Sunteți pe pagina 1din 2

Active Directory: is a directory service that serves as a central location f or network administration and security which is responsible for

authenticating a nd authorizing all users and computers within a network of windows domain. Forest: is the top-level container of Active Directory (AD) infrastructure. Can contain one or more domains. These domains are interconnected trough a trans itive trust. A forest shares a single schema database. Domain: is one level below AD forest. Can consist of one or more Organizatio nal Units (OU). A domain shares a single administrator group and same set of obj ects. Domain Controller: A domain can consists one or more domain controllers (DC) . A DC holds a directory DB of its perspective domain. The directory DB consists of user, objects, computer objects or more. Organizational Unit: is a container within a domain and is used to organize set of users and computers. It is helpful in implementing set of policies to a g roup, user or computer within a domain. Windows DC: A server running the version of Windows Server OS and has AD ins talled on it and is responsible for allowing host access to Windows Domain resou rces. Now coming to the roles; there are specialized DC roles that perform specific ro les in Active Directory Domain Services (AD DS) environment. The specialized rol es are: Global Catalog Servers: A DC designated as a global catalog server stores th e objects from all domains in a forest. This is usually the first DC in a forest . Later on other DC can be specified as global catalog servers. Operations Master: This is a DC that is designated to perform specific tasks to ensure consistency and to eliminate the potential for conflicting entries in the AD DB. AD DS defines five operation master roles called: Schema Master: Responsible for propagating changes to all DCs within a fores t. Changes regarding schemas required throughout forest should be made on DC ser ving as schema master. There can be only one schema master in a forest at any ti me. Domain Naming Master: It is required to keep track of all the domains within an AD forest. The DC with domain naming master is accessed whenever domains are address/removed from a tree or forest. There can be only one domain naming mast er per forest. It ensures that no two domains have the same name existing in the same tree. Relative Identifier (RID): Allocates blocks of RIDs to each DC in a domain. When a DC creates a new security principal (user, group etc.) it assigns the obj ect a unique security identifier SID. The SID contains a domain SID which us sam e for all the security principals created in the domain and a RID which uniquely identifies each security principal created in the domain. Primary Domain Controller (PDC) Emulator: PDC receives prefential replicatio n of password changes that are performed by other DCs in the domain and is the s ource for latest password information. It s also the default time source. Infrastructure Master: is responsible for updating object references in the domain that point to object in another domain. It updates object references loca lly and uses replication to being all other replicas of domain up to date. Objec t reference contains GUID global unique identifier, distinguished name and possi ble a SID. The distinguished name and SID on object reference are periodically u pdated to reflect changes made to actual object.

- Schema Master and Domain Naming Master performs operations that must occur on only one DC in the forest. - PDC, RID, Infrastructure Master perform operations that must occur on only one DC in a domain.