Active Directory Fundamentals

Document Sample
Active Directory Fundamentals Powered By Docstoc
					Active Directory
Fundamentals


Thomas Lee
Chief Technologist QA
thomas.lee@qa.com
    What we will cover:
   Domain, Trees, Forests
   Domain Controllers, Sites
   The Domain Naming Service
   Replication
   Operations Masters
   Lots of demos….
Prerequisite Knowledge
   Understanding of what a directory
    service is




Level 200+
Agenda
   Active Directory Logical Concepts
   Active Directory Physical Concepts
   DNS
   Replication
   Operations Masters
Active Directory Logical Concepts
Domains
    Boundary of Security
        NOT!!!
        Boundary of Authentication
    Boundary of Replication
        Domain NC Replication
    Boundary of DNS Namespace
    Boundary of Administration       KAPOHO.NET
Active Directory Logical Concepts
Trees
    Hierarchy of Domains forming a
     contiguous namespace
    Transitive Trust Relationships
    All Domains in a Tree share:
        Schema
                                                 KAPOHO.NET

        Configuration
        Global Catalog

                             HAWAII.KAPOHO.NET                EUROPE.KAPOHO.NET




                           MAUI.HAWAII.KAPOHO.NET
Active Directory Logical Concepts
Forests
    Hierarchy of Domains forming a
     contiguous or disjoint namespace
    Transitive Trust Relationships
    All Domains in a Forest share:
        Schema
        Configuration
        Global Catalog
                          PSP.CO.UK       KAPOHO.NET




                                      HAWAII.KAPOHO.NET
Active Directory Logical Concepts
Organizational Units
     Containers within Domains
     Distinct Units of Administration
     Unique to Domains
Agenda
   Active Directory Logical Concepts
   Active Directory Physical Concepts
   DNS
   Replication
   Operations Masters
Active Directory Physical
Concepts
Domain Controllers
Primary Domain Controller (PDC)   Domain Controllers (DC)




Backup Domain Controller (BDC)
Active Directory Physical
Concepts
Sites
    What is a Site?
        A set of well-connected IP subnets
    Site Usage
        Locating Services (e.g. Logon, DFS)
        Replication
        Group Policy Application
    Sites are connected with Site Links
        Connects two or more sites
Active Directory Physical
Concepts
                                     DC = Domain Controller
Site Topology                        GC = Global Catalog


                     DC
                            GC
           Site A
                    Company.com      Site C




               DC                 DC

      Site B   GC                  DC

      america.company.com   europe.company.com
Active Directory Physical
Concepts
Global Catalog
    Partial Replica of all Objects
     in the Forest
    Configurable subset of Attributes
    Fast Forest-wide searches
    Required at Logon for Universal
     Group Membership
Agenda
   Active Directory Logical Concepts
   Active Directory Physical Concepts
   DNS
   Replication
   Operations Masters
DNS
DNS
   SRV Records to locate services (req’d.)
   DDNS for Dynamic Update (desired)
   Windows 2000 and up, DNS also
    provides:
       Incremental Zone Transfer
       Active Directory Integrated
         Single replication topology
         Multi-master replication
         Secure Dynamic update
Tip: Use the latest version of BIND!
DNS
DNS Implementations
    No existing DNS infrastructure
        Deploy Microsoft DNS
    Existing DNS meets requirements
    Existing DNS not adequate:
        Choice 1: Update Server
        Choice 2: Migrate to Microsoft DNS
        Choice 3: Delegate a subdomain to
         Microsoft DNS
Agenda
   Active Directory Logical Concepts
   Active Directory Physical Concepts
   DNS
   Replication
   Operations Masters
Replication
Replication Details
    Naming Contexts that are replicated
        Schema Naming Context
        Configuration Naming Context
        Domain Naming Context
    Multi-Master Replication
    Intra-site Bi-directional Ring
     Topology
    Inter-site Spanning Tree Topology
        Synchronous RPC over TCP/IP
        Asynchronous SMTP
Replication
Naming Contexts
    Schema
        Definitions of attributes
        Replicated to all DCs in the forest
    Configuration
        AD Structure (domains, sites, and
         where the DCs are)
        Replicated to all DCs in the forest
    Domain
        Domain specific objects (users,
         groups, computers, and OUs)
        Replicated to all DCs in its domain
Replication
Replication Topologies

    Intra-Site Replication: AD replication
     between DCs within a Site
    Inter-site Replication: AD replication
     between Sites
Replication
Intra-Site Replication
    RPC Replication in a Site
    No compression
        Assumes good network connections
    Uses notification process
        5 minutes -2k
        Less – 2k3
    KCC Generates a bi-directional Ring
     with extra edges
 Tip: Always let KCC generate the intra-site
      replication topology when possible
Replication
Inter-Site Replication
    Replication between Sites
    DS-RPC (RPC over IP) or
     SMTP Transports
    SMTP can be used only between
      GCs across Sites
      DCs of different domains and in
       different sites
    Compression
      10%-20%   of original size
    Scheduled
Replication
Site-Links, Bridges and
Bridgehead Servers
    Site Links link two or more sites
        Cost and schedules can be specified
        Transitive (can be disabled)
    Site-Link Bridges
        Bridge two or more site links
    Bridgehead servers
    KCC generates a minimum cost
     spanning tree
 Tip: Always let KCC generate the replication topology
Agenda
   Active Directory Logical Concepts
   Active Directory Physical Concepts
   DNS
   Replication
   Operations Masters
Operations Masters
Schema and Domain
    Schema
        Perform updates to schema
        Sends updates to all DCs
        One per forest
        Default is the first DC installed
    Domain
        Performs add/remove of domains and
         cross-references to external DS
        One per forest
        Default is the first DC installed
Operations Masters
PDC, RID and Infrastructure
    Primary Domain Controller (PDC)
        Acts as a PDC for requests from NT
         clients
        One per domain
    Relative Identifier (RID)
        Generates pools of security identifiers
         to be distributed to DCs in the domain
        One per domain
    Infrastructure
        updates SIDs and domains that are
         moved in and out of the domain
Summary
   There are Logical and Physical concept
   DNS
   Plenty of Information
For More Information…
   Main TechNet Web site at
    www.microsoft.com/technet
   Additional resources to support this
    Session page can be found at
www.microsoft.com/technet/tnt1-98
MS Press
Inside information for IT Professionals




 To find the latest IT Professional related titles visit
  www.microsoft.com/learning/it/books
Third Party Publications
Supplementary Publications for IT Pros




     These books can be found and purchased at all good book
                  stores and on-line retailers
Microsoft Learning
Training Resources for IT Professionals
  Planning,Implementing, and Maintaining
  a Microsoft Windows Server 2003 Active
  Directory Infrastructure
    Course  Number: 2279
    Availability: Now
    Detailed Syllabus:
     www.microsoft.com/learning
              To locate a training provider, please access

            www.microsoft.com/learning
        Microsoft Certified Technical Education Centers
      are Microsoft’s premier partners for training services
Assess your Readiness
Microsoft Skills Assessment
What is Microsoft Skills Assessment?
   Self-study learning tool to evaluate readiness for product and
    technology solutions, instead of job-roles (certification)
   Windows Server 2003, Exchange Server 2003, Windows Storage
    Server 2003, Visual Studio .NET, Office 2003
   Free, online, unproctored, and available to anyone
   Answers, “Am I ready?”
   Determines skills gaps, provides learning plans with Microsoft
    Official Curriculum courses, plus more Microsoft learning
    content suggestions such as TechNet resources
   Post your High Score to see how you stack up
   visit   http://www.microsoft.com/assessment
Become a Microsoft Certified
Systems Administrator (MCSA)
    What is the MCSA certification?
        For IT professionals who manage and maintain
         networks and systems based on the Microsoft
         Windows Server operating system
    How do I become an MCSA on Microsoft
     Windows 2000?
        Pass 3 core exams
        Pass 1 elective exam or 2 CompTIA certifications
    Where do I get more information?
        For more information about certification
         requirements, exams, and training,
         visit www.microsoft.com/mcsa
Become A Microsoft Certified
Systems Engineer (MCSE)
   What is the MCSE certification?
       Premier certification for IT professionals who analyze the
        business requirements and design, plan, and implement the
        infrastructure for business solutions based on the Microsoft
        Windows Server System integrated server software.
   How do I become an MCSE on Microsoft Windows 2003?
       Pass 6 core exams
       Pass 1 elective exams from a comprehensive list
   Where do I get more information?
       For more information about certification requirements,
        exams, and training options,
        visit www.microsoft.com/mcse
Demonstrate Your Security or
Messaging Specialization
   What are MCSA/MCSE specializations?
       MCSA and MCSE specializations allow IT professionals to
        highlight specific expertise or technical focus within their job
        role.
   What specializations are available?
       MCSA: Security                     MCSA: Messaging
       MCSE: Security                     MCSE: Messaging
   Where do I get more information?
       For more information about MCSA and MCSE specialization
        requirements, exams, and training options, visit
        www.microsoft.com/mcsa or www.microsoft.com/mcse
    What is TechNet?
     Put the right answers at your fingertips
          TechNet is the comprehensive collection of resources to help IT
           implementers plan, deploy, and manage Microsoft products
           successfully

                      Monthly updates delivered on DVD or CD
       TechNet
     Subscription        The definitive resource to help you evaluate, deploy and
                          maintain Microsoft products
                      Accessible at www.microsoft.com/technet
TechNet Web Site         Online resources and community
                         Subscriber-only Online Services

                      Bi-weekly e-newsletter
    TechNet Flash
                         Security updates, new resources, and special offers

    TechNet Events    Briefings on the latest Microsoft products and technologies
    and Web Casts        Hands-on, “how to” information

       TechNet        User Groups
     Communities      Managed Newsgroups
    Where Can I Get TechNet?
   Visit TechNet Online at
    www.microsoft.com/technet

   Register for the TechNet Flash
    www.microsoft.com/technet/subscriptions/flash.asp

   Join the TechNet Online forum at
    www.microsoft.com/technet/itcommunity

   Become a TechNet Subscriber at
    www.microsoft.com/technet/buynow/subscribe
   Attend More TechNet Events or view on-line
    www.microsoft.com/technet/tcevents/itevents

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:19
posted:5/22/2012
language:English
pages:38