Docstoc

Chapter 10 Windows Server 2003 Part II.ppt - St. Ambrose University

Document Sample
Chapter 10 Windows Server 2003 Part II.ppt - St. Ambrose University Powered By Docstoc
					      Chapter 10
Networking With Windows
         Part II
                    Domains
   A domain is a logical group of
    computers

       Characterized by centralized authentication
        and administration

       Requires at least one system configured as
        a domain controller


                                                      2
                 Member Servers
   A member server
       Has an account in a domain
       Is not configured as a domain controller
       Typically used for file, print, application, and host
        network services
       All 4 Windows Server 2003 Editions can be configured
        as member servers




                                                            3
                   Windows NT

   Primary Domain Controller (PDC)
       Read/Write copy of Security Accounts
        Manager (SAM)
   Backup Domain Controller (BDC)
       Read only replica copy of SAM
   Trust relationships explicitly setup
       Not transitive

                                               4
                    NT — Domains
   NT uses the concept of a domain to manage global
    access rights within groups.
   A domain is a group of machines running NT server that
    share a common security policy and user database.
   NT provides four domain models to manage multiple
    domains within a single organization.
       Single domain model, domains are isolated.
       Master domain model, one of the domains is designated the
        master domain.
       Multiple master domain model, there is more than one master
        domain, and they all trust each other.
       Multiple trust model, there is no master domain. All domains
        manage their own users, but they also all trust each other.


                                                                       5
          Single domain model
Simplest Windows NT domain
  model

One domain that services
 every user and resource




                                6
                Master domain model

–Uses a single domain to exert control over user account information
–Separate resource domains manage resources such as networked printers




                                                                         7
           Trust Relationships

   Trusts provide access to resources in
    domains where users don’t have accounts.
   Trusts are a logical link between domains.
   Trust relationships can be one way or bi-
    directional.
   It is possible to establish multiple trusts
    with multiple domains.

                                              8
     Types of Trust Relationships

   Three types of trust relationships
       Intransitive Trusts (one way trusts)
       Transitive Trusts
       Explicit Trusts




                                               9
Trust Relationships




                      10
    Differences between Domains
   Windows NT 4.0 Servers
       Must have a ―Master‖ computer acting as the Primary
        Domain Controller (PDC)
       Can have secondary computers acting as Backup
        Domain Controllers (BDC)
       Once Server is established as a Domain Controller, it
        cannot be shifted to another Domain
       Domains are limited to 40,000 entries (i.e. Users,
        Groups, etc.)


                                                            11
Introduction to Active Directory
   Composed of two components:
       Active Directory Data Store – ntds.dit
       Active Directory Service
   Conforms to industry standard - LDAP
   Three Primary Purposes for Active Directory
       Provide User Logon & Authentication Services
       Enable Administrators to organize and manage user
        accounts, groups and network resources
       Enable authorized users to easily locate network
        resources regardless of where they are located on
        the network.
                                                        12
    Differences between Domains

   Windows 2000+ Servers
       Domain controller(s) maintain the Active Directory
        data store
            Multimaster Model
       Automatic Two Trusts between Domains in the same
        Tree
       Domain controllers can shift between domains
       Windows 2000 Domains do not have the limitation on
        entries that NT 4.0 Domains experience.


                                                             13
             Tightened Security

   Optional services turned off by default
   NTFS
       Everyone Group permissions
   Trustworthy Computing Initiative




                                              14
      Active Directory Structure

   Logical structure
   Physical structure




                                   15
                    Logical Structure
   Forests                                Objects
   Trees                                      Computers
                                                Users
    Domains
                                            

                                               Groups
   Organizational Units                       Domain Controllers
    (OUs)                                      Shared Folers
       Organizational Structure               Printers
       Similar Policies, Security or
        other characteristics
       Project or Business Process
       Users, Computers, other
        resources


                                                                     16
                Logical Structure

   Tree
       Related Domains
       Transitive trust between all member Domain
       Contiguous Name Space
       Global Catalog of Objects
          Authentication
          Lookup and Access to Resources

          AD Replication Key attributes



                                                     17
Trees




        18
                  Forests

   One or more sets of trees
   Disjointed (non-contiguous) namespaces
    between trees
   Trust relationships between Forest not
    transitive
   Common schema
   Global catalog

                                             19
                    The Forest
Established by creating a Trust relationship between trees




                                                             20
Forest to Forest Trusts




                          21
              Physical Structure

   Domain controllers
   Sites
       Well defined LAN usually a subnet
       May be connected by a WAN link




                                            22
            Domain Controllers
   Explicitly configured to store a copy of Active
    Directory
   Service user authentication requests
   Service queries about domain objects
   May be a dedicated server but is not required to
    be




                                                   23
              Computer Accounts
   Assigned in Windows NT, 2000, XP, and 2003
   Assigned when joining a domain
   Method for authentication and access auditing
   Accounts are represented as computer objects
   Accounts can be viewed using administrative
    tools
       e.g., Active Directory Users and Computers



                                                     24
  Using Active Directory Users and
Computers to View a Computer Object




                                      25
                   Managing Users
   User accounts
       Creation, maintenance, passwords
       Home Directories
       Group Membership
       Remote Access
       Profiles
            Local
            Roaming
            Mandatory


                                           26
Managing Users




                 27
                  Managing Groups

   Group accounts
       Security Groups
            Assign network rights and permissions to multiple
             users
       Distribution Groups
            Support e-mail distribution lists




                                                                 28
Managing Groups




                  29
               Group Scope
                               Resource
   Scope         Membership
                                Access

   Global       Same Domain   Any Domain

                 Any Domain
Domain Local     (DL’s same   Same Domain
                  Domain)
                 Any Domain
 Universal                    Any Domain
                  (No DL’s)
                                          30
   Schema
       All Domains in Forest / Tree share a common schema
       Defines Objects the AD can contain
       Defines available object attributes
       Extensible
   Global Catalog
       Used for logon and finding resources
       Single GC for the entire Forest
       Can have multiple GC servers
       Replica of all Domain Objects
       Subset of frequently used attributes


                                                         31
32

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:28
posted:1/8/2011
language:English
pages:32