EDN 122

ACTIVE DIRECTORY WINDOWS

INTRODUCTION TO ACTIVE DIRECTORY

CHAPTER 1

PREPARED BY:

RANJINI SHANMUGAM SCHOOL OF INFORMATION TECHNOLOGY

FACULTY OF ENGINEERING AND INFORMATION TECHNOLOGY

CHAPTER 1: Introduction to Active Directory

LEARNING OUTCOMES
TOPIC

At the end of this chapter, students will be able to: Understand Active Directory Objects and Components Understand Logical and Physical Structure

Slide 2 of 41

CHAPTER 1: Introduction to Active Directory

TOPIC OUTLINES

1.1 Active Directory Overview 1.1.1 AD Objects and Attributes 1.1.2 AD Definitions 1.1.3 Attributes 1.1.4 Classes

TOPIC

1.2 Active Directory Components 1.2.1 Logical Hierarchical Structure 1.2.2 Logical Structure 1.2.3 Use OUs to Handle Administrative Tasks 1.3 Domain Tree 1.3.1 Forest of Trees 1.3.2 Sites
1.4 Understanding Active Directory Concepts 1.4.1 Global Catalog is Central Repository 1.4.2 Key Directory Roles 1.4.3 Universal Group Membership 1.4.4 Global Catalog Servers 1.4.5 Directory Partitions

Slide 3 of 41

CHAPTER 1: Introduction to Active Directory

TOPIC OUTLINES

1.5 A Domain Controller Stores and Replicates 1.5.1 A Global Catalog Stores and Replicates 1.5.2 Replication Topology 1.5.3 Replication Within a Site 1.5.4 Replication Between Sites 1.6 Two Types of Trust Relationship 1.6.1 Implicit Two Way Transitive Trust 1.6.2 Explicit One Way Non Transitive Trust 1.7 DNS Namespace 1.7.1 Dynamic DNS 1.8 Domain Namespace 1.8.1 Types of Namespaces 1.8.2 Domain Namespaces Divided into Zones 1.8.3 Name Servers 1.9 Distinguished Names and Relative Distinguished Names 1.9.1 Distinguished Name(DN) 1.9.2 Relative Distinguished Name(RDN) 1.9.3 Globally Unique Identifier(GUID)

TOPIC

Slide 4 of 41

CHAPTER 1: Introduction to Active Directory

1.1 Active Directory Overview

TOPIC

Active Directory Objects Active Directory Components Logical Structures Physical Structure

Slide 5 of 41

CHAPTER 1: Introduction to Active Directory

1.1.1 Active Directory Objects and Attributes

TOPIC

Slide 6 of 41

CHAPTER 1: Introduction to Active Directory

1.1.2 Active Directory Definitions

TOPIC

1. Resources stored in the directory, such as user data, printers, servers, databases, groups, computers, and security policies, are known as objects. 2. An object is a distinct named set of attributes that represents a network resource.
3. Attributes are characteristics of objects in the directory. 4. Objects are organized in classes, which are logical groupings of objects.

5. Objects known as containers can contain other objects.

Slide 7 of 41

CHAPTER 1: Introduction to Active Directory

1.1.3 Attributes
TOPIC

Defined separately from classes

Defined only once and can be used in multiple classes

Store the information that describes the object

Slide 8 of 41

CHAPTER 1: Introduction to Active Directory

1.1.4 Classes
TOPIC

Are collections of attributes. Describe the possible objects that can be created. Are also referred to as object classes. Every object is an instance of an object class.

Slide 9 of 41

CHAPTER 1: Introduction to Active Directory

1.2 Active Directory Components

TOPIC

Logical Structure Domains Organizational units Trees Forests

Physical Structure

Sites Domain controllers

Slide 10 of 41

CHAPTER 1: Introduction to Active Directory

1.2.1 Logical Hierarchical Structure

TOPIC

Slide 11 of 41

CHAPTER 1: Introduction to Active Directory

1.2.2 Logical Structure

TOPIC

Resources should be organized in a logical structure that mirrors the logical structure of the organization. Grouping resources logically enables users and administrators to find resources by name rather than by physical location.
The networks physical structure is transparent to users.

Slide 12 of 41

CHAPTER 1: Introduction to Active Directory

1.2.3 Use OUs to Handle Administrative Tasks

TOPIC

Slide 13 of 41

CHAPTER 1: Introduction to Active Directory

1.3 Domain Tree

TOPIC

Members share the same root domain name

Slide 14 of 41

CHAPTER 1: Introduction to Active Directory

1.3.1 Forest of Trees

TOPIC

More than one tree linked up together is called forest

Slide 15 of 41

CHAPTER 1: Introduction to Active Directory

1.3.2 Sites

1. Combination of one or more IP subnets connected by a highly reliable and fast link to localize as much network traffic as possible.

TOPIC

Hub Site
2. Typically, has the same boundaries as a LAN. 3. When grouping subnets on the network, combine only those subnets that have fast, inexpensive, and reliable network connections with one another. 4. Available bandwidth of 128 Kbps or greater is sufficient.
5. Not a part of the namespace. 6. Contain only computer objects and connection objects used to configure replication between sites.

Branch Office

Slide 16 of 41

CHAPTER 1: Introduction to Active Directory

1.4 Understanding Active Directory Concepts

TOPIC

Global Catalog Replication Trust Relationships DNS Namespace Name Servers Naming Conventions

Slide 17 of 41

CHAPTER 1: Introduction to Active Directory

1.4.1 Global Catalog is Central Repository

TOPIC

1 2

Slide 18 of 41

CHAPTER 1: Introduction to Active Directory

1.4.2 Key Directory Roles

TOPIC

Enables network logon by providing universal group membership information to a domain controller when a logon process is initiated. Enables finding directory information regardless of which domain in the forest actually contains the data.

Slide 19 of 41

CHAPTER 1: Introduction to Active Directory

1.4.3 Universal Group Membership

TOPIC

If only one domain controller exists in the domain, the domain controller and the global catalog are the same server.

If multiple domain controllers exist on the network, the global catalog is the domain controller configured as such.
If a global catalog is not available when a user initiates a network logon process, the user is able to log on to the local computer only.

Slide 20 of 41

CHAPTER 1: Introduction to Active Directory

1.4.4 Global Catalog Servers

TOPIC

1. The administrator can optionally configure any domain controller or designate additional domain controllers as global catalog servers. 2. When considering which domain controllers to designate as global catalog servers, base the decision on the ability of the network structure to handle replication and query traffic. 3. Additional servers can provide quicker responses to user inquiries, as well as redundancy. 4. Every major site in the enterprise should have at least one global catalog server.

Slide 21 of 41

CHAPTER 1: Introduction to Active Directory

1.4.5 Directory Partitions

TOPIC

Schema Information

Configuration Information

Domain Data

Defines the objects that can be created in the directory and the attributes associated with those objects.

Describes the logical structure of the deployment, containing information such as domain structure or replication topology. Common to all domains in the domain tree or forest.

Describes all of the objects in a domain. Domain-specific and not distributed to any other domains. A subset of the properties for all objects in all domains is stored in the global catalog.

Slide 22 of 41

CHAPTER 1: Introduction to Active Directory

1.5 A Domain Controller Stores and Replicates

TOPIC

1. 2.

Schema information for the domain tree or forest. Configuration information for all domains in the domain tree or forest.
All directory objects and properties for its domain. A subset of the properties of all objects in the domain (replicated to the global catalog).

3. 4.

Slide 23 of 41

CHAPTER 1: Introduction to Active Directory

1.5.1 A Global Catalog Stores and Replicates

TOPIC

1. 2. 3.

Schema information for a forest. Configuration information for all domains in a forest. A subset of the properties for all directory objects in the forest (replicated between global catalog servers only). All directory objects and all their properties for the domain in which the global catalog is located.

4.

Slide 24 of 41

CHAPTER 1: Introduction to Active Directory

1.5.2 Replication Topology

TOPIC

Slide 25 of 41

CHAPTER 1: Introduction to Active Directory

1.5.3 Replication Within A Site

1. Active Directory automatically generates a topology for replication among domain controllers in the same domain using a ring structure. 2. Topology defines the path for directory updates to flow from one domain controller to another until all domain controllers receive the directory updates.
3. Ring structure ensures that at least two replication paths exist from one domain controller to another. 4. Active Directory periodically analyzes the replication topology within a site to ensure that it is still efficient. 5. If a domain controller is added or removed from the network or a site, Active Directory reconfigures the topology to reflect the change.

TOPIC

Slide 26 of 41

CHAPTER 1: Introduction to Active Directory

1.5.4 Replication Between Sites

TOPIC

1. To ensure replication between sites, Active Directory must be customized to replicate information using site links to represent network connections. 2. Active Directory uses the network connection information to generate connection objects that provide efficient replication and fault tolerance. 3. Information is provided about the replication protocol used, cost of a site link, times when the link is available for use, and how often the link should be used. 4. Active Directory uses this information to determine which site link will be used to replicate information.
Slide 27 of 41

CHAPTER 1: Introduction to Active Directory

1.6 Two Types of Trust Relationships

TOPIC

Slide 28 of 41

CHAPTER 1: Introduction to Active Directory

1.6.1 Implicit Two-Way Transitive Trust

TOPIC

Trust relationship between parent and child domains within a tree and between the top-level domains in a forest.
Established and maintained automatically. Feature of the Kerberos authentication protocol. If Domain A trusts Domain B, and Domain B trusts Domain C, then Domain A trusts Domain C.

Slide 29 of 41

CHAPTER 1: Introduction to Active Directory

1.6.2 Explicit One-Way Non Transitive Trust

TOPIC

1. Trust relationship between domains that are not part of the same tree.
2. Bounded by the two domains in the trust relationship and does not flow to any other domains in the forest.

3. This is the only form of trust possible with; I. A Microsoft Windows 2003 domain and a Windows NT domain. II. A Windows 2003 domain in one forest and a Windows 2003 domain in another forest. III. A Windows 2003 domain and an MIT Kerberos V5 realm.

Slide 30 of 41

CHAPTER 1: Introduction to Active Directory

1.7 DNS Namespace

TOPIC

Active Directory is primarily a namespace, a bounded area in which a name can be resolved. Name resolution is the process of translating a name into some object or information that the name represents. The Active Directory namespace is based on the DNS naming scheme. Private networks use DNS extensively to resolve computer names and to locate computers within their local networks and the Internet.

Slide 31 of 41

CHAPTER 1: Introduction to Active Directory

1.7.1 Dynamic DNS (DDNS)

TOPIC

Windows 2003 domain names are also DNS names.

Enables clients with dynamically assigned addresses to register directly with a server running the DNS service and update the DNS table dynamically. Eliminates the need for other Internet naming services, such as WINS.

Slide 32 of 41

CHAPTER 1: Introduction to Active Directory

1.8 Domain Namespace

TOPIC

Slide 33 of 41

CHAPTER 1: Introduction to Active Directory

1.8.1 Types of Namespaces

TOPIC

Contiguous namespace
The name of the child object in an object hierarchy always contains the name of the parent domain. A tree is a contiguous namespace.

Disjointed namespace
Names of a parent object and a child of the same parent object are not directly related to one another. A forest is a disjointed namespace.

Slide 34 of 41

CHAPTER 1: Introduction to Active Directory

1.8.2 Domain Namespace Divided into Zones

TOPIC

Slide 35 of 41

CHAPTER 1: Introduction to Active Directory

1.8.3 Name Servers

TOPIC

1. A DNS name server stores the zone database file. 2. Store data for one zone or multiple zones. 3. Have authority for the domain namespace that the zone encompasses.

4. At least one name server must exist for a zone.

5. Changes to a zone, such as adding domains or hosts, are performed on the server that contains the primary zone database file.

Slide 36 of 41

CHAPTER 1: Introduction to Active Directory

1.9 Distinguished Names and Relative Distinguished Names

TOPIC

Slide 37 of 41

CHAPTER 1: Introduction to Active Directory

1.9.1 Distinguished Name (DN)

TOPIC

Uniquely identifies an object and contains sufficient information for a client to retrieve the object from the directory.

Includes the name of the domain that holds the object, as well as the complete path through the container hierarchy to the object.

Must be unique.

Slide 38 of 41

CHAPTER 1: Introduction to Active Directory

1.9.2 Relative Distinguished Name (RDN)

TOPIC

The part of the name that is an attribute of the object itself. Duplicate RDNs are allowed for Active Directory objects, but two objects with the same RDN cannot exist in the same OU.

Objects with duplicate RDNs can exist in separate OUs because they have different DNs.

Slide 39 of 41

CHAPTER 1: Introduction to Active Directory

1.9.3 Globally Unique Identifier (GUID)

TOPIC

A 128-bit number that is guaranteed to be unique across all domains. Assigned to an object when the object is created. Never changes, even if the object is moved or renamed. Applications can store the GUID of an object and use the GUID to retrieve that object regardless of its current DN.
Objects can be moved from domain to domain, and they will still have a unique identifier.

Slide 40 of 41

CHAPTER 1: Introduction to Active Directory

Class Activity-Explain the Terms Below

TOPIC

Trust Relationship

Global Catalog Domain

Objects Directory Partitions

Slide 41 of 41