1 / 39

Active Directory Fundamentals Thomas Lee Chief Technologist QA thomas.lee@qa

Active Directory Fundamentals Thomas Lee Chief Technologist QA thomas.lee@qa.com. What we will cover:. Domain, Trees, Forests Domain Controllers, Sites The Domain Naming Service Replication Operations Masters Lots of demos…. Prerequisite Knowledge.

marcy
Download Presentation

Active Directory Fundamentals Thomas Lee Chief Technologist QA thomas.lee@qa

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Directory Fundamentals Thomas Lee Chief Technologist QA thomas.lee@qa.com

  2. What we will cover: • Domain, Trees, Forests • Domain Controllers, Sites • The Domain Naming Service • Replication • Operations Masters • Lots of demos….

  3. Prerequisite Knowledge • Understanding of what a directory service is • Networking skills! Level 200+

  4. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

  5. Active Directory Logical Concepts Domains • Boundary of Security • NOT!!! • Boundary of Authentication • Boundary of Replication • Domain NC Replication • Boundary of DNS Namespace • Boundary of Administration KAPOHO.NET

  6. Active Directory Logical Concepts Trees • Hierarchy of Domains forming a contiguous DNS namespace • Transitive Trust Relationships between domains • All domains in a Tree share: • Schema • Configuration • Global Catalog KAPOHO.NET HAWAII.KAPOHO.NET EUROPE.KAPOHO.NET MAUI.HAWAII.KAPOHO.NET

  7. Active Directory Logical Concepts Forests • Hierarchy of Domains forming a contiguous or disjoint namespace • Transitive Trust Relationships • All Domains in a Forest share: • Schema • Configuration • Global Catalog KAPOHO.NET PSP.CO.UK HAWAII.KAPOHO.NET

  8. Active Directory Logical Concepts Organizational Units • Containers within Domains • Distinct Units of Administration • Unique to Domains • Two main uses: • Delegation • Policies

  9. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

  10. Active Directory Physical Concepts Domain Controllers Primary Domain Controller (PDC) Domain Controllers (DC) Backup Domain Controller (BDC)

  11. Active Directory Physical ConceptsSites • What is a Site? • A set of well-connected IP subnets • Site Usage • Locating Services (e.g. Logon, DFS) • Replication • Group Policy Application • Sites are connected with Site Links • Connects two or more sites

  12. Active Directory Physical ConceptsSite Topology DC = Domain Controller GC = Global Catalog DC GC Site A Company.com Site C DC DC GC DC Site B europe.company.com america.company.com

  13. Active Directory Physical ConceptsGlobal Catalog • Partial Replica of all Objects in the Forest • Configurable subset of Attributes • Fast Forest-wide searches • Required at Logon for Universal Group Membership • Win2k3 – Universal Group Caching

  14. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

  15. DNS • DNS is fundamental to AD • No DNS == No AD • Even on a single server! • You have options over: • DNS Topology • DNS Namespace • DNS Server

  16. DNS DNS • SRV Records to locate services (req’d.) • DDNS for Dynamic Update (desired) • Windows 2000 and up, DNS also provides: • Incremental Zone Transfer • Active Directory Integrated • Single replication topology • Multi-master replication • Secure Dynamic update Tip: Use the latest version of BIND!

  17. DNSDNSImplementations • No existing DNS infrastructure • Deploy Microsoft DNS • Existing DNS meets requirements • Existing DNS not adequate: • Choice 1: Update Server • Choice 2: Migrate to Microsoft DNS • Choice 3: Delegate a subdomain to Microsoft DNS

  18. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

  19. ReplicationReplication Details • Naming Contexts that are replicated • Schema Naming Context • Configuration Naming Context • Domain Naming Context • Multi-Master Replication • Intra-site Bi-directional Ring Topology • Inter-site Spanning Tree Topology • Synchronous RPC over TCP/IP • Asynchronous SMTP

  20. ReplicationNaming Contexts • Schema • Definitions of attributes • Replicated to all DCs in the forest • Configuration • AD Structure (domains, sites, and where the DCs are) • Replicated to all DCs in the forest • Domain • Domain specific objects (users, groups, computers, and OUs) • Replicated to all DCs in its domain

  21. ReplicationReplication Topologies • Intra-Site Replication: AD replication between DCs within a Site • Inter-site Replication: AD replication between Sites

  22. ReplicationIntra-Site Replication • RPC Replication in a Site • No compression • Assumes good network connections • Uses notification process • 5 minutes -2k • Less – 2k3 • KCC Generates a bi-directional Ring with extra edges Tip: Always let KCC generate the intra-site replication topology when possible

  23. ReplicationInter-Site Replication • Replication between Sites • DS-RPC (RPC over IP) or SMTP Transports • SMTP can be used only between • GCs across Sites • DCs of different domains and in different sites • Compression • 10%-20% of original size • Scheduled

  24. ReplicationSite-Links, Bridges and Bridgehead Servers • Site Links link two or more sites • Cost and schedules can be specified • Transitive (can be disabled) • Site-Link Bridges • Bridge two or more site links • Bridgehead servers • KCC generates a minimum cost spanning tree Tip: Always let KCC generate the replication topology

  25. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

  26. Operations MastersSchema and Domain • Schema • Perform updates to schema • Sends updates to all DCs • One per forest • Default is the first DC installed • Domain • Performs add/remove of domains and cross-references to external DS • One per forest • Default is the first DC installed

  27. Operations MastersPDC, RID and Infrastructure • Primary Domain Controller (PDC) • Acts as a PDC for requests from NT clients • One per domain • Relative Identifier (RID) • Generates pools of security identifiers to be distributed to DCs in the domain • One per domain • Infrastructure • updates SIDs and domains that are moved in and out of the domain

  28. Summary • There are Logical and Physical concept • DNS • Plenty of Information

  29. For More Information… • Main TechNet Web site at www.microsoft.com/technet • Additional resources to support this Session page can be found at www.microsoft.com/technet/tnt1-98

  30. MS PressInside information for IT Professionals To find the latest IT Professional related titles visit www.microsoft.com/learning/it/books

  31. Third Party PublicationsSupplementary Publications for IT Pros These books can be found and purchased at all good book stores and on-line retailers

  32. Microsoft LearningTraining Resources for IT Professionals QA Special Offer on ALL IT Professional Training 50% off – all QA courses running 1st Week in January 2005 40% off all other courses running in January 2005 www.qa.com/course/specialofferdetails.aspx?code=xmasbonus • Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure • Course Number: 2279 • Availability: Now • Detailed Syllabus: www.microsoft.com/learning To locate a training provider, please access www.microsoft.com/learning Microsoft Certified Technical Education Centers are Microsoft’s premier partners for training services

  33. Assess your ReadinessMicrosoft Skills Assessment What is Microsoft Skills Assessment? • Self-study learning tool to evaluate readiness for product and technology solutions, instead of job-roles (certification) • Windows Server 2003, Exchange Server 2003, Windows Storage Server 2003, Visual Studio .NET, Office 2003 • Free, online, unproctored, and available to anyone • Answers, “Am I ready?” • Determines skills gaps, provides learning plans with Microsoft Official Curriculum courses, plus more Microsoft learning content suggestions such as TechNet resources • Post your High Score to see how you stack up • visithttp://www.microsoft.com/assessment

  34. Become a Microsoft Certified Systems Administrator (MCSA) • What is the MCSA certification? • For IT professionals who manage and maintain networks and systems based on the Microsoft Windows Server operating system • How do I become an MCSA on Microsoft Windows 2000? • Pass 3 core exams • Pass 1 elective exam or 2 CompTIA certifications • Where do I get more information? • For more information about certification requirements, exams, and training, visit www.microsoft.com/mcsa

  35. Become A Microsoft Certified Systems Engineer (MCSE) • What is the MCSE certification? • Premier certification for IT professionals who analyze the business requirements and design, plan, and implement the infrastructure for business solutions based on the Microsoft Windows Server System integrated server software. • How do I become an MCSE on Microsoft Windows 2003? • Pass 6 core exams • Pass 1 elective exams from a comprehensive list • Where do I get more information? • For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcse

  36. Demonstrate Your Security or Messaging Specialization • What are MCSA/MCSE specializations? • MCSA and MCSE specializations allow IT professionals to highlight specific expertise or technical focus within their job role. • What specializations are available? • MCSA: Security  MCSA: Messaging • MCSE: Security  MCSE: Messaging • Where do I get more information? • For more information about MCSA and MCSE specialization requirements, exams, and training options, visit www.microsoft.com/mcsaorwww.microsoft.com/mcse

  37. What is TechNet? • Put the right answers at your fingertips • TechNet is the comprehensive collection of resources to help IT implementers plan, deploy, and manage Microsoft products successfully TechNet Subscription • Monthly updates delivered on DVD or CD • The definitive resource to help you evaluate, deploy and maintain Microsoft products TechNet Web Site • Accessible at www.microsoft.com/technet • Online resources and community • Subscriber-only Online Services TechNet Flash • Bi-weekly e-newsletter • Security updates, new resources, and special offers TechNet Events and Web Casts • Briefings on the latest Microsoft products and technologies • Hands-on, “how to” information TechNet Communities • User Groups • Managed Newsgroups

  38. Where Can I Get TechNet? • Visit TechNet Online atwww.microsoft.com/technet • Register for the TechNet Flash www.microsoft.com/technet/subscriptions/flash.asp • Join the TechNet Online forum at www.microsoft.com/technet/itcommunity • Become a TechNet Subscriber at www.microsoft.com/technet/buynow/subscribe • Attend More TechNet Events or view on-linewww.microsoft.com/technet/tcevents/itevents

More Related