190 likes | 300 Views
Corso referenti S.I.R.A. – Modulo 2. 06 – Active Directory 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano Viola (CSIA). Overview. Introduction to Active Directory Active Directory Logical Structure
E N D
Corso referenti S.I.R.A. – Modulo 2 06 – Active Directory 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano Viola (CSIA)
Overview • Introduction to Active Directory • Active Directory Logical Structure • Active Directory Physical Structure • Methods for Administering a Windows 2000 Network
Introduction to Active Directory • What Is Active Directory? • Active Directory Objects • Active Directory Schema • Lightweight Directory Access Protocol (LDAP)
Directory Service Functionality Centralized Management • Organize • Manage • Control • Single point of administration • Full user access to directory resources by a single logon Resources What Is Active Directory?
Attributes Printer Name Printer Location Attributes First Name Last Name Logon Name Active Directory Objects Objects Active Directory Printers Printer1 Printer2 Printers Printer3 Attribute Value Users Don Hall Suzan Fine Users Objects Represent Network Resources Attributes Store Information About an Object
Active Directory Schema Objects Class Examples Active Directory Schema Is: • Dynamically Available • Dynamically Updateable • Protected by DACLs Attribute Examples Computers Attributes of Users Might Contain: List of Attributes accountExpires department distinguishedName middleName accountExpires department distinguishedName directReports dNSHostName operatingSystem repsFrom repsTo middleName … Users Printers
Lightweight Directory Access Protocol (LDAP) • LDAP Provides a Way to Communicate with Active Directory by Specifying Unique Naming Paths for Each Object in the Directory • LDAP Naming Paths Include: • Distinguished names • Relative distinguished names CN=RossiMario,OU=Studenti,DC=ds,DC=units,DC=it
Active Directory Logical Structure • Domains • Organizational Units • Trees and Forests
User1 User2 Domains • A Domain Is a Security Boundary • A domain administrator can administer only within the domain, unless explicitly granted administration rights in other domains • A Domain Is a Unit of Replication • Domain controllers in a domain participate in replication and contain a complete copy of the directory information for their domain Windows 2000Domain Replication User1 User2
Organizational Units Network Administrative Model Organizational Structure • Use OUs to Group Objects into a Logical Hierarchy That Best Suits the Needs of Your Organization • Delegate Administrative Control over the Objects Within an OU by Assigning Specific Permissions to Users and Groups Sales Vancouver Users Sales Computers Repair
contoso.msft (root) Two-Way Transitive Trust Forest nwtraders.msft asia. contoso.msft au. contoso.msft Tree asia. nwtraders.msft au. nwtraders.msft Two-Way Transitive Trusts Tree Trees and Forests
Subset of the Attributes of All Objects Domain Domain Domain Domain Global Catalog Domain Domain Global Catalog Server Global Catalog Queries Group membership when user logs on
Active Directory Physical Structure • Domain Controllers • Sites
Domain Controllers: • Participate in Active Directory replication • Perform single master operations roles in a domain Domain User1 User2 User1 User2 Replication Domain Controller Domain Controller = A Writeable Copy of the Active Directory Database Domain Controllers
Seattle New York Chicago Los Angeles Site IP subnet IP subnet Sites Sites: • Optimize replication traffic • Enable users to log on to a domain controller by using a reliable, high-speed connection
Methods for Administering a Windows 2000 Network • Using Active Directory for Centralized Management • Managing the User Environment • Delegating Administrative Control
Domain Domain Search OU1 Computers OU1 OU2 Computer1 Users User1 OU2 Users User1 Computer1 User2 Printer1 User2 Printers Printer1 Using Active Directory for Centralized Management Active Directory: • Enables a single administrator to centrally manage resources • Allows administrators to easily locate information • Allows administrators to group objects into OUs • Uses Group Policy to specify policy-based settings
Domain 1 2 3 OU1 OU2 OU3 1 2 3 Apply Group Policy Once Windows 2000 Enforces Continually Managing the User Environment Use Group Policy to: • Control and lock down what users can do • Centrally manage software installation, repairs, updates, and removal • Configure user data to follow users whether they are online or offline
Domain OU1 Admin1 OU2 Admin2 OU3 Admin3 Delegating Administrative Control Assign Permissions: • For specific OUs to other administrators • To modify specific attributes of an object in a single OU • To perform the same task in all OUs Customize Administrative Tools to: • Map to delegated administrative tasks • Simplify interface design