Windows Administration

Active Directory Domain Services

Borislav Varadinov

Telerik Software Academy

academy.telerik.com

System Administratorbobi@itp.bg

Table of Contents Domains and Forests Objects Sites and Replication Operation Masters

2

3

Active Directory

Domains and Forests

What is a Domain Controller?

Manages the Active Directory Objects and Database

Responds to security authentication requests

Replicates information from other domain controllers

Provides information for various network resources

Can be Writable or Read Only

4

User Pass

John P@sswOrd

Jane 12345

AD DB

OBJECT

What is a Domain?

5

ADDB

ADDB

ADDB

Boundary of Replication Boundary of Administration Boundary of DNS Namespace

Replication

MyCorporation.local

What is a Forest?

All Domains in a Forest share:

Schema

Configuration

Global Catalog The forest is also considered as a

security boundary 6

BeraXo.local

USA.BeraXo.local

BeraXoConsultancy.org

Schema Attributes

Username

Description

Location

Classes User

Computer

Contact

7

Username

Password

Address

Email

User

Contact

Name

Naming Contexts and Partitions Schema

Definitions of object classes and attributes

Replicated to all DCs in the forest

Configuration

AD Structure (domains, sites, etc.)

Replicated to all DCs in the forest

Domain

Domain specific objects (users, groups, computers, and OUs)

Replicated to all DCs in a domain

Application Partitions8

Global Catalog Partial Replica of all Objects

in the Forest Configurable subset of Attributes Fast Forest-wide searches Required at Logon for Universal

Group Membership Win2k3 – Universal Group Caching

9

Trusts

10

BeraXo.local

USA.BeraXo.local

PartnerCorp.local

External or Forest

Provides access to resources located on a domain in a separate forest

Trust options Direction Transitivity

Child

Type

Parent/Child

External

Forest

Shortcut

Realm

Active Directory and DNS

The DNS Service is an essential part of Active Directory Active Directory cannot work

without DNS Service (Even on a single server)

Active Directory and DNS share identical domain name

Domain Controller locator process rely on DNS

DNS Service can store its data in Active Directory 11

Active Directory Integrated DNS Zone

SRV Records to locate services LDAP

Kerberos

Other

Active Directory-integrated DNS DDNS for Dynamic Update

Single replication topology

Multi-master replication

Secure Dynamic update12

Protocols and Technologies

LDAP Kerberos NTLM RPC DNS

13

DSA

LDAP

NTLMKerber

osDNS

RPC

Replication

Windows OS

Extensible Storage Engine

Active Directory

Objects

Domain Users

15

John

Domain Groups Type

Security

Distribution

Scope Domain Local

Global

Universal

16

HR Department

John Bill Kelly

Domain Computers

17

Organizational Units Containers within

Domains

Organizes users, groups and other objects

Represents departments or geographic regions

Main uses:

Organization

Delegation

Policies18

Users

SalesIT

Domain Security Principles Users

Groups Computers Built-in Security Groups

Administrators

Backup Operators

Users

Power Users

Print Operators19

Active Directory

Sites and Replication

Active Directory Sites What is a Site?

A set of well-connected IP subnets

Site Usage Locating Services

Replication

Group Policy Application

Sites are connected with Site Links Connects two or more sites

21

Site Usage (Location Services)

22

Site Usage (Replication)

23

Multi-Master Replication

Conflict resolution Operation Masters

24

Operation Master

Operation Master What is an Operation Master? Why we need Operation Masters?

26

Operation Masters Forest-Wide

Schema Master

Domain Naming Master

Domain-Wide Primary Domain Controller (PDC)

Relative Identifier (RID)

Infrastructure Master

27

Schema Master Performs updates to schema Sends updates to all DCs One per forest Default is the first DC installed

28

Domain Naming Master Performs add/remove of domains and cross-references to external DS

One per forest Default is the first DC installed

29

Install Active Directory Dcpromo DNS Management Tools

30

форум програмиране, форум уеб дизайнкурсове и уроци по програмиране, уеб дизайн – безплатно

програмиране за деца – безплатни курсове и уроцибезплатен SEO курс - оптимизация за търсачки

уроци по уеб дизайн, HTML, CSS, JavaScript, Photoshop

уроци по програмиране и уеб дизайн за ученициASP.NET MVC курс – HTML, SQL, C#, .NET, ASP.NET MVC

безплатен курс "Разработка на софтуер в cloud среда"

BG Coder - онлайн състезателна система - online judge

курсове и уроци по програмиране, книги – безплатно от Наков

безплатен курс "Качествен програмен код"

алго академия – състезателно програмиране, състезания

ASP.NET курс - уеб програмиране, бази данни, C#, .NET, ASP.NETкурсове и уроци по програмиране – Телерик академия

курс мобилни приложения с iPhone, Android, WP7, PhoneGap

free C# book, безплатна книга C#, книга Java, книга C#Дончо Минков - сайт за програмиранеНиколай Костов - блог за програмиранеC# курс, програмиране, безплатно

?

? ? ??

?? ?

?

?

?

??

?

?

? ?

Questions?

?

Active Directory Domain Services

http://academy.telerik.com

Free Trainings @ Telerik Academy

"Web Design with HTML 5, CSS 3 and JavaScript" course @ Telerik Academy html5course.telerik.com

Telerik Software Academy academy.telerik.com

Telerik Academy @ Facebook facebook.com/TelerikAcademy

Telerik Software Academy Forums forums.academy.telerik.com