Domain and Active Directory

Published on June 2016 | Categories: Documents | Downloads: 57 | Comments: 0 | Views: 499
of 14
Download PDF   Embed   Report

Domain and Active Directory



Active Directory in
Windows Server 2003
Active Directory
Directory Services Overview
Active Directory Logical Components
Functional Levels
Active Directory Physical Components
Active Directory Partitions
Active Directory Objects
Administering a Microsoft
Server 2003
Network Using Active Directory
Lesson: Active Directory Directory Services Overview
What Is Active Directory?
Benefits of Active Directory
DNS Integration
Active Directory Naming Conventions

What Is Active Directory?
Directory service functionality
Centralized management
Single point of administration
Active Directory
Benefits of Active Directory
Windows Server 2003 without Active Directory provides significant
 Scalable and reliable application server
 Internet Information Server 6.0
 Remote access and VPN server
 Network Services (DNS and DHCP, for example)
Windows Server 2003 with Active Directory provides additional
 Authentication and authorization service
 Single sign-on across multiple servers and services
 Centralized management of servers and client computers
 Centralized administration of users and computers
 Centralized management of network resources

DNS Integration
Name resolution
Resolve names of servers and clients to IP addresses
and vice versa (possibly)
Namespace definition
An Active Directory domain’s name must be represented
in DNS
• Active Directory requires DNS
• DNS does not require Active Directory
Locating the physical components of Active Directory
Client computers query DNS to locate domain controllers
running specific services, such as global catalog (GC),
Kerberos protocol, LDAP, and so on
Active Directory Naming Conventions
LDAP Distinguished name

LDAP Relative distinguished name
User principal name (Kerberos)

Service principal name
Globally unique identifier (GUID)
Uniqueness of names
[email protected]
CN=Jeff Smith, CN=Users, DC=contoso, DC=msft
Lesson: Active Directory Logical Components
What Are Domains?
What Are Trees?
What Are Forests?
What Are Organizational Units?
What Are Trust Relationships?
Types of Trusts in Windows Server 2003
What Are Domains?
Logical partition in Active Directory database
Collections of users, computers, groups, and so on
Units of replication
Domain controllers in a domain replicate with each other
and contain a full copy of the domain partition for their
Domain controllers do not
replicate domain partition
information for
other domains
Windows 2000 or
Windows Server 2003 Domain
What Are Trees?
One or more domains that share a contiguous DNS
namespace, for example:
Child domains derive their namespace from parent
Group policy, administration, and such do not flow
across domain boundaries by default
What Are Forests?
One or more domains that share:
Common schema
Common configuration
Automatic transitive trust relationships
Common global catalog
Forests can contain from as few as one domain to many
domains and/or many trees
Domains are not required to be in a single tree or share a
First domain created is the forest root, which cannot be
changed without rebuilding the entire forest, although the
forest root domain name can be changed in
Windows Server 2003
What Are Organizational Units?
Container objects within a domain

Used to organize resources to reflect administrative
divisions; may not map to organizational structure
Used to delegate administrative authority
Used to apply Group Policy

Organizational structure Network administrative model
What Are Trust Relationships?
Secure communication paths that allow security
principals in one domain to be authenticated and
accepted in other domains
Some trusts are automatically created
Parent-child domains trust each other
Tree root domains trust forest root domain
Other trusts are manually created
Forest-to-forest transitive trusts can be created between
Windows Server 2003 forests only (ie not between
Windows 2000 forests).
Types of Trusts in Windows Server 2003
Default: two-way, transitive Kerberos trusts (intraforest)
Shortcut: one- or two-way, transitive Kerberos trusts (intraforest)
 Reduce authentication requests
Forest: one- or two-way, transitive Kerberos trusts
 Windows Server 2003 forests; Windows 2000 does not support forest
 Only between forest roots
 Creates transitive domain trust relationships
External: one-way, non-transitive NTLM trusts
 Used to connect to/from Microsoft Windows NT® or external
Windows 2000 domains
 Manually created
Realm: one- or two-way, non-transitive Kerberos trusts
 Connect to/from UNIX MIT Kerberos realms

Sponsor Documents

Or use your account on


Forgot your password?

Or register your new account on


Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in