Identify Active Directory functions and Benefits. Identify the major components that make up an Active Directory structure. Identify how DNS relates.

Identify Active Directory functions and Benefits.

Identify the major components that make up an Active Directory structure.

Identify how DNS relates to Active Directory. Identify Forest and Domain Functional Levels.

A network service that identifies all resources on a network and makes those resources accessible to users and applications.

The most common directory service standards are:X.500Lightweight Directory Access Protocol

(LDAP)

Uses a hierarchical approach in which objects are organized in a similar way to the files and folders on a hard drive.

Industry standard. Slim-down version of X.500 modified to

run over the TCP/IP network.

A directory service that uses the “tree” concept for managing resources on a Windows network.

Stores information about the network resources and services, such as user data, printer, servers, databases, groups, computers, and security policies.

Identifies all resources on a network and makes them accessible to users and applications.

Used in:Windows 2000Windows Server 2003Windows Server 2008

Subsequent versions of Active Directory have introduced new functionality and security features.

Windows Server 2008 provides two directory services:Active Directory Domain Services (AD DS)Active Directory Lightweight Directory

Services (AD LDS)

Provides the full-fledged directory service that is referred to as Active Directory in Windows Server 2008 and previous versions of Windows Server.

Server that stores the Active Directory database and authenticates users with the network during logon.

Stores database information in a file called ntds.dit.

Active Directory is a multimaster database. Information is automatically replicated

between multiple domain controllers.

Centralized resource and security administration.

Single logon for access to global resources.

Fault tolerance and redundancy. Simplified resource location.

Active Directory provides a single point from which administrators can manage network resources and their associates’ security objects:

MMC Consoles found in Administrator Tools:Active Directory Users and ComputersActive Directory Sites and ServicesActive Directory Domains and TrustsADSI Edit

Active Directory uses a multimaster domain controller design.

Changes made on one domain controller are replicated to all other domain controllers in the environment.

It is recommended to have two or more domain controllers for each domain.

Introduced with Windows Server 2008. A domain controller that contains a copy

of the ntds.dit file that cannot be modified and that does not replicate its changes to other domain controllers with Active Directory.

Allows file and print resources to be published within Active Directory.

Examples include:Shared foldersPrinters

Forests – One or more domain trees, with each tree having its own unique name space.

Domain trees – One or more domains with contiguous name space.

Domains – A logical unit of computers and network resources that defines a security boundary.

Some of these common attributes are as follows:Unique nameGlobally unique identifier (GUID)Required object attributesOptional object attributes

Defines the objects stored within Active Directory the properties (attributes) associated within each object.User has different properties, which has

different properties than a group, which has different properties of a computer.

Example:cn=JSmith, ou=sales, dc=lucernepublishing,

dc=com

Provides name resolution for a TPC/IP network.

Active Directory requires DNS as the default name resolution method.

Example Resource Records (RR):Host (A) – Host name to IP.Pointer (PTR) – IP to Host name.Service (SRV) – Locator service for

LDAP/Domain controllers services.

Allows interoperability with prior versions of Microsoft Windows.

Higher levels of functional level will not allow older versions of Windows to function but will add additional functionality or features.

Raising functional level is a one-way process.

To raise the functional level of a forest, you must be logged on as a member of the Enterprise Admins group.

The functional level of a forest can be raised only on a server that holds the Schema Master role.

Active Directory is a database of objects that are used to organize resources according to a logical plan. These objects include containers such as

domains and OUs in addition to resources such as users, computers, and printers.

The Active Directory schema includes definitions of all objects and attributes within a single forest. Each forest maintains its own Active

Directory schema.

Active Directory requires DNS to support SRV records. Microsoft recommends that DNS support

dynamic updates.

Domain and forest functional levels are features of Windows Server 2008. The levels defined for each of these are

based on the type of server operating systems that are required by the Active Directory design.

The Windows Server 2003 forest functional level is the highest functional level available and includes support for all Windows Server 2003 features.

Questions