Overview of Active Directory Domain Services

Similar documents
IT ACADEMY LESSON PLAN. Microsoft Windows Server Active Directory

Managing an Active Directory Infrastructure

Managing an Active Directory Infrastructure O BJECTIVES

The Windows Server 2003 Environment. Introduction. Computer Roles. Introduction to Administering Accounts and Resources. Lab 2

Introduction to Active Directory Services

How to install Small Business Server 2003 in an existing Active

Installation of MicroSoft Active Directory

ILTA HAND 6B. Upgrading and Deploying. Windows Server In the Legal Environment

Module 2: Implementing an Active Directory Forest and Domain Structure

LDAP Server Configuration Example

Windows Server 2003 Service Pack 1 (SP1) or later service packs Enhanced version of Ntdsutil.exe

Module 1: Introduction to Active Directory Infrastructure

How to Install the Active Directory Domain Services (AD DS) Role in Windows Server 2008 R2 and Promote a Server to a Domain Controller

How To Install And Configure Windows Server 2003 On A Student Computer

5 Configuring a DNS Infrastructure

Implementing Domain Name Service (DNS)

9. Which is the command used to remove active directory from a domain controller? Answer: Dcpromo /forceremoval

ITCertMaster. Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way!

Windows.NET Beta 3 Active Directory New Features

Network System Management. Creating an Active Directory Domain

Installing Active Directory

Introduction. Versions Used Windows Server 2003

LAB 1: Installing Active Directory Federation Services

Faculty Details. : Assistant Professor ( OG. ),Assistant Professor (OG) Course Details. : B. Tech. Batch : : Information Technology

In the Active Directory Domain Services Window, click Active Directory Domain Services.

How to. Install Active Directory. Server 2003

Chapter 3: Building Your Active Directory Structure Objectives

Migrating Active Directory to Windows Server 2012 R2

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Windows Server 2003 Active Directory: Perspective

Course: WIN310. Student Lab Setup Guide. Summer Microsoft Windows Server 2003 Network Infrastructure (70-291)

Active Directory. By: Kishor Datar 10/25/2007

Configuring Sponsor Authentication

Forests, trees, and domains

Module 2. Configuring and Troubleshooting DNS. Contents:

How the Active Directory Installation Wizard Works

Create, Link, or Edit a GPO with Active Directory Users and Computers

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Microsoft. Official Course. Introduction to Active Directory Domain Services. Module 2

Core Active Directory Administration

How do I install Active Directory on my Windows Server 2003 server?

R4: Configuring Windows Server 2008 Active Directory

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Setting up Active Directory Domain Services

DNS: How it works. DNS: How it works (more or less ) DNS: How it Works. Technical Seminars Spring Paul Semple psemple@rm.

Module 11. Configuring and Managing Distributed File System. Contents:

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

IPBrick - Member of AD domain IPBrick iportalmais

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

SKV PROPOSAL TO CLT FOR ACTIVE DIRECTORY AND DNS IMPLEMENTATION

Course 6425B: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

PassTest. Bessere Qualität, bessere Dienstleistungen!

Active Directory Change Notifier Quick Start Guide

Active Directory Restructuring Recommendations

Module 4: Implementing User, Group, and Computer Accounts

WINDOWS 2000 Training Division, NIC

Troubleshooting Active Directory Server

Active Directory Restoration

istorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering

SHARING FILE SYSTEM RESOURCES

How To Take Advantage Of Active Directory Support In Groupwise 2014

Searching for accepting?

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

StarWind iscsi SAN Software: Using StarWind with MS Cluster on Windows Server 2003

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

LDAP Server Configuration Example

NSi Mobile Installation Guide. Version 6.2

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Planning Domain Controller Capacity

NetIQ Advanced Authentication Framework - MacOS Client

Active Directory integration with CloudByte ElastiStor

Number: Passing Score: 700 Time Limit: 145 min

SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR EROOM

ChangeAuditor 5.8 For Active Directory

Step-by-step installation guide for monitoring untrusted servers using Operations Manager (Part 1 of 3)

Deploying System Center 2012 R2 Configuration Manager

Lesson Plans LabSim for Microsoft s Implementing a Server 2003 Active Directory Infrastructure

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Guide to Securing Microsoft Windows 2000 Active Directory

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

Securing Active Directory Presented by Michael Ivy

Contents Introduction... 3 Introduction to Active Directory Services... 4 Installing and Configuring Active Directory Services...

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

Optimization in a Secure Windows Environment

Microsoft Windows Server 2008 Active Directory, Configuring

ContentWatch Auto Deployment Tool

ChangeAuditor 5.5. For Active Directory Event Reference Guide

4cast Client Specification and Installation

1 Introduction. Windows Server & Client and Active Directory.

Transcription:

Overview of Active Directory Domain Services Unit 1 Microsoft Official Academic Course 70-640: Windows Server 2008 Active Directory Configuration: Chapter 1 Chapter 2

Chapter Objectives 1. Identify Active Directory functions and Benefits. 2. Identify the major components that make up an Active Directory structure. 3. Identify how DNS relates to Active Directory. 4. Identify Forest and Domain Functional Levels.

Directory Service A network service that identifies all resources on a network and makes those resources accessible to users and applications. The most common directory service standards are: X.500 Lightweight Directory Access Protocol (LDAP)

X.500 Uses a hierarchical approach in which objects are organized in a similar way to the files and folders on a hard drive.

Lightweight Directory Access Protocol (LDAP) Industry standard. Slim-down version of X.500 modified to run over the TCP/IP network.

Active Directory A directory service that uses the tree concept for managing resources on a Windows network. Stores information about the network resources and services, such as user data, printer, servers, databases, groups, computers, and security policies. Identifies all resources on a network and makes them accessible to users and applications.

Active Directory Used in: Windows 2000 Windows Server 2003 Windows Server 2008 Subsequent versions of Active Directory have introduced new functionality and security features.

Active Directory Windows Server 2008 provides two directory services: Active Directory Domain Services (AD DS) Active Directory Lightweight Directory Services (AD LDS)

Active Directory Domain Services (AD DS) Provides the full-fledged directory service that is referred to as Active Directory in Windows Server 2008 and previous versions of Windows Server.

Active Director Lightweight Directory Services (AD LDS) Provides a lightweight, flexible directory platform that can be used by Active Directory developers without incurring the overhead of the full-fledged Active Directory DS directory service.

Domain Controller (DC) Server that stores the Active Directory database and authenticates users with the network during logon. Stores database information in a file called ntds.dit. Active Directory is a multimaster database. Information is automatically replicated between multiple domain controllers.

Active Directory Functions and Benefits 1. Centralized resource and security administration. 2. Single logon for access to global resources. 3. Fault tolerance and redundancy. 4. Simplified resource location.

Centralizing Resources and Security Administration Active Directory provides a single point from which administrators can manage network resources and their associates security objects: MMC Consoles found in Administrator Tools: Active Directory Users and Computers Active Directory Sites and Services Active Directory Domains and Trusts ADSI Edit

Fault Tolerance and Redundancy Active Directory uses a multimaster domain controller design. Changes made on one domain controller are replicated to all other domain controllers in the environment. It is recommended to have two or more domain controllers for each domain.

Read-Only Domain Controller (RODC) Introduced with Windows Server 2008. A domain controller that contains a copy of the ntds.dit file that cannot be modified and that does not replicate its changes to other domain controllers with Active Directory.

Simplifying Resource Location Allows file and print resources to be published within Active Directory. Examples include: Shared folders Printers

Active Directory Components Forests: One or more domain trees, with each tree having its own unique name space. Domain trees: One or more domains with contiguous name space. Domains: A logical unit of computers and network resources that defines a security boundary.

Active Directory Components Some of these common attributes are as follows: Unique name Globally unique identifier (GUID) Required object attributes Optional object attributes

Understanding the Schema Defines the objects stored within Active Directory the properties (attributes) associated within each object. User has different properties, which has different properties than a group, which has different properties of a computer.

Active Directory Naming Standard Example: cn=jsmith, ou=sales, dc=lucernepublishing, dc=com

Domain Name System (DNS) Provides name resolution for a TPC/IP network. Active Directory requires DNS as the default name resolution method. Example Resource Records (RR): Host (A) Host name to IP. Pointer (PTR) IP to Host name. Service (SRV) Locator service for LDAP/Domain controllers services.

Functional Levels Allows interoperability with prior versions of Microsoft Windows. Higher levels of functional level will not allow older versions of Windows to function but will add additional functionality or features. Raising functional level is a one-way process.

Domain Functional Levels

Forest Functional Levels

Using Forest Functional Levels To raise the functional level of a forest, you must be logged on as a member of the Enterprise Admins group. The functional level of a forest can be raised only on a server that holds the Schema Master role.

Trust Relationships Active Directory uses trust relationships to allow access between multiple domains and/or forests, either within a single forest or across multiple enterprise networks. A trust relationship allows administrators from a particular domain to grant access to their domain s resources to users in other domains.

Trust Relationships When a child domain is created, it automatically receives a two-way transitive trust with its parent domain. Trusts are transitive: If domain A trusts domain B And domain B trusts C Then domain A trusts domain C

Chapter Summary Active Directory is a database of objects that are used to organize resources according to a logical plan. These objects include containers such as domains and OUs in addition to resources such as users, computers, and printers. The Active Directory schema includes definitions of all objects and attributes within a single forest. Each forest maintains its own Active Directory schema.

Chapter Summary Active Directory requires DNS to support SRV records. Microsoft recommends that DNS support dynamic updates.

Chapter Summary Domain and forest functional levels are new features of Windows Server 2008. The levels defined for each of these are based on the type of server operating systems that are required by the Active Directory design. The Windows Server 2003 forest functional level is the highest functional level available and includes support for all Windows Server 2003 features.

Chapter Summary Two-way transitive trusts are automatically generated within the Active Directory domain structure. Parent and child domains form the trust path by which all domains in the forest can traverse to locate resources. The ISTG is responsible for this process.

Chapter Summary Cross-forest trusts are new to Windows Server 2003, and they are only available when the forest functionality is set to Windows Server 2003. They must be manually created and maintained.

Implementing Active Directory Additional Slides (Chapter 2)

Skills Matrix Technology Skill Objective Domain Objective # Installing a New Active Directory Forest Establishing and Maintaining Trust Relationships Configure a forest or a domain 2.1 Configure trusts 2.2 Configuring Active Directory Lightweight Directory Services Configuring a Read-Only Domain Controller Configure Active Directory Lightweight Directory Services (AD LDS) Configure the Read-Only Domain Controller (RODC) 3.1 3.3

Server Manager Located in Administrative Tools. Can also be accessed by right-clicking My Computer and selecting Manage. Allows you to: Add roles such as DNS server or Active Directory Domain Services role. Perform system diagnostics. Configure system services. Drill down into specific administrative tools.

Server Manager

Requirements for Active Directory 1. A server running Windows Server 2008 Standard Edition, Windows Server 2008 Enterprise Edition, or Windows Server 2008 Datacenter Edition (Full version or Server Core). 2. An administrator account and password on the local machine.

Requirements for Active Directory An NT file system (NTFS) partition for the SYSVOL folder structure. 200 MB minimum free space on the previously mentioned NTFS partition for Active Directory database files. 50 MB minimum free space for the transaction log files. Transmission Control Protocol/Internet Protocol (TCP/IP) must be installed and configured

Requirements for Active Directory An authoritative DNS server for the DNS domain that supports service resource (SRV) records. Recommends to support incremental zone transfers and dynamic updates.

Installing Active Directory To install Active Directory, you will need to first add the Active Directory Domain Services role using Server Manager.

Installing Active Directory

Installing Active Directory The Active Directory Installation Wizard, dcpromo, will guide you through any of the following installation scenarios: Adding a domain controller to an existing environment. Creating an entirely new forest structure. Adding a child domain to an existing domain. Adding a new domain tree to an existing forest. Demoting domain controllers and eventually removing a domain or forest.

Choosing the Deployment Configuration

Post-Installation Tasks Upon completion of the Active Directory installation, you should verify a number of items: Application directory partition creation. Aging and scavenging for zones. Forward lookup zones and SRV records. Reverse lookup zones.

Application Partitions

Aging and Scavenging of DNS Records Aging and scavenging are processes that can be used by Windows Server 2008 DNS to clean up the DNS database after DNS records become stale or out of date. Without this process, the DNS database would require manual maintenance to prevent server performance degradation and potential disk-space issues.

Aging and Scavenging of DNS Records

DNS Records Make sure Forward Lookup zone is created. Make sure Host (A) record is created for your server. Make sure DNS domains are created: _msdcs _sites _tcp _udp

DNS Records

Raising the Domain Functional Level Open Active Directory Domains and Trusts from the Administrative Tools folder. Right-click the domain you wish to raise and select Raise Domain Functional Level.

Raising the Forest Functional Level Open Active Directory Domains and Trusts from the Administrative Tools folder. Right-click the Active Directory Domains and Trusts icon in the console tree and select Raise Forest Functional Level.

Raising the Forest Functional Level If your domains have not all been raised to at least Windows Server 2003, you will receive an error indicating that raising the forest functional level cannot take place yet. If all domains have met the domain functionality criteria of Windows Server 2008, you can click Raise to proceed.

Removing Active Directory Click the Start menu, key dcpromo and then press Enter.

Schema Management Console Some commercial applications such as Microsoft Exchange will modify the schema as a part of their installation process. You can also extend the schema manually using the Active Directory Schema snap-in. To modify the schema manually, you must be a member of the Schema Admins group. The Active Directory Schema snap-in should be installed on the domain controller holding the Schema Master Operations role.

Installing the Schema Management Snap-in From a command prompt, key regsvr32 schmmgmt.dll. Close the Command Prompt window, click Start, and then select Run. Key mmc /a in the dialog box and click OK. Click the File menu and select Add/Remove Snap-in.

Trust Relationship Trust relationships exist to make resource accessibility easier between domains and forests. Many trust relationships are established by default during the creation of the Active Directory forest structure. Trust relationships can be created using the Active Directory Domains and Trusts from the Administrative Tools folder.

Trust Relationships Four trust types can be manually established in Windows Server 2008: 1. Shortcut trusts Used to shorten the tree-walking process for users who require frequent access to resources elsewhere in the forest. 2. Cross-forest trusts Allows you to create two-way transitive trusts between separate forests.

Trust Relationships Four trust types can be manually established in Windows Server 2008: 3. External trusts Used to configure a one-way non-transitive trust. 4. Realm trusts Allows you to configure trust relationships between Windows Server 2008 Active Directory and a UNIX MIT Kerberos realm.

Revoking a Trust Using Netdom Open a command prompt and type the following text: Netdom trust TrustingDomainName /d:trusteddomainname /remove Press Enter. Repeat these steps for the other end of the trust relationship.

User Principal Name (UPN) The name of a system user in an e-mail address format. username@domainname Based on Internet RFC 822.

Changing the Default Suffix for User Principal Names Open Active Directory Domains and Trusts from the Administrative Tools folder. Right-click Active Directory Domains and Trusts and choose Properties. Click the UPN Suffix tab, key the new suffix, and click Add. Key more than one suffix if your forest has more than one tree and then click OK.

Summary Active Directory requires DNS to be installed. DNS does not have to be installed on a Windows Server 2003 machine, but the version of DNS used does need to support SRV records for Active Directory to function. Planning the forest and domain structure should include a checklist that can be referenced for dialog information required by the Active Directory Installation Wizard.

Summary Verification of a solid Active Directory installation includes verifying DNS zones and the creation of SRV records. Additional items, such as reverse lookups, aging, and scavenging, also should be configured. Application directory partitions are automatically created when Active Directory integrated zones are configured in DNS. These partitions allow replica placement within the forest structure.

Summary System classes of the schema cannot be modified, but additional classes can be added. Classes and attributes cannot be deleted, but they can be deactivated. Planning forest and domain functionality is dependent on the need for down-level operating system compatibility. Raising a forest or domain functional level is a procedure that cannot be reversed.

Summary Four types of manual trusts can be created: shortcut, external, cross-forest, and realm trusts. Manual trusts can be created by using Active Directory Domains and Trusts or netdom at a command line.

Summary UPNs provide a mechanism to make access to resources in multiple domains user-friendly. UPNs follow a naming format similar to email addresses. You must be a member of the Enterprise Admins group to add additional suffixes that can be assigned at user object creation.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information