Docstoc

2270A 03

Document Sample
2270A 03 Powered By Docstoc
					Module 3: Introduction
 to Active Directory
Overview

     Introduction to Active Directory
     Logical Structure
     Physical Structure
     Global Catalog Server
     Single Master Operations
     Methods for Administering a Windows .NET Server
      Family Network
 Introduction to Active Directory


     What is Active Directory?
     Active Directory Supported Technologies
     Active Directory Naming Conventions
     Active Directory and DNS
    What Is Active Directory?

                            Active Directory




Directory service
                                     Centralized management
   functionality

   Organize
                 Resource
   Manage                        Single point of administration
                    s
   Control
Active Directory Supported Technologies


                   DNS
                                    SNTP
   DHCP
            Internet-Standard Technologies


                                                LDAP
TCP/IP



                                             LDIF
         X.509
                      Kerberos
Active Directory Naming Conventions

     Distinguished name
       CN=James Smith, CN=Users, DC=contoso, DC=msft


     Relative distinguished name
     User principal name
      JamesS@contoso.msft
     Globally unique identifier
     Uniqueness of names
Active Directory and DNS


     Name resolution
     Namespace definition
     Locating the physical components of Active Directory
Multimedia: Concepts of Microsoft Windows .NET
Server Active Directory
 Logical Structure


     Domains
     Domain Functional Levels
     Organizational Units
     Trusts
     Trees and Forests
     Forest Functional Levels
     Schema
Domains

  A domain is a unit of replication
      Domain controllers in a domain participate in replication
       and contain a complete copy of the directory
       information for their domain



                          Replication



                           Windows
                           2000/.NET
                            Domain
 Domain Functional Levels

Mixed Mode                            Native Mode

                      Domain
                      Controller
                      (Windows
                      .NET Server)




                                      Domain Controllers
Domain Controller Domain controller
                                      (Windows .NET Server and
(Windows 2000)    (Windows NT 4.0)
                                      Windows 2000 Only)
Organizational Units

     Organizational units hierarchy
      Organizational structure   Network administrative model

                  Paris                       Sales

                      Sales                       Users

                      Repair                      Computers


     Administrative control of organizational units
     Organizational units and the single domain model
Trusts

     Shortcut - one or two-way - transitive trusts
          Reduce authentication requests
          Default between domains
     Forest – one or two-way - transitive trusts
          Only between Forest Roots
          Creates transitive domain relationship
     External – one-way – non-transitive trusts
          Used to connect to/from Windows NT
          Manually created
     Realm – one or two-way – non-transitive trusts
          Connect to/from UNIX
Trees and Forests

                      Forest Two-Way
                      Transitive Trusts

                                               contoso.msft

                             Forest
                                                     Tree
           nwtraders.msft             contoso.msft          contoso.msft

                                        External
                                        One-Way
               Tree
      china.           japan.         Non-Transitive
  nwtraders.msft   nwtraders.msft         Trust


                                                          Domain
                                                       Windows NT 4.0
Forest Functional Levels


  Forest functional level      Domain Controllers supported

  Windows 2000 (default)       Windows NT 4.0, Windows 2000,
                               Windows .NET Server family


  Windows .NET Interim         Windows NT 4.0,
                               Windows .NET Server family

  Windows .NET Server family   Windows .NET Server family
Schema
 Object                           Dynamically available,
  Class                           updateable, and protected
Examples:
                                  by DACLs



                                           Attribute
                                           Examples:
Computers
            Attributes of Users
            might contain:            List of attributes
            accountExpires            accountExpires
            badPasswordTime           badPasswordTime
            mail                      mail
   Users    name                      cAConnect
                                      dhcpType
                                      eFSPolicy
                                      fromServer
                                      governsID
                                      Name
 Servers                              …
 Physical Structure


     Sites
     Domain Controllers




                                    Site
                           Domain
Sites


 Seattle

                                           New York
                         Chicago

           Los Angeles



                                   Site
                                               IP Subnet

                                   IP Subnet
Domain Controllers


Domain                            Domain
Controller                        Controller


         user 1                     user 1
         user 2                     user 2


                    Replication
                  Replication



                     Domain
Global Catalog Server


        Object
       Attributes

                                       Domain



Global Catalog
                                  Domain    Domain
                                                         Domain
                        Queries



                        Universal Group         Domain        Domain

Global Catalog Server   membership
                        when user logs on
Single Master Operations


     Schema master
     Domain naming master
     RID master
     PDC emulator
     Infrastructure master
 Methods for Administering a Windows .NET
  Server Family Network


     Using Active Directory for Centralized Management
     Managing the User Environment
     Delegating Administrative Control
Using Active Directory for Centralized Management
                                                            Domain

                        Search                                  OU1
                                                                      Computers
                                     Domain                                Computer1
                               OU1            OU2
                                                                      Users
                                                                           User1
                                                                OU2
                                                                      Users
                       User1 Computer1 User2 Printer1
                                                                           User2
                                                                      Printers

  Active Directory:                                                         Printer1

      Enables a single administrator to centrally manage resources
      Enables administrators to easily locate information
      Enables administrators to group objects into organizational units
      Uses Group Policy to specify policy-based settings
Managing the User Environment


                      12
                                                                    Domain
                             3                                OU1     OU2        OU3
                     Apply Group
                     Policy Once
                                      Windows .NET Server
                                      Enforces Continually
                                                                    1 2           3
   Use Group Policy to:
       Control and lock down what users can do
       Centrally manage software installation, repairs, updates,
        and removal
       Configure user data to follow users whether they are online or offline
Delegating Administrative Control

                                                 Domain

                                              OU1
                                                          Admin1

                                              OU2
Grant permissions:
                                                          Admin2
   For specific organizational units to other
    administrators
   To modify specific attributes of            OU3
    an object in a single organizational unit             Admin3
   To perform the same task in all organizational
    units
Customize administrative tools to:
     Map to delegated administrative tasks
     Simplify interface design
Review


     Introduction to Active Directory
     Logical Structure
     Physical Structure
     Global Catalog Server
     Single Master Operations
     Methods for Administering a Windows .NET Server
      Network

				
DOCUMENT INFO
Shared By:
Categories:
Tags: course
Stats:
views:0
posted:5/11/2012
language:
pages:26
georg ayoub georg ayoub georg http://
About