planning an active directory server deployment
TRANSCRIPT
![Page 1: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/1.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 1/64
![Page 2: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/2.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 2/64
![Page 3: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/3.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 3/64
Directory ServiceDirectory Service
• A directory service is a repository of information about the resources —hardware, software, and human —
that are connected to a network.• Users, computers, and applicationsthroughout the network can accessthe repository for a variety of purposes, including userauthentication, storage of configuration data, and even simplewhite pages–style informationlookups.
![Page 4: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/4.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 4/64
Active DirectoryActive Directory
• Active Directory is the directory servicethat Microsoft first introduced in Windows2000 Server, and which they haveupgraded in each successive serveroperating system release, includingWindows Server 2008.– Active Directory makes services and
resources available.– Provide authentication and authorization
• Authentication is the process of verifyinga user’s identity.
• Authorization is the process of grantingthe user access only to the resources he orshe is permitted to use.
![Page 5: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/5.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 5/64
DomainDomain
• A domain is a logical container of each network component over whichyou have control and organize in one
respective entity.• Each domain was hosted by at least
one server designated as a domain
controller .
![Page 6: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/6.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 6/64
Active Directory ObjectsActive Directory Objects
• An Active Directory domain is ahierarchical structure that takes the formof a tree, much like a file system.
• The domain consists of objects, each of which represents a logical or physicalresource.
• There are two basic classes of objects:container objects and leaf objects.– A container object , including domains, is
one that can have other objectssubordinate to it.
– A leaf object can represent users,computers, groups, applications, and other
![Page 7: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/7.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 7/64
![Page 8: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/8.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 8/64
Active Directory AttributesActive Directory Attributes
![Page 9: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/9.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 9/64
Directory SchemaDirectory Schema
• Different object types have different setsof attributes, depending on their functions.
• The attributes each type of object canpossess, both required and optional, thetype of data that can be stored in eachattribute, and the object’s place in thedirectory tree are all defined in thedirectory schema.
• In Active Directory, unlike Windows NTdomains, the directory schema elementsare extensible, enabling applications toadd their own object types to thedirectory, or add attributes to existing
![Page 10: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/10.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 10/64
Additional User Attributes for MicrosoftAdditional User Attributes for MicrosoftExchangeExchange
![Page 11: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/11.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 11/64
Organizational Unit (OU)Organizational Unit (OU)
• A container object that functions in asubordinate capacity to a domain,something like a subdomain, but withoutthe complete separation of securitypolicies.
• As a container object, OUs can containother OUs, as well as leaf objects.
• You can apply separate Group Policy to anOU, and delegate the administration of anOU as needed.
• However, an OU is still part of the domainand still inherits policies and permissionsfrom its parent objects.
![Page 12: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/12.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 12/64
![Page 13: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/13.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 13/64
GroupsGroups
• Active Directory supports groups withvarying capabilities, as defined by thegroup type and the group scope.
• There are two group types in ActiveDirectory:– Security groups — Administrators use
security groups to assign permissions anduser rights to a collection of objects. In thevast majority of cases, the term “group”refers to a security group.
– Distribution groups — Applications usedistribution groups for non-security–related
functions, such as sending email messagesto a collection of users.
![Page 14: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/14.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 14/64
![Page 15: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/15.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 15/64
Group NestingGroup Nesting
![Page 16: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/16.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 16/64
![Page 17: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/17.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 17/64
Domain TreeDomain Tree
• When designing an Active Directoryinfrastructure, you might, in somecases, want to create multiple
domains.• Active Directory scales upward from
the domain just as easily as it scales
downward.
![Page 18: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/18.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 18/64
Internal Active Directory Domain TreeInternal Active Directory Domain Tree
![Page 19: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/19.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 19/64
Active Directory Domain Tree using anActive Directory Domain Tree using anInternet Domain NameInternet Domain Name
![Page 20: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/20.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 20/64
ForestForest
• An Active Directory forest consistsof one or more separate domaintrees, which have the same two-way
trust relationships between them astwo domains in the same tree.
• When you create the first domain on
an Active Directory network, you arein fact creating a new forest, andthat first domain becomes the forest
root domain .
![Page 21: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/21.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 21/64
Global CatalogGlobal Catalog
• Domains function as the hierarchicalboundaries for the Active Database aswell.
• A domain controller maintains only thepart of the Active Directory database thatdefines that domain and its objects.
• Active Directory clients still need a way tolocate and access the resources of otherdomains in the same forest.
• To make this possible, each forest has aglobal catalog, which is a list of all of theobjects in the forest, along with a subsetof each object’s attributes.
![Page 22: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/22.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 22/64
Functional LevelsFunctional Levels
• Every Active Directory forest has afunctional level, as does everydomain.
• Functional levels are designed toprovide backwards compatibility inActive Directory installations running
domain controllers with variousversions of the Windows Serveroperating system.
![Page 23: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/23.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 23/64
Domain ControllersDomain Controllers
• Each domain on an Active Directorynetwork should have at least two domaincontrollers, to ensure that the ActiveDirectory database is available to clients
at all times, and to provide clients withready access to a nearby domaincontroller.
• How many domain controllers you installfor each of your domains, and where youlocate them, is an important part of designing an Active Directoryinfrastructure.
• Also important is an understanding of how
![Page 24: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/24.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 24/64
Lightweight Directory Access ProtocolLightweight Directory Access Protocol(LDAP)(LDAP)
• The standard communicationsprotocol for directory serviceproducts, including Active Directory.
• LDAP defines the format of thequeries that Active Directory clientssend to domain controllers, as well
as providing a naming structure foruniquely identifying objects in thedirectory.
![Page 25: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/25.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 25/64
Active Directory ReplicationActive Directory Replication
• Active Directory uses multiple-master replication.
• When a change is made to a domainobject on any domain controller, thatchange is replicated to all of theother domain controllers.
![Page 26: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/26.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 26/64
![Page 27: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/27.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 27/64
Read-Only Domain ControllersRead-Only Domain Controllers
• One of the new Active Directoryfeatures in Windows Server 2008 isthe ability to create a Read-Only
Domain Controller (RODC) , whichis a domain controller that supportsonly incoming replication traffic.
• As a result, it is not possible tocreate, modify, or delete ActiveDirectory objects using the RODC.
![Page 28: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/28.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 28/64
SitesSites
• To facilitate the replication process, ActiveDirectory includes another administrativedivision called the site.
• A site is defined as a collection of subnets
that have good connectivity betweenthem.• Good connectivity is understood to be at
least T-1 speed (1.544 megabits persecond).
• Generally speaking, this means that a siteconsists of all the local area networks(LANs) at a specific location.
• A different site would be a network at aremote location, connected to the other-
![Page 29: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/29.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 29/64
SitesSites
• A site topology consists of threeActive Directory object types:– Sites — A site object represents the
group of subnets at a single location,with good connectivity.
– Subnets — A subnet object represents
an IP network at a particular site.– Site links — A site link object
represents a WAN connection betweentwo sites.
![Page 30: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/30.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 30/64
Designing an Active DirectoryDesigning an Active DirectoryInfrastructureInfrastructure
• The process of designing an ActiveDirectory infrastructure consists of the following basic phases:
– Designing the domain name space.– Designing the internal domain
structure.
– Designing a site topology.– Designing a Group Policy strategy.
![Page 31: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/31.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 31/64
Additional Active Directory DomainsAdditional Active Directory Domains
• Reasons to Create:– Isolated
replication–
Unique domainpolicy– Domain upgrades
• Reasons Not toCreate:– Size
– Administration
![Page 32: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/32.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 32/64
Designing a Tree StructureDesigning a Tree Structure
• Includes how you are going toarrange the domains to form a treeand deciding how you are going toname your domains and whichdomain will be the forest root.
![Page 33: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/33.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 33/64
Designing a Tree StructureDesigning a Tree Structure
• If you plan to create domainscorresponding to remote sites ororganizational divisions, the most commonpractice is to make them all subdomains in
the same tree, with a single root domainat the top.• The first domain you create in an Active
Directory forest — the forest root domain
— is critical, because it has specialcapabilities.– The Schema Administrators group exists only
in the forest root domain, and the members
of that group have the ability to modify theActive Director schema, which affects all of
![Page 34: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/34.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 34/64
Internal Domain StructureInternal Domain Structure
• Once you create a design for yourActive Directory domains and thetrees and forests superior to them, it
is time to zoom in on each domainand consider the hierarchy you wantto create inside it.
![Page 35: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/35.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 35/64
Organizational UnitsOrganizational Units
• Creating OUs should be based on:– Duplicating organization divisions.– Assigning Group Policy Settings.– Delegating administration.
![Page 36: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/36.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 36/64
Group PoliciesGroup Policies
• Group Policy is one of the most powerfulfeatures of Active Directory.
• Using Group Policy, you can deploy
hundreds of configuration settings to largecollections of users at once.• To deploy Group Policy settings, you must
create group policy objects (GPOs) and
link them to Active Directory domains,organizational units, or sites.
• Every object in the container to which theGPO is linked receives the settings youconfi ure in it.
![Page 37: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/37.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 37/64
Deploying Active Directory DomainDeploying Active Directory DomainServicesServices
• Although it does not actually convertthe computer into a domaincontroller, installing the Active
Directory Domain Services roleprepares the computer for theconversion process.
![Page 38: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/38.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 38/64
Active Directory Domain Services RoleActive Directory Domain Services Role
![Page 39: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/39.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 39/64
Active Directory Domain ServicesActive Directory Domain ServicesInstallation WizardInstallation Wizard
![Page 40: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/40.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 40/64
The Choose a Deployment The Choose a DeploymentConfiguration PageConfiguration Page
![Page 41: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/41.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 41/64
The Name the Forest Root Domain The Name the Forest Root DomainPagePage
![Page 42: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/42.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 42/64
The Domain NetBIOS Name Page The Domain NetBIOS Name Page
![Page 43: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/43.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 43/64
The Set Forest Functional Level Page The Set Forest Functional Level Page
![Page 44: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/44.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 44/64
![Page 45: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/45.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 45/64
![Page 46: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/46.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 46/64
The Location for Database, Log Files The Location for Database, Log Filesand SYSVOL Pageand SYSVOL Page
![Page 47: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/47.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 47/64
The Directory Services Restore The Directory Services RestoreMode Administrator Password PageMode Administrator Password Page
![Page 48: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/48.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 48/64
The Summary Page The Summary Page
![Page 49: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/49.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 49/64
The Choose a Deployment The Choose a DeploymentConfiguration PageConfiguration Page
![Page 50: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/50.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 50/64
The Network Credentials Page The Network Credentials Page
![Page 51: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/51.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 51/64
The Name the New Domain Page The Name the New Domain Page
![Page 52: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/52.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 52/64
The Select a Site Page The Select a Site Page
![Page 53: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/53.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 53/64
![Page 54: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/54.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 54/64
The Select a Domain Page The Select a Domain Page
![Page 55: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/55.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 55/64
SummarySummary
• A directory service is a repository of information about the resources —hardware, software, and human —
that are connected to a network.• Active Directory is the directory
service that Microsoft first introduced
in Windows 2000 Server and thatthey have upgraded in eachsuccessive server operating systemrelease, including Windows Server
![Page 56: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/56.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 56/64
SummarySummary
• Users that are joined to an ActiveDirectory domain log on to thedomain, not to an individual
computer or application, and are ableto access any resources in thatdomain for which administratorshave granted them the properpermissions.
![Page 57: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/57.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 57/64
SummarySummary
• In Active Directory, you can subdivide adomain into organizational units andpopulate it with objects.– You can also create multiple domains and
group them into sites, trees, and forests.• An organizational unit (OU) is a container
object that functions in a subordinate
capacity to a domain.– OUs can contain other OUs, as well as leaf
objects. You can apply separate GroupPolicy to an OU and delegate the
administration of an OU as needed.
![Page 58: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/58.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 58/64
SummarySummary
• Like organizational units, group objectsare containers, but groups are not full-fledged security divisions as OUs are.– You cannot apply Group Policy settings to a
group object.• When you create your first domain on an
Active Directory network, you are, in
essence, creating the root of a domaintree.– You can populate the tree with additional
domains as long as they are part of the
same contiguous namespace.
![Page 59: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/59.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 59/64
SummarySummary
• An Active Directory forest consists of two or more separate domain trees,which have the same two-way trust
relationships between them as twodomains in the same tree.• To facilitate the replication process,
Active Directory includes anotheradministrative division called thesite.
• A site is defined as a collection of
![Page 60: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/60.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 60/64
![Page 61: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/61.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 61/64
![Page 62: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/62.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 62/64
SummarySummary
• A critical difference between a domaintree hierarchy and the OU hierarchy withina domain is inheritance.
• When you assign Group Policy settings toa domain, the settings apply to all leaf objects in that domain, but not to thesubdomains that are subordinate to it.
• When you assign Group Policy settings toan OU, those settings apply to all leaf objects in the OU, and the settings areinherited by any subordinate OUs itcontains.
![Page 63: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/63.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 63/64
![Page 64: Planning an Active Directory Server Deployment](https://reader030.vdocuments.net/reader030/viewer/2022021119/577d25e51a28ab4e1e9fd287/html5/thumbnails/64.jpg)
8/4/2019 Planning an Active Directory Server Deployment
http://slidepdf.com/reader/full/planning-an-active-directory-server-deployment 64/64
SummarySummary
• Part of the internal domain designprocess consists of deciding whereyou are going to deploy GPOs and
creating a hierarchy that does notapply too many GPOs to individualleaf objects.