Lm vic vi Active Directory

Kin trc Active Directory

Cc c trng ca Active Directory c th c nhm theo cc phn sau: - D liu trong Active Directory c nhm theo bc (hierarchically). cc i tng c th c lu tr trong cc i tng cha khc.thay v c 1 danh sch ngi s dng ln c lp, nhng ngi s dng c th c nhm vo trong mt th thng nht.1 th thng nht c th cha th thng nht khc, v vy ta c th xy dng 1 cy. - Active Directory s dng 1 multi-master replication .trong cc domain window NT4 domain controler chnh, PDC, l ch.Trong window 2000 vi Active Directory mi domain controller,DC,l ch.nu PDC trong winnt 4 domain b rt, khng ngi s dng no c th thay i

password;ngi qun tr ch c th cp nht ngi s dng khi PDC c khi phc v chy.vi Active Directory , vic cp nht c th ng dng trn bt k DC no.m hnh ny linh hot hn, v vic cp nht c th xy ra trn nhng server khc nhau.khuyt im ca m hnh ny l vic sao chp phc tp hn. - Replication topology th linh hot, h tr vic sao chp trn cc ng truyn chm trong WANs.cch d liu c sao chp c tinh chnh bi ngi qun tr domain. - Active Directory h tr cc tiu chun m.LDAP, Ligthweigth Directory Access Protocol, l mt trong nhng tiu chun m c th c dng truy nhp d liu trong Active Directory.LDAP l 1 chun internet m c th c s dng truy nhp nhiu dch v th mc khc nhau.LDAP API c th uc dng truy nhp Active Directory bng ngn ng C.giao din lp trnh ca Microsoft cho dch v th mc l ADSI, Active Directory Service Interface.iu ny tt nhin khng phi l 1 chun m.tri vi LDAP API, ADSI c kh nng truy nhp tt c c tnh ca Active Directory,1 chun khc m c dng trong Active Directory l Kerberos,m c dng cho vic xc nhn.dch v Window 2000 Kerberos cng c th c dng xc nhn cc Client ca Unix.

- Vi Active Directory ta c th c 1 s bo mt tt ( fine-grained security ).mi i tng lu tr trong Active Directory c th c 1 danh sch iu khin truy nhp c kt hp m nh ngha ai c th lm g vi i tng . Cc i tng trong th mc c kiu.ngha l kiu trong 1 i tng c nh ngha 1 cch chnh xc,khng thuc tnh no m khng c ch nh c th c thm vo i tng. trong Schema, cc kiu i tng ging nh l 1 phn ca i tng c nh ngha.cc thuc tnh c th l bt buc hay tu chn Khi nim Active Directory Trc khi lp trnh Active Directory, ta cn bt u vi 1 s thut ng v nh ngha c bn i tng Ta lu tr cc i tng trong Active Directory.mi i tng tham chiu n th g nh l ngi s dng, my in, 1 chia s mng. cc i tng c nhng thuc tnh bt buc hay tu chn m m t chng. v d thuc tnh ca ngi s dng c th l tn, a ch email,s in thai...

Hnh sau 1 i tng cha gi l Wrox Press m cha vi i tng khc nhau : 2 i tng s dng, 1 i tng hp ng , 1 i tng my in,v 1 tng nhm ngi s dng:

Schema Mi i tng l 1 th hin ca 1 lp m c nh ngha trong Schema. schema nh ngha cc kiu v t n lu tr trong cc i tng trong Active attributeSchema. cc kiu ca i tng c nh ngha trong classSchema,chi tit thuc tnh no l bt buc hoc tu chn m i tng c,attributeSchema nh ngha 1 thuc tnh trng nh th no,v c php c cho php trong 1 thuc tnh ch nh l g. Ta c th nh ngha cc thuc tnh v cc kiu tu chn, v thm chng n schema. tuy nhin cn bit rng 1 kiu schema mi c th khng bao gi c b t Active Directory.c th nh du n khng hot ng cc i tng tn ti ca kiu khng th b cc lp hay thuc tnh m c nh ngha trong schema.ngi qun tr Win 2000 khng c quyn to ra 1

mc schema mi ,m cn phi c 1 ngi qun tr domain Win 2000 lm vic ny. Cu hnh Bn cnh vic nh ngha cc i tng v cc lp m c lu nh l i tng, cu hnh ca Active Directory c lu trong chnh Active Directory.cu hnh ca Active Directory lu thng tin v tt c cc site, nh l khong thi gian gia cc ln sao chp, c thit lp bi ngi qun tr h thng. cu hnh c lu trong Active Directory , v th ta c th truy nhp thng tin cu hnh ging nh l truy nhp tt c cc i tng khc trong Active Directory. Active Directory domain 1 domain l 1 ranh gii bo mt ca 1 mng windows.trong Active Directory domain , cc i tng c lu tr theo 1 cu trc c th t.Active Directory c to thnh t 1 hay nhiu domain.cu trc th t ca cc i tng trong domain trnh by trong hnh bn di,m 1 domain c trnh by bi 1 hnh tam gic.cc i tng cha nh l users, computers,books c th lu cc i tng khc.mi hnh oval trong hnh ch 1 i tng.vi cc dng k gia cc i tng trnh by mi quan h cha con. v d ,books

l cha ca .NET v Java, Pro C# ,Beg C# v ASP.NET l con c a i tng .NET

Domain controller 1 domain n l c th c nhiu domain controller, mi cc lu tt c cc i tng trong domain .khng c ci no lm ch, v tt c DC u bnh ng nh nhau, ta c m hnh multi-master. cc i tng c sao chp gia cc server bn trong domain Site 1 site l 1 v tr trong mng m gi t nht 1 DC. nu ta c nhiu v tr trong x nghip, m c kt ni trn ng truyn chm, ta c th dng nhiu site trong 1 domain n.v l do sao lu hay kh nng co gin m mi site c th

c 1 hay nhiu DC ang chy. Vic sao chp gia cc server trong 1 site c th xy ra trong cc khong thi gian ngn hn nu kt ni nhanh hn.Vic sao chp c chnh xut hin vo khong thi gian ln hn gia cc server bn kia site , tu thuc vo tc mng, tt nhin ngi qun tr c th chnh iu ny. Domain tree Nhiu domain c th c kt ni bi mi quan h ng tin cy. nhng domain ny chia s 1 schema chung , 1 cu hnh chung v 1 global catalog . 1 schema chung v 1 cu hnh chung ngha l 1 d liu c sao chp khp cc domain. Cy domain chia s cng lp v thuc tnh schema.cc i tng khng c sao chp trn ton domain Cc domain c kt ni theo dng cy domain. cc domain trong cy domain c khng gian tn theo cu trc v lin h vi nhau. ngha l tn domain ca domain con l tn ca domain con kt thm vi tn domain cha. gia cc domain ,th giao thc Kerberos c thit lp. V d , ta c domain gc wrox.com, m l cha ca india.wrox.com v uk.wrox.com

Forest Nhiu cy domain ni vi nhau dng chung schema, chung cu hnh,v 1 global catalog khng c khng gian tn gn kt nhau, c gi l rng.1 rng l 1 tp cy domain, 1 rng c dng nu cng ty c 1 cng ty con nm 1 tn domain khc nn c s dng. ta ni asptoday.com c lp vi domain wrox.com, nhng n c th c s qun l chung,v c th cho ngi s dng t asptoday.com truy nhp vo cc ti nguyn t domain wrox.com. Global catalog ( GC ) Vic tm kim 1 i tng c th phi dn tri ra nhiu domain.nu ta tm 1 i tng ngi dng vi 1 vi thuc tnh ta phi tm trn mi domain. bt u vi wrox.com , sau n uk.wrox.com v india.wrox.com; nu ng truyn chm ta phi tm kim trong 1 khong thi gian kh lu. tm kim nhanh hn, tt c cc i tng c sao chp vo global catalog.GC.GC c sao chp vo mi domain trong 1 rng.c t nht l 1 server trong mi domain gi 1 GC. v l do hiu sut ,ta c th c nhiu hn 1 GC server trong 1 domain.dng GC,vic tm kim 1 i tng c th tm tt c cc i tng ch trn 1 server n.

GC l 1 vng cache ch c ca tt c cc i tng ,m ch c th s dng trong tm kim; cc domain controller phi c cp nht. Khng phi tt c cc thuc tnh u c lu trong GC. ta c th nh ngha c hay khng 1 thuc tnh c lu vi 1 i tng. quyt nh ny tu thuc vo vic n c hay c dng thng xuyn trong tm kim hay khng. 1 hnh nh ca ngi s dng khng hu ch trong 1 GC.bi v ta s khng bao gi tm 1 bc nh. s in thai th hu ch hn.ta cng c th nh ngha 1 thuc tnh c lp ch mc truy vn nhanh hn. Replecation ( s sao chp) Active Directory dng kin trc multi-master server. vic cp nht c th v s xy ra i vi mi domain controller trong domain.Replication latency nh ngha khong thi gian 1 ln cp nht c thi hnh. - Thng bo thay i kh nng cu hnh xy ra, mc nh l mi 5 pht bn trong 1 site nu vi thuc tnh thay i.DC ni 1 thay i xut hin thng bo n 1 server sau cc server khc trong mi 30 giy,v th DC th t c th nhn thng bo thay i sau 7 pht.thi gian thng bo thay i, mc nh, xuyn sut cc site c thit lp l 180 pht.

- Nu khng c thay i, sao chp xut hin mi 60 pht bn trong 1 site.iu ny m bo khng 1 thng bo thay i no b b st. Trong 1 sao chp ch c nhng thay i c sao chp n DC.vi mi thay i ca 1 thuc tnh , 1 bn s ( USN,cp nht s lin tp) v tem thi gian c ghi li.iu ny c s dng gip cho vic gii quyt xung t nu cp nht xy ra i vi cng 1 thuc tnh trn nhng server khc nhau. V d : s in thai ca John Doe c s USN 47. gi tr ny c sao chp n tt c cc DC.1 ngi qun tr h thng thay i s in thoi. vic thay i xut hin trn server DC1. s USN mi ca thuc tnh ny trn server DC1 l 48,trong khi cc DC khc vn gi s 47. nu ai vn ang c thuc tnh ny, gi tr c c th c c cho n khi vic sao chp n tt c cc domain controller xy ra. By gi nu 1 ngi qun tr khc thay i thuc tnh s in thai v y 1 DC khc c chn bi v ngi qun tr nhn 1 p ng nhanh hn t server DC2. USN ca thuc tnh ny trn server DC2 cng thay i thnh 48. Vo khong th gian thng bo,thng bo xy ra bi v USN ca thuc tnh thay i.v ln cui cng vic sao chp xut hin l vi 1 USN c gi tr 47.

c ch sao chp thm d thy server DC1 v DC2 u c USN ca thuc tnh ny l 48. server no thng khng quan trng,nhng s c 1 server thng. gii quyt xung t ny tem thi gian c dng.bi v thay i xy ra sau trn DC2 nn gi tr c lu trong domain controller DC2 s c sao chp. c tnh ca d liu trong Active Directory Active Directory khng thay th 1c s d liu quan h hay Registry nhng loi d liu no ta s lu trong ? - Ta c d liu c cu trc (hierarchical data ) trong Active Directory. ta c th c cc i tng cha m lu nhng i tng cha khc v cng l cc i tng. - D liu nn c s dng dng read-mostly. bi vic sao chp xut hin vo cc khng thi gian c nh,ta khng th chc rng ta s c d liu c cp nht cha. trong ng dng ta phi nhn ra rng thng tin ta c c th khng phi l thng tin mi nht. - D liu nn l global i vi enterprise, iu ny bi v vic thm 1 kiu d liu mi n schema s sao chp n tt c cc server trong enterprise. i vi cc kiu d liu m ch c quan tm bi 1 s nh ngi

dng , ngi qun tr domain enterprise s khng thng xuyn ci t cc kiu schema mi. - D liu c lu tr phi c kch thc hp l bi vn sao chp. nu d liu l 100k,s tt nu n c lu trong Active Directory v ch thay i 1 ln 1 tun . tuy nhin nu d liu thay i hng gi, th kch thc ny l qu ln. phi lun ngh n vic sao chp trn nhiu server khc nhau.nu c d liu ln th c th ch lu lin kt ca n vo Active Directory, v cha d liu trong ni khc. Schema Schema nh ngha cc kiu ca cc i tng, thuc tnh bt buc hay tu chn, v c php v rng buc trn cc thuc tnh.trong schema phn bit gia i tng lp schema v thuc tnh Schema.1 lp l tp hp cc thuc tnh .vi cc lp , k tha n c h tr.nh ta thy trong biu lp sau , lp user dn xut t lp organizationalPerson,organizationalPerson l lp con ca person ,v lp c s l top. lp schema m nh ngha 1 lp m t cc thuc tnh vi thuc tnh systemMayContain. Trong lp gc top ta c th thy mi i tng c th c chung thuc tnh tn ( cn ),displayname, objectGUID, whenChanged, v whenCreated. lp

person dn xut t top.1 i tng person cng c 1 userPassword v 1 telephonenumber. OrganizationalPerson dn xut t person. thm vo thuc tnh ca person c manager,department v company; 1 user c cc thuc tnh thm cn ng nhp vo h thng.