21
An Introduction to
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 1/21
An Introduction to
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 2/21
Introduction Large corporations today face the
following problems Finding a certain file. Seeing everything from a single view Replicate data
Windows NT server network Offers directory services Single network logon Single point of administration and
replication
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 3/21
Traditional Directory Tools for organizing, managing and
locating objects in a computing
system Directory services are like a
telephone book
LANs and WANs grow larger andmore complex
Active directory unifies and brings
order to diverse server hierarchies,
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 4/21
Directory Service Users and administrators do not know
exact names
The directory can run a query for an objectby one of its attributes A directory service can
Enforce security defined by administrator
Replicate a directory Partition a directory into multiple stores
A management and an end user tool
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 5/21
Active Directory
Included with Windows 2000 server
Works well in any size installation Single server with few hundred objects Thousands of server with millions of objects
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 6/21
Important Concepts
user
Attributes for User Object:
Name: Joe
Surname: Smith
Email: [email protected]
Scope Can include every
single object, every
server and everydomain
Namespace Any bounded area in
which a given name
can be resolved Object
A distinct, named setof attributes thatrepresents somethingconcrete, such as auser, a printer or an
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 7/21
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 8/21
Important Concepts
Domain A Domain B
Domain CImplicit
Trust
EstablishedTrust
Domains A single security
boundary of anetwork
Domain trees A tree comprised
of several domains
sharing a commonschema,configuration andforming acontiguousnamespace
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 9/21
Important Concepts
Microsoft.Com
PBS.Microsoft.Com
NTDev.PBS.Microsoft.Com
SoftImage.Com
Finance.SoftImage.Com
Forest A set of one or more trees that do not form a contiguous
namespace All trees in a forest share a common schema, configuration
and global catalog A forest does not need a distinct name
Sites
Location in a network that contains Active Directoryservers
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 10/21
Active Directory Features DNS Integration
Active Directory is tightly integrated
with Domain Name System. Active Directory uses DNS as the
location Service
An Enterprise can connect ActiveDirectory Servers directly to theInternet.
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 11/21
Support for LDAP LDAP is Lightweight Directory
Access Protocol.
It was developed as a simpleralternative to X.500 protocol
Active Directory supports both
LDAP version 2 and version 3.
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 12/21
Object Naming Active Directory Schema defines
two useful properties Object Globally Unique Identifier, a
128 bit number which is neverchanged if object is moved or
renamed. User principal Name which is shorter
than DN and easy to remember
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 13/21
Protocol Support Supported protocols include:
LDAP
Remote procedure call X.500
Supported API’s include
ADSI LDAP API MAPI
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 14/21
Global Catalog GC enables users and applications
to find objects in an Active
Directory Domain tree if userknows one or more attributes of target object.
GC holds a replica of every objectin the Active Directory, but onlyholds a small number of their
attributes.
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 15/21
Security Object protection
All objects are protected by Access
Control Lists. An ACL is store as a binary value
called a Security Descriptor.
Delegation It allows a higher administrative
authority to grant rights forcontainers and subtrees to individualsand groups.
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 16/21
Trees and Forests
root.com
sub.root.com
child.sub.root.com
Searching root.com,results in deep search
into child domains.
Windows 2000domain tree is ahierarchy of
domains, eachconsisting of apartition of ActiveDirectory.
TransitiveBidirectional Trustrelationship isautomaticallyestablished between
joined domain andits parent.
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 17/21
Extending the Schema New attributes can be added to the
Schema at any time , using name, OID,
definition of data, range limits. New Objects can be added at any time
using name, oid, list of classes that canbe parents of object, class object is
derived from, and list of classes thatapply to the object.
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 18/21
Assuring Backward
Compatibility Easy Migration from Windows NT
3.5 and 4.0 Active Directory is designed to
operate in mixed Environment.
The migration process from Down
level servers to active directory takeplace one domain controller at a time.
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 19/21
Win 4.x domain with single primary domain
controller and two Backup Domain controllers.
BDC
PDC
BDC
Windows NT 4.0
Domain
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 20/21
BDC
BDC
BDC
Domain ReplicaGlobal Catalog
DC/PDC
Mixed Domain
8/14/2019 AD Basic2
http://slidepdf.com/reader/full/ad-basic2 21/21
Pure Domain- Former BDC’s are now peers of the
original Windows 2000.
DC
DC
DC
Domain Replica
Global Catalog
DC - GC
Domain Replica
Domain Replica
Domain Replica
Pure Domain
