chapter01 - active directory installation - cts1334

Chapter 1: Installation of Active Directory

Objectives� Describe the role of a directory service and the

physical and logical Active Directory structure

� Install Active Directory� Install Active Directory

� Describe the main Active Directory objects

� Explain configuring and applying group policies

MCTS Windows Server 2008 Active Directory 22

The Role of a Directory Service� A network directory service stores information about a

computer network and offers features for retrieving and managing that information

� Generally considered to be an administrative tool, but � Generally considered to be an administrative tool, but users make use of directory services to find resources

� Directory services provide a centralized management tool, but due to complexity, require careful planning prior to setup


Windows Active Directory� First used by Windows 2000 Server

� Offers the following features:

� Hierarchical organization

Centralized but distributed database� Centralized but distributed database

� Scalability

� Security

� Flexibility

� Policy-based administration


Overview of the Active Directory Structure

� Physical structure

� Consists of sites and servers configured as domain controllers

� Logical structure� Logical structure

� Makes it possible to pattern the directory service’s look and feel after the organization in which it runs


Active Directory’s Physical

Structure� An Active Directory site is simply a physical location in

which domain controllers communicate and replicate information regularly

� Each domain controller contains a full replica of the objects that make up the domain and is responsible for the that make up the domain and is responsible for the following functions:� Storing a copy of the domain data and replicating changes to

that data to all other domain controllers throughout the domain

� Providing data search and retrieval functions for users attempting to locate objects in the directory

� Providing authentication and authorization services for users who log on to the domain and attempt to access network resources


Active Directory’s Logical Structure� Organizational Units (OUs)

� Domains

� Trees

Forests� Forests


Active Directory’s Logical Structure (cont.)

� The organizational unit (OU) is an Active Directory container used to organize a network’s users and resources into logical administrative units

� An OU contains Active Directory objects, such as:� User accounts� User accounts� Groups� Computer accounts� Printers� Shared folders� Applications� Servers� Domain controllers



� Domain: The core structural unit of an Active Directory; contains OUs and represents administrative, security, and policy boundaries

� Small to medium companies usually have one domain; � Small to medium companies usually have one domain; larger companies may have several domains to separate geographical regions or administrative responsibilities



� A tree is a grouping of domains that share a common naming structure

� Can consist of a parent domain and possibly one or more child domainsmore child domains

� Child domains can also have child domains



� Forest: A collection of one or more Active Directory trees; a forest can consist of a single tree with a single domain, or it can contain several trees, each with a hierarchy of parent and child domainshierarchy of parent and child domains

� Main purpose is to provide a common Active Directory environment, in which all domains in all trees can communicate and share information, while simultaneously allowing independent operation and administration


Installing Active Directory� To install AD DS on a full Windows Server 2008

installation, use Server Manager

� If DNS is not already present on the network, you must install the DNS Server Roleinstall the DNS Server Role

� Once the Server Manager wizard for installing Active Directory finishes, you must run dcpromo.exe


Installing Active Directory (cont.)� Dcpromo.exe steps to install:

� Step 1: Existing domain or new domain

� Step 2: Fully qualified domain name (FQDN) for new forest root domain

� Step 3: Choose forest functional level

� The functional level is critical to the feature set available to � The functional level is critical to the feature set available to administrators after install, as well as the software requirements for any other DCs� If you want backwards compatibility with older domain controllers on the

network, choose Windows 2000 functional level

� If you choose Windows Server 2008 functional level, you can’t run Windows Server 2003 or Windows 2000 domain controllers (but they can run as member servers)


Installing Active Directory (cont.)� After step 3, you have three additional options for the

DC

� Install DNS Server

� Recommended for the first domain controller in a new � Recommended for the first domain controller in a new domain

� Global Catalog

� Selected by default (and cannot be disabled) if the server is to be the first DC in a forest

� Read-only Domain Controller (RODC)

� Not selected by default and disabled for the first DC in the domain


Installing Active Directory (cont.)� The sysvol folder is a shared folder that stores the

information from Active Directory that’s replicated to other domain controllers

� Directory Services Restore Mode is used to perform � Directory Services Restore Mode is used to perform restore operations on Active Directory if it becomes corrupted or parts of it are deleted accidentally


The Active Directory Schema� An object is a grouping of information that describes a

network resource

� The schema defines the type, organization, and structure of data stored in the AD databasestructure of data stored in the AD database

� Schema classes define the types of objects that can be stored in Active Directory

� Schema attributes define what type of information is stored in each object

� The information stored in each attribute is called the attribute value


The Active Directory Schema

(cont.)


Active Directory Container Objects� Organizational units

� Folder objects

� Domain objects


Organizational Units� Primary container object for organizing and managing

resources in a domain

� OUs can organize multiple objects into one administrative group that can be configured with administrative group that can be configured with specific policies relevant to that group

� Authority of an OU can be delegated

� Nesting OUs can build a hierarchical Active Directory structure that mimics the corporate structure for easier object management


Folder Objects � Four created by default:

� Builtin: Houses default groups created by Windows

� Computers: The default location for computer accounts created when a new computer or server becomes a domain membermember

� ForeignSecurityPrincipals: Initially empty but later contains user accounts from other domains added as members of the local domain’s groups

� Users: Stores two default users (Administrator and Guest) and several default groups

� New folder objects cannot be created

� Administrative control can be delegated (except on Builtinfolder)


Domain Objects� Core logical structure in AD; contains OU and folder

container objects, as well as leaf objects

� Larger companies may use multiple domains to separate administration, define security boundaries, separate administration, define security boundaries, and define policy boundaries

� Each domain object has a default GPO linked to it that can affect all objects in the domain


Active Directory Leaf Objects� User Accounts

� Three types: Local, domain, and built-in

� Groups� Consist of users with common permissionsConsist of users with common permissions

� Computer Accounts� Represent a computer that is a domain controller or domain

member

� Other Leaf Objects� Contact

� Printer

� Shared folder


Locating Active Directory Objects� Active Directory objects can be searched for using the

Find Users, Contacts, and Groups dialog box

� Can search a single domain or an entire directory (all domains)domains)

� Not all objects are available to all users


Chapter Summary� A directory service is a database that stores network

resource information and can be used to manage users, computers, and resources throughout the networknetwork

� Active Directory is a hierarchical, distributed database that’s scalable, secure, and flexible; Active Directory’s physical structure is composed of sites and domain controllers, and the logical structure is composed of organizational units, domains, trees, and forests


Chapter Summary (cont.)� Server manager installs the Active Directory Domain

Services role; once Server Manager is finished, dcpromo.exe is used to finish installation

� The data in Active Directory is organized as objects� The data in Active Directory is organized as objects

� Available objects and their structure are defined by the Active Directory schema, which is composed of schema classes and schema attributes

� The data in a schema attribute is called an attribute value


Chapter Summary (cont.)� Two types of objects in AD: Container objects and leaf

objects

� Leaf objects generally represent security accounts, � Leaf objects generally represent security accounts, network resources, and GPOs

� Active Directory objects can be located easily with search functions in Active Directory Users and Computers and Windows Explorer


Chapter Summary (cont.)� Policies defined in the Computer Configuration node

affect all computers in the Active Directory container to which the GPO is linked; policies defined in the User Configuration node affect all users in the Active User Configuration node affect all users in the Active Directory container to which the GPO is linked


chapter01 - active directory installation - cts1334

Documents