11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
-
Upload
eileen-lamb -
Category
Documents
-
view
232 -
download
1
Transcript of 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
![Page 1: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/1.jpg)
11
REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
Chapter 1
![Page 2: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/2.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 2
OVERVIEW
Describe the function of directory services on a Microsoft Windows Server 2003 network.
Differentiate between the physical and logical components of the Active Directory directory service.
Understand the elements involved in planning an Active Directory implementation.
Determine the appropriate placement of global catalog servers.
Determine where universal group membership caching should be implemented.
![Page 3: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/3.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 3
UNDERSTANDING THE ROLE OF DIRECTORY SERVICES
Forms core of network
Stores information about computers, applications, services, and users
Builds upon the version of Active Directory in Windows 2000 Server, but the two cannot coexist in the same forest
![Page 4: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/4.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 4
UNDERSTANDING THE LOGICAL COMPONENTS OF ACTIVE DIRECTORY
Domains
Trees
Forests
Organizational units
![Page 5: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/5.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 5
DOMAINS
Primary mechanism of grouping users, computers, and services together
Provide an administrative boundary within Active Directory
Can comprise one or more physical locations
![Page 6: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/6.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 6
TREES
![Page 7: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/7.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 7
FORESTS
![Page 8: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/8.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 8
ORGANIZATIONAL UNITS
![Page 9: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/9.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 9
DOMAIN AND FOREST FUNCTIONAL LEVELS
Provide a way to enable certain features of Active Directory on a per-domain or forest-wide basis
Can be raised, provided all domain controllers in the domain or forest support the higher level
![Page 10: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/10.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 10
DOMAIN FUNCTIONAL LEVELS
Windows 2000 Mixed (default)
Windows 2000 Native
Windows Server 2003 Interim
Windows Server 2003
![Page 11: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/11.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 11
FOREST FUNCTIONAL LEVELS
Windows 2000 (default)
Windows Server 2003 Interim
Windows Server 2003
![Page 12: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/12.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 12
UNDERSTANDING THE PHYSICAL COMPONENTS OF ACTIVE DIRECTORY
Sites
Domain controllers
![Page 13: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/13.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 13
SITES
Collections of one or more well-connected IP subnets
Allow authentication and replication traffic to be managed
![Page 14: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/14.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 14
DOMAIN CONTROLLERS
Physical storage locations for Active Directory databases
Can be any systems running Windows 2000 Server or Window Server 2003
Use multimaster replication
![Page 15: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/15.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 15
INSTALLING ACTIVE DIRECTORY
Using the Active Directory Installation Wizard
Using an answer file to perform an unattended installation
Using the network or backup media
Using the Configure Your Server Wizard
![Page 16: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/16.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 16
INSTALLING ACTIVE DIRECTORY BY USING THE ACTIVE DIRECTORY INSTALLATION WIZARD
![Page 17: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/17.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 17
INSTALLING ACTIVE DIRECTORY BY USING AN ANSWER FILE
![Page 18: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/18.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 18
INSTALLING ACTIVE DIRECTORY BY USING THE NETWORK OR BACKUP MEDIA
Allows a member server to become a domain controller by the restore of Active Directory data
Useful in scenarios in which large amounts of replication traffic cannot be accommodated
![Page 19: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/19.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 19
INSTALLING ACTIVE DIRECTORY BY USING THE CONFIGURE YOUR SERVER WIZARD
![Page 20: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/20.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 20
DEPLOYING GLOBAL CATALOG SERVERS
The global catalog stores information about all Active Directory objects from all domains in a single forest.
Windows Server 2003 creates one global catalog server automatically when Active Directory is installed.
At least one additional global catalog server should be configured for fault tolerance.
Placement of global catalog servers requires careful planning.
![Page 21: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/21.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 21
CONFIGURING GLOBAL CATALOG SERVERS
![Page 22: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/22.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 22
UNDERSTANDING UNIVERSAL GROUP MEMBERSHIP CACHING
Helps to reduce the number of universal group membership queries that must be forwarded across a WAN link
Provides flexibility for the placement of global catalog servers
Implemented on a site-by-site basis
![Page 23: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/23.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 23
IMPLEMENTING UNIVERSAL GROUP MEMBERSHIP CACHING
Disabled by default
Once enabled, applies to the entire site
Configured by using Active Directory Sites and Services
![Page 24: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/24.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 24
SUMMARY
Logical components of Active Directory include domains, trees, forests, and organizational units.
A domain is a security and administrative boundary. Users on a Windows Server 2003 network authenticate at the domain level.
A tree is a group of one or more domains that share transitive trust relationships.
A forest is a group of one or more trees that share a single root domain, a schema, and a global catalog.
In Windows Server 2003, domains operate at one of four different functional levels.
![Page 25: 11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.](https://reader035.fdocuments.net/reader035/viewer/2022062407/56649ddd5503460f94ad54a4/html5/thumbnails/25.jpg)
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS 25
SUMMARY (CONTINUED)
Windows Server 2003 introduces the three forest functional levels.
Physical components of Active Directory include sites and domain controllers.
Domain controllers host a copy of the Active Directory database and can be used to authenticate logons.
The deployment of global catalog servers throughout an Active Directory site infrastructure requires careful planning.
Windows Server 2003 introduces a new feature known as universal group membership caching.