Overview of Active Directory Domain Services Lesson 1

Overview of Active Directory Domain Services Lesson 1

Chapter Objectives • Identify Active Directory functions and Benefits. • Identify the major components that make up an Active Directory structure. • Identify how DNS relates to Active Directory. • Identify Forest and Domain Functional Levels.

Active Directory • A directory service that uses the “tree” concept for managing resources on a Windows network. • Stores information about the network resources and services, such as user data, printer, servers, databases, groups, computers, and security policies. • Identifies all resources on a network and makes them accessible to users and applications.

Active Directory • Used in: – Windows 2000 – Windows Server 2003 – Windows Server 2008 • Subsequent versions of Active Directory have introduced new functionality and security features.

Active Directory • Windows Server 2008 provides two directory services: – Active Directory Domain Services (AD DS) – Active Directory Lightweight Directory Services (AD LDS)

Domain Controller (DC) • Server that stores the Active Directory database and authenticates users with the network during logon. • Stores database information in a file called ntds. dit. • Active Directory is a multimaster database. – Information is automatically replicated between multiple domain controllers.

Read-Only Domain Controller (RODC) • Introduced with Windows Server 2008. • A domain controller that contains a copy of the ntds. dit file that cannot be modified and that does not replicate its changes to other domain controllers with Active Directory.

Active Directory Functions and Benefits • • Centralized resource and security administration. Single logon for access to global resources. Fault tolerance and redundancy. Simplified resource location.

Active Directory Components • Forests – One or more domain trees, with each tree having its own unique name space. • Domain trees – One or more domains with contiguous name space. • Domains – A logical unit of computers and network resources that defines a security boundary. • Organization Units (OUs): A container that represents a logical grouping of resources

Active Directory Components ITMT 2302 – Window Server 2008 Active Directory Configuration 10

Active Directory Schema • Defines the properties (attributes) associated within each object stored within Active Directory – User has different properties, which has different properties than a group, which has different properties of a computer.

Active Directory Schema • Some of these common attributes are as follows: – Unique name – Globally unique identifier (GUID) – Required object attributes – Optional object attributes

Active Directory Naming Standard • Example: – cn=JSmith, ou=sales, dc=lucernepublishing, dc=com

Domain Name System (DNS) • Provides name resolution for a TPC/IP network. • Active Directory requires DNS as the default name resolution method. • Example Resource Records (RR): – Host (A) – Host name to IP. – Pointer (PTR) – IP to Host name. – Service (SRV) – Locator service for LDAP/Domain controllers services.

Functional Levels • Allows interoperability with prior versions of Microsoft Windows. • Higher levels of functional level will not allow older versions of Windows to function but will additional functionality or features. • Raising functional level is a one-way process.

Domain Functional Levels

Forest Functional Levels

Trust Relationships • Active Directory uses trust relationships to allow access between multiple domains and/or forests, either within a single forest or across multiple enterprise networks. • A trust relationship allows administrators from a particular domain to grant access to their domain’s resources to users in other domains.

Trust Relationships • When a child domain is created, it automatically receives a two-way transitive trust with its parent domain. • Trusts are transitive: If domain A trusts domain B And domain B trusts C Then domain A trusts domain C

Trust Relationships External trust Shortcut trust Cross Forest trust 20

Chapter Summary • Active Directory is a database of objects that are used to organize resources according to a logical plan. – These objects include containers such as domains and OUs in addition to resources such as users, computers, and printers. • The Active Directory schema includes definitions of all objects and attributes within a single forest. – Each forest maintains its own Active Directory schema.

Chapter Summary • Active Directory requires DNS to support SRV records. – Microsoft recommends that DNS support dynamic updates.

Chapter Summary • Domain and forest functional levels are new features of Windows Server 2008. – The levels defined for each of these are based on the type of server operating systems that are required by the Active Directory design. – The Windows Server 2003 forest functional level is the highest functional level available and includes support for all Windows Server 2003 features.

Chapter Summary • Two-way transitive trusts are automatically generated within the Active Directory domain structure. – Parent and child domains form the trust path by which all domains in the forest can traverse to locate resources. – The ISTG is responsible for this process.

Chapter Summary • Cross-forest trusts are new to Windows Server 2003, and they are only available when the forest functionality is set to Windows Server 2003. – They must be manually created and maintained.