Download presentation
Presentation is loading. Please wait.
Published byScarlett Simpson Modified over 9 years ago
1
Windows 2003 Architecture, Active Directory & DNS Lecture # 3 Hassan Shuja 02/14/2006
2
Windows 2003 Architecture Modular Architecture Modular Architecture – –Each component/module has sole responsibility for the function it is designed to provide – –Made up of a User Mode and a Kernel Mode
3
Windows 2003 Architecture User Mode User Mode –Less privileged processor mode because it does not have direct access to hardware – to assigned memory address space –Limited to assigned memory address space – API to request service from Kernel mode –Uses API to request service from Kernel mode Kernel Mode Kernel Mode – Controls O/S functions, O/S services, and system data and interface to H/W –Kernel mode can directly access hardware and memory Processor not restricted to its own memory Processor not restricted to its own memory
4
Memory Model Memory Model Memory Model –Virtual memory (paging file) is space on HD treated as if it is RAM –4 GB of memory – 2GB for Kernel and 2GB for Applications –Virtual Memory Manager manages memory
5
Active Directory (AD) Active Directory Active Directory – Active Directory has two parts A database with information about users and resources A database with information about users and resources A service that manages the database and enables users of computers on the network to access the database A service that manages the database and enables users of computers on the network to access the database – Active Directory Features/Advantages Security - Logon process and controlling access to objects Security - Logon process and controlling access to objects Administration – Hierarchical structure Administration – Hierarchical structure Search capabilities – Search AD for an object Search capabilities – Search AD for an object Scalable – Allows multiple domains, fits for any size network Scalable – Allows multiple domains, fits for any size network Flexibility – Grows with your company, allows for additions Flexibility – Grows with your company, allows for additions
6
Active Directory Improvements Improvements –Improved User Interface Drag & Drop and Ability to select multiple objects Drag & Drop and Ability to select multiple objects –Group Policy Management Console Creation of Group Policy Management Console (GPMC) for centralized control group policies Creation of Group Policy Management Console (GPMC) for centralized control group policies –Ability to Rename Domains
7
Active Directory Structure Structure – Objects and Classes An object is the smallest component that you can have in AD An object is the smallest component that you can have in AD A class is a template of all attributes of an object when it is created A class is a template of all attributes of an object when it is created – Schema Schema governs the structure of the directory Schema governs the structure of the directory Allows administrators to modify and add new object classes, objects and attributes as needed, making the schema extensible Allows administrators to modify and add new object classes, objects and attributes as needed, making the schema extensible Active Directory Schema is the name of the snap-in in MMC and can only be changed by Schema Admins Active Directory Schema is the name of the snap-in in MMC and can only be changed by Schema Admins
8
Active Directory Structure Structure – Global Catalog A master searchable index that contains information about every object in a forest A master searchable index that contains information about every object in a forest Created by default on first DC in a domain Created by default on first DC in a domain – Contains a full copy of all objects in its own domain and a partial replica of all objects in all other domains in the forest – Serves as a central point for user authentication – Namespace A logical region with objects that is bound together by their names A logical region with objects that is bound together by their names
9
Active Directory Organizational Units (OU) Organizational Units (OU) – Substructure of domains and are arranged hierarchically – Used to organize related objects in AD, can also contain other OUs – Helps simplify administration – OUs can organized by geography, business unit, resources – A hybrid design is most common – OU nesting should be only 4 to 5 levels deep Can effect performance Can effect performance – OUs are not security principals – Permission to read or write a file or folder is not given through OUs – OUs allow for delegation of administration – Add, delete, or modify an object in an OU – Group Policies (GPOs) can be applied to OUs
10
Active Directory Identification Identification – Globally Unique Identifier (GUID) – A 32 hex number assigned to an object at the time of creation and object is stored with it. This ensures uniqueness and avoids duplication – Security ID (SID) – A unique security ID created by the Security subsystem that is assigned to user, groups, and computers to grant or deny an object access to other objects
11
Domains Tree Tree – Grouping of one or more domains that must have a single root domain Parent child & child relationships Parent child & child relationships – Defined by a common and contiguous name space – A hierarchy of domains sharing a common schema, security trust relationship, and a Global Catalog Forest Forest – A group of one or more Domain Trees linked together by a trust Two different root domains Two different root domains – All Trees share a common schema and global catalog – Do not have contiguous DNS domain names
12
Domains Tree Tree
13
Domains Forest Forest
14
Trusts Transitive Trusts Transitive Trusts – A trust between two domains in the same Tree/Forest that can extend beyond two domains to other trusted domains within the same Tree/Forest Always a 2 way trust Always a 2 way trust By default all Windows 2000 trusts within Tree/Forest are transitive By default all Windows 2000 trusts within Tree/Forest are transitive Domain A and C trust each other Domain A and C trust each other
15
Trusts Explicit Trusts Explicit Trusts – A trust that is setup by an administrator Connect domains directly to shorten the path between them Connect domains directly to shorten the path between them – It can be either transitive or intransitive – Used to manage trusts between Windows 2000 and NT domains
16
Domain Name System (DNS) DNS Structure DNS Structure – Based on a hierarchical naming structure (inverted tree) – A single root domain, underneath there are second-level domains – Every computer in a DNS domain is uniquely identified by a Fully Qualified Domain Name (FQDN) – Dynamic DNS is supported starting in W2K
17
Domain Name System (DNS) DNS Structure DNS Structure
18
Domain Name System (DNS) DNS Servers DNS Servers – Primary – Maintains the master copy of the zone files – Secondary – Keeps a back-up copy of the zone files – AD-integrated – DNS entries kept in AD data store instead of zone files Zone Files Zone Files – Forward Lookup Zone This contains host name to IP address resolution This contains host name to IP address resolution – Reverse Lookup Zone This contains IP address to host name resolution This contains IP address to host name resolution
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.