Active Directories: Purpose and Structure Chrystom Ciganko IFMG352 Final Presentation

What is Active Directory? Directory service used to store information about objects within a domain, to organize these objects, and to centralize a network

Goals of AD High Scalability Compatibility with older NOS's Administration is simplified

DNS Absolutely vital for AD  Must be correctly configured or AD will not work AD's locating server All servers must be registered in the DNS Points the user (unaware) to the proper authentication server for login

Standards used by AD Kerberos for authentication X.500 for structure X.509 for cert-based authentication DNS for ease of machine communication LDAP for authorization

Active Directory structure Hierarchical framework of objects Objects: Resources(printers)‏ Services( )‏ Users(accounts and groups)‏  Uniquely identified by: Name Attributes  Defined by: Schema  Determines kinds of objects within the Active Directory

Methods of structure Order of the levels Forest – the entire collection of all objects  Contains all trust-linked trees Tree – collection of all domains Domain – collection of most objects  Objects can be contained in Organizational Units(OU's)‏ Can assign Group Policy Objects(GPO's)‏  Flow down to users/groups

Forest Compilation of Trees Contains single Root-Tree  First Domain installed  100% required Sub-Trees must be added to the Root-Tree or no Forest is created

Tree Hierarchal structure of Domains Transitive Trusts  Type of trust that is extended beyond two domains to other trusted domains in the tree Sub-Domains must be added to the Root- Domain or there's no tree

Domain Building block for AD Created by Domain Controllers (DC's)‏ Controller of  System Policies  Administration  Traffic

Schema Definition of all the AD's  Attributes  Syntaxes  Object-type or classes Only one consistent Schema per Forest Can be matched with a Database Schema

Server roles Domain Controller  Flexible single master operation (FSMO)‏ Specialized DC tasks  Primary Domain Controller (PDC)‏  Backup Domain Controller (BDC)‏ Global Catalog Member Server

Domain Controller Requirement for AD Control Schema, Configuration, and Domain partitions  Schema: Defines object classes within Forest  Configuration: Defines physical structure(topology)‏  Domain: Contains objects within the domain All DC's Schema and Configuration partitions within Forest are sync'd Domain partition only sync'd with other DC's within that domain

Organizational Units (OU's)‏ Carry out the structure within the Domain Are not assigned the specific rights Used for administrative reasons Can be nested if needed

Multi-domain forests Knowledge Consistency Checker(KCC)‏  Creation of replication topology Again, DC's only sync with DC's Global catalog (GC) servers  Contained within a DC  Create global listing of all objects within all domains

Global Catalog Server Required for logon Contains copy of all Objects for the entire Forest Answers AD search requests

Uses of AD Update all computers by updating an object within the forest or tree Managing user groups  Grant access to particular users  Deny access (deny always overrides grant)‏

Example of domain users/groups

Resources eric/0,295582,sid68_gci ,00.html