Professional Documents
Culture Documents
Directory Services
Used to define, manage, access, and secure network resources. Resources include: files, printers, groups, people, and applications.
Active Directory
Stored as NTDS.dit on a domain controller. Used by domain controllers to authenticate users. Domain controllers store, maintain, and replicate.
CENTRALIZED ADMINISTRATION
Hierarchical organization for ease of administration Common Microsoft Management Console (MMC) tool set
Active Directory Users And Computers (DSA.MSC) Active Directory Domains And Trusts (DOMAIN.MSC) Active Directory Sites And Services (DSSITE.MSC)
Server1
ou
tailspintoys.com
Server3
child west.contoso.com
child
Active Directory
east.contoso.com
Single sign-on
MULTI-MASTER REPLICATION
10
Object Attributes
Name Globally unique identifier (GUID) Location (for printer) E-mail address (for users)
11
12
SITES
Used to reflect the physical network structure Usually local area network (LAN) versus wide area network (WAN) Optimize replication Knowledge Consistency Checker (KCC) creates and maintains this structure
DOMAINS
Logical grouping of resources. Form security and replication boundaries.
Individual access control lists (ACLs) for each domain. Group Policies are typically assigned and inherited within a domain only, not from the forest. Domain replication is independent of global catalog and schema replication.
13
14
ORGANIZATIONAL UNITS
Container objects Look like a folder with a book icon in Active Directory Users And Computers Security is applied to OUs
Inherited by child OUs Used to control access to that OU or hide subordinate OUs Allows for the delegation of administrative rights
NAMING STANDARDS
Lightweight Directory Access Protocol (LDAP)
Standard naming structure and hierarchy Established by the Internet Engineering Task Force (IETF)
15
16
LDAP NAMES
cohowinery.com
DNS and Active Directory integration and naming Functional levels of domains and forests Trust relationships and models
Sales
Guy Gilbert
Cn=jsmith,ou=sales,dc=cohowinery,dc=com jsmith@cohowinery.com
17
18
ROLE OF DNS
Resolves friendly names to Internet Protocol (IP) addresses. Required by Active Directory. Domain members use service locator (SRV) records to find domain controllers. Dynamic DNS (DDNS) is supported and recommended.
Logical structure often reflects the business or administrative model. Sites are used to reflect the physical structure of the network.
19
20
FUNCTIONAL LEVELS
Designed to support downlevel compatibility Increasing functional level allows for use of new features Two types of functional level
Domain functional level Forest functional level
21
22
23
24
Child Domain A
Child Domain C
Child Domain B
Child Domain D
25
26
SHORTCUT TRUST
Domain A
Forest Root Domain
Domain B
Child Domain A Child Domain C
Domain C
Domain D
27
28
CROSS-FOREST TRUST
Tree/Root Trust Parent/Child Trust Forest Trust
SUMMARY
Active Directory is a database (NTDS.dit). DNS is required by Active Directory. Schema defines object types and attributes. Domain and forest functional levels provide a balance between backward compatibility and new functionality.
Active Directory allows for two-way transitive (Kerberos) trusts. Trusts allow domain hierarchies to be created. Cross-forest trusts are a new features.