Presentation is loading. Please wait.

Presentation is loading. Please wait.

Working with domains and Active Directory

Published byLogan Kennedy Modified over 8 years ago

Similar presentations

Presentation on theme: "Working with domains and Active Directory"— Presentation transcript:

1 Working with domains and Active Directory
Ch 8-1 Working with domains and Active Directory

2 Objectives Introduction to domains and domain controllers
Pros and cons of using domains Factors to choose between domains and workgroup Domains, subdomains, trees and forests

3 Introduction to domains
The main reason to choose building a network , either workgroup or domain, is to have control over what users can and cannot do on the network Using a workgroup , the administrator have to configure the settings(security and file sharing permissions ) on each machine individually Using a domain one machine called a Domain Controller is responsible for security and permissions

4 Introduction to domains
Windows Server 2008 supports two kinds of network using two different server configurations: for smaller numbers of users,it relies on the workgroup for larger numbers of users,it relies on the domain The same machine can act as either a workgroup server or a domain server Having a domain server means that this server is responsible for dealing with security and permissions on the network

5 Advantages of using a Domain
Better security Centralization of control over users, machines, and resources Improved organizational capability Enhanced performance through efficient resource usage better reliability on large networks

6 Cost of using domains Increased complexity, which can increase administration time and result in more errors Loss of certain Windows Server 2008 features, such as Internet Connection Sharing (ICS) Required use of some features, such as Active Directory Significantly increased training costs

7 Factors to choose between a domain or workgroup
The number of users Application types, such as databases, require better security and control, which means that you may need a domain with fewer users. High-security applications normally require a domain no matter how few or many users Shared resource applications, such as word processing, don’t require a domain in most cases unless you have a large number of users that must collaborate on content.

8 Factors to choose between a domain or workgroup
Services such as file sharing and printing don’t usually require a domain. Power users generally work better in a workgroup setup. Novice users may not require a domain, but the domain environment can sometimes prevent them from making as many mistakes. Networks with high growth rates may not require a domain today, but will likely need one tomorrow

9 Domain controller The decision to create a domain means promoting the server to a domain controller Domain controllers (DCs): Servers that have the Active Directory Directory Services (AD DS) server role installed and the same Active Directory information is replicated to every DC. Multimaster replication Each DC is equal to every other DC in that it contains the full range of information that composes Active Directory If information on one DC changes, such as the creation of an account, it is replicated to all other DCs in a process called multimaster replication. In case of DC failure, users can still access resources

10 Active Directory Basics
Directory service that contains information about all network resources such as servers, printers, user accounts, groups of user accounts, security policies, and other information Directory service Responsible for providing: a central listing of resources and ways to quickly find and access specific resources and for providing a way to manage network resources AD DS is like a central management center for a Windows Server network.

11 Schema Active Directory schema User account
Part of AD DS , It is simply a database of how data is stored in the domain controller and what information is stored in the domain controller about users and computers and other objects in the network. User account One class of object in Active Directory that is defined through schema elements unique to that class Foe example for the user accounts schema there will be user names and password and address Schemas are expandable , you can add more data when needed

12 Hands-On Microsoft Windows Server 2008

13 Groups and permissions
Security is the main issue when managing user accounts in the active directory Instead of giving certain permissions to each account individually it is better to create Groups to deal with security With groups the administrator can add the permissions to different resources on the network one time and then assign users to be a member of the groups

14 Organizational Unit Organizational unit (OU)
Offers a way to achieve more flexibility in managing the resources associated with a business unit, department, or division Than is possible through domain administration alone An OU is a grouping of related objects within a domain similar to the idea of having subfolders within a folder OUs allow the grouping of objects so that they can be administered using the same group policies OUs can be nested within Ous Groups are made of users OUs are made of groups , users and other resources such as printers

15 Organizational Unit (continued)
When you plan to create OUs, keep three concerns in mind: Microsoft recommends that you limit OUs to 10 levels or fewer Active Directory works more efficiently when OUs are set up horizontally instead of vertically The creation of OUs involves more processing resources because each request through an OU requires CPU time

16 The Domain The Domain is basically all the computers and users and objects that are tied to the domain controller AD DS On a local area network (LAN), a domain is a sub-network made up of a group of clients and servers under the control of one central security database On the Internet, a domain is part of every network address, including web site addresses, addresses

17 Sub domain  A sub domain is a domain that is part of a larger domain; the only domain that is not also a sub domain is the root domain Example: googel.com, europe.google.com When you create sub domains from the original domain we will have what is called “a Tree”

18 Namespace Namespace A logical area on a network that contains directory services and named objects Active Directory employs two kinds of namespaces: contiguous and disjointed A contiguous namespace is one in which every child object contains the name of the parent object, such as in the example of the child object msdn2.microsoft.com and its parent object microsoft.com When the child name does not resemble the name of its parent object, this is called a disjointed name space, such as when the parent for a university is uni.edu, and a child is bio.ethicsresearch.com.

19 Tree Tree Tree has the following characteristics:
Contains one or more domains that are in a common relationship Tree has the following characteristics: Domains are represented in a contiguous namespace and can be in a hierarchy Two-way trust relationships exist between parent domains and child domains All domains use the same global catalog

20 Forest Forest Forests have the following characteristics:
Consists of one or more Active Directory trees that are in a common relationship Forests have the following characteristics: The trees can use a disjointed namespace Two-way transitive trusts are automatically configured between domains within a single forest

21 Hands-On Microsoft Windows Server 2008

22 Forest (continued) Forest provides a means to relate trees that use a contiguous namespace in domains within each tree But that have disjointed namespaces in relationship to each other The advantage of joining trees into a forest is that all domains share the same schema and global catalog

23 Forest (continued) Hands-On Microsoft Windows Server 2008

24 Global Catalog Global catalog
Stores information about every object within a forest Store a full replica of every object within its own domain and a partial replica of each object within every domain in the forest The first DC configured in a forest becomes the global catalog server The global catalog server enables forest-wide searches of data Hands-On Microsoft Windows Server edited by Nada Almohaimeed

25 Homework Download homework 8-1 from the site , solve it, PRINT IT and submit it on the due date

Download ppt "Working with domains and Active Directory"

Similar presentations

Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
1 Active Directory (Week 8, Monday 2/26/2007) © Abdou Illia, Spring 2007.

1 Active Directory (Week 8, Monday 2/26/2007) © Abdou Illia, Spring 2007.
Introduction to Active Directory

Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
1 Chapter 1 Introduction to Windows Server 2003. 2 Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.

1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.

Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Active Directory

Module 1: Introduction to Active Directory
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008

Similar presentations

Ads by Google