Overview of Active Directory Domain Services Lesson 1

Chapter Objectives Identify Active Directory functions and Benefits. Identify the major components that make up an Active Directory structure. Identify how DNS relates to Active Directory. Identify Forest and Domain Functional Levels.

Active Directory A directory service that uses the “tree” concept for managing resources on a Windows network. Stores information about the network resources and services, such as user data, printer, servers, databases, groups, computers, and security policies. Identifies all resources on a network and makes them accessible to users and applications.

Active Directory Used in: – Windows 2000 – Windows Server 2003 – Windows Server 2008 Subsequent versions of Active Directory have introduced new functionality and security features.

Active Directory Windows Server 2008 provides two directory services: – Active Directory Domain Services (AD DS) – Active Directory Lightweight Directory Services (AD LDS)

Domain Controller (DC) Server that stores the Active Directory database and authenticates users with the network during logon. Stores database information in a file called ntds.dit. Active Directory is a multimaster database. – Information is automatically replicated between multiple domain controllers.

Read-Only Domain Controller (RODC) Introduced with Windows Server A domain controller that contains a copy of the ntds.dit file that cannot be modified and that does not replicate its changes to other domain controllers with Active Directory.

Active Directory Functions and Benefits Centralized resource and security administration. Single logon for access to global resources. Fault tolerance and redundancy. Simplified resource location.

Active Directory Components Forests – One or more domain trees, with each tree having its own unique name space. Domain trees – One or more domains with contiguous name space. Domains – A logical unit of computers and network resources that defines a security boundary. Organization Units (OUs): A container that represents a logical grouping of resources

Active Directory Components ITMT 2302 – Window Server 2008 Active Directory Configuration 10

Active Directory Schema Defines the properties (attributes) associated within each object stored within Active Directory – User has different properties, which has different properties than a group, which has different properties of a computer.

Active Directory Schema Some of these common attributes are as follows: – Unique name – Globally unique identifier (GUID) – Required object attributes – Optional object attributes

Active Directory Naming Standard Example: – cn=JSmith, ou=sales, dc=lucernepublishing, dc=com

Domain Name System (DNS) Provides name resolution for a TPC/IP network. Active Directory requires DNS as the default name resolution method. Example Resource Records (RR): – Host (A) – Host name to IP. – Pointer (PTR) – IP to Host name. – Service (SRV) – Locator service for LDAP/Domain controllers services.

Functional Levels Allows interoperability with prior versions of Microsoft Windows. Higher levels of functional level will not allow older versions of Windows to function but will add additional functionality or features. Raising functional level is a one-way process.

Domain Functional Levels

Forest Functional Levels

Trust Relationships Active Directory uses trust relationships to allow access between multiple domains and/or forests, either within a single forest or across multiple enterprise networks. A trust relationship allows administrators from a particular domain to grant access to their domain’s resources to users in other domains.

Trust Relationships When a child domain is created, it automatically receives a two-way transitive trust with its parent domain. Trusts are transitive: If domain A trusts domain B And domain B trusts C Then domain A trusts domain C

Trust Relationships 20 Shortcut trust External trust Cross Forest trust

Chapter Summary Active Directory is a database of objects that are used to organize resources according to a logical plan. – These objects include containers such as domains and OUs in addition to resources such as users, computers, and printers. The Active Directory schema includes definitions of all objects and attributes within a single forest. – Each forest maintains its own Active Directory schema.

Chapter Summary Active Directory requires DNS to support SRV records. – Microsoft recommends that DNS support dynamic updates.

Chapter Summary Domain and forest functional levels are new features of Windows Server – The levels defined for each of these are based on the type of server operating systems that are required by the Active Directory design. – The Windows Server 2003 forest functional level is the highest functional level available and includes support for all Windows Server 2003 features.

Chapter Summary Two-way transitive trusts are automatically generated within the Active Directory domain structure. – Parent and child domains form the trust path by which all domains in the forest can traverse to locate resources. – The ISTG is responsible for this process.

Chapter Summary Cross-forest trusts are new to Windows Server 2003, and they are only available when the forest functionality is set to Windows Server – They must be manually created and maintained.