Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Active Directory

Similar presentations

Presentation on theme: "Introduction to Active Directory"— Presentation transcript:

1 Introduction to Active Directory
CIT 237

2 Active Directory Objects
Attributes that represents a network resource Object name: Computers Attributes: computer 1, computer 2, computer 3, etc. Object: Users Attributes: First name, last name, logon name, etc.

3 Active Directory Schema
Defines objects that can be stored in Active Directory (See schema administration in Active Directory Users and Computers) Types of schema objects (metadata) Schema class objects - Template for creating new objects (e.g. computer, Group, User, etc.) Schema attribute objects – Define or describes the schema class object with which they are associated even though they may be used in many schema classes

4 Active Directory Components
Domains Organizational Units (OUs) Trees Forests

parent contoso . com ou tailspintoys Domain tree root Forest root and tree root child west east Describe the following: This is a single forest with multiple domain trees,, and is the forest root and tree root. is a tree root. They have a disjointed namespace. Briefly mention automatic two-way transitive trusts (Kerberos). Point out the parent/child relationships. Mention that even the child domains could have child domains. For example, could have a child domain named OUs are also depicted in the graphic, just to illustrate that they are created within individual domains. OUs can have their own hierarchy. Figures 1-5, 1-6, and 1-7 in the textbook also illustrate domains, trees, and forests. Use ADSIEdit.msc to illustrate the data structure divisions between the Domain NC (domain objects), Configuration Container (forest-wide), and Schema (forest-wide). Mention that there is a global catalog that is also replicated forest-wide, but it is not considered one of the partitions.

6 Domains Core unit of logical structure Stores millions of objects
A security boundary Access to objects is governed by access control lists (ACLs), which contain permissions for each object (files, folders, shares, printers, etc.). Those permissions control which users can gain access to an object and what type of access they can gain ACL rights are not transferable from one domain to another

7 Domains Default functional levels:
Windows 2000 Mixed (default for Windows 2003 server) Windows 2000 Native Windows 2000 Interim Windows 2003

8 Windows 2000 Mixed Allows functionality with domain controllers in the same domain running Windows NT 4 Allows functionality with domain controllers in the same domain running Windows Server 2003

9 Windows Server 2003 Allows functionality only with domain controllers in the same domain running Windows server 2003. The functional level should be raised according to the type of domain controllers in the domain

10 Organizational Units (OUs)
Organizes objects within a domain into logical administrative groups Nesting when an OU is added within another OU (like a subdirectory). This creates a hierarchical structure

11 Trees A group or hierarchy of domains created by adding child domain to a parent

12 Forests A group or hierarchy of independent domain trees
Forest functional level provides a way to enable forest-wide Active Directory features

13 Physical Structures Physical components of Active Directory: Sites
Domains controllers

14 Sites One or more connected IP subnets
Usually has the same performance boundaries (fast network connections group with each other and slow with each other) Not listed in Active Directory as OUs are Contain only computer and connection objects

15 Domain Controllers Stores a replica of the domain portion of Active Directory Services only one domain Authenticates users and maintains domain security policy

16 Replication Ensures that changes in one domain controller are represented in all other domain controllers in the domain

17 What Information is Replicated
Active Directory is partitioned into four units: Schema partition – describes objects and attributes that can be created in a directory. This data is common to all domains in a forest and is replicated Configuration partition – describes domain structure and replication layout. This data is common to all domains in a forest and is replicated Domain Partition – Describes all domain objects. This is domain specific and is not replicated, but data is replicated to every domain controller in the domain Application Directory partition – Stores dynamic application-specific data and can contain any type of object except security type. Can be set for replication if desired

18 Stores and Replicates Schema partition stores data for a forest
Configuration partition stores data for all domains in a forest Domain partition stores data, such as directory objects and properties for its specific domain

19 Types of Replication Intrasite – replication occurs within domain controllers in the same domain, using a ring structure and knowledge consistency checker (KCC), which runs on all domain controllers to ensure consistency. Intersite replication – Performed by creating site links (network connections)

20 Trust Relationships Link between two domains in which the trusting domain honors the logon authentication of the trusted domain using NT LAN Manager (NTLM), or Kerberos. Kerberos is the default for Windows Server If Kerberos is not supported in a trust, NTLM is used

21 Global Catalog A role designation assigned to a domain controller. By default is created automatically and assigned to the first (root) domain controller in the forest. However any domain in the forest can be a global catalog. The information is simply replicated Central repository of information about objects in a tree or forest

Download ppt "Introduction to Active Directory"

Similar presentations

Ads by Google