70-240 in 15 minutes a week: Windows 2000 Server Networking Services Page 3

By ServerWatch Staff (Send Email)
Posted Apr 3, 2003


The account used must exist on the NetWare server, and must be a member of a group created on the NetWare server called NTGATEWAY. You must also ensure that the NTGATEWAY group has appropriate trustee rights to access resources on the NetWare server. Once the account has been set up, one or more shares must be created that access the netware server, as shown below.

In this example, when users access the share called 'netware' on the Windows 2000 server, they will actually be accessing the folder 'resources' on NetWare server NW1.


Introduction to DHCP in Windows 2000

The Dynamic Host Configuration Protocol is a core networking service offered in Windows 2000 Server used to dynamically allocate IP addresses and associated information to TCP/IP-based clients. Although the function provided by DHCP is similar to what was provided in NT 4, a number of minor changes have taken place that you should be aware of. Again, note that this section is meant as an introduction to DHCP, and is provided as a basis for the Server portion of the exam. A much more detailed explanation of the configuration of DHCP will be covered during the networking services exam portion of the series. 

The DHCP Server service is installed automatically by Windows 2000 Server, but is not configured (and may even be disabled) without further input. It can be removed or added if necessary, using the Add/Remove Windows Components option in Add/Remove Programs in Control Panel (it falls under Networking Services). Once installed, the DHCP server is configured using the DHCP MMC snap-in, which can be found under Administrative Tools. If the server running Windows 2000 is part of a workgroup or non-Windows 2000 domain, the DHCP service will be started, but you will need to manually configure scopes of addresses for the DHCP service to hand out (more on this in a bit). If DHCP is installed on a system that is part of a Windows 2000 domain, the DHCP service cannot be started until the DHCP server is authorized in Active Directory. The authorization of a DHCP server in Active Directory can only be done by a member of the Enterprise Admins group. This is meant to be used as a control mechanism in order to alleviate the problems caused by people (such as other administrators) installing rogue DHCP servers which end up having an impact on the configuration of a TCP/IP-based network (since a client receives an IP address from the first server that responds to its request). In a Windows 2000 Active Directory domain, only authorized Windows 2000 DHCP servers can hand out IP addresses. Note that this only works in conjunction with Windows 2000. A Windows NT 4 DHCP server can (and will) still hand out addresses, and will not be impacted by authorization. However, if another administrator tried to install a Windows 2000 DHCP server and start the service without it being authorized, the server would query AD, and then not start the service since it would find it is not authorized on the network. Note that an unauthorized DHCP server appears in the DHCP tool with a downwards-pointing red arrow (which can also mean that the service is not started, or a scope is not configured), as shown below:

In order to authorize a DHCP server, right-click on the server and choose Authorize. To manage authorized DHCP servers (including adding or removing authorized servers), right click the DHCP icon, and choose Manage Authorized Servers, as shown below:

Note that a DHCP server still doesn't do anything until you configure a scope, the set of configuration settings that will be handed out to a group of clients. Like many things in Windows 2000, the scope creation process is handled via a wizard. In order to create a scope, right-click on the DHCP server and choose New Scope. The wizard will walk you through the entire process, including the configuration of a valid range of IP addresses, subnet mask, and options such as a default gateway (Router), DNS Servers to be used, and so forth. After the scope is configured, it still needs to be activated (right-click and choose Activate). The properties of the scope will be displayed categorized according to address pool, active leases, reservations, and scope options included, as shown below (scope options highlighted):

Note that after the server is authorized and a scope is configured, the arrow on the server icon above has changed to green and now points upwards. A few additional notes about scopes under Windows 2000:

- scopes can be aggregated or combined in order to create Superscopes. This would allow you to hand out IP addresses in non-contiguous ranges to hosts on a given subnet if necessary. 
- If you want to change the subnet mask value associated with a scope, you'll need to delete and recreate the scope.
- The default lease time for addresses in a scope is 8 days. This is different that the NT 4 default of 72 hours, but can be changed to meet the needs of your environment.
- Ranges of IP addresses should be present only in a single scope. Since DHCP servers do not coordinate with one another, if two servers both have the same range of addresses in their scopes, duplicate IP addresses could be handed out on the network. Also be sure to exclude any statically-assigned IP addresses from scopes.
- In order to create fault-tolerant scopes, configure 2 (or more) DHCP servers, and split the range of addresses in each scope between them. In this configuration if one server fails, the other will still be capable of handing out valid IP addresses to clients. 
- Options can be handed out at 4 different levels: Server (which impact all scopes), Scope (which impact only that scope), Client (set on a client reservation), and Class (for computers that fall into a defined class grouping). More on this later in the series, just be aware of the levels at which options can be assigned for now.



Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.