Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Corso referenti S.I.R.A. – Modulo 2 06 – Active Directory 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano Viola (CSIA) Overview Introduction to Active Directory Active Directory Logical Structure Active Directory Physical Structure Methods for Administering a Windows 2000 Network • Introduction to Active Directory What Is Active Directory? Active Directory Objects Active Directory Schema Lightweight Directory Access Protocol (LDAP) What Is Active Directory? Directory Service Functionality Organize Manage Control Resources Centralized Management Single point of administration Full user access to directory resources by a single logon Active Directory Objects Active Directory Objects Attributes Printers Users Printer Name Printer Location Attributes First Name Last Name Logon Name Printers Printer1 Printer2 Printer3 Users Attribute Value Don Hall Suzan Fine Objects Represent Network Resources Attributes Store Information About an Object Active Directory Schema Active Directory Schema Is: Dynamically Available Dynamically Updateable Protected by DACLs Objects Class Examples Computers Users Printers Attribute Examples Attributes of Users Might Contain: accountExpires department distinguishedName middleName List of Attributes accountExpires department distinguishedName directReports dNSHostName operatingSystem repsFrom repsTo middleName … Lightweight Directory Access Protocol (LDAP) LDAP Provides a Way to Communicate with Active Directory by Specifying Unique Naming Paths for Each Object in the Directory LDAP Naming Paths Include: Distinguished names CN=RossiMario,OU=Studenti,DC=ds,DC=units,DC=it Relative distinguished names • Active Directory Logical Structure Domains Organizational Units Trees and Forests Domains A Domain Is a Security Boundary A domain administrator can administer only within the domain, unless explicitly granted administration rights in other domains A Domain Is a Unit of Replication Domain controllers in a domain participate in replication and contain a complete copy of the directory information for their domain Replication Windows 2000 Domain Organizational Units Network Administrative Model Sales Organizational Structure Vancouver Users Sales Computers Repair Use OUs to Group Objects into a Logical Hierarchy That Best Suits the Needs of Your Organization Delegate Administrative Control over the Objects Within an OU by Assigning Specific Permissions to Users and Groups Trees and Forests Two-Way Transitive Trust contoso.msft Forest Tree nwtraders.msft au. contoso.msft Two-Way Transitive Trusts Tree asia. nwtraders.msft asia. contoso.msft au. nwtraders.msft Global Catalog Subset of the Attributes of All Objects Domain Domain Domain Global Catalog Domain Domain Domain Queries Group membership when user logs on Global Catalog Server • Active Directory Physical Structure Domain Controllers Sites Domain Controllers Domain Controllers: Participate in Active Directory replication Perform single master operations roles in a domain Replication Domain Controller Domain Controller Domain = A Writeable Copy of the Active Directory Database Sites Seattle Chicago New York Los Angeles IP subnet Sites: Site IP subnet Optimize replication traffic Enable users to log on to a domain controller by using a reliable, high-speed connection • Methods for Administering a Windows 2000 Network Using Active Directory for Centralized Management Managing the User Environment Delegating Administrative Control Using Active Directory for Centralized Management Domain Search OU1 OU1 Computers Domain Computer1 OU2 Users User1 OU2 User1 Computer1 User2 Printer1 Users User2 Active Directory: Printers Printer1 Enables a single administrator to centrally manage resources Allows administrators to easily locate information Allows administrators to group objects into OUs Uses Group Policy to specify policy-based settings Managing the User Environment 12 Domain 3 Apply Group Policy Once OU1 Windows 2000 Enforces Continually OU2 1 2 Use Group Policy to: Control and lock down what users can do Centrally manage software installation, repairs, updates, and removal Configure user data to follow users whether they are online or offline OU3 3 Delegating Administrative Control Domain OU1 Admin1 OU2 Admin2 Assign Permissions: For specific OUs to other administrators To modify specific attributes of an object in a single OU To perform the same task in all OUs Customize Administrative Tools to: Map to delegated administrative tasks Simplify interface design OU3 Admin3