380 likes | 474 Vues
Explore the importance of Active Directory boundaries, trust basics, site creation, subnet association, and replication strategies for effective network management. Learn about forest and external trusts, replication methodologies, and operations master roles. Discover tips for promoting domain controllers and handling domain operations.
E N D
Active Directory Boundaries - Purpose • Replication Boundaries • Security Boundaries
Active Directory Boundaries - Types • Geographic vs Organizational • Contiguous vs Discontigous namespace • i.e. oldcompany1.newcompany.com and oldcompany2.newcompany.com are 2 contiguous namespaces
Prestaging • forestprep and domainprep • Removal
Removing Domains or Trees • ADMT pruning/grafting • ADMTv3.1
Functional Levels • Viewing • Raising • Interoperability • UPN – User Principal Name
Simplifying Logon • Each user • Has a unique down-level logon name • Can have multiple friendly UPN's
Trust Basics • Trusts allow communication between the boundaries of domains and forests • 1 way Trust • 2 way Trust
Transitive Trusts • Extend permissions across multiple domains • Automatically created as new domain joins a tree or new child is created
Forest Trusts • Forest wide • Selective authentication
External Trusts • Non-Transitive • NT4.0 or Kerebos compatible
Shortcut Trust • Transitive • Speeds up authentication and authorization
Identity • Security Identification (SID) filtering
Create Sites • Balance service delivered to all locations. • Inventory the number of users at each site • Inventory the types of WAN links
Create AD Subnets • Associate subnets with the site location that has the closest DC
Configure Site Links • Site Links = WAN links • Star vs Mesh
Associating Link Costs • Cost = Speed/Availability of WAN
Configure Infrastructure • Manually link Operational Masters with their backup servers
Global Catalog Servers • Deploy Global Catalog servers at each site when possible
Replication • Each domain can have its own replication topology and schedule • Different events have different priorities to trigger replication
DFS • DFS – Distributed File System • Method for synchronizing shared folders
DFS • DFS – Distributed File System • Method for synchronizing shared folders • Conflict and Deleted folder • Good for application distribution or other read-only data
Replication - Automatic • Knowledge Consistency Checker (KCC) • Bridgehead Server • Intersite Topology Generator
Replication - Automatic • Knowledge Consistency Checker (KCC) • Bridgehead Server • Intersite Topology Generator • Scheduling • IP and SMTP protocols
Replication - Manual • Designate a specific bridgehead server • Make a one way replication partnership • Manually force replication after making changes to AD
Global Catalog Server • DC that contains information about other Domains
Promotion • Use the AD snap-in Sites and Services • Partial Attribute Set
Alternate Methods • UGMC – Universal Group Membership Caching
Domain Operations Masters • PDC emulator • Relative ID (RID) • Infrastructure
Forest Operations Masters • Schema Master • Domain Naming
Operations Master • Seize vs Transfer • Backup • Placement
Schema Master • Schema can be extended with various tools • Placement should be on a Global Catalog • Time Service is important for successful upgrades