Presentation is loading. Please wait.

Presentation is loading. Please wait.

1.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Similar presentations


Presentation on theme: "1.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure."— Presentation transcript:

1 1.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Goals  Introduce Active Directory  Identify the functions and features of Active Directory  Introduce Active Directory architecture  Introduce Active Directory objects  Examine the logical and physical structure of Active Directory  Examine more Active Directory concepts  Plan a domain structure  Plan a domain namespace  Examine guidelines for planning a site structure

2 1.2 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Active Directory database  Stores information about users, groups, domains, and objects on a network  Allows you to centrally access and administer the information  Provides an unique identity for each object called a Security ID (SID) (Skill 1) Introducing Active Directory

3 1.3 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory (2) Active Directory database  Allows you to access and administer the directory service globally, unlike decentralized network models  Reduces the effort required to complete day-to-day administrative tasks, such as managing users and resources (Skill 1)

4 1.4 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-1 Active Directory (Skill 1)

5 1.5 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory (3) Windows NT  Introduced the concept of a directory service based on domains that provide a single point of authentication for all users on a network  Limitations prevent it from being used effectively in large networks  Has only one writable copy of the database, which leads to a single point of failure for Write operations  Trust relationships between domains must be built manually (Skill 1)

6 1.6 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory (4)  Active Directory’s advantages over Windows NT  Most trust relationships within a single forest are created automatically  Makes it possible for Active Directory to provide scalability in large business organizations (Skill 1)

7 1.7 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory  Active Directory features make it a reliable and secure directory service  Policy-based administration  Active Directory makes network administration easier by using Group Policies  Using this feature, an administrator can make complex modifications to the user’s environment, assign rights, configure network security, and install software to collections of users or computers (Skill 2)

8 1.8 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (2)  Active Directory features make it a reliable and secure directory service  Increased security of information  Windows Server 2003 supports protection of both stored data and network data  Stored data can be protected using Encrypting File System (EFS) and permissions (Skill 2)

9 1.9 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (3)  Active Directory features make it a reliable and secure directory service  Integration with Domain Name System (DNS)  DNS is a naming service that translates host names into numeric IP addresses  Active Directory uses standard DNS naming conventions for domains (Skill 2)

10 1.10 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (4)  Active Directory features make it a reliable and secure directory service  Extensibility  Active Directory allows nearly any type of information to be added to the database because it has an extensible schema  Schema contains a list of all possible object types (object classes), their attributes, and relationships allowed between objects (Skill 2)

11 1.11 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (5)  Active Directory features make it a reliable and secure directory service  Scalability  Active Directory can store anywhere from a small number to millions of objects  An object automatically inherits the permissions of the container into which it is placed (Skill 2)

12 1.12 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (6)  Active Directory features make it a reliable and secure directory service  Information replication  Active Directory automatically replicates the contents of its database across every domain controller in the domain  Compatibility with other directory services  Active Directory is based on protocols, such as LDAP, HTTP, and NSPI, so it is compatible with other directory services that use these protocols (Skill 2)

13 1.13 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (7)  Active Directory features make it a reliable and secure directory service  Mutual authentication  Active Directory utilizes Kerberos as the default authentication mechanism  Kerberos is an industry-standard, high-security mutual authentication mechanism that provides increased security for logon information (Skill 2)

14 1.14 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture  Windows Server 2003 architecture has two primary layers  User mode  Kernel mode (Skill 3)

15 1.15 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture (2)  User mode layer  The interface between applications and the kernel mode layer  Accepts requests from an application and forwards them to the kernel for processing (Skill 3)

16 1.16 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture (3)  Components of the user mode layer  Environment subsystems  Provide interfaces for applications to interact with the kernel and integral subsystems  The environment subsystem components make applications run by providing Application Programming Interfaces (APIs) (Skill 3)

17 1.17 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture (4)  Components of the user mode layer  Integral subsystems  Perform important operating system functions such as security and session management  Security subsystem receives logon requests and initiates logon authentication  Workstation Service enables a client computer to access the network  Server Service allows a Windows Server 2003 to share network resources (Skill 3)

18 1.18 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-2 Location of Active Directory within the Windows Server 2003 architecture (Skill 3)

19 1.19 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture (5)  Kernel mode layer  Communicates with system data and hardware to process any input/output requests made by a user  Operates in a protected area of memory  Is responsible for executing I/O requests  Prioritizes hardware and software interrupts based on the precedence of the application or service making the request (Skill 3)

20 1.20 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003  Components of the kernel mode layer  Executive  Performs I/O functions, object management, and security functions  Has a number of subcomponents  Provides security guidelines for the user mode layer Introduce Active Directory Architecture (6) (Skill 3)

21 1.21 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003  Components of the kernel mode layer  Microkernel, which manages the computer’s processors  Kernel mode drivers, which take requests from applications and translate them into hardware functions  Hardware Abstraction Layer (HAL), which provides the interface between the other software layers and the core hardware Introducing Active Directory Architecture (7) (Skill 3)

22 1.22 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003  Active Directory is made up of three service layers and the underlying Data Store  Directory System Agent (DSA)  Provides the interface for application calls made to the directory  Supports the protocols that enable clients to gain access to the Active Directory  LDAP/ADSI  SAM  MAPI  REPL Introducing Active Directory Architecture (8) (Skill 3)

23 1.23 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003  Database Layer  Access calls to the database go through the Database Layer  Acts as an abstraction layer between the applications that make the access calls and the database  Extensible Storage Engine (ESE)  Has direct contact with the records in the directory data store  Based on an object’s relative distinguished name attribute Introducing Active Directory Architecture (9) (Skill 3)

24 1.24 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003  Data Store (Ntds.dit)  Contains the records that make up the Active Directory database  Stored by default in the \%systemroot%\NTDS folder on the domain controller  Administered from Active Directory Restore Mode using Ntdsutil.exe, located in the system32 folder in the %systemroot% folder Introducing Active Directory Architecture (10) (Skill 3)

25 1.25 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-3 Active Directory architecture (Skill 3)

26 1.26 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects  Active Directory  Treats each domain resource as an object  Each object is represented by distinct characteristics known as attributes (Skill 4)

27 1.27 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (2)  Types of Active Directory objects  User accounts  Store the logon information for the users in a domain  A domain acts as a security boundary: assuming no trusts are in place, users can only access objects within their own domains (Skill 4)

28 1.28 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-4 Objects and their attributes (Skill 4)

29 1.29 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (3)  Types of Active Directory objects  Contacts  Used to store information about any person or organization that has business relations with your organization  Contacts information includes name, address, telephone number, and e-mail address (Skill 4)

30 1.30 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (4)  Types of Active Directory objects  Computers  Computer objects store information about computers that are members of a domain  Information includes computer name, description, and other attributes (Skill 4)

31 1.31 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (5)  Types of Active Directory objects  Groups  Used to apply permissions across large numbers of users, computers, and groups  They are not strictly containers, but have membership lists that define which objects are members of the group (Skill 4)

32 1.32 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (6)  Types of Active Directory objects  Published folders  Shared folders that have been listed in Active Directory  When you publish a folder in Active Directory, you create an object that stores a pointer to the folder (Skill 4)

33 1.33 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (7)  Types of Active Directory objects  Printers  A printer is represented by a printer object that contains a pointer to the printer on a computer  A Windows Server 2003 print server automatically detects and publishes printers to Active Directory (Skill 4)

34 1.34 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (8)  Types of Active Directory objects  Domain controllers  A Windows Server 2003 computer that authenticates user logon attempts and exchanges the directory information with other domain controllers  Exchanging directory information is called replication  In Active Directory, domain controllers use multimaster replication to exchange directory information with other domain controllers in a domain  No single domain controller is responsible for replication and all of the domain controllers act as peers (Skill 4)

35 1.35 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (9)  Types of Active Directory objects  Domain controllers  Each domain controller is represented by a Domain Controller object in Active Directory  You can store the Domain Name System (DNS) name, pre-Windows Server 2003 name, operating system version, location, and name of the administrator in this object  Domain controllers also handle a user’s interactions with a domain such as locating objects and logon requests (Skill 4)

36 1.36 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introduce Active Directory Objects (10)  Types of Active Directory objects  Organizational units (OUs)  Container objects that can store groups, users, computers, and other OUs  Used to organize the objects in the domain, to delegate control over a small portion of the domain, and to apply Group Policy to a select group of objects  Only one OU exists by default  It is recommended that you create additional OUs based on your administrative needs (Skill 4)

37 1.37 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-5 A typical Active Directory hierarchy (Skill 4)

38 1.38 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-6 Active Directory objects (Skill 4)

39 1.39 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (11)  In Active Directory, you use names to locate objects in a network  Naming conventions that Active Directory supports  Distinguished name (DN)  A unique name for every object in a network  It includes the name of the domain that holds the object and the complete path to the object through the container hierarchy (Skill 4)

40 1.40 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (12)  Naming conventions that Active Directory supports  Relative distinguished name (RDN)  Derived from the DN  The RDN of an object is simply the object’s name  Globally unique identifier (GUID)  A unique 128-bit number assigned to an object at the time of its creation  The GUID for an object does not change even when you move or rename the object (Skill 4)

41 1.41 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (13)  Naming conventions that Active Directory supports  User principal name (UPN)  Consists of the first name and last name attributes for a user  Consists of the UPN suffix, which is usually the DNS name of the domain where the user is located (Skill 4)

42 1.42 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-7 Examples of naming conventions (Skill 4)

43 1.43 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory  Objects in Active Directory can be organized logically and physically  Logical structure  Consists of domains, trees, and forests  Besides being Active Directory objects, OUs are also part of the logical structure  Physical structure  Consists of sites  Domain controllers are also part of the physical structure, as well as being Active Directory objects (Skill 5)

44 1.44 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (2)  Components of the logical structure  Domains  In Active Directory, domains represent the core unit of the logical structure  Used to represent the administrative boundaries of your organization  Store information only about the objects they contain  Can span multiple physical locations (Skill 5)

45 1.45 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-8 A domain structure in an organization (Skill 5)

46 1.46 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (3)  Components of the logical structure  Trees  Formed when you add one or more child domains to the top-level domain (also known as the root of the tree)  Follows a contiguous naming scheme where every child domain (subdomain) in the tree derives its name from the root domain  Implicit two-way transitive trust exists between the parent domains and the child domains in a domain tree, which is a type of a logical link, automatically established between domains (Skill 5)

47 1.47 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-9 A tree structure in Active Directory (Skill 5)

48 1.48 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (4)  Components of the logical structure  Forests  Collection of domains that share a common schema, global catalog, and configuration  All domains in a forest share a common schema and a common global catalog, which allows all domains within a forest to contain uniform information  Although domains in a forest operate independently, they communicate with each other because all domain trees in a forest share a common schema (Skill 5)

49 1.49 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examine the Logical and Physical Structure of Active Directory (5)  Components of the logical structure  Forests  All domains in a forest share a common global catalog  Forests allow a disjointed naming scheme where the names of domain trees may not be related to one another  In a forest, an implicit two-way transitive trust exists between the root domains of domain trees and the root of the forest (Skill 5)

50 1.50 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-10 A forest structure in Active Directory (Skill 5)

51 1.51 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (6)  Components of the logical structure  Sites  Logical representations of a physical location within Active Directory  Subnets are always associated with sites  Allows clients to determine the site to which they belong  Allows clients to use a domain controller located in its physical site (Skill 5)

52 1.52 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (7)  Components of the logical structure  Sites  Used to control replication traffic between physical locations  Logical structure of Active Directory is different from the physical structure  A site can span multiple domains  A domain can span multiple sites (Skill 5)

53 1.53 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-11 Structure of a site (Skill 5)

54 1.54 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts  Global catalog  Stores information about all objects in a forest  By default, the global catalog is created on the first domain controller in a forest, known as a global catalog server  Whenever object information is updated, a global catalog server exchanges this information with other global catalog servers in a forest (Skill 6)

55 1.55 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (2)  Global catalog  In a single domain, the global catalog stores information about all of the objects in that domain  In multiple domains, the global catalog stores a full replica of information about objects belonging to its domain and a partial replica of information for objects belonging to other domains  You can add global catalog servers to a forest to provide backup for the default global catalog server (Skill 6)

56 1.56 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-12 The function of the global catalog (Skill 6)

57 1.57 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (3)  Global catalog  Global catalog servers also participate in logons in Windows 2000 native mode  Perform Universal Principal Name (UPN) lookups  Provide universal group storage  Handles user and program-related queries about objects  Can quickly resolve a query about an object anywhere in the forest (Skill 6)

58 1.58 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (4)  Trust relationships  A trust is a connection between domains allowing users from one or both domains to be granted access to resources in the opposing domain  In a multi-domain environment, trusts allow users to access resources in other domains without the need to log on to each domain separately  Trusts allow users to log on to their own domain on computers that are members of a different domain (Skill 6)

59 1.59 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (5)  Trusts come in four basic forms  One-way trusts allow a domain to access another domain’s resources, but not vice-versa  Two-way trusts allow both domains to access each other’s resources  Transitive trusts follow through, meaning they pass from domain to domain  Non-transitive trusts do not follow through, so each domain must explicitly trust the other domains (Skill 6)

60 1.60 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-13 Simple one-way trusts (Skill 6)

61 1.61 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-14 An additional trust from domain A to domain C (Skill 6)

62 1.62 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-15 Trusting and trusted domains (Skill 6)

63 1.63 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-16 Two-way trusts (Skill 6)

64 1.64 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (6)  Five basic names for describing the type of trust  Default trust  Automatically established between the forest root domain and the root of each tree in the forest, as well as between each child domain and each parent domain  Are always two-way and transitive  Inter-forest trust  Established between two Windows Server 2003 forest root domains  Either one-way or two-way, and always transitive (Skill 6)

65 1.65 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (7)  Five basic names for describing the type of trust  Shortcut trust  Established to reduce the normal Kerberos trust resolution path between domains when there are a large number of domains that are widely geographically dispersed  Can be one-way or two-way, are always transitive  Can only be established within a single forest (Skill 6)

66 1.66 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-17 Use of shortcut trusts (Skill 6)

67 1.67 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (8)  Five basic names for describing the type of trust  External trust  Established between different Windows 2000 forests, between Windows Server 2003 and Windows 2000 forests, and between Windows NT and Windows 2000 or Server 2003 domains  Are always an NT trust; that is, an external trust is always one-way and non-transitive  Used to connect Windows 2000 domains and Unix Kerberos realms (Skill 6)

68 1.68 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (9)  Five basic names for describing the type of trust  Realm trust  Established between a Windows Server 2003 domain and a Unix Kerberos realm  A Kerberos realm is similar to a domain in Active Directory  Can either be one-way or two-way  Can be transitive or non-transitive (Skill 6)

69 1.69 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (10)  Domain Name System (DNS)  Active Directory uses DNS as its name resolution service  The computer running this service is known as a DNS name server  DNS helps computers to locate other computers on a network  DNS organizes domains in a hierarchical structure using a naming scheme called the domain namespace (Skill 6)

70 1.70 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003  Domain Name System (DNS)  Computers in a domain use this service to locate domain controllers in the domain  DNS zones  A DNS server typically holds a copy of the DNS zone for a given domain or collection of contiguous domains  The DNS zone is contained in a file known as the zone database file, typically called the zone file (Skill 6) Examining More Active Directory Concepts (11)

71 1.71 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning Domain Structure  In Active Directory, domain structure is primarily dependent on administrative needs  In Windows Server 2003  Domains are simply administrative boundaries  Best to use a single domain model if at all possible  Domain models are broadly classified into two categories  Single domain model  Multiple domain model (Skill 7)

72 1.72 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning Domain Structure (2)  Single domain model  Easy to manage and administer because the administrative boundary is clearly defined  Suitable for any organization that follows a truly centralized administrative model  Easy to set up because only a single domain must be configured (Skill 7)

73 1.73 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning Domain Structure (3)  Multiple domain model  Typically only appropriate in three specific situations  To separate domain-level administrative privileges  To separate account policies  To control localized traffic (Skill 7)

74 1.74 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-18 Domain models (Skill 7)

75 1.75 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-19 Account Policies (Skill 7)

76 1.76 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace  Choose a unique domain name for your organization  Register it with an organization that manages Internet DNS namespaces  This organization adds an entry pointing to the authoritative name servers for your domain on the top- level name servers on the Internet  Use this domain name to host the Web site for your organization on the Internet (Skill 8)

77 1.77 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (2)  DNS namespace types  Internal  External  Hybrid (Skill 8)

78 1.78 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (3)  Internal namespace  Is not resolvable by hosts who are using public (Internet) DNS servers  Only used for internal clients  Is well-suited for hosting Active Directory due to increased security (Skill 8)

79 1.79 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (4)  External namespace  Is resolvable from any client on the Internet  Is required for Internet-accessible resources, such as Web sites  Is typically a poor choice for hosting Active Directory due to the potential lack of security it provides (Skill 8)

80 1.80 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (5)  Hybrid namespace  One design method provides the best of both worlds by dividing your namespace into two zones  One for public access  One for private access  One design method involves delegating a DNS subdomain as the root of your internal structure (Skill 8)

81 1.81 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-20 Hybrid namespace with DNS sub-domain (Skill 8)

82 1.82 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (6)  Hybrid namespace  Another design method involves creating two disconnected zones for the same name  Create two separate zones for your domain on two separate servers  Place the publicly accessible records on the external server, which is outside of the firewall  Place both the public and private records on the internal server, which is behind the firewall  This solution reduces naming convention confusion for users (Skill 8)

83 1.83 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-21 Hybrid namespace with two disconnected zones (Skill 8)

84 1.84 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (7)  Naming guidelines  All Active Directory domain names should be static  Keep it short, simple, and easy to remember  Use standard DNS characters  Limit it to 63 characters including the periods  The Fully Qualified Domain Name (FQDN) can be up to 255 characters (Skill 8)

85 1.85 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure  Sites  Map to the physical structure of an organization  Participate actively in the user logon and authentication process  Play an important role in the directory replication process (Skill 9)

86 1.86 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure (2)  Directory replication  Can take place within a site or between sites  Within a site, Active Directory automatically generates a replication topology  You can disable Active Directory’s automatic creation of connection objects by manually creating connection objects, and thus control intra-site replication (Skill 9)

87 1.87 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-22 Replication within a site using a ring topology (Skill 9)

88 1.88 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure (3)  Site planning guidelines  Decide which domain controller the computers on a given subnet should use  To optimize logon traffic, ensure the availability of at least one domain controller per site  To optimize inter-site replication, configure replication so that it occurs when network traffic is light (Skill 9)

89 1.89 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure (4)  Site planning guidelines  Configure a powerful server as the preferred bridgehead server for inter-site replication  The bridgehead server is the only server in a site that is allowed to replicate to other sites  Reduces the amount of replication traffic between sites, because all servers are not attempting to replicate with all other servers (Skill 9)

90 1.90 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-23 Using a bridgehead server for inter-site replication (Skill 9)

91 1.91 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure (5)  Site planning site guidelines  Place your domain controllers in the correct sites  By default, clients will choose the correct site each time they get a new IP address  Domain controllers only choose a site when they are first created, and must be manually moved thereafter (Skill 9)


Download ppt "1.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure."

Similar presentations


Ads by Google