Corso referenti S.I.R.A. – Modulo 2
Download
Report
Transcript Corso referenti S.I.R.A. – Modulo 2
Corso referenti S.I.R.A. – Modulo 2
06 – Active Directory
20/11 – 27/11 – 05/12
11/12 – 13/12 (gruppo 1)
12/12 – 15/12 (gruppo 2)
Cristiano Gentili, Massimiliano Viola (CSIA)
Overview
Introduction to Active Directory
Active Directory Logical Structure
Active Directory Physical Structure
Methods for Administering a Windows 2000
Network
• Introduction to Active Directory
What Is Active Directory?
Active Directory Objects
Active Directory Schema
Lightweight Directory Access Protocol (LDAP)
What Is Active Directory?
Directory Service
Functionality
Organize
Manage
Control
Resources
Centralized Management
Single point of administration
Full user access to directory
resources by a single logon
Active Directory Objects
Active Directory
Objects
Attributes
Printers
Users
Printer Name
Printer Location
Attributes
First Name
Last Name
Logon Name
Printers
Printer1
Printer2
Printer3
Users
Attribute
Value
Don Hall
Suzan Fine
Objects Represent Network Resources
Attributes Store Information About an Object
Active Directory Schema
Active Directory Schema Is:
Dynamically Available
Dynamically Updateable
Protected by DACLs
Objects
Class Examples
Computers
Users
Printers
Attribute
Examples
Attributes of Users
Might Contain:
accountExpires
department
distinguishedName
middleName
List of Attributes
accountExpires
department
distinguishedName
directReports
dNSHostName
operatingSystem
repsFrom
repsTo
middleName
…
Lightweight Directory Access Protocol (LDAP)
LDAP Provides a Way to Communicate with
Active Directory by Specifying Unique Naming
Paths for Each Object in the Directory
LDAP Naming Paths Include:
Distinguished names
CN=RossiMario,OU=Studenti,DC=ds,DC=units,DC=it
Relative distinguished names
• Active Directory Logical Structure
Domains
Organizational Units
Trees and Forests
Domains
A Domain Is a Security Boundary
A domain administrator can administer only
within the domain, unless explicitly granted
administration rights in other domains
A Domain Is a Unit of Replication
Domain controllers in a domain participate
in replication and contain a complete copy
of the directory information for their domain
Replication
Windows 2000
Domain
Organizational Units
Network Administrative Model
Sales
Organizational Structure
Vancouver
Users
Sales
Computers
Repair
Use OUs to Group Objects into a Logical
Hierarchy That Best Suits the Needs of Your
Organization
Delegate Administrative Control over the Objects
Within an OU by Assigning Specific Permissions
to Users and Groups
Trees and Forests
Two-Way Transitive Trust
contoso.msft
Forest
Tree
nwtraders.msft
au.
contoso.msft
Two-Way Transitive Trusts
Tree
asia.
nwtraders.msft
asia.
contoso.msft
au.
nwtraders.msft
Global Catalog
Subset of the
Attributes of All
Objects
Domain
Domain
Domain
Global Catalog
Domain
Domain
Domain
Queries
Group membership
when user logs on
Global Catalog Server
• Active Directory Physical
Structure
Domain Controllers
Sites
Domain Controllers
Domain Controllers:
Participate in Active Directory replication
Perform single master operations roles in a domain
Replication
Domain
Controller
Domain
Controller
Domain
= A Writeable Copy of the Active Directory Database
Sites
Seattle
Chicago
New York
Los Angeles
IP subnet
Sites:
Site
IP subnet
Optimize replication traffic
Enable users to log on to a domain controller by using
a reliable, high-speed connection
• Methods for Administering a
Windows 2000 Network
Using Active Directory for Centralized
Management
Managing the User Environment
Delegating Administrative Control
Using Active Directory for Centralized Management
Domain
Search
OU1
OU1
Computers
Domain
Computer1
OU2
Users
User1
OU2
User1 Computer1 User2 Printer1
Users
User2
Active Directory:
Printers
Printer1
Enables a single administrator to centrally manage
resources
Allows administrators to easily locate information
Allows administrators to group objects into OUs
Uses Group Policy to specify policy-based settings
Managing the User Environment
12
Domain
3
Apply Group
Policy Once
OU1
Windows 2000
Enforces Continually
OU2
1 2
Use Group Policy to:
Control and lock down what users can do
Centrally manage software installation, repairs,
updates,
and removal
Configure user data to follow users whether
they are online or offline
OU3
3
Delegating Administrative Control
Domain
OU1
Admin1
OU2
Admin2
Assign Permissions:
For specific OUs to other
administrators
To modify specific attributes of
an object in a single OU
To perform the same task in all OUs
Customize Administrative Tools to:
Map to delegated administrative tasks
Simplify interface design
OU3
Admin3