Presentation is loading. Please wait.

Presentation is loading. Please wait.

3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory."— Presentation transcript:

1 3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Identifying the Features of Active Directory  Active Directory is the directory service for Windows Server 2003  Features  Centralized management  Security  Object-oriented storage  Hierarchical organization  Multi-master replication  Integration with DNS  Lightweight Directory Access Protocol (LDAP) support  Standard name formats  Scalability (Skill 1)

2 3.2 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-1 Active Directory (Skill 1)

3 3.3 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-2 Replication (Skill 1)

4 3.4 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-4 Schema (Skill 3)

5 3.5 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Examining Underlying Active Directory Concepts (2) Global catalog  Stores a full Read-Write replica of all object attributes in the directory for its host domain  Stores a partial replica of all object attributes contained in the directory for every domain in the forest along with universal groups and group members  Has the ability to search the entire forest, but also keeps the database relatively light, allowing for improved replication  Global catalog server is the name of the domain controller that maintains the global catalog (Skill 3)

6 3.6 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-5 Global Catalog in Active Directory (Skill 3)

7 3.7 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Examining Underlying Active Directory Concepts (3) Namespace  Bounded area in which the names used to identify objects are resolved  Defines the domain structure in Active Directory  Provides name resolution through the use of the Domain Name System (DNS), which is central to the operation of Windows networks  Without proper name resolution, users cannot locate resources on the network  Domains with contiguous namespaces are members of the same tree  A forest is a collection of domains sharing the same schema, configuration, and global catalog (Skill 3)

8 3.8 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-6 Contiguous namespaces (tree) (Skill 3)

9 3.9 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-7 Disjointed namespaces (multiple trees) (Skill 3)

10 3.10 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-8 Naming conventions (Skill 3)

11 3.11 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Introducing the Basic Elements of Active Directory Object  Any “thing” (tangible or abstract) about which data is stored  Can be a network resource, such as a user, group, printer, or a virtual object such as a forest, tree, domain, or OU  Each is defined by a set of attributes related to its properties  When you create an object, the Active Directory is populated with some of the attributes for the object (Skill 4)

12 3.12 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Introducing the Basic Elements of Active Directory (2) Common types of objects  Computer  User  Group  Shared Folder  Printer (Skill 4)

13 3.13 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Introducing the Basic Elements of Active Directory (3) Domain  A group of computers and devices on a network that constitute a single security boundary within Active Directory, but can span more than one physical location  Each has its own security policies and security relationships with other domains  Domains co-existing under the same namespace form a single tree  When multiple domains are connected by trust relationships and share a common schema, configuration, and global catalog, they constitute a forest (Skill 4)

14 3.14 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Introducing the Basic Elements of Active Directory (4) Types of computers in a domain  Domain controller  A computer that stores a replica of the directory database  Stores security policies and accounts  Member server  A Windows NT 4.0, 2000, or Server 2003 computer that is part of a domain  Does not store a replica of the directory database  Client computers  Computers running operating systems that can communicate with the Active Directory for user authentication and resource access (Skill 4)

15 3.15 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-10 Hierarchical structure of Active Directory (Skill 4)

16 3.16 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Introducing the Basic Elements of Active Directory (5) Organizational unit (OU)  A container object for organizing objects within a domain  Can contain users, groups, resources, and other OUs  Enables the delegation of administration to distinct segments of the directory, which provides more flexibility in managing the objects in a business unit, department, or other organizational division  Administration of grouped OUs  Creation and organization of child OUs  Delegation of permissions within specific OUs  Assignment of Group Policy links (Skill 4)

17 3.17 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Introducing the Basic Elements of Active Directory (6) Tree  A set of one or more domains in a hierarchical structure  The first domain created in the forest is called the forest root and this is where the forest name is specified  All domain trees in a forest share the same forest root  If a new tree is created after the forest root, the first domain that is added to this tree is called the root domain  Domains under the root domain are called child domains  Any domain immediately above another domain is called the parent domain (Skill 4)

18 3.18 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-11 Multiple domains in a tree (Skill 4)

19 3.19 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Introducing the Basic Elements of Active Directory (7) Forest  A group of one or more Active Directory domains sharing a common schema, configuration, global catalog, and two-way, transitive trusts  All trees in a given forest trust each other through transitive two- way trust relationships  A forest exists as a set of cross-referenced objects and trust relationships known to the member trees  Trees in a forest form a hierarchy for the purposes of trust (Skill 4)

20 3.20 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-12 Forest (Skill 4)

21 3.21 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-14 A domain/OU structure for an organization (Skill 5)

22 3.22 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Installing Active Directory  After completing the planning phase, install Active Directory on the Windows Server 2003 using the Active Directory Installation Wizard (Dcpromo.exe)  After first-time installation  Active Directory forest is created  First domain created in the forest is the forest root  Forest root comprises the first Active Directory tree and this first domain is called the root domain  Domains created under the root domain are called child domains (Skill 6)

23 3.23 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Installing Active Directory (2) Mixed mode  When you create a domain, by default the domain is configured to run in Windows 2000 mixed mode  Allows the coexistence of Windows NT, Windows 2000, and Windows Server 2003 domains Windows 2000 native mode  If your domain consists of only Windows 2000 domain controllers, you can switch to Windows 2000 native mode  Native mode supports Windows 2000 and Windows Server 2003 domains (Skill 6)

24 3.24 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Installing Active Directory (3) Windows Server 2003 interim mode  If your domain has only Windows NT 4.0 servers, and you upgrade a server to Windows Server 2003, you can use Windows Server 2003 interim mode  Used when there are no Windows 2000 servers and you upgrade a Windows NT PDC to Windows Server 2003 Windows Server 2003 mode  If your domain consists of only Windows Server 2003 domain controllers, you can switch to Windows Server 2003 mode  Supports the full Windows Server 2003 Active Directory implementation (Skill 6)

25 3.25 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-18 The Domain Controller Type screen (Skill 6)

26 3.26 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-19 The Create New Domain screen (Skill 6)

27 3.27 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-20 Specifying the full DNS domain name (Skill 6)

28 3.28 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-21 The NetBIOS Domain Name screen (Skill 6)

29 3.29 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-22 The Permissions screen (Skill 6)

30 3.30 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-23 An empty console window (Skill 7)

31 3.31 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-24 Setting the Author mode in the Console Options dialog box (Skill 7)

32 3.32 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-25 The Add Standalone Snap-in dialog box (Skill 7)

33 3.33 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-26 Using a snap-in to manage the local computer (Skill 7)

34 3.34 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Creating Organizational Units  You use the Active Directory Users and Computers console to create an organizational unit (OU) and to add objects to OUs  You can create an OU in a domain, in a domain controller object, or in another OU if you have been delegated permission to do so  By default, Windows Server 2003 grants permission to members of the Administrators group to create an OU (Skill 8)

35 3.35 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-29 Creating an Organizational Unit (OU) (Skill 8)

36 3.36 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-30 The Marketing OU added to the domain (Skill 8)

37 3.37 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-31 Creating a new user object (Skill 8)

38 3.38 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-32 Properties dialog box (Skill 8)

39 3.39 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-33 The Find Users, Contacts, and Groups dialog box (Skill 9)

40 3.40 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-34 Finding a user in Active Directory (Skill 9)

41 3.41 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Managing Active Directory Objects (2) Securing resources  Object security  Active Directory provides a set of security descriptors for each object called a Discretionary Access Control List (DACL) defining how the object can be accessed  Each file or folder on an NTFS drive has a DACL, which contains Access Control Entries (ACEs)  ACEs contain the SID of the user or group and the permissions associated with that user or group  Account logon security protects a computer and its resources from unauthorized access (Skill 9)

42 3.42 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-35 Finding the Distinguished Name (Skill 9)

43 3.43 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory Figure 3-36 Moving a user object (Skill 9)

Download ppt "3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory."

Similar presentations

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
1 Active Directory (Week 8, Monday 2/26/2007) © Abdou Illia, Spring 2007.

1 Active Directory (Week 8, Monday 2/26/2007) © Abdou Illia, Spring 2007.
Introduction to Active Directory

Introduction to Active Directory
7.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
15.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

15.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
1.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

1.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
1 Chapter 1 Introduction to Windows Server 2003. 2 Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.

1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.

Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Lesson 13: Installing Domain Controllers

Lesson 13: Installing Domain Controllers
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

Similar presentations

Ads by Google