Windows Administration

Windows Administration

Active Directory Domain Services

Borislav Varadinov

Telerik Software Academy

academy.telerik.com

System Administratorbobi@itp.bg

Table of Contents Domains and Forests Objects Sites and Replication Operation Masters

2

3

Active Directory Domains and Forests

What is a Domain Controller?

Manages the Active Directory Objects and Database

Responds to security authentication requests

Replicates information from other domain controllers

Provides information for various network resources

Can be Writable or Read Only

4

User PassJohn P@sswOrdJane 12345

AD DB

OBJECT

What is a Domain?

5

ADDB

ADDB

ADDB

Boundary of Replication Boundary of Administration Boundary of DNS Namespace

Replication

MyCorporation.local

What is a Forest?

All Domains in a Forest share: Schema Configuration Global Catalog

The forest is also considered as a security boundary 6

BeraXo.local

USA.BeraXo.local

BeraXoConsultancy.org

Schema Attributes

Username Description Location

Classes User Computer Contact

7

Username

Password

Address

Email

User

Contact

Name

Naming Contexts and Partitions Schema

Definitions of object classes and attributes Replicated to all DCs in the forest

Configuration AD Structure (domains, sites, etc.) Replicated to all DCs in the forest

Domain Domain specific objects (users, groups,

computers, and OUs) Replicated to all DCs in a domain

Application Partitions8

Global Catalog Partial Replica of all Objects

in the Forest Configurable subset of Attributes Fast Forest-wide searches Required at Logon for Universal

Group Membership Win2k3 – Universal Group Caching

9

Trusts

10

BeraXo.local

USA.BeraXo.local

PartnerCorp.local

External or Forest

Provides access to resources located on a domain in a separate forest

Trust options Direction Transitivity

Child

TypeParent/ChildExternalForestShortcutRealm

Active Directory and DNS

The DNS Service is an essential part of Active Directory Active Directory cannot work

without DNS Service (Even on a single server)

Active Directory and DNS share identical domain name

Domain Controller locator process rely on DNS

DNS Service can store its data in Active Directory 11

Active Directory Integrated DNS Zone

SRV Records to locate services LDAP Kerberos Other

Active Directory-integrated DNS DDNS for Dynamic Update Single replication topology Multi-master replication Secure Dynamic update

12

Protocols and Technologies

LDAP Kerberos NTLM RPC DNS

13

DSA

LDAP

NTLM KerberosDNS

RPC

Replication

Windows OS

Extensible Storage Engine

Active Directory Objects

Domain Users

15

John

Domain Groups Type

Security Distribution

Scope Domain Local Global Universal

16

HR Department

John Bill Kelly

Domain Computers

17

Organizational Units Containers within

Domains Organizes users,

groups and other objects

Represents departments or geographic regions

Main uses: Organization Delegation Policies

18

Users

SalesIT

Domain Security Principles Users

Groups Computers Built-in Security Groups

Administrators Backup Operators Users Power Users Print Operators

19

Active Directory Sites and Replication

Active Directory Sites What is a Site?

A set of well-connected IP subnets Site Usage

Locating Services Replication Group Policy Application

Sites are connected with Site Links Connects two or more sites

21

Site Usage (Location Services)

22

Site Usage (Replication)

23

Multi-Master Replication

Conflict resolution Operation Masters

24

Operation Master

Operation Master What is an Operation Master? Why we need Operation Masters?

26

Operation Masters Forest-Wide

Schema Master Domain Naming Master

Domain-Wide Primary Domain Controller (PDC) Relative Identifier (RID) Infrastructure Master

27

Schema Master Performs updates to schema Sends updates to all DCs One per forest Default is the first DC installed

28

Domain Naming Master Performs add/remove of domains and cross-references to external DS

One per forest Default is the first DC installed

29

Install Active Directory Dcpromo DNS Management Tools

30

форум програмиране, форум уеб дизайнкурсове и уроци по програмиране, уеб дизайн – безплатно

програмиране за деца – безплатни курсове и уроцибезплатен SEO курс - оптимизация за търсачки

уроци по уеб дизайн, HTML, CSS, JavaScript, Photoshop

уроци по програмиране и уеб дизайн за ученициASP.NET MVC курс – HTML, SQL, C#, .NET, ASP.NET MVC

безплатен курс "Разработка на софтуер в cloud среда"

BG Coder - онлайн състезателна система - online judge

курсове и уроци по програмиране, книги – безплатно от Наков

безплатен курс "Качествен програмен код"

алго академия – състезателно програмиране, състезанияASP.NET курс - уеб програмиране, бази данни, C#, .NET, ASP.NET

курсове и уроци по програмиране – Телерик академия

курс мобилни приложения с iPhone, Android, WP7, PhoneGapfree C# book, безплатна книга C#, книга Java, книга C# Дончо Минков - сайт за програмиране

Николай Костов - блог за програмиранеC# курс, програмиране, безплатно

?? ? ?

??? ?

?

? ?

??

?

?

? ?

Questions?

?

Active Directory Domain Services

http://academy.telerik.com

Free Trainings @ Telerik Academy

"Web Design with HTML 5, CSS 3 and JavaScript" course @ Telerik Academy html5course.telerik.com

Telerik Software Academy academy.telerik.com

Telerik Academy @ Facebook facebook.com/TelerikAcademy

Telerik Software Academy Forums forums.academy.telerik.com