Post on 13-Dec-2015
by Rashid Khan
Lesson 6-Building a Directory ServiceLesson 6-Building a Directory Service
by Rashid Khan
OverviewOverview• Understand Novell Directory
Services.• Describe Windows 2000 Active
Directory.• Understand the network’s
directories.
by Rashid Khan
Understand Novell DirectoryUnderstand Novell DirectoryServices Services
• The Novell Directory Services (NDS) is an integral database component of Novell NetWare.
• The NDS works along with components like the
NetWare Administrator (NWAdmin) and ConsoleOne to manage the Novell network.
• The NDS stores information about users, groups, and resources in a database called Directory.
by Rashid Khan
• The NDS manages and organizes the network’s resources, and assigns attributes to each of the objects such as users, groups, and servers.
• NDS organizes data about every object and verifies their assigned access rights to control objects availability to a user.
Understand Novell DirectoryUnderstand Novell DirectoryServices Services
by Rashid Khan
• It also contains information about the location, characteristics, and authorized users for every resource on a NetWare network.
• The default location for storing items for general use, when logging in to the network, is the public drive (Z:).
Understand Novell DirectoryUnderstand Novell DirectoryServices Services
by Rashid Khan
• NDS structure.• Object naming.
Understand Novell DirectoryUnderstand Novell DirectoryServices Services
by Rashid Khan
NDS Structure NDS Structure • NDS provides NetWare the ability to create
a unified network with a single point for accessing and administering access to networked objects.
• Every resource on the NDS must be provided with a unique identifier for it to locate any object.
• The NDS maintains information about each resource as well as the service provided by it on the network.
by Rashid Khan
NDS Structure NDS Structure • The information is separated into
descriptive categories, called properties of the object and the values.
• The NDS structure is similar to the Microsoft DOS structure.
by Rashid Khan
NDS Structure NDS Structure • Objects• Properties• Values
by Rashid Khan
Objects Objects • The [Root] object, the container
object, and the leaf object are the types of NDS objects.
• NDS objects help organize objects in the NDS tree into logical groupings.
• Logical grouping enables a user to create one login procedure and assign the same to a larger number of objects.
by Rashid Khan
Objects Objects [Root] object:
– The [Root] object is the highest object in a network’s organization.
– It is a special object, and can be created only during the original network software installation.
– A NDS Directory can have only one [Root] object.
by Rashid Khan
Objects Objects [Root] object (continued):
– The [Root] object cannot be moved, renamed, or deleted, and it has no properties.
– The [Root] object can have trustees and rights on other objects.
– It should hold one or more Country objects, Alias objects, or the Organization objects.
by Rashid Khan
Objects Objects
Container object:
– Container objects are special storage locations,
where objects are placed for administrative
purposes.
– The container helps group resource objects for
access or assigning rights.
by Rashid Khan
Container object (continued):– A container object is referred to as a
parent object if it contains other objects.– Country object, Organization object, and
Organizational Unit object are the three special container objects.
Objects Objects
by Rashid Khan
Objects Objects Container object (continued):
– Country (C) object - It holds a valid two-character country abbreviation, and exists directly below the [Root] object.
– Organizational Unit (OU) object – It is placed below the Organization container object, and helps organize the lower levels of an organization.
by Rashid Khan
Objects Objects Container object (continued):
– Each Directory tree must have at least one Organization (O) container object.
– The Organization (O) container object contains the leaf object and the Alias object.
– Organization container objects cannot contain additional Organization container objects.
by Rashid Khan
Objects Objects Leaf object:
– A network’s lowest-level resources and services are referred to as leaf objects.
– A leaf object represents an individual resource or service available on the network.
by Rashid Khan
Properties Properties • The different properties associated
with an object determine the class of that object.
• NDS determines the properties that each object should possess.
by Rashid Khan
Values Values • The pieces of information within the
property fields that describe an object make up the property values of the object.
• Some properties can have their value-required entries for all objects.
by Rashid Khan
Object NamingObject Naming• Network directories consist of multiple
containers, representing numerous combinations of objects based upon their function, geographical location or description.
• Storing objects in multiple containers provides better efficiency and easy administration.
• The NDS provides a single name for every object in the Directory tree.
by Rashid Khan
Object NamingObject Naming• The single name is called an object’s
common name (CN), and the letters CN are called the attribute type abbreviation.
• Users requiring access to network data must make a request to the NDS, which requires a user to provide the correct object name.
by Rashid Khan
Object Naming Object Naming • When NDS receives the request, the
server controlling that object checks its own copy of the Directory to determine whether the user object is valid.
• The NDS locates the requested object and verifies that the user has the permission to perform the required action on that object.
by Rashid Khan
Object Naming Object Naming • NDS objects can have the same common
name.• Identically named objects cannot be
located in the same NDS container, and hence should be stored in different portions of the directory.
• In order to identify such commonly named objects on the NDS tree, it is also essential to know the location of an object.
by Rashid Khan
Object Naming Object Naming • A context specifies an object’s exact
location on the NDS tree.• The context can also be considered
as the name of the parent container of the object.
• A context is a list of all container objects leading from an object to the [Root] object.
by Rashid Khan
Object Naming Object Naming • The current working location of an
object is referred to as the object’s current context.
• The current context is also called the name context.
• The current context is the default container where NDS looks for a resource.
by Rashid Khan
Object Naming Object Naming • Distinguished names.• Typeful names.
by Rashid Khan
Distinguished Names Distinguished Names • An object can also be identified by
providing the exact full context.• The full context is referred to as an
object’s distinguished name.• A distinguished name starts with the
object in question, and identifies each of the container objects in the path to that object.
by Rashid Khan
Distinguished Names Distinguished Names • A distinguished name always begins
with a period.• Periods should also to be used
between each object’s name, and for each successive container object going up the NDS tree.
• Trailing periods are not allowed in distinguished names.
by Rashid Khan
Distinguished Names Distinguished Names Relative distinguished names:
– A relative distinguished name is used to determine the location of an object relative to the current context.
– By default, common names are relative distinguished names.
by Rashid Khan
Relative distinguished names (continued):– Any name that starts without a period is
considered to be a relative distinguished name.
– A trailing period can be used to move up one level in the Directory tree.
Distinguished Names Distinguished Names
by Rashid Khan
Typeful Names Typeful Names
• The ‘CN=’ notation is used with common names to create typeful
names.
• Typeful names help NDS specify an object’s location, thereby
providing faster access.
• Typeful names inform NDS of the different container types and
leaf objects being used, and are used in both distinguished and
relative distinguished names.
• Typeful names are optional.
by Rashid Khan
Typeful Names Typeful Names Typeless names:
– Typeless names provide users the option of leaving the attribute type abbreviations off their entries.
– Typeless names do not include any of the object’s attribute types.
by Rashid Khan
Describe Windows 2000 ActiveDescribe Windows 2000 ActiveDirectoryDirectory
• Active Directory structure.• Installing Active Directory.
by Rashid Khan
Active Directory Structure Active Directory Structure • An Active Directory (AD) allows a user to
access and manage networks from a single login.
• The AD uses a database, which is known as the schema, to keep track of and provide access to all the resources on a network.
• The AD locates network resource objects by their distinct names and potential attributes.
by Rashid Khan
Active Directory Structure Active Directory Structure • Active Directory schema.• Containers.
by Rashid Khan
Active Directory Schema Active Directory Schema • The schema contains a list of the
objects that can be contained in the AD, and the information that can be stored about each object.
• The schema, also called the metadata, is further broken down into the schema class objects and the schema attribute objects.
by Rashid Khan
Active Directory Schema Active Directory Schema • ‘User’ is the default schema class
object included in networks, and it consists of schema attributes such as user logon name, first name, last name, etc.
• The schema divides the database into smaller units to speed up data access and retrieval.
by Rashid Khan
Containers Containers • Container objects are used for
organizing the Active Directory.• Containers help group network
resource objects in a hierarchical parent/child relationship.
• Forest is the largest container object.
by Rashid Khan
Containers Containers Forest object:
– A forest joins multiple domain trees to allow communication or share networked resources with other related trees.
– Trees in a forest share information by using a global catalog.
– Each tree is an independent entity, and can be completely self-administered using its own naming conventions.
by Rashid Khan
Containers Containers Forest object (continued):
– The forest is considered as the boundary of the AD.
– All domain controllers within a forest share the same schema, configuration, and global catalog.
– A forest can contain a single domain and a single tree.
by Rashid Khan
Containers Containers
Tree object:
– The term ‘tree’ is used to indicate a container object
containing multiple domains.
– Each domain is a distinct unit, and joins the tree to
communicate and share its networked resources with other
domains.
– Each domain in a tree is an independent entity and can be
completely self-administered using its own naming convention.
by Rashid Khan
Containers Containers
Domain object:
– Domain is the most important container object in
Microsoft’s hierarchical directory services structure as all
AD objects are part of a domain.
– Each domain is capable of controlling the security and
access to each of the objects.
by Rashid Khan
Domain object (continued):– A domain is controlled by a single server
called the domain controller. – Domains can span a wide physical or
geographical area when it is based on the logical relationships within a company.
Containers Containers
by Rashid Khan
Containers Containers Organizational Unit (OU) object:
– The OU container helps structure the network to imitate the actual internal organization.
– An OU is used to compartmentalize objects so that they can be effectively administered and access to networked resources can better be controlled.
by Rashid Khan
Installing Active Directory Installing Active Directory
Windows 2000 Configure Your Server window
by Rashid Khan
Installing Active Directory Installing Active Directory The user needs to select the following
options:– Domain Controller for a New Domain
option in the Domain Controller Type window.
– Create a New Domain Tree option n the Create Tree or Child Domain window.
– Create a New Forest of Domain Trees option in the Create or Join Forest window.
by Rashid Khan
Installing Active Directory Installing Active Directory
New Domain Name window
by Rashid Khan
Installing Active Directory Installing Active Directory The user needs to select the following
options (continued):– The Yes, Install and Configure DNS on
the Computer option in the Configure DNS window.
– The Permissions Compatible with Pre-Windows 2000 Servers option in the Permissions window.
by Rashid Khan
Understand the Network’sUnderstand the Network’sDirectories Directories
• Administering the NetWare 6 server.• Creating NetWare users.• Creating NDS objects.• Administering the Windows 2000
Server.• Creating AD objects.
by Rashid Khan
Administering the NetWare Administering the NetWare 6 Server 6 Server
• NDS provides a global database that gives network administrators centralized access to networked information, resources, and services.
• It logically organizes the network resources independent of the physical network configuration, and also dynamically maps an object and its actual physical resource.
by Rashid Khan
Administering the NetWare Administering the NetWare 6 Server 6 Server
• The NDS Directory provides administrators with manageable groupings of objects, thereby providing greater security for the networked resources.
• The Directory is stored on numerous servers, thereby providing fault tolerance.
by Rashid Khan
Creating NetWare Users Creating NetWare Users • Creating users and organizing them
into hierarchical containers makes it easier for an administrator to maintain the network.
• It is also easier for the user to work with networked resources.
by Rashid Khan
Creating NDS Objects Creating NDS Objects
Organizational Unit dialog
box
by Rashid Khan
Creating NDS Objects Creating NDS Objects
New Group dialog box
by Rashid Khan
Creating NDS Objects Creating NDS Objects
New User button
by Rashid Khan
Creating NDS Objects Creating NDS Objects
New User window
by Rashid Khan
Creating NDS Objects Creating NDS Objects
New User-Properties
window
by Rashid Khan
Creating NDS Objects Creating NDS Objects
Select Objects dialog box
by Rashid Khan
Administering the Windows 2000Administering the Windows 2000Server Server
• The AD provides network administrators with a global database for managing the networked information, resources, and services.
• It also logically organizes networked resources independent of the physical location.
• Users and other networked objects are managed from the server’s console or through remote administration capabilities.
by Rashid Khan
• Appropriate permissions can be set on the Administrative Tools and the consoles to administer the AD and the server respectively.
• A copy of AD is kept on all domain controllers to restore them easily in case of a server failure.
Administering the Windows Administering the Windows 20002000
Server Server
by Rashid Khan
Creating AD Objects Creating AD Objects
Computer Name
Change dialog box
by Rashid Khan
Creating AD Objects Creating AD Objects
Active Directory Users and Computers
by Rashid Khan
Creating AD Objects Creating AD Objects
Creating a New User
by Rashid Khan
Creating AD Objects Creating AD Objects
New Object-User window
by Rashid Khan
Creating AD Objects Creating AD Objects
Password settings
by Rashid Khan
Summary Summary • Novell Directory Services (NDS) and
NWAdmin help manage the Novell network.
• NDS tracks objects by storing information in the form of properties and values.
• [Root], container, and leaf objects are the three NDS object types.
by Rashid Khan
Summary Summary • An object’s name without a reference
to its position in a network is called its common name (CN).
• An Active Directory is a database that keeps track of and provides access to all the networked resources.
• The NWAdmin or ConsoleOne can be used to create NDS objects.