Presentation is loading. Please wait.

Presentation is loading. Please wait.

1.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure."— Presentation transcript:

1 1.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Goals  Introduce Active Directory  Identify the functions and features of Active Directory  Introduce Active Directory architecture  Introduce Active Directory objects  Examine the logical and physical structure of Active Directory  Examine more Active Directory concepts  Plan a domain structure  Plan a domain namespace  Examine guidelines for planning a site structure

2 1.2 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Active Directory database  Stores information about users, groups, domains, and objects on a network  Allows you to centrally access and administer the information  Provides an unique identity for each object called a Security ID (SID) (Skill 1) Introducing Active Directory

3 1.3 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory (2) Active Directory database  Allows you to access and administer the directory service globally, unlike decentralized network models  Reduces the effort required to complete day-to-day administrative tasks, such as managing users and resources (Skill 1)

4 1.4 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-1 Active Directory (Skill 1)

5 1.5 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory (3) Windows NT  Introduced the concept of a directory service based on domains that provide a single point of authentication for all users on a network  Limitations prevent it from being used effectively in large networks  Has only one writable copy of the database, which leads to a single point of failure for Write operations  Trust relationships between domains must be built manually (Skill 1)

6 1.6 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory (4)  Active Directory’s advantages over Windows NT  Most trust relationships within a single forest are created automatically  Makes it possible for Active Directory to provide scalability in large business organizations (Skill 1)

7 1.7 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory  Active Directory features make it a reliable and secure directory service  Policy-based administration  Active Directory makes network administration easier by using Group Policies  Using this feature, an administrator can make complex modifications to the user’s environment, assign rights, configure network security, and install software to collections of users or computers (Skill 2)

8 1.8 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (2)  Active Directory features make it a reliable and secure directory service  Increased security of information  Windows Server 2003 supports protection of both stored data and network data  Stored data can be protected using Encrypting File System (EFS) and permissions (Skill 2)

9 1.9 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (3)  Active Directory features make it a reliable and secure directory service  Integration with Domain Name System (DNS)  DNS is a naming service that translates host names into numeric IP addresses  Active Directory uses standard DNS naming conventions for domains (Skill 2)

10 1.10 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (4)  Active Directory features make it a reliable and secure directory service  Extensibility  Active Directory allows nearly any type of information to be added to the database because it has an extensible schema  Schema contains a list of all possible object types (object classes), their attributes, and relationships allowed between objects (Skill 2)

11 1.11 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (5)  Active Directory features make it a reliable and secure directory service  Scalability  Active Directory can store anywhere from a small number to millions of objects  An object automatically inherits the permissions of the container into which it is placed (Skill 2)

12 1.12 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (6)  Active Directory features make it a reliable and secure directory service  Information replication  Active Directory automatically replicates the contents of its database across every domain controller in the domain  Compatibility with other directory services  Active Directory is based on protocols, such as LDAP, HTTP, and NSPI, so it is compatible with other directory services that use these protocols (Skill 2)

13 1.13 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (7)  Active Directory features make it a reliable and secure directory service  Mutual authentication  Active Directory utilizes Kerberos as the default authentication mechanism  Kerberos is an industry-standard, high-security mutual authentication mechanism that provides increased security for logon information (Skill 2)

14 1.14 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture  Windows Server 2003 architecture has two primary layers  User mode  Kernel mode (Skill 3)

15 1.15 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture (2)  User mode layer  The interface between applications and the kernel mode layer  Accepts requests from an application and forwards them to the kernel for processing (Skill 3)

16 1.16 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture (3)  Components of the user mode layer  Environment subsystems  Provide interfaces for applications to interact with the kernel and integral subsystems  The environment subsystem components make applications run by providing Application Programming Interfaces (APIs) (Skill 3)

17 1.17 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture (4)  Components of the user mode layer  Integral subsystems  Perform important operating system functions such as security and session management  Security subsystem receives logon requests and initiates logon authentication  Workstation Service enables a client computer to access the network  Server Service allows a Windows Server 2003 to share network resources (Skill 3)

18 1.18 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-2 Location of Active Directory within the Windows Server 2003 architecture (Skill 3)

19 1.19 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture (5)  Kernel mode layer  Communicates with system data and hardware to process any input/output requests made by a user  Operates in a protected area of memory  Is responsible for executing I/O requests  Prioritizes hardware and software interrupts based on the precedence of the application or service making the request (Skill 3)

20 1.20 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003  Components of the kernel mode layer  Executive  Performs I/O functions, object management, and security functions  Has a number of subcomponents  Provides security guidelines for the user mode layer Introduce Active Directory Architecture (6) (Skill 3)

21 1.21 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003  Components of the kernel mode layer  Microkernel, which manages the computer’s processors  Kernel mode drivers, which take requests from applications and translate them into hardware functions  Hardware Abstraction Layer (HAL), which provides the interface between the other software layers and the core hardware Introducing Active Directory Architecture (7) (Skill 3)

22 1.22 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003  Active Directory is made up of three service layers and the underlying Data Store  Directory System Agent (DSA)  Provides the interface for application calls made to the directory  Supports the protocols that enable clients to gain access to the Active Directory  LDAP/ADSI  SAM  MAPI  REPL Introducing Active Directory Architecture (8) (Skill 3)

23 1.23 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003  Database Layer  Access calls to the database go through the Database Layer  Acts as an abstraction layer between the applications that make the access calls and the database  Extensible Storage Engine (ESE)  Has direct contact with the records in the directory data store  Based on an object’s relative distinguished name attribute Introducing Active Directory Architecture (9) (Skill 3)

24 1.24 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003  Data Store (Ntds.dit)  Contains the records that make up the Active Directory database  Stored by default in the \%systemroot%\NTDS folder on the domain controller  Administered from Active Directory Restore Mode using Ntdsutil.exe, located in the system32 folder in the %systemroot% folder Introducing Active Directory Architecture (10) (Skill 3)

25 1.25 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-3 Active Directory architecture (Skill 3)

26 1.26 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects  Active Directory  Treats each domain resource as an object  Each object is represented by distinct characteristics known as attributes (Skill 4)

27 1.27 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (2)  Types of Active Directory objects  User accounts  Store the logon information for the users in a domain  A domain acts as a security boundary: assuming no trusts are in place, users can only access objects within their own domains (Skill 4)

28 1.28 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-4 Objects and their attributes (Skill 4)

29 1.29 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (3)  Types of Active Directory objects  Contacts  Used to store information about any person or organization that has business relations with your organization  Contacts information includes name, address, telephone number, and e-mail address (Skill 4)

30 1.30 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (4)  Types of Active Directory objects  Computers  Computer objects store information about computers that are members of a domain  Information includes computer name, description, and other attributes (Skill 4)

31 1.31 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (5)  Types of Active Directory objects  Groups  Used to apply permissions across large numbers of users, computers, and groups  They are not strictly containers, but have membership lists that define which objects are members of the group (Skill 4)

32 1.32 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (6)  Types of Active Directory objects  Published folders  Shared folders that have been listed in Active Directory  When you publish a folder in Active Directory, you create an object that stores a pointer to the folder (Skill 4)

33 1.33 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (7)  Types of Active Directory objects  Printers  A printer is represented by a printer object that contains a pointer to the printer on a computer  A Windows Server 2003 print server automatically detects and publishes printers to Active Directory (Skill 4)

34 1.34 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (8)  Types of Active Directory objects  Domain controllers  A Windows Server 2003 computer that authenticates user logon attempts and exchanges the directory information with other domain controllers  Exchanging directory information is called replication  In Active Directory, domain controllers use multimaster replication to exchange directory information with other domain controllers in a domain  No single domain controller is responsible for replication and all of the domain controllers act as peers (Skill 4)

35 1.35 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (9)  Types of Active Directory objects  Domain controllers  Each domain controller is represented by a Domain Controller object in Active Directory  You can store the Domain Name System (DNS) name, pre-Windows Server 2003 name, operating system version, location, and name of the administrator in this object  Domain controllers also handle a user’s interactions with a domain such as locating objects and logon requests (Skill 4)

36 1.36 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introduce Active Directory Objects (10)  Types of Active Directory objects  Organizational units (OUs)  Container objects that can store groups, users, computers, and other OUs  Used to organize the objects in the domain, to delegate control over a small portion of the domain, and to apply Group Policy to a select group of objects  Only one OU exists by default  It is recommended that you create additional OUs based on your administrative needs (Skill 4)

37 1.37 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-5 A typical Active Directory hierarchy (Skill 4)

38 1.38 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-6 Active Directory objects (Skill 4)

39 1.39 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (11)  In Active Directory, you use names to locate objects in a network  Naming conventions that Active Directory supports  Distinguished name (DN)  A unique name for every object in a network  It includes the name of the domain that holds the object and the complete path to the object through the container hierarchy (Skill 4)

40 1.40 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (12)  Naming conventions that Active Directory supports  Relative distinguished name (RDN)  Derived from the DN  The RDN of an object is simply the object’s name  Globally unique identifier (GUID)  A unique 128-bit number assigned to an object at the time of its creation  The GUID for an object does not change even when you move or rename the object (Skill 4)

41 1.41 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (13)  Naming conventions that Active Directory supports  User principal name (UPN)  Consists of the first name and last name attributes for a user  Consists of the UPN suffix, which is usually the DNS name of the domain where the user is located (Skill 4)

42 1.42 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-7 Examples of naming conventions (Skill 4)

43 1.43 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory  Objects in Active Directory can be organized logically and physically  Logical structure  Consists of domains, trees, and forests  Besides being Active Directory objects, OUs are also part of the logical structure  Physical structure  Consists of sites  Domain controllers are also part of the physical structure, as well as being Active Directory objects (Skill 5)

44 1.44 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (2)  Components of the logical structure  Domains  In Active Directory, domains represent the core unit of the logical structure  Used to represent the administrative boundaries of your organization  Store information only about the objects they contain  Can span multiple physical locations (Skill 5)

45 1.45 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-8 A domain structure in an organization (Skill 5)

46 1.46 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (3)  Components of the logical structure  Trees  Formed when you add one or more child domains to the top-level domain (also known as the root of the tree)  Follows a contiguous naming scheme where every child domain (subdomain) in the tree derives its name from the root domain  Implicit two-way transitive trust exists between the parent domains and the child domains in a domain tree, which is a type of a logical link, automatically established between domains (Skill 5)

47 1.47 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-9 A tree structure in Active Directory (Skill 5)

48 1.48 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (4)  Components of the logical structure  Forests  Collection of domains that share a common schema, global catalog, and configuration  All domains in a forest share a common schema and a common global catalog, which allows all domains within a forest to contain uniform information  Although domains in a forest operate independently, they communicate with each other because all domain trees in a forest share a common schema (Skill 5)

49 1.49 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examine the Logical and Physical Structure of Active Directory (5)  Components of the logical structure  Forests  All domains in a forest share a common global catalog  Forests allow a disjointed naming scheme where the names of domain trees may not be related to one another  In a forest, an implicit two-way transitive trust exists between the root domains of domain trees and the root of the forest (Skill 5)

50 1.50 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-10 A forest structure in Active Directory (Skill 5)

51 1.51 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (6)  Components of the logical structure  Sites  Logical representations of a physical location within Active Directory  Subnets are always associated with sites  Allows clients to determine the site to which they belong  Allows clients to use a domain controller located in its physical site (Skill 5)

52 1.52 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (7)  Components of the logical structure  Sites  Used to control replication traffic between physical locations  Logical structure of Active Directory is different from the physical structure  A site can span multiple domains  A domain can span multiple sites (Skill 5)

53 1.53 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-11 Structure of a site (Skill 5)

54 1.54 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts  Global catalog  Stores information about all objects in a forest  By default, the global catalog is created on the first domain controller in a forest, known as a global catalog server  Whenever object information is updated, a global catalog server exchanges this information with other global catalog servers in a forest (Skill 6)

55 1.55 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (2)  Global catalog  In a single domain, the global catalog stores information about all of the objects in that domain  In multiple domains, the global catalog stores a full replica of information about objects belonging to its domain and a partial replica of information for objects belonging to other domains  You can add global catalog servers to a forest to provide backup for the default global catalog server (Skill 6)

56 1.56 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-12 The function of the global catalog (Skill 6)

57 1.57 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (3)  Global catalog  Global catalog servers also participate in logons in Windows 2000 native mode  Perform Universal Principal Name (UPN) lookups  Provide universal group storage  Handles user and program-related queries about objects  Can quickly resolve a query about an object anywhere in the forest (Skill 6)

58 1.58 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (4)  Trust relationships  A trust is a connection between domains allowing users from one or both domains to be granted access to resources in the opposing domain  In a multi-domain environment, trusts allow users to access resources in other domains without the need to log on to each domain separately  Trusts allow users to log on to their own domain on computers that are members of a different domain (Skill 6)

59 1.59 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (5)  Trusts come in four basic forms  One-way trusts allow a domain to access another domain’s resources, but not vice-versa  Two-way trusts allow both domains to access each other’s resources  Transitive trusts follow through, meaning they pass from domain to domain  Non-transitive trusts do not follow through, so each domain must explicitly trust the other domains (Skill 6)

60 1.60 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-13 Simple one-way trusts (Skill 6)

61 1.61 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-14 An additional trust from domain A to domain C (Skill 6)

62 1.62 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-15 Trusting and trusted domains (Skill 6)

63 1.63 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-16 Two-way trusts (Skill 6)

64 1.64 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (6)  Five basic names for describing the type of trust  Default trust  Automatically established between the forest root domain and the root of each tree in the forest, as well as between each child domain and each parent domain  Are always two-way and transitive  Inter-forest trust  Established between two Windows Server 2003 forest root domains  Either one-way or two-way, and always transitive (Skill 6)

65 1.65 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (7)  Five basic names for describing the type of trust  Shortcut trust  Established to reduce the normal Kerberos trust resolution path between domains when there are a large number of domains that are widely geographically dispersed  Can be one-way or two-way, are always transitive  Can only be established within a single forest (Skill 6)

66 1.66 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-17 Use of shortcut trusts (Skill 6)

67 1.67 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (8)  Five basic names for describing the type of trust  External trust  Established between different Windows 2000 forests, between Windows Server 2003 and Windows 2000 forests, and between Windows NT and Windows 2000 or Server 2003 domains  Are always an NT trust; that is, an external trust is always one-way and non-transitive  Used to connect Windows 2000 domains and Unix Kerberos realms (Skill 6)

68 1.68 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (9)  Five basic names for describing the type of trust  Realm trust  Established between a Windows Server 2003 domain and a Unix Kerberos realm  A Kerberos realm is similar to a domain in Active Directory  Can either be one-way or two-way  Can be transitive or non-transitive (Skill 6)

69 1.69 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (10)  Domain Name System (DNS)  Active Directory uses DNS as its name resolution service  The computer running this service is known as a DNS name server  DNS helps computers to locate other computers on a network  DNS organizes domains in a hierarchical structure using a naming scheme called the domain namespace (Skill 6)

70 1.70 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003  Domain Name System (DNS)  Computers in a domain use this service to locate domain controllers in the domain  DNS zones  A DNS server typically holds a copy of the DNS zone for a given domain or collection of contiguous domains  The DNS zone is contained in a file known as the zone database file, typically called the zone file (Skill 6) Examining More Active Directory Concepts (11)

71 1.71 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning Domain Structure  In Active Directory, domain structure is primarily dependent on administrative needs  In Windows Server 2003  Domains are simply administrative boundaries  Best to use a single domain model if at all possible  Domain models are broadly classified into two categories  Single domain model  Multiple domain model (Skill 7)

72 1.72 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning Domain Structure (2)  Single domain model  Easy to manage and administer because the administrative boundary is clearly defined  Suitable for any organization that follows a truly centralized administrative model  Easy to set up because only a single domain must be configured (Skill 7)

73 1.73 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning Domain Structure (3)  Multiple domain model  Typically only appropriate in three specific situations  To separate domain-level administrative privileges  To separate account policies  To control localized traffic (Skill 7)

74 1.74 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-18 Domain models (Skill 7)

75 1.75 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-19 Account Policies (Skill 7)

76 1.76 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace  Choose a unique domain name for your organization  Register it with an organization that manages Internet DNS namespaces  This organization adds an entry pointing to the authoritative name servers for your domain on the top- level name servers on the Internet  Use this domain name to host the Web site for your organization on the Internet (Skill 8)

77 1.77 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (2)  DNS namespace types  Internal  External  Hybrid (Skill 8)

78 1.78 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (3)  Internal namespace  Is not resolvable by hosts who are using public (Internet) DNS servers  Only used for internal clients  Is well-suited for hosting Active Directory due to increased security (Skill 8)

79 1.79 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (4)  External namespace  Is resolvable from any client on the Internet  Is required for Internet-accessible resources, such as Web sites  Is typically a poor choice for hosting Active Directory due to the potential lack of security it provides (Skill 8)

80 1.80 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (5)  Hybrid namespace  One design method provides the best of both worlds by dividing your namespace into two zones  One for public access  One for private access  One design method involves delegating a DNS subdomain as the root of your internal structure (Skill 8)

81 1.81 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-20 Hybrid namespace with DNS sub-domain (Skill 8)

82 1.82 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (6)  Hybrid namespace  Another design method involves creating two disconnected zones for the same name  Create two separate zones for your domain on two separate servers  Place the publicly accessible records on the external server, which is outside of the firewall  Place both the public and private records on the internal server, which is behind the firewall  This solution reduces naming convention confusion for users (Skill 8)

83 1.83 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-21 Hybrid namespace with two disconnected zones (Skill 8)

84 1.84 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (7)  Naming guidelines  All Active Directory domain names should be static  Keep it short, simple, and easy to remember  Use standard DNS characters  Limit it to 63 characters including the periods  The Fully Qualified Domain Name (FQDN) can be up to 255 characters (Skill 8)

85 1.85 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure  Sites  Map to the physical structure of an organization  Participate actively in the user logon and authentication process  Play an important role in the directory replication process (Skill 9)

86 1.86 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure (2)  Directory replication  Can take place within a site or between sites  Within a site, Active Directory automatically generates a replication topology  You can disable Active Directory’s automatic creation of connection objects by manually creating connection objects, and thus control intra-site replication (Skill 9)

87 1.87 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-22 Replication within a site using a ring topology (Skill 9)

88 1.88 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure (3)  Site planning guidelines  Decide which domain controller the computers on a given subnet should use  To optimize logon traffic, ensure the availability of at least one domain controller per site  To optimize inter-site replication, configure replication so that it occurs when network traffic is light (Skill 9)

89 1.89 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure (4)  Site planning guidelines  Configure a powerful server as the preferred bridgehead server for inter-site replication  The bridgehead server is the only server in a site that is allowed to replicate to other sites  Reduces the amount of replication traffic between sites, because all servers are not attempting to replicate with all other servers (Skill 9)

90 1.90 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-23 Using a bridgehead server for inter-site replication (Skill 9)

91 1.91 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure (5)  Site planning site guidelines  Place your domain controllers in the correct sites  By default, clients will choose the correct site each time they get a new IP address  Domain controllers only choose a site when they are first created, and must be manually moved thereafter (Skill 9)

Download ppt "1.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure."

Similar presentations

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Introduction to Active Directory

Introduction to Active Directory
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.

Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Active Directory

Module 1: Introduction to Active Directory

Similar presentations

Ads by Google