Professional Documents
Culture Documents
An Introduction and Active Directory Basics - Q & A
An Introduction and Active Directory Basics - Q & A
A workgroup is basically one or more computers on a Windows network (LAN) that is not joined to a
domain.
A domain is a collection of objects that share the same database. Microsoft Windows uses the Active
Directory service to create a Windows domain.
Read: http://w99.suretech.com/12319/Windows_Domain_and_Workgroup_Definition
1. Suggest reasons why would you use a domain instead of workgroup to make the
management of the user passwords easier (such as for 1000 users)?
Answer:
User password management via Active Directory offer many benefits to business and end-users
(an enterprise with 1000 users) as compared to user management for 1000 users these can be
categorized as
http://www.yellowpages.com.sg/.
2.
Access the above website and explain how you can use the website.
Yellow pages website is a very organized directory with credible & elaborated list of information.
As an example, you need to procure IT hardware and need to know the best and nearest location
with other details like address, telephone numbers, costing, prior customer reviews & brands
available. You can simply search on yellow pages website and get a well-organized read only
information.
LDAP is structured like yellow pages. The informational structure in LDAP is similar to yellow
pages. A LDAP query will return data from company directory with information around
users/computers/groups/printers etc with al relevant parameters like location, phone numbers,
designation, serial numbers owners, manager etc just like we get the response from yellow pages
You can look at Active Directory from two sides: logical and physical. First, when you hear
Active Directory, you most likely focus on the logical components that make up Active
Directory.
The Active Directory directory service is a distributed database that stores and manages information
about network resources, as well as application-specific data from directory-enabled applications.
Active Directory allows administrators to organize objects of a network (such as users, computers,
and devices - represent the physical entities that make up a network) into a hierarchical collection
of containers known as the logical structure.
Source:
https://technet.microsoft.com/en-us/library/cc759073(v=ws.10).aspx#w2k3tr_logic_what_yokf
Components of the Active Directory Logical Structure
The Active Directory structure consists of multiple core components (elements) of the Active
Directory logical structure.
The following figures illustrate the relationships of OUs, domains, and forests in the logical structure
architecture.
The first domain in the forest is called the forest root domain.
Match the correct component to each of the following description below based on
1.
the given choices.
Component Description
They are top-level container in that it houses all domain containers for that
Forests
particular Active Directory instance.
Domains They partition the directory into smaller sections within a single forest.
Organizational They make it possible to group resources in a domain for management purposes,
Units such as applying Group Policy or delegating control to administrators.
They are collections of domains that are grouped together in hierarchical
Domain Trees
structures.
The physical structure of Active Directory is represented by a set of physical components which,
when configured correctly, can help optimize the transmission of network replication and
authentication in ways specifically tailored to fit your physical network.
Site and Subnets Objects
Sites and subnets are represented in Active Directory by site and subnet objects.
In Active Directory, sites map the physical structure of your network, while domains map the logical
or administrative structure of your organization.
Domain Controllers
All domain controllers in a domain receive changes and replicate those changes to the domain
partition stored on all other domain controllers in the domain.
A domain partition stores only the information about objects located in that domain.
Why is it always good for a domain to have more than ONE domain
1.
controller?
Answer:
The primary reason for having more than one domain controllers is for fault tolerance. They will
replicate the Active Directory information between them and can provide services in case any
one of them is unavailable.
Why there is a need to separate an Active Directory into logical and physical
2.
structures of?
Answer:
In Active Directory, the logical structure is separate from the physical structure, this is required
as logical structure to organize your network resources, and the physical structure to configure
and manage your network traffic. The physical structure of Active Directory is composed of sites
and domain controllers.
Global catalog servers
It is a domain controller that stores a full copy of all Active Directory objects in the directory for its
host domain and a partial copy of all objects for all other domains in the forest. Applications and
clients can query the global catalog to locate any object in a forest.
A global catalog is created automatically on the first domain controller in the forest. Optionally,
other domain controllers can be configured to serve as global catalogs.
Multimaster Replication
User Objects
The user account is the primary means by which people using an Active Directory Domain
Services network access resources. Resource access for individuals takes place through their
individual user accounts.
To gain access to the network, prospective network users must authenticate to a network with a
specific user account.
There are TWO types of user accounts on systems running Windows Server 2016, as follows:
Local users A local user is one whose username and encrypted password are stored on the
computer itself. When you log in as a local user, the computer checks its own list
of users and its own password file to see if you can log into the computer.
Domain users A domain user is one whose username and password are stored on a domain
controller rather than the computer the user is logging into. Privileges are
assigned by domain controller to you after successful authentication with the
proper permissions and restrictions based on your user account.
1. 2. Which type of user accounts does your RP user account belong to?
Can you use your school user account to log in to your classmate’s laptop that is
joined to the school domain? Explain why.
Answer:
Can you use your school user account to log in to your family member’s
PC/laptop at home that is NOT joined to school domain? Explain why.
3.
Which type of user accounts does your family member user account that is used
to log in to his/her computer belong to?
Answer:
References
https://technet.microsoft.com/en-us/library/
cc759073(v=ws.10).aspx#w2k3tr_logic_what_orxw
https://msdn.microsoft.com/en-us/library/bb742592.aspx