Active directory


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Active directory

  1. 1. ACTIVE DIRECTORY Active directory is single point of reference, called directory services, to all the objects in a network, including users, groups, computer, printer, polices and permissions. For a user or an administrator AD provides a single hierarchical View from which to access and manage all of the network resources.
  2. 2. • AD utilizes ip protocol and standards like ssl(secure socket layer), transport layer security (tls) authentication, LDAP (Light weight directory protocol, DNS
  3. 3. ACTIVE DIRECTOR and DNS • Active directory uses the DNS. • Dns domains are organise into a hierarchical structure. • Different level of dns identify computer, organisational domain, and top level domain. • DNS also maps host name i.e.(Fully qualified name to IP ADDRESS. • Fqn for airforce name PC IN DOMAIN Defence with top level domain def is airforce.defence.def
  4. 4. Core Unit Of AD • DOMAINS • TREE • FOREST • Oraganisational unit (OU)
  5. 5. DOMAIN • Is a logical structure of AD. i.e Office at Aahmedabad is a physical Object, Office at Gandhinagar is a physical object, But at Gandhinagar or Aahmendabad office we are making a logial gruouping of Users,groups,printers,polices,Faxes and computers. You can dicide your office computer network into logical parts called domain depends upon your requirment.
  6. 6. Domain • Domain is the boundary of replication : Domains within the AD replicate the information about objects between domains Objects like Users Groups Contacts OU Computer
  7. 7. Domain • Doman is the boundary of authentication : Boundary of users account Group permission Resource Access • Domain is the boundary of administration
  8. 8. Domain • Domain is the boundary of DNS Name space Dns service recordes in AD is the way of locating services Computers in a domain defence is entered into daomin as a.defence.def b.defence.def Child domain are entered as Gandhi.defence.def **Child domain takes their name from parent Domain Computer in child domins are entered as a.gandhi.defence.def b.gandhi.defence.def All domains have both domain name , Fully qulIFIED domain name and Netbios name for NT4 PDC and BDC
  9. 9. Tree • Tree is hiaeracy of domain desined is a way to match the DNS structure. • Tree share transit trust relationship between domain i.e Users can access their resources in a domain where they loged in, They can also access resouces in other domain within tree if proper rights given. They Share Schema configuration and global Catlog
  10. 10. SCHEMA • Schema is defination of object in AD Objects in AD are Users Groups Contacts etc These all objects are made from common object defination schema All domains within tree has to aggree with this common schema.
  11. 11. Configuration • Domains within tree share the configuration between them i.e Information about users, groups, resources etc Each domain knows about other domain and their objects.
  12. 12. Global Catlog • Global catlog is the centar repositary it contains the reference to all objects in AD.
  13. 13. • Define a new tree with DCPROMO
  14. 14. FOREST • When we create a single domain a forest is created • Within forest we can create multiple child domains or trees with continguous namespace airforce.def • Within forest we can create multiple trees with disjoined namespace airforce.def
  15. 15. Forest • All domains within forest share transit trust relationship • All domain in forest share Common Schema Configuration Global Catlog
  16. 16. Organisational Unit • OU are containers within Domain They contain objects of domain You can create an Oraganisational unit to organise users , computers or groups etc. For example You can create a OU for sales team to manage sales team employe and their computers
  17. 17. Organisational Unit • Distint unit of administration You can delegate the administrative rights for administrating OU In windows NT if you want to give administration rights on some objects of domain to any particular you have to make him domain administrator but in windows 2003 you can create OU delegare administrative rights on that particular OU to concern autherity.
  18. 18. Organisational Unit • OU are unique to domain. i.e OU can be container for objects of domain in which OU is created 1)OU can be created to Manage users and computer 2)you can create group policy and apply on 3)Delegae administration using OU
  19. 19. Demostration Logical Objects Active directory domain,tree,and forest Users,groups and OU Create new tree in AD using DCPROMO
  20. 20. Active DIRECTORY • When we promote Server DOMAIN WE ACTUALLY install Active directory database. Database file name is NTDS.dit dit--(Directory information tree) AD database is divided into four parts Domain --Users,groups,computer Schema --Object defination Configuration –Configutaion of domins Application --Aapplications like DNS while in windows 2000 AD Database is divided into three parts Domain --uSERS, groups , computers, DNS Schema Configuration
  21. 21. Replication Model • IN windows nt Replication is done between PDC to BDC Known as Single master replication model • In Wwindows 2003 all domain replicate between each other known as Multiple master replication
  22. 22. Site • A site is a well connected IP Subnet i.e if all subnets in a Network are connected through well connected network like LAN (10/100/1000 ETHERNET) than we can treate or create it as single site For example : If there is one office at ahmedabad and one at Gandhinagar connected by modem we can treate each as a different site If we are having two offices at gandhinagar connected by lease line of 10 mbps than we can treate theis two offices as single site
  23. 23. Domain Vs Site • Domain is logical concept • Site is physical concept • A site can contain multiple domain • Now two site can have single domain Because sites are connected through expensive low speed network there is no point is forwarding authentication process over such a slow and expensive network.
  24. 24. site • Site provides local logon services and Distributed file system (DFS) • REPLICATION: Replication between all domins in a site and during off hours between sites. • Group Policy: Site level group policy
  25. 25. Site Requirment • Member ship in enterprise admin group i.e. admin rights on forest • Unique IP Subnet range or ranges i.e. two different site must be on different subnet or subntes • Every site must have at least one domain controller • Inter site transport : Sites are connected with each other with low speed network they USE IP OR SMTP protocl to replicate. IP is more traffice Insentive and SMTP is 25 % less traffice consumin than IP but is processor hungry
  26. 26. Global Catlog • Prtial replica of all the object in forest : Each site must have one global catlog ,it contains the refference of all objects in a forest only reference not the complete information of object . This refference will help AD TO LOCATE THE object fast. GC also known as cetral repository • Configurable subset of Aattributes : You can select what attributes to be send to GC as refference for an object. • These attributes will help AD to locate objects fast forest wide search. • Required for logon univarsal group membership: Global catlog is require for logon authentication that’s why each site must have a GC.
  27. 27. GC Gc is required if a site has more than 100 users If there is relibel lease line connectivity (Means good network connectivity between two Physically saprate site than we may not require GC AT BOTH SITE. If there is no GC Dependent server like exchange server we may avoid keeping GC AT that particular site
  28. 28. Demostration • Site and global catlog • Creating a site , gc