Scribd Logo
Upload

Welcome to Scribd!

  • 886428-Week11-Active Directory

    Uploaded by

    Joel Geronimo
    22 views35 pages

    Original Title

    886428-week11-active directory.ppt

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views35 pages

    886428-Week11-Active Directory

    Uploaded by

    Joel Geronimo

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 35

    Module 1:

    Introduction to
    Active Directory
    Overview

    Introduction to Active Directory


    Active Directory Logical Structure
    Role of DNS in Active Directory
    Active Directory Physical Structure
    Methods for Administering a Windows
    2000 Network
    Introduction to Active Directory

    What Is Active Directory?


    Active Directory Objects
    Active Directory Schema
    Lightweight Directory Access Protocol
    (LDAP)
    What Is Active Directory?

    Directory
    Directory Service
    Service Centralized
    Centralized Management
    Management
    Functionality
    Functionality

     Organize
     Organize  Single
     Single point
    point of
    of administration
    administration
     Manage
     Manage Resources
    Resources  Full
     Full user
    user access
    access to
    to directory
    directory resources
    resources
     Control
     Control by
    by aa single
    single logon
    logon
    Active Directory Objects
    Active
    Active Directory
    Directory
    Objects
    Objects
    Printers
    Attributes
    Attributes
    Printer1
    Printer
    Printer Name
    Name
    Printer2
    Printer
    Printer Location
    Location
    Printers
    Printers
    Printer3 Attribute
    Attribute
    Value
    Value
    Users
    Attributes
    Attributes
    First
    First Name
    Name Don Hall
    Last
    Last Name
    Name Suzan Fine
    Users
    Users Logon
    Logon Name
    Name

    Objects Represent Network Resources


    Attributes Store Information About an
    Object
    Active Directory Schema
    Active Directory Schema Is:
    Objects
    Objects  Dynamically Available
    Class
    Class Examples
    Examples  Dynamically Updateable
     Protected by DACLs

    Attribute
    Attribute
    Examples
    Examples
    Computers
    Computers
    Attributes
    Attributes of
    of Users
    Users List
    List of
    of Attributes
    Attributes
    Might
    Might Contain:
    Contain:
    accountExpires
    accountExpires accountExpires
    accountExpires
    department
    department department
    department
    Users distinguishedName
    distinguishedName distinguishedName
    distinguishedName
    Users directReports
    middleName
    middleName directReports
    dNSHostName
    dNSHostName
    operatingSystem
    operatingSystem
    repsFrom
    repsFrom
    repsTo
    repsTo
    Printers
    Printers middleName
    middleName
    ……
    DNS and Active Directory
    Namespaces
    DNS Namespace
    Internet

    “.” (DNS root domain)

    com.
    Active Directory Namespace

    microsoft microsoft.com

    training
    sales
    training. microsoft.com

    computer1 sales. microsoft.com

    = DNS node (domain or computer) = Active Directory domain


    Lightweight Directory Access
    Protocol (LDAP)

    LDAP Provides a Way to


    Communicate with Active Directory
    by Specifying Unique Naming
    Paths for Each Object in the
    Directory
    LDAP Naming Paths Include:
     Distinguished names
    CN=Suzan
    Suzan Fine,OU=Sales,DC=contoso,DC=msft
    Fine

     Relative distinguished names


    Active Directory Logical
    Structure
    Domains
    Organizational Units
    Trees and Forests
    Global Catalog
    Domains
    A Domain Is a Security Boundary
     A domain administrator can administer
    only within the domain, unless
    explicitly granted administration rights
    in other domains
    A Domain Is a Unit of Replication
     Domain controllers in a domain
    participate in replication and contain a
    complete copy of the directory
    information for their domain

    r1 Replication
    Replication r1
    Use Use
    r2 r2
    Use Use

    Windows
    Windows2000
    2000
    Organizational Units
    Network
    Network Administrative
    Administrative Model
    Model Organizational Structure

    Sales Vancouver

    Users Sales
    Computers Repair

    Use OUs to Group Objects into a Logical


    Hierarchy That Best Suits the Needs of
    Your Organization
    Delegate Administrative Control over the
    Objects Within an OU by Assigning
    Specific Permissions to Users and Groups
    Trees and Forests

    (root)
    Two-Way
    Two-Way Transitive
    Transitive Trust

    contoso.msft
    contoso.msft
    Forest
    Tree
    asia.
    asia. au.
    au.
    nwtraders.msft
    nwtraders.msft contoso.msft
    contoso.msft contoso.msft
    contoso.msft
    Two-Way
    Two-Way Transitive
    Transitive Trusts
    Trusts
    Tree

    asia.
    asia. au.
    au.
    nwtraders.msft
    nwtraders.msft nwtraders.msft
    nwtraders.msft
    Global Catalog
    Subset
    Subset ofof the
    the
    Attributes
    Attributes of
    of All
    All
    Objects Domain
    Objects

    Domain
    Domain Domain

    Domain Domain
    Global
    Global Catalog
    Catalog

    Queries
    Queries

    Group
    Group membership
    membership
    when
    when user
    user logs
    logs on
    on
    Global Catalog Server
    Introduction to the Role of DNS
    in Active Directory
     Name Resolution
     DNS translates computer names to IP addresses
     Computers use DNS to locate each other on the
    network
     Naming Convention for Windows 2000 Domains
     Windows 2000 uses DNS naming standards for
    domain names
     DNS domains and Active Directory domains share a
    common hierarchical naming structure
     Locating the Physical Components of Active
    Directory
     DNS identifies domain controllers by the services they
    provide
     Computers use DNS to locate domain controllers and
    global catalog servers
    DNS Host Names and Windows
    2000 Computer Names
     DNS host record and Active Directory object
    “.” represent the same physical computer
     DNS allows computers to locate domain
    com. controllers within Active Directory

    Active Directory
    microsoft
    training.microsoft.com
    sales training
    Builtin
    Computers
    computer1
    computer1 Computer1
    Computer2

    FQDN
    FQDN==computer1.training.microsoft.com
    computer1.training.microsoft.com
    Windows
    Windows2000
    2000Computer
    ComputerNameName==Computer1
    Computer1
    DNS Requirements for Active
    Directory

    DNS
    DNS Requirements
    Requirements to
    to Support
    Support Active
    Active Directory
    Directory

    Support for SRV records (mandatory)

    Support for the dynamic update protocol


    (recommended)

    Support for incremental zone transfers


    (recommended)
    What Is a Tree?
    Tree Root Domain

    Parent
    Parent
    Parent Domain
    contoso.msft

    Child
    Child
    Child Domain
    sales.contoso.msft
    Contiguous Namespace
    sales.contoso.msft New
    Domain
    What Is the Forest Root
    Domain?
     The Forest Root Domain Is Forest Root Domain
    the First Domain Created
    in a Forest Global Catalog

    Forest
    Configuration
    Tree Root Domain and Schema

    nwtraders.msft
    nwtraders.msft Tree
    Tree Enterprise Admins
    contoso.msft
    contoso.msft
    marketing.nwtraders.msft Schema Admins sales.contoso.msft
    Characteristics of Multiple
    Domains

    Reduce Replication Traffic

    Maintain Separate and Distinct


    Security Policies Between Domains

    Preserve the Domain Structure of


    Earlier Versions of Windows NT

    Separate Administrative Control


    Active Directory Physical
    Structure
    Domain Controllers
    Sites
    Domain Controllers
    Domain Controllers:
    Participate in Active Directory replication
    Perform single master operations roles in a domain

    r1 Replication r1
    Use Replication Use
    r2 r2
    Use Use
    Domain Domain
    Controller Controller
    Domain
    Domain

    = A Writeable Copy of the Active Directory Database


    Sites
    Seattle
    New York
    Chicago

    Los Angeles

    IP subnet
    Site
    IP subnet
    Sites:
     Optimize replication traffic
     Enable users to log on to a domain controller
    by using a reliable, high-speed connection
    Introduction to Active Directory
    Replication
    Multimaster Replication with a Domain
    Loose Convergence Controller B

    Replication

    Domain
    Controller A

    Domain
    Controller C
    Replication Components and
    Processes
    How Replication Works
    Replication Latency
    Resolving Replication Conflicts
    Optimizing Replication
    How Replication Works
    Active Directory
    Update
     Add  Move Domain
    Controller B
     Modify  Delete
    Replicated Update

    Originating Update Replication

    Domain
    Controller A
    Domain Replicated Update
    Controller C
    Replication Latency
     Default Replication Latency (Change Notification) = 5 minutes
     When No Changes, Scheduled Replication = One Hour
     Urgent Replication = Immediate Change
    Notification

    Replicated Update
    Change Notification
    Domain
    Controller B
    Originating Update
    Replication

    Domain
    Controller A
    Change Notification
    Replicated Update
    Domain Controller C
    Resolving Replication Conflicts
    Domain Controller A Domain Controller B
    Stamp Stamp
    Originating Update Originating Update

    Conflict Conflict

    Stamp

    Version Number Timestamp Server GUID

    Conflicts Can Be Due to:


     Attribute Value

     Adding/Moving Under a Deleted Container Object


    or the Deletion of a Container Object
     Sibling Name
    Replication Topology

    Directory Partitions
    What Is Replication Topology?
    Global Catalog and Replication of
    Partitions
    Directory Partitions
    Directory
    Partitions

    Contains
    Contains definitions
    definitions and
    and rules
    rules for
    for creating
    creating
    and
    and manipulating
    manipulating all
    all objects
    objects and
    and
    Schema attributes
    attributes
    Forest
    Contains
    Contains information
    information about
    about Active
    Active
    Directory
    Directory structure
    structure
    Configuration
    Holds
    Holds information
    information about
    about all
    all domain-
    domain-
    Domain specific
    specific objects
    objects created
    created inin Active
    Active
    contoso.msft Directory
    Directory

    Active Directory
    Database
    What Is Replication Topology?
    A1 A2 B2

    B1

    A3 A4 B3

    DomainControllers
    Domain Controllers
    from
    from Different
    the SameDomains
    Domains Domain
    Domain AA Topology
    Topology
    Domain
    Domain AA Topology
    Topology
    Domain
    Domain BB Topology
    Topology
    Schema/Configuration
    Schema/Configuration Topology
    Topology
    Schema/Configuration
    Schema/Configuration Topology
    Topology
    What Is Replication Topology?
    A1 A2 B2

    B1

    A3 A4 B3

    DomainControllers
    Domain Controllers
    fromDifferent
    from the Same Domains
    Domains Domain
    Domain AA Topology
    Topology
    Domain
    Domain AA Topology
    Topology
    Domain
    Domain BB Topology
    Topology
    Schema/Configuration
    Schema/Configuration Topology
    Topology
    Schema/Configuration
    Schema/Configuration Topology
    Topology
    Using Active Directory for
    Centralized Management
    Domain
    OU1
    Search
    Computers
    Domain
    Domain Computer1
    OU1 OU2
    Users
    User1
    OU2
    Users
    User1 Computer1 User2 Printer1
    User2
    Printers
    Active Directory: Printer1

     Enables a single administrator to centrally manage


    resources
     Allows administrators to easily locate information
     Allows administrators to group objects into OUs
     Uses Group Policy to specify policy-based settings
    Managing the User
    Environment
    12 Domain
    Domain
    3 OU1 OU2 OU3
    Apply
    Apply Group
    Policy
    Group Windows
    Windows 2000
    2000 1 2 3
    Policy Once
    Once Enforces
    Enforces Continually
    Continually

    Use Group Policy to:


     Control and lock down what users can do
     Centrallymanage software installation,
    repairs, updates,
    and removal
     Configureuser data to follow users whether
    they are online or offline
    Delegating Administrative
    Control
    Domain

    OU1
    Admin1

    OU2
    Assign Permissions:
    Admin2
     For specific OUs to other
    administrators OU3
     To modify specific attributes of Admin3
    an object in a single OU
     To perform the same task in all OUs

    Customize Administrative Tools to:


     Map to delegated administrative tasks
     Simplify interface design
    Review

    Introduction to Active Directory


    Active Directory Logical Structure
    Role of DNS in Active Directory
    Active Directory Physical Structure
    Methods for Administering a Windows
    2000 Network

    You might also like