1 / 21

IMPLEMENTING ACTIVE DIRECTORY

Chapter 2. IMPLEMENTING ACTIVE DIRECTORY. REQUIREMENTS FOR ACTIVE DIRECTORY. Microsoft Windows Server 2003 (Standard, Enterprise, Datacenter) Cannot use Web Edition for Active Directory Access as a local administrator NT file system (NTFS) partition for Sysvol 200 MB minimum free space

sylvie
Download Presentation

IMPLEMENTING ACTIVE DIRECTORY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 2 IMPLEMENTING ACTIVE DIRECTORY

  2. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY REQUIREMENTS FOR ACTIVE DIRECTORY • Microsoft Windows Server 2003 (Standard, Enterprise, Datacenter) • Cannot use Web Edition for Active Directory • Access as a local administrator • NT file system (NTFS) partition for Sysvol • 200 MB minimum free space • Transmission Control Protocol/Internet Protocol (TCP/IP) • Domain Name System (DNS) to host service location (SRV) resource records

  3. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY ACTIVE DIRECTORY INSTALLATION PROCESS • Complete pre-installation tasks • Plan and test before you install in a production environment

  4. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY ACTIVE DIRECTORY INSTALLATION • Dcpromo or Manage Your Server • If already a domain controller, Dcpromo allows you to remove Active Directory • Operating system compatibility issues • Microsoft Windows 95 • Microsoft Windows NT 4, Service Pack 3

  5. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY ACTIVE DIRECTORY INSTALLATION WIZARD OPTIONS • Domain Controller type • Domain controller for a new domain • Replica domain controller • Install in a new or existing forest? • Install in a new or existing domain tree? • Use the appropriate names • Domain Name System (DNS) • Fully Qualified Domain Name (FQDN) • NetBIOS

  6. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY ACTIVE DIRECTORY INSTALLATION WIZARD OPTIONS • Database and Log Folders • Shared System Volume (Sysvol) • %systemroot%\NTDS • NTFS required

  7. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY ACTIVE DIRECTORY INSTALLATION WIZARD OPTIONS

  8. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY DNS REGISTRATION AND DIAGNOSTICS • If DNS is not detected, you can choose to automatically install and configure. Otherwise, you must manually install and configure. • SRV resource records required • Dynamic updates highly recommended • Incremental zone transfers recommended

  9. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY PERMISSIONS • Pre–Windows 2000 • Windows Server 2003

  10. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY ACTIVE DIRECTORY INSTALLATION WIZARD OPTIONS • Directory Services Restore Mode Administrator password • Password used to enter Directory Services Restore Mode • Required for Active Directory maintenance • Completing the Active Directory installation • Confirm your configuration • Restart your new domain controller

  11. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY VERIFY AND FINALIZE DNS • Application Directory partition creation • DomainDNSZones • ForestDNSZones • Automatically created when Active Directory Integrated DNS is used • Can be managed only by Enterprise Admins • Aging and scavenging options • Forward lookup zones and SRV resource records

  12. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY DNS UPDATES AND RECORD STORAGE • Dynamic updates • Secure only • Nonsecure and secure • None • Store the zone in Active Directory, named Active Directory–integrated • Reverse lookup zones

  13. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY REPLICA DOMAIN CONTROLLER • Provides load balancing and fault tolerance • If one domain controller fails, there is another holding the Active Directory records • Clients can use either domain controller for authentication • DNS fault tolerance • If Active Directory–integrated, the records are automatically copied to other domain controllers • If not Active Directory–integrated, you can use a secondary zone for fault tolerance of records

  14. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY REPLICA DOMAIN CONTROLLER • DNS load balancing • Install DNS service on additional server • Configure client computer to use the new server as their Preferred DNS server

  15. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY SCHEMA MODIFICATION • Some applications modify the schema • Examples include: e-mail programs, backup programs, and directory integration software • Must be a member of Schema Admins to install these applications or to manually modify the schema • Schema changes trigger replication to all domain controllers in the forest • Default system classes cannot be modified • Class and attribute changes cannot be removed, but can be deactivated

  16. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY RAISING DOMAIN AND FOREST FUNCTIONAL LEVELS • Once complete, cannot be undone without a reinstall • Each domain functional level can be raised independently of other domains • Forest functional levels can be raised only when all domains are at Windows 2000 native or higher • Domain Admins membership required to raise domain functional level • Enterprise Admins membership required to raise forest functional level

  17. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY ESTABLISHING AND MAINTAINING TRUSTS • Shortcut trust • Used to improve resource access • Reduces the length of the trust path • Transitive • Cross-forest trust • Initially one-way; can create two one-way trusts to provide access in either direction • Available only to Windows Server 2003 forests • Transitive

  18. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY ESTABLISHING AND MAINTAINING TRUST • External • Can be used for Windows NT Server 4.0 and Windows 2000 domain trusts • Not transitive • Realm • Used between third-party Kerberos implementations • Not transitive

  19. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY MANAGING TRUSTS • Verifying trusts • Active Directory Domains And Trusts • netdom trust domain1 /d:contoso /verify • Revoking trust relationships • Active Directory Domains And Trusts • netdom trust domain1 /d:contoso /remove

  20. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY USER PRINCIPAL NAMES • Allows users to log on without specifying a domain separately • Can be the user’s e-mail address • By default, the User Principal Name (UPN) suffix is the same as the forest root domain name • Can add UPN suffix in Active Directory Domains And Trusts • Can modify UPN on a per-user basis

  21. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY SUMMARY • Active Directory requires DNS and SRV resource record support • Verifying Active Directory installation • Active Directory partitions • Schema modification and replication • Forest and domain functional levels • Trust types: Shortcut, cross-forest, external, realm

More Related