Scribd Logo
Carica

Benvenuto in Scribd!

  • Chapter01 - Active Directory Installation - CTS1334

    Caricato da

    sotb74
    270 visualizzazioni31 pagine
    A network directory service stores information about a computer network and offers features for retrieving and managing that information. Directory services provide a centralized management tool, but due to complexity, require careful planning prior to setup. MCTS Windows Server 2008 Active Directory 2 describes the physical and logical Active Directory structure.

    Descrizione originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    A network directory service stores information about a computer network and offers features for retrieving and managing that information. Directory services provide a centralized management tool, but due to complexity, require careful planning prior to setup. MCTS Windows Server 2008 Active Directory 2 describes the physical and logical Active Directory structure.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    270 visualizzazioni31 pagine

    Chapter01 - Active Directory Installation - CTS1334

    Caricato da

    sotb74
    A network directory service stores information about a computer network and offers features for retrieving and managing that information. Directory services provide a centralized management tool, but due to complexity, require careful planning prior to setup. MCTS Windows Server 2008 Active Directory 2 describes the physical and logical Active Directory structure.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 31

    Chapter 1: Installation of Active Directory

    Objectives
     Describe the role of a directory service and the
    physical and logical Active Directory structure

     Install Active Directory

     Describe the main Active Directory objects

     Explain configuring and applying group policies

    2
    MCTS Windows Server 2008 Active Directory 2
    The Role of a Directory Service
     A network directory service stores information about a
    computer network and offers features for retrieving
    and managing that information
     Generally considered to be an administrative tool, but
    users make use of directory services to find resources
     Directory services provide a centralized management
    tool, but due to complexity, require careful planning
    prior to setup

    MCTS Windows Server 2008 Active Directory 3


    Windows Active Directory
     First used by Windows 2000 Server
     Offers the following features:
     Hierarchical organization
     Centralized but distributed database
     Scalability
     Security
     Flexibility
     Policy-based administration

    MCTS Windows Server 2008 Active Directory 4


    Overview of the Active Directory Structure
     Physical structure
     Consists of sites and servers configured as domain
    controllers
     Logical structure
     Makes it possible to pattern the directory service’s look
    and feel after the organization in which it runs

    MCTS Windows Server 2008 Active Directory 5


    Active Directory’s Physical
    Structure
     An Active Directory site is simply a physical location in
    which domain controllers communicate and replicate
    information regularly
     Each domain controller contains a full replica of the objects
    that make up the domain and is responsible for the
    following functions:
     Storing a copy of the domain data and replicating changes to
    that data to all other domain controllers throughout the
    domain
     Providing data search and retrieval functions for users
    attempting to locate objects in the directory
     Providing authentication and authorization services for users
    who log on to the domain and attempt to access network
    resources

    MCTS Windows Server 2008 Active Directory 6


    Active Directory’s Logical Structure
     Organizational Units (OUs)
     Domains
     Trees
     Forests

    MCTS Windows Server 2008 Active Directory 7


    Active Directory’s Logical Structure (cont.)
     The organizational unit (OU) is an Active Directory
    container used to organize a network’s users and
    resources into logical administrative units
     An OU contains Active Directory objects, such as:
     User accounts
     Groups
     Computer accounts
     Printers
     Shared folders
     Applications
     Servers
     Domain controllers
    MCTS Windows Server 2008 Active Directory 8
    Active Directory’s Logical Structure (cont.)

    MCTS Windows Server 2008 Active Directory 9


    Active Directory’s Logical Structure (cont.)
     Domain: The core structural unit of an Active
    Directory; contains OUs and represents
    administrative, security, and policy boundaries
     Small to medium companies usually have one domain;
    larger companies may have several domains to separate
    geographical regions or administrative responsibilities

    MCTS Windows Server 2008 Active Directory 10


    Active Directory’s Logical Structure (cont.)

    MCTS Windows Server 2008 Active Directory 11


    Active Directory’s Logical Structure (cont.)
     A tree is a grouping of domains that share a common
    naming structure
     Can consist of a parent domain and possibly one or
    more child domains
     Child domains can also have child domains

    MCTS Windows Server 2008 Active Directory 12


    Active Directory’s Logical Structure (cont.)

    MCTS Windows Server 2008 Active Directory 13


    Active Directory’s Logical Structure (cont.)
     Forest: A collection of one or more Active Directory
    trees; a forest can consist of a single tree with a single
    domain, or it can contain several trees, each with a
    hierarchy of parent and child domains
     Main purpose is to provide a common Active Directory
    environment, in which all domains in all trees can
    communicate and share information, while
    simultaneously allowing independent operation and
    administration

    MCTS Windows Server 2008 Active Directory 14


    Active Directory’s Logical Structure (cont.)

    MCTS Windows Server 2008 Active Directory 15


    Installing Active Directory
     To install AD DS on a full Windows Server 2008
    installation, use Server Manager
     If DNS is not already present on the network, you must
    install the DNS Server Role
     Once the Server Manager wizard for installing Active
    Directory finishes, you must run dcpromo.exe

    MCTS Windows Server 2008 Active Directory 16


    Installing Active Directory (cont.)
     Dcpromo.exe steps to install:
     Step 1: Existing domain or new domain
     Step 2: Fully qualified domain name (FQDN) for new forest root domain
     Step 3: Choose forest functional level
     The functional level is critical to the feature set available to
    administrators after install, as well as the software requirements
    for any other DCs
     If you want backwards compatibility with older domain controllers on the
    network, choose Windows 2000 functional level
     If you choose Windows Server 2008 functional level, you can’t run
    Windows Server 2003 or Windows 2000 domain controllers (but they can
    run as member servers)

    MCTS Windows Server 2008 Active Directory 17


    Installing Active Directory (cont.)
     After step 3, you have three additional options for the
    DC
     Install DNS Server
     Recommended for the first domain controller in a new
    domain
     Global Catalog
     Selected by default (and cannot be disabled) if the server is to
    be the first DC in a forest
     Read-only Domain Controller (RODC)
     Not selected by default and disabled for the first DC in the
    domain

    MCTS Windows Server 2008 Active Directory 18


    Installing Active Directory (cont.)
     The sysvol folder is a shared folder that stores the
    information from Active Directory that’s replicated to
    other domain controllers
     Directory Services Restore Mode is used to perform
    restore operations on Active Directory if it becomes
    corrupted or parts of it are deleted accidentally

    MCTS Windows Server 2008 Active Directory 19


    The Active Directory Schema
     An object is a grouping of information that describes a
    network resource
     The schema defines the type, organization, and
    structure of data stored in the AD database
     Schema classes define the types of objects that can be
    stored in Active Directory
     Schema attributes define what type of information is
    stored in each object
     The information stored in each attribute is called the
    attribute value
    MCTS Windows Server 2008 Active Directory 20
    The Active Directory Schema
    (cont.)

    MCTS Windows Server 2008 Active Directory 21


    Active Directory Container Objects
     Organizational units
     Folder objects
     Domain objects

    MCTS Windows Server 2008 Active Directory 22


    Organizational Units
     Primary container object for organizing and managing
    resources in a domain
     OUs can organize multiple objects into one
    administrative group that can be configured with
    specific policies relevant to that group
     Authority of an OU can be delegated
     Nesting OUs can build a hierarchical Active Directory
    structure that mimics the corporate structure for easier
    object management

    MCTS Windows Server 2008 Active Directory 23


    Folder Objects
     Four created by default:
     Builtin: Houses default groups created by Windows
     Computers: The default location for computer accounts
    created when a new computer or server becomes a domain
    member
     ForeignSecurityPrincipals: Initially empty but later contains
    user accounts from other domains added as members of the
    local domain’s groups
     Users: Stores two default users (Administrator and Guest)
    and several default groups
     New folder objects cannot be created
     Administrative control can be delegated (except on Builtin
    folder)
    MCTS Windows Server 2008 Active Directory 24
    Domain Objects
     Core logical structure in AD; contains OU and folder
    container objects, as well as leaf objects
     Larger companies may use multiple domains to
    separate administration, define security boundaries,
    and define policy boundaries
     Each domain object has a default GPO linked to it that
    can affect all objects in the domain

    MCTS Windows Server 2008 Active Directory 25


    Active Directory Leaf Objects
     User Accounts
     Three types: Local, domain, and built-in
     Groups
     Consist of users with common permissions
     Computer Accounts
     Represent a computer that is a domain controller or domain
    member
     Other Leaf Objects
     Contact
     Printer
     Shared folder

    MCTS Windows Server 2008 Active Directory 26


    Locating Active Directory Objects
     Active Directory objects can be searched for using the
    Find Users, Contacts, and Groups dialog box
     Can search a single domain or an entire directory (all
    domains)
     Not all objects are available to all users

    MCTS Windows Server 2008 Active Directory 27


    Chapter Summary
     A directory service is a database that stores network
    resource information and can be used to manage
    users, computers, and resources throughout the
    network
     Active Directory is a hierarchical, distributed database
    that’s scalable, secure, and flexible; Active Directory’s
    physical structure is composed of sites and domain
    controllers, and the logical structure is composed of
    organizational units, domains, trees, and forests

    MCTS Windows Server 2008 Active Directory 28


    Chapter Summary (cont.)
     Server manager installs the Active Directory Domain
    Services role; once Server Manager is finished,
    dcpromo.exe is used to finish installation
     The data in Active Directory is organized as objects
     Available objects and their structure are defined by the
    Active Directory schema, which is composed of schema
    classes and schema attributes
     The data in a schema attribute is called an attribute
    value

    MCTS Windows Server 2008 Active Directory 29


    Chapter Summary (cont.)
     Two types of objects in AD: Container objects and leaf
    objects

     Leaf objects generally represent security accounts,


    network resources, and GPOs

     Active Directory objects can be located easily with


    search functions in Active Directory Users and
    Computers and Windows Explorer

    MCTS Windows Server 2008 Active Directory 30


    Chapter Summary (cont.)
     Policies defined in the Computer Configuration node
    affect all computers in the Active Directory container
    to which the GPO is linked; policies defined in the
    User Configuration node affect all users in the Active
    Directory container to which the GPO is linked

    MCTS Windows Server 2008 Active Directory 31

    Potrebbero piacerti anche