Active Directory It is a client-server n/w environment implemented by Microsofts Server OS like Win 2k !

2k"#

PEER TO PEER:-

$enerally small n/ws less t%an 2& pcs

'# (on centrali)ed arc%itect*re! passwords! *ser acco*nts! access control! a*t%entication + sec*rity Are implemented separately on eac% comp*ter# 2# ,tili)e (-./IOS-/ased 0WO12$1O,3S4 instead of D(S-based AD4 Domains4#

Client-Server:-

$enerally lar5e n/ws more t%an 6& pcs#

'#7entrali)ed Arc%itect*re ! 3asswords! *ser acco*nts! access control! a*t%entication and sec*rity Are implemented on central servers and propa5ated from t%ose servers to every client on t%e n/w# 2# ,tili)es D(S-/ased AD 0Domains4 instead of (-./IOS-based 0Work5ro*p4#

Active Directory is or5ani)ed into 0forests and trees4# .rees are also referred to as 0domains4 and .%ese domains trees can %ave 0s*bdomains4#A 2ey concept of AD arc%itect*re is in%eritance and it e8ists between all AD Ob9ects wit%in a forest# .%ro*5% t%is in%eritance! AD ob9ects maintain a parent-c%ild relations%ip wit% ot%er ob9ects in t%e Directory# A S*bdomain is a c%ild of domain tree# .%e domain tree is itself sim*ltaneo*sly a c%ild ob9ect Of its forest and a parent ob9ect to its S*bdomain# /: defa*lt! eac% domain and S*bdomain wit%in a forest for5e an a*tomatic two way transitive tr*st 1elations%ip between ot%er domains wit%in t%e forest# .%is two ;way transitive tr*st means t%at ob9ects In one domain can be referenced and accessed by *ser and 5ro*ps in ot%er domains# In addition to t%ese a*tomatic two-way transitive tr*sts t%at only flow in a sin5le direction can be created man*ally# -ffectively! w%ereas a transitive tr*st means t%at A tr*sts / and / tr*sts A! an intransitive tr*st means t%at A tr*sts / b*t / does not tr*st A#<=ice =ersa>

AD *tili)es a %ierarc%ical D(S namespace w%ereby eac% ob9ect in t%e Directory can be addressed by its ?*lly @*alified Domain (ame<?@D(># .%e ?@D( is a combination of t%e ob9ects %ostname!s*bdomain! Domain tree and forest and is str*ct*red from left to ri5%t startin5

wit% t%e most specific identity of an ob9ect<%ostname> and proceedin5 to t%e most 5eneral <forest># Transformer s (FOREST

=c <Domain>

3ics <domain>

1aic%*r <S*bdomai n>

/an5alore <S*bdomai n>

Maski <S*bdomai n>

Cost'

Cost2

?@D(A-Host1.Bangalore.Vc.Transformers Often! many or5ani)ations will *tili)e an AD domain str*ct*re t%at inte5rates wit% t%eir internet D(S Domain str*ct*re at t%e top level# .%erefore! forest names wo*ld be t%e same as top level IA(A D(S (ames like #com! #or5! #net! #ed* and so fort%# Ad implements a fa*lt- tolerant m*lti-master arc%itect*re wit%in its infrastr*ct*re# .%is met%od departs ?rom earlier implementations s*c% as Microsofts Old (. environment# In Old (. t%ere was only ' 3D7 And /D7s </ack*p Domain 7ontrollers># .%is 7%an5ed wit% t%e advent of AD M*lti-master Arc%itect*re# ,nder t%is new model! t%ere is no /D7s# All domain controllers in AD %ave 1ead-Write copies of all domain ob9ects# Any D7 in a domain can create! delete! and modify! ob9ects# .%is minimi)es .%e impact on t%e domain w%en any one D7 5oes down# .wo key feat*res of ADBs m*lti-master domain str*ct*re are 0fa*lt tolerance4 and 0load balancin54# AD load balancin5 can be done by addin5 D7s and network services and responsibilities can be s%ared and balanced between m*ltiple servers so t%at no one server is doin5 all t%e work! enablin5 optimal performance#

W%en an ob9ect is modified! created or destroyed on one domain controller! t%ose c%an5es m*st be propa5ated to all ot%er D7s and sync%roni)ed wit%in t%e domain t%ro*5% a process called 1eplication# 1eplication occ*rs a*tomatically at re5*lar intervals and may also be implemented man*ally# All replication traffic is encrypted via protocol known as 2erberos v6! t%*s %ardenin5 t%is traffic a5ainst %acker activity# If a D7 %oldin5 an operations master role fails! t%at D7s master role can be assi5ned to anot%er D7! allowin5 recovery of lost f*nctionality# Cowever! w%ile a D7 wit% an assi5ned master role is f*nctionin5! (o ot%er D7 can %old t%at assi5ned role# Once a5ain! t%is compromise is necessary to resolve conflicts In ADs m*lti-master infrastr*ct*re# .%e 6 Operations Master 1oles '# 3D7 -m*lator 2# Sc%ema Master # Infrastr*ct*re Master D# 1ID Master 6# Domain (amin5 Master#

!ro"# Polic$
Anot%er 2ey component of AD is known as $3# It 5ives Domain Administrators t%e ability to confi5*re and enforce sec*rity on every workstation and server t%at is a member of a partic*lar domain# .%ro*5% $ro*p policy! software applications can be installed and *p5raded t%ro*5%o*t t%e domain wit%o*t t%e administrator ever leavin5 t%eir desk# Desktops can be locked down and feat*res enabled or disabled t%ro*5%o*t t%e domain# .%e presence of *na*t%ori)ed software and malware can be prevented# Internet and network sec*rity settin5s can be locked and enforced# E*st abo*t any c*stomi)ation ima5inable t%at yo* co*ld implement on a sin5le mac%ine can be applied to an entire domain t%ro*5% $3# AD provides many of t%e standard feat*res of a modern network environment s*c% asA D(S! DC73! Web Service! ?.3 Service! ?ile Service and 3rint Service#

Win 22" Server =3( Server 7onfi5*rationA-(etwork 3olicy + Access Services 1ole %as to be add to confi5*re =3( Server role#