Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • 01 Implementing Active Directory Domain Services 141119123917 Conversion Gate01 PDF

    Загружено:

    jaishree jain
    66 просмотров15 страниц

    Оригинальное название

    01-implementing-active-directory-domain-services-141119123917-conversion-gate01 (1).pdf

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    66 просмотров15 страниц

    01 Implementing Active Directory Domain Services 141119123917 Conversion Gate01 PDF

    Загружено:

    jaishree jain

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 15

    Active Directory Domain

    Services (AD DS)


    What are ADDS?
    • Active Directory Domain Services (AD DS) provides the
    functionality of an identity and access (IDA) solution for
    enterprise networks.
    • Store information about users, groups, computers, and
    other identities.
    • Authenticate an identity.
     The server will not grant the user access to the document
    unless the server can verify the identity presented in the
    access request as valid.
     Kerberos Authentication: a protocol called Kerberos is used to
    authenticate identi-ties.

    • Control access

    • Provide an audit trail


    Components of an Active Directory Infrastructure
     Active Directory data store

     Domain controllers

     Domain

     Forest

     Tree

     Functional level

     Organizational units

     Sites
    Domain controllers (DC)

    • DCs are servers that perform the AD DS role.

    • The Kerberos Key Distribution Center (KDC) service, which


    Performs authentication, and other Active Directory
    services.
    Forest

    • A forest is a collection of one or more Active Directory


    domains.
    • The first domain installed in a forest is called the forest
    root domain.
    • The forest defines a security boundary.
    Functional level
    • The functional level is an AD DS setting that enables
    advanced domain-wide or forest-wide AD DS features.
    • Three domain functional levels:
     Windows 2000 native.
     Windows Server 2003
     Windows Server 2008.

    • Two forest functional levels:


     Microsoft Window s Server 2003.
     Windows Server 2008.
    Requirements for Installing AD DS

    Server • A computer running Windows Server 2008


    requirements to
    install AD DS • Minimum disk space of 250 MB and a partition
    formatted with NTFS file system

    • TCP/IP must be configured, including DNS


    client settings
    Network
    configuration • DNS Server that supports dynamic updates must
    be available or will be configured on the domain
    controller

    • Local Administrator permissions to install the first


    domain controller in a forest
    Administrator • Domain Administrator permissions to install
    permissions additional domain controllers in a domain
    • Enterprise Administrator permissions to install
    additional domains in a forest
    AD DS Installation Process

    1 Install the Active Directory Domain Services role


    using the Server Manager

    Run the Active Directory Domain Services


    2 Installation Wizard

    3 Choose the deployment configuration

    4 Select the additional domain controller features

    Select the location for the database, log files, and


    5 SYSVOl folder

    Configure the Directory Services Restore


    6 Mode Administrator Password
    Advanced Options for Installing AD DS

    To access the advanced mode installation options,


    choose the Advanced Mode option in the installation wizard or run
    DCPromo /adv

    Use the advanced mode options to:

    • Create a new domain tree

    • Use backup media as the source for AD DS information

    • Select the source domain controller for the installation

    • Modify the default domain NetBIOS name

    • Define the Password Replication Policy for an RODC


    Installing AD DS from Media

    Use Ntdsutil.exe to create the installation media

    Ntdsutil.exe can create the following types of installation media:

    • Full (or writable) domain controller

    • Full (or writable) domain controller without SYSVOL data

    • Read-only domain controller without SYSVOL data

    • Read-only domain controller


    Installing AD DS on a Server Core Computer
    • Installing Server Core
    Configuring AD DS Domain
    Controller Roles
    • What Are Global Catalog Servers?

    • Modifying the Global Catalog

    • Demonstration: Configuring Global Catalog Servers

    • What Are Operations Master Roles?

    • Demonstration: Managing Operation Master Roles

    • How Windows Time Service Works


    What Are Global Catalog Servers?

    Domain

    Domain
    Domain Domain

    Domain Domain
    Domain
    Global Catalog
    Query

    Result

    Global Catalog
    Server
    How Windows Time Service Works

    Windows Time service (W32Time) PDC Emulator


    provides network clock
    synchronization for domain
    controllers and client computers

    In a Windows Server 2008 forest,


    the PDC Emulator is used to
    provide the authoritative time Domain controllers
    for all other computers
    Client
    computers

    Time synchronization is important because:

    • Kerberos authentication includes a time stamp

    • Replication between domain controllers is time stamped


    steps

    Вам также может понравиться