Scribd Logo
Carica

Benvenuto in Scribd!

  • 20410B 02

    Caricato da

    pradeepudit2009
    52 visualizzazioni23 pagine
    dd

    Titolo originale

    20410B_02

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PPTX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    dd

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    52 visualizzazioni23 pagine

    20410B 02

    Caricato da

    pradeepudit2009
    dd

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 23

    Microsoft Official Course

    Module 2

    Introduction to Active Directory Domain Services

    Module Overview
    Overview of AD DS

    Overview of Domain Controllers


    Installing a Domain Controller

    Lesson 1: Overview of AD DS
    Overview of AD DS

    What Are AD DS Domains?


    What Are OUs? What Is an AD DS Forest? What Is the AD DS Schema?

    Overview of AD DS
    AD DS is composed of both physical and logical components

    Physical components
    Data store Domain controllers Global catalog server RODC

    Logical components
    Partitions Schema Domains Domain trees Forests Sites OUs

    What Are AD DS Domains?


    AD DS requires one or more domain controllers All domain controllers hold a copy of the domain
    database which is continually synchronized

    The domain is the context within which user, group, and computer accounts are created
    The domain is a replication boundary An administrative center for configuring and managing objects Any domain controller can authenticate any logon in the domain

    What Are OUs? Organizational Units


    Containers that can be used to group objects within a domain Create OUs to:

    Delegate administrative permissions


    Apply Group Policy

    What Is an AD DS Forest?

    Forest Root Domain

    Tree Root Domain

    adatum.com fabrikam.com

    atl.adatum.com

    What Is the AD DS Schema?


    The Active Directory schema acts as a blueprint for AD DS by defining the attributes and object classes such as:
    Attributes objectSID Classes User

    sAMAccountName
    location manager

    Group
    Computer Site

    department

    Lesson 2: Overview of Domain Controllers


    What Is a Domain Controller?

    What Is the Global Catalog?


    The AD DS Logon Process Demonstration: Viewing the SRV Records in DNS What Are Operations Masters?

    What Is a Domain Controller?


    Domain Controllers Servers that host the Active Directory database (NTDS.DIT) and SYSVOL

    Kerberos authentication service and KDC services perform authentication


    Best practices: Availability: At least two domain controllers in a domain Security: RODC and BitLocker

    What Is the Global Catalog?


    Schema Configuration Domain A

    Global catalog:

    Schema Configuration Domain A Domain B

    Hosts a partial attribute set for other domains in the forest Supports queries for objects throughout the forest

    Schema Configuration Domain B

    Global catalog server

    Schema
    Configuration Domain B

    The AD DS Logon Process


    The AD DS logon process: 1. User Account is authenticated to DC1

    2. DC1 returns TGT back to client


    3. Client uses TGT to apply for access to WKS1

    DC1

    4. DC1 grants access to WKS1


    5. Client uses TGT to apply for access to SVR1

    6. DC1 returns access to SVR1

    WKS 1

    SVR1

    Demonstration: Viewing the SRV Records in DNS


    In this demonstration, you will see how to use

    DNS Manager to view SRV records

    What Are Operations Masters?


    In any multimaster replication topology, some operations must be single master Many terms are used for single master operations in AD DS, including the following: Operations master (or operations master roles) Single master roles FSMOs Roles Forest:
    Domain naming master

    Domain:
    RID master
    Infrastructure master PDC Emulator master

    Schema master

    Lesson 3: Installing a Domain Controller


    Installing a Domain Controller from Server

    Manager Installing a Domain Controller on a Server Core Installation of Windows Server 2012 Upgrading a Domain Controller Installing a Domain Controller by Using Install from Media

    Installing a Domain Controller from Server Manager

    Installing a Domain Controller on a Server Core Installation of Windows Server 2012


    Use the dcpromo /unattend:D:\answerfile.txt command to perform the unattended installation. The following is an example of text from the answer file:
    [DCINSTALL] UserName=<The administrative account in the domain of the new domain controller> UserDomain=<The name of the domain of the new domain controller> Password=<The password for the UserName account> SiteName=<The name of the AD DS site in which this domain controller will reside> This site must be created in advance in the Dssites.msc snap-in. ReplicaOrNewDomain=replica ReplicaDomainDNSName=<The fully qualified domain name (FQDN) of the domain in which you want to add an additional domain controller> DatabasePath="<The path of a folder on a local volume>" LogPath="<The path of a folder on a local volume>" SYSVOLPath="<The path of a folder on a local volume>" InstallDNS=yes ConfirmGC=yes SafeModeAdminPassword=<The password for an offline administrator account> RebootOnCompletion=yes

    Upgrading a Domain Controller


    Options to upgrade AD DS to Windows Server 2012: In place upgrade (from Windows Server 2008 or Windows Server 2008 R2) Benefit: Except for the prerequisite checks, all the files and programs stay in-place and there is no additional work required Watch for: May leave legacy files and DLLs Introduce a new Windows Server 2012 server into the domain and promote it to be a domain controller This option is the usually the preferred choice Benefit: Result is a new server with no accumulated files and settings Watch for: May need additional work to migrate users file settings

    Installing a Domain Controller by Using Install from Media

    Lab: Installing Domain Controllers


    Exercise 1: Installing a Domain Controller

    Exercise 2: Installing a Domain Controller by

    Using IFM

    Logon Information Virtual machines

    User name Password

    20410B-LON-DC1 (start first) 20410B-LON-SVR1 20410B-LON-RTR 20410B-LON-SVR2 Adatum\Administrator Pa$$w0rd

    Estimated Time: 45 minutes

    Lab Scenario
    A. Datum Corporation is a global engineering and manufacturing company with a head office based in London, England. An IT office and a data center are located in London to support the London location and other locations. A. Datum has recently deployed a Windows Server 2012 infrastructure with Windows 8 clients.

    You have been asked by your manager to install a new domain controller in the data center to improve logon performance. You have been asked also to create a new domain controller for a branch office by using IFM.

    Lab Review
    Why did you use Server Manager and not

    dcpromo.exe when you promoted a server to be a domain controller? What are the three operations masters found in each domain? What are the two operations masters that are present in a forest? What is the benefit of performing an Install From Media (IFM) install of a domain controller?

    Module Review and Takeaways


    Review Questions

    Potrebbero piacerti anche