Slide1 l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 39

Active Directory Fundamentals Thomas Lee Chief Technologist QA [email protected] PowerPoint PPT Presentation


  • 250 Views
  • Uploaded on
  • Presentation posted in: General

Active Directory Fundamentals Thomas Lee Chief Technologist QA [email protected] What we will cover:. Domain, Trees, Forests Domain Controllers, Sites The Domain Naming Service Replication Operations Masters Lots of demos…. Prerequisite Knowledge.

Download Presentation

Active Directory Fundamentals Thomas Lee Chief Technologist QA [email protected]

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Slide1 l.jpg

Active Directory Fundamentals

Thomas Lee

Chief Technologist QA

[email protected]


What we will cover l.jpg

What we will cover:

  • Domain, Trees, Forests

  • Domain Controllers, Sites

  • The Domain Naming Service

  • Replication

  • Operations Masters

  • Lots of demos….


Prerequisite knowledge l.jpg

Prerequisite Knowledge

  • Understanding of what a directory service is

  • Networking skills!

Level 200+


Agenda l.jpg

Agenda

  • Active Directory Logical Concepts

  • Active Directory Physical Concepts

  • DNS

  • Replication

  • Operations Masters


Active directory logical concepts domains l.jpg

Active Directory Logical Concepts Domains

  • Boundary of Security

    • NOT!!!

  • Boundary of Authentication

  • Boundary of Replication

    • Domain NC Replication

  • Boundary of DNS Namespace

  • Boundary of Administration

KAPOHO.NET


Slide6 l.jpg

Active Directory Logical Concepts Trees

  • Hierarchy of Domains forming a contiguous DNS namespace

  • Transitive Trust Relationships between domains

  • All domains in a Tree share:

    • Schema

    • Configuration

    • Global Catalog

KAPOHO.NET

HAWAII.KAPOHO.NET

EUROPE.KAPOHO.NET

MAUI.HAWAII.KAPOHO.NET


Slide7 l.jpg

Active Directory Logical Concepts Forests

  • Hierarchy of Domains forming a contiguous or disjoint namespace

  • Transitive Trust Relationships

  • All Domains in a Forest share:

    • Schema

    • Configuration

    • Global Catalog

KAPOHO.NET

PSP.CO.UK

HAWAII.KAPOHO.NET


Slide8 l.jpg

Active Directory Logical Concepts Organizational Units

  • Containers within Domains

  • Distinct Units of Administration

  • Unique to Domains

  • Two main uses:

    • Delegation

    • Policies


Agenda9 l.jpg

Agenda

  • Active Directory Logical Concepts

  • Active Directory Physical Concepts

  • DNS

  • Replication

  • Operations Masters


Active directory physical concepts domain controllers l.jpg

Active Directory Physical Concepts Domain Controllers

Primary Domain Controller (PDC)

Domain Controllers (DC)

Backup Domain Controller (BDC)


Active directory physical concepts sites l.jpg

Active Directory Physical ConceptsSites

  • What is a Site?

    • A set of well-connected IP subnets

  • Site Usage

    • Locating Services (e.g. Logon, DFS)

    • Replication

    • Group Policy Application

  • Sites are connected with Site Links

    • Connects two or more sites


Active directory physical concepts site topology l.jpg

Active Directory Physical ConceptsSite Topology

DC = Domain Controller

GC = Global Catalog

DC

GC

Site A

Company.com

Site C

DC

DC

GC

DC

Site B

europe.company.com

america.company.com


Slide13 l.jpg

Active Directory Physical ConceptsGlobal Catalog

  • Partial Replica of all Objects in the Forest

  • Configurable subset of Attributes

  • Fast Forest-wide searches

  • Required at Logon for Universal Group Membership

    • Win2k3 – Universal Group Caching


Agenda14 l.jpg

Agenda

  • Active Directory Logical Concepts

  • Active Directory Physical Concepts

  • DNS

  • Replication

  • Operations Masters


Slide15 l.jpg

DNS

  • DNS is fundamental to AD

    • No DNS == No AD

    • Even on a single server!

  • You have options over:

    • DNS Topology

    • DNS Namespace

    • DNS Server


Dns dns l.jpg

DNS DNS

  • SRV Records to locate services (req’d.)

  • DDNS for Dynamic Update (desired)

  • Windows 2000 and up, DNS also provides:

    • Incremental Zone Transfer

    • Active Directory Integrated

      • Single replication topology

      • Multi-master replication

      • Secure Dynamic update

Tip: Use the latest version of BIND!


Dns dns implementations l.jpg

DNSDNSImplementations

  • No existing DNS infrastructure

    • Deploy Microsoft DNS

  • Existing DNS meets requirements

  • Existing DNS not adequate:

    • Choice 1: Update Server

    • Choice 2: Migrate to Microsoft DNS

    • Choice 3: Delegate a subdomain to Microsoft DNS


Agenda18 l.jpg

Agenda

  • Active Directory Logical Concepts

  • Active Directory Physical Concepts

  • DNS

  • Replication

  • Operations Masters


Slide19 l.jpg

ReplicationReplication Details

  • Naming Contexts that are replicated

    • Schema Naming Context

    • Configuration Naming Context

    • Domain Naming Context

  • Multi-Master Replication

  • Intra-site Bi-directional Ring Topology

  • Inter-site Spanning Tree Topology

    • Synchronous RPC over TCP/IP

    • Asynchronous SMTP


Slide20 l.jpg

ReplicationNaming Contexts

  • Schema

    • Definitions of attributes

    • Replicated to all DCs in the forest

  • Configuration

    • AD Structure (domains, sites, and where the DCs are)

    • Replicated to all DCs in the forest

  • Domain

    • Domain specific objects (users, groups, computers, and OUs)

    • Replicated to all DCs in its domain


Slide21 l.jpg

ReplicationReplication Topologies

  • Intra-Site Replication: AD replication between DCs within a Site

  • Inter-site Replication: AD replication between Sites


Slide22 l.jpg

ReplicationIntra-Site Replication

  • RPC Replication in a Site

  • No compression

    • Assumes good network connections

  • Uses notification process

    • 5 minutes-2k

    • Less – 2k3

  • KCC Generates a bi-directional Ring with extra edges

Tip: Always let KCC generate the intra-site replication topology when possible


Slide23 l.jpg

ReplicationInter-Site Replication

  • Replication between Sites

  • DS-RPC (RPC over IP) or SMTP Transports

  • SMTP can be used only between

    • GCs across Sites

    • DCs of different domains and in different sites

  • Compression

    • 10%-20% of original size

  • Scheduled


Slide24 l.jpg

ReplicationSite-Links, Bridges and Bridgehead Servers

  • Site Links link two or more sites

    • Cost and schedules can be specified

    • Transitive (can be disabled)

  • Site-Link Bridges

    • Bridge two or more site links

  • Bridgehead servers

  • KCC generates a minimum cost spanning tree

Tip: Always let KCC generate the replication topology


Agenda25 l.jpg

Agenda

  • Active Directory Logical Concepts

  • Active Directory Physical Concepts

  • DNS

  • Replication

  • Operations Masters


Slide26 l.jpg

Operations MastersSchema and Domain

  • Schema

    • Perform updates to schema

    • Sends updates to all DCs

    • One per forest

    • Default is the first DC installed

  • Domain

    • Performs add/remove of domains and cross-references to external DS

    • One per forest

    • Default is the first DC installed


Slide27 l.jpg

Operations MastersPDC, RID and Infrastructure

  • Primary Domain Controller (PDC)

    • Acts as a PDC for requests from NT clients

    • One per domain

  • Relative Identifier (RID)

    • Generates pools of security identifiers to be distributed to DCs in the domain

    • One per domain

  • Infrastructure

    • updates SIDs and domains that are moved in and out of the domain


Summary l.jpg

Summary

  • There are Logical and Physical concept

  • DNS

  • Plenty of Information


For more information l.jpg

For More Information…

  • Main TechNet Web site at www.microsoft.com/technet

  • Additional resources to support this Session page can be found at

www.microsoft.com/technet/tnt1-98


Ms press inside information for it professionals l.jpg

MS PressInside information for IT Professionals

To find the latest IT Professional related titles visit

www.microsoft.com/learning/it/books


Third party publications supplementary publications for it pros l.jpg

Third Party PublicationsSupplementary Publications for IT Pros

These books can be found and purchased at all good book stores and on-line retailers


Microsoft learning training resources for it professionals l.jpg

Microsoft LearningTraining Resources for IT Professionals

QA Special Offer on

ALL IT Professional Training

50% off – all QA courses running 1st Week in January 2005

40% off all other courses running in January 2005

www.qa.com/course/specialofferdetails.aspx?code=xmasbonus

  • Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure

    • Course Number: 2279

    • Availability: Now

    • Detailed Syllabus: www.microsoft.com/learning

To locate a training provider, please access

www.microsoft.com/learning

Microsoft Certified Technical Education Centers

are Microsoft’s premier partners for training services


Assess your readiness microsoft skills assessment l.jpg

Assess your ReadinessMicrosoft Skills Assessment

What is Microsoft Skills Assessment?

  • Self-study learning tool to evaluate readiness for product and technology solutions, instead of job-roles (certification)

  • Windows Server 2003, Exchange Server 2003, Windows Storage Server 2003, Visual Studio .NET, Office 2003

  • Free, online, unproctored, and available to anyone

  • Answers, “Am I ready?”

  • Determines skills gaps, provides learning plans with Microsoft Official Curriculum courses, plus more Microsoft learning content suggestions such as TechNet resources

  • Post your High Score to see how you stack up

  • visithttp://www.microsoft.com/assessment


Become a microsoft certified systems administrator mcsa l.jpg

Become a Microsoft Certified Systems Administrator (MCSA)

  • What is the MCSA certification?

    • For IT professionals who manage and maintain networks and systems based on the Microsoft Windows Server operating system

  • How do I become an MCSA on Microsoft Windows 2000?

    • Pass 3 core exams

    • Pass 1 elective exam or 2 CompTIA certifications

  • Where do I get more information?

    • For more information about certification requirements, exams, and training, visit www.microsoft.com/mcsa


Become a microsoft certified systems engineer mcse l.jpg

Become A Microsoft Certified Systems Engineer (MCSE)

  • What is the MCSE certification?

    • Premier certification for IT professionals who analyze the business requirements and design, plan, and implement the infrastructure for business solutions based on the Microsoft Windows Server System integrated server software.

  • How do I become an MCSE on Microsoft Windows 2003?

    • Pass 6 core exams

    • Pass 1 elective exams from a comprehensive list

  • Where do I get more information?

    • For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcse


Demonstrate your security or messaging specialization l.jpg

Demonstrate Your Security or Messaging Specialization

  • What are MCSA/MCSE specializations?

    • MCSA and MCSE specializations allow IT professionals to highlight specific expertise or technical focus within their job role.

  • What specializations are available?

    • MCSA: Security MCSA: Messaging

    • MCSE: Security MCSE: Messaging

  • Where do I get more information?

    • For more information about MCSA and MCSE specialization requirements, exams, and training options, visit www.microsoft.com/mcsaorwww.microsoft.com/mcse


What is technet l.jpg

What is TechNet?

  • Put the right answers at your fingertips

    • TechNet is the comprehensive collection of resources to help IT implementers plan, deploy, and manage Microsoft products successfully

TechNet Subscription

  • Monthly updates delivered on DVD or CD

    • The definitive resource to help you evaluate, deploy and maintain Microsoft products

TechNet Web Site

  • Accessible at www.microsoft.com/technet

    • Online resources and community

    • Subscriber-only Online Services

TechNet Flash

  • Bi-weekly e-newsletter

    • Security updates, new resources, and special offers

TechNet Events

and Web Casts

  • Briefings on the latest Microsoft products and technologies

    • Hands-on, “how to” information

TechNet Communities

  • User Groups

  • Managed Newsgroups


Where can i get technet l.jpg

Where Can I Get TechNet?

  • Visit TechNet Online atwww.microsoft.com/technet

  • Register for the TechNet Flash www.microsoft.com/technet/subscriptions/flash.asp

  • Join the TechNet Online forum at www.microsoft.com/technet/itcommunity

  • Become a TechNet Subscriber at www.microsoft.com/technet/buynow/subscribe

  • Attend More TechNet Events or view on-linewww.microsoft.com/technet/tcevents/itevents


  • Login