Download presentation
Presentation is loading. Please wait.
1
Module 1: Introduction to Active Directory
2
Overview Introduction to Active Directory
Active Directory Logical Structure Role of DNS in Active Directory Active Directory Physical Structure Methods for Administering a Windows 2000 Network
3
Introduction to Active Directory
What Is Active Directory? Active Directory Objects Active Directory Schema Lightweight Directory Access Protocol (LDAP)
4
What Is Active Directory?
Directory Service Functionality Centralized Management Organize Manage Control Single point of administration Full user access to directory resources by a single logon Resources
5
Active Directory Objects
Attributes First Name Last Name Logon Name Printer Name Printer Location Active Directory Printers Printer1 Printer2 Suzan Fine Users Don Hall Attribute Value Objects Printer3 Objects Represent Network Resources Attributes Store Information About an Object
6
Active Directory Schema
Objects Class Examples Active Directory Schema Is: Dynamically Available Dynamically Updateable Protected by DACLs Attribute Examples Computers Attributes of Users Might Contain: List of Attributes accountExpires department distinguishedName middleName accountExpires department distinguishedName directReports dNSHostName operatingSystem repsFrom repsTo middleName … Users Printers
7
DNS and Active Directory Namespaces
DNS Namespace Internet “.” (DNS root domain) com. Active Directory Namespace microsoft microsoft.com training sales training. microsoft.com sales. microsoft.com computer1 = DNS node (domain or computer) = Active Directory domain
8
Lightweight Directory Access Protocol (LDAP)
LDAP Provides a Way to Communicate with Active Directory by Specifying Unique Naming Paths for Each Object in the Directory LDAP Naming Paths Include: Distinguished names Relative distinguished names CN=Suzan Fine,OU=Sales,DC=contoso,DC=msft Suzan Fine
9
Active Directory Logical Structure
Domains Organizational Units Trees and Forests Global Catalog
10
Domains A Domain Is a Security Boundary
A domain administrator can administer only within the domain, unless explicitly granted administration rights in other domains A Domain Is a Unit of Replication Domain controllers in a domain participate in replication and contain a complete copy of the directory information for their domain Windows 2000 Domain Replication User1 User2 User1 User2
11
Network Administrative Model Organizational Structure
Organizational Units Network Administrative Model Organizational Structure Sales Vancouver Users Sales Computers Repair Use OUs to Group Objects into a Logical Hierarchy That Best Suits the Needs of Your Organization Delegate Administrative Control over the Objects Within an OU by Assigning Specific Permissions to Users and Groups
12
Two-Way Transitive Trust Two-Way Transitive Trusts
Trees and Forests contoso.msft (root) Two-Way Transitive Trust Two-Way Transitive Trusts au. nwtraders.msft asia. Forest Tree au. contoso.msft asia. Tree
13
Subset of the Attributes of All Objects
Global Catalog Domain Subset of the Attributes of All Objects Domain Global Catalog Server Global Catalog Queries Group membership when user logs on
14
Introduction to the Role of DNS in Active Directory
Name Resolution DNS translates computer names to IP addresses Computers use DNS to locate each other on the network Naming Convention for Windows 2000 Domains Windows 2000 uses DNS naming standards for domain names DNS domains and Active Directory domains share a common hierarchical naming structure Locating the Physical Components of Active Directory DNS identifies domain controllers by the services they provide Computers use DNS to locate domain controllers and global catalog servers
15
DNS Host Names and Windows 2000 Computer Names
DNS host record and Active Directory object represent the same physical computer DNS allows computers to locate domain controllers within Active Directory “.” com. Active Directory microsoft training.microsoft.com Builtin Computers Computer1 Computer2 sales training computer1 FQDN = computer1.training.microsoft.com Windows 2000 Computer Name = Computer1
16
DNS Requirements for Active Directory
DNS Requirements to Support Active Directory Support for SRV records (mandatory) Support for the dynamic update protocol (recommended) Support for incremental zone transfers (recommended)
17
What Is a Tree? Parent Domain contoso.msft Child Domain
Tree Root Domain Parent Domain contoso.msft Child Child Domain sales.contoso.msft New Domain Contiguous Namespace sales.contoso.msft
18
What Is the Forest Root Domain?
The Forest Root Domain Is the First Domain Created in a Forest contoso.msft Forest Forest Root Domain nwtraders.msft Tree Tree Root Domain Global Catalog Configuration and Schema Enterprise Admins Schema Admins marketing.nwtraders.msft sales.contoso.msft
19
Characteristics of Multiple Domains
Reduce Replication Traffic Maintain Separate and Distinct Security Policies Between Domains Preserve the Domain Structure of Earlier Versions of Windows NT Separate Administrative Control
20
Active Directory Physical Structure
Domain Controllers Sites
21
Domain Controllers Domain Controllers:
Participate in Active Directory replication Perform single master operations roles in a domain Domain Controller Domain Replication User1 User2 = A Writeable Copy of the Active Directory Database
22
Sites Site Sites: Optimize replication traffic
Los Angeles Seattle Chicago New York Site IP subnet Sites: Optimize replication traffic Enable users to log on to a domain controller by using a reliable, high-speed connection
23
Introduction to Active Directory Replication
Domain Controller B Domain Controller C Domain Controller A Multimaster Replication with a Loose Convergence
24
Replication Components and Processes
How Replication Works Replication Latency Resolving Replication Conflicts Optimizing Replication
25
How Replication Works Active Directory Update Replication Add Modify
Originating Update Domain Controller A Domain Controller B Domain Controller C Replicated Update Add Modify Move Delete
26
Replication Latency Default Replication Latency (Change Notification) = 5 minutes When No Changes, Scheduled Replication = One Hour Urgent Replication = Immediate Change Notification Replicated Update Change Notification Domain Controller B Replication Originating Update Domain Controller A Change Notification Replicated Update Domain Controller C
27
Resolving Replication Conflicts
Domain Controller A Domain Controller B Stamp Stamp Originating Update Originating Update Conflict Conflict Version Number Timestamp Server GUID Stamp Conflicts Can Be Due to: Attribute Value Adding/Moving Under a Deleted Container Object or the Deletion of a Container Object Sibling Name
28
Optimizing Replication
Domain Controller B GUID USN Up-To-Dateness Vector GUID USN Update Replicated Update Originating Update Domain Controller A Update GUID USN Domain Controller C Replicated Update
29
Replication Topology Directory Partitions
What Is Replication Topology? Global Catalog and Replication of Partitions
30
Active Directory Database
Directory Partitions Directory Partitions Schema Contains definitions and rules for creating and manipulating all objects and attributes Forest Configuration Contains information about Active Directory structure contoso.msft Holds information about all domain-specific objects created in Active Directory Domain Active Directory Database
31
What Is Replication Topology?
Domain Controllers from the Same Domains Domain A Topology Schema/Configuration Topology B2 A2 A1 B1 B3 A4 A3 Domain Controllers from Different Domains Domain A Topology Domain B Topology Schema/Configuration Topology
32
What Is Replication Topology?
B2 B1 A3 A3 A4 A4 B3 Domain Controllers from Different Domains Domain Controllers from the Same Domains Domain A Topology Domain B Topology Schema/Configuration Topology Domain A Topology Schema/Configuration Topology
33
Using Active Directory for Centralized Management
OU1 Domain Computers Users OU2 Printers Computer1 User1 Printer1 User2 Search Active Directory: Enables a single administrator to centrally manage resources Allows administrators to easily locate information Allows administrators to group objects into OUs Uses Group Policy to specify policy-based settings
34
Managing the User Environment
Windows 2000 Enforces Continually Apply Group Policy Once 1 2 3 Domain OU1 OU2 OU3 Use Group Policy to: Control and lock down what users can do Centrally manage software installation, repairs, updates, and removal Configure user data to follow users whether they are online or offline
35
Delegating Administrative Control
Domain Admin1 Admin2 Admin3 OU2 OU3 OU1 Assign Permissions: For specific OUs to other administrators To modify specific attributes of an object in a single OU To perform the same task in all OUs Customize Administrative Tools to: Map to delegated administrative tasks Simplify interface design
36
Review Introduction to Active Directory
Active Directory Logical Structure Role of DNS in Active Directory Active Directory Physical Structure Methods for Administering a Windows 2000 Network
Similar presentations
