1 / 18

Active Directory by Jörg Bänder and Steffen Diehl

Active Directory by Jörg Bänder and Steffen Diehl. What is Active Directory?. AD is a storage for IT-masterdata It is a place to: Search for IT-masterdata Manage IT-masterdata decentrally (delegation of administration) Backup IT-masterdata centrally

sybil
Télécharger la présentation

Active Directory by Jörg Bänder and Steffen Diehl

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Directoryby Jörg Bänder and Steffen Diehl

  2. What is Active Directory? • AD is a storage for IT-masterdata • It is a place to: • Search for IT-masterdata • Manage IT-masterdata decentrally (delegation of administration) • Backup IT-masterdata centrally • Windows 2000 Directory Services = IT-masterdata storage = Active Directory

  3. Windows 2000 Active Directory • Windows Clients • Mgmt profile • Network info • Policy • Windows Servers • Mgmt profile • Network info • Services • Printers • File shares • Policy • Windows Users • Account info • Privileges • Profiles • Policy Active Directory • A Focal Point for: • Manageability • Security • Interoperability Active Directory provides a focal point for management, security, and interoperability

  4. How is AD installed? • Active Directory needs dynamic DNS! • Use dcpromo to create your first Domaincontroller (DC) and create a Domain • The DC has a complete read/write copy of the AD for this new Domain • Information is stored in the sysvol folder and the ntds.dit file

  5. Types of Servers • A Windows NT 4.0 server can be a: • Primary domain controller (PDC) • Backup domain controller (BDC) • Member server • A Windows 2000 Server is either a domain controller or a member server • Domain controllers (DC) have a replica of the directory database, member servers do not • DC can also be a Global Catalog (GC) server

  6. Logical Structure of AD Terms: • Forest(Overall Structure) • Tree (Structure, Domaintree) • Domain (Domain) • Organisational Unit (Unit of administration, OU)

  7. Forests = Grouped Domains • Domains with contiguous Domain Name System (DNS) names can be grouped into a domain tree • Roots of each tree within a forest have a discontinuous namespace contoso123.com nwtrader123.com partner.contoso123.com asia.contoso123.com sales.nwtrader123.com

  8. Forests • A joint set of Domain Trees that: • Share a single Schema • Share a single configuration (Sites, etc) • Share the same Global Catalog • Are automatically conected by transitive Trusts • Are overseen by Enterprise Admins Group • Are represented by a Global Catalog • Different namespaces in the trees

  9. Domain Tree More than one domain sharing same root namespace • Hierarchically arranged domains created by parent-child relationship • Users can search for all information within the Domain Tree • Bidirectional Kerberos Trust to the parent domain

  10. Trusts 10 Domains: AD: 9 Trusts NT4: 90 (!)

  11. AD- Domain • Next hierarchical level below forest / domain tree • Provides a replication boundary • Is a unit of partitioning • Is a unit of authentication • Is a unit of domain account policy • Is overseen by Domain Admins group • Is a security boundary in the Active Directory • OU properties are inherited within a domain only – not across domains

  12. AD - OU • Lowest form of grouping in the Active Directory • Organizational Unit is graphically represented by a circle in the diagrams • Group Policy can be applied to the OU • Can be nested up to x levels deep • Performance considerations if using Group Policy Objects (GPOs)

  13. Existence of OUs • Only two justifications for OUs to exist (best practise): • Delegation of administration • Use of Policies on contained objects

  14. The Schema Domain Schema User Account • Name • Title • Manager • Office Location • Phone • Division • Cost Center Code • Certification Expires Printer • Name • Mfr • Model • Color • Duplex • Asset # • Paper Size • Defines the objects that are allowed within the Active Directory • Each object class has attributes that are also defined • The schema is extensible • Changes to the schema are permanent • Schema flexible single master operation (FSMO) replicates changes throughout the enterprise

  15. The Global Catalog Contains a partial replica of the information contained within each of the domains • Allows for fast searching of the key information in the Active Directory, without hitting all of the domains • Enables objects to be located throughout the forest • Reduces replication overhead • Can have every DC be a GC • Administrators define which attributes are included • Replication occurs along with domain controller replication

  16. Global CatalogDomain Tree The GC in each domain has a pointer to its own domain information (which is complete) It also has partial information from all of the other domains in the tree (or forest)

  17. AD Best Practise • Create an empty Root Domain which holds Enterprise Admin Accounts and Schema Master FSMO Role • This Domain should remain empty! • Keep only three things in mind when designing a OU-Structure: • DoA • Policy Usage • Do not model the Business Structure • Sites reflect High Network Connectivity (LANs) • And the most important: Keep it simple!!

  18. Finito! Thank you for your attention  Questions ??

More Related