Embed Size (px)
DESCRIPTION
CN1276 Server. Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+. Agenda. Chapter 1: Overview of Active Directory Domain Services Quiz Exercise. What is AD?. Centralized authentication service Directory service X.500 - PowerPoint PPT Presentation
Citation preview
CN1276 ServerKemtis KunanuraksapongMSIS with DistinctionMCTS, MCDST, MCP, A+
Agenda•Chapter 1: Overview of Active Directory
Domain Services•Quiz•Exercise
What is AD?•Centralized authentication service•Directory service
▫X.500 Uses a hierarchical approach in which
objects are organized in a similar way to the files and folders on a hard drive.
▫Lightweight Directory Access Protocol (LDAP) Slim-down version of X.500 modified to run
over the TCP/IP network.
Active Directory in Server 2008•Active Directory Domain Services (AD DS)
▫It’s an AD on Windows server 2008•Active Directory Lightweight Directory
Services (AD LDS)▫A simpler version of directory services that
integrate with ADDS to provide directory services
Domain Controller (DC)•A server that stores the Active Directory
database and authenticates users with the network during logon.
•Information are stored in a file called ntds.dit
•Multimaster database•Replication
▫Outbound replication – sender▫Inbound replication – receiver
Major benefits of ADDS•Centralized resource and security
administration•Single logon for access to global
resources•Fault tolerance and redundancy•Simplified resource location
Functional Levels•Provide interoperability with prior
versions▫Windows Server 2000, Windows Server
2003, EXCEPT Windows NT•When DC installed:
▫AD Users and Computers▫AD Domains and Trusts▫AD Sites and Services▫ADSI Edit (Service Interfaces)
Fault Tolerance and Redundancy•Active Directory uses a multimaster
domain controller design.▫Changes made on one domain controller
are replicated to all other domain controllers in the environment.
•It is recommended to have two or more domain controllers for each domain.
Read-Only Domain Controller (RODC)•A domain controller that contains a copy
of the ntds.dit file▫cannot be modified▫does not replicate its changes to other
domain controllers with Active Directory.
Simplifying Resource Location•Allows file and print resources to be
published within Active Directory. Such as:▫Shared folders▫Printers
Active Directory Components•Forests
▫One or more domain trees, with each tree having its own unique name space.
•Domain trees▫One or more domains with contiguous name
space.•Domains
▫A logical unit of computers and network resources that defines a security boundary.
•Organization Units (Ous)
Forests• Naming contexts (NCs)
▫To improve the efficiency of the AD – Multiple partitions
▫Schema NC Rules and definitions that are used for creating and
modifying object classes and attributes within AD▫Configuration NC
Information regarding the physical topology of the networks, as well as other configuration data that must be replicated
▫Both NCs are replicated forest-wide and stored in the NTDS.dit file on every DC in a forest
Domain NC•Consists of user, computer, and other
resource information
Deploying Domain Trees•Parent-child relationship•Every domain has Domain NC
▫Users, groups, computers, etc.•Lucernepublishers.com can
considered as Forest rootdomain
Working with OUs•A logical grouping of resources that have
similar security or administrative guidelines•You can delegate administrative rights to
supervisor or manager▫Users▫Groups▫Contacts▫See more objects on Page 7
•Application partition▫To specify/manage the scope of replication
Schema•Each object is defined within the AD
schema▫Object classes▫Attributes
•Common attributes are as follows:▫Unique name▫Globally unique identifier (GUID)▫Required object attributes▫Optional object attributes
AD Sites and Subnets•Sites are used to optimize the replication
of AD information•Intersite replication takes place at
regularly scheduled intervals•Knowledge Consistency Checker (KCC)
▫Use to maintain the replication topology
AD Naming Standards (LDAP)•LDAP refers to an object using its
distinguished name (DN)•Example:
▫cn=JSmith, ou=sales, dc=lucernepublishing, dc=com
Object Class LDAP Naming Attribute
Definition of Naming Attribute
User or any leaf object
Cn Common name
OU Object Ou OU nameDomain Dc Domain components, one for
each part of the DNS name
Domain Name System (DNS)•Resource records :
▫SRV records A record in DNS that points to any resource
in your site or domian Locator service for LDAP/Domain controllers
services▫Host (A) – Host name to IP.▫Pointer (PTR) – IP to Host name.
Domain Functional Levels•Higher levels of functional level will not
allow older versions of Windows to function but will add additional functionality or features.
•Raising functional level is a one-way process.
Domain Functional Levels•Windows 2000 native•Windows Server 2003•Windows Server 2008
▫Read-Only Domain Controller (RODC)•See Page 12 – 13 for more detailed
Forest Functional Levels•Same as Domain Functional levels.
Forest functional level applied too all domains in that forest
•To raise the forest functional level, all domains in that forest has to be raised to the same level first
•See Table 1-3 on Page 15
Trust Relationships•Two-way transitive trusts•Transitive trust
▫A -> B -> C, then A -> C•Shortcut trust
▫If the links in between are slows, you can create a shortcut trust. It will be one-way trust
•External trust▫A one-way trust to connect to another
domain in a separate forest
Trust Relationships (2)•Cross-forest trust
▫Required Windows Server 2003 forest functional level
▫Can be one-way or two-way relationship▫It is a transitive trust
Assignment•Fill in the blank
▫1-10•Multiple Choice
▫1-10•Online Lab 1
