Active Directory

Admin Training

L A U R E N Information Technologies Pvt. Ltd.

Agenda

Active Directory Domain Name System (DNS) Dynamic Host Configuration Protocol (DHCP) Demonstration Q&A

L A U R E N Information Technologies Pvt. Ltd.

Active Directory

Introduction Domain, Trees, Forests (Logical) Domain Controllers, Sites (Physical) Replication Operations Masters Group Policy

L A U R E N Information Technologies Pvt. Ltd.

Active Directory

Active Directory
Central component for Windows 2003 Operating system. Is a directory service which stores information about network object and make them available and usable for users, applications and computers.

L A U R E N Information Technologies Pvt. Ltd.

Active Directory - Benefits

Integrated Security
By managing logon and authentication By controlling access on the object

Ease of Management
Can be managed centrally Distributed management by delegating control

Single sign on
User can access the permitted network resources once logged on to the Active Directory.
L A U R E N Information Technologies Pvt. Ltd.

Active Directory.

Ease of locating search resources

As Active Directory is a central database for storing objects, it provides enhanced search capabilities.

Scalability to size any network

Can be design for any network, because it can include multiple domains.

L A U R E N Information Technologies Pvt. Ltd.

Active Directory Logical Concepts

Domains

Boundary of Security
Boundary of Authentication

Boundary of Replication
Domain NC Replication

COMPANY.COM

Boundary of DNS Namespace Boundary of Administration

L A U R E N Information Technologies Pvt. Ltd.

Active Directory Logical Concepts

Collection of Domain controllers Transitive Trust Relationships All Domains in a Tree share:
Schema Configuration Global Catalog

Trees

COMPANY.COM

AMERICA.COMPANY.COM

EUROPE.COMPANY.COM

NICARAGUA.AMERICA.COMPANY.COM

L A U R E N Information Technologies Pvt. Ltd.

Active Directory Logical Concepts

Collection Domain trees Transitive Trust Relationships All Domains in a Forest share:
Schema Configuration Global Catalog

Forests

DIVISION.COM

COMPANY.COM

AMERICA.COMPANY.COM

L A U R E N Information Technologies Pvt. Ltd.

Active Directory Logical Concepts

Organizational Units

Containers within Domains Distinct Units of Administration Unique to Domains

L A U R E N Information Technologies Pvt. Ltd.

Active Directory Physical Concepts Domain Controllers

Primary Domain Controller (PDC) Domain Controllers (DC)

Back-Up Domain Controller (BDC)

L A U R E N Information Technologies Pvt. Ltd.

Active Directory Physical Concepts

Sites

What Is a Site?
A set of well-connected IP subnets

Site Usage
Replication Group policy application

Sites Are Connected with Site Links

Connects two or more sites

L A U R E N Information Technologies Pvt. Ltd.

Active Directory Physical Concepts

Site Topology
DC
DC = Domain Controller GC = Global Catalog

GC
Site A

Company.com

Site C

GC
Site B

DC
DC
europe.company.com

GC

L A U R E N Information Technologies Pvt. Ltd.

america.company.com

Active Directory Physical Concepts

Global Catalog

A master, searchable index that contains information about every object in every domain in a forest

L A U R E N Information Technologies Pvt. Ltd.

Replication Replication Topologies

Intra-Site Replication: AD replication between DCs within a site Inter-Site Replication: AD replication between sites

L A U R E N Information Technologies Pvt. Ltd.

Replication Intra-Site Replication

RPC Replication in a Site No Compression

Assumes good network connections

L A U R E N Information Technologies Pvt. Ltd.

Replication Inter-Site Replication

Replication Between Sites DS-RPC (RPC over IP) or SMTP Transports SMTP Can Be Used Compression
10 percent-20 percent of original size

Scheduled

L A U R E N Information Technologies Pvt. Ltd.

Replication Site-Links & Bridgehead Servers

Site Links Link Two or More Sites

Cost and schedules can be specified

Bridgehead Servers
Master Replication Server in a site

L A U R E N Information Technologies Pvt. Ltd.

Schema

Operations Masters Schema and Domain

Perform updates to schema Sends updates to all DCs One per forest Default is the first DC installed

Domain
Performs add/remove of domains and cross-references to external DS One per forest Default is the first DC installed

L A U R E N Information Technologies Pvt. Ltd.

Primary Domain Controller (PDC)

Acts as a PDC for requests from Microsoft Windows NT clients One per domain

Operations Masters PDC, RID, and Infrastructure

Relative Identifier (RID)

Infrastructure

Generates pools of security identifiers to be distributed to DCs in the domain One per domain
Updates security identifiers (SIDs) and domains that are moved in and out of the domain

L A U R E N Information Technologies Pvt. Ltd.

Group Policy Overview

Do More with Less Effort

New Policy

Active Directory

One Administrator Action

Group Policy enables admins to set and maintain a desired computing state New Group Policy Management Console (GPMC) makes administration much easier

Many End User Results

Many Computer Results

L A U R E N Information Technologies Pvt. Ltd.

Group Policy Processing

GPO1 Site GPO2 GPO3 Domain GPO4 OU

OU

OU

L A U R E N Information Technologies Pvt. Ltd.

Using Group Policy to Control the User Environment

Use Group Policy to:
Manage users and computers Deploy software Enforce security settings

Enforce a consistent desktop environment

L A U R E N Information Technologies Pvt. Ltd.

Software Installation

3 deployment options
Assign to computer

App is installed at boot App installed either on demand or (with XP and above) at user logon User chooses to install from add remove programs.

Assign to user

Publish to user

Requires MSI apps Tips

Make sure machine accounts have access to Software Distribution points for machine assigned apps No supported way to control install order within a GPO

L A U R E N Information Technologies Pvt. Ltd.

When Does Group Policy Get Applied?

Computer Starts

Group Policy Applies Computer Settings Startup Scripts Run

Group Policy Applies User Settings Logon Scripts Run

User Logs On

L A U R E N Information Technologies Pvt. Ltd.

and at periodic intervals

Foreground Versus Background refresh

Foreground refresh

At boot and logon Processing is synchronous

Logon prompt not displayed till computer processing complete Desktop not displayed till user processing complete

Requires connectivity to domain

Background refresh
Approximately every 90 minutes Software installation and folder redirection settings not processed

L A U R E N Information Technologies Pvt. Ltd.

Active Directory .

Active Directory console

L A U R E N Information Technologies Pvt. Ltd.

Domain Name System (DNS)

Is a TCP/IP based name resolution service Is used to resolve a host name to its associated IP address Is implemented using two software components
DNS server DNS client (or resolver)

L A U R E N Information Technologies Pvt. Ltd.

Dynamic Host Configuration Protocol (DHCP)

Automate the assignment of IP addresses Centrally managed by Network Administrators DHCP Scopes Scope - A range of IP addresses that can be assigned to clients that are on one subnet Superscope - Is a collection of individual scopes

L A U R E N Information Technologies Pvt. Ltd.

Active Directory

Demonstration

L A U R E N Information Technologies Pvt. Ltd.

Q&A

L A U R E N Information Technologies Pvt. Ltd.