0
Active Directory
Active Directory Definitions






AD is Microsoft’s consolidation of the major
enterprise-wide directory services with...
AD Advantages










Provides centralized logon and authentication point
for users to access resources
A focal poi...
New Features


Restart capability



Read-only Domain Controller



Auditing improvements





Multiple Password/Acco...
DNS








DNS is an Internet standard service that translates
easily readable host names, such as
mycomputer.microso...
AD and DNS integration
•

•
•

•

Active Directory and DNS have the same
hierarchical structure.
All AD names follow DNS c...
AD Organization






An underlying principle of the AD is that
everything is considered and object – people,
servers, ...
Controlling Object Access






Every object has an ACL that contains
information about who has access to it and
what t...
Schema








A set of object definitions (object classes)
and their associated attributes
Provides info on what obje...
AD Organization




AD objects are organized around a
hierarchical domain model that allows
scalability and expandabilit...
Name Space






AD is based on the concept of a namespace,
that is a name is used to resolve the location
of an object...
Domain










Logical partition comprised of users, computers
and network resources that share a common
logical se...
Trusts






Logical connections between domains to allow users
from one domain to access resources in another domain
...
Transitive Trusts
Domain B

Domain A

Domain C

A transitive trust is a trust between two domains in the same
domain tree/...
Domain Tree






Consists of hierarchy of domains sharing a
common schema, security trust relationship,
and a Global C...
Domain Tree Example
Toysrus.com

Marketing.toysrus.com

ny.marketing.toysrus.com

Sales.toysrus.com
Domain Forests






Domain trees with different namespaces
connected by trust relationships
All trees within the fores...
Domain Forest Example
toysrus.com

Babiesrus.com

Sales.toysrus.com
Sales.babiesrus.com
Marketing.toysrus.com
HR.Babiesrus...
Organizational Unit






Administrative substructure of domains,
arranged hierarchically, can be nested
Special type o...
OU Example
Toysrus.com

Marketing.toysrus.com

Sales.toysrus.com
Teams.sales.toysrus.com

Online.teams…

ny.marketing.toys...
Global Catalog







AD uses a global catalog in order for users to
find objects quickly, even in a large
multidomain...
Domain and Forest
Functional Levels








Windows Server 2008 has 3 forest functional
levels:
Windows 2000 Native
Wi...
Sites







Address physical network structure
A site is a region of your network infrastructure
made up of one or mo...
Sites and DCs




DCs are automatically placed into sites
when they join the AD domain, by IP
subnet membership.
After b...
Upcoming SlideShare
Loading in...5
×

Active directory

367

Published on

Active Directory ppt

Published in: Education, Technology
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total Views
367
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
46
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Active directory"

  1. 1. Active Directory
  2. 2. Active Directory Definitions    AD is Microsoft’s consolidation of the major enterprise-wide directory services within a single, replicable data store and administrative interface AD is a network-based object store and service that locates and manages resources, and makes these resources available to authorized users and groups. The 2 components of AD are the Data Store and the AD Services that act on that data
  3. 3. AD Advantages      Provides centralized logon and authentication point for users to access resources A focal point for centralized administration and management A searchable store for info about every network object and its attributes Standard-based structures and interfaces allow for product interoperability and compatibility with 3rd party products Scalable (virtually no limit on number of objects)
  4. 4. New Features  Restart capability  Read-only Domain Controller  Auditing improvements   Multiple Password/Account Lockout Policies in a Domain AD Lightweight Directory Services Role
  5. 5. DNS     DNS is an Internet standard service that translates easily readable host names, such as mycomputer.microsoft.com, to numeric IP addresses. Domain names for DNS are based on the hierarchical naming structure (inverted tree structure): a single root domain, underneath which can be parent and child domains (branches and leaves). Each computer in a DNS domain is uniquely identified by its DNS fully qualified domain name (FQDN), e.g. server1.ifsm.umbc.edu Dynamic DNS – newer standard, required for AD
  6. 6. AD and DNS integration • • • • Active Directory and DNS have the same hierarchical structure. All AD names follow DNS conventions DNS records (zones) can be stored in Active Directory. Active Directory clients use DNS to locate domain controllers.
  7. 7. AD Organization    An underlying principle of the AD is that everything is considered and object – people, servers, workstations, printers, etc. Each object also has certain attributes Object classes are definitions of the object types that can be created in the AD.
  8. 8. Controlling Object Access    Every object has an ACL that contains information about who has access to it and what they can do with it. Controlling access to the object in AD is not the same as access to the object itself. AD permissions only specify whether a user, group or computer can view or modify an object’s properties in AD. Access can be setup for individual object properties
  9. 9. Schema     A set of object definitions (object classes) and their associated attributes Provides info on what objects and attributes are available to the Directory Allows administrators to modify and add new object classes, objects and attributes as needed, making the schema extensible Because of this flexibility, AD is capable of being the single point of administration for all published resources (files, peripheral devices, host connections, databases, Web access, users)
  10. 10. AD Organization   AD objects are organized around a hierarchical domain model that allows scalability and expandability Domain model building blocks are: - domains - domain trees - forests - organization units
  11. 11. Name Space    AD is based on the concept of a namespace, that is a name is used to resolve the location of an object AD domain names correspond to DNS domain names Each object has different ways to refer to it, and each name pinpoints the location of object in AD
  12. 12. Domain      Logical partition comprised of users, computers and network resources that share a common logical security boundary and utilize a common namespace (e.g. ifsm.umbc.edu) Domains can be arranged into a hierarchical parent-child structure All domains maintain their own security policies and security relationships with other domains Requires at least 1 Domain Controller (where AD database is stored) If more than 1 DC (recommended) – they use multi-master replication
  13. 13. Trusts     Logical connections between domains to allow users from one domain to access resources in another domain Can be one- or two-way Can be transitive, intransitive or explicit Trust terminology: Trusting trusts Trusted Domain Trusted Domain (Users) Trusting Domain (Resources)
  14. 14. Transitive Trusts Domain B Domain A Domain C A transitive trust is a trust between two domains in the same domain tree/forest that can extend beyond these two domains to other trusted domains within the same domain tree/forest. A transitive trust is always a 2-way trust - both of.the domains trust each other. By default, all Windows Server 2008 trusts within a domain tree/forest are transitive trusts.
  15. 15. Domain Tree    Consists of hierarchy of domains sharing a common schema, security trust relationship, and a Global Catalog Formed through the expansion of child domains, and there’s one root domain (the first created domain) Defined by a common and contiguous namespace
  16. 16. Domain Tree Example Toysrus.com Marketing.toysrus.com ny.marketing.toysrus.com Sales.toysrus.com
  17. 17. Domain Forests    Domain trees with different namespaces connected by trust relationships All trees within the forest share a Global Catalog, configuration and schema. Simply a reference point between trees and doesn’t have its own name.
  18. 18. Domain Forest Example toysrus.com Babiesrus.com Sales.toysrus.com Sales.babiesrus.com Marketing.toysrus.com HR.Babiesrus.com Ny.marketing.toysrus.com Ny.sales.babiesrus.com
  19. 19. Organizational Unit    Administrative substructure of domains, arranged hierarchically, can be nested Special type of object called container; includes users, computer systems, printers, etc. A logical subset defined by security or administrative parameters where specific system admin functions can be easily segment and delegated
  20. 20. OU Example Toysrus.com Marketing.toysrus.com Sales.toysrus.com Teams.sales.toysrus.com Online.teams… ny.marketing.toysrus.com Retail.teams…
  21. 21. Global Catalog     AD uses a global catalog in order for users to find objects quickly, even in a large multidomain environment GC contains all the objects in the AD, inclusive of all domains and trees in a forest, but with only a subset of their attributes. Serves as an index to the entire structure Serves as a central point for user authentication
  22. 22. Domain and Forest Functional Levels     Windows Server 2008 has 3 forest functional levels: Windows 2000 Native Windows 2003 Windows 2008 Windows Server 2008 has 3 domain functional levels: Windows 2000 Windows 2003 Windows 2008 Functional level only applies to DC, not member servers. Raising domain/forest functional level is irreversible
  23. 23. Sites     Address physical network structure A site is a region of your network infrastructure made up of one or more well-connected IP subnets. Sites are used to allow all AD clients belonging to the same physical network area to access services (DCs, GC and DNS servers) from the servers in close proximity, rather than across slow, expensive WAN links Sites allow AD have more efficient DC replication - can configure DC replication differently interand intra-sites
  24. 24. Sites and DCs   DCs are automatically placed into sites when they join the AD domain, by IP subnet membership. After being placed into the site, the DCs begin receiving replicated information for their own domain, as well as forest info.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×