ɑɬɨɛɵ ɜɵɣɬɢ ɢɡ ɭɬɢɥɢɬɵ Ntdsutil, ɩɟɱɚɬɚɣɬɟ quit ɜ ɤɚɠɞɨɣ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ, ɩɨɤɚ ɧɟ ɜɵɣɞɢɬɟ ɢɡ ɩɪɨɝɪɚɦɦɵ.
Ntdsutil
ȼ ɝɥɚɜɟ 14 ɛɵɥɢ ɩɨɤɚɡɚɧɵ ɩɪɢɦɟɪɵ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɭɬɢɥɢɬɵ Ntdsutil ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɛɚɡɨɣ ɞɚɧɧɵɯ Active Directory. Ntdsutil - ɷɬɨ ɢɧɫɬɪɭɦɟɧɬ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ, ɤɨɬɨɪɵɣ ɩɪɢɦɟɧɹɟɬɫɹ ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɧɟɤɨɬɨɪɵɦɢ ɤɨɦɩɨɧɟɧɬɚɦɢ Active Directory ɢ ɛɚɡɨɣ ɞɚɧɧɵɯ. Ntdsutil ɹɜɥɹɟɬɫɹ ɦɨɳɧɵɦ ɢɧɫɬɪɭɦɟɧɬɨɦ, ɢɦ ɧɚɞɨ ɩɨɥɶɡɨɜɚɬɶɫɹ ɫ ɨɫɬɨɪɨɠɧɨɫɬɶɸ. Ɂɚɩɭɫɬɢɬɟ ɢɧɫɬɪɭɦɟɧɬ Ntdsutil, ɧɚɩɟɱɚɬɚɜ ɜ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ ntdsutil. ɂɧɫɬɪɭɦɟɧɬ ɜɵɞɚɟɬ ɩɪɢɝɥɚɲɟɧɢɟ ɤ ɜɜɨɞɭ ɤɨɦɚɧɞ Ntdsutil. ȼɵ ɦɨɠɟɬɟ ɜɜɨɞɢɬɶ ɪɚɡɧɨɨɛɪɚɡɧɵɟ ɤɨɦɚɧɞɵ ɜ ɡɚɜɢɫɢɦɨɫɬɢ ɨɬ ɬɨɝɨ, ɱɬɨ ɜɵ ɯɨɬɢɬɟ ɫɞɟɥɚɬɶ. ȿɫɥɢ ɜɵ ɧɚɩɟɱɚɬɚɟɬɟ help ɜ ɥɸɛɨɣ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ, ɬɨ ɩɨɥɭɱɢɬɟ ɫɩɢɫɨɤ ɜɫɟɯ ɤɨɦɚɧɞ, ɤɨɬɨɪɵɟ ɦɨɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɜ ɷɬɨɦ ɩɨɥɨɠɟɧɢɢ. ɇɚ ɪɢɫɭɧɤɟ 15-2 ɩɨɤɚɡɚɧ ɫɩɢɫɨɤ ɤɨɦɚɧɞ, ɞɨɫɬɭɩɧɵɯ ɢɡ ɨɤɧɚ Ntdsutil.
. 15-2.
,
Ntdsutil
Ⱦɚɥɟɟ ɜɵ ɭɜɢɞɢɬɟ ɟɳɟ ɧɟɫɤɨɥɶɤɨ ɩɪɢɦɟɪɨɜ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɭɬɢɥɢɬɵ Ntdsuti ɞɥɹ ɭɩɪɚɜɥɟɧɢɹ ɫɥɭɠɛɨɣ Active Directory. Ȼɨɥɟɟ ɞɟɬɚɥɶɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɩɨ ɢɫɩɨɥɶɡɨɜɚɧɢɸ ɭɬɢɥɢɬɵ Ntdsutil ɫɦɨɬɪɢɬɟ ɜ Help And Support Center. ɉɨɫɥɟ ɨɱɢɳɟɧɢɹ ɤɚɬɚɥɨɝɚ ɨɬ ɧɟɧɭɠɧɵɯ ɨɛɴɟɤɬɨɜ ɫ ɩɨɦɨɳɶɸ Ntdsutil ɧɭɠɧɨ ɨɱɢɫɬɢɬɶ ɬɚɤɠɟ DNSɡɚɩɢɫɢ ɨɬɤɚɡɚɜɲɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɍɞɚɥɢɬɟ ɜɫɟ DNS-ɡɚɩɢɫɢ ɢɡ DNS, ɜɤɥɸɱɚɹ ɜɫɟ ɡɚɩɢɫɢ, ɤɚɫɚɸɳɢɟɫɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɡɚɩɢɫɢ GC-ɫɟɪɜɟɪɚ ɢ ɡɚɩɢɫɢ ɷɦɭɥɹɬɨɪɚ ɨɫɧɨɜɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ (PDC). (Ⱦɜɟ ɩɨɫɥɟɞɧɢɯ ɡɚɩɢɫɢ ɫɭɳɟɫɬɜɭɸɬ ɬɨɥɶɤɨ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɛɵɥ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɧɚ ɜɵɩɨɥɧɟɧɢɟ ɷɬɢɯ ɪɨɥɟɣ.) ȿɫɥɢ ɜɵ ɧɟ ɨɱɢɫɬɢɬɟ ɡɚɩɢɫɢ DNS, ɤɥɢɟɧɬɶɌ ɩɪɨɞɨɥɠɚɬ ɩɨɥɭɱɚɬɶ ɢɧɮɨɪɦɚɰɢɸ DNS ɢ ɛɭɞɭɬ ɫɨɟɞɢɧɹɬɶɫɹ ɫ ɷɬɢɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. ɇɭɠɧɨ ɬɚɤɠɟ ɭɞɚɥɢɬɶ ɜɵɲɟɞɲɢɣ ɢɡ ɫɬɪɨɹ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢɡ ɫɚɣɬɚ ɢ ɞɨɦɟɧɚ. Ⱦɥɹ ɷɬɨɝɨ ɢɫɩɨɥɶɡɭɣɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Users And Computers (ɉɨɥɶɡɨɜɚɬɟɥɢ ɢ ɤɨɦɩɶɸɬɟɪɵ Active Directory) ɢ ɭɞɚɥɢɬɟ ɨɛɴɟɤɬ, ɫɜɹɡɚɧɧɵɣ ɫ ɷɬɢɦ ɤɨɦɩɶɸɬɟɪɨɦ, ɢɡ OU Domain Controllers (Ʉɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ). ȼ ɢɧɫɬɪɭɦɟɧɬɟ Active Directory Sites And Services (ɋɚɣɬɵ ɢ ɫɥɭɠɛɵ Active Directory) ɭɞɚɥɢɬɟ ɨɛɴɟɤɬ, ɫɜɹɡɚɧɧɵɣ ɫ ɷɬɢɦ ɤɨɦɩɶɸɬɟɪɨɦ, ɢɡ ɤɨɧɬɟɣɧɟɪɚ Servers (ɋɟɪɜɟɪɵ) ɬɨɝɨ ɫɚɣɬɚ, ɜ ɤɨɬɨɪɨɦ ɨɧ ɛɵɥ ɪɚɫɩɨɥɨɠɟɧ.
ȼɬɨɪɚɹ ɨɩɰɢɹ ɩɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɸ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory ɫɨɫɬɨɢɬ ɜ ɪɟɦɨɧɬɟ ɨɬɤɚɡɚɜɲɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɫ ɩɨɫɥɟɞɭɸɳɢɦ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟɦ ɛɚɡɵ ɞɚɧɧɵɯ. ȼɦɟɫɬɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɨɬɤɚɡɚɜɲɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɦɨɠɧɨ ɜɨɫɫɬɚɧɨɜɢɬɶ ɛɚɡɭ ɞɚɧɧɵɯ ɧɚ ɧɨɜɵɣ ɫɟɪɜɟɪ. ȼɨɫɫɬɚɧɨɜɥɟɧɢɟ ɛɚɡɵ ɞɚɧɧɵɯ ɧɚ ɧɨɜɨɦ ɢɥɢ ɢɫɩɪɚɜɥɟɧɧɨɦ ɫɟɪɜɟɪɟ ɹɜɥɹɟɬɫɹ ɧɚɢɥɭɱɲɢɦ ɜɵɛɨɪɨɦ ɩɪɢ ɫɥɟɞɭɸɳɢɯ ɨɛɫɬɨɹɬɟɥɶɫɬɜɚɯ. • ɋɟɪɜɟɪ ɹɜɥɹɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ. ȿɫɥɢ ɞɟɥɨ ɨɛɫɬɨɢɬ ɬɚɤ, ɭ ɜɚɫ ɧɟɬ ɜɵɛɨɪɚ, ɤɚɤ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɫɥɭɠɛɭ Active Directory. ȼɵ ɞɨɥɠɧɵ ɜɨɫɫɬɚɧɨɜɢɬɶ ɛɚɡɭ ɞɚɧɧɵɯ ɧɚ ɧɨɜɨɦ ɢɥɢ ɢɫɩɪɚɜɥɟɧɧɨɦ ɫɟɪɜɟɪɟ. • Ɋɟɩɥɢɤɚɰɢɹ ɢɧɮɨɪɦɚɰɢɢ ɫ ɞɪɭɝɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɡɚɣɦɟɬ ɫɥɢɲɤɨɦ ɦɧɨɝɨ ɜɪɟɦɟɧɢ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɜɵ ɜɨɫɫɬɚɧɨɜɢɬɟ ɨɬɤɚɡɚɜɲɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢ ɛɚɡɭ ɞɚɧɧɵɯ ɛɵɫɬɪɟɟ, ɱɟɦ ɢɧɫɬɚɥɥɢɪɭɟɬɟ ɧɨɜɵɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢ ɫɨɡɞɚɞɢɬɟ ɛɚɡɭ ɞɚɧɧɵɯ ɩɭɬɟɦ ɪɟɩɥɢɤɚɰɢɢ. Ɍɚɤɚɹ ɫɢɬɭɚɰɢɹ ɪɟɚɥɢɡɭɟɬɫɹ ɩɨɱɬɢ ɜɫɟɝɞɚ, ɟɫɥɢ ɨɬɤɚɡɚɜɲɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫɜɹɡɚɧ ɦɟɞɥɟɧɧɵɦɢ ɫɟɬɟɜɵɦɢ ɫɜɹɡɹɦɢ ɫ ɥɸɛɵɦ ɞɪɭɝɢɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. Ⱦɚɠɟ ɟɫɥɢ ɨɧ ɫɜɹɡɚɧ ɫ ɞɪɭɝɢɦɢ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɱɟɪɟɡ ɛɨɥɟɟ ɛɵɫɬɪɭɸ ɫɟɬɟɜɭɸ ɫɜɹɡɶ, ɜɚɦ ɜɫɟ-ɬɚɤɢ ɦɨɠɟɬ ɛɵɬɶ ɜɵɝɨɞɧɟɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɛɚɡɭ ɞɚɧɧɵɯ. . , : Active Directory . , , Windows Server 2003, , , Active Directory , 100 . , ,
, . .
,
, , . ɑɬɨɛɵ ɜɨɫɫɬɚɧɨɜɢɬɶ ɛɚɡɭ ɞɚɧɧɵɯ Active Directory, ɜɵ ɞɨɥɠɧɵ ɢɦɟɬɶ ɯɨɪɨɲɭɸ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ȿɫɥɢ ɩɨɬɟɪɩɢɬ ɚɜɚɪɢɸ ɠɟɫɬɤɢɣ ɞɢɫɤ, ɫɨɞɟɪɠɚɳɢɣ ɬɨɥɶɤɨ ɛɚɡɭ ɞɚɧɧɵɯ Active Directory, ɜɵ ɫɦɨɠɟɬɟ ɡɚɝɪɭɡɢɬɶɫɹ ɜ ɪɟɠɢɦ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ Active Directory ɢ ɜɨɫɫɬɚɧɨɜɢɬɶ ɞɚɧɧɵɟ ɫɨɫɬɨɹɧɢɹ ɫɢɫɬɟɦɵ. ȿɫɥɢ ɩɨɬɟɪɩɢɬ ɚɜɚɪɢɸ ɬɚɤɠɟ ɢ ɫɢɫɬɟɦɧɵɣ ɞɢɫɤ, ɜɵ ɞɨɥɠɧɵ ɩɨɱɢɧɢɬɶ ɚɩɩɚɪɚɬɧɵɟ ɫɪɟɞɫɬɜɚ, ɚ ɡɚɬɟɦ ɜɨɫɫɬɚɧɨɜɢɬɶ ɫɟɪɜɟɪ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɜɵ ɛɭɞɟɬɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɧɚ ɫɟɪɜɟɪɟ, ɤɨɬɨɪɵɣ ɢɫɩɨɥɶɡɭɟɬ ɞɪɭɝɨɣ ɧɚɛɨɪ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜ, ɱɟɦ ɬɨɬ, ɤɨɬɨɪɵɣ ɛɵɥ ɞɨɫɬɭɩɟɧ ɧɚ ɩɟɪɜɨɧɚɱɚɥɶɧɨɦ ɫɟɪɜɟɪɟ. ɏɨɬɹ ɜɩɨɥɧɟ ɜɨɡɦɨɠɧɨ ɜɨɫɫɬɚɧɨɜɢɬɶ Windows Server 2003 ɧɚ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜɚɯ, ɨɬɥɢɱɚɸɳɢɯɫɹ ɨɬ ɚɩɩɚɪɚɬɧɵɯ ɫɪɟɞɫɬɜ ɫɟɪɜɟɪɚ, ɫ ɤɨɬɨɪɨɝɨ ɛɵɥɨ ɫɞɟɥɚɧɚ ɪɟɡɟɪɜɧɚɹ ɤɨɩɢɹ, ɷɬɨɬ ɩɪɨɰɟɫɫ ɱɪɟɜɚɬ ɩɪɨɛɥɟɦɚɦɢ. ȿɫɥɢ ɜɵ ɩɨɩɪɨɛɭɟɬɟ ɜɨɫɫɬɚɧɨɜɢɬɶ Windows Server 2003 ɧɚ ɫɟɪɜɟɪɟ ɫ ɨɬɥɢɱɚɸɳɢɦɢɫɹ ɚɩɩɚɪɚɬɧɵɦɢ ɫɪɟɞɫɬɜɚɦɢ, ɜɵɛɟɪɢɬɟ ɚɩɩɚɪɚɬɧɵɟ ɫɪɟɞɫɬɜɚ, ɤɨɬɨɪɵɟ ɛɭɞɭɬ ɦɚɤɫɢɦɚɥɶɧɨ ɫɨɜɦɟɫɬɢɦɵ. Ƚɚɪɚɧɬɢɪɭɣɬɟ, ɱɬɨ ɭɪɨɜɟɧɶ ɚɩɩɚɪɚɬɧɨɝɨ ɚɛɫɬɪɚɝɢɪɨɜɚɧɢɹ (hardware
abstraction layer - HAL), ɜɢɞɟɨɤɚɪɬɵ ɢ ɫɟɬɟɜɵɟ ɩɥɚɬɵ ɢɞɟɧɬɢɱɧɵ. Ʉɪɨɦɟ ɬɨɝɨ, ɤɨɧɮɢɝɭɪɚɰɢɹ ɠɟɫɬɤɨɝɨ ɞɢɫɤɚ ɧɚ ɧɨɜɨɦ ɫɟɪɜɟɪɟ ɞɨɥɠɧɚ ɛɵɬɶ ɬɚɤɨɣ ɠɟ, ɤɚɤ ɧɚ ɨɬɤɚɡɚɜɲɟɦ. Ⱦɚɠɟ ɟɫɥɢ ɜɵ ɛɭɞɟɬɟ ɫɨɛɥɸɞɚɬɶ ɷɬɢ ɩɪɟɞɨɫɬɨɪɨɠɧɨɫɬɢ, ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫɢɫɬɟɦɵ Windows Server 2003 ɧɚ ɫɟɪɜɟɪ ɫ ɞɪɭɝɢɦɢ ɚɩɩɚɪɚɬɧɵɦɢ ɫɪɟɞɫɬɜɚɦɢ ɬɪɭɞɟɧ, ɢ ɭɫɩɟɯ ɧɟ ɝɚɪɚɧɬɢɪɨɜɚɧ. ȼɨɡɦɨɠɧɚɹ ɚɥɶɬɟɪɧɚɬɢɜɚ ɫɨɫɬɨɢɬ ɜ ɫɨɡɞɚɧɢɢ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɢɡ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɜɵ ɫɦɨɠɟɬɟ ɜɨɫɩɨɥɶɡɨɜɚɬɶɫɹ ɩɪɟɢɦɭɳɟɫɬɜɨɦ ɱɢɫɬɨɣ ɢɧɫɬɚɥɥɹɰɢɢ ɫɢɫɬɟɦɵ Windows Server 2003, ɢ ɜ ɬɨ ɠɟ ɜɪɟɦɹ ɫɦɨɠɟɬɟ ɫɨɡɞɚɬɶ ɧɚɱɚɥɶɧɭɸ ɤɨɩɢɸ ɛɚɡɵ ɞɚɧɧɵɯ ɢɡ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ, ɚ ɧɟ ɱɟɪɟɡ ɪɟɩɥɢɤɚɰɢɸ. Ɉɞɢɧ ɢɡ ɜɚɪɢɚɧɬɨɜ ɪɟɡɟɪɜɢɪɨɜɚɧɢɹ ɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɜ Windows Server 2003 - ɷɬɨ ɚɜɬɨɦɚɬɢɡɢɪɨɜɚɧɧɨɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫɢɫɬɟɦɵ (Automated System Recovery - ASR). ɗɬɚ ɨɩɰɢɹ ɭɩɪɨɳɚɟɬ ɩɪɨɰɟɫɫ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɞɚɧɧɵɯ ɫɨɫɬɨɹɧɢɹ ɫɢɫɬɟɦɵ. ɉɪɟɠɞɟ ɱɟɦ ɜɵ ɛɭɞɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ASR, ɫɨɡɞɚɣɬɟ ASR-ɤɨɩɢɸ, ɬ.ɟ. ɩɨɦɨɳɶɸ ɢɧɫɬɪɭɦɟɧɬɚ Backup ɫɞɟɥɚɣɬɟ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ ɞɚɧɧɵɯ ɫɨɫɬɨɹɧɢɹ ɫɢɫɬɟɦɵ ɢ ɫɨɡɞɚɣɬɟ ɡɚɝɪɭɡɨɱɧɵɣ ɞɢɫɤ ASR. Ɂɚɝɪɭɡɨɱɧɵɣ ɞɢɫɤ ɫɨɞɟɪɠɢɬ ɮɚɣɥɵ, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɡɚɝɪɭɡɤɢ ɫɟɪɜɟɪɚ, ɚ ɬɚɤɠɟ ɢɧɮɨɪɦɚɰɢɸ ɨ ɤɨɧɮɢɝɭɪɚɰɢɢ ɠɟɫɬɤɨɝɨ ɞɢɫɤɚ ɧɚ ɫɟɪɜɟɪɟ ɢ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ ɫɨɫɬɨɹɧɢɹ ɫɢɫɬɟɦɵ. ȿɫɥɢ ɫɟɪɜɟɪ ɜɵɣɞɟɬ ɢɡ ɫɬɪɨɹ, ɷɬɚ ASR-ɤɨɩɢɹ ɦɨɠɟɬ ɢɫɩɨɥɶɡɨɜɚɬɶɫɹ ɞɥɹ ɱɚɫɬɢɱɧɨɣ ɚɜɬɨɦɚɬɢɡɚɰɢɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɟɪɜɟɪɚ. ȿɫɥɢ ɜɵ ɫɞɟɥɚɥɢ ɤɚɤɢɟ-ɥɢɛɨ ɢɡɦɟɧɟɧɢɹ ɤ Active Directory ɩɨɫɥɟ ɫɨɡɞɚɧɢɹ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ, ɬɨ ɨɧɢ ɛɭɞɭɬ ɨɬɫɭɬɫɬɜɨɜɚɬɶ ɜ ɤɨɩɢɢ. Ɉɞɧɚɤɨ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ ɛɭɞɭɬ ɢɦɟɬɶ ɫɚɦɭɸ ɫɨɜɪɟɦɟɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ. ȿɫɥɢ ɜɵ ɜɨɫɫɬɚɧɚɜɥɢɜɚɟɬɟ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɫɜɹɡɢ ɫ ɩɨɥɨɦɤɨɣ ɫɟɪɜɟɪɚ, ɬɨ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɞɨɥɠɟɧ ɩɨɥɭɱɢɬɶ ɢɡɦɟɧɟɧɢɹ ɨɬ ɫɜɨɢɯ ɩɚɪɬɧɟɪɨɜ ɩɨ ɪɟɩɥɢɤɚɰɢɢ ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɡɚɤɨɧɱɢɬɫɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ. Ⱦɥɹ ɷɬɨɝɨ ɫɞɟɥɚɣɬɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɛɟɡ ɩɨɥɧɨɦɨɱɢɣ. ɑɬɨɛɵ ɫɞɟɥɚɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɛɟɡ ɩɨɥɧɨɦɨɱɢɣ, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. ȼɨɫɫɬɚɧɨɜɢɬɟ ɨɬɤɚɡɚɜɲɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢ ɩɨɜɬɨɪɧɨ ɭɫɬɚɧɨɜɢɬɟ ɧɚ ɫɟɪɜɟɪɟ ɫɢɫɬɟɦɭ Windows Server 2003. ɉɨɫɥɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɟɪ1. ɜɟɪɚ ɩɟɪɟɡɚɩɭɫɬɢɬɟ ɟɝɨ ɢ ɧɚɠɦɢɬɟ ɤɥɚɜɢɲɭ F8, ɱɬɨɛɵ ɡɚɝɪɭɡɢɬɶ Windows Advanced Options Menu (Ɇɟɧɸ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɩɚɪɚɦɟɬɪɨɜ Windows). 2. ȼɵɛɟɪɢɬɟ ɡɚɝɪɭɡɤɭ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɜ ɪɟɠɢɦɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Directory Services Restore Mode (Windows Domain Controllers Only) (Ɍɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɫ ɫɢɫɬɟɦɨɣ Windows)). ɉɨɫɥɟ ɷɬɨɝɨ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɡɚɝɪɭɡɢɬɫɹ ɜ ɛɟɡɨɩɚɫɧɨɦ ɪɟɠɢɦɟ, ɧɨ ɧɟ ɛɭɞɭɬ ɡɚɝɪɭɠɟɧɵ ɤɨɦɩɨɧɟɧɬɵ Active Directory. 3. ȼɵɛɟɪɢɬɟ ɨɩɟɪɚɰɢɨɧɧɭɸ ɫɢɫɬɟɦɭ, ɤɨɬɨɪɭɸ ɜɵ ɯɨɬɢɬɟ ɡɚɩɭɫɬɢɬɶ. 4. ȼɨɣɞɢɬɟ ɧɚ ɫɟɪɜɟɪ, ɢɫɩɨɥɶɡɭɹ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ Administrator ɫ ɩɚɪɨɥɟɦ Directory Services Restore (ȼɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ), ɤɨɬɨɪɵɣ ɛɵɥ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɩɪɢ ɢɧɫɬɚɥɥɹɰɢɢ Active Directory. 5. ɂɫɩɫɲɶɡɭɣɬɟ ɩɪɨɝɪɚɦɦɤɭ ɫɨɡɞɚɧɢɹ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɢɫɬɟɦɵ, ɱɬɨɛɵ ɜɨɫɫɬɚɧɨɜɢɬɶ ɞɚɧɧɵɟ System State (ɋɨɫɬɨɹɧɢɟ ɫɢɫɬɟɦɵ) ɧɚ ɫɟɪɜɟɪɟ. 6. ɉɨɫɥɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɞɚɧɧɵɯ ɩɟɪɟɡɚɝɪɭɡɢɬɟ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. 7. ɉɨɫɥɟ ɩɟɪɟɡɚɝɪɭɡɤɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɫɜɹɠɟɬɫɹ ɫɨ ɫɜɨɢɦɢ ɩɚɪɬɧɟɪɚɦɢ ɩɨ ɪɟɩɥɢɤɚɰɢɢ ɢ ɧɚɱɧɟɬ ɨɛɧɨɜɥɹɬɶ ɫɨɛɫɬɜɟɧɧɭɸ ɛɚɡɭ ɞɚɧɧɵɯ, ɱɬɨɛɵ ɨɬɪɚɡɢɬɶ ɜɫɟ ɢɡɦɟɧɟɧɢɹ ɞɨɦɟɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ, ɫɞɟɥɚɧɧɵɟ ɫ ɦɨɦɟɧɬɚ ɫɨɡɞɚɧɢɹ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ. . Active Directory . Э Active Directory . . Ntdsutil.
ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɛɟɡ ɩɨɥɧɨɦɨɱɢɣ ɧɟ ɝɨɞɢɬɫɹ ɞɥɹ ɪɟɲɟɧɢɹ ɩɪɨɛɥɟɦɵ, ɫ ɤɨɬɨɪɨɣ ɜɵ ɢɦɟɟɬɟ ɞɟɥɨ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɤɬɨ-ɬɨ ɬɨɥɶɤɨ ɱɬɨ ɭɞɚɥɢɥ OU, ɫɨɞɟɪɠɚɳɭɸ ɧɟɫɤɨɥɶɤɨ ɫɨɬɟɧ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɧɟ ɧɭɠɧɨ, ɱɬɨɛɵ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɪɨɫɬɨ ɩɟɪɟɡɚɝɪɭɡɢɥɫɹ ɩɨɫɥɟ ɜɵɩɨɥɧɟɧɢɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ, ɚ ɡɚɬɟɦ ɧɚɱɚɥ ɪɟɩɥɢɤɚɰɢɸ ɫ ɞɪɭɝɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɬɚɤ ɫɞɟɥɚɟɬɟ, ɬɨ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɨɥɭɱɢɬ ɢɧɮɨɪɦɚɰɢɸ ɨɛ ɭɞɚɥɟɧɢɢ OU ɨɬ ɫɜɨɢɯ ɩɚɪɬɧɟɪɨɜ ɩɨ ɪɟɩɥɢɤɚɰɢɢ, ɢ ɤ ɬɨɦɭ ɜɪɟɦɟɧɢ, ɤɚɤ ɜɵ ɨɬɤɪɨɟɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Users And Computers, OU ɛɭɞɟɬ ɭɞɚɥɟɧɚ ɫɧɨɜɚ. ȼ ɷɬɨɦ ɫɰɟɧɚɪɢɢ ɧɭɠɧɨ ɢɫɩɨɥɶɡɨɜɚɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ ɞɥɹ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ OU ɛɭɞɟɬ ɪɟɩɥɢɰɢɪɨɜɚɧɨ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. Ʉɨɝɞɚ ɜɵ ɞɟɥɚɟɬɟ ɷɬɨ
ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ, ɜɨɫɫɬɚɧɚɜɥɢɜɚɟɬɫɹ ɪɟɡɟɪɜɧɚɹ ɤɨɩɢɹ Active Directory, ɤɨɬɨɪɚɹ ɛɵɥɚ ɫɞɟɥɚɧɚ ɞɨ ɬɨɝɨ, ɤɚɤ ɞɚɧɧɵɟ ɛɵɥɢ ɭɞɚɥɟɧɵ, ɚ ɡɚɬɟɦ ɞɟɥɚɟɬɟ ɩɪɢɧɭɞɢɬɟɥɶɧɭɸ ɪɟɩɥɢɤɚɰɢɸ ɷɬɢɯ ɞɚɧɧɵɯ ɧɚ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. ɉɪɢɧɭɞɢɬɟɥɶɧɚɹ ɪɟɩɥɢɤɚɰɢɹ ɞɟɥɚɟɬɫɹ ɩɭɬɟɦ ɦɚɧɢɩɭɥɢɪɨɜɚɧɢɹ ɩɨɪɹɞɤɨɜɵɦ ɧɨɦɟɪɨɦ ɨɛɧɨɜɥɟɧɢɹ (USN) ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɧɨɣ ɢɧɮɨɪɦɚɰɢɢ. ɉɨ ɭɦɨɥɱɚɧɢɸ, ɤɨɝɞɚ ɜɵ ɞɟɥɚɟɬɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ, ɧɨɦɟɪ USN ɧɚ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɨɛɴɟɤɬɚɯ ɭɜɟɥɢɱɢɜɚɟɬɫɹ ɧɚ 100000, ɱɬɨɛɵ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɣ ɨɛɴɟɤɬ ɫɬɚɥ ɩɨɥɧɨɦɨɱɧɨɣ ɤɨɩɢɟɣ ɞɥɹ ɜɫɟɝɨ ɞɨɦɟɧɚ. ȿɫɬɶ ɧɟɫɤɨɥɶɤɨ ɫɭɳɟɫɬɜɟɧɧɵɯ ɩɪɨɛɥɟɦ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ. ɇɚɢɛɨɥɟɟ ɜɚɠɧɚɹ ɩɪɨɛɥɟɦɚ ɢɦɟɟɬ ɨɬɧɨɲɟɧɢɟ ɤ ɝɪɭɩɩɨɜɨɦɭ ɱɥɟɧɫɬɜɭ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ ɦɨɠɟɬ ɩɪɢɜɨɞɢɬɶ ɤ ɧɟɩɪɚɜɢɥɶɧɨɦɭ ɝɪɭɩɩɨɜɨɦɭ ɱɥɟɧɫɬɜɭ ɧɚ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɟ ɧɟ ɛɵɥɢ ɜɨɫɫɬɚɧɨɜɥɟɧɵ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ. ɇɟɩɪɚɜɢɥɶɧɨɟ ɱɥɟɧɫɬɜɨ ɜɨɡɧɢɤɚɟɬ, ɤɨɝɞɚ ɨɛɴɟɤɬ, ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɣ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ (ɧɚɩɪɢɦɟɪ, OU), ɫɨɞɟɪɠɢɬ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɝɪɭɩɩ ɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ. ɉɪɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɢ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ ɨɛɴɟɤɬ OU ɢ ɨɛɴɟɤɬɵ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ ɪɟɩɥɢɰɢɪɭɸɬɫɹ ɧɚ ɜɫɟ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. ɇɟɩɪɚɜɢɥɶɧɨɟ ɱɥɟɧɫɬɜɨ ɩɨɥɭɱɚɟɬɫɹ, ɤɨɝɞɚ ɜɨɫɫɬɚɧɨɜɥɟɧɧɚɹ ɢɧɮɨɪɦɚɰɢɹ ɨ ɝɪɭɩɩɟ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ-ɚɞɪɟɫɚɬɚ, ɩɪɟɠɞɟ ɱɟɦ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɢɧɮɨɪɦɚɰɢɹ. Ʉɨɝɞɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ-ɚɞɪɟɫɚɬɚ ɩɨɥɭɱɚɟɬ ɝɪɭɩɩɭ, ɨɧ ɡɚɦɟɱɚɟɬ, ɱɬɨ ɨɞɧɚ ɢɥɢ ɛɨɥɟɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɩɟɪɟɱɢɫɥɟɧɧɵɯ ɜ ɝɪɭɩɩɟ, ɧɟ ɢɦɟɟɬ ɩɪɚɜɢɥɶɧɨɣ ɭɱɟɬɧɨɣ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɢ ɨɧ ɭɞɚɥɹɟɬ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢɡ ɝɪɭɩɩɵ. Ʉɨɝɞɚ ɡɚɬɟɦ ɧɚ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ-ɚɞɪɟɫɚɬɚ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɭɱɟɬɧɚɹ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ, ɨɧɚ ɧɟ ɞɨɛɚɜɥɹɟɬɫɹ ɧɚɡɚɞ ɤ ɝɪɭɩɩɟ. ȿɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶɫɤɚɹ ɢɧɮɨɪɦɚɰɢɹ ɪɟɩɥɢɰɢɪɭɟɬɫɹ ɩɟɪɟɞ ɢɧɮɨɪɦɚɰɢɟɣ ɝɪɭɩɩɵ, ɬɨ ɱɥɟɧɵ ɝɪɭɩɩɵ ɛɭɞɭɬ ɧɚɡɧɚɱɟɧɵ ɩɪɚɜɢɥɶɧɨ. Ʉ ɫɨɠɚɥɟɧɢɸ, ɧɟɬ ɧɢɤɚɤɨɝɨ ɫɩɨɫɨɛɚ ɭɩɪɚɜɥɹɬɶ ɨɱɟɪɟɞɧɨɫɬɶɸ ɪɟɩɥɢɰɢɪɨɜɚɧɢɹ ɨɛɴɟɤɬɨɜ. ȿɞɢɧɫɬɜɟɧɧɵɣ ɫɩɨɫɨɛ ɢɫɩɪɚɜɢɬɶ ɷɬɭ ɩɨɬɟɧɰɢɚɥɶɧɭɸ ɨɲɢɛɤɭ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɫɨɡɞɚɬɶ ɜɪɟɦɟɧɧɭɸ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɢ ɞɨɛɚɜɢɬɶ ɟɟ ɤ ɤɚɠɞɨɣ ɝɪɭɩɩɟ, ɧɚ ɤɨɬɨɪɭɸ ɜɨɡɞɟɣɫɬɜɭɟɬ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ. ȼɵ ɞɨɥɠɧɵ ɫɞɟɥɚɬɶ ɷɬɨ ɩɨɫɥɟ ɬɨɝɨ, ɤɚɤ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɩɟɪɟɡɚɝɪɭɡɢɥɫɹ, ɢ ɡɚɜɟɪɲɢɥɚɫɶ ɧɚɱɚɥɶɧɚɹ ɩɨɥɧɨɦɨɱɧɚɹ ɪɟɩɥɢɤɚɰɢɹ. Ⱦɨɛɚɜɥɟɧɢɟ ɱɥɟɧɚ ɤ ɝɪɭɩɩɟ ɡɚɫɬɚɜɥɹɟɬ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɤɨɩɢɪɨɜɚɬɶ ɫɩɢɫɨɤ ɱɥɟɧɨɜ ɝɪɭɩɩɵ ɧɚ ɜɫɟ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ. ȿɫɥɢ ɷɬɢ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ ɭɞɚɥɢɥɢ ɭɱɟɬɧɭɸ ɡɚɩɢɫɶ ɩɨɥɶɡɨɜɚɬɟɥɹ ɢɡ ɝɪɭɩɩɵ, ɬɨ ɨɧɢ ɜɨɫɫɬɚɧɨɜɹɬ ɟɟ ɩɨɫɥɟ ɩɨɥɭɱɟɧɢɹ ɦɨɞɢɮɢɰɢɪɨɜɚɧɧɨɝɨ ɫɩɢɫɤɚ ɱɥɟɧɨɜ ɝɪɭɩɩɵ. Ⱦɪɭɝɚɹ ɩɨɬɟɧɰɢɚɥɶɧɚɹ ɩɪɨɛɥɟɦɚ, ɤɚɫɚɸɳɚɹɫɹ ɝɪɭɩɩɨɜɨɝɨ ɱɥɟɧɫɬɜɚ, ɦɨɠɟɬ ɩɪɨɢɡɨɣɬɢ ɜ ɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɝɪɭɩɩɨɜɨɟ ɱɥɟɧɫɬɜɨ ɛɵɥɨ ɢɡɦɟɧɟɧɨ ɧɚ ɞɪɭɝɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɞɨ ɢɥɢ ɜ ɩɪɨɰɟɫɫɟ ɨɮɢɰɢɚɥɶɧɨɝɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɢɡɦɟɧɟɧɧɨɟ ɝɪɭɩɩɨɜɨɟ ɱɥɟɧɫɬɜɨ ɦɨɝɥɨ ɛɵ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɧɚ ɜɫɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɤɪɨɦɟ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɜɵɩɨɥɧɹɸɳɟɝɨ ɨɮɢɰɢɚɥɶɧɨɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ. Ɉɮɢɰɢɚɥɶɧɨɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɭɫɬɚɧɚɜɥɢɜɚɟɬ ɧɨɦɟɪ USN ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɯ ɨɛɴɟɤɬɨɜ ɜɵɲɟ, ɱɟɦ USN, ɩɪɢɩɢɫɚɧɧɵɣ ɬɨɥɶɤɨ ɱɬɨ ɢɡɦɟɧɟɧɧɨɦɭ ɝɪɭɩɩɨɜɨɦɭ ɱɥɟɧɫɬɜɭ. Ɍɚɤɢɦ ɨɛɪɚɡɨɦ, ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɜɵɩɨɥɧɹɸɳɢɣ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ, ɧɢɤɨɝɞɚ ɧɟ ɩɨɥɭɱɢɬ ɦɨɞɢɮɢɰɢɪɨɜɚɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ ɨ ɱɥɟɧɫɬɜɟ ɝɪɭɩɩɵ, ɢ ɢɧɮɨɪɦɚɰɢɹ ɤɚɬɚɥɨɝɚ ɧɟ ɛɭɞɟɬ ɫɨɝɥɚɫɨɜɚɧɚ ɦɟɠɞɭ ɪɚɡɥɢɱɧɵɦɢ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ. ɗɬɚ ɧɟɫɨɝɥɚɫɨɜɚɧɧɨɫɬɶ ɦɨɠɟɬ ɛɵɬɶ ɨɛɧɚɪɭɠɟɧɚ ɬɨɥɶɤɨ ɩɪɢ ɪɚɫɫɦɨɬɪɟɧɢɢ ɫɩɢɫɤɚ ɱɥɟɧɨɜ ɤɚɠɞɨɣ ɝɪɭɩɩɵ. ɋɚɦɵɣ ɩɪɨɫɬɨɣ ɫɩɨɫɨɛ ɪɟɲɟɧɢɹ ɷɬɨɣ ɩɪɨɛɥɟɦɵ ɫɨɫɬɨɢɬ ɜ ɨɛɧɨɜɥɟɧɢɢ ɫɩɢɫɤɨɜ ɱɥɟɧɨɜ ɝɪɭɩɩɵ ɜɪɭɱɧɭɸ. Ɍɪɟɬɶɹ ɩɪɨɛɥɟɦɚ ɢɦɟɟɬ ɨɬɧɨɲɟɧɢɟ ɤ ɞɨɦɟɧɭ ɢ ɞɨɜɟɪɢɬɟɥɶɧɵɦ ɨɬɧɨɲɟɧɢɹɦ ɤɨɦɩɶɸɬɟɪɨɜ. Ʉɨɝɞɚ ɤ ɞɨɦɟɧɭ ɞɨɛɚɜɥɹɟɬɫɹ ɤɨɦɩɶɸɬɟɪ, ɧɚ ɤɨɬɨɪɨɦ ɜɵɩɨɥɧɹɟɬɫɹ ɫɢɫɬɟɦɚ Microsoft Windows NT, Windows 2000, Windows XP Professional ɢɥɢ Windows Server 2003, ɬɨ ɫɨɡɞɚɟɬɫɹ ɩɚɪɨɥɶ, ɢɡɜɟɫɬɧɵɣ ɬɨɥɶɤɨ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ ɢ ɞɨɛɚɜɥɟɧɧɨɦɭ ɤɨɦɩɶɸɬɟɪɭ-ɱɥɟɧɭ ɞɨɦɟɧɚ. ɗɬɨɬ ɩɚɪɨɥɶ ɢɫɩɨɥɶɡɭɟɬɫɹ ɞɥɹ ɩɨɞɞɟɪɠɚɧɢɹ ɞɨɜɟɪɢɬɟɥɶɧɵɯ ɨɬɧɨɲɟɧɢɣ ɦɟɠɞɭ ɤɨɦɩɶɸɬɟɪɨɦ ɢ ɞɨɦɟɧɨɦ. ɉɨ ɭɦɨɥɱɚɧɢɸ ɩɚɪɨɥɶ ɢɡɦɟɧɹɟɬɫɹ ɤɚɠɞɵɟ ɫɟɦɶ ɞɧɟɣ. ȿɫɥɢ ɜɵ ɜɵɩɨɥɧɹɟɬɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ, ɬɨ ɛɭɞɭɬ ɜɨɫɫɬɚɧɨɜɥɟɧɵ ɩɚɪɨɥɢ, ɤɨɬɨɪɵɟ ɛɵɥɢ ɜ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɩɪɢ ɫɨɡɞɚɧɢɢ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ. ȿɫɥɢ ɤɨɦɩɶɸɬɟɪ-ɱɥɟɧ ɞɨɦɟɧɚ ɭɠɟ ɩɨɥɭɱɢɥ ɞɪɭɝɨɣ ɩɚɪɨɥɶ, ɬɨ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɨɦɟɧɨɦ ɢ ɤɨɦɩɶɸɬɟɪɨɦ-ɱɥɟɧɨɦ ɞɨɦɟɧɚ ɧɟ ɛɭɞɭɬ ɮɭɧɤɰɢɨɧɢɪɨɜɚɬɶ. Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ NTLM ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ Active Directory ɢ ɞɨɦɟɧɚɦɢ Windows NT ɢɫɩɨɥɶɡɭɸɬ ɩɨɯɨɠɢɟ ɩɪɚɜɢɥɚ, ɩɨɷɬɨɦɭ ɨɧɢ ɬɚɤɠɟ ɦɨɝɭɬ ɩɟɪɟɫɬɚɬɶ ɪɚɛɨɬɚɬɶ, ɟɫɥɢ ɛɭɞɟɬ ɜɨɫɫɬɚɧɨɜɥɟɧ ɫɬɚɪɵɣ ɩɚɪɨɥɶ. Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɞɨɦɟɧɚ ɦɨɠɧɨ ɜɨɫɫɬɚɧɨɜɢɬɶ, ɭɞɚɥɹɹ ɫɬɚɪɵɟ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɢ ɫɨɡɞɚɜɚɹ ɢɯ ɡɚɧɨɜɨ. Ⱦɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɪɚɛɨɱɟɣ ɫɬɚɧɰɢɢ ɫ ɞɨɦɟɧɨɦ ɦɨɠɧɨ ɜɨɫɫɬɚɧɨɜɢɬɶ, ɢɫɩɨɥɶɡɭɹ ɢɧɫɬɪɭɦɟɧɬ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɢ NetDom ɢɥɢ ɭɞɚɥɹɹ ɪɚɛɨɱɭɸ ɫɬɚɧɰɢɸ ɢɡ ɞɨɦɟɧɚ, ɚ ɡɚɬɟɦ
ɞɨɛɚɜɥɹɹ ɟɟ ɧɚɡɚɞ. ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. ɉɪɨɛɥɟɦɵ, ɤɨɬɨɪɵɟ ɜɨɡɧɢɤɚɸɬ ɜ ɪɟɡɭɥɶɬɚɬɟ ɢɫɩɨɥɶɡɨɜɚɧɢɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ, ɩɪɟɞɩɨɥɚɝɚɸɬ ɟɝɨ ɢɫɩɨɥɶɡɨɜɚɧɢɟ ɫ ɨɫɬɨɪɨɠɧɨɫɬɶɸ. ɗɬɢ ɩɪɨɛɥɟɦɵ ɩɨɤɚɡɵɜɚɸɬ ɜɚɠɧɨɫɬɶ ɪɟɝɭɥɹɪɧɨɝɨ ɫɨɡɞɚɧɢɹ ɪɟɡɟɪɜɧɵɯ ɤɨɩɢɣ ɜɚɲɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. ɑɟɦ ɫɬɚɪɟɟ ɪɟɡɟɪɜɧɚɹ ɤɨɩɢɹ ɤɚɬɚɥɨɝɚ, ɬɟɦ ɛɨɥɟɟ ɜɟɪɨɹɬɧɨ, ɱɬɨ ɜɵ ɫɬɨɥɤɧɟɬɟɫɶ ɫ ɷɬɢɦɢ ɩɪɨɛɥɟɦɚɦɢ. Ʉɪɨɦɟ ɬɨɝɨ, ɜɵ ɞɨɥɠɧɵ ɢɦɟɬɶ ɯɨɪɨɲɨ ɫɩɪɨɟɤɬɢɪɨɜɚɧɧɭɸ ɢ ɨɬɪɚɛɨɬɚɧɧɭɸ ɩɪɨɝɪɚɦɦɭ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɩɨɫɥɟ ɫɛɨɹ ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɣ. ɑɟɦ ɛɵɫɬɪɟɟ ɜɵ ɦɨɠɟɬɟ ɜɨɫɫɬɚɧɨɜɢɬɶ ɤɚɬɚɥɨɝ, ɬɟɦ ɦɟɧɶɲɟ ɩɪɨɛɥɟɦ ɜɵ ɛɭɞɟɬɟ ɢɦɟɬɶ. ɇɚɢɛɨɥɟɟ ɬɢɩɢɱɧɵɦ ɜɚɪɢɚɧɬɨɦ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ, ɜɟɪɨɹɬɧɨ, ɛɭɞɟɬ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɬɨɥɶɤɨ ɱɚɫɬɢ ɤɚɬɚɥɨɝɚ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɤɬɨ-ɬɨ ɫɥɭɱɚɣɧɨ ɭɞɚɥɢɬ OU, ɜɵ ɞɨɥɠɧɵ ɜɨɫɫɬɚɧɨɜɢɬɶ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ ɬɨɥɶɤɨ ɷɬɭ OU, ɚ ɧɟ ɜɟɫɶ ɤɚɬɚɥɨɝ. ɑɬɨɛɵ ɜɵɩɨɥɧɢɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ, ɫɞɟɥɚɣɬɟ ɫɥɟɞɭɸɳɟɟ. 1. ȼɵɩɨɥɧɢɬɟ ɲɚɝɢ ɫ ɩɟɪɜɨɝɨ ɩɨ ɩɹɬɵɣ ɩɪɨɰɟɞɭɪɵ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɛɟɡ ɩɨɥɧɨɦɨɱɢɣ; ɧɟ ɩɟɪɟɡɚɝɪɭɠɚɣɬɟ ɫɟɪɜɟɪ, ɤɨɝɞɚ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɡɚɤɨɧɱɟɧɨ. 2. Ɉɬɤɪɨɣɬɟ ɤɨɦɚɧɞɧɭɸ ɫɬɪɨɤɭ ɢ ɧɚɩɟɱɚɬɚɣɬɟ ntdsutil. 3. ȼ ɨɤɧɟ Ntdsutil ɧɚɩɟɱɚɬɚɣɬɟ authoritative restore (ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ). 4. ȼ ɨɤɧɟ Authoritative Restore ɧɚɩɟɱɚɬɚɣɬɟ restore subtree objectname (ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɩɨɞɞɟɪɟɜɚ objectname). ɇɚɩɪɢɦɟɪ, ɱɬɨɛɵ ɜɨɫɫɬɚɧɨɜɢɬɶ OU Managers ɜ ɞɨɦɟɧɟ NWTraders.com, ɧɭɠɧɨ ɧɚɩɟɱɚɬɚɬɶ restore subtree ou=managers ou,dc~nwtraders,dc=com. ȼɵ ɦɨɠɟɬɟ ɬɚɤɠɟ ɜɨɫɫɬɚɧɨɜɢɬɶ ɢɧɞɢɜɢɞɭɚɥɶɧɭɸ ɝɪɭɩɩɭ, ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɩɨɥɶɡɨɜɚɬɟɥɟɣ (ɧɚɩɪɢɦɟɪ, restore subtree en—managerl,ou—managers ou, dc—nwtraders,dc=com) ɢɥɢ ɪɚɡɞɟɥ ɩɪɢɥɨɠɟɧɢɣ. 5. ɑɬɨɛɵ ɜɨɫɫɬɚɧɨɜɢɬɶ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ ɜɟɫɶ ɤɚɬɚɥɨɝ, ɧɚɩɟɱɚɬɚɣɬɟ restore database (ɜɨɫɫɬɚɧɨɜɢɬɶ ɛɚɡɭ ɞɚɧɧɵɯ) ɜ ɨɤɧɟ ɤɨɦɚɧɞɵ Authoritative Restore. 6. ȼɵɣɞɢɬɟ ɢɡ ɭɬɢɥɢɬɵ Ntdsutil ɢ ɩɟɪɟɡɚɝɪɭɡɢɬɟ ɫɟɪɜɟɪ. ɉɪɟɞɨɫɬɟɪɟɠɟɧɢɟ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɩɨɬɪɟɛɭɟɬɫɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɜɫɟɣ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory, ɢɫɩɨɥɶɡɭɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ. Ɍɚɤɨɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɜɫɟɝɨ ɤɚɬɚɥɨɝɚ - ɷɬɨ ɨɱɟɧɶ ɜɚɠɧɚɹ ɨɩɟɪɚɰɢɹ, ɨɧɚ ɞɨɥɠɧɚ ɜɵɩɨɥɧɹɬɶɫɹ ɬɨɥɶɤɨ ɜ ɬɟɯ ɫɥɭɱɚɹɯ, ɤɨɝɞɚ ɛɵɥɚ ɪɚɡɪɭɲɟɧɚ ɛɚɡɚ ɞɚɧɧɵɯ ɢɥɢ ɩɪɨɢɡɨɲɥɚ ɤɚɤɚɹ-ɬɨ ɞɪɭɝɚɹ ɨɱɟɧɶ ɫɟɪɶɟɡɧɚɹ ɨɲɢɛɤɚ. ȼɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ ɜɫɟɝɨ ɤɚɬɚɥɨɝɚ ɭɜɟɥɢɱɢɜɚɟɬ ɧɨɦɟɪ USN ɧɚ ɤɚɠɞɨɦ ɨɛɴɟɤɬɟ ɜ ɞɨɦɟɧɟ ɢ ɜ ɪɚɡɞɟɥɚɯ ɤɨɧɮɢɝɭɪɚɰɢɢ ɤɚɬɚɥɨɝɚ ɧɚ 100000. Ɋɚɡɞɟɥ ɫɯɟɦɵ ɧɟ ɦɨɠɟɬ ɛɵɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧ ɬɚɤɢɦɢ ɨɛɪɚɡɨɦ.
Sysvol
Ⱦɨ ɧɚɫɬɨɹɳɟɝɨ ɦɨɦɟɧɬɚ ɷɬɚ ɝɥɚɜɚ ɛɵɥɚ ɩɨɫɜɹɳɟɧɚ ɜɨɫɫɬɚɧɨɜɥɟɧɢɸ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory, ɫɨɞɟɪɠɚɳɟɣ ɭɱɟɬɧɵɟ ɡɚɩɢɫɢ ɢ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɞɥɹ ɞɨɦɟɧɚ ɢɥɢ ɥɟɫɚ. Ɉɞɧɚɤɨ ɩɚɩɤɚ Sysvol ɧɚ ɤɚɠɞɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɬɨɠɟ ɫɨɞɟɪɠɢɬ ɤɪɢɬɢɱɟɫɤɭɸ ɢɧɮɨɪɦɚɰɢɸ, ɤɚɫɚɸɳɭɸɫɹ ɞɨɦɟɧɚ, ɬɚɤɭɸ ɤɚɤ ɲɚɛɥɨɧɵ ɝɪɭɩɩɨɜɵɯ ɩɨɥɢɬɢɤ ɢ ɫɰɟɧɚɪɢɢ, ɢɫɩɨɥɶɡɭɟɦɵɟ ɤɨɦɩɶɸɬɟɪɚɦɢ ɢɥɢ ɩɨɥɶɡɨɜɚɬɟɥɹɦɢ ɜ ɫɟɬɢ. ɉɨɷɬɨɦɭ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɢɧɮɨɪɦɚɰɢɢ Sysvol ɦɨɠɟɬ ɛɵɬɶ ɫɬɨɥɶ ɠɟ ɜɚɠɧɵɦ, ɤɚɤ ɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɛɚɡɵ ɞɚɧɧɵɯ Active Directory. Ɋɟɡɟɪɜɧɚɹ ɤɨɩɢɹ ɩɚɩɤɢ Sysvol ɫɨɡɞɚɟɬɫɹ ɤɚɤ ɱɚɫɬɶ ɢɧɮɨɪɦɚɰɢɢ ɨ ɫɨɫɬɨɹɧɢɢ ɫɢɫɬɟɦɵ, ɤɚɫɚɸɳɟɣɫɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɬ.ɟ. ɟɫɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜɵɣɞɟɬ ɢɡ ɫɬɪɨɹ, ɬɨ ɢɧɮɨɪɦɚɰɢɹ Sysvol ɦɨɠɟɬ ɛɵɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧɚ ɤɚɤ ɱɚɫɬɶ ɨɛɵɱɧɨɝɨ ɩɪɨɰɟɫɫɚ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ʉɪɨɦɟ ɬɨɝɨ, ɟɫɥɢ ɜɵ ɧɟ ɯɨɬɢɬɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɚ ɬɨɥɶɤɨ ɜɨɫɫɬɚɧɨɜɢɬɶ ɟɝɨ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ, ɫɨɡɞɚɜɚɹ ɞɪɭɝɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ, ɬɨ ɢɧɮɨɪɦɚɰɢɹ Sysvol ɛɭɞɟɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɫ ɥɸɛɵɯ ɫɭɳɟɫɬɜɭɸɳɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ. ɗɬɨ ɩɪɨɢɫɯɨɞɢɬ ɩɪɢ ɩɨɦɨɳɢ ɫɥɭɠɛɵ ɪɟɩɥɢɤɚɰɢɢ ɮɚɣɥɨɜ (File Replication Service - FRS), ɚ ɧɟ ɜ ɩɪɨɰɟɫɫɟ ɪɟɩɥɢɤɚɰɢɢ Active Directory. ɉɨɬɟɧɰɢɚɥɶɧɨ ɦɨɠɟɬ ɜɨɡɧɢɤɧɭɬɶ ɨɞɧɨ ɨɫɥɨɠɧɟɧɢɟ, ɟɫɥɢ ɜɚɦ ɧɚɞɨ ɜɵɩɨɥɧɢɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɫ ɩɨɥɧɨɦɨɱɢɹɦɢ ɞɥɹ ɤɨɧɬɟɣɧɟɪɚ Sysvol. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɤɬɨ-ɬɨ ɭɞɚɥɢɥ ɜɫɟ ɫɰɟɧɚɪɢɢ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ, ɧɚɯɨɞɢɜɲɢɟɫɹ ɜ ɩɚɩɤɟ Sysvol, ɜɵ ɡɚɯɨɬɢɬɟ ɜɨɫɫɬɚɧɨɜɢɬɶ ɫɰɟɧɚɪɢɢ, ɜɦɟɫɬɨ ɬɨɝɨ ɱɬɨɛɵ ɡɚɧɨɜɨ ɫɨɡɞɚɜɚɬɶ ɢɯ. ɉɪɨɛɥɟɦɚ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ, ɟɫɥɢ ɭɞɚɥɟɧɢɟ ɛɵɥɨ ɪɟɩɥɢɰɢɪɨɜɚɧɨ ɧɚ ɜɫɟ ɞɪɭɝɢɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ, ɬɨ ɨɧɨ ɛɭɞɟɬ ɢɦɟɬɶ ɛɨɥɟɟ ɞɨɜɪɟɦɟɧɧɨɟ ɪɟɩɥɢɤɚɰɢɨɧɧɨɟ ɡɧɚɱɟɧɢɟ, ɱɟɦ ɧɚ ɜɨɫɫɬɚɧɨɜɥɟɧɧɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ. ɉɨɷɬɨɦɭ ɟɫɥɢ ɜɵ ɜɵɩɨɥɧɢɬɟ ɩɪɨɫɬɨ ɨɛɵɱɧɨɟ
ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ, ɬɨ ɨɧ ɪɟɩɥɢɰɢɪɭɟɬ ɭɞɚɥɟɧɢɟ ɫ ɞɪɭɝɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ɋɟɲɟɧɢɟ ɩɪɨɛɥɟɦɵ ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨɛɵ ɜɵɩɨɥɧɢɬɶ ɨɫɧɨɜɧɨɟ (primary) ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɢɧɮɨɪɦɚɰɢɢ Sysvol. ȿɫɥɢ ɜɵ ɢɫɩɨɥɶɡɭɟɬɟ ɫɢɫɬɟɦɧɭɸ ɪɟɡɟɪɜɧɭɸ ɤɨɩɢɸ ɫɟɪɜɟɪɚ Windows Server 2003 ɢ ɩɪɨɝɪɚɦɦɭ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ, ɬɨ ɛɭɞɟɬ ɜɵɩɨɥɧɹɬɶɫɹ ɨɛɵɱɧɨɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɛɟɡ ɩɨɥɧɨɦɨɱɢɣ, ɧɨ ɩɪɢ ɜɵɩɨɥɧɟɧɢɢ ɩɪɨɝɪɚɦɦɵ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɧɟ ɫɥɟɞɭɟɬ ɩɪɢɧɢɦɚɬɶ ɡɚɞɚɧɧɵɟ ɩɨ ɭɦɨɥɱɚɧɢɸ ɩɚɪɚɦɟɬɪɵ ɧɚɫɬɪɨɣɤɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ. ȼɦɟɫɬɨ ɷɬɨɝɨ ɜ ɨɤɧɟ Advanced Restore Options (Ⱦɨɩɨɥɧɢɬɟɥɶɧɵɟ ɨɩɰɢɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ) ɦɚɫɬɟɪɚ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɜɵɛɟɪɢɬɟ ɨɩɰɢɸ When Restoring Replicated Data Sets, Mark The Restored Data As The Primary Data For All Replicas (ɉɪɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɢ ɧɚɛɨɪɨɜ ɪɟɩɥɢɰɢɪɭ-ɟɦɵɯ ɞɚɧɧɵɯ ɨɬɦɟɱɚɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧɧɵɟ ɞɚɧɧɵɟ ɤɚɤ ɨɫɧɨɜɧɵɟ ɞɥɹ ɜɫɟɯ ɪɟɩɥɢɤ) (ɫɦ. ɪɢɫ. 15-3). ȼ ɪɟɡɭɥɶɬɚɬɟ ɩɚɩɤɚ Sysvol ɧɚ ɷɬɨɦ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ ɛɭɞɟɬ ɨɬɦɟɱɟɧɚ, ɤɚɤ ɨɫɧɨɜɧɨɣ ɤɨɧɬɟɣɧɟɪ ɞɥɹ ɪɟɩɥɢɤɚɰɢɢ Sysvol.
. 15-3.
Sysvol
Ɋɨɥɢ ɫɟɪɜɟɪɨɜ-ɯɨɡɹɟɜ ɨɩɟɪɚɰɢɣ ɬɪɟɛɭɸɬ ɞɨɩɨɥɧɢɬɟɥɶɧɵɯ ɫɨɨɛɪɚɠɟɧɢɣ ɩɪɢ ɩɥɚɧɢɪɨɜɚɧɢɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɤɚɬɚɥɨɝɚ ɩɨɫɥɟ ɫɛɨɹ. Ɋɨɥɢ ɯɨɡɹɟɜ ɨɩɟɪɚɰɢɣ ɦɨɝɭɬ ɛɵɬɶ ɪɚɫɩɪɟɞɟɥɟɧɵ ɦɟɠɞɭ ɧɟɫɤɨɥɶɤɢɦɢ ɤɨɧɬɪɨɥɥɟɪɚɦɢ ɞɨɦɟɧɚ, ɧɨ ɜ ɤɚɠɞɵɣ ɦɨɦɟɧɬ ɜɪɟɦɟɧɢ ɤɚɠɞɚɹ ɪɨɥɶ ɦɨɠɟɬ ɭɞɟɪɠɢɜɚɬɶɫɹ ɬɨɥɶɤɨ ɨɞɧɢɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɜ ɞɨɦɟɧɟ ɢɥɢ ɥɟɫɟ. ɉɨɷɬɨɦɭ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɷɬɢɯ ɪɨɥɟɣ ɨɬɥɢɱɚɟɬɫɹ ɨɬ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɦ ɧɟ ɧɚɡɧɚɱɟɧɵ ɪɨɥɢ ɯɨɡɹɟɜ ɨɩɟɪɚɰɢɣ. ȼɨɫɫɬɚɧɨɜɥɟɧɢɹ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɫɨɫɬɨɢɬ, ɩɨ ɫɭɳɟɫɬɜɭ, ɢɡ ɬɚɤɢɯ ɠɟ ɩɪɨɰɟɞɭɪ, ɤɚɤ ɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɥɸɛɨɝɨ ɞɪɭɝɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. Ɋɚɡɥɢɱɢɟ ɫɨɫɬɨɢɬ ɜ ɩɥɚɧɢɪɨɜɚɧɢɢ ɬɨɝɨ, ɱɬɨ ɞɨɥɠɧɨ ɜɯɨɞɢɬɶ ɜ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɩɨɫɥɟ ɫɛɨɹ. ɉɨɫɤɨɥɶɤɭ ɬɨɥɶɤɨ ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɦɨɠɟɬ ɭɞɟɪɠɢɜɚɬɶ ɨɩɪɟɞɟɥɟɧɧɭɸ ɪɨɥɶ, ɬɨ ɜɵ ɞɨɥɠɧɵ ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤ ɞɨɥɝɨ ɫɟɬɶ ɛɭɞɟɬ ɪɚɛɨɬɚɬɶ ɛɟɡ ɷɬɨɝɨ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ. ȼ ɧɟɤɨɬɨɪɵɯ ɫɥɭɱɚɹɯ ɨɬɫɭɬɫɬɜɢɟ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɧɟ ɩɪɢɱɢɧɢɬ ɧɢɤɚɤɢɯ ɧɟɩɪɢɹɬɧɨɫɬɟɣ ɜ ɬɟɱɟɧɢɟ ɧɟɫɤɨɥɶɤɢɯ ɞɧɟɣ, ɜ ɞɪɭɝɢɯ ɫɥɭɱɚɹɯ ɨɬɤɚɡ ɜ ɜɵɩɨɥɧɟɧɢɢ ɮɭɧɤɰɢɣ ɷɬɨɣ ɪɨɥɢ ɦɨɠɟɬ ɞɚɬɶ ɧɟɦɟɞɥɟɧɧɵɣ ɷɮɮɟɤɬ. ȿɫɥɢ ɜɵ ɫɦɨɠɟɬɟ ɜɨɫɫɬɚɧɨɜɢɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɩɪɟɠɞɟ ɱɟɦ ɩɨɧɚɞɨɛɢɬɫɹ ɪɨɥɶ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ, ɬɨ ɜɵ ɦɨɠɟɬɟ ɜɨɫɫɬɚɧɨɜɢɬɶ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢ ɜɵɩɨɥɧɢɬɶ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɛɟɡ ɩɨɥɧɨɦɨɱɢɣ ɫɟɪɜɟɪɚ. ɏɨɡɹɢɧ ɨɩɟɪɚɰɢɣ ɛɭɞɟɬ ɜɨɫɫɬɚɧɨɜɥɟɧ ɩɨɫɥɟ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɟɪɜɟɪɚ. ɂɧɨɝɞɚ ɜɵ ɦɨɠɟɬɟ ɪɟɲɢɬɶ, ɱɬɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɨɬɤɚɡɚɜɲɟɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɡɚɣɦɟɬ ɛɨɥɶɲɟ ɜɪɟɦɟɧɢ, ɱɟɦ ɜɪɟɦɹ, ɜ ɬɟɱɟɧɢɟ ɤɨɬɨɪɨɝɨ ɜɚɲɚ ɫɟɬɶ ɦɨɠɟɬ ɨɛɯɨɞɢɬɶɫɹ ɛɟɡ ɷɬɨɝɨ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ. ɂɥɢ ɜɵ ɪɟɲɢɬɟ, ɱɬɨ ɜɨɨɛɳɟ ɧɟ ɯɨɬɢɬɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɷɬɨɬ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɧɨ ɩɪɟɞɩɨɱɥɢ ɛɵ ɫɨɡɞɚɬɶ ɧɨɜɵɣ ɢ ɩɟɪɟɞɚɬɶ ɪɨɥɶ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɟɦɭ. ɉɟɪɟɞɚɱɚ ɪɨɥɢ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɩɪɨɫɬɚ, ɟɫɥɢ ɨɛɚ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɧɚɯɨɞɹɬɫɹ ɜ ɢɧɬɟɪɚɤɬɢɜɧɨɦ ɪɟɠɢɦɟ, ɩɨɬɨɦɭ ɱɬɨ ɨɧɢ ɨɛɚ ɦɨɝɭɬ ɝɚɪɚɧɬɢɪɨɜɚɬɶ, ɱɬɨ ɡɚɜɟɪɲɚɬ ɪɟɩɥɢɤɚɰɢɸ ɩɪɟɠɞɟ, ɱɟɦ ɛɵɥɚ ɩɟɪɟɞɚɧɚ ɪɨɥɶ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ. Ɉɞɧɚɤɨ ɟɫɥɢ ɯɨɡɹɢɧ ɨɩɟɪɚɰɢɣ ɜɵɲɟɥ ɢɡ ɫɬɪɨɹ, ɢ ɜɵ ɞɨɥɠɧɵ ɩɟɪɟɦɟɫɬɢɬɶ ɟɝɨ ɪɨɥɶ ɧɚ ɞɪɭɝɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɬɨ ɧɭɠɧɨ ɡɚɯɜɚɬɢɬɶ ɷɬɭ ɪɨɥɶ. . , , . . , , , ,
, . ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɩɨɥɶɡɨɜɚɬɟɥɶ ɬɨɥɶɤɨ ɱɬɨ ɢɡɦɟɧɢɥ ɫɜɨɣ ɩɚɪɨɥɶ, ɢɫɩɨɥɶɡɭɹ ɤɥɢɟɧɬɚ ɧɢɡɤɨɝɨ ɭɪɨɜɧɹ, ɬɨ ɷɬɨ ɢɡɦɟɧɟɧɢɟ ɛɵɥɨ ɫɞɟɥɚɧɨ ɧɚ ɷɦɭɥɹɬɨɪɟ PDC. ɗɦɭɥɹɬɨɪ PDC ɛɭɞɟɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶ ɷɬɨ ɢɡɦɟɧɟɧɢɟ ɩɚɪɬɧɟɪɭ ɩɨ ɪɟɩɥɢɤɚɰɢɢ, ɪɚɫɩɨɥɨɠɟɧɧɨɦɭ ɜ ɬɨɦ ɠɟ ɫɚɦɨɦ ɫɚɣɬɟ, ɜ ɩɪɟɞɟɥɚɯ 15 ɫɟɤɭɧɞ. ȿɫɥɢ ɜ ɷɬɨɦ ɫɚɣɬɟ ɧɟɬ ɩɚɪɬɧɟɪɚ ɩɨ ɪɟɩɥɢɤɚɰɢɢ, ɬɨ ɪɟɩɥɢɤɚɰɢɹ ɩɚɪɨɥɹ ɧɟ ɩɪɨɢɡɨɣɞɟɬ ɞɨ ɫɥɟɞɭɸɳɟɣ ɡɚɩɥɚɧɢɪɨɜɚɧɧɨɣ ɪɟɩɥɢɤɚɰɢɢ ɦɟɠɞɭ ɫɚɣɬɚɦɢ. ȿɫɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜɵɣɞɟɬ ɢɡ ɫɬɪɨɹ ɩɟɪɟɞ ɷɬɢɦ ɡɚɩɥɚɧɢɪɨɜɚɧɧɵɦ ɜɪɟɦɟɧɟɦ, ɬɨ ɢɡɦɟɧɟɧɢɟ ɩɚɪɨɥɹ ɧɟ ɛɭɞɟɬ ɪɟɩɥɢɰɢɪɨɜɚɬɶɫɹ ɧɚ ɞɪɭɝɢɟ ɫɚɣɬɵ. ȿɫɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɧɚɯɨɞɢɬɫɹ ɬɚɦ ɠɟ, ɝɞɟ ɫɟɪɜɟɪ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ, ɬɨ ɜɟɪɨɹɬɧɨɫɬɶ ɧɟɩɨɥɧɨɣ ɪɟɩɥɢɤɚɰɢɢ ɝɨɪɚɡɞɨ ɦɟɧɶɲɟ. Ʉɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɧɚɯɨɞɹɳɢɣɫɹ ɜ ɬɨɦ ɠɟ ɫɚɣɬɟ, ɝɞɟ ɪɚɫɩɨɥɨɠɟɧ ɯɨɡɹɢɧ ɨɩɟɪɚɰɢɣ, ɹɜɥɹɟɬɫɹ ɬɚɤɠɟ ɧɚɢɥɭɱɲɢɦ ɤɚɧɞɢɞɚɬɨɦ ɧɚ ɡɚɯɜɚɬ ɪɨɥɢ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ, ɩɨɬɨɦɭ ɱɬɨ ɨɧ ɢɦɟɟɬ ɫɚɦɭɸ ɫɜɟɠɭɸ ɢɧɮɨɪɦɚɰɢɸ ɨɬ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ. ȿɫɥɢ ɭ ɜɚɫ ɢɦɟɟɬɫɹ ɛɨɥɶɲɟ ɨɞɧɨɝɨ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɥɟɧɚ ɜ ɬɨɦ ɠɟ ɫɚɦɨɦ ɫɚɣɬɟ, ɝɞɟ ɪɚɫɩɨɥɨɠɟɧ ɨɬɤɚɡɚɜɲɢɣ ɯɨɡɹɢɧ ɨɩɟɪɚɰɢɣ, ɬɨ ɜɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɤɨɦɚɧɞɭ repadmin/ showvector namingcontext, ɱɬɨɛɵ ɨɩɪɟɞɟɥɢɬɶ, ɤɚɤɨɣ ɢɡ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɢɦɟɟɬ ɫɚɦɵɟ ɫɜɟɠɢɟ ɨɛɧɨɜɥɟɧɢɹ ɫ ɜɵɲɟɞɲɟɝɨ ɢɡ ɫɬɪɨɹ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ. ɑɬɨɛɵ ɡɚɯɜɚɬɢɬɶ ɪɨɥɢ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ, ɜɵ ɦɨɠɟɬɟ ɢɫɩɨɥɶɡɨɜɚɬɶ ɭɬɢɥɢɬɭ Ntdsutil ɢɥɢ ɢɧɫɬɪɭɦɟɧɬ Active Directory Users And Computers (ɱɬɨɛɵ ɡɚɯɜɚɬɢɬɶ ɪɨɥɢ ɷɦɭɥɹɬɨɪɚ PDC ɢ ɯɨɡɹɢɧɚ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ). Ɋɨɥɢ ɯɨɡɹɢɧɚ RID, ɯɨɡɹɢɧɚ ɫɯɟɦɵ ɢ ɯɨɡɹɢɧɚ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ ɦɨɠɧɨ ɡɚɯɜɚɬɢɬɶ ɬɨɥɶɤɨ ɫ ɩɨɦɨɳɶɸ ɭɬɢɥɢɬɵ Ntdsutil. ɑɬɨɛɵ ɡɚɯɜɚɬɢɬɶ ɪɨɥɢ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɫ ɩɨɦɨɳɶɸ ɭɬɢɥɢɬɵ Ntdsutil, ɜɵɩɨɥɧɢɬɟ ɫɥɟɞɭɸɳɢɟ ɞɟɣɫɬɜɢɹ. 1. Ɉɬɤɪɨɣɬɟ ɤɨɦɚɧɞɧɭɸ ɫɬɪɨɤɭ ɢ ɧɚɩɟɱɚɬɚɣɬɟ ntdsutil. 2. ȼ ɨɤɧɟ ɤɨɦɚɧɞ Ntdsui^l ɧɚɩɟɱɚɬɚɣɬɟ roles (ɪɨɥɢ). 3. ȼ ɨɤɧɟ ɤɨɣɚɧɞ Fsmo Maintenance (Ɉɛɫɥɭɠɢɜɚɧɢɟ Fsmo) ɧɚɩɟɱɚɬɚɣɬɟ connections (ɩɨɞɤɥɸɱɟɧɢɹ). 4. ȼ ɨɤɧɟ ɤɨɦɚɧɞ Server Connections (ɉɨɞɤɥɸɱɟɧɢɹ ɫɟɪɜɟɪɚ) ɧɚɩɟɱɚɬɚɣɬɟ connect to server servername.domainname (ɫɨɟɞɢɧɢɬɶɫɹ ɫ ɫɟɪɜɟɪɨɦ servername.domainname), ɝɞɟ servername ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɨɦ ɜɵ ɯɨɬɢɬɟ ɡɚɯɜɚɬɢɬɶ ɪɨɥɶ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ. ɇɚɩɟɱɚɬɚɣɬɟ quit (ɜɵɯɨɞ). 5. ȼ ɨɤɧɟ ɤɨɦɚɧɞ Fsmo Maintenance ɧɚɩɟɱɚɬɚɣɬɟ seize operations_master_role (ɡɚɯɜɚɬɢɬɶ ɪɨɥɶ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ). Ƚɞɟ operations_master_role — ɷɬɨ ɪɨɥɢ, ɤɨɬɨɪɵɟ ɜɵ ɯɨɬɢɬɟ ɡɚɯɜɚɬɢɬɶ: schema master (ɯɨɡɹɢɧ ɫɯɟɦɵ), domain naming master (ɯɨɡɹɢɧ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ), infrastructure master (ɯɨɡɹɢɧ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ), RID-master (ɯɨɡɹɢɧ RID) ɢɥɢ PDC. 6. ɉɪɢɦɢɬɟ ɩɪɟɞɭɩɪɟɠɞɟɧɢɟ. ɋɟɪɜɟɪ ɫɧɚɱɚɥɚ ɛɭɞɟɬ ɩɪɨɛɨɜɚɬɶ ɜɵɩɨɥɧɢɬɶ ɧɨɪɦɚɥɶɧɭɸ ɩɟɪɟɞɚɱɭ ɪɨɥɢ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ. ȿɫɥɢ ɷɬɨ ɧɟ ɩɨɥɭɱɢɬɫɹ, ɩɨɬɨɦɭ ɱɬɨ ɫ ɜɵɲɟɞɲɢɦ ɢɡ ɫɬɪɨɹ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ ɧɟɥɶɡɹ ɜɨɣɬɢ ɜ ɤɨɧɬɚɤɬ, ɬɨ ɪɨɥɶ ɛɭɞɟɬ ɡɚɯɜɚɱɟɧɚ. ɇɚ ɪɢɫɭɧɤɟ 15-4 ɫɦɨɬɪɢɬɟ ɩɪɢɦɟɪ ɡɚɯɜɚɬɚ ɪɨɥɢ ɯɨɡɹɢɧɚ RID.
. 15-4.
Ntdsutil
RID
7. ɇɚɩɟɱɚɬɚɣɬɟ quit (ɜɵɯɨɞ) ɜ ɤɚɠɞɨɣ ɤɨɦɚɧɞɧɨɣ ɫɬɪɨɤɟ, ɩɨɤɚ ɧɟ ɜɵɣɞɟɬɟ ɢɡ ɭɬɢɥɢɬɵ Ntdsutil. ɗɦɭɥɹɬɨɪ PDC ɢ ɪɨɥɶ ɯɨɡɹɢɧɚ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɦɨɝɭɬ ɛɵɬɶ ɡɚɯɜɚɱɟɧɵ ɬɚɤɠɟ ɱɟɪɟɡ ɢɧɫɬɪɭɦɟɧɬ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ Active Directory Users And Computers. Ɉɬɤɪɨɣɬɟ ɢɧɫɬɪɭɦɟɧɬ Active Directory Users And Computers ɢ ɢɫɩɨɥɶɡɭɣɬɟ ɨɩɰɢɸ Connect To Domain Controller (ɉɨɞɤɥɸɱɢɬɶɫɹ ɤ ɤɨɧɬɪɨɥɥɟɪɭ ɞɨɦɟɧɚ), ɱɬɨɛɵ ɭɞɨɫɬɨɜɟɪɢɬɶɫɹ, ɱɬɨ ɨɧ ɫɜɹɡɚɧ ɫ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɧɚ ɤɨɬɨɪɨɦ ɜɵ
ɯɨɬɢɬɟ ɡɚɯɜɚɬɢɬɶ ɪɨɥɶ. Ɂɚɬɟɦ ɳɟɥɤɧɢɬɟ ɩɪɚɜɨɣ ɤɧɨɩɤɨɣ ɦɵɲɢ ɧɚ ɢɦɟɧɢ ɞɨɦɟɧɚ ɢ ɜɵɛɟɪɢɬɟ Operations Masters (ɏɨɡɹɟɜɚ ɨɩɟɪɚɰɢɣ). ȿɫɥɢ ɜɵ ɩɨɩɪɨɛɭɟɬɟ ɡɚɯɜɚɬɢɬɶ ɪɨɥɶ, ɩɨɥɭɱɢɬɟ ɩɪɟɞɭɩɪɟɠɞɚɸɳɟɟ ɫɨɨɛɳɟɧɢɟ (ɫɦ. ɪɢɫ. 15-5). ȿɫɥɢ ɜɵ ɜɵɛɟɪɢɬɟ ɜɵɧɭɠɞɟɧɧɭɸ ɩɟɪɟɞɚɱɭ, ɬɨ ɪɨɥɶ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɛɭɞɟɬ ɡɚɯɜɚɱɟɧɚ. Ɍɨɥɶɤɨ ɷɦɭɥɹɬɨɪ PDC ɢ ɪɨɥɶ ɯɨɡɹɢɧɚ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɦɨɝɭɬ ɛɵɬɶ ɡɚɯɜɚɱɟɧɵ ɬɚɤɢɦ ɨɛɪɚɡɨɦ, ɬ.ɟ. ɩɨɩɵɬɤɢ ɩɟɪɟɞɚɬɶ ɥɸɛɭɸ ɞɪɭɝɭɸ ɪɨɥɶ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ ɫ ɩɨɦɨɳɶɸ ɞɪɭɝɨɝɨ ɢɧɫɬɪɭɦɟɧɬɚ, ɤɪɨɦɟ ɭɬɢɥɢɬɵ Ntdsutil, ɩɨɬɟɪɩɹɬ ɧɟɭɞɚɱɭ.
. 15-5.
Э
, Active Directory Users And Computers
PDC
ȼ ɛɨɥɶɲɢɧɫɬɜɟ ɫɟɬɟɣ ɨɬɤɚɡ ɷɦɭɥɹɬɨɪɚ PDC ɨɛɵɱɧɨ ɜɵɡɵɜɚɟɬ ɧɟɦɟɞɥɟɧɧɵɣ ɨɬɤɥɢɤ, ɱɟɦ ɨɬɤɚɡ ɥɸɛɨɝɨ ɞɪɭɝɨɝɨ ɯɨɡɹɢɧɚ ɨɩɟɪɚɰɢɣ. ȼ ɞɨɦɟɧɟ, ɤɨɬɨɪɵɣ ɪɚɛɨɬɚɟɬ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɵɯ ɭɪɨɜɧɹɯ Windows 2000 mixed (ɫɦɟɲɚɧɧɵɣ) ɢɥɢ Windows Server 2003 interim (ɜɪɟɦɟɧɧɵɣ), ɷɦɭɥɹɬɨɪ PDC ɹɜɥɹɟɬɫɹ ɨɫɧɨɜɧɵɦ (primary) ɩɚɪɬɧɟɪɨɦ ɩɨ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɜɫɟɯ ɪɟɡɟɪɜɧɵɯ ɤɨɩɢɣ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ Windows NT (BDC). ɉɨɤɚ ɧɟ ɜɨɫɫɬɚɧɨɜɥɟɧ ɷɦɭɥɹɬɨɪ PDC BDC-ɤɨɧɬɪɨɥɥɟɪɵ ɧɟ ɛɭɞɟɬ ɩɨɥɭɱɚɬɶ ɦɨɞɢɮɢɰɢɪɨɜɚɧɧɭɸ ɢɧɮɨɪɦɚɰɢɸ. Ʉɪɨɦɟ ɬɨɝɨ, ɧɢɡɤɨɭɪɨɜɧɟɜɵɟ ɤɥɢɟɧɬɵ ɬɢɩɚ Windows NT, Windows 95 ɢ Windows 98 (ɧɟ ɢɦɟɸɳɢɟ ɤɥɢɟɧɬɨɜ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ) ɞɨɥɠɧɵ ɫɨɟɞɢɧɹɬɶɫɹ ɫ ɷɦɭɥɹɬɨɪɨɦ PDC, ɱɬɨɛɵ ɩɨɥɶɡɨɜɚɬɟɥɶ ɢɦɟɥ ɜɨɡɦɨɠɧɨɫɬɶ ɢɡɦɟɧɹɬɶ ɫɜɨɣ ɩɚɪɨɥɶ. Ⱦɚɠɟ ɜ ɞɨɦɟɧɟ, ɪɚɛɨɬɚɸɳɟɦ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000 native (ɟɫɬɟɫɬɜɟɧɧɵɣ) ɢɥɢ ɧɚ ɛɨɥɟɟ ɜɵɫɨɤɨɦ, ɷɦɭɥɹɬɨɪ PDC ɢɝɪɚɟɬ ɪɨɥɶ ɨɫɧɨɜɧɨɝɨ ɩɚɪɬɧɟɪɚ ɩɨ ɪɟɩɥɢɤɚɰɢɢ ɞɥɹ ɡɚɦɟɧ ɩɚɪɨɥɹ. ɗɦɭɥɹɬɨɪ PDC ɹɜɥɹɟɬɫɹ ɬɚɤɠɟ ɩɪɟɞɩɨɱɬɢɬɟɥɶɧɵɦ ɫɟɪɜɟɪɨɦ ɞɥɹ ɫɨɡɞɚɧɢɹ ɤɚɤɢɯ-ɥɢɛɨ ɢɡɦɟɧɟɧɢɣ ɤ ɝɪɭɩɩɨɜɵɦ ɩɨɥɢɬɢɤɚɦ. ȿɫɥɢ ɷɦɭɥɹɬɨɪ PDC ɧɟɞɨɫɬɭɩɟɧ, ɤɨɝɞɚ ɜɵ ɩɵɬɚɟɬɟɫɶ ɩɪɨɫɦɨɬɪɟɬɶ ɝɪɭɩɩɨɜɵɟ ɩɨɥɢɬɢɤɢ, ɜɵ ɩɨɥɭɱɢɬɟ ɩɪɟɞɭɩɪɟɠɞɚɸɳɟɟ ɫɨɨɛɳɟɧɢɟ. ɉɨɫɤɨɥɶɤɭ ɷɦɭɥɹɬɨɪ PDC ɩɨɞɞɟɪɠɢɜɚɟɬ ɜɫɟ ɷɬɢ ɫɥɭɠɛɵ, ɬɨ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɪɨɥɢ ɷɦɭɥɹɬɨɪɚ PDC ɜ ɫɟɬɢ ɞɨɥɠɧɨ ɢɦɟɬɶ ɜɵɫɨɤɢɣ ɩɪɢɨɪɢɬɟɬ. ɏɨɬɹ ɷɦɭɥɹɬɨɪ PDC ɢɝɪɚɟɬ ɜɚɠɧɟɣɲɭɸ ɪɨɥɶ ɜ ɞɨɦɟɧɟ, ɡɚɯɜɚɬ ɷɬɨɣ ɪɨɥɢ ɞɪɭɝɢɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɜ ɬɨ ɜɪɟɦɹ ɤɚɤ ɨɪɢɝɢɧɚɥɶɧɵɣ ɷɦɭɥɹɬɨɪ PDC ɧɟɞɨɫɬɭɩɟɧ, ɢɦɟɟɬ ɫɜɨɢ ɨɝɪɚɧɢɱɟɧɢɹ. Ɏɚɤɬɢɱɟɫɤɢ, ɡɚɯɜɚɬ ɷɬɨɣ ɪɨɥɢ ɩɨɞɨɛɟɧ ɡɚɯɜɚɬɭ ɪɨɥɢ PDC ɜ ɞɨɦɟɧɟ Windows NT. ȿɫɥɢ PDC ɤɨɝɞɚɥɢɛɨ ɜɵɯɨɞɢɥ ɢɡ ɫɬɪɨɹ ɜ ɞɨɦɟɧɟ Windows NT, ɜɵ ɦɨɝɥɢ ɜɵɛɢɪɚɬɶ ɞɪɭɝɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɢ ɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɟɝɨ ɬɚɤ, ɱɬɨɛɵ ɨɧ ɛɵɥ PDC-KOH-ɬɪɨɥɥɟɪɨɦ. Ɍɟ ɠɟ ɫɚɦɵɟ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ ɫɭɳɟɫɬɜɭɸɬ ɜ Windows Server 2003. ȿɫɥɢ ɷɦɭɥɹɬɨɪ PDC ɜɵɯɨɞɢɬ ɢɡ ɫɬɪɨɹ, ɜɵ ɞɨɥɠɧɵ ɩɟɪɟɞɚɬɶ ɷɬɭ ɪɨɥɶ ɧɚ ɞɪɭɝɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. Ⱦɚɠɟ ɟɫɥɢ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɛɭɞɟɬ ɧɟɞɨɫɬɭɩɟɧ ɬɨɥɶɤɨ ɜ ɬɟɱɟɧɢɟ ɩɚɪɵ ɱɚɫɨɜ, ɜɫɟ ɪɚɜɧɨ ɧɭɠɧɨ ɩɟɪɟɞɚɬɶ ɷɬɭ ɪɨɥɶ. Ʉɨɝɞɚ ɨɪɢɝɢɧɚɥɶɧɵɣ ɷɦɭɥɹɬɨɪ PDC ɛɭɞɟɬ ɜɨɫɫɬɚɧɨɜɥɟɧ ɢ ɫɧɨɜɚ ɫɜɹɡɚɧ ɫ ɫɟɬɶɸ, ɨɧ ɨɛɧɚɪɭɠɢɬ ɩɪɢɫɭɬɫɬɜɢɟ ɧɨɜɨɝɨ ɷɦɭɥɹɬɨɪɚ PDC ɢ ɭɫɬɭɩɢɬ ɟɦɭ ɷɬɭ ɪɨɥɶ. ɏɨɡɹɢɧ ɫɯɟɦɵ ɢɝɪɚɟɬ ɜɚɠɧɟɣɲɭɸ ɪɨɥɶ ɜ ɞɨɦɟɧɟ ɫɟɪɜɟɪɚ Windows Server 2003, ɧɨ ɷɬɚ ɪɨɥɶ ɢɫɩɨɥɶɡɭɟɬɫɹ ɨɱɟɧɶ ɪɟɞɤɨ. ɏɨɡɹɢɧ ɫɯɟɦɵ ɹɜɥɹɟɬɫɹ ɟɞɢɧɫɬɜɟɧɧɵɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɜ ɤɨɬɨɪɨɦ ɦɨɠɟɬ ɛɵɬɶ ɢɡɦɟɧɟɧɚ ɫɯɟɦɚ. ȿɫɥɢ ɷɬɨɬ ɫɟɪɜɟɪ ɜɵɣɞɟɬ ɢɡ ɫɬɪɨɹ, ɜɵ ɧɟ ɫɦɨɠɟɬɟ ɞɟɥɚɬɶ ɢɡɦɟɧɟɧɢɹ ɤ ɫɯɟɦɟ, ɩɨɤɚ ɫɟɪɜɟɪ ɧɟ ɛɭɞɟɬ ɜɨɫɫɬɚɧɨɜɥɟɧ ɢɥɢ ɩɨɤɚ ɷɬɚ ɪɨɥɶ ɧɟ ɛɭɞɟɬ ɡɚɯɜɚɱɟɧɚ ɞɪɭɝɢɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ. Ɏɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ ɯɨɡɹɢɧɚ ɫɯɟɦɵ ɢɫɩɨɥɶɡɭɸɬɫɹ ɪɟɞɤɨ, ɩɨɬɨɦɭ ɱɬɨ ɜ ɛɨɥɶɲɢɧɫɬɜɟ ɫɟɬɟɣ ɫɯɟɦɚ ɢɡɦɟɧɹɟɬɫɹ ɪɟɞɤɨ. Ɍɪɟɛɭɟɬɫɹ ɩɪɨɜɨɞɢɬɶ ɢɫɩɵɬɚɧɢɟ ɞɥɹ ɝɚɪɚɧɬɢɢ ɬɨɝɨ, ɱɬɨ ɢɡɦɟɧɟɧɢɟ ɫɯɟɦɵ ɫɨɜɦɟɫɬɢɦɨ ɫ ɬɟɤɭɳɟɣ ɫɯɟɦɨɣ. ɗɬɨ ɨɡɧɚɱɚɟɬ, ɱɬɨ ɢɡɦɟɧɟɧɢɟ ɫɯɟɦɵ ɛɵɥɨ ɡɚɩɥɚɧɢɪɨɜɚɧɨ ɧɚ ɨɩɪɟɞɟɥɟɧɧɨɟ ɜɪɟɦɹ, ɢ ɜ ɛɨɥɶɲɢɧɫɬɜɟ ɫɥɭɱɚɟɜ ɡɚɞɟɪɠɤɚ ɜ ɪɚɡɜɟɪɬɵɜɚɧɢɢ ɢɡɦɟɧɟɧɢɣ ɫɯɟɦɵ ɞɨ ɬɨɝɨ ɜɪɟɦɟɧɢ, ɩɨɤɚ ɧɟ ɛɭɞɟɬ ɜɨɫɫɬɚɧɨɜɥɟɧ ɯɨɡɹɢɧ ɫɯɟɦɵ, ɧɟ ɞɨɥɠɧɚ ɜɵɡɵɜɚɬɶ ɩɪɨɛɥɟɦ. Ɉɞɧɚɤɨ ɟɫɥɢ ɜɵ ɧɟ ɩɥɚɧɢɪɭɟɬɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɯɨɡɹɢɧɚ ɫɯɟɦɵ, ɦɨɠɧɨ ɡɚɯɜɚɬɢɬɶ ɷɬɭ ɪɨɥɶ ɞɪɭɝɢɦ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɢɫɩɨɥɶɡɭɹ ɭɬɢɥɢɬɭ Ntdsutil. ȿɫɥɢ ɜɵ ɡɚɯɜɚɬɵɜɚɟɬɟ ɪɨɥɶ ɯɨɡɹɢɧɚ ɫɯɟɦɵ ɞɪɭɝɢɦ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɬɨ ɩɟɪɜɨɧɚɱɚɥɶɧɵɣ ɯɨɡɹɢɧ ɫɯɟɦɵ ɛɨɥɟɟ ɧɟ ɞɨɥɠɟɧ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶɫɹ ɜ ɫɟɬɢ.
С
,
.
PDC ,
.
,
,
, . ,
,
, .
,
.
, ,
.
ɏɨɡɹɢɧ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ — ɷɬɨ ɟɳɟ ɨɞɧɚ ɪɨɥɶ, ɤɨɬɨɪɚɹ ɪɟɞɤɨ ɢɫɩɨɥɶɡɭɟɬɫɹ. Ɉɧ ɧɟɨɛɯɨɞɢɦ ɬɨɥɶɤɨ ɩɪɢ ɞɨɛɚɜɥɟɧɢɢ ɢɥɢ ɭɞɚɥɟɧɢɢ ɞɨɦɟɧɨɜ. ȿɫɥɢ ɷɬɨɬ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɧɟɞɨɫɬɭɩɟɧ ɜ ɬɟɱɟɧɢɟ ɤɨɪɨɬɤɨɝɨ ɩɟɪɢɨɞɚ ɜɪɟɦɟɧɢ, ɬɨ ɜ ɭɫɬɨɣɱɢɜɨɣ ɩɪɨɢɡɜɨɞɫɬɜɟɧɧɨɣ ɫɪɟɞɟ ɷɬɨ ɧɟ ɜɵɡɨɜɟɬ ɫɟɪɶɟɡɧɵɯ ɩɨɫɥɟɞɫɬɜɢɣ. Ɉɞɧɚɤɨ ɟɫɥɢ ɜɚɦ ɧɭɠɧɨ ɞɨɛɚɜɢɬɶ ɢɥɢ ɭɞɚɥɢɬɶ ɞɨɦɟɧ, ɢ ɭ ɜɚɫ ɧɟɬ ɜɪɟɦɟɧɢ ɧɚ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟ ɯɨɡɹɢɧɚ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ, ɬɨ ɜɵ ɦɨɠɟɬɟ ɡɚɯɜɚɬɢɬɶ ɷɬɭ ɪɨɥɶ. Ʉɚɤ ɢ ɜ ɫɥɭɱɚɟ ɫ ɯɨɡɹɢɧɨɦ ɫɯɟɦɵ, ɟɫɥɢ ɜɵ ɡɚɯɜɚɬɢɬɟ ɪɨɥɶ ɯɨɡɹɢɧɚ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ, ɩɟɪɟɞɚɜ ɟɟ ɧɚ ɞɪɭɝɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɩɟɪɜɨɧɚɱɚɥɶɧɵɣ ɯɨɡɹɢɧ ɷɬɨɣ ɨɩɟɪɚɰɢɢ ɭɠɟ ɧɟ ɞɨɥɠɟɧ ɜɨɡɜɪɚɳɚɬɶɫɹ ɜ ɢɧɬɟɪɚɤɬɢɜɧɵɣ ɪɟɠɢɦ, ɟɫɥɢ ɬɨɥɶɤɨ ɧɚ ɷɬɨɦ ɫɟɪɜɟɪɟ ɧɟ ɛɵɥɚ ɡɚɧɨɜɨ ɢɧɫɬɚɥɥɢɪɨɜɚɧɚ ɨɩɟɪɚɰɢɨɧɧɚɹ ɫɢɫɬɟɦɚ, ɭɫɬɪɚɧɢɜɲɚɹ ɫ ɧɟɝɨ ɫɟɪɜɟɪɚ ɪɨɥɶ ɯɨɡɹɢɧɚ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ. . , , , . , . , , , . , , ɝɢɟ ɞɨɦɟɧɵ, ɤɪɨɦɟ ɜɚɲɟɝɨ ɞɨɦɚɲɧɟɝɨ ɞɨɦɟɧɚ, ɢɥɢ ɞɨɫɬɭɩ ɤ ɪɟɫɭɪɫɚɦ, ɪɚɫɩɨɥɨɠɟɧɧɵɦ ɜ ɞɪɭɝɨɦ ɞɨɦɟɧɟ, ɛɭɞɟɬ ɜɵɡɵɜɚɬɶ ɨɬɤɚɡ, ɟɫɥɢ ɨɬɫɭɬɫɬɜɭɸɬ ɞɪɭɝɢɟ ɤɨɪɧɟɜɵɟ ɤɨɧɬɪɨɥɥɟɪɵ ɞɨɦɟɧɚ (ɤɪɨɦɟ ɬɟɯ ɫɥɭɱɚɟɜ, ɤɨɝɞɚ ɫɭɳɟɫɬɜɭɟɬ ɞɪɭɝɨɣ ɩɭɬɶ ɱɟɪɟɡ ɞɨɜɟɪɢɬɟɥɶɧɵɟ ɨɬɧɨɲɟɧɢɹ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ). Ɍɚɤɢɦ ɨɛɪɚɡɨɦ, ɯɨɬɹ ɯɨɡɹɢɧ ɫɯɟɦɵ ɢ ɯɨɡɹɢɧ ɢɦɟɧɨɜɚɧɢɹ ɞɨɦɟɧɨɜ ɧɟ ɨɛɹɡɚɬɟɥɶɧɨ ɞɨɥɠɧɵ ɛɵɬɶ ɜɫɟɝɞɚ ɞɨɫɬɭɩɧɵ, ɧɨ ɜ ɜɚɲɟɦ ɤɨɪɧɟɜɨɦ ɞɨɦɟɧɟ ɞɨɥɠɟɧ ɛɵɬɶ ɜɫɟɝɞɚ ɞɨɫɬɭɩɟɧ, ɩɨ ɤɪɚɣɧɟɣ ɦɟɪɟ, ɨɞɢɧ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. Ɋɨɥɶ ɯɨɡɹɢɧɚ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɧɚɢɦɟɧɟɟ ɫɭɳɟɫɬɜɟɧɧɚ ɫ ɬɨɱɤɢ ɡɪɟɧɢɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɢɫɬɟɦɵ ɩɨɫɥɟ ɫɛɨɹ. ɏɨɡɹɢɧ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɫɥɟɞɢɬ ɡɚ ɢɡɦɟ-ɧɟɧɢɟɦ ɨɬɨɛɪɚɠɚɟɦɵɯ ɢɦɟɧ ɞɥɹ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɢ ɝɪɭɩɩ ɜ ɫɪɟɞɟ, ɫɨɫɬɨɹɳɟɣ ɢɡ ɧɟɫɤɨɥɶɤɢɯ ɞɨɦɟɧɨɜ. ɗɬɚ ɞɟɹɬɟɥɶɧɨɫɬɶ ɩɪɨɡɪɚɱɧɚ ɞɥɹ ɨɛɵɱɧɵɯ ɩɨɥɶɡɨɜɚɬɟɥɟɣ, ɢ ɦɨɠɟɬ ɫɬɚɬɶ ɩɪɨɛɥɟɦɨɣ ɬɨɥɶɤɨ ɬɨɝɞɚ, ɤɨɝɞɚ ɚɞɦɢɧɢɫɬɪɚɬɨɪɵ ɪɚɫɫɦɚɬɪɢɜɚɸɬ ɱɥɟɧɫɬɜɨ ɝɪɭɩɩɵ. ɉɨɷɬɨɦɭ ɡɚɯɜɚɬ ɪɨɥɢ ɯɨɡɹɢɧɚ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɞɨɥɠɟɧ ɢɦɟɬɶ ɞɨɜɨɥɶɧɨ ɧɢɡɤɢɣ ɩɪɢɨɪɢɬɟɬ ɢɡ-ɡɚ ɬɨɝɨ, ɱɬɨ ɷɬɚ ɪɨɥɶ ɧɟ ɨɤɚɡɵɜɚɟɬ ɜɥɢɹɧɢɹ ɧɚ ɤɚɤɢɟɥɢɛɨ ɫɟɬɟɜɵɟ ɫɥɭɠɛɵ. ȿɫɥɢ ɜɵ ɪɟɲɢɬɟ ɡɚɯɜɚɬɢɬɶ ɪɨɥɶ ɯɨɡɹɢɧɚ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ ɢ ɩɟɪɟɞɚɬɶ ɟɟ ɧɚ ɞɪɭɝɨɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɜ ɫɪɟɞɟ, ɫɨɫɬɨɹɳɟɣ ɢɡ ɧɟɫɤɨɥɶɤɢɯ ɞɨɦɟɧɨɜ, ɜɵ ɞɨɥɠɧɵ ɝɚɪɚɧɬɢɪɨɜɚɬɶ, ɱɬɨ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ-ɚɞɪɟɫɚɬɚ ɧɟ ɹɜɥɹɟɬɫɹ GC-ɫɟɪɜɟɪɨɦ. ȼɩɨɫɥɟɞɫɬɜɢɢ ɦɨɠɧɨ ɜɨɫɫɬɚɧɨɜɢɬɶ ɩɟɪɜɨɧɚɱɚɥɶɧɨɝɨ ɯɨɡɹɢɧɚ ɢɧɮɪɚɫɬɪɭɤɬɭɪɵ.
RID
ɏɨɡɹɢɧ RID - ɷɬɨ ɯɨɡɹɢɧ ɨɩɟɪɚɰɢɣ ɭɪɨɜɧɹ ɞɨɦɟɧɚ, ɤɨɬɨɪɵɣ ɧɚɡɧɚɱɚɟɬ RID-ɩɭɥɵ ɞɪɭɝɢɦ ɤɨɧɬɪɨɥɥɟɪɚɦ ɞɨɦɟɧɚ ɩɨ ɦɟɪɟ ɫɨɡɞɚɧɢɹ ɧɨɜɵɯ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ. ȿɫɥɢ ɯɨɡɹɢɧ RID ɧɟɞɨɫɬɭɩɟɧ ɜ ɬɟɱɟɧɢɟ ɞɥɢɬɟɥɶɧɨɝɨ ɩɟɪɢɨɞɚ ɜɪɟɦɟɧɢ, ɬɨ ɭ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ ɦɨɝɭɬ ɡɚɤɨɧɱɢɬɶɫɹ ɨɬɧɨɫɢɬɟɥɶɧɵɟ ɢɞɟɧɬɢɮɢɤɚɬɨɪɵ RID, ɧɟɨɛɯɨɞɢɦɵɟ ɞɥɹ ɧɚɡɧɚɱɟɧɢɹ ɢɯ ɧɨɜɵɦ ɭɱɚɫɬɧɢɤɚɦ ɛɟɡɨɩɚɫɧɨɫɬɢ. Ʉɚɠɞɵɣ ɪɚɡ, ɤɨɝɞɚ ɭ ɤɨɧɬɪɨɥɥɟɪɚ ɞɨɦɟɧɚ ɡɚɤɚɧɱɢɜɚɸɬɫɹ ɫɜɨɛɨɞɧɵɟ ɢɞɟɧɬɢɮɢɤɚɬɨɪɵ RID, ɨɧ ɡɚɩɪɚɲɢɜɚɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɩɭɥɵ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ RID ɭ ɯɨɡɹɢɧɚ RID. Ɂɚɬɟɦ ɯɨɡɹɢɧ RID ɜɵɞɚɟɬ ɞɨɩɨɥɧɢɬɟɥɶɧɵɣ ɩɭɥ, ɫɨɫɬɨɹɳɢɣ ɢɡ 512 ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ RID. ȿɫɥɢ ɯɨɡɹɢɧ RID ɧɟɞɨɫɬɭɩɟɧ, ɬɨ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ ɧɟ ɪɚɡɪɟɲɢɬ ɫɨɡɞɚɧɢɟ ɧɨɜɵɯ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ, ɩɨɤɚ ɧɟ ɩɨɥɭɱɢɬ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ ɢɞɟɧɬɢɮɢɤɚɬɨɪɵ RID ɭ ɯɨɡɹɢɧɚ RID. ɏɨɡɹɢɧ RID ɜɚɠɟɧ ɢ ɩɪɢ ɩɟɪɟɦɟɳɟɧɢɢ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ. ȼ ɷɬɨɦ ɫɥɭɱɚɟ, ɟɫɥɢ ɯɨɡɹɢɧ
RID ɧɟɞɨɫɬɭɩɟɧ, ɬɨ ɩɟɪɟɦɟɳɟɧɢɟ ɭɱɟɬɧɵɯ ɡɚɩɢɫɟɣ ɧɟɦɟɞɥɟɧɧɨ ɩɨɬɟɪɩɢɬ ɧɟɭɞɚɱɭ. ȿɫɥɢ ɜɚɲ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ, ɹɜɥɹɸɳɢɣɫɹ ɯɨɡɹɢɧɨɦ RID ɜɵɯɨɞɢɬ ɢɡ ɫɬɪɨɹ, ɜɵ ɞɨɥɠɧɵ ɪɟɲɢɬɶ, ɧɭɠɧɨ ɥɢ ɜɚɦ ɡɚɯɜɚɬɵɜɚɬɶ ɷɬɭ ɪɨɥɶ, ɩɟɪɟɞɚɜɚɹ ɟɟ ɞɪɭɝɨɦɭ ɫɟɪɜɟɪɭ. ȿɫɥɢ ɜɚɦ ɬɪɟɛɭɟɬɫɹ ɫɨɡɞɚɬɶ ɛɨɥɶɲɨɟ ɤɨɥɢɱɟɫɬɜɨ ɭɱɚɫɬɧɢɤɨɜ ɛɟɡɨɩɚɫɧɨɫɬɢ ɢɥɢ ɩɟɪɟɦɟɳɚɬɶ ɩɨɥɶɡɨɜɚɬɟɥɟɣ ɦɟɠɞɭ ɞɨɦɟɧɚɦɢ, ɩɪɟɠɞɟ ɱɟɦ ɜɨɫɫɬɚɧɨɜɢɬɫɹ ɯɨɡɹɢɧ RID, ɬɨ ɜɵ ɞɨɥɠɧɵ ɡɚɯɜɚɬɢɬɶ ɷɬɭ ɪɨɥɶ. Ʉɪɨɦɟ ɬɨɝɨ, ɟɫɥɢ ɧɟ ɩɥɚɧɢɪɭɟɬɫɹ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɨɪɢɝɢɧɚɥɶɧɨɝɨ ɯɨɡɹɢɧɚ RID, ɜɵ ɬɚɤɠɟ ɞɨɥɠɧɵ ɡɚɯɜɚɬɢɬɶ ɷɬɭ ɪɨɥɶ. ȿɫɥɢ ɜɵ ɪɟɲɢɬɟ ɡɚɯɜɚɬɢɬɶ ɪɨɥɶ ɯɨɡɹɢɧɚ RID, ɬɨ ɨɪɢɝɢɧɚɥɶɧɵɣ ɯɨɡɹɢɧ RID ɧɟ ɞɨɥɠɟɧ ɜɨɡɜɪɚɳɚɬɶɫɹ ɜ ɢɧɬɟɪɚɤɬɢɜɧɵɣ ɪɟɠɢɦ ɢɡ-ɡɚ ɩɨɬɟɧɰɢɚɥɶɧɨɣ ɜɨɡɦɨɠɧɨɫɬɢ ɜɵɞɚɱɢ ɞɭɛɥɢɪɭɸɳɢɯ ɢɞɟɧɬɢɮɢɤɚɬɨɪɨɜ ɡɚɳɢɬɵ (SID).
GC-
ɋɟɪɜɟɪɵ ɝɥɨɛɚɥɶɧɨɝɨ ɤɚɬɚɥɨɝɚ (GC) ɬɚɤɠɟ ɬɪɟɛɭɸɬ ɧɟɤɨɬɨɪɨɝɨ ɞɨɩɨɥɧɢɬɟɥɶɧɨɝɨ ɩɥɚɧɢɪɨɜɚɧɢɹ ɞɥɹ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɢɯ ɜ ɫɥɭɱɚɟ ɫɛɨɹ, ɧɟɫɦɨɬɪɹ ɧɚ ɬɨ, ɱɬɨ ɧɟɬ ɧɢɤɚɤɢɯ ɫɩɟɰɢɚɥɶɧɵɯ ɬɪɟɛɨɜɚɧɢɣ ɞɥɹ ɫɨɡɞɚɧɢɹ ɢɯ ɪɟɡɟɪɜɧɵɯ ɤɨɩɢɣ. ȿɞɢɧɫɬɜɟɧɧɚɹ ɩɪɨɛɥɟɦɚ, ɨ ɤɨɬɨɪɨɣ ɜɵ ɞɨɥɠɧɵ ɩɨɡɚɛɨɬɢɬɶɫɹ, ɫɨɫɬɨɢɬ ɜ ɬɨɦ, ɱɬɨ ɞɥɹ ɧɟɫɤɨɥɶɤɢɯ ɞɨɦɟɧɨɜ ɥɟɫɚ ɛɚɡɚ ɞɚɧɧɵɯ ɤɚɬɚɥɨɝɚ ɧɚ GC-ɫɟɪɜɟɪɟ ɛɭɞɟɬ ɡɧɚɱɢɬɟɥɶɧɨ ɛɨɥɶɲɟ, ɱɟɦ ɛɚɡɚ ɞɚɧɧɵɯ ɧɚ ɞɪɭɝɢɯ ɤɨɧɬɪɨɥɥɟɪɚɯ ɞɨɦɟɧɚ. ȿɫɥɢ ɜɵ ɪɟɲɢɬɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ GC-ɫɟɪɜɟɪ, ɜɨɫɫɬɚɧɚɜɥɢɜɚɹ ɛɚɡɭ ɞɚɧɧɵɯ ɧɚ ɤɨɧɬɪɨɥɥɟɪɟ ɞɨɦɟɧɚ, ɬɨ ɫɟɪɜɟɪ ɛɭɞɟɬ ɚɜɬɨɦɚɬɢɱɟɫɤɢ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɧ ɤɚɤ GC-ɫɟɪɜɟɪ. ȿɫɥɢ ɜɵ ɪɟɲɢɬɟ ɜɨɫɫɬɚɧɚɜɥɢɜɚɬɶ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ Active Directory, ɧɚɡɧɚɱɚɹ ɞɪɭɝɨɣ ɫɟɪɜɟɪ ɤɨɧɬɪɨɥɥɟɪɨɦ ɞɨɦɟɧɚ, ɜɵ ɞɨɥɠɧɵ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɷɬɨɬ ɫɟɪɜɟɪ ɤɚɤ GC-ɫɟɪɜɟɪ. ɇɚɥɢɱɢɟ GC-ɫɟɪɜɟɪɚ ɜ ɫɟɬɢ ɹɜɥɹɟɬɫɹ ɤɪɢɬɢɱɟɫɤɢɦ ɞɥɹ ɨɛɫɥɭɠɢɜɚɧɢɹ ɜɯɨɞɚ ɜ ɫɢɫɬɟɦɭ ɤɥɢɟɧɬɨɜ ɜ ɞɨɦɟɧɟ, ɪɚɛɨɬɚɸɳɟɦ ɧɚ ɮɭɧɤɰɢɨɧɚɥɶɧɨɦ ɭɪɨɜɧɟ Windows 2000 native (ɢɥɢ ɧɚ ɛɨɥɟɟ ɜɵɫɨɤɨɦ) ɢɥɢ ɩɪɢ ɢɫɩɨɥɶɡɨɜɚɧɢɢ ɨɫɧɨɜɧɵɯ ɢɦɟɧ ɩɨɥɶɡɨɜɚɬɟɥɹ (UPN). ɇɚɥɢɱɢɟ GC-ɫɟɪɜɟɪɚ ɤɪɢɬɢɱɧɨ, ɟɫɥɢ ɜɵ ɪɚɡɜɟɪɧɭɥɢ Microsoft Exchange Server 2000. ȼ ɷɬɨɦ ɫɥɭɱɚɟ ɜɚɦ ɩɪɢɞɟɬɫɹ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɞɨɩɨɥɧɢɬɟɥɶɧɵɟ GC-ɫɟɪɜɟɪɵ ɜ ɷɬɨɦ ɦɟɫɬɟ, ɩɨɤɚ ɧɟ ɜɨɫɫɨɡɞɚɞɢɬɟ ɨɬɤɚɡɚɜɲɢɣ ɤɨɧɬɪɨɥɥɟɪ ɞɨɦɟɧɚ. ɇɚɩɪɢɦɟɪ, ɟɫɥɢ ɜɵɣɞɟɬ ɢɡ ɫɬɪɨɹ ɟɞɢɧɫɬɜɟɧɧɵɣ GC-ɫɟɪɜɟɪ, ɪɚɫɩɨɥɨɠɟɧɧɵɣ ɜ ɫɚɣɬɟ, ɝɞɟ ɭ ɜɚɫ ɪɚɛɨɬɚɟɬ Exchange Server 2000, ɬɨ ɜɚɦ ɩɪɢɞɟɬɫɹ ɫɤɨɧɮɢɝɭɪɢɪɨɜɚɬɶ ɨɞɢɧ ɢɡ ɞɪɭɝɢɯ ɤɨɧɬɪɨɥɥɟɪɨɜ ɞɨɦɟɧɚ, ɪɚɫɩɨɥɨɠɟɧɧɵɯ ɜ ɬɨɦ ɠɟ ɫɚɣɬɟ, ɤɚɤ GC-ɫɟɪɜɟɪ, ɢ ɜɨɫɫɬɚɧɨɜɢɬɶ ɤɚɤ ɦɨɠɧɨ ɛɵɫɬɪɟɟ ɨɬɫɭɬɫɬɜɭɸɳɢɟ ɮɭɧɤɰɢɨɧɚɥɶɧɵɟ ɜɨɡɦɨɠɧɨɫɬɢ.
ɗɬɚ ɝɥɚɜɚ ɨɯɜɚɬɵɜɚɟɬ ɜɚɠɧɟɣɲɭɸ ɬɟɦɭ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɥɭɠɛɵ Active Directory ɫɟɪɜɟɪɚ Windows Server 2003 ɩɨɫɥɟ ɫɛɨɹ. ȼɨɫɫɬɚɧɨɜɥɟɧɢɟ ɩɨɫɥɟ ɫɛɨɹ — ɷɬɨ ɨɞɧɚ ɢɡ ɫɟɬɟɜɵɯ ɡɚɞɚɱ ɚɞɦɢɧɢɫɬɪɢɪɨɜɚɧɢɹ, ɫ ɤɨɬɨɪɨɣ ɜɵ ɧɚɞɟɟɬɟɫɶ ɧɢɤɨɝɞɚ ɧɟ ɫɬɚɥɤɢɜɚɬɶɫɹ. Ɉɞɧɚɤɨ, ɤɚɤ ɡɧɚɟɬ ɥɸɛɨɣ ɨɩɵɬɧɵɣ ɚɞɦɢɧɢɫɬɪɚɬɨɪ, ɫ ɜɵɫɨɤɨɣ ɫɬɟɩɟɧɶɸ ɜɟɪɨɹɬɧɨɫɬɢ ɤɨɝɞɚ-ɧɢɛɭɞɶ ɜɚɦ ɩɪɢɞɟɬɫɹ ɜɨɫɩɨɥɶɡɨɜɚɬɶɫɹ ɩɪɨɰɟɞɭɪɨɣ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ ɫɢɫɬɟɦɵ ɩɨɫɥɟ ɫɛɨɹ. ȼ ɧɚɱɚɥɟ ɷɬɨɣ ɝɥɚɜɵ ɛɵɥɢ ɨɛɫɭɠɞɟɧɵ ɨɫɧɨɜɧɵɟ ɷɥɟɦɟɧɬɵ ɞɚɧɧɵɯ ɜ Active Directory, ɡɚɬɟɦ ɦɟɬɨɞɵ ɫɨɡɞɚɧɢɹ ɪɟɡɟɪɜɧɨɣ ɤɨɩɢɢ ɫɥɭɠɛɵ ɤɚɬɚɥɨɝɚ Active Directory. Ȼɨɥɶɲɚɹ ɱɚɫɬɶ ɷɬɨɣ ɝɥɚɜɵ ɩɨɫɜɹɳɟɧɚ ɨɛɴɹɫɧɟɧɢɸ ɩɪɨɰɟɞɭɪɵ ɜɨɫɫɬɚɧɨɜɥɟɧɢɹ Active Directory ɜ ɪɚɡɧɵɯ ɪɟɠɢɦɚɯ. ɉɪɢ ɜɨɫɫɬɚɧɨɜɥɟɧɢɢ ɫɢɫɬɟɦɵ ɩɨɫɥɟ ɫɛɨɹ ɩɪɢɞɟɬɫɹ ɬɚɤɠɟ ɭɩɪɚɜɥɹɬɶ ɪɨɥɹɦɢ ɯɨɡɹɟɜ ɨɩɟɪɚɰɢɣ ɢ ɪɟɲɚɬɶ ɫɩɟɰɢɚɥɶɧɵɟ ɡɚɞɚɱɢ ɩɪɟɞɜɚɪɢɬɟɥɶɧɨɝɨ ɩɥɚɧɢɪɨɜɚɧɢɹ, ɫɜɹɡɚɧɧɵɟ ɫ ɢɯ ɜɨɫɫɬɚɧɨɜɥɟɧɢɟɦ.