Server 2012 Active Directory

Download Report

Transcript Server 2012 Active Directory 

Server 2012 Active Directory
Lecturer: Dr. Simon Tran
Course: IT 442
Active Directory Over View
• A scalable directory service to manage network
resources
• AD acts in the same way that a phone book is used
• AD uses Domain name service to locate domain
objects (names)
• Administrator must configure DNS on the network
before installing AD.
Active Directory
DNS Overview
• Used to map host names to TCP/IP address
• Separate domain hierarchy from the Internet
• Provide Fully Qualified Domain names (FQDN) for all
objects in the domain.
• DNS hierarchy starts at the top level domain (.com)
• First level domain is called parent domain
(ITLab.com)
• Allows administrator to divide parent domains into
subdomain (boston.ITLab.com, UK.ITLab.com)
DNS Overview
AD & DNS
• Server1.ITLab.com: Fully Qualify Domain
Name (FQDN)
– Server1: Computer name
– ITLab: the organizational domain
– COM: top level domain
• Boston.ITLab.com
– Boston: child domain
– ITLab.com: parent domain
Domain Over View
• A group of computers that share a common directory
database.
• Domain name must be unique, but can have multiple
sub-domains (child domains)
• Each domain has its own security policies
• Trust can be built across domains
• Domain can span more than one physical location
(multiple sites)
• Domain contains objects (users, groups, computers)
Understanding Domain Controller
•
•
•
•
•
•
It runs active directory domain services
It contains all directory data in the domain
It replicates the directory data with one another
One domain can have multiple DC
One site can have multiple DC.
DC that is replicating the data across sites is called
bridgehead
Domain level
• Windows srv 2003: support DC running srv 2003 and
later.
• Windows srv 2008: support DC running srv 2008 and
later.
• Windows srv 2008 R2: support DC running server
2008 R2 and sever 2012.
• Windows srv 2012: support DC running server 2012
only.
AD Hierarchical Structure
Logical Structure
Logical Structure
• Organizational units (OU): a subgroup of domains
that mirrors the organization’s business
• Domain: a group of computers that share a common
directory database
• Domain trees: one or more domains that share a
contiguous namespace
• Domain forests: one or more domain trees that share
common directory information
Understanding OU
• A logical container to place accounts, shared
resources, and other OUs.
• OU is expandable to include child units.
• OU allows administrators to assign group policy to a
small set of resources
• OU create smaller, more manageable views of
directory objects in a domain.
• OU allows administrators to delegate authority to
easily control administrative access.
Domain Sites- A Physical Structure
Understanding Sites
• A group of computers in one or more IP subnets
(Physical structure)
• One domain can contain multiple sites.
• One site can contain multiple domains.
• Client is authenticated against the DC of the local site
first.
• Directory information is replicated within sites and
between sites.
Sub-domain Structure
Reading Material
• Lecture 4
– Stanek (2012). Chapter 6
• Introducing Active Directory
• Working with domain structures
• Lecture 5
– Stanek (2012). Chapter 6
• Working with Active Directory domains
• Understanding the directory structure
• Using the Active Directory Recycle Bin