module 1: introduction to active directory. overview introduction to active directory active...

39
Module 1: Module 1: Introduction Introduction to Active to Active Directory Directory

Upload: amice-sharp

Post on 23-Dec-2015

320 views

Category:

Documents


3 download

TRANSCRIPT

Page 1: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Module 1: Module 1: Introduction to Introduction to

Active DirectoryActive Directory

Page 2: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

OverviewOverview

Introduction to Active DirectoryIntroduction to Active DirectoryActive Directory Logical StructureActive Directory Logical StructureRole of DNS in Active DirectoryRole of DNS in Active DirectoryActive Directory Physical StructureActive Directory Physical StructureMethods for Administering a Windows Methods for Administering a Windows

2000 Network2000 Network

Page 3: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Introduction to Active DirectoryIntroduction to Active Directory

What Is Active Directory?What Is Active Directory?Active Directory ObjectsActive Directory ObjectsActive Directory SchemaActive Directory SchemaLightweight Directory Access Protocol Lightweight Directory Access Protocol

(LDAP)(LDAP)

Page 4: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

What Is Active Directory?What Is Active Directory?

Directory Service Directory Service FunctionalityFunctionality

Directory Service Directory Service FunctionalityFunctionality

Organize Manage Control

Organize Manage Control

ResourcesResources

Centralized ManagementCentralized ManagementCentralized ManagementCentralized Management

Single point of administration

Full user access to directory resources by a single logon

Single point of administration

Full user access to directory resources by a single logon

Page 5: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Active Directory ObjectsActive Directory Objects

Objects Represent Network Resources

Attributes Store Information About an Object

AttributesAttributes

First NameLast NameLogon Name

First NameLast NameLogon Name

AttributesAttributes

Printer NamePrinter LocationPrinter NamePrinter Location

Active DirectoryActive Directory

Printers

Printer1

Printer2

Suzan Fine

Users

Don Hall

AttributeValue

AttributeValue

ObjectsObjects

PrintersPrinters

UsersUsers

Printer3

Page 6: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Active Directory SchemaActive Directory Schema

ObjectsClass Examples

ObjectsClass Examples

PrintersPrinters

ComputersComputers

UsersUsers

Attributes of Users Might Contain:

Attributes of Users Might Contain:

accountExpiresdepartmentdistinguishedNamemiddleName

accountExpiresdepartmentdistinguishedNamemiddleName

List of AttributesList of Attributes

accountExpiresdepartmentdistinguishedNamedirectReportsdNSHostNameoperatingSystemrepsFromrepsTomiddleName…

accountExpiresdepartmentdistinguishedNamedirectReportsdNSHostNameoperatingSystemrepsFromrepsTomiddleName…

Attribute ExamplesAttribute Examples

Active Directory Schema Is: Dynamically Available Dynamically Updateable Protected by DACLs

Page 7: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

DNS and Active Directory DNS and Active Directory NamespacesNamespaces

microsoft.com

sales. microsoft.com

training. microsoft.com

training

microsoft

DNS Namespace

Active Directory Namespace

= DNS node (domain or computer) = Active Directory domain

sales

computer1

(DNS root domain)““.”.”““.”.”

com.com.com.com.

Internet

Page 8: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Lightweight Directory Access Lightweight Directory Access Protocol (LDAP)Protocol (LDAP)

LDAP Provides a Way to LDAP Provides a Way to Communicate with Active Directory Communicate with Active Directory by Specifying Unique Naming Paths by Specifying Unique Naming Paths for Each Object in the Directory for Each Object in the Directory

LDAP Naming Paths Include: LDAP Naming Paths Include: Distinguished namesDistinguished names

Relative distinguished namesRelative distinguished namesCN=Suzan Fine,OU=Sales,DC=contoso,DC=msft Suzan Fine

Page 9: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Active Directory Logical Active Directory Logical StructureStructure

DomainsDomainsOrganizational UnitsOrganizational UnitsTrees and ForestsTrees and ForestsGlobal CatalogGlobal Catalog

Page 10: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

DomainsDomainsA Domain Is a Security Boundary

A domain administrator can administer only within the domain, unless explicitly granted administration rights in other domains

A Domain Is a Unit of Replication Domain controllers in a domain

participate in replication and contain a complete copy of the directory information for their domain

Windows 2000Domain

Windows 2000Domain

User1

User2User1

User2ReplicationReplication

Page 11: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Organizational UnitsOrganizational Units

Organizational StructureOrganizational StructureOrganizational StructureOrganizational Structure

Sales

Vancouver

Repair

Users

Sales

Computers

Network Administrative ModelNetwork Administrative ModelNetwork Administrative ModelNetwork Administrative Model

Use OUs to Group Objects into a Logical Use OUs to Group Objects into a Logical Hierarchy That Best Suits the Needs of Hierarchy That Best Suits the Needs of Your OrganizationYour Organization

Delegate Administrative Control over the Delegate Administrative Control over the Objects Within an OUObjects Within an OU by Assigning by Assigning Specific Permissions to Users and GroupsSpecific Permissions to Users and Groups

Page 12: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Trees and ForestsTrees and Forests

contoso.msftcontoso.msft

(root)

au. contoso.msft

au. contoso.msft

asia. contoso.msft

asia. contoso.msft

Tree

Two-Way Transitive TrustsTwo-Way Transitive TrustsTwo-Way Transitive TrustsTwo-Way Transitive Trusts

au. nwtraders.msft

au. nwtraders.msft

asia. nwtraders.msft

asia. nwtraders.msft

nwtraders.msftnwtraders.msft

Forest

Tree

Two-Way Transitive TrustTwo-Way Transitive TrustTwo-Way Transitive TrustTwo-Way Transitive Trust

Page 13: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Global CatalogGlobal Catalog

Global Catalog Server

Global CatalogGlobal CatalogGlobal CatalogGlobal Catalog

Subset of the Subset of the Attributes of All Attributes of All

ObjectsObjects

Subset of the Subset of the Attributes of All Attributes of All

ObjectsObjects

DomainDomain

Domain

DomainDomain

Domain

QueriesQueriesQueriesQueries

Group membershipGroup membershipwhen user logs onwhen user logs on

Group membershipGroup membershipwhen user logs onwhen user logs on

Page 14: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Introduction to the Role of DNS Introduction to the Role of DNS in Active Directoryin Active Directory Name ResolutionName Resolution

DNS translates computer names to IP addressesDNS translates computer names to IP addresses Computers use DNS to locate each other on the Computers use DNS to locate each other on the

networknetwork Naming Convention for Windows 2000 DomainsNaming Convention for Windows 2000 Domains

Windows 2000 uses DNS naming standards for Windows 2000 uses DNS naming standards for domain namesdomain names

DNS domains and Active Directory domains share a DNS domains and Active Directory domains share a common hierarchical naming structurecommon hierarchical naming structure

Locating the Physical Components of Active Locating the Physical Components of Active DirectoryDirectory DNS identifies domain controllers by the services DNS identifies domain controllers by the services

they providethey provide Computers use DNS to locate domain controllers and Computers use DNS to locate domain controllers and

global catalog serversglobal catalog servers

Page 15: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

DNS Host Names and Windows DNS Host Names and Windows 2000 Computer Names2000 Computer Names

DNS host record and Active Directory object represent the same physical computer

DNS allows computers to locate domain controllers within Active Directory

Active DirectoryActive Directory

training.microsoft.com

Builtin

Computers

Computer1

Computer2

““.”.”““.”.”

com.com.com.com.

salessales trainingtrainingtrainingtraining

computer1computer1computer1computer1

microsoftmicrosoftmicrosoftmicrosoft

FQDN = computer1.training.microsoft.comWindows 2000 Computer Name = Computer1

FQDN = computer1.training.microsoft.comWindows 2000 Computer Name = Computer1

Page 16: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

DNS Requirements for Active DNS Requirements for Active DirectoryDirectory

DNS Requirements to Support Active DirectoryDNS Requirements to Support Active DirectoryDNS Requirements to Support Active DirectoryDNS Requirements to Support Active Directory

Support for SRV records (mandatory)

Support for the dynamic update protocol (recommended)

Support for incremental zone transfers (recommended)

Page 17: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

What Is a Tree?What Is a Tree?

Parent Domain

Child Domain

Contiguous Namespace sales.contoso.msft

ParentParent

ChildChild

New Domain

Tree Root Domain

contoso.msft

sales.contoso.msft

Page 18: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

What Is a Forest?What Is a Forest?

nwtraders.msftnwtraders.msft

marketing. nwtraders.msft

marketing. nwtraders.msft

sales. nwtraders.msft

sales. nwtraders.msft

contoso.msftcontoso.msft

sales. contoso.msft

sales. contoso.msft

All of The Domains in a Forest Share a Common Configuration, Schema, and Global Catalog

A Forest is One or More TreesTrees in a Forest Do Not Share a

Contiguous Namespace

Forest

Tree

Tree

Page 19: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

What Is the Forest Root What Is the Forest Root Domain?Domain?

The Forest Root Domain Is the First Domain Created in a Forest

contoso.msftcontoso.msft

Forest

Forest Root Domain

nwtraders.msftnwtraders.msft

Tree

Tree Root Domain

Global Catalog

Configuration and Schema

Enterprise Admins

Schema Adminsmarketing.nwtraders.msft sales.contoso.msft

Tree

Page 20: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Characteristics of Multiple Characteristics of Multiple DomainsDomains

Reduce Replication Traffic

Maintain Separate and Distinct Security Policies Between Domains

Preserve the Domain Structure of Earlier Versions of Windows NT

Separate Administrative Control

Page 21: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Active Directory Physical Active Directory Physical StructureStructure

Domain ControllersDomain ControllersSitesSites

Page 22: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Domain ControllersDomain Controllers

Domain Controller

Domain Controller

DomainDomain

ReplicationReplicationReplicationReplicationUser1

User2User1

User2

= A Writeable Copy of the Active Directory Database= A Writeable Copy of the Active Directory Database= A Writeable Copy of the Active Directory Database= A Writeable Copy of the Active Directory Database

Domain Controllers:

Participate in Active Directory replication

Perform single master operations roles in a domain

Page 23: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

SitesSites

Sites:

Optimize replication traffic

Enable users to log on to a domain controller by using a reliable, high-speed connection

SiteIP subnetIP subnetIP subnetIP subnet

IP subnetIP subnetIP subnetIP subnet

Los Angeles

Seattle

ChicagoNew York

Page 24: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Introduction to Active Directory Introduction to Active Directory ReplicationReplication

Replication

DomainController B

DomainController C

Domain Controller A

Multimaster Replication with a Loose Convergence

Page 25: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Replication Components and Replication Components and ProcessesProcesses

How Replication WorksHow Replication WorksReplication LatencyReplication LatencyResolving Replication ConflictsResolving Replication ConflictsOptimizing ReplicationOptimizing Replication

Page 26: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

How Replication WorksHow Replication Works

ReplicationOriginating UpdateOriginating Update

Domain Controller A

DomainController B

DomainController C

Replicated UpdateReplicated Update

Replicated UpdateReplicated Update

Active Directory UpdateActive Directory Update

Move Delete

Add Modify

Page 27: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Replication LatencyReplication Latency

ReplicationOriginating UpdateOriginating Update

Domain Controller A

Change Notification

Change Notification

Domain Controller C

DomainController B

Replicated UpdateReplicated Update

Replicated UpdateReplicated Update

Default Replication Latency (Change Notification) = 5 minutes

When No Changes, Scheduled Replication = One Hour

Urgent Replication = Immediate Change Notification

Page 28: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Resolving Replication ConflictsResolving Replication Conflicts

Domain Controller A

Originating UpdateOriginating Update

Domain Controller B

ConflictConflict

Originating UpdateOriginating UpdateStampStamp StampStamp

ConflictConflict

Version Number TimestampTimestamp Server GUID

StampStamp

Conflicts Can Be Due to: Attribute Value Adding/Moving Under a Deleted Container Object

or the Deletion of a Container Object Sibling Name

Page 29: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Replication TopologyReplication Topology

Directory PartitionsDirectory Partitions What Is Replication Topology?What Is Replication Topology? Global Catalog and Replication of Global Catalog and Replication of

PartitionsPartitions

Page 30: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Directory PartitionsDirectory Partitions

Domain

Forest

Directory Partitions

Active Directory Database

contoso.msftcontoso.msft

ConfigurationConfiguration

SchemaSchema

Holds information about all domain-specific objects created in Active Directory

Holds information about all domain-specific objects created in Active Directory

Contains information about Active Directory structureContains information about Active Directory structure

Contains definitions and rules for creating and manipulating all objects and attributes

Contains definitions and rules for creating and manipulating all objects and attributes

Page 31: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

B2A2A1

B1

B3A4A3

Domain Controllers from Different Domains Domain A Topology

Domain B TopologySchema/Configuration Topology

Domain A TopologyDomain B TopologySchema/Configuration Topology

A2A1

A4A3

Domain Controllers from the Same Domains

Domain A TopologySchema/Configuration Topology

Domain A TopologySchema/Configuration Topology

What Is Replication Topology?What Is Replication Topology?

Page 32: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

A2A1

A4A3

Domain Controllers from the Same Domains

Domain A TopologySchema/Configuration Topology

Domain A TopologySchema/Configuration Topology

B2A2A1

B1

B3A4A3

Domain Controllers from Different Domains Domain A Topology

Domain B TopologySchema/Configuration Topology

Domain A TopologyDomain B TopologySchema/Configuration Topology

What Is Replication Topology?What Is Replication Topology?

Page 33: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Partial Directory Partition Replica

Global Catalog Server

contoso.msftcontoso.msft

ConfigurationConfiguration

SchemaSchema

Holds read only copy of all domain directory partitionsHolds read only copy of all domain directory partitions

namerica.contoso.msft

Global Catalog and Replication Global Catalog and Replication of Partitionsof Partitions

Page 34: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

B2A2A1

B1

B3A4A3

Domain A TopologyDomain B TopologySchema/Configuration Topology

Domain A TopologyDomain B TopologySchema/Configuration Topology

Global Catalog and Replication Global Catalog and Replication of Partitionsof Partitions

Page 35: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Methods for Administering a Methods for Administering a Windows 2000 NetworkWindows 2000 Network

Using Active Directory for Centralized Using Active Directory for Centralized ManagementManagement

Managing the User EnvironmentManaging the User EnvironmentDelegating Administrative ControlDelegating Administrative Control

Page 36: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Using Active Directory for Using Active Directory for Centralized ManagementCentralized Management

OU1

Domain

Computers

Users

OU2

Users

Printers

Computer1

User1

Printer1

User2

DomainDomainOU2OU2OU1OU1

User1User1 Computer1Computer1 Printer1Printer1User2User2

SearchSearchSearchSearch

Active Directory:Active Directory: Enables a single administrator to centrally manage resourcesEnables a single administrator to centrally manage resources Allows administrators to easily locate information Allows administrators to easily locate information Allows administrators to group objects into OUsAllows administrators to group objects into OUs Uses Group Policy to specify policy-based settingsUses Group Policy to specify policy-based settings

Page 37: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Managing the User Managing the User EnvironmentEnvironment

Use Group Policy to:Use Group Policy to: Control and lock down what users can doControl and lock down what users can do

Centrally manage software installation, repairs, updates, Centrally manage software installation, repairs, updates,

and removaland removal

Configure user data to follow users whether they are Configure user data to follow users whether they are online or offlineonline or offline

Windows 2000 Enforces Continually

Windows 2000 Enforces Continually

Apply Group Policy Once

Apply Group Policy Once

11 22 33DomainDomain

OU1OU1 OU2OU2 OU3OU3

11 22 3 3

Page 38: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

Delegating Administrative Delegating Administrative ControlControl

Assign Permissions:For specific OUs to other

administratorsTo modify specific attributes of

an object in a single OUTo perform the same task in all OUs

Customize Administrative Tools to:

Map to delegated administrative tasks

Simplify interface design

Domain

Admin1

Admin2

Admin3

OU2

OU3

OU1

Page 39: Module 1: Introduction to Active Directory. Overview  Introduction to Active Directory  Active Directory Logical Structure  Role of DNS in Active Directory

ReviewReview

Introduction to Active DirectoryIntroduction to Active DirectoryActive Directory Logical StructureActive Directory Logical StructureRole of DNS in Active DirectoryRole of DNS in Active DirectoryActive Directory Physical StructureActive Directory Physical StructureMethods for Administering a Windows Methods for Administering a Windows

2000 Network2000 Network