Beruflich Dokumente
Kultur Dokumente
Module Overview
Installing Active Directory Domain Services(ADDS) Deploying Read-Only Domain Controllers
functionality of an identity and access (IDA) solution for enterprise networks. other identities.
The server will not grant the user access to the document unless the server can verify the identity presented in the access request as valid. Kerberos Authentication: a protocol called Kerberos is used to authenticate identi-ties.
Control access
Provide an audit trail
Technologies of ADDS
Active Directory Domain Services (Identity): designed to provide a central repository for identity mana gement within an organization. Active Directory Lightweight Directory Services (Applications): provides support for directory-enabled applications. Active Directory Certificate Services (Trust): set up a certificate authority for issuing digital certificates as part of a public key infrastructure (PKI) that binds the identity of a person, device, or service to a corresponding private key. Active Directory Rights Management Services (Integrity): information-protection technology that enables you to implement persistent usage policy templates that define allowed and unauthorized use whether online, offline, inside, or outside the firewall. Active Directory Federation Services (Partnership):enables an organization to extend IDA across multiple platforms, including both Windows and nonWindows environmen ts
Domain
Forest Tree
Functional level
Organizational units Sites
domain controllers.
the schema, configuration, global catalog, and the doma in naming context that contains the data about objects within a domainthe users, groups, and computers, for example
DCs are servers that perform the AD DS role. The Kerberos Key Distribution Center (KDC) service, which
Domain
the data store, which contains other things the identity data for the domains users, groups, and computers.
Forest
A forest is a collection of one or more Active Directory
domains.
root domain.
Tree
Create by the DNS
namespace of domains in a forest. subdomain of another domain, the two domains are considered a tree.
A domain is a
Functional level
The functional level is an AD DS setting that enables Three domain functional levels:
Organizational units
Objects in the data store can be collected in containers. One type of container is the object class called con-tainer
Builtin, (OU)
OUs provide not only a container for objects but also a scope with which to manage the objects.
Sites
An Active Directory site is an object that represents a
A computer running Windows Server 2008 Minimum disk space of 250 MB and a partition
Network configuration
client settings DNS Server that supports dynamic updates must be available or will be configured on the domain controller
Administrator permissions
domain controller in a forest Domain Administrator permissions to install additional domain controllers in a domain Enterprise Administrator permissions to install additional domains in a forest
AD DS Installation Process
Directory 1 Install the ActiveManager Domain Services role using the Server
2 Installation Wizard
Current Version
Windows 2000 Windows 2003 Windows Server 2000 Windows Server 2003 Windows Server 2003
Before installing
Windows Server 2008
Command
adprep /forestprep adprep /domainprep /gpprep
domain controllers
domain controllers
domain controllers
adprep /domainprep
RODCs
adprep /rodcprep
RODC
RODCs provide: Additional security for branch office with limited physical security Additional security if applications must run on a domain controller RODCs: Cannot hold operation master roles or be configured as replication bridgehead servers Can be deployed on servers running Windows Server 2008 Server core for additional security
To install an RODC on a Server Core installation, use an unattended installation file with the ReplicaOrNewDomain=ReadOnlyReplica value
To complete a delegated RODC installation, run DCPromo with the /UseExistingAccount:Attach switch
Domain
Domain
Domain
Domain
Domain
Domain
Domain
department
Add only the additional attributes that you query or refer to frequently
Description
Performs all updates to the Active Directory schema
One per forest Manages adding and removing all domains and
directory partitions
RID Master
the domain
PDC Emulator
Minimizes replication latency for password changes Synchronizes time on all domain controllers in the domain
Infrastructure Master
One per domain Updates object references in its domain that point to the object
in another domain
Beta Feedback
Pacing:
Which topics did you think flowed smoothly, from topic to topic? Was something taught out of order? Were you able to keep up? Are there any places where the pace felt too slow? Were you able to process what the instructor said before moving on to next topic? Did you have ample time to reflect on what you learned? Did you have time to formulate and ask questions? Which demos helped you learn the most? Why do you think that is? Did the lab help you synthesize the content in the module? Did it help you to understand how you can use this knowledge in your work environment? Were there any discussion questions or reflection questions that really made you think? Were there questions you thought werent helpful?
Learner activities: