ACTIVE DIRECTORY
AD: Is a centralized database where it contains the information about the objects like users, groups, computers, printers etc.
AD is a centralized hierarchical Directory Database.
AD is a searchable Database.
2003 O/S. when installed (gets installed as a stand alone server) to promoting to D.C. We have to install A.D.
Domain Controller (D.C.)
A server where A.D. is installed is called D.C.
Functionality of A.D.:
Using A.D. we can organize, manage and control resources.
It provides single point of administration.
Purpose of A.D.:
Provides user logon authentication services.
To organize and manage user A/Cs, computers, groups and n/w resources.
Enables authorized users to easily locate n/w resources.
Features of A.D.:
Fully integrated security system with the help of Kerberos.
Easy administration using group policy.
Scalable to any size n/w
Flexible (install/uninstall)
Extensible (modify the schema)
New features in 2003
Rename computer name & Domain names.
Cross –forest trust relationship.
Site-to-Site replication is faster.
Evolution of LDAP:
Earlier we had no database standard; hence TTU & ISO introduced X-500
LDAP (Light Weight Directory Access Protocol): It is an industry standard directory access protocol used for querying and providing communication among the objects in A.D.
It is directory access protocol.
It runs on the port no. 389.
DAP: It is based on OSI model.
LDAP: Is based on TCP/IP model
Installing A.D:
Requirements: Windows 2003 O.S.- A static IP-NTFS partition with 250 MB of free HDD space-DNS (Domain Naming System)
Step1: on 2003 machine
Start > Run> dcpromo>next>next>Select domain controller for a new domain
>Domain in a new forest >next>Specify the domain name (Ex: zoom.com)
>Net bios name (do nothing)>Next>database>next>Sysvol>next>Select middle one>next>Provide pwd>next>Restart - when it prompts
After installing A.D.
Go to
Start>programs> administration tools
We should notice 5 options like ADUC, ADDT, ADSS, DCSP, and DSP
1. Active Directory users and Computers
2. Active Directory domains and trusts
3. Active Directory sites and services
4. Domain control security policy and
5. Domain security policy.
Safe removal of A.D.
>Start >run >dcpromo or dcpromo /safe removal
Forceful removal of A.D.
>Start >run > dcpromo / force removal
Tools used for
Active Directory Domains and Trusts:
.Implementing trusts .Raising domain/forest functional levels .Adding user logon suffixes
Active Directory Sites and Services:
.Configuring intrasite/intersite replication. Configuring global catalog . Creation of sites, site links, subnets. Scheduling replication
Active Directory Users and Computers:
Ø Managing users/groupsØ Managing computers.Ø Managing OUs
Ø Managing Group Policy (Domain Level)
Ø Managing Operations masters.
Ø Raising domain functional level.
Domain controller security policy:
Ø Set account, audit and password policies
Ø Set user rights
Ø Permissions or policies Pertains only to the DC where you set.
Domain security policy:
Ø Set account, audit and password policies
Ø Set user rights
Ø Permissions or policies Pertain to the DC as well as to all the domains within.
Installing ADC (Additional Domain Controller):
Requirements:
D.C.
Static .P.
DNS
Stand-alone or Member Server.
Step1: on Stand alone machine or member server
Ø Specify I.P.
Ø Specify prefer DNS as servers IP.
Ø Start > run >ping server’s IP.
Step2: >start >run >dcpromo>next>next>select ADC for an existing domain
Ø Specify administrator’s name & pwd.
Ø Domain name of DC (eg.zoom.com)
Ø Browse the domain
Ø Next>next> restore pwd.
ADC is a back up for DC
Ø ADC maintains a back up copy of A.D., which will be in read only format.
Ø ADCs provide fault tolerance & load balancing
Ø There can be any no. of ADCs for a DC.
Ø ADCs should be placed and maintained offsite away from the DC.
Ø ADC maintains same domain name.
Verifying whether the server is configured as DC or ADC.
Ø Start>run>cmd>net accounts
Ø For DC we will find “primary”
Ø For ADC we will find “Backup”
ACTIVE DIRECTORY COMPONENTS
LOGICAL STRUCTURE
PHYSICAL STRUCTURE
Domains
Trees
Forest
Organizational units
Sites
Domain controllers
\
A D. Components:
Logical structure is useful for organizing the network.
Logical components cannot be seen
Physical structure is useful for representing our organization for developing the organizational structure.
It reflects the organization (mirrors)
Physical structure can be seen. Ex. Site – India, US, UK etc.
TREE:
A tree is a group of domains which share contiguous name space.
If more than one domain exits we can combine the multiple domains into hierarchical tree structures.
The first domain created is the root domain of the first tree.
Additional domains in the same domain tree are child domains.
A domain immediately above another domain in the same domain tree is its parent.
FOREST:
Multiple domain trees within a single forest do not form a contiguous namespace. i.e. they have non-contiguous DNS domain names
Although trees in a forest do not share a name space, a forest does have a single root domain, called the forest root domain
The forest root domain is, by definition, the first domain created in the forest.
The two forest wide predefined groups – Enterprise.
Administrators and schema administrators reside in this domain.
Physical structure
SITES:
Site is a combination of TCP/IP, subnets, connected with high-speed links.
Sites provide replication
There are 2 types of replications
Intrasite replication
Intersite replication
Intrasite Replication: It is a replication with in the same site. It offers full time replication between DC & ADC when they are within the same site.
Intersite Replication: It is a replication between two different sites.
Intersite replication is implemented when the sites are away from each other.
-It requires a site link
-Site link is a logical connection between sites, which can be created & scheduled.
-Site link offers communication only at scheduled intervals.
Implementing sites:
Forceful replication:
On DC
Start >programs> admin tools > ADSS > expand sites > default first site>servers
>Expand DC server > NTDS settings >right click on automatically generated>replicate now>ok.
Repeat the same for DC & ADC
Creating a site:
Open ADSS>Right click on sites>New site>Site name (e.g. UK, US)
Select default site link>Ok
Moving ADC into another site:
Select ADC>Right click on ADC>Select move>Select site.
Creating a Site link:
Expand inter site transports>Right click on IP>Select new site link
Link name (ex. Link US –UK)
Scheduling a site link:
Expand inter site transport>IP>Double click on site link>Change schedule
Click on replication not available>set the timings>click on replication available.
KCC: (Knowledge Consistency Checker): It is a service of A.D., which is responsible for intimating, or updating the changes made either in DC or ADC.
Active Directory is saved in a file called NTDS.DIT
C:\windows\ntds\ntds.dit
Safe removal of A.D.
>Start >run >dcpromo or dcpromo /safe removal
Forceful removal of A.D.
>Start >run > dcpromo / force removal
Tools used for
Active Directory Domains and Trusts:
.Implementing trusts .Raising domain/forest functional levels .Adding user logon suffixes
Active Directory Sites and Services:
.Configuring intrasite/intersite replication. Configuring global catalog . Creation of sites, site links, subnets. Scheduling replication
Active Directory Users and Computers:
Ø Managing users/groupsØ Managing computers.Ø Managing OUs
Ø Managing Group Policy (Domain Level)
Ø Managing Operations masters.
Ø Raising domain functional level.
Domain controller security policy:
Ø Set account, audit and password policies
Ø Set user rights
Ø Permissions or policies Pertains only to the DC where you set.
Domain security policy:
Ø Set account, audit and password policies
Ø Set user rights
Ø Permissions or policies Pertain to the DC as well as to all the domains within.
Installing ADC (Additional Domain Controller):
Requirements:
D.C.
Static .P.
DNS
Stand-alone or Member Server.
Step1: on Stand alone machine or member server
Ø Specify I.P.
Ø Specify prefer DNS as servers IP.
Ø Start > run >ping server’s IP.
Step2: >start >run >dcpromo>next>next>select ADC for an existing domain
Ø Specify administrator’s name & pwd.
Ø Domain name of DC (eg.zoom.com)
Ø Browse the domain
Ø Next>next> restore pwd.
ADC is a back up for DC
Ø ADC maintains a back up copy of A.D., which will be in read only format.
Ø ADCs provide fault tolerance & load balancing
Ø There can be any no. of ADCs for a DC.
Ø ADCs should be placed and maintained offsite away from the DC.
Ø ADC maintains same domain name.
Verifying whether the server is configured as DC or ADC.
Ø Start>run>cmd>net accounts
Ø For DC we will find “primary”
Ø For ADC we will find “Backup”
ACTIVE DIRECTORY COMPONENTS
LOGICAL STRUCTURE
PHYSICAL STRUCTURE
Domains
Trees
Forest
Organizational units
Sites
Domain controllers
\
A D. Components:
Logical structure is useful for organizing the network.
Logical components cannot be seen
Physical structure is useful for representing our organization for developing the organizational structure.
It reflects the organization (mirrors)
Physical structure can be seen. Ex. Site – India, US, UK etc.
TREE:
A tree is a group of domains which share contiguous name space.
If more than one domain exits we can combine the multiple domains into hierarchical tree structures.
The first domain created is the root domain of the first tree.
Additional domains in the same domain tree are child domains.
A domain immediately above another domain in the same domain tree is its parent.
FOREST:
Multiple domain trees within a single forest do not form a contiguous namespace. i.e. they have non-contiguous DNS domain names
Although trees in a forest do not share a name space, a forest does have a single root domain, called the forest root domain
The forest root domain is, by definition, the first domain created in the forest.
The two forest wide predefined groups – Enterprise.
Administrators and schema administrators reside in this domain.
Physical structure
SITES:
Site is a combination of TCP/IP, subnets, connected with high-speed links.
Sites provide replication
There are 2 types of replications
Intrasite replication
Intersite replication
Intrasite Replication: It is a replication with in the same site. It offers full time replication between DC & ADC when they are within the same site.
Intersite Replication: It is a replication between two different sites.
Intersite replication is implemented when the sites are away from each other.
-It requires a site link
-Site link is a logical connection between sites, which can be created & scheduled.
-Site link offers communication only at scheduled intervals.
Implementing sites:
Forceful replication:
On DC
Start >programs> admin tools > ADSS > expand sites > default first site>servers
>Expand DC server > NTDS settings >right click on automatically generated>replicate now>ok.
Repeat the same for DC & ADC
Creating a site:
Open ADSS>Right click on sites>New site>Site name (e.g. UK, US)
Select default site link>Ok
Moving ADC into another site:
Select ADC>Right click on ADC>Select move>Select site.
Creating a Site link:
Expand inter site transports>Right click on IP>Select new site link
Link name (ex. Link US –UK)
Scheduling a site link:
Expand inter site transport>IP>Double click on site link>Change schedule
Click on replication not available>set the timings>click on replication available.
KCC: (Knowledge Consistency Checker): It is a service of A.D., which is responsible for intimating, or updating the changes made either in DC or ADC.
Active Directory is saved in a file called NTDS.DIT
C:\windows\ntds\ntds.dit
No comments:
Post a Comment