Professional Documents
Culture Documents
Goals: Lesson 1: Introducing Active Directory Services in Windows Server 2003
Goals: Lesson 1: Introducing Active Directory Services in Windows Server 2003
Goals
Introduce Active Examine the logical and
Directory physical structure of Active
Directory
Identify the functions
and features of Active Examine more Active
Directory Directory concepts
Plan a domain structure
Introduce Active
Directory architecture Plan a domain
namespace
Introduce Active Examine guidelines for
Directory objects planning a site structure
Database Layer
Access calls to the database go through the Database
Layer
Acts as an abstraction layer between the applications that
make the access calls and the database
Extensible Storage Engine (ESE)
Has direct contact with the records in the directory data
store
Based on an object’s relative distinguished name attribute
Active Directory
Treats each domain resource as an object
Each object is represented by distinct characteristics
known as attributes
Global catalog
Stores information about all objects in a forest
By default, the global catalog is created on the first
domain controller in a forest, known as a global
catalog server
Whenever object information is updated, a global
catalog server exchanges this information with other
global catalog servers in a forest
Global catalog
In a single domain, the global catalog stores information
about all of the objects in that domain
In multiple domains, the global catalog stores a full
replica of information about objects belonging to its
domain and a partial replica of information for objects
belonging to other domains
You can add global catalog servers to a forest to
provide backup for the default global catalog server
Global catalog
Global catalog servers also participate in logons in
Windows 2000 native mode
Perform Universal Principal Name (UPN) lookups
Provide universal group storage
Handles user and program-related queries about
objects
Can quickly resolve a query about an object anywhere
in the forest
© 2004 Pearson Education, Inc.
1.57
Exam 70-294 Planning, Implementing, and Maintaining
a Microsoft Windows Server 2003 Active Directory Infrastructure
Lesson 1: Introducing Active Directory Services in Windows Server 2003 (Skill 6)
Trust relationships
A trust is a connection between domains allowing users
from one or both domains to be granted access to
resources in the opposing domain
In a multi-domain environment, trusts allow users to
access resources in other domains without the need to
log on to each domain separately
Trusts allow users to log on to their own domain on
computers that are members of a different domain
Internal namespace
Is not resolvable by hosts who are using public
(Internet) DNS servers
Only used for internal clients
Is well-suited for hosting Active Directory due to
increased security
External namespace
Is resolvable from any client on the Internet
Is required for Internet-accessible resources, such as
Web sites
Is typically a poor choice for hosting Active Directory
due to the potential lack of security it provides
Hybrid namespace
One design method provides the best of both
worlds by dividing your namespace into two zones
One for public access
One for private access
One design method involves delegating a DNS
subdomain as the root of your internal structure
Naming guidelines
All Active Directory domain names should be static
Keep it short, simple, and easy to remember
Use standard DNS characters
Limit it to 63 characters including the periods
The Fully Qualified Domain Name (FQDN) can be up
to 255 characters