edn122_01 active directory windows
TRANSCRIPT
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
1/41
EDN 122
SCHOOL OF INFORMATION TECHNOLOGYFACULTY OF ENGINEERING AND INFORMATION
TECHNOLOGY
PREPARED BY:
RANJINI SHANMUGAM
CHAPTER1
ACTIVE DIRECTORY WINDOWS
INTRODUCTION TO ACTIVEDIRECTORY
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
2/41
Slide 2 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
LEARNING OUTCOMES
At the end of this chapter, students will be able to:
Understand Active Directory Objects and Components
Understand Logical and Physical Structure
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
3/41
Slide 3 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
TOPIC OUTLINES
1.1Active Directory Overview
1.1.1AD Objects and Attributes
1.1.2AD Definitions1.1.3Attributes
1.1.4Classes
1.2Active Directory Components
1.2.1Logical Hierarchical Structure
1.2.2Logical Structure1.2.3Use OUs to Handle Administrative Tasks
1.3Domain Tree
1.3.1Forest of Trees
1.3.2Sites
1.4Understanding Active Directory Concepts
1.4.1Global Catalog is Central Repository
1.4.2Key Directory Roles
1.4.3Universal Group Membership
1.4.4Global Catalog Servers
1.4.5Directory Partitions
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
4/41
Slide 4 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.5A Domain Controller Stores and Replicates
1.5.1A Global Catalog Stores and Replicates
1.5.2Replication Topology
1.5.3Replication Within a Site
1.5.4Replication Between Sites
1.6Two Types of Trust Relationship
1.6.1Implicit Two Way Transitive Trust
1.6.2Explicit One Way Non Transitive Trust
1.7DNS Namespace
1.7.1Dynamic DNS
1.8Domain Namespace
1.8.1Types of Namespaces1.8.2 Domain Namespaces Divided into Zones
1.8.3 Name Servers
1.9Distinguished Names and Relative Distinguished Names
1.9.1 Distinguished Name(DN)
1.9.2 Relative Distinguished Name(RDN)1.9.3 Globally Unique Identifier(GUID)
TOPIC OUTLINES
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
5/41
Slide 5 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.1 Active Directory Overview
Active Directory Objects
Active Directory Components
Logical Structures
Physical Structure
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
6/41
Slide 6 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.1.1 Active Directory Objects and Attributes
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
7/41Slide 7 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.1.2 Active Directory Definitions
1. Resources stored in the directory, such as user data, printers,servers, databases, groups, computers, and security policies, are
known as objects.
2. An object is a distinct named set of attributes that represents a
network resource.
3. Attributes are characteristics of objects in the directory.
4. Objects are organized in classes, which are logical groupings ofobjects.
5. Objects known as containers can contain other objects.
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
8/41Slide 8 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.1.3 Attributes
Definedseparatelyfrom classes
Defined onlyonce and can
be used inmultipleclasses
Store theinformation
that describesthe object
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
9/41Slide 9 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.1.4 Classes
Are collections of attributes.
Describe the possible objects that can be created.
Are also referred to as object classes.
Every object is an instance of an object class.
d
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
10/41Slide 10 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.2 Active Directory Components
Logical Structure
Domains
Organizationalunits
Trees
Forests
PhysicalStructure
Sites
Domaincontrollers
CHAPTER 1 I d i A i Di
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
11/41Slide 11 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.2.1 Logical Hierarchical Structure
CHAPTER 1 I t d ti t A ti Di t
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
12/41Slide 12 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.2.2 Logical Structure
Resources should be organized in a logical structure thatmirrors the logical structure of the organization.
Grouping resources logically enables users and administratorsto find resources by name rather than by physical location.
The networks physical structure is transparent to users.
CHAPTER 1 I t d ti t A ti Di t
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
13/41Slide 13 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.2.3 Use OUs to Handle Administrative Tasks
CHAPTER 1 I t d ti t A ti Di t
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
14/41Slide 14 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.3 Domain Tree
Membersshare thesame rootdomainname
CHAPTER 1: Introd ction to Acti e Director
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
15/41
Slide 15 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.3.1 Forest of Trees
More than one tree
linked up together is
called forest
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
16/41
Slide 16 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.3.2 Sites
1. Combination of one or more IP subnets
connected by a highly reliable and fast link to
localize as much network traffic as possible.
2. Typically, has the same boundaries as a LAN.
3. When grouping subnets on the network,
combine only those subnets that have fast,inexpensive, and reliable network connections
with one another.
4. Available bandwidth of 128 Kbps or greater is
sufficient.
5. Not a part of the namespace.
6. Contain only computer objects and connection
objects used to configure replication between
sites.
Hub Site
Branch Office
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
17/41
Slide 17 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.4 Understanding Active Directory Concepts
Global Catalog
Replication
Trust Relationships
DNS Namespace
Name Servers
Naming Conventions
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
18/41
Slide 18 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.4.1 Global Catalog is Central Repository
1
2
3
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
19/41
Slide 19 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.4.2 Key Directory Roles
Enables network logon byproviding universal group
membership information to adomain controller when a logon
process is initiated.
Enables finding directory
information regardless of whichdomain in the forest actually
contains the data.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
20/41
Slide 20 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.4.3 Universal Group Membership
If only one domain controllerexists in the domain, the domain
controller and the global catalog are the same server.
Ifmultiple domain controllers exist on the network, the global
catalog is the domain controller configured as such.
If a global catalog is not available when a user initiates a network
logon process, the user is able to log on to the local computer only.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
21/41
Slide 21 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.4.4 Global Catalog Servers
1. The administrator can optionally configure any domain controller or
designate additional domain controllers as global catalog servers.
2. When considering which domain controllers to designate as global
catalog servers, base the decision on the ability of the networkstructure to handle replication and query traffic.
3. Additional servers can provide quicker responses to user inquiries,
as well as redundancy.
4. Every major site in the enterprise should have at least one global
catalog server.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
22/41
Slide 22 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.4.5 Directory Partitions
Schema Information
Defines the objects
that can be createdin the directory andthe attributesassociated withthose objects.
ConfigurationInformation
Describes the logical
structure of thedeployment,containinginformation such asdomain structure orreplication topology.
Common to all
domains in thedomain tree orforest.
Domain Data
Describes all of the
objects in a domain. Domain-specific andnot distributed to anyother domains.
A subset of theproperties for allobjects in all
domains is stored inthe global catalog.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
23/41
Slide 23 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.5 A Domain Controller Stores and Replicates
1. Schema information for the domain tree or forest.
2. Configuration information for all domains in the domain tree or
forest.
3. All directory objects and properties for its domain.
4. A subset of the properties of all objects in the domain (replicated tothe global catalog).
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
24/41
Slide 24 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.5.1 A Global Catalog Stores and Replicates
1. Schema information for a forest.
2. Configuration information for all domains in a forest.
3. A subset of the properties for all directory objects in the forest
(replicated between global catalog servers only).
4. All directory objects and all their properties for the domain in whichthe global catalog is located.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
25/41
Slide 25 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.5.2 Replication Topology
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
26/41
Slide 26 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.5.3 Replication Within A Site
1. Active Directory automatically generates a topology for
replication among domain controllers in the same domain
using a ring structure.
2. Topology defines the path for directory updates to flow
from one domain controller to another until all domain
controllers receive the directory updates.
3. Ring structure ensures that at least two replication paths
exist from one domain controller to another.
4. Active Directory periodically analyzes the replicationtopology within a site to ensure that it is still efficient.
5. If a domain controller is added or removed from the
network or a site, Active Directory reconfigures the
topology to reflect the change.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
27/41
Slide 27 of 41
TOPIC
CHAPTER 1: Introduction to Active Directory
1.5.4 Replication Between Sites
1. To ensure replication between sites, Active Directory must becustomized to replicate information using site links to represent
network connections.
2. Active Directory uses the network connection information to
generate connection objects that provide efficient replication andfault tolerance.
3. Information is provided about the replication protocol used, cost of
a site link, times when the link is available for use, and how often
the link should be used.
4. Active Directory uses this information to determine which site link
will be used to replicate information.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
28/41
Slide 28 of 41
TOPIC
: y
1.6 Two Types of Trust Relationships
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
29/41
Slide 29 of 41
TOPIC
y
1.6.1 Implicit Two-Way Transitive Trust
Trust relationship between parent and child domains within a tree
and between the top-level domains in a forest.
Established and maintained automatically.
Feature of the Kerberos authentication protocol.
If Domain A trusts Domain B, and Domain B trusts Domain C, thenDomain A trusts Domain C.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
30/41
Slide 30 of 41
TOPIC
y
1.6.2 Explicit One-Way Non Transitive Trust
1. Trust relationship between domains that are not part of the same
tree.
2. Bounded by the two domains in the trust relationship and does not
flow to any other domains in the forest.
3. This is the only form of trust possible with;
I. A Microsoft Windows 2003 domain and a Windows NT
domain.
II. A Windows 2003 domain in one forest and a Windows 2003
domain in another forest.
III. A Windows 2003 domain and an MIT Kerberos V5 realm.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
31/41
Slide 31 of 41
TOPIC
y
1.7 DNS Namespace
Active Directory is primarily a namespace, a bounded area in whicha name can be resolved.
Name resolution is the process of translating a name into someobject or information that the name represents.
The Active Directory namespace is based on the DNS namingscheme.
Private networks use DNS extensively to resolve computer namesand to locate computers within their local networks and the Internet.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
32/41
Slide 32 of 41
TOPIC
y
1.7.1 Dynamic DNS (DDNS)
Windows 2003 domain names are also DNS names.
Enables clients with dynamically assigned addressesto register directly with a server running the DNSservice and update the DNS table dynamically.
Eliminates the need for other Internet namingservices, such as WINS.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
33/41
Slide 33 of 41
TOPIC
1.8 Domain Namespace
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
34/41
Slide 34 of 41
TOPIC
1.8.1 Types of Namespaces
Contiguous namespace
The name of the childobject in an objecthierarchy alwayscontains the name ofthe parent domain.
A tree is a contiguousnamespace.
Disjointed namespace
Names of a parentobject and a child of thesame parent object arenot directly related toone another.
A forest is a disjointednamespace.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
35/41
Slide 35 of 41
TOPIC
1.8.2 Domain Namespace Divided into Zones
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
36/41
Slide 36 of 41
TOPIC
1.8.3 Name Servers
1. A DNS name server stores the zone database file.
2. Store data for one zone or multiple zones.
3. Have authority for the domain namespace that the zone
encompasses.
4. At least one name server must exist for a zone.
5. Changes to a zone, such as adding domains or hosts, are performed
on the server that contains the primary zone database file.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
37/41
Slide 37 of 41
TOPIC
1.9 Distinguished Names and Relative Distinguished Names
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
38/41
Slide 38 of 41
TOPIC
1.9.1 Distinguished Name (DN)
Uniquely identifies an object and contains sufficient information for aclient to retrieve the object from the directory.
Includes the name of the domain that holds the object, as well as thecomplete path through the container hierarchy to the object.
Must be unique.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
39/41
Slide 39 of 41
TOPIC
1.9.2 Relative Distinguished Name (RDN)
The part of the name that is an attribute of the object itself.
Duplicate RDNs are allowed for Active Directory objects, but two
objects with the same RDN cannot exist in the same OU.
Objects with duplicate RDNs can exist in separate OUs because they
have different DNs.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
40/41
Slide 40 of 41
TOPIC
1.9.3 Globally Unique Identifier (GUID)
A 128-bit number that is guaranteed to be unique across all domains.
Assigned to an object when the object is created.
Never changes, even if the object is moved or renamed.
Applications can store the GUID of an object and use the GUID to
retrieve that object regardless of its current DN.
Objects can be moved from domain to domain, and they will still
have a unique identifier.
CHAPTER 1: Introduction to Active Directory
-
7/29/2019 EDN122_01 ACTIVE DIRECTORY WINDOWS
41/41
TOPIC
Class Activity-Explain the Terms Below
Trust Relationship
Global Catalog
Domain
Objects
DirectoryPartitions