Introduction to Active Directory - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

Introduction to Active Directory

Description:

Disjointed namespace: A namespace in which the child object name does not ... Use forests for multiple trees that have disjointed namespaces between them. Trusts ... – PowerPoint PPT presentation

Number of Views:1754
Avg rating:3.0/5.0
Slides: 24
Provided by: pbcc
Category:

less

Transcript and Presenter's Notes

Title: Introduction to Active Directory


1
Introduction to Active Directory
  • Chapter One

2
Securing the Network
  • Authentication
  • Username and password are validated against the
    Active Directory database
  • Authorization
  • Permissions have been set for the resource for
    the user or group
  • Users token will be checked against the
    permissions before access is granted

3
Group Policy
  • Manage users and computers
  • Desktop Layout
  • Folder Redirection
  • Access Rights to perform system tasks
  • Auditing
  • Account Policies
  • Automatic Software Installation

4
Workgroup Model
  • Decentralized Security
  • Security Accounts Manager Database contains
    information on Users, Groups, and Security
    Privileges
  • Requires a separate logon to access resources on
    different computers
  • Log On to Windows
  • Log on locally with user name and password

5
Domain Model
  • Centralized administration
  • Logical grouping of computers, users, and other
    objects
  • Join computer to a domain
  • Network Connections -gt Local Area Connection
    set DNS to DNS server that contains records for
    the domain
  • System -gt Properties -gt Member Of Domain
  • microsoft.com
  • Single sign-on
  • Must specify Log on to and give domain name.

6
Domain Model
  • Domain objects including user accounts,
    computers, servers, printers, groups, security
    policies, domains, and other objects
  • Active Directory database is stored on Domain
    Controller
  • Member Servers -gt do not contain a copy of the
    Active Directory database
  • Must have an associated Computer account
  • Provide services such as DHCP and DNS

7
Domain Model
  • Provide a security boundary for objects in a
    common relationship
  • When you have multiple domains, the security
    boundary is the forest boundary.
  • Establish a set of data to be replicated among
    DCs
  • Expedite management of a set of objects

8
Multi-master Replication
  • In Windows 2003 there can be multiple servers,
    called domain controllers (DCs), that store the
    Active Directory and replicate it to each other.
    Because each DC acts as a master, replication
    does not stop when one is down. Each DC is a
    master in its own right.
  • When changes are made to the Active Directory
    database (adding a new user or changing a policy)
    replication will occur.
  • Default intra-site replication 5 minutes
  • Default intra-site replication 3 hours

9
Schema
  • Schema Elements used in the definition of each
    object contained in the Active Directory,
    including the object class and its attributes.
  • The classes are used as templates for objects
    created in Active Directory.
  • Objects include Computer, User, Printer, Group,
    and Shared Folder
  • Attributes are the properties of the classes
  • Some Users attributes are Username, Users full
    name, Password
  • Schema definition is shared amongst all domains
    in forest

10
Sample schema information for user accounts
11
Organizational Units
  • Created within a domain
  • Logical Grouping of Users and Groups
  • Delegate Administrative Control
  • Reset passwords, create users and groups, create
    and modify group policies, etc.
  • Apply different Group Policies to Computers or
    Users in OU
  • Organize by geographic location or department
  • Use OUs to reflect the organizational structure
    (instead of using domains for this purpose)

12
Object Naming
  • Common name (CN) The most basic name of an
    object in the Active Directory, such as the name
    of a printer or user
  • Distinguished name (DN) A name in the Active
    Directory that contains all hierarchical
    components of an object, such as that objects
    organizational unit and domain, in addition to
    the objects common name
  • CNbsmith,OUbusiness,DCmicrosoft,DCcom

13
Object Naming
  • Relative distinguished name (RDN) An object name
    in the Active Directory that has two or more
    related components, such as the RDN of a user
    account name that consists of User (a container
    for accounts) and the first and last name of the
    actual user.
  • CNbsmith

14
LDAP
  • Lightweight Data Access Protocol
  • Query or Update Active Directory database
  • Utilizes DN and RDN naming

15
Namespaces
  • Contiguous namespace A namespace in which every
    child object contains the name of its parent
    object
  • Disjointed namespace A namespace in which the
    child object name does not resemble the name of
    its parent object

16
Trees and Forests
  • Use trees for domains that have a contiguous
    namespace
  • Use forests for multiple trees that have
    disjointed namespaces between them

17
Trusts
  • Within a forest
  • Two-way
  • Every domain is trusting (trusts another domain
    to do authentication and allows access to its
    resources)
  • Every domain is trusted to do the authentication
  • Transitive
  • Each domain trusts each other

18
Global Catalog
  • Full information about root domain objects,
    partial information about every other domains
    objects
  • Locate Active Directory Information
  • Checks Universal Group Membership
  • Necessary for authentication across domains using
    the UPN (jsmith_at_central.pbcc.edu)
  • Lookup requests for Exchange
  • Define sites in the Active Directory on networks
    that have multiple global catalog servers that
    reside in different subnets at least one global
    catalog server per site

19
Sites
  • Use sites to enhance network performance by
    optimizing authentication and replication
  • A site is an option in the Active Directory to
    interconnect IP subnets so that it can determine
    the fastest route to connect clients for
    authentication and to connect DCs for replication
    of the Active Directory. Site information also
    enables the Active Directory to create redundant
    routes for DC replication.

20
Sites
  • Reflects one or more interconnected subnets
  • Reflects the same boundaries as the LAN
  • Used for DC replication
  • Enables clients to access the closest DC
  • Composed of servers and configuration objects

21
Site Links
  • Site link object An object created in the Active
    Directory to indicate one or more physical links
    between two different sites
  • Site link bridge An Active Directory object
    (usually a router) that combines individual site
    link objects to create faster routes when there
    are three or more site links

22
Sites and Site Links
Site Link links sites together Site Link Bridge
combines two or more site links
23
New to Windows Server 2003
  • Windows 2003 Native Forrest Mode
  • Domains can be renamed
  • Cross-forest trusts can be established
  • One forest may trust the domains in anther forest
  • Universal Group Caching
  • Rather than accessing the global catalog to check
    on universal group membership this is cached
    locally from the previous log on.
  • Install Replica from Media
  • When doing a dcpromo, instead of pulling the
    replica of the Active Directory database from the
    first domain domain controller, the Active
    Directory database can be backed up and restored
    from a CD ROM/
Write a Comment
User Comments (0)
About PowerShow.com