Introduction to Active Directory in

Windows 2000/2003

Overview

Introduction to Active Directory Active Directory Logical Structure Active Directory Physical Structure Methods for Administering a Windows 2000 Network

What Is Active Directory?

Directory Service Directory Service FunctionalityFunctionality

Organize Manage Control

Resources

Centralized ManagementCentralized Management

Single point of administration Full user access to directory

resources by a single logon

Active Directory Objects represents network resources, such as users, groups, computers, and printers

AttributesAttributesFirst NameLast NameLogon Name

AttributesAttributes

Printer NamePrinter Location

Active DirectoryActive Directory

Printers

Printer1

Printer2

Suzan Fine

Users

Don Hall

AttributeAttributeValueValue

ObjectsObjects

Printers

Users

Printer3

Active Directory Logical Structure includes:

Domains Organizational Units Tree and Forest

Domains

A Domain is a collection of computers that share a common database

A Domain Is a Security Boundary A domain administrator can administer only within the domain,

unless explicitly granted administration rights in other domains A Domain Is also a Unit of Replication

Domain controllers in a domain participate in replication and contain a complete copy of the directory information for their domain- NT??

Windows 2000Domain

User1

User2User1

User2ReplicationReplication

Organizational Units

Fire Dept

All Users

Police Dept

Network Administrative ModelNetwork Administrative Model

Use OUs to Group Objects into a Logical Hierarchy That Best Suits your needs for Administration Software Deployment Policies Delegation

Fire Dept

All Computers

Police Dept

Network Administrative ModelNetwork Administrative Model

Tree and Forest

Town.Belmont.ms.us

(root)

Police.town.belmont.ma.usFire.town.belmont.ma.us

Tree

Active Directory Physical Structure

Domain Controllers Sites

Domain Controllers

Domain Controller

Domain Controller

Domain

ReplicationReplicationUser1

User2User1

User2

= A Writeable Copy of the Active Directory Database

Domain Controllers: Participate in Active Directory replication You can have more than one

SITE LINK

28K

FIBER CONNECTION

WHY HAVE SEPARATE SITES

Methods for Administering a Windows 2000 Network

Using Active Directory for Centralized Management

Managing the User Environment

Using Active Directory for Centralized ManagementActive Directory:

Enables a single administrator to centrally manage resources Allows administrators to easily locate information Allows administrators to group objects into OUs Uses Group Policy to specify policy-based settings

Town.Belmont.Ma.US

All Users

Treasurer Water Assessors Retirement Library Personnell

All Computers

user user2 user3 user4 user5 user6

Water Assessor Retirement Library PersonnellTreasurer

computer computer2 computer3 computer4 computer5 computer6

Managing the User Environment

Use Group Policy to: Control and lock down what users can do Centrally manage software installation, repairs, updates,

and removal Configure user data to follow users whether they are online or

offline

Windows 2000 Enforces Continually

Apply Group Policy Once

1 2 3 Domain

OU1 OU2 OU3

1 2 3

Review

Introduction to Active Directory Active Directory Logical Structure Active Directory Physical Structure Methods for Administering a Windows 2000 Network