INTRODUCTION TO ACTIVE

DIRECTORY INFRASTRUCTURE

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 ACTIVE DIRECTORY
• Active directory stores information about users,
computers, and network resources.
• Makes that resources accessible to users.
• It provides a consistent way to name, describe, locate,
access, manage, and secure information about these
recourses.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

ACTIVE DIRECTORY

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 FUNCTIONS OF ACTIVE DIRECTORY

• Centralizes Control Of Network Resources.

• Centralizes And Decentralizes Resources Management.

• Stores Object Securely In A Logical Structure.

• Optimizes Network Traffic.

• Policy based centralize administration.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 FUNCTIONS OF ACTIVE DIRECTORY
CENTRALIZES CONTROL OF NETWORK
RESOURCES :
• It will centralize the resources.
• The resources such as severs, printers, shared folders.
• It will authorized the user can access resources in active
directory.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 FUNCTIONS OF ACTIVE DIRECTORY
CENTRALIZES AND DECENTRALIZES
RESOURCES MANAGEMENT :
• Administrator can manage all resources from central
location by using consistent management interface.
• Or they can distribute administrative tasks by delegating
the control of resources to other administrator.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 FUNCTIONS OF ACTIVE DIRECTORY
STORES OBJECTS SECURELY IN A LOGICAL
STRUCTURE :
Active directory stores all of the resources as object
in a secure, hierarchical logical structure.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 FUNCTIONS OF ACTIVE DIRECTORY
OPTIMIZES NETWORK TRAFFIC :
• The physical structure of active directory enables you to
use network band width more efficiently.
• It reduce the amount of network traffic.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

FUNCTIONS OF ACTIVE DIRECTORY

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 LOGICAL STRUCTURE OF ACTIVE DIRECTORY

Logical structure of active directory includes the following

components.
• Objects
• Organizational unit
• Domains
• Domain trees
• Forests

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 LGICAL STRUCTURE OF ACTIVE DIRECTORY

OBJECT :
• The most basic components of the logical structure is
object.
• Each object class is defined by a group of attributes.
• Each object has a unique combination of attribute values.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 LGICAL STRUCTURE OF ACTIVE DIRECTORY

ORGANIZATIONAL UNIT :
• The organizational unit is the container object.
• Organizational unit help you to make easier to locate and
manage objects.
• Organizational unit can be nested in other organizational
units.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 LGICAL STRUCTURE OF ACTIVE DIRECTORY

DOMAIN :
• The core functional units in the active directory logical
structure,domains are a collection of administratively
define objects, security policies.
• An administrative boundary for objects.
• A means of managing security for shared resources.
• A unit of replication for objects.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 LGICAL STRUCTURE OF ACTIVE DIRECTORY

DOMAIN TREES :
• Domain that are grouped together in hierarchical
structures are called domain trees.
• When you add a second domain to a tree, it becomes a
child of the tree root domain.
• The domain to which a child domain is attached is called
the parent domain.
• The name of a child domain is combined with the name
of its parent domain
ADVANTAGE PRO – Chennai’s Premier Networking Training Center
 LGICAL STRUCTURE OF ACTIVE DIRECTORY

FOREST :
• A forest is a complete instance of active directory.
• Child domains are made children of the forest root
domain to form one contiguous tree.
• The first domain in the forest is called forest domain.
• Default information in active directory is shared only
within the forest.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

LGICAL STRUCTURE OF ACTIVE DIRECTORY

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 PHYSICAL STRUCTURE OF ACTIVE DIRECTORY

To optimize active directory’s use of network band

width,you must understand physical structure. The
elements of the active directory physical elements are.
• Domain Controllers
• Active Directory Sites
• Active directory partitions

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 PHYSICAL STRUCTURE OF ACTIVE DIRECTORY

DOMAIN CONTROLLERS :
• The machine which runs server 2003 and active
directory service is called domain controllers.
• The domain controller performs storage and replication
function.
• A domain controller can run only one domain.
• Each domain should have more than one domain
controller.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 PHYSICAL STRUCTURE OF ACTIVE DIRECTORY

ACTIVE DIRECTORY SITES :

• These sites are group of well-connected computers.
• Domain controller with in the site communicate
frequently.
• This communication minimize the latency within the
site. That is the time required for a change that is made
on one domain controller to be replicate to another
domain controller.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 PHYSICAL STRUCTURE OF ACTIVE DIRECTORY

ACTIVE DIRECTORY PARTITIONS :

The domain controller contains the following active
directory partitions.
• Schema partitions.
• Domain partitions.
• Configuration partitions
• Optional partitions

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 PHYSICAL STRUCTURE OF ACTIVE DIRECTORY

DOMAIN PARTITON:
• It replicas of all objects in that domain.
• The domain partitions is replicated only to other domain
controllers in the same domain.
CONFIGURATION PARTITION:
• This partition contain forest topology.
• This topology contain the record of all domain
controllers and the connection between them in a forest.
ADVANTAGE PRO – Chennai’s Premier Networking Training Center
 PHYSICAL STRUCTURE OF ACTIVE DIRECTORY

SCHEMA PARTITIONS :
• This partition contains the forest –wide schema.
• Forest has one schema so that the definition of each
object class is consistent.
• Schema partitions are replicated to each domain
controller in the forest.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 PHYSICAL STRUCTURE OF ACTIVE DIRECTORY

APPLICATION PARTITIONS:
• This partition contain object that are unrelated to
security .
• It is used one are more application.
• Application partitions are replicated to specified domain
controllers in the forest.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

PHYSICAL STRUCTURE OF ACTIVE DIRECTORY

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 OPERATION MASTER
OPERATION MASTER:
• When a change is made to a domain, the change is
replicated across all of the domain controllers in the
domain.
• Some changes, such as those made to the schema, are
replicated across all of the domains in the forest.
• This replication is called multimaster replication.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 OPERATION MASTER
SINGLE MASTER OPERATION :
• To avoid replication conflicts, you use single master
replication.
• Active directory uses single master replication for
important changes,such as the addition of a new domain
or a change to the forest-wide schema.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 OPERATION MASTER ROLES
• Operation that use single-master replication are arranged
together in specific roles in a forest or domain.
• Each operations master role, only the domain controller
that holds that role can make the associated directory
change.
• Active directory stores information about which domain
controller holds a specific role.
• Active directory defines five operations master roles.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 OPERATION MASTER ROLES
• It had a default location one is forest-wide or domain-wide.
• FOREST-WIDE ROLES :
• Schema master.
• Domain naming master.
• DOMAIN-WIDE ROLES :
• Primary domain controller emulator.
• Relative identifier master.
• Infrastructure master.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

WORKING PRINCIPLE OF ACTIVE
DIRECTORY

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 DIRECTORY SERVICE
A directory service is a structured repository of
information about people and resources in an
organization. In a windows server 2003 network, the
directory service is active directory.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 SCHEMA
• Active directory schema contains the definitions of all
object.
• On domain controllers running windows server 2003
there is only one schema for an entire forest.
• The schema had two types of definitions object classes
and attributes.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 GLOBAL CATALOG
• Resources in active directory can be shared across
domains and forests.
• The global catalog feature in active directory makes
searching for resources across domain and forests
transparent to the user.
• The global catalog is a repository of information that
contains a subset of the attributes of all objects in active
directory.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 GLOBAL CATALOG
• The global catalog contains :
• The attributes that are most frequently used in queries,
such as a user’s first name,last name and logon name.
• The information that is necessary to determine the
location of any object in the directory.
• A default subset of attributes for each object type.
• The access permissions for each object and attribute
that is stored in the global catalog.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

GLOBAL CATALOG

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 GLOBAL CATALOG
FUNCTIN OF THE GLOBAL CATALOG:
The global catalog enables user to perform two important
function:
• Find active directory information any where in the
forest, regardless of the location of the data.
• Use universal group membership information to log on
the network.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

FUNTION OF GLOBAL CATALOG

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 SINGLE SIGN-ON
ACTIVE DIRECTORY ENABLES A SINGLE SIGN-ON:
• Active directory makes the complex process of
authentication and authorization transparent to the user.
• Authentication, which verifies the credentials of the
connection attempt.
• Authorization, which verifies that the connection attempt
is allowed.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 ACTIVE DIRECTORY MANAGEMENT

• You can manage large number of users, computers,

printers from a central location.
• Active directory tools support decentralize administration.
• It contains information about all objects and their
attributes.
• You can query active directory by using protocol such a
LDAP.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 ACTIVE DIRECTORY MANAGEMENT

• You can arrange objects that have similar administrative

and security requirements into organizational unit.
• You can specify group policy settings for a site, a
domain, or an organizational unit.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 DECENTRALIZED MANAGEMENT
ACTIVE DIRECTORY SUPPORTS
DECENTRALIZED MANAGEMENT :
Active directory supports decentralized management.
You can assign permissions and grant user rights in very
specific ways.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 DELEGATING THE PERMISSIONS
DELEGATE THE ASSIGNING OF PERMISSIONS :
• For specific organizational units to different domain
local group.
• To modify specific attributes of an object in an
organizational unit.
• To perform the same task, such as resetting passwords,
in all organizational units of domain

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 ADMINISTRATIVE MMC SNAP-INS
• Active Directory Users and Computers.
• Active Directory Domains and Trusts.
• Active Directory Sites and Services.
• Active Directory Schema.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 WINDOWS SERVER 2003
COMMAND-LINE ADMINISTRATIVE TOOLS
• Dsadd •Dsrm
• Dsmod •Dsget
• Dsquery •CSVDE
• Dsmove •LDIFDE

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

EXAMINE ACTIVE DIRECTORY

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

TO VIEW THE ORGANIZATIONAL
UNIT IN ACTIVE DIRECTORY

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

ACTIVE DIRECTORY

To view the OU select

ACTIVE DIRECTORY
USERS AND COMPUTER

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

ACTIVE DIRECTORY

Click your domain

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

ACTIVE DIRECTORY

This icon will

mention the OU

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 ACTIVE DIRECTORY

TO VIEW THE LOGICAL STRUCTURE

OF ACTIVE DIRECTORY

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

ACTIVE DIRECTORY

To view the logical structure

click ACTIVE DIRECTORY
DOMAINS AND TRUSTS

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

ACTIVE DIRECTORY

Click the active directory

domain and trusts it will
display the you domain

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

ACTIVE DIRECTORY

Your domain will

display here

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

ACTIVE DIRECTORY

TO VIEW THE PHYSICAL

STRUCTURE

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

ACTIVE DIRECTORY

To view the physical structure

click ACTIVE DIRECTORY
SITES AND SERVICES

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

ACTIVE DIRECTORY

Click active directory

sites and services

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

ACTIVE DIRECTORY

Expand the sites

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

ACTIVE DIRECTORY

Here
Thenexpand the default
click servers and it
sites name
will display the computer
name and domain name

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 ACTIVE DIRECTORY DESIGNING
ACTIVE DIRECTORY DESIGN PROCESS :
The active directory design process includes the following
tasks :
• Collecting organizational information.
• Analyzing organizational information.
• Analyzing design options.
• Selecting design.
• Refining the design.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 ACTIVE DIRECTORY DESIGNING
OUTPUT OF THE ACTIVE DIRECTORY DESIGN :
The out put of the active directory design phase includes
the following elements :
• The forest and domain design.
• The organizational unit design.
• The site design.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center

 ACTIVE DIRECTORY PLANNING
ACTIVE DIRECTORY PLANNING PROCESS :
Active directory plan includes :
• Account strategy.
• Audit strategy.
• Organizational unit implementation plan.
• Group policy plan.
• Site plan.
• Software deployment plan.
• Server placement plan.
ADVANTAGE PRO – Chennai’s Premier Networking Training Center
 ACTIVE DIRECTORY IMPLEMENTING
ACTIVE DIRECTORY IMPLEMENTATION PLAN :
The implementation process includes the following .
• Implement the forest, domain, and DNS structure.
• Create organizational units and security groups.
• Create user and computer accounts.
• Create group policy objects.
• Implement sites.

ADVANTAGE PRO – Chennai’s Premier Networking Training Center