Vous êtes sur la page 1sur 28

ACTIVE DIRECTORY

Terry Lewis
tlewis@go-eol.com
Emergent OnLine, Inc.
703-709-9210 ext 209
07/24/16

Microsoft Active Directory Foundations


Microsoft Exchange 4.0, 5.0, 5.5
Active Directory OLE Preview Oct 97
Microsoft Active Directory Rapid
Deployment Partner (RDP)
Windows NT 5.0 Beta 1
Windows NT 5.0 Beta 2
Windows 2000 Beta 3
Windows 2000 RC1/2/3/Gold
07/24/16

Agenda

What is Active Directory?


Management
Security
Interoperability
Additional resources

07/24/16

So What IS Active Directory?


Directory Service
Functionality

Store
Organize
Manage
Control

07/24/16

Database of
Network
Resources

Active Directory Installation

Windows 2000 Server or later


Run Dcpromo to start Active Directory
Installation wizard
DNS name resolution
SRV record

07/24/16

Demo

Active Directory Installation Wizard

Show the Active Directory


Installation wizard

07/24/16

Manageability

Centralized Management
Group Policy
Global Catalog
IntelliMirror Desktop Management
Automated Software Distribution

07/24/16

Manageability

Active Directory Service Interfaces (ADSI)


Backward Compatibility
Delegated Administration
Multi-Master Replication

07/24/16

Security

Kerberos Authentication
Smart Card Support
Transitive Domain Trusts
PKI X.509 Infrastructure
LDAP over SSL
Required Authentication Mechanism
Attribute Level Security
Domain Spanning Security groups
LDAP ACL Support
07/24/16

Interoperability

DirSync Support
Active Directory Connector
Open APIs
Native LDAP
DNS Naming
Open Change History
DEA Platform
DEN Platform
Extensible Schema
07/24/16

10

Demo

Centralized Management

Browse Active Directory


Create objects

07/24/16

11

Active Directory Schema


Objects
Class Examples

Active Directory Schema Is:

Computers

Users

Printers
07/24/16

Defines Objects that can be


added to the database
Protected by DACLs

Attribute
Examples
Attributes of Users
Might Contain:
accountExpires
department
distinguishedName
middleName

List of Attributes
accountExpires
department
distinguishedName
directReports
dNSHostName
operatingSystem
repsFrom
repsTo
middleName

12

Demo

Active Directory Schema

Browse Active Directory schema


Extensibility for DEA

07/24/16

13

Logical Structure

Organizational units
Domains
Trees and forests
Global Catalog

07/24/16

14

Organizational Units
Network Administrative Model

Sales

Organizational Structure

Vancouver

Users

Sales

Computers

Repair

Group objects into a logical hierarchy that best suits


the needs of your organization
Delegate administrative control over the objects within
an OU by assigning specific permissions to users and
groups
07/24/16

15

Demo
Organizational Units

Create organizational units


Show delegation of administration
Administrative Tools and Taskpad views

07/24/16

16

Domains
r1
Use 2
r
Use

Replication

r1
Use 2
r
Use

Windows 2000
Domain

Contain organizational units


Unit of replication
Security boundary

07/24/16

17

What Is a Tree?
Tree Root Domain

Parent
Parent

Parent Domain

Emergent.com
Contiguous Namespace
sales.emergent.com
Child Domain

Child
Child

sales.emergent.com
New
Domain

07/24/16

18

What Is a Forest?

A Forest Is One or More Trees


Trees in a Forest Do Not Share a
Contiguous Namespace

Forest

contoso.msft
contoso.msft

Tree

nwtraders.msft
nwtraders.msft

Tree
marketing.
marketing.
nwtraders.msft
nwtraders.msft
07/24/16

sales.
sales.
nwtraders.msft
nwtraders.msft

sales.

sales.
All of The Domains in
a
contoso.msft
contoso.msft
Forest Share a Common
Configuration, Schema, and
Global Catalog
19

Active Directory Partitions


Directory Partitions

Schema

Forest

Configuration
Domain

Emergent.com

07/24/16

Contains definitions and rules for


creating and manipulating all objects
and attributes
Contains information about Active
Directory structure
Holds information about all domainspecific objects created in Active
Directory

20

Global Catalog

A DC designated as a GC has
knowledge of its own domain
information (which is complete)

Plus it has partial information from all of


the other domains in the tree
07/24/16

21

Demo

Global Catalog

Create a Global Catalog server


Set Global Catalog attributes

07/24/16

22

Demo
Manageability

Edit Default Domain Group Policy


Demo IntelliMirror Desktop Management
Demo Automated Software Distribution
Show Resultant Summary of Group Policy

07/24/16

23

Active Directory Replication


Multi-master Replication (of
changed attributes) with
Loose Convergence

Domain
Controller B

Replication
Domain
Controller A
Domain
Controller C
07/24/16

24

When Replication Occurs

Default replication latency (change notification) = 5 minutes


Scheduled replication = one hour
Urgent replication = immediate
change notification
Change notification

Replicated update
Domain
controller B

Originating update

Replication

Domain
controller A
Change notification

Replicated update

Domain controller C
07/24/16

25

How Kerberos V5 Works


Kerberos Authentication

Forest Root
Domain

KDC

Emergent.com
Emergent.com

KDC
Go-eol.com
Go-eol.com

KDC

2
4

KDC

Server

1
Client

Session
Ticket

marketing.emergent.com

Sales.go-eol.com
07/24/16

26

DEMO
Security

Smart Card Support


PKI X.509
Required Authentication
Universal groups

07/24/16

27

Additional Resources
2154A: Implementing And Administering Microsoft
Windows 2000 Directory Services
Emergent Consultant and Integration Services

07/24/16

28