1 / 43

A Brief Introduction to Active Directory

A Brief Introduction to Active Directory. Introduction to Windows Server 2003 Active Directory. Provides the following services Central point for storing and managing network objects Central point for administration of objects and resources Logon and authentication services

chester-andrews
Download Presentation

A Brief Introduction to Active Directory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Brief Introduction to Active Directory

  2. Introduction to Windows Server 2003 Active Directory • Provides the following services • Central point for storing and managing network objects • Central point for administration of objects and resources • Logon and authentication services • Delegation of administration

  3. Active Directory • Built upon industry standards • Compatible with other directories and systems • Addresses scalability, security, and maintenance issues, ensuring lower TCO

  4. Introduction to Windows Server 2003 Active Directory Continued • Stored on domain controllers in the network • Changes made to any Active Directory will be replicated across all domain controllers • Multimaster replication • Fault tolerance for domain controller failure • Uses Domain Name Service (DNS) conventions for network resources

  5. Active Directory Service Interface • Component Object Model (COM) components that open AD features to programmers • ADSI – Active Directory Service Interface • LDAP – Lightweight Directory Access Protocol

  6. Windows Directory Services What is a Directory Service? • A directory is a collection of data that is related in various ways to other pieces of data • A directory service is a central repository for data that describes the resources on your network

  7. Active Directory • Active Directory is the name given to the directory service employed in Windows Server 2003 • Its dual role: to act as a data repository and to provide data to applications and features outside of AD

  8. Active Directory

  9. Organization of Active Directory Database • AD is a single table residing in a single file that is copied to all domain controllers • ntds.dit • Rows describe objects • Columns describe attributes • Metadata – Schema • Extensible

  10. Logical components • Objects • Forests • Trees • Domains • Groups • Organizational Units (OU)

  11. Domains and Organizational Units • Domain • Has a unique name • Is organized in hierarchical levels • Has an Active Directory replicated across its domain controllers • Organizational unit (OU) • A logical container used to organize domain objects • Makes it easy to locate and manage objects • Allows you to apply Group Policy settings • Allows delegation of administrative control

  12. An Active Directory Domain and OU Structure

  13. Trees and Forests • Sometimes necessary to create multiple domains within an organization • First Active Directory domain is the forest root domain • A tree is a hierarchical collection of domains that share a contiguous DNS naming structure • A forest is a collection of trees that do not share a contiguous DNS naming structure • Transitive trust relationships exist among domains in trees and, optionally, in and across forests

  14. Physical Components • Domain Controllers • Server capable of authentication • Maintains a copy of the Active Directory • Sites • A well connected TCP/IP subnet

  15. Working with AD in your Enterprise • Issues to consider: • Working with DNS • Domain Functional levels • Mixed Mode – NT, 2000 and 2003 Domain Controllers • Native Mode – 2000 and 2003 Domain Controllers • Windows Server 2003 interim domain functional – only when upgrading from NT • Windows Server 2003 domain functional – only 2003 DCs • Forest Functional Levels • Windows 2000 – NT, 2000 and 2003 DCs • Windows Server 2003 Interim • Windows Server 2003

  16. Working with AD in your Enterprise • Issues to consider: • Overhead • Personnel • System • Delegating tasks • Maintenance • Group Policy • Replication

  17. Active Directory Terminology • Domain - a selection of computers, user accounts, or other objects that share a common security boundary • hierarchical structure of containers and objects • unique DNS name • security boundary

  18. Domain Controllers (DC) • Active Directory service installed • Servers that provide authentication of domain members • Data stores • %systemroot%\ntds.dit • NT Primary Domain Controllers (PDC) • Mixed Mode • Windows 2003 DC – running PDC emulation

  19. Trust Relationships • Allow cross-domain access to resources • Requires a trusted domain and a trusting domain

  20. Trust Relationships • Trusts can also be two-way

  21. Trust Relationships • Trusts can also be transitive

  22. Namespace • DNS is the primary method of name resolution • DNS is a hierarchical naming system

  23. Texas Pinball Namespace

  24. Domain Trees • A group of domains that share the same namespace • all domains share a common schema • all domains share a common Global Catalog • implicit two-way transitive trusts exist between domains • permissions and rights flow down the tree

  25. Domain Forests • A collection of domain trees • domains have a noncontiguous namespace and differing name structure • domains share a common schema • domains share a common Global Catalog • domains operate independently, but cross-domain communication is enabled • implicit, two-way transitive trusts exist between domains and domain trees • Explict Forest to Forest non-transitive trust

  26. Texas Pinball Domain Forest

  27. Active Directory Components • Active Directory Objects • Active Directory Schema • Organizational Unit • Global Catalog • Operation masters

  28. Active Directory Objects • An object refers to a specific, distinctive, named resource on the network • groupings of similar objects are classes • objects that can contain other objects are containers (e.g. a domain)

  29. Active Directory Schema • An definition of the types of objects allowed within a directory, and the attributes associated with them • attributes (schema objects) are defined once and can be applied to multiple classes • classes (metadata) describe which attributes are used to define objects

  30. Active Directory Schema

  31. Domain Domain Domain Tree OU Domain Domain Domain Domain OU OU Tree Forest FORESTS, TREES, ORGANIZATIONAL UNITS

  32. Organizational Unit (OU) • A special container used to organize objects in a domain into administrative units

  33. Global Catalog • A limited database that stores partial replicas of the directories of other domains • Stored on DCs known as Global Catalog Servers • First DC within Forest • Multiple Global Catalogs • Improved performance • Increased network traffic • Services • Authentication • Query processing • Universal Group Membership • Integrated with Exchange 2000

  34. An Active Directory Forest

  35. Global Catalog • An index and partial replica of most frequently used objects and attributes of an Active Directory • Replicated to any server in a forest configured to be a global catalog server

  36. Operation Masters • AD uses a multi-master replication model • Some operations are impractical for a multi-master environment • assigned to a specific DC, known as an operation master. • schema master • domain naming master • relative ID master • PDC emulator • infrastructure master

  37. Operations Master - Functions • Schema master – maintains AD schema used through out the Forest – 1 per forest • Domain Naming master – controls the addition and removal of domains in the FOREST – 1 per forest • PDC Emulator – mixed mode – 1 per domain • RID master - 1 per domain • Domain SID + RID provides a unique SID throughout the Forest • Infrastructure master – 1 per domain • Maintains inter-domain object reference • Notification of change, move, etc.

  38. Physical Structure of AD • Sites • Site Links • Bridgehead Servers

  39. Sites • A collection of computers connected via a high-speed network • LAN • IP subnet • Sites relate to the physical layout of the network • A site can contain multiple domains, and a domain can cross several sites • Connect via slow speed links (WAN)

  40. Sites (con’t) • DC automatically placed within a site based on IP subnet address • No subnet – Default-First-Site • Includes all DCs • Addtional Sites must be created manually • Assigned only during promotion to DC • Multihomed DCs – Site randomly selected

  41. Sites

  42. Benefits of Sites • Directory services are provided by the closest DC • Latency is minimized for replication within a site • Bandwidth utilization for replication is minimized between sites • Replication can be scheduled between sites

More Related