CS603 Active Directory February 1, 2001.

Slides:



Advertisements
Similar presentations
Active Directory: Beyond The Basics
Advertisements

Active Directory and Group Policy Blackhat Amsterdam Raymond Forbes.
Windows Server ® 2008 Active Directory ® Domain Services Infrastructure Planning and Design Series Published: February 2008 Updated: July 2009.
Active Directory: Final Solution to Enterprise System Integration
Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.
Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.
Vikram Thakur Introduction to Active Directory Structure.
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Introduction to Active Directory Services Completely integrated with Microsoft Windows 2000 Server Integrates the Internet concept of namespace with the.
Overview of Active Directory Domain Services Lesson 1.
Nassau Community College
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
Directory services Unit objectives
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 7: Active Directory Replication.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
Working with domains and Active Directory
Active Directory Boundaries - Purpose Replication Boundaries Security Boundaries.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Module 7 Active Directory and Account Management.
Session 7 Windows Platform Eng. Dina Alkhoudari. Learning Objectives Active Directory review Managing users and groups Single Master Operations Delegation.
Company Confidential 1 A Course on Global Catalog And Flexible Single Master Operations (Fsmo) Roles Prepared for: *Stars* New Horizons Certified Professional.
 Identify Active Directory functions and Benefits.  Identify the major components that make up an Active Directory structure.  Identify how DNS relates.
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Page 1 Active Directory and DNS Lecture 2 Hassan Shuja 09/14/2004.
Hands-On Microsoft Windows Server 2008 Chapter 4-Part 1 Introduction to Active Directory and Account Manager.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Active Directory Infrastructure Microsoft Windows 2003 Active Directory Infrastructure MCSE Exam
OVERVIEW OF ACTIVE DIRECTORY
Introduction to Active Directory
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Module 1: Introduction to Active Directory
Active Directory CNS 4650 Fall 2004 Rev. 2. Active Directory Introduced with Windows 2000 Server X.500 based Can emulate NT-style network environments.
Logical and Physical Network Design 1. Active Directory Objects Objects Represent Network Resources (Users,Groups,Computers,Printers) Attributes Store.
Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Active Directory.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Global Catalog and Flexible Single Master Operations (FSMO) Roles BAI516.
11 GLOBAL CATALOG AND FLEXIBLE SINGLE MASTER OPERATIONS (FSMO) ROLES Chapter 4.
CEG 2400 Fall 2012 Directory Services Active Directory Tree Domain.
Windows 2003 Architecture, Active Directory & DNS Lecture # 3 Hassan Shuja 02/14/2006.
1 Introduction to Active Directory Directory Services Uniquely identify users and resources on a network Provide a single point of network management.
MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition (70-294) Chapter 1: Overview of the Active.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Overview of Active Directory Domain Services Lesson 1.
Overview of Active Directory Domain Services
Active Directory Fundamentals
Active Directory and Group Policy
Active Directory Administration
(ITI310) SESSIONS 6-7-8: Active Directory.
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Active Directory Stored collection of information about objects
Chapter 4: Planning the Active Directory and Security
Introduction to Active Directory Directory Services
Presentation transcript:

CS603 Active Directory February 1, 2001

What is Active Directory? Microsoft’s Windows 2000 directory server Included in Windows 2000 Server Microsoft finally using Internet standards for network naming DNS for machine naming LDAP (RFC 2251) for accounts/users Also supports legacy Microsoft directories ADSI (COM) Synchronizes with Exchange and other directories

What goes in Active Directory? Objects Object: Anything that gets a name Container objects Leaf objects Key object types: User Principal Name (user@dns_name) Security Account Manager name (compatiblity with NT) Object publishing Shared folders Printers RPC, Winsock, DCOM

Active Directory Schema Schema: Object that describes object classes, attributes Attributes Defined globally Can be indexed (independent of object class) Object classes – allowable collections of attributes Default schema Cannot delete from default Can mark items as deactivated Can be extended – but not reversible

Object Naming Conventions Names unique in a domain LDAP Distinguished name disambiguates across domains Also Security ID, GUID, Active Directory Canonical name GUID is permanent, others change if object moved between domains GUID is “real object identifier” – globally unique Security Principal: User, computer, or group Security ID: Used internally Access Control Entry (read ACL) lists SIDs (not names) allowed to access object Doesn’t support full LDAP naming convention Cn=common name, ou=organizational unit, dc=domain component Ldap: cn, ou, o=organization, c=country

ActiveDirectory and DNS Same Name for same machine Different namespaces Follow same hierarchical structure Active Directory requires DNS Needed to locate Active Directory server Uses Service Location Resource records DNS can store information in Active Directory

Hierarchical Directory Structure Domain: Individually managed subset of name space Single controller supports one domain Replication done at entire domain level – multimaster replication Namespace can have multiple domains – forest Why forest and not tree? Root tied to DNS name! Global catalog for entire forest – used for logon requests Security policies/settings don’t cross domains Can only build down in hierarchy

Trust Relationships What does trust mean? Trust relationships Authentication: Single system logon Doesn’t imply permissions in multiple domains Share common configuration information. Share a common schema. Share a common global catalog. Trust relationships Parent/child trust each other Roots of trees in forest trust each other Trust is transitive “Shortcut” trust relationships to save transitive search Can trust external methods

Domain Controller Roles (Beyond directory service) Forest-wide roles Schema master Domain naming master Domain-wide roles Relative ID master Assigns Unique Security ID (SID) to each object Primary Domain Controller Emulator Emulates WindowsNT domain controller Infrastructure master Handles replication across domains

Other Hierarchies: Organizational Units Use to delegate authority Can have administrative authority only over OU Subset of domains

Replication Global Catalog contains subset of domain attributes Allows logon, lookup without going to source domain Replicated at multiple sites Methods: IP SMTP Determining latest update: Universal Sequence Number Timestamp if USNs same Replication path may have loops Don’t propagate already propagated updates

Sites Idea: Highly Connected Machines Independent of Domains Clients can request service from a domain controller in the same site (if one exists). Active Directory tries to minimize replication latency for intra-site replication. Active Directory tries to minimize bandwidth consumption for inter-site replication. Sites let you schedule inter-site replication. Independent of Domains Can delegate authority over site

Microsoft Metadirectory Services (MMS) Goal: Single directory for multiple applications Brokers to provide directory information to multiple vendors Acquired from Zoomit corporation Uses Active Directory Also moving to use Active Directory instead of internal solutions in other Microsoft products (e.g., Exchange Server)