70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced
Download
1 / 52

The world before the Active Directory - PowerPoint PPT Presentation


  • 105 Views
  • Uploaded on

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory. The world before the Active Directory.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' The world before the Active Directory' - tulia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, EnhancedChapter 1: Introduction to Active Directory


The world before the active directory
The world before the Active Directory Directory, Enhanced

  • The overwhelming majority of network today run without any single unified directory service. Many companies store information in various disconnected system. For example:

    • Companies record data about its employees in a human resource database.

    • While network account reside on a Windows NT 4 domain controller.

    • Other information such as security setting for applications- reside within various other systems.

  • And there’s always the classic: paper-based forms!


Windows nt to the rescue
Windows NT to the rescue! Directory, Enhanced

  • Windows NT is a NOS (Networking Operating System)

  • Goal of Windows NT was to bring security, organization, and accessibility to information throughout a company’s network.

  • GUI interface got rid of cryptic command-line interfaces and it simplified management.

  • Windows NT offered reliability, scalability, performance, and flexibility and compatibility with a large installed base of current software products.


Domain model in windows nt 4
Domain Model in Windows NT 4 Directory, Enhanced

  • 1 Domain Controller per network (PDC)

  • Several Backup Domain Controller (BDC)

  • All network security accounts are stored within PDC. To improve performance and reliability the database is replicated to BDC.

  • There can only be one master copy of the account databases. This copy resides in the PDC. All user and security account changes must be recorded by the PDC.

  • This model only works well for small – to – medium sized organizations.


Domain model in windows nt 41
Domain Model in Windows NT 4 Directory, Enhanced


Limitations of windows nt 4
Limitations of Windows NT 4 Directory, Enhanced

  • Multiple Domain are complicated and management intensive.

    • Trust relationship can grow out of control!

  • Flat entities, cannot be organized in hierarchical fashion (using sub domain for admin purposes)

  • No allowing of nesting of users and groups.

  • Extremely tedious and error prone when setting permissions. (because above bullet item)


Limitations of windows nt 4 cont
Limitations of Windows NT 4 (Cont.) Directory, Enhanced

  • Security allowed for complete control over the domain controller. Some users had too much permissions. (This poses several potential problems – both business and technical)

  • Nevertheless, Windows NT 4 provided an excellent solution to many business. But as with almost any technical solution, there were areas which improvements could be made.


Active directory design
Active Directory Design Directory, Enhanced

  • Before setting up a server environment, you must design a suitable Active Directory. Several choices need to be made and many consideration to take into account:

    • Political Issues

      • How does current business operate – as single, independent business or centralized environment? Who will be responsible for administering portions of network?

    • Network Issues

      • Types of connections between remote offices? How reliable are connections? What are domain name requirements?

    • Organizational Issues

      • How are the areas of the business structured? For example, do the department operate individually, with separate networks administrators for each department? Or is the environment much more centralized?


Planning and implementing an active directory infrastructure
Planning and Implementing an Active Directory Infrastructure Directory, Enhanced

  • Planning

    • Most crucial step

    • Poor planning may cause poor performance

    • Must consider pre-existing network, hardware, etc.


Managing and maintaining an active directory infrastructure
Managing and Maintaining an Active Directory Infrastructure Directory, Enhanced

  • Small changes are constantly required

  • Upgrades involve changes

  • Regular maintenance ensures good performance

  • Troubleshooting required when problems occur


Planning and implementing user computer and group strategies
Planning and Implementing User, Computer, and Group Strategies

  • Authentication

    • Identifying user to network

    • Password is most common method

  • Authorization

    • Determines what resources user can access

    • Users are typically grouped together for authorization


Planning and implementing group policy
Planning and Implementing Group Policy Strategies

  • Group Policy

    • Used to manage the way workstations, servers, and user environments behave

  • Examples:

    • Require all communications between clients and servers to be encrypted

    • Control how user’s desktop appears

    • Perform maintenance tasks


Planning and implementing group policy continued
Planning and Implementing Group Policy (continued) Strategies

  • Examples:

    • Deploy applications to computers or users throughout the network

  • Influenced by:

    • User requirements

    • Corporate policies

    • Network design

    • Who manages policies


Managing and maintaining group policy
Managing and Maintaining Group Policy Strategies

  • Changes to policies and troubleshooting result of policies may be required.

  • Updates can be applied to computers that had applications installed via group.

    • Example. Older version of antivirus on machines installed can be upgraded via group policy to newer version.


Windows networking concepts overview
Windows Networking Concepts Overview Strategies

  • Network models:

    • Domain

    • Workgroup

  • Windows Server 2003 system roles:

    • Standalone server

    • Member server

    • Domain controller


Workgroups
Workgroups Strategies

  • Logical group of computers

  • Characterized by decentralized security and administration model

  • Every computer holds own security database

    • Known as Security Accounts Manager (SAM) database

    • Each computer must authenticate users independently


Workgroups continued
Workgroups (continued) Strategies

  • Benefits

    • Simple

    • Does not explicitly require a server

  • Drawbacks:

    • Time consuming to manage

  • Windows 2003 server participates as standalone server



Domains
Domains Strategies

  • Logical group of computers

  • Characterized by centralized authentication and administration

  • All domain computers use centralized security database

  • Domain controllers (DC)

    • Special server

    • Responsible for managing security database

    • Responsible for authenticating users on domain


Domains continued
Domains (continued) Strategies

  • Active Directory

    • Stored on one or more computers configured as domain controllers

    • DC can be:

      • Windows 2000 Server

      • Windows Server 2003



Domains1
Domains Strategies

  • Other domain computers:

    • “domain members"

    • “member servers”

    • Can authorize access to a particular resource based on the domain authentication

  • Highly recommended in environment that consists of more than 10 users or workstations


Domains continued1
Domains (continued) Strategies

  • Requires at least one server configured as domain controller

    • Additional expense

  • Minimum of two domain controllers preferred

    • Provides fault tolerance

    • Load balancing



Domains2
Domains Strategies

  • Member servers:

    • Windows Server 2003 system that has computer accountin a domain

    • Not configured as a domain controller

    • Used for wide variety of functions including:

      • File server

      • Print server

      • Application server


Domains continued2
Domains (continued) Strategies

  • Member servers:

    • Commonly host network services such as:

      • Domain Name Service (DNS)

      • Dynamic Host Configuration Protocol (DHCP)

  • Domain controller:

    • Windows Server 2003 system

    • Explicitly configured to store copy of Active Directory database

    • Responsible for servicing user authentication requests and queries about domain objects


Introduction to windows server 2003 active directory
Introduction to Windows Server 2003 Active Directory Strategies

  • Native directory service included with Windows Server 2003 operating systems

  • Provides:

    • Central point for:

      • Storing

      • Organizing

      • Managing

      • Controlling network objects

    • Single point of administration of objects


Introduction to windows server 2003 active directory continued
Introduction to Windows Server 2003 Active Directory (continued)

  • Provides:

    • Logon and authentication services for users

    • Delegation of administration

  • Each domain controller has writeable copy of directory database

  • Make Active Directory changes to any domain controller

  • Changes are replicated to all other domain controllers


Introduction to windows server 2003 active directory continued1
Introduction to Windows Server 2003 Active Directory (continued)

  • Multi-master replication

  • Provides form of fault tolerance

  • DNS:

    • Used maintain domain-naming structures

    • Locate network resources


Active directory objects
Active Directory Objects (continued)

  • Object

    • Represents network resources such as:

      • Users

      • Groups

      • Computers

      • Printers

  • Various attributes are assigned to objects

    • Examples: 1st name, last name, user logon, etc.


User object
User Object (continued)


Active directory schema
Active Directory Schema (continued)

  • Defines all of objects and attributes available in Active Directory

  • Only one schema for each Active Directory implementation

  • Consists of two main definitions:

    • Object classes

      • example: users, printers

    • Attributes

      • example: description to maintain consistency.


Active directory logical structure and components
Active Directory Logical Structure and Components (continued)

  • Logical components:

    • Domains and Organizational Units

    • Trees and Forests

    • Trusts


Domains and organizational units
Domains and Organizational Units (continued)

  • Domain

    • Logically structured organization of objects

      • Part of a network

      • Share common directory database

    • Has unique name

    • Organized in levels

    • Administered as a unit with common rules and procedures

    • Provides administrative benefits


Domains and organizational units continued
Domains and Organizational Units (continued) (continued)

  • Organizational unit (OU)

    • Logical container

    • Used to organize objects within a single domain

    • Stores objects such as:

      • Users

      • Groups

      • Computers

      • Other organizational units

    • Ability to delegate administrative control over OU

    • Example: Organize users based on department in which they work! Delegate admin rights / permissions to add and remove users within OU



Trees and forests
Trees and Forests (continued)

  • Reasons for multiple domains:

    • Geographic separation

    • Different password policies.

    • Large number of objects

    • Replication performance

  • Forest root domain

    • First domain defined in deployment


Trees and forests continued
Trees and Forests (continued) (continued)

  • Tree

    • Hierarchical collection of domains

    • Share contiguous DNS namespace

  • Forest

    • Collection of trees

    • Do not share contiguous DNS naming structure


Trees
Trees (continued)


Forests
Forests (continued)


Trusts
Trusts (continued)

  • Two-way, transitive trust relationship

  • Automatically created for child domain

  • Transitive trust

    • All other trusted domains implicitly trust one another


Activity 1 4 creating a child domain in an existing domain tree
Activity 1-4: Creating a Child Domain in an Existing Domain Tree

  • Objective: Promote a member server to a domain controller for a new child domain in an existing domain tree

  • Use the Active Directory Installation Wizard or the Configure Your Server Wizard to create a domain



Active directory communications standards
Active Directory Communications Standards Tree

  • DNS naming standard

    • Hostname resolution

    • Provides information on location of network services and resources

  • Lightweight Directory Access Protocol (LDAP)

    • Used to query or update Active Directory database

    • Naming paths:

      • Distinguished name

      • Relative distinguished name


Active directory physical structure
Active Directory Physical Structure Tree

  • Make sure any modification to database is replicated as quickly as possible

  • Design topology so that replication does not saturate available network bandwidth

  • Control logon traffic

  • See page 25: Logical vs. Physical Structure.


Active directory physical structure continued
Active Directory Physical Structure (continued) Tree

  • Site

    • Combination of one or more Internet Protocol (IP) subnets

    • Connected by high-speed connection

  • Site link

    • Configurable object

    • Represents connection between sites



Global catalog
Global Catalog Tree

  • Used primarily for:

    • Finding Active Directory information from anywhere in forest

    • Universal group membership information

    • Authentication services

    • Directory lookup requests from Exchange 2000/2003

  • First domain controller in Active Directory automatically becomes Global Catalog server


New active directory features in windows server 2003
New Active Directory Features in Windows Server 2003 Tree

  • Windows Server 2003 brings new features and capabilities

  • Primary benefits:

    • Flexibility

    • Lower the total cost of ownership (TCO)


Deployment and management
Deployment and Management Tree

  • Active Directory Migration Tool (ADMT) 2.0

  • Domain Rename

  • Schema Redefine


Security
Security Tree

  • Cross-forest Trust

  • Credential Manager

  • Software Restriction Policies


Performance and dependability
Performance and Dependability Tree

  • Universal Group Caching

  • Application Directory Partitions

  • Install Replica from Media


ad