1 / 61

Goals

Learn about the key features, architecture, and underlying concepts of Active Directory to effectively plan and install it. Understand elements like schema, global catalog, and namespaces. Explore object types such as users, computers, and domains within Active Directory.

sellner
Download Presentation

Goals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Goals • Identify the features of Active Directory • Understand Active Directory architecture • Examine underlying Active Directory concepts • Understand the basic elements of Active Directory • Plan the implementation of Active Directory • Install Active Directory • Work with Microsoft Management Console (MMC) and snap-ins • Create organizational units • Manage Active Directory objects

  2. (Skill 1) Identifying the Features of Active Directory • Active Directory is the directory service for Windows Server 2003 • Features • Centralized management • Security • Object-oriented storage • Hierarchical organization • Multi-master replication • Integration with DNS • Lightweight Directory Access Protocol (LDAP) support • Standard name formats • Scalability

  3. (Skill 1) Figure 3-1 Active Directory

  4. (Skill 1) Figure 3-2 Replication

  5. (Skill 2) Introducing Active Directory Architecture • Active Directory is built in a layered architecture in which the layers represent processes that provide directory services to client applications • Active Directory includes three service layers, several interfaces and protocols, and the underlying Data Store • Service layers of Active Directory • Directory System Agent (DSA) Layer • Database Layer • Extensible Storage Engine Layer • Data Store contains the Active Directory database records

  6. (Skill 2) Figure 3-3 Active Directory Architecture

  7. (Skill 3) Examining Underlying Active Directory Concepts Schema • Contains formal definitions of every object class that can be created in an Active Directory forest • Contains formal definitions of every attribute that can exist in an Active Directory object • Is the database design, which can be extended by adding new object classes or new attributes

  8. (Skill 3) Figure 3-4 Schema

  9. (Skill 3) Examining Underlying Active Directory Concepts (2) Global catalog • Stores a full Read-Write replica of all object attributes in the directory for its host domain • Stores a partial replica of all object attributes contained in the directory for every domain in the forest along with universal groups and group members • Has the ability to search the entire forest, but also keeps the database relatively light, allowing for improved replication • Global catalog server is the name of the domain controller that maintains the global catalog

  10. (Skill 3) Figure 3-5 Global Catalog in Active Directory

  11. (Skill 3) Examining Underlying Active Directory Concepts (3) Namespace • Bounded area in which the names used to identify objects are resolved • Defines the domain structure in Active Directory • Provides name resolution through the use of the Domain Name System (DNS), which is central to the operation of Windows networks • Without proper name resolution, users cannot locate resources on the network • Domains with contiguous namespaces are members of the same tree • A forest is a collection of domains sharing the same schema, configuration, and global catalog

  12. (Skill 3) Figure 3-6 Contiguous namespaces (tree)

  13. (Skill 3) Figure 3-7 Disjointed namespaces (multiple trees)

  14. (Skill 3) Examining Underlying Active Directory Concepts (4) • Active Directory uniquely identifies each object • Globally Unique Identifier (GUID) • Distinguished Name (DN) • Relative Distinguished Name (RDN) • User Principal Name (UPN)

  15. (Skill 3) Figure 3-8 Naming conventions

  16. (Skill 3) Figure 3-9 The DN and RDN for a user object

  17. (Skill 4) Introducing the Basic Elements of Active Directory Object • Any “thing” (tangible or abstract) about which data is stored • Can be a network resource, such as a user, group, printer, or a virtual object such as a forest, tree, domain, or OU • Each is defined by a set of attributes related to its properties • When you create an object, the Active Directory is populated with some of the attributes for the object

  18. (Skill 4) Introducing the Basic Elements of Active Directory (2) Common types of objects • Computer • User • Group • Shared Folder • Printer

  19. (Skill 4) Introducing the Basic Elements of Active Directory (3) Domain • A group of computers and devices on a network that constitute a single security boundary within Active Directory, but can span more than one physical location • Each has its own security policies and security relationships with other domains • Domains co-existing under the same namespace form a single tree • When multiple domains are connected by trust relationships and share a common schema, configuration, and global catalog, they constitute a forest

  20. (Skill 4) Introducing the Basic Elements of Active Directory (4) Types of computers in a domain • Domain controller • A computer that stores a replica of the directory database • Stores security policies and accounts • Member server • A Windows NT 4.0, 2000, or Server 2003 computer that is part of a domain • Does not store a replica of the directory database • Client computers • Computers running operating systems that can communicate with the Active Directory for user authentication and resource access

  21. (Skill 4) Figure 3-10 Hierarchical structure of Active Directory

  22. (Skill 4) Introducing the Basic Elements of Active Directory (5) Organizational unit (OU) • A container object for organizing objects within a domain • Can contain users, groups, resources, and other OUs • Enables the delegation of administration to distinct segments of the directory, which provides more flexibility in managing the objects in a business unit, department, or other organizational division • Administration of grouped OUs • Creation and organization of child OUs • Delegation of permissions within specific OUs • Assignment of Group Policy links

  23. (Skill 4) Introducing the Basic Elements of Active Directory (6) Tree • A set of one or more domains in a hierarchical structure • The first domain created in the forest is called the forest root and this is where the forest name is specified • All domain trees in a forest share the same forest root • If a new tree is created after the forest root, the first domain that is added to this tree is called the root domain • Domains under the root domain are called child domains • Any domain immediately above another domain is called the parent domain

  24. (Skill 4) Figure 3-11 Multiple domains in a tree

  25. (Skill 4) Introducing the Basic Elements of Active Directory (7) Forest • A group of one or more Active Directory domains sharing a common schema, configuration, global catalog, and two-way, transitive trusts • All trees in a given forest trust each other through transitive two-way trust relationships • A forest exists as a set of cross-referenced objects and trust relationships known to the member trees • Trees in a forest form a hierarchy for the purposes of trust

  26. (Skill 4) Figure 3-12 Forest

  27. (Skill 4) Introducing the Basic Elements of Active Directory (8) Sites • A location in a network holding Active Directory servers • Defined as one or more well connected TCP/IP subnets, meaning that network connectivity is highly reliable and fast

  28. (Skill 4) Figure 3-13 Site

  29. (Skill 5) Planning the Implementation of Active Directory Key planning steps • Understand the business requirements of your organization • Plan the namespace • Design the site • Combine subnets that run over high bandwidth network connections so they are economical and reliable • Create one or more sites for domains that spread over two or more far-reaching geographic locations • Plan the domain structure

  30. (Skill 5) Figure 3-14 A domain/OU structure for an organization

  31. (Skill 6) Installing Active Directory • After completing the planning phase, install Active Directory on the Windows Server 2003 using the Active Directory Installation Wizard (Dcpromo.exe) • After first-time installation • Active Directory forest is created • First domain created in the forest is the forest root • Forest root comprises the first Active Directory tree and this first domain is called the root domain • Domains created under the root domain are called child domains

  32. (Skill 6) Installing Active Directory (2) Mixed mode • When you create a domain, by default the domain is configured to run in Windows 2000 mixed mode • Allows the coexistence of Windows NT, Windows 2000, and Windows Server 2003 domains Windows 2000 native mode • If your domain consists of only Windows 2000 domain controllers, you can switch to Windows 2000 native mode • Native mode supports Windows 2000 and Windows Server 2003 domains

  33. (Skill 6) Installing Active Directory (3) Windows Server 2003 interim mode • If your domain has only Windows NT 4.0 servers, and you upgrade a server to Windows Server 2003, you can use Windows Server 2003 interim mode • Used when there are no Windows 2000 servers and you upgrade a Windows NT PDC to Windows Server 2003 Windows Server 2003 mode • If your domain consists of only Windows Server 2003 domain controllers, you can switch to Windows Server 2003 mode • Supports the full Windows Server 2003 Active Directory implementation

  34. (Skill 6) Figure 3-15 Detecting Local Area network settings

  35. (Skill 6) Figure 3-16 The Server Role screen

  36. (Skill 6) Figure 3-17 The Operating System Compatibility screen

  37. (Skill 6) Figure 3-18 The Domain Controller Type screen

  38. (Skill 6) Figure 3-19 The Create New Domain screen

  39. (Skill 6) Figure 3-20 Specifying the full DNS domain name

  40. (Skill 6) Figure 3-21 The NetBIOS Domain Name screen

  41. (Skill 6) Figure 3-22 The Permissions screen

  42. (Skill 7) Working with Microsoft Management Console (MMC) and Snap-Ins Microsoft Management Console (MMC) • An ISV (Independent Software Vendor)-extensible, common console framework for management applications • Provides a common host environment for snap-ins, which provide the actual management behavior • Does not provide any management functionality by itself

  43. (Skill 7) Working with Microsoft Management Console (MMC) and Snap-Ins (2) Snap-ins • Used to perform administrative tasks • Manage computers, services, and networks • Edit multiple user objects • Save queries • Quickly select objects using the improved object picker component

  44. (Skill 7) Working with Microsoft Management Console (MMC) and Snap-Ins (3) Snap-in types • Stand-alone snap-in • Often referred to simply as a snap-in • Provides management functionality without requiring support from another snap-in • Used to perform administrative tasks even if no other snap-in is present in the console • Extension snap-ins • Often referred to simply as an extension • Require a parent snap-in above it in the console tree • Extend the functionality provided by other snap-ins

  45. (Skill 7) Figure 3-23 An empty console window

  46. (Skill 7) Figure 3-24 Setting the Author mode in the Console Options dialog box

  47. (Skill 7) Figure 3-25 The Add Standalone Snap-in dialog box

  48. (Skill 7) Figure 3-26 Using a snap-in to manage the local computer

  49. (Skill 7) Figure 3-27 Removing snap-in extensions

  50. (Skill 7) Figure 3-28 Console Root with selected extensions

More Related