Presentation is loading. Please wait.

Presentation is loading. Please wait.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.

Similar presentations

Presentation on theme: "70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory."— Presentation transcript:

1 70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory

2 The world before the Active Directory
The overwhelming majority of network today run without any single unified directory service. Many companies store information in various disconnected system. For example: Companies record data about its employees in a human resource database. While network account reside on a Windows NT 4 domain controller. Other information such as security setting for applications- reside within various other systems. And there’s always the classic: paper-based forms!

3 Windows NT to the rescue!
Windows NT is a NOS (Networking Operating System) Goal of Windows NT was to bring security, organization, and accessibility to information throughout a company’s network. GUI interface got rid of cryptic command-line interfaces and it simplified management. Windows NT offered reliability, scalability, performance, and flexibility and compatibility with a large installed base of current software products.

4 Domain Model in Windows NT 4
1 Domain Controller per network (PDC) Several Backup Domain Controller (BDC) All network security accounts are stored within PDC. To improve performance and reliability the database is replicated to BDC. There can only be one master copy of the account databases. This copy resides in the PDC. All user and security account changes must be recorded by the PDC. This model only works well for small – to – medium sized organizations.

5 Domain Model in Windows NT 4

6 Limitations of Windows NT 4
Multiple Domain are complicated and management intensive. Trust relationship can grow out of control! Flat entities, cannot be organized in hierarchical fashion (using sub domain for admin purposes) No allowing of nesting of users and groups. Extremely tedious and error prone when setting permissions. (because above bullet item)

7 Limitations of Windows NT 4 (Cont.)
Security allowed for complete control over the domain controller. Some users had too much permissions. (This poses several potential problems – both business and technical) Nevertheless, Windows NT 4 provided an excellent solution to many business. But as with almost any technical solution, there were areas which improvements could be made.

8 Active Directory Design
Before setting up a server environment, you must design a suitable Active Directory. Several choices need to be made and many consideration to take into account: Political Issues How does current business operate – as single, independent business or centralized environment? Who will be responsible for administering portions of network? Network Issues Types of connections between remote offices? How reliable are connections? What are domain name requirements? Organizational Issues How are the areas of the business structured? For example, do the department operate individually, with separate networks administrators for each department? Or is the environment much more centralized?

9 Planning and Implementing an Active Directory Infrastructure
Most crucial step Poor planning may cause poor performance Must consider pre-existing network, hardware, etc.

10 Managing and Maintaining an Active Directory Infrastructure
Small changes are constantly required Upgrades involve changes Regular maintenance ensures good performance Troubleshooting required when problems occur

11 Planning and Implementing User, Computer, and Group Strategies
Authentication Identifying user to network Password is most common method Authorization Determines what resources user can access Users are typically grouped together for authorization

12 Planning and Implementing Group Policy
Used to manage the way workstations, servers, and user environments behave Examples: Require all communications between clients and servers to be encrypted Control how user’s desktop appears Perform maintenance tasks

13 Planning and Implementing Group Policy (continued)
Examples: Deploy applications to computers or users throughout the network Influenced by: User requirements Corporate policies Network design Who manages policies

14 Managing and Maintaining Group Policy
Changes to policies and troubleshooting result of policies may be required. Updates can be applied to computers that had applications installed via group. Example. Older version of antivirus on machines installed can be upgraded via group policy to newer version.

15 Windows Networking Concepts Overview
Network models: Domain Workgroup Windows Server 2003 system roles: Standalone server Member server Domain controller

16 Workgroups Logical group of computers
Characterized by decentralized security and administration model Every computer holds own security database Known as Security Accounts Manager (SAM) database Each computer must authenticate users independently

17 Workgroups (continued)
Benefits Simple Does not explicitly require a server Drawbacks: Time consuming to manage Windows 2003 server participates as standalone server

18 Workgroup Security Model

19 Domains Logical group of computers
Characterized by centralized authentication and administration All domain computers use centralized security database Domain controllers (DC) Special server Responsible for managing security database Responsible for authenticating users on domain

20 Domains (continued) Active Directory
Stored on one or more computers configured as domain controllers DC can be: Windows 2000 Server Windows Server 2003

21 Domain Security Model

22 Domains Other domain computers:
“domain members" “member servers” Can authorize access to a particular resource based on the domain authentication Highly recommended in environment that consists of more than 10 users or workstations

23 Domains (continued) Requires at least one server configured as domain controller Additional expense Minimum of two domain controllers preferred Provides fault tolerance Load balancing

24 Logging on to a Domain

25 Domains Member servers:
Windows Server 2003 system that has computer account in a domain Not configured as a domain controller Used for wide variety of functions including: File server Print server Application server

26 Domains (continued) Member servers: Domain controller:
Commonly host network services such as: Domain Name Service (DNS) Dynamic Host Configuration Protocol (DHCP) Domain controller: Windows Server 2003 system Explicitly configured to store copy of Active Directory database Responsible for servicing user authentication requests and queries about domain objects

27 Introduction to Windows Server 2003 Active Directory
Native directory service included with Windows Server 2003 operating systems Provides: Central point for: Storing Organizing Managing Controlling network objects Single point of administration of objects

28 Introduction to Windows Server 2003 Active Directory (continued)
Provides: Logon and authentication services for users Delegation of administration Each domain controller has writeable copy of directory database Make Active Directory changes to any domain controller Changes are replicated to all other domain controllers

29 Introduction to Windows Server 2003 Active Directory (continued)
Multi-master replication Provides form of fault tolerance DNS: Used maintain domain-naming structures Locate network resources

30 Active Directory Objects
Represents network resources such as: Users Groups Computers Printers Various attributes are assigned to objects Examples: 1st name, last name, user logon, etc.

31 User Object

32 Active Directory Schema
Defines all of objects and attributes available in Active Directory Only one schema for each Active Directory implementation Consists of two main definitions: Object classes example: users, printers Attributes example: description to maintain consistency.

33 Active Directory Logical Structure and Components
Logical components: Domains and Organizational Units Trees and Forests Trusts

34 Domains and Organizational Units
Logically structured organization of objects Part of a network Share common directory database Has unique name Organized in levels Administered as a unit with common rules and procedures Provides administrative benefits

35 Domains and Organizational Units (continued)
Organizational unit (OU) Logical container Used to organize objects within a single domain Stores objects such as: Users Groups Computers Other organizational units Ability to delegate administrative control over OU Example: Organize users based on department in which they work! Delegate admin rights / permissions to add and remove users within OU

36 Domains and Organizational Units (continued)

37 Trees and Forests Reasons for multiple domains: Forest root domain
Geographic separation Different password policies. Large number of objects Replication performance Forest root domain First domain defined in deployment

38 Trees and Forests (continued)
Hierarchical collection of domains Share contiguous DNS namespace Forest Collection of trees Do not share contiguous DNS naming structure

39 Trees

40 Forests

41 Trusts Two-way, transitive trust relationship
Automatically created for child domain Transitive trust All other trusted domains implicitly trust one another

42 Activity 1-4: Creating a Child Domain in an Existing Domain Tree
Objective: Promote a member server to a domain controller for a new child domain in an existing domain tree Use the Active Directory Installation Wizard or the Configure Your Server Wizard to create a domain

43 Child Domain Installation Window

44 Active Directory Communications Standards
DNS naming standard Hostname resolution Provides information on location of network services and resources Lightweight Directory Access Protocol (LDAP) Used to query or update Active Directory database Naming paths: Distinguished name Relative distinguished name

45 Active Directory Physical Structure
Make sure any modification to database is replicated as quickly as possible Design topology so that replication does not saturate available network bandwidth Control logon traffic See page 25: Logical vs. Physical Structure.

46 Active Directory Physical Structure (continued)
Site Combination of one or more Internet Protocol (IP) subnets Connected by high-speed connection Site link Configurable object Represents connection between sites

47 Site Structure

48 Global Catalog Used primarily for:
Finding Active Directory information from anywhere in forest Universal group membership information Authentication services Directory lookup requests from Exchange 2000/2003 First domain controller in Active Directory automatically becomes Global Catalog server

49 New Active Directory Features in Windows Server 2003
Windows Server 2003 brings new features and capabilities Primary benefits: Flexibility Lower the total cost of ownership (TCO)

50 Deployment and Management
Active Directory Migration Tool (ADMT) 2.0 Domain Rename Schema Redefine

51 Security Cross-forest Trust Credential Manager
Software Restriction Policies

52 Performance and Dependability
Universal Group Caching Application Directory Partitions Install Replica from Media

Download ppt "70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory."

Similar presentations

Ads by Google