Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nassau Community College

Published byHugo Stevens Modified over 9 years ago

Similar presentations

Presentation on theme: "Nassau Community College"— Presentation transcript:

1 Nassau Community College
Fall 2011 Session 18 Windows 7 Professional DNS, Groups, and Active Directory(Part 3) Nassau Community College ITE153 – Operating Systems Fall 2011 1 ITE153 - Operating Systems Management

2 Nassau Community College
Fall 2011 Session 17 Windows 7 Professional Operating in Microsoft Networks Nassau Community College ITE153 – Operating Systems Fall 2011 2 ITE153 - Operating Systems Management

3 Nassau Community College ITE153 – Operating Systems
Overview Introduction to Active Directory Structure - Objects Levels – Forest, Trees, Domains Organizational Units Physical Topology Replication Global Catalog Trust Nassau Community College ITE153 – Operating Systems Fall 2011

4 Nassau Community College
Active Directory Fall 2011 a directory service created by Microsoft  for Windows domain networks included in most Windows Server operating systems Server computers running Active Directory are called domain controllers Nassau Community College ITE153 – Operating Systems Fall 2011 ITE153 - Operating Systems Management

5 Nassau Community College ITE153 – Operating Systems
Active Directory serves as a central location for network administration and security responsible for authenticating and authorizing all users and computers within a domain assigning and enforcing security policies for all computers in a network and installing or updating software on network computers Nassau Community College ITE153 – Operating Systems Fall 2011

6 Nassau Community College ITE153 – Operating Systems
Active Directory Uses Lightweight Directory Access Protocol (LDAP),  Kerberos, and DNS First release: Windows 2000 Server edition Revised to extend functionality and improve administration in Windows Server 2003 Windows Server the domain controller role was renamed Active Directory Domain Services Nassau Community College ITE153 – Operating Systems Fall 2011

7 Active Directory Structure
An Active Directory structure is a hierarchical arrangement of information about objects An object is any entity that can be manipulated by the commands of a programming language, such as a value, variable, function, or data structure An  object has attributes (object elements) and behaviors (methods or subroutines) encapsulating an entity Nassau Community College ITE153 – Operating Systems Fall 2011

8 Active Directory Structure
An Active Directory structure is a hierarchical arrangement of information about objects An object is any entity that can be manipulated by the commands of a programming language, such as a value, variable, function, or data structure An  object has attributes (object elements) and behaviors (methods or subroutines) encapsulating an entity Nassau Community College ITE153 – Operating Systems Fall 2011

9 Active Directory Structure
AD objects fall into two broad categories: resources (e.g., printers) security principals (user or computer accounts and groups). Security principals are assigned unique security identifiers (SIDs) A SID is a unique name (an alphanumeric  character string) which is assigned by a Windows Domain controller during the log on process that is used to identify a subject Nassau Community College ITE153 – Operating Systems Fall 2011

10 Active Directory Structure
The object represents a single entity—whether a user, a computer, a printer, or a group—and its attributes. Certain objects can contain other objects. An object is uniquely identified by its name and has a set of attributes—the characteristics and information that the object represents— defined by a schema, which also determines the kinds of objects that can be stored in the AD A Site object in an AD represents a geographic location that hosts networks Nassau Community College ITE153 – Operating Systems Fall 2011

11 Active Directory Structure - Levels
The logical divisions in an Active Directory are: Forest Tree Domain The forest represents the security boundary within which users, computers, groups, and other objects are accessible Nassau Community College ITE153 – Operating Systems Fall 2011

12 Active Directory Structure - Levels
Objects are grouped into domains. The objects for a single domain are stored in a single database (which can be replicated). Domains are identified by their DNS name structure, the namespace A tree is a collection of one or more domains and domain trees in a contiguous namespace, linked in a transitive trust hierarchy At the top of the structure is the forest. A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration Nassau Community College ITE153 – Operating Systems Fall 2011

13 Active Directory Structure - OUs
The objects held within a domain can be grouped into Organizational Units (OUs) OUs can provide hierarchy to a domain, ease its administration, and can resemble the organization's structure in managerial or geographical terms. Microsoft recommends using OUs rather than domains for structure and to simplify the implementation of policies and administration. The OU is the recommended level at which to apply group policies, which are Active Directory objects formally named Group Policy Objects (GPOs Nassau Community College ITE153 – Operating Systems Fall 2011

14 Active Directory Structure - Physical
Sites in Active Directory represent the physical structure, or topology, of your network AD uses topology information, stored as site and site link objects in the directory, to build the most efficient replication topology. A site is a set of well-connected subnets Sites and subnets are represented in AD by site and subnet objects, which you create through Active Directory Sites and Services. Each site object is associated with one or more subnet objects Nassau Community College ITE153 – Operating Systems Fall 2011

15 Active Directory Structure - Physical
In AD, sites map the physical structure of your network, while domains map the logical or administrative structure of your organization You can deploy domain controllers for multiple domains within the same site You can also deploy domain controllers for the same domain in multiple sites Nassau Community College ITE153 – Operating Systems Fall 2011

16 Active Directory Structure - Physical
Physically the Active Directory information is held on one or more peer domain controllers (DCs) Each DC has a copy of the Active Directory Servers joined to Active Directory that are not domain controllers are called Member Servers Nassau Community College ITE153 – Operating Systems Fall 2011

17 Active Directory Structure - Physical
AD synchronizes changes using multi-master replication Multi-master replication is a method of database replication which allows data to be stored by a group of computers, and updated by any member of the group. Nassau Community College ITE153 – Operating Systems Fall 2011

18 Active Directory Structure - Physical
The Active Directory database is organized in partitions or naming contexts, each holding specific object types and following a specific replication pattern:  schema partition defines the objects (such as users) and attributes (such as telephone numbers) that can be created in the AD, and the rules for creating and manipulating them.  configuration partition contains information on the physical structure and configuration of the forest (such as the site topology) domain partition holds all objects created in that domain and replicates only to Domain Controllers within its domain Nassau Community College ITE153 – Operating Systems Fall 2011

19 Active Directory Structure - Physical
Global catalog (GC) servers provide a global listing of all objects in the Forest Global Catalog servers replicate to themselves all objects from all domains and hence, provide a global listing of objects in the forest By default, AD DS searches are directed to global catalog servers The first domain controller in a forest is automatically created as a global catalog server. Thereafter, you can designate other DCs be global catalog servers Nassau Community College ITE153 – Operating Systems Fall 2011

20 Active Directory Structure - Physical
A domain controller designated as a global catalog server stores the objects from all domains in the forest. A global catalog server stores its own full, writable domain replica (all objects and all attributes) plus a partial, read-only replica of every other domain in the forest The global catalog is built and updated automatically by the AD DS replication system. Makes it possible for clients to search AD DS without having to be referred from server to server until a domain controller that has the domain directory partition storing the requested object is found Nassau Community College ITE153 – Operating Systems Fall 2011

21 Active Directory - Replication
Active Directory replication is 'pull' rather than 'push', meaning that replicas pull changes from the server where the change was effected The Knowledge Consistency Checker (KCC) creates a replication topology of site links using the defined sites to manage traffic. Intrasite replication is frequent and automatic as a result of change notification, which triggers peers to begin a pull replication cycle Nassau Community College ITE153 – Operating Systems Fall 2011

22 Active Directory - Trust
To allow users in one domain to access resources in another, Active Directory uses trusts Trusts inside a forest are automatically created when domains are created. The forest sets the default boundaries of trust, and implicit, transitive trust is automatic for all domains within a forest Based on Kerberos Version 5 Nassau Community College ITE153 – Operating Systems Fall 2011

23 Active Directory - Trust
One-way trust - one domain allows access to users on another domain, but the other domain does not allow access to users on the first domain. Two-way trust - two domains allow access to users on both domains. Trusting domain - the domain that allows access to users from a trusted domain. Trusted domain - the domain that is trusted; whose users have access to the trusting domain. Transitive trust - a trust that can extend beyond two domains to other trusted domains in the Nassau Community College ITE153 – Operating Systems Fall 2011

24 Active Directory - Trust
Intransitive trust - a one way trust that does not extend beyond two domains. Explicit trust - a trust that an admin creates. Not transitive; is one way only Cross-link trust - an explicit trust between domains in different trees Shortcut - joins two domains in different trees, transitive, 1or 2-way Forest - applies to the entire forest. Transitive, 1or 2-way Realm - Can be transitive or nontransitive, 1or 2-way External - connect to other forests or non-AD domains. Nontransitive, 1or 2- way Nassau Community College ITE153 – Operating Systems Fall 2011

25 Nassau Community College ITE153 – Operating Systems
Review Nassau Community College ITE153 – Operating Systems Fall 2011

26 Lab A: Operating in a Domain
Nassau Community College ITE153 – Operating Systems Fall 2011

27 Nassau Community College ITE153 – Operating Systems
Important URLS Active Directory - a very good overview from Wikipedia What is an object? - a very good tutorial on object and classes AD Server Roles - good description of different server roles Sites - good explanation of site and subnet objects in AD Replication SCenarios - nice overview of replication techniques, not just for ADs, but directories in general What is a Global Catalog - an update overview of that explains GCS in the context of Active Directory Domain Services (AD DS) How Domain and Forest Trusts Works - good nut & bolts description of how this works Active Directory Collection - from Microsoft's Technologies Collection, provides in-depth tech reference about the Windows Server 2003 AD Windows Server 2008 R2 Active Directory - good overview, free download, and a virtual lab Nassau Community College ITE153 – Operating Systems Fall 2011

28 Nassau Community College
Homework Fall 2011 Review the Slides Review Lesson 17 In The Text Nassau Community College ITE153 – Operating Systems Fall 2011 ITE153 - Operating Systems Management

Download ppt "Nassau Community College"

Similar presentations

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
1 Active Directory (Week 8, Monday 2/26/2007) © Abdou Illia, Spring 2007.

1 Active Directory (Week 8, Monday 2/26/2007) © Abdou Illia, Spring 2007.
Introduction to Active Directory

Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Active Directory

Module 1: Introduction to Active Directory
1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.

1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008

Similar presentations

Ads by Google