1 / 18

Active Directory and DNS

Active Directory and DNS. Lecture 2 Hassan Shuja 09/14/2004. Active Directory (AD). Active Directory Definitions/Features Active Directory has two parts A database with information about users and resources

edena
Télécharger la présentation

Active Directory and DNS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Directory and DNS Lecture 2 Hassan Shuja 09/14/2004

  2. Active Directory (AD) • Active Directory Definitions/Features • Active Directory has two parts • A database with information about users and resources • A service that manages the database and enables users of computers on the network to access the database • Active Directory Features/Advantages • Security - Logon process and controlling access to objects • Administration – Hierarchical structure • Search capabilities – Search AD for an object • Scalable – Allows multiple domains, fits for any size network • Flexibility – Grows with your company, allows for additions

  3. Active Directory • Structure • Objects and Classes • An object is the smallest component that you can have in AD • A class is a template of all attributes of an object when it is created • Schema • Schema governs the structure of the directory • Allows administrators to modify and add new object classes, objects and attributes as needed, making the schema extensible • Active Directory Schema is the name of the snap-in in MMC and can only be changed by Schema Admins • Global Catalog • A master searchable index that contains information about every object in a forest • Created by default on first DC in a domain • Contains a full copy of all objects in its own domain and a partial replica of all objects in all other domains in the forest • Serves as a central point for user authentication

  4. Active Directory • AD Organization • Smallest component in AD is an object • Objects have attributes and are defined by classes • Objects have permissions ACL that contains information about who has access to it and what they can do with it • Controlling access to object is different than having access to the objects resources • Organizational Units (Container objects) • Substructure of domains and are arranged hierarchically • Used to organize related objects in AD, can also contain other OUs • Helps simplify administration

  5. Active Directory • Object IDs • Globally Unique Identifier (GUID) – A 32 hex number assigned to an object at the time of creation and object is stored with it. This ensures uniqueness and avoids duplication • Security ID (SID) – A unique security ID created by the Security subsystem that is assigned to user, groups, and computers to grant or deny an object access to other objects

  6. Domain Controller (DC) • DC Setup • All Domain Controllers are equal • A change on one DC will be replicated to all other DCs • Five Scenarios where a DC can have an additional role • Relative ID Master • Schema Master • Infrastructure Master • Domain Naming Master • PDC Emulator

  7. Domains • AD Organization • Tree • Grouping of one or more domains that must have a single root domain • Parent child & child relationships • Defined by a common and contiguous name space • A hierarchy of domains sharing a common schema, security trust relationship, and a Global Catalog

  8. Domains • AD Organization • Forest • A group of one or more Domain Trees linked together by a trust • Two different root domains • All Trees share a common schema and global catalog • Do not have contiguous DNS domain names

  9. Trusts • NT Domains • Each domain had its own accounts • Need accounts in every domain that you need resources or need administrator to setup a trust between domains • Trust were setup explicitly as one-way or two-way trusts • These trusts are intransitive

  10. Trusts • Trusts • A logical connection that allows users from one domain to access resources in another domain • Can be one way or two ways • Trusting domain and Trusted domain

  11. Trusts • Intransitive Trusts • Domain C trusts Domain B and Domain B trusts Domain A • (B has access to resources in C and A has access to resources in B) • Domain C does not trust Domain A • Intransitive trusts are possible in Windows NT

  12. Trusts • Transitive Trusts • A trust between two domains in the same Tree/Forest that can extend beyond two domains to other trusted domains within the same Tree/Forest • Always a 2 way trust • By default all Windows 2000 trusts within Tree/Forest are transitive • Domain A and C trust each other

  13. Trusts • Explicit Trusts • A trust that is setup by an administrator • Connect domains directly to shorten the path between them • It can be either transitive or intransitive • Used to manage trusts between Windows 2000 and NT domains

  14. Domain Name System (DNS) • DNS • DNS Structure • Based on a hierarchical naming structure (inverted tree) • A single root domain, underneath there are second-level domains • Every computer in a DNS domain is uniquely identified by a Fully Qualified Domain Name (FQDN) • Dynamic DNS is supported in W2K

  15. Domain Name System • Zone Files and DNS Servers • Forward Lookup Zone • This contains host name to IP address resolution • Reverse Lookup Zone • This contains IP address to host name resolution • DNS Servers • Primary – Maintains the master copy of the zone files • Secondary – Keeps a back-up copy of the zone files • AD-integrated – DNS entries kept in AD data store instead of zone files • Scavenge Files • Finds and deletes records in a zone if they have been stale for a certain amount of time

  16. Active Directory & Domain Name System • AD & DNS • Active Directory and DNS use the same hierarchical structure • Typically use the same FQDN • DNS records can be stored in Active Directory • Clients use DNS to locate Domain Controllers on the network

  17. Domain Name System • Name Space • Active Directory is based on the concept of namespace, that is a name is used to resolve the location of an object • Active Directory names correspond to DNS domain names • Each name gives the location of the object in Active Directory

  18. Domain Name System • Name Convention • Relative Distinguished Name (RDN) – A name that is assigned to the object by the administrator when it is created, a unique name • Example – hshuja1 • Distinguished Name (DN) – Defines the RDN and also location within Active Directory, such as OU that user belongs to • Example – hshuja1@research.umbc.edu • User Principal Name (UPN) – A more “easier” naming convention. Combines RDN with domain name, no OU is referenced • Example – hshuja1@umbc.edu

More Related