ITMT 2302 - Chapter 1
Download
Report
Transcript ITMT 2302 - Chapter 1
Overview of Active Directory Domain
Services
Lesson 1
Chapter Objectives
• Identify Active Directory functions and
Benefits.
• Identify the major components that make up
an Active Directory structure.
• Identify how DNS relates to Active Directory.
• Identify Forest and Domain Functional Levels.
Active Directory
• A directory service that uses the “tree” concept
for managing resources on a Windows network.
• Stores information about the network resources
and services, such as user data, printer, servers,
databases, groups, computers, and security
policies.
• Identifies all resources on a network and makes
them accessible to users and applications.
Active Directory
• Used in:
– Windows 2000
– Windows Server 2003
– Windows Server 2008
• Subsequent versions of Active Directory have
introduced new functionality and security
features.
Active Directory
• Windows Server 2008 provides two directory
services:
– Active Directory Domain Services (AD DS)
– Active Directory Lightweight Directory Services (AD
LDS)
Domain Controller (DC)
• Server that stores the Active Directory database
and authenticates users with the network during
logon.
• Stores database information in a file called
ntds.dit.
• Active Directory is a multimaster database.
– Information is automatically replicated between
multiple domain controllers.
Read-Only Domain Controller (RODC)
• Introduced with Windows Server 2008.
• A domain controller that contains a copy of the
ntds.dit file that cannot be modified and that
does not replicate its changes to other domain
controllers with Active Directory.
Active Directory Functions and Benefits
•
•
•
•
Centralized resource and security administration.
Single logon for access to global resources.
Fault tolerance and redundancy.
Simplified resource location.
Active Directory Components
• Forests – One or more domain trees, with each
tree having its own unique name space.
• Domain trees – One or more domains with
contiguous name space.
• Domains – A logical unit of computers and
network resources that defines a security
boundary.
• Organization Units (OUs): A container that
represents a logical grouping of resources
Active Directory Components
ITMT 2302 – Window Server 2008 Active Directory Configuration
10
Active Directory Schema
• Defines the properties (attributes) associated
within each object stored within Active Directory
– User has different properties, which has different
properties than a group, which has different
properties of a computer.
Active Directory Schema
• Some of these common attributes are as follows:
– Unique name
– Globally unique identifier (GUID)
– Required object attributes
– Optional object attributes
Active Directory Naming Standard
• Example:
– cn=JSmith, ou=sales,
dc=lucernepublishing, dc=com
Domain Name System (DNS)
• Provides name resolution for a TPC/IP network.
• Active Directory requires DNS as the default name
resolution method.
• Example Resource Records (RR):
– Host (A) – Host name to IP.
– Pointer (PTR) – IP to Host name.
– Service (SRV) – Locator service for LDAP/Domain
controllers services.
Functional Levels
• Allows interoperability with prior versions of
Microsoft Windows.
• Higher levels of functional level will not allow
older versions of Windows to function but will
add additional functionality or features.
• Raising functional level is a one-way process.
Domain Functional Levels
Forest Functional Levels
Trust Relationships
• Active Directory uses trust relationships to allow
access between multiple domains and/or forests,
either within a single forest or across multiple
enterprise networks.
• A trust relationship allows administrators from a
particular domain to grant access to their
domain’s resources to users in other domains.
Trust Relationships
• When a child domain is created, it automatically
receives a two-way transitive trust with its parent
domain.
• Trusts are transitive:
If domain A trusts domain B
And domain B trusts C
Then domain A trusts domain C
Trust Relationships
External trust
Shortcut trust
Cross Forest trust
20
Chapter Summary
• Active Directory is a database of objects that are used to
organize resources according to a logical plan.
– These objects include containers such as domains and OUs
in addition to resources such as users, computers, and
printers.
• The Active Directory schema includes definitions of all
objects and attributes within a single forest.
– Each forest maintains its own Active Directory schema.
Chapter Summary
• Active Directory requires DNS to support SRV
records.
– Microsoft recommends that DNS support dynamic
updates.
Chapter Summary
• Domain and forest functional levels are new
features of Windows Server 2008.
– The levels defined for each of these are based on the
type of server operating systems that are required by
the Active Directory design.
– The Windows Server 2003 forest functional level is
the highest functional level available and includes
support for all Windows Server 2003 features.
Chapter Summary
• Two-way transitive trusts are automatically
generated within the Active Directory domain
structure.
– Parent and child domains form the trust path by which
all domains in the forest can traverse to locate
resources.
– The ISTG is responsible for this process.
Chapter Summary
• Cross-forest trusts are new to Windows Server
2003, and they are only available when the forest
functionality is set to Windows Server 2003.
– They must be manually created and maintained.