Lesson 17. Domains and Active Directory

Objectives

At the end of this Presentation, you will be able to:

• Compare and contrast how Windows NT Server and Windows 2000 family Server handle domains.

• Define Directory Services and Active Directory.

• Explain how Active Directory is installed in Windows 2000/2003 Server.

• Define replication.

Network+ Domains covered:

• 3.1• 3.11• 4.4• 4.4

Terms used with Windows NT based Networks

• Domains• Primary Domain Controller (PDC)• Backup Domain Controller (BDC)

The Security Account Manager (SAM)

• Database of all users, passwords, permissions, etc.

• A read/writeable copy is stored in the PDC.• A read only copy is stored in the BDC.• Changes are written to the PDC.• The PDC periodically updates the BDC.

Windows 2000/2003 Server

• Does not have Primary Domain Controllers or Backup Domain Controllers.

• However, it still uses Domain Controllers but on a peer basis.

In a Windows 2000 Server family based network, servers can be:

• Domain Controllers • Member servers

Domain Controllers

• Have Active Directory installed and configured.

• Provide network authentication.• Have copies of the Active Directory

database.• Multiple Domain Controllers are allowed

with Windows 2000 Server.

Changes to the Active Directory database are

propagated to all Domain Controllers through a process

called replication.

Advantages

• Fault tolerance.• Faster response.

Disadvantage

• More network traffic.

Member Servers

• Not involved in authentication.• They can provide services such as file and

print services, firewall, applications, etc.

NOS Directory Services

• Refers to the way the resources on the network are organized.

• Directory Services manages resources from multiple servers as if they were one data base.

• This not only includes resources such as files, folders, and printers, but information like user names, passwords, and groups, as well.

With stand-alone servers each server’s user and account data

base must be managed separately.

With Directory Services based servers all servers’ user and

account information is in one data base.

Unix Directory Service

• Unix’s implementation of directory services is called Network Information System, or NIS.

• A single user and password file is maintained by an NIS server.

• The NIS server copies the user and password data from the other computers in the network.

NetWare Directory Services

• Prior to version 4, NetWare used Bindery as a form of directory services

• Beginning with version 4, Netware uses directory services called NetWare Directory Services, or NDS.

NDS Structure

• Tree – A major collections of objects under a single heading.

• Context – The object’s position within the directory tree.

Microsoft’s implementation of directory services is called

Active Directory.

Active Directory

• Makes the network easier to manage.• Aids users in finding network resources.

NetWare Directory Service

Microsoft’s Active Directory

• Trees• Context

• Objects and Attributes• Containers• Domains• Trees• Forests

• Domain Name Service (DNS) names• User Principle Names (UPN)• Distinguished Names• HTTP URL Names• UNC Names• Globally Unique Identifier (GUID)• NetBIOS

Windows 2000 Naming Systems

Domain Name Service (DNS) names

• Used by the Internet.• Example:

bbear. users.heathkit.com

User Principle Names (UPN)

• A “user friendly” naming system often used as an email address.

• Example: BobBear@heathkit.com

Distinguished Names

• Used by LDAP to communicate with Active Directory.

• Example: CN=Bob Bear, OU=Engineering, O=Heathkit, C=US

HTTP URL Names

• The naming system used by the world wide web.• Example:

http://heathkit.com/html/ezs703.html

Universal Naming Convention (UNC)

• An Industry Standard that provides a common syntax for naming computer resources.

• Should work across platforms such as Windows, NetWare, and Unix.

• Example:

\\SERVERNAME\SHARENAME

Globally Unique Identifier (GUID)

• 128-bit number • Assigned to every object in Active

Directory• Never changes no matter what the object is

named or renamed• Unique in all the world

NetBIOS names

• For backward compatibility with Windows NT and other prior versions of Windows.

Installing Active Directory

Windows NT Server

Primary Domain Controller (PDC)

Backup Domain Controller (BDC)

Master CopyOf SAM

Backup CopyOf SAM

Primary Domain Controller (PDC)

Backup Domain Controller (BDC)

Master CopyOf SAM

Backup CopyOf SAM

Windows 2000 Server

Master CopyOf Directory

Master CopyOf Directory

Master CopyOf Directory

Master CopyOf Directory

Master CopyOf Directory

Master CopyOf Directory

Replication

• Compare and contrast how Windows NT Server and Windows 2000 family Servers handle domains.

• Define Directory Services and Active Directory.

• Explain how Active Directory is installed in Windows 2000/2003 Server.

• Define replication.