1 / 19

Corso referenti S.I.R.A. – Modulo 2

Corso referenti S.I.R.A. – Modulo 2. 06 – Active Directory 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano Viola (CSIA). Overview. Introduction to Active Directory Active Directory Logical Structure

urian
Download Presentation

Corso referenti S.I.R.A. – Modulo 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Corso referenti S.I.R.A. – Modulo 2 06 – Active Directory 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano Viola (CSIA)

  2. Overview • Introduction to Active Directory • Active Directory Logical Structure • Active Directory Physical Structure • Methods for Administering a Windows 2000 Network

  3. Introduction to Active Directory • What Is Active Directory? • Active Directory Objects • Active Directory Schema • Lightweight Directory Access Protocol (LDAP)

  4. Directory Service Functionality Centralized Management • Organize • Manage • Control • Single point of administration • Full user access to directory resources by a single logon Resources What Is Active Directory?

  5. Attributes Printer Name Printer Location Attributes First Name Last Name Logon Name Active Directory Objects Objects Active Directory Printers Printer1 Printer2 Printers Printer3 Attribute Value Users Don Hall Suzan Fine Users Objects Represent Network Resources Attributes Store Information About an Object

  6. Active Directory Schema Objects Class Examples Active Directory Schema Is: • Dynamically Available • Dynamically Updateable • Protected by DACLs Attribute Examples Computers Attributes of Users Might Contain: List of Attributes accountExpires department distinguishedName middleName accountExpires department distinguishedName directReports dNSHostName operatingSystem repsFrom repsTo middleName … Users Printers

  7. Lightweight Directory Access Protocol (LDAP) • LDAP Provides a Way to Communicate with Active Directory by Specifying Unique Naming Paths for Each Object in the Directory • LDAP Naming Paths Include: • Distinguished names • Relative distinguished names CN=RossiMario,OU=Studenti,DC=ds,DC=units,DC=it

  8. Active Directory Logical Structure • Domains • Organizational Units • Trees and Forests

  9. User1 User2 Domains • A Domain Is a Security Boundary • A domain administrator can administer only within the domain, unless explicitly granted administration rights in other domains • A Domain Is a Unit of Replication • Domain controllers in a domain participate in replication and contain a complete copy of the directory information for their domain Windows 2000Domain Replication User1 User2

  10. Organizational Units Network Administrative Model Organizational Structure • Use OUs to Group Objects into a Logical Hierarchy That Best Suits the Needs of Your Organization • Delegate Administrative Control over the Objects Within an OU by Assigning Specific Permissions to Users and Groups Sales Vancouver Users Sales Computers Repair

  11. contoso.msft (root) Two-Way Transitive Trust Forest nwtraders.msft asia. contoso.msft au. contoso.msft Tree asia. nwtraders.msft au. nwtraders.msft Two-Way Transitive Trusts Tree Trees and Forests

  12. Subset of the Attributes of All Objects Domain Domain Domain Domain Global Catalog Domain Domain Global Catalog Server Global Catalog Queries Group membership when user logs on

  13. Active Directory Physical Structure • Domain Controllers • Sites

  14. Domain Controllers: • Participate in Active Directory replication • Perform single master operations roles in a domain Domain User1 User2 User1 User2 Replication Domain Controller Domain Controller = A Writeable Copy of the Active Directory Database Domain Controllers

  15. Seattle New York Chicago Los Angeles Site IP subnet IP subnet Sites Sites: • Optimize replication traffic • Enable users to log on to a domain controller by using a reliable, high-speed connection

  16. Methods for Administering a Windows 2000 Network • Using Active Directory for Centralized Management • Managing the User Environment • Delegating Administrative Control

  17. Domain Domain Search OU1 Computers OU1 OU2 Computer1 Users User1 OU2 Users User1 Computer1 User2 Printer1 User2 Printers Printer1 Using Active Directory for Centralized Management Active Directory: • Enables a single administrator to centrally manage resources • Allows administrators to easily locate information • Allows administrators to group objects into OUs • Uses Group Policy to specify policy-based settings

  18. Domain 1 2 3 OU1 OU2 OU3 1 2 3 Apply Group Policy Once Windows 2000 Enforces Continually Managing the User Environment Use Group Policy to: • Control and lock down what users can do • Centrally manage software installation, repairs, updates, and removal • Configure user data to follow users whether they are online or offline

  19. Domain OU1 Admin1 OU2 Admin2 OU3 Admin3 Delegating Administrative Control Assign Permissions: • For specific OUs to other administrators • To modify specific attributes of an object in a single OU • To perform the same task in all OUs Customize Administrative Tools to: • Map to delegated administrative tasks • Simplify interface design

More Related