Download 2| 1. Windows 2000 Active Directory

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts

Distributed firewall wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Transcript 
Chapter 1, Introduction to Active Directory
|1|
1.
Chapter Overview
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
Explain the purpose of Active Directory.
Identify the components of Active Directory.
Describe the function of Active Directory components.
Explain the purpose of the schema in Active Directory.
Explain the purpose of the global catalog in Active Directory.
Explain Active Directory replication.
Explain the security relationship between domains in a tree (trusts).
Explain the purpose and function of group policy.
Describe the DNS namespace used by Active Directory.
Describe the naming conventions used by Active Directory.
Chapter 1, Lesson 1
Active Directory Overview
|2|
1.
Windows 2000 Active Directory
A.
B.
|3|
2.
Active Directory Objects
A.
B.
C.
|4|
3.
Directory
1.
Stores information related to the network resources
2.
Facilitates locating and managing network resources
Directory service
1.
Identifies all resources on a network
2.
Makes network resources available to users and applications
3.
Includes the source of the information and the service making the
information available
Active Directory objects are distinct named sets of attributes that
represent a network resource.
Object attributes are characteristics of an object.
1.
The attributes of a user account might include the user’s first name,
middle initial, last name, and logon name.
2.
The attributes of a computer account might include the computer name
and description.
Containers are objects that can contain other objects.
1.
A domain is a container object that can contain users, computers, and
other types of objects.
2.
The Users folder is a container object that contains users.
Active Directory Schema
A.
B.
Defines the objects that can be stored in Active Directory
Consists of a list of definitions
1.
The definitions determine the kinds of objects that can be stored in the
directory.
2.
C.
|5|
D.
|6|
E.
|7|
|8|
|9|
|10|
2
4.
The definitions determine the types of information about those objects
that can be stored in the directory.
Stores schema definitions as objects so that they can be administered
in the same manner as any other object in Active Directory
Contains two types of definition objects
1.
Schema class objects
a.
Describe the possible Active Directory objects that can be created
b.
Function as templates to create new Active Directory objects
c.
Consist of a collection of schema attribute objects
2.
Schema attribute objects
a.
Define the schema class objects with which they are associated
b.
Are defined only once, but can be used in multiple schema classes
Allows you to extend the set of basic schema classes and attributes
that ship with Windows 2000.
1.
Experienced developers and network administrators can define new
classes.
2.
Experienced developers and network administrators can define new
attributes for existing classes.
3.
Schema extension is an advanced operation requiring careful planning
and preparation.
4.
Schema object classes and attributes cannot be deleted, only deactivated.
Active Directory Components
A.
Logical structures
1.
Overview of logical structures
a.
Organize resources to mirror the logical structure of an organization
b.
Find resources by name rather than physical location
2.
Domains
a.
A domain is the core unit of the logical structure in Active Directory.
b.
All network objects exist within a domain.
c.
A domain stores information about only the objects it contains.
d.
A domain directory can theoretically store up to 10 million objects.
e.
A domain directory can realistically store up to 1 million objects.
f.
A domain is a security boundary, so no security policies or settings
such as administrative rights, security policies, and ACLs can cross
from one domain to another.
g.
The domain administrator has absolute rights to set policies only
within that domain.
3.
Organizational units (OUs)
a.
OUs are containers used to organize objects within a domain into a
logical administrative group.
b.
OUs can contain user accounts, groups, computers, printers,
applications, file shares, and other OUs from within the same
domain.
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
c.
d.
e.
4.
|11|
|12|
|13|
By default, child objects within Active Directory, such as the Orders
OU and the Disp OU, inherit permissions from their parents, in this
case the US OU.
The OU hierarchy within a domain is independent of the OU
hierarchy structure in other domains.
OUs are the smallest scope to which you can delegate administrative
authority.
B.
Trees
a.
Introduction
(1) Trees are groupings or hierarchical arrangements of one or
more Windows 2000 domains.
(2) Trees are created by adding one or more child domains to an
existing parent domain.
(3) Domains in a tree share a contiguous namespace and a
hierarchical naming structure.
b.
Characteristics
(1) The domain name of a child domain is the relative name of
that child domain appended with the name of the parent
domain.
(2) All domains within a single tree share a common schema.
(3) All domains within a tree share a common global catalog.
5.
Forests
a.
Hierarchical arrangement of one or more separate, completely
independent domain trees
b.
Characteristics
(1) All trees in a forest share a common schema.
(2) All domains in a forest share a common global catalog.
(3) Domains in a forest operate independently, but the forest
enables communication across the entire organization.
(4) Implicit two-way transitive trusts exist between domains and
domain trees.
Physical structures
1.
Active Directory completely separates the physical structure from the
logical structure.
2.
Physical structure is composed of sites and domain controllers.
3.
Sites
a.
Combinations of one or more Internet Protocol (IP) subnets
connected by a highly reliable and fast link to localize as much
network traffic as possible
(1) Network connections should be at least 512 kilobits per second
(Kbps).
(2) Available bandwidth should be at least 128 Kbps.
b.
Typically have the same boundaries as local area networks (LANs)
c.
Are not part of the namespace
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
3
d.
4.
|14|
|15|
|16|
|17|
4
Contain only computer objects and connection objects used to
configure replication between sites
e.
Can include user accounts and computers belonging to multiple
domains, and a single domain can span one or more geographical
sites
Domain controllers
a.
Introduction
(1) A computer running one of the Windows 2000 Server family
of products and configured as a domain controller.
(2) A computer that stores a replica of the domain directory (local
domain database).
(3) Every domain has at least one domain controller.
(4) Fault Tolerance is achieved by having more than one domain
controller in a domain.
(5) Fault Tolerance ensures all required Active Directory
functions are performed, even if one domain controller is
down.
b.
Function
(1) Store a complete copy of all Active Directory information for
that domain
(2) Manage changes to all Active Directory information for that
domain
(3) Replicate changes to the Active Directory information to all
other domain controllers in the domain
c.
Replication
(1) Occurs automatically for objects in the domain from one
domain controller to all the other domain controllers in the
domain
(2) Begins at the domain controller at which a change to the
Active Directory information occurs and is replicated to all the
other domain controllers in the domain
(3) Occurs immediately for certain important updates, such as the
disabling of a user
(4) Is configurable both for how often replication occurs and the
amount of data replicated at one time
(5) Uses multimaster replication, so all domain controllers are
peers
d.
Collisions
(1) Occur when an attribute is modified on a domain controller
before a change to the same attribute on another domain
controller is completely propagated
(2) Are detected by comparing each attribute’s property version
number
(3) Are resolved by Active Directory by replicating the changed
attribute with the higher property version number
e.
Modes
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
(1)
|18|
|19|
|20|
5.
Mixed mode allows a Windows 2000 domain controller to
interact with any domain controllers in the domain that are
running previous versions of Windows NT.
(2) Native mode does not allow any domain controller in the
domain to run previous versions of Windows NT.
Catalog services: the global catalog
a.
Introduction
(1) The global catalog is the catalog service provided by Active
Directory.
(2) The global catalog is created automatically on the first domain
controller in a forest.
(3) The server containing the global catalog is known as the global
catalog server.
b.
Function
(1) The global catalog contains selected information about every
object in all domains in the enterprise.
(2) The global catalog allows all the domains in the enterprise to
act as one entity so that global searches across the enterprise
can be performed.
c.
Replication
(1) The global catalog uses Active Directory services multimaster
replication to replicate the global catalog information between
global catalog servers in other domains.
(2) The global catalog stores a full replica of all object attributes
in the directory for its host domain.
(3) The global catalog stores a partial replica of all object
attributes contained in the directory for every domain in the
forest.
(4) The partial replica stores attributes most frequently used in
search operations.
(5) Attributes are marked or unmarked for replication in the global
catalog when they are defined in the Active Directory schema.
(6) Object attributes replicated to the global catalog inherit the
same permissions as in source domains, ensuring that data in
the global catalog is secure.
d.
Global catalog roles
(1) The global catalog enables network logon by providing
universal group membership information to a domain
controller when a logon process is initiated.
(2) The global catalog enables finding directory information
regardless of which domain in the forest actually contains the
data.
e.
Query resolution
(1) The client queries its DNS server for the location of the global
catalog server.
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
5
(2)
|21|
6
f.
The DNS server searches for the global catalog server location
and returns the IP address of the domain controller designated
as the global catalog server.
(3) The client queries the IP address of the domain controller
designated as the global catalog server. The query is sent to
port 3268 on the domain controller; standard Active Directory
queries are sent to port 389.
(4) The global catalog server processes the query. If the global
catalog contains the attribute of the object being searched for,
the global catalog server provides a response to the client. If
the global catalog server does not contain the attribute of the
object being searched for, the query is referred to Active
Directory.
Multiple global catalog servers
(1) Any domain controller can be configured to be a global catalog
server.
(2) The ability of a network structure to handle replication and
query traffic should be considered when determining which
domain controllers to designate as catalog servers.
(3) Additional catalog servers can provide quicker responses to
user inquiries.
(4) Additional catalog servers can provide redundancy.
(5) Every major site in your enterprise should have at least one
catalog server.
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
Chapter 1, Lesson 2
Understanding Active Directory Concepts
|22|
1.
Replication
A.
B.
|23|
Overview
1.
Users and services should be able to access directory information at any
time from any computer in the domain tree or forest.
2.
Replication ensures that changes to a domain controller are reflected in
all domain controllers within a domain.
3.
Directory information is replicated to domain controllers both within and
among sites.
What information is replicated
1.
The information stored in the directory is partitioned into three
categories.
2.
Each of these information categories is referred to as a directory
partition.
3.
These directory partitions are the units of replication.
4.
The following information is contained in each directory:
a.
Schema information
(1) Defines the objects that can be created in the directory
(2) Defines the attributes that objects can have
(3) Is common to all domains in the domain tree or forest
(4) Is replicated to all domain controllers in the domain tree or
forest
b.
Configuration information
(1) Describes the logical structure of the deployment, including
domain structure and replication topology
(2) Is common to all domains in the domain tree or forest
(3) Is replicated to all domain controllers in the domain tree or
forest
c.
Domain data
(1) Describes all of the objects in a domain
(2) Is domain-specific and is not distributed to any other domains
5.
Domain controller replication
a.
A domain controller stores and replicates the schema information for
the domain tree or forest.
b.
A domain controller stores and replicates the configuration
information for all domains in the domain tree or forest.
c.
A domain controller stores and replicates all directory objects and
properties for its domain to any additional domain controllers in the
domain.
d.
A domain controller stores and replicates all directory objects and a
subset of the properties of all objects in the domain to the global
catalog.
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
7
6.
|24|
C.
|25|
|26|
8
Global catalog server replication
a.
A global catalog stores and replicates the schema information for a
forest.
b.
A global catalog stores and replicates the configuration information
for all domains in the forest.
c.
A global catalog stores and replicates selected attributes for all
directory objects in the forest but only between global catalog
servers.
d.
A global catalog stores and replicates all directory objects and all
their properties for the domain in which the global catalog is located.
How replication works
1.
Intrasite replication
a.
KCC is a Windows 2000 service.
(1) Automatically generates a topology for the replication among
domain controllers in the same domain using a ring structure
(2) Analyzes the replication topology within a site every 15
minutes to ensure that it still works and is efficient
(3) Reconfigures the topology when a domain controller is added
or removed from the network or a site
b.
Replication topology
(1) Defines the path for directory updates to flow
(2) Updates flow from one domain controller to another
(3) All domain controllers in the site receive the update.
c.
Ring structure
(1) Ensures that there are at least two replication paths from one
domain controller to another.
(2) Ensures replication to all other domain controllers even if one
domain controller is down temporarily.
2.
Intersite replication
a.
You must manually connect sites by creating site links to ensure
replication between sites occurs.
b.
Site links represent network connections and allow replication to
occur.
c.
Active Directory uses the network connection information to generate
connection objects that provide efficient replication and fault
tolerance.
d.
You provide information about the replication transport used, cost of
a site link, times when the link is available for use, and how often the
link should be used.
e.
Active Directory uses this information to determine which site link
will be used to replicate information.
f.
You can customize replication schedules so that replication occurs
during specific times, such as when network traffic is light, to make
replication more efficient.
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
|27|
2.
Trust Relationships
A.
|28|
B.
|29|
C.
|30|
3.
Overview
1.
A trust relationship is a link between two domains in which the trusting
domain honors the logon authentication of the trusted domain.
2.
Active Directory supports two forms of trust relationships: implicit twoway trusts and explicit one-way nontransitive trusts.
Implicit two-way transitive trusts
1.
An implicit two-way transitive trust is a relationship between parent and
child domains within a tree and between the top-level domains in a
forest.
2.
These default trust relationships among domains in a tree are established
and maintained implicitly (automatically).
3.
They are a feature of the Kerberos authentication protocol.
a.
The Kerberos authentication protocol provides the distributed
authentication and authorization in Windows 2000.
b.
A Kerberos transitive trust means that if Domain A trusts Domain B,
and Domain B trusts Domain C, then Domain A trusts Domain C.
4.
A domain joining a tree immediately has trust relationships established
with every domain in the tree.
5.
These trust relationships make all objects in the domains of the tree
available to all other domains in the tree.
6.
Domains that are members of the same tree automatically participate in a
transitive bi-directional trust relationship with the parent domain so that
users in one domain can access resources to which they have been
granted permission in all other domains in a tree.
Explicit one-way nontransitive trusts
1.
Overview
a.
An explicit one-way nontransitive trust is a relationship between
domains that are not part of the same tree.
b.
A nontransitive trust is bounded by the two domains in the trust
relationship and does not flow to any other domains in the forest.
c.
In most cases, you must explicitly (manually) create nontransitive
trusts.
2.
If there is a one-way nontransitive trust where Domain C trusts Domain
1, users in Domain 1 can access resources in Domain C.
3.
It is the only form of trust available in certain cases, such as:
a.
Between a Windows 2000 domain and a Windows NT domain
b.
Between a Windows 2000 domain in one forest and a Windows 2000
domain in another forest
c.
Between a Windows 2000 domain and an MIT Kerberos V5 realm,
allowing a client in a Kerberos realm to authenticate to an Active
Directory domain to access network resources in that domain
Group Policy
A.
Overview
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
9
1.
|31|
B.
C.
|32|
10
Group policies are collections of user and computer configuration
settings.
2.
Group policies can be linked to computers, sites, domains, and OUs to
specify the behavior of users’ desktops.
3.
Group policy allows you to control the users’ desktop by
a.
Determining the programs that are available to users
b.
Determining the programs that appear on the users’ desktop
c.
Determining the Start menu options
4.
Group policy settings are contained within group policy objects.
Group policy objects (GPOs)
1.
GPOs are collections of group policy settings used to create a specific
desktop configuration for a particular group of users.
2.
Each Windows 2000 computer has one local GPO and may, in addition,
be subject to any number of nonlocal (Active Directory–based) GPOs.
3.
Nonlocal GPOs override local GPOs.
4.
Nonlocal GPOs are linked to Active Directory objects (sites, domains, or
OUs) and can be applied to either users or computers.
5.
Nonlocal GPOs are applied hierarchically from the least restrictive
group (site) to the most restrictive group (OU) and are cumulative.
How group policy is applied
1.
The local GPO stored on the computer is applied first.
2.
Any site GPOs are applied synchronously in the order specified by the
group policy administrator after the local GPO is applied.
3.
Domain GPOs are applied synchronously in the order specified by the
group policy administrator after all site GPOs are applied.
4.
GPOs linked to the OU highest in the Active Directory hierarchy are
applied first, followed by GPOs linked to its child OU, and so on.
5.
The GPOs linked to the OU that contains the user or computer are
applied.
6.
If multiple GPOs are linked to an OU, they are applied synchronously in
an order specified by the group policy administrator.
7.
Example: Applying Group Policy to the Servers OU.
a.
The Servers OU has A3 applied first because it is a site GPO.
b.
The Servers OU has A1 applied second because it is the domain GPO
specified to be applied first.
c.
The Servers OU has A2 applied third because it is the domain GPO
specified to be applied second.
d.
The Servers OU has A4 applied fourth because it is applied to the OU
that is the parent to the Servers OU and therefore higher in the Active
Directory hierarchy.
e.
Finally the Servers OU has A6 applied because it is linked to the
Servers OU.
8.
Example: Applying Group Policy to the Marketing OU.
a.
The Marketing OU has A3 applied first because it is a site GPO.
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
b.
|33|
D.
The Marketing OU has A1 applied second because it is the domain
GPO specified to be applied first.
c.
The Marketing OU has A2 applied third because it is the domain
GPO specified to be applied second.
d.
Finally the Marketing OU has A5 applied because it is linked to the
Marketing OU.
Exceptions to how group policy is applied
1.
A computer that is a member of a workgroup processes only the local
GPO.
2.
No Override
a.
Any GPO linked to a site, domain, or OU (not the local GPO) can be
set to No Override with respect to that site, domain, or OU so that
none of its policy settings can be overridden.
b.
When more than one GPO has been set to No Override, the one
highest in the Active Directory hierarchy (or higher in the hierarchy
specified by the administrator at each fixed level in Active Directory)
takes precedence.
c.
No Override is applied to the GPO link.
3.
Block Policy Inheritance
a.
At any site, domain, or OU, group policy inheritance can be
selectively marked as Block Policy Inheritance.
b.
GPO links set to No Override are always applied and cannot be
blocked.
c.
Block Policy Inheritance is applied directly to the site, domain, or
OU; it is not applied to GPOs, nor is it applied to GPO links.
d.
Block Policy Inheritance deflects all group policy settings that reach
the site, domain, or OU from above (by way of linkage to parents in
the Active Directory hierarchy) no matter what GPOs those settings
originate from.
4.
Loopback setting
a.
Loopback is an advanced group policy setting that is useful on
computers in certain closely managed environments such as kiosks,
laboratories, classrooms, and reception areas.
b.
Loopback provides alternatives to the default method of obtaining the
ordered list of GPOs whose user configuration settings affect a user.
c.
By default, a user’s settings come from a GPO list that depends on
the user’s location in Active Directory.
d.
The ordered list goes from site-linked to domain-linked to OU-linked
GPOs, with inheritance determined by the location of the user in
Active Directory and in an order specified by the administrator at
each level.
e.
Loopback can be Not Configured, Enabled, or Disabled, as can any
other group policy setting.
(1) If the Enabled state is chosen, it can be set to Replace or
Merge.
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
11
(2)
(3)
|34|
4.
DNS Namespace
A.
B.
C.
|35|
|36|
12
If set to Replace, the GPO list for the user is replaced in its
entirety by the GPO list already obtained for the local
computer at startup. The computer’s GPOs replace the user
GPOs normally applied to the user.
If set to Merge, the GPO list is concatenated. The GPO list
obtained for the local computer at startup is appended to the
GPO list obtained for the user at logon. Because the GPO list
obtained for the computer is applied later, it has precedence if
it conflicts with settings in the user’s list.
D.
Overview
1.
Active Directory, like all directory services, is primarily a namespace.
2.
A namespace is any bounded area in which a name can be resolved.
3.
Name resolution is the process of translating a name into some object or
information that the name represents.
4.
The Active Directory namespace is based on the DNS naming scheme,
which allows for interoperability with Internet technologies.
5.
Private networks use DNS extensively to resolve computer names and to
locate computers within their local network and the Internet.
DNS benefits
1.
DNS names are user friendly.
2.
DNS names remain more constant than the IP addresses.
3.
DNS allows users to connect to local servers using the same naming
convention as the Internet.
Dynamic DNS
1.
Allows clients with dynamically assigned addresses to register with a
server running the DNS Service and update the DNS table dynamically
2.
Eliminates the need for other Internet naming services, such as Windows
Internet Naming System (WINS), in a homogeneous environment
Domain namespace
1.
The domain namespace is the naming scheme that provides the
hierarchical structure for the DNS database.
2.
Each node represents a partition of the DNS database.
3.
These nodes are referred to as domains.
4.
Each domain must have a name.
5.
The name of the parent domain is appended to its child domain.
6.
There are two types of namespaces.
a.
Contiguous namespace
(1) The name of the child object in an object hierarchy always
contains the name of the parent domain.
(2) A tree is a contiguous namespace.
b.
Disjointed namespace
(1) The names of a parent object and a child of the same parent
object are not directly related to one another.
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
|37|
|38|
E.
(3) A forest is a disjointed namespace.
7.
Hierarchical structure
a.
Root domain
(1) Located at the top of the hierarchy
(2) Represented by a period (.)
(3) Managed by several organizations, including Network
Solutions, Inc.
b.
Top-level domains
(1) Arranged by organization type or geographical location
(2) edu—Educational institutions
(3) com—Commercial organizations
(4) gov—Government organizations
(5) org—Noncommercial organizations
(6) net—Commercial sites or networks
c.
Second-level domains
(1) Organizations, such as Network Solutions, Inc., and others,
assign and register second-level domains to individuals and
organizations for the Internet.
(2) Second-level domain names have two parts: a top-level name
and a unique second-level name.
(3) Examples of second-level domains include ed.gov, for the
United States Department of Education, microsoft.com, for
Microsoft Corporation, and stanford.edu, for Stanford
University.
d.
Host names
(1) Refer to specific computers on the Internet or a private
network
(2) Are the leftmost portion of an FQDN, which describes the
exact position of a host within the domain hierarchy
e.
Zones
(1) Are databases containing the resource records for a portion of
a DNS name
(2) Provide a way to partition the domain namespace into
manageable sections
(3) Are used to distribute administrative tasks to different groups.
(4) Encompass a contiguous domain namespace
(5) Store the name-to-IP-address mappings in the zone database
(6) Are anchored to specific domains, referred to as the zone’s
root domain
Name servers
1.
Overview of name servers
a.
Store the zone database file
b.
Use the zone database file to handle the DNS name resolution
process
c.
Can store data for one zone or multiple zones
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
13
|39|
|40|
|41|
|42|
|43|
14
F.
d.
Have authority for the domain namespace that the zone encompasses
2.
Name server responses to DNS queries
a.
Return the requested name or IP resolution information
b.
Return a pointer to another DNS name server
c.
Indicate that the information is not available
3.
Three main types of name servers
a.
Primary name server
(1) Gets data from the local zone
(2) The authoritative server (performs administrative tasks) for the
zone
b.
Secondary name server
(1) Is a backup DNS server
(2) Receives data from another name server
(3) A zone can have multiple secondary name servers.
(4) A zone should have at least one secondary name server to
perform zone transfers, provide redundancy, improve access
speed, and reduce the load on the primary name server.
c.
Master name server
(1) A primary or secondary name server for a zone
(2) Designated to provide updated DNS information to a
secondary server
Naming conventions
1.
Distinguished names (DNs)
a.
Uniquely identify every object in Active Directory
b.
Contain sufficient information for a client to retrieve the object from
the Directory
c.
Include the name of the domain that holds the object and the
complete path through the container hierarchy to the object
d.
Must be unique
2.
Relative distinguished names (RDNs)
a.
An RDN is the part of the name that is an attribute of the object itself.
b.
There can be duplicate RDNs for Active Directory objects, but not in
the same OU.
3.
Globally unique identifiers (GUIDs)
a.
GUIDs are 128-bit numbers that are guaranteed to be unique within
the enterprise.
b.
GUIDs are assigned to objects when the objects are created.
c.
GUIDs never change, even if you move or rename the objects.
d.
GUIDs can be stored and used by applications to retrieve objects
regardless of their current DN.
4.
User principal names (UPNs)
a.
Are “friendly” names
b.
Are composed of a shorthand name for the user account and the DNS
name for the tree where the user account object resides
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
c.
|44|
5.
Example: [email protected]
Chapter Summary
A.
B.
C.
D.
E.
F.
G.
H.
I.
J.
Explain the purpose of Active Directory.
Explain the purpose of the schema in Active Directory.
Identify the components of Active Directory.
Describe the function of Active Directory components.
Explain the purpose of the global catalog in Active Directory.
Explain Active Directory replication.
Explain the security relationship between domains in a tree (trusts).
Explain the purpose and function of group policy.
Describe the DNS namespace used by Active Directory.
Describe the naming conventions used by Active Directory.
Outline, Chapter 1
Designing a Microsoft Windows 2000 Directory Infrastructure
15
Related documents
FoxFiles: Getting Started What is FoxFiles?
FoxFiles: Getting Started What is FoxFiles?
ch03
ch03
Network Services
Network Services
The Internet
The Internet
Slide 1 - JMSC Courses
Slide 1 - JMSC Courses
Chapter 4 Windows NT/2000
Chapter 4 Windows NT/2000
Planning the Site
Planning the Site
KaranOberoi
KaranOberoi
Regulatory statistics and information
Regulatory statistics and information
DBA 102:NOW WHAT
DBA 102:NOW WHAT