Anda di halaman 1dari 6

Now before I get into Active Directory and the changes and kind of show you some things

you can do with Active Directory, I want to do a real quick Active Directory overview because some of the folks watching this video may not be that familiar with Active Directory so if you're new to it, here's the quick overview. Active Directory is the functionality in Windows Server 2008 that gives us the ability to manage all the users, computers, printers and other information that's on the network. Now, if you'll think about it, this is incredibly important to a domain because if I have servers in various areas of the country, I'm going to need to maintain this information. So let's so for example that we have a server on the east coast right here and a server on the west coast in our company. And we need to make sure that all the users, computers, printers and any other information, and I'll talk about that later on in a different video, is also maintained over here so that users can sign on. So Active Directory is that database that keeps up with all those users, computers, printers and other information. Now, we can have servers all over the place and Active Directory Domain Controllers can keep up with this information. So let's say that this is east coast, west coast, this is down south and this might even be say in Australia; a total different country. But we're going to connect all these computers and they're all part of our network, but they are our Domain Controllers, which means this is what the client machines login to. So one Domain Controller shares all the information that it knows about users, computers, printers and other information to other servers and that server can share that information right back and so what we have is a Multiple Master Replication Model. This computer has a list, this computer has a list. You can change anything here and it will be replicated over here. You can change anything here and it will be replicated here. Then, of course, we have the other computers in the network and they're aware of the Active Directory entries and everybody trades this information around. Now, this is a big departure from the previous directory structures in the Windows Operating Systems prior to Windows 2000. So Active Directory

has been around since 2000. It's not new in 2008 but there have been some changes to it. Now, one thing that is changed in Active Directory 2008, let's consider this little guy down here. We said he was in Australia. He can be a Read-Only Controller; that's RODC you will see that called. Read-Only Domain Controller means he's distant from us, he's across a little bit less-reliable network, whatever the reason. We want to push information to him and so he has all the Active Directory information but he never really replicates information back to us. But this is a great way to push this information out. Now, with all these computers out there now, our clients can begin to logon from anywhere on the network and they connect to their closest Domain Controller and if that Domain Controller is down, for example, if this machine tried to connect to this Domain Controller, it would look on the network and see there's another Domain Controller and connect over here. So the more Domain Controllers we have, in essence the better our fault tolerance is. So that, in a nutshell, is Active Directory. It is simply a database that is replicated around between our Domain Controllers to keep up with permissions and a list of users, computers, printers, files and then all the associated permissions around those things. So when we say we logon to the network, what we're actually doing is we are connecting to a Domain Controller and then that Domain Controller is checking our user name and password against the database to determine exactly what can we do on the network. First of all, should we be on the network, did we give it a valid user name and password and then once we do that, then it begins to check and see, OK, what exactly can this user access, what do they have permissions to do on this network. Now, one thing you need to understand. When I add a Windows Server 2008 Server onto the network, it is just a bare-bones box. It's not an Active Directory Domain Controller. The Active Directory Domain Controller is a role in Windows Server 2008 and in one of the upcoming videos, I'll actually show you how to make a server a Domain Controller. So that's a quick overview of what Active Directory is, what we do with it and so we will build on that in the next few videos.

Active Directory is a special-purpose database it is not a registry replacement. The directory is designed to handle a large number of read and search operations and a significantly smaller number of changes and updates. Active Directory data is hierarchical, replicated, and extensible. Because it is replicated, you do not want to store dynamic data, such as corporate stock prices or CPU performance. If your data is machine-specific, store the data in the registry. Typical examples of data stored in the directory include printer queue data, user contact data, and network/computer configuration data. The Active Directory database consists of objects and attributes. Objects and attribute definitions are stored in the Active Directory schema. You may be wondering what objects are currently stored in Active Directory. In Windows 2000, Active Directory has three partitions. These are also known as naming contexts: domain, schema, and configuration. The domain partition contains users, groups, contacts, computers, organizational units, and many other object types. Because Active Directory is extensible, you can also add your own classes and/or attributes. The schema partition contains classes and attribute definitions. The configuration partition includes configuration data for services, partitions, and sites. The following screen shot shows the Active Directory domain partition.

Active Directory Domain Services


Purpose

Microsoft Active Directory Domain Services are the foundation for distributed networks built on Windows 2000 Server, Windows Server 2003 and Microsoft Windows Server 2008 operating systems that use domain controllers. Active Directory Domain Services provide secure, structured, hierarchical data storage for objects in a network such as users, computers, printers, and services. Active Directory Domain Services provide support for locating and working with these objects. This guide provides an overview of Active Directory Domain Services and sample code for basic tasks, such as searching for objects and reading properties, to more advanced tasks such as service publication. Windows 2000 Server and later operating systems provide a user interface for users and administrators to work with the objects and data in Active Directory Domain Services. This guide describes how to extend and customize that user interface. It also describes how to extend Active Directory Domain Services by defining new object classes and attributes.

Where applicable
Network administrators write scripts and applications that access Active Directory Domain Services to automate common administrative tasks, such as adding users and groups, managing printers, and setting permissions for network resources. Independent software vendors and end-user developers can use Active Directory Domain Services programming to directory-enable their products and applications. Services can publish themselves in Active Directory Domain Services; clients can use Active Directory Domain Services to find services, and both can use Active Directory Domain Services to locate and work with other objects on a network.

Developer audience
Applications that access data in Active Directory Domain Services can be written using the Active Directory Service Interfaces API, Lightweight Directory Access Protocol API, or the System.DirectoryServices namespace.

Run-time requirements
Active Directory Domain Services run on Windows 2000 and later domain controllers. However, client applications can be written for and run on Windows Vista, Windows Server 2003, Windows XP, Windows 2000, Windows NT 4.0, Windows 98, and Windows 95.

"The File Classification Infrastructure (FCI) is a new Windows Server


technology included within the File Server Role. FCI is available with Windows Server

2008 R2. FCI is used to:1. Define file classification properties.2. Define automatic classification policies, rules, and triggers.3. Develop custom extensions."

File Management tasks is a new feature within the FSRM console. File Management tasks can be run out of the box on a Windows Server 2008
R2 system, to either expire classified files that meet a certain criteria, by moving these files to a designated folder location, or to perform a custom task. This can be a handy tool to automatically move files that have not been accessed in an extended period of time. Or, in the case of sensitive data, such as files that might contain passwords, this tool can be used to create a custom script to move the classified files to a designated, secured folder, and leave a link or note in the original location to instruct any users on how to regain access to that file. Of course, this logic would need to be created by an administrator because this functionality is not included out of the box. As an example, to create a new File Management Task to move files that have not been accessed in over a year, perform the following steps on a Windows Server 2008 R2 system with the FSRM service and tool installed: 1. Log on to a Windows Server 2008 R2 system with the FSRM service and tool installed, with an account with administrative rights. 2. Click Start, click All Programs, click Administrative Tools, and select Server Manager. 3. Expand Roles, expand File Services, expand Share and Storage Management, and double-click on the File Server Resource Manager node beneath it. 4. Double-click File Management Tasks node beneath the File Server Resource Manager node. 5. In the Actions pane, click the Create File Management Task link to start the process. 6. In the Create File Management Task window, on the General tab, type in a task name of Move Data not accessed in 1 year and enter a description as desired. 7. In the Scope section, click the Add button to locate and add the folder, folders, or volumes to this task. 8. Click on the Action tab and for action type, choose File Expiration, and in the expiration directory, type or browse to a volume and folder location to where the files that meet this criteria should be moved. 9. Click on the Notification tab and click the Add button to add notifications to users and administrators so they can be notified of when particular files will be considered expired and moved to the expiration directory. 10. Back in the Create File Management Task window, click on the Condition tab and check the Day Since File Was Last Accessed check box and enter a value of 365. 11. In the Effective Starting section, enter the date that files will actually begin expiration; this date should be more than the amount of days included in any notification.

12. Click on the Schedule tab, click the Create button and create a new schedule. Click OK until the windows are closed to complete the creation of the file management task. Depending on the date chosen for the effective date, a pop-up might open stating that the effective date must be pushed forward to ensure that users are notified in advance before their data is moved. Once the task is completed, it will run on the designated schedule and will begin notifying administrators and users when files will be moved. One important point to consider is that once a file is expired and moved, there will be no indication of where or when that file was moved when users go to the original location of the expired file. Much more can be done with file management tasks, including performing custom actions on files that have been previously classified, and it is recommend that any organization wanting to leverage this new File Classification Infrastructure test it thoroughly on copied data in an isolated lab network. Source of Information : Sams - Windows Server 2008 R2 Unleashed (2010)