1 / 91

Goals

Goals. Examine the logical and physical structure of Active Directory Examine more Active Directory concepts Plan a domain structure Plan a domain namespace Examine guidelines for planning a site structure. Introduce Active Directory Identify the functions and features of Active Directory

moya
Download Presentation

Goals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Goals • Examine the logical and physical structure of Active Directory • Examine more Active Directory concepts • Plan a domain structure • Plan a domain namespace • Examine guidelines for planning a site structure • Introduce Active Directory • Identify the functions and features of Active Directory • Introduce Active Directory architecture • Introduce Active Directory objects

  2. (Skill 1) Introducing Active Directory Active Directory database • Stores information about users, groups, domains, and objects on a network • Allows you to centrally access and administer the information • Provides an unique identity for each object called a Security ID (SID)

  3. (Skill 1) Introducing Active Directory (2) Active Directory database • Allows you to access and administer the directory service globally, unlike decentralized network models • Reduces the effort required to complete day-to-day administrative tasks, such as managing users and resources

  4. (Skill 1) Figure 1-1 Active Directory

  5. (Skill 1) Introducing Active Directory (3) Windows NT • Introduced the concept of a directory service based on domains that provide a single point of authentication for all users on a network • Limitations prevent it from being used effectively in large networks • Has only one writable copy of the database, which leads to a single point of failure for Write operations • Trust relationships between domains must be built manually

  6. (Skill 1) Introducing Active Directory (4) • Active Directory’s advantages over Windows NT • Most trust relationships within a single forest are created automatically • Makes it possible for Active Directory to provide scalability in large business organizations

  7. (Skill 2) Identifying the Functions and Features of Active Directory • Active Directory features make it a reliable and secure directory service • Policy-based administration • Active Directory makes network administration easier by using Group Policies • Using this feature, an administrator can make complex modifications to the user’s environment, assign rights, configure network security, and install software to collections of users or computers

  8. (Skill 2) Identifying the Functions and Features of Active Directory (2) • Active Directory features make it a reliable and secure directory service • Increased security of information • Windows Server 2003 supports protection of both stored data and network data • Stored data can be protected using Encrypting File System (EFS) and permissions

  9. (Skill 2) Identifying the Functions and Features of Active Directory (3) • Active Directory features make it a reliable and secure directory service • Integration with Domain Name System (DNS) • DNS is a naming service that translates host names into numeric IP addresses • Active Directory uses standard DNS naming conventions for domains

  10. (Skill 2) Identifying the Functions and Features of Active Directory (4) • Active Directory features make it a reliable and secure directory service • Extensibility • Active Directory allows nearly any type of information to be added to the database because it has an extensible schema • Schema contains a list of all possible object types (object classes), their attributes, and relationships allowed between objects

  11. (Skill 2) Identifying the Functions and Features of Active Directory (5) • Active Directory features make it a reliable and secure directory service • Scalability • Active Directory can store anywhere from a small number to millions of objects • An object automatically inherits the permissions of the container into which it is placed

  12. (Skill 2) Identifying the Functions and Features of Active Directory (6) • Active Directory features make it a reliable and secure directory service • Information replication • Active Directory automatically replicates the contents of its database across every domain controller in the domain • Compatibility with other directory services • Active Directory is based on protocols, such as LDAP, HTTP, and NSPI, so it is compatible with other directory services that use these protocols

  13. (Skill 2) Identifying the Functions and Features of Active Directory (7) • Active Directory features make it a reliable and secure directory service • Mutual authentication • Active Directory utilizes Kerberos as the default authentication mechanism • Kerberos is an industry-standard, high-security mutual authentication mechanism that provides increased security for logon information

  14. (Skill 3) Introducing Active Directory Architecture • Windows Server 2003 architecture has two primary layers • User mode • Kernel mode

  15. (Skill 3) Introducing Active Directory Architecture (2) • User mode layer • The interface between applications and the kernel mode layer • Accepts requests from an application and forwards them to the kernel for processing

  16. (Skill 3) Introducing Active Directory Architecture (3) • Components of the user mode layer • Environment subsystems • Provide interfaces for applications to interact with the kernel and integral subsystems • The environment subsystem components make applications run by providing Application Programming Interfaces (APIs)

  17. (Skill 3) Introducing Active Directory Architecture (4) • Components of the user mode layer • Integral subsystems • Perform important operating system functions such as security and session management • Security subsystem receives logon requests and initiates logon authentication • Workstation Service enables a client computer to access the network • Server Service allows a Windows Server 2003 to share network resources

  18. (Skill 3) Figure 1-2 Location of Active Directory within the Windows Server 2003 architecture

  19. (Skill 3) Introducing Active Directory Architecture (5) • Kernel mode layer • Communicates with system data and hardware to process any input/output requests made by a user • Operates in a protected area of memory • Is responsible for executing I/O requests • Prioritizes hardware and software interrupts based on the precedence of the application or service making the request

  20. (Skill 3) Introduce Active Directory Architecture (6) • Components of the kernel mode layer • Executive • Performs I/O functions, object management, and security functions • Has a number of subcomponents • Provides security guidelines for the user mode layer

  21. (Skill 3) Introducing Active Directory Architecture (7) • Components of the kernel mode layer • Microkernel, which manages the computer’s processors • Kernel mode drivers, which take requests from applications and translate them into hardware functions • Hardware Abstraction Layer (HAL), which provides the interface between the other software layers and the core hardware

  22. (Skill 3) Introducing Active Directory Architecture (8) • Active Directory is made up of three service layers and the underlying Data Store • Directory System Agent (DSA) • Provides the interface for application calls made to the directory • Supports the protocols that enable clients to gain access to the Active Directory • LDAP/ADSI • SAM • MAPI • REPL

  23. (Skill 3) Introducing Active Directory Architecture (9) • Database Layer • Access calls to the database go through the Database Layer • Acts as an abstraction layer between the applications that make the access calls and the database • Extensible Storage Engine (ESE) • Has direct contact with the records in the directory data store • Based on an object’s relative distinguished name attribute

  24. (Skill 3) Introducing Active Directory Architecture (10) • Data Store (Ntds.dit) • Contains the records that make up the Active Directory database • Stored by default in the \%systemroot%\NTDS folder on the domain controller • Administered from Active Directory Restore Mode using Ntdsutil.exe, located in the system32 folder in the %systemroot% folder

  25. (Skill 3) Figure 1-3 Active Directory architecture

  26. (Skill 4) Introducing Active Directory Objects • Active Directory • Treats each domain resource as an object • Each object is represented by distinct characteristics known as attributes

  27. (Skill 4) Introducing Active Directory Objects (2) • Types of Active Directory objects • User accounts • Store the logon information for the users in a domain • A domain acts as a security boundary: assuming no trusts are in place, users can only access objects within their own domains

  28. (Skill 4) Figure 1-4 Objects and their attributes

  29. (Skill 4) Introducing Active Directory Objects (3) • Types of Active Directory objects • Contacts • Usedto store information about any person or organization that has business relations with your organization • Contacts information includes name, address, telephone number, and e-mail address

  30. (Skill 4) Introducing Active Directory Objects (4) • Types of Active Directory objects • Computers • Computer objectsstore information about computers that are members of a domain • Information includes computer name, description, and other attributes

  31. (Skill 4) Introducing Active Directory Objects (5) • Types of Active Directory objects • Groups • Used to apply permissions across large numbers of users, computers, and groups • They are not strictly containers, but have membership lists that define which objects are members of the group

  32. (Skill 4) Introducing Active Directory Objects (6) • Types of Active Directory objects • Published folders • Shared folders that have been listed in Active Directory • When you publish a folder in Active Directory, you create an object that stores a pointer to the folder

  33. (Skill 4) Introducing Active Directory Objects (7) • Types of Active Directory objects • Printers • A printer is represented by a printer objectthat contains a pointer to the printer on a computer • A Windows Server 2003 print server automatically detects and publishes printers to Active Directory

  34. (Skill 4) Introducing Active Directory Objects (8) • Types of Active Directory objects • Domain controllers • A Windows Server 2003 computer that authenticates user logon attempts and exchanges the directory information with other domain controllers • Exchanging directory information is called replication • In Active Directory, domain controllers use multimaster replicationto exchange directory information with other domain controllers in a domain • No single domain controller is responsible for replication and all of the domain controllers act as peers

  35. (Skill 4) Introducing Active Directory Objects (9) • Types of Active Directory objects • Domain controllers • Each domain controller is represented by a Domain Controller object in Active Directory • You can store the Domain Name System (DNS) name, pre-Windows Server 2003 name, operating system version, location, and name of the administrator in this object • Domain controllers also handle a user’s interactions with a domain such as locating objects and logon requests

  36. (Skill 4) Introduce Active Directory Objects (10) • Types of Active Directory objects • Organizational units (OUs) • Container objects that can store groups, users, computers, and other OUs • Used to organize the objects in the domain, to delegate control over a small portion of the domain, and to apply Group Policy to a select group of objects • Only one OU exists by default • It is recommended that you create additional OUs based on your administrative needs

  37. (Skill 4) Figure 1-5 A typical Active Directory hierarchy

  38. (Skill 4) Figure 1-6 Active Directory objects

  39. (Skill 4) Introducing Active Directory Objects (11) • In Active Directory, you use names to locate objects in a network • Naming conventions that Active Directory supports • Distinguished name (DN) • A unique name for every object in a network • It includes the name of the domain that holds the object and the complete path to the object through the container hierarchy

  40. (Skill 4) Introducing Active Directory Objects (12) • Naming conventions that Active Directory supports • Relative distinguished name (RDN) • Derived from the DN • The RDN of an object is simply the object’s name • Globally unique identifier (GUID) • A unique 128-bit number assigned to an object at the time of its creation • The GUID for an object does not change even when you move or rename the object

  41. (Skill 4) Introducing Active Directory Objects (13) • Naming conventions that Active Directory supports • User principal name (UPN) • Consists of the first name and last name attributes for a user • Consists of the UPN suffix, which is usually the DNS name of the domain where the user is located

  42. (Skill 4) Figure 1-7 Examples of naming conventions

  43. (Skill 5) Examining the Logical and Physical Structure of Active Directory • Objects in Active Directory can be organized logically and physically • Logical structure • Consists of domains, trees, and forests • Besides being Active Directory objects, OUs are also part of the logical structure • Physical structure • Consists of sites • Domain controllers are also part of the physical structure, as well as being Active Directory objects

  44. (Skill 5) Examining the Logical and Physical Structure of Active Directory (2) • Components of the logical structure • Domains • In Active Directory, domains represent the core unit of the logical structure • Used to represent the administrative boundaries of your organization • Store information only about the objects they contain • Can span multiple physical locations

  45. (Skill 5) Figure 1-8 A domain structure in an organization

  46. (Skill 5) Examining the Logical and Physical Structure of Active Directory (3) • Components of the logical structure • Trees • Formed when you add one or more child domains to the top-level domain (also known as the root of the tree) • Follows a contiguous naming scheme where every child domain (subdomain) in the tree derives its name from the root domain • Implicit two-way transitive trust exists between the parent domains and the child domains in a domain tree, which is a type of a logical link, automatically established between domains

  47. (Skill 5) Figure 1-9 A tree structure in Active Directory

  48. (Skill 5) Examining the Logical and Physical Structure of Active Directory (4) • Components of the logical structure • Forests • Collection of domains that share a common schema, global catalog, and configuration • All domains in a forest share a common schema and a common global catalog, which allows all domains within a forest to contain uniform information • Although domains in a forest operate independently, they communicate with each other because all domain trees in a forest share a common schema

  49. (Skill 5) Examine the Logical and Physical Structure of Active Directory (5) • Components of the logical structure • Forests • All domains in a forest share a common global catalog • Forests allow a disjointed naming scheme where the names of domain trees may not be related to one another • In a forest, an implicit two-way transitive trust exists between the root domains of domain trees and the root of the forest

  50. (Skill 5) Figure 1-10 A forest structure in Active Directory

More Related