1 / 30

Introduction to Active Directory Structure

Introduction to Active Directory Structure. Vikram Thakur. Agenda. Introduction to Active Directory FSMO Roles Replication Active Directory deployment planning Guiding principles Structure planning More information. Introduction to Active Directory. What is it? How does it help?

milos
Télécharger la présentation

Introduction to Active Directory Structure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Active Directory Structure Vikram Thakur

  2. Agenda • Introduction to Active Directory • FSMO Roles • Replication • Active Directory deployment planning • Guiding principles • Structure planning • More information

  3. Introduction to Active Directory • What is it? • How does it help? • How is it stored? • Where is it stored? • Can it’s scope be extended?

  4. Domain Controller • These are ‘Logon’ or ‘Authenticating’ servers with the NTDS Directory • Under any circumstances there should be at least 2 of these DCs • They check for DB Consistency • They maintain the domain information

  5. AD Properties • It doesn’t require the PDC/BDC structure anymore….that went away with NT4 • ‘Delegation’ is possible…more later • It provides an LDAP interface to other applications • Multiple Domains can be a part of a single AD with Inter Site Trust (Forests)

  6. Storage Structure of AD • Comprises of 2 parts • Transaction Logs • Database • SYSVOL (old NETLOGON)

  7. FSMO FSMO – Flexible Single Master of Operations • Schema • PDC • RID • Domain Naming • Infrastructure

  8. Global Catalogs (GCs) • Hold limited form of AD • Can be modified by using the SCHMGMT.DLL • Used for location of resources

  9. Replication • AD works in Multi-Master mode by default • Happens every 5 minutes • Default – Every DC replicates with 2 other DCs • KCC is part of LSASS (Monitoring that will tell you when you need another DC) • USN (Update Sequence Number)

  10. Planning and Deployment

  11. 1. Assess 2. Plan 3. Migrate Deployment Planning • Three steps • Assess your environment • Create Active Directory structure plan • Create migration plan

  12. Guiding Principles • Keep it simple • Aim for the ideal design • Evaluate several alternatives • Anticipate change

  13. Structure Planning • Deliverable: planning documents Forest plan Domain plan OU plan

  14. Forest Planning • Start with a forest plan Forest plan Domain plan OU plan Site topology

  15. Forest • Schema • Class definitions • Attribute definitions Global catalog • Configuration • Site topology • Domain hierarchy Forest PlanningConcepts User Principal Name “bob@domain.com”

  16. Forest PlanningMethodology • Start with a single forest • Create change control policy • Schema Admins and Enterprise Admins group membership • Multiple forests may be required • Cannot agree on change control • Division requires own schema or config • Complete trust undesirable

  17. Forest PlanningInter-forest Considerations • Users must be aware of structure • Explicit query to domain outside forest • Import objects from other forests • Config, schema managed separately • One-way, non-transitive trust only

  18. Domain Planning • Create a domain plan for each forest Forest plan Domain plan OU plan

  19. Domain PlanningConcepts • A domain is a partition of a forest • Unit of partitioning for replication • Administrative and policy boundary • Scope of authority of Domain Admins • Policy and access control do not flow between domains

  20. Domain PlanningMethodology Forest plan Partition Select Forest Root Domain plan Create Hierarchy OU plan DNS Support

  21. Domain PlanningPartitioning • Start with a single domain • Justify each additional domain • Example justification • Administrative partitioning (admin/policy) • Physical partitioning (replication) • Upgrade existing domain in-place

  22. Domain PlanningObsolete Reasons to Partition • WinNT 4.0: 40,000 object limit • Active Directory tests: 1,500,000+ • Primary Domain Controller (PDC) availability requirements • Active Directory is multi-master • Delegation of administration • Resource domains no longer needed • Delegate within a domain using OUs

  23. OU Planning • Create an OU plan for each domain Forest plan Domain plan OU plan

  24. OU PlanningConcepts • An Organizational Unit (OUs) is a container inside a domain • Nested to create hierarchical structure • Not a security principal • Easily changed • Typically not exposed to users • Depth does not impact performance

  25. OU PlanningMethodology Forest plan Delegate Administration Domain plan Apply Group Policy OU plan

  26. OU PlanningDelegate Administration • Objects can be permission on a per-attribute basis • Very flexible delegation possible • Minimize number of Domain Admins • Example procedure • Delegate full control • Delegate full control per-object class • Delegate control of specific attribute

  27. OU PlanningApply Group Policy • Group policy is used to control desktop configurations • Applied to Users and Computers • Associated with Sites, Domains, or Organizational Units • Create OUs to apply unique policy • Filter application of policy using access control

  28. Summary • Deployment planning • Assess current environment • Structure planning • Migration planning • Start with structure planning • Forest, domain, OU • Guiding principles • Keep it simple • Anticipate change

  29. For More Information • Read the Windows 2003 Deployment Guide (on the Windows 2003 CD) • Read the Distributed Systems book in the Windows 2003 Resource Kit • Watch for whitepapers on the Windows 2003 Server home page http://www.microsoft.com/windows/server/

  30. Scenario Discussion – time permitting

More Related