Introduction to Active Directory Directory Services - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

Introduction to Active Directory Directory Services

Description:

Exchange information with any application or. directory that uses LDAP or HTTP. 8 ... A practical limit to the number of objects in a domain is 1 million. 15 ... – PowerPoint PPT presentation

Number of Views:282
Avg rating:3.0/5.0
Slides: 33
Provided by: MicrosoftC146
Category:

less

Transcript and Presenter's Notes

Title: Introduction to Active Directory Directory Services


1
Introduction to Active Directory Directory
Services
  • Uniquely identify users and resources on a
    network
  • Provide a single point of network management

2
What Are Active Directory Directory Services?
  • The directory service included with Microsoft
    Windows 2000 Server products
  • A directory service is a network service.
  • A directory service identifies all resources on a
    network.
  • A directory service makes all resources available.

3
What Are Active Directory Directory Services?
(continued)
  • Active Directory directory services include the
    Directory.
  • The Directory stores information about network
    resources.
  • Resources stored in the Directory are referred to
    as objects.

4
Simplified Administration
  • Active Directory directory services organize
    resources hierarchically in domains.
  • A domain is a logical grouping of servers
    andother network resources under a single domain
    name.
  • A domain is the basic unit of replication and
    security.
  • A domain includes at least one domain controller.

5
Simplified Administration (continued)
  • Active Directory directory services provide
  • A single point of administration for all objects
    on the network
  • A single point of logon for all network resources

6
Scalability
  • The Directory stores information by organizing
    itselfinto sections that permit storage for a
    huge number of objects.
  • The Directory can expand to meet the needs of
  • Small installations with one server and a few
    hundred objects.
  • Huge installations with hundreds of servers and
    millions of objects.

7
Open Standards Support
  • Active Directory directory services
  • Integrate the Internet concepts of a
    namespacewith the Windows 2000 directory service
  • Allow you to unify and manage multiple namespaces
  • Use DNS for its name system
  • Exchange information with any application
    ordirectory that uses LDAP or HTTP

8
Domain Name System
  • DNS is the domain naming and locator service for
    Active Directory.
  • Windows 2000 domain names are also DNS names.
  • Windows 2000 Server uses dynamic DNS (DDNS).
  • Clients can update the DNS table dynamically.
  • DDNS eliminates the need for other naming
    services.

9
Support for LDAP and HTTP
  • LDAP is an Internet standard for accessing
    directory services.
  • HTTP is the standard protocol for displaying
    pages on the World Wide Web.
  • You can display every object in Active Directory
    as an HTML page in a Web browser.

10
Support for Standard Name Formats
RFC 822 somename_at_domain.com
HTTP URL http//domain/path-to-page
UNC \\microsoft.com\xl\budget.xls
LDAP URL LDAP//someserver.microsoft.com/CNFirstnameLastname,OUsys,OUproduct,OUdivision,DCdevel
11
Logical Structure
  • The logical structure is separate from the
    physical structure.
  • Organize resources in a logical structure.
  • Find a resource by its name rather than its
    physical location.
  • The networks physical structure is transparent
    to the users.

12
Objects
13
Organizational Units
14
Domain
  • The domain is the core unit of logical structure.
  • All network objects exist within a domain.
  • A domain stores information about only the
    objects that it contains.
  • A practical limit to the number of objects in a
    domain is 1 million.

15
A Domain Is a Security Boundary
  • Access to domain objects is controlled by ACLs.
  • ACLs contain the permission associated with
    objects.
  • ACLs control which users can gain access to an
    object.
  • ACLs control which type of access users can gain
    to the objects.
  • Security policies and settings do not cross from
    one domain to another.
  • A domain administrator has absolute rights to set
    policies only within that domain.

16
Tree
  • A tree is a grouping of one or more Windows 2000
    domains.
  • All domains within a single tree share a
    contiguous namespace.
  • The domain name of a child domain is the relative
    nameof that child domain appended with the name
    of the parent domain.
  • All domains within a single tree share a common
    schema.
  • All domains within a single tree share a common
    global catalog.

17
Forest
  • A forest is a grouping of one or more domain
    trees.
  • The trees in a forest form a disjointed
    namespace.
  • All trees in a forest share a common schema.
  • Trees in a forest have different naming
    structures.
  • All domains in a forest share a common global
    catalog.
  • Domains in a forest operate independently.

18
Sites
  • The physical structure is based on sites.
  • A site is a combination of one or more IP
    subnets.
  • Typically a site has the same boundaries as a
    LAN.
  • Sites are not part of the logical namespace.
  • Sites contain computer objects and connection
    objects.

19
Replication Within a Site
  • The Active Directory directory services include a
    replication feature.
  • Replication ensures that changes to a domain
    controllerare reflected by all domain
    controllers within a domain.

20
Functions of Domain Controllers in a Domain
  • Store a complete copy of all Active Directory
    information
  • Replicate all objects in the domain to each other
    automatically
  • Replicate certain important updates immediately
  • Use multimaster replication
  • Provide fault tolerance
  • Manage all aspects of user domain interactions

21
Ring Topology for Replication
22
Schema
  • Contains a formal definition of the contents
    andstructure of Active Directory directory
    services
  • Defines attributes for each object class

23
Default Schema
  • Created by installing Active Directory on first
    computer in a new forest
  • Contains definitions of commonly used objects and
    properties
  • Contains definitions of objects and properties
    used by Active Directory

24
Extensible Schema
  • You can define new directory object types and
    attributes.
  • You can define new attributes for existing
    objects.
  • You can extend the schema
  • By using LDAP Data Interchange Format (LDIF)
    scripts.
  • Programmatically or by using the Active Directory
    Services Interface (ADSI).
  • By using the Active Directory Schema snap-in.
  • The schema is stored in the global catalog and
    can be updated dynamically.

25
Global Catalog
26
Global Catalog Servers
  • Installing Active Directory on the first computer
    in a newforest makes that domain controller a
    global catalog server.
  • The Active Directory Sites and Services snap-in
    allows you to designate additional global catalog
    servers.
  • More global catalog servers means more
    replication traffic.
  • More global catalog servers can provide quicker
    responses.
  • Every major site should have a global catalog
    server.

27
Namespace
28
Naming Conventions
  • Every object in Active Directory is identified by
    a name.
  • Active Directory uses a variety of naming
    conventions.

29
Distinguished Name
  • Every object has a distinguished name (DN).
  • The DN uniquely identifies the object.
  • The DN contains sufficient information for a
    client to retrieve the object.
  • The DN includes the name of the domain that holds
    the object.
  • The DN includes the complete path to the object.

30
Relative Distinguished Name
31
Globally Unique Identifier
  • A globally unique identifier (GUID) is a 128-bit
    number that is guaranteed to be unique.
  • GUIDs are assigned when the object is created.
  • The GUID for an object never changes.
  • Applications use GUIDs to retrieve objects
    regardless of current DNs.

32
User Principal Name
  • User accounts have a friendly name, the user
    principal name (UPN).
  • The UPN is composed of the shorthand name for the
    user account and the DNS name of the tree where
    the user account object resides.
Write a Comment
User Comments (0)
About PowerShow.com