edn122_01 active directory windows

7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS

1/41

EDN 122

SCHOOL OF INFORMATION TECHNOLOGYFACULTY OF ENGINEERING AND INFORMATION

TECHNOLOGY

PREPARED BY:

RANJINI SHANMUGAM

CHAPTER1

ACTIVE DIRECTORY WINDOWS

INTRODUCTION TO ACTIVEDIRECTORY


2/41

Slide 2 of 41

TOPIC

CHAPTER 1: Introduction to Active Directory

LEARNING OUTCOMES

At the end of this chapter, students will be able to:

Understand Active Directory Objects and Components

Understand Logical and Physical Structure


3/41

Slide 3 of 41

TOPIC


TOPIC OUTLINES

1.1Active Directory Overview

1.1.1AD Objects and Attributes

1.1.2AD Definitions1.1.3Attributes

1.1.4Classes

1.2Active Directory Components

1.2.1Logical Hierarchical Structure

1.2.2Logical Structure1.2.3Use OUs to Handle Administrative Tasks

1.3Domain Tree

1.3.1Forest of Trees

1.3.2Sites

1.4Understanding Active Directory Concepts

1.4.1Global Catalog is Central Repository

1.4.2Key Directory Roles

1.4.3Universal Group Membership

1.4.4Global Catalog Servers

1.4.5Directory Partitions


4/41

Slide 4 of 41

TOPIC


1.5A Domain Controller Stores and Replicates

1.5.1A Global Catalog Stores and Replicates

1.5.2Replication Topology

1.5.3Replication Within a Site

1.5.4Replication Between Sites

1.6Two Types of Trust Relationship

1.6.1Implicit Two Way Transitive Trust

1.6.2Explicit One Way Non Transitive Trust

1.7DNS Namespace

1.7.1Dynamic DNS

1.8Domain Namespace

1.8.1Types of Namespaces1.8.2 Domain Namespaces Divided into Zones

1.8.3 Name Servers

1.9Distinguished Names and Relative Distinguished Names

1.9.1 Distinguished Name(DN)

1.9.2 Relative Distinguished Name(RDN)1.9.3 Globally Unique Identifier(GUID)

TOPIC OUTLINES


5/41

Slide 5 of 41

TOPIC


1.1 Active Directory Overview

Active Directory Objects

Active Directory Components

Logical Structures

Physical Structure


6/41

Slide 6 of 41

TOPIC


1.1.1 Active Directory Objects and Attributes


7/41Slide 7 of 41

TOPIC


1.1.2 Active Directory Definitions

1. Resources stored in the directory, such as user data, printers,servers, databases, groups, computers, and security policies, are

known as objects.

2. An object is a distinct named set of attributes that represents a

network resource.

3. Attributes are characteristics of objects in the directory.

4. Objects are organized in classes, which are logical groupings ofobjects.

5. Objects known as containers can contain other objects.


8/41Slide 8 of 41

TOPIC


1.1.3 Attributes

Definedseparatelyfrom classes

Defined onlyonce and can

be used inmultipleclasses

Store theinformation

that describesthe object


9/41Slide 9 of 41

TOPIC


1.1.4 Classes

Are collections of attributes.

Describe the possible objects that can be created.

Are also referred to as object classes.

Every object is an instance of an object class.

d


10/41Slide 10 of 41

TOPIC


1.2 Active Directory Components

Logical Structure

Domains

Organizationalunits

Trees

Forests

PhysicalStructure

Sites

Domaincontrollers

CHAPTER 1 I d i A i Di


11/41Slide 11 of 41

TOPIC


1.2.1 Logical Hierarchical Structure

CHAPTER 1 I t d ti t A ti Di t


12/41Slide 12 of 41

TOPIC


1.2.2 Logical Structure

Resources should be organized in a logical structure thatmirrors the logical structure of the organization.

Grouping resources logically enables users and administratorsto find resources by name rather than by physical location.

The networks physical structure is transparent to users.



13/41Slide 13 of 41

TOPIC


1.2.3 Use OUs to Handle Administrative Tasks



14/41Slide 14 of 41

TOPIC


1.3 Domain Tree

Membersshare thesame rootdomainname

CHAPTER 1: Introd ction to Acti e Director


15/41

Slide 15 of 41

TOPIC


1.3.1 Forest of Trees

More than one tree

linked up together is

called forest



16/41

Slide 16 of 41

TOPIC


1.3.2 Sites

1. Combination of one or more IP subnets

connected by a highly reliable and fast link to

localize as much network traffic as possible.

2. Typically, has the same boundaries as a LAN.

3. When grouping subnets on the network,

combine only those subnets that have fast,inexpensive, and reliable network connections

with one another.

4. Available bandwidth of 128 Kbps or greater is

sufficient.

5. Not a part of the namespace.

6. Contain only computer objects and connection

objects used to configure replication between

sites.

Hub Site

Branch Office



17/41

Slide 17 of 41

TOPIC


1.4 Understanding Active Directory Concepts

Global Catalog

Replication

Trust Relationships

DNS Namespace

Name Servers

Naming Conventions



18/41

Slide 18 of 41

TOPIC


1.4.1 Global Catalog is Central Repository

1

2

3



19/41

Slide 19 of 41

TOPIC


1.4.2 Key Directory Roles

Enables network logon byproviding universal group

membership information to adomain controller when a logon

process is initiated.

Enables finding directory

information regardless of whichdomain in the forest actually

contains the data.



20/41

Slide 20 of 41

TOPIC


1.4.3 Universal Group Membership

If only one domain controllerexists in the domain, the domain

controller and the global catalog are the same server.

Ifmultiple domain controllers exist on the network, the global

catalog is the domain controller configured as such.

If a global catalog is not available when a user initiates a network

logon process, the user is able to log on to the local computer only.



21/41

Slide 21 of 41

TOPIC


1.4.4 Global Catalog Servers

1. The administrator can optionally configure any domain controller or

designate additional domain controllers as global catalog servers.

2. When considering which domain controllers to designate as global

catalog servers, base the decision on the ability of the networkstructure to handle replication and query traffic.

3. Additional servers can provide quicker responses to user inquiries,

as well as redundancy.

4. Every major site in the enterprise should have at least one global

catalog server.



22/41

Slide 22 of 41

TOPIC


1.4.5 Directory Partitions

Schema Information

Defines the objects

that can be createdin the directory andthe attributesassociated withthose objects.

ConfigurationInformation

Describes the logical

structure of thedeployment,containinginformation such asdomain structure orreplication topology.

Common to all

domains in thedomain tree orforest.

Domain Data

Describes all of the

objects in a domain. Domain-specific andnot distributed to anyother domains.

A subset of theproperties for allobjects in all

domains is stored inthe global catalog.



23/41

Slide 23 of 41

TOPIC


1.5 A Domain Controller Stores and Replicates

1. Schema information for the domain tree or forest.

2. Configuration information for all domains in the domain tree or

forest.

3. All directory objects and properties for its domain.

4. A subset of the properties of all objects in the domain (replicated tothe global catalog).



24/41

Slide 24 of 41

TOPIC


1.5.1 A Global Catalog Stores and Replicates

1. Schema information for a forest.

2. Configuration information for all domains in a forest.

3. A subset of the properties for all directory objects in the forest

(replicated between global catalog servers only).

4. All directory objects and all their properties for the domain in whichthe global catalog is located.



25/41

Slide 25 of 41

TOPIC


1.5.2 Replication Topology



26/41

Slide 26 of 41

TOPIC


1.5.3 Replication Within A Site

1. Active Directory automatically generates a topology for

replication among domain controllers in the same domain

using a ring structure.

2. Topology defines the path for directory updates to flow

from one domain controller to another until all domain

controllers receive the directory updates.

3. Ring structure ensures that at least two replication paths

exist from one domain controller to another.

4. Active Directory periodically analyzes the replicationtopology within a site to ensure that it is still efficient.

5. If a domain controller is added or removed from the

network or a site, Active Directory reconfigures the

topology to reflect the change.



27/41

Slide 27 of 41

TOPIC


1.5.4 Replication Between Sites

1. To ensure replication between sites, Active Directory must becustomized to replicate information using site links to represent

network connections.

2. Active Directory uses the network connection information to

generate connection objects that provide efficient replication andfault tolerance.

3. Information is provided about the replication protocol used, cost of

a site link, times when the link is available for use, and how often

the link should be used.

4. Active Directory uses this information to determine which site link

will be used to replicate information.



28/41

Slide 28 of 41

TOPIC

: y

1.6 Two Types of Trust Relationships



29/41

Slide 29 of 41

TOPIC

y

1.6.1 Implicit Two-Way Transitive Trust

Trust relationship between parent and child domains within a tree

and between the top-level domains in a forest.

Established and maintained automatically.

Feature of the Kerberos authentication protocol.

If Domain A trusts Domain B, and Domain B trusts Domain C, thenDomain A trusts Domain C.



30/41

Slide 30 of 41

TOPIC

y

1.6.2 Explicit One-Way Non Transitive Trust

1. Trust relationship between domains that are not part of the same

tree.

2. Bounded by the two domains in the trust relationship and does not

flow to any other domains in the forest.

3. This is the only form of trust possible with;

I. A Microsoft Windows 2003 domain and a Windows NT

domain.

II. A Windows 2003 domain in one forest and a Windows 2003

domain in another forest.

III. A Windows 2003 domain and an MIT Kerberos V5 realm.



31/41

Slide 31 of 41

TOPIC

y

1.7 DNS Namespace

Active Directory is primarily a namespace, a bounded area in whicha name can be resolved.

Name resolution is the process of translating a name into someobject or information that the name represents.

The Active Directory namespace is based on the DNS namingscheme.

Private networks use DNS extensively to resolve computer namesand to locate computers within their local networks and the Internet.



32/41

Slide 32 of 41

TOPIC

y

1.7.1 Dynamic DNS (DDNS)

Windows 2003 domain names are also DNS names.

Enables clients with dynamically assigned addressesto register directly with a server running the DNSservice and update the DNS table dynamically.

Eliminates the need for other Internet namingservices, such as WINS.



33/41

Slide 33 of 41

TOPIC

1.8 Domain Namespace



34/41

Slide 34 of 41

TOPIC

1.8.1 Types of Namespaces

Contiguous namespace

The name of the childobject in an objecthierarchy alwayscontains the name ofthe parent domain.

A tree is a contiguousnamespace.

Disjointed namespace

Names of a parentobject and a child of thesame parent object arenot directly related toone another.

A forest is a disjointednamespace.



35/41

Slide 35 of 41

TOPIC

1.8.2 Domain Namespace Divided into Zones



36/41

Slide 36 of 41

TOPIC

1.8.3 Name Servers

1. A DNS name server stores the zone database file.

2. Store data for one zone or multiple zones.

3. Have authority for the domain namespace that the zone

encompasses.

4. At least one name server must exist for a zone.

5. Changes to a zone, such as adding domains or hosts, are performed

on the server that contains the primary zone database file.



37/41

Slide 37 of 41

TOPIC

1.9 Distinguished Names and Relative Distinguished Names



38/41

Slide 38 of 41

TOPIC

1.9.1 Distinguished Name (DN)

Uniquely identifies an object and contains sufficient information for aclient to retrieve the object from the directory.

Includes the name of the domain that holds the object, as well as thecomplete path through the container hierarchy to the object.

Must be unique.



39/41

Slide 39 of 41

TOPIC

1.9.2 Relative Distinguished Name (RDN)

The part of the name that is an attribute of the object itself.

Duplicate RDNs are allowed for Active Directory objects, but two

objects with the same RDN cannot exist in the same OU.

Objects with duplicate RDNs can exist in separate OUs because they

have different DNs.



40/41

Slide 40 of 41

TOPIC

1.9.3 Globally Unique Identifier (GUID)

A 128-bit number that is guaranteed to be unique across all domains.

Assigned to an object when the object is created.

Never changes, even if the object is moved or renamed.

Applications can store the GUID of an object and use the GUID to

retrieve that object regardless of its current DN.

Objects can be moved from domain to domain, and they will still

have a unique identifier.



41/41

TOPIC

Class Activity-Explain the Terms Below

Trust Relationship

Global Catalog

Domain

Objects

DirectoryPartitions

edn122_01 active directory windows

Documents