Windows 2000 Operating System -- Active Directory Service - PowerPoint PPT Presentation

About This Presentation
Title:

Windows 2000 Operating System -- Active Directory Service

Description:

automatic setup will report incompatibility, some application have different ... Services (NDS) and the Novell ZenWorks software family have also made many ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 22
Provided by: hor77
Category:

less

Transcript and Presenter's Notes

Title: Windows 2000 Operating System -- Active Directory Service


1
Windows 2000 Operating System -- Active
Directory Service
  • COSC 516
  • Yuan YAO
  • 08/29/2000

2
Windows 2000 Included Products
  • Windows 2000 Professional
  • Windows 2000 Server
  • Windows 2000 Advanced Server
  • Windows 2000 Datacenter Server
  • Windows NT 4.0 Workstation
  • Windows NT 4.0 Server
  • Windows NT 4.0 Enterprise

3
Upgrade to Windows 2000
  • 95 2000
  • automatic setup will report incompatibility,
    some application have different components for
    two
  • 98 2000
  • tricky due to lots of hardware and software
    compatibility problems
  • NT 4.0 2000
  • easier but not without problems

4
What to expect if you
  • are on the road (Remote users)
  • work at home (Home office users)
  • run a small business (Small business)
  • run a larger network (Medium-size and large
    enterprise)
  • provide internet services (Service provider)

5
Active Directory Service
  • A true hierarchical, distributed directory
    service for managing resources across an
    enterprise or extranet.

6
ADS Terminology
  • Directory and Directory Services
  • Directory is an information store.
  • Directory Services are a directory itself as well
    as the services it provides, such as security and
    replication.
  • Workgroup and Domain
  • A Windows 2000 workgroup is a logical grouping of
    networked computers that share resources, such as
    files and printers, and maintain a local security
    database, which is a list of user accounts and
    resource security information for the computer it
    is on.
  • A Windows 2000 domain is a logical grouping of
    networked computers that share a central
    directory database, which contains user accounts
    and security information for the domain.

7
ADS Terminology
  • Domain Tree and Forest
  • A domain tree refers to a hierarchical grouping
    of domains that share a contiguous namespace, a
    common schema, and a common global catalog.
  • A domain forest is a collection of two or more
    domain trees that do not share a contiguous
    namespace, but do share common schema and global
    catalog.
  • Namespace
  • A collection of unique domain names.

8
ADS Terminology
  • Object and Organizational unit
  • An object is a representation of a network
    resource, including users, computers, printers,
    and so forth.
  • Organizational unit is an object that can hold
    other objects.
  • Multimaster replication
  • The process by which Active Directory domains
    replicate with each other and resolve conflicting
    updates.
  • Lightweight Directory Access Protocol (LDAP)
  • An Internet standard by which Active Directory
    clients and servers communicate.

9
Do you need Directory Service ?
  • A central database that keeps track of every
    resource and user in an enterprise-wide network.
  • If you don't need a full directory service yet,
    you should get ready by practicing the discipline
    of using a consistent naming scheme.

10
Importance of Directories
  • Become the points of reference for applications
    and user services.
  • Provide single sign-on.
  • Become increasingly important as business
    networks expand to include connections with
    business partners and customers.

11
Existing Directory Services
  • Bull, Computer Associates, Hewlett-Packard, IBM,
    Tivoli, and Unisys have offered directory
    solutions. But hefty price tags and lack of
    interoperability have limited their adoption.
  • Active Directory brings a big buzz.
  • Novell Directory Services (NDS) and the Novell
    ZenWorks software family have also made many
    administrators aware of the importance of
    directory services.

12
What is a hierarchical namespace?
13
Scalability Comparison
  • Active Directory Service partitions can hold
    millions of objects and use indexed data stores
  • Novell Domain Service partitions are limited to
    1,000 objects
  • NT 4 Domain Service can only provide limited
    scalability, one NT 4 server stores the entire
    domain database

14
Transitive Kerberos Trusts
  • If domain A trusts domain B, and domain B trusts
    domain C, then domain A trusts domain C and vice
    versa.
  • Trusts give user and group rights to traverse
    domains and are essential for single sign-on.
  • It reduces the complexity of maintenance.

15
A Distributed Directory Service
  • Directory servers are typically distributed
    across a network so that they are easily
    reachable by clients and servers.
  • Data relationships and naming
  • Replication
  • Caching

16
Data Relationships Naming
  • For NT 4, administrative authority could only
    delegate to the domain level.
  • ADS gives the administrative authority down to
    the Organizational Unit level.
  • For NDS, user rights to other domain objects or
    common resources can be assigned to an
    Organizational Unit.
  • For ADS, rights must always be configured for
    individual users and groups.

17
Replication
  • Domain Controller, a server that contains
    directory information and responds to database
    requests or routing requests for resources.
  • NT 4's Primary and Backup Domain Controllers have
    been replaced in 2000 by a peer model. Any server
    can be promoted to AD domain controller status.
  • Multimaster Replication replicates changes made
    to any single controller to all other controllers.

18
Caching
  • To improve response time for directory queries,
    directory servers can save a copy of frequently
    requested directory service information locally
    in Global Catalog (GC)

19
Migrating to Active Directory
  • Domains to Active Directory
  • Requires extensive planning and testing
  • NDS to ADS
  • No good reasons to switch to Active Directory,
    unless plan to abandon NetWare completely. Better
    create a test-bed first.

20
Domain Modes
  • Mixed Mode
  • Allows the domain controllers to interactive with
    any domain controllers running previous versions
    of Win 2000 Server.
  • Native Mode
  • All the domains are integrated with Active
    Directory, and all Windows NT 4 domain
    controllers are upgraded to Windows 2000 Server

21
Mixed Mode to Native Mode
  • Upgrade all domain controllers.
  • Reconfigure the domains by using Active Directory
    Migration Tool or FastLane, etc.
  • Several points
  • Support for down-level replication ceases.
  • Can no longer add new down-level domain
    controllers to the domain.
  • No more primary domain controller, all domain
    controllers are peers.
  • The change is one way only.
Write a Comment
User Comments (0)
About PowerShow.com