active directory windows2003 server. agenda what is active directory what is active directory...
Post on 30-Dec-2015
296 Views
Preview:
TRANSCRIPT
Active Directory Active Directory Windows2003 Windows2003
ServerServer
Agenda Agenda
What is Active DirectoryWhat is Active Directory Building an Active DirectoryBuilding an Active Directory Using Active Directory FeaturesUsing Active Directory Features Active Directory ObjectsActive Directory Objects Auditing Active DirectoryAuditing Active Directory
Group NamesGroup Names
Charles GuzmanCharles Guzman Daniel GebretensaiDaniel Gebretensai Ervand AkopyanErvand Akopyan Hovik GharadaghiHovik Gharadaghi
Active DirectoryActive Directory
What is Active DirectoryWhat is Active Directory
•Efficient Directory Management service
•Based on Standard Internet Protocols
•Helps to Clearly Define a Network’s structure
Requirements Requirements The computer must be Windows 2k, 2k3 Server, The computer must be Windows 2k, 2k3 Server,
Advanced Server or Datacenter Server. Advanced Server or Datacenter Server. At least one volume on the computer must be At least one volume on the computer must be
formatted with NTFS. formatted with NTFS. DNS must be active on the network prior to AD DNS must be active on the network prior to AD
installation or be installed during AD installation. installation or be installed during AD installation. DNS must support SRV records and be dynamic. DNS must support SRV records and be dynamic. The computer must have IP protocol installed and The computer must have IP protocol installed and
have a static IP address. have a static IP address. The Kerberos v5 authentication protocol must be The Kerberos v5 authentication protocol must be
installed. installed. Time and zone information must be correct.Time and zone information must be correct.
Installation Of Installation Of Active DirectoryActive Directory
DCPROMO
Why Install DNS?Why Install DNS?
Clients use DNS to locate Active Clients use DNS to locate Active Directory controllers.Directory controllers.
Servers and client computers Servers and client computers register their names and IP register their names and IP addresses with the DNS server. addresses with the DNS server.
Active DirectoryActive Directory
Domains Domains – Group of computers– Group of computers Domain Trees Domain Trees –Share contiguous –Share contiguous
NamespaceNamespace Domain Forests Domain Forests – Share common – Share common
directory directory informationinformation
Organizational Units Organizational Units – Subgroup of – Subgroup of Domains Domains that mirror that mirror an an organizationorganization
gan e s an .coo l
484 .gan e s an .coo l 485 .gan e s an .coo l
e r vand.4 8 4 .g ane s an .c ool c har le s .4 8 4 .g ane s an .c ool h ov ik .485 .gan e s an .coo l dan ie l .4 8 5 .g ane s an .c ool
C hild D om a ins
S ub dom a insS ub dom a ins
T ree
o th e rn am e .coo l
484 .o th e rn am e .coo l 485 .o th e rn am e .coo l
e rva n d .4 8 4 .o th e rn am e .co o l ch arles .484 .o th ern ame.coo l hovik .4 8 5 .othe rname .c ool da n i e l .4 8 5 .o th e rn am e .co o l
C hild D om a ins
S ub dom a insS ub dom a ins
T ree
F orest
Logical View Child, Tree, Forest
Creating a Child Creating a Child DomainDomain
RequirementsRequirements
Existing DomainExisting Domain Member ServerMember Server
gan e s an .coo l
4 84 .gan e s an .coo l 4 85 .gan e s an .coo l
e r vand.4 8 4 .g ane s an .c ool c har e l s .4 8 4 .g ane s an .c ool h ov ik .4 85 .gan e s an .coo l dan ie l .4 8 5 .g ane s an .c ool
C hild D om a ins
S ub dom a insS ub dom a ins
T ree
othe rname .c ool
484 .o th e rn am e .coo l 4 85 .o th e rn am e .coo l
e rva n d .4 8 4 .o th e rn a m e .c o o l ch arles . 484 .o th ern am e.coo l hovik .4 8 5 .oth e rname .c ool da n i e l .4 8 5 .o th e rn am e .c o o l
C hild D om a ins
S ub dom a insS ub dom a ins
T ree
F orest
Logical View Child, Tree, Forest
What does Active Directory What does Active Directory do for usdo for us
Keep a central list of users and passwordsKeep a central list of users and passwords Provide a set of servers to act as Provide a set of servers to act as
“authentication servers” known as a “authentication servers” known as a Domain ControllerDomain Controller
Maintain a searchable index of the things Maintain a searchable index of the things in the domainin the domain
Allow you to create users with different Allow you to create users with different levers of powerslevers of powers
USING ACTIVE DIRECTORY USING ACTIVE DIRECTORY FEATURESFEATURES
Directory service back up remindersDirectory service back up reminders Added replication security and Added replication security and
fewer errorsfewer errors Install from Media Improvement for Install from Media Improvement for
Installing DNS serversInstalling DNS servers Support for running domain Support for running domain
controllers in virtual machinescontrollers in virtual machines Extended storage of deleted objectsExtended storage of deleted objects
New AD Features in New AD Features in Windows 2003Windows 2003
Multiple selection of user Multiple selection of user objectsobjects
Drag and Drop functionalityDrag and Drop functionality Efficient search capabilitesEfficient search capabilites Saved QueriesSaved Queries
New Domain and Forest New Domain and Forest Wide AD FeaturesWide AD Features
Domain control rename toolDomain control rename tool Different location option for user Different location option for user
and computer accountsand computer accounts Forest trustsForest trusts Replication enhancementsReplication enhancements User access control to resources User access control to resources
between domains and forestsbetween domains and forests
Group Policy FeatureGroup Policy Feature
Defines the various components of Defines the various components of the users desktop environment that the users desktop environment that an administrator must managean administrator must manage
Applies not only to user and client Applies not only to user and client computers but also to member computers but also to member servers, domain controllers, and servers, domain controllers, and other 2003 server in scope of other 2003 server in scope of managementmanagement
Group Policy cont’dGroup Policy cont’d
Manage registry-based policy with Manage registry-based policy with Administrative Templates Administrative Templates
Assign scripts. This includes scripts Assign scripts. This includes scripts such as computer startup, shutdown, such as computer startup, shutdown, logon, and logofflogon, and logoff
redirect folders, such as My redirect folders, such as My Documents and My Pictures, from the Documents and My Pictures, from the Documents and Settings folder on the Documents and Settings folder on the local computer to network locations local computer to network locations
GP ScreenshotsGP Screenshots
Configuring a custom console
GP ScreenshotsGP Screenshots
Adding a group policy object link
Active Directory ObjectsActive Directory Objects
ADDING AND REMOVING ADDING AND REMOVING OBJECTSOBJECTS
Active Directory ObjectsActive Directory Objects
An object is a distinct named set of attributes that represents a network resource. Typical objects are users, groups, computers and printers. Each object has a number of attributes. For example, the user object has attributes such as password, name, password length and e-mail address. Objects are typically grouped into classes, such as groups (a number of user accounts), computers and printers. When objects are grouped together, they are placed into a container that holds the objects (its like a desk draw that holds a number of objects).
ObjectsObjects
If you try to add AD users using lusrmgr.msc you will receive the following error
How to join a Domain NetworkHow to join a Domain Network
top related