IT222 Microsoft Network Operating Systems II

Similar documents
70-647: Windows Server Enterprise Administration Course 01 Planning for Active Directory

Windows Server 2003 Network Administration Goals

Active Directory trust relationships

Introduction to LAN Introduction to TDC 363 Lecture 05 Course Outline What is NOS?

TestOut Server Pro 2016: Identity - English 4.0.x LESSON PLAN. Revised

Chapter 4: Managing the Directory 4.1: Overview of Managing the Directory

70-742: Identity in Windows Server Course Overview

5.1. Functional Level

Active Directory Replicationm

Understanding Active Directory Level 100

Change Schema Active Directory Domain Name 2003

Identity with Windows Server 2016 (742)

Change Schema Active Directory Domain Name Windows 2008 R2

3 Administering Active Directory

Network+ Guide to Networks, Fourth Edition. Chapter 8 Network Operating Systems and Windows Server 2003-Based Networking

CISNTWK-11. Microsoft Network Server. Chapter 4

Module 7: Implementing Sites to Manage Active Directory Replication

Guide to Securing Microsoft Windows 2000 Active Directory

8 Administering Groups

FUNCTIONAL LEVELS AND FSMO

Active Directory. Learning Objective. Active Directory

Appendix A: Differences Between Microsoft Windows Server 2003 and Microsoft Windows 2000

x CH03 2/26/04 1:24 PM Page

Domain Requirements and Supported Topologies

Microsoft Exam

One Identity Active Roles 7.2. Access Templates Available out of the Box

Installing and Configuring Windows Server 2012 R2

Windows Server 2008 Training

One Identity Active Roles 7.2. What's New Guide

Manage and Maintain Active Directory Domain Services

Install and Configure Active Directory Domain Services

Domain Requirements and Supported Topologies

Chapter 1: Windows Platform and Architecture. You will learn:

Windows 2000 Security. Security. Terminology. Terminology. Terminology. Terminology. Security. Security. Groups. Encrypted File Security (EFS)

Change Active Directory Schema Master Windows 2008

Changing Schema Active Directory Domain Name Server 2008 R2

Introduction to Active Directory

Module 5: Integrating Domain Name System and Active Directory

6425C MCT USE ONLY. STUDENT USE PROHIBITED. Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Volume 2

MOC 6232A: Implementing a Microsoft SQL Server 2008 Database

NetIQ Advanced Authentication Framework. Deployment Guide. Version 5.1.0

Module 3: Managing Groups

Windows 2000 System Administration Handbook, 1/e

Microsoft Exactexams Questions & Answers

Migrating from Window Server 2003 to Windows Server 2008 on Different Hardware Server. Pre-requisites

68199.book Page 1 Friday, August 10, :39 PM. Chapter. Exchange Server 2007 and Active Directory Review COPYRIGHTED MATERIAL

Host Access Management and Security Server Administrative Console Users Guide. August 2016

PROPOSAL OF WINDOWS NETWORK

ZENworks 11 Support Pack 4 User Source and Authentication Reference. October 2016

70-640_formatted. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0.

61675c01.fm Page 1 Wednesday, April 2, :35 PM. Chapter. Overview of Active Directory COPYRIGHTED MATERIAL

Case Study by Rodrisan PRO: Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Case Study Based Exam

Change Schema Active Directory Domain Name Server 2008 R2

Demo. Installing and Configuring Windows Server 2012

Server based Networking & Security IS375 Group 5 Project. The purpose of this project is to put into practice what we learned in classroom.

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

Unable To Change Schema Master Windows 2008

Microsoft Certkiller Exam Bundle

Course Outline. Pearson: MCSA Cert Guide: Identity with Windows Server 2016 (Course & Lab)

The Windows Server 2008 R2 Schema Extension Must Be Applied To The Ad Schema For The Forest

Windows Server 2008 Active Directory, Configuring

Best Practice Active Directory Design for Managing Windows Networks

Available In The Microsoft Management Console

Windows Server 2008 Training

20413B: Designing and Implementing a Server Infrastructure

NetIQ Advanced Authentication Framework. Deployment Guide. Version 5.1.0

EXAM Designing and Implementing a Server Infrastructure. Buy Full Product.

Good management is essential for all modern networks. Active Directory

Mmc Cannot Initialize The Snap-in Active >>>CLICK HERE<<<

ACS 5.x: LDAP Server Configuration Example

[MS-ADOD-Diff]: Active Directory Protocols Overview. Intellectual Property Rights Notice for Open Specifications Documentation

Managing External Identity Sources

Windows 2012 Active Directory Schema Snap-in Is Not Connected To The Schema Operations Master

MOC 20410B: Installing and Configuring Windows Server 2012

Windows Server 2008 Active Directory Resource Kit

MCSA Windows Server A Success Guide to Prepare- Microsoft Upgrading Your Skills to MCSA Windows Server edusum.

Directory Integration with VMware Identity Manager

MOC 20410C: Installing and Configuring Windows Server 2012

Microsoft TS: Windows Server 2008 Active Directory, Configuring.

Course Outline 20742B

How To Properly Remove A 2003 Domain Controller That No Longer Exists

Exam Blueprint (Updated 2/18/14)

Microsoft Windows Server 2008 Functionality Changes. Powered by Microsoft TechNet

Installing the Cisco Unified CallManager Customer Directory Plugin Release 4.3(1)

Determine Schema Master Domain Controller 2008

Authentication, Authorization, and Accounting

6 Months Training Module in MS SQL SERVER 2012

Windows. Not just for houses

MCSA Windows Server A Success Guide to Prepare- Microsoft Configuring Advanced Windows Server 2012 Services. edusum.

Overview of AdminSDHolder, protected groups and SDPROP Controlling groups that are protected by AdminSDHolder Security Descriptor propagator

Microsoft Exam

Vendor: Microsoft. Exam Code: Exam Name: Administering Windows Server Version: Demo

Number: Passing Score: 800 Time Limit: 120 min File Version:

Microsoft - Configuring Windows Server 2008 Active Directory Domain Services (M6425)

CISNTWK-11. Microsoft Network Server. Chapter 5 Introduction Permissions i and Shares

Exam Identity with Windows Server 2016

Microsoft Windows Server Administration Fundamentals. Download Full Version :

Organizational Units. What Is an OU? OU Hierarchies

Q&As. Identity with Windows Server Pass Microsoft Exam with 100% Guarantee

Transcription:

1 ITT Technical Institute IT222 Microsoft Network Operating Systems II Unit 1: Chapters 1 & 2

2 Chapter 1 OVERVIEW OF ACTIVE DIRECTORY Chapter 1: Overview of Active Directory, pp. 1 23 Chapter 2, Implementing Active Directory, pp. 27 55

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 3 ACTIVE DIRECTORY FUNCTIONS Directory Services A tool used to define, manage, access, and secure network resources. Resources include: files, printers, groups, people, and applications. Active Directory Stored as NTDS.dit on a domain controller. Used by domain controllers to authenticate users. Domain controllers store, maintain, and replicate.

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 4 ACTIVE DIRECTORY BENEFITS Centralized administration Single point of access Fault tolerance and redundancy Multiple domain controllers are used Multi-master replication Simplified resource location

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 5 CENTRALIZED ADMINISTRATION Hierarchical organization for ease of administration Common Microsoft Management Console (MMC) tool set Active Directory Users And Computers (DSA.MSC) Active Directory Domains And Trusts (DOMAIN.MSC) Active Directory Sites And Services (DSSITE.MSC)

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 6 SINGLE POINT OF AUTHENTICATION Before directory services Server1 Server2 Server3 After directory services Single sign-on Active Directory

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 7 MULTI-MASTER REPLICATION Active Directory Domain Replication Process DC3 DC1 DC2 1. A change occurs on DC2. 2. DC2 notifies DC1 and DC3 that there is a change to Active Directory. 3. At the next replication interval, DC1 and DC3 request the new database information. 4. DC2 replicates the changes to DC1 and DC3. 5. DC1 and DC3 update their Active Directory database.

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 8 SIMPLIFIED RESOURCE LOCATION Search features available on Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Windows Server 2003. Search Active Directory to find: Shared folders Printers People (user accounts)

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 9 ACTIVE DIRECTORY SCHEMA AD Objects are defined by attributes each object has their own set of attributes called a schema protected by ACLs. Object classes User accounts Computer accounts Printers Groups Object Attributes Name (unique) Globally unique identifier (GUID) Location (for printer) E-mail address (for users)

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 10 ACTIVE DIRECTORY COMPONENTS IP Site Forest Root Domain cohowinery.com Container Objects Leaf Objects Types: OUs Domains Domain trees Forests Sites IP Site Child Domain north.cohowinery.com

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 11 ORGANIZATIONAL UNITS Container objects Look like a folder with a book icon in Active Directory Users And Computers Security is applied to OUs Inherited by child OUs Used to control access to that OU or hide subordinate OUs Allows for the delegation of administrative rights

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 12 ORGANIZATIONAL UNITS An Organizational Unit can contain: Users Groups Contacts Printers Shared folders Computers OUs InetOrgPerson

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 13 DOMAINS Logical grouping of resources; normally used for the purpose of administration as a single unit. Form security and replication boundaries. Individual access control lists (ACLs) for each domain. Group Policies are typically assigned and inherited within a domain only, not from the forest. Domain replication is independent of global catalog and schema replication. Multiple domains may be used by a single organization.

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 14 DOMAINS, TREES, AND A FOREST Forest root and tree root parent ou ou Domain tree root contoso.com tailspintoys.com child child west.contoso.com east.contoso.com

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 15 SITES One or more IP subnets that are connected by fast links. Used to reflect the physical network structure Usually local area network (LAN) versus wide area network (WAN) Optimize replication Knowledge Consistency Checker (KCC) creates and maintains this structure

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 16 NAMING STANDARDS Lightweight Directory Access Protocol (LDAP) Standard naming structure and hierarchy Established by the Internet Engineering Task Force (IETF) Domain Name System (DNS) Uniform Resource Locator (URL)

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 17 LDAP NAMES Created in early 1990 s by to facilitate the implementation of X.500 in email (a standard of how global directories should be structured). cohowinery.com Sales Jeffrey Smith Guy Gilbert Distinguished Name User Principal Name (UPN) Relative Distinguished or Common Name Accounting Color Printer Cn=jsmith,ou=sales,dc=cohowinery,dc=com jsmith@cohowinery.com Jsmith

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 18 PLANNING FOR ACTIVE DIRECTORY Logical and physical structure DNS and Active Directory integration and naming Functional levels of domains and forests Trust relationships and models

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 19 STRUCTURING ACTIVE DIRECTORY Security and administrative goals are important when defining the logical structure. Group Policy application and inheritance Delegating administrative control Permission inheritance Logical structure often reflects the business or administrative model. Sites are used to reflect the physical structure of the network.

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 20 ROLE OF DNS Resolves friendly names to Internet Protocol (IP) addresses. Required by Active Directory. Domain members use service locator (SRV) records to find domain controllers. Dynamic DNS (DDNS) is supported and recommended.

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 21 FUNCTIONAL LEVELS Designed to support downlevel compatibility Increasing functional level allows for use of new features Two types of functional level Domain functional level Forest functional level

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 22 DOMAIN FUNCTIONAL LEVELS Windows 2000 mixed Windows 2000 native Windows Server 2003 interim Windows Server 2003

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 23 WINDOWS 2000 MIXED FUNCTIONAL LEVEL Domain controllers can run on the following operating systems: Windows NT Server 4.0 Windows 2000 Server Windows Server 2003 Features at this functional level include: Install from media Application directory partitions Enhanced user interface (UI)

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 24 WINDOWS 2000 NATIVE FUNCTIONAL LEVEL Domain controllers can run on the following operating systems: Windows 2000 Server Windows Server 2003 Features at this functional level include: Group nesting Universal groups Security Identifier History (SIDHistory)

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 25 WINDOWS SERVER 2003 INTERIM FUNCTIONAL LEVEL Designed for organizations that have not upgraded to Windows 2000 Active Directory. Only Windows Server 2003 and Windows NT Server 4.0 domain controllers are supported. Windows 2000 Server domain controllers are NOT allowed. No extra features over any other functional level.

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 26 WINDOWS SERVER 2003 FUNCTIONAL LEVEL Only Windows Server 2003 domain controllers Features at this functional level include: Replicated last logon timestamp Key Distribution Center (KDC) version numbers User password on inetorgperson objects Domain renaming

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 27 RAISING THE DOMAIN FUNCTIONAL LEVEL Must be logged on as a member of the Domain Admins group. Performed using the Primary Domain Controller (PDC) emulator. All domain controllers must support the new level. Irreversible.

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 28 FOREST FUNCTIONAL LEVELS Windows 2000 Windows Server 2003 interim Windows Server 2003

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 29 WINDOWS 2000 FOREST FUNCTIONAL LEVEL Domain controllers can be running Windows Server 2003, Windows 2000, or Windows NT 4.0 operating systems. Features supported at this functional level include: Install from media Universal group caching Application directory partitions

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 30 WINDOWS 2003 INTERIM FOREST FUNCTIONAL LEVEL Only Windows Server 2003 and Windows NT Server 4.0 domain controllers are supported. Windows 2000 Server domain controllers are NOT allowed. Features at this level include: Improved inter-site topology generator (ISTG) Improved linked value replication

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 31 WINDOWS SERVER 2003 FOREST FUNCTIONAL LEVEL Only Windows Server 2003 domain controllers are supported. Features at this level include: Dynamic auxiliary class objects User objects can be converted to inetorgperson objects Schema redefinitions permitted Domain renames permitted Cross-forest trusts permitted

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 32 RAISING THE FOREST FUNCTIONAL LEVEL Must be logged on as a member of the Enterprise Administrators group. Must be connected to the Schema Operations Master. All domain controllers must support the new functional level. Irreversible.

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 33 ACTIVE DIRECTORY TRUST MODELS Transitivity: If A trusts B and B trusts C, then A trusts C Forest Root Domain Child Domain A Child Domain C Child Domain B Child Domain D

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 34 SHORTCUT TRUST Forest Root Domain Child Domain A Child Domain C Shortcut Trust Child Domain B Child Domain D

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 35 WINDOWS NT SERVER 4.0 TRUST MODEL Domain A Domain B Domain C Domain D

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 36 CROSS-FOREST TRUST New in Windows Server 2003 Trusts between two forests Requires Windows Server 2003 forest functional level Uses Kerberos as do all Windows 2000 and Windows Server 2003 intra-forest trust relationships

Chapter 1: OVERVIEW OF ACTIVE DIRECTORY 37 SUMMARY Active Directory is a database (NTDS.dit). DNS is required by Active Directory. Schema defines object types and attributes. Domain and forest functional levels provide a balance between backward compatibility and new functionality. Active Directory allows for two-way transitive (Kerberos) trusts. Trusts allow domain hierarchies to be created. Cross-forest trusts are a new feature for Windows Server 2003 Active Directory.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback