Beruflich Dokumente
Kultur Dokumente
Chapter 1
OVERVIEW OF
ACTIVE DIRECTORY
Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 2
Directory Services
Used to define, manage, access, and secure network
resources.
Resources include: files, printers, groups, people,
and applications.
Active Directory
Stored as NTDS.dit on a domain controller.
Used by domain controllers to authenticate users.
Domain controllers store, maintain, and replicate.
Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 3
Centralized administration
Single point of access
Fault tolerance and redundancy
Multiple domain controllers are used
Multi-master replication
Simplified resource location
Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 4
CENTRALIZED ADMINISTRATION
Server2
Server3
Active Directory
Single sign-on
Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 6
MULTI-MASTER REPLICATION
Object classes
User accounts
Computer accounts
Printers
Groups
Object Attributes
Name
Globally unique identifier (GUID)
Location (for printer)
E-mail address (for users)
Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 9
IP Site
IP Site
Child Domain
north.cohowinery.com
Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 10
ORGANIZATIONAL UNITS
Container objects
Look like a folder with a book icon in Active
Directory Users And Computers
Security is applied to OUs
Inherited by child OUs
Used to control access to that OU or hide
subordinate OUs
Allows for the delegation of administrative rights
Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 11
DOMAINS
Forest root
and tree root ou Domain tree
parent root
ou
contoso.com tailspintoys.com
child child
west.contoso.com east.contoso.com
Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 13
SITES
NAMING STANDARDS
LDAP NAMES
cohowinery.com
Jeffrey Smith
Sales
Guy Gilbert
Accounting
Color Printer
Cn=jsmith,ou=sales,dc=cohowinery,dc=com
jsmith@cohowinery.com
Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 16
ROLE OF DNS
FUNCTIONAL LEVELS
Windows 2000
Windows Server 2003 interim
Windows Server 2003
Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 27
Transitivity: If A trusts
B and B trusts C, then
A trusts C
Forest Root Domain
SHORTCUT TRUST
Shortcut Trust
Domain A
Domain
Domain B
C
Domain
D
Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 34
CROSS-FOREST TRUST
SUMMARY
Active Directory is a database (NTDS.dit).
DNS is required by Active Directory.
Schema defines object types and attributes.
Domain and forest functional levels provide a balance
between backward compatibility and new
functionality.
Active Directory allows for two-way transitive
(Kerberos) trusts.
Trusts allow domain hierarchies to be created.
Cross-forest trusts are a new feature for Windows
Server 2003 Active Directory.