Professional Documents
Culture Documents
Implementing Active Directory
Implementing Active Directory
Lesson 2
Directory
Skills Matrix
Technology Skill
Objective Domain
Objective #
Configure a forest or a
domain
2.1
Establishing and
Maintaining Trust
Relationships
Configure trusts
2.2
Configuring Active
Directory Lightweight
Directory Services
Configure Active
Directory Lightweight
Directory Services (AD
LDS)
3.1
Configuring a Read-Only
Domain Controller
3.3
Server Manager
Located in Administrative Tools.
Can also be accessed by right-clicking
My Computer and selecting Manage.
Server Manager
Post-Installation Tasks
Upon completion of the Active
Directory installation, you should
verify a number of items:
Application directory partition
creation.
Aging and scavenging for zones.
Forward lookup zones and SRV
records.
Reverse lookup zones.
Application Partitions
DNS Records
Make sure Forward Lookup zone is
created.
Make sure Host (A) record is created for
your server.
Make sure DNS domains are created:
_msdcs
_sites
_tcp
_udp
DNS Records
Trust Relationship
Trust relationships exist to make
resource accessibility easier between
domains and forests.
Many trust relationships are established
by default during the creation of the
Active Directory forest structure.
Trust relationships can be created using
the Active Directory Domains and Trusts
from the Administrative Tools folder.
Trust Relationships
Four trust types can be manually established in
Windows Server 2008:
Shortcut trusts - Used to shorten the treewalking process for users who require frequent
access to resources elsewhere in the forest.
Cross-forest trusts - Allows you to create twoway transitive trusts between separate forests.
External trusts - Used to configure a one-way
non-transitive trust.
Realm trusts - Allows you to configure trust
relationships between Windows Server 2008
Active Directory and a UNIX MIT Kerberos realm.
Summary
Active Directory requires DNS to be
installed. DNS does not have to be
installed on a Windows Server 2003
machine, but the version of DNS used
does need to support SRV records for
Active Directory to function.
Planning the forest and domain structure
should include a checklist that can be
referenced for dialog information required
by the Active Directory Installation Wizard.
Summary
Verification of a solid Active Directory
installation includes verifying DNS zones and
the creation of SRV records.
Additional items, such as reverse lookups,
aging, and scavenging, also should be
configured.
Summary
System classes of the schema cannot be
modified, but additional classes can be
added. Classes and attributes cannot be
deleted, but they can be deactivated.
Planning forest and domain functionality
is dependent on the need for down-level
operating system compatibility.
Raising a forest or domain functional level
is a procedure that cannot be reversed.
Summary
Four types of manual trusts can be
created: shortcut, external, crossforest, and realm trusts.
Manual trusts can be created by
using Active Directory Domains and
Trusts or netdom at a command line.
Summary
UPNs provide a mechanism to make
access to resources in multiple
domains user-friendly.
UPNs follow a naming format similar
to email addresses.
You must be a member of the
Enterprise Admins group to add
additional suffixes that can be
assigned at user object creation.