You are on page 1of 41

EDN 122

ACTIVE DIRECTORY WINDOWS

INTRODUCTION TO ACTIVE DIRECTORY

CHAPTER 1

PREPARED BY:

RANJINI SHANMUGAM SCHOOL OF INFORMATION TECHNOLOGY
FACULTY OF ENGINEERING AND INFORMATION TECHNOLOGY

CHAPTER 1: Introduction to Active Directory

LEARNING OUTCOMES
TOPIC

At the end of this chapter, students will be able to:  Understand Active Directory Objects and Components  Understand Logical and Physical Structure

Slide 2 of 41

CHAPTER 1: Introduction to Active Directory

TOPIC OUTLINES

1.1 Active Directory Overview 1.1.1 AD Objects and Attributes 1.1.2 AD Definitions 1.1.3 Attributes 1.1.4 Classes

TOPIC

1.2 Active Directory Components 1.2.1 Logical Hierarchical Structure 1.2.2 Logical Structure 1.2.3 Use OUs to Handle Administrative Tasks 1.3 Domain Tree 1.3.1 Forest of Trees 1.3.2 Sites
1.4 Understanding Active Directory Concepts 1.4.1 Global Catalog is Central Repository 1.4.2 Key Directory Roles 1.4.3 Universal Group Membership 1.4.4 Global Catalog Servers 1.4.5 Directory Partitions

Slide 3 of 41

CHAPTER 1: Introduction to Active Directory

TOPIC OUTLINES

1.5 A Domain Controller Stores and Replicates 1.5.1 A Global Catalog Stores and Replicates 1.5.2 Replication Topology 1.5.3 Replication Within a Site 1.5.4 Replication Between Sites 1.6 Two Types of Trust Relationship 1.6.1 Implicit Two Way Transitive Trust 1.6.2 Explicit One Way Non Transitive Trust 1.7 DNS Namespace 1.7.1 Dynamic DNS 1.8 Domain Namespace 1.8.1 Types of Namespaces 1.8.2 Domain Namespaces Divided into Zones 1.8.3 Name Servers 1.9 Distinguished Names and Relative Distinguished Names 1.9.1 Distinguished Name(DN) 1.9.2 Relative Distinguished Name(RDN) 1.9.3 Globally Unique Identifier(GUID)

TOPIC

Slide 4 of 41

CHAPTER 1: Introduction to Active Directory 1.1 Active Directory Overview TOPIC Active Directory Objects Active Directory Components Logical Structures Physical Structure Slide 5 of 41 .

1 Active Directory Objects and Attributes TOPIC Slide 6 of 41 .CHAPTER 1: Introduction to Active Directory 1.1.

5. 3. databases. and security policies.1. An object is a distinct named set of attributes that represents a network resource. Attributes are characteristics of objects in the directory.2 Active Directory Definitions TOPIC 1. such as user data. groups. Objects are organized in classes. servers.CHAPTER 1: Introduction to Active Directory 1. printers. computers. 2. 4. are known as objects. Objects known as containers can contain other objects. Resources stored in the directory. which are logical groupings of objects. Slide 7 of 41 .

1.3 Attributes TOPIC Defined separately from classes Defined only once and can be used in multiple classes Store the information that describes the object Slide 8 of 41 .CHAPTER 1: Introduction to Active Directory 1.

Every object is an instance of an object class.4 Classes TOPIC Are collections of attributes. Describe the possible objects that can be created. Are also referred to as object classes.CHAPTER 1: Introduction to Active Directory 1. Slide 9 of 41 .1.

CHAPTER 1: Introduction to Active Directory 1.2 Active Directory Components TOPIC Logical Structure • Domains • Organizational units • Trees • Forests Physical Structure • Sites • Domain controllers Slide 10 of 41 .

2.1 Logical Hierarchical Structure TOPIC Slide 11 of 41 .CHAPTER 1: Introduction to Active Directory 1.

Grouping resources logically enables users and administrators to find resources by name rather than by physical location.2.2 Logical Structure TOPIC Resources should be organized in a logical structure that mirrors the logical structure of the organization. The network’s physical structure is transparent to users.CHAPTER 1: Introduction to Active Directory 1. Slide 12 of 41 .

CHAPTER 1: Introduction to Active Directory 1.3 Use OUs to Handle Administrative Tasks TOPIC Slide 13 of 41 .2.

3 Domain Tree TOPIC Members share the same root domain name Slide 14 of 41 .CHAPTER 1: Introduction to Active Directory 1.

1 Forest of Trees TOPIC More than one tree linked up together is called forest Slide 15 of 41 .CHAPTER 1: Introduction to Active Directory 1.3.

has the same boundaries as a LAN. 6. combine only those subnets that have fast. and reliable network connections with one another. Available bandwidth of 128 Kbps or greater is sufficient. When grouping subnets on the network. 5.2 Sites 1. inexpensive. Contain only computer objects and connection objects used to configure replication between sites.3. 4. 3. Combination of one or more IP subnets connected by a highly reliable and fast link to localize as much network traffic as possible.CHAPTER 1: Introduction to Active Directory 1. TOPIC Hub Site 2. Not a part of the namespace. Typically. Branch Office Slide 16 of 41 .

CHAPTER 1: Introduction to Active Directory 1.4 Understanding Active Directory Concepts TOPIC Global Catalog Replication Trust Relationships DNS Namespace Name Servers Naming Conventions Slide 17 of 41 .

4.1 Global Catalog is Central Repository TOPIC 1 2 3 Slide 18 of 41 .CHAPTER 1: Introduction to Active Directory 1.

Slide 19 of 41 .4.2 Key Directory Roles TOPIC Enables network logon by providing universal group membership information to a domain controller when a logon process is initiated. Enables finding directory information regardless of which domain in the forest actually contains the data.CHAPTER 1: Introduction to Active Directory 1.

CHAPTER 1: Introduction to Active Directory 1. the domain controller and the global catalog are the same server. the user is able to log on to the local computer only. the global catalog is the domain controller configured as such.3 Universal Group Membership TOPIC If only one domain controller exists in the domain. If a global catalog is not available when a user initiates a network logon process. If multiple domain controllers exist on the network.4. Slide 20 of 41 .

4. Every major site in the enterprise should have at least one global catalog server. Additional servers can provide quicker responses to user inquiries.4 Global Catalog Servers TOPIC 1. base the decision on the ability of the network structure to handle replication and query traffic. Slide 21 of 41 . as well as redundancy. When considering which domain controllers to designate as global catalog servers.4. 2.CHAPTER 1: Introduction to Active Directory 1. 3. The administrator can optionally configure any domain controller or designate additional domain controllers as global catalog servers.

Slide 22 of 41 . containing information such as domain structure or replication topology. • Domain-specific and not distributed to any other domains. • A subset of the properties for all objects in all domains is stored in the global catalog.4. • Describes all of the objects in a domain. • Common to all domains in the domain tree or forest.5 Directory Partitions TOPIC Schema Information Configuration Information Domain Data • Defines the objects that can be created in the directory and the attributes associated with those objects.CHAPTER 1: Introduction to Active Directory 1. • Describes the logical structure of the deployment.

5 A Domain Controller Stores and Replicates TOPIC 1. 4. 2.CHAPTER 1: Introduction to Active Directory 1. 3. All directory objects and properties for its domain. A subset of the properties of all objects in the domain (replicated to the global catalog). Slide 23 of 41 . Schema information for the domain tree or forest. Configuration information for all domains in the domain tree or forest.

Schema information for a forest. Slide 24 of 41 . Configuration information for all domains in a forest.5. All directory objects and all their properties for the domain in which the global catalog is located. 2.1 A Global Catalog Stores and Replicates TOPIC 1. 4.CHAPTER 1: Introduction to Active Directory 1. A subset of the properties for all directory objects in the forest (replicated between global catalog servers only). 3.

2 Replication Topology TOPIC Slide 25 of 41 .5.CHAPTER 1: Introduction to Active Directory 1.

5.3 Replication Within A Site 1. Active Directory reconfigures the topology to reflect the change. 5. Active Directory periodically analyzes the replication topology within a site to ensure that it is still efficient. Topology defines the path for directory updates to flow from one domain controller to another until all domain controllers receive the directory updates. TOPIC Slide 26 of 41 .CHAPTER 1: Introduction to Active Directory 1. Ring structure ensures that at least two replication paths exist from one domain controller to another. 3. 2. If a domain controller is added or removed from the network or a site. Active Directory automatically generates a topology for replication among domain controllers in the same domain using a ring structure. 4.

Slide 27 of 41 . 2. Active Directory must be customized to replicate information using site links to represent network connections. To ensure replication between sites. 3.4 Replication Between Sites TOPIC 1. Active Directory uses this information to determine which site link will be used to replicate information. cost of a site link. Active Directory uses the network connection information to generate connection objects that provide efficient replication and fault tolerance.5. Information is provided about the replication protocol used. times when the link is available for use. 4.CHAPTER 1: Introduction to Active Directory 1. and how often the link should be used.

CHAPTER 1: Introduction to Active Directory 1.6 Two Types of Trust Relationships TOPIC Slide 28 of 41 .

then Domain A trusts Domain C. Feature of the Kerberos authentication protocol. and Domain B trusts Domain C. If Domain A trusts Domain B.CHAPTER 1: Introduction to Active Directory 1.1 Implicit Two-Way Transitive Trust TOPIC Trust relationship between parent and child domains within a tree and between the top-level domains in a forest. Slide 29 of 41 .6. Established and maintained automatically.

This is the only form of trust possible with. II. Slide 30 of 41 . Bounded by the two domains in the trust relationship and does not flow to any other domains in the forest. 2. 3. III. I. A Windows 2003 domain and an MIT Kerberos V5 realm. A Microsoft Windows 2003 domain and a Windows NT domain.6. Trust relationship between domains that are not part of the same tree.CHAPTER 1: Introduction to Active Directory 1.2 Explicit One-Way Non Transitive Trust TOPIC 1. A Windows 2003 domain in one forest and a Windows 2003 domain in another forest.

a bounded area in which a name can be resolved.7 DNS Namespace TOPIC Active Directory is primarily a namespace.CHAPTER 1: Introduction to Active Directory 1. Private networks use DNS extensively to resolve computer names and to locate computers within their local networks and the Internet. The Active Directory namespace is based on the DNS naming scheme. Slide 31 of 41 . Name resolution is the process of translating a name into some object or information that the name represents.

such as WINS. Enables clients with dynamically assigned addresses to register directly with a server running the DNS service and update the DNS table dynamically. Slide 32 of 41 .1 Dynamic DNS (DDNS) TOPIC Windows 2003 domain names are also DNS names.CHAPTER 1: Introduction to Active Directory 1.7. Eliminates the need for other Internet naming services.

CHAPTER 1: Introduction to Active Directory 1.8 Domain Namespace TOPIC Slide 33 of 41 .

Slide 34 of 41 . • A tree is a contiguous namespace. Disjointed namespace • Names of a parent object and a child of the same parent object are not directly related to one another.CHAPTER 1: Introduction to Active Directory 1.1 Types of Namespaces TOPIC Contiguous namespace • The name of the child object in an object hierarchy always contains the name of the parent domain.8. • A forest is a disjointed namespace.

2 Domain Namespace Divided into Zones TOPIC Slide 35 of 41 .8.CHAPTER 1: Introduction to Active Directory 1.

2.3 Name Servers TOPIC 1. A DNS name server stores the zone database file. are performed on the server that contains the primary zone database file. 5. 4. Have authority for the domain namespace that the zone encompasses. Changes to a zone. such as adding domains or hosts. Slide 36 of 41 . Store data for one zone or multiple zones. 3. At least one name server must exist for a zone.CHAPTER 1: Introduction to Active Directory 1.8.

CHAPTER 1: Introduction to Active Directory 1.9 Distinguished Names and Relative Distinguished Names TOPIC Slide 37 of 41 .

1 Distinguished Name (DN) TOPIC Uniquely identifies an object and contains sufficient information for a client to retrieve the object from the directory.CHAPTER 1: Introduction to Active Directory 1. Slide 38 of 41 . Includes the name of the domain that holds the object. as well as the complete path through the container hierarchy to the object. Must be unique.9.

2 Relative Distinguished Name (RDN) TOPIC The part of the name that is an attribute of the object itself. but two objects with the same RDN cannot exist in the same OU. Objects with duplicate RDNs can exist in separate OUs because they have different DNs. Slide 39 of 41 .9. Duplicate RDNs are allowed for Active Directory objects.CHAPTER 1: Introduction to Active Directory 1.

 Objects can be moved from domain to domain.9.  Never changes. Slide 40 of 41 . even if the object is moved or renamed. and they will still have a unique identifier.3 Globally Unique Identifier (GUID) TOPIC  A 128-bit number that is guaranteed to be unique across all domains.  Assigned to an object when the object is created.CHAPTER 1: Introduction to Active Directory 1.  Applications can store the GUID of an object and use the GUID to retrieve that object regardless of its current DN.

CHAPTER 1: Introduction to Active Directory Class Activity-Explain the Terms Below TOPIC Trust Relationship Global Catalog Domain Objects Directory Partitions Slide 41 of 41 .