Active Directory Admin Training

8/2/2019 Active Directory Admin Training

1/31

L A U R E N Information Technologies Pvt. Ltd.

Active Directory

Admin Training


2/31


Agenda

Active Directory

Domain Name System (DNS)

Dynamic Host Configuration Protocol(DHCP)

Demonstration

Q & A


3/31


Active Directory

Introduction

Domain, Trees, Forests (Logical)

Domain Controllers, Sites (Physical) Replication

Operations Masters

Group Policy


4/31


Active Directory

Active Directory

Central component for Windows 2003Operating system.

Is a directory service which storesinformation about network object andmake them available and usable for

users, applications and computers.


5/31


Active Directory - Benefits

Integrated Security By managing logon and authentication

By controlling access on the object

Ease of Management Can be managed centrally

Distributed management by delegatingcontrol

Single sign on User can access the permitted networkresources once logged on to the ActiveDirectory.


6/31


Active Directory.

Ease of locating search resources As Active Directory is a central database for

storing objects, it provides enhanced searchcapabilities.

Scalability to size any network

Can be design for any network, because itcan include multiple domains.


7/31


Active Directory LogicalConcepts

Domains Boundary of Security

Boundary of Authentication

Boundary of Replication Domain NC Replication

Boundary of DNS Namespace

Boundary of Administration

COMPANY.COM


8/31


Active Directory Logical

Concepts

Trees Collection of Domain controllers

Transitive Trust Relationships

All Domains in a Tree share: Schema

Configuration

Global Catalog

COMPANY.COM

EUROPE.COMPANY.COAMERICA.COMPANY.COM

NICARAGUA.AMERICA.COMPANY.COM


9/31


Collection Domain trees

Transitive Trust Relationships

All Domains in a Forest share: Schema

Configuration

Global Catalog DIVISION.COMCOMPANY.COM

AMERICA.COMPANY.COM


Concepts

Forests


10/31


Containers within Domains

Distinct Units of Administration Unique to Domains


Concepts

Organizational Units


11/31


Active Directory Physical Concepts

Domain ControllersPrimary Domain Controller (PDC)

Back-Up Domain Controller (BDC)

Domain Controllers (DC)


12/31


What Is a Site?

A set of well-connected IP subnets

Site Usage Replication

Group policy application

Sites Are Connected with SiteLinks

Connects two or more sites


Sites


13/31



Site Topology

Company.com

america.company.com europe.company.com

DC

Site A

Site B

Site C

DC

GC

GC

GC

DC

DC = Domain ControllerGC = Global Catalog


14/31


A master, searchable index thatcontains information about everyobject in every domain in a forest

Active Directory Physical

Concepts

Global Catalog


15/31


Intra-Site Replication: ADreplication between DCs within a site

Inter-Site Replication: ADreplication between sites

ReplicationReplication Topologies


16/31


RPC Replication in a Site

No Compression

Assumes good network connections

ReplicationIntra-Site Replication


17/31


Replication Between Sites DS-RPC (RPC over IP) or

SMTP Transports

SMTP Can Be Used

Compression

10 percent-20 percent of original size

Scheduled

ReplicationInter-Site Replication


18/31


Site Links Link Two or More Sites

Cost and schedules can be specified

Bridgehead Servers

Master Replication Server in a site

ReplicationSite-Links & Bridgehead Servers


19/31


Schema

Perform updates to schema

Sends updates to all DCs

One per forest

Default is the first DC installed

Domain

Performs add/remove of domains

and cross-references to external DS

One per forest

Default is the first DC installed

Operations MastersSchema and Domain


20/31


Primary Domain Controller (PDC) Acts as a PDC for requests from

Microsoft Windows NT clients One per domain

Relative Identifier (RID) Generates pools of securityidentifiers to be distributed to DCsin the domain

One per domain

Infrastructure Updates security identifiers (SIDs)

and domains that are moved in andout of the domain

Operations MastersPDC, RID, and Infrastructure


21/31


Group Policy OverviewDo More with Less Effort

ActiveDirectory

One Administrator

Action

New Policy

Group Policy enablesadmins to set and maintaina desired computing state

New Group PolicyManagement Console

(GPMC) makesadministration much easier

Many End UserResults Many Computer

Results


22/31


Group Policy Processing

Site

Domain

OUOU

OU

GPO1

GPO2

GPO3

GPO4


23/31


Using Group Policy to

Control the UserEnvironment

Use Group Policy to:Manage users and computers

Deploy software

Enforce security settings

Enforce a consistent desktop environment


24/31


Software Installation

3 deployment options Assign to computer

App is installed at boot

Assign to user

App installed either on demand or (with XP and above) atuser logon

Publish to user

User chooses to install from add remove programs.

Requires MSI apps

Tips Make sure machine accounts have access to Software

Distribution points for machine assigned apps

No supported way to control install order within a GPO


25/31


When Does GroupPolicy Get Applied?

Group PolicyApplies ComputerSettings

Startup ScriptsRun

Group PolicyApplies UserSettings

Logon Scripts Run

ComputerStarts

User Logs On

and at periodic intervals


26/31


Foreground Versus Background

refresh Foreground refresh At boot and logon

Processing is synchronous

Logon prompt not displayed till computer processing complete

Desktop not displayed till user processing complete

Requires connectivity to domain

Background refresh

Approximately every 90 minutes Software installation and folder redirection settings

not processed


27/31


Active Directory .

Active Directory console


28/31


Domain Name System (DNS)

Is a TCP/IP based name resolutionservice

Is used to resolve a host name to its

associated IP address Is implemented using two software

components

DNS server DNS client (or resolver)


29/31


Dynamic Host ConfigurationProtocol (DHCP)

Automate the assignment of IP addresses

Centrally managed by Network

Administrators

DHCP Scopes

Scope - A range of IP addresses that

can be assigned to clients that are onone subnet

Superscope - Is a collection of individualscopes


30/31


Active Directory

Demonstration


31/31

L A U R E N Information Technologies Pvt. Ltd

Q & A

Active Directory Admin Training

Documents

Transcript of Active Directory Admin Training