1 / 23

COMP1321 Digital Infrastructure

COMP1321 Digital Infrastructure. Richard Henson February 2014. Week 15: Active Directory and Enterprise Networks. Objectives: Explain the importance of X500 compliance for Internet-based database Explain how Active Directory can control login and access to network resources

meredith-horne
Télécharger la présentation

COMP1321 Digital Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COMP1321Digital Infrastructure Richard Henson February2014

  2. Week 15: Active Directory and Enterprise Networks • Objectives: • Explain the importance of X500 compliance for Internet-based database • Explain how Active Directory can control login and access to network resources • Explain how Active directory can provide trust across multiple domains

  3. More about Active Directory • An LDAP network-wide directory service for providing paths to files and services • available from Windows 2000 onwards • of limited use on networks with NT v4 clients • All domain controllers contribute to, share, and are part of the Active Directory system • data on network resources, services & users all stored in a single file • ntds.dit • tools available for AD system management • e.g. ntdsutil

  4. X500 compliance • Many rules laid doown for applications and data structures held on Internet • Database: object-oriented (X500 compliant) • Query of database through LDAP (lightweight database access protocol)

  5. What is Active Directory? • Object-oriented database (compliant with X500 standard) • hierarchy of data objects (& their properties) • domain controllers • computers • users & groups of users • network resources

  6. Backing up the Database • Goes without saying that the loss of Active Directory will be bad for the network • people won’t even be able to log on! • Should be backed up… regularly! • Best way to do this is on another computer…

  7. Fault Tolerance • General engineering principle… • if it can go wrong… it will! • To maintain availability for users, the whole domain controller should be backed up! • active directory designed as a distributed database that backs up to a reserve domain controller • backup domain controller software set up using same active directory wizard

  8. Fault Tolerance (hardware fault) • E.g. Hard disks • can crash or become corrupt • System needed for a backup to take over “seamlessly” • i.e. without the user noticing… • Achieved by disk mirroring • exact copy available to take over at a moment’s notice

  9. Domain Trust • This allows users on one domain to log onto resources on another domain • Trusts can be one or two-way Domain A Domain B

  10. Enterprise Structure of Active Directory • A hierarchical system of organisational data objects • i.e. domains, • A Tree can be • a single domain • group of domains

  11. Domain Trees & Forests • Active Directory provides “trust” between the databases of domains that are linked in this way • A “Tree” is the domains and links between them • A “Forest” contains data needed to connect all objects in the tree: • domain objects in the tree are logically linked together in the forest and their users can “trust” each other

  12. Active Directory and Users • Active directory allows set up and management of domain users • Can also define domain groups, and allow domain users to become part of domain groups • aids administration • policy file can be set up • interacts with user machines registry during login • controls user desktop

  13. Organisations, Organisational Units, and Domains • An organisation may: • have several locations • have several functions in same location • Alternative to multiple domains… • organisational units • group policy can be applied selectively

  14. WINS (Windows Internet Names Service) • Used on earlier Windows TCP/IP networks to enable computer devices to communicate using IP • manages a dynamic database of IP addresses and local network (NetBIOS) names • clients request IP addresses for particular NetBIOS names • WINS server provides that information

  15. Active Directory and DNS • In Active directory, each domain in the tree has a unique DNS identity • therefore a unique IP address… • can cause confusion when setting up domain structure!! • Also, each device within a domain can also made use of DNS, via its IP address… • no need for WINS…

  16. Microsoft TCP/IP stack • Differs from UNIX TCP/IP (e.g. no FTP, SMTP or Telnet) • DNS is available as a network service • Application layer components: • Windows sockets - to interface with sockets-based applications • NetBT - to interface with NetBIOS applications • SNMP, TCP, UDP, IP as with Unix protocol stack

  17. Configuring TCP/IP on Windows • Requires local administrator access!! • 1. Find “Local Area Connection”: • either through Control Panel/Network & Dial up connections • or by right-clicking on Network Places and choosing Properties • 2. Right click on Local Area connection • 3. Click on “properties”

  18. TCP/IP Configuration (2) • Locate and double-click TCP/IP • If DHCP (dynamic host configuration protocol) is running, IP addressing is dealt with automatically by the DHCP server • Otherwise, three IP addresses need to be added: • Local static machine IP address • Subnet mask • Default gateway

  19. TCP/IP Configuration (3) • Local machine IP address • DHCP protocol can automatically assign IP addresses from a Windows 2000 server machine running DHCP server • Alternatively, a static IP address can be keyed in manually • Subnet mask: • normally 255.255.255.0 for small networks • 255.255.x.0 for larger networks • x -> 0 as the network gets larger • Default gateway is the IP address of the LAN-Internet interface computer…

  20. Windows TCP/IP utilities • Located in the system32 directory • Not available from the GUI • Only accessible via the NT prompt (Ping (packet internet groper): • FTP • Telnet • Finger (retrieval of system information from a computer running TCP/IP & finger • ARP (displays local IP addresses according to equivalent MAC or “physical” addresses) • ipconfig (displays local IP configuration) • tracert (checks route to a remote IP address)

  21. Some Other Windows Network Services • Terminal Services • RIS (remote installation…) • DNS (Domain name/IP address look up) • Virtualisation (Hyper-V) • RAS (remote access) & Secure Remote Login • Internet Information Server (IIS)

  22. Installation of Client-Server Services • Don’t need a domain controller • Many run quite happily on a Server • Investigation after the break…

  23. “Internet of Things” • http://www.bcs.org/upload/pdf/internet-things-190213.pdf • http://www.youtube.com/watch?v=fj_xwgLW_4I

More Related