An Introduction and Active Directory Basics

A workgroup is basically one or more computers on a Windows network (LAN) that is not joined to a
domain.

A domain is a collection of objects that share the same database. Microsoft Windows uses the Active
Directory service to create a Windows domain.

Read: http://w99.suretech.com/12319/Windows_Domain_and_Workgroup_Definition

1. Suggest reasons why would you use a domain instead of workgroup to make the
management of the user passwords easier (such as for 1000 users)?
Answer:
User password management via Active Directory offer many benefits to business and end-users
(an enterprise with 1000 users) as compared to user management for 1000 users these can be
categorized as

Parameter Password management for Password management for

domain users
Financial aspect Very minimal system
administration efforts
required can centrally
manage the entire 1000 users
Productivity IT administrator need not be
locally present
Actions on user password can
be easily and quickly
managed which means
minimal time consumption
No need to keep track of
passwords in case single user
accesses multiple systems
Security best practices Single policies for password
management/complexities
can be imposed for 1000
users
workgroup users
Huge manpower will be
needed to committed a
decentralized setup of 1000
work group users
IT administrator needs to be
in person present or has to
gain access to computer to
action on user password, this
will take away a lot of time
User passwords need to be
tracked, hence involving extra
efforts & hence time
consuming
No policy for 1000 users can
be imposed

Considering the above benefits associated with each of the

Conclusion parameters, domain should be used to manage the user
passwords for 1000 users
 Lightweight Directory Access Protocol (LDAP)

http://www.yellowpages.com.sg/.
2.
Access the above website and explain how you can use the website.

Yellow pages website is a very organized directory with credible & elaborated list of information.
As an example, you need to procure IT hardware and need to know the best and nearest location
with other details like address, telephone numbers, costing, prior customer reviews & brands
available. You can simply search on yellow pages website and get a well-organized read only
information.

3. In what way LDAP is like yellowpages?

LDAP is structured like yellow pages. The informational structure in LDAP is similar to yellow
pages. A LDAP query will return data from company directory with information around
users/computers/groups/printers etc with al relevant parameters like location, phone numbers,
designation, serial numbers owners, manager etc just like we get the response from yellow pages

The Logical Structure of Active Directory

You can look at Active Directory from two sides: logical and physical. First, when you hear
Active Directory, you most likely focus on the logical components that make up Active
Directory.

The Active Directory directory service is a distributed database that stores and manages information
about network resources, as well as application-specific data from directory-enabled applications.

Active Directory allows administrators to organize objects of a network (such as users, computers,
and devices - represent the physical entities that make up a network) into a hierarchical collection
of containers known as the logical structure.

The top-level logical container in this hierarchy is the forest. Within a

forest are domain containers, and within domains are organizational
units.

Source:

https://technet.microsoft.com/en-us/library/cc759073(v=ws.10).aspx#w2k3tr_logic_what_yokf
 Components of the Active Directory Logical Structure

The Active Directory structure consists of multiple core components (elements) of the Active
Directory logical structure.

The following figures illustrate the relationships of OUs, domains, and forests in the logical structure
architecture.

The first domain in the forest is called the forest root domain.

Match the correct component to each of the following description below based on
1.
the given choices.

Organizational Units Domain Trees Forests

Domains

Component Description
They are top-level container in that it houses all domain containers for that
Forests
particular Active Directory instance.
Domains They partition the directory into smaller sections within a single forest.
Organizational They make it possible to group resources in a domain for management purposes,
Units such as applying Group Policy or delegating control to administrators.
They are collections of domains that are grouped together in hierarchical
Domain Trees
structures.

The Physical Structure of Active Directory

The physical structure of Active Directory is represented by a set of physical components which,
when configured correctly, can help optimize the transmission of network replication and
authentication in ways specifically tailored to fit your physical network. 
 Site and Subnets Objects

Sites and subnets are represented in Active Directory by site and subnet objects. 

In Active Directory, sites map the physical structure of your network, while domains map the logical
or administrative structure of your organization. 

Domain Controllers

A domain is hosted by at least one physical server designated as a domain controller.

The domain controllers are the servers that store and run the Active Directory database.

All domain controllers in a domain receive changes and replicate those changes to the domain
partition stored on all other domain controllers in the domain.

A domain partition stores only the information about objects located in that domain.

Why is it always good for a domain to have more than ONE domain
1.
controller?
Answer:

The primary reason for having more than one domain controllers is for fault tolerance. They will
replicate the Active Directory information between them and can provide services in case any
one of them is unavailable.

Why there is a need to separate an Active Directory into logical and physical
2.
structures of?

Answer:
In Active Directory, the logical structure is separate from the physical structure, this is required
as logical structure to organize your network resources, and the physical structure to configure
and manage your network traffic. The physical structure of Active Directory is composed of sites
and domain controllers.
 Global catalog servers

It is a domain controller that stores a full copy of all Active Directory objects in the directory for its
host domain and a partial copy of all objects for all other domains in the forest. Applications and
clients can query the global catalog to locate any object in a forest.

A global catalog is created automatically on the first domain controller in the forest. Optionally,
other domain controllers can be configured to serve as global catalogs.

Multimaster Replication

Active Directory uses multimaster replication to

accomplish the synchronization of directory information.

With Active Directory, no one domain controller is the

master. Instead, all domain controllers within a domain
are equivalent. Changes can be made to any domain
controller, regardless of location.

All domain controllers in the forest are also updated with

changes to forest-wide data.
 Delegation of Administration Within an Organization

Figure below shows the distribution of users in a fictitious multinational organization.

The organization started with a domain for their

corporate headquarters (Corp) and then, to
control replication across the entire world-wide
network, the organization created three
additional domains (North America, South
America, and Europe) as partitions of the forest.

To support further delegation, the organization

subdivided the North America domain into three
OUs: West, Central, and East.

Design an Active Directory Logical Structure for company Adatum in problem

statement by drawing a diagram using software tool such as Microsoft Visio, Paint
etc.
1.
Label all the objects such as forest, domain and organization unit etc. in your
diagram properly.
Answer:

User Objects

The user account is the primary means by which people using an Active Directory Domain
Services network access resources. Resource access for individuals takes place through their
individual user accounts.

To gain access to the network, prospective network users must authenticate to a network with a
specific user account.

There are TWO types of user accounts on systems running Windows Server 2016, as follows:

Local users A local user is one whose username and encrypted password are stored on the
computer itself. When you log in as a local user, the computer checks its own list
of users and its own password file to see if you can log into the computer.
Domain users A domain user is one whose username and password are stored on a domain
controller rather than the computer the user is logging into. Privileges are
assigned by domain controller to you after successful authentication with the
proper permissions and restrictions based on your user account.
1. 2. Which type of user accounts does your RP user account belong to?
 Can you use your school user account to log in to your classmate’s laptop that is
joined to the school domain? Explain why.
Answer:

Can you use your school user account to log in to your family member’s
PC/laptop at home that is NOT joined to school domain? Explain why.
3.
Which type of user accounts does your family member user account that is used
to log in to his/her computer belong to?
Answer:

References

https://technet.microsoft.com/en-us/library/
cc759073(v=ws.10).aspx#w2k3tr_logic_what_orxw

https://msdn.microsoft.com/en-us/library/bb742592.aspx