Вы находитесь на странице: 1из 34

Overview of AD, DHCP, DNS, TCP/IP and Remote Access

Submitted By: Chandrashekar

Overview of Active Directory

Active Directory

Active Directory is the name given to the directory service employed in Windows Server 2003 Its dual role: to act as a data repository and to provide data to applications and features outside of AD

Hierarchical Base object Domain

Active Directory Structure


Domain

Forest
Domain
Domain

Tree
O U

Domain
O U

O U

Tree
Domain Domain

Objects

Logical Components
Objects Domains Forests Trees Organizational Units (OU)

OBJECTS
Basic

unit of Active Directory is known as object. Active Directory information in object. Object are users, computer shared folder, groups and printers.

Domains and Organizational Units

Domain

Organizational unit (OU)

Has a unique name Is organized in hierarchical levels Has an Active Directory replicated across its domain controllers A logical container used to organize domain objects Makes it easy to locate and manage objects Allows you to apply Group Policy settings Allows delegation of administrative control

An Active Directory Domain and OU Structure

Trees and Forests


Sometimes necessary to create multiple domains within an organization First Active Directory domain is the forest root domain A tree is a hierarchical collection of domains that share a contiguous DNS naming structure A forest is a collection of trees that do not share a contiguous DNS naming structure Transitive trust relationships exist among domains in trees and, optionally, in and across forests
9

An Active Directory Forest

10

Physical Components

Domain Controllers Sites


Server capable of authentication Maintains a copy of the Active Directory A well connected TCP/IP subnet

11

Domain Controllers ( DC )
Active Directory service installed Servers that provide authentication of domain members Data stores

NT Primary Domain Controllers (PDC)

%systemroot%\ntds.dit

Mixed Mode Windows 2003 DC running PDC emulation

12

Sites

A collection of computers connected via a highspeed network LAN IP subnet Sites relate to the physical layout of the network A site can contain multiple domains, and a domain can cross several sites Connect via slow speed links (WAN)

13

Types Of Trusts Available


Parent and Child Trust Relationship Tree-root Relationship External Trust Relationship Shortcut Trust Relationship Realm Trust Relationship Forest Trust Relationship

Functional level
Domain Functional levels
Mixed Mode NT, 2000 and 2003 Domain Controllers Native Mode 2000 and 2003 Domain Controllers Windows Server 2003 interim domain functional only when upgrading from NT Windows Server 2003 domain functional only 2003 DCs Windows 2000 NT, 2000 and 2003 DCs Windows Server 2003 Interim Windows Server 2003

Forest Functional Levels

15

Active Directory Terminology

Domain - a selection of computers, user accounts, or other objects that share a common security boundary
hierarchical structure of containers and objects unique DNS name security boundary

16

Overview of DHCP

Dynamic Host Configuration Protocol


Dynamic Host Configuration Protocol (DHCP) is a protocol for assigning dynamic IP addresses to hosts on a network. DHCP is built on a client-server model, where designated DHCP server allocates network addresses and delivers configuration parameters to dynamically configured clients.

Dynamic Host Configuration Protocol

DHCP server: a host providing configuration parameters through DHCP DHCP client: a host requesting configuration parameters from a DHCP server. DHCP consists of two components:

Overview of Domain Name System

Domains
Domains: a domain is a subtree of the domain name space. The name of the domain is the domain name of the node at the top of the sub-tree.

21

Domain Name

Domain Name: Each node in the tree has a domain name. Fully Qualified Domain Name ( FQDN ): A label which is terminated by a null string. It contains all labels, from the most specific to the most general, that unique defines the name of the host Partially Qualified Domain Name ( PQDN ): A PQDN starts from a node, but it does not reach the root. It is used when the name to be resolved belongs to the same site as the client. Here the resolver can supply the mission part, called the suffix, to create an FQDN.

22

The Domain Name Space


Domain name space : The names are defined in an inverted-tree structure with the root at the top. The tree can have only 128 levels.

23

Overview of TCP / IP

The TCP / IP Protocol Suite


Consists of four layers Network access layer(Physical Layer) Provides physical delivery of IP packets via frames or cells Internet layer(Network Layer): Contains the information so that data can be routed through an IP network. Host-to-host layer(Transport Layer): Services the process layer and Internet layer to handle reliability and session aspects of the transmissions Process layer(Application Layer): Application support
25

The TCP / IP Protocol Suite

26

Network Access Layer


TCP/IP relies on a physical network to deliver its packets (can be a LAN, a MAN, or a WAN) Characteristics Process data down from the TCP/IP stack to build and send frames or cells out to the network Sends frames or cells over the physical network, one bit at a time Process data up to the TCP/IP stack on the receiver side Example: Ethernet, ATM, and Frame Relay
27

Internet Layer
The Internet layer handles several jobs: oNetwork addressing (ARP; RARP): RARP is used to find the IP address when the MAC address is known oRouting information (OSPF, EGP) oData fragmentation: If a large datagram is transferred from network to network, the router may divide the datagram into fragments. Each fragment has an identification number. oReassembly oHandling error and request (ICMP): When a fragment fails to arrive or is corrupted, ICMP generates an error message. Also, it allows one to see if there is a physical connection to a host (ping)
28

IP Addressing
wDotted decimal notation format n4 decimal number separated by decimal points nEach decimal is one byte in length nThe decimal numbers are in the range 0-255 wConsists of two parts nThe network portion Internet administered (cannot be modified) nThe host portion Locally administered (can be modified) wIANA (Internet Assigned Numbers Authority) and ARIN (American Registry for Internet Numbers) manage the assigning of IP addresses
29

IP Addressing
wAddress assignment characteristics nAddresses are assigned to one of the three classes: A, B, and C nClass D is reserved for multicast address nClass E is reserved for experiment nAddress 127.0.0.0 is used for IP loopback testing wAddresses reserved for private addresses: nClass A: 10.0.0.0 nClass B: 172.16.0.0 thru 172.31.0.0 nClass C: 192.168.0.0 thru 192.168.255.0

30

Overview of Remote Access

Remote Access

Remote access clients are either connected to only the remote access servers resources, or they are connected to the RAS servers resources and beyond. A Windows 2000 remote access server provides two remote access connection methods: dial up remote access and VPN remote access .

Dial - Up Remote Access Connections


The connection consists of a remote access client, remote access server, and WAN infrastructure

Thank You