Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Microsoft Windows Server 2008 Chapter 4-Part 1 Introduction to Active Directory and Account Manager.

Published byCharles Wilcox Modified over 8 years ago

Similar presentations

Presentation on theme: "Hands-On Microsoft Windows Server 2008 Chapter 4-Part 1 Introduction to Active Directory and Account Manager."— Presentation transcript:

1 Hands-On Microsoft Windows Server 2008 Chapter 4-Part 1 Introduction to Active Directory and Account Manager

2 Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 2 Objectives Understand Active Directory basic concepts Install and configure Active Directory Implement Active Directory containers

3 Introduction to Active Directory (AD) As the nerve system controls everything in human body, Active Directory coordinates servers, client computers, printers, shared files, and other resources in a Windows Server 2008 network. Active Directory also secures network resources. Active Directory accomplishes all its tasks by providing a hierarchy of management elements that enable you to organize resources. Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 3

4 4 Active Directory Basics What is Active Directory (AD)? Directory service that houses information about all network resources such as servers, printers, user accounts, groups of user accounts, security policies, and other information Active Directory also referred to as Active Directory Domain Services or AD DS. Responsible for providing a central listing of resources and ways to quickly find and access specific resources and for providing a way to manage network resources

5 Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 5 Active Directory Basics (continued) Windows Server 2008 uses Active Directory to manage accounts, groups, and many more network management services Domain controllers (DCs) –Servers that have the AD DS server role installed –Contain writable copies of information in Active Directory

6 Domain Controller Replication In Windows Server 2008, each DC is equal to every other DC in which it contains all information that composes Active Directory. If information on one DC changes it is replicated to all other DCs. This process is called multimaster replication. The advantage of this approach is that if one DC fails, Active Directory could be accessed from other DCs Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 6

7 Domain Controller Replication In Windows Server 2008 Allows you to: 1.Set how replication of AD information to occur: At a fixed interval Or as soon as an update occurs. 2.Determine how much of AD is replicated each time it is copied from one DC to another. Active Directory is built to make replication efficient so that it transports as little as possible. Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 7

8 8 Active Directory Basics (continued) Object –Object is every resource contained in the domain (such as User-Printer-Scanner) –Object is associated to a particular domain –Every object has a globally unique identifier (GUID), which is a unique number associated with it.

9 Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 9

10 Schema –AD schema defines the objects and the information associated to those objects stored in AD. –Schema is a small database of information associated with that object, including the object class and its attributes. Example: Object std from class Student and its attributes (F_Name, L_Name,Address,City) – Schema information for objects in a domain is replicated on every DC. Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 10

11 Global catalog The global catalog stores information about every object within a forest. The first DC configured in a forest becomes the global catalog server. The global catalog server will store a full copy of every object within its own domain and a partial copy of each object within every domain in the forest Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 11

12 Global catalog The global catalog serves the following purposes: –Authenticating users when they log on –Providing lookup and access to all resources in all domains –Providing replication of key Active Directory elements –Keeping a copy of the most used attributes for each object for quick access Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 12

13 Namespace Active Directory uses Domain Name System (DNS), which means there must be a DNS server on the network that AD can access DNS is a TCP/IP-based name service that converts computer and domain host names to dotted decimal addresses (IP address) and vice versa, through a process called name resolution. Namespace is a logical area on a network that contains directory services and named objects, and that has the ability to perform name resolution. Active Directory depends on one or more DNS servers to resolve names in a designated logical DNS names Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 13

14 Namespaces Contiguous namespace is one in which every child object contains the name of the parent object. –Example: object msdn2.microsoft.com and its parent object microsoft.com. Disjointed namespace When the child name does not resemble the name of its parent object. –Example: when the parent for a university is uni.edu, and a child is bio.ethicsresearch.com. Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 14

15 Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 15

16 Forest At the highest level in an Active Directory design is the forest. A forest consists of one or more AD trees that are in a common relationship and that have the following features: 1.The trees can use a disjointed namespace. 2.All trees use the same schema. 3.All trees use the same global catalog. Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 16

17 Forest 4.Domains enable administration of commonly associated objects, such as accounts and other resources, within a forest. 4.Two-way transitive trusts (resources shared equally) are automatically configured between domains within a single forest. Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 17

18 Forest Functional Levels The forest functional level refers to the Active Directory functions supported forest-wide. Windows Server 2008 Active Directory recognizes three types of forest functional levels: –Windows 2000 Native forest functional level- Provides AD functions compatible with a network that has a combination of Windows 2000,2003 and 2008 DCs. Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 18

19 Forest Functional Levels –Windows Server 2003 forest functional level—Intended for Windows Server 2003 & 2008 DCs only and enables more forest management functions. –Windows Server 2008 forest functional level—Contains only Windows Server 2008 domain controllers. Currently this level has no more functional features than in the Windows Server 2003 forest functional level. New features could be added later. Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 19

20 Tree A tree contains one or more domains that are in a common relationship, it has the following features: –Domains are represented in a contiguous namespace and can be in a hierarchy. –Two-way trust exist between parent & child domains. –All domains in a single tree use the same schema. –All domains use the same global catalog. Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 20

21 Domains A domain is a grouping of objects that typically exists as a primary container within Active Directory. Domain usually represents how a business, government, or school is organized, The basic functions of a domain are as follows: –To provide an AD ‘‘partition’’ in which to contain objects, such as accounts and groups, that have a common relationship, particularly in terms of management and security –To facilitate management of a set of objects Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 21

22 Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 22 Domain Objects Domain Controller Active Directory

23 Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 23 Organizational Unit Organizational unit (OU) –An OU is a grouping of related objects within a domain –OUs allow the grouping of objects so that they can be administered using the same group policies –OUs similar to the idea of having subfolders within a folder. –OUs can be used to reflect the structure of the organization without having to completely restructure the domain(s) when that structure changes. OUs can be nested within OUs

24 Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 24 Organizational Unit (continued) When you plan to create OUs, keep the following concerns in mind: –Microsoft recommends that you limit OUs to 10 levels or fewer –Active Directory works more efficiently when OUs are set up horizontally instead of vertically. How? –The creation of OUs involves more processing time.

25 Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 25 Active Directory Guidelines 1.Above all, keep Active Directory as simple as possible –Plan its structure before you implement it 2.Implement the least number of domains possible –With one domain being the ideal and building from there 3.Implement only one domain on most small networks

26 Active Directory Guidelines 6.Use OUs to reflect the organization’s structure 7.Create only the number of OUs that are absolutely necessary 8.Do not build an AD with more than 10 levels of OUs 9.Implement multiple trees and forests only as necessary. Hands-On Microsoft Windows Server 2008 - Edited by Maysoon Al-Duwais 26

Download ppt "Hands-On Microsoft Windows Server 2008 Chapter 4-Part 1 Introduction to Active Directory and Account Manager."

Similar presentations

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
1 Active Directory (Week 8, Monday 2/26/2007) © Abdou Illia, Spring 2007.

1 Active Directory (Week 8, Monday 2/26/2007) © Abdou Illia, Spring 2007.
Introduction to Active Directory

Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
1 Chapter 1 Introduction to Windows Server 2003. 2 Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.

1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.

Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Active Directory

Module 1: Introduction to Active Directory
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008

Similar presentations

Ads by Google