Windows Server 2003 best practices for enterprise deployments 1st Edition Danielle Ruest

Windows Server 2003 best practices for
enterprise deployments 1st Edition Danielle
Ruest download
https://ebookgate.com/product/windows-server-2003-best-practices-
for-enterprise-deployments-1st-edition-danielle-ruest/
Get Instant Ebook Downloads – Browse at https://ebookgate.com

Get Your Digital Files Instantly: PDF, ePub, MOBI and More
Quick Digital Downloads: PDF, ePub, MOBI and Other Formats
Programming Windows Server 2003 Robert Hill Foster
https://ebookgate.com/product/programming-windows-
server-2003-robert-hill-foster/
Mastering Windows Server 2003 1st edition Edition Mark
Minasi
https://ebookgate.com/product/mastering-windows-server-2003-1st-
edition-edition-mark-minasi/
Java Enterprise Best Practices 1st Edition Robert
Eckstein
https://ebookgate.com/product/java-enterprise-best-practices-1st-
edition-robert-eckstein/
MCTS Self Paced Training Kit Exam 70 652 Configuring
Windows Server Virtualization Nelson Ruest
https://ebookgate.com/product/mcts-self-paced-training-kit-
exam-70-652-configuring-windows-server-virtualization-nelson-
ruest/

Mastering Active Directory for Windows Server 2003 3rd
ed Edition Robert R. King
https://ebookgate.com/product/mastering-active-directory-for-
windows-server-2003-3rd-ed-edition-robert-r-king/
The Enterprise Cloud Best Practices for Transforming
Legacy IT 1st Edition James Bond
https://ebookgate.com/product/the-enterprise-cloud-best-
practices-for-transforming-legacy-it-1st-edition-james-bond/
Windows Server 2003 bible R2 and SP1 edition Jeffrey R.
Shapiro
https://ebookgate.com/product/windows-server-2003-bible-r2-and-
sp1-edition-jeffrey-r-shapiro/
Microsoft Windows Server 2003 Administrator s Companion
2nd Edition Charlie Russel
https://ebookgate.com/product/microsoft-windows-
server-2003-administrator-s-companion-2nd-edition-charlie-russel/
Planning Implementing and Maintaining a Windows Server
2003 Environment for an MCSE Certified on Windows 2000
Study Guide 1st Edition Syngress
https://ebookgate.com/product/planning-implementing-and-
maintaining-a-windows-server-2003-environment-for-an-mcse-
certified-on-windows-2000-study-guide-1st-edition-syngress/

Windows
®
Server 2003
Best Practices
for Enterprise Deployments

About the Authors
Danielle Ruest is a workflow architect and process consultant focused on people
and organizational issues for large IT deployment projects. During her 22-year
career, she has led change-management processes, developed and delivered
training, and managed communications programs during process-implementation
projects. Danielle is the co-author of numerous articles and presentations as well
as Preparing for .NET Enterprise Technologies, a book on mastering change in
the enterprise.
Nelson Ruest is an enterprise architect specializing in infrastructure design.
He is a Microsoft Certified Systems Engineer and Microsoft Certified Trainer.
The goal of his 22-year career has been to assist organizations in mastering the
technologies they depend upon. He is also a frequent guest speaker at Comdex
and other conferences in North America. Nelson is the co-author of numerous
articles as well as Preparing for .NET Enterprise Technologies.
Both work for Resolutions Enterprises (http://www.Reso-Net.com/),
a Canadian consulting firm that provides services in the architectural and
project management fields.
About the Technical Editor
Stephane Asselin has been involved with information technology for the
past 11 years, with a majority of his time focused on hardware and networking
configurations. He has done infrastructure assessment and host hardening on
Microsoft technologies for five years. He is a Certified Information Systems
Security Professional (CISSP) and a Microsoft Certified Systems Engineer (MCSE).
More recently, he has been involved in supportability reviews for government
agencies to help them prepare for their Windows Server 2003 migration. He is
currently a senior technical account manager for Microsoft Corporation.

Windows
®
Server 2003
Best Practices
for Enterprise Deployments
Danielle Ruest
Nelson Ruest
McGraw-Hill/Osborne
New York / Chicago / San Francisco
Lisbon / London / Madrid / Mexico City / Milan
New Delhi / San Juan / Seoul / Singapore / Sydney / Toronto

McGraw-Hill/Osborne
2100 Powell Street, Floor 10
Emeryville, California 94608
U.S.A.
To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact
McGraw-Hill/Osborne at the above address. For information on translations or book distributors outside the
U.S.A., please see the International Contact Information page immediately following the index of this book.
Windows®
Server 2003: Best Practices for Enterprise Deployments
Copyright © 2003 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America.
Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed
in any form or by any means, or stored in a database or retrieval system, without the prior written permission
of publisher, with the exception that the program listings may be entered, stored, and executed in a computer
system, but they may not be reproduced for publication.
1234567890 CUS CUS 019876543
ISBN 0-07-222343-X
Publisher Brandon A. Nordin
Vice President &
Associate Publisher Scott Rogers
Acquisitions Editor Franny Kelly
Project Editor Patty Mon
Acquisitions Coordinators Emma Acker
Martin Przybyla
Technical Editor Stephane Asselin
Copy Editor Lunaea Weatherstone
Indexer Karin Arrigoni
Computer Designers Carie Abrew, Lucie Ericksen
Illustrators Melinda Moore Lytle, Michael Mueller,
Danielle Ruest, Lyssa Wald
Series Design Roberta Steele
Cover Series Design Jeff Weeks
This book was composed with Corel VENTURA™ Publisher.
Information has been obtained by McGraw-Hill/Osborne from sources believed to be reliable. However, because of the possibility of human
or mechanical error by our sources, McGraw-Hill/Osborne, or others, McGraw-Hill/Osborne does not guarantee the accuracy, adequacy, or
completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.

If there is one thing we have learned in our 22 years of
experience, it is that even if technology is constantly changing,
one thing remains the same: we must always take the time to
master a technology before implementing it. But, even before that,
we must fully comprehend our needs. The best way to achieve
this is to work as a team. Including personnel from all areas of
the enterprise can only make a better product in the end.
Thus we dedicate this book to you, the reader, in hopes that
it will help you achieve this goal.

This page intentionally left blank

Contents at a Glance
Chapter 1 Planning for Windows Server 2003 . . . . . . . . . . . . . . . . . . . . 1
Chapter 2 Preparing for Massive Installations of Windows Server 2003 . . . . . . . 36
Chapter 3 Designing the Active Directory . . . . . . . . . . . . . . . . . . . . . . . 78
Chapter 4 Designing the Enterprise Network IP Infrastructure . . . . . . . . . . . . . 140
Chapter 5 Building the PC Organizational Unit Infrastructure . . . . . . . . . . . . . 198
Chapter 6 Preparing the User Organizational Unit Infrastructure . . . . . . . . . . . 244
Chapter 7 Designing the Network Services Infrastructure . . . . . . . . . . . . . . . 286
Chapter 8 Managing Enterprise Security . . . . . . . . . . . . . . . . . . . . . . . 348
Chapter 9 Creating a Resilient Infrastructure . . . . . . . . . . . . . . . . . . . . . 408
Chapter 10 Putting the Enterprise Network into Production . . . . . . . . . . . . . . 446
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
vii

Contents
Preface, xix
Acknowledgments, xxi
Introduction, xxiii
Chapter 1 Planning for Windows Server 2003 . . . . . . . . . . . . . . . . . . . . . . 1
Windows Server 2003 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Building the Foundation of the Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
The Server Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
The Service Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
A New Model for Server Construction and Management . . . . . . . . . . . . . . . . . . . . 8
The Benefits of the PASS Model . . . . . . . . . . . . . . . . . . . . . . . . . . 11
A Structured Approach: Using Standard Operating Procedures . . . . . . . . . . . . . . . . . 12
SOP Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Enterprise Network Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Building on Windows 2000: The WS03 Model . . . . . . . . . . . . . . . . . . . . . . . . . 15
Product Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
The Windows Server Enterprise Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Designing the Enterprise Network Architecture . . . . . . . . . . . . . . . . . . . . . . . . 19
The Architectural Design Process . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Performing a Situation Review and Needs Analysis . . . . . . . . . . . . . . . . . 22
The Changing Role of Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Consolidating Servers with Windows Server 2003 . . . . . . . . . . . . . . . . . 23
Using the PASS Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Migration Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
ix

Upgrade versus Clean Installation . . . . . . . . . . . . . . . . . . . . . . . . . 28
Using the Technological Lab as a Testing Ground . . . . . . . . . . . . . . . . . . 29
Moving On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Best Practice Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Chapter Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Chapter 2 Preparing for Massive Installations of Windows Server 2003 . . . . . . 36
Choosing the Migration Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Choosing What to Migrate First . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Detailed Inventories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Licensing Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Installing and Configuring Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Preparing for Massive Installations . . . . . . . . . . . . . . . . . . . . . . . . 47
Using Installation Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
The Installation Preparation Checklist . . . . . . . . . . . . . . . . . . . . . . . 54
Documenting Server Installations . . . . . . . . . . . . . . . . . . . . . . . . . 54
The Post-Installation Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Massive Installation Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
The Initial Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Customizing Your Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Choosing the Massive Installation Method . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Scripting Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Disk Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Remote Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Putting the Server in Place . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Chapter Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Chapter 3 Designing the Active Directory . . . . . . . . . . . . . . . . . . . . . 78
Introducing Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
New Features for Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . 83
The Nature of Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
x W i n d o w s S e r v e r 2 0 0 3 : B e s t P r a c t i c e s f o r E n t e r p r i s e D e p l o y m e n t s

Designing the Solution: Using the Active Directory Blueprint . . . . . . . . . . . . . . . . . . 87
AD Partitioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
AD Service Positioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Implementation Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Putting the Blueprint into Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Forest/Tree/Domain Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Forest Design Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Production Forest Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Domain Strategy Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Other Forest Domain Designs . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Forest Design Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Designing the Naming Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Naming Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Designing the Production Domain OU Structure . . . . . . . . . . . . . . . . . . . . . . . . 104
The OU Design Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
The PCs Object OU Structure Design . . . . . . . . . . . . . . . . . . . . . . . . 107
The Services Object OU Structure Design . . . . . . . . . . . . . . . . . . . . . . 107
The People Object OU Structure Design . . . . . . . . . . . . . . . . . . . . . . 108
Replicating the OU Structure to Other Domains . . . . . . . . . . . . . . . . . . 109
Production OU Design Best Practices . . . . . . . . . . . . . . . . . . . . . . . . 109
AD and Other Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Microsoft MetaDirectory Services . . . . . . . . . . . . . . . . . . . . . . . . . 113
Integrated Applications for NOS Directories . . . . . . . . . . . . . . . . . . . . 114
AD Integration Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Service Positioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Operation Masters Positioning . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Global Catalog Server Positioning . . . . . . . . . . . . . . . . . . . . . . . . . 118
Domain Controller Positioning . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
DNS Server Positioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Service Positioning Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . 120
Server Positioning Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Site Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Site Topology Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
C o n t e n t s x i

Creating Site Link Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Best Practices for Site Topology Design . . . . . . . . . . . . . . . . . . . . . . . 130
T&T Corporation’s Site Topology Scenario . . . . . . . . . . . . . . . . . . . . . 130
Schema Modification Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Schema Modification Strategy Best Practices . . . . . . . . . . . . . . . . . . . . 135
AD Implementation Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
The Ongoing AD Design Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Chapter Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Chapter 4 Designing the Enterprise Network IP Infrastructure . . . . . . . . . . . 140
TCP/IP in Windows Server 2003 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
New IP Features in WS03 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Implementing a New Enterprise Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Preparing the Parallel Network . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Creating the Production Active Directory . . . . . . . . . . . . . . . . . . . . . . 152
Forest Staging Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Installing the First Server in a Forest . . . . . . . . . . . . . . . . . . . . . . . . 154
Creation of the Second DC in the Forest Root Domain . . . . . . . . . . . . . . . 167
Creation of the First DC in the Global Child Production Domain . . . . . . . . . . . 171
Creating the Second DC in the Global Child Production Domain . . . . . . . . . . . 173
Connecting the Enterprise Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Network Infrastructure Staging Activities . . . . . . . . . . . . . . . . . . . . . . 176
Server Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . 176
Configuring the First Network Infrastructure Server . . . . . . . . . . . . . . . . 177
Configuring the Second Network Infrastructure Server . . . . . . . . . . . . . . . 185
Moving Servers and Configuring Domain Replication . . . . . . . . . . . . . . . . 185
Upgrading Active Directory from Windows 2000 to WS03 . . . . . . . . . . . . . . . . . . . 189
The Upgrade Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Ongoing Forest Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Chapter Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
x i i W i n d o w s S e r v e r 2 0 0 3 : B e s t P r a c t i c e s f o r E n t e r p r i s e D e p l o y m e n t s

Chapter 5 Building the PC Organizational Unit Infrastructure . . . . . . . . . . . . 198
Managing Objects with Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Group Policy Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Group Policy Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
GPO Inheritance (and Blocking) . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Policy Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Policy Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
Fast Logon Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Policy Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Designing a GPO Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
GPO Application and Processing Speed . . . . . . . . . . . . . . . . . . . . . . . 212
Creating an OU Design for PC Management Purposes . . . . . . . . . . . . . . . . . . . . . 214
Centralized PC Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Decentralized PC Administration . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Designing for Delegation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
Delegation in Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Designing a Delegation Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Enterprise PC Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Software Installations with WS03 . . . . . . . . . . . . . . . . . . . . . . . . . 226
Enterprise Software Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Software Delivery in the Enterprise . . . . . . . . . . . . . . . . . . . . . . . . 229
Completing the OU Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Putting the PCs OU Infrastructure in Place . . . . . . . . . . . . . . . . . . . . . 235
Using the Group Policy Management Console . . . . . . . . . . . . . . . . . . . . . . . . . 239
Chapter Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Chapter 6 Preparing the User Organizational Unit Infrastructure . . . . . . . . . . 244
Managing User Objects with Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . 245
The Active Directory User Object . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Using Template Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Massive User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
C o n t e n t s x i i i

Managing and Administering Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
WS03 Groups Types and Group Scopes . . . . . . . . . . . . . . . . . . . . . . . 258
Best Practices for Group Management/Creation . . . . . . . . . . . . . . . . . . 260
Creating an OU Design for User Management Purposes . . . . . . . . . . . . . . . . . . . . 266
The People OU Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
User-Related GPO Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Completing the People OU Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Putting the People OU Infrastructure in Place . . . . . . . . . . . . . . . . . . . 280
Chapter Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Chapter 7 Designing the Network Services Infrastructure . . . . . . . . . . . . . 286
Preparing File and Print Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Sharing Files and Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Expanding Disks for File Storage . . . . . . . . . . . . . . . . . . . . . . . . . 289
Disk Structure Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
Creating the File Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Creating the Folder Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
Enabling File Server Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 298
Sharing Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Publishing Shares in Active Directory . . . . . . . . . . . . . . . . . . . . . . . 302
Finding a Share in AD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Managing Folder Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Distributed Link Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Working with the Distributed File System . . . . . . . . . . . . . . . . . . . . . 306
Sharing Printing Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
WS03 Printer Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Integration with Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . 314
Managing Printer Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Internet Printing Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
Establishing a Shared Printer Policy . . . . . . . . . . . . . . . . . . . . . . . . 317
Creating the Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
x i v W i n d o w s S e r v e r 2 0 0 3 : B e s t P r a c t i c e s f o r E n t e r p r i s e D e p l o y m e n t s

Sharing Files and Printers for Non-Windows Clients . . . . . . . . . . . . . . . . . . . . . . 323
Macintosh Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
UNIX Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Preparing Application Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Sharing Applications: Commercial and Corporate . . . . . . . . . . . . . . . . . . 324
Preparing Terminal Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Sharing Applications: Terminal Services . . . . . . . . . . . . . . . . . . . . . . 329
Collaboration Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Additional Network Infrastructure Server Functions . . . . . . . . . . . . . . . . . . . . . . 337
Preparing Remote Installation Services Servers . . . . . . . . . . . . . . . . . . 337
Server System Requirements by Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Designing the Services OU Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Considerations for the Migration of Services to the Parallel Network . . . . . . . . . . . . . . 343
Chapter Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Chapter 8 Managing Enterprise Security . . . . . . . . . . . . . . . . . . . . . 348
Security Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Designing a Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
The Castle Defense System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
The Security Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
The Microsoft Security Operations Guide . . . . . . . . . . . . . . . . . . . . . . 356
Windows Server 2003 Security . . . . . . . . . . . . . . . . . . . . . . . . . . 357
Applying the Castle Defense System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Level 1: Critical Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Level 2: Physical Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Level 3: Operating System Hardening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
System Security Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
Security Template Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Antivirus Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
General Active Directory Security . . . . . . . . . . . . . . . . . . . . . . . . . 375
File System Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
C o n t e n t s x v

Print System Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
.NET Framework Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Internet Information Server 6.0 . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Final Operating System Hardening Activities . . . . . . . . . . . . . . . . . . . . 386
Level 4: Information Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Smart Card Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
Securing User Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Managing Trusts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Web Server Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
.NET Framework Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Access Audition and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Level 5: External Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Designing an Internal Public Key Infrastructure . . . . . . . . . . . . . . . . . . 400
Managing the Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Chapter Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
Chapter 9 Creating a Resilient Infrastructure . . . . . . . . . . . . . . . . . . . 408
Planning for System Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Preparing for Potential Disasters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411
Using WS03 Clustering Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Network Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Multiple-Node Server Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
Server Consolidation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
Consolidation Through Server Baselining . . . . . . . . . . . . . . . . . . . . . . 426
Planning for System Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
Recovery Planning for the Enterprise Network . . . . . . . . . . . . . . . . . . . 428
Data Protection Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Finalizing Your Resiliency Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Chapter Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
x v i W i n d o w s S e r v e r 2 0 0 3 : B e s t P r a c t i c e s f o r E n t e r p r i s e D e p l o y m e n t s

Chapter 10 Putting the Enterprise Network into Production . . . . . . . . . . . . . 446
Migrating Data, Users, and PCs to the Parallel Network . . . . . . . . . . . . . . . . . . . . 447
Using the Active Directory Migration Tool . . . . . . . . . . . . . . . . . . . . . 450
Transferring Networked User Data . . . . . . . . . . . . . . . . . . . . . . . . . 454
Decommissioning the Legacy Network . . . . . . . . . . . . . . . . . . . . . . . 457
Revising the IT Role Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
New and Revised AD IT Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . 458
Designing the Services Administration Plan . . . . . . . . . . . . . . . . . . . . 460
WS03 Administrative Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Final Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
Chapter Roadmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
C o n t e n t s x v i i

Preface
Windows Server 2003 is a graphical environment. As such, many of its operations are wizard-
based. We recommend you use the wizard interface even though there may be command-line
equivalents. The reason for this is because a wizard enforces best practices and standard operating
procedures automatically. The wizard always uses the same steps and always provides the ability to
review your actions before they are implemented.
This does not mean that you need to dally on screens that only provide information. Read them
at least once and when you’re familiar with their content, move on to the screens where you need to
perform actions.
We cannot emphasize standard operating procedures enough. An enterprise network simply cannot
be built on ad hoc procedures. This is one of the reasons for this book. It provides best practices and
standard procedures for building an enterprise network with Windows Server 2003. We hope you find
it useful.
Comments can be sent to WindowsServer@Reso-Net.com.
xix

Acknowledgments
We would like to thank all of the people who helped make this book a reality, especially
Stephane Asselin of Microsoft Premier Support, our technical reviewer. Thanks for all of
your constructive ideas. We would also like to thank Charles Gratton of Hewlett-Packard Canada for
giving so much of his personal time and dedication to let us test Windows Server 2003 on various
hardware configurations.
Thanks also to Microsoft’s development and marketing team for Windows Server 2003 for all of
their help in finding the right solution when issues arose. Specifically, we’d like to thank Jan Shanahan,
Jill Zoeller, Jenna Miller, Jackson Shaw, Kamal Janardhan, and B.J. Whalen.
Thanks to VMware Corporation for providing us with the software required to create our entire
technical laboratory. Thanks also to all of the other manufacturers that provided us with pre-release
software tools so that we could cover enterprise needs as much as possible. You’ll find yourselves
within the book.
Finally, thanks to McGraw-Hill/Osborne for all their patience and dedication in helping us make
this a better book. Franny, it was fun to be part of your team.
xxi

Introduction
Building an enterprise network is no small task. Worse, it seems you have to start over every
time the server operating system changes. This book provides a structured approach that lets
you create a brand new enterprise network that is built on the best features of Microsoft’s new operating
system (OS), Windows Server 2003. This network is built in a parallel environment that does not
affect your current production network. Then, when you’re ready to make the migration, it outlines
how to take security principals, documents, data, and applications and move them from your legacy
network to the new, parallel environment. This way, you can immediately begin to profit from the
best of this powerful OS.
To achieve this goal, the book is divided into ten chapters, each building on the concepts of the
previous chapters to finally cover all of the elements required to build your new network. The core
concept of this book is its focus on enterprise features—only those features that are relevant to an
enterprise environment. Microsoft used a similar approach when they decided to remove such features
as Universal Plug and Play and scanner drivers from the OS because they are not server features and
are not relevant in an enterprise. Similarly, this book discards the features that are not intended for
the enterprise from Windows Server 2003’s more than 400 new features and improvements.
Each chapter includes both discussion points and step-by-step implementations. Each chapter is
chock full of best practices, checklists, and processes. In addition, each chapter ends with a Chapter
Roadmap—a graphical illustration of the elements covered in the chapter, relevant figures, and tools
found on the companion Web site (http://www.Reso-Net.com/WindowsServer/). The chapters are
divided into the following topics:
• Chapter 1: Planning for Windows Server 2003 gives an overview of the processes you need
to prepare your migration to the new OS. It discusses the various elements you must have on
hand before you proceed.
xxiii

• Chapter 2: Preparing for Massive Installations of Windows Server 2003 identifies the
four supported installation methods for Windows Server 2003 and helps you choose the most
appropriate massive installation method for your organization.
• Chapter 3: Designing the Active Directory reviews all of the requirements of an Active
Directory and outlines the steps required to build it. It uses different scenarios to help you
understand the most complex concepts of this powerful enterprise network feature.
• Chapter 4: Designing the Enterprise Network IP Infrastructure focuses on TCP/IP, the
core communication protocol of the enterprise network. Then it begins the parallel network
installation.
• Chapter 5: Building the PC Organizational Unit Infrastructure looks at the elements you
need to put in place to manage PCs with Active Directory. It begins the discussion on Group
Policy, a discussion that will not end until Chapter 8.
• Chapter 6: Preparing the User Organizational Unit Infrastructure examines how to
manage user objects through Active Directory. It includes an extensive discussion of the
use of groups within an enterprise network.
• Chapter 7: Designing the Network Services Infrastructure covers the services the network
is to deliver to users. It outlines how these services should be built and identifies how they
should be implemented.
• Chapter 8: Managing Enterprise Security focuses on one element and one element only:
security. It introduces a new system, the Castle Defense System, which can be used to simplify
security policy design and implementation.
• Chapter 9: Creating a Resilient Infrastructure is concentrated on making sure your services
are always available. As such, it covers both redundancy and disaster recovery.
• Chapter 10: Putting the Enterprise Network into Production tells you how to migrate users
from your legacy network to the new, parallel environment you created. In addition, it begins a
discussion of the new and revamped IT roles you will require now that you are running a
network through Active Directory.
Migrating to a new server OS is not a task that should be taken lightly. This is why you should
make sure your project team includes all of the right players. These should focus on at least two
groups: the first will work at the elaboration of the network architecture and the second will focus
on the preparation of installation procedures and perform the installation itself. The technical
project team should include architects, system administrators, installers, user representatives, support
personnel, developers, and project managers. You should make sure you involve your current
administrative and operational staff in this project. This will help you recover the best of the existing
network and help them learn more about the new operating system they will soon be using.
x x i v W i n d o w s S e r v e r 2 0 0 3 : B e s t P r a c t i c e s f o r E n t e r p r i s e D e p l o y m e n t s

In addition, you need to make sure that you involve the right stakeholders in your project. Not
having the right stakeholders can be as disastrous as not making the right technical decisions.
Finally, managing a project of this magnitude can be complex and can give you the impression
it is never-ending unless you structure it properly. Thus, each chapter has been designed to help you
structure the technical activities needed to perform the migration. This does not mean that every
chapter needs to be addressed in a sequential order. Though this is possible and even appropriate
in some cases, in very large organizations it would improperly stretch the project timeline. Some
chapters require the participation of your entire technical project team, but others do not because they
are focused on specific areas of technical expertise. Figure 1 illustrates a sample timeline distribution
for the activities found in each chapter. It lets you divide the technical project team into appropriate
I n t r o d u c t i o n x x v
Figure 1 The Windows Server 2003 Migration Timeline

subgroups to shorten the overall project timeline while still achieving your goal: doing the best
implementation you can so that all can profit from an improved networking environment.
The Companion Web Site
This book is powered by a companion Web site: http://www.Reso-Net.com/WindowsServer/.
It lists dozens of job aids, forms, checklists, blueprints, spreadsheets, and other tools that are designed
to help you in your network migration. All are readily available to everyone. These tools are listed on
a per chapter basis to help you locate them more easily. Make sure you connect and download these
items; they will definitely simplify your migration project.
x x v i W i n d o w s S e r v e r 2 0 0 3 : B e s t P r a c t i c e s f o r E n t e r p r i s e D e p l o y m e n t s

CHAPTER 1
Planning for Windows
Server 2003
IN THIS CHAPTER
Windows Server 2003 2
Building the Foundation of the Network 3
A New Model for Server Construction and Management 8
A Structured Approach: Using Standard Operating Procedures 12
Enterprise Network Architectures 14
Building on Windows 2000: The WS03 Model 15
The Windows Server Enterprise Architecture 18
Designing the Enterprise Network Architecture 19
Moving On 32
Best Practice Summary 33
Chapter Roadmap 33

1
Preparing the enterprise network is a complex process, even more so now that Windows is in
its second post-NT edition. With Windows NT, decisions were relatively simple because the
choices were limited. But with Windows Server 2003 (WS03), this is no longer the case.
It’s not surprising since the network has evolved today from being a loosely coupled series of servers
and computers to being an integrated infrastructure providing and supporting the organization’s
mission. This evolutionary process is not unlike that of the telephone. At first, telephone systems
were loosely coupled. Today, worldwide telecommunications systems are much more complex
and complete.
Similarly, networks are now mission-critical. The enterprise network, in fact, has become a
secure, stable, redundant infrastructure that is completely oriented toward the delivery of information
technology services to the enterprise. These services can range from simple file and print systems
to complex authentication systems, storage area networks, or application services. In addition, these
services can be made available to two communities of users—internal users over whom you have
complete control of the PC, and external users over whom you have little or no control.
That’s why moving or migrating to Windows Server 2003 is much more of a network infrastructure
design project than one dealing simply with upgrading to a new technology. Each time you change
a technology that is as critical as the operating system (OS) of your network, it is important, if not
essential, to review corporate needs and requirements, review the features and capabilities of the
new OS, design a comprehensive architecture and implementation plan, then move on to the actual
implementation. In addition, aligning a project of this magnitude with the business strategies of the
organization will make the transition more easily accepted and more profitable for the enterprise.
Too many organizations cannot fully profit from the benefits of an enterprise network because they
have never taken the time to perform each of these steps. As a result, they don’t benefit from the
maximum potential or performance of their network.
In fact, planning and preparing for the implementation of Windows Server 2003 should be 80
percent planning, preparing, and testing, and 20 percent implementing. This applies whether your
enterprise has one or one million users. It’s just a matter of degree of importance. If your enterprise is
an enterprise of one, you’ll still want to take the time to prepare properly, but you probably won’t take
the time to invest in automating procedures. You’ll still want standard operating procedures, but you
probably won’t involve a series of technicians and architects to validate them. You’ll still want to
design based on architectural models, but you won’t take the time to design them yourself.

2 W i n d o w s S e r v e r 2 0 0 3 : B e s t P r a c t i c e s f o r E n t e r p r i s e D e p l o y m e n t s
Building an enterprise network with Windows Server 2003 consists of designing the network
architecture and its implementation procedure while identifying opportunities for and using standard
operating procedures. The enterprise network infrastructure is thus divided into service delivery areas
that must be supported by a structure for network administration and management. For each aspect
of this infrastructure, it is essential to have a complete understanding of the features that Windows
Server 2003 offers in this area. It is also important to identify which of these features offer the best
cost/benefit scenario for the enterprise.
For example, very few enterprises using Windows today can live without Active Directory. For
organizations of all sizes, it is always better to take the time to centralize all authentication and
authorization services than to keep them distributed through the use of workgroups because if a
change is required, you only have to make it in one central place. Thus, the organization that requires
an enterprise-level network infrastructure will not invest in workgroups, they will invest directly into
Active Directory, bypassing workgroups altogether. This enterprise-level approach is the one that
will be used throughout the elaboration of the Enterprise Architecture for Windows Server 2003.
Windows Server 2003
As the 22nd edition of Windows, this version is designed specifically for servers. It is a successor
to Windows 2000 Server and uses the same core code as its predecessor. In this case, Microsoft
did not perform a complete rewrite of the Windows 2000 code (as was done with the Windows NT
code when Windows 2000 was designed). This means that WS03 is a natural evolution from
Windows 2000. Several of the new features of WS03 are simply improvements over their Windows 2000
counterparts.
If you are experienced with Windows 2000, you will find it easier to move to WS03. If you are
coming from another operating system or even from Windows NT, you’ll have to begin by mastering
the basic concepts of this new Windows platform. There are four versions of Windows Server 2003:
• Windows Server 2003, Standard Edition (WSS) Supports four-way symmetric
multiprocessing and up to 4 gigabytes (GB) of memory. Aimed at file and printer sharing,
Internet connectivity, small-scale application deployment, and collaboration.
• Windows Server 2003, Enterprise Edition (WSE) Supports either 32- or 64-bit
processing—it offers native support for the Intel Itanium processor, up to eight processors
and 32 GB of memory in 32-bit mode and 64 GB of memory in 64-bit mode. Also supports
eight-node clustering. Aimed at infrastructure support, as well as application and Web
services support.
• Windows Server 2003, Datacenter Edition (WSD) Supports either 32- or 64-bit processing,
up to 64-way symmetric multiprocessing on custom hardware. Supports 64 GB of memory in
32-bit mode and 512 GB of memory in 64-bit mode. Can also support eight-node clusters.
WSD is available only with the purchase of a WSD-compatible system from an original

C h a p t e r 1 : P l a n n i n g f o r W i n d o w s S e r v e r 2 0 0 3 3
equipment manufacturer. Aimed at business-critical and mission-critical applications
demanding the highest level of scalability and availability. The list of approved manufacturers
is available at http://www.microsoft.com/windows2000/datacenter/howtobuy/purchasing/
oems.asp.
• Windows Server 2003, Web Edition (WSW) A new edition of the Windows server
operating system, WSW is focused on providing a trimmed-down and secure Web server
supporting ASP.NET and the .NET Framework for Web services. Supports two-way
multiprocessing and up to 2 GB of memory in 32-bit processing mode only.
While Windows 2000 offered more than 200 new features over Windows NT, WS03 offers more
than 400 improvements on Windows 2000. Improvements have been made in a wide range of categories,
including security, management, file storage, printing, server sizing, administration, even Active
Directory. One of the major advantages of WS03 will be server consolidation. It is designed to help
organizations do more with less. For example, Microsoft has tested WS03 clusters supporting more
than 3,000 printer queues and both the Enterprise Edition and Datacenter Server have proven that the
Windows platform can perform along with the best on the market in terms of processing power (see
http://www.tpc.org for more information).
The .NET Framework is a core part of
WS03. Deployment of the enterprise XML
Web services on Windows Server 2003
includes configuration and administration
of the underlying .NET Framework as
well as installation, configuration, and
administration of supporting UDDI services.
Building the Foundation of the Network
The server operating system is the core of the Enterprise Network. When looking to replace this
operating system, it is important to ensure that every aspect of the services that the network will
provide has been covered. The best way to do this is to use the “lifecycle” approach. Two lifecycles
are important here:
• Server lifecycle The cycle an individual server undergoes when it is introduced into the
network.
• Service lifecycle The cycle services must undergo from the moment they are first introduced
into the network until their retirement.
The server lifecycle, especially, will let you design the basic structure of all servers. This will form
the basis for the server construction model. The service lifecycle will help you identify the different
services required within your network. Once these are identified and prepared, you can then focus on
network stability. Since many operations within the network are performed by a variety of personnel,
QUICK TIP
If you are new to .NET, an article demystifying
Microsoft’s .NET initiative can be found at
http://www.Reso-Net.com/WindowsServer/.

network stability is greatly enhanced by the use of standard operating procedures (SOPs). It ensures
that best practices are always used to perform operations.
The Server Lifecycle
As mentioned previously, building a network is 80 percent planning and preparation and 20 percent
implementation. The process of building servers is the same. Servers are designed to meet specific
requirements within your network. More will be discussed on this topic later, but for now, it is
sufficient to say that, like all network components, servers have a lifecycle within the enterprise
network. It begins with the Purchasing Process, then moves on to the IT Management Process to end
with its Retirement from service.
The Purchasing Process covers purchase planning, requisition, and procurement. In this process,
the enterprise should focus on several factors such as volume purchasing of servers, requests for
proposal, minimum requirements for server hardware, hardware provider add-ons, and growth
strategy. These processes can be supported by functionality and reliability testing of hardware and
applications in the network environment. For this process to be a success, the purchasing department
and IT must cooperate and work closely together.
One of the driving factors of this process is the volume buying approach. Servers, like PCs, should
always be bought in lots. They should never be bought piecemeal. The main objective of this process
in an enterprise network is to reduce diversity as much as possible. When servers are bought in lots,
you can expect the manufacturer to ship machines that are configured as identically as possible. In
this way, you can simplify and standardize the server building and maintenance process. More and
more organizations are even moving to partnerships with server manufacturers to further decrease
diversity within their server hardware families.
Once the Purchasing Process is complete, the server lifecycle moves on to the IT Management
Process. Here IT personnel become responsible and take ownership of the server until its retirement.
The process begins with the reception of the server and its entry into the corporate inventory database.
This should include information such as purchase date, receipt date, purchase lot, warranty, and
service contracts, among other items. Next begins the server construction. Here servers go through
the staging process. At this point, only generic software elements are loaded onto the server. These
would include the operating system, anti-virus software, management software, resource kit tools—
everything that is either completely generic or includes an enterprise license and thus does not entail
additional costs.
Next, the server is configured. This phase covers the application of the server software—software
that will support the server’s specific role within the enterprise.
The final preparation phase is server testing. This should include stress testing as well as configuration
acceptance testing. Once this testing phase is complete, the server is ready for production.
Putting the server into production often means recovering information such as Security Settings
from another server and migrating it to the new machine. Once this is performed, the server officially
enters its production cycle. IT management for the server becomes focused on routine administrative
tasks, software updates and service pack application, and performance and capacity monitoring. All
are performed on a scheduled basis. This phase will also include server repairs if required. Though

most every task will focus on remote operations, some repairs may require shutdown and physical
access to the server. It is indeed very hard to upgrade server memory remotely. This is an area that
has changed with Windows Server 2003; now all shutdowns can be documented and justified through
a verbose shutdown dialog box called the Shutdown Event Tracker.
Finally, after its lifecycle is complete, the server reaches obsolescence and must be retired
from the network. It is then replaced by new servers that have begun a new lifecycle within the
enterprise network.
The Service Lifecycle
IT service lifecycle models abound in the industry. Microsoft first published an IT service lifecycle
management model in a white paper entitled “Planning, Deploying and Managing Highly Available
Solutions,” released in May 1999 (search for the document name at http://search.microsoft.com/).
This model identified four phases of service lifecycle management:
• Planning Identifying and preparing solutions for deployment
• Deployment Acquiring, packaging, configuring, installing, and testing deployment strategies
• Production Problem, change, optimization, and administration management within the
production network
• Retirement Replacement/upgrade planning and removal of obsolete technologies and
processes
While the original Microsoft model provided a sound starting point for IT service lifecycle
management, the test of time proved that it required some minor modifications to fully illustrate the
lifecycle of a service within an enterprise network. This new model is illustrated in Figure 1-1.
This service lifecycle model is still based on the same four phases with refinements within both
the planning and the Preparation and Deployment Phases. Each of these two phases was increased in
size to better reflect their importance to the process since planning and preparation take on more and
more importance in network architectures today.
NOTE
Microsoft has made their model evolve as well. It is now fully incorporated into the Microsoft
Operations Framework. More information on this framework is available at http://www.microsoft
.com/business/services/mcsmof.asp.
In addition, several processes and procedures where added to each of these two phases.
Rationalization—a process focused on decreasing the number of servers and applications in the
enterprise—was added to the initial planning process in order to reduce diversity. Rationalization
affects not only server hardware through server consolidation practices, but also the applications and

utilities that run on these servers. The latter focuses on reduction through the selection of one and
only one application to provide a given function within the network. One of the great opportunities
for rationalization is when organizations move from Windows NT to Windows Server 2003. In NT,
many third-party software products were required to have an efficient and effective network. In
WS03, while third-party products are still required, a vast number of these utilities are no longer
needed since the operating system includes so many new features.
Figure 1-1 The service lifecycle is divided into four phases: Planning, Preparation and
Deployment, Production, and Retirement.

Functional testing is now focused on proof-of-concept testing—that is, testing the concepts that
emerge from the previous activity, which is Enterprise Architecture. It also involves application
compatibility testing—testing current applications to see if they will operate with the new service.
The outcome of this stage should be a complete impact report on existing products that will be
required within the new network. This report should include upgrade procedures or replacement
recommendations if the product is not compatible with the new OS.
The design of the Enterprise Architecture mainly involves analysis of the needs and requirements
of the organization, the features of the new service, and the elaboration of the principles, rules, and standards
that will be applied to its use within the enterprise. This stage also focuses on Standardization, another
process which concentrates on the reduction of diversity, but this time, specifically within the service
that is to be delivered.
Preparation and Deployment have also been enhanced with the addition of the Technical Architecture
Process, which follows or can occur at the same time as the Acquisition Process. The Technical
Architecture provides the technical parameters which will be applied to the service during its
installation and during the rest of its lifecycle within the network. It is based on the orientations
outlined in the Enterprise Architecture and simply details the specifics of the implementation.
The lifecycle then moves on to installation and initial configuration, and packaging/staging. Packaging
is used if the service relies on a software product or an addition to the current network. Staging is
used if the service relies on a new operating system. In the Windows Server 2003 implementation
process, you will use both packaging and staging since you will begin with initial installation or
staging of your servers, then follow with the application of the function or role the server will play
in your network. Packaging is often used to automate the software or service installation process.
Testing is the next stage, which involves several different levels. System testing validates that the
service operates in a standalone environment. Integration testing validates the service’s coexistence
with other services on the same machine or in the same network. Acceptance testing gives the final
user approval rights to the service as it is packaged and prepared.
Finally, the service is ready for deployment. This can be done in several stages. Another proof-of-
concept (POC) can be done to perform a final validation of the service in use. The target audience
for this POC usually consists of the project team and some of its closest associates. This is followed
by a pilot project that tests all aspects of the deployment methodology. Massive deployment follows
a successful pilot project.
Not all services must undergo the proof-of-concept stage. This stage is only applied if the target
population for the service is extremely large (1,000 or more users). If target populations are smaller,
you may want to proceed with only a pilot project before deployment. There are, however, very few
cases when you should proceed directly to deployment without either a POC or a pilot project. An
example would be if you need to deploy a security patch in an emergency. Even then, you would need
to do a minimum amount of testing before proceeding to deployment.
Once the service is deployed, it enters the Production Phase of its lifecycle. Here you must manage
and maintain a complete inventory of the service, manage changes to the service, manage problems
and support users of the service, and generally administer the service. You must also manage the
service-level agreements for this service. This involves performance and capacity analysis, redundancy
planning (backup, clustering, failsafe, and recovery procedures), availability, reliability, and
responsiveness analysis of the service.

The final phase of the IT service lifecycle is Retirement. When the service reaches a certain degree
of obsolescence, it must be retired from the network because its operation costs often outweigh the
benefits it brings to the network.
Of special note is the security element, which surrounds the entire service lifecycle. Security has a
special position in this lifecycle because it encompasses much more than just software and hardware.
Security is a process in and of itself, as you will discover in Chapter 8.
Both the server and service lifecycles will be used throughout this book. The server lifecycle will
help with the construction and delivery of the servers you build with WS03. The service lifecycle
will apply more specifically to the roles or configurations you give to your servers as you prepare
them for deployment. To simplify this process, you will need another model, the Server Construction
and Management Model.
A New Model for Server Construction and Management
The use of an architectural model can greatly simplify the architectural design process for the
construction and management of servers (and PCs) in your enterprise network. Such a model should
outline the services required in the network and should group these services into appropriate categories
or layers. In addition, to properly reflect the service and security nature of these groupings, and to
outline that they are designed to provide access to resources within the network, the name of the
model should describe its purpose. This model proposed here is called the Point of Access to Secure
Services (PASS) model.
NOTE
This model was first outlined in Preparing for .NET Enterprise Technologies, by Ruest and Ruest
(Addison-Wesley, 2001) and was originally called the “Service Point of Access or SPA Object
Model.” It has been renamed the PASS model here to better reflect its intended purpose.
The model is based on an existing and well-known service model: the International Standards
Organization’s OSI Networking Reference model. The OSI model has been modified to better suit the
needs of distributed environments. It is a good source model because it is well-known in the industry.
It describes networking between clients and servers through a series of layers, with each layer having
its own set of functional services. Interactions between layers are based on using common services,
and interactions are limited to the layers immediately adjacent to any given layer.
In the PASS model, each layer offers a set of services to the others. Each layer interacts with the
other and each layer has a specific function. This layered model can be applied to the core elements
of a distributed environment, either PCs or servers. The content of the PASS model is divided into
ten layers, similar to those of the OSI model:
• Physical
• Core operating system

• Networking
• Storage
• Security
• Communications
• Common productivity tools
• Presentation
• Role-based commercial software and/or corporate applications
• Ad hoc commercial software and/or corporate applications
The PASS model represents a design that is very similar to the OSI model, with the addition
of three extra layers. This model begins to demonstrate how you can construct and present IT
technologies in understandable ways. Even though all of the layers are related to each other in
specific ways, some have a stronger relationship than others. By examining the content of each
layer, you can see that some layers need to be implemented on every server while others aim at
specific servers (see the ten layers of the PASS Model at http://www.Reso-Net.com/WindowsServer/).
This “common” versus “specific” components approach must influence the ten-layer model. To
provide a clear construction model, the ten layers must be regrouped into sections that are meant for
every server and sections that are meant for specific groups of servers.
For this, the model must be restructured into four basic sections. This diagram can serve as a map
for server design and deployment. This is the PASS model. Its four sections are:
• Physical Standard physical components.
• System Kernel All components that are common to all servers.
• Role-based applications and software Components which are installed on a server on a
role basis—that is, the role the server plays in the network. Roles can be based on commercial
software, for example, Microsoft .NET Enterprise Server products, or they can be based on
corporate applications. The difference between the two is often related to security levels.
Commercial software is often available to all users and corporate applications are often
restricted to specific users.
• Ad hoc applications and software In some instances, there are highly specialized IT
requirements for a server that are not necessarily related to its role within the enterprise.
These are included in the ad hoc layer.
The final layer of the PASS System Kernel, the presentation layer, provides the interface requirements
for the server at both the user and the administrative level. At the core of this model is the concept of
standardization, specifically within the Physical and System Kernel layers. Standardization does not
mean reduction; it simply means doing everything in a single unified manner. This alone can vastly
reduce costs in the IT enterprise. The PASS model clearly displays the mechanisms that can be used
to construct servers so long as standards are available to support all of the processes that it identifies.

1 0 W i n d o w s S e r v e r 2 0 0 3 : B e s t P r a c t i c e s f o r E n t e r p r i s e D e p l o y m e n t s
This model is illustrated in Figure 1-2. As you can see, its construction is closely tied to the server
lifecycle presented earlier.
Figure 1-2 The PASS model

C h a p t e r 1 : P l a n n i n g f o r W i n d o w s S e r v e r 2 0 0 3 1 1
The Benefits of the PASS Model
Using a single model for the outline of technical services provided by both PCs and servers has
several major advantages. First, by using layers and specifically including a presentation layer, it
forms the framework for user and technology interactions within a Windows distributed environment.
Second, it outlines that there should be no difference in the approaches used to manage and maintain
PASS objects (PCs or servers). Third, it outlines how to construct both servers and PCs. Fourth, it
outlines a framework that will allow the systems to evolve with time through structured management
approaches. In addition, each of the four major layers of this model provides distinct benefits.
Standardizing the physical layer ensures that the organization has modern tools to perform its IT tasks.
It also ensures the control of obsolescence within the organization. In addition, reducing the diversity of
hardware within the organization reduces costs since fewer device drivers need to be maintained for each
type of peripheral. With Windows Server 2003, you’ll even want to aim for the inclusion of peripherals
that can all be certified—that is, those which include device drivers that are digitally signed by the
manufacturer guaranteeing their stability. When stability is the top priority, reducing the number of
potential problem sources is critical. The physical layer should always be based on industry standards such
as those outlined by the Desktop Management Task Force (DMTF). More information on the DMTF and
the standards they promote can be found at http://www.dmtf.org/. Microsoft also provides detailed
hardware specifications for Windows products at http://www.microsoft.com/hwdq/hcl/.
The System Kernel is the layer that will save the corporation the most because it provides
the framework for the integration of common PASS services into a single unit. This means the
organization must begin by devising the technical content of each of the kernel’s sublayers, the
rules and guidelines governing them, and their personalization or interaction with other sublayers.
This information can then be used to interactively create model systems that will serve as sources
for the automated installation of all servers in the enterprise network. Using new disk imaging or
remote installation technologies, the complete Kernel can be captured into a single installation
phase. This image can then be deployed to every server within the network and provide a single
unified standard. More on this approach will be discussed in Chapter 2.
But automation is not the only requirement. Planning is essential since the new system will be made
available to all users. Here the corporation will need to identify the content of each sublayer using
structured guidelines (see “Using the PASS Model” section later in this chapter). Only corporate-wide
software components will be included in the System Kernel. At this stage, it will also be vital to
properly preconfigure the presentation layer for the model system that serves as the source device before
reproduction. If IT is a service, then this is the most important layer of the entire model. It is the one
aspect of the system that users will interact with on a daily basis. Presentation does not stop at the
desktop. Every element users can see on a system should be standardized. The corporation saves
through the definite reduction in retraining. If all hard disks, all desktops, all menus, and all display
features are all standardized on all servers, corporate users, even administrators and technicians will
always be able to quickly perform work on any given server within the network. For newcomers, the
corporation can train them how to use the corporate systems, not how to use basic Windows.
The role-based software and application layer has two parts: commercial software and/or corporate
applications. The commercial software portion contains everything that does not have a mission-critical
role. It benefits from the rationalization process and thus provides single applications for any given IT
task. This layer can save time and money since software and applications are grouped as functional
families of products and tools that provide specialized services. Thus deployment of these applications

can be performed through the assignment of the family of applications to groups of servers within
the corporation.
The corporate application section of this layer focuses on mission-critical business roles. Once
again, it is the guidelines of the presentation section that tie this application section to the entire
system. Here application deployment costs are considerably reduced because once again, families
of applications can be deployed to groups of servers within the network. The major difference
between this section and the role-based commercial software section is restricted access. Users of
corporate applications must be authorized since they can have access to confidential information
through these applications.
All staging and administration approaches for Windows Server 2003 should make use of the
PASS model.
A Structured Approach: Using Standard
Operating Procedures
To reduce costs and improve network stability, the corporation must implement standard operating
procedures (SOPs). SOPs not only ensure stability within a network, but can also greatly reduce
costs. Having documented SOPs, even for interactive or manual procedures, can vastly reduce the
margin of error when performing the procedure. A well-designed SOP will also supply a contact
point for reference if something goes wrong during its operation.
But technical staff often does not have the time or budget required for documenting and
standardizing procedures and operations. Because of this, people find it easier to simply remember
everything and know who to refer to if a problem arises. While this approach works and has given
proven results, its major drawback lies with the availability of key personnel—when this personnel
is not (or no longer) available, the knowledge disappears from the enterprise. On the other hand, it
is often difficult for organizations to budget for SOP documentation. It is a time-consuming process
whose benefits are not always immediately apparent to managers.
SOPs in the form of checklists and detailed procedural steps will be used here as much as possible.
Thus, you can save considerable time and effort by simply incorporating these checklists and procedures
into the standard operating procedures you prepare for your particular situation.
A standard operating procedure is a documented set of instructions to be followed to complete a
given procedure. It focuses on maximizing efficiency during operational and production requirements.
Once implemented, SOPs can help provide guaranteed service levels and become the basis for the
elaboration of service-level agreements.
When well defined, SOPs allow an organization to measure the time it takes to perform a given
task. SOPs are also used to simplify troubleshooting since every process is the same everywhere.
Finally, SOPs provide redundancy and reduced costs in administration since all network technicians
and administrators use the same processes wherever they are located and no retraining is required.
Thus, the SOPs you write will also become the core of any technical training program you provide
to the staff in your enterprise.

SOP Best Practices
Here are some concepts to keep in mind when writing or adapting SOPs:
• All SOPs must meet the definition of an SOP: a documented set of instructions to be followed
to complete a given procedure.
• Incorporate safety and environment variables into the how-to steps.
• Keep SOPs as short as possible. This will ensure that they are followed. The actual SOP should
include no more than 6 to 12 steps to be effective. If an SOP goes beyond 10 steps, consider
these solutions:
• Break the long SOP into several logical sub-job SOPs.
• Prepare the longer comprehensive training SOP first to get a picture of what training is
required. Then decide how to break it into shorter sub-job SOPs.
• Make the long-form SOP a training document or manual to supplement the shorter sub-job SOPs.
• If you write shortcut SOPs, explain the reason behind certain steps to provide understanding
of the importance of following all the steps in the proper order.
• Write SOPs for people who work in different interpersonal circumstances:
• For people who work alone
• For two or more people who work as a team
• For people who will supervise other people doing a job
• For people who are not familiar with rules generally understood by your employees
• Consider the age, education, knowledge, skill, experience and training, and work culture of
the individuals who will be performing the SOP steps.
• Forecast future effects and steps at certain points in the SOP to tell readers things they should
know in advance (upcoming steps that require caution, precision, timing, and personal attention).
• Once the SOP is completed, have several workers test it and give you feedback.
• Review the effectiveness of SOPs after a few weeks and make necessary changes if field
practice suggests that descriptions should be improved.
• Review and update SOPs when processes and equipment are changed.
• When new equipment is installed, take the opportunity to write a new SOP, incorporating
the good from the old, and adding what is necessary to satisfy the new equipment.
• Rely on the expertise of your staff to create and test the SOPs. You can, of course, supplement
this expertise with external help.
• Ensure that all SOPs have a designated owner and operator.

• Illustrate the steps in an SOP as much as possible. It is always easier to follow a diagram than
written instructions.
Enterprise Network Architectures
This completes the basic architectural structure for the design of the enterprise network. This
included the examination of several models—the server lifecycle, the service lifecycle, the PASS
model—and the outline of the standard operating procedure strategy to be used. Every architectural
process begins with the necessity for change. The advent of Windows Server 2003 is the impetus for
change within your enterprise network infrastructure. But the technology alone is not the sole object
of the change. When designing Enterprise Architectures, organizations must take several additional
processes into account. A thorough examination of the existing network, its current problems, the
business objectives of the organization, and industry best practices must be combined with a complete
understanding of the feature set of the new technology to form the decisions that will make up the
architecture you devise. This process is illustrated in Figure 1-3. Thus the next step is to examine the
Windows Server 2003 family in depth to identify opportunities for change.
Figure 1-3 Designing an Enterprise Network Architecture involves input from several sources.
QUICK TIP
A sample standard operating procedure and an SOP model are available at http://www.Reso-Net
.com/WindowsServer/. You will also find sample WS03-specific SOPs. They are designed to help
you in your SOP preparation process.

Building on Windows 2000: The WS03 Model
Since Windows NT, Microsoft has divided its server family of operating systems into several different
products. Such is the case for the Windows Server 2003 family. As mentioned previously, the WS03
family includes four different editions. In addition to offering the standard features that have made
Windows famous—complete and powerful network operating system, platform for the execution of
applications from 16- to 64-bit, powerful authentication services, and more—the WS03 family offers
major improvements over both Windows 2000 and Windows NT. The Windows Server 2003 family is
at the same level as the Windows XP client family.
Despite its 32-bit programming model and its core construction protecting the operating system
kernel from access by applications, Windows NT never did gain the reputation for stability it should
have. For the past two generations of Windows server operating systems, Microsoft has endeavored
to ensure that stability is at the core of the operating system. This goal was achieved to a certain
degree with Windows 2000 and has been vastly improved with Windows Server 2003.
WS03 also includes a new structure for service offerings: the WS03 add-in. These feature packs
are released after the core system and most are free to users of WS03. They include tools supporting
communication, collaboration, application integration, and more. For example, the Real-Time
Communications server can be added to WS03 to create a new communications infrastructure.
SharePoint Team Services can help create team collaboration. Active Directory in Application Mode
can be used for application integration. More services will come out in time.
The core WS03 system also supports secure mobile data communications and improved streaming
media delivery. It is more stable and reliable than even Windows 2000. With proper server construction,
you can ensure that the only downtime is scheduled downtime. WS03 also includes full integration
with other components of Microsoft’s .NET technology family:
• Integration between Microsoft .NET Passport with Active Directory, allowing organizations
to integrate Passport services to their e-commerce strategy
• Native support for SOAP-based message parsing in Microsoft Message Queuing (MSMQ)
• Integration of the COM+ programming model within the .NET Framework
These are only a few of the new features available in WS03, but to understand them properly,
you need to be able to compare them to both Windows NT and Windows 2000. If you haven’t
implemented Windows 2000 yet, you’ll want to jump directly to WS03 and immediately profit
from its enhancements over Windows 2000. If you are running Windows 2000 today, you may decide
that some of the key features of WS03 justify the move. Whichever the case, it will be important to
review the complete list of new features for WS03 before you begin your implementation.

As you will see, there are a lot of improvements throughout all of the feature categories of this
operating system. But since there are four different versions of WS03, it is also important to
understand which version supports which feature.
NOTE
Microsoft provides a feature sorter at http://www.microsoft.com/windowsserver2003/evaluation/
features/featuresorter.aspx. But if you prefer a Microsoft Word version of the feature list, you can find
one at http://www.Reso-Net.com/WindowsServer/. This table lists the new features and improvements
of WS03 compared to Windows NT4 and Windows 2000. Microsoft also provides a feature per edition
table at http://www.microsoft.com/windowsserver2003/evaluation/features/compareeditions.mspx.
As you will learn, not all features are supported by all versions of WS03. In fact, clear distinctions
emerge when you compare the Web, Standard, and Enterprise Editions of WS03. The Datacenter
Edition falls within its own category since it relies on custom hardware, something that not everyone
will require.
Choosing a Windows edition to install was simpler in Windows NT. Most often, you installed
Windows NT Server itself. Other editions were used only when specific needs or requirements
demanded them. With WS03, you will definitely want to apply the proper edition when installing a
server since this affects security, the number of default services installed, and operating system cost.
Throughout your discovery of this new OS, you will also find that the major areas for
improvement in the WS03 family are security, reliability, performance, manageability, and integrated
Web services. These will be discussed in greater length throughout the development process of the
Enterprise Network Architecture.
The information found on the Microsoft Web site gives a lot of details, but serves more as a
starting point than anything else. If you are working on the architecture phase of your WS03
implementation project, you will want to have more information available to you in a readily
available format. One of the best ways to do this is to install help from another operating system on
your PC. This option is available only on Windows XP and the WS03 family because it makes use of
Windows XP’s new Help and Support engine.
The WS03 help can be installed from any WS03 Installation CD by using the Options button of
the Help and Support and selecting the appropriate choice from the menu it presents (see Figure 1-4).

Discovering Diverse Content Through
Random Scribd Documents

The day following he inquired of his friends whether there did not
chance to be, in the great city, some poor mendicant of exemplary
piety, to whom he might offer his respects, and from whom he
might, haply, learn what he longed to know, together with advice
that would be of service to him. They answered: “Just such a man
as thou describest is our Lord, Jelālu-’d-Dīn. He has forsaken all
pleasures, save only his love towards God. Not only has he given up
all concern for worldly matters, he has also renounced all care as to
a future state. He passes his nights, as well as his days, in the
worship of God; and he is a very ocean of knowledge in all temporal
and spiritual subjects.”
The Tebrīz merchant was enchanted with this information. He
begged to see that holy man, the bare mention of whose virtues had
filled him with delight. They accordingly conducted him to the
college of Jelāl, the merchant having privately furnished himself with
a rouleau of fifty sequins in gold as his offering to the saint.
When they reached the college, Jelāl was sitting alone in the
lecture-hall, immersed in the study of some books. The party made
their obeisances, and the merchant felt himself completely
overpowered at the aspect of the venerable teacher; so that he
burst into tears, and could not utter a word. Jelāl addressed him,
therefore, as follows:—
“The fifty sequins thou hast provided as thy offering are accepted.
But better for thee than these are the two hundred sequins thou
hast lost. God, whose glory be exalted, had determined to visit thee
with a sore judgment and a heavy trial; but, through this thy visit
here, He hath pardoned thee, and the trial is averted from thee. Be
not dismayed. From this day forth thou shalt not suffer loss; and
that which thou hast already suffered shall be made up to thee.”
The merchant was equally astonished and delighted at these
words; more so, however, when Jelāl proceeded with his discourse:
“The cause and reason of thy bygone losses and misfortunes was,
that, on a certain day thou wast in the west of Firengistān (Europe),

where thou wentest into a certain ward of a certain city, and there
sawest a poor Firengī (European) man, one of the greatest of God’s
cherished saints, who was lying stretched out at the corner of a
market-place. As thou didst pass by him, thou spattest on him,
evincing aversion from him. His heart was grieved by thy act and
demeanour. Hence the visitations that have afflicted thee. Go thou,
then, and make thy peace with him, asking his forgiveness, and
offering him our salutations.”
The merchant was petrified at this announcement. Jelāl then
asked him: “Wilt thou that we this instant show him to thee?” So
saying, he placed his hand on the wall of the apartment, and told
the merchant to behold. Instantly, a doorway opened in the wall,
and the merchant thence perceived that man in Firengistān, lying
down in a market-place. At this sight he bowed down his head and
rent his garments, coming away from the saintly presence in a state
of stupor. He remembered all these incidents as facts.
Immediately commencing his preparations, he set out without
delay, and reached the city in question. He inquired for the ward he
wished to visit, and for the man whom he had offended. Him he
discovered lying down, stretched out as Jelāl had shown him. The
merchant dismounted from his beast, and made his obeisance to the
prostrate Firengī dervish, who at once addressed him thus: “What
wilt thou that I do? Our Lord Jelāl suffereth me not; or otherwise, I
had a desire to make thee see the power of God, and what I am.
But now, draw near.”
The Firengī dervish then clasped the merchant to his bosom,
kissed him repeatedly on both cheeks, and then added: “Look now,
that thou mayest see my Lord and Teacher, my spiritual Master, and
that thou mayest witness a marvel.” The merchant looked. He saw
the Lord Jelāl immersed in a holy dance, chanting this hymn, and
entranced with sacred music:—

“His kingdom’s vast and pure; each sort its fitting place finds there;
Cornelian, ruby, clod, or pebble be thou on His hill.
Believe, He seeks thee; disbelieve, He’ll haply cleanse thee fair;
Be here a faithful Abū-Bekr; Firengī there; at will.”
When the merchant happily reached Qonya on his return, he gave
the salutations of the Firengī saint, and his respects, to Jelāl; and
distributed much substance among the disciples. He settled at
Qonya, and became a member of the fraternity of the Pure Lovers of
God.
18.
Jelāl was one day passing by a street, where two men were
quarrelling. He stood on one side. One of the men called out to the
other: “Say what thou will; thou shalt hear from me a thousandfold
for every word thou mayest utter.”
Hereupon Jelāl stepped forward and addressed this speaker,
saying: “No, no! Whatsoever thou have to say, say it to me; and for
every thousand thou mayest say to me, thou shalt hear from me one
word.”
On hearing this rebuke, the adversaries were abashed, and made
their peace with one another.
19.
One day, a very learned professor brought all his pupils to pay
their respects to Jelāl.
On their way to him, the young men agreed together to put some
questions to Jelāl on certain points of Arabic grammar, with the
design of comparing his knowledge in that science with that of their
professor, whom they looked upon as unequalled.

When they were seated, Jelāl addressed them on various fitting
subjects for a while, and thereby paved the way for the following
anecdote:—
“An ingenuous jurist was once travelling with an Arabic
grammarian, and they chanced to come to a ruinous well.
“The jurist hereupon began to recite the text (of Qur’ān xxii. 44):
‘And of a ruined well.’
“The Arabic word for ‘well’ he pronounced ‘bīr,’ with the vowel
long. To this the grammarian instantly objected, telling the jurist to
pronounce that word with a short vowel and hiatus—bi’r, so as to be
in accord with the requirements of classical purity.
“A dispute now arose between the two on the point. It lasted all
the rest of the day, and well on into a pitchy dark night; every
author being ransacked by them, page by page, each sustaining his
own theory of the word. No conclusion was arrived at, and each
disputant remained of his own opinion still.
“It so happened in the dark, that the grammarian slipped into the
well, and fell to the bottom. There he set up a wail of entreaty: ‘O
my most courteous fellow-traveller, lend thy help to extricate me
from this most darksome pit.’
“The jurist at once expressed his most pleasurable willingness to
lend him that help, with only one trifling condition—that he should
confess himself in error, and consent to suppress the hiatus in the
word ‘bi’r.’ The grammarian’s answer was ‘Never.’ So in the well he
remained.”
“Now,” said Jelāl, “to apply this to yourselves. Unless you will
consent to cast out from your hearts the ‘hiatus’ of indecision and of
self-love, you can never hope to escape from the noisome pit of self-
worship,—the well of man’s nature and of fleshly lusts. The dungeon
of ‘Joseph’s well’ in the human breast is this very ‘self-worship;’ and
from it you will not escape, nor will you ever attain to those

heavenly regions—‘the spacious land of God’” (Qur’ān iv. 99, xxix.
56, xxxix. 13).
On hearing these pregnant words, the whole assembly of
undergraduates uncovered their heads, and with fervent zeal
professed themselves his spiritual disciples.
20.
There was a great and good governor (apparently) of Qonya, of
the name of Mu’īnu-’d-Dīn, whose title was the Perwāna (moth or
fly-wheel, viz., of the far-distant Mogul Emperor, resident at the court
of the king). He was a great friend to the dervishes, to the learned,
and to Jelāl, whose loving disciple he was.
One day, a company of the dervishes and learned men united in
extolling the Perwāna to the skies, in Jelāl’s presence. He assented
to all they advanced in that respect, and added: “The Perwāna
merits a hundredfold all your eulogiums. But there is another side to
the question, which may be exemplified by the following anecdote:—
“A company of pilgrims were once proceeding towards Mekka,
when the camel of one of the party fell down in the desert, totally
exhausted. The camel could not be got to rise again. Its load was,
therefore, transferred to another beast, the fallen brute was
abandoned to its fate, and the caravan resumed its journey.
“Ere long the fallen camel was surrounded by a circle of ravenous
wild beasts,—wolves, jackals, c. But none of these ventured to
attack him. The members of the caravan became aware of this
singularity, and one of them went back to investigate the matter. He
found that an amulet had been left suspended on the animal’s neck;
and this he removed. When he had retreated to a short distance, the
hungry brutes fell upon the poor camel, and soon tore him
piecemeal.”

“Now,” said Jelāl, “this world is in an exactly similar category with
that poor camel. The learned of the world are the company of
pilgrims, and our (Jelāl’s) existence among them is the amulet
suspended round the neck of the camel—the world. So long as we
remain so suspended, the world will go on, the caravan will proceed.
But so soon as the divine mandate shall be spoken: ‘O thou
submissive spirit, come thou back to thy Lord, content and approved’
(Qur’ān lxxxix. 27-8), and we be removed from the neck of the
world-camel, people will see how it shall fare with the world,—how
its inhabitants shall be driven,—what shall become of its sultans, its
doctors, its scribes.”
It is said that these words were spoken a short time before Jelāl’s
death. When he departed this life, not much time elapsed ere the
Sultan, with many of his great men of learning and nobles, followed
him to the grave, while troubles of all kinds overwhelmed the land
for a season, until God again vouchsafed it peace.
21.
During one of his expositions, Jelāl said: “Thou seest naught, save
that thou seest God therein.”
A dervish came forward and raised the objection that the term
“therein” indicated a receptacle, whereas it could not be predicated
of God that He is comprehensible by any receptacle, as this would
imply a contradiction in terms. Jelāl answered him as follows:—
“Had not that unimpeachable proposition been true, we had not
proffered it. There is therein, forsooth, a contradiction in terms; but
it is a contradiction in time, so that the receptacle and the recepted
may differ,—may be two distinct things; even as the universe of
God’s qualities is the receptacle of the universe of God’s essence.
But, these two universes are really one. The first of them is not He;
the second of them is not other than He. Those, apparently, two
things are in truth one and the same. How, then, is a contradiction

in terms implied? God comprises the exterior and the interior. If we
cannot say He is the interior, He will not include the interior. But He
comprises all, and in Him all things have their being. He is, then, the
receptacle also, comprising all existences, as the Qur’ān (xli. 54)
says: ‘He comprises all things.’”
The dervish was convinced, bowed, and declared himself a
disciple.
22.
Jelāl was one day seated in the shop of his great disciple the
Goldbeater, Salāhu-’d-Dīn; and was surrounded by a circle of other
disciples, listening to his discourse; when an old man came rushing
in, beating his breast, and uttering loud lamentations. He entreated
Jelāl to help him in his endeavours to recover his little son, a child
seven years old, lost for several days past, in spite of every effort
made to find him.
Jelāl expressed his disapprobation at the extreme importance the
old man appeared to attach to his loss; and said: “Mankind in
general have lost their God. Still, one does not hear that they go
about in quest of Him, beating their breasts and making a great
noise. What, then, has happened to thee so very particular, that
thou makest all this fuss, and degradest thyself, an elder, by these
symptoms of grief for the loss of a little child? Why seekest thou not
for a time the Lord of the whole world, begging assistance of Him,
that peradventure thy lost Joseph may be found, and thou be
comforted, as was Jacob on the recovery of his child?”
The old man at once followed Jelāl’s advice, and begged
forgiveness of God. Just then, news was brought him there that his
son had been found. Many who were witnesses of these
circumstances became devoted followers of Jelāl.
23.

Jelāl was one day lecturing, when a young man of distinction
came in, pushed his way, and took a seat higher up than an old
man, one of the audience.
Jelāl at once remarked: “In days of yore it was the command of
God, that, if any young man should take precedence of an elder, the
earth should at once swallow him up; such being the divine
punishment for that offence. Now, however, I see that young men,
barely out of leading-strings, show no respect for age, but trample
over those in years. They have no dread of the earth’s swallowing
them up, nor any fear of being transformed into apes.13 It
happened, however, that one morning the Victorious Lion of God,
‘Alī, son of Abū-Tālib, was hasting from his house to perform his
devotions at dawn in the mosque of the Prophet. On his way, he
overtook an old man, a Jew, who was going in the same direction.
The future Caliph, out of innate nobility and politeness of nature,
had respect for the Jew’s age, and would not pass him, though the
Jew’s pace was slow. When ‘Alī reached the mosque, the Prophet
was already bowed down in his devotions, and was about to chant
the ‘Gloria;’ but, by God’s command, Gabriel came down, laid his
hand on the Prophet’s shoulder, and stopped him, lest ‘Alī should
lose the merit attaching to his being present at the opening of the
dawn service; for it is more meritorious to perform that early service
once, than to fulfil the devotions of a hundred years at other hours
of the day. The Prophet has said: ‘The first act of reverence at dawn
worship is of more value than the world and all that is therein.’
“When the Apostle of God had concluded his worship, offered up
his customary prayers, and recited his usual lessons from the Qur’ān,
he turned, and asked of Gabriel the occult cause of his interruption
at that time. Gabriel replied that God had not seen fit that ‘Alī should
be deprived of the merit attaching to the performance of the first
portion of the dawn worship, through the respect he had shown to
the old Jew he had overtaken, but whom he would not pass.

“Now,” remarked Jelāl, “when a saint like ‘Alī showed so much
respect for a poor old misbelieving Jew, and when God viewed his
respectful consideration in so highly favourable a manner, you may
all infer how He will view any honour and veneration shown to an
elderly saint of approved piety, whose beard has grown grey in the
service of God, and whose companions are the elect of their Maker,
whose chosen servant he is; and what reward He will mete out in
consequence. For, in truth, glory and power belong to God, to the
Apostle, and to the believers, as God hath Himself declared (Qur’ān
lxiii. 8): ‘Unto God belongeth the power, and to the apostle, and to
the believers.’
“If then,” added he, “ye wish to be prosperous in your affairs, take
fast hold on the skirts of your spiritual elders. For, without the
blessing of his pious elders, a young man will never live to be old,
and will never attain the station of a spiritual elder.”
24.
One day Jelāl took as his text the following words (Qur’ān xxxi.
18):—“Verily, the most discordant of all sounds is the voice of the
asses.” He then put the question: “Do my friends know what this
signifies?”
The congregation all bowed, and entreated him to expound it to
them. Jelāl therefore proceeded:—
“All other brutes have a cry, a lesson, and a doxology, with which
they commemorate their Maker and Provider. Such are, the yearning
cry of the camel, the roar of the lion, the bleat of the gazelle, the
buzz of the fly, the hum of the bee, c.
“The angels in heaven, and the genii, have their doxologies also,
even as man has his doxology—his Magnificat, and various forms of
worship for his heart (or mind) and for his body.

“The poor ass, however, has nothing but his bray. He sounds this
bray on two occasions only: when he desires his female, and when
he feels hunger. He is the slave of his lust and of his gullet.
“In like manner, if man have not in his heart a doxology for God, a
cry, and a love, together with a secret and a care in his mind, he is
less than an ass in God’s esteem; for He has said (Qur’ān vii. 178):
‘They are like the camels; nay, they are yet more erring.’” He then
related the following anecdote:—
“In bygone days there was a monarch, who, by way of trial,
requested another sovereign to send him three things, the worst of
their several kinds that he could procure; namely, the worst article of
food, the worst dispositioned thing, and the worst animal.
“The sovereign so applied to sent him some cheese, as the worst
food; an Armenian slave, as the worst-dispositioned thing; and an
ass, as the worst of animals. In the superscription to the epistle sent
with these offerings, the sovereign quoted the verse of Scripture
pointed out above.”
25.
On a certain day, the Lord Jelālu-’d-Dīn went forth to the country
residence of the saint Husāmu-’d-Dīn, riding on an ass. He
remarked: “This is the saddle-beast of the righteous. Several of the
prophets have ridden on asses: as Seth, Ezra, Jesus, and
Muhammed.”
It so chanced that one of his disciples was also mounted on an
ass. The creature suddenly began to bray; and the rider, annoyed at
the occurrence, struck the ass on the head several times.
Jelāl remonstrated: “Why strike the poor brute? Strikest thou him
because he bears thy burden? Returnest thou not thanks for that
thou art the rider, and he the vehicle? Suppose now, which God
forbid, that the reverse were the case. What wouldst thou have

done? His cry arises from one or the other of two causes, his gullet
or his lust. In this respect, he shares the common lot of all
creatures. They are all continually thus actuated. All, then, would
have to be scolded and beaten over the head.”
The disciple was abashed. He dismounted, kissed the hoof of his
ass, and caressed him.
26.
On a certain occasion, one of his disciples complained to Jelāl of
the scantiness of his means and the extent of his needs. Jelāl
answered: “Out upon thee! Get thee gone! Henceforward, count me
not a friend of thine; and so, peradventure, wealth may come to
thee.” He then related the following anecdote:—
“It happened, once, that a certain disciple of the Prophet said to
him: ‘I love thee!’ The Prophet answered: ‘Why tarriest thou, then?
Haste to put on a breastplate of steel, and set thy face to encounter
misfortunes. Prepare thyself, also, to endure straitness, the special
gift of the friends and lovers (of God and His Apostle)!’”
Another anecdote, also, he thus narrated: “A Gnostic adept once
asked of a rich man which he loved best, riches or sin. The latter
answered that he loved riches best. The other replied: ‘Thou sayest
not the truth. Thou better lovest sin and calamity. Seest thou not
that thou leavest thy riches behind, whilst thou carriest thy sin and
thy calamity about with thee, making thyself reprehensible in the
sight of God! Be a man! Exert thyself to carry thy riches with thee,
and sin not; since thou lovest thy riches. What thou hast to do is
this: Send thy riches to God ere thou goest before Him thyself;
peradventure, they may work thee some advantage; even as God
hath said (Qur’ān lxxiii. 20): ‘And that which ye send before, for your
souls, of good works, shall ye find with God. He is the best and the
greatest in rewarding.”

27.
It is related that one day the Perwāna, Mu’īnu-’d-Dīn, held a great
assembly in his palace. To this meeting were collected together all
the Doctors of the Law, the Sheykhs, the men of piety, the recluses,
and the strangers who had congregated from various lands.
The chiefs of the law had taken their places in the highest seats.
The Perwāna had had a great desire that Jelāl should honour the
assembly with his presence. He had a son-in-law, Mejdu-’d-Dīn,
governor to the young princes, the sons of the king. This son-in-law
of his was a disciple of Jelāl’s, and a man of very eminent qualities,
with great faith in his teacher. He offered to go and invite Jelāl to the
meeting.
Hereupon, the arch-sower of doubts and animosities in the human
breast spread among the chiefs of the law, there present, the
suspicion that, if Jelāl should come, the question of precedence
would arise: “Where should he be seated?” They all agreed that they
were themselves in their proper places, and that Jelāl must find a
seat where he could.
Mejdu-’d-Dīn delivered the Perwāna’s courteous message to his
teacher. Jelāl, inviting Husāmu-’d-Dīn and others of his disciples to
accompany him, set out for the Perwāna’s palace. The disciples went
on a little ahead, and Jelāl brought up the procession.
When Husām entered the apartment of the Perwāna, all present
rose to receive him, making room for him in the upper seats. Lastly,
Jelāl made his appearance.
The Perwāna and other courtiers crowded forward to receive Jelāl
with honour, and kissed His Lordship’s blessed hands with reverence,
expressing regret that he had been put to inconvenience by his
condescension. He returned compliment for compliment, and was
shown upstairs.

On reaching the assembly room, he saw that the grandees had
occupied the whole of the sofa, from end to end. He saluted them,
and prayed for God’s grace to be showered upon them; seating
himself then in the middle of the floor. Husāmu-’d-Dīn immediately
rose from his seat, descended from the sofa, and took a place by the
side of Jelāl.
The grandees of the assembly now arose also, excepting those
who, in spite and pride, had formed the confederacy mentioned
above. These kept their seats. Some of them were of the greatest
eminence in learning; and one, especially, was not only very learned,
but also eloquent, witty, and bold.
He, seeing what had taken place, and that all the men of rank had
quitted the sofa, to seat themselves on the floor, asked in a jocose
manner: “Where, according to the rules of the Order, is the chief
seat in an assembly?”
Some one answered him: “In an assembly of the learned, the
chief seat is in the middle of the sofa, where the professor always
sits.” Another added: “With recluses, the cell of solitude is the chief
seat.” A third said: “In the convents of dervish brethren, the chief
seat is the lower end of the sofa, where, in reality, people put off
their shoes.”
After these remarks, some one present, as an experiment, asked
Jelāl, saying: “In your rule and opinion, where is the chief seat?” His
answer was: “The chief seat is that where one’s beloved is found.”
The interrogator now asked: “And where is your beloved?” Jelāl
replied: “Thou must be blind, not to see.”
Jelāl then arose, and began to sing. Many joined; and the singing
became so enthusiastic, that the nobles rent their garments.
It so happened that, after Jelāl’s death, this interlocutor of his
went to Damascus, and there became blind. Friends flocked to visit
him, and to condole with him. He wept bitterly, and cried aloud:
“Alas, alas! what have I not suffered? That very moment, when Jelāl

gave me that fatal answer, a black veil seemed to fall down over my
eyes, so that I could not distinguish objects clearly, or their colours.
But I have hope and faith in him, that, out of his sublime generosity,
he will yet take pity on me, and pardon my presumption. The
goodness of the saints is infinite; and Jelāl himself hath said:
‘Despair not because of one sin; for the ocean of divine mercy
accepteth penitence.’”
The foregoing incident is also related with the following variation:
—
Shemsu-’d-Dīn of Tebrīz had just then returned to Qonya, and was
among those who accompanied Jelāl to the Perwāna’s palace, sitting
down near him on the floor. When the question was put: “Where is
your beloved?” Jelāl arose, and cast himself on the breast of Shems.
That occurrence it was that made Shems, from that time forward, a
man of mark in all Qonya.
28.
There was in Qonya a great physician, of eminence and ability,
who used occasionally to visit Jelāl.
On one of those days, Jelāl requested him to prepare seventeen
purgative draughts by a certain time, propitious for taking medicine,
as that number of his friends required them.
When the specified time came, Jelāl went to the physician’s house,
and received the seventeen draughts. He immediately began, and, in
the physician’s presence, drank off the whole seventeen in
succession, thence returning home.
The physician followed him there, to render the assistance he felt
sure would be wanted. He found Jelāl seated as usual, in perfect
health, and lecturing to his disciples. On inquiring how he felt, Jelāl
answered, in the words so often repeated in the Qur’ān (ii. 23, c.):
“Beneath which rivers flow.” The physician recommended Jelāl to

abstain from water. Jelāl instantly ordered ice to be brought and
broken up small. Of this he swallowed an inordinate quantity, while
the physician looked on.
Jelāl then went to a hot-bath. After bathing, he began to sing and
dance; continuing in those exercises three whole days and nights,
without intermission.
The physician declared this to be the greatest miracle ever
wrought by prophet or by saint. With his whole family, and with
many of the greatest in the medical profession, he joined himself to
the multitude of Jelāl’s disciples of the most sincere.
29.
The Perwāna is related to have said publicly, in his own palace,
that Jelāl was a matchless monarch, no sovereign having ever
appeared in any age like unto him; but that his disciples were a very
disreputable set.
These words were reported to them, and the company of disciples
were greatly scandalised at the imputation. Jelāl sent a note to the
Perwāna, of which the following is the substance:—
“Had my disciples been good men, I had been their disciple.
Inasmuch as they were bad, I accepted them as my disciples, that
they might reform and become good,—of the company of the
righteous. By the soul of my father, they were not accepted as
disciples, until God had made Himself responsible that they would
attain to mercy and grace, admitted among those accepted of Him.
Until that assurance was given, they were not received by me, nor
had they any place in the hearts of the servants of God. ‘The sons of
grace are saved; the children of wrath are sick; for the sake of Thy
mercy, we, a people of wrath, have come to Thee.’”
When the Perwāna had read and considered these words, he
became still more attached to Jelāl; arose, came to him, asked

pardon, and prayed for forgiveness of God, distributing largely of his
bounty among the disciples.
30.
Another great and good man once observed: “Jelāl is a great saint
and a sovereign; but he must be dragged forth from among his
disciples.” This was reported to Jelāl, who smiled, and said: “If he
can!”
Soon afterwards he added: “Why, then, is it that my followers are
looked upon with spite by the men of the world? It is because they
are beloved of God, and favourably regarded by Him. I have sifted
all mankind; and all have fallen through my sieve, excepting these
friends of mine. They have remained. My existence is the life of my
friends, and the existence of my friends is the life of the men of the
world, whether they know this, or whether they ignore it.”
31.
There was a young merchant, whose house was near Jelāl’s
college, and who had professed himself a sincere and ardent
disciple.
He conceived a desire and intention to make a voyage to Egypt;
but his friends tried to dissuade him. His intention was reported to
Jelāl, who strictly and rigorously prohibited his undertaking the
voyage.
The young man could not divest himself of his desire, and had no
peace of mind; so one night he clandestinely stole away, and went
off to Syria. Arrived at Antioch, he embarked in a ship, and set sail.
As God had willed, his ship was taken by Firengī pirates. He was
made prisoner, and was confined in a deep dungeon, where he had
a daily portion of food doled out to him, barely sufficient to keep his
body and soul together.

He was thus kept imprisoned forty days, during which he wept
bitterly, and reproached himself for having been disobedient to the
injunction of Jelāl; saying: “This is the reward of my crime. I have
disobeyed the command of my sovereign, following after my own
evil propensity.”
Precisely on the night of the fortieth day, he saw Jelāl in a dream,
who addressed him, and said: “To-morrow, to whatever questions
these misbelievers may ask thee, do thou return the answer: ‘I
know.’ By that means shalt thou be released.” He awoke bewildered,
returned thanks to Heaven, and sat down in holy meditation,
awaiting the solution of the dream.
Shortly, he saw a company of Firengī people come to him, with
whom was an interpreter. They asked him: “Knowest thou aught of
philosophy, and canst thou practise therapeutics? Our prince is sick.”
His answer was: “I know.”
They immediately took him out of the pit, led him to a bath, and
dressed him in a handsome vestment of honour. They then
conducted him to the residence of the sick man.
The young merchant, inspired of God, ordered them to bring him
seven fruits. These he prepared with a little scammony, and made
the whole into a draught, which he administered to the patient.
By the grace of God, and the intercession of the saints, his
treatment was crowned with success, after two or three visits. The
Firengī prince recovered; and by reason that the favour of Jelāl was
upon that young merchant, though he was utterly illiterate, he
became a philosopher. Jelāl assisted him.
When the Firengī prince had entirely recovered his health, and had
arisen from his sick-bed, he told the young merchant to ask of him
whatsoever he might wish. He asked for his freedom, and for leave
to return home, that he might rejoin his teacher. He then related all
that had befallen him;—his disobedience, his vision, and the

assistance of Jelāl. The whole audience of Firengīs, without sight of
Jelāl, became believers in him, and wooers of him.
They set the young merchant free, and allowed him to depart,
bestowing on him rich presents and a bountiful outfit.
On his arrival at the metropolis, before going to his own house, he
hastened to pay his respects to Jelāl. On beholding the sacred
features from afar, he threw himself on the earth, embraced Jelāl’s
two feet, kissed them, rubbed his face upon them, and wept. Jelāl
raised him, kissed both his cheeks, and said: “It was a narrow
escape through thy curing the Firengī prince. Thou didst abscond;
but henceforward, do thou remain at home, and occupy thyself in
earning what is lawful. Take contentment as thy exemplar. The
sufferings of the sea, the commotion of the ship, the calamity of
captivity, and the darkness of the dungeon, are so many evils.
Contentment is a very blessing from God.”
32.
Jelāl one day was going from his college into the town, when by
chance he met a Christian monk, who made him an obeisance. Jelāl
asked him which was the elder, himself or his beard. The monk
replied: “I am twenty years older than my beard. It came forth that
number of years later.” Jelāl answered him: “Then I pity thee. Thy
young beard has attained to maturity, whereas thou hast remained
immature, as thou wast. Thou art as black, and as weak, and as
untutored as ever. Alas for thee, if thou change not, and ripen not!”
The poor monk at once renounced his rope girdle, threw it away,
professed the faith of Islām, and became a believer.
33.
A company of black-habited ones (Christian priests or monks)
chanced to meet Jelāl one day, as they came from a distant place.

When his disciples espied them afar off, they expressed their
aversion from them by exclaiming: “O the dark-looking, disagreeable
things!”
Jelāl remarked: “In the whole world, none are more generous
than they are. They have given over to us, in this life, the faith of
Islām, purity, cleanliness, and the various modes of worshipping
God; while, in the world to come, they have left to us the everlasting
abodes of paradise, the large-eyed damsels, and the pavilions, as
well as the sight of God, of which they will enjoy no share; for God
hath said (Qur’ān vii. 48): ‘Verily God hath made both of them
forbidden things to the misbelievers!’ They walk in darkness and
misbelief, willingly incurring the torments of hell. But, let only the
sun of righteousness rise upon them suddenly, and they will become
believers.”
Being now come near enough, they all made their obeisances to
Jelāl, entered into conversation with him, and professed themselves
true Muslims. Jelāl now turned to his disciples, and added: “God
swallows up the darkness in the light, and the light in the darkness.
He also makes in the darkness a place for the light.” The disciples
bowed, and rejoiced.
34.
A certain well-known disciple related that, on one occasion, Jelāl
and his friends went forth to the country-seat of Husām, and there
held a grand festival of holy music and dancing until near daybreak.
Jelāl then left off, to give his followers a little rest.
They dispersed about the grounds; and the narrator took a seat in
a spot from whence he could see and observe Jelāl. The others all
fell asleep; but he occupied himself with reflections on the miracles
performed by various of the prophets and of the saints. He thought
to himself: “I wonder whether this holy man works miracles. Of

course he does; only, he keeps the fact quiet, to avoid the
inconveniences of notoriety.”
Hardly had the thought crossed his mind, when Jelāl called him by
name. On his approaching Jelāl, the latter stooped, picked up a
pebble from the earth, placed it on the back of his own hand, and
said to him: “Here, take this; it is thy portion; and be thou one of
the thankful” (Qur’ān vii. 141).
The disciple examined the pebble by the light of the moon, and
saw that it was a large ruby, exceedingly clear and brilliant, not to be
found in the treasuries of kings.
Utterly astounded, he shrieked out, and swooned away; awaking
the whole company with his shout; for he was a very loud-voiced
man. On recovery, he told the others what had occurred. He also
expressed to Jelāl his contrition for the temerity of his reflections.
Jelāl told him to carry the stone to the queen, and to mention how
he had become possessed of it. The queen accepted it, had it
valued, and gave to him a hundred and eighty thousand pieces of
silver in return, besides rich gifts. She also distributed presents to all
the members of the fraternity.
35.
A certain sheykh, son of a sheykh, and a man of great reputation
for learning, came to Qonya, and was respectfully visited by all the
people of eminence residing there.
It so happened that Jelāl and his friends were gone that day to a
mosque in the country; and the new-comer, offended at Jelāl’s not
hasting to visit him, made the remark in public: “Has Jelāl never
heard the adage: ‘The newly-arrived one is visited’?”
One of Jelāl’s disciples chanced to be present, and heard this
remark. On the other hand, Jelāl was expounding sublime truths in
the mosque to his disciples, when suddenly he exclaimed, “My dear

brother! I am the newly-arrived one, not thou. Thou and those like
thee are bound to visit me, and so gain honour to yourselves.”
All his audience were surprised at this apostrophe; wondering to
whom it was addressed. Jelāl then spake a parable: “One man came
from Bagdād, and another went forth out of his house and ward;
which of the two ought to pay the first visit to the other?”
All agreed in opinion that the man from Bagdād ought to be
visited by the other. Then Jelāl explained, thus: “In reality, I am
returned from the Bagdād of nulliquity, whereas this dearly beloved
son of a sheykh, who has come here, has gone forth from a ward of
this world. I am better entitled, therefore, to be visited than is he. I
have been hymning in the Bagdād of the world of spirits the
heavenly canticle: ‘I am the Truth,’ since a time anterior to the
commencement of the present war, ere the truth obtained its
victory.” The disciples expressed their concurrence, and rejoiced
exceedingly.
By and by, the sheykh’s son was informed of this wonder. He at
once arose, went on foot to visit Jelāl, uncovered his head, and
owned that Jelāl was right. He further declared himself Jelāl’s
disciple, and said: “My father enjoined me to put on ironed sandals,
taking an iron-shod staff in my hand, and go forth in quest of
Jelālu-’d-Dīn, since it is a duty of all to visit and reverence him who
has spoken the truth and reposes on the truth. But the majesty of
Jelāl is a hundredfold greater than what my father explained to me.”
36.
Jelāl once commanded one of his attendants to go and arrange a
certain matter. The attendant answered: “God willing.”
Upon this, Jelāl was wroth, and shouted to him: “Stupid, garrulous
fool!” The attendant fainted and foamed at the mouth.

The disciples interceded. Jelāl expressed his forgiveness; and the
attendant recovered.
37.
On the occasion of a grand religious commemoration at the house
of the Perwāna, in the presence of the Sultan Ruknu-’d-Dīn, this
monarch was taken unwell, and the exercises were suspended, only,
one of the disciples continued to sing and shout.
The Sultan remarked: “How ill-behaved is that man! Does he
pretend to be more ecstatic than his teacher Jelālu-’d-Dīn?”
Jelāl heard this, and answered the king: “Thou art unable to
withstand an attack of fever. How then canst thou expect a man
devoured with an enthusiasm that threatens to swallow up even
heaven itself, to calm down on a sudden?”
When the disciples heard this, they set up a shout; and the
Sultan, after himself witnessing one or two of the mighty signs
wrought by Jelāl, made his obeisance to him, and became a disciple.
38.
It has been related by some that the final overthrow of the rule of
the Seljūqī dynasty in Asia Minor (in a.h. 700, a.d. 1300), was in this
manner:—
The Sultan Ruknu-’d-Dīn had adopted Jelāl as his (spiritual) father.
After a while, he held a great dervish festival in the palace. But,
about that period, a certain Sheykh Bāba had created for himself a
great name in Qonya, and certain intriguers had led the king to visit
him.
It was shortly after that visit that the king held the revival in
honour of Bāba in the Hall of the Bowls.

The sheykh was met and introduced in state by the court officials,
and was then installed on the throne, with the Sultan seated on a
chair by his side. Jelāl now made his appearance, saluted, and took
his seat in a corner of the hall. Portions of the Qur’ān were recited,
and exhortations were delivered, with hymns.
The Sultan then turned to Jelāl, and spoke: “Be it known to the
Lord Jelāl, to the Doctors of the Law, and to the grandees, that I
have adopted the Sheykh Bāba as my (spiritual) father, who has
accepted me as his dutiful and affectionate son.”
All present shouted their approval, and prayed for a blessing on
the arrangement. But Jelāl, burning with divine jealousy, instantly
exclaimed (in words traditionally related of the prophet,
Muhammed): “Verily, Sa’d is a jealous man; but I am more jealous
than Sa’d; and God is still more jealous than I am.” To this he further
added: “Since the Sultan has made the sheykh his father, we will
make some other our son.” So saying, he gave his usual religious
shout of ecstasy, and stalked out from the assembly.
Husāmu-’d-Dīn related that he saw the Sultan, when Jelāl thus
quitted the presence, turn pale, as though shot with an arrow.
The grandees ran to stop Jelāl; but he would not return.
A few days afterwards, the officers of state adopted the resolution
to invite the Sultan to go to another city, that they might take
measures to get rid of Sheykh Bāba. The Sultan now went to consult
Jelāl, and ask for his blessing before setting out. Jelāl advised him
not to go. The matter had, however, been officially promulgated, and
there was no possibility to alter arrangements.
On arriving at the other town, the Sultan was conducted to a
private apartment, and forthwith strangled with a bowstring. Ere his
breath failed, he invoked the name of Jelāl.
At that moment Jelāl was at his college, lost to consciousness in
the enthusiasm of a musical service. Suddenly, he put his two

forefingers into his two ears, and ordered the trumpets and chorus
to join in. He then shouted vociferously, and recited aloud two of his
own odes, of which one commences thus:
“My words were: ‘Go not; I’m thy friend; the world is rife
With threats of dire destruction; I’m the Fount of Life.’”
· · · · · ·
When the service was over, the disciples requested Jelāl’s son,
Sultan Veled, to inquire of his father what all this might signify. In
reply, he merely put off his cloak, and said aloud: “Let us perform
the service for the burial of the dead.”
He acted as Precentor in the service, and all present joined in.
Then, without waiting for his son to put any question, he addressed
the assembly, saying: “Yea, Bahā’u-’d-Dīn and my friends! They have
strangled the poor Sultan Ruknu-’d-Dīn. In his agony, he called on
me, and shrieked. God had so ordained. I did not wish his voice to
ring in my ears, and interrupt my devotions. He will fare better in the
other world.”
(There is a serious anachronism in the foregoing account. Sultan
Ruknu-’d-Dīn, whose name was Suleyman son of Key-Khusrew, was
put to death by order of the Mogul emperor Abaqa Khān, in a.h. 664
(a.d. 1265), thirty-six years before the final extinction of the dynasty
by order of Qāzān Khān, between Abaqa and whom no less than
four emperors reigned. Besides this, Jelāl himself died in a.h. 672
(a.d. 1273), twenty-seven years before the last of the Seljūqī
sovereigns, Key-Qubād son of Ferāmurz son of Key-Kāwus, was
slaughtered, together with all living members of the race. Historians
differ much respecting the names and order of succession of the last
sovereigns of the dynasty; and the present anecdote shows how
confused had become on the spot the legend of these puppets.
Ruknu-’d-Dīn caused his own brother to be poisoned, as he had
become jealous of the favour shown to that brother by the Mogul
emperor. His own death was the reward of that act.)

39.
One day, in lecturing on self-abasement and humility, Jelāl spake a
parable from the trees of the field, and said: “Every tree that yields
no fruit, as the pine, the cypress, the box, c., grows tall and
straight, lifting up its head on high, and sending all its branches
upwards; whereas all the fruit-bearing trees droop their heads, and
trail their branches. In like manner, the Apostle of God was the most
humble of men. Though he carried within himself all the virtues and
excellencies of the ancients and of the moderns, he, like a fruitful
tree, was more humble, and more of a dervish, than any other
prophet. He is related to have said: ‘I am commanded to show
consideration to all men, to be kind to them; and yet, no prophet
was ever so ill-treated by men as I have been.’ We know that he had
his head broken, and his teeth knocked out. Still he prayed: ‘O our
Lord God, guide Thou my people aright; for they know not what
they do.’ Other prophets have launched denunciations against the
people to whom they were sent; and certainly, none have had
greater cause to do so, than Muhammed.”
“Old Adam’s form was moulded first of clay from nature’s face;
Who’s not, as mire, low-minded’s not true son of Adam’s race.”
In like manner, Jelāl also had the commendable habit to show
himself humble and considerate to all, even the lowest; especially so
to children, and to old women. He used to bless them; and always
bowed to those who bowed to him, even though these were not
Muslims.
One day he met an Armenian butcher, who bowed to him seven
times. Jelāl bowed to him in return. At another time he chanced
upon a number of children who were playing, and who left their
game, ran to him, and bowed. Jelāl bowed to them also; so much
so, that one little fellow called out from afar: “Wait for me until I
come.” Jelāl moved not away, until the child had come, bowed, and
been bowed to.

At that time, people were speaking and writing against him. Legal
opinions were obtained and circulated, to the effect that music,
singing, and dancing, are unlawful. Out of his kindly disposition, and
love of peace, Jelāl made no reply; and after a while all his
detractors were silenced, and their writings clean forgotten, as
though they had never been written; whereas, his family and
followers will endure to the end of time, and will go on increasing
continually.
40.
Jelāl once wrote a note to the Perwāna, interceding for a disciple
who had been involved in an act of homicide, and had taken refuge
in the house of another.
The Perwāna demurred; saying it was a very grave matter, a
question of blood. Jelāl thereupon facetiously replied: “A homicide is
popularly termed ‘a son of ‘Azrā’īl (the angel of death).’ Being such,
what on earth is he to do, unless he kill some one?”
This repartee so pleased the Perwāna, that he pardoned the
culprit, and paid himself to the heirs of the slain man the price of his
blood.
41.
Jelāl one day went forth and preached in the market. Crowds
collected round him. But he continued until night fell around him; so
he was at length left alone.
The dogs of the market-place now collected in a circle about him,
wagging their tails and whining.
Seeing this, Jelāl exclaimed: “By the Lord, the Highest, the
Strongest, the All-Compelling One, besides whom none is high, or
strong, or powerful! These dogs comprehend my discourse, and the

truths I expound. Men call them dogs; but henceforward let them
not be so termed. They are of the family of the ‘Seven Sleepers.’”14
42.
The Perwāna much wished Jelāl to give him private instruction at
his palace; and requested Jelāl’s son, Sultan Veled, to intercede for
him in the matter; which he did.
Jelāl replied to his son: “Bahā’u-’d-Dīn! He cannot bear that
burden.” This was thrice repeated. Jelāl then remarked to his son:
“Bahā’u-’d-Dīn! A bucket, the water of which is enough for forty,
cannot be drained by one.”
Bahā made the reflection: “Had I not pressed the matter, I had
never heard this wonderful saying.”
43.
At another time, the Perwāna, through Bahā’u-’d-Dīn, requested
Jelāl to give a public lecture to all the men of science of the city, who
were desirous to hear him.
His answer was: “A tree laden with fruit, had its branches bowed
down to the earth therewith. At the time, doubts and gainsayings
prevented the gardeners from gathering and enjoying the fruit. The
tree has now raised its head to the skies, and beyond. Can they
hope, then, to pluck and eat of its fruit?”
44.
Again, the Perwāna requested Jelāl himself to instruct him and
give him counsel.
After a little reflection, Jelāl said: “I have heard that thou hast
committed the Qur’ān to memory. Is it so?” “I have.” “I have heard

Welcome to Our Bookstore - The Ultimate Destination for Book Lovers
Are you passionate about books and eager to explore new worlds of
knowledge? At our website, we offer a vast collection of books that
cater to every interest and age group. From classic literature to
specialized publications, self-help books, and children’s stories, we
have it all! Each book is a gateway to new adventures, helping you
expand your knowledge and nourish your soul
Experience Convenient and Enjoyable Book Shopping Our website is more
than just an online bookstore—it’s a bridge connecting readers to the
timeless values of culture and wisdom. With a sleek and user-friendly
interface and a smart search system, you can find your favorite books
quickly and easily. Enjoy special promotions, fast home delivery, and
a seamless shopping experience that saves you time and enhances your
love for reading.
Let us accompany you on the journey of exploring knowledge and
personal growth!
ebookgate.com

Windows Server 2003 best practices for enterprise deployments 1st Edition Danielle Ruest

More Related Content

Similar to Windows Server 2003 best practices for enterprise deployments 1st Edition Danielle Ruest (20)

Recently uploaded (20)

Windows Server 2003 best practices for enterprise deployments 1st Edition Danielle Ruest