Active Directory Windows2003 Server - eepis

Download Report

Transcript Active Directory Windows2003 Server - eepis 

Active Directory
Windows2003 Server
Agenda





What is Active Directory
Building an Active Directory
Using Active Directory Features
Active Directory Objects
Auditing Active Directory
Group Names




Charles Guzman
Daniel Gebretensai
Ervand Akopyan
Hovik Gharadaghi
Active Directory
What is Active Directory
•Efficient Directory Management service
•Based on Standard Internet Protocols
•Helps to Clearly Define a Network’s structure
Requirements







The computer must be Windows 2k, 2k3 Server, Advanced
Server or Datacenter Server.
At least one volume on the computer must be formatted with
NTFS.
DNS must be active on the network prior to AD installation or
be installed during AD installation.
DNS must support SRV records and be dynamic.
The computer must have IP protocol installed and have a static
IP address.
The Kerberos v5 authentication protocol must be installed.
Time and zone information must be correct.
Installation Of Active
Directory
DCPROMO
Why Install DNS?
 Clients
use DNS to locate Active
Directory controllers.
 Servers and client computers register their
names and IP addresses with the DNS
server.
Active Directory




Domains
Domain Trees
– Group of computers
–Share contiguous
Namespace
Domain Forests – Share common directory
information
Organizational Units
– Subgroup of Domains
that mirror an
organization
Logical View
Child, Tree, Forest
ganesan.cool
Tree
Child Domains
484.ganesan.cool
ervand.484.ganesan.cool
Sub domains
485.ganesan.cool
charles.484.ganesan.cool
hovik.485.ganesan.cool
Sub domains
daniel.485.ganesan.cool
Forest
othername.cool
Tree
Child Domains
484.othername.cool
e rvand.484.othe rname .cool
Sub domains
485.othername.cool
charles.484.othername.cool
hovik.485.othername.cool
Sub domains
danie l.485.othe rname .cool
Creating a Child Domain
Requirements


Existing Domain
Member Server
Logical View
Child, Tree, Forest
ganesan.cool
Tree
Child Domains
484.ganesan.cool
ervand.484.ganesan.cool
Sub domains
485.ganesan.cool
charels.484.ganesan.cool
hovik.485.ganesan.cool
Sub domains
daniel.485.ganesan.cool
Forest
othername.cool
Tree
Child Domains
484.othername.cool
e rvand.484.othe rname .cool
Sub domains
485.othername.cool
charles.484.othername.cool
hovik.485.othername.cool
Sub domains
danie l.485.othe rname .cool
What does Active Directory
do for us




Keep a central list of users and passwords
Provide a set of servers to act as “authentication
servers” known as a Domain Controller
Maintain a searchable index of the things in the domain
Allow you to create users with different levers of
powers
USING ACTIVE DIRECTORY
FEATURES
Directory service back up reminders
 Added replication security and fewer errors
 Install from Media Improvement for
Installing DNS servers
 Support for running domain controllers in
virtual machines
 Extended storage of deleted objects

New AD Features in Windows 2003
 Multiple
selection of user objects
 Drag and Drop functionality
 Efficient search capabilites
 Saved Queries
New Domain and Forest Wide AD
Features
Domain control rename tool
 Different location option for user and
computer accounts
 Forest trusts
 Replication enhancements
 User access control to resources between
domains and forests

Group Policy Feature


Defines the various components of the users
desktop environment that an administrator must
manage
Applies not only to user and client computers
but also to member servers, domain controllers,
and other 2003 server in scope of management
Group Policy cont’d



Manage registry-based policy with
Administrative Templates
Assign scripts. This includes scripts such as
computer startup, shutdown, logon, and logoff
redirect folders, such as My Documents and My
Pictures, from the Documents and Settings
folder on the local computer to network
locations
GP Screenshots
Configuring a custom console
GP Screenshots
Adding a group policy object link
ADDING AND REMOVING OBJECTS
Active Directory Objects
Active Directory Objects
Objects
An object is a distinct named set of attributes that represents a network resource.
Typical objects are users, groups, computers and printers. Each object has a
number of attributes. For example, the user object has attributes such as password,
name, password length and e-mail address.
Objects are typically grouped into classes, such as groups (a number of user
accounts), computers and printers. When objects are grouped together, they are
placed into a container that holds the objects (its like a desk draw that holds a
number of objects).
If you try to add AD users using lusrmgr.msc you will receive the following error
How to join a Domain Network