Module 1: Introduction
to Active Directory in
Windows 2000
Module 1: Introduction
to Active Directory in
Windows 2000
Overview
Introduction to Active Directory
Active Directory Logical Structure
Active Directory Physical Structure
Methods for Administering a Windows 2000 Network
Multimedia: Concepts of Active Directory in
Windows 2000
Introduction to Active Directory
What Is Active Directory?
Active Directory Objects
Active Directory Schema
Lightweight Directory Access Protocol (LDAP)
What Is Active Directory?
Directory Service
Functionality
Directory Service
Directory Service
Functionality
Functionality
Organize
Manage
Control
Organize
Manage
Control
Resources
Resources
Centralized Management
Centralized Management
Centralized Management
Single point of administration
Full user access to directory
resources by a single logon
Single point of administration
Full user access to directory
resources by a single logon
Active Directory Objects
Objects Represent Network Resources
Attributes Store Information About an Object
Attributes
Attributes
Attributes
First Name
Last Name
Logon Name
First Name
Last Name
Logon Name
Attributes
Attributes
Attributes
Printer Name
Printer Location
Printer Name
Printer Location
Active Directory
Active Directory
Active Directory
Printers
Printer1
Printer2
Suzan Fine
Users
Don Hall
Attribute
Value
Attribute
Attribute
Value
Value
Objects
Objects
Objects
Printers
Printers
Users
Users
Printer3
Active Directory Schema
Objects
Class Examples
Objects
Objects
Class Examples
Class Examples
Printers
Printers
Computers
Computers
Users
Users
Attributes of Users
Might Contain:
Attributes of Users
Attributes of Users
Might Contain:
Might Contain:
accountExpires
department
distinguishedName
middleName
accountExpires
department
distinguishedName
middleName
List of Attributes
List of Attributes
List of Attributes
accountExpires
department
distinguishedName
directReports
dNSHostName
operatingSystem
repsFrom
repsTo
middleName
…
accountExpires
department
distinguishedName
directReports
dNSHostName
operatingSystem
repsFrom
repsTo
middleName
…
Attribute
Examples
Attribute
Attribute
Examples
Examples
Active Directory Schema Is:
Dynamically Available
Dynamically Updateable
Protected by DACLs
Lightweight Directory Access Protocol (LDAP)
LDAP Provides a Way to Communicate with Active
Directory by Specifying Unique Naming Paths for
Each Object in the Directory
LDAP Naming Paths Include:
z
Distinguished names
z
Relative distinguished names
CN=Suzan Fine,OU=Sales,DC=contoso,DC=msft
Suzan Fine
Active Directory Logical Structure
Domains
Organizational Units
Trees and Forests
Global Catalog
Domains
A Domain Is a Security Boundary
z
A domain administrator can administer only within the
domain, unless explicitly granted administration rights
in other domains
A Domain Is a Unit of Replication
z
Domain controllers in a domain participate in replication
and contain a complete copy of the directory
information for their domain
Windows 2000
Domain
Windows 2000
Domain
User
1
User
2
User
1
User
2
Replication
Replication
Replication
Organizational Units
Organizational Structure
Organizational Structure
Organizational Structure
Sales
Vancouver
Repair
Users
Sales
Computers
Network Administrative Model
Network Administrative Model
Network Administrative Model
Use OUs to Group Objects into a Logical Hierarchy That
Best Suits the Needs of Your Organization
Delegate Administrative Control over the Objects Within
an OU by Assigning Specific Permissions to Users and
Groups
Trees and Forests
contoso.msft
contoso.msft
(root)
au.
contoso.msft
au.
contoso.msft
asia.
contoso.msft
asia.
contoso.msft
Tree
Two-Way Transitive Trusts
Two
Two
-
-
Way Transitive Trusts
Way Transitive Trusts
au.
nwtraders.msft
au.
nwtraders.msft
asia.
nwtraders.msft
asia.
nwtraders.msft
nwtraders.msft
nwtraders.msft
Forest
Tree
Two-Way Transitive Trust
Two
Two
-
-
Way Transitive Trust
Way Transitive Trust
Global Catalog
Global Catalog Server
Global Catalog
Global Catalog
Global Catalog
Subset of the
Attributes of All
Objects
Subset of the
Attributes of All
Objects
Domain
Domain
Domain
Domain
Domain
Domain
Queries
Queries
Queries
Group membership
when user logs on
Group membership
Group membership
when user logs on
when user logs on
Active Directory Physical Structure
Domain Controllers
Sites
Domain Controllers
Domain
Controller
Domain
Controller
Domain
Domain
Replication
Replication
Replication
User
1
User
2
User
1
User
2
= A Writeable Copy of the Active Directory Database
= A Writeable Copy of the Active Directory Database
Domain Controllers:
z
Participate in Active Directory replication
z
Perform single master operations roles in a domain
Sites
Sites:
z
Optimize replication traffic
z
Enable users to log on to a domain controller by using
a reliable, high-speed connection
Site
IP subnet
IP subnet
IP subnet
IP subnet
Los Angeles
Seattle
Chicago
New York
Methods for Administering a Windows 2000
Network
Using Active Directory for Centralized Management
Managing the User Environment
Delegating Administrative Control
Using Active Directory for Centralized Management
OU1
Domain
Computers
Users
OU2
Users
Printers
Computer1
User1
Printer1
User2
Domain
Domain
OU2
OU2
OU1
OU1
User1
User1
Computer1
Computer1
Printer1
Printer1
User2
User2
Search
Search
Search
Active Directory:
z
Enables a single administrator to centrally manage resources
z
Allows administrators to easily locate information
z
Allows administrators to group objects into OUs
z
Uses Group Policy to specify policy-based settings
Managing the User Environment
Use Group Policy to:
z
Control and lock down what users can do
z
Centrally manage software installation, repairs, updates,
and removal
z
Configure user data to follow users whether they are
online or offline
Windows 2000
Enforces Continually
Windows 2000
Enforces Continually
Apply Group
Policy Once
Apply Group
Policy Once
1
1
2
2
3
3
Domain
Domain
OU1
OU1
OU2
OU2
OU3
OU3
1
1
2
2
3
3
Delegating Administrative Control
Assign Permissions:
z
For specific OUs to other
administrators
z
To modify specific attributes of
an object in a single OU
z
To perform the same task in all OUs
Customize Administrative Tools to:
z
Map to delegated administrative tasks
z
Simplify interface design
Domain
Admin1
Admin2
Admin3
OU2
OU3
OU1
Review
Introduction to Active Directory
Active Directory Logical Structure
Active Directory Physical Structure
Methods for Administering a Windows 2000 Network