1 / 38

Active Directory Fundamentals Win Moody Senior Trainer QA win.moody@qa.com

Active Directory Fundamentals Win Moody Senior Trainer QA win.moody@qa.com. What we will cover:. Domains, Trees, Forests Domain Controllers, Sites The Domain Naming Service (DNS) Replication Operations Masters Lots of demos…. Prerequisite Knowledge.

kinsey
Download Presentation

Active Directory Fundamentals Win Moody Senior Trainer QA win.moody@qa.com

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Directory Fundamentals Win Moody Senior Trainer QA win.moody@qa.com

  2. What we will cover: • Domains, Trees, Forests • Domain Controllers, Sites • The Domain Naming Service (DNS) • Replication • Operations Masters • Lots of demos….

  3. Prerequisite Knowledge • Understanding of what a directory service is Level 200+

  4. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

  5. Active Directory Logical Concepts Domains • Boundary of Security • Authentication • Security Policies • Boundary of Replication • Domain NC Replication • Boundary of DNS Namespace • Boundary of Administration KAPOHO.NET

  6. Active Directory Logical Concepts Trees • Hierarchy of Domains forming a contiguous namespace • Transitive Trust Relationships • All Domains in a Tree share: • Schema • Configuration • Global Catalog KAPOHO.NET HAWAII.KAPOHO.NET EUROPE.KAPOHO.NET MAUI.HAWAII.KAPOHO.NET

  7. Active Directory Logical Concepts Forests • Hierarchy of Domains forming a contiguous or disjoint namespace • Transitive Trust Relationships • All Domains in a Forest share: • Schema • Configuration • Global Catalog KAPOHO.NET PSP.CO.UK HAWAII.KAPOHO.NET

  8. Active Directory Logical Concepts Organizational Units • Containers within Domains • Distinct Units of Administration • Unique to Domains

  9. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

  10. Active Directory Physical Concepts Domain Controllers Primary Domain Controller (PDC) Domain Controllers (DCs) Backup Domain Controllers (BDCs)

  11. Active Directory Physical Concepts Sites • What is a Site? • A set of well-connected IP subnets • Site Usage • Locating Services (e.g. Logon, DFS) • Replication • Group Policy Application • Sites are connected with Site Links • Connects two or more sites

  12. Active Directory Physical Concepts Site Topology DC = Domain Controller GC = Global Catalog DC GC Site A Company.com Site C DC DC GC DC Site B europe.company.com america.company.com

  13. Active Directory Physical ConceptsGlobal Catalog • Partial Replica of all Objects in the Forest • Configurable subset of Attributes • Fast Forest-wide searches • Required at Logon for Universal Group Membership

  14. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

  15. DNS DNS Requirements • SRV Records to locate services (req’d) • DDNS for Dynamic Update (desired) • Windows 2000 and up, DNS also provides: • Incremental Zone Transfers • Integration with Active Directory • Single replication topology • Multi-master replication • Secure Dynamic updates

  16. DNS DNSImplementations • No existing DNS infrastructure • Deploy Microsoft DNS • Check existing DNS meets requirements • Existing DNS not adequate: • Choice 1: Update Server • Choice 2: Migrate to Microsoft DNS • Choice 3: Delegate a subdomain to Microsoft DNS

  17. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

  18. ReplicationReplication Details • Naming Contexts (NCs)that are replicated • Schema Naming Context • Configuration Naming Context • Domain Naming Context • Multi-master Replication • Intra-site Bi-directional Ring Topology • Inter-site Spanning Tree Topology • Synchronous RPC over TCP/IP • Asynchronous SMTP

  19. ReplicationNaming Contexts • Schema • Definitions of object classes and attributes • Replicated to all DCs in the forest • Configuration • AD Structure (domains, sites, and where the DCs are) • Replicated to all DCs in the forest • Domain • Domain specific objects (users, groups, computers, and OUs) • Replicated to all DCs in a domain

  20. ReplicationReplication Topologies • Intra-site Replication: AD replication between DCs within a Site • Inter-site Replication: AD replication between Sites

  21. ReplicationIntra-site Replication • RPC replication within a Site • No compression • Assumes good network connections • Uses notification process • 5 minutes -2k • Less – 2k3 • KCC generates a bi-directional Ring with extra edges Tip: Always let KCC generate the intra-site replication topology when possible

  22. ReplicationInter-Site Replication • Replication between Sites • DS-RPC (RPC over IP) or SMTP Transports • SMTP can be used only between • GCs across Sites • DCs of different domains and in different sites • Compression • 10%-20% of original size • Scheduled

  23. ReplicationSite-links, Bridges and Bridgehead Servers • Site-links link two or more sites • Costs and schedules can be specified • Transitive (can be disabled) • Site-link Bridges • Bridge two or more site-links • Bridgehead servers • KCC generates a minimum cost spanning tree Tip: Always let KCC generate the replication topology

  24. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

  25. Operations MastersSchema and Domain • Schema • Performs updates to schema • Sends updates to all DCs • One per forest • Default is the first DC installed • Domain • Performs add/remove of domains and cross-references to external DS • One per forest • Default is the first DC installed

  26. Operations MastersPDC, RID and Infrastructure • Primary Domain Controller (PDC) • Acts as a PDC for requests from NT clients • One per domain • Relative Identifier (RID) • Generates pools of security identifiers to be distributed to DCs in the domain • One per domain • Infrastructure • Updates SIDs on objects across domains • One per domain • Not required in a single-domain forest

  27. Summary • There are Logical and Physical concepts in Active Directory • DNS • Plenty of Information

  28. For More Information… • Main TechNet Web site at www.microsoft.com/technet • Additional resources to support this Session page can be found at www.microsoft.com/technet/tnt1-98

  29. MS PressInside information for IT Professionals To find the latest IT Professional related titles visit www.microsoft.com/learning/it/books

  30. Third Party PublicationsSupplementary Publications for IT Pros These books can be found and purchased at all good book stores and on-line retailers

  31. Microsoft LearningTraining Resources for IT Professionals • Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure • Course Number: 2279 • Availability: Now • Detailed Syllabus: www.microsoft.com/learning To locate a training provider, please access www.microsoft.com/learning Microsoft Certified Technical Education Centers are Microsoft’s premier partners for training services

  32. Assess your ReadinessMicrosoft Skills Assessment What is Microsoft Skills Assessment? • Self-study learning tool to evaluate readiness for product and technology solutions, instead of job-roles (certification) • Windows Server 2003, Exchange Server 2003, Windows Storage Server 2003, Visual Studio .NET, Office 2003 • Free, online, unproctored, and available to anyone • Answers, “Am I ready?” • Determines skills gaps, provides learning plans with Microsoft Official Curriculum courses, plus more Microsoft learning content suggestions such as TechNet resources • Post your High Score to see how you stack up • visithttp://www.microsoft.com/assessment

  33. Become a Microsoft Certified Systems Administrator (MCSA) • What is the MCSA certification? • For IT professionals who manage and maintain networks and systems based on the Microsoft Windows Server operating system • How do I become an MCSA on Microsoft Windows 2003? • Pass 3 core exams • Pass 1 elective exam or 2 CompTIA certifications • Where do I get more information? • For more information about certification requirements, exams, and training, visit www.microsoft.com/mcsa

  34. Become A Microsoft Certified Systems Engineer (MCSE) • What is the MCSE certification? • Premier certification for IT professionals who analyze the business requirements and design, plan, and implement the infrastructure for business solutions based on the Microsoft Windows Server System integrated server software. • How do I become an MCSE on Microsoft Windows 2003? • Pass 6 core exams • Pass 1 elective exams from a comprehensive list • Where do I get more information? • For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcse

  35. Demonstrate Your Security or Messaging Specialization • What are MCSA/MCSE specializations? • MCSA and MCSE specializations allow IT professionals to highlight specific expertise or technical focus within their job role. • What specializations are available? • MCSA: Security  MCSA: Messaging • MCSE: Security  MCSE: Messaging • Where do I get more information? • For more information about MCSA and MCSE specialization requirements, exams, and training options, visit www.microsoft.com/mcsaorwww.microsoft.com/mcse

  36. What is TechNet? • Put the right answers at your fingertips • TechNet is the comprehensive collection of resources to help IT implementers plan, deploy, and manage Microsoft products successfully TechNet Subscription • Monthly updates delivered on DVD or CD • The definitive resource to help you evaluate, deploy and maintain Microsoft products TechNet Web Site • Accessible at www.microsoft.com/technet • Online resources and community • Subscriber-only Online Services TechNet Flash • Bi-weekly e-newsletter • Security updates, new resources, and special offers TechNet Events and Web Casts • Briefings on the latest Microsoft products and technologies • Hands-on, “how to” information TechNet Communities • User Groups • Managed Newsgroups

  37. Where Can I Get TechNet? • Visit TechNet Online atwww.microsoft.com/technet • Register for the TechNet Flash www.microsoft.com/technet/subscriptions/flash.asp • Join the TechNet Online forum at www.microsoft.com/technet/itcommunity • Become a TechNet Subscriber at www.microsoft.com/technet/buynow/subscribe • Attend More TechNet Events or view on-linewww.microsoft.com/technet/tcevents/itevents

More Related