active.directory ppt
DESCRIPTION
Active directory pptTRANSCRIPT
An Introduction to
Introduction Large corporations today face the
following problems Finding a certain file. Seeing everything from a single view Replicate data
Windows NT server network Offers directory services Single network logon Single point of administration and
replication
Traditional Directory Tools for organizing, managing and
locating objects in a computing system Directory services are like a telephone
book LANs and WANs grow larger and more
complex Active directory unifies and brings
order to diverse server hierarchies, or namespaces
Directory Service Users and administrators do not know
exact names The directory can run a query for an object
by one of its attributes A directory service can
Enforce security defined by administrator Replicate a directory Partition a directory into multiple stores
A management and an end user tool
Active Directory
Included with Windows 2000 server Works well in any size installation
Single server with few hundred objects Thousands of server with millions of objects
Important Concepts
user
Attributes for User Object:
Name: JoeSurname: SmithEmail: [email protected]
Scope Can include every single
object, every server and every domain
Namespace Any bounded area in
which a given name can be resolved
Object A distinct, named set of
attributes that represents something concrete, such as a user, a printer or an application.
Important Concepts
Container An object which has
attributes and is part of active directory
Tree A hierarchy of objects
and containers Endpoints on trees
are objects Nodes represent
containers Shows how objects
are connected
Important Concepts
Domain A Domain B
Domain C
ImplicitTrust
EstablishedTrust
Domains A single security
boundary of a network
Domain trees A tree comprised
of several domains sharing a common schema, configuration and forming a contiguous namespace
Important Concepts
Microsoft.Com
PBS.Microsoft.Com
NTDev.PBS.Microsoft.Com
SoftImage.Com
Finance.SoftImage.Com
Forest A set of one or more trees that do not form a contiguous
namespace All trees in a forest share a common schema, configuration
and global catalog A forest does not need a distinct name
Sites Location in a network that contains Active Directory
servers
Active Directory Features DNS Integration
Active Directory is tightly integrated with Domain Name System.
Active Directory uses DNS as the location Service
An Enterprise can connect Active Directory Servers directly to the Internet.
Support for LDAP LDAP is Lightweight Directory
Access Protocol. It was developed as a simpler
alternative to X.500 protocol Active Directory supports both
LDAP version 2 and version 3.
Object Naming Active Directory Schema defines
two useful properties Object Globally Unique Identifier, a
128 bit number which is never changed if object is moved or renamed.
User principal Name which is shorter than DN and easy to remember
Protocol Support Supported protocols include:
LDAP Remote procedure call X.500
Supported API’s include ADSI LDAP API MAPI
Global Catalog GC enables users and applications
to find objects in an Active Directory Domain tree if user knows one or more attributes of target object.
GC holds a replica of every object in the Active Directory, but only holds a small number of their attributes.
Security Object protection
All objects are protected by Access Control Lists.
An ACL is store as a binary value called a Security Descriptor.
Delegation It allows a higher administrative
authority to grant rights for containers and subtrees to individuals and groups.
Trees and Forests
root.com
sub.root.com
child.sub.root.com
Searching root.com,results in deep searchinto child domains.
Windows 2000 domain tree is a hierarchy of domains, each consisting of a partition of Active Directory.
Transitive Bidirectional Trust relationship is automatically established between joined domain and its parent.
Domains are joined to Domain tree during installation process.
Extending the Schema New attributes can be added to the
Schema at any time , using name, OID, definition of data, range limits.
New Objects can be added at any time using name, oid, list of classes that can be parents of object, class object is derived from, and list of classes that apply to the object.
Assuring Backward Compatibility Easy Migration from Windows NT
3.5 and 4.0 Active Directory is designed to
operate in mixed Environment. The migration process from Down
level servers to active directory take place one domain controller at a time.
Win 4.x domain with single primary domain controller and two Backup Domain controllers.
BDC
PDC
BDC
Windows NT 4.0Domain
BDC
BDC
BDC
Domain ReplicaGlobal Catalog
DC/PDC
Mixed Domain
Pure Domain- Former BDC’s are now peers of the original Windows 2000.
DC
DC
DC
Domain ReplicaGlobal Catalog
DC - GC
Domain Replica
Domain Replica
Domain Replica
Pure Domain