Download presentation
Presentation is loading. Please wait.
1
1.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Goals Introduce Active Directory Identify the functions and features of Active Directory Introduce Active Directory architecture Introduce Active Directory objects Examine the logical and physical structure of Active Directory Examine more Active Directory concepts Plan a domain structure Plan a domain namespace Examine guidelines for planning a site structure
2
1.2 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Active Directory database Stores information about users, groups, domains, and objects on a network Allows you to centrally access and administer the information Provides an unique identity for each object called a Security ID (SID) (Skill 1) Introducing Active Directory
3
1.3 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory (2) Active Directory database Allows you to access and administer the directory service globally, unlike decentralized network models Reduces the effort required to complete day-to-day administrative tasks, such as managing users and resources (Skill 1)
4
1.4 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-1 Active Directory (Skill 1)
5
1.5 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory (3) Windows NT Introduced the concept of a directory service based on domains that provide a single point of authentication for all users on a network Limitations prevent it from being used effectively in large networks Has only one writable copy of the database, which leads to a single point of failure for Write operations Trust relationships between domains must be built manually (Skill 1)
6
1.6 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory (4) Active Directory’s advantages over Windows NT Most trust relationships within a single forest are created automatically Makes it possible for Active Directory to provide scalability in large business organizations (Skill 1)
7
1.7 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory Active Directory features make it a reliable and secure directory service Policy-based administration Active Directory makes network administration easier by using Group Policies Using this feature, an administrator can make complex modifications to the user’s environment, assign rights, configure network security, and install software to collections of users or computers (Skill 2)
8
1.8 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (2) Active Directory features make it a reliable and secure directory service Increased security of information Windows Server 2003 supports protection of both stored data and network data Stored data can be protected using Encrypting File System (EFS) and permissions (Skill 2)
9
1.9 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (3) Active Directory features make it a reliable and secure directory service Integration with Domain Name System (DNS) DNS is a naming service that translates host names into numeric IP addresses Active Directory uses standard DNS naming conventions for domains (Skill 2)
10
1.10 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (4) Active Directory features make it a reliable and secure directory service Extensibility Active Directory allows nearly any type of information to be added to the database because it has an extensible schema Schema contains a list of all possible object types (object classes), their attributes, and relationships allowed between objects (Skill 2)
11
1.11 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (5) Active Directory features make it a reliable and secure directory service Scalability Active Directory can store anywhere from a small number to millions of objects An object automatically inherits the permissions of the container into which it is placed (Skill 2)
12
1.12 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (6) Active Directory features make it a reliable and secure directory service Information replication Active Directory automatically replicates the contents of its database across every domain controller in the domain Compatibility with other directory services Active Directory is based on protocols, such as LDAP, HTTP, and NSPI, so it is compatible with other directory services that use these protocols (Skill 2)
13
1.13 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Identifying the Functions and Features of Active Directory (7) Active Directory features make it a reliable and secure directory service Mutual authentication Active Directory utilizes Kerberos as the default authentication mechanism Kerberos is an industry-standard, high-security mutual authentication mechanism that provides increased security for logon information (Skill 2)
14
1.14 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture Windows Server 2003 architecture has two primary layers User mode Kernel mode (Skill 3)
15
1.15 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture (2) User mode layer The interface between applications and the kernel mode layer Accepts requests from an application and forwards them to the kernel for processing (Skill 3)
16
1.16 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture (3) Components of the user mode layer Environment subsystems Provide interfaces for applications to interact with the kernel and integral subsystems The environment subsystem components make applications run by providing Application Programming Interfaces (APIs) (Skill 3)
17
1.17 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture (4) Components of the user mode layer Integral subsystems Perform important operating system functions such as security and session management Security subsystem receives logon requests and initiates logon authentication Workstation Service enables a client computer to access the network Server Service allows a Windows Server 2003 to share network resources (Skill 3)
18
1.18 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-2 Location of Active Directory within the Windows Server 2003 architecture (Skill 3)
19
1.19 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Architecture (5) Kernel mode layer Communicates with system data and hardware to process any input/output requests made by a user Operates in a protected area of memory Is responsible for executing I/O requests Prioritizes hardware and software interrupts based on the precedence of the application or service making the request (Skill 3)
20
1.20 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Components of the kernel mode layer Executive Performs I/O functions, object management, and security functions Has a number of subcomponents Provides security guidelines for the user mode layer Introduce Active Directory Architecture (6) (Skill 3)
21
1.21 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Components of the kernel mode layer Microkernel, which manages the computer’s processors Kernel mode drivers, which take requests from applications and translate them into hardware functions Hardware Abstraction Layer (HAL), which provides the interface between the other software layers and the core hardware Introducing Active Directory Architecture (7) (Skill 3)
22
1.22 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Active Directory is made up of three service layers and the underlying Data Store Directory System Agent (DSA) Provides the interface for application calls made to the directory Supports the protocols that enable clients to gain access to the Active Directory LDAP/ADSI SAM MAPI REPL Introducing Active Directory Architecture (8) (Skill 3)
23
1.23 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Database Layer Access calls to the database go through the Database Layer Acts as an abstraction layer between the applications that make the access calls and the database Extensible Storage Engine (ESE) Has direct contact with the records in the directory data store Based on an object’s relative distinguished name attribute Introducing Active Directory Architecture (9) (Skill 3)
24
1.24 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Data Store (Ntds.dit) Contains the records that make up the Active Directory database Stored by default in the \%systemroot%\NTDS folder on the domain controller Administered from Active Directory Restore Mode using Ntdsutil.exe, located in the system32 folder in the %systemroot% folder Introducing Active Directory Architecture (10) (Skill 3)
25
1.25 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-3 Active Directory architecture (Skill 3)
26
1.26 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects Active Directory Treats each domain resource as an object Each object is represented by distinct characteristics known as attributes (Skill 4)
27
1.27 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (2) Types of Active Directory objects User accounts Store the logon information for the users in a domain A domain acts as a security boundary: assuming no trusts are in place, users can only access objects within their own domains (Skill 4)
28
1.28 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-4 Objects and their attributes (Skill 4)
29
1.29 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (3) Types of Active Directory objects Contacts Used to store information about any person or organization that has business relations with your organization Contacts information includes name, address, telephone number, and e-mail address (Skill 4)
30
1.30 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (4) Types of Active Directory objects Computers Computer objects store information about computers that are members of a domain Information includes computer name, description, and other attributes (Skill 4)
31
1.31 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (5) Types of Active Directory objects Groups Used to apply permissions across large numbers of users, computers, and groups They are not strictly containers, but have membership lists that define which objects are members of the group (Skill 4)
32
1.32 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (6) Types of Active Directory objects Published folders Shared folders that have been listed in Active Directory When you publish a folder in Active Directory, you create an object that stores a pointer to the folder (Skill 4)
33
1.33 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (7) Types of Active Directory objects Printers A printer is represented by a printer object that contains a pointer to the printer on a computer A Windows Server 2003 print server automatically detects and publishes printers to Active Directory (Skill 4)
34
1.34 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (8) Types of Active Directory objects Domain controllers A Windows Server 2003 computer that authenticates user logon attempts and exchanges the directory information with other domain controllers Exchanging directory information is called replication In Active Directory, domain controllers use multimaster replication to exchange directory information with other domain controllers in a domain No single domain controller is responsible for replication and all of the domain controllers act as peers (Skill 4)
35
1.35 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (9) Types of Active Directory objects Domain controllers Each domain controller is represented by a Domain Controller object in Active Directory You can store the Domain Name System (DNS) name, pre-Windows Server 2003 name, operating system version, location, and name of the administrator in this object Domain controllers also handle a user’s interactions with a domain such as locating objects and logon requests (Skill 4)
36
1.36 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introduce Active Directory Objects (10) Types of Active Directory objects Organizational units (OUs) Container objects that can store groups, users, computers, and other OUs Used to organize the objects in the domain, to delegate control over a small portion of the domain, and to apply Group Policy to a select group of objects Only one OU exists by default It is recommended that you create additional OUs based on your administrative needs (Skill 4)
37
1.37 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-5 A typical Active Directory hierarchy (Skill 4)
38
1.38 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-6 Active Directory objects (Skill 4)
39
1.39 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (11) In Active Directory, you use names to locate objects in a network Naming conventions that Active Directory supports Distinguished name (DN) A unique name for every object in a network It includes the name of the domain that holds the object and the complete path to the object through the container hierarchy (Skill 4)
40
1.40 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (12) Naming conventions that Active Directory supports Relative distinguished name (RDN) Derived from the DN The RDN of an object is simply the object’s name Globally unique identifier (GUID) A unique 128-bit number assigned to an object at the time of its creation The GUID for an object does not change even when you move or rename the object (Skill 4)
41
1.41 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Introducing Active Directory Objects (13) Naming conventions that Active Directory supports User principal name (UPN) Consists of the first name and last name attributes for a user Consists of the UPN suffix, which is usually the DNS name of the domain where the user is located (Skill 4)
42
1.42 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-7 Examples of naming conventions (Skill 4)
43
1.43 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory Objects in Active Directory can be organized logically and physically Logical structure Consists of domains, trees, and forests Besides being Active Directory objects, OUs are also part of the logical structure Physical structure Consists of sites Domain controllers are also part of the physical structure, as well as being Active Directory objects (Skill 5)
44
1.44 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (2) Components of the logical structure Domains In Active Directory, domains represent the core unit of the logical structure Used to represent the administrative boundaries of your organization Store information only about the objects they contain Can span multiple physical locations (Skill 5)
45
1.45 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-8 A domain structure in an organization (Skill 5)
46
1.46 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (3) Components of the logical structure Trees Formed when you add one or more child domains to the top-level domain (also known as the root of the tree) Follows a contiguous naming scheme where every child domain (subdomain) in the tree derives its name from the root domain Implicit two-way transitive trust exists between the parent domains and the child domains in a domain tree, which is a type of a logical link, automatically established between domains (Skill 5)
47
1.47 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-9 A tree structure in Active Directory (Skill 5)
48
1.48 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (4) Components of the logical structure Forests Collection of domains that share a common schema, global catalog, and configuration All domains in a forest share a common schema and a common global catalog, which allows all domains within a forest to contain uniform information Although domains in a forest operate independently, they communicate with each other because all domain trees in a forest share a common schema (Skill 5)
49
1.49 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examine the Logical and Physical Structure of Active Directory (5) Components of the logical structure Forests All domains in a forest share a common global catalog Forests allow a disjointed naming scheme where the names of domain trees may not be related to one another In a forest, an implicit two-way transitive trust exists between the root domains of domain trees and the root of the forest (Skill 5)
50
1.50 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-10 A forest structure in Active Directory (Skill 5)
51
1.51 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (6) Components of the logical structure Sites Logical representations of a physical location within Active Directory Subnets are always associated with sites Allows clients to determine the site to which they belong Allows clients to use a domain controller located in its physical site (Skill 5)
52
1.52 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining the Logical and Physical Structure of Active Directory (7) Components of the logical structure Sites Used to control replication traffic between physical locations Logical structure of Active Directory is different from the physical structure A site can span multiple domains A domain can span multiple sites (Skill 5)
53
1.53 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-11 Structure of a site (Skill 5)
54
1.54 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts Global catalog Stores information about all objects in a forest By default, the global catalog is created on the first domain controller in a forest, known as a global catalog server Whenever object information is updated, a global catalog server exchanges this information with other global catalog servers in a forest (Skill 6)
55
1.55 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (2) Global catalog In a single domain, the global catalog stores information about all of the objects in that domain In multiple domains, the global catalog stores a full replica of information about objects belonging to its domain and a partial replica of information for objects belonging to other domains You can add global catalog servers to a forest to provide backup for the default global catalog server (Skill 6)
56
1.56 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-12 The function of the global catalog (Skill 6)
57
1.57 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (3) Global catalog Global catalog servers also participate in logons in Windows 2000 native mode Perform Universal Principal Name (UPN) lookups Provide universal group storage Handles user and program-related queries about objects Can quickly resolve a query about an object anywhere in the forest (Skill 6)
58
1.58 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (4) Trust relationships A trust is a connection between domains allowing users from one or both domains to be granted access to resources in the opposing domain In a multi-domain environment, trusts allow users to access resources in other domains without the need to log on to each domain separately Trusts allow users to log on to their own domain on computers that are members of a different domain (Skill 6)
59
1.59 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (5) Trusts come in four basic forms One-way trusts allow a domain to access another domain’s resources, but not vice-versa Two-way trusts allow both domains to access each other’s resources Transitive trusts follow through, meaning they pass from domain to domain Non-transitive trusts do not follow through, so each domain must explicitly trust the other domains (Skill 6)
60
1.60 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-13 Simple one-way trusts (Skill 6)
61
1.61 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-14 An additional trust from domain A to domain C (Skill 6)
62
1.62 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-15 Trusting and trusted domains (Skill 6)
63
1.63 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-16 Two-way trusts (Skill 6)
64
1.64 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (6) Five basic names for describing the type of trust Default trust Automatically established between the forest root domain and the root of each tree in the forest, as well as between each child domain and each parent domain Are always two-way and transitive Inter-forest trust Established between two Windows Server 2003 forest root domains Either one-way or two-way, and always transitive (Skill 6)
65
1.65 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (7) Five basic names for describing the type of trust Shortcut trust Established to reduce the normal Kerberos trust resolution path between domains when there are a large number of domains that are widely geographically dispersed Can be one-way or two-way, are always transitive Can only be established within a single forest (Skill 6)
66
1.66 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-17 Use of shortcut trusts (Skill 6)
67
1.67 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (8) Five basic names for describing the type of trust External trust Established between different Windows 2000 forests, between Windows Server 2003 and Windows 2000 forests, and between Windows NT and Windows 2000 or Server 2003 domains Are always an NT trust; that is, an external trust is always one-way and non-transitive Used to connect Windows 2000 domains and Unix Kerberos realms (Skill 6)
68
1.68 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (9) Five basic names for describing the type of trust Realm trust Established between a Windows Server 2003 domain and a Unix Kerberos realm A Kerberos realm is similar to a domain in Active Directory Can either be one-way or two-way Can be transitive or non-transitive (Skill 6)
69
1.69 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Examining More Active Directory Concepts (10) Domain Name System (DNS) Active Directory uses DNS as its name resolution service The computer running this service is known as a DNS name server DNS helps computers to locate other computers on a network DNS organizes domains in a hierarchical structure using a naming scheme called the domain namespace (Skill 6)
70
1.70 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Domain Name System (DNS) Computers in a domain use this service to locate domain controllers in the domain DNS zones A DNS server typically holds a copy of the DNS zone for a given domain or collection of contiguous domains The DNS zone is contained in a file known as the zone database file, typically called the zone file (Skill 6) Examining More Active Directory Concepts (11)
71
1.71 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning Domain Structure In Active Directory, domain structure is primarily dependent on administrative needs In Windows Server 2003 Domains are simply administrative boundaries Best to use a single domain model if at all possible Domain models are broadly classified into two categories Single domain model Multiple domain model (Skill 7)
72
1.72 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning Domain Structure (2) Single domain model Easy to manage and administer because the administrative boundary is clearly defined Suitable for any organization that follows a truly centralized administrative model Easy to set up because only a single domain must be configured (Skill 7)
73
1.73 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning Domain Structure (3) Multiple domain model Typically only appropriate in three specific situations To separate domain-level administrative privileges To separate account policies To control localized traffic (Skill 7)
74
1.74 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-18 Domain models (Skill 7)
75
1.75 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-19 Account Policies (Skill 7)
76
1.76 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace Choose a unique domain name for your organization Register it with an organization that manages Internet DNS namespaces This organization adds an entry pointing to the authoritative name servers for your domain on the top- level name servers on the Internet Use this domain name to host the Web site for your organization on the Internet (Skill 8)
77
1.77 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (2) DNS namespace types Internal External Hybrid (Skill 8)
78
1.78 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (3) Internal namespace Is not resolvable by hosts who are using public (Internet) DNS servers Only used for internal clients Is well-suited for hosting Active Directory due to increased security (Skill 8)
79
1.79 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (4) External namespace Is resolvable from any client on the Internet Is required for Internet-accessible resources, such as Web sites Is typically a poor choice for hosting Active Directory due to the potential lack of security it provides (Skill 8)
80
1.80 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (5) Hybrid namespace One design method provides the best of both worlds by dividing your namespace into two zones One for public access One for private access One design method involves delegating a DNS subdomain as the root of your internal structure (Skill 8)
81
1.81 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-20 Hybrid namespace with DNS sub-domain (Skill 8)
82
1.82 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (6) Hybrid namespace Another design method involves creating two disconnected zones for the same name Create two separate zones for your domain on two separate servers Place the publicly accessible records on the external server, which is outside of the firewall Place both the public and private records on the internal server, which is behind the firewall This solution reduces naming convention confusion for users (Skill 8)
83
1.83 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-21 Hybrid namespace with two disconnected zones (Skill 8)
84
1.84 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Planning a Domain Namespace (7) Naming guidelines All Active Directory domain names should be static Keep it short, simple, and easy to remember Use standard DNS characters Limit it to 63 characters including the periods The Fully Qualified Domain Name (FQDN) can be up to 255 characters (Skill 8)
85
1.85 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure Sites Map to the physical structure of an organization Participate actively in the user logon and authentication process Play an important role in the directory replication process (Skill 9)
86
1.86 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure (2) Directory replication Can take place within a site or between sites Within a site, Active Directory automatically generates a replication topology You can disable Active Directory’s automatic creation of connection objects by manually creating connection objects, and thus control intra-site replication (Skill 9)
87
1.87 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-22 Replication within a site using a ring topology (Skill 9)
88
1.88 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure (3) Site planning guidelines Decide which domain controller the computers on a given subnet should use To optimize logon traffic, ensure the availability of at least one domain controller per site To optimize inter-site replication, configure replication so that it occurs when network traffic is light (Skill 9)
89
1.89 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure (4) Site planning guidelines Configure a powerful server as the preferred bridgehead server for inter-site replication The bridgehead server is the only server in a site that is allowed to replicate to other sites Reduces the amount of replication traffic between sites, because all servers are not attempting to replicate with all other servers (Skill 9)
90
1.90 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Figure 1-23 Using a bridgehead server for inter-site replication (Skill 9)
91
1.91 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure Lesson 1: Introducing Active Directory Services in Windows Server 2003 Guidelines for Planning a Site Structure (5) Site planning site guidelines Place your domain controllers in the correct sites By default, clients will choose the correct site each time they get a new IP address Domain controllers only choose a site when they are first created, and must be manually moved thereafter (Skill 9)
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.