By Rashid Khan Lesson 6-Building a Directory Service.

by Rashid Khan

Lesson 6-Building a Directory ServiceLesson 6-Building a Directory Service

by Rashid Khan

OverviewOverview• Understand Novell Directory

Services.• Describe Windows 2000 Active

Directory.• Understand the network’s

directories.

by Rashid Khan

Understand Novell DirectoryUnderstand Novell DirectoryServices Services

• The Novell Directory Services (NDS) is an integral database component of Novell NetWare.

• The NDS works along with components like the

NetWare Administrator (NWAdmin) and ConsoleOne to manage the Novell network.

• The NDS stores information about users, groups, and resources in a database called Directory.

by Rashid Khan

• The NDS manages and organizes the network’s resources, and assigns attributes to each of the objects such as users, groups, and servers.

• NDS organizes data about every object and verifies their assigned access rights to control objects availability to a user.


by Rashid Khan

• It also contains information about the location, characteristics, and authorized users for every resource on a NetWare network.

• The default location for storing items for general use, when logging in to the network, is the public drive (Z:).


by Rashid Khan

• NDS structure.• Object naming.


by Rashid Khan

NDS Structure NDS Structure • NDS provides NetWare the ability to create

a unified network with a single point for accessing and administering access to networked objects.

• Every resource on the NDS must be provided with a unique identifier for it to locate any object.

• The NDS maintains information about each resource as well as the service provided by it on the network.

by Rashid Khan

NDS Structure NDS Structure • The information is separated into

descriptive categories, called properties of the object and the values.

• The NDS structure is similar to the Microsoft DOS structure.

by Rashid Khan

NDS Structure NDS Structure • Objects• Properties• Values

by Rashid Khan

Objects Objects • The [Root] object, the container

object, and the leaf object are the types of NDS objects.

• NDS objects help organize objects in the NDS tree into logical groupings.

• Logical grouping enables a user to create one login procedure and assign the same to a larger number of objects.

by Rashid Khan

Objects Objects [Root] object:

– The [Root] object is the highest object in a network’s organization.

– It is a special object, and can be created only during the original network software installation.

– A NDS Directory can have only one [Root] object.

by Rashid Khan

Objects Objects [Root] object (continued):

– The [Root] object cannot be moved, renamed, or deleted, and it has no properties.

– The [Root] object can have trustees and rights on other objects.

– It should hold one or more Country objects, Alias objects, or the Organization objects.

by Rashid Khan

Objects Objects

Container object:

– Container objects are special storage locations,

where objects are placed for administrative

purposes.

– The container helps group resource objects for

access or assigning rights.

by Rashid Khan

Container object (continued):– A container object is referred to as a

parent object if it contains other objects.– Country object, Organization object, and

Organizational Unit object are the three special container objects.

Objects Objects

by Rashid Khan

Objects Objects Container object (continued):

– Country (C) object - It holds a valid two-character country abbreviation, and exists directly below the [Root] object.

– Organizational Unit (OU) object – It is placed below the Organization container object, and helps organize the lower levels of an organization.

by Rashid Khan

Objects Objects Container object (continued):

– Each Directory tree must have at least one Organization (O) container object.

– The Organization (O) container object contains the leaf object and the Alias object.

– Organization container objects cannot contain additional Organization container objects.

by Rashid Khan

Objects Objects Leaf object:

– A network’s lowest-level resources and services are referred to as leaf objects.

– A leaf object represents an individual resource or service available on the network.

by Rashid Khan

Properties Properties • The different properties associated

with an object determine the class of that object.

• NDS determines the properties that each object should possess.

by Rashid Khan

Values Values • The pieces of information within the

property fields that describe an object make up the property values of the object.

• Some properties can have their value-required entries for all objects.

by Rashid Khan

Object NamingObject Naming• Network directories consist of multiple

containers, representing numerous combinations of objects based upon their function, geographical location or description.

• Storing objects in multiple containers provides better efficiency and easy administration.

• The NDS provides a single name for every object in the Directory tree.

by Rashid Khan

Object NamingObject Naming• The single name is called an object’s

common name (CN), and the letters CN are called the attribute type abbreviation.

• Users requiring access to network data must make a request to the NDS, which requires a user to provide the correct object name.

by Rashid Khan

Object Naming Object Naming • When NDS receives the request, the

server controlling that object checks its own copy of the Directory to determine whether the user object is valid.

• The NDS locates the requested object and verifies that the user has the permission to perform the required action on that object.

by Rashid Khan

Object Naming Object Naming • NDS objects can have the same common

name.• Identically named objects cannot be

located in the same NDS container, and hence should be stored in different portions of the directory.

• In order to identify such commonly named objects on the NDS tree, it is also essential to know the location of an object.

by Rashid Khan

Object Naming Object Naming • A context specifies an object’s exact

location on the NDS tree.• The context can also be considered

as the name of the parent container of the object.

• A context is a list of all container objects leading from an object to the [Root] object.

by Rashid Khan

Object Naming Object Naming • The current working location of an

object is referred to as the object’s current context.

• The current context is also called the name context.

• The current context is the default container where NDS looks for a resource.

by Rashid Khan

Object Naming Object Naming • Distinguished names.• Typeful names.

by Rashid Khan

Distinguished Names Distinguished Names • An object can also be identified by

providing the exact full context.• The full context is referred to as an

object’s distinguished name.• A distinguished name starts with the

object in question, and identifies each of the container objects in the path to that object.

by Rashid Khan

Distinguished Names Distinguished Names • A distinguished name always begins

with a period.• Periods should also to be used

between each object’s name, and for each successive container object going up the NDS tree.

• Trailing periods are not allowed in distinguished names.

by Rashid Khan

Distinguished Names Distinguished Names Relative distinguished names:

– A relative distinguished name is used to determine the location of an object relative to the current context.

– By default, common names are relative distinguished names.

by Rashid Khan

Relative distinguished names (continued):– Any name that starts without a period is

considered to be a relative distinguished name.

– A trailing period can be used to move up one level in the Directory tree.

Distinguished Names Distinguished Names

by Rashid Khan

Typeful Names Typeful Names

• The ‘CN=’ notation is used with common names to create typeful

names.

• Typeful names help NDS specify an object’s location, thereby

providing faster access.

• Typeful names inform NDS of the different container types and

leaf objects being used, and are used in both distinguished and

relative distinguished names.

• Typeful names are optional.

by Rashid Khan

Typeful Names Typeful Names Typeless names:

– Typeless names provide users the option of leaving the attribute type abbreviations off their entries.

– Typeless names do not include any of the object’s attribute types.

by Rashid Khan

Describe Windows 2000 ActiveDescribe Windows 2000 ActiveDirectoryDirectory

• Active Directory structure.• Installing Active Directory.

by Rashid Khan

Active Directory Structure Active Directory Structure • An Active Directory (AD) allows a user to

access and manage networks from a single login.

• The AD uses a database, which is known as the schema, to keep track of and provide access to all the resources on a network.

• The AD locates network resource objects by their distinct names and potential attributes.

by Rashid Khan

Active Directory Structure Active Directory Structure • Active Directory schema.• Containers.

by Rashid Khan

Active Directory Schema Active Directory Schema • The schema contains a list of the

objects that can be contained in the AD, and the information that can be stored about each object.

• The schema, also called the metadata, is further broken down into the schema class objects and the schema attribute objects.

by Rashid Khan

Active Directory Schema Active Directory Schema • ‘User’ is the default schema class

object included in networks, and it consists of schema attributes such as user logon name, first name, last name, etc.

• The schema divides the database into smaller units to speed up data access and retrieval.

by Rashid Khan

Containers Containers • Container objects are used for

organizing the Active Directory.• Containers help group network

resource objects in a hierarchical parent/child relationship.

• Forest is the largest container object.

by Rashid Khan

Containers Containers Forest object:

– A forest joins multiple domain trees to allow communication or share networked resources with other related trees.

– Trees in a forest share information by using a global catalog.

– Each tree is an independent entity, and can be completely self-administered using its own naming conventions.

by Rashid Khan

Containers Containers Forest object (continued):

– The forest is considered as the boundary of the AD.

– All domain controllers within a forest share the same schema, configuration, and global catalog.

– A forest can contain a single domain and a single tree.

by Rashid Khan

Containers Containers

Tree object:

– The term ‘tree’ is used to indicate a container object

containing multiple domains.

– Each domain is a distinct unit, and joins the tree to

communicate and share its networked resources with other

domains.

– Each domain in a tree is an independent entity and can be

completely self-administered using its own naming convention.

by Rashid Khan


Domain object:

– Domain is the most important container object in

Microsoft’s hierarchical directory services structure as all

AD objects are part of a domain.

– Each domain is capable of controlling the security and

access to each of the objects.

by Rashid Khan

Domain object (continued):– A domain is controlled by a single server

called the domain controller. – Domains can span a wide physical or

geographical area when it is based on the logical relationships within a company.


by Rashid Khan

Containers Containers Organizational Unit (OU) object:

– The OU container helps structure the network to imitate the actual internal organization.

– An OU is used to compartmentalize objects so that they can be effectively administered and access to networked resources can better be controlled.

by Rashid Khan

Installing Active Directory Installing Active Directory

Windows 2000 Configure Your Server window

by Rashid Khan

Installing Active Directory Installing Active Directory The user needs to select the following

options:– Domain Controller for a New Domain

option in the Domain Controller Type window.

– Create a New Domain Tree option n the Create Tree or Child Domain window.

– Create a New Forest of Domain Trees option in the Create or Join Forest window.

by Rashid Khan

Installing Active Directory Installing Active Directory

New Domain Name window

by Rashid Khan

Installing Active Directory Installing Active Directory The user needs to select the following

options (continued):– The Yes, Install and Configure DNS on

the Computer option in the Configure DNS window.

– The Permissions Compatible with Pre-Windows 2000 Servers option in the Permissions window.

by Rashid Khan

Understand the Network’sUnderstand the Network’sDirectories Directories

• Administering the NetWare 6 server.• Creating NetWare users.• Creating NDS objects.• Administering the Windows 2000

Server.• Creating AD objects.

by Rashid Khan

Administering the NetWare Administering the NetWare 6 Server 6 Server

• NDS provides a global database that gives network administrators centralized access to networked information, resources, and services.

• It logically organizes the network resources independent of the physical network configuration, and also dynamically maps an object and its actual physical resource.

by Rashid Khan

Administering the NetWare Administering the NetWare 6 Server 6 Server

• The NDS Directory provides administrators with manageable groupings of objects, thereby providing greater security for the networked resources.

• The Directory is stored on numerous servers, thereby providing fault tolerance.

by Rashid Khan

Creating NetWare Users Creating NetWare Users • Creating users and organizing them

into hierarchical containers makes it easier for an administrator to maintain the network.

• It is also easier for the user to work with networked resources.

by Rashid Khan

Creating NDS Objects Creating NDS Objects

Organizational Unit dialog

box

by Rashid Khan


New Group dialog box

by Rashid Khan


New User button

by Rashid Khan


New User window

by Rashid Khan


New User-Properties

window

by Rashid Khan


Select Objects dialog box

by Rashid Khan

Administering the Windows 2000Administering the Windows 2000Server Server

• The AD provides network administrators with a global database for managing the networked information, resources, and services.

• It also logically organizes networked resources independent of the physical location.

• Users and other networked objects are managed from the server’s console or through remote administration capabilities.

by Rashid Khan

• Appropriate permissions can be set on the Administrative Tools and the consoles to administer the AD and the server respectively.

• A copy of AD is kept on all domain controllers to restore them easily in case of a server failure.

Administering the Windows Administering the Windows 20002000

Server Server

by Rashid Khan

Creating AD Objects Creating AD Objects

Computer Name

Change dialog box

by Rashid Khan


Active Directory Users and Computers

by Rashid Khan


Creating a New User

by Rashid Khan


New Object-User window

by Rashid Khan


Password settings

by Rashid Khan

Summary Summary • Novell Directory Services (NDS) and

NWAdmin help manage the Novell network.

• NDS tracks objects by storing information in the form of properties and values.

• [Root], container, and leaf objects are the three NDS object types.

by Rashid Khan

Summary Summary • An object’s name without a reference

to its position in a network is called its common name (CN).

• An Active Directory is a database that keeps track of and provides access to all the networked resources.

• The NWAdmin or ConsoleOne can be used to create NDS objects.

By Rashid Khan Lesson 6-Building a Directory Service.

Documents

Transcript of By Rashid Khan Lesson 6-Building a Directory Service.