Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Active Directory

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to Active Directory"— Presentation transcript:

1 Introduction to Active Directory
CIT 237

2 Active Directory Objects
Attributes that represents a network resource Object name: Computers Attributes: computer 1, computer 2, computer 3, etc. Object: Users Attributes: First name, last name, logon name, etc.

3 Active Directory Schema
Defines objects that can be stored in Active Directory (See schema administration in Active Directory Users and Computers) Types of schema objects (metadata) Schema class objects - Template for creating new objects (e.g. computer, Group, User, etc.) Schema attribute objects – Define or describes the schema class object with which they are associated even though they may be used in many schema classes

4 Active Directory Components
Domains Organizational Units (OUs) Trees Forests

5 DOMAINS, TREES, AND A FOREST
parent contoso . com ou tailspintoys Domain tree root Forest root and tree root child west east Describe the following: This is a single forest with multiple domain trees, contoso.com, and tailspintoys.com. Contoso.com is the forest root and tree root. Tailspintoys.com is a tree root. They have a disjointed namespace. Briefly mention automatic two-way transitive trusts (Kerberos). Point out the parent/child relationships. Mention that even the child domains could have child domains. For example, west.contoso.com could have a child domain named region1.west.contoso.com. OUs are also depicted in the graphic, just to illustrate that they are created within individual domains. OUs can have their own hierarchy. Figures 1-5, 1-6, and 1-7 in the textbook also illustrate domains, trees, and forests. Use ADSIEdit.msc to illustrate the data structure divisions between the Domain NC (domain objects), Configuration Container (forest-wide), and Schema (forest-wide). Mention that there is a global catalog that is also replicated forest-wide, but it is not considered one of the partitions.

6 Domains Core unit of logical structure Stores millions of objects
A security boundary Access to objects is governed by access control lists (ACLs), which contain permissions for each object (files, folders, shares, printers, etc.). Those permissions control which users can gain access to an object and what type of access they can gain ACL rights are not transferable from one domain to another

7 Domains Default functional levels:
Windows 2000 Mixed (default for Windows 2003 server) Windows 2000 Native Windows 2000 Interim Windows 2003

8 Windows 2000 Mixed Allows functionality with domain controllers in the same domain running Windows NT 4 Allows functionality with domain controllers in the same domain running Windows Server 2003

9 Windows Server 2003 Allows functionality only with domain controllers in the same domain running Windows server 2003. The functional level should be raised according to the type of domain controllers in the domain

10 Organizational Units (OUs)
Organizes objects within a domain into logical administrative groups Nesting when an OU is added within another OU (like a subdirectory). This creates a hierarchical structure

11 Trees A group or hierarchy of domains created by adding child domain to a parent

12 Forests A group or hierarchy of independent domain trees
Forest functional level provides a way to enable forest-wide Active Directory features

13 Physical Structures Physical components of Active Directory: Sites
Domains controllers

14 Sites One or more connected IP subnets
Usually has the same performance boundaries (fast network connections group with each other and slow with each other) Not listed in Active Directory as OUs are Contain only computer and connection objects

15 Domain Controllers Stores a replica of the domain portion of Active Directory Services only one domain Authenticates users and maintains domain security policy

16 Replication Ensures that changes in one domain controller are represented in all other domain controllers in the domain

17 What Information is Replicated
Active Directory is partitioned into four units: Schema partition – describes objects and attributes that can be created in a directory. This data is common to all domains in a forest and is replicated Configuration partition – describes domain structure and replication layout. This data is common to all domains in a forest and is replicated Domain Partition – Describes all domain objects. This is domain specific and is not replicated, but data is replicated to every domain controller in the domain Application Directory partition – Stores dynamic application-specific data and can contain any type of object except security type. Can be set for replication if desired

18 Stores and Replicates Schema partition stores data for a forest
Configuration partition stores data for all domains in a forest Domain partition stores data, such as directory objects and properties for its specific domain

19 Types of Replication Intrasite – replication occurs within domain controllers in the same domain, using a ring structure and knowledge consistency checker (KCC), which runs on all domain controllers to ensure consistency. Intersite replication – Performed by creating site links (network connections)

20 Trust Relationships Link between two domains in which the trusting domain honors the logon authentication of the trusted domain using NT LAN Manager (NTLM), or Kerberos. Kerberos is the default for Windows Server If Kerberos is not supported in a trust, NTLM is used

21 Global Catalog A role designation assigned to a domain controller. By default is created automatically and assigned to the first (root) domain controller in the forest. However any domain in the forest can be a global catalog. The information is simply replicated Central repository of information about objects in a tree or forest

Download ppt "Introduction to Active Directory"

Similar presentations

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.

70-297: MCSE Guide to Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure Chapter 2: Developing the Active Directory.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
CS603 Active Directory February 1, 2001.

CS603 Active Directory February 1, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.

Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Active Directory

Module 1: Introduction to Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Chapter 4: Active Directory Design and Security Concepts

Chapter 4: Active Directory Design and Security Concepts
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS

ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Overview of Active Directory Domain Services Lesson 1.

Overview of Active Directory Domain Services Lesson 1.

Similar presentations

Ads by Google