Professional Documents
Culture Documents
NT3-4 model
Domain controller (DC) A Server which contains a directory of all objects in the domain
MyDomain 1 primary domain controller, multiple backup domain controllers All changes made on primary replicated to backup domain controllers Adequate for smaller organizations located on a single high speed network Used NetBios names, broadcast resolution difficult to locate resources Resource sharing between domains cumbersome to set up and control
2
Domain controller (DC) A Server which contains: a directory of all objects in the domain Configuration information for all sites within the forest A subset of information of all objects within the forest A common Schema
MyDomain.class Multiple domain controllers, all equal Multi master replication Adaptable to worldwide organizations with multiple WAN connected locations Uses host names, resolution of servers, services and workstations via DNS Automatically enables resource sharing between domains in a forest
3
Physical
Sites
Forest level:
A common schema A global catalog A common knowledge of the forests physical locations (sites) known as the configuration partition
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
Schema
Defines all the objects and attributes that the directory service uses to store data Characteristics of objects
Classes of objects (~260) Required and optional attributes (~1,550)
Installing active directory loads the default schema Schema can be changed via upgrades, application installs and manually Schema changes cannot be reversed regsvr32 schmmgmt.dll
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
Global Catalog
Stores information about every object within forest First DC configured in a forest becomes global catalog
Can change to another DC
Purposes:
Authentication Forest-wide searches of data Replication of key AD elements Keeps copy of most used attributes for quick access
7
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
Configuration
Is the physical component of Active directory Contains Sites (physical locations) Sites are based on IP subnets Allows users/machines to locate services in the same location as they are Defines replication paths and schedules between sites Bridgehead server
DC designated to have role of exchanging replication information One per site
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
Forest
Highest level in an Active Directory One or more Active Directory trees that are in a common relationship Forest functional level
Active Directory functions supported forest-wide Levels:
Windows 2000 native forest functional level Windows Server 2003 forest functional level Windows Server 2008 forest functional level
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
10
Tree
Contains one or more domains that are in a hierarchal naming relationship Kerberos transitive trust relationship
Two-way trusts between parent domains and child domains
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
11
Domain
Logical partition within an Active Directory forest Primary container within Active Directory Basic functions
To provide an AD partition to house objects To establish a set of information to be replicated To expedite management of a set of objects
walt.class
mike.class
Table1.walt.class
Table2.walt.class
Table1.mike.class
southTable2.walt.class
13
walt.class
Mike.walt.class
Sue.walt.class
Nate.walt.class
Pete.walt.class
Ron.walt.class
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
14
Notes to me
show current DNS structure Show Domains and Trusts Students to confirm DNS settings, workgroup membership
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
15
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
16
Organizational Unit
Grouping of related objects within a domain Allow the grouping of objects so that they can be administered using the same group policies
Such as security and desktop setup
Can be nested within other OUs Best practices when creating OUs
Keep to 10 or fewer Set up horizontally for best efficiency
17
18
Trusts
Trusts at the forest level
Transitive 2 way Forest trust Non transitive 2 way 1 way outgoing or incoming
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
19
walt.class
mike.class
Table1.walt.class
Table2.walt.class
Table1.mike.class
southTable2.walt.class
20
Figure 4-11 Selecting the Local Users and Groups MMC snap-in
Courtesy Course Technology/Cengage Learning
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
21
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
22
Account Activities
Disabling Enabling an an Account Renaming an Account Moving an Account Changing an Accounts Password Deleting an Account
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
24
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
26
Broader scope than domain local groups Can be nested Typical use:
Add accounts that need access to resources in the same or in another domain Make the global group in one domain a member of a domain local group in the same or another domain
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
28
29
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
30
Can include
User accounts from any domain Global groups from any domain Other universal groups from any domain
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
31
32
Properties of Groups
To edit properties:
Double-click group in the Local Users and Groups tool for a stand-alone (non domain) or member server Or in the Active Directory Users and Computers tool for DC servers in a domain
Properties
General Members Member of Managed by
33
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
34
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
35
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
36
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
37
Can now create more than one set of account policies within a domain Password settings container (PSC)
Contains password settings objects (PSOs)
Represent unique set of password policies
38
MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646)
39