Scribd Logo
Carica

Benvenuto in Scribd!

  • 20410a 02

    Caricato da

    RamyAyash
    33 visualizzazioni23 pagine
    mcsa

    Titolo originale

    20410A_02

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPTX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    mcsa

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    33 visualizzazioni23 pagine

    20410a 02

    Caricato da

    RamyAyash
    mcsa

    Copyright:

    © All Rights Reserved
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 23

    Microsoft Official

    Course

    Module 2

    Introduction to Active Directory


    Domain Services

    Module Overview
    Overview of AD DS
    Overview of Domain Controllers
    Installing a Domain Controller

    Lesson 1: Overview of AD DS
    Overview of AD DS
    ADDS Domains
    What are OUs?
    What Is an AD DS Forest?
    What Is the ADDS Schema?

    Overview of AD DS
    AD DS is composed of both physical and logical components
    Physical Components

    Logical Components

    Data store

    Partitions

    Domain controllers

    Schema

    Global catalog server

    Domains

    Read-Only Domain

    Domain trees

    Controller (RODC)

    Forests
    Sites
    Organizational units

    (OUs)

    ADDS Domains
    AD DS requires one or more domain controllers
    All domain controllers hold a copy of the domain
    database which is continually synchronized

    The domain is the


    context within which
    Users, Groups, and
    Computers are created
    Replication boundary
    An administrative
    center for configuring
    and managing objects
    Any domain controller
    can authenticate any
    logon in the domain

    What are OUs?


    Organizational Units
    Objects
    Users
    Computers
    OUs
    Containers that can be
    used to group objects
    within a domain
    Create OUs to:
    Delegate
    administrative
    permissions
    Apply Group Policy

    What Is an AD DS Forest?

    Forest Root
    Domain

    Tree Root
    Domain

    adatum.com

    fabrikam.com

    atl.adatum.com

    What Is the ADDS Schema?


    Attributes
    The
    Active Directory Schema acts as a blueprint for AD
    DS by
    defining the following Attributes and Object
    objectSID
    classes:
    sAMAccountName
    location
    manager
    department
    Classes
    User
    Group
    Computer
    Site

    Lesson 2: Overview of Domain Controllers


    What Is a Domain Controller?
    What Is the Global Catalog?
    The AD DS Logon Process
    Demonstration: Viewing the SRV Records in
    DNS
    What Are Operations Masters?

    What Is a Domain Controller?


    Domain Controllers
    Servers that perform the AD DS role:
    Host the Active Directory database
    (NTDS.DIT) and SYSVOL
    (replicated between domain controllers)
    Kerberos KDC service performs
    authentication
    Other Active Directory services
    Best practices:
    Availability: At least two in a domain
    Security: Server Core, RODC and BitLocker

    What Is the Global Catalog?


    Schema
    Schema
    Configuration
    Configuration

    Global catalog:

    Hosts a partial attribute set


    for other domains in the
    forest

    Supports queries for


    objects throughout
    the
    Schema
    Schema
    forest

    Domain
    Domain A
    A

    Schema
    Schema
    Configuration
    Configuration
    Domain
    Domain A
    A

    Configuration
    Configuration
    Domain
    Domain B
    B

    Domain
    Domain B
    B

    Global catalog
    Server

    Schema
    Schema
    Configuration
    Configuration
    Domain
    Domain B
    B

    The AD DS Logon Process


    The AD DS Logon
    Process:
    1. User Account is
    authenticated to DC1
    2. DC returns Ticket
    Granting Ticket (TGT)
    back to client
    3. Client uses TGT to apply
    for access to WKS1
    4. DC grants access to WKS1
    5. Client uses TGT to apply
    for access to SVR1
    6. DC returns access to
    SVR1

    DC
    1

    WKS
    1

    SVR1

    Demonstration: Viewing the SRV Records


    in DNS
    In this demonstration, you will see how to

    use DNS Manager to view SRV records

    What Are Operations Masters?

    In any multimaster replication topology, some


    operations must be single master

    Many terms are used for single master operations


    in AD DS
    Operations master (or operations master roles)
    Single master roles
    Operations tokens
    FSMOs

    Roles
    Forest
    Domain naming
    Schema

    Domain
    RID
    Infrastructure
    PDC Emulator

    Lesson 3: Installing a Domain Controller


    Installing a Domain Controller by Using a GUI
    Installing a Domain Controller on a Server
    Core Installation of Windows Server 2012
    Upgrading a Domain Controller
    Installing a Domain Controller by Using IFM

    Installing a Domain Controller by Using a


    GUI

    Installing a Domain Controller on a Server


    Core Installation of Windows Server 2012
    Use the dcpromo /unattend:D:\answerfile.txt
    command to perform the unattended installation. The
    following is an example of text from the answer file:
    [DCINSTALL]
    UserName=<The administrative account in the domain of the new domain
    controller>
    UserDomain=<The name of the domain of the new domain controller>
    Password=<The password for the UserName account>
    SiteName=<The name of the AD DS site in which this domain controller will
    reside> This site must be created in advance in the Dssites.msc snap-in.
    ReplicaOrNewDomain=replica
    ReplicaDomainDNSName=<The fully qualified domain name (FQDN) of the
    domain in which you want to add an additional domain controller>
    DatabasePath="<The path of a folder on a local volume>"
    LogPath="<The path of a folder on a local volume>"
    SYSVOLPath="<The path of a folder on a local volume>"
    InstallDNS=yes
    ConfirmGC=yes
    SafeModeAdminPassword=<The password for an offline administrator
    account>
    RebootOnCompletion=yes

    Upgrading a Domain Controller


    Options to upgrade AD DS to Windows Server 2012:
    In place upgrade (from Windows Server 2008 or
    Windows Server 2008 R2)
    Benefit: Except for the prerequisite checks, all the files
    and programs stay in place and there is no additional
    work required
    Watch for: May leave legacy files and DLLs
    Introduce a new Windows Server 2012 server into the
    domain and promote it to be a DC
    This option is the usually the preferred choice
    Good: Provides a new server with no accumulated files
    and settings
    To watch for: May need additional work to migrate
    users files and profile settings
    Both options require that the schema is at the Windows
    Server 2012 level

    Installing a Domain Controller by Using


    IFM

    Lab: Installing Domain Controllers


    Exercise 1: Installing a Domain Controller
    Exercise 2: Installing a domain controller by using

    IFM

    Logon Information
    Virtual Machines

    20410A-LON-DC1 (start first)


    20410A-LON-SVR1
    20410A-LON-RTR
    20410A-LON-SVR2

    User Name

    adatum\administrator

    Password

    Pa$$w0rd

    Estimated Time:60 minutes

    Lab Scenario
    A. Datum is a global engineering and

    manufacturing company with a head office based


    in London, England. An IT office and a data center
    are located in London to support the London
    location and other locations.
    A.Datum has recently deployed a Windows
    Server2012 infrastructure with Windows8 clients.
    You have been asked by your manager to install a
    new domain controller in the data center to
    improve logon performance.
    You have been asked also to create a new domain
    controller for a branch office by using IFM.

    Lab Review
    Why did you use Server Manager and not

    dcpromo.exe when you promoted a server to be


    a domain controllerdcpromo.exe?
    What are the three operations masters found in
    each domain?
    What are the two operations masters that are
    present in a forest?
    What is the benefit of performing an IFM install of
    a domain controller?

    Module Review and Takeaways


    Review Questions

    Potrebbero piacerti anche