Embed Size (px)
DESCRIPTION
Windows Administration. Active Directory Domain Services. Borislav Varadinov. Telerik Software Academy. academy.telerik.com. System Administrator. [email protected]. Table of Contents. Domains and Forests Objects Sites and Replication Operation Masters. Active Directory - PowerPoint PPT Presentation
Citation preview
Windows Administration
Active Directory Domain Services
Borislav Varadinov
Telerik Software Academy
academy.telerik.com
System [email protected]
Table of Contents Domains and Forests Objects Sites and Replication Operation Masters
2
3
Active Directory Domains and Forests
What is a Domain Controller?
Manages the Active Directory Objects and Database
Responds to security authentication requests
Replicates information from other domain controllers
Provides information for various network resources
Can be Writable or Read Only
4
User PassJohn P@sswOrdJane 12345
AD DB
OBJECT
What is a Domain?
5
ADDB
ADDB
ADDB
Boundary of Replication Boundary of Administration Boundary of DNS Namespace
Replication
MyCorporation.local
What is a Forest?
All Domains in a Forest share: Schema Configuration Global Catalog
The forest is also considered as a security boundary 6
BeraXo.local
USA.BeraXo.local
BeraXoConsultancy.org
Schema Attributes
Username Description Location
Classes User Computer Contact
7
Username
Password
Address
User
Contact
Name
Naming Contexts and Partitions Schema
Definitions of object classes and attributes Replicated to all DCs in the forest
Configuration AD Structure (domains, sites, etc.) Replicated to all DCs in the forest
Domain Domain specific objects (users, groups,
computers, and OUs) Replicated to all DCs in a domain
Application Partitions8
Global Catalog Partial Replica of all Objects
in the Forest Configurable subset of Attributes Fast Forest-wide searches Required at Logon for Universal
Group Membership Win2k3 – Universal Group Caching
9
Trusts
10
BeraXo.local
USA.BeraXo.local
PartnerCorp.local
External or Forest
Provides access to resources located on a domain in a separate forest
Trust options Direction Transitivity
Child
TypeParent/ChildExternalForestShortcutRealm
Active Directory and DNS
The DNS Service is an essential part of Active Directory Active Directory cannot work
without DNS Service (Even on a single server)
Active Directory and DNS share identical domain name
Domain Controller locator process rely on DNS
DNS Service can store its data in Active Directory 11
Active Directory Integrated DNS Zone
SRV Records to locate services LDAP Kerberos Other
Active Directory-integrated DNS DDNS for Dynamic Update Single replication topology Multi-master replication Secure Dynamic update
12
Protocols and Technologies
LDAP Kerberos NTLM RPC DNS
13
DSA
LDAP
NTLM KerberosDNS
RPC
Replication
Windows OS
Extensible Storage Engine
Active Directory Objects
Domain Users
15
John
Domain Groups Type
Security Distribution
Scope Domain Local Global Universal
16
HR Department
John Bill Kelly
Domain Computers
17
Organizational Units Containers within
Domains Organizes users,
groups and other objects
Represents departments or geographic regions
Main uses: Organization Delegation Policies
18
Users
SalesIT
Domain Security Principles Users
Groups Computers Built-in Security Groups
Administrators Backup Operators Users Power Users Print Operators
19
Active Directory Sites and Replication
Active Directory Sites What is a Site?
A set of well-connected IP subnets Site Usage
Locating Services Replication Group Policy Application
Sites are connected with Site Links Connects two or more sites
21
Site Usage (Location Services)
22
Site Usage (Replication)
23
Multi-Master Replication
Conflict resolution Operation Masters
24
Operation Master
Operation Master What is an Operation Master? Why we need Operation Masters?
26
Operation Masters Forest-Wide
Schema Master Domain Naming Master
Domain-Wide Primary Domain Controller (PDC) Relative Identifier (RID) Infrastructure Master
27
Schema Master Performs updates to schema Sends updates to all DCs One per forest Default is the first DC installed
28
Domain Naming Master Performs add/remove of domains and cross-references to external DS
One per forest Default is the first DC installed
29
Install Active Directory Dcpromo DNS Management Tools
30
форум програмиране, форум уеб дизайнкурсове и уроци по програмиране, уеб дизайн – безплатно
програмиране за деца – безплатни курсове и уроцибезплатен SEO курс - оптимизация за търсачки
уроци по уеб дизайн, HTML, CSS, JavaScript, Photoshop
уроци по програмиране и уеб дизайн за ученициASP.NET MVC курс – HTML, SQL, C#, .NET, ASP.NET MVC
безплатен курс "Разработка на софтуер в cloud среда"
BG Coder - онлайн състезателна система - online judge
курсове и уроци по програмиране, книги – безплатно от Наков
безплатен курс "Качествен програмен код"
алго академия – състезателно програмиране, състезанияASP.NET курс - уеб програмиране, бази данни, C#, .NET, ASP.NET
курсове и уроци по програмиране – Телерик академия
курс мобилни приложения с iPhone, Android, WP7, PhoneGapfree C# book, безплатна книга C#, книга Java, книга C# Дончо Минков - сайт за програмиране
Николай Костов - блог за програмиранеC# курс, програмиране, безплатно
?? ? ?
??? ?
?
? ?
??
?
?
? ?
Questions?
?
Active Directory Domain Services
http://academy.telerik.com
Free Trainings @ Telerik Academy
"Web Design with HTML 5, CSS 3 and JavaScript" course @ Telerik Academy html5course.telerik.com
Telerik Software Academy academy.telerik.com
Telerik Academy @ Facebook facebook.com/TelerikAcademy
Telerik Software Academy Forums forums.academy.telerik.com
