Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Active Directory Domain Services

Published byCassandra Allen Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction to Active Directory Domain Services"— Presentation transcript:

1 Introduction to Active Directory Domain Services
Presentation: 75 minutes Lab: 50 minutes After completing this module, students should be able to: Describe the structure of Active Directory® Domain Services (AD DS). Describe the purpose of domain controllers. Install a domain controller. Required Materials To teach this module, you need the Microsoft® Office PowerPoint® file 20410D_02.pptx. Important: We recommend that you use Office PowerPoint 2007 or a newer version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides might not be displayed correctly. Preparation Tasks To prepare for this module: Read all of the materials for this module. Practice performing the demonstrations and the lab exercises. Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on‑the‑job performance. Unit 02 Introduction to Active Directory Domain Services

2 Lesson 1: Overview of AD DS
2: Introduction to Active Directory Domain Services Lesson 1: Overview of AD DS What is Directory What is Directory Service Microsoft Active Directory Core Services Centralized management Component of Active Directory Logical Physical Do not spend too much time on each topic. Remember that this is a class on Windows Server® 2012, and not a class on AD DS.

3 What is Directory Collection of information
A directory is, at its most fundamental level, a collection of information. Directory services are often compared to a phone book. A phone book is a collection of data organized by last name, first name, phone number, city, and state. Because the information is organized in a particular way, you can quickly find a particular person and get his or her telephone number.. Directories, of course, are nothing new—they have been used for about as long as books have been available; but in terms of networking, directories are still on the cutting edge of networking technology. Collection of information You can also compare Directory with Phonebook

4 What is Directory Services
Active Directory is not the first Directory Service NDS from Novell was present before release of AD Active Directory was introduced with Windows Server 2000 The goal of directory services is to bring order to both big and small networks With a directory, users can perform search queries Also user can find network information quickly and easily The Active Directory is not the first directory service to hit the market. In fact, directory services have been around for some time now. However, the release of Windows 2000 and the Active Directory from Microsoft and the existence of NDS from Novell solidify the idea that networks should be directory based. In most major networks today, every user has a computer, public and personal data, and many kinds of different computing needs. Because of sheer numbers, networks today can easily get out hand—too many servers, too many resources, too much mass confusion. In fact, finding needed information on the network can be a serious time-loss issue and a common complaint among users. Directory services provide a streamlined approach to network and resource discovery

5 Microsoft Active Directory
Active Directory is Microsoft’s implementation of directory services It is based on standards like LDAP and X.500 (the schema is based on X.500). Active Directory provides integration to Windows Domain It also provides integration with DNS (Domain Name Service) Security, Authentication and access control are major features of Microsoft AD It is based on various standards, most importantly LDAP and X.500 (the schema is based on X.500) With LDAP, AD also has additional features like close integration with Windows domain, which forces the choice of Active Directory for Centralized management. The integration of DNS to Windows domains is a feature that makes the design and implementation of Active Directory both complicated and invasive to the existing infrastructure. Importantly, A Windows domain must be named identically to its DNS domain. The same DNS name is used for both the IP address resolution and the Active domain name.

6 Core Services Directory services.
Active Directory stores user, group, computer, and much other information about a network. Security services. Active Directory enables clients to retrieve information from its data store in order to provide services such as authentication and authorization.

7 Centralized Management
Using this figure we can discuss some of the ways in which Active Directory plays a central role for a network environment

8 Components of Active Directory
2: Introduction to Active Directory Domain Services Components of Active Directory AD DS is composed of both logical and physical components Logical components Partitions Schema Domains Domain trees Forests Sites OUs Containers Partition -(Configuration, Schema and Domain)– It is a portion of the directory namespace. Each directory partition contains a hierarchy (subtree) of directory objects in the directory tree. The same directory partition can be stored as copies (replicas) on many domain controllers, and the copies are updated through directory replication. Schema - It defines all the objects and attributes that the directory service uses to store data.  Domain - A domain is still a boundary for security and also a boundary for replication. Domains in the same forest automatically have trust relationships configured. Domain Tree – A tree is a collection of Active Directory domains that share a contiguous namespace. In this configuration, domains fall into a parent-child relationship, which the child domain taking on the name of the parent. Forest – A forest is the largest unit in Active Directory and is a collection of trees that share a common Schema. Sites - The sites container is the topmost object in the hierarchy of objects that are used to manage and implement Active Directory replication. Some of the objects located in the sites container include NTDS Site Settings objects, subnet objects, connection objects, server objects, and site objects OUs- These are the container objects, used to arrange other objects (User, Group, Computer) in a manner that supports your administrative purposes. So that you can easily locate and manage them Containers – Similar to OUs but containers are installed by default, they have a object type as container. You can not create or delete them even you can not map group policy on them.

9 Components of Active Directory
Physical components Domain controllers Data stores Global catalog servers RODCs Domain Controllers - The server that hosts AD DS. Used to manage domains, any change made on this server to any objects is copied to other domain controllers (replication). Data Stores - The Active Directory data store consists of several components that together provide directory services to directory clients and to other directory servers. These components include three service components, four interfaces (LDAP, REPL,MAPI,SAM), and the directory database (NTDS) where data is actually stored. Global catalog - The first domain controller installed in a Windows forest is an Active Directory global catalog, and each multi-domain forest must have at least one global catalog. The global catalog contains a replica of every object in Active Directory but only a small number of each object's attributes RODC- An RODC makes it possible for organizations to easily deploy a domain controller in scenarios where physical security cannot be guaranteed, such as branch office locations, or in scenarios where local storage of all domain passwords is considered a primary threat, such as in an extranet or in an application-facing role.

10 Lesson 2 : Revisiting the concept
Domain Explained OUs and Containers Forest and Domains ADDS Schema Authentication and Authorization

11 Domains Explained AD DS requires one or more domain controllers
2: Introduction to Active Directory Domain Services Domains Explained AD DS requires one or more domain controllers All domain controllers hold a copy of the domain database, which is continually synchronized The domain is the context within which user accounts, computer accounts, and groups are created Explain that a multimaster replication model means that every domain controller can make changes to most directory objects. Emphasize that the AD DS domain provides structure for managing users and computers. AD DS Computers Users Groups

12 The domain is a replication boundary
The domain is an administrative center for configuring and managing objects Any domain controller can authenticate any sign-in anywhere in the domain The domain provides authorization AD DS Computers Users Groups

13 20410D 2: Introduction to Active Directory Domain Services OUs and containers Containers that can be used to group objects within a domain Create OUs to: Configure objects by assigning GPOs Delegate administrative permissions Clearly establish for students the difference between OUs and containers: explain that containers are not OUs. Although containers can hold objects, they cannot have Group Policy Objects (GPOs) linked to them. Therefore, if you want to assign a GPO to an object, other than Domain level GPOs, it must be in an OU. Be sure to point out the visual difference between an OU and a container: OUs are represented by a folder with a book on it, and containers are represented by a blank folder. Explain to students that objects become orphaned most likely when an administrator on one domain controller deletes a container object, typically an OU, and an administrator on a different domain controller creates a child object, such as a user, in that container before the deletion has been replicated. Remind students that the OU structure usually does not match the organizational chart, but is designed to support the delegation of administration, and should be a framework to support GPO linking. In a large organization, one with 50,000 users and computers, for example, it is much more manageable to divide those objects into OUs instead of trying to manage them in one very large unit. Discuss some of the criteria that might drive the OU structure design, such as geographical location, department, object type, and cost center. OUs are represented by a folder with a book on it Containers are represented by a blank folder

14 Forest and domain Forest root Tree root domain adatum.com fabrikam.com
2: Introduction to Active Directory Domain Services Forest and domain Tree root domain fabrikam.com atl.adatum.com Child domain adatum.com Forest root Use this slide to explain the relationships among the forest root domain, a child domain, and another tree. Emphasize that there is no administrative difference between the child domain and another tree, apart from the names.

15 20410D 2: Introduction to Active Directory Domain Services AD DS Schema The schema defines the objects that can be stored in AD DS Reinforce the concept that the schema defines the rules and syntax of the AD DS database, and provides the blueprint for the objects within it. Optionally, you can demonstrate the Active Directory Schema snap-in to show how the objects are defined from attributes. You also can show the hierarchy of objects and the inherited attributes. For example, the parent object for User is Organizational Person, the parent object for Organizational Person is Person, and the parent object for Person is an object called Top. Point out that attributes are defined at each level in the hierarchy. This means that the User object contains all of the attributes that are defined on the User class, and all of the attributes defined farther up the objects hierarchy (Organizational Person, Person, Top).

16 Authentication and Authorization
Authentication and authorization—both integral components of identity and access management Authentication. Verifying that a user, computer, or service (such as an application provided on a network server) is the entity that it claims to be. Authorization. Determining which actions an authenticated principal is authorized to perform on the network. Authentication - Authentication is an important part of identity management. Users, computers, and services that can be authenticated when they log on to a network or, after logon, when they authenticate to a network service, are known collectively as principals, security principals, or digital identities. Authorization – In AD the tasks required to control authorization are also referred to as access management. Data about principals that specifies which network objects a principal is authorized to access and what level of access is allowed is kept in a repository called an authorization store. the relationship between authentication and authorization might be summarized as  "Now that I know who you are, here's what you can do." 

17 Authentication The authentication process is done using Kerberos protocol. Kerberos protocol consists of three key components: KDC - part of the domain controller and it performs two service functions: the Authentication Service (AS) and the Ticket-Granting Service (TGS). The KDC is installed as part of the domain controller and it performs two service functions: the Authentication Service (AS) and the Ticket-Granting Service (TGS). The Authentication Service issues the Ticket Granting Ticket (TGT) after confirming the identity of the user. This ticket is in turn used to obtain the service ticket for the target server. Using the service ticket granted, the user can access the resources on the server. The process is shown in figure Client - The machine trying to access the resource from target server Target server – Server hosting services

18 Authorization Each object has access control list associated with it, which are as below DACL- The Discretionary Access Control List (DACL) specifies a list of user accounts, groups that are allowed or denied access to a particular object. SACL- The System Access Control List (SACL) defines operations such as read, write or delete that should be audited for a user or group. Active Directory user authorization secures resources from unauthorized access. After user authentication process, the type of access actually granted is determined by what user rights are assigned to the user and what permissions are attached to the objects the user wishes to access. Each object has Access Control Lists associated with it. Each time a user logs on, an access token is created for the user. The access token consists of Individual SID, Group SID and User rights. When a user requests for an access to a particular object, the individual SID and group SID in the access token is compared against the DACL entries to see if the user is explicitly denied access. Then it checks if the requested access can be specifically permitted. These steps are repeated until a No access is encountered or sufficient information is collected to grant access to the resource. Each list is made up of Access control entries that list the permissions allowed or denied for a user or a group

19 What Is New in Directory 2012?
2: Introduction to Active Directory Domain Services What Is New in Directory 2012? Virtualization that just works Rapid deployment with cloning Safer virtualization of domain controllers Simplified deployment and upgrade preparation Simplified management Dynamic Access Control DirectAccess Offline Domain Join Active Directory Federation Services (AD FS) Windows PowerShell History Viewer Active Directory Recycle Bin User Interface Fine-Grained Password Policy User Interface Active Directory Replication and Topology Windows PowerShell cmdlets Active Directory Based Activation (AD BA) Briefly review the points on the slide.

20 Improvements for using consumer devices
2: Introduction to Active Directory Domain Services Improvements for using consumer devices in the enterprise: Workplace Join Allows consumer devices to participate in the domain Web Application Proxy Allows applications to be published to the Internet Multi-Factor Authentication Allows you to specify the use of multiple factors for authentication Multi-Factor Access Control Allows claims using different factors Workplace Join By using Workplace Join, information workers can join their personal devices with their company's workplace computers to access company resources and services. When you join your personal device to your workplace, it becomes a known device and provides seamless second factor authentication and Single Sign-On to workplace resources and applications. Web Application Proxy provides reverse proxy functionality for web applications inside your corporate network to allow users on any device to access your web applications from outside the corporate network. Web Application Proxy pre-authenticates access to web applications by using Active Directory Federation Services (AD FS), and also functions as an AD FS proxy. Multi-factor authentication (MFA) is an AD FS enhancement that allows you to require one or more authentication methods on a workplace-joined device. Using the Azure MFA option (a subscription fee applies) turns this feature into a true hybrid service, communicating between on-premises and Azure and providing text or voice calls to a mobile device, or a one-time password app on that device.  Multi-factor access control (MFAC for simplicity) is an AD FS enhancement that allows you to choose from a wide range of conditions under which a user can access an AD FS-secured corporate resource - not just a user's group membership. By using claims instead of only security groups, you can control resource access based on a wide range of conditions such as user name, authentication time stamp, network location, or even the number of days before the user's password expires; there are 62 claim types to choose from.

21 Overview of Domain Controllers
2: Introduction to Active Directory Domain Services Overview of Domain Controllers What Are Operations Masters? Provide a brief overview of the lesson contents.

22 Introduction to Domain Controller
2: Introduction to Active Directory Domain Services Introduction to Domain Controller Domain controllers Servers that host the AD DS database (Ntds.dit) and SYSVOL Kerberos authentication service and KDC services perform authentication Best practices: Availability: At least two domain controllers in a domain Security: RODC and BitLocker Emphasize that the database and services are stored on servers called domain controllers. Domain controllers—servers that perform the AD DS role—host the Active Directory database, SYSVOL, the Kerberos authentication service, and other Active Directory services. For redundancy purposes, it is best to have at least two available domain controllers. Highlight that all domain controllers in a domain essentially are equal. Each domain controller contains a copy of the directory store, and updates can be made to the AD DS data on all domain controllers except for RODCs. Emphasize the importance of having multiple domain controllers in each domain. This provides load balancing, but more importantly, it also provides recoverability if a server failure occurs. Mention that all domain controllers engage in authentication and authorization, therefore the system has redundancy, with fewer fail points. This topic does not provide much information about best practices. If students are interested, you can go into more detail about installing domain controllers in remote sites to protect against an unavailable wide area network (WAN) connection. You also can talk about increasing the number of domain controllers to account for redundancy and performance.

23 What Is the Global Catalog?
20410D 2: Introduction to Active Directory Domain Services What Is the Global Catalog? Domain A Configuration Schema The global catalog: Hosts a partial attribute set for other domains in the forest Supports queries for objects throughout the forest Describe the role of the global catalog server when searching for objects across domains in a forest. Define a global catalog as a domain controller that replicates the partial attribute set for each domain in the forest. The domain controller does not need the partial attribute set for its own domain because it already has the full copy of the domain database, and needs only the changes made to other domains. That is why, in a single-domain environment, making every domain controller a global catalog server adds no significant replication. Question Should a domain controller be a global catalog? Answer Global catalog placement affects how long a user’s sign-in takes. Therefore, global catalog placement must be planned carefully. In a single-domain environment, every domain controller should host the global catalog because every domain controller already holds a complete copy of the domain. In a multi‑domain scenario, you need to consider user sign-in times, program dependencies, global catalog high availability, and replication traffic when planning global catalog placement. Schema Configuration Domain A Domain B Domain B Configuration Schema Global catalog server Domain B Configuration Schema AD DS

24 Viewing the SRV Records in DNS
2: Introduction to Active Directory Domain Services Viewing the SRV Records in DNS Open DNS Manger from Administrative Tools, and locate below path. Let’s discuss SRV records Demonstrate the SRV records in DNS briefly, or as appropriate for the level of student experience or interest. After showing the sub‑domains that start with an underscore, explain that domain controllers register several SRV records so that you can search them in multiple ways. Look for an SRV record in _tcp.Default‑First‑Site‑Name._sites.adatum.com that is offering the Kerberos authentication service. Examine the record, and show that server LON‑DC1.adatum.com is offering the Kerberos authentication service over TCP port 88, and that the server is answering for the site Default‑First‑Site‑Name. This is the preferred domain controller to connect to because the domain controller is in the same AD DS site as the client computer. Point out that, because domain controllers register SRV records in many different ways, you can find an alternative if the preferred domain controller is not available. Alternatively, you could go to C:\windows\system32\config, open netlogon.dns with Notepad, and show all of the SRV records that each domain controller will register in DNS. Note that SRV records are registered in DNS by the Net Logon service that is running on each domain controller. If the SRV records are not entered in DNS correctly, you can trigger the domain controller to reregister those records by restarting the Net Logon service on that domain controller. This reregisters only the SRV records. If you want to reregister the host record information in DNS, you must run ipconfig /registerdns from the command prompt, just as you would for any other computer. Preparation Steps Start the 20410D‑LON‑DC1 virtual machine. Demonstration Steps View the SRV records by using DNS Manager On LON‑DC1, sign in with the user account Adatum\Administrator and the password Pa$$w0rd. In Server Manager, click the Tools menu. (More notes on the next slide)

25 What Are Operations Masters?
20410D 2: Introduction to Active Directory Domain Services What Are Operations Masters? In the multi-master replication model, some operations must be single master Many terms are used for single master operations in AD DS, including: Operations master (or operations master roles) Single master roles Flexible single master operations (FSMOs) Discuss each operations master role in as much depth as you think is appropriate for students. Be sure to point out that most master roles are so specific that the master could be offline for a while without causing any problems. For example, you do not need the schema master until you make changes to the schema, and you do not need the domain naming master until you add or remove a domain in the forest. Point out that other domain services may be slow or disrupted if a domain controller is offline and not available. Be sure to point out that these roles all run on a domain controller, so the loss of a domain controller could cause serious problems. Domain operations master roles are needed on a more regular basis than those in the forest root domain, particularly the primary domain controller (PDC) emulator. The RID master provides a pool of RIDs to each domain controller. If this master is not available, eventually a domain controller will attempt to create an account and will be unable to do so. Describe the three PDC functions to the level of detail that is provided in the student handbook. Enforce that if the PDC emulator master is not available or is slow to respond, you are more likely to have issues in the domain. You can find which domain controllers are operations master holders by using the following command: netdom query fsmo Review the following article, "Operations master roles," to prepare for this topic: The five FSMOs are: Forest: Domain naming master Schema master Domain: RID master Infrastructure master PDC Emulator master

26 Installing a Domain Controller
2: Introduction to Active Directory Domain Services Installing a Domain Controller Deploying Domain Controllers in Windows Azure Depending on students’ experience with AD DS, you might have to explain in more detail the implications of starting the Active Directory Domain Services Installation Wizard from Server Manager and not by using the dcpromo tool. You used to be able to start the Active Directory Installation Wizard by using dcpromo, but in Windows Server 2012 this tool is used only for an unattended installation while IT departments migrate their processes to Windows PowerShell®. Mention to students that you can promote a server to be a domain controller remotely by using Server Manager running on Windows Server 2012.

27 Installing from Server Manager
20410D Installing from Server Manager 2: Introduction to Active Directory Domain Services Deployment Configuration section of the Active Directory Domain Services Configuration Wizard Follow the lab manual to Install a new domain controller. Document name Install a New Windows Server 2012 Active Directory Forest.docx Use Server Manager to describe the initial process of installing an AD DS domain controller. Explain that the Active Directory Domain Services Installation Wizard has been depreciated. However, you still can run the command, dcpromo, with an answer file and that this functionality was retained to allow companies that use automation to convert to Windows PowerShell deployments. Explain that the initial pass installs the files for AD DS, and then you can continue to configure the AD DS installation.

28 Installing on a Server Core
20410D 2: Introduction to Active Directory Domain Services Installing on a Server Core Installing AD DS is a two-step process regardless of which installation method you use Method 1, use Server Manager on a Windows 2012 server with a GUI interface to connect to the system Install the files by installing the Active Directory Domain Services role Install the domain controller role by running the Active Directory Domain Services Configuration Wizard Method 2, Use Windows PowerShell locally, or remotely using WinRM Install the files by running the command Install-WindowsFeature AD-Domain-Services Install the domain controller role by running the command Install-ADDSDomainController Explain the supported methods for installing the domain controller role on Windows Server 2012 servers remotely. Refer to the links on the following web page to prepare for this topic: AD DS Deployment Cmdlets in Windows PowerShell, at

29 Upgrading a Domain Controller
2: Introduction to Active Directory Domain Services Upgrading a Domain Controller Options to upgrade AD DS to Windows Server 2012: In-place upgrade from Windows Server 2008 to Windows Server 2012 Benefit: Except for the prerequisite checks, all the files and programs stay in place and there is no additional work required Risk: May leave legacy files and DLLs Introduce a new Windows Server 2012 server into the domain and promote it to be a domain controller This option is usually preferable Benefit: The new server has no accumulated legacy files and settings Risk: May need additional work to migrate administrators’ files and settings Describe the different methods for upgrading a forest and domain, and discuss the risks and benefits of each method. Explain that the process is the same whether you upgrade from Windows Server 2008 or Windows Server R2 to Windows Server 2012 or Windows Server 2012 R2. The process is also the same when you upgrade from Windows Server 2012 to Windows Server 2012 R2.

30 Installation from Media
2: Introduction to Active Directory Domain Services Installation from Media Install from Media section on the Additional Options page of the Active Directory Domain Services Configuration Wizard Point out to students that because they are installing the domain controller by using the IFM method, they should select the Install from media path check box. Then they type the path to the snapshot file into the Install From Media Path box.

31 What Is Windows Azure Active Directory?
2: Introduction to Active Directory Domain Services Exchange Online SharePoint Online On-premises AD DS Office 365 Lync Online Internet connected apps Internet Windows Azure Apps Windows Azure Active Directory Synchronize Provide students with an overview of Windows Azure Active Directory (Windows Azure AD). Stress that this does not replace an on-premises AD DS solution, but instead provides identity management for cloud- based applications. Explain that Windows Azure AD is hosted on Microsoft hardware, and that subscribers are responsible for managing only their users, not the underlying software or hardware. Review the following website to prepare for this topic: Active Directory,

32 Deploying Domain Controllers in Windows Azure
2: Introduction to Active Directory Domain Services Deploying Domain Controllers in Windows Azure Windows Server 2012 is cloud-ready and virtualization safe Considerations for deploying in Windows Azure include: Rollback Resource limitations Virtualization considerations for deploying AD DS Time synchronization Single point of failure Explain that deploying Windows Server 2012 Active Directory in Windows Azure is not the same as using Windows Azure AD. Explain that potential issues with deploying AD DS in the cloud are addressed in Windows Server 2012.

33 Installing Domain controller in Microsoft Azure & Others
Follow the lab manual to Install a new domain controller. Install a New Windows Server 2012 domain controller in Azure.docx Install a Replica Windows Server 2012 Domain Controller in an Existing Domain.docx Install a Windows Server 2012 Active Directory RODC.docx

34 Lab: Installing Domain Controllers
2: Introduction to Active Directory Domain Services Exercise 2: Installing a Domain Controller by Using IFM Before students begin the lab, read the lab scenario and display the next slide. Before each exercise, read the scenario associated with the exercise to the class. The scenarios give context to the lab and exercises, and help to facilitate the discussion at the end of the lab. Remind students to complete the discussion questions after the last lab exercise. Exercise 1: Installing a Domain Controller Users are experiencing slow sign-ins in London during peak use times. The server team has determined that the domain controllers are overwhelmed when many users authenticate simultaneously. To improve sign-in performance, you will add a new domain controller in the London data center. Exercise 2: Installing a Domain Controller by Using IFM Your manager has assigned you to manage one of the new branch offices that are being configured. A faster network connection will be installed in a few weeks. Until then, network connectivity will be very slow. The branch office requires a domain controller to support local sign‑ins. To avoid problems with the slow network connection, you will use IFM to install the domain controller in the branch office. Instructor Note: Once the domain controller is established by using the IFM media, when it reboots it connects to other domain controllers and receives any updates and changes that occurred since the IFM backup was created.

35 20410D 2: Introduction to Active Directory Domain Services Lab Scenario Your manager has asked you to install a new domain controller in the datacenter to improve sign-in performance and to create a new domain controller for a branch office by using IFM

36 20410D 2: Introduction to Active Directory Domain Services Lab Review Lab Review Questions Question Why did you use Server Manager and not dcpromo when you promoted a server to be a domain controller? Answer In Windows Server 2012, the dcpromo tool is deprecated and its uses are limited. It is used only at a command prompt, for example, to perform an unattended installation of AD DS, or to do a complete domain controller promotion from a command-line interface. Although Server Manager is the preferred tool to use to promote a server, you also can use Windows PowerShell or another type of scripted procedure. What are the three operations masters found in each domain? The three operations masters are: RID master Infrastructure master PDC emulator masters What are the two operations masters that are present in a forest? The two operations masters that are present in a forest are the schema master and the domain naming master. What is the benefit of performing an IFM install of a domain controller? When you have an unreliable wide area network (WAN) link, performing an IFM install reduces the use of the WAN link and provides for a more reliable installation process What is the benefit of performing an IFM install of a domain controller?

37 Module Review and Takeaways
2: Introduction to Active Directory Domain Services Module Review and Takeaways Module Review Questions Point students to the appropriate section in the course so that they are able to answer the questions that this section presents. Question What are the two main purposes of OUs? Answer The two main purposes of OUs are to provide a framework for delegations of administration and to provide a structure to enable the targeted GPO deployment. Why would you need to deploy an additional tree in the AD DS forest? You would deploy an additional tree in the AD DS forest if you needed more than one DNS namespace. Which deployment method would you use if you had to install an additional domain controller in a remote location that had a limited WAN connection? You would use the IFM option, because it eliminates the need to copy the entire AD DS database over the WAN link. If you needed to promote a Server Core installation of Windows Server 2012 to be a domain controller, which tool or tools could you use? To promote a Server Core installation of Windows Server 2012 to a domain controller, you could use the following tools: Server Manager, which allows you to install AD DS remotely Windows PowerShell 4.0 The command dcpromo /unattend, run on the Server Core server Review Questions (More notes on the next slide)

Download ppt "Introduction to Active Directory Domain Services"

Similar presentations

Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Lesson 13: Installing Domain Controllers

Lesson 13: Installing Domain Controllers
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Active Directory

Module 1: Introduction to Active Directory
Module 1: Installing Active Directory Domain Services

Module 1: Installing Active Directory Domain Services
Module 1: Installing Active Directory Domain Services

Module 1: Installing Active Directory Domain Services
Nassau Community College

Nassau Community College
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.

11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
Windows Server 2008 Chapter 4 Last Update 2012.05.01 1.0.0.

Windows Server 2008 Chapter 4 Last Update
Advanced Deployment and Administration of AD DS

Advanced Deployment and Administration of AD DS

Similar presentations

Ads by Google