Beruflich Dokumente
Kultur Dokumente
Learning Objectives
Member servers
Do not have AD installed
Schema
Defines objects and the information pertaining to
those objects that can be stored in Active Directory
Characteristics of objects
Global Catalog
Stores information about every object within forest
First DC configured in a forest becomes global
catalog
Can change to another DC
Purposes:
Authentication
Forest-wide searches of data
Replication of key AD elements
Keeps copy of most used attributes for quick access
Namespace
Name resolution
Converts computer and domain names to IP
addresses
Namespace
Logical area on a network that contains directory
services and named objects
Has the ability to perform name resolution
Namespace (contd.)
Contiguous namespace
Every child object contains the name of the parent
object
Disjointed namespace
Child name does not resemble the name of its parent
object
10
Forests
Trees
Domains
Organizational units
(OUs)
Sites
Figure 4-5 Active Directory hierarchical
containers
Courtesy Course Technology/Cengage Learning
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
11
Forest
Highest level in an Active Directory
One or more Active Directory trees that are in a
common relationship
Forest functional level
Active Directory functions supported forest-wide
Levels:
Windows 2000 native forest functional level
Windows Server 2003 forest functional level
Windows Server 2008 forest functional level
12
Tree
Contains one or more domains that are in a
common relationship
Domains in a tree typically have a hierarchical
structure
Kerberos transitive trust relationship
Two-way trusts between parent domains and child
domains
13
Tree (contd.)
Transitive trust
If A and B have a trust and B and C have a trust, A
and C automatically have a trust as well
Trusted domain
Granted access to resources
Trusting domain
One granting access to another domain
14
Tree (contd.)
All domains within a single tree share the same
schema
Defines all the object types that can be stored within
Active Directory
All domains in a tree share same global catalog and
a portion of their namespace
15
Domain
Logical partition within an Active Directory forest
Primary container within Active Directory
Basic functions
To provide an AD partition to house objects
To establish a set of information to be replicated
To expedite management of a set of objects
16
Domain (contd.)
Domain functional levels:
Windows 2000 domain functional level
Windows Server 2003 domain functional level
Windows Server 2008 domain functional level
17
Organizational Unit
Grouping of related objects within a domain
Allow the grouping of objects so that they can be
administered using the same group policies
Such as security and desktop setup
18
Site
TCP/IP-based concept (container) within Active
Directory
Linked to IP address
Functions
Based on connectivity and replication functions
Bridgehead server
DC designated to have role of exchanging replication
information
One per site
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
19
20
Realm trust
Enables one- or two-way access between a Windows
Server domain within a forest and a realm of UNIX/Linux
computers
Shortcut trust
Enable a domain in one forest to quickly access
resources in a domain within a different forest
MCITP Guide to Microsoft Windows Server 2008,
Server Administration (Exam #70-646)
21
22
23
24
25
26
27
28
Moving an Account
May need to move a
persons account from one
container to another
Activity 4-6: Moving an
Account
Objective: Practice
moving an account
30
Resetting a Password
Cannot look up forgotten passwords
Reset instead
31
Deleting an Account
Delete accounts that are no longer in use
Globally unique identifier (GUID) is also deleted
Will not be reused even if you create another account
using the same name
32
Local
Domain local
Global
Universal
33
Distribution groups
Used for e-mail or telephone lists
34
35
36
37
38
39
40
Can include
User accounts from any domain
Global groups from any domain
Other universal groups from any domain
41
42
Properties of Groups
To edit properties:
Double-click group in the Local Users and Groups tool
for a stand-alone (non domain) or member server
Or in the Active Directory Users and Computers tool
for DC servers in a domain
Properties
General
Members
Member of
Managed by
43
44
45
Restart capability
Read-Only Domain Controller (RODC)
Auditing improvements
Multiple password and account lockout policies in a
single domain
Active Directory Lightweight Directory Services role
46
Restart Capability
Stop Active Directory Domain Services without
taking down the computer
General steps
See text for steps
47
48
Auditing Improvements
Audit trail of many types of changes
Records successful completion or reason for failure
Must set up in two places
49
50
51
52
Summary
Active Directory houses information about network
resources
Domain controllers
Hierarchy: forest, tree, domain, organizational unit
Global catalog
53