1 / 25

CN1276 Server

CN1276 Server. Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+. Agenda. Chapter 1: Overview of Active Directory Domain Services Quiz Exercise. What is AD?. Centralized authentication service Directory service X.500

salma
Télécharger la présentation

CN1276 Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

  2. Agenda • Chapter 1: Overview of Active Directory Domain Services • Quiz • Exercise

  3. What is AD? • Centralized authentication service • Directory service • X.500 • Uses a hierarchical approach in which objects are organized in a similar way to the files and folders on a hard drive. • Lightweight Directory Access Protocol (LDAP) • Slim-down version of X.500 modified to run over the TCP/IP network.

  4. Active Directory in Server 2008 • Active Directory Domain Services (AD DS) • It’s an AD on Windows server 2008 • Active Directory Lightweight Directory Services (AD LDS) • A simpler version of directory services that integrate with ADDS to provide directory services

  5. Domain Controller (DC) • A server that stores the Active Directory database and authenticates users with the network during logon. • Information are stored in a file called ntds.dit • Multimaster database • Replication • Outbound replication – sender • Inbound replication – receiver

  6. Major benefits of ADDS • Centralized resource and security administration • Single logon for access to global resources • Fault tolerance and redundancy • Simplified resource location

  7. Functional Levels • Provide interoperability with prior versions • Windows Server 2000, Windows Server 2003, EXCEPT Windows NT • When DC installed: • AD Users and Computers • AD Domains and Trusts • AD Sites and Services • ADSI Edit (Service Interfaces)

  8. Fault Tolerance and Redundancy • Active Directory uses a multimaster domain controller design. • Changes made on one domain controller are replicated to all other domain controllers in the environment. • It is recommended to have two or more domain controllers for each domain.

  9. Read-Only Domain Controller (RODC) • A domain controller that contains a copy of the ntds.dit file • cannot be modified • does not replicate its changes to other domain controllers with Active Directory.

  10. Simplifying Resource Location • Allows file and print resources to be published within Active Directory. Such as: • Shared folders • Printers

  11. Active Directory Components • Forests • One or more domain trees, with each tree having its own unique name space. • Domain trees • One or more domains with contiguous name space. • Domains • A logical unit of computers and network resources that defines a security boundary. • Organization Units (Ous)

  12. Forests • Naming contexts (NCs) • To improve the efficiency of the AD – Multiple partitions • Schema NC • Rules and definitions that are used for creating and modifying object classes and attributes within AD • Configuration NC • Information regarding the physical topology of the networks, as well as other configuration data that must be replicated • Both NCs are replicated forest-wide and stored in the NTDS.dit file on every DC in a forest

  13. Domain NC • Consists of user, computer, and other resource information

  14. Deploying Domain Trees • Parent-child relationship • Every domain has Domain NC • Users, groups, computers, etc. • Lucernepublishers.com can considered as Forest root domain

  15. Working with OUs • A logical grouping of resources that have similar security or administrative guidelines • You can delegate administrative rights to supervisor or manager • Users • Groups • Contacts • See more objects on Page 7 • Application partition • To specify/manage the scope of replication

  16. Schema • Each object is defined within the AD schema • Object classes • Attributes • Common attributes are as follows: • Unique name • Globally unique identifier (GUID) • Required object attributes • Optional object attributes

  17. AD Sites and Subnets • Sites are used to optimize the replication of AD information • Intersite replication takes place at regularly scheduled intervals • Knowledge Consistency Checker (KCC) • Use to maintain the replication topology

  18. AD Naming Standards (LDAP) • LDAP refers to an object using its distinguished name (DN) • Example: • cn=JSmith, ou=sales, dc=lucernepublishing, dc=com

  19. Domain Name System (DNS) • Resource records : • SRV records • A record in DNS that points to any resource in your site or domian • Locator service for LDAP/Domain controllers services • Host (A) – Host name to IP. • Pointer (PTR) – IP to Host name.

  20. Domain Functional Levels • Higher levels of functional level will not allow older versions of Windows to function but will add additional functionality or features. • Raising functional level is a one-way process.

  21. Domain Functional Levels • Windows 2000 native • Windows Server 2003 • Windows Server 2008 • Read-Only Domain Controller (RODC) • See Page 12 – 13 for more detailed

  22. Forest Functional Levels • Same as Domain Functional levels. Forest functional level applied too all domains in that forest • To raise the forest functional level, all domains in that forest has to be raised to the same level first • See Table 1-3 on Page 15

  23. Trust Relationships • Two-way transitive trusts • Transitive trust • A -> B -> C, then A -> C • Shortcut trust • If the links in between are slows, you can create a shortcut trust. It will be one-way trust • External trust • A one-way trust to connect to another domain in a separate forest

  24. Trust Relationships (2) • Cross-forest trust • Required Windows Server 2003 forest functional level • Can be one-way or two-way relationship • It is a transitive trust

  25. Assignment • Fill in the blank • 1-10 • Multiple Choice • 1-10 • Online Lab 1

More Related