mcse-08-implementing of an active directory service-01-theory

8/9/2019 MCSE-08-Implementing of an Active Directory Service-01-Theory

1/61

ADVANTAGE PRO Chennais Premier Networking Training Center

INTRODUCTION TO ACTIVEDIRECTORY INFRASTRUCTURE


2/61


ACTIVE DIRECTORY

Active directory stores information about users,

computers, and network resources.

Makes that resources accessible to users.

It provides a consistent way to name, describe, locate,

access, manage, and secure information about these

recourses.


3/61


ACTIVE DIRECTORY


4/61


FUNCTIONS OF ACTIVE DIRECTORY

Centralizes Control Of Network Resources.

Centralizes And Decentralizes Resources Management.

Stores Object Securely In A Logical Structure.

Optimizes Network Traffic.

Policy based centralize administration.


5/61



CENTRALIZES CONTROL OF NETWORKRESOURCES :

It will centralize the resources.

The resources such as severs, printers, shared folders. It will authorized the user can access resources in active

directory.


6/61



CENTRALIZES AND DECENTRALIZESRESOURCES MANAGEMENT :

Administrator can manage all resources from central

location by using consistent management interface.

Or they can distribute administrative tasks by delegating

the control of resources to other administrator.


7/61



STORES OBJECTS SECURELY IN A LOGICALSTRUCTURE :

Active directory stores all of the resources as object

in a secure, hierarchical logical structure.


8/61



OPTIMIZES NETWORK TRAFFIC : The physical structure of active directory enables you to

use network band width more efficiently.

It reduce the amount of network traffic.


9/61




10/61


LOGICAL STRUCTURE OF ACTIVE DIRECTORYLOGICAL STRUCTURE OF ACTIVE DIRECTORY

Logical structure of active directory includes the following

components.

Objects

Organizational unit

Domains

Domain trees

Forests


11/61


LGICAL STRUCTURE OF ACTIVE DIRECTORY

OBJECT :

The most basic components of the logical structure is

object.

Each object class is defined by a group of attributes.

Each object has a unique combination of attribute values.


12/61



ORGANIZATIONAL UNIT :

The organizational unit is the container object.

Organizational unit help you to make easier to locate and

manage objects.

Organizational unit can be nested in other organizational

units.


13/61



DOMAIN :

The core functional units in the active directory logical

structure,domains are a collection of administratively

define objects, security policies.

An administrative boundary for objects.

A means of managing security for shared resources.

A unit of replication for objects.


14/61



DOMAIN TREES : Domain that are grouped together in hierarchical

structures are called domain trees.

When you add a second domain to a tree, it becomes achild of the tree root domain.

The domain to which a child domain is attached is called

the parent domain.

The name of a child domain is combined with the name

of its parent domain


15/61



FOREST :

A forest is a complete instance of active directory.

Child domains are made children of the forest root

domain to form one contiguous tree.

The first domain in the forest is called forest domain.

Default information in active directory is shared only

within the forest.


16/61




17/61


PHYSICAL STRUCTURE OF ACTIVE DIRECTORY

To optimize active directorys use of network band

width,you must understand physical structure. The

elements of the active directory physical elements are.

Domain Controllers

Active Directory Sites

Active directory partitions


18/61



DOMAIN CONTROLLERS :

The machine which runs server 2003 and active

directory service is called domain controllers.

The domain controller performs storage and replication

function.

A domain controller can run only one domain.

Each domain should have more than one domain

controller.


19/61



ACTIVE DIRECTORY SITES :

These sites are group of well-connected computers.

Domain controller with in the site communicate

frequently.

This communication minimize the latency within the

site. That is the time required for a change that is made

on one domain controller to be replicate to another

domain controller.


20/61



ACTIVE DIRECTORY PARTITIONS :

The domain controller contains the following active

directory partitions.

Schema partitions.

Domain partitions.

Configuration partitions

Optional partitions


21/61



DOMAIN PARTITON:

It replicas of all objects in that domain.

The domain partitions is replicated only to other domain

controllers in the same domain.

CONFIGURATION PARTITION:

This partition contain forest topology.

This topology contain the record of all domain

controllers and the connection between them in a forest.


22/61



SCHEMA PARTITIONS :

This partition contains the forest wide schema.

Forest has one schema so that the definition of each

object class is consistent.

Schema partitions are replicated to each domain

controller in the forest.


23/61



APPLICATION PARTITIONS:

This partition contain object that are unrelated to

security .

It is used one are more application.

Application partitions are replicated to specified domain

controllers in the forest.


24/61




25/61


OPERATION MASTER

OPERATION MASTER: When a change is made to a domain, the change is

replicated across all of the domain controllers in the

domain. Some changes, such as those made to the schema, are

replicated across all of the domains in the forest.

This replication is called multimaster replication.


26/61


OPERATION MASTER

SINGLE MASTER OPERATION : To avoid replication conflicts, you use single master

replication.

Active directory uses single master replication forimportant changes,such as the addition of a new domain

or a change to the forest-wide schema.


27/61


OPERATION MASTER ROLES

Operation that use single-master replication are arrangedtogether in specific roles in a forest or domain.

Each operations master role, only the domain controller

that holds that role can make the associated directorychange.

Active directory stores information about which domain

controller holds a specific role.

Active directory defines five operations master roles.


28/61


OPERATION MASTER ROLES

It had a default location one is forest-wide or domain-wide.

FOREST-WIDE ROLES :

Schema master.

Domain naming master.

DOMAIN-WIDE ROLES :

Primary domain controller emulator.

Relative identifier master.

Infrastructure master.


29/61


WORKING PRINCIPLE OF ACTIVE

DIRECTORY


30/61


DIRECTORY SERVICE

A directory service is a structured repository of

information about people and resources in an

organization. In a windows server 2003 network, the

directory service is active directory.


31/61


SCHEMA

Active directory schema contains the definitions of all

object.

On domain controllers running windows server 2003

there is only one schema for an entire forest.

The schema had two types of definitions object classes

and attributes.


32/61


GLOBAL CATALOG

Resources in active directory can be shared acrossdomains and forests.

The global catalog feature in active directory makes

searching for resources across domain and forests

transparent to the user.

The global catalog is a repository of information that

contains a subset of the attributes of all objects in active

directory.


33/61


GLOBAL CATALOG

The global catalog contains :

The attributes that are most frequently used in queries,

such as a users first name,last name and logon name.

The information that is necessary to determine the

location of any object in the directory.

A default subset of attributes for each object type.

The access permissions for each object and attribute

that is stored in the global catalog.


34/61


GLOBAL CATALOG


35/61


GLOBAL CATALOG

FUNCTIN OF THE GLOBAL CATALOG:The global catalog enables user to perform two important

function:

Find active directory information any where in theforest, regardless of the location of the data.

Use universal group membership information to log on

the network.


36/61


FUNTION OF GLOBAL CATALOG


37/61


SINGLE SIGN-ON

ACTIVE DIRECTORY ENABLES A SINGLE SIGNACTIVE DIRECTORY ENABLES A SINGLE SIGN--ON:ON:

Active directory makes the complex process of

authentication and authorization transparent to the user.

Authentication, which verifies the credentials of the

connection attempt.

Authorization, which verifies that the connection attempt

is allowed.


38/61


ACTIVE DIRECTORY MANAGEMENT

You can manage large number of users, computers,

printers from a central location.

Active directory tools support decentralize administration.

It contains information about all objects and their

attributes.

You can query active directory by using protocol such a

LDAP.


39/61


ACTIVE DIRECTORY MANAGEMENT

You can arrange objects that have similar administrative

and security requirements into organizational unit.

You can specify group policy settings for a site, a

domain, or an organizational unit.


40/61


DECENTRALIZED MANAGEMENT

ACTIVE DIRECTORY SUPPORTSDECENTRALIZED MANAGEMENT :

Active directory supports decentralized management.

You can assign permissions and grant user rights in very

specific ways.


41/61


DELEGATING THE PERMISSIONS

DELEGATE THE ASSIGNING OF PERMISSIONS :

For specific organizational units to different domain

local group.

To modify specific attributes of an object in an

organizational unit.

To perform the same task, such as resetting passwords,

in all organizational units of domain


42/61


ADMINISTRATIVE MMC SNAP-INS

Active Directory Users and Computers.

Active Directory Domains and Trusts.

Active Directory Sites and Services.

Active Directory Schema.


43/61


WWINDOWSINDOWSSSERVERERVER 20032003

COMMAND-LINE ADMINISTRATIVE TOOLS Dsadd

Dsmod

Dsquery

Dsmove

Dsrm

Dsget

CSVDELDIFDE


44/61


EXAMINE ACTIVE DIRECTORY


45/61


TO VIEW THE ORGANIZATIONAL

UNIT IN ACTIVE DIRECTORY


46/61


ACTIVE DIRECTORY

To view the OU selectACTIVE DIRECTORY

USERS AND COMPUTER


47/61


ACTIVE DIRECTORY

Click your domain


48/61


ACTIVE DIRECTORY

This icon will

mention the OU


49/61


ACTIVE DIRECTORY

TO VIEW THE LOGICAL STRUCTURE

OF ACTIVE DIRECTORY


50/61


ACTIVE DIRECTORY

To view the logical structureclick ACTIVE DIRECTORY

DOMAINS AND TRUSTS


51/61


ACTIVE DIRECTORY

Click the active directorydomain and trusts it will

display the you domain


52/61


ACTIVE DIRECTORY

Your domain willdisplay here


53/61


ACTIVE DIRECTORY

TO VIEW THE PHYSICAL

STRUCTURE


54/61


ACTIVE DIRECTORY

To view the physical structureclick ACTIVE DIRECTORY

SITES AND SERVICES


55/61


ACTIVE DIRECTORY

Click active directory

sites and services


56/61


ACTIVE DIRECTORY

Expand the sites


57/61


ACTIVE DIRECTORY

Here expand the default sitesname

Then click servers and it

will display the computer

name and domain name


58/61


ACTIVE DIRECTORY DESIGNING

ACTIVE DIRECTORY DESIGN PROCESS :The active directory design process includes the following

tasks :

Collecting organizational information.

Analyzing organizational information.

Analyzing design options.

Selecting design.

Refining the design.


59/61


ACTIVE DIRECTORY DESIGNING

OUTPUT OF THE ACTIVE DIRECTORY DESIGN :The out put of the active directory design phase includes

the following elements :

The forest and domain design.

The organizational unit design.

The site design.


60/61


ACTIVE DIRECTORY PLANNING

ACTIVE DIRECTORY PLANNING PROCESS :

Active directory plan includes :

Account strategy.

Audit strategy.

Organizational unit implementation plan.

Group policy plan.

Site plan.

Software deployment plan.

Server placement plan.


61/61


ACTIVE DIRECTORY IMPLEMENTING

ACTIVE DIRECTORY IMPLEMENTATION PLAN :

The implementation process includes the following .

Implement the forest, domain, and DNS structure.

Create organizational units and security groups.

Create user and computer accounts.

Create group policy objects.

Implement sites.

mcse-08-implementing of an active directory service-01-theory

Documents