active directory boundaries - purpose replication boundaries security boundaries

37
Active Directory Boundaries - Purpose Replication Boundaries Security Boundaries

Upload: mavis-craig

Post on 30-Dec-2015

270 views

Category:

Documents


2 download

TRANSCRIPT

Active Directory Boundaries - Purpose

Replication Boundaries

Security Boundaries

Active Directory Boundaries - Types

Geographic vs Organizational

Contiguous vs Discontigous namespace

i.e. oldcompany1.newcompany.com and oldcompany2.newcompany.com are 2 contiguous namespaces

Prestaging

forestprep and domainprep

Removal

Removing Domains or Trees

ADMT pruning/grafting

ADMTv3.1

Functional Levels

Viewing

Raising

Interoperability

UPN – User Principal Name

Simplifying Logon

Each userHas a unique down-level logon name

Can have multiple friendly UPN's

Trust Basics

Trusts allow communication between the boundaries of domains and forests

1 way Trust

2 way Trust

Transitive Trusts

Extend permissions across multiple domains

Automatically created as new domain joins a tree or new child is created

Forest Trusts

Forest wide

Selective authentication

External Trusts

Non-Transitive

NT4.0 or Kerebos compatible

Shortcut Trust

Transitive

Speeds up authentication and authorization

Identity

Security Identification (SID) filtering

Create Sites

Balance service delivered to all locations.

Inventory the number of users at each site

Inventory the types of WAN links

Create AD Subnets

Associate subnets with the site location that has the closest DC

Configure Site Links

Site Links = WAN links

Star vs Mesh

Associating Link Costs

Cost = Speed/Availability of WAN

Configure Infrastructure

Manually link Operational Masters with their backup servers

Global Catalog Servers

Deploy Global Catalog servers at each site when possible

Replication

Each domain can have its own replication topology and schedule

Different events have different priorities to trigger replication

DFS

DFS – Distributed File System

Method for synchronizing shared folders

DFS

DFS – Distributed File System

Method for synchronizing shared folders

Conflict and Deleted folder

Good for application distribution or other read-only data

Replication - Automatic

Knowledge Consistency Checker (KCC)

Bridgehead Server

Intersite Topology Generator

Replication - Automatic

Knowledge Consistency Checker (KCC)

Bridgehead Server

Intersite Topology Generator

Scheduling

IP and SMTP protocols

Replication - Manual

Designate a specific bridgehead server

Make a one way replication partnership

Manually force replication after making changes to AD

Global Catalog Server

DC that contains information about other Domains

Promotion

Use the AD snap-in Sites and Services

Partial Attribute Set

Alternate Methods

UGMC – Universal Group Membership Caching

Domain Operations Masters

PDC emulator

Relative ID (RID)

Infrastructure

Forest Operations Masters

Schema Master

Domain Naming

Operations Master

Seize vs Transfer

Backup

Placement

Schema Master

Schema can be extended with various tools

Placement should be on a Global Catalog

Time Service is important for successful upgrades