slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Active Directory Fundamentals Thomas Lee Chief Technologist QA thomas.lee@qa PowerPoint Presentation
Download Presentation
Active Directory Fundamentals Thomas Lee Chief Technologist QA thomas.lee@qa

Loading in 2 Seconds...

play fullscreen
1 / 39

Active Directory Fundamentals Thomas Lee Chief Technologist QA thomas.lee@qa - PowerPoint PPT Presentation


  • 373 Views
  • Uploaded on

Active Directory Fundamentals Thomas Lee Chief Technologist QA thomas.lee@qa.com. What we will cover:. Domain, Trees, Forests Domain Controllers, Sites The Domain Naming Service Replication Operations Masters Lots of demos…. Prerequisite Knowledge.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Active Directory Fundamentals Thomas Lee Chief Technologist QA thomas.lee@qa


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Active Directory Fundamentals Thomas Lee Chief Technologist QA thomas.lee@qa.com

    2. What we will cover: • Domain, Trees, Forests • Domain Controllers, Sites • The Domain Naming Service • Replication • Operations Masters • Lots of demos….

    3. Prerequisite Knowledge • Understanding of what a directory service is • Networking skills! Level 200+

    4. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

    5. Active Directory Logical Concepts Domains • Boundary of Security • NOT!!! • Boundary of Authentication • Boundary of Replication • Domain NC Replication • Boundary of DNS Namespace • Boundary of Administration KAPOHO.NET

    6. Active Directory Logical Concepts Trees • Hierarchy of Domains forming a contiguous DNS namespace • Transitive Trust Relationships between domains • All domains in a Tree share: • Schema • Configuration • Global Catalog KAPOHO.NET HAWAII.KAPOHO.NET EUROPE.KAPOHO.NET MAUI.HAWAII.KAPOHO.NET

    7. Active Directory Logical Concepts Forests • Hierarchy of Domains forming a contiguous or disjoint namespace • Transitive Trust Relationships • All Domains in a Forest share: • Schema • Configuration • Global Catalog KAPOHO.NET PSP.CO.UK HAWAII.KAPOHO.NET

    8. Active Directory Logical Concepts Organizational Units • Containers within Domains • Distinct Units of Administration • Unique to Domains • Two main uses: • Delegation • Policies

    9. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

    10. Active Directory Physical Concepts Domain Controllers Primary Domain Controller (PDC) Domain Controllers (DC) Backup Domain Controller (BDC)

    11. Active Directory Physical ConceptsSites • What is a Site? • A set of well-connected IP subnets • Site Usage • Locating Services (e.g. Logon, DFS) • Replication • Group Policy Application • Sites are connected with Site Links • Connects two or more sites

    12. Active Directory Physical ConceptsSite Topology DC = Domain Controller GC = Global Catalog DC GC Site A Company.com Site C DC DC GC DC Site B europe.company.com america.company.com

    13. Active Directory Physical ConceptsGlobal Catalog • Partial Replica of all Objects in the Forest • Configurable subset of Attributes • Fast Forest-wide searches • Required at Logon for Universal Group Membership • Win2k3 – Universal Group Caching

    14. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

    15. DNS • DNS is fundamental to AD • No DNS == No AD • Even on a single server! • You have options over: • DNS Topology • DNS Namespace • DNS Server

    16. DNS DNS • SRV Records to locate services (req’d.) • DDNS for Dynamic Update (desired) • Windows 2000 and up, DNS also provides: • Incremental Zone Transfer • Active Directory Integrated • Single replication topology • Multi-master replication • Secure Dynamic update Tip: Use the latest version of BIND!

    17. DNSDNSImplementations • No existing DNS infrastructure • Deploy Microsoft DNS • Existing DNS meets requirements • Existing DNS not adequate: • Choice 1: Update Server • Choice 2: Migrate to Microsoft DNS • Choice 3: Delegate a subdomain to Microsoft DNS

    18. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

    19. ReplicationReplication Details • Naming Contexts that are replicated • Schema Naming Context • Configuration Naming Context • Domain Naming Context • Multi-Master Replication • Intra-site Bi-directional Ring Topology • Inter-site Spanning Tree Topology • Synchronous RPC over TCP/IP • Asynchronous SMTP

    20. ReplicationNaming Contexts • Schema • Definitions of attributes • Replicated to all DCs in the forest • Configuration • AD Structure (domains, sites, and where the DCs are) • Replicated to all DCs in the forest • Domain • Domain specific objects (users, groups, computers, and OUs) • Replicated to all DCs in its domain

    21. ReplicationReplication Topologies • Intra-Site Replication: AD replication between DCs within a Site • Inter-site Replication: AD replication between Sites

    22. ReplicationIntra-Site Replication • RPC Replication in a Site • No compression • Assumes good network connections • Uses notification process • 5 minutes -2k • Less – 2k3 • KCC Generates a bi-directional Ring with extra edges Tip: Always let KCC generate the intra-site replication topology when possible

    23. ReplicationInter-Site Replication • Replication between Sites • DS-RPC (RPC over IP) or SMTP Transports • SMTP can be used only between • GCs across Sites • DCs of different domains and in different sites • Compression • 10%-20% of original size • Scheduled

    24. ReplicationSite-Links, Bridges and Bridgehead Servers • Site Links link two or more sites • Cost and schedules can be specified • Transitive (can be disabled) • Site-Link Bridges • Bridge two or more site links • Bridgehead servers • KCC generates a minimum cost spanning tree Tip: Always let KCC generate the replication topology

    25. Agenda • Active Directory Logical Concepts • Active Directory Physical Concepts • DNS • Replication • Operations Masters

    26. Operations MastersSchema and Domain • Schema • Perform updates to schema • Sends updates to all DCs • One per forest • Default is the first DC installed • Domain • Performs add/remove of domains and cross-references to external DS • One per forest • Default is the first DC installed

    27. Operations MastersPDC, RID and Infrastructure • Primary Domain Controller (PDC) • Acts as a PDC for requests from NT clients • One per domain • Relative Identifier (RID) • Generates pools of security identifiers to be distributed to DCs in the domain • One per domain • Infrastructure • updates SIDs and domains that are moved in and out of the domain

    28. Summary • There are Logical and Physical concept • DNS • Plenty of Information

    29. For More Information… • Main TechNet Web site at www.microsoft.com/technet • Additional resources to support this Session page can be found at www.microsoft.com/technet/tnt1-98

    30. MS PressInside information for IT Professionals To find the latest IT Professional related titles visit www.microsoft.com/learning/it/books

    31. Third Party PublicationsSupplementary Publications for IT Pros These books can be found and purchased at all good book stores and on-line retailers

    32. Microsoft LearningTraining Resources for IT Professionals QA Special Offer on ALL IT Professional Training 50% off – all QA courses running 1st Week in January 2005 40% off all other courses running in January 2005 www.qa.com/course/specialofferdetails.aspx?code=xmasbonus • Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure • Course Number: 2279 • Availability: Now • Detailed Syllabus: www.microsoft.com/learning To locate a training provider, please access www.microsoft.com/learning Microsoft Certified Technical Education Centers are Microsoft’s premier partners for training services

    33. Assess your ReadinessMicrosoft Skills Assessment What is Microsoft Skills Assessment? • Self-study learning tool to evaluate readiness for product and technology solutions, instead of job-roles (certification) • Windows Server 2003, Exchange Server 2003, Windows Storage Server 2003, Visual Studio .NET, Office 2003 • Free, online, unproctored, and available to anyone • Answers, “Am I ready?” • Determines skills gaps, provides learning plans with Microsoft Official Curriculum courses, plus more Microsoft learning content suggestions such as TechNet resources • Post your High Score to see how you stack up • visithttp://www.microsoft.com/assessment

    34. Become a Microsoft Certified Systems Administrator (MCSA) • What is the MCSA certification? • For IT professionals who manage and maintain networks and systems based on the Microsoft Windows Server operating system • How do I become an MCSA on Microsoft Windows 2000? • Pass 3 core exams • Pass 1 elective exam or 2 CompTIA certifications • Where do I get more information? • For more information about certification requirements, exams, and training, visit www.microsoft.com/mcsa

    35. Become A Microsoft Certified Systems Engineer (MCSE) • What is the MCSE certification? • Premier certification for IT professionals who analyze the business requirements and design, plan, and implement the infrastructure for business solutions based on the Microsoft Windows Server System integrated server software. • How do I become an MCSE on Microsoft Windows 2003? • Pass 6 core exams • Pass 1 elective exams from a comprehensive list • Where do I get more information? • For more information about certification requirements, exams, and training options, visit www.microsoft.com/mcse

    36. Demonstrate Your Security or Messaging Specialization • What are MCSA/MCSE specializations? • MCSA and MCSE specializations allow IT professionals to highlight specific expertise or technical focus within their job role. • What specializations are available? • MCSA: Security  MCSA: Messaging • MCSE: Security  MCSE: Messaging • Where do I get more information? • For more information about MCSA and MCSE specialization requirements, exams, and training options, visit www.microsoft.com/mcsaorwww.microsoft.com/mcse

    37. What is TechNet? • Put the right answers at your fingertips • TechNet is the comprehensive collection of resources to help IT implementers plan, deploy, and manage Microsoft products successfully TechNet Subscription • Monthly updates delivered on DVD or CD • The definitive resource to help you evaluate, deploy and maintain Microsoft products TechNet Web Site • Accessible at www.microsoft.com/technet • Online resources and community • Subscriber-only Online Services TechNet Flash • Bi-weekly e-newsletter • Security updates, new resources, and special offers TechNet Events and Web Casts • Briefings on the latest Microsoft products and technologies • Hands-on, “how to” information TechNet Communities • User Groups • Managed Newsgroups

    38. Where Can I Get TechNet? • Visit TechNet Online atwww.microsoft.com/technet • Register for the TechNet Flash www.microsoft.com/technet/subscriptions/flash.asp • Join the TechNet Online forum at www.microsoft.com/technet/itcommunity • Become a TechNet Subscriber at www.microsoft.com/technet/buynow/subscribe • Attend More TechNet Events or view on-linewww.microsoft.com/technet/tcevents/itevents