Ch 8-1 Working with domains and Active Directory.
-
Upload
logan-kennedy -
Category
Documents
-
view
221 -
download
0
Transcript of Ch 8-1 Working with domains and Active Directory.
Ch 8-1
Working with domains and Active Directory
Objectives
• Introduction to domains and domain controllers
• Pros and cons of using domains• Factors to choose between domains and
workgroup• Domains, subdomains, trees and forests
Introduction to domains
• The main reason to choose building a network , either workgroup or domain, is to have control over what users can and cannot do on the network
• Using a workgroup , the administrator have to configure the settings(security and file sharing permissions ) on each machine individually
• Using a domain one machine called a Domain Controller is responsible for security and permissions
Introduction to domains
• Windows Server 2008 supports two kinds of network using two different server configurations:– for smaller numbers of users,it relies on the workgroup– for larger numbers of users,it relies on the domain
• The same machine can act as either a workgroup server or a domain server
• Having a domain server means that this server is responsible for dealing with security and permissions on the network
Advantages of using a Domain
1. Better security2. Centralization of control over users,
machines, and resources3. Improved organizational capability4. Enhanced performance through efficient
resource usage5. better reliability on large networks
Cost of using domains
• Increased complexity, which can increase administration time and result in more errors
• Loss of certain Windows Server 2008 features, such as Internet Connection Sharing (ICS)
• Required use of some features, such as Active Directory
• Significantly increased training costs
Factors to choose between a domain or workgroup
• The number of users• Application types, such as databases, require
better security and control, which means that you may need a domain with fewer users.
• High-security applications normally require a domain no matter how few or many users
• Shared resource applications, such as word processing, don’t require a domain in most cases unless you have a large number of users that must collaborate on content.
Factors to choose between a domain or workgroup
• Services such as file sharing and printing don’t usually require a domain.
• Power users generally work better in a workgroup setup.
• Novice users may not require a domain, but the domain environment can sometimes prevent them from making as many mistakes.
• Networks with high growth rates may not require a domain today, but will likely need one tomorrow
Domain controller• The decision to create a domain means promoting
the server to a domain controller• Domain controllers (DCs): Servers that have the
Active Directory Directory Services (AD DS) server role installed and the same Active Directory information is replicated to every DC.
• Multimaster replication– Each DC is equal to every other DC in that it contains the full range of
information that composes Active Directory– If information on one DC changes, such as the creation of an account, it
is replicated to all other DCs in a process called multimaster replication.
• In case of DC failure, users can still access resources
10
Active Directory Basics• Active Directory– Directory service that contains information about all
network resources such as servers, printers, user accounts, groups of user accounts, security policies, and other information
• Directory service– Responsible for providing:
• a central listing of resources • and ways to quickly find and access specific resources • and for providing a way to manage network resources
• AD DS is like a central management center for a Windows Server network.
11
Schema
• Active Directory schema– Part of AD DS , It is simply a database of how data is stored in
the domain controller and what information is stored in the domain controller about users and computers and other objects in the network.
• User account– One class of object in Active Directory that is defined through
schema elements unique to that class– Foe example for the user accounts schema there will be user
names and password and email address• Schemas are expandable , you can add more data when
needed
Groups and permissions
• Security is the main issue when managing user accounts in the active directory
• Instead of giving certain permissions to each account individually it is better to create Groups to deal with security
• With groups the administrator can add the permissions to different resources on the network one time and then assign users to be a member of the groups
Organizational Unit• Organizational unit (OU)
– Offers a way to achieve more flexibility in managing the resources associated with a business unit, department, or division• Than is possible through domain administration alone
• An OU is a grouping of related objects within a domain similar to the idea of having subfolders within a folder– OUs allow the grouping of objects so that they can be
administered using the same group policies• OUs can be nested within Ous• Groups are made of users• OUs are made of groups , users and other resources
such as printers
15
Organizational Unit (continued)
• When you plan to create OUs, keep three concerns in mind:– Microsoft recommends that you limit OUs to 10
levels or fewer– Active Directory works more efficiently when OUs
are set up horizontally instead of vertically– The creation of OUs involves more processing
resources because each request through an OU requires CPU time
The Domain
• The Domain is basically all the computers and users and objects that are tied to the domain controller AD DS
• On a local area network (LAN), a domain is a sub-network made up of a group of clients and servers under the control of one central security database
• On the Internet, a domain is part of every network address, including web site addresses, email addresses
Sub domain
• A sub domain is a domain that is part of a larger domain; the only domain that is not also a sub domain is the root domain– Example: googel.com, europe.google.com
• When you create sub domains from the original domain we will have what is called “a Tree”
18
Namespace• Namespace
– A logical area on a network that contains directory services and named objects
• Active Directory employs two kinds of namespaces: contiguous and disjointed
• A contiguous namespace is one in which every child object contains the name of the parent object, such as in the example of the child object msdn2.microsoft.com and its parent object microsoft.com
• When the child name does not resemble the name of its parent object, this is called a disjointed name space, such as when the parent for a university is uni.edu, and a child is bio.ethicsresearch.com.
19
Tree
• Tree– Contains one or more domains that are in a
common relationship• Tree has the following characteristics:– Domains are represented in a contiguous
namespace and can be in a hierarchy– Two-way trust relationships exist between parent
domains and child domains– All domains use the same global catalog
20
Forest• Forest– Consists of one or more Active Directory trees that
are in a common relationship• Forests have the following characteristics:– The trees can use a disjointed namespace– Two-way transitive trusts are automatically
configured between domains within a single forest
21Hands-On Microsoft Windows Server 2008
22
Forest (continued)
• Forest provides a means to relate trees that use a contiguous namespace in domains within each tree – But that have disjointed namespaces in
relationship to each other• The advantage of joining trees into a forest is
that all domains share the same schema and global catalog
Hands-On Microsoft Windows Server 2008 23
Forest (continued)
Hands-On Microsoft Windows Server 2008 - edited by Nada Almohaimeed 24
Global Catalog• Global catalog– Stores information about every object within a forest– Store a full replica of every object within its own
domain and a partial replica of each object within every domain in the forest
• The first DC configured in a forest becomes the global catalog server
• The global catalog server enables forest-wide searches of data
Homework
• Download homework 8-1 from the site , solve it, PRINT IT and submit it on the due date