Date post: | 19-Jan-2016 |
Category: |
Documents |
Upload: | nigel-osborne |
View: | 219 times |
Download: | 0 times |
(ITI310)
By Eng. BASSEM ALSAID
SESSIONS 6-7-8: Active Directory
SAT 12-Dec-2015
“ACTIVE DIRECTORY”
Session 6: Introducing Active Directory Domain Services (AD DS)- Describe the role of a directory service and the physical and logical
Active Directory structure.- Name Space, Catalogue, Global Unique Identifier (GUID), Replication.- Read-Only Domain Controller (RODC)- Installing Active Directory Domain Services.- How to manage user accounts, computer accounts.
Session 7: Introducing Group Policies- The Computer Configuration Node.- The User Configuration Node.- How Group Policies Are Applied.- Group Policy Management and Monitoring.
“ACTIVE DIRECTORY”
Session 8: Configuring DNS for Active Directory- Describe the structure of Domain Name System.- Install and use the DNS Server role in Windows Server 2008.- Configure DNS zones.- Configure advanced DNS server settings.- Monitor and troubleshoot DNS.
SESSION 6“Introducing Active Directory Domain Services“
Session Objectives:- Describe the role of a directory service and the physical and logical
Active Directory structure.- Name Space, Catalogue, Global Unique Identifier (GUID), Replication.- Read-Only Domain Controller (RODC)- Installing Active Directory Domain Services.- How to manage user accounts, computer accounts.
“Active Directory - Definition”
• Active Directory Domain Services (AD DS) stores information about users, computers and other devices on the network.
• AD DS helps administrators securely manage these information and facilitate resource sharing and collaboration between users.
• AD DS is also required for directory-enabled applications such as Microsoft Exchange Server and for other Windows Server technologies such as Group Policy.
• From a technical point of view, a directory service (Data Store) is a distributed database that allows us to store information about network resources in order to facilitate their implementation and management.
“Active Directory – Logical Structure”There are five organizing components of Active Directory:Object/Leaf : user accounts, groups, computer accounts, printers, shared folders, applications, servers, and domain controllers.Organizational Unit (OU)/Container: An object containing other objects.Domain: A domain can consist of one or more organizational unit. A domain shares a single administrator group (Domain Administrators security group) and same set of objects.Trees: All domains hierarchically connected constitute a Tree of domains. The domain at the top of the hierarchy is called the Root and the domains below are Sub-Domains.Forests: A forest can consist of one or more trees or domains and those domains are connected through transitive trust.
Using a geographical analogy: an OU represents a city, a domain is the state, a tree is the country, and a forest is the continent.
AttributesAttributes
First NameLast NameLogon Name
First NameLast NameLogon Name
AttributesAttributes
Printer NamePrinter LocationPrinter NamePrinter Location
Active DirectoryActive Directory
Printers
Printer1
Printer2
Suzan Fine
Users
Don Hall
AttributeValue
AttributeValue
ObjectsObjects
PrintersPrinters
UsersUsers
Printer3
Objects & Fields Objects & Fields Objects & Fields Objects & Fields
AD Organizational UnitsAD Organizational Units
AD domain and OUsAD domain and OUs
tech.svuonline.orgtech.svuonline.org
svuonline.orgsvuonline.org
admin.svuonline.orgadmin.svuonline.org
ParentDomainParent
Domain
ChildDomain 1
ChildDomain 1
New Sub-Domain
Tree Root Domain
TREETREETREETREE
ChildDomain 2
ChildDomain 2
“Active Directory – Physical Structure”Controllers and Sites are the only basic elements constituting the physical structure of a network configuration.
Domain Controller (DC): a computer running Windows Server 2008 with the Active Directory Domain Services role installed.
Site: each physical location with a domain controller operating in a common domain connected by a WAN constitutes a site.
Link: Links are the transport mechanism for Active Directory replication between sites. Replication interval and costs can be configured on Site Links.
SiteIP subnetIP subnetIP subnetIP subnet
IP subnetIP subnetIP subnetIP subnet
DAMASCUS
ALEPPO
HOMS
LATAKIA
DC, SITE, LINK DC, SITE, LINK DC, SITE, LINK DC, SITE, LINK
“Domain Controller”Active Directory domain can consist of many domain controllers, each domain controller can service only one domain. Each domain controller contains a full replica of the objects that make up the domain and is responsible for the following functions:Storing a copy of the domain data and replicating changes to that data to all other domain controllers throughout the domain.Providing data search and retrieval functions for users attempting to locate objects in the directory.Providing authentication and authorization services for users who log on to the domain and attempt to access network resources.Kerberos is a network authentication protocol, uses a strong cryptography so a client can prove its identity to a server.
Name Space, Catalogue, Global Unique Identifier (GUID)
• Name Space: A namespace is an area designated by specific limits in which the logical name assigned to a computer can be solved.The primary function of the namespace is to organize the descriptions of resources in order to enable users to locate these resources from their characteristics or properties.
• Catalogue: The global catalog contains a partial replica of every Windows 2008 domains in the directory: it is built automatically by the replication of Active Directory.
• GUID: Each object of a network must be identified by a unique property: it is why Active Directory associates a globally unique identifier (GUID) to each object.
• RODC: stores read-only copy of Active Directory database, except passwords.
Domain Controller
Domain Controller
DomainDomain
ReplicationReplicationReplicationReplicationUser1
User2User1
User2
ReplicationReplicationReplicationReplication
ConclusionConclusionConclusionConclusion
Practice 1: •Installing Active Directory Domain Services
“What’s Inside Active Directory?”Active Directory’s contents and the functions it performs in your network are defined by the schema, objects, and Group Policy Objects (GPOs, discussed later in this chapter in “Introducing Group Policy”).
The Active Directory Schema:The schema defines the type, organization, and structure of data stored in the Active Directory database and is shared by all domains in an Active Directory forest. The information the schema defines is divided into two categories: schema classes and schema attributes.
Schema classes, schema attributes, and Active Directory objects
Schema classes, schema attributes, and Active Directory objects
Domain
Forest
Active Directory Database
svuonline.org
Configuration
Schema
Holds information about all domain-specific objects created in Active Directory
Holds information about all domain-specific objects created in Active Directory
Contains information about Active Directory structureContains information about Active Directory structure
Contains definitions and rules for creating and manipulating all objects and attributes
Contains definitions and rules for creating and manipulating all objects and attributes
Directory PartitionsDirectory PartitionsDirectory PartitionsDirectory Partitions
Practice 2: •Locating Objects with Active Directory Users and Computers.
NEXT SESSION
Date: C2: Saturday 19-Dec-2015, 12:00C3: Saturday 19-Dec-2015, 13:30
Title: “ACTIVE DIRECTORY – PART 2”
THANKS