Introduction to Active Directory Active Directory Built upon industry standards Compatible with other directories and systems Addresses scalability security and maintenance issues ensuring lower TCO 2 Active Directory Service Interface Component Object Model COM components that open AD features to programmers ADSI LDAP 3 Lightweight Directory Access Protocol LDAP Defines an industry standard method of accessing AD data Aids in the integration of AD with other systems 4 Windows Directory Services What is a Directory Service A directory is a collection of data that is related in various ways to other pieces of data A directory service is a central repository for data that describes the resources on your network 5 Active Directory Active Directory is the name given to the directory service employed in Windows Server 2003 Its dual role to act as a data repository and to provide data to applications and features outside of AD 6 Active Directory 7 AD Ease of Administration Domain system Trusts Transitiveness 8 AD Scalability Limit on the size of AD databases has been removed Windows NT Primary Domain Controller PDC acts as keeper of the data Win2K multimaster domain controllers 9 AD Open Standards Support Less reliance on proprietary protocols means easier integration of disparate systems and better scalability Newly supported standards include DNS LDAP HTTP 10 Organization of Active Directory Database AD is a single table residing in a single file that is copied to all domain controllers ntds dit Rows describe objects Columns describe attributes Metadata Schema Extensible 11 Logical components Objects Forests Trees Domains Groups Organizational Units OU 12 Logical components Domains operates as a single entity and boundary user accounts belong to domains Groups Universal groups Organizational Units organize resources apply Group Policies 13 Logical components Trees Domains that share the same contiguous namespace atlanta deere com corporate deere com finance deere com Forest Domains made up of trees that do not share a contigous namespace support microsoft com news msnbc com 14 Physical Components Domain Controllers Server capable of authentication Maintains a copy of the Active Directory Sites A well connected TCP IP subnet 15 Working with AD in your Enterprise Issues to consider Working with DNS Functional levels Overhead Mixed Mode Native Mode Windows Server 2003 interim domain functional Windows Server 2003 domain functional Personnel System Delegating tasks Maintenance Group Policy Replication 16 Active Directory Terminology Domain a selection of computers user accounts or other objects that share a common security boundary hierarchical structure of containers and objects unique DNS name security boundary 17 Domain Controllers DC Active Directory service installed Servers that provide authentication of domain members Data stores systemroot ntds dit NT Primary Domain Controllers PDC Mixed Mode Windows 2003 DC running PDC emulation 18 Trust Relationships Allow cross domain access to resources Requires a trusted domain and a trusting domain 19 Trust Relationships Trusts can also be two way 20 Trust Relationships Trusts can also be transitive 21 Namespace DNS is the primary method of name resolution DNS is a hierarchical naming system 22 DNS Hierarchy com com x x com y a domain name Subdomain ftp y co m a y com ftp a y co m DNS server 23 Namespace www TexasPinball com mail TexasPinball com 24 Namespace com top level domain name refers to the type of organization TexasPinball second level domain name refers to the organization www and mail refer to specific machines within the organization 25 Domain levels 26 Top level Domains 27 New TLDs On 16 November 2000 ICANN announced selections of new TLDs The seven new TLDs are as follows aero air transport industry biz businesses coop non profit cooperatives info unrestricted use museum museums name for registration by individuals pro accountants lawyers physicians 28 Texas Pinball Namespace 29 Dynamic DNS DDNS Helps make changes to the DNS host table easier to manage Client can register itself with DNS Useful in a DHCP environment 30 Domain Trees A group of domains that share the same namespace all domains share a common schema all domains share a common Global Catalog implicit two way transitive trusts exist between domains permissions and rights flow down the tree 31 Domain Forests A collection of domain trees domains have a noncontiguous namespace and differing name structure domains share a common schema domains share a common Global Catalog domains operate independently but cross domain communication is enabled implicit two way transitive trusts exist between domains and domain trees Explict Forest to Forest non transitive trust 32 Texas Pinball Domain Forest 33 Active Directory Components Active Directory Objects Active Directory Schema Organizational Unit Global Catalog Operation masters 34 Active Directory Objects An object refers to a specific distinctive named resource on the network groupings of similar objects are classes objects that can contain other objects are containers e g a domain 35 Active Directory Schema An definition of the types of objects allowed within a directory and the attributes associated with them attributes schema objects are defined once and can be applied to multiple classes classes metadata describe which attributes are used to define objects 36 Active Directory Schema 37 FORESTS TREES ORGANIZATIONAL UNITS Domain Domain Tree Domain Domain Forest OU OU Domain Domain OU Domain Domain Domain Domain Tree Domain Domain Domain Domain 38 Organizational Unit OU A special container used to organize objects in a domain into administrative units 39 Global Catalog A limited database that stores partial replicas of the directories of other domains Stored on DCs known as Global Catalog Servers First DC within Forest Multiple Global Catalogs Improved performance Increased network traffic Services Authentication Query processing 40 Operation Masters AD uses a multi master replication model Some operations are impractical for a multi master environment assigned to a specific DC known as an operation master schema master domain naming master relative ID master PDC emulator infrastructure master 41 Operations Master Functions Schema master maintains AD schema used through out the Forest 1 per forest Domain Naming master controls the addition and removal of domains in the FOREST 1 per forest PDC Emulator mixed mode 1 per