Title | WIN210 Week 3 Lecture 1 - Introduction to Active Directory |
---|---|
Course | Basic Administration of Microsoft Windows |
Institution | Seneca College |
Pages | 2 |
File Size | 56 KB |
File Type | |
Total Downloads | 106 |
Total Views | 135 |
This document contains notes from WIN210 (Basic Administration of Microsoft Windows) Week 3 Lecture 1. Topic: Introduction to Active Directory; Domains and Trusts....
WIN210 Week 3 Lecture 1
Quiz – chapter one (big book and little book) review questions Check the lab spreadsheet 2nd half of semester (Rakhmani) // Active Directory -
It is a database of my network System State Backup (do it!) In the old days, PDC (Primary Domain Controller) and BDC (Backup Domain Controller) Nowadays we only have DCs – all are equal and automatically update changes A server that is not a domain controller is called a member server
What makes a domain different from each other? Cibc.com (Global Catalog Server) /
|
\
Na.cibc.com
eu.cibc.com
asia.cibc.com
/
\
Us.na.cibc.com
ca.na.cibc.com /
On.ca.na.cibc.com
\ bc.ca.na.cibc.com
Contiguous namespaces: share part of the parent’s namespace (e.g. na.cibc.com) Disjointed namespaces: are part of the forest but do not share part of the parent’s namespace (e.g. ca.vtonioli.com) Multi-master replication: domains talk to each other and update information of the same database Schema: All the attributes of everything that is in my Active Directory Attributes: Name, profile path, phone number, etc. GUID/SID: Globally Unique Identifier (ID code for AD objects) You can add custom attributes (serial number for printers or computers, for example) Global Catalog Server (GCC/GCS): Is the very first server in a forest (cibc.com) and is responsible for updating info and keep track of everything DNS is the basis of AD
Containers: forests, trees, domains, organizational units (OU), sites (IP-based) Functional level (to accommodate for different kinds of DCs) – just one Win2000 server in my forest brings the AD functional level to Win2000 Trust between trees: The “trusting machine” has the resources I need remotely; the “trusted machine” is where I am (being granted access to the trusting) Two-way trust (2008) -> transitive trust: If A and B have a trust, and B and C also have a trust, then A and C also have a trust. Keep organization horizontal at the OU level. Different trusts: a) b) c) d) e) f) g)
Tree-root trust (sibling-sibling) Forest root trust (different trees/roots) Short-cut trust (branch-branch) External trust (separate, not disjointed) Transitive trust (if A>B and B>C then A>C) Parent-child trust Realm trust (Windows – Non-Windows)
Desktop shortcut: mmc (Microsoft Management Console) > snap-ins > AD Users & Groups, DHCP, DNS Preparation for 1st practical test: Give yourself a static IP (10.10.10.X/26) Server1 machine name Server1.SenecaID.local domain name Have to know how to DSAdd users, groups and OUs...