SlideShare a Scribd company logo

Active directory ii

Download as PPT, PDF
D
deshvikas

The document discusses the key components and structures of Active Directory, including partitions, domains, sites, domain controllers, functional levels, and roles. It describes the schema, configuration, and domain partitions that make up the Active Directory database. It also explains trust relationships, trees, and forests in an Active Directory implementation.

Technology
1 of 31
Downloaded 285 times
1
2
3
4
Most read
5
Most read
6
7
Most read
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
ACTIVE DIRECTORY II
Basics of Active Directory in Windows Server 2003 Active Directory partitions Logical structures “Physical” structures Functional levels
Active Directory Partitions
Schema Logical partition in Active Directory database “ Template” for Active Directory database Forms the database structures in which data is stored Object classes Attributes Extensible Dynamic Protected by ACLs (Access Control Lists)- DACLs and SACLs (Discretionary ACLs and System ACLs) One schema per Active Directory forest
Schema Users Servers Attributes of Users might contain: List of attributes accountExpires badPasswordTime mail cAConnect dhcpType eFSPolicy fromServer governsID Name … accountExpires badPasswordTime mail name Attribute Examples: Object Class Examples: Dynamically available, updateable, and protected by DACLs Computers
Configuration Logical partition in Active Directory database “ Map” of Active Directory implementation Contains information used for replication, logon, searches Domains Trust relationships Sites & site links Subnets Domain controller locations
Domains Logical partition in Active Directory database Collections of users, computers, groups, etc. Units of replication Domain controllers in a domain replicate with each other and contain a full copy of the domain partition for their domain Domain controllers do not replicate domain partition information for other domains Windows 2000/WS03 Domain Replication User1 User2 User1 User2
Directory Partitions Configurable Replication Application Domain-wide replication Forest-wide replication (every DC in forest has a replica) All Partitions Together Comprise the Active Directory Database Zoom.com Configuration Schema Contains information about all domain-specific objects created in Active Directory Contains information about Active Directory structure Contains definitions and rules for creating and manipulating all objects and attributes Contains application data ForestDNSZone DomainDNSZone
Logical Structures
Tree One or more domains that share a contiguous DNS namespace, e.g. ZOOM.COM MCSE.ZOOM.COM CCNA.ZOOM.COM
Forest One or more domains that share: Common schema Common configuration Automatic transitive trust relationships Common global catalog Forest can contain from as few as one domain to many domains and/or many trees First domain created is forest root- this cannot be changed without rebuilding the entire forest
Trust Relationship
Trust Relationships Secure communication paths that allow security principals in one domain to be authenticated and accepted in other domains Some trusts are automatically created Parent-child domains trust each other Tree root domains trust forest root domain Other trusts are manually created Forest-to-Forest transitive trust relationships can be created-Windows Server 2003 forests only
Default - two-way- transitive Kerberos trusts (intraforest) Shortcut - one or two-way – transitive Kerberos trusts (intraforest) Reduce authentication requests Forest – one or two-way – transitive Kerberos trusts* *.WS2003 Forests- Windows 2000 does not support forest trusts Only between Forest Roots Creates transitive domain relationships External – one-way – non-transitive NTLM trusts Used to connect to/from Windows NT or external 2000 domains Manually created Realm – one or two-way – non-transitive Kerberos trusts Connect to/from UNIX MIT Kerberos realms Trust Relationships in Windows Server 2003
Trees and Forests Tree Forest External One-Way Non-Transitive Trust Tree Forest Forest Two-Way Transitive Trusts (Forest/Tree Root) contoso.msft nwtraders.msft (Forest/Tree Root) japan. contoso.msft (Child Domain) tailspintoys.msft (Tree Root) japan. nwtraders.msft (Child Domain) china. nwtraders.msft (Child Domain) Windows NT Domain Tree
Functional Levels
Forest and Domain Functional Levels Functional levels determine Supported domain controller operating system Active Directory features available Domain functional levels can be raised independently of one another Raising forest functional level is performed by Enterprise Admin Requires all domains to be at Windows 2000 native or WS03 functional levels
Forest Functional Levels Windows Server 2003 Server family Windows Server 2003 Server family   Windows NT 4.0, Windows Server 2003 Server family Windows Server 2003 Interim Windows NT 4.0, Windows 2000, Windows Server 2003 Server family Windows 2000 (default) Domain Controllers Supported Forest Functional Level
Forest Functional Levels- Features Same as Windows Server 2003 Interim, plus: Schema de-/reactivation Domain rename Forest trust Windows Server 2003 Server Family Same as Windows 2000, plus: LVR replication (Linked Value Replication- new group structuring) Improved ISTG (Inter-Site Topology Generator- generates replication connections) Windows Server 2003 Interim Universal group caching Windows 2000 Features Supported Functional Level
Domain Functional Levels Windows 2000 Mixed Mode- NT4, Windows 2000 or WS03 DCs Domain Controller (Windows 2000) Domain controller (Windows NT 4.0) Domain Controller (Windows Server 2003) Windows 2000 Native Mode- No NT 4 DCs Domain Controller (Windows Server 2003) Domain Controller (Windows 2000)
Domain Functional Levels Windows Server 2003 Interim- No 2000 DCs Domain controller (Windows NT 4.0) Domain Controller (Windows Server 2003) Windows Server 2003 Server Level- All WS03 DCs Domain Controller (Windows Server 2003) Domain Controller (Windows Server 2003)
Domain Functional Levels- Features Same as Windows 2000 Native, plus: Kerberos KDC version numbers Domain Rename Windows 2003 Server Family Same as Windows 2000 mixed, plus: Group nesting and converting Universal security and distribution groups Universal group membership caching SID history Windows 2000 Native/Windows Server 2003 Interim Universal group caching Application directory partitions Windows 2000 mixed Features Supported Functional Level
Physical Components
“Physical” Components of Active Directory Sites Areas of “good” connectivity Single site may contain many domains Single domain may span many sites Domain Controllers Store replicas of the Active Directory database Associated with a given site Site Domain
Sites Subnets are defined and associated with sites Used by domain controllers to determine replication behavior Used by computers to locate close domain controllers for authentication and searches of the directory Chicago Seattle New York Los Angeles IP Subnet Site IP Subnet
Domain Controllers Domain controllers replicate common partitions Every DC in the forest has a replica of schema & configuration partitions Every DC in a domain has a replica of that domain’s domain partition DCs may contain replicas of application partitions
Roles of Active Directory
Roles of a Domain Controller Roles Global Catalog Server Domain Naming Master Schema Master RID Master PDC Emulator Infrastructure Master Operation Masters Forest Wide Roles Domain Wide Roles
Global Catalog Like a telephone book contains limited information about all people and businesses within a city, the global catalog contains limited information about every object in a forest Within the schema, certain attributes are marked for inclusion in the GC Searches are commonly performed against these attributes By searching against the GC, individual domains do not have to be queried in most cases- GC can resolve Servers that hold a copy of the global catalog are called global catalog servers
Global Catalog Server Application Solaris.com Ccna.com Mcse.com Configuration Schema Holds read only copy of all other domain directory partitions- all objects, but only attributes marked for GC inclusion Holds full copy of domain partition for own domain Holds full copy of configuration partition for forest Holds full copy of the schema partition for forest Contains application data if configured ForestDNSZone, DomainDNSZone, user-defined application partition(s)
Global Catalog Servers Global Catalog Server Universal Group membership when user logs on Global Catalog Queries Include in GC Telephone Email Name … Object Attributes Domain Domain Domain

More Related Content

PPTX
Microsoft Active Directory.pptx
masbulosoke
 
PPTX
Introduction to Active Directory
thoms1i
 
PPTX
What is active directory
Adeel Khurram
 
PPT
Microsoft Active Directory
thebigredhemi
 
PPT
Active Directory Services
Varun Arora
 
PPT
Active Directory
Sandeep Kapadane
 
PPTX
Active Directory
Hameda Hurmat
 
PPT
Active directory and application
aminpathan11
 
Microsoft Active Directory.pptx
masbulosoke
 
Introduction to Active Directory
thoms1i
 
What is active directory
Adeel Khurram
 
Microsoft Active Directory
thebigredhemi
 
Active Directory Services
Varun Arora
 
Active Directory
Sandeep Kapadane
 
Active Directory
Hameda Hurmat
 
Active directory and application
aminpathan11
 

What's hot (20)

PPTX
Web servers
Kuldeep Kulkarni
 
PPT
Lecture 01 introduction to database
emailharmeet
 
PPTX
Active directory domain service
Festus Oriaku
 
PPT
Active directory
deshvikas
 
PPTX
Presentation of DBMS (database management system) part 1
Junaid Nadeem
 
PPTX
Functional dependencies in Database Management System
Kevin Jadiya
 
PPTX
Domain name system presentation
Anchit Dhingra
 
PPTX
Active directory architecture
rahuldaredia21
 
PPTX
Functional dependency
Tamajit Chakraborty
 
PPT
Database Presentation
a9oolq8
 
PPT
Active directory
Muuluu
 
PPT
Database concepts
Harry Potter
 
PPTX
Administer Active Directory
Hameda Hurmat
 
PPTX
Relational Data Model Introduction
Nishant Munjal
 
PPTX
Functional dependancy
Visakh V
 
PPTX
Introduction_of_ADDS
Harsh Sethi
 
PPTX
SQL commands
GirdharRatne
 
PPTX
Introduction to database
Arpee Callejo
 
PPTX
Data Manipulation Language (DML).pptx
optimuspc05
 
PPT
active-directory-domain-services
202066
 
Web servers
Kuldeep Kulkarni
 
Lecture 01 introduction to database
emailharmeet
 
Active directory domain service
Festus Oriaku
 
Active directory
deshvikas
 
Presentation of DBMS (database management system) part 1
Junaid Nadeem
 
Functional dependencies in Database Management System
Kevin Jadiya
 
Domain name system presentation
Anchit Dhingra
 
Active directory architecture
rahuldaredia21
 
Functional dependency
Tamajit Chakraborty
 
Database Presentation
a9oolq8
 
Active directory
Muuluu
 
Database concepts
Harry Potter
 
Administer Active Directory
Hameda Hurmat
 
Relational Data Model Introduction
Nishant Munjal
 
Functional dependancy
Visakh V
 
Introduction_of_ADDS
Harsh Sethi
 
SQL commands
GirdharRatne
 
Introduction to database
Arpee Callejo
 
Data Manipulation Language (DML).pptx
optimuspc05
 
active-directory-domain-services
202066
 
Ad

Viewers also liked (18)

PPT
Active Directory Training
Nishad Sukumaran
 
PPTX
Windows Server 2008 Active Directory
anilinvns
 
PPTX
Active directory ds ws2008 r2
MICTT Palma
 
PPT
70 640 Lesson01 Ppt 041009
Coffeyville Community College
 
PPTX
Windows session 5 : Basics of active directory
Navaneethan Naveen
 
PDF
Lesson 5 security
Ram Kedem
 
PDF
Understanding DNSSEC in Windows DNS Server
Kumar Ashutosh
 
PPTX
Remote desktop and print server
Muhammad Hamza
 
PDF
6425 c 01
tanvutha
 
PPTX
Print server
catacutanjcsantos
 
PPTX
Designing the active directory logical structure
John Carlo Catacutan
 
PPT
Active directory installation windows 2003 1
tameemyousaf
 
PPTX
unit 2
Sangeetha Rangarajan
 
DOC
Firewall
Muuluu
 
PPT
1.2 active directory
Muuluu
 
PPTX
Tutorial on dhcp
Salah Amean
 
PPT
Servers
Srinath Dhayalamoorthy
 
PDF
RARP, BOOTP, DHCP and PXE Protocols
Peter R. Egli
 
Active Directory Training
Nishad Sukumaran
 
Windows Server 2008 Active Directory
anilinvns
 
Active directory ds ws2008 r2
MICTT Palma
 
70 640 Lesson01 Ppt 041009
Coffeyville Community College
 
Windows session 5 : Basics of active directory
Navaneethan Naveen
 
Lesson 5 security
Ram Kedem
 
Understanding DNSSEC in Windows DNS Server
Kumar Ashutosh
 
Remote desktop and print server
Muhammad Hamza
 
6425 c 01
tanvutha
 
Print server
catacutanjcsantos
 
Designing the active directory logical structure
John Carlo Catacutan
 
Active directory installation windows 2003 1
tameemyousaf
 
unit 2
Sangeetha Rangarajan
 
Firewall
Muuluu
 
1.2 active directory
Muuluu
 
Tutorial on dhcp
Salah Amean
 
Servers
Srinath Dhayalamoorthy
 
RARP, BOOTP, DHCP and PXE Protocols
Peter R. Egli
 
Ad

Similar to Active directory ii (20)

PPTX
Activedirecotryfundamentals
Shekhar Singh
 
PPT
70 640 Lesson02 Ppt 041009
Coffeyville Community College
 
PPT
Ads Overview En
raj240969
 
PPT
Ads Overview En
raj240969
 
PPT
Ads overview-en
Sandip More
 
PPT
PowerPoint Presentation
webhostingguy
 
PPTX
Active Directory component
kuldeep singh shishodia
 
PPT
Active Directory Fundamentals Training.ppt
PeterBendana
 
PPT
active directory fundamental for the beginner
RivelynN
 
PPTX
Windows server 2008 active directory
Raghu nath
 
PDF
Active Directory
Jessica Henderson
 
PDF
Ad domain n trust
muneebalisyed
 
PPT
MS_Active_Directory.ppt
Vipin Singhal
 
PPTX
Wintel
Anandharaj007
 
PPT
Active directory slides
Timothy Moffatt
 
PDF
29041329 interview-questions-for-server-2003
rafiq123
 
PPTX
Active-Directory-Domain-Services.pptx
JavedAjmal1
 
DOC
Server interview[1]
sourav nanda
 
PPT
Active diirecotry
Pradeesh Stanislavose
 
PDF
Active directory interview_questions
Umesh Sawant
 
Activedirecotryfundamentals
Shekhar Singh
 
70 640 Lesson02 Ppt 041009
Coffeyville Community College
 
Ads Overview En
raj240969
 
Ads Overview En
raj240969
 
Ads overview-en
Sandip More
 
PowerPoint Presentation
webhostingguy
 
Active Directory component
kuldeep singh shishodia
 
Active Directory Fundamentals Training.ppt
PeterBendana
 
active directory fundamental for the beginner
RivelynN
 
Windows server 2008 active directory
Raghu nath
 
Active Directory
Jessica Henderson
 
Ad domain n trust
muneebalisyed
 
MS_Active_Directory.ppt
Vipin Singhal
 
Wintel
Anandharaj007
 
Active directory slides
Timothy Moffatt
 
29041329 interview-questions-for-server-2003
rafiq123
 
Active-Directory-Domain-Services.pptx
JavedAjmal1
 
Server interview[1]
sourav nanda
 
Active diirecotry
Pradeesh Stanislavose
 
Active directory interview_questions
Umesh Sawant
 

More from deshvikas (14)

PPT
Printers And Groups
deshvikas
 
PPT
New Diskmgmt
deshvikas
 
PPT
Networking & Intro 2003
deshvikas
 
PPT
Isa
deshvikas
 
PPT
Dns
deshvikas
 
PPT
Dhcp
deshvikas
 
PPT
Dfs And Disk Quota
deshvikas
 
PPT
Active Directory Ii
deshvikas
 
PPT
Active Directory I
deshvikas
 
PPT
Printers and groups
deshvikas
 
PPT
New diskmgmt
deshvikas
 
PPT
Dns
deshvikas
 
PPT
Dhcp
deshvikas
 
PPT
Dfs and disk quota
deshvikas
 
Printers And Groups
deshvikas
 
New Diskmgmt
deshvikas
 
Networking & Intro 2003
deshvikas
 
Isa
deshvikas
 
Dns
deshvikas
 
Dhcp
deshvikas
 
Dfs And Disk Quota
deshvikas
 
Active Directory Ii
deshvikas
 
Active Directory I
deshvikas
 
Printers and groups
deshvikas
 
New diskmgmt
deshvikas
 
Dns
deshvikas
 
Dhcp
deshvikas
 
Dfs and disk quota
deshvikas
 

Recently uploaded (20)

PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Cloud computing and distributed systems.
kkkkkhan
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Approach and Philosophy of On baking technology
30anthuong17
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 

Active directory ii

  • 2. Basics of Active Directory in Windows Server 2003 Active Directory partitions Logical structures “Physical” structures Functional levels
  • 4. Schema Logical partition in Active Directory database “ Template” for Active Directory database Forms the database structures in which data is stored Object classes Attributes Extensible Dynamic Protected by ACLs (Access Control Lists)- DACLs and SACLs (Discretionary ACLs and System ACLs) One schema per Active Directory forest
  • 5. Schema Users Servers Attributes of Users might contain: List of attributes accountExpires badPasswordTime mail cAConnect dhcpType eFSPolicy fromServer governsID Name … accountExpires badPasswordTime mail name Attribute Examples: Object Class Examples: Dynamically available, updateable, and protected by DACLs Computers
  • 6. Configuration Logical partition in Active Directory database “ Map” of Active Directory implementation Contains information used for replication, logon, searches Domains Trust relationships Sites & site links Subnets Domain controller locations
  • 7. Domains Logical partition in Active Directory database Collections of users, computers, groups, etc. Units of replication Domain controllers in a domain replicate with each other and contain a full copy of the domain partition for their domain Domain controllers do not replicate domain partition information for other domains Windows 2000/WS03 Domain Replication User1 User2 User1 User2
  • 8. Directory Partitions Configurable Replication Application Domain-wide replication Forest-wide replication (every DC in forest has a replica) All Partitions Together Comprise the Active Directory Database Zoom.com Configuration Schema Contains information about all domain-specific objects created in Active Directory Contains information about Active Directory structure Contains definitions and rules for creating and manipulating all objects and attributes Contains application data ForestDNSZone DomainDNSZone
  • 10. Tree One or more domains that share a contiguous DNS namespace, e.g. ZOOM.COM MCSE.ZOOM.COM CCNA.ZOOM.COM
  • 11. Forest One or more domains that share: Common schema Common configuration Automatic transitive trust relationships Common global catalog Forest can contain from as few as one domain to many domains and/or many trees First domain created is forest root- this cannot be changed without rebuilding the entire forest
  • 13. Trust Relationships Secure communication paths that allow security principals in one domain to be authenticated and accepted in other domains Some trusts are automatically created Parent-child domains trust each other Tree root domains trust forest root domain Other trusts are manually created Forest-to-Forest transitive trust relationships can be created-Windows Server 2003 forests only
  • 14. Default - two-way- transitive Kerberos trusts (intraforest) Shortcut - one or two-way – transitive Kerberos trusts (intraforest) Reduce authentication requests Forest – one or two-way – transitive Kerberos trusts* *.WS2003 Forests- Windows 2000 does not support forest trusts Only between Forest Roots Creates transitive domain relationships External – one-way – non-transitive NTLM trusts Used to connect to/from Windows NT or external 2000 domains Manually created Realm – one or two-way – non-transitive Kerberos trusts Connect to/from UNIX MIT Kerberos realms Trust Relationships in Windows Server 2003
  • 15. Trees and Forests Tree Forest External One-Way Non-Transitive Trust Tree Forest Forest Two-Way Transitive Trusts (Forest/Tree Root) contoso.msft nwtraders.msft (Forest/Tree Root) japan. contoso.msft (Child Domain) tailspintoys.msft (Tree Root) japan. nwtraders.msft (Child Domain) china. nwtraders.msft (Child Domain) Windows NT Domain Tree
  • 17. Forest and Domain Functional Levels Functional levels determine Supported domain controller operating system Active Directory features available Domain functional levels can be raised independently of one another Raising forest functional level is performed by Enterprise Admin Requires all domains to be at Windows 2000 native or WS03 functional levels
  • 18. Forest Functional Levels Windows Server 2003 Server family Windows Server 2003 Server family   Windows NT 4.0, Windows Server 2003 Server family Windows Server 2003 Interim Windows NT 4.0, Windows 2000, Windows Server 2003 Server family Windows 2000 (default) Domain Controllers Supported Forest Functional Level
  • 19. Forest Functional Levels- Features Same as Windows Server 2003 Interim, plus: Schema de-/reactivation Domain rename Forest trust Windows Server 2003 Server Family Same as Windows 2000, plus: LVR replication (Linked Value Replication- new group structuring) Improved ISTG (Inter-Site Topology Generator- generates replication connections) Windows Server 2003 Interim Universal group caching Windows 2000 Features Supported Functional Level
  • 20. Domain Functional Levels Windows 2000 Mixed Mode- NT4, Windows 2000 or WS03 DCs Domain Controller (Windows 2000) Domain controller (Windows NT 4.0) Domain Controller (Windows Server 2003) Windows 2000 Native Mode- No NT 4 DCs Domain Controller (Windows Server 2003) Domain Controller (Windows 2000)
  • 21. Domain Functional Levels Windows Server 2003 Interim- No 2000 DCs Domain controller (Windows NT 4.0) Domain Controller (Windows Server 2003) Windows Server 2003 Server Level- All WS03 DCs Domain Controller (Windows Server 2003) Domain Controller (Windows Server 2003)
  • 22. Domain Functional Levels- Features Same as Windows 2000 Native, plus: Kerberos KDC version numbers Domain Rename Windows 2003 Server Family Same as Windows 2000 mixed, plus: Group nesting and converting Universal security and distribution groups Universal group membership caching SID history Windows 2000 Native/Windows Server 2003 Interim Universal group caching Application directory partitions Windows 2000 mixed Features Supported Functional Level
  • 24. “Physical” Components of Active Directory Sites Areas of “good” connectivity Single site may contain many domains Single domain may span many sites Domain Controllers Store replicas of the Active Directory database Associated with a given site Site Domain
  • 25. Sites Subnets are defined and associated with sites Used by domain controllers to determine replication behavior Used by computers to locate close domain controllers for authentication and searches of the directory Chicago Seattle New York Los Angeles IP Subnet Site IP Subnet
  • 26. Domain Controllers Domain controllers replicate common partitions Every DC in the forest has a replica of schema & configuration partitions Every DC in a domain has a replica of that domain’s domain partition DCs may contain replicas of application partitions
  • 27. Roles of Active Directory
  • 28. Roles of a Domain Controller Roles Global Catalog Server Domain Naming Master Schema Master RID Master PDC Emulator Infrastructure Master Operation Masters Forest Wide Roles Domain Wide Roles
  • 29. Global Catalog Like a telephone book contains limited information about all people and businesses within a city, the global catalog contains limited information about every object in a forest Within the schema, certain attributes are marked for inclusion in the GC Searches are commonly performed against these attributes By searching against the GC, individual domains do not have to be queried in most cases- GC can resolve Servers that hold a copy of the global catalog are called global catalog servers
  • 30. Global Catalog Server Application Solaris.com Ccna.com Mcse.com Configuration Schema Holds read only copy of all other domain directory partitions- all objects, but only attributes marked for GC inclusion Holds full copy of domain partition for own domain Holds full copy of configuration partition for forest Holds full copy of the schema partition for forest Contains application data if configured ForestDNSZone, DomainDNSZone, user-defined application partition(s)
  • 31. Global Catalog Servers Global Catalog Server Universal Group membership when user logs on Global Catalog Queries Include in GC Telephone Email Name … Object Attributes Domain Domain Domain