1 / 28

Session 18 Windows 7 Professional DNS, Groups, and Active Directory(Part 3)

Session 18 Windows 7 Professional DNS, Groups, and Active Directory(Part 3). Session 17 Windows 7 Professional Operating in Microsoft Networks. Overview. Introduction to Active Directory Structure - Objects Levels – Forest, Trees, Domains Organizational Units Physical Topology Replication

ivor-davis
Download Presentation

Session 18 Windows 7 Professional DNS, Groups, and Active Directory(Part 3)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Nassau Community College ITE153 – Operating Systems Session 18Windows 7 Professional DNS, Groups, and Active Directory(Part 3)

  2. Nassau Community College ITE153 – Operating Systems Session 17Windows 7 ProfessionalOperating in Microsoft Networks

  3. Overview Nassau Community College ITE153 – Operating Systems • Introduction to Active Directory • Structure - Objects • Levels – Forest, Trees, Domains • Organizational Units • Physical Topology • Replication • Global Catalog • Trust

  4. Active Directory Nassau Community College ITE153 – Operating Systems • a directory service created by Microsoft • for Windows domain networks • included in most Windows Server operating systems • Server computers running Active Directory are called domain controllers

  5. Active Directory Nassau Community College ITE153 – Operating Systems • serves as a centrallocation for network administration and security • responsible for authenticating and authorizing all users and computers within a domain • assigning and enforcing security policies for all computers in a network and installing or updating software on network computers

  6. Active Directory Nassau Community College ITE153 – Operating Systems • Uses Lightweight Directory Access Protocol (LDAP),  Kerberos, and DNS • First release: Windows 2000 Server edition • Revised to extend functionality and improve administration in Windows Server 2003 • Windows Server 2008 the domain controller role was renamed Active Directory Domain Services

  7. Active Directory Structure Nassau Community College ITE153 – Operating Systems • An Active Directory structure is a hierarchical arrangement of information about objects • An object is any entity that can be manipulated by the commands of a programming language, such as a value, variable, function, or data structure • An  object has attributes (object elements) and behaviors (methods or subroutines) encapsulating an entity

  8. Active Directory Structure Nassau Community College ITE153 – Operating Systems • An Active Directory structure is a hierarchical arrangement of information about objects • An object is any entity that can be manipulated by the commands of a programming language, such as a value, variable, function, or data structure • An  object has attributes (object elements) and behaviors (methods or subroutines) encapsulating an entity

  9. Active Directory Structure Nassau Community College ITE153 – Operating Systems • AD objects fall into two broad categories: • resources (e.g., printers) • security principals (user or computer accounts and groups). • Security principals are assigned unique securityidentifiers (SIDs) • A SID is a unique name (an alphanumeric character string) which is assigned by a Windows Domain controller during the log on process that is used to identify a subject

  10. Active Directory Structure Nassau Community College ITE153 – Operating Systems • The object represents a single entity—whether a user, a computer, a printer, or a group—and its attributes. • Certain objects can contain other objects. • An object is uniquely identified by its name and has a set of attributes—the characteristics and information that the object represents— defined by a schema, which also determines the kinds of objects that can be stored in the AD • A Site object in an AD represents a geographic location that hosts networks

  11. Active Directory Structure - Levels Nassau Community College ITE153 – Operating Systems • The logical divisions in an Active Directory are: • Forest • Tree • Domain • The forest represents the security boundary within which users, computers, groups, and other objects are accessible

  12. Active Directory Structure - Levels Nassau Community College ITE153 – Operating Systems • Objects are grouped into domains. The objects for a single domain are stored in a single database (which can be replicated). Domains are identified by their DNS name structure, the namespace • A tree is a collection of one or more domains and domain trees in a contiguous namespace, linked in a transitive trust hierarchy • At the top of the structure is the forest. A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration

  13. Active Directory Structure - OUs Nassau Community College ITE153 – Operating Systems • The objects held within a domain can be grouped into Organizational Units (OUs) • OUs can provide hierarchy to a domain, ease its administration, and can resemble the organization's structure in managerial or geographical terms. • Microsoft recommends using OUs rather than domains for structure and to simplify the implementation of policies and administration. • The OU is the recommended level at which to apply group policies, which are Active Directory objects formally named Group Policy Objects (GPOs

  14. Active Directory Structure - Physical Nassau Community College ITE153 – Operating Systems • Sites in Active Directory represent the physical structure, or topology, of your network • AD uses topology information, stored as site and site link objects in the directory, to build the most efficient replication topology. • A site is a set of well-connected subnets • Sites and subnets are represented in AD by site and subnet objects, which you create through Active Directory Sites and Services. Each site object is associated with one or more subnet objects

  15. Active Directory Structure - Physical Nassau Community College ITE153 – Operating Systems • In AD, sites map the physicalstructure of your network, while domains map the logical or administrative structure of your organization • You can deploy domain controllers for multiple domains within the same site • You can also deploy domain controllers for the same domain in multiple sites

  16. Active Directory Structure - Physical Nassau Community College ITE153 – Operating Systems • Physically the Active Directory information is held on one or more peerdomain controllers (DCs) • Each DC has a copy of the Active Directory • Servers joined to Active Directory that are not domain controllers are called Member Servers

  17. Active Directory Structure - Physical Nassau Community College ITE153 – Operating Systems • AD synchronizes changes using multi-master replication • Multi-master replication is a method of database replication which allows data to be stored by a group of computers, and updated by any member of the group.

  18. Active Directory Structure - Physical Nassau Community College ITE153 – Operating Systems • The Active Directory database is organized in partitionsor naming contexts, each holding specific object types and following a specific replication pattern:  • schema partition defines the objects (such as users) and attributes (such as telephone numbers) that can be created in the AD, and the rules for creating and manipulating them.  • configuration partition contains information on the physical structure and configuration of the forest (such as the site topology) • domain partition holds all objects created in that domain and replicates only to Domain Controllers within its domain

  19. Active Directory Structure - Physical Nassau Community College ITE153 – Operating Systems • Global catalog (GC) servers provide a global listing of all objects in the Forest • Global Catalog servers replicate to themselves all objects from all domains and hence, provide a global listing of objects in the forest • By default, AD DS searches are directed to global catalog servers • The firstdomain controller in a forest is automatically created as a global catalog server. Thereafter, you can designate other DCs be global catalog servers

  20. Active Directory Structure - Physical Nassau Community College ITE153 – Operating Systems • A domain controller designated as a global catalog server stores the objects from all domains in the forest. • A global catalog server stores its own full, writable domain replica (all objects and all attributes) plus a partial, read-only replica of every other domain in the forest • The global catalog is builtandupdatedautomatically by the AD DS replication system. • Makes it possible for clients to search AD DS without having to be referred from server to server until a domain controller that has the domain directory partition storing the requested object is found

  21. Active Directory - Replication Nassau Community College ITE153 – Operating Systems • Active Directory replication is 'pull' rather than 'push', meaning that replicas pull changes from the server where the change was effected • The Knowledge Consistency Checker (KCC) creates a replication topology of site links using the defined sites to manage traffic. • Intrasite replication is frequent and automatic as a result of change notification, which triggers peers to begin a pull replication cycle

  22. Active Directory - Trust Nassau Community College ITE153 – Operating Systems • To allow users in one domain to access resources in another, Active Directory uses trusts • Trusts inside a forest are automaticallycreated when domains are created. • The forest sets the defaultboundaries of trust, and implicit, transitive trust is automatic for all domains within a forest • Based on Kerberos Version 5

  23. Active Directory - Trust Nassau Community College ITE153 – Operating Systems • One-way trust - one domain allows access to users on another domain, but the other domain does not allow access to users on the first domain. • Two-way trust - two domains allow access to users on both domains. • Trusting domain - the domain that allows access to users from a trusted domain. • Trusted domain - the domain that is trusted; whose users have access to the trusting domain. • Transitive trust - a trust that can extend beyond two domains to other trusted domains in the

  24. Active Directory - Trust Nassau Community College ITE153 – Operating Systems • Intransitive trust - a one way trust that does not extend beyond two domains. • Explicit trust - a trust that an admin creates. Not transitive; is one way only • Cross-link trust - an explicit trust between domains in different trees • Shortcut - joins two domains in different trees, transitive, 1or 2-way • Forest - applies to the entire forest. Transitive, 1or 2-way • Realm - Can be transitive or nontransitive, 1or 2-way • External - connect to other forests or non-AD domains. Nontransitive, 1or 2-way

  25. Review Nassau Community College ITE153 – Operating Systems

  26. Lab A: Operating in a Domain Nassau Community College ITE153 – Operating Systems

  27. Important URLS Nassau Community College ITE153 – Operating Systems • Active Directory - a very good overview from Wikipedia • What is an object? - a very good tutorial on object and classes • AD Server Roles - good description of different server roles • Sites - good explanation of site and subnet objects in AD • Replication SCenarios - nice overview of replication techniques, not just for ADs, but directories in general • What is a Global Catalog - an update overview of that explains GCS in the context of Active Directory Domain Services (AD DS) • How Domain and Forest Trusts Works - good nut & bolts description of how this works • Active Directory Collection - from Microsoft's Technologies Collection, provides in-depth tech reference about the Windows Server 2003 AD • Windows Server 2008 R2 Active Directory - good overview, free download, and a virtual lab

  28. Homework Nassau Community College ITE153 – Operating Systems • Review the Slides • Review Lesson 17 In The Text

More Related