MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory - PowerPoint PPT Presentation


PPT – MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory PowerPoint presentation | free to download - id: 5cb130-YjQ5N


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory


MCTS Guide to Configuring Microsoft Windows Server ... Policy based QoS node Internet Explorer Maintenance node Administrative templates MCTS Windows Server ... – PowerPoint PPT presentation

Number of Views:166
Avg rating:3.0/5.0
Slides: 41
Provided by: cmsu2Ucmo
Learn more at:


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory

MCTS Guide to Configuring Microsoft Windows
Server 2008 Active Directory
  • Chapter 3 Introducing Active Directory

  • Describe the role of a directory service and the
    physical and logical Active Directory structure
  • Install Active Directory
  • Describe the main Active Directory objects
  • Explain configuring and applying group policies

The Role of a Directory Service
  • A network directory service stores information
    about a computer network and offers features for
    retrieving and managing that information.
  • Generally considered to be an administrative
    tool, but users make use of directory services to
    find resources
  • Directory services provide a centralized
    management tool, but due to complexity, requires
    careful planning prior to setup

Windows Active Directory
  • First used by Windows 2000 Server
  • Offers the following features
  • Hierarchical organization
  • Centralized but distributed database
  • Scalability
  • Security
  • Flexibility
  • Policy-based administration

Overview of the Active Directory Structure
  • Physical structure
  • Consists of sites and servers configured as
    domain controllers
  • Logical structure
  • Makes it possible to pattern the directory
    services look and feel after the organization in
    which it runs

Active Directorys Physical Structure
  • An Active Directory site is simply a physical
    location in which domain controllers communicate
    and replicate information regularly
  • Each domain controller contains a full replica of
    the objects that make up the domain and is
    responsible for the following functions
  • Storing a copy of the domain data and replicating
    changes to that data to all other domain
    controllers throughout the domain
  • Providing data search and retrieval functions for
    users attempting to locate objects in the
  • Providing authentication and authorization
    services for users who log on to the domain and
    attempt to access network resources

Active Directorys Logical Structure
  • Organizational Units (OUs)
  • Domains
  • Trees
  • Forests

Active Directorys Logical Structure (cont.)
  • The Organizational Unit (OU) is an Active
    Directory container used to organize a networks
    users and resources into logical administrative
  • An OU contains Active Directory objects, such as
  • User accounts
  • Groups
  • Computer accounts
  • Printers
  • Shared folders
  • Applications
  • Servers
  • Domain controllers

Active Directorys Logical Structure (cont.)
Active Directorys Logical Structure (cont.)
  • Domain The core structural unit of an Active
    Directory contains OUs and represents
    administrative, security, and policy boundaries
  • Small to medium companies usually have one
    domain larger companies may have several domains
    to separate geographical regions or
    administrative responsibilities

Active Directorys Logical Structure (cont.)
Active Directorys Logical Structure (cont.)
  • A tree is a grouping of domains that share a
    common naming structure
  • Can consist of a parent domain and possibly one
    or more child domains
  • Child domains can also have child domains

Active Directorys Logical Structure (cont.)
Active Directorys Logical Structure (cont.)
  • Forest A collection of one or more Active
    Directory trees. A forest can consist of a single
    tree with a single domain, or it can contain
    several trees, each with a hierarchy of parent
    and child domains
  • Main purpose is to provide a common Active
    Directory environment, in which all domains in
    all trees can communicate and share information,
    while simultaneously allowing independent
    operation and administration

Active Directorys Logical Structure (cont.)
Installing Active Directory
  • To install AD DS on a full Windows Server 2008
    installation, use Server Manager
  • If DNS is not already present on the network, you
    must install the DNS Server Role.
  • Once the Server Manager wizard for installing
    Active Directory finishes, you must run

Installing Active Directory (cont.)
  • Dcpromo.exe steps to install
  • Step 1 Existing domain or new domain
  • Step 2 Fully qualified domain name (FQDN) for
    new forest root domain
  • Step 3 Choose forest functional level
  • The functional level is critical to the feature
    set available to administrators after install, as
    well as the software requirements for any other
  • If you want backwards compatibility with older
    domain controllers on the network, choose Windows
    2000 functional level
  • If you choose Windows Server 2008 functional
    level, you cant run Windows Server 2003 or
    Windows 2000 domain controllers (but they can run
    as member servers)

Installing Active Directory (cont.)
  • After step 3, you have three additional options
    for the DC
  • Install DNS Server
  • Recommended for the first domain controller in a
    new domain
  • Global Catalog
  • Selected by default (and can not be disabled) if
    the server is to be the first DC in a forest
  • Read-only Domain Controller (RODC)
  • Not selected by default, and disabled for the
    first DC in the domain

Installing Active Directory (cont.)
  • The sysvol folder is a shared folder that stores
    the information from Active Directory thats
    replicated to other domain controllers
  • Directory Services Restore Mode is used to
    perform restore operations on Active Directory if
    it becomes corrupted or parts of it are deleted

The Active Directory Schema
  • An object is a grouping of information that
    describes a network resource
  • The schema defines the type, organization, and
    structure of data stored in the AD database
  • Schema classes define the types of objects that
    can be stored in Active Directory
  • Schema attributes define what type of information
    is stored in each object
  • The information stored in each attribute is
    called the attribute value

The Active Directory Schema (cont.)
Active Directory Container Objects
  • Organizational Units
  • Folder Objects
  • Domain objects

Organizational Units
  • Primary container object for organizing and
    managing resources in a domain
  • OUs can organize multiple objects into one
    administrative group that can be configured with
    specific policies relevant to that group
  • Authority of an OU can be delegated
  • Nesting OUs can build a hierarchical Active
    Directory structure that mimics the corporate
    structure for easier object management

Folder Objects
  • Four created by default
  • Builtin Houses default groups created by Windows
  • Computers The default location for computer
    accounts created when a new computer or server
    becomes a domain member
  • ForeignSecurityPrincipals Initially empty but
    later contains user accounts from other domains
    added as members of the local domains groups
  • Users Stores two default users (Administrator
    and Guest) and several default groups
  • New folder objects cannot be created
  • Administrative control can be delegated (except
    on builtin folder)

Domain Objects
  • Core logical structure in AD, contains OU and
    folder container objects, as well as leaf objects
  • Larger companies may use multiple domains to
    separate administration, define security
    boundaries, and define policy boundaries
  • Each domain object has a default GPO linked to it
    that can affect all objects in the domain

Active Directory Leaf Objects
  • User Accounts
  • Three types Local, domain, and built-in
  • Groups
  • Consists of users with common permissions
  • Computer Accounts
  • Represents a computer that is a domain controller
    or domain member
  • Other Leaf Objects
  • Contact
  • Printer
  • Shared folder

Locating Active Directory Objects
  • Active Directory objects can be searched for
    using the Find Users, Contacts, and Groups dialog
  • Can search a single domain or an entire directory
    (all domains)
  • Not all objects are available to all users

Introducing Group Policies
  • A Group Policy Object (GPO) is a list of settings
    that administrators use to configure user and
    computer operating environments remotely.
  • Installing Active Directory creates two GPOs by
  • Default Domain Policy
  • Default Domain Controllers Policy

Introducing Group Policies (cont.)
  • You can edit existing GPOs (including defaults)
    and create and manage GPOs by using the Group
    Policy Management MMC
  • Two nodes for every GPO
  • Computer Configuration Used to set policies that
    apply to computers within the GPOs scope
  • User Configuration Used to set policies that
    apply to all users within the GPOs scope

Introducing Group Policies (cont.)
The Computer Configuration Node
  • Software Settings
  • Enables Administrators to install and manage
    applications remotely
  • Windows Settings
  • Contains Scripts extension, Security Settings
    node, and the Policy-based QoS node
  • Administrative Templates
  • Contains the Control Panel, Network, Printers,
    System, and Windows Components folders.

Introducing Group Policies (cont.)
Introducing Group Policies (cont.)
Introducing Group Policies (cont.)
The User Configuration Node
  • Policies folder contains the same three folders
    as in the Computer Configuration node, but
    policies defined here affect domain users within
    the GPOs scope, regardless of which computer the
    user logs on to.
  • Software Settings
  • Can assign or publish application packages
  • Windows Settings Contains six items
  • Remote Installation Services
  • Scripts extension
  • Security Settings node
  • Folder Redirection node
  • Policy based QoS node
  • Internet Explorer Maintenance node
  • Administrative templates

How Group Policies Are Applied
  • GPOs can be applied in four places
  • Local Computer
  • Site
  • Domain
  • Organizational Unit
  • Policies are applied in the above order
  • Policies that are not defined or configured are
    not applied at all
  • Last policy to be defined takes precedence If a
    policy is defined at the domain level and OU
    level, then the OU levels setting is the one

Chapter Summary
  • A directory service is a database that stores
    network resource information and can be used to
    manage users, computers, and resources throughout
    the network.
  • Active Directory is a hierarchical, distributed
    database thats scalable, secure, and flexible.
    Active Directorys physical structure is composed
    of sites and domain controllers, and the logical
    structure is composed of organizational units,
    domains, trees, and forests.

Chapter Summary (cont.)
  • Server manager installs the Active Directory
    Domain Services role. Once Server Manager is
    finished, dcpromo.exe is used to finish
  • The data in Active Directory is organized as
    objects. Available objects and their structure
    are defined by the Active Directory schema, which
    is composed of schema classes and schema
    attributes. The data in a schema attribute is
    called an attribute value

Chapter Summary (cont.)
  • Two types of objects in AD Container objects and
    leaf objects
  • Leaf objects generally represent security
    accounts, network resources, and GPOs
  • Active Directory objects can be located easily
    with search functions in Active Directory Users
    and Computers and Windows Explorer
  • GPOs are lists of settings that enable
    administrators to configure user and computer
    operating environments remotely

Chapter Summary (cont.)
  • Policies defined in the Computer Configuration
    node affect all computers in the Active Directory
    container to which the GPO is linked. Policies
    defined in the User Configuration node affect all
    users in the Active Directory container to which
    the GPO is linked.