introduction to active directory.ppt
TRANSCRIPT
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
1/39
Module 1:Module 1:
Introduction toIntroduction to
Active DirectoryActive Directory
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
2/39
OverviewOverview
Introduction to Active DirectoryIntroduction to Active Directory
Active Directory Logical StructureActive Directory Logical Structure
Role of DNS in Active DirectoryRole of DNS in Active DirectoryActive Directory Physical StructureActive Directory Physical Structure
Methods for Administering a Windows !!!Methods for Administering a Windows !!!
Networ"Networ"
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
3/39
Introduction to Active DirectoryIntroduction to Active Directory
What Is Active Directory#What Is Active Directory#
Active Directory O$%ectsActive Directory O$%ects
Active Directory SchemaActive Directory SchemaLightweight Directory Access ProtocolLightweight Directory Access Protocol
&LDAP'&LDAP'
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
4/39
What Is Active Directory#What Is Active Directory#
Directory ServiceDirectory Service
FunctionalityFunctionality
Directory ServiceDirectory Service
FunctionalityFunctionality
Organize
Manage Control
Organize
Manage Control
Resources
Resources
Centralized ManagementCentralized Management
Centralized ManagementCentralized Management
Single point of administration
Full user access to directoryresources by a single logon
Single point of administration
Full user access to directoryresources by a single logon
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
5/39
Active Directory O$%ectsActive Directory O$%ects
O$%ects Re(resent Networ" Resources
Attri$utes Store Information A$out anO$%ect
Attributes
Attributes
First Name
Last Name
Logon Name
First Name
Last Name
Logon Name
Attributes
Attributes
rinter Name
Printer Location
rinter Name
Printer Location
Active Directory
Active Directory
Printers
Printer1
Printer2
Suzan Fine
Users
Don !all
Attribute"alue
Attribute"alue
Ob#ects
Ob#ects
Printers
Printers
Users
Users
rinter$
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
6/39
Active Directory SchemaActive Directory Schema
Ob#ects
Class %&les
Ob#ects
Class %&les
rinters
rinters
Computers
Computers
'sers
'sers
Attributes of 'sers
Mig(t Contain)
Attributes of 'sers
Mig(t Contain)
accountExpires
department
distinguishedName
middleName
accountExpires
department
distinguishedName
middleName
List of Attributes
List of Attributes
accountExpires
department
distinguishedName
directReportsdNSHostName
operatingSystem
repsFrom
repsTo
middleName
)
accountExpires
department
distinguishedName
directReportsdNSHostName
operatingSystem
repsFrom
repsTo
middleName
)
Attribute
%&les
Attribute
%&les
Active Directory Sc(ema *s) Dynamically Available Dynamically Updateable Protected by DACLs
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
7/39
DNS and Active DirectoryDNS and Active DirectoryNames(acesNames(aces
microsoft+com
sales+ microsoft+com
training+ microsoft+com
training
microsoft
DNS Namespace
Active Directory Namespace
, DNS node -domain or computer. , Active Directory domain
sales
computer/
-DNS root domain.**+,+,**+,+,
com+com+com+com+
*nternet
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
8/39
Lightweight Directory AccessLightweight Directory Access
Protocol &LDAP'Protocol &LDAP'
LDAP Provides a Way toLDAP Provides a Way to-ommunicate with Active Directory $y-ommunicate with Active Directory $yS(ecifying .ni/ue Naming Paths forS(ecifying .ni/ue Naming Paths for0ach O$%ect in the Directory0ach O$%ect in the Directory
LDAP Naming Paths Include1LDAP Naming Paths Include1 Distinguished namesDistinguished names
Relative distinguished namesRelative distinguished names-N2Su3an 4ine5O.2Sales5D-2contoso5D-2msftSu3an 4ine
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
9/39
Active Directory LogicalActive Directory LogicalStructureStructure
DomainsDomains
Organi3ational .nitsOrgani3ational .nits
6rees and 4orests6rees and 4orests7lo$al -atalog7lo$al -atalog
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
10/39
DomainsDomainsA Domain Is a Security 8oundary A domain administrator can administer
only within the domain5 unlesse9(licitly granted administration rightsin other domains
A Domain Is a .nit of Re(lication Domain controllers in a domain
(artici(ate in re(lication and contain acom(lete co(y of the directoryinformation for their domain
0indo1s 23330indo1s 2333
User1
User2
User1
User2
ReplicationReplication
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
11/39
Organi3ational .nitsOrgani3ational .nits
Organizational StructureOrganizational StructureOrganizational StructureOrganizational Structure
Sales
"ancouver
Repair
'sers
Sales
Computers
Net1or4 Administrative ModelNet1or4 Administrative ModelNet1or4 Administrative ModelNet1or4 Administrative Model
.se O.s to 7rou( O$%ects into a Logical.se O.s to 7rou( O$%ects into a Logical
:ierarchy 6hat 8est Suits the Needs of:ierarchy 6hat 8est Suits the Needs of;our Organi3ation;our Organi3ationDelegate Administrative -ontrol over theDelegate Administrative -ontrol over the
O$%ects Within an O.O$%ects Within an O.$y Assigning$y Assigning
S(ecific Permissions to .sers and 7rou(sS(ecific Permissions to .sers and 7rou(s
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
12/39
6rees and 4orests6rees and 4orests
contoso+msftcontoso+msft
-root.
au+
contoso+msft
au+
contoso+msftasia+
contoso+msft
asia+
contoso+msft
5ree
51o60ay 5ransitive 5rusts51o60ay 5ransitive 5rusts51o60ay 5ransitive 5rusts51o60ay 5ransitive 5rusts
au+
n1traders+msft
au+
n1traders+msftasia+
n1traders+msft
asia+
n1traders+msft
n1traders+msftn1traders+msft
Forest
5ree
51o60ay 5ransitive 5rust51o60ay 5ransitive 5rust51o60ay 5ransitive 5rust51o60ay 5ransitive 5rust
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
13/39
7lo$al -atalog7lo$al -atalog
7lobal Catalog Server
7lobal Catalog7lobal Catalog7lobal Catalog7lobal Catalog
Subset of t(eSubset of t(eAttributes of AllAttributes of All
Ob#ectsOb#ects
Subset of t(eSubset of t(eAttributes of AllAttributes of All
Ob#ectsOb#ects
DomainDomain
Domain
DomainDomain
Domain
8ueries8ueries8ueries8ueries
7roup members(ip7roup members(ip
1(en user logs on1(en user logs on
7roup members(ip7roup members(ip
1(en user logs on1(en user logs on
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
14/39
Introduction to the Role of DNSIntroduction to the Role of DNSin Active Directoryin Active DirectoryName ResolutionName Resolution
DNS translates com(uter names to IP addressesDNS translates com(uter names to IP addresses -om(uters use DNS to locate each other on the-om(uters use DNS to locate each other on the
networ"networ"
Naming -onvention for Windows !!! DomainsNaming -onvention for Windows !!! Domains Windows !!! uses DNS naming standards forWindows !!! uses DNS naming standards for
domain namesdomain names DNS domains and Active Directory domains share aDNS domains and Active Directory domains share a
common hierarchical naming structurecommon hierarchical naming structure
Locating the Physical -om(onents of ActiveLocating the Physical -om(onents of ActiveDirectoryDirectory DNS identifies domain controllers $y the services theyDNS identifies domain controllers $y the services they
(rovide(rovide -om(uters use DNS to locate domain controllers and-om(uters use DNS to locate domain controllers and
glo$al catalog serversglo$al catalog servers
-
7/23/2019 INTRODUCTION TO ACTIVE DIRECTORY.PPT
15/39
DNS :ost Names and WindowsDNS :ost Names and Windows!!! -om(uter Names!!! -om(uter Names
DNS (ost record and Active Directoryob#ect represent t(e same p(ysicalcomputer
DNS allo1s computers to locate domaincontrollers 1it(in Active Directory
Active DirectoryActive Directory
training.microsoft.com
Builtin
Computers
-om(uter