Introduction to Active Directory in
Windows 2000/2003
Overview
Introduction to Active Directory Active Directory Logical Structure Active Directory Physical Structure Methods for Administering a Windows 2000 Network
What Is Active Directory?
Directory Service Directory Service FunctionalityFunctionality
Organize Manage Control
Resources
Centralized ManagementCentralized Management
Single point of administration Full user access to directory
resources by a single logon
Active Directory Objects represents network resources, such as users, groups, computers, and printers
AttributesAttributesFirst NameLast NameLogon Name
AttributesAttributes
Printer NamePrinter Location
Active DirectoryActive Directory
Printers
Printer1
Printer2
Suzan Fine
Users
Don Hall
AttributeAttributeValueValue
ObjectsObjects
Printers
Users
Printer3
Active Directory Logical Structure includes:
Domains Organizational Units Tree and Forest
Domains
A Domain is a collection of computers that share a common database
A Domain Is a Security Boundary A domain administrator can administer only within the domain,
unless explicitly granted administration rights in other domains A Domain Is also a Unit of Replication
Domain controllers in a domain participate in replication and contain a complete copy of the directory information for their domain- NT??
Windows 2000Domain
User1
User2User1
User2ReplicationReplication
Organizational Units
Fire Dept
All Users
Police Dept
Network Administrative ModelNetwork Administrative Model
Use OUs to Group Objects into a Logical Hierarchy That Best Suits your needs for Administration Software Deployment Policies Delegation
Fire Dept
All Computers
Police Dept
Network Administrative ModelNetwork Administrative Model
Tree and Forest
Town.Belmont.ms.us
(root)
Police.town.belmont.ma.usFire.town.belmont.ma.us
Tree
Active Directory Physical Structure
Domain Controllers Sites
Domain Controllers
Domain Controller
Domain Controller
Domain
ReplicationReplicationUser1
User2User1
User2
= A Writeable Copy of the Active Directory Database
Domain Controllers: Participate in Active Directory replication You can have more than one
SITE LINK
28K
FIBER CONNECTION
WHY HAVE SEPARATE SITES
Methods for Administering a Windows 2000 Network
Using Active Directory for Centralized Management
Managing the User Environment
Using Active Directory for Centralized ManagementActive Directory:
Enables a single administrator to centrally manage resources Allows administrators to easily locate information Allows administrators to group objects into OUs Uses Group Policy to specify policy-based settings
Town.Belmont.Ma.US
All Users
Treasurer Water Assessors Retirement Library Personnell
All Computers
user user2 user3 user4 user5 user6
Water Assessor Retirement Library PersonnellTreasurer
computer computer2 computer3 computer4 computer5 computer6
Managing the User Environment
Use Group Policy to: Control and lock down what users can do Centrally manage software installation, repairs, updates,
and removal Configure user data to follow users whether they are online or
offline
Windows 2000 Enforces Continually
Apply Group Policy Once
1 2 3 Domain
OU1 OU2 OU3
1 2 3
Review
Introduction to Active Directory Active Directory Logical Structure Active Directory Physical Structure Methods for Administering a Windows 2000 Network