Active Directory Directory Services provide a centralized directory that uniquely identifies and manages all network resources. It stores information about objects like users and computers in an extensible schema. Resources are organized hierarchically into domains, trees, and forests for security and management. Replication ensures changes are reflected across all domain controllers.
Active Directory Directory Services provide a centralized directory that uniquely identifies and manages all network resources. It stores information about objects like users and computers in an extensible schema. Resources are organized hierarchically into domains, trees, and forests for security and management. Replication ensures changes are reflected across all domain controllers.
Active Directory Directory Services provide a centralized directory that uniquely identifies and manages all network resources. It stores information about objects like users and computers in an extensible schema. Resources are organized hierarchically into domains, trees, and forests for security and management. Replication ensures changes are reflected across all domain controllers.
• Uniquely identify users and resources on a network
• Provide a single point of network management What Are Active Directory Directory Services?
The directory service included with Microsoft Windows 2000
Server products • A directory service is a network service. • A directory service identifies all resources on a network. • A directory service makes all resources available. What Are Active Directory Directory Services? (continued) Active Directory directory services include the Directory. • The Directory stores information about network resources. • Resources stored in the Directory are referred to as objects. Simplified Administration
Active Directory directory services organize resources
hierarchically in domains. • A domain is a logical grouping of servers and other network resources under a single domain name. • A domain is the basic unit of replication and security. • A domain includes at least one domain controller. Simplified Administration (continued)
Active Directory directory services provide
• A single point of administration for all objects on the network • A single point of logon for all network resources Scalability
• The Directory stores information by organizing itself
into sections that permit storage for a huge number of objects. • The Directory can expand to meet the needs of • Small installations with one server and a few hundred objects. • Huge installations with hundreds of servers and millions of objects. Open Standards Support
Active Directory directory services
• Integrate the Internet concepts of a namespace with the Windows 2000 directory service • Allow you to unify and manage multiple namespaces • Use DNS for its name system • Exchange information with any application or directory that uses LDAP or HTTP Domain Name System
• DNS is the domain naming and locator service for Active
Directory. • Windows 2000 domain names are also DNS names. • Windows 2000 Server uses dynamic DNS (DDNS). • Clients can update the DNS table dynamically. • DDNS eliminates the need for other naming services. Support for LDAP and HTTP
• LDAP is an Internet standard for accessing directory services.
• HTTP is the standard protocol for displaying pages on the World Wide Web. • You can display every object in Active Directory as an HTML page in a Web browser. Support for Standard Name Formats
• The logical structure is separate from the physical structure.
• Organize resources in a logical structure. • Find a resource by its name rather than its physical location. • The network’s physical structure is transparent to the users. Objects Organizational Units Domain
• The domain is the core unit of logical structure.
• All network objects exist within a domain. • A domain stores information about only the objects that it contains. • A practical limit to the number of objects in a domain is 1 million. A Domain Is a Security Boundary
• Access to domain objects is controlled by ACLs.
• ACLs contain the permission associated with objects. • ACLs control which users can gain access to an object. • ACLs control which type of access users can gain to the objects. • Security policies and settings do not cross from one domain to another. • A domain administrator has absolute rights to set policies only within that domain. Tree
• A tree is a grouping of one or more Windows 2000 domains.
• All domains within a single tree share a contiguous namespace. • The domain name of a child domain is the relative name of that child domain appended with the name of the parent domain. • All domains within a single tree share a common schema. • All domains within a single tree share a common global catalog. Forest
• A forest is a grouping of one or more domain trees.
• The trees in a forest form a disjointed namespace. • All trees in a forest share a common schema. • Trees in a forest have different naming structures. • All domains in a forest share a common global catalog. • Domains in a forest operate independently. Sites
• The physical structure is based on sites.
• A site is a combination of one or more IP subnets. • Typically a site has the same boundaries as a LAN. • Sites are not part of the logical namespace. • Sites contain computer objects and connection objects. Replication Within a Site
• The Active Directory directory services include a replication
feature. • Replication ensures that changes to a domain controller are reflected by all domain controllers within a domain. Functions of Domain Controllers in a Domain
• Store a complete copy of all Active Directory information
• Replicate all objects in the domain to each other automatically • Replicate certain important updates immediately • Use multimaster replication • Provide fault tolerance • Manage all aspects of user domain interactions Ring Topology for Replication Schema
• Contains a formal definition of the contents and
structure of Active Directory directory services • Defines attributes for each object class Default Schema
• Created by installing Active Directory on first computer in a
new forest • Contains definitions of commonly used objects and properties • Contains definitions of objects and properties used by Active Directory Extensible Schema
• You can define new directory object types and attributes.
• You can define new attributes for existing objects. • You can extend the schema • By using LDAP Data Interchange Format (LDIF) scripts. • Programmatically or by using the Active Directory Services Interface (ADSI). • By using the Active Directory Schema snap-in. • The schema is stored in the global catalog and can be updated dynamically. Global Catalog Global Catalog Servers
• Installing Active Directory on the first computer in a new
forest makes that domain controller a global catalog server. • The Active Directory Sites and Services snap-in allows you to designate additional global catalog servers. • More global catalog servers means more replication traffic. • More global catalog servers can provide quicker responses. • Every major site should have a global catalog server. Namespace Naming Conventions
• Every object in Active Directory is identified by a name.
• Active Directory uses a variety of naming conventions. Distinguished Name
• Every object has a distinguished name (DN).
• The DN uniquely identifies the object. • The DN contains sufficient information for a client to retrieve the object. • The DN includes the name of the domain that holds the object. • The DN includes the complete path to the object. Relative Distinguished Name Globally Unique Identifier
• A globally unique identifier (GUID) is a 128-bit number that is
guaranteed to be unique. • GUIDs are assigned when the object is created. • The GUID for an object never changes. • Applications use GUIDs to retrieve objects regardless of current DNs. User Principal Name
• User accounts have a friendly name, the user principal name
(UPN). • The UPN is composed of the shorthand name for the user account and the DNS name of the tree where the user account object resides.
Docker: The Complete Guide to the Most Widely Used Virtualization Technology. Create Containers and Deploy them to Production Safely and Securely.: Docker & Kubernetes, #1
Software Containers: The Complete Guide to Virtualization Technology. Create, Use and Deploy Scalable Software with Docker and Kubernetes. Includes Docker and Kubernetes.