MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

Slides:



Advertisements
Similar presentations
Auditing Microsoft Active Directory
Advertisements

COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.
By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
MOAC : Installing and Configuring Windows Server 2012
Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.
Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Administering Active Directory
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server 2008
Overview of Active Directory Domain Services Lesson 1.
Overview of Active Directory Domain Services Lesson 1.
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
Windows Server 2008 Chapter 4 Last Update
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
Working with domains and Active Directory
Section 3: Designing a Group Policy Infrastructure Overview of Active Directory Introducing the Design Stages for Implementing Group Policy Planning Your.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Maintaining Active Directory Domain Services
Active Directory Administration Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Creating Users, Computers, and Groups Automate creation.
Module 7 Active Directory and Account Management.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.
Active Directory Maryam Izadi. Topics Covered NT Vs 2000/2003 Active Directory LDAP MMC.
 Identify Active Directory functions and Benefits.  Identify the major components that make up an Active Directory structure.  Identify how DNS relates.
Page 1 Active Directory and DNS Lecture 2 Hassan Shuja 09/14/2004.
Section 4: Understanding the Architecture of Group Policy Processing Group Policy Components in AD DS Understanding the Group Policy Processing Sequence.
By Rashid Khan Lesson 6-Building a Directory Service.
Hands-On Microsoft Windows Server 2008 Chapter 4-Part 1 Introduction to Active Directory and Account Manager.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
OVERVIEW OF ACTIVE DIRECTORY
Introduction to Active Directory
Module 8: Planning for Windows Server 2008 Active Directory Services.
CEG 2400 Fall 2012 Directory Services Active Directory Tree Domain.
Windows 2003 Architecture, Active Directory & DNS Lecture # 3 Hassan Shuja 02/14/2006.
MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition (70-294) Chapter 1: Overview of the Active.
Planning an Active Directory Deployment Lesson 1.
Overview of Active Directory Domain Services Lesson 1.
1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.
Overview of Active Directory Domain Services
Implementing Active Directory Domain Services
Overview of Active Directory Domain Services
(ITI310) SESSIONS 6-7-8: Active Directory.
Active Directory Administration
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Presentation transcript:

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory

MCTS Windows Server 2008 Active Directory2 Objectives 2 Describe the role of a directory service and the physical and logical Active Directory structure Install Active Directory Describe the main Active Directory objects Explain configuring and applying group policies

MCTS Windows Server 2008 Active Directory3 The Role of a Directory Service A network directory service stores information about a computer network and offers features for retrieving and managing that information. Generally considered to be an administrative tool, but users make use of directory services to find resources Directory services provide a centralized management tool, but due to complexity, requires careful planning prior to setup

MCTS Windows Server 2008 Active Directory4 Windows Active Directory First used by Windows 2000 Server Offers the following features: –Hierarchical organization –Centralized but distributed database –Scalability –Security –Flexibility –Policy-based administration

MCTS Windows Server 2008 Active Directory5 Overview of the Active Directory Structure Physical structure –Consists of sites and servers configured as domain controllers Logical structure –Makes it possible to pattern the directory service’s look and feel after the organization in which it runs

MCTS Windows Server 2008 Active Directory6 Active Directory’s Physical Structure An Active Directory site is simply a physical location in which domain controllers communicate and replicate information regularly Each domain controller contains a full replica of the objects that make up the domain and is responsible for the following functions: –Storing a copy of the domain data and replicating changes to that data to all other domain controllers throughout the domain –Providing data search and retrieval functions for users attempting to locate objects in the directory –Providing authentication and authorization services for users who log on to the domain and attempt to access network resources

MCTS Windows Server 2008 Active Directory7 Active Directory’s Logical Structure Organizational Units (OUs) Domains Trees Forests

MCTS Windows Server 2008 Active Directory8 Active Directory’s Logical Structure (cont.) The Organizational Unit (OU) is an Active Directory container used to organize a network’s users and resources into logical administrative units An OU contains Active Directory objects, such as: –User accounts –Groups –Computer accounts –Printers –Shared folders –Applications –Servers –Domain controllers

MCTS Windows Server 2008 Active Directory9 Active Directory’s Logical Structure (cont.)

MCTS Windows Server 2008 Active Directory10 Active Directory’s Logical Structure (cont.) Domain: The core structural unit of an Active Directory; contains OUs and represents administrative, security, and policy boundaries Small to medium companies usually have one domain; larger companies may have several domains to separate geographical regions or administrative responsibilities

MCTS Windows Server 2008 Active Directory11 Active Directory’s Logical Structure (cont.)

MCTS Windows Server 2008 Active Directory12 Active Directory’s Logical Structure (cont.) A tree is a grouping of domains that share a common naming structure Can consist of a parent domain and possibly one or more child domains Child domains can also have child domains

MCTS Windows Server 2008 Active Directory13 Active Directory’s Logical Structure (cont.)

MCTS Windows Server 2008 Active Directory14 Active Directory’s Logical Structure (cont.) Forest: A collection of one or more Active Directory trees. A forest can consist of a single tree with a single domain, or it can contain several trees, each with a hierarchy of parent and child domains Main purpose is to provide a common Active Directory environment, in which all domains in all trees can communicate and share information, while simultaneously allowing independent operation and administration

MCTS Windows Server 2008 Active Directory15 Active Directory’s Logical Structure (cont.)

MCTS Windows Server 2008 Active Directory16 Installing Active Directory To install AD DS on a full Windows Server 2008 installation, use Server Manager If DNS is not already present on the network, you must install the DNS Server Role. Once the Server Manager wizard for installing Active Directory finishes, you must run dcpromo.exe

MCTS Windows Server 2008 Active Directory17 Installing Active Directory (cont.) Dcpromo.exe steps to install: –Step 1: Existing domain or new domain –Step 2: Fully qualified domain name (FQDN) for new forest root domain –Step 3: Choose forest functional level The functional level is critical to the feature set available to administrators after install, as well as the software requirements for any other DCs –If you want backwards compatibility with older domain controllers on the network, choose Windows 2000 functional level –If you choose Windows Server 2008 functional level, you can’t run Windows Server 2003 or Windows 2000 domain controllers (but they can run as member servers)

MCTS Windows Server 2008 Active Directory18 Installing Active Directory (cont.) After step 3, you have three additional options for the DC: Install DNS Server –Recommended for the first domain controller in a new domain Global Catalog –Selected by default (and can not be disabled) if the server is to be the first DC in a forest Read-only Domain Controller (RODC) –Not selected by default, and disabled for the first DC in the domain

MCTS Windows Server 2008 Active Directory19 Installing Active Directory (cont.) The sysvol folder is a shared folder that stores the information from Active Directory that’s replicated to other domain controllers Directory Services Restore Mode is used to perform restore operations on Active Directory if it becomes corrupted or parts of it are deleted accidentally.

MCTS Windows Server 2008 Active Directory20 The Active Directory Schema An object is a grouping of information that describes a network resource The schema defines the type, organization, and structure of data stored in the AD database Schema classes define the types of objects that can be stored in Active Directory Schema attributes define what type of information is stored in each object The information stored in each attribute is called the attribute value

MCTS Windows Server 2008 Active Directory21 The Active Directory Schema (cont.)

MCTS Windows Server 2008 Active Directory22 Active Directory Container Objects Organizational Units Folder Objects Domain objects

MCTS Windows Server 2008 Active Directory23 Organizational Units Primary container object for organizing and managing resources in a domain OUs can organize multiple objects into one administrative group that can be configured with specific policies relevant to that group Authority of an OU can be delegated Nesting OUs can build a hierarchical Active Directory structure that mimics the corporate structure for easier object management

MCTS Windows Server 2008 Active Directory24 Folder Objects Four created by default: –Builtin; Houses default groups created by Windows –Computers; The default location for computer accounts created when a new computer or server becomes a domain member –ForeignSecurityPrincipals; Initially empty but later contains user accounts from other domains added as members of the local domain’s groups –Users; Stores two default users (Administrator and Guest) and several default groups New folder objects cannot be created Administrative control can be delegated (except on builtin folder)

MCTS Windows Server 2008 Active Directory25 Domain Objects Core logical structure in AD, contains OU and folder container objects, as well as leaf objects Larger companies may use multiple domains to separate administration, define security boundaries, and define policy boundaries Each domain object has a default GPO linked to it that can affect all objects in the domain

MCTS Windows Server 2008 Active Directory26 Active Directory Leaf Objects User Accounts –Three types: Local, domain, and built-in Groups –Consists of users with common permissions Computer Accounts –Represents a computer that is a domain controller or domain member Other Leaf Objects: –Contact –Printer –Shared folder

MCTS Windows Server 2008 Active Directory27 Locating Active Directory Objects Active Directory objects can be searched for using the Find Users, Contacts, and Groups dialog box Can search a single domain or an entire directory (all domains) Not all objects are available to all users

MCTS Windows Server 2008 Active Directory28 Introducing Group Policies A Group Policy Object (GPO) is a list of settings that administrators use to configure user and computer operating environments remotely. Installing Active Directory creates two GPO’s by default: –Default Domain Policy –Default Domain Controllers Policy

MCTS Windows Server 2008 Active Directory29 Introducing Group Policies (cont.) You can edit existing GPO’s (including defaults) and create and manage GPO’s by using the Group Policy Management MMC Two nodes for every GPO: –Computer Configuration; Used to set policies that apply to computers within the GPO’s scope –User Configuration; Used to set policies that apply to all users within the GPO’s scope

MCTS Windows Server 2008 Active Directory30 Introducing Group Policies (cont.)

MCTS Windows Server 2008 Active Directory31 The Computer Configuration Node Software Settings –Enables Administrators to install and manage applications remotely Windows Settings –Contains Scripts extension, Security Settings node, and the Policy-based QoS node Administrative Templates –Contains the Control Panel, Network, Printers, System, and Windows Components folders.

MCTS Windows Server 2008 Active Directory32 Introducing Group Policies (cont.)

MCTS Windows Server 2008 Active Directory33 Introducing Group Policies (cont.)

MCTS Windows Server 2008 Active Directory34 Introducing Group Policies (cont.)

MCTS Windows Server 2008 Active Directory35 The User Configuration Node Policies folder contains the same three folders as in the Computer Configuration node, but policies defined here affect domain users within the GPO’s scope, regardless of which computer the user logs on to. Software Settings –Can assign or publish application packages Windows Settings – Contains six items –Remote Installation Services –Scripts extension –Security Settings node –Folder Redirection node –Policy based QoS node –Internet Explorer Maintenance node Administrative templates

MCTS Windows Server 2008 Active Directory36 How Group Policies Are Applied GPO’s can be applied in four places: –Local Computer –Site –Domain –Organizational Unit Policies are applied in the above order –Policies that are not defined or configured are not applied at all –Last policy to be defined takes precedence; If a policy is defined at the domain level and OU level, then the OU level’s setting is the one applied

MCTS Windows Server 2008 Active Directory37 Chapter Summary A directory service is a database that stores network resource information and can be used to manage users, computers, and resources throughout the network. Active Directory is a hierarchical, distributed database that’s scalable, secure, and flexible. Active Directory’s physical structure is composed of sites and domain controllers, and the logical structure is composed of organizational units, domains, trees, and forests.

MCTS Windows Server 2008 Active Directory38 Chapter Summary (cont.) Server manager installs the Active Directory Domain Services role. Once Server Manager is finished, dcpromo.exe is used to finish installation. The data in Active Directory is organized as objects. Available objects and their structure are defined by the Active Directory schema, which is composed of schema classes and schema attributes. The data in a schema attribute is called an attribute value

MCTS Windows Server 2008 Active Directory39 Chapter Summary (cont.) Two types of objects in AD: Container objects and leaf objects Leaf objects generally represent security accounts, network resources, and GPOs Active Directory objects can be located easily with search functions in Active Directory Users and Computers and Windows Explorer GPOs are lists of settings that enable administrators to configure user and computer operating environments remotely

MCTS Windows Server 2008 Active Directory40 Chapter Summary (cont.) Policies defined in the Computer Configuration node affect all computers in the Active Directory container to which the GPO is linked. Policies defined in the User Configuration node affect all users in the Active Directory container to which the GPO is linked.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.