2. 2
Intro
• Directory Service - is a software application that stores
and organizes information about a computer network's
users and network resources, and that allows network
administrators to manage users' access to the
resources.
• LDAP (Lightweight Directory Access Protocol) is the
directory service for Unix.
• Active Directory (AD) is the directory service for
Windows 2000 Server. It stores information about
objects on the network and makes this information easy
for administrators and users to find and use.
• With a single network logon, administrators can manage
directory data and organization throughout their network,
and authorized network users can access resources
anywhere on the network.
• Server-client architecture
3. 3
Benefits of Active Directory
• Active Directory provides:
– Information security
– Policy-based administration
– Extensibility
– Scalability
– Replication of information
– Integration with DNS
– Interoperability with other directory services
– Flexible querying
• Active Directory was released first with Windows
2000 Server edition, and revised to extend
functionality and improve administration in
Windows Server 2003.
4. 4
Domain
• a domain is just a group of servers and workstations that
agree to centralize user and machine accounts and
passwords in a shared database.
• A security boundary
• Domains do several things for us.
– Keep a central list of users and passwords.
– Provide a set of servers to act as “authentication servers” or
“logon servers” known as domain controllers
– Maintain a searchable index of the things in the domain, making
it easier for people to find resources
– Let you create users with different levels of powers
– Allow you to subdivide your domains into subdomains called
organization units or OUs.
5. 5
domain trees and forests
• Each domain in the directory is identified
by a DNS domain name and requires one
or more domain controllers.
• If multiple domains have contiguous DNS
domain names, then that structure is
referred to as a domain tree.
6. 6
• A forest can contain one or more domain
trees.
7. 7
• You create a domain by installing the first
domain controller (AD server) for a
domain.
• Domains that form a single domain tree
share a contiguous namespace (naming
hierarchy).
• For example, a domain with a NetBIOS
name of "grandchild" that has a parent
domain named parent.microsoft.com,
would have a fully qualified DNS domain
name of grandchild.parent.microsoft.com.
8. 8
• In Active Directory, each user account has a
user logon name, and a user principal name
suffix.
• The user principal name is composed of the
user logon name and the user principal name
suffix joined by the @ sign.
• the user principal name suffix, identifies the
domain in which the user account is located.
• The logon name for a user named abebe in
microsoft.com domain would be
abebe@microsoft.com.
User
logon
name
User principal
name suffix
9. 9
AD Configuration Summary
1. Install AD on one computer making it a
domain controller (server).
2. Making the server as the DNS server,
join client computers to the domain.
3. Create user accounts on the server.
4. Log on to the clients using the created
accounts and choosing the new domain
as your primary logon.
10. 10
• Please go through AD steps.pdf provided
on you lecture notes for the steps involved
in installing AD, or you can view a more
compact form at
http://www.petri.co.il/how_to_install_active
_directory_on_windows_2003.htm
• Click here to open AD steps.pdf.
• The best book on Windows 2000/2003
Server is found at
http://10.4.10.5/books/Networking/ entitled
Mastering Windows Server 2003.