1. Active Directories: Purpose and Structure Chrystom Ciganko IFMG352 Final Presentation

2. What is Active Directory? Directory service used to store information about objects within a domain, to organize these objects, and to centralize a network

3. Goals of AD High Scalability Compatibility with older NOS's Administration is simplified

4. DNS Absolutely vital for AD  Must be correctly configured or AD will not work AD's locating server All servers must be registered in the DNS Points the user (unaware) to the proper authentication server for login

5. Standards used by AD Kerberos for authentication X.500 for structure X.509 for cert-based authentication DNS for ease of machine communication LDAP for authorization

6. Active Directory structure Hierarchical framework of objects Objects: Resources(printers)‏ Services(Email)‏ Users(accounts and groups)‏  Uniquely identified by: Name Attributes  Defined by: Schema  Determines kinds of objects within the Active Directory

7. Methods of structure Order of the levels Forest – the entire collection of all objects  Contains all trust-linked trees Tree – collection of all domains Domain – collection of most objects  Objects can be contained in Organizational Units(OU's)‏ Can assign Group Policy Objects(GPO's)‏  Flow down to users/groups

8. Forest Compilation of Trees Contains single Root-Tree  First Domain installed  100% required Sub-Trees must be added to the Root-Tree or no Forest is created

9. Tree Hierarchal structure of Domains Transitive Trusts  Type of trust that is extended beyond two domains to other trusted domains in the tree Sub-Domains must be added to the Root- Domain or there's no tree

10. Domain Building block for AD Created by Domain Controllers (DC's)‏ Controller of  System Policies  Administration  Traffic

11. Schema Definition of all the AD's  Attributes  Syntaxes  Object-type or classes Only one consistent Schema per Forest Can be matched with a Database Schema

12. Server roles Domain Controller  Flexible single master operation (FSMO)‏ Specialized DC tasks  Primary Domain Controller (PDC)‏  Backup Domain Controller (BDC)‏ Global Catalog Member Server

13. Domain Controller Requirement for AD Control Schema, Configuration, and Domain partitions  Schema: Defines object classes within Forest  Configuration: Defines physical structure(topology)‏  Domain: Contains objects within the domain All DC's Schema and Configuration partitions within Forest are sync'd Domain partition only sync'd with other DC's within that domain

14. Organizational Units (OU's)‏ Carry out the structure within the Domain Are not assigned the specific rights Used for administrative reasons Can be nested if needed

15. Multi-domain forests Knowledge Consistency Checker(KCC)‏  Creation of replication topology Again, DC's only sync with DC's Global catalog (GC) servers  Contained within a DC  Create global listing of all objects within all domains

16. Global Catalog Server Required for logon Contains copy of all Objects for the entire Forest Answers AD search requests

17. Uses of AD Update all computers by updating an object within the forest or tree Managing user groups  Grant access to particular users  Deny access (deny always overrides grant)‏

19. Example of domain users/groups

20. Resources http://en.wikipedia.org/wiki/Active_Directory http://www.tech-faq.com/active-directory.shtml http://searchwindowsserver.techtarget.com/gen eric/0,295582,sid68_gci1050336,00.html http://en.wikipedia.org/wiki/FSMO