View
879
Download
0
Category
Tags:
Preview:
Citation preview
ACTIVE DIRECTORY
Active directory is single point of reference, called directory services, to all the objects in a network, including users,
groups, computer, printer, polices and permissions.For a user or an administrator AD provides a single hierarchical
View from which to access and manage all of the network resources.
• AD utilizes ip protocol and standards like ssl(secure socket layer), transport layer security (tls) authentication, LDAP (Light weight directory protocol, DNS
ACTIVE DIRECTOR and DNS
• Active directory uses the DNS.• Dns domains are organise into a hierarchical
structure.• Different level of dns identify computer,
organisational domain, and top level domain.• DNS also maps host name i.e.(Fully qualified
name to IP ADDRESS.• Fqn for airforce name PC IN DOMAIN Defence
with top level domain def is airforce.defence.def
Core Unit Of AD
• DOMAINS
• TREE
• FOREST
• Oraganisational unit (OU)
DOMAIN
• Is a logical structure of AD.i.e Office at Aahmedabad is a physical Object,
Office at Gandhinagar is a physical object, But at Gandhinagar or Aahmendabad office we are making a logial gruouping of Users,groups,printers,polices,Faxes and computers.
You can dicide your office computer network into logical parts called domain depends upon your requirment.
Domain
• Domain is the boundary of replication : Domains within the AD replicate the information
about objects between domainsObjects likeUsersGroupsContactsOUComputer
Domain
• Doman is the boundary of authentication
: Boundary of users account
Group permission
Resource Access
• Domain is the boundary of administration
Domain• Domain is the boundary of DNS Name space Dns service recordes in AD is the way of locating services Computers in a domain defence is entered into daomin as a.defence.def b.defence.defChild domain are entered as Gandhi.defence.def **Child domain takes their name from parent DomainComputer in child domins are entered as a.gandhi.defence.def b.gandhi.defence.def
All domains have both domain name , Fully qulIFIED domain name and Netbios name for NT4 PDC and BDC
Tree
• Tree is hiaeracy of domain desined is a way to match the DNS structure.
• Tree share transit trust relationship between domain i.e Users can access their resources in a domain where
they loged in, They can also access resouces in other domain within tree if proper rights given.
They Share Schema configuration and global Catlog
SCHEMA
• Schema is defination of object in AD
Objects in AD are
Users
Groups
Contacts etc
These all objects are made from common object defination schema
All domains within tree has to aggree with this common schema.
Configuration
• Domains within tree share the configuration between them i.e Information about users, groups, resources etc
Each domain knows about other domain and their objects.
Global Catlog
• Global catlog is the centar repositary it
contains the reference to all objects in AD.
• Define a new tree with DCPROMO
FOREST
• When we create a single domain a forest is created• Within forest we can create multiple child domains or
trees with continguous namespace airforce.defa.airforce.defGandhi.airforce.def
• Within forest we can create multiple trees with disjoined namespace
airforce.def airforce.edu a.airforce.def a.airforce.edu
Forest
• All domains within forest share transit trust relationship
• All domain in forest share
Common Schema
Configuration
Global Catlog
Organisational Unit
• OU are containers within Domain
They contain objects of domain
You can create an Oraganisational unit to organise users , computers or groups etc.
For example
You can create a OU for sales team to manage sales team employe and their computers
Organisational Unit
• Distint unit of administration
You can delegate the administrative rights for administrating OU
In windows NT if you want to give administration rights on some objects of domain to any particular you have to make him domain administrator but in windows 2003 you can create OU delegare administrative rights on that particular OU to concern autherity.
Organisational Unit
• OU are unique to domain.
i.e OU can be container for objects of domain in which OU is created
1)OU can be created to Manage users and computer
2)you can create group policy and apply on 3)Delegae administration using OU
Demostration
Logical Objects
Active directory domain,tree,and forest
Users,groups and OU
Create new tree in AD using DCPROMO
Active DIRECTORY• When we promote Server DOMAIN WE ACTUALLY install Active directory database. Database file name is NTDS.dit dit--(Directory information tree)AD database is divided into four partsDomain --Users,groups,computerSchema --Object definationConfiguration –Configutaion of dominsApplication --Aapplications like DNSwhile in windows 2000 AD Database is divided into three partsDomain --uSERS, groups , computers, DNSSchemaConfiguration
Replication Model
• IN windows nt Replication is done between PDC to BDC
Known as Single master replication model
• In Wwindows 2003 all domain replicate between each other
known as Multiple master replication
Site
• A site is a well connected IP Subnet i.e if all subnets in a Network are connected
through well connected network like LAN (10/100/1000 ETHERNET) than we can treate or create it as single site
For example : If there is one office at ahmedabad and one at Gandhinagar connected by modem we can treate each as a different site
If we are having two offices at gandhinagar connected by lease line of 10 mbps than we can treate theis two offices as single site
Domain Vs Site
• Domain is logical concept
• Site is physical concept
• A site can contain multiple domain
• Now two site can have single domain
Because sites are connected through expensive low speed network there is no point is forwarding authentication process over such a slow and expensive network.
site
• Site provides local logon services and Distributed file system (DFS)
• REPLICATION: Replication between all domins in a site and during off hours between sites.
• Group Policy: Site level group policy
Site Requirment
• Member ship in enterprise admin group i.e. admin rights on forest
• Unique IP Subnet range or ranges i.e. two different site must be on different subnet or subntes
• Every site must have at least one domain controller• Inter site transport : Sites are connected with each other
with low speed network they USE IP OR SMTP protocl to replicate. IP is more traffice Insentive and SMTP is 25 % less
traffice consumin than IP but is processor hungry
Global Catlog
• Prtial replica of all the object in forest : Each site must have one global catlog ,it contains the
refference of all objects in a forest only reference not the complete information of object . This refference will help AD TO LOCATE THE object fast.
GC also known as cetral repository • Configurable subset of Aattributes : You can select what
attributes to be send to GC as refference for an object.• These attributes will help AD to locate objects fast forest
wide search.• Required for logon univarsal group membership: Global
catlog is require for logon authentication that’s why each site must have a GC.
GC
Gc is required if a site has more than 100 users
If there is relibel lease line connectivity (Means good network connectivity between two Physically saprate site than we may not require GC AT BOTH SITE.
If there is no GC Dependent server like exchange server we may avoid keeping GC AT that particular site
Demostration
• Site and global catlog
• Creating a site , gc
Recommended