Active Directory Part 1

8/7/2019 Active Directory Part 1

1/24

GetronicsGetronics -- Technical PanelTechnical Panel 11

GETRONICSGETRONICS

TECHNICAL PANELTECHNICAL PANEL

Active DirectoryActive Directory

PartPart -- 11


2/24


HistoryHistory....Active Directory was previewed in 1999,Active Directory was previewed in 1999,released first with Windows 2000 Serverreleased first with Windows 2000 Server

edition, and revised to extend functionalityedition, and revised to extend functionalityand improve administration in Windowsand improve administration in WindowsServer 2003. Additional improvements wereServer 2003. Additional improvements weremade in Windows Server 2003 R2. Activemade in Windows Server 2003 R2. Active

Directory was refined further in WindowsDirectory was refined further in WindowsServer 2008 and Windows Server 2008 R2Server 2008 and Windows Server 2008 R2and was renamed Active Directory Domainand was renamed Active Directory DomainServices.Services.


3/24


It was calledIt was called..

Active Directory was called NTDS (NTActive Directory was called NTDS (NTDirectory Service) in older MicrosoftDirectory Service) in older Microsoftdocuments. This name can still be seen indocuments. This name can still be seen in

some Active Directory binaries.some Active Directory binaries.


4/24


Introduction to Active DirectoryIntroduction to Active Directory

Active Directory directory service provides aActive Directory directory service provides asingle point of network resourcesingle point of network resource

management, allowing you to add, remove,management, allowing you to add, remove,and relocate users and resources easilyand relocate users and resources easily


5/24


Understanding Directory ServicesUnderstanding Directory Services

A directory is a stored collection ofA directory is a stored collection ofinformation about objects that are relatedinformation about objects that are related

to one another in some way. For example,to one another in some way. For example,an ean e--mail address book stores names ofmail address book stores names ofusers or entities and their corresponding eusers or entities and their corresponding e--

mail addresses. The email addresses. The e--mail address bookmail address booklisting might also contain a street address orlisting might also contain a street address orother information about the user or entity.other information about the user or entity.


6/24


In a distributed computing system or a publicIn a distributed computing system or a public

computer network such as the Internet, there arecomputer network such as the Internet, there aremany objects stored in a directory, such as filemany objects stored in a directory, such as fileservers, printers, fax servers, applications,servers, printers, fax servers, applications,databases, and users. Users must be able todatabases, and users. Users must be able to

locate and use these objects. Administrators mustlocate and use these objects. Administrators mustbe able to manage how these objects are used.be able to manage how these objects are used.

A directory service stores all the information

needed to use and manage these objects in acentralized location, simplifying the process oflocating and managing these resources.


7/24


Why Have a Directory Service?Why Have a Directory Service?

A directory service provides the means toA directory service provides the means toorganize and simplify access to resources oforganize and simplify access to resources of

a networked computer system. Users anda networked computer system. Users andadministrators might not know the exactadministrators might not know the exactname of the objects they need.name of the objects they need.


8/24


Example with DiagramExample with Diagram

As illustrated in Figure , theyAs illustrated in Figure , theycan use a directory service tocan use a directory service toquery the directory for a list ofquery the directory for a list ofobjects that match knownobjects that match known

characteristics. For example,"characteristics. For example,"Find all colour printers on theFind all colour printers on thethird floor queries thethird floor queries thedirectory for all colour printerdirectory for all colour printerobjects that are associatedobjects that are associatedwith the third floorwith the third floorcharacteristic (or maybe acharacteristic (or maybe alocation characteristic that haslocation characteristic that has

been set to third floor). Abeen set to third floor). Adirectory service makes itdirectory service makes itpossible to find an objectpossible to find an objectbased on one or more of itsbased on one or more of itscharacteristics.characteristics.


9/24


Active Directory Services FeaturesActive Directory Services Features

Active Directory in the Windows ServerActive Directory in the Windows Server2003 family is a significant enhancement2003 family is a significant enhancement

over the flat domain model provided inover the flat domain model provided inWindows NT. Active Directory is integratedWindows NT. Active Directory is integratedwithin the Windows Server 2003 family andwithin the Windows Server 2003 family and

offers the following featuresoffers the following features


10/24



Centralized data storeCentralized data storeScalabilityScalabilityExtensibilityExtensibility

ManageabilityManageabilityIntegration with the Domain Name System (DNS)Integration with the Domain Name System (DNS)Client configuration managementClient configuration managementPolicyPolicy--based administrationbased administrationReplication of informationReplication of informationFlexible, secure authentication and authorizationFlexible, secure authentication and authorizationSecurity integrationSecurity integrationDirectoryDirectory--enabled applications and infrastructureenabled applications and infrastructureInteroperability with other directory servicesInteroperability with other directory servicesSigned and encrypted LDAP trafficSigned and encrypted LDAP traffic


11/24



Please find the some of the features explanationPlease find the some of the features explanation(I dont like to eat your time)(I dont like to eat your time)

Centralized data storeAll data in Active Directory resides in a single,All data in Active Directory resides in a single,distributeddata repository, allowing users easydistributeddata repository, allowing users easyaccess to the information from any location.access to the information from any location.

A single distributed data store requires lessA single distributed data store requires lessadministration and duplication and improves theadministration and duplication and improves theavailability and organization of data.availability and organization of data.


12/24


ScalabilityActive Directory enables you to scale theActive Directory enables you to scale thedirectory to meet business and networkdirectory to meet business and network

requirements through the configuration ofrequirements through the configuration ofdomains and trees and the placement ofdomains and trees and the placement ofdomain controllers. Active Directory allowsdomain controllers. Active Directory allows

millions of objects per domain and usesmillions of objects per domain and usesindexing technology and advancedindexing technology and advancedreplication techniques to speedreplication techniques to speedperformance.performance.


13/24


Extensibility

The structure of the Active Directorydatabase (the schema) can be expanded toallow customized types of information.


14/24


ManageabilityIn contrast to the flat domain model usedIn contrast to the flat domain model usedin Windows NT, Active Directory is basedin Windows NT, Active Directory is based

on hierarchical organizational structures.on hierarchical organizational structures.These organizational structures make itThese organizational structures make iteasier for you to control administrativeeasier for you to control administrative

privileges and other security settings, andprivileges and other security settings, andto make it easier for your users to locateto make it easier for your users to locatenetwork resources such as files andnetwork resources such as files andprinters.printers.


15/24


Integration with the Domain Name System (DNS)

Active Directory uses DNS, an Internet standardActive Directory uses DNS, an Internet standardservice that translates easily readable host namesservice that translates easily readable host namesto numeric Internet Protocol (IP) addresses.to numeric Internet Protocol (IP) addresses.

Although separate and implemented differentlyAlthough separate and implemented differentlyfor different purposes, Active Directory and DNSfor different purposes, Active Directory and DNShave the same hierarchicalhave the same hierarchicalstructure. Active Directory clients use DNS tostructure. Active Directory clients use DNS tolocate domain controllers. When using thelocate domain controllers. When using theWindows Server 2003 DNS service, primary DNSWindows Server 2003 DNS service, primary DNSzones can be stored in Active Directory, enablingzones can be stored in Active Directory, enablingreplication to other Active Directory domainreplication to other Active Directory domaincontrollers.controllers.


16/24


Active Directory Objects

The data stored in ActiveThe data stored in ActiveDirectory, such as informationDirectory, such as informationabout users, printers, servers,about users, printers, servers,databases, groups, computers, anddatabases, groups, computers, and

security policies, is organized intosecurity policies, is organized intoobjects. An object is a distinctobjects. An object is a distinctnamed set of attributes thatnamed set of attributes thatrepresents a network resource.represents a network resource.Object attributes areObject attributes arecharacteristics of objects in thecharacteristics of objects in thedirectory. For example, thedirectory. For example, the

attributes of a user account objectattributes of a user account objectmight include the users first name,might include the users first name,last name, and logon name, whilelast name, and logon name, whilethe attributes of a computerthe attributes of a computeraccount object might include theaccount object might include thecomputer name and descriptioncomputer name and description


17/24


Active Directory ComponentsActive Directory ComponentsVarious Active Directory components are usedVarious Active Directory components are usedto build a directory structure that meets theto build a directory structure that meets theneeds of your organization. The following Activeneeds of your organization. The following ActiveDirectory components represent logicalDirectory components represent logicalstructures in an organization: domains,structures in an organization: domains,organizational units (OUs), trees, and forests.organizational units (OUs), trees, and forests.The following Active Directory componentsThe following Active Directory componentsrepresent physical structures in an organization:represent physical structures in an organization:sites (physical subnets) and domain controllers.sites (physical subnets) and domain controllers.Active Directory completelyActive Directory completelyseparates the logical structure from the physicalseparates the logical structure from the physicalstructure.structure.


18/24


Logical Structures In Active Directory, you organizeIn Active Directory, you organize

resources in a logical structureresources in a logical structureaastructure that mirrorsstructure that mirrorsorganizational modelsorganizational modelsusingusingdomains, OUs, trees, and forests.domains, OUs, trees, and forests.

Grouping resources logicallyGrouping resources logicallyallows you to easily find aallows you to easily find aresource by its name rather thanresource by its name rather thanby remembering its physicalby remembering its physicallocation. Because you grouplocation. Because you groupresources logically, Activeresources logically, ActiveDirectory makes the networksDirectory makes the networksphysical structure transparent tophysical structure transparent tousers. Figure 1users. Figure 1--4 illustrates the4 illustrates therelationship of the Active Directoryrelationship of the Active Directorydomains, OUs, trees, and forests.domains, OUs, trees, and forests.


19/24


Logical Structures

The logical structure of your organization is representedThe logical structure of your organization is representedby the following Active Directory components:by the following Active Directory components:

Organizational unitsOrganizational units

DomainsDomains

TreesTrees

ForestsForests


20/24


Physical StructuresThe physical components of ActiveThe physical components of ActiveDirectory are sites and domain controllers.Directory are sites and domain controllers.

As an administrator, you use theseAs an administrator, you use thesecomponents to develop a directorycomponents to develop a directorystructure that mirrors the physical structurestructure that mirrors the physical structure

of your organization.of your organization.


21/24


physical structurephysical structureThe physical structure of your organizationThe physical structure of your organizationis represented by the following Activeis represented by the following Active

Directory components:Directory components:

Active Directory sites (physical subnets)Active Directory sites (physical subnets)

Domain controllersDomain controllers


22/24


Catalog ServicesThe Global Catalog

The global catalog is a distributedThe global catalog is a distributeddata repository that contains adata repository that contains asearchable, partial representationsearchable, partial representationof every object in every domainof every object in every domain

in a multidomain Active Directoryin a multidomain Active Directoryforest. The global catalog isforest. The global catalog isstored on domain controllers thatstored on domain controllers thathave been designated as globalhave been designated as globalcatalog servers and is distributedcatalog servers and is distributedthrogh multimaster replication.throgh multimaster replication.Searches that are directed to theSearches that are directed to the

global catalog are faster becauseglobal catalog are faster becausethey do not involve referrals tothey do not involve referrals todifferent domain controllersdifferent domain controllers


23/24


SummarySummary

A directory service stores all the information needed to use and manage system objectsin a centralized location, simplifying the process of locating and managing theseresources.

Data stored in Active Directory is organized into objects, which have attributes. The

Active Directory schema defines objects that can be stored in Active Directory. Schemaclasses and attributes define the Active Directory schema.

The logical structures in an organization are represented by the following ActiveDirectory components: domains, OUs, trees, and forests.

The physical components of Active Directory are sites and domain controllers.

The global catalog is the central repository of information about objects in a tree orforest.


24/24


FinalWordFinalWordNext week I plan to explain regarding some inNext week I plan to explain regarding some in--depthdepthconcept about Active directoryconcept about Active directory

But, Active directory is the ocean, am filtering some theBut, Active directory is the ocean, am filtering some thearea and presenting to you all. If I made any mistake youarea and presenting to you all. If I made any mistake youcan interact any timecan interact any time

Thanks and RegardsThanks and Regards

Pazhani.Pazhani.

Documents

Active Directory Part 1