1 / 49

Objectives

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 4: Active Directory Architecture. Objectives. Describe the underlying database of Active Directory Describe the Active Directory schema and how it can be extended

walter-clay
Download Presentation

Objectives

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, EnhancedChapter 4: Active Directory Architecture

  2. Objectives • Describe the underlying database of Active Directory • Describe the Active Directory schema and how it can be extended • Describe the different Active Directory partitions and their functions Guide to MCSE 70-294, Enhanced

  3. Active Directory Physical Database Storage • Layers • Provide the directory service • Include: • Extensible Storage Engine (ESE) • Database layer • Directory Service Agent (DSA) Guide to MCSE 70-294, Enhanced

  4. Active Directory Layers Guide to MCSE 70-294, Enhanced

  5. Active Directory Physical Database Storage • Extensible Storage Engine: • Lowest level • Directly responsible for manipulating database • All objects stored in nonhierarchical form • Rows in database table • Database layer: • Responsible for providing object-oriented hierarchical view Guide to MCSE 70-294, Enhanced

  6. Active Directory Physical Database Storage (continued) • Directory Service Agent: • Third layer • Responsible for enforcing semantics • Govern how objects in Active Directory are created and manipulated • Only adjacent layers communicate with one another Guide to MCSE 70-294, Enhanced

  7. Extensible Storage Engine • Active Directory store: • Transactional database • Based on Extensible Storage Engine • Transaction • Each addition, modification, or deletion • Needed data is loaded from disk to memory Guide to MCSE 70-294, Enhanced

  8. Extensible Storage Engine (continued) • Transaction • First thing that happens: • Operation is logged to hard disk • Modification transaction performs made to the in-memory copy of data • Manipulating in-memory copy of data is faster that going to disk Guide to MCSE 70-294, Enhanced

  9. Extensible Storage Engine (continued) • Least recently used: • Storing entire database in memory is not practical • Move data that is no longer needed • Write changes back to hard drive • Least recently used algorithm to write to disk: • When memory is running low • System is at a period of low activity Guide to MCSE 70-294, Enhanced

  10. Extensible Storage Engine (continued) • Transactions: • ESE writes all transactions to log before they are made to in-memory copy • Next time domain controller starts, ESE can use transactions recorded in log • Reapply changes to copy of data stored on hard disk • Called recovering the database • Done without user intervention Guide to MCSE 70-294, Enhanced

  11. Extensible Storage Engine (continued) • Checkpoints: • Shorten recovery times • Reduce amount of hard drive space logs take up • Completed transactions written back to disk • Fact that transactions were successfully written is noted • ESE only needs to reapply transactions from point of last checkpoint • Transactions can be deleted from log Guide to MCSE 70-294, Enhanced

  12. Active Directory File Structure • Files: • NTDS.DIT • EDB.LOG • EDBXXXXX.LOG • EDB.CHK • RES1.LOG and RES2.LOG • TEMP.EDB Guide to MCSE 70-294, Enhanced

  13. Active Directory Files Guide to MCSE 70-294, Enhanced

  14. NTDS.DIT • Actual Active Directory store • Stores all objects and their attributes • Located in %SYSTEMROOT%\ NTDS folder on domain controllers • Made up of three tables: • Schema table • Data table • Link table Guide to MCSE 70-294, Enhanced

  15. EDB.LOG • Current transaction log file • Changes to Active Directory are noted first in transaction log file • Size of EDB.LOG is always 10 MB Guide to MCSE 70-294, Enhanced

  16. EDBXXXXX.LOG • When EDB.LOG is filled, it is renamed to EDBXXXXX.LOG • XXXXX is a number increased by one each time a new log file is created • Every 12 hours: • Garbage-collection process runs • Deletes old EDBXXXXX.LOG Guide to MCSE 70-294, Enhanced

  17. EDB.CHK • Checkpoint file • System recovering from failure • Uses EDB.CHK file to determine what transactions should be written to database Guide to MCSE 70-294, Enhanced

  18. RES1.LOG and RES2.LOG • Placeholder files • Reserve disk space • If domain controller runs out of free disk space, uses reserved space from files • Prevents updates from being lost due to insufficient disk space • Important: • Include additional free space to store Active Directory database as it grows Guide to MCSE 70-294, Enhanced

  19. TEMP.EDB • Temporary storage space • Hold large transactions while they are in process • Used during maintenance operations Guide to MCSE 70-294, Enhanced

  20. LDAP • Primary protocol used to work with objects in Active Directory • Vital to understand how to use LDAP naming paths Guide to MCSE 70-294, Enhanced

  21. LDAP (continued) • DN: • Every object in Active Directory has unique name • Describes exactly where the object is located in the object hierarchy • Made up of: • Name of the object • All of parent objects above it in hierarchy Guide to MCSE 70-294, Enhanced

  22. LDAP (continued) • RDN • Identifies object within its container • Contains only name of object • Acronyms for object names: • DC (Domain Component) • Part of a domain name • OU (Organizational Unit) • Name of an organizational unit • CN (Common Name) • Name of most objects Guide to MCSE 70-294, Enhanced

  23. LDAP (continued) • Name example: • Lori Thompson located in dev.supercorp.net domain in Research organizational unit • DN: CN=Lori Thompson,OU=Research,DC=dev,DC=supercorp,DC=net • RDN: CN=Lori Thompson Guide to MCSE 70-294, Enhanced

  24. Active Directory Schema • All available objects and attributes • Sets out exactly: • What kind of objects are represented • What properties or attributes are required or optional • What types of values are acceptable • Tool needed to modify the schema is not available by default Guide to MCSE 70-294, Enhanced

  25. Activity 4-1: Registering Active Directory Schema Console • Objective: Register the Active Directory Schema snap-in so you can view and modify the schema • Follow instructions to register the console Guide to MCSE 70-294, Enhanced

  26. Naming • Every object class and attribute in the schema must have: • Unique common name • LDAP display name • Object Identifier (OID) Guide to MCSE 70-294, Enhanced

  27. Common Name Rules • Start name with registered DNS name of company • Separate each level of DNS name with hyphens (-) instead of periods • Add another hyphen (-) at end of company’s name • Enter current year • Follow year with another hyphen (-) Guide to MCSE 70-294, Enhanced

  28. Common Name Rules (continued) • Choose product-specific prefix • Must be unique within company • Identifies product or application of class or attribute • Should begin with uppercase letter with additional letters using capitalization of your choice • Follow product-specific prefix with hyphen (-) • Enter name of class or attribute separated by hyphens Guide to MCSE 70-294, Enhanced

  29. LDAP Display Name Rules • Start with common name already created for class or attribute • Make first character of product-specific prefix lowercase • Characters following first character may be uppercase or lowercase Guide to MCSE 70-294, Enhanced

  30. LDAP Display Name Rules (continued) • Make every character in class or attribute part of name that is preceded by a hyphen (-) uppercase • Remove all hyphens (-) after product-specific prefix Guide to MCSE 70-294, Enhanced

  31. Example common names and LDAP display names Guide to MCSE 70-294, Enhanced

  32. OID • OID space must be obtained separately • Not part of registered DNS domain name • Two primary ways to obtain an OID space: • Through Microsoft • International Standards Organization (ISO) Guide to MCSE 70-294, Enhanced

  33. Object Classes • Definition of each type of object • Like a template from which objects are created • Inheritance • Class Types: • Structural classes • Abstract classes • Auxiliary classes • 88 classes Guide to MCSE 70-294, Enhanced

  34. Object Classes (continued) • Possible superiors • Controls which types of objects new object can be instantiated or moved under • Example: user object cannot be created (or moved) under a printer object Guide to MCSE 70-294, Enhanced

  35. Activity 4-2: Creating a Structural Class • Objective: Learn how to extend the Active Directory schema to include additional classes • Use Active Directory Schema to create a new class Guide to MCSE 70-294, Enhanced

  36. Attributes • Schema contains list of all possible attributes • Class is assigned both mandatory and optional attributes • Object is sum of its attributes • Syntaxes • Defines data type attribute can store Guide to MCSE 70-294, Enhanced

  37. Common Syntaxes Guide to MCSE 70-294, Enhanced

  38. Common Syntaxes (continued) Guide to MCSE 70-294, Enhanced

  39. Indexes • Similar in concept to index in back of book • Store values (in order) for all objects that have a given attribute • Speed up queries • Slow down creation of objects and updating of attributes • Choose attributes that have highly unique values Guide to MCSE 70-294, Enhanced

  40. Activity 4-4: Adding an Optional Attribute to a Class • Objective: Learn how to add additional attributes to a class • Use the Schema console to add an attribute to a class Guide to MCSE 70-294, Enhanced

  41. Active Directory Partitions • Database divided into groups called partitions, or naming contexts • Used to manage replication • Partitions: • Schema partition • Domain partition • Configuration partition • Application partition Guide to MCSE 70-294, Enhanced

  42. Active Directory Partitions (continued) • ADSI Edit: • Included with Windows Server 2003 Support Tools • Used to view and modify objects in various Active Directory partitions Guide to MCSE 70-294, Enhanced

  43. Active Directory Partitions (continued) Guide to MCSE 70-294, Enhanced

  44. Schema • Stores schema • Contains definitions of all classes and attributes in entire forest • Replicated to all domain controllers in forest • Content is the same throughout forest Guide to MCSE 70-294, Enhanced

  45. Configuration • Stores information about replication topology used in forest • Specifies how domain controller determines with which other specific partners it replicates • Found on all domain controllers • Same throughout forest Guide to MCSE 70-294, Enhanced

  46. Domain • Contains users, computers, groups, and organizational units created in Windows domain • Replicated to all domain controllers in domain • Large amount of data • Usually partition that changes most frequently Guide to MCSE 70-294, Enhanced

  47. Application • Cannot contain security principals • Can be replicated to many different domains in forest • Without necessarily being included on all domain controllers • Used when developer wants to store information in Active Directory Guide to MCSE 70-294, Enhanced

  48. Summary • Active Directory is made up of several layers: • Extensible Storage Engine (ESE), • Database layer • Directory Service Agent (DSA) • By logging all transactions, ESE can reapply transactions in event of system failure and bring data back to a consistent state Guide to MCSE 70-294, Enhanced

  49. Summary (continued) • All objects and attributes available in Active Directory are defined in Active Directory schema • To effectively manage replication of Active Directory, database is divided into groups called partitions Guide to MCSE 70-294, Enhanced

More Related