Active DirectoryMaryam Izadi

Topics CoveredNT Vs 2000/2003Active DirectoryLDAPMMC

NT VS Win-2000 / 2003Peer Peer NetworkDomain Based NetworkPDC and BDCDomain Controllers and Additional Domain Controllers

Introduction to Active Directory ServicesActive Directory is the directory service included in Windows 2000/2003 Server. It stores information about objects on a network and makes this information available to users and network administrators. Active Directory gives network users access to permitted resources anywhere on the network using a single logon process. It provides network administrators a single point of administration for all network objects.

Introduction to Active Directory ServicesCompletely integrated with Microsoft Windows 2000/2003 ServerIntegrates the Internet concept of namespace with the operating systems directory serviceAllows a single point of administration for all published resources

Global CatalogThe global catalog is the central repository of information about objects in a domain tree or forest.The global catalog is a service as well as a physical storage location that contains a replica of selected attributes of every object in the Active Directory store.By default, the first domain controller is a global catalog server.Additional domain controllers can also be designated as global catalog servers by using the Active Directory Sites And Services snap-in.

Namespace

Defining a Namespace ArchitectureRoot domainFirst-layer domainsSecond-layer domains

Protocol SupportWe all use directories of one sort or another every time we use the Internet or our own intranetsLDAP is an extensible, vendor-independent, network protocol standard -- it supports hardware, software, and network heterogeneity An LDAP-based directory supports any type of dataLDAP is the Active Directory core protocol.Active Directory services supports remote procedure call (RPC) interfaces that support Messaging Application Programming Interface (MAPI) interfaces.The Active Directory information model is derived from the X.500 information model.

Understanding Active Directory Components The core unit of logical structure in Active Directory is the domain

ForestA forest is a grouping or hierarchical arrangement of one or more separate, completely independent domain trees

TreesA tree is a grouping or hierarchical arrangement of one or more Windows 2000/2003 domains that you create by adding one or more child domains to an existing parent domain.

OU (Organizational Unit)An OU is a container of objects such as user accounts, groups, computers, printers, applications, file shares, and other OUs from the same domain

Adding or Creating a Domain ControllerIf you add a domain controller to an existing domain, you create a peer domain controller.If you create the first domain controller for a new domain, you are creating not only the domain controller but also a new domain.

The Active Directory DatabaseThe database is a file named Ntds.dit, which is the directory for the new domain.The default location for the database and the database log files is %systemroot%\Ntds, although you can specify a different location.The database contains all the information stores in the Active Directory store.The Ntds.dit file is a database that contains the entire schema, the global catalog, and all the objects stored on that domain controller.

Domain ModesMixed modeNative mode

Locating Objects

Managing Active Directory PermissionsUse Active Directory permissions to determine who has the permissions to gain access to the object and what type of access is allowed.The object type determines which permissions you can select.Permissions inheritance minimizes the number of times you need to assign permissions for objects.

MMC (Microsoft Management Console)Microsoft Management Console (MMC) hosts administrative tools that you can use to administer networks, computers, services, and other system components.Create custom MMCs to meet your administrative requirements Creating custom MMCs allows you to perform most administrative tasks with one MMC.Combine snap-ins that you use together to perform common administrative tasks.You do not have to switch between different programs or MMC files because all of the snap-ins that you need to use are located in the same MMC file.

Questions?