Download presentation
Presentation is loading. Please wait.
Published byNickolas Dennis Modified over 9 years ago
1
Vikram Thakur Introduction to Active Directory Structure
2
Agenda Introduction to Active Directory FSMO Roles Replication Active Directory deployment planning Guiding principles Structure planning More information
3
Introduction to Active Directory What is it? How does it help? How is it stored? Where is it stored? Can it’s scope be extended?
4
Domain Controller These are ‘Logon’ or ‘Authenticating’ servers with the NTDS Directory Under any circumstances there should be at least 2 of these DCs They check for DB Consistency They maintain the domain information
5
AD Properties It doesn’t require the PDC/BDC structure anymore….that went away with NT4 ‘Delegation’ is possible…more later It provides an LDAP interface to other applications Multiple Domains can be a part of a single AD with Inter Site Trust (Forests)
6
Storage Structure of AD Comprises of 2 parts Transaction Logs Database SYSVOL (old NETLOGON)
7
FSMO FSMO – Flexible Single Master of Operations Schema PDC RID Domain Naming Infrastructure
8
Global Catalogs (GCs) Hold limited form of AD Can be modified by using the SCHMGMT.DLL Used for location of resources
9
Replication AD works in Multi-Master mode by default Happens every 5 minutes Default – Every DC replicates with 2 other DCs KCC is part of LSASS (Monitoring that will tell you when you need another DC) USN (Update Sequence Number)
10
Planning and Deployment
11
Deployment Planning Three steps Assess your environment Create Active Directory structure plan Create migration plan 2. Plan 3. Migrate 1. Assess
12
Guiding Principles Keep it simple Aim for the ideal design Evaluate several alternatives Anticipate change
13
Structure Planning Deliverable: planning documents Forest plan Domain plan OU plan
14
Forest Planning Start with a forest plan Forest plan Domain plan OU plan Site topology
15
Configuration Site topology Domain hierarchy Schema Class definitions Attribute definitions Forest Planning Concepts Forest User Principal Name “bob@domain.com” Globalcatalog
16
Forest Planning Methodology Start with a single forest Create change control policy Schema Admins and Enterprise Admins group membership Multiple forests may be required Cannot agree on change control Division requires own schema or config Complete trust undesirable
17
Forest Planning Inter-forest Considerations Users must be aware of structure Explicit query to domain outside forest Import objects from other forests Config, schema managed separately One-way, non-transitive trust only
18
Forest Planning Examples Central authority Single forest Conglomerate, autonomous division May require multiple forests ISP or hosting scenario Multiple forests No reason to share schema, config or to have complete trust
19
Domain Planning Create a domain plan for each forest Forest plan Domain plan OU plan
20
Domain Planning Concepts A domain is a partition of a forest Unit of partitioning for replication Administrative and policy boundary Scope of authority of Domain Admins Policy and access control do not flow between domains
21
Domain Planning Methodology Forest plan Domain plan OU plan Select Forest Root CreateHierarchy DNS Support Partition
22
Domain Planning Partitioning Start with a single domain Justify each additional domain Example justification Administrative partitioning (admin/policy) Physical partitioning (replication) Upgrade existing domain in-place
23
Domain Planning Obsolete Reasons to Partition WinNT 4.0: 40,000 object limit Active Directory tests: 1,500,000+ Primary Domain Controller (PDC) availability requirements Active Directory is multi-master Delegation of administration Resource domains no longer needed Delegate within a domain using OUs
24
OU Planning Create an OU plan for each domain Forest plan Domain plan OU plan
25
OU Planning Concepts An Organizational Unit (OUs) is a container inside a domain Nested to create hierarchical structure Not a security principal Easily changed Typically not exposed to users Depth does not impact performance
26
OU Planning Methodology Forest plan Domain plan OU plan DelegateAdministration Apply Group Policy
27
OU Planning Delegate Administration Objects can be permission on a per- attribute basis Very flexible delegation possible Minimize number of Domain Admins Example procedure 1. Delegate full control 2. Delegate full control per-object class 3. Delegate control of specific attribute
28
OU Planning Apply Group Policy Group policy is used to control desktop configurations Applied to Users and Computers Associated with Sites, Domains, or Organizational Units Create OUs to apply unique policy Filter application of policy using access control
29
Summary Deployment planning Assess current environment Structure planning Migration planning Start with structure planning Forest, domain, OU Guiding principles Keep it simple Anticipate change
30
For More Information Read the Windows 2003 Deployment Guide (on the Windows 2003 CD) Read the Distributed Systems book in the Windows 2003 Resource Kit Watch for whitepapers on the Windows 2003 Server home page http://www.microsoft.com/windows/server/
31
Scenario Discussion – time permitting
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.