Lm vic vi Active Directory

Kin trc Active Directory

Cc c trng ca Active Directory c th c nhm theo cc phn sau:

- D liu trong Active Directory c nhm theo bc (hierarchically).
cc i tng c th c lu tr trong cc i tng cha khc.thay v c 1
danh sch ngi s dng ln c lp, nhng ngi s dng c th c
nhm vo trong mt th thng nht.1 th thng nht c th cha th thng
nht khc, v vy ta c th xy dng 1 cy.
- Active Directory s dng 1 multi-master replication .trong cc
domain window NT4 domain controler chnh, PDC, l ch.Trong window
2000 vi Active Directory mi domain controller,DC,l ch.nu PDC
trong winnt 4 domain b rt, khng ngi s dng no c th thay i

password;ngi qun tr ch c th cp nht ngi s dng khi PDC c

khi phc v chy.vi Active Directory , vic cp nht c th ng dng trn
bt k DC no.m hnh ny linh hot hn, v vic cp nht c th xy ra trn
nhng server khc nhau.khuyt im ca m hnh ny l vic sao chp phc
tp hn.
- Replication topology th linh hot, h tr vic sao chp trn cc
ng truyn chm trong WANs.cch d liu c sao chp c tinh chnh
bi ngi qun tr domain.
- Active Directory h tr cc tiu chun m.LDAP, Ligthweigth
Directory Access Protocol, l mt trong nhng tiu chun m c th c
dng truy nhp d liu trong Active Directory.LDAP l 1 chun internet
m c th c s dng truy nhp nhiu dch v th mc khc
nhau.LDAP API c th uc dng truy nhp Active Directory bng ngn
ng C.giao din lp trnh ca Microsoft cho dch v th mc l ADSI,
Active Directory Service Interface.iu ny tt nhin khng phi l 1
chun m.tri vi LDAP API, ADSI c kh nng truy nhp tt c c tnh
ca Active Directory,1 chun khc m c dng trong Active Directory l
Kerberos,m c dng cho vic xc nhn.dch v Window 2000 Kerberos
cng c th c dng xc nhn cc Client ca Unix.

- Vi Active Directory ta c th c 1 s bo mt tt ( fine-grained

security ).mi i tng lu tr trong Active Directory c th c 1 danh
sch iu khin truy nhp c kt hp m nh ngha ai c th lm g vi
i tng .
Cc i tng trong th mc c kiu.ngha l kiu trong 1 i tng c
nh ngha 1 cch chnh xc,khng thuc tnh no m khng c ch nh
c th c thm vo i tng. trong Schema, cc kiu i tng ging
nh l 1 phn ca i tng c nh ngha.cc thuc tnh c th l bt
buc hay tu chn
Khi nim Active Directory
Trc khi lp trnh Active Directory, ta cn bt u vi 1 s thut ng v
nh ngha c bn
i tng
Ta lu tr cc i tng trong Active Directory.mi i tng tham chiu
n th g nh l ngi s dng, my in, 1 chia s mng. cc i tng
c nhng thuc tnh bt buc hay tu chn m m t chng. v d thuc tnh
ca ngi s dng c th l tn, a ch email,s in thai...

Hnh sau 1 i tng cha gi l Wrox Press m cha vi i tng khc

nhau : 2 i tng s dng, 1 i tng hp ng , 1 i tng my in,v 1
tng nhm ngi s dng:

Schema
Mi i tng l 1 th hin ca 1 lp m c nh ngha trong Schema.
schema nh ngha cc kiu v t n lu tr trong cc i tng trong
Active attributeSchema. cc kiu ca i tng c nh ngha trong
classSchema,chi tit thuc tnh no l bt buc hoc tu chn m i tng
c,attributeSchema nh ngha 1 thuc tnh trng nh th no,v c php
c cho php trong 1 thuc tnh ch nh l g.
Ta c th nh ngha cc thuc tnh v cc kiu tu chn, v thm chng n
schema. tuy nhin cn bit rng 1 kiu schema mi c th khng bao gi
c b t Active Directory.c th nh du n khng hot ng cc i
tng tn ti ca kiu khng th b cc lp hay thuc tnh m c nh
ngha trong schema.ngi qun tr Win 2000 khng c quyn to ra 1

mc schema mi ,m cn phi c 1 ngi qun tr domain Win 2000 lm

vic ny.
Cu hnh
Bn cnh vic nh ngha cc i tng v cc lp m c lu nh l i
tng, cu hnh ca Active Directory c lu trong chnh Active
Directory.cu hnh ca Active Directory lu thng tin v tt c cc site, nh
l khong thi gian gia cc ln sao chp, c thit lp bi ngi qun tr
h thng. cu hnh c lu trong Active Directory , v th ta c th truy
nhp thng tin cu hnh ging nh l truy nhp tt c cc i tng khc
trong Active Directory.
Active Directory domain
1 domain l 1 ranh gii bo mt ca 1 mng windows.trong Active Directory
domain , cc i tng c lu tr theo 1 cu trc c th t.Active
Directory c to thnh t 1 hay nhiu domain.cu trc th t ca cc i
tng trong domain trnh by trong hnh bn di,m 1 domain c trnh
by bi 1 hnh tam gic.cc i tng cha nh l users, computers,books
c th lu cc i tng khc.mi hnh oval trong hnh ch 1 i tng.vi
cc dng k gia cc i tng trnh by mi quan h cha con. v d ,books

l cha ca .NET v Java, Pro C# ,Beg C# v ASP.NET l con ca i tng

.NET

Domain controller
1 domain n l c th c nhiu domain controller, mi cc lu tt c cc
i tng trong domain .khng c ci no lm ch, v tt c DC u bnh
ng nh nhau, ta c m hnh multi-master. cc i tng c sao chp
gia cc server bn trong domain
Site
1 site l 1 v tr trong mng m gi t nht 1 DC. nu ta c nhiu v tr trong
x nghip, m c kt ni trn ng truyn chm, ta c th dng nhiu site
trong 1 domain n.v l do sao lu hay kh nng co gin m mi site c th

c 1 hay nhiu DC ang chy. Vic sao chp gia cc server trong 1 site c
th xy ra trong cc khong thi gian ngn hn nu kt ni nhanh hn.Vic
sao chp c chnh xut hin vo khong thi gian ln hn gia cc
server bn kia site , tu thuc vo tc mng, tt nhin ngi qun tr c
th chnh iu ny.
Domain tree
Nhiu domain c th c kt ni bi mi quan h ng tin cy. nhng
domain ny chia s 1 schema chung , 1 cu hnh chung v 1 global catalog .
1 schema chung v 1 cu hnh chung ngha l 1 d liu c sao chp khp
cc domain.
Cy domain chia s cng lp v thuc tnh schema.cc i tng khng
c sao chp trn ton domain
Cc domain c kt ni theo dng cy domain. cc domain trong cy
domain c khng gian tn theo cu trc v lin h vi nhau. ngha l tn
domain ca domain con l tn ca domain con kt thm vi tn domain cha.
gia cc domain ,th giao thc Kerberos c thit lp.
V d , ta c domain gc wrox.com, m l cha ca india.wrox.com v
uk.wrox.com

Forest
Nhiu cy domain ni vi nhau dng chung schema, chung cu hnh,v 1
global catalog khng c khng gian tn gn kt nhau, c gi l rng.1
rng l 1 tp cy domain, 1 rng c dng nu cng ty c 1 cng ty con
nm 1 tn domain khc nn c s dng. ta ni asptoday.com c lp vi
domain wrox.com, nhng n c th c s qun l chung,v c th cho ngi
s dng t asptoday.com truy nhp vo cc ti nguyn t domain wrox.com.
Global catalog ( GC )
Vic tm kim 1 i tng c th phi dn tri ra nhiu domain.nu ta tm
1 i tng ngi dng vi 1 vi thuc tnh ta phi tm trn mi domain. bt
u vi wrox.com , sau n uk.wrox.com v india.wrox.com; nu ng
truyn chm ta phi tm kim trong 1 khong thi gian kh lu.
tm kim nhanh hn, tt c cc i tng c sao chp vo global
catalog.GC.GC c sao chp vo mi domain trong 1 rng.c t nht l 1
server trong mi domain gi 1 GC. v l do hiu sut ,ta c th c nhiu hn
1 GC server trong 1 domain.dng GC,vic tm kim 1 i tng c th tm
tt c cc i tng ch trn 1 server n.

GC l 1 vng cache ch c ca tt c cc i tng ,m ch c th s dng

trong tm kim; cc domain controller phi c cp nht.
Khng phi tt c cc thuc tnh u c lu trong GC. ta c th nh ngha
c hay khng 1 thuc tnh c lu vi 1 i tng. quyt nh ny tu
thuc vo vic n c hay c dng thng xuyn trong tm kim hay
khng. 1 hnh nh ca ngi s dng khng hu ch trong 1 GC.bi v ta s
khng bao gi tm 1 bc nh. s in thai th hu ch hn.ta cng c th
nh ngha 1 thuc tnh c lp ch mc truy vn nhanh hn.
Replecation ( s sao chp)
Active Directory dng kin trc multi-master server. vic cp nht c th
v s xy ra i vi mi domain controller trong domain.Replication
latency nh ngha khong thi gian 1 ln cp nht c thi hnh.
- Thng bo thay i kh nng cu hnh xy ra, mc nh l mi 5 pht
bn trong 1 site nu vi thuc tnh thay i.DC ni 1 thay i xut hin
thng bo n 1 server sau cc server khc trong mi 30 giy,v th DC th
t c th nhn thng bo thay i sau 7 pht.thi gian thng bo thay i,
mc nh, xuyn sut cc site c thit lp l 180 pht.

- Nu khng c thay i, sao chp xut hin mi 60 pht bn trong 1

site.iu ny m bo khng 1 thng bo thay i no b b st.
Trong 1 sao chp ch c nhng thay i c sao chp n DC.vi mi thay
i ca 1 thuc tnh , 1 bn s ( USN,cp nht s lin tp) v tem thi gian
c ghi li.iu ny c s dng gip cho vic gii quyt xung t nu
cp nht xy ra i vi cng 1 thuc tnh trn nhng server khc nhau.
V d : s in thai ca John Doe c s USN 47. gi tr ny c sao chp
n tt c cc DC.1 ngi qun tr h thng thay i s in thoi. vic thay
i xut hin trn server DC1. s USN mi ca thuc tnh ny trn server
DC1 l 48,trong khi cc DC khc vn gi s 47. nu ai vn ang c
thuc tnh ny, gi tr c c th c c cho n khi vic sao chp n tt
c cc domain controller xy ra.
By gi nu 1 ngi qun tr khc thay i thuc tnh s in thai v y
1 DC khc c chn bi v ngi qun tr nhn 1 p ng nhanh hn t
server DC2. USN ca thuc tnh ny trn server DC2 cng thay i thnh
48.
Vo khong th gian thng bo,thng bo xy ra bi v USN ca thuc tnh
thay i.v ln cui cng vic sao chp xut hin l vi 1 USN c gi tr 47.

c ch sao chp thm d thy server DC1 v DC2 u c USN ca thuc

tnh ny l 48. server no thng khng quan trng,nhng s c 1 server
thng. gii quyt xung t ny tem thi gian c dng.bi v thay i
xy ra sau trn DC2 nn gi tr c lu trong domain controller DC2 s
c sao chp.
c tnh ca d liu trong Active Directory
Active Directory khng thay th 1c s d liu quan h hay Registry nhng loi d liu no ta s lu trong ?
- Ta c d liu c cu trc (hierarchical data ) trong Active Directory.
ta c th c cc i tng cha m lu nhng i tng cha khc v cng
l cc i tng.
- D liu nn c s dng dng read-mostly. bi vic sao chp xut
hin vo cc khng thi gian c nh,ta khng th chc rng ta s c d liu
c cp nht cha. trong ng dng ta phi nhn ra rng thng tin ta c c
th khng phi l thng tin mi nht.
- D liu nn l global i vi enterprise, iu ny bi v vic thm 1
kiu d liu mi n schema s sao chp n tt c cc server trong
enterprise. i vi cc kiu d liu m ch c quan tm bi 1 s nh ngi

dng , ngi qun tr domain enterprise s khng thng xuyn ci t cc

kiu schema mi.
- D liu c lu tr phi c kch thc hp l bi vn sao chp.
nu d liu l 100k,s tt nu n c lu trong Active Directory v ch
thay i 1 ln 1 tun . tuy nhin nu d liu thay i hng gi, th kch thc
ny l qu ln. phi lun ngh n vic sao chp trn nhiu server khc
nhau.nu c d liu ln th c th ch lu lin kt ca n vo Active
Directory, v cha d liu trong ni khc.
Schema
Schema nh ngha cc kiu ca cc i tng, thuc tnh bt buc hay tu
chn, v c php v rng buc trn cc thuc tnh.trong schema phn bit
gia i tng lp schema v thuc tnh Schema.1 lp l tp hp cc thuc
tnh .vi cc lp , k tha n c h tr.nh ta thy trong biu lp sau ,
lp user dn xut t lp organizationalPerson,organizationalPerson l lp
con ca person ,v lp c s l top. lp schema m nh ngha 1 lp m t
cc thuc tnh vi thuc tnh systemMayContain.
Trong lp gc top ta c th thy mi i tng c th c chung thuc tnh
tn ( cn ),displayname, objectGUID, whenChanged, v whenCreated. lp

person dn xut t top.1 i tng person cng c 1 userPassword v 1

telephonenumber. OrganizationalPerson dn xut t person. thm vo
thuc tnh ca person c manager,department v company; 1 user c cc
thuc tnh thm cn ng nhp vo h thng.