Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vikram Thakur Introduction to Active Directory Structure.

Similar presentations


Presentation on theme: "Vikram Thakur Introduction to Active Directory Structure."— Presentation transcript:

1 Vikram Thakur Introduction to Active Directory Structure

2 Agenda  Introduction to Active Directory  FSMO Roles  Replication  Active Directory deployment planning  Guiding principles  Structure planning  More information

3 Introduction to Active Directory  What is it?  How does it help?  How is it stored?  Where is it stored?  Can it’s scope be extended?

4 Domain Controller  These are ‘Logon’ or ‘Authenticating’ servers with the NTDS Directory  Under any circumstances there should be at least 2 of these DCs  They check for DB Consistency  They maintain the domain information

5 AD Properties  It doesn’t require the PDC/BDC structure anymore….that went away with NT4  ‘Delegation’ is possible…more later  It provides an LDAP interface to other applications  Multiple Domains can be a part of a single AD with Inter Site Trust (Forests)

6 Storage Structure of AD  Comprises of 2 parts  Transaction Logs  Database  SYSVOL (old NETLOGON)

7 FSMO FSMO – Flexible Single Master of Operations  Schema  PDC  RID  Domain Naming  Infrastructure

8 Global Catalogs (GCs)  Hold limited form of AD  Can be modified by using the SCHMGMT.DLL  Used for location of resources

9 Replication  AD works in Multi-Master mode by default  Happens every 5 minutes  Default – Every DC replicates with 2 other DCs  KCC is part of LSASS (Monitoring that will tell you when you need another DC)  USN (Update Sequence Number)

10 Planning and Deployment

11 Deployment Planning  Three steps  Assess your environment  Create Active Directory structure plan  Create migration plan 2. Plan 3. Migrate 1. Assess

12 Guiding Principles  Keep it simple  Aim for the ideal design  Evaluate several alternatives  Anticipate change

13 Structure Planning  Deliverable: planning documents Forest plan Domain plan OU plan

14 Forest Planning  Start with a forest plan Forest plan Domain plan OU plan Site topology

15 Configuration  Site topology  Domain hierarchy Schema  Class definitions  Attribute definitions Forest Planning Concepts Forest User Principal Name “bob@domain.com” Globalcatalog

16 Forest Planning Methodology  Start with a single forest  Create change control policy  Schema Admins and Enterprise Admins group membership  Multiple forests may be required  Cannot agree on change control  Division requires own schema or config  Complete trust undesirable

17 Forest Planning Inter-forest Considerations  Users must be aware of structure  Explicit query to domain outside forest  Import objects from other forests  Config, schema managed separately  One-way, non-transitive trust only

18 Forest Planning Examples  Central authority  Single forest  Conglomerate, autonomous division  May require multiple forests  ISP or hosting scenario  Multiple forests  No reason to share schema, config or to have complete trust

19 Domain Planning  Create a domain plan for each forest Forest plan Domain plan OU plan

20 Domain Planning Concepts  A domain is a partition of a forest  Unit of partitioning for replication  Administrative and policy boundary  Scope of authority of Domain Admins  Policy and access control do not flow between domains

21 Domain Planning Methodology Forest plan Domain plan OU plan Select Forest Root CreateHierarchy DNS Support Partition

22 Domain Planning Partitioning  Start with a single domain  Justify each additional domain  Example justification  Administrative partitioning (admin/policy)  Physical partitioning (replication)  Upgrade existing domain in-place

23 Domain Planning Obsolete Reasons to Partition  WinNT 4.0: 40,000 object limit  Active Directory tests: 1,500,000+  Primary Domain Controller (PDC) availability requirements  Active Directory is multi-master  Delegation of administration  Resource domains no longer needed  Delegate within a domain using OUs

24 OU Planning  Create an OU plan for each domain Forest plan Domain plan OU plan

25 OU Planning Concepts  An Organizational Unit (OUs) is a container inside a domain  Nested to create hierarchical structure  Not a security principal  Easily changed  Typically not exposed to users  Depth does not impact performance

26 OU Planning Methodology Forest plan Domain plan OU plan DelegateAdministration Apply Group Policy

27 OU Planning Delegate Administration  Objects can be permission on a per- attribute basis  Very flexible delegation possible  Minimize number of Domain Admins  Example procedure 1. Delegate full control 2. Delegate full control per-object class 3. Delegate control of specific attribute

28 OU Planning Apply Group Policy  Group policy is used to control desktop configurations  Applied to Users and Computers  Associated with Sites, Domains, or Organizational Units  Create OUs to apply unique policy  Filter application of policy using access control

29 Summary  Deployment planning  Assess current environment  Structure planning  Migration planning  Start with structure planning  Forest, domain, OU  Guiding principles  Keep it simple  Anticipate change

30 For More Information  Read the Windows 2003 Deployment Guide (on the Windows 2003 CD)  Read the Distributed Systems book in the Windows 2003 Resource Kit  Watch for whitepapers on the Windows 2003 Server home page http://www.microsoft.com/windows/server/

31 Scenario Discussion – time permitting


Download ppt "Vikram Thakur Introduction to Active Directory Structure."

Similar presentations


Ads by Google