Domain and Active Directory

Published on June 2016 | Categories: Documents | Downloads: 57 | Comments: 0 | Views: 510
of 14
Download PDF   Embed   Report

Domain and Active Directory

Comments

Content


Understanding
Active Directory in
Windows Server 2003
Overview
Active Directory
®
Directory Services Overview
Active Directory Logical Components
Functional Levels
Active Directory Physical Components
Active Directory Partitions
Active Directory Objects
Administering a Microsoft
®
Windows
®
Server 2003
Network Using Active Directory
Tools
Lesson: Active Directory Directory Services Overview
What Is Active Directory?
Benefits of Active Directory
DNS Integration
Active Directory Naming Conventions


What Is Active Directory?
Directory service functionality
Organize
Manage
Control
Centralized management
Single point of administration
Active Directory
Resources
Benefits of Active Directory
Windows Server 2003 without Active Directory provides significant
benefits
 Scalable and reliable application server
 Internet Information Server 6.0
 Remote access and VPN server
 Network Services (DNS and DHCP, for example)
Windows Server 2003 with Active Directory provides additional
benefits
 Authentication and authorization service
 Single sign-on across multiple servers and services
 Centralized management of servers and client computers
 Centralized administration of users and computers
 Centralized management of network resources

DNS Integration
Name resolution
Resolve names of servers and clients to IP addresses
and vice versa (possibly)
Namespace definition
An Active Directory domain’s name must be represented
in DNS
• Active Directory requires DNS
• DNS does not require Active Directory
Locating the physical components of Active Directory
Client computers query DNS to locate domain controllers
running specific services, such as global catalog (GC),
Kerberos protocol, LDAP, and so on
Active Directory Naming Conventions
LDAP Distinguished name


LDAP Relative distinguished name
User principal name (Kerberos)

Service principal name
Globally unique identifier (GUID)
Uniqueness of names
[email protected]
CN=Jeff Smith, CN=Users, DC=contoso, DC=msft
Lesson: Active Directory Logical Components
What Are Domains?
What Are Trees?
What Are Forests?
What Are Organizational Units?
What Are Trust Relationships?
Types of Trusts in Windows Server 2003
What Are Domains?
Logical partition in Active Directory database
Collections of users, computers, groups, and so on
Units of replication
Domain controllers in a domain replicate with each other
and contain a full copy of the domain partition for their
domain
Domain controllers do not
replicate domain partition
information for
other domains
Windows 2000 or
Windows Server 2003 Domain
Replication
What Are Trees?
One or more domains that share a contiguous DNS
namespace, for example:
nwtraders.msft
childdomain.nwtraders.msft
otherdomain.nwtraders.msft
Child domains derive their namespace from parent
Group policy, administration, and such do not flow
across domain boundaries by default
What Are Forests?
One or more domains that share:
Common schema
Common configuration
Automatic transitive trust relationships
Common global catalog
Forests can contain from as few as one domain to many
domains and/or many trees
Domains are not required to be in a single tree or share a
namespace
First domain created is the forest root, which cannot be
changed without rebuilding the entire forest, although the
forest root domain name can be changed in
Windows Server 2003
What Are Organizational Units?
Container objects within a domain





Used to organize resources to reflect administrative
divisions; may not map to organizational structure
Used to delegate administrative authority
Used to apply Group Policy

Organizational structure Network administrative model
Sales
Paris
Repair
Users
Sales
Computers
What Are Trust Relationships?
Secure communication paths that allow security
principals in one domain to be authenticated and
accepted in other domains
Some trusts are automatically created
Parent-child domains trust each other
Tree root domains trust forest root domain
Other trusts are manually created
Forest-to-forest transitive trusts can be created between
Windows Server 2003 forests only (ie not between
Windows 2000 forests).
Types of Trusts in Windows Server 2003
Default: two-way, transitive Kerberos trusts (intraforest)
Shortcut: one- or two-way, transitive Kerberos trusts (intraforest)
 Reduce authentication requests
Forest: one- or two-way, transitive Kerberos trusts
 Windows Server 2003 forests; Windows 2000 does not support forest
trusts
 Only between forest roots
 Creates transitive domain trust relationships
External: one-way, non-transitive NTLM trusts
 Used to connect to/from Microsoft Windows NT® or external
Windows 2000 domains
 Manually created
Realm: one- or two-way, non-transitive Kerberos trusts
 Connect to/from UNIX MIT Kerberos realms

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close