Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 IMPLEMENTING ACTIVE DIRECTORY Chapter 2. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY2 REQUIREMENTS FOR ACTIVE DIRECTORY  Microsoft Windows Server 2003.

Published byMelvin Parsons Modified over 7 years ago

Similar presentations

Presentation on theme: "11 IMPLEMENTING ACTIVE DIRECTORY Chapter 2. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY2 REQUIREMENTS FOR ACTIVE DIRECTORY  Microsoft Windows Server 2003."— Presentation transcript:

1 11 IMPLEMENTING ACTIVE DIRECTORY Chapter 2

2 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY2 REQUIREMENTS FOR ACTIVE DIRECTORY  Microsoft Windows Server 2003 (Standard, Enterprise, Datacenter)  Cannot use Web Edition for Active Directory  Access as a local administrator  NT file system (NTFS) partition for Sysvol  200 MB minimum free space  Transmission Control Protocol/Internet Protocol (TCP/IP)  Domain Name System (DNS) to host service location (SRV) resource records  Microsoft Windows Server 2003 (Standard, Enterprise, Datacenter)  Cannot use Web Edition for Active Directory  Access as a local administrator  NT file system (NTFS) partition for Sysvol  200 MB minimum free space  Transmission Control Protocol/Internet Protocol (TCP/IP)  Domain Name System (DNS) to host service location (SRV) resource records

3 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY3 ACTIVE DIRECTORY INSTALLATION PROCESS  Complete pre-installation tasks  Plan and test before you install in a production environment  Complete pre-installation tasks  Plan and test before you install in a production environment

4 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY4 ACTIVE DIRECTORY INSTALLATION  Dcpromo or Manage Your Server  If already a domain controller, Dcpromo allows you to remove Active Directory  Operating system compatibility issues  Microsoft Windows 95  Microsoft Windows NT 4, Service Pack 3  Dcpromo or Manage Your Server  If already a domain controller, Dcpromo allows you to remove Active Directory  Operating system compatibility issues  Microsoft Windows 95  Microsoft Windows NT 4, Service Pack 3

5 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY5 ACTIVE DIRECTORY INSTALLATION WIZARD OPTIONS  Domain Controller type  Domain controller for a new domain  Replica domain controller  Install in a new or existing forest?  Install in a new or existing domain tree?  Use the appropriate names  Domain Name System (DNS)  Fully Qualified Domain Name (FQDN)  NetBIOS  Domain Controller type  Domain controller for a new domain  Replica domain controller  Install in a new or existing forest?  Install in a new or existing domain tree?  Use the appropriate names  Domain Name System (DNS)  Fully Qualified Domain Name (FQDN)  NetBIOS

6 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY6 ACTIVE DIRECTORY INSTALLATION WIZARD OPTIONS  Database and Log Folders  Shared System Volume (Sysvol)  %systemroot%\NTDS  NTFS required  Database and Log Folders  Shared System Volume (Sysvol)  %systemroot%\NTDS  NTFS required

7 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY7 ACTIVE DIRECTORY INSTALLATION WIZARD OPTIONS

8 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY8 DNS REGISTRATION AND DIAGNOSTICS  If DNS is not detected, you can choose to automatically install and configure. Otherwise, you must manually install and configure.  SRV resource records required  Dynamic updates highly recommended  Incremental zone transfers recommended  If DNS is not detected, you can choose to automatically install and configure. Otherwise, you must manually install and configure.  SRV resource records required  Dynamic updates highly recommended  Incremental zone transfers recommended

9 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY9 PERMISSIONS  Pre–Windows 2000  Windows Server 2003  Pre–Windows 2000  Windows Server 2003

10 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY10 ACTIVE DIRECTORY INSTALLATION WIZARD OPTIONS  Directory Services Restore Mode Administrator password  Password used to enter Directory Services Restore Mode  Required for Active Directory maintenance  Completing the Active Directory installation  Confirm your configuration  Restart your new domain controller  Directory Services Restore Mode Administrator password  Password used to enter Directory Services Restore Mode  Required for Active Directory maintenance  Completing the Active Directory installation  Confirm your configuration  Restart your new domain controller

11 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY11 VERIFY AND FINALIZE DNS  Application Directory partition creation  DomainDNSZones  ForestDNSZones  Automatically created when Active Directory Integrated DNS is used  Can be managed only by Enterprise Admins  Aging and scavenging options  Forward lookup zones and SRV resource records  Application Directory partition creation  DomainDNSZones  ForestDNSZones  Automatically created when Active Directory Integrated DNS is used  Can be managed only by Enterprise Admins  Aging and scavenging options  Forward lookup zones and SRV resource records

12 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY12 DNS UPDATES AND RECORD STORAGE  Dynamic updates  Secure only  Nonsecure and secure  None  Store the zone in Active Directory, named Active Directory–integrated  Reverse lookup zones  Dynamic updates  Secure only  Nonsecure and secure  None  Store the zone in Active Directory, named Active Directory–integrated  Reverse lookup zones

13 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY13 REPLICA DOMAIN CONTROLLER  Provides load balancing and fault tolerance  If one domain controller fails, there is another holding the Active Directory records  Clients can use either domain controller for authentication  DNS fault tolerance  If Active Directory–integrated, the records are automatically copied to other domain controllers  If not Active Directory–integrated, you can use a secondary zone for fault tolerance of records  Provides load balancing and fault tolerance  If one domain controller fails, there is another holding the Active Directory records  Clients can use either domain controller for authentication  DNS fault tolerance  If Active Directory–integrated, the records are automatically copied to other domain controllers  If not Active Directory–integrated, you can use a secondary zone for fault tolerance of records

14 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY14 REPLICA DOMAIN CONTROLLER  DNS load balancing  Install DNS service on additional server  Configure client computer to use the new server as their Preferred DNS server  DNS load balancing  Install DNS service on additional server  Configure client computer to use the new server as their Preferred DNS server

15 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY15 SCHEMA MODIFICATION  Some applications modify the schema  Examples include: e-mail programs, backup programs, and directory integration software  Must be a member of Schema Admins to install these applications or to manually modify the schema  Schema changes trigger replication to all domain controllers in the forest  Default system classes cannot be modified  Class and attribute changes cannot be removed, but can be deactivated  Some applications modify the schema  Examples include: e-mail programs, backup programs, and directory integration software  Must be a member of Schema Admins to install these applications or to manually modify the schema  Schema changes trigger replication to all domain controllers in the forest  Default system classes cannot be modified  Class and attribute changes cannot be removed, but can be deactivated

16 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY16 RAISING DOMAIN AND FOREST FUNCTIONAL LEVELS  Once complete, cannot be undone without a reinstall  Each domain functional level can be raised independently of other domains  Forest functional levels can be raised only when all domains are at Windows 2000 native or higher  Domain Admins membership required to raise domain functional level  Enterprise Admins membership required to raise forest functional level  Once complete, cannot be undone without a reinstall  Each domain functional level can be raised independently of other domains  Forest functional levels can be raised only when all domains are at Windows 2000 native or higher  Domain Admins membership required to raise domain functional level  Enterprise Admins membership required to raise forest functional level

17 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY17 ESTABLISHING AND MAINTAINING TRUSTS  Shortcut trust  Used to improve resource access  Reduces the length of the trust path  Transitive  Cross-forest trust  Initially one-way; can create two one-way trusts to provide access in either direction  Available only to Windows Server 2003 forests  Transitive  Shortcut trust  Used to improve resource access  Reduces the length of the trust path  Transitive  Cross-forest trust  Initially one-way; can create two one-way trusts to provide access in either direction  Available only to Windows Server 2003 forests  Transitive

18 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY18 ESTABLISHING AND MAINTAINING TRUST  External  Can be used for Windows NT Server 4.0 and Windows 2000 domain trusts  Not transitive  Realm  Used between third-party Kerberos implementations  Not transitive  External  Can be used for Windows NT Server 4.0 and Windows 2000 domain trusts  Not transitive  Realm  Used between third-party Kerberos implementations  Not transitive

19 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY19 MANAGING TRUSTS  Verifying trusts  Active Directory Domains And Trusts  netdom trust domain1 /d:contoso /verify  Revoking trust relationships  Active Directory Domains And Trusts  netdom trust domain1 /d:contoso /remove  Verifying trusts  Active Directory Domains And Trusts  netdom trust domain1 /d:contoso /verify  Revoking trust relationships  Active Directory Domains And Trusts  netdom trust domain1 /d:contoso /remove

20 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY20 USER PRINCIPAL NAMES  Allows users to log on without specifying a domain separately  Can be the user’s e-mail address  By default, the User Principal Name (UPN) suffix is the same as the forest root domain name  Can add UPN suffix in Active Directory Domains And Trusts  Can modify UPN on a per-user basis  Allows users to log on without specifying a domain separately  Can be the user’s e-mail address  By default, the User Principal Name (UPN) suffix is the same as the forest root domain name  Can add UPN suffix in Active Directory Domains And Trusts  Can modify UPN on a per-user basis

21 Chapter 2: IMPLEMENTING ACTIVE DIRECTORY21 SUMMARY  Active Directory requires DNS and SRV resource record support  Verifying Active Directory installation  Active Directory partitions  Schema modification and replication  Forest and domain functional levels  Trust types: Shortcut, cross-forest, external, realm  Active Directory requires DNS and SRV resource record support  Verifying Active Directory installation  Active Directory partitions  Schema modification and replication  Forest and domain functional levels  Trust types: Shortcut, cross-forest, external, realm

Download ppt "11 IMPLEMENTING ACTIVE DIRECTORY Chapter 2. Chapter 2: IMPLEMENTING ACTIVE DIRECTORY2 REQUIREMENTS FOR ACTIVE DIRECTORY  Microsoft Windows Server 2003."

Similar presentations

UNIVERSITY OF EDUCATION BY H.M.ISHTIAQ RAFIQUE. Domain Name Structure.

UNIVERSITY OF EDUCATION BY H.M.ISHTIAQ RAFIQUE. Domain Name Structure.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Windows Server 2003 AD 安裝設定與管理維護 林寶森

Windows Server 2003 AD 安裝設定與管理維護 林寶森
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Administering Active Directory

Administering Active Directory
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.

Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Domain Name Server © N. Ganesan, Ph.D.. Reference.

Domain Name Server © N. Ganesan, Ph.D.. Reference.
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
Understanding Active Directory

Understanding Active Directory
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.

Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
1 Module 2 Installing Windows NT. 2  Overview Preparing for Installation Installing Windows NT Performing a Server-based Installation Troubleshooting.

1 Module 2 Installing Windows NT. 2  Overview Preparing for Installation Installing Windows NT Performing a Server-based Installation Troubleshooting.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Similar presentations

Ads by Google