1 / 35

Module 1: Introduction to Active Directory

Module 1: Introduction to Active Directory. Overview. Introduction to Active Directory Active Directory Logical Structure Role of DNS in Active Directory Active Directory Physical Structure Methods for Administering a Windows 2000 Network. Introduction to Active Directory.

ronaldanderson
Download Presentation

Module 1: Introduction to Active Directory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 1: Introduction to Active Directory

  2. Overview • Introduction to Active Directory • Active Directory Logical Structure • Role of DNS in Active Directory • Active Directory Physical Structure • Methods for Administering a Windows 2000 Network

  3. Introduction to Active Directory • What Is Active Directory? • Active Directory Objects • Active Directory Schema • Lightweight Directory Access Protocol (LDAP)

  4. What Is Active Directory? Directory Service Functionality Centralized Management • Organize • Manage • Control • Single point of administration • Full user access to directory resources by a single logon Resources

  5. Objects Active Directory Printers Printer1 Attributes Printer Name Printer Location Printer2 Printers Printer3 Attribute Value Users Attributes Don Hall First Name Last Name Logon Name Suzan Fine Users Active Directory Objects • Objects Represent Network Resources • Attributes Store Information About an Object

  6. Active Directory Schema Objects Class Examples Active Directory Schema Is: • Dynamically Available • Dynamically Updateable • Protected by DACLs Attribute Examples Computers Attributes of Users Might Contain: List of Attributes accountExpires department distinguishedName middleName accountExpires department distinguishedName directReports dNSHostName operatingSystem repsFrom repsTo middleName … Users Printers

  7. = Active Directory domain = DNS node (domain or computer) DNS and Active Directory Namespaces DNS Namespace Internet “.” (DNS root domain) com. Active Directory Namespace microsoft microsoft.com training sales training. microsoft.com sales. microsoft.com computer1

  8. Lightweight Directory Access Protocol (LDAP) • LDAP Provides a Way to Communicate with Active Directory by Specifying Unique Naming Paths for Each Object in the Directory • LDAP Naming Paths Include: • Distinguished names • Relative distinguished names CN=Suzan Fine,OU=Sales,DC=contoso,DC=msft Suzan Fine

  9. Active Directory Logical Structure • Domains • Organizational Units • Trees and Forests • Global Catalog

  10. User1 User2 Domains • A Domain Is a Security Boundary • A domain administrator can administer only within the domain, unless explicitly granted administration rights in other domains • A Domain Is a Unit of Replication • Domain controllers in a domain participate in replication and contain a complete copy of the directory information for their domain Windows 2000Domain Replication User1 User2

  11. Organizational Units Network Administrative Model Organizational Structure • Use OUs to Group Objects into a Logical Hierarchy That Best Suits the Needs of Your Organization • Delegate Administrative Control over the Objects Within an OU by Assigning Specific Permissions to Users and Groups Sales Vancouver Users Sales Computers Repair

  12. contoso.msft (root) Two-Way Transitive Trust Forest nwtraders.msft asia. contoso.msft au. contoso.msft Tree asia. nwtraders.msft au. nwtraders.msft Two-Way Transitive Trusts Tree Trees and Forests

  13. Subset of the Attributes of All Objects Domain Domain Domain Domain Global Catalog Domain Domain Global Catalog Server Global Catalog Queries Group membership when user logs on

  14. Introduction to the Role of DNS in Active Directory • Name Resolution • DNS translates computer names to IP addresses • Computers use DNS to locate each other on the network • Naming Convention for Windows 2000 Domains • Windows 2000 uses DNS naming standards for domain names • DNS domains and Active Directory domains share a common hierarchical naming structure • Locating the Physical Components of Active Directory • DNS identifies domain controllers by the services they provide • Computers use DNS to locate domain controllers and global catalog servers

  15. Builtin Computer1 training.microsoft.com Computers Computer2 DNS Host Names and Windows 2000 Computer Names • DNS host record and Active Directory object represent the same physical computer • DNS allows computers to locate domain controllers within Active Directory “.” com. Active Directory microsoft sales training computer1 FQDN = computer1.training.microsoft.com Windows 2000 Computer Name = Computer1

  16. DNS Requirements for Active Directory DNS Requirements to Support Active Directory Support for SRV records (mandatory) Support for the dynamic update protocol (recommended) Support for incremental zone transfers (recommended)

  17. What Is a Tree? Parent Tree Root Domain Parent Domain contoso.msft Child Child Domain sales.contoso.msft New Domain Contiguous Namespace sales.contoso.msft

  18. The Forest Root Domain Is the First Domain Created in a Forest contoso.msft Forest Root Domain Global Catalog Forest nwtraders.msft Configuration and Schema Tree Root Domain Tree Tree Enterprise Admins Schema Admins marketing.nwtraders.msft sales.contoso.msft What Is the Forest Root Domain?

  19. Characteristics of Multiple Domains Reduce Replication Traffic Maintain Separate and Distinct Security Policies Between Domains Preserve the Domain Structure of Earlier Versions of Windows NT Separate Administrative Control

  20. Active Directory Physical Structure • Domain Controllers • Sites

  21. Domain User1 User2 User1 User2 Replication Domain Controller Domain Controller Domain Controllers Domain Controllers: • Participate in Active Directory replication • Perform single master operations roles in a domain = A Writeable Copy of the Active Directory Database

  22. Seattle New York Chicago Los Angeles Site IP subnet IP subnet Sites Sites: • Optimize replication traffic • Enable users to log on to a domain controller by using a reliable, high-speed connection

  23. DomainController B Replication Domain Controller A DomainController C Introduction to Active Directory Replication Multimaster Replication with a Loose Convergence

  24. Replication Components and Processes • How Replication Works • Replication Latency • Resolving Replication Conflicts • Optimizing Replication

  25. DomainController B Replicated Update Replication Originating Update Domain Controller A Replicated Update DomainController C How Replication Works • Add • Modify • Move • Delete Active Directory Update

  26. Replication Latency • Default Replication Latency (Change Notification) = 5 minutes • When No Changes, Scheduled Replication = One Hour • Urgent Replication = Immediate Change Notification Replicated Update Change Notification DomainController B Replication Originating Update Domain Controller A Change Notification Replicated Update Domain Controller C

  27. Stamp Stamp Version Number Timestamp Server GUID Stamp Resolving Replication Conflicts Domain Controller A Domain Controller B Originating Update Originating Update Conflict Conflict ConflictsCanBeDueto: • Attribute Value • Adding/Moving Under a Deleted Container Object or the Deletion of a Container Object • Sibling Name

  28. Replication Topology • Directory Partitions • What Is Replication Topology? • Global Catalog and Replication of Partitions

  29. Directory Partitions Directory Partitions Schema Contains definitions and rules for creating and manipulating all objects and attributes Forest Configuration Contains information about Active Directory structure contoso.msft Holds information about all domain-specific objects created in Active Directory Domain Active Directory Database

  30. A2 A4 A2 A4 A1 A3 A1 A3 B2 B3 B1 Domain Controllers from Different Domains Domain Controllers from the Same Domains Domain A Topology Domain B Topology Schema/Configuration Topology Domain A Topology Schema/Configuration Topology What Is Replication Topology?

  31. A2 A4 A2 A4 A1 A3 A1 A3 B2 B3 B1 What Is Replication Topology? Domain Controllers from Different Domains Domain Controllers from the Same Domains Domain A Topology Schema/Configuration Topology Domain A Topology Domain B Topology Schema/Configuration Topology

  32. Domain Domain Search OU1 Computers OU1 OU2 Computer1 Users User1 OU2 Users User1 Computer1 User2 Printer1 User2 Printers Printer1 Using Active Directory for Centralized Management Active Directory: • Enables a single administrator to centrally manage resources • Allows administrators to easily locate information • Allows administrators to group objects into OUs • Uses Group Policy to specify policy-based settings

  33. Domain 1 2 3 OU1 OU2 OU3 1 2 3 Apply Group Policy Once Windows 2000 Enforces Continually Managing the User Environment Use Group Policy to: • Control and lock down what users can do • Centrally manage software installation, repairs, updates, and removal • Configure user data to follow users whether they are online or offline

  34. Domain OU1 Admin1 OU2 Admin2 OU3 Admin3 Delegating Administrative Control Assign Permissions: • For specific OUs to other administrators • To modify specific attributes of an object in a single OU • To perform the same task in all OUs Customize Administrative Tools to: • Map to delegated administrative tasks • Simplify interface design

  35. Review • Introduction to Active Directory • Active Directory Logical Structure • Role of DNS in Active Directory • Active Directory Physical Structure • Methods for Administering a Windows 2000 Network

More Related