introduction to active directory directory services n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Introduction to Active Directory Directory Services PowerPoint Presentation
Download Presentation
Introduction to Active Directory Directory Services

Loading in 2 Seconds...

play fullscreen
1 / 32

Introduction to Active Directory Directory Services - PowerPoint PPT Presentation


  • 251 Views
  • Uploaded on

Introduction to Active Directory Directory Services. Uniquely identify users and resources on a network Provide a single point of network management. What Are Active Directory Directory Services?. The directory service included with Microsoft Windows 2000 Server products

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Introduction to Active Directory Directory Services


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Introduction to Active Directory Directory Services • Uniquely identify users and resources on a network • Provide a single point of network management

    2. What Are Active Directory Directory Services? The directory service included with Microsoft Windows 2000 Server products • A directory service is a network service. • A directory service identifies all resources on a network. • A directory service makes all resources available.

    3. What Are Active Directory Directory Services? (continued) Active Directory directory services include the Directory. • The Directory stores information about network resources. • Resources stored in the Directory are referred to as objects.

    4. Simplified Administration Active Directory directory services organize resources hierarchically in domains. • A domain is a logical grouping of servers andother network resources under a single domain name. • A domain is the basic unit of replication and security. • A domain includes at least one domain controller.

    5. Simplified Administration (continued) Active Directory directory services provide • A single point of administration for all objects on the network • A single point of logon for all network resources

    6. Scalability • The Directory stores information by organizing itselfinto sections that permit storage for a huge number of objects. • The Directory can expand to meet the needs of • Small installations with one server and a few hundred objects. • Huge installations with hundreds of servers and millions of objects.

    7. Open Standards Support Active Directory directory services • Integrate the Internet concepts of a namespacewith the Windows 2000 directory service • Allow you to unify and manage multiple namespaces • Use DNS for its name system • Exchange information with any application ordirectory that uses LDAP or HTTP

    8. Domain Name System • DNS is the domain naming and locator service for Active Directory. • Windows 2000 domain names are also DNS names. • Windows 2000 Server uses dynamic DNS (DDNS). • Clients can update the DNS table dynamically. • DDNS eliminates the need for other naming services.

    9. Support for LDAP and HTTP • LDAP is an Internet standard for accessing directory services. • HTTP is the standard protocol for displaying pages on the World Wide Web. • You can display every object in Active Directory as an HTML page in a Web browser.

    10. Support for Standard Name Formats

    11. Logical Structure • The logical structure is separate from the physical structure. • Organize resources in a logical structure. • Find a resource by its name rather than its physical location. • The network’s physical structure is transparent to the users.

    12. Objects

    13. Organizational Units

    14. Domain • The domain is the core unit of logical structure. • All network objects exist within a domain. • A domain stores information about only the objects that it contains. • A practical limit to the number of objects in a domain is 1 million.

    15. A Domain Is a Security Boundary • Access to domain objects is controlled by ACLs. • ACLs contain the permission associated with objects. • ACLs control which users can gain access to an object. • ACLs control which type of access users can gain to the objects. • Security policies and settings do not cross from one domain to another. • A domain administrator has absolute rights to set policies only within that domain.

    16. Tree • A tree is a grouping of one or more Windows 2000 domains. • All domains within a single tree share a contiguous namespace. • The domain name of a child domain is the relative nameof that child domain appended with the name of the parent domain. • All domains within a single tree share a common schema. • All domains within a single tree share a common global catalog.

    17. Forest • A forest is a grouping of one or more domain trees. • The trees in a forest form a disjointed namespace. • All trees in a forest share a common schema. • Trees in a forest have different naming structures. • All domains in a forest share a common global catalog. • Domains in a forest operate independently.

    18. Sites • The physical structure is based on sites. • A site is a combination of one or more IP subnets. • Typically a site has the same boundaries as a LAN. • Sites are not part of the logical namespace. • Sites contain computer objects and connection objects.

    19. Replication Within a Site • The Active Directory directory services include a replication feature. • Replication ensures that changes to a domain controllerare reflected by all domain controllers within a domain.

    20. Functions of Domain Controllers in a Domain • Store a complete copy of all Active Directory information • Replicate all objects in the domain to each other automatically • Replicate certain important updates immediately • Use multimaster replication • Provide fault tolerance • Manage all aspects of user domain interactions

    21. Ring Topology for Replication

    22. Schema • Contains a formal definition of the contents andstructure of Active Directory directory services • Defines attributes for each object class

    23. Default Schema • Created by installing Active Directory on first computer in a new forest • Contains definitions of commonly used objects and properties • Contains definitions of objects and properties used by Active Directory

    24. Extensible Schema • You can define new directory object types and attributes. • You can define new attributes for existing objects. • You can extend the schema • By using LDAP Data Interchange Format (LDIF) scripts. • Programmatically or by using the Active Directory Services Interface (ADSI). • By using the Active Directory Schema snap-in. • The schema is stored in the global catalog and can be updated dynamically.

    25. Global Catalog

    26. Global Catalog Servers • Installing Active Directory on the first computer in a newforest makes that domain controller a global catalog server. • The Active Directory Sites and Services snap-in allows you to designate additional global catalog servers. • More global catalog servers means more replication traffic. • More global catalog servers can provide quicker responses. • Every major site should have a global catalog server.

    27. Namespace

    28. Naming Conventions • Every object in Active Directory is identified by a name. • Active Directory uses a variety of naming conventions.

    29. Distinguished Name • Every object has a distinguished name (DN). • The DN uniquely identifies the object. • The DN contains sufficient information for a client to retrieve the object. • The DN includes the name of the domain that holds the object. • The DN includes the complete path to the object.

    30. Relative Distinguished Name

    31. Globally Unique Identifier • A globally unique identifier (GUID) is a 128-bit number that is guaranteed to be unique. • GUIDs are assigned when the object is created. • The GUID for an object never changes. • Applications use GUIDs to retrieve objects regardless of current DNs.

    32. User Principal Name • User accounts have a friendly name, the user principal name (UPN). • The UPN is composed of the shorthand name for the user account and the DNS name of the tree where the user account object resides.