Slide1 l.jpg
Sponsored Links
This presentation is the property of its rightful owner.
1 / 39

Active Directory Fundamentals Thomas Lee Chief Technologist QA [email protected] PowerPoint PPT Presentation


  • 262 Views
  • Updated On :
  • Presentation posted in: General

Active Directory Fundamentals Thomas Lee Chief Technologist QA [email protected] What we will cover:. Domain, Trees, Forests Domain Controllers, Sites The Domain Naming Service Replication Operations Masters Lots of demos…. Prerequisite Knowledge.

Related searches for Active Directory Fundamentals Thomas Lee Chief Technologist QA [email protected]

Download Presentation

Active Directory Fundamentals Thomas Lee Chief Technologist QA [email protected]

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Active Directory Fundamentals

Thomas Lee

Chief Technologist QA

[email protected]


What we will cover:

  • Domain, Trees, Forests

  • Domain Controllers, Sites

  • The Domain Naming Service

  • Replication

  • Operations Masters

  • Lots of demos….


Prerequisite Knowledge

  • Understanding of what a directory service is

  • Networking skills!

Level 200+


Agenda

  • Active Directory Logical Concepts

  • Active Directory Physical Concepts

  • DNS

  • Replication

  • Operations Masters


Active Directory Logical Concepts Domains

  • Boundary of Security

    • NOT!!!

  • Boundary of Authentication

  • Boundary of Replication

    • Domain NC Replication

  • Boundary of DNS Namespace

  • Boundary of Administration

KAPOHO.NET


Active Directory Logical Concepts Trees

  • Hierarchy of Domains forming a contiguous DNS namespace

  • Transitive Trust Relationships between domains

  • All domains in a Tree share:

    • Schema

    • Configuration

    • Global Catalog

KAPOHO.NET

HAWAII.KAPOHO.NET

EUROPE.KAPOHO.NET

MAUI.HAWAII.KAPOHO.NET


Active Directory Logical Concepts Forests

  • Hierarchy of Domains forming a contiguous or disjoint namespace

  • Transitive Trust Relationships

  • All Domains in a Forest share:

    • Schema

    • Configuration

    • Global Catalog

KAPOHO.NET

PSP.CO.UK

HAWAII.KAPOHO.NET


Active Directory Logical Concepts Organizational Units

  • Containers within Domains

  • Distinct Units of Administration

  • Unique to Domains

  • Two main uses:

    • Delegation

    • Policies


Agenda

  • Active Directory Logical Concepts

  • Active Directory Physical Concepts

  • DNS

  • Replication

  • Operations Masters


Active Directory Physical Concepts Domain Controllers

Primary Domain Controller (PDC)

Domain Controllers (DC)

Backup Domain Controller (BDC)


Active Directory Physical ConceptsSites

  • What is a Site?

    • A set of well-connected IP subnets

  • Site Usage

    • Locating Services (e.g. Logon, DFS)

    • Replication

    • Group Policy Application

  • Sites are connected with Site Links

    • Connects two or more sites


Active Directory Physical ConceptsSite Topology

DC = Domain Controller

GC = Global Catalog

DC

GC

Site A

Company.com

Site C

DC

DC

GC

DC

Site B

europe.company.com

america.company.com


Active Directory Physical ConceptsGlobal Catalog

  • Partial Replica of all Objects in the Forest

  • Configurable subset of Attributes

  • Fast Forest-wide searches

  • Required at Logon for Universal Group Membership

    • Win2k3 – Universal Group Caching


Agenda

  • Active Directory Logical Concepts

  • Active Directory Physical Concepts

  • DNS

  • Replication

  • Operations Masters


DNS

  • DNS is fundamental to AD

    • No DNS == No AD

    • Even on a single server!

  • You have options over:

    • DNS Topology

    • DNS Namespace

    • DNS Server


DNS DNS

  • SRV Records to locate services (req’d.)

  • DDNS for Dynamic Update (desired)

  • Windows 2000 and up, DNS also provides:

    • Incremental Zone Transfer

    • Active Directory Integrated

      • Single replication topology

      • Multi-master replication

      • Secure Dynamic update

Tip: Use the latest version of BIND!


DNSDNSImplementations

  • No existing DNS infrastructure

    • Deploy Microsoft DNS

  • Existing DNS meets requirements

  • Existing DNS not adequate:

    • Choice 1: Update Server

    • Choice 2: Migrate to Microsoft DNS

    • Choice 3: Delegate a subdomain to Microsoft DNS


Agenda

  • Active Directory Logical Concepts

  • Active Directory Physical Concepts

  • DNS

  • Replication

  • Operations Masters


ReplicationReplication Details

  • Naming Contexts that are replicated

    • Schema Naming Context

    • Configuration Naming Context

    • Domain Naming Context

  • Multi-Master Replication

  • Intra-site Bi-directional Ring Topology

  • Inter-site Spanning Tree Topology

    • Synchronous RPC over TCP/IP

    • Asynchronous SMTP


ReplicationNaming Contexts

  • Schema

    • Definitions of attributes

    • Replicated to all DCs in the forest

  • Configuration

    • AD Structure (domains, sites, and where the DCs are)

    • Replicated to all DCs in the forest

  • Domain

    • Domain specific objects (users, groups, computers, and OUs)

    • Replicated to all DCs in its domain


ReplicationReplication Topologies

  • Intra-Site Replication: AD replication between DCs within a Site

  • Inter-site Replication: AD replication between Sites


ReplicationIntra-Site Replication

  • RPC Replication in a Site

  • No compression

    • Assumes good network connections

  • Uses notification process

    • 5 minutes-2k

    • Less – 2k3

  • KCC Generates a bi-directional Ring with extra edges

Tip: Always let KCC generate the intra-site replication topology when possible


ReplicationInter-Site Replication

  • Replication between Sites

  • DS-RPC (RPC over IP) or SMTP Transports

  • SMTP can be used only between

    • GCs across Sites

    • DCs of different domains and in different sites

  • Compression

    • 10%-20% of original size

  • Scheduled


ReplicationSite-Links, Bridges and Bridgehead Servers

  • Site Links link two or more sites

    • Cost and schedules can be specified

    • Transitive (can be disabled)

  • Site-Link Bridges

    • Bridge two or more site links

  • Bridgehead servers

  • KCC generates a minimum cost spanning tree

Tip: Always let KCC generate the replication topology


Agenda

  • Active Directory Logical Concepts

  • Active Directory Physical Concepts

  • DNS

  • Replication

  • Operations Masters


Operations MastersSchema and Domain

  • Schema

    • Perform updates to schema

    • Sends updates to all DCs

    • One per forest

    • Default is the first DC installed

  • Domain

    • Performs add/remove of domains and cross-references to external DS

    • One per forest

    • Default is the first DC installed


Operations MastersPDC, RID and Infrastructure

  • Primary Domain Controller (PDC)

    • Acts as a PDC for requests from NT clients

    • One per domain

  • Relative Identifier (RID)

    • Generates pools of security identifiers to be distributed to DCs in the domain

    • One per domain

  • Infrastructure

    • updates SIDs and domains that are moved in and out of the domain


Summary

  • There are Logical and Physical concept

  • DNS

  • Plenty of Information


For More Information…

  • Main TechNet Web site at www.microsoft.com/technet

  • Additional resources to support this Session page can be found at

www.microsoft.com/technet/tnt1-98


MS PressInside information for IT Professionals

To find the latest IT Professional related titles visit

www.microsoft.com/learning/it/books


Third Party PublicationsSupplementary Publications for IT Pros

These books can be found and purchased at all good book stores and on-line retailers


Microsoft LearningTraining Resources for IT Professionals

QA Special Offer on

ALL IT Professional Training

50% off – all QA courses running 1st Week in January 2005

40% off all other courses running in January 2005

www.qa.com/course/specialofferdetails.aspx?code=xmasbonus

  • Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure

    • Course Number: 2279

    • Availability: Now

    • Detailed Syllabus: www.microsoft.com/learning

To locate a training provider, please access

www.microsoft.com/learning

Microsoft Certified Technical Education Centers

are Microsoft’s premier partners for training services


Assess your ReadinessMicrosoft Skills Assessment

What is Microsoft Skills Assessment?

  • Self-study learning tool to evaluate readiness for product and technology solutions, instead of job-roles (certification)

  • Windows Server 2003, Exchange Server 2003, Windows Storage Server 2003, Visual Studio .NET, Office 2003

  • Free, online, unproctored, and available to anyone

  • Answers, “Am I ready?”

  • Determines skills gaps, provides learning plans with Microsoft Official Curriculum courses, plus more Microsoft learning content suggestions such as TechNet resources

  • Post your High Score to see how you stack up

  • visithttp://www.microsoft.com/assessment


Become a Microsoft Certified Systems Administrator (MCSA)

  • What is the MCSA certification?

    • For IT professionals who manage and maintain networks and systems based on the Microsoft Windows Server operating system

  • How do I become an MCSA on Microsoft Windows 2000?

    • Pass 3 core exams

    • Pass 1 elective exam or 2 CompTIA certifications

  • Where do I get more information?

    • For more information about certification requirements, exams, and training, visit www.microsoft.com/mcsa


Become A Microsoft Certified Systems Engineer (MCSE)

  • What is the MCSE certification?

    • Premier certification for IT professionals who analyze the business requirements and design, plan, and implement the infrastructure for business solutions based on the Microsoft Windows Server System integrated server software.

  • How do I become an MCSE on Microsoft Windows 2003?

    • Pass 6 core exams

    • Pass 1 elective exams from a comprehensive list

  • Where do I get more information?

    • For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcse


Demonstrate Your Security or Messaging Specialization

  • What are MCSA/MCSE specializations?

    • MCSA and MCSE specializations allow IT professionals to highlight specific expertise or technical focus within their job role.

  • What specializations are available?

    • MCSA: Security MCSA: Messaging

    • MCSE: Security MCSE: Messaging

  • Where do I get more information?

    • For more information about MCSA and MCSE specialization requirements, exams, and training options, visit www.microsoft.com/mcsaorwww.microsoft.com/mcse


What is TechNet?

  • Put the right answers at your fingertips

    • TechNet is the comprehensive collection of resources to help IT implementers plan, deploy, and manage Microsoft products successfully

TechNet Subscription

  • Monthly updates delivered on DVD or CD

    • The definitive resource to help you evaluate, deploy and maintain Microsoft products

TechNet Web Site

  • Accessible at www.microsoft.com/technet

    • Online resources and community

    • Subscriber-only Online Services

TechNet Flash

  • Bi-weekly e-newsletter

    • Security updates, new resources, and special offers

TechNet Events

and Web Casts

  • Briefings on the latest Microsoft products and technologies

    • Hands-on, “how to” information

TechNet Communities

  • User Groups

  • Managed Newsgroups


Where Can I Get TechNet?

  • Visit TechNet Online atwww.microsoft.com/technet

  • Register for the TechNet Flash www.microsoft.com/technet/subscriptions/flash.asp

  • Join the TechNet Online forum at www.microsoft.com/technet/itcommunity

  • Become a TechNet Subscriber at www.microsoft.com/technet/buynow/subscribe

  • Attend More TechNet Events or view on-linewww.microsoft.com/technet/tcevents/itevents


  • Login