Active Directory - PowerPoint PPT Presentation

active directory l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Active Directory PowerPoint Presentation
Download Presentation
Active Directory

play fullscreen
1 / 93
Active Directory
340 Views
Download Presentation
claudio
Download Presentation

Active Directory

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Active Directory Nanda Ganesan, Ph.D.

  2. References • Technical overview of Windows 2003 Active Directory • Introduction to Windows 2003 Active Directory in application mode • Windows 2003 Reviewer’s Guide

  3. Agenda • What is Active Directory • Building an Active Directory • Using Active Directory Features • Active Directory Objects • Auditing Active Directory

  4. Group Names • Contributions made by • Charles Guzman • Daniel Gebretensai • Ervand Akopyan • Hovik Gharadaghi

  5. Introduction to Active Directory

  6. Overview of Active Directory • Directory services of the Windows server system • Stores information about network object and makes the information available to administrators, users, and applications • Provides a single point of network management allowing people to add, remove, and relocate users and resources easily • Integrated with Internet’s hierarchical domain naming system

  7. Active Directory Properties • Integration with DNS • Flexible querying • Information security • Simplified administration • Scalability

  8. Object and Schema • Objects are the basic entities that constitute the Active Directory • Each object will have it own globally unique identifier (GUID) • Schema • Describes the object classes • Defines the attributes for the object classes

  9. Structural Components • Objects based hierarchical structure with constructs • Domains • Trees • Forests • Trust relationships • Organizational Units • Sites

  10. A Simple Active Directory Structure

  11. Active Directory and DNS Integration

  12. Tree Parent and child domains in a domain tree. Double-headed arrows indicate two-way transitive trust relationships

  13. Forests One forest with three domain trees. The three root domains are not contiguous with each other, but EuropeRoot.com and AsiaRoot.com are child domains of HQ-Root.com.

  14. Internal Trusts in a Forest Shortcut trusts between Domains B and D, and between Domains D and 2

  15. Trust Relationships • Transitive • Two-way • Shortcut trusts • External trusts

  16. Trust Relationships

  17. Organizational Units Intra-site replication with just one domain .

  18. Trust Relationships Intra-site replication with two domains and two global catalogs

  19. Directory Protocols • Based on standard directory protocols • Interoperate with other protocols • Example: LDAP • LDAP it is used to add, modify, delete and query information stored in AD • LDAP to AD is like SQL to Oracle • LDAP determines how a client can access the directory, operations within the directory and share directory data

  20. Active Directory Security • Based on Kerberos • Supports multiple security configurations for cross platform interoperability • Clients: A domain controller will authenticate clients running RFC-1510 Kerberos. This will include other clients running other operating systems. • Unix clients and services: A Kerberos principal is mapped to a Windows 2000 user or computer account

  21. Installation Of Active Directory

  22. Requirements • The computer must be Windows 2k, 2k3 Server, Advanced Server or Datacenter Server. • At least one volume on the computer must be formatted with NTFS. • DNS must be active on the network prior to AD installation or be installed during AD installation. • DNS must support SRV records and be dynamic. • The computer must have IP protocol installed and have a static IP address. • The Kerberos v5 authentication protocol must be installed. • Time and zone information must be correct.

  23. DCPROMO

  24. Role of DNS • Clients use DNS to locate Active Directory controllers. • Servers and client computers register their names and IP addresses with the DNS server