chapter 1
Download
Skip this Video
Download Presentation
OVERVIEW OF ACTIVE DIRECTORY

Loading in 2 Seconds...

play fullscreen
1 / 35

OVERVIEW OF ACTIVE DIRECTORY - PowerPoint PPT Presentation


  • 92 Views
  • Uploaded on

Chapter 1. OVERVIEW OF ACTIVE DIRECTORY. ACTIVE DIRECTORY FUNCTIONS. Directory Services Used to define, manage, access, and secure network resources. Resources include: files, printers, groups, people, and applications. Active Directory Stored as NTDS.dit on a domain controller.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'OVERVIEW OF ACTIVE DIRECTORY' - topanga-fernandez


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
active directory functions
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYACTIVE DIRECTORY FUNCTIONS
  • Directory Services
    • Used to define, manage, access, and secure network resources.
    • Resources include: files, printers, groups, people, and applications.
  • Active Directory
    • Stored as NTDS.dit on a domain controller.
    • Used by domain controllers to authenticate users.
    • Domain controllers store, maintain, and replicate.
active directory benefits
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYACTIVE DIRECTORY BENEFITS
  • Centralized administration
  • Single point of access
  • Fault tolerance and redundancy
  • Multiple domain controllers are used
  • Multi-master replication
  • Simplified resource location
centralized administration
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYCENTRALIZED ADMINISTRATION
  • Hierarchical organization for ease of administration
  • Common Microsoft Management Console (MMC) tool set
    • Active Directory Users And Computers (DSA.MSC)
    • Active Directory Domains And Trusts (DOMAIN.MSC)
    • Active Directory Sites And Services (DSSITE.MSC)
single point of authentication
Before directory services

Server1

Server2

Server3

After directory services

Active Directory

Single sign-on

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY

SINGLE POINT OF AUTHENTICATION
simplified resource location
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYSIMPLIFIED RESOURCE LOCATION
  • Search features available on Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Windows Server 2003.
  • Search Active Directory to find:
    • Shared folders
    • Printers
    • People (user accounts)
active directory schema
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYACTIVE DIRECTORY SCHEMA
  • Object classes
    • User accounts
    • Computer accounts
    • Printers
    • Groups
  • Object Attributes
    • Name
    • Globally unique identifier (GUID)
    • Location (for printer)
    • E-mail address (for users)
organizational units
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYORGANIZATIONAL UNITS
  • Container objects
  • Look like a folder with a book icon in Active Directory Users And Computers
  • Security is applied to OUs
    • Inherited by child OUs
    • Used to control access to that OU or hide subordinate OUs
    • Allows for the delegation of administrative rights
domains
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYDOMAINS
  • Logical grouping of resources.
  • Form security and replication boundaries.
    • Individual access control lists (ACLs) for each domain.
    • Group Policies are typically assigned and inherited within a domain only, not from the forest.
    • Domain replication is independent of global catalog and schema replication.
  • Multiple domains may be used by a single organization.
domains trees and a forest
Forest root

Domain tree

and tree root

ou

root

parent

ou

contoso

.

com

tailspintoys

.

com

child

child

west

.

contoso

.

com

east

.

contoso

.

com

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY

DOMAINS, TREES, AND A FOREST
sites
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYSITES
  • Used to reflect the physical network structure
  • Usually local area network (LAN) versus wide area network (WAN)
  • Optimize replication
  • Knowledge Consistency Checker (KCC) creates and maintains this structure
naming standards
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYNAMING STANDARDS
  • Lightweight Directory Access Protocol (LDAP)
    • Standard naming structure and hierarchy
    • Established by the Internet Engineering Task Force (IETF)
  • Domain Name System (DNS)
  • Uniform Resource Locator (URL)
planning for active directory
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYPLANNING FOR ACTIVE DIRECTORY
  • Logical and physical structure
  • DNS and Active Directory integration and naming
  • Functional levels of domains and forests
  • Trust relationships and models
structuring active directory
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYSTRUCTURING ACTIVE DIRECTORY
  • Security and administrative goals are important when defining the logical structure.
    • Group Policy application and inheritance
    • Delegating administrative control
    • Permission inheritance
  • Logical structure often reflects the business or administrative model.
  • Sites are used to reflect the physical structure of the network.
role of dns
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYROLE OF DNS
  • Resolves friendly names to Internet Protocol (IP) addresses.
  • Required by Active Directory.
  • Domain members use service locator (SRV) records to find domain controllers.
  • Dynamic DNS (DDNS) is supported and recommended.
functional levels
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYFUNCTIONAL LEVELS
  • Designed to support downlevel compatibility
  • Increasing functional level allows for use of new features
  • Two types of functional level
    • Domain functional level
    • Forest functional level
domain functional levels
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYDOMAIN FUNCTIONAL LEVELS
  • Windows 2000 mixed
  • Windows 2000 native
  • Windows Server 2003 interim
  • Windows Server 2003
windows 2000 mixed functional level
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYWINDOWS 2000 MIXED FUNCTIONAL LEVEL
  • Domain controllers can run on the following operating systems:
    • Windows NT Server 4.0
    • Windows 2000 Server
    • Windows Server 2003
  • Features at this functional level include:
    • Install from media
    • Application directory partitions
    • Enhanced user interface (UI)
windows 2000 native functional level
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYWINDOWS 2000 NATIVE FUNCTIONAL LEVEL
  • Domain controllers can run on the following operating systems:
    • Windows 2000 Server
    • Windows Server 2003
  • Features at this functional level include:
    • Group nesting
    • Universal groups
    • Security Identifier History (siDHistory)
windows server 2003 interim functional level
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYWINDOWS SERVER 2003 INTERIM FUNCTIONAL LEVEL
  • Designed for organizations that have not upgraded to Windows 2000 Active Directory.
  • Only Windows Server 2003 and Windows NT Server 4.0 domain controllers are supported.
  • Windows 2000 Server domain controllers are NOT allowed.
  • No extra features over any other functional level.
windows server 2003 functional level
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYWINDOWS SERVER 2003 FUNCTIONAL LEVEL
  • Only Windows Server 2003 domain controllers
  • Features at this functional level include:
    • Replicated last logon timestamp
    • Key Distribution Center (KDC) version numbers
    • User password on inetOrgPerson objects
    • Domain renaming
raising the domain functional level
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYRAISING THE DOMAIN FUNCTIONAL LEVEL
  • Must be logged on as a member of the Domain Admins group.
  • Performed using the Primary Domain Controller (PDC) emulator.
  • All domain controllers must support the new level.
  • Irreversible.
forest functional levels
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYFOREST FUNCTIONAL LEVELS
  • Windows 2000
  • Windows Server 2003 interim
  • Windows Server 2003
windows 2000 forest functional level
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYWINDOWS 2000 FOREST FUNCTIONAL LEVEL
  • All domain controllers must be Windows 2000 Server or Windows Server 2003 domain controllers.
  • Features supported at this functional level include:
    • Install from media
    • Universal group caching
    • Application directory partitions
windows 2003 interim forest functional level
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYWINDOWS 2003 INTERIM FOREST FUNCTIONAL LEVEL
  • Only Windows Server 2003 and Windows NT Server 4.0 domain controllers are supported.
  • Windows 2000 Server domain controllers are NOT allowed.
  • Features at this level include:
    • Improved inter-site topology generator (ISTG)
    • Improved linked value replication
windows server 2003 forest functional level
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYWINDOWS SERVER 2003 FOREST FUNCTIONAL LEVEL
  • Only Windows Server 2003 domain controllers are supported.
  • Features at this level include:
    • Dynamic auxiliary class objects
    • User objects can be converted to inetOrgPerson objects
    • Schema redefinitions permitted
    • Domain renames permitted
    • Cross-forest trusts permitted
raising the forest functional level
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYRAISING THE FOREST FUNCTIONAL LEVEL
  • Must be logged on as a member of the Enterprise Administrators group.
  • Must be connected to the Schema Operations Master.
  • All domain controllers must support the new functional level.
  • Irreversible.
active directory trust models
Forest Root Domain

Child Domain A

Child Domain C

Child Domain B

Child Domain D

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY

ACTIVE DIRECTORY TRUST MODELS
  • Transitivity: If A trusts B and B trusts C, then A trusts C
shortcut trust
Forest Root Domain

Child Domain A

Child Domain C

Shortcut Trust

Child Domain B

Child Domain D

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY

SHORTCUT TRUST
windows nt server 4 0 trust model
Domain A

Domain

Domain B

C

Domain

D

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY

WINDOWS NT SERVER 4.0 TRUST MODEL
cross forest trust
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYCROSS-FOREST TRUST
  • New in Windows Server 2003
  • Trusts between two forests
  • Requires Windows Server 2003 forest functional level
  • Uses Kerberos as do all Windows 2000 and Windows Server 2003 intra-forest trust relationships
summary
Chapter 1: OVERVIEW OF ACTIVE DIRECTORYSUMMARY
  • Active Directory is a database (NTDS.dit).
  • DNS is required by Active Directory.
  • Schema defines object types and attributes.
  • Domain and forest functional levels provide a balance between backward compatibility and new functionality.
  • Active Directory allows for two-way transitive (Kerberos) trusts.
  • Trusts allow domain hierarchies to be created.
  • Cross-forest trusts are a new feature for Windows Server 2003 Active Directory.
ad