Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Directory Fundamentals Thomas Lee Chief Technologist QA

Published byDrew Bevill Modified over 9 years ago

Similar presentations

Presentation on theme: "Active Directory Fundamentals Thomas Lee Chief Technologist QA"— Presentation transcript:

1 Active Directory Fundamentals Thomas Lee Chief Technologist QA thomas.lee@qa.com

2 What we will cover:  Domain, Trees, Forests  Domain Controllers, Sites  The Domain Naming Service  Replication  Operations Masters  Lots of demos….

3 Prerequisite Knowledge  Understanding of what a directory service is  Networking skills! Level 200+

4 Agenda  Active Directory Logical Concepts  Active Directory Physical Concepts  DNS  Replication  Operations Masters

5 Active Directory Logical Concepts Domains  Boundary of Security  NOT!!!  Boundary of Authentication  Boundary of Replication  Domain NC Replication  Boundary of DNS Namespace  Boundary of Administration KAPOHO.NET

6 Active Directory Logical Concepts Trees  Hierarchy of Domains forming a contiguous DNS namespace  Transitive Trust Relationships between domains  All domains in a Tree share:  Schema  Configuration  Global Catalog KAPOHO.NET EUROPE.KAPOHO.NET HAWAII.KAPOHO.NET MAUI.HAWAII.KAPOHO.NET

7  Hierarchy of Domains forming a contiguous or disjoint namespace  Transitive Trust Relationships  All Domains in a Forest share:  Schema  Configuration  Global Catalog PSP.CO.UK KAPOHO.NET HAWAII.KAPOHO.NET Active Directory Logical Concepts Forests

8  Containers within Domains  Distinct Units of Administration  Unique to Domains  Two main uses:  Delegation  Policies Active Directory Logical Concepts Organizational Units

9 Agenda  Active Directory Logical Concepts  Active Directory Physical Concepts  DNS  Replication  Operations Masters

10 Active Directory Physical Concepts Domain Controllers Primary Domain Controller (PDC) Backup Domain Controller (BDC) Domain Controllers (DC)

11  What is a Site?  A set of well-connected IP subnets  Site Usage  Locating Services (e.g. Logon, DFS)  Replication  Group Policy Application  Sites are connected with Site Links  Connects two or more sites Active Directory Physical Concepts Sites

12 Active Directory Physical Concepts Site Topology Company.com america.company.com europe.company.com DC Site A Site B Site C DC GC DC DC = Domain Controller GC = Global Catalog

13  Partial Replica of all Objects in the Forest  Configurable subset of Attributes  Fast Forest-wide searches  Required at Logon for Universal Group Membership  Win2k3 – Universal Group Caching Active Directory Physical Concepts Global Catalog

14 Agenda  Active Directory Logical Concepts  Active Directory Physical Concepts  DNS  Replication  Operations Masters

15 DNS  DNS is fundamental to AD  No DNS == No AD  Even on a single server!  You have options over:  DNS Topology  DNS Namespace  DNS Server

16  SRV Records to locate services (req’d.)  DDNS for Dynamic Update (desired)  Windows 2000 and up, DNS also provides:  Incremental Zone Transfer  Active Directory Integrated  Single replication topology  Multi-master replication  Secure Dynamic update Tip: Use the latest version of BIND! DNS DNS

17 DNS DNS Implementations  No existing DNS infrastructure  Deploy Microsoft DNS  Existing DNS meets requirements  Existing DNS not adequate:  Choice 1: Update Server  Choice 2: Migrate to Microsoft DNS  Choice 3: Delegate a subdomain to Microsoft DNS

18 Agenda  Active Directory Logical Concepts  Active Directory Physical Concepts  DNS  Replication  Operations Masters

19  Naming Contexts that are replicated  Schema Naming Context  Configuration Naming Context  Domain Naming Context  Multi-Master Replication  Intra-site Bi-directional Ring Topology  Inter-site Spanning Tree Topology  Synchronous RPC over TCP/IP  Asynchronous SMTP Replication Replication Details

20  Schema  Definitions of attributes  Replicated to all DCs in the forest  Configuration  AD Structure (domains, sites, and where the DCs are)  Replicated to all DCs in the forest  Domain  Domain specific objects (users, groups, computers, and OUs)  Replicated to all DCs in its domain Replication Naming Contexts

21  Intra-Site Replication: AD replication between DCs within a Site  Inter-site Replication: AD replication between Sites Replication Replication Topologies

22  RPC Replication in a Site  No compression  Assumes good network connections  Uses notification process  5 minutes-2k  Less – 2k3  KCC Generates a bi-directional Ring with extra edges Tip: Always let KCC generate the intra-site replication topology when possible Replication Intra-Site Replication

23  Replication between Sites  DS-RPC (RPC over IP) or SMTP Transports  SMTP can be used only between  GCs across Sites  DCs of different domains and in different sites  Compression  10%-20% of original size  Scheduled Replication Inter-Site Replication

24  Site Links link two or more sites  Cost and schedules can be specified  Transitive (can be disabled)  Site-Link Bridges  Bridge two or more site links  Bridgehead servers  KCC generates a minimum cost spanning tree Tip: Always let KCC generate the replication topology Replication Site-Links, Bridges and Bridgehead Servers

25 Agenda  Active Directory Logical Concepts  Active Directory Physical Concepts  DNS  Replication  Operations Masters

26  Schema  Perform updates to schema  Sends updates to all DCs  One per forest  Default is the first DC installed  Domain  Performs add/remove of domains and cross-references to external DS  One per forest  Default is the first DC installed Operations Masters Schema and Domain

27  Primary Domain Controller (PDC)  Acts as a PDC for requests from NT clients  One per domain  Relative Identifier (RID)  Generates pools of security identifiers to be distributed to DCs in the domain  One per domain  Infrastructure  updates SIDs and domains that are moved in and out of the domain Operations Masters PDC, RID and Infrastructure

28 Summary  There are Logical and Physical concept  DNS  Plenty of Information

29 For More Information…  Main TechNet Web site at www.microsoft.com/technet  Additional resources to support this Session page can be found at www.microsoft.com/technet/tnt1-98

30 MS Press Inside information for IT Professionals To find the latest IT Professional related titles visit www.microsoft.com/learning/it/books

31 Third Party Publications Supplementary Publications for IT Pros These books can be found and purchased at all good book stores and on-line retailers

32 Microsoft Learning Training Resources for IT Professionals  Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure  Course Number: 2279  Availability: Now  Detailed Syllabus: www.microsoft.com/learning To locate a training provider, please access www.microsoft.com/learning Microsoft Certified Technical Education Centers are Microsoft’s premier partners for training services QA Special Offer on ALL IT Professional Training 50% off – all QA courses running 1 st Week in January 2005 40% off all other courses running in January 2005 www.qa.com/course/specialofferdetails.aspx?code=xmasbonus

33 Assess your Readiness Microsoft Skills Assessment What is Microsoft Skills Assessment?  Self-study learning tool to evaluate readiness for product and technology solutions, instead of job-roles (certification)  Windows Server 2003, Exchange Server 2003, Windows Storage Server 2003, Visual Studio.NET, Office 2003  Free, online, unproctored, and available to anyone  Answers, “Am I ready?”  Determines skills gaps, provides learning plans with Microsoft Official Curriculum courses, plus more Microsoft learning content suggestions such as TechNet resources  Post your High Score to see how you stack up  visit http://www.microsoft.com/assessment http://www.microsoft.com/assessment

34 Become a Microsoft Certified Systems Administrator (MCSA)  What is the MCSA certification?  For IT professionals who manage and maintain networks and systems based on the Microsoft Windows Server operating system  How do I become an MCSA on Microsoft Windows 2000?  Pass 3 core exams  Pass 1 elective exam or 2 CompTIA certifications  Where do I get more information?  For more information about certification requirements, exams, and training, visit www.microsoft.com/mcsa

35 Become A Microsoft Certified Systems Engineer (MCSE)  What is the MCSE certification?  Premier certification for IT professionals who analyze the business requirements and design, plan, and implement the infrastructure for business solutions based on the Microsoft Windows Server System integrated server software.  How do I become an MCSE on Microsoft Windows 2003?  Pass 6 core exams  Pass 1 elective exams from a comprehensive list  Where do I get more information?  For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcse www.microsoft.com/mcse

36 Demonstrate Your Security or Messaging Specialization  What are MCSA/MCSE specializations?  MCSA and MCSE specializations allow IT professionals to highlight specific expertise or technical focus within their job role.  What specializations are available?  MCSA: Security  MCSA: Messaging  MCSE: Security  MCSE: Messaging  Where do I get more information?  For more information about MCSA and MCSE specialization requirements, exams, and training options, visit www.microsoft.com/mcsa or www.microsoft.com/mcse www.microsoft.com/mcsawww.microsoft.com/mcse www.microsoft.com/mcsawww.microsoft.com/mcse

37 What is TechNet?  Put the right answers at your fingertips  TechNet is the comprehensive collection of resources to help IT implementers plan, deploy, and manage Microsoft products successfully  Monthly updates delivered on DVD or CD  The definitive resource to help you evaluate, deploy and maintain Microsoft products TechNet Subscription  Accessible at www.microsoft.com/technet www.microsoft.com/technet  Online resources and community  Subscriber-only Online Services TechNet Web Site  Bi-weekly e-newsletter  Security updates, new resources, and special offers TechNet Flash  Briefings on the latest Microsoft products and technologies  Hands-on, “how to” information TechNet Events and Web Casts  User Groups  Managed Newsgroups TechNet Communities

38 Where Can I Get TechNet?  Visit TechNet Online at www.microsoft.com/technet  Register for the TechNet Flash www.microsoft.com/technet/subscriptions/flash.asp  Join the TechNet Online forum at www.microsoft.com/technet/itcommunity  Become a TechNet Subscriber at www.microsoft.com/technet/buynow/subscribe  Attend More TechNet Events or view on-line www.microsoft.com/technet/tcevents/itevents

39

Download ppt "Active Directory Fundamentals Thomas Lee Chief Technologist QA"

Similar presentations

Active Directory Fundamentals

Active Directory Fundamentals
Implementing and Administering AD DS Sites and Replication

Implementing and Administering AD DS Sites and Replication
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter

Understanding Group Policy on Windows Server 2003 Michael J. Murphy TechNet Presenter
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Introduction to Active Directory

Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
CS603 Active Directory February 1, 2001.

CS603 Active Directory February 1, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Windows Server 2008 Network Access Protection (NAP) Technical Overview.

Windows Server 2008 Network Access Protection (NAP) Technical Overview.
Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.

Making Identity and Access Management Real – The Early Days Brian Lauge Pedersen Senior Technology Specialist.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
TNT1-101. Welcome to this evening’s TechNet Event We would like to bring your attention to the key elements of the TechNet programme; the central information.

TNT Welcome to this evening’s TechNet Event We would like to bring your attention to the key elements of the TechNet programme; the central information.
TNT1-101. Microsoft Exchange Server 2003 Disaster Recovery Michael J. Murphy TechNet Presenter

TNT Microsoft Exchange Server 2003 Disaster Recovery Michael J. Murphy TechNet Presenter
TNT1-145. Welcome to this TechNet Event We would like to bring your attention to the key elements of the TechNet programme; the central information and.

TNT Welcome to this TechNet Event We would like to bring your attention to the key elements of the TechNet programme; the central information and.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

Similar presentations

Ads by Google