Sie sind auf Seite 1von 7

Active directory is is a directory service .

it colletcts and stores all the info needed to use


& manage objects in a centralized directory.
To provide usr logon and authentication serveices.
To enable admins to organize and manage user accounts groups and network
resources.
To enable authorized users to easily locate network resources regardless where they are
located in the network.

AD Schema: it contains formal definitions of every object class that can be created in
AD and it also contains formal definitions of every attributes that can exist in an AD
object.

Global catalog is a DC and it contains complete replica of all objects in Active directory
for its host domain and contains partial replica of all objexts in active directory for
every other domain in the forest.
It is a master searchable database that contains all info aboyt the objectsin every
domain.
3268

Domain Functional Level


Domain functionality activates features that affect the whole domain and that domain only. The four domain
functional levels, their corresponding features, and supported domain controllers are as follows:

Windows 2000 mixed (Default)


• Supported domain controllers: Microsoft Windows NT 4.0, Windows 2000, Windows Server 2003
• Activated features: local and global groups, global catalog support

Windows 2000 native


• Supported domain controllers: Windows 2000, Windows Server 2003
• Activated features: group nesting, universal groups, SidHistory, converting groups between security
groups and distribution groups, you can raise domain levels by increasing the forest level settings

Windows Server 2003 interim


• Supported domain controllers: Windows NT 4.0, Windows Server 2003
• Supported features: There are no domain-wide features activated at this level. All domains in a forest
are automatically raised to this level when the forest level increases to interim. This mode is only
used when you upgrade domain controllers in Windows NT 4.0 domains to Windows Server 2003
domain controllers.

Windows Server 2003


• Supported domain controllers: Windows Server 2003
• Supported features: domain controller rename, logon timestamp attribute updated and replicated.
User password support on the InetOrgPerson objectClass. Constrained delegation, you can redirect
the Users and Computers containers.

Forest Functional Level


Forest functionality activates features across all the domains in your forest. Three forest functional levels,
the corresponding features, and their supported domain controllers are listed below.

Windows 2000 (default)


• Supported domain controllers: Windows NT 4.0, Windows 2000, Windows Server 2003
• New features: Partial list includes universal group caching, application partitions, install from media,
quotas, rapid global catalog demotion, Single Instance Store (SIS) for System Access Control Lists
(SACL) in the Jet Database Engine, Improved topology generation event logging. No global catalog
full sync when attributes are added to the PAS Windows Server 2003 domain controller assumes the
Intersite Topology Generator (ISTG) role.

Windows Server 2003 interim


• Supported domain controllers: Windows NT 4.0, Windows Server 2003. See the "Upgrade from a
Windows NT 4.0 Domain" section of this article.
• Activated features: Windows 2000 features plus Efficient Group Member Replication using Linked
Value Replication, Improved Replication Topology Generation. ISTG Aliveness no longer
replicated. Attributes added to the global catalog. ms-DS-Trust-Forest-Trust-Info. Trust-Direction,
Trust-Attributes, Trust-Type, Trust-Partner, Security-Identifier, ms-DS-Entry-Time-To-Die,
Message Queuing-Secured-Source, Message Queuing-Multicast-Address, Print-Memory, Print-Rate,
Print-Rate-Unit

Windows Server 2003


• Supported domain controllers: Windows Server 2003
• Activated features: all features in Interim Level, Defunct schema objects, Cross Forest Trust,
Domain Rename, Dynamic auxiliary classes, InetOrgPerson objectClass change, Application
Groups, 15-second intrasite replication frequency for Windows Server 2003 domain controllers
upgraded from Windows 2000

DNS : Information about records of the resources within your DNS domains is stored
in Zone files. Domain name servers stores these zone database files
Forward lookup zone provides host name to ip address resolution
Reverse lookuo zones provides ip address to host name resolution
Stub Zone : it is a mini zone kept on adns server hosting a parent zone, and it’s purpose
is to identify the authorative name servers in child zones.
This helps in routing request resolutions to work more effectively,
It keeps only SAO, NS and A records.

Zone catagoeries : 1.Primary 2.Secondary 3. Stub zones


Records stores in a zone file: A- Host; PTR- Pointer; SRV- service; MX- mail
exchange; NS-name server; SOA Start of Authority; CNAME- Canonial Name

In Windows 2003 , we will primarily use 5 types of resource records.


Host (A) : forward lookup
Alias or CName
Mail Exchange MX
Pointer PTR
Service(SRV)
SOA records need to track of an update to the secondary server(primary server)
Recursive queries: client asks its local DNS server recursive query.
Iterative Query: when other DNS servers are talking each other as the local server in
the domain tree, is called iterative querry.
For reverse querry inverse address arpa in-addr.arpa

DORA : discover: DHCp client initiates the process by trying to discover any DHCP
server in the network.Discover packet is a broadcast packet (technicall looks for a
server with bootp)
Offer:any server with bootp responds and offers an ip address .this will broadcast back
to client.
Request: dhcp client will request the first offer it receives.it broadcasts back to the
network , this packet contains server identifier for the offered dhcp server.
Acknowledgement: this packet wil sent from dhcp server to the client and contains
ipconfig information.

After creating scope we have to authorize

FSMO ROLES:
Forest wide: Schema mastrer: it contrls all updates and changes to the
schemawhenever extending schema or installing an application schema master must be
available,

Dmain Naming master: the domain controller acting as Domain naming master is
contacted when you are adding or removing domains in AD enterprise.

Domain wide:
Relative ID master: it distributes relative ids to each of the domain controllers installed
for particular domains.whenever a dc creates an AD user, group,computer it assigms
SID.

PDC emulator:it it notifies whenever password changes are performed by other dcs in
the domain. Its role to be configured to synchronize with external time server

Infrastructure Master: it’s job is to update objects in its active directory database with
the objects stored in other domains. It performs this task by comparing its data with
Global Catalog data.

Ntds util: manage & control FSMO servers/roles


Create & Manage application directory partitions
Perform authirative restore of AD infor
Database maintenance of Active directory , including compacting & defragmentation.

Repadmin to diagonize ad replication and replication topology


DCDiag: domain controller diag tool to analyze state of dcs in ur domain or forest
enterprises.
Replmon: replication monitornin tool in gui mode

ADSIedit:
dsastat: will be used to check the user/objects are replicated between the DCs or not .
to see replic partners :repadmin /showrpl server
to check repl upadate : repadmin /showutdvec (utdvec=update vector)
to see connected rep link: repadmin /showconn server
to synchronize all replications : repadmin /syncall /A /e /P
to replicate with a specific DC : repadmin /replicate destindc sourcedc
dc=server,dc=com

Distribution lists
Security group users

Application Directory Partition:


1.Configuration Partition: this partition describes the logical structure of the
deployment including such as Domain structure or replication topology.
2. Domain Partition: It describes all of the objects in a domain. This data is specific and
is not replicate in any other domains.
3.Schema Partition: this partition defines the objects that can be stored in the directory
and the attributes of those objects can have .
This data is common to all domains and is replicated to all domain controllers in the
forest.
4.Application Directory Partition: this partition stores dynamic application specific
data in AD without significantly effecting network performance by enabling you to
control the replication and placement of replication.
This partition can contain any kind of objects except security principles (users, groups
and computers).

DNS :
CLIENT WILL SENT A RECURSIVE QUERRY TO THE
PRIMARY ZONE : READY /WRITE COPY OF THE ZONE
SECONDARY IS READ COPY OF THE PRIM ZONE. IT WORKS A CACHE OF
ZONES

TO RESOLVE THE ZONE INFO OF OTHER OMAINS WE USE ZONE


DELEGATION OR STUB Z ONE
REPADMIN /SYNACALL FOR
REPLICATION

DHCP
Cmd : NETSH SHOW DHCP SERVERS\

Super scope : select new super scope


Dhcp database in c:\wndows\sys32\dhcp\dhcp.mdb file

Dhcp dynamic update dhcp database compression