IMPLEMENTING ACTIVE DIRECTORY - PowerPoint PPT Presentation

About This Presentation
Title:

IMPLEMENTING ACTIVE DIRECTORY

Description:

chapter 2 implementing active directory – PowerPoint PPT presentation

Number of Views:182
Avg rating:3.0/5.0
Slides: 22
Provided by: JimK107
Category:

less

Transcript and Presenter's Notes

Title: IMPLEMENTING ACTIVE DIRECTORY


1
IMPLEMENTING ACTIVE DIRECTORY
  • Chapter 2

2
REQUIREMENTS FOR ACTIVE DIRECTORY
  • Microsoft Windows Server 2003 (Standard,
    Enterprise, Datacenter)
  • Cannot use Web Edition for Active Directory
  • Access as a local administrator
  • NT file system (NTFS) partition for Sysvol
  • 200 MB minimum free space
  • Transmission Control Protocol/Internet Protocol
    (TCP/IP)
  • Domain Name System (DNS) to host service location
    (SRV) resource records

3
ACTIVE DIRECTORY INSTALLATION PROCESS
  • Complete pre-installation tasks
  • Plan and test before you install in a production
    environment

4
ACTIVE DIRECTORY INSTALLATION
  • Dcpromo or Manage Your Server
  • If already a domain controller, Dcpromo allows
    you to remove Active Directory
  • Operating system compatibility issues
  • Microsoft Windows 95
  • Microsoft Windows NT 4, Service Pack 3

5
ACTIVE DIRECTORY INSTALLATION WIZARD OPTIONS
  • Domain Controller type
  • Domain controller for a new domain
  • Replica domain controller
  • Install in a new or existing forest?
  • Install in a new or existing domain tree?
  • Use the appropriate names
  • Domain Name System (DNS)
  • Fully Qualified Domain Name (FQDN)
  • NetBIOS

6
ACTIVE DIRECTORY INSTALLATION WIZARD OPTIONS
  • Database and Log Folders
  • Shared System Volume (Sysvol)
  • systemroot\NTDS
  • NTFS required

7
ACTIVE DIRECTORY INSTALLATION WIZARD OPTIONS
8
DNS REGISTRATION AND DIAGNOSTICS
  • If DNS is not detected, you can choose to
    automatically install and configure. Otherwise,
    you must manually install and configure.
  • SRV resource records required
  • Dynamic updates highly recommended
  • Incremental zone transfers recommended

9
PERMISSIONS
  • PreWindows 2000
  • Windows Server 2003

10
ACTIVE DIRECTORY INSTALLATION WIZARD OPTIONS
  • Directory Services Restore Mode Administrator
    password
  • Password used to enter Directory Services Restore
    Mode
  • Required for Active Directory maintenance
  • Completing the Active Directory installation
  • Confirm your configuration
  • Restart your new domain controller

11
VERIFY AND FINALIZE DNS
  • Application Directory partition creation
  • DomainDNSZones
  • ForestDNSZones
  • Automatically created when Active Directory
    Integrated DNS is used
  • Can be managed only by Enterprise Admins
  • Aging and scavenging options
  • Forward lookup zones and SRV resource records

12
DNS UPDATES AND RECORD STORAGE
  • Dynamic updates
  • Secure only
  • Nonsecure and secure
  • None
  • Store the zone in Active Directory, named Active
    Directoryintegrated
  • Reverse lookup zones

13
REPLICA DOMAIN CONTROLLER
  • Provides load balancing and fault tolerance
  • If one domain controller fails, there is another
    holding the Active Directory records
  • Clients can use either domain controller for
    authentication
  • DNS fault tolerance
  • If Active Directoryintegrated, the records are
    automatically copied to other domain controllers
  • If not Active Directoryintegrated, you can use a
    secondary zone for fault tolerance of records

14
REPLICA DOMAIN CONTROLLER
  • DNS load balancing
  • Install DNS service on additional server
  • Configure client computer to use the new server
    as their Preferred DNS server

15
SCHEMA MODIFICATION
  • Some applications modify the schema
  • Examples include e-mail programs, backup
    programs, and directory integration software
  • Must be a member of Schema Admins to install
    these applications or to manually modify the
    schema
  • Schema changes trigger replication to all domain
    controllers in the forest
  • Default system classes cannot be modified
  • Class and attribute changes cannot be removed,
    but can be deactivated

16
RAISING DOMAIN AND FOREST FUNCTIONAL LEVELS
  • Once complete, cannot be undone without a
    reinstall
  • Each domain functional level can be raised
    independently of other domains
  • Forest functional levels can be raised only when
    all domains are at Windows 2000 native or higher
  • Domain Admins membership required to raise domain
    functional level
  • Enterprise Admins membership required to raise
    forest functional level

17
ESTABLISHING AND MAINTAINING TRUSTS
  • Shortcut trust
  • Used to improve resource access
  • Reduces the length of the trust path
  • Transitive
  • Cross-forest trust
  • Initially one-way can create two one-way trusts
    to provide access in either direction
  • Available only to Windows Server 2003 forests
  • Transitive

18
ESTABLISHING AND MAINTAINING TRUST
  • External
  • Can be used for Windows NT Server 4.0 and
    Windows 2000 domain trusts
  • Not transitive
  • Realm
  • Used between third-party Kerberos implementations
  • Not transitive

19
MANAGING TRUSTS
  • Verifying trusts
  • Active Directory Domains And Trusts
  • netdom trust domain1 /dcontoso /verify
  • Revoking trust relationships
  • Active Directory Domains And Trusts
  • netdom trust domain1 /dcontoso /remove

20
USER PRINCIPAL NAMES
  • Allows users to log on without specifying a
    domain separately
  • Can be the users e-mail address
  • By default, the User Principal Name (UPN) suffix
    is the same as the forest root domain name
  • Can add UPN suffix in Active Directory Domains
    And Trusts
  • Can modify UPN on a per-user basis

21
SUMMARY
  • Active Directory requires DNS and SRV resource
    record support
  • Verifying Active Directory installation
  • Active Directory partitions
  • Schema modification and replication
  • Forest and domain functional levels
  • Trust types Shortcut, cross-forest, external,
    realm
Write a Comment
User Comments (0)
About PowerShow.com