1 / 15

Microsoft Windows Server 2008 R2

Microsoft Windows Server 2008 R2. Active Directory Domain Services Introduction Chapter 6. Active Directory Domain Services. Based off industry standards LDAP-Lightweight Directory Access Protocol X.509 industry standard

becky
Download Presentation

Microsoft Windows Server 2008 R2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft Windows Server 2008 R2 Active Directory Domain Services Introduction Chapter 6

  2. Active Directory Domain Services • Based off industry standards • LDAP-Lightweight Directory Access Protocol • X.509 industry standard • Originated(supposedly) from a previous network operating system called Banyan Vines • NetWare introduced their version of LDAP in the mid-90’s with Novell Directory Services

  3. Domains • In simple terms, a domain is a collection of computers and other objects defined by an administrator to share a common directory database • Security boundary • “like” resources reside in the same domain • Server1.mycompany.local • Workstation1.mycompany.local • Jane.smith@mycompany.local • Unit of replication • Replication is the “copying” of the AD database to other DC’s within same domain

  4. ADDS Terms • Active Directory Domain Services (AD DS) • Used to provide several services to an organization. • Basically, a large database of objects and is used to centrally organize all objects within an organization. • Copies of Active Directory(AD) are stored on domain controllers • Workgroup—is a group of users connected in a LAN but each with a computer having its own user accounts. • Peer-PeerNetwork Client Operating Systems • Domain—used when organization becomes too big for a workgroup. A domain is created when you run DCPROMO.EXE on a server. • Objects—objects within AD are used to represent real-world items. Common objects are user objects and computer objects. These objects can be managed by using AD DS. • Schema—is the definition of all object types that AD can contain and their properties.

  5. ADDS Terms • Organizational Units (OU)—are used to organize objects within AD. This makes it easier to manage. You can delegate control to OU’s and link Group Policies to Ous. • Group Policy—a Group Policy allows you to configure a setting once and apply that setting to many user/computer objects. • Forest—a forest is a group of one or more domains that share a common AD. A single forest will have only one schema and only one global catalog (GC). • Global catalog—is a listing of all objects in the entire forest. • Directory service—is a network service that stores information about network resources and makes them accessible to users and applications. Directory services are important because they provide a consistent way to name, describe, locate, access, manage, and secure information about these resources

  6. ADDS Objects

  7. Definition Of Acronyms • AD DS—Active Directory Domain Services • AD—Active Directory • DC—Domain Controller • DNS—Domain Name Service • OU—Organizational Unit

  8. Active Directory Logical Structure • Stand-alone servers and workstations use the Security Accounts Manager (SAM) database. • C:\windows\system32\config • AD uses the directory stored in NTDS.DIT • After promoting your server to a domain controller, it no longer uses the SAM, but uses the NTDS.DIT to store all users, passwords and domain objects

  9. Features/Benefits of Active Directory • Group Policies • Network management is policy driven • Security • “Grow-ability” • Ability to change • Ability to create consistency • CONSISTENCY=AVAILABILITY • AVAILABILITY=#1 NETWORK ADMIN PRIORITY

  10. DCPROMO • DCPROMO.EXE is used to perform a Domain Controller promotion. • Promotion means that the server will now maintain a copy of the AD database. The server will now have the role of Domain Controller. • Click Start and type DCPROMO.EXE in the search programs box. • Server Manager allows you to add the binaries for the promotion through the Add Roles option. This is unnecessary, DCPROMO will do that for you. • Installs DNS for you. This is required. It will also point your Preferred DNS to 127.0.0.1

  11. DCPRPOMO • DCPROMO checklist: • Server name—easier to rename prior to promotion. Still possible after promotion but can cause problems. Typical naming conventions are DC1, DC2 etc. • IP Addresses—the DC should have a static IP address. Disable IPV6 if you are not using it.

  12. DCPROMO • Locations for Files and SYSVOL • Very important to document these locations • SYSVOL Folder • Location for the NTDS.DIT • This is the AD database • Log files folder • Locations can be changed to increase performance

  13. Active Directory and DNS • Domain Name Service (DNS) is a requirement for Active Directory • Typically, if you have a problem with AD, it’s related to DNS • 70% of all AD problems are related to DNS • DCPROMO does most of the work for you as it relates to installing and configuring DNS.

  14. Food For ThoughtNext Week • Terms you should know: • Organizational Unit • Domain • Active Directory Domain Services • Delegation of Control • DNS as it relates to Active Directory • The DCPROMO (Domain Controller Promotion Process). • Chapters to review for next week: • 5DNS and Active Directory • 6Simple Domains • 7User Account Management

  15. Questions

More Related