Beruflich Dokumente
Kultur Dokumente
Overview
Introduction
to Active Directory Active Directory Logical Structure Role of DNS in Active Directory Active Directory Physical Structure Methods for Administering a Windows 2000 Network
Is Active Directory? Active Directory Objects Active Directory Schema Lightweight Directory Access Protocol (LDAP)
Centralized Management
Organize
Manage
Control
Resources
Printers
Users
Objects
Computers
List of Attributes
accountExpires department distinguishedName directReports dNSHostName operatingSystem repsFrom repsTo middleName
Users
Printers
.
com.
training. microsoft.com
Provides a Way to Communicate with Active Directory by Specifying Unique Naming Paths for Each Object in the Directory LDAP Naming Paths Include:
Distinguished names
Domains
A
Windows 2000
Organizational Units
Network Administrative Model Organizational Structure
OUs to Group Objects into a Logical Hierarchy That Best Suits the Needs of Your Organization Delegate Administrative Control over the Objects Within an OU by Assigning Specific Permissions to Users and Groups
Forest Tree
nwtraders.msft asia. contoso.msft au. contoso.msft
Tree
asia. nwtraders.msft au. nwtraders.msft
Global Catalog
Subset of the Attributes of All Objects
Domain Domain
Domain
Domain
Domain Domain
Global Catalog
Resolution
DNS translates computer names to IP addresses Computers use DNS to locate each other on the network
Naming
Windows 2000 uses DNS naming standards for domain names DNS domains and Active Directory domains share a common hierarchical naming structure
Locating
Directory
DNS identifies domain controllers by the services they provide Computers use DNS to locate domain controllers and global catalog servers
.
com. microsoft sales training computer1
DNS host record and Active Directory object represent the same physical computer
What Is a Tree?
Tree Root Domain
Parent Domain
Parent
contoso.msft
Child
Child Domain
sales.contoso.msft
New Domain
What Is a Forest?
A Forest
Forest
contoso.msft
Tree
sales. contoso.msft
nwtraders.msft
Tree
marketing. nwtraders.msft sales. nwtraders.msft
All
of The Domains in a Forest Share a Common Configuration, Schema, and Global Catalog
Global Catalog
Configuration and Schema
nwtraders.msft
contoso.msftTree
Tree
marketing.nwtraders.msft
Enterprise Admins
Schema Admins
sales.contoso.msft
Maintain Separate and Distinct Security Policies Between Domains Preserve the Domain Structure of Earlier Versions of Windows NT
Controllers
Domain Controllers
Domain Controllers:
Participate in Active Directory replication Perform single master operations roles in a domain
Replication
Domain Controller Domain Controller
Domain
Sites
Seattle Chicago Los Angeles New York
IP subnet
Site Sites:
Optimize Enable
IP subnet
replication traffic
Replication
Domain Controller A Domain Controller C
Add Modify
Move Delete
Domain Controller B
Replicated Update
Replication
Replication Latency
Replication
Change Notification
Replicated Update
Domain Controller C
Version Number
Timestamp
Server GUID
Conflicts Can Be Due to: Attribute Value Adding/Moving Under a Deleted Container Object or the Deletion of a Container Object Sibling Name
Replication Topology
Directory
Directory Partitions
Directory Partitions
Forest
Schema
Configuration
Contains definitions and rules for creating and manipulating all objects and attributes Contains information about Active Directory structure Holds information about all domain-specific objects created in Active Directory
Domain
contoso.msft
Active Directory Database
B1
A3
A4
B3
Domain Controllers Controllers Domain from Different from the SameDomains Domains
Domain A Topology Domain A Topology Domain B Topology Schema/Configuration Topology Schema/Configuration Topology
B1
A3
A4
B3
Domain Domain Controllers Controllers from Domains fromDifferent the Same Domains
Domain A Topology Domain A Topology Domain B Topology Schema/Configuration Topology Schema/Configuration Topology
Schema Configuration
contoso.msft
namerica.contoso.msft
Global Catalog Server
B1
A3
A4
B3
Active Directory for Centralized Management Managing the User Environment Delegating Administrative Control
Search
OU1 Domain OU2
Active Directory:
Enables a single administrator to centrally manage resources Allows administrators to easily locate information Allows administrators to group objects into OUs Uses Group Policy to specify policy-based settings
1 2
Centrally
manage software installation, repairs, updates, and removal user data to follow users whether they are online or offline
Configure
Admin1
Assign Permissions: For specific OUs to other administrators To modify specific attributes of an object in a single OU To perform the same task in all OUs
Map
OU2
Admin2 OU3
Admin3
interface design
Review
Introduction
to Active Directory Active Directory Logical Structure Role of DNS in Active Directory Active Directory Physical Structure Methods for Administering a Windows 2000 Network