Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 1: Introduction to Active Directory

Similar presentations


Presentation on theme: "Module 1: Introduction to Active Directory"— Presentation transcript:

1 Module 1: Introduction to Active Directory

2 Overview Introduction to Active Directory
Active Directory Logical Structure Role of DNS in Active Directory Active Directory Physical Structure Methods for Administering a Windows 2000 Network

3 Introduction to Active Directory
What Is Active Directory? Active Directory Objects Active Directory Schema Lightweight Directory Access Protocol (LDAP)

4 What Is Active Directory?
Directory Service Functionality Centralized Management Organize Manage Control Single point of administration Full user access to directory resources by a single logon Resources

5 Active Directory Objects
Attributes First Name Last Name Logon Name Printer Name Printer Location Active Directory Printers Printer1 Printer2 Suzan Fine Users Don Hall Attribute Value Objects Printer3 Objects Represent Network Resources Attributes Store Information About an Object

6 Active Directory Schema
Objects Class Examples Active Directory Schema Is: Dynamically Available Dynamically Updateable Protected by DACLs Attribute Examples Computers Attributes of Users Might Contain: List of Attributes accountExpires department distinguishedName middleName accountExpires department distinguishedName directReports dNSHostName operatingSystem repsFrom repsTo middleName Users Printers

7 DNS and Active Directory Namespaces
DNS Namespace Internet “.” (DNS root domain) com. Active Directory Namespace microsoft microsoft.com training sales training. microsoft.com sales. microsoft.com computer1 = DNS node (domain or computer) = Active Directory domain

8 Lightweight Directory Access Protocol (LDAP)
LDAP Provides a Way to Communicate with Active Directory by Specifying Unique Naming Paths for Each Object in the Directory LDAP Naming Paths Include: Distinguished names Relative distinguished names CN=Suzan Fine,OU=Sales,DC=contoso,DC=msft Suzan Fine

9 Active Directory Logical Structure
Domains Organizational Units Trees and Forests Global Catalog

10 Domains A Domain Is a Security Boundary
A domain administrator can administer only within the domain, unless explicitly granted administration rights in other domains A Domain Is a Unit of Replication Domain controllers in a domain participate in replication and contain a complete copy of the directory information for their domain Windows 2000 Domain Replication User1 User2 User1 User2

11 Network Administrative Model Organizational Structure
Organizational Units Network Administrative Model Organizational Structure Sales Vancouver Users Sales Computers Repair Use OUs to Group Objects into a Logical Hierarchy That Best Suits the Needs of Your Organization Delegate Administrative Control over the Objects Within an OU by Assigning Specific Permissions to Users and Groups

12 Two-Way Transitive Trust Two-Way Transitive Trusts
Trees and Forests contoso.msft (root) Two-Way Transitive Trust Two-Way Transitive Trusts au. nwtraders.msft asia. Forest Tree au. contoso.msft asia. Tree

13 Subset of the Attributes of All Objects
Global Catalog Domain Subset of the Attributes of All Objects Domain Global Catalog Server Global Catalog Queries Group membership when user logs on

14 Introduction to the Role of DNS in Active Directory
Name Resolution DNS translates computer names to IP addresses Computers use DNS to locate each other on the network Naming Convention for Windows 2000 Domains Windows 2000 uses DNS naming standards for domain names DNS domains and Active Directory domains share a common hierarchical naming structure Locating the Physical Components of Active Directory DNS identifies domain controllers by the services they provide Computers use DNS to locate domain controllers and global catalog servers

15 DNS Host Names and Windows 2000 Computer Names
DNS host record and Active Directory object represent the same physical computer DNS allows computers to locate domain controllers within Active Directory “.” com. Active Directory microsoft training.microsoft.com Builtin Computers Computer1 Computer2 sales training computer1 FQDN = computer1.training.microsoft.com Windows 2000 Computer Name = Computer1

16 DNS Requirements for Active Directory
DNS Requirements to Support Active Directory Support for SRV records (mandatory) Support for the dynamic update protocol (recommended) Support for incremental zone transfers (recommended)

17 What Is a Tree? Parent Domain contoso.msft Child Domain
Tree Root Domain Parent Domain contoso.msft Child Child Domain sales.contoso.msft New Domain Contiguous Namespace sales.contoso.msft

18 What Is a Forest? Forest Tree Tree A Forest is One or More Trees
Trees in a Forest Do Not Share a Contiguous Namespace contoso.msft Forest nwtraders.msft sales. contoso.msft Tree marketing. nwtraders.msft sales. nwtraders.msft All of The Domains in a Forest Share a Common Configuration, Schema, and Global Catalog Tree

19 What Is the Forest Root Domain?
The Forest Root Domain Is the First Domain Created in a Forest contoso.msft Forest Forest Root Domain nwtraders.msft Tree Tree Root Domain Global Catalog Configuration and Schema Enterprise Admins Schema Admins marketing.nwtraders.msft sales.contoso.msft

20 Characteristics of Multiple Domains
Reduce Replication Traffic Maintain Separate and Distinct Security Policies Between Domains Preserve the Domain Structure of Earlier Versions of Windows NT Separate Administrative Control

21 Active Directory Physical Structure
Domain Controllers Sites

22 Domain Controllers Domain Controllers:
Participate in Active Directory replication Perform single master operations roles in a domain Domain Controller Domain Replication User1 User2 = A Writeable Copy of the Active Directory Database

23 Sites Site Sites: Optimize replication traffic
Los Angeles Seattle Chicago New York Site IP subnet Sites: Optimize replication traffic Enable users to log on to a domain controller by using a reliable, high-speed connection

24 Introduction to Active Directory Replication
Domain Controller B Domain Controller C Domain Controller A Multimaster Replication with a Loose Convergence

25 Replication Components and Processes
How Replication Works Replication Latency Resolving Replication Conflicts Optimizing Replication

26 How Replication Works Active Directory Update Replication Add Modify
Originating Update Domain Controller A Domain Controller B Domain Controller C Replicated Update Add Modify Move Delete

27 Replication Latency Default Replication Latency (Change Notification) = 5 minutes When No Changes, Scheduled Replication = One Hour Urgent Replication = Immediate Change Notification Replicated Update Change Notification Domain Controller B Replication Originating Update Domain Controller A Change Notification Replicated Update Domain Controller C

28 Resolving Replication Conflicts
Domain Controller A Domain Controller B Stamp Stamp Originating Update Originating Update Conflict Conflict Version Number Timestamp Server GUID Stamp Conflicts Can Be Due to: Attribute Value Adding/Moving Under a Deleted Container Object or the Deletion of a Container Object Sibling Name

29 Optimizing Replication
Domain Controller B GUID USN Up-To-Dateness Vector GUID USN Update Replicated Update Originating Update Domain Controller A Update GUID USN Domain Controller C Replicated Update

30 Replication Topology Directory Partitions
What Is Replication Topology? Global Catalog and Replication of Partitions

31 Active Directory Database
Directory Partitions Directory Partitions Schema Contains definitions and rules for creating and manipulating all objects and attributes Forest Configuration Contains information about Active Directory structure contoso.msft Holds information about all domain-specific objects created in Active Directory Domain Active Directory Database

32 What Is Replication Topology?
Domain Controllers from the Same Domains Domain A Topology Schema/Configuration Topology B2 A2 A1 B1 B3 A4 A3 Domain Controllers from Different Domains Domain A Topology Domain B Topology Schema/Configuration Topology

33 What Is Replication Topology?
B2 B1 A3 A3 A4 A4 B3 Domain Controllers from Different Domains Domain Controllers from the Same Domains Domain A Topology Domain B Topology Schema/Configuration Topology Domain A Topology Schema/Configuration Topology

34 Global Catalog and Replication of Partitions
Partial Directory Partition Replica Global Catalog Server contoso.msft Configuration Schema Holds read only copy of all domain directory partitions namerica.contoso.msft

35 Global Catalog and Replication of Partitions
Domain A Topology Domain B Topology Schema/Configuration Topology

36 Automatic Replication Topology Generation
KCC A2 A1 A8 A4 A5 A6 A7 Automatic Replication Topology Generation A3 KCC A2 A1 A4 A5 A6 A7 A8 KCC Domain Topology Schema/Configuration Topology

37 Methods for Administering a Windows 2000 Network
Using Active Directory for Centralized Management Managing the User Environment Delegating Administrative Control

38 Using Active Directory for Centralized Management
OU1 Domain Computers Users OU2 Printers Computer1 User1 Printer1 User2 Search Active Directory: Enables a single administrator to centrally manage resources Allows administrators to easily locate information Allows administrators to group objects into OUs Uses Group Policy to specify policy-based settings

39 Managing the User Environment
Windows 2000 Enforces Continually Apply Group Policy Once 1 2 3 Domain OU1 OU2 OU3 Use Group Policy to: Control and lock down what users can do Centrally manage software installation, repairs, updates, and removal Configure user data to follow users whether they are online or offline

40 Delegating Administrative Control
Domain Admin1 Admin2 Admin3 OU2 OU3 OU1 Assign Permissions: For specific OUs to other administrators To modify specific attributes of an object in a single OU To perform the same task in all OUs Customize Administrative Tools to: Map to delegated administrative tasks Simplify interface design

41 Review Introduction to Active Directory
Active Directory Logical Structure Role of DNS in Active Directory Active Directory Physical Structure Methods for Administering a Windows 2000 Network


Download ppt "Module 1: Introduction to Active Directory"

Similar presentations


Ads by Google