Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Directory Administration

Published byEugenia Hood Modified over 6 years ago

Similar presentations

Presentation on theme: "Active Directory Administration"— Presentation transcript:

1 Active Directory Administration
By Joseph Cheung April 27, 2016

2

3 Active Directory administration By Joseph Cheung

4 CONCEPTS OF ACTIVE DIRECTORY
An active directory stores information about all the resources on a network; such as users, groups, computers, files, printers, and applications. Plus It provides all the services, making the information available and useful.

5 CONCEPTS OF ACTIVE DIRECTORY
Active directory stores information about resources in hierarchical structure It contains objects that represents different types of network resources, users, printers and so on. AD information is used to authenticate/authorize users, computers, resources which are part of a network

6 Each object has Object has attributes attributes,
a. such as the user’s first name, last name and address; or b. A printer’s asset number and location 2. GUID – 128bit global identifier 3. SID – Security identifier

7 Object Examples Forest Computer Domain Shared Folder
Organizational Unit Printer User Site Group Subnet Contact

8 STRUCTURE Objects are maintained in a domain
A domain is a basic unit of organization and security in active directory

9 STRUCTURE A Domain Has 4 Components
A hierarchical structure of containers, objects An unique Domain Name A security mechanism to authenticate and authorize access to Domain Resources Policies that show how functionality is allowed or restricted for users, computers in a domain

10 STRUCTURE Within a domain, objects can be organized into logical containers called organizational units or OUs

11 Organizational Unit [OU]
Using organizational unit you can create a hierarchical structure that duplicates the structure of your organization. Even more importantly you can delegate some administrative responsibilities for these small units. While administrators have full administrative rights for the entire domain. A user, such as a department or team manager can be granted rights for a particular sub-trees of organizational units or even a single organizational unit

12 Multiple Domain Although organizational units are useful for delegating administrative responsibilities within a domain. Multiple domains are useful for network administrations done by separate authorities, such as in an international organization where resources maybe maintained in different languages

13 Multiple Domain Multiple domains can form a domain tree; the root domain is always created first It becomes the parent domain to child-domains that are added directly below it

14 DNS Each domain in a tree is assigned a name using the hierarchical domain naming system or DNS As other domains are joint to a tree, the name of a child is added to the parents name, reflecting their relationship To make network resources globally available to users, by default, active directory transparently joint domains to a 2-way transitive relationship

15 TRUST RELATIONSHIPS Trust relationship make the domain resources available to users in other domains. Transitive means that the trust relationship carry thru automatically to other domains in the tree

16 TRUST RELATIONSHIPS So, users in one domain may have access to resources anywhere in the tree; except of course to resources that have been restricted.

17 TRUST RELATIONSHIPS The tree model of multiple domains can be extended to a forest of trees. Or organizations who need to maintain a separate organizational structures, such as a company that needs distinct public identities for its subsidiaries.

18 TREES IN A FOREST SHARE Although each tree can have different naming scheme, they share 3 things Transitive trust relationships between any domain within the forest A common schema - a complete set of object types; and They share a comprehensive global catalog

19 Global Catalog The global catalog holds all the objects for all domains, so it’s easy for users to locate a specific object anywhere in the Enterprise. To keep query response time fast, the global catalog maintains only a sub-set of attributes for each object.

20 Global Catalog The global catalog is automatically replicated to those domain controllers throughout the forest that are designated as global catalog service

21 Global Catalog DOMAIN CONTROLLER
manages ACTIVE DIRECTORY information and users interactions, including directory searches across the enterprise; Is responsible for all the authentications, authorizations, additions, deletions, audits, modifications, inside a Domain.

22 Global Catalog For example if the marketing manager in the Minneapolis’s office wants to send a hard copy of the file out to the subsidiary in Paris, she can query the ACTIVE DIRECTORY global catalog for a printer on the 2nd floor office of Rue Lafayette, the global catalog resolves the query and returns the location

23 ACTIVE DIRECTORY - Network Topology
Finally, let’s look how AD relates to network topology To optimize active directory performance it may be beneficial to divide the network into sites, especially it has geographic separate locations connected by slow links

24 SITES A site is one or more IP subnets connected by a hi- speed link.
Sites help reduce active directory traffic, such as work stations logged-on in replication For example when a user who logs on win2012 will try to find the active directory controller in the same site of the user’s computer to validate the logon request.

25 SITES Staying within the same site serve to reduce unnecessary traffic between the domain controllers; and the network operates more efficiently

26 SITES In addition, replication of active directory between sites can be scheduled in off-peak hours when demand for resources between sites is usually lower

27 ACTIVE DIRECTORY - conclusion
Active directory enable users to access resources and The administrators to secure the resources across the enterprise network.

28 Active Directory Administration
Thank You By Joseph Cheung April 27, 2016

Download ppt "Active Directory Administration"

Similar presentations

COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.

COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
1 Active Directory (Week 8, Monday 2/26/2007) © Abdou Illia, Spring 2007.

1 Active Directory (Week 8, Monday 2/26/2007) © Abdou Illia, Spring 2007.
Introduction to Active Directory

Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
CS603 Active Directory February 1, 2001.

CS603 Active Directory February 1, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.

Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Active Directory

Module 1: Introduction to Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.

1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.

Similar presentations

Ads by Google