Module 1: Introduction to Active Directory - PowerPoint PPT Presentation

1 / 39
About This Presentation
Title:

Module 1: Introduction to Active Directory

Description:

CN=Suzan Fine,OU=Sales,DC=contoso,DC=msft. Suzan Fine. Active Directory Logical Structure ... contoso.msft. Configuration. Schema ... – PowerPoint PPT presentation

Number of Views:684
Avg rating:3.0/5.0
Slides: 40
Provided by: raviac
Category:

less

Transcript and Presenter's Notes

Title: Module 1: Introduction to Active Directory


1
Module 1 Introduction to Active Directory
2
Overview
  • Introduction to Active Directory
  • Active Directory Logical Structure
  • Role of DNS in Active Directory
  • Active Directory Physical Structure
  • Methods for Administering a Windows 2000 Network

3
Introduction to Active Directory
  • What Is Active Directory?
  • Active Directory Objects
  • Active Directory Schema
  • Lightweight Directory Access Protocol (LDAP)

4
What Is Active Directory?
Directory Service Functionality
Centralized Management
  • Organize
  • Manage
  • Control
  • Single point of administration
  • Full user access to directory resources by a
    single logon

Resources
5
Active Directory Objects
  • Objects Represent Network Resources
  • Attributes Store Information About an Object

6
Active Directory Schema
Objects Class Examples
  • Active Directory Schema Is
  • Dynamically Available
  • Dynamically Updateable
  • Protected by DACLs

Attribute Examples
Computers
Attributes of Users Might Contain
List of Attributes
accountExpires department distinguishedName middle
Name
accountExpires department distinguishedName direct
Reports dNSHostName operatingSystem repsFrom repsT
o middleName
Users
Printers
7
DNS and Active Directory Namespaces
DNS Namespace
Internet
.
(DNS root domain)
com.
Active Directory Namespace
microsoft
microsoft.com
training

sales
training. microsoft.com
sales. microsoft.com
computer1
8
Lightweight Directory Access Protocol (LDAP)
  • LDAP Provides a Way to Communicate with Active
    Directory by Specifying Unique Naming Paths for
    Each Object in the Directory
  • LDAP Naming Paths Include
  • Distinguished names
  • Relative distinguished names

CNSuzan Fine,OUSales,DCcontoso,DCmsft
Suzan Fine
9
Active Directory Logical Structure
  • Domains
  • Organizational Units
  • Trees and Forests
  • Global Catalog

10
Domains
  • A Domain Is a Security Boundary
  • A domain administrator can administer only within
    the domain, unless explicitly granted
    administration rights in other domains
  • A Domain Is a Unit of Replication
  • Domain controllers in a domain participate in
    replication and contain a complete copy of the
    directory information for their domain

Windows 2000Domain
Replication
User1 User2
11
Organizational Units
Organizational Structure
Network Administrative Model
Vancouver
Sales
Sales
Users
Repair
Computers
  • Use OUs to Group Objects into a Logical Hierarchy
    That Best Suits the Needs of Your Organization
  • Delegate Administrative Control over the Objects
    Within an OU by Assigning Specific Permissions to
    Users and Groups

12
Trees and Forests
13
Global Catalog
Queries
Group membership when user logs on
14
Introduction to the Role of DNS in Active
Directory
  • Name Resolution
  • DNS translates computer names to IP addresses
  • Computers use DNS to locate each other on the
    network
  • Naming Convention for Windows 2000 Domains
  • Windows 2000 uses DNS naming standards for domain
    names
  • DNS domains and Active Directory domains share a
    common hierarchical naming structure
  • Locating the Physical Components of Active
    Directory
  • DNS identifies domain controllers by the services
    they provide
  • Computers use DNS to locate domain controllers
    and global catalog servers

15
DNS Host Names and Windows 2000 Computer Names
  • DNS host record and Active Directory object
    represent the same physical computer
  • DNS allows computers to locate domain controllers
    within Active Directory

.
com.
Active Directory
microsoft
sales
training
computer1
FQDN computer1.training.microsoft.com Windows
2000 Computer Name Computer1
16
DNS Requirements for Active Directory
DNS Requirements to Support Active Directory
Support for SRV records (mandatory)
Support for the dynamic update protocol
(recommended)
Support for incremental zone transfers
(recommended)
17
What Is a Tree?
Parent
Tree Root Domain
Parent Domain
contoso.msft
Child
Child Domain
sales.contoso.msft
New Domain
Contiguous Namespace sales.contoso.msft
18
What Is a Forest?
  • A Forest is One or More Trees
  • Trees in a Forest Do Not Share a Contiguous
    Namespace

contoso.msft
Forest
nwtraders.msft
sales. contoso.msft
Tree
marketing. nwtraders.msft
sales. nwtraders.msft
  • All of The Domains in a Forest Share a Common
    Configuration, Schema, and Global Catalog

Tree
19
What Is the Forest Root Domain?
20
Characteristics of Multiple Domains
Reduce Replication Traffic
Maintain Separate and Distinct Security Policies
Between Domains
Preserve the Domain Structure of Earlier
Versions of Windows NT
Separate Administrative Control
21
Active Directory Physical Structure
  • Domain Controllers
  • Sites

22
Domain Controllers
  • Domain Controllers
  • Participate in Active Directory replication
  • Perform single master operations roles in a domain

A Writeable Copy of the Active Directory
Database
23
Sites
  • Sites
  • Optimize replication traffic
  • Enable users to log on to a domain controller by
    using a reliable, high-speed connection

24
Introduction to Active Directory Replication
Multimaster Replication with a Loose Convergence
25
Replication Components and Processes
  • How Replication Works
  • Replication Latency
  • Resolving Replication Conflicts
  • Optimizing Replication

26
How Replication Works
  • Active Directory Update
  • Move
  • Delete
  • Add
  • Modify

27
Replication Latency
  • Default Replication Latency (Change Notification)
    5 minutes
  • When No Changes, Scheduled Replication One Hour
  • Urgent Replication Immediate Change
    Notification

Replicated Update
Change Notification
DomainController B
Replication
Originating Update
Domain Controller A
Change Notification
Replicated Update
Domain Controller C
28
Resolving Replication Conflicts
Domain Controller A
Domain Controller B
Originating Update
Originating Update
Conflict
Conflict
  • Conflicts Can Be Due to
  • Attribute Value
  • Adding/Moving Under a Deleted Container Object or
    the Deletion of a Container Object
  • Sibling Name

29
Optimizing Replication
DomainController B
GUID
USN
Update
Replicated Update
Originating Update
Domain Controller A
Update
GUID
USN
DomainController C
Replicated Update
30
Replication Topology
  • Directory Partitions
  • What Is Replication Topology?
  • Global Catalog and Replication of Partitions

31
Directory Partitions
Directory Partitions
Schema
Contains definitions and rules for creating and
manipulating all objects and attributes
Forest
Configuration
Contains information about Active Directory
structure
contoso.msft
Holds information about all domain-specific
objects created in Active Directory
Domain
Active Directory Database
32
What Is Replication Topology?
33
What Is Replication Topology?
Domain Controllers from Different Domains
Domain Controllers from the Same Domains
Domain A Topology Schema/Configuration Topology
Domain A Topology Domain B Topology Schema/Configu
ration Topology
34
Global Catalog and Replication of Partitions
35
Global Catalog and Replication of Partitions
36
Automatic Replication Topology Generation
37
Methods for Administering a Windows 2000 Network
  • Using Active Directory for Centralized Management
  • Managing the User Environment
  • Delegating Administrative Control

38
Using Active Directory for Centralized Management
  • Active Directory
  • Enables a single administrator to centrally
    manage resources
  • Allows administrators to easily locate
    information
  • Allows administrators to group objects into OUs
  • Uses Group Policy to specify policy-based settings

39
Managing the User Environment
  • Use Group Policy to
  • Control and lock down what users can do
  • Centrally manage software installation, repairs,
    updates, and removal
  • Configure user data to follow users whether they
    are online or offline

40
Delegating Administrative Control
  • Assign Permissions
  • For specific OUs to other administrators
  • To modify specific attributes of an object in a
    single OU
  • To perform the same task in all OUs
  • Customize Administrative Tools to
  • Map to delegated administrative tasks
  • Simplify interface design

41
Review
  • Introduction to Active Directory
  • Active Directory Logical Structure
  • Role of DNS in Active Directory
  • Active Directory Physical Structure
  • Methods for Administering a Windows 2000 Network
Write a Comment
User Comments (0)
About PowerShow.com