Identify Active Directory functions and Benefits. Identify the major components that make up an Active Directory structure. Identify how DNS relates to Active Directory. Identify Forest and Domain Functional Levels.
A network service that identifies all resources on a network and makes those resources accessible to users and applications. The most common directory service standards are: X.500 Lightweight Directory Access Protocol (LDAP)
Uses a hierarchical approach in which objects are organized in a similar way to the files and folders on a hard drive.
Industry standard. Slim-down version of X.500 modified to run over the TCP/IP network.
A directory service that uses the “tree” concept for managing resources on a Windows network. Stores information about the network resources and services, such as user data, printer, servers, databases, groups, computers, and security policies. Identifies all resources on a network and makes them accessible to users and applications.
Used in: Windows 2000 Windows Server 2003 Windows Server 2008 Subsequent versions of Active Directory have introduced new functionality and security features.
Windows Server 2008 provides two directory services: Active Directory Domain Services (AD DS) Active Directory Lightweight Directory Services (AD LDS)
Provides the full-fledged directory service that is referred to as Active Directory in Windows Server 2008 and previous versions of Windows Server.
Server that stores the Active Directory database and authenticates users with the network during logon. Stores database information in a file called ntds.dit. Active Directory is a multimaster database. Information is automatically replicated between multiple domain controllers.
Centralized resource and security administration. Single logon for access to global resources. Fault tolerance and redundancy. Simplified resource location.
Active Directory provides a single point from which administrators can manage network resources and their associates’ security objects: MMC Consoles found in Administrator Tools: Active Directory Users and Computers Active Directory Sites and Services Active Directory Domains and Trusts ADSI Edit
Active Directory uses a multimaster domain controller design. Changes made on one domain controller are replicated to all other domain controllers in the environment. It is recommended to have two or more domain controllers for each domain.
Introduced with Windows Server A domain controller that contains a copy of the ntds.dit file that cannot be modified and that does not replicate its changes to other domain controllers with Active Directory.
Allows file and print resources to be published within Active Directory. Examples include: Shared folders Printers
Forests – One or more domain trees, with each tree having its own unique name space. Domain trees – One or more domains with contiguous name space. Domains – A logical unit of computers and network resources that defines a security boundary.
Some of these common attributes are as follows: Unique name Globally unique identifier (GUID) Required object attributes Optional object attributes
Defines the objects stored within Active Directory the properties (attributes) associated within each object. User has different properties, which has different properties than a group, which has different properties of a computer.
Example: cn=JSmith, ou=sales, dc=lucernepublishing, dc=com
Provides name resolution for a TPC/IP network. Active Directory requires DNS as the default name resolution method. Example Resource Records (RR): Host (A) – Host name to IP. Pointer (PTR) – IP to Host name. Service (SRV) – Locator service for LDAP/Domain controllers services.
Allows interoperability with prior versions of Microsoft Windows. Higher levels of functional level will not allow older versions of Windows to function but will add additional functionality or features. Raising functional level is a one-way process.
To raise the functional level of a forest, you must be logged on as a member of the Enterprise Admins group. The functional level of a forest can be raised only on a server that holds the Schema Master role.
Active Directory is a database of objects that are used to organize resources according to a logical plan. These objects include containers such as domains and OUs in addition to resources such as users, computers, and printers. The Active Directory schema includes definitions of all objects and attributes within a single forest. Each forest maintains its own Active Directory schema.
Active Directory requires DNS to support SRV records. Microsoft recommends that DNS support dynamic updates.
Domain and forest functional levels are features of Windows Server The levels defined for each of these are based on the type of server operating systems that are required by the Active Directory design. The Windows Server 2003 forest functional level is the highest functional level available and includes support for all Windows Server 2003 features.