Active Directory Services

1
Active Directory Services
2
Overview of AD Services

• Introduction to Active Directory Services
• Integrated with Windows 2000 Server
• Allows to gain access to a directory service
  seamlessly with Internet/Intranet environment.
• Understanding Active Directory Concepts
• Global Catalog central repository of
  information about objects in a domain.
• Namespace based on DNS naming scheme, Namespace
  is bounded area in which a name can be resolved.
• Extensible Schema formal definition of the
  contents and structure of AD.

3
Understanding AD Concepts

• Understanding Active Directory Concepts
• Naming Conventions
• Distinguished Name (DN)
• Relative Distinguished Name (RDN)
• Globally Unique Identifier (GUID)
• User Principal Name (UPN)
• Active Directory Architecture
• Data Model derived from X.500
• Schema set of object class instances
• Security Model Windows 2000 Trusted Computing
  Base
• Administration Model delegated administration

4
Planning AD Implementation

• Planning a Namespace
• Internal and External Namespaces
• Defining a Namespace Architecture
• Root Domain first domain in name space
  (expedia.com)
• First-layer Domain layer for domain names that
  dont change (north.expedia.com)
• Second-layer Domain layer corresponding
  first-layer domain to benefits child-level domain
  (mas.north.expedia.com)
• Planning Organizational Units
• Creating OU Structure
• Begin with first domain in namespace
• Should be able to facilitate future
  reorganization
• Determine administrator and level of
  administration

5
Planning AD Implementation

• Planning Organizational Units
• OU Design Guidelines
• Create OU to delegate administration.
• Create a logical and meaningful OU structure.
• Create OU to apply security policies.
• Create OU to provide or restrict visibility of
  published resources from certain user.
• Create OU structure that are relatively static.
• Avoid allocating too many child objects to any OU.

6
Planning AD Implementation

• OU Design Guidelines
• Structure the OU Hierarchy
• Administration or Object-Based OUs
• Geographical-Based OUs
• Business Function-Based OUs
• Department-Based OUs
• Project-Based OUs

7
Planning AD Implementation

• Planning a Site
• A site is combination one or more IP subnets
  connected by a high-speed link.
• Combine only those subnets that share fast ( gt
  512 Kbps ), inexpensive, and reliable network
  connections.
• Configure sites so that replication occurs at
  times that will not interfere with network
  performance.

8
Planning AD Implementation
9
Planning AD Implementation

• Planning a Site
• Optimizing Workstation Logon Traffic
• Consider which domain controllers that
  workstation on each subnet should use.
• Optimizing Directory Replication
• Consider where the domain will be located.
• Implement sites in branch offices based on the
  size of the branch office.

10
Implementing AD Services

• The Active Directory Installation Wizard
• Adding a domain controller to an existing domain.
• Creating the first domain controller of a new
  domain.
• Creating a new child domain.
• Creating a new domain tree.
• The Database and Shared System Volume
• The AD Database
• The database is the directory for the new domain.
• By default, the database is stored in
  systemroot\Ntds\ntds.dit.
• Ntds.dit contains all information of AD including
  schema, global catalog and all objects stored on
  that domain controller.

11
Implementing AD Services

• The AD Database
• The Shared System Volume
• Exist in all Windows 2000 domain controllers.
• Stores scripts and some of the group policy
  objects for the current domain as well as the
  enterprise.
• Replication occurs same schedule as AD
  replication.

12
Implementing AD Services

• Domain Modes
• Mixed Mode
• Default mode when first time install Windows
  2000.
• Allows the domain controller to interact with any
  down-level domain controllers.
• Native Mode
• All the domain controllers in the domain run
  Windows 2000 Server.
• Not allow/did not plan to add any down-level
  domain controllers.
• All domains controllers acting as peers no
  domain master.

13
Exercise

• 6-1 Installing Active Directory Services
• 6-2 Joining Server02 to the Domain
• 6-3 Installing and Examining the Contents of
  Adminpak.msi

14
Administering AD Services

• Creating Organizational Units and Their Objects
• Creating Organizational Units
• To delegate administrative control to other users
  or administration.
• To group object that require similar
  administrative tasks.
• To restrict visibility of network resources in
  the AD.
• Adding Objects to Organizational Units
• Computer represent computer on the network
• Contact account that does not have any security
  permissions
• Group contains computers, users, and other
  groups
• Printer printer that has been published in the
  directory
• User Allows a user to Log on to Windows 2000
• Shared Folder network share that has been
  published in the directory

15
Administering AD Services

• Exercise 5 Creating an Organizational Units and
  Its Object

16
Administering AD Services

• Controlling Access to Active Directory Objects
• Managing Active Directory Permissions
• Locating Objects
• Modifying Attribute and Deleting Objects
• Moving Objects
• Permission Inheritance
• Apply permission to an object and sub objects.
• Minimizes number of times you need to assign
  permission for objects.

17
Administering AD Services

• Guidelines for Administering Active Directory
  Services
• Coordinate AD structure with other administrator.
• Complete all attributes of objects that are
  important to your organization.
• Use deny permission sparingly.
• Always ensure at least one user has Full Control
  for each AD object.
• Ensure that delegated users take responsibility .
• Provide training for users who have control of
  objects.

18
Administering AD Services

• Managing Active Directory Objects
• Locating Objects
• Modifying Objects
• Moving Objects
• Exercise 6 Managing Active Directory Objects

19
Active Directory Services