Corso referenti s i r a modulo 2
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

Corso referenti S.I.R.A. – Modulo 2 PowerPoint PPT Presentation


  • 53 Views
  • Uploaded on
  • Presentation posted in: General

Corso referenti S.I.R.A. – Modulo 2. 06 – Active Directory 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano Viola (CSIA). Overview. Introduction to Active Directory Active Directory Logical Structure

Download Presentation

Corso referenti S.I.R.A. – Modulo 2

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Corso referenti s i r a modulo 2

Corso referenti S.I.R.A. – Modulo 2

06 – Active Directory

20/11 – 27/11 – 05/12

11/12 – 13/12 (gruppo 1)

12/12 – 15/12 (gruppo 2)

Cristiano Gentili, Massimiliano Viola (CSIA)


Overview

Overview

  • Introduction to Active Directory

  • Active Directory Logical Structure

  • Active Directory Physical Structure

  • Methods for Administering a Windows 2000 Network


Introduction to active directory

Introduction to Active Directory

  • What Is Active Directory?

  • Active Directory Objects

  • Active Directory Schema

  • Lightweight Directory Access Protocol (LDAP)


What is active directory

Directory Service Functionality

Centralized Management

  • Organize

  • Manage

  • Control

  • Single point of administration

  • Full user access to directory resources by a single logon

Resources

What Is Active Directory?


Active directory objects

Attributes

Printer Name

Printer Location

Attributes

First Name

Last Name

Logon Name

Active Directory Objects

Objects

Active Directory

Printers

Printer1

Printer2

Printers

Printer3

Attribute

Value

Users

Don Hall

Suzan Fine

Users

Objects Represent Network Resources

Attributes Store Information About an Object


Active directory schema

Active Directory Schema

Objects

Class Examples

Active Directory Schema Is:

  • Dynamically Available

  • Dynamically Updateable

  • Protected by DACLs

Attribute

Examples

Computers

Attributes of Users Might Contain:

List of Attributes

accountExpires

department

distinguishedName

middleName

accountExpires

department

distinguishedName

directReports

dNSHostName

operatingSystem

repsFrom

repsTo

middleName

Users

Printers


Lightweight directory access protocol ldap

Lightweight Directory Access Protocol (LDAP)

  • LDAP Provides a Way to Communicate with Active Directory by Specifying Unique Naming Paths for Each Object in the Directory

  • LDAP Naming Paths Include:

    • Distinguished names

    • Relative distinguished names

CN=RossiMario,OU=Studenti,DC=ds,DC=units,DC=it


Active directory logical structure

Active Directory Logical Structure

  • Domains

  • Organizational Units

  • Trees and Forests


Domains

User1

User2

Domains

  • A Domain Is a Security Boundary

    • A domain administrator can administer only within the domain, unless explicitly granted administration rights in other domains

  • A Domain Is a Unit of Replication

    • Domain controllers in a domain participate in replication and contain a complete copy of the directory information for their domain

Windows 2000Domain

Replication

User1

User2


Organizational units

Organizational Units

Network Administrative Model

Organizational Structure

  • Use OUs to Group Objects into a Logical Hierarchy That Best Suits the Needs of Your Organization

  • Delegate Administrative Control over the Objects Within an OU by Assigning Specific Permissions to Users and Groups

Sales

Vancouver

Users

Sales

Computers

Repair


Trees and forests

contoso.msft

(root)

Two-Way Transitive Trust

Forest

nwtraders.msft

asia.

contoso.msft

au.

contoso.msft

Tree

asia.

nwtraders.msft

au.

nwtraders.msft

Two-Way Transitive Trusts

Tree

Trees and Forests


Global catalog

Subset of the Attributes of All Objects

Domain

Domain

Domain

Domain

Global Catalog

Domain

Domain

Global Catalog Server

Global Catalog

Queries

Group membership

when user logs on


Active directory physical structure

Active Directory Physical Structure

  • Domain Controllers

  • Sites


Domain controllers

Domain Controllers:

  • Participate in Active Directory replication

  • Perform single master operations roles in a domain

Domain

User1

User2

User1

User2

Replication

Domain Controller

Domain Controller

= A Writeable Copy of the Active Directory Database

Domain Controllers


Sites

Seattle

New York

Chicago

Los Angeles

Site

IP subnet

IP subnet

Sites

Sites:

  • Optimize replication traffic

  • Enable users to log on to a domain controller by using a reliable, high-speed connection


Methods for administering a windows 2000 network

Methods for Administering a Windows 2000 Network

  • Using Active Directory for Centralized Management

  • Managing the User Environment

  • Delegating Administrative Control


Using active directory for centralized management

Domain

Domain

Search

OU1

Computers

OU1

OU2

Computer1

Users

User1

OU2

Users

User1

Computer1

User2

Printer1

User2

Printers

Printer1

Using Active Directory for Centralized Management

Active Directory:

  • Enables a single administrator to centrally manage resources

  • Allows administrators to easily locate information

  • Allows administrators to group objects into OUs

  • Uses Group Policy to specify policy-based settings


Managing the user environment

Domain

1

2

3

OU1

OU2

OU3

1

2

3

Apply Group Policy Once

Windows 2000 Enforces Continually

Managing the User Environment

Use Group Policy to:

  • Control and lock down what users can do

  • Centrally manage software installation, repairs, updates, and removal

  • Configure user data to follow users whether they are online or offline


Delegating administrative control

Domain

OU1

Admin1

OU2

Admin2

OU3

Admin3

Delegating Administrative Control

Assign Permissions:

  • For specific OUs to other administrators

  • To modify specific attributes of an object in a single OU

  • To perform the same task in all OUs

    Customize Administrative Tools to:

  • Map to delegated administrative tasks

  • Simplify interface design


  • Login