FSMO Roles
Domain Naming Master:-Checks and Maintains the Uniqueness of the Domain Names in the Whole Forest. It is Responsible for Adding, Removing and Renaming the domain names in the whole Forest.
Schema Master:- Schema is a Set of Rules which is used to define the Structure of AD , Schema contains Definitions of all the Objects which are stored in AD. Classes-Class is a Template which is used to Create an Object Attributes-Attributes are Properties of an Object
RID Master:- Allocates pool of Relative IDs (RIDs) to all Domain controllers, It assigns ID's to the Objects which are created in the Domain
PDC Emulator:- Acts as a PDC for Windows NT 4.0 BDC's in the domain,Processes all password updates for clients not running ,Active Directory client software, Receives immediate updates from other domain controllers when a user's password is changed, It Synchronizes time between the Domain controllers.
Infrastructure Master:- Infrastructure Master Maintains and Updates the Universal Group Membership information , It is Used for Inter-Domain Operations
Global Catalog:- The global catalog contains Complete information of Host Domain & partial information of other domainsin a forest. By searching against the GC, individual domains do not have to be queried in most cases- GC can resolve Servers that hold a copy of the global catalog are called global catalog servers.
Sunday, September 20, 2009
OU ( Organisational Units )
OU's are used to create a Hierarchical structure with in a DOMAIN.
OU's are CONTAINER OBJECTS becoz they can contain several objects.
We can create one OU inside one OU.
CONTAINER OBJECTS:-
Users,Groups,Computers,Printers(n/w),Shared folders & OU's
OU Functions:-
Easy Administration,No Multiple DOMAINs
Delegate Administrative Power or Rights by using OU's.
Administrative Group of Objects by using OU's.
OU's -POINTs
It is a logical container which contain Active Directory Objects (Users, Groups, OU & other
objects )
It is also called as SUBTREE
It is used for Minimizing Administrative tasks
It is used for Organizing and Managing the Active Directory Objects
It is used for Delegating the Control to one or more Users
What Is Delegation of Control ?
Assigning management of an organizational unit to another user or group
Delegated administration:
Eases administration by distributing routine administrative tasks
Provides users or groups more control over local network resources
Eliminates the need for multiple administrative accounts
ADS ( Active Directory Service) DATA BASES ?
NTDS.DIT
EDB.LOG
EDB.CHK
RES1.LOG & RES2.LOG
Group Policy
Group Policy is a Collection of Settings which can be applied on Computers and Users.
With Group Policy Administrator can Centrally manage the Computers and Users.
Ease Administration using Group Policy
OU's are used to create a Hierarchical structure with in a DOMAIN.
OU's are CONTAINER OBJECTS becoz they can contain several objects.
We can create one OU inside one OU.
CONTAINER OBJECTS:-
Users,Groups,Computers,Printers(n/w),Shared folders & OU's
OU Functions:-
Easy Administration,No Multiple DOMAINs
Delegate Administrative Power or Rights by using OU's.
Administrative Group of Objects by using OU's.
OU's -POINTs
It is a logical container which contain Active Directory Objects (Users, Groups, OU & other
objects )
It is also called as SUBTREE
It is used for Minimizing Administrative tasks
It is used for Organizing and Managing the Active Directory Objects
It is used for Delegating the Control to one or more Users
What Is Delegation of Control ?
Assigning management of an organizational unit to another user or group
Delegated administration:
Eases administration by distributing routine administrative tasks
Provides users or groups more control over local network resources
Eliminates the need for multiple administrative accounts
ADS ( Active Directory Service) DATA BASES ?
NTDS.DIT
EDB.LOG
EDB.CHK
RES1.LOG & RES2.LOG
Group Policy
Group Policy is a Collection of Settings which can be applied on Computers and Users.
With Group Policy Administrator can Centrally manage the Computers and Users.
Ease Administration using Group Policy
DNS ( Domain Name Service/Domain Name System )
What is DNS?
Domain Name Service/Domain Name System
Provides resolution of names to IP addresses and
resolution of IP addresses to names
Defines a hierarchical namespace where each level of
the namespace is separated by a “.”
What is a DNS Server?
Computer running DNS service
Can be:
Microsoft® Windows® Server 2003
Windows 2000
Microsoft Windows® NT 4
UNIX
Linux
NetWare Etc.
DNS Namespace:-Ex:- corporate.Microsoft.com
Authoritative & Non-authoritative DNS server
Authoritative DNS server:-
An authoritative DNS server will either:
Return the requested IP address
Return an authoritative “No”
Non-authoritative DNS server
An Non-authoritative DNS server will either:-
Check its cache
Use forwarders
Use root hints
Lookup Types
Forward lookup
Requests Name-to-IP Address resolution
Reverse lookup
Requests IP Address-to-Name resolution
Fully Qualified Domain Name (FQDN)
Identifies a host’s name within the DNS namespace hierarchy
Host name plus DNS domain name = FQDN
Ex:- dotnet2003.dot.com
ZONE in DNS ?
Zone is a storage database which contains all
zone Records
Forward Lookup Zone
Used for Resolving Host Names to IP-Address
It maintains Host to IP Address Mapping Information
Reverse Lookup Zone
Used for Resolving IP-Address to Host Names
It maintains IP Address to Host Mapping Information
Types of Records in DNS ?
SOA Record
The first record in any zone file
N S Record
Identifies the DNS server for each zone
Host Record
Resolves a host name to an IP address
Alias Record
Resolves an alias name to a host name
Pointer Record
Resolves an IP address to a host name
MX Record
Used by the mail server
SRV Records (Service Record)
Resolves names of servers providing services
It is the Master Copy of all the Zone Information.
It is Read/Write copy
Standard Secondary
It is Backup to Primary zone. It is Read Only
Stub Zone
It contains only NS ,SOA & possibly Glue (A) Records
which are used to locate name servers
Active Directory Integrated
It stores the information of Zone in ACTIVE DIRECTORY
DATABASE
Roles of DNS Server
Standard Primary
Standard Secondary
Stub Zone
Active Directory Integrated
Cache Server
ROOT Server
Forwarders
What are Service Records?
SRV records allow DNS clients to locate TCP/IP-based
Services.
SRV records are used when:
A domain controller needs to replicate
A client searches Active Directory
A user attempts to change her password
An administrator modifies Active Directory
What is DNS?
Domain Name Service/Domain Name System
Provides resolution of names to IP addresses and
resolution of IP addresses to names
Defines a hierarchical namespace where each level of
the namespace is separated by a “.”
What is a DNS Server?
Computer running DNS service
Can be:
Microsoft® Windows® Server 2003
Windows 2000
Microsoft Windows® NT 4
UNIX
Linux
NetWare Etc.
DNS Namespace:-Ex:- corporate.Microsoft.com
Authoritative & Non-authoritative DNS server
Authoritative DNS server:-
An authoritative DNS server will either:
Return the requested IP address
Return an authoritative “No”
Non-authoritative DNS server
An Non-authoritative DNS server will either:-
Check its cache
Use forwarders
Use root hints
Lookup Types
Forward lookup
Requests Name-to-IP Address resolution
Reverse lookup
Requests IP Address-to-Name resolution
Fully Qualified Domain Name (FQDN)
Identifies a host’s name within the DNS namespace hierarchy
Host name plus DNS domain name = FQDN
Ex:- dotnet2003.dot.com
ZONE in DNS ?
Zone is a storage database which contains all
zone Records
Forward Lookup Zone
Used for Resolving Host Names to IP-Address
It maintains Host to IP Address Mapping Information
Reverse Lookup Zone
Used for Resolving IP-Address to Host Names
It maintains IP Address to Host Mapping Information
Types of Records in DNS ?
SOA Record
The first record in any zone file
N S Record
Identifies the DNS server for each zone
Host Record
Resolves a host name to an IP address
Alias Record
Resolves an alias name to a host name
Pointer Record
Resolves an IP address to a host name
MX Record
Used by the mail server
SRV Records (Service Record)
Resolves names of servers providing services
Zone Types
Standard PrimaryIt is the Master Copy of all the Zone Information.
It is Read/Write copy
Standard Secondary
It is Backup to Primary zone. It is Read Only
Stub Zone
It contains only NS ,SOA & possibly Glue (A) Records
which are used to locate name servers
Active Directory Integrated
It stores the information of Zone in ACTIVE DIRECTORY
DATABASE
Roles of DNS Server
Standard Primary
Standard Secondary
Stub Zone
Active Directory Integrated
Cache Server
ROOT Server
Forwarders
What are Service Records?
SRV records allow DNS clients to locate TCP/IP-based
Services.
SRV records are used when:
A domain controller needs to replicate
A client searches Active Directory
A user attempts to change her password
An administrator modifies Active Directory
Microsoft Networking Important Concepts!
Active Directory
1.What Is Active Directory?
Active Directory is a Directory Service which contains Information of All User Accounts and Shared Resources on a Network.Active Directory is a Centralized Hierarchical Directory Database.
2.What Does Active Directory Do ?
�� Centralizes control of Network Resources
�� Centralizes & Decentralizes resource management
�� Stores objects securely in a logical structure
�� Optimizes Network traffic
3.PURPOSE OF ACTIVE DIRECTORY?
�� Provides User Logon and Authentication Services
using Kerberos
�� To organize and manage:
�� User Accounts
�� Computers
�� Groups
�� Network Resources
�� Enables authorized Users to easily locate Network
Resources
4.FEATURES OF ACTIVE DIRECTORY?
�� Fully Integrated Security
�� Easy Administration using Group Policy
�� Scalable to any Size Network
�� Flexible
NEW FEATURES IN ACTIVE DIRECTORY 2003
�� Rename Computer Name and Domain Names
�� Cross-Forest Trust Relationship
�� Site-To-Site Replication is Faster
5.DAP & LDAP?
�� DAP
Directory Access Protocol is based on OSI Layers It was first introduced in BANYAN VINES & Database was named as STREET TALK.
�� LDAP
Lightweight Directory Access Protocol based on TCP/IP Layer It was firstIntroduced in NOVELL & Database was named as NDS (Network Directory Services)
6.Structure of Active Directory?
Logical Structure:-�� Domain
�� TREE
�� Parent/Root
�� Child/Branch
�� Forest
Domain:-
�� Domain is a logical secure administrative boundary
�� Creating the initial domain controller in a network also
creates the domain��you cannot have a domain without
at least one domain controller.
�� Each domain in the directory is identified by a DNS
domain name.
TREE:-
�� Tree is a set of one or more domains with
contiguous names.
�� If more than one domain exists, you can combine the
multiple domains into hierarchical tree structures.
�� The first domain created is the root domain of the first
tree.
�� Other domains in the same domain tree are child
domains.
�� A domain immediately above another domain in the
same domain tree is its parent.
ABC.COM(PARENT)->MS.ABC.COM(CHILD)->MCP.MS.ABC.COM(GRAND CHILD)
FOREST:-
�� Multiple domain trees within a single forest
do not form a contiguous namespace
�� Although trees in a forest do not share a namespace, a
forest will have a single root domain, called the forest
root domain.
�� The forest root domain is the first domain created in the
forest.
�� These two forest-wide predefined groups reside in forest
root domain.
Enterprise Admins
Schema Admins
Physical Structure:-�� Domain Controllers
�� Sites
SITES:-
�� A set of well-connected IP subnets
�� Site can be generally used for Locating Services
(e.g. Logon), Replication, Group Policy Application
�� Sites are connected with Site Links
�� A site can span multiple domains
�� A domain can Span multiple sites
7.ACTIVE DIRECTORY PARTITIONS?
DOMAIN DIRECTORY PARTITION,
CONFIGURATION DIRECTORY PARTITION,
SCHEMA DIRECTORY PARTITION,
APPLICATION DIRECTORY PARTITION,
GLOBAL CATELOG PARTITION.
8.Roles of Active Directory?
Operation Master:-
�� Domain Naming Master
�� Schema Master
�� RID Master
�� PDC Emulator
�� Infrastructure Master
�� Global Catalog
Domain Naming Master:- �� Checks and Maintains the Uniqueness of the Domain
Names in the Whole Forest.
�� It is Responsible for Adding, Removing and Renaming
the domain names in the whole Forest.
Schema Master:- �� Schema is a Set of Rules which is used to define the
Structure of AD
�� Schema contains Definitions of all the Objects which are
stored in AD.
�� Classes
Class is a Template which is used to Create an Object
�� Attributes
Attributes are Properties of an Object
RID Master:- �� Allocates pool of Relative IDs (RIDs) to all Domain
controllers
�� It assigns ID��s to the Objects which are created in the
Domain
PDC Emulator:- �� Acts as a PDC for Windows NT 4.0 BDC��s in the domain
�� Processes all password updates for clients not running
Active Directory client software
�� Receives immediate updates from other domain
controllers when a user��s password is changed
�� It Synchronizes time between the Domain controllers.
Infrastructure Master:- �� Infrastructure Master Maintains and Updates the
Universal Group Membership information
�� It is Used for Inter-Domain Operations
Global Catalog:- �� The global catalog contains Complete information
of Host Domain & partial information of other domainsin a forest.
�� By searching against the GC, individual domains do not have to be queried in most cases- GC can resolve
�� Servers that hold a copy of the global catalog are called global catalog servers.
9.Trust Relationships?
�� Secure communication paths that allow objects in one domain to be authenticated and accepted in other domains
�� Some trusts are automatically created
�� Parent-child domains trust each other
�� Tree root domains trust forest root domain
�� Other trusts are manually created
�� Forest-to-Forest transitive trust relationships can be created-Windows Server 2003 forests only
What Are Trusts?
Categories:- Transitive trusts & Non transitive trusts
Directions:- One-way incoming trust , One-way outgoing trust & Two-way trust
Trust types:- Default, Shortcut,Trust types External, Forest and Realm
Trust Type In Detail:-
Trust Relationships in Windows Server 2003
�� Default
Two-way- transitive Kerberos trusts (Intraforest)
�� Shortcut
One or two-way transitive Kerberos trusts (Intraforest)
Reduce authentication requests
�� External
one way non-transitive NTLM trusts. Used to connect
to/from Windows NT or external 2000 domains
Manually created
�� Forest
One or two-way transitive Kerberos trusts. Only
between 2003 Forest Roots, Creates transitive domain
relationship
�� Realm
one or two-way �� non-transitive Kerberos trusts
Connect to/from UNIX Kerberos realms
Active Directory
1.What Is Active Directory?
Active Directory is a Directory Service which contains Information of All User Accounts and Shared Resources on a Network.Active Directory is a Centralized Hierarchical Directory Database.
2.What Does Active Directory Do ?
�� Centralizes control of Network Resources
�� Centralizes & Decentralizes resource management
�� Stores objects securely in a logical structure
�� Optimizes Network traffic
3.PURPOSE OF ACTIVE DIRECTORY?
�� Provides User Logon and Authentication Services
using Kerberos
�� To organize and manage:
�� User Accounts
�� Computers
�� Groups
�� Network Resources
�� Enables authorized Users to easily locate Network
Resources
4.FEATURES OF ACTIVE DIRECTORY?
�� Fully Integrated Security
�� Easy Administration using Group Policy
�� Scalable to any Size Network
�� Flexible
NEW FEATURES IN ACTIVE DIRECTORY 2003
�� Rename Computer Name and Domain Names
�� Cross-Forest Trust Relationship
�� Site-To-Site Replication is Faster
5.DAP & LDAP?
�� DAP
Directory Access Protocol is based on OSI Layers It was first introduced in BANYAN VINES & Database was named as STREET TALK.
�� LDAP
Lightweight Directory Access Protocol based on TCP/IP Layer It was firstIntroduced in NOVELL & Database was named as NDS (Network Directory Services)
6.Structure of Active Directory?
Logical Structure:-�� Domain
�� TREE
�� Parent/Root
�� Child/Branch
�� Forest
Domain:-
�� Domain is a logical secure administrative boundary
�� Creating the initial domain controller in a network also
creates the domain��you cannot have a domain without
at least one domain controller.
�� Each domain in the directory is identified by a DNS
domain name.
TREE:-
�� Tree is a set of one or more domains with
contiguous names.
�� If more than one domain exists, you can combine the
multiple domains into hierarchical tree structures.
�� The first domain created is the root domain of the first
tree.
�� Other domains in the same domain tree are child
domains.
�� A domain immediately above another domain in the
same domain tree is its parent.
ABC.COM(PARENT)->MS.ABC.COM(CHILD)->MCP.MS.ABC.COM(GRAND CHILD)
FOREST:-
�� Multiple domain trees within a single forest
do not form a contiguous namespace
�� Although trees in a forest do not share a namespace, a
forest will have a single root domain, called the forest
root domain.
�� The forest root domain is the first domain created in the
forest.
�� These two forest-wide predefined groups reside in forest
root domain.
Enterprise Admins
Schema Admins
Physical Structure:-�� Domain Controllers
�� Sites
SITES:-
�� A set of well-connected IP subnets
�� Site can be generally used for Locating Services
(e.g. Logon), Replication, Group Policy Application
�� Sites are connected with Site Links
�� A site can span multiple domains
�� A domain can Span multiple sites
7.ACTIVE DIRECTORY PARTITIONS?
DOMAIN DIRECTORY PARTITION,
CONFIGURATION DIRECTORY PARTITION,
SCHEMA DIRECTORY PARTITION,
APPLICATION DIRECTORY PARTITION,
GLOBAL CATELOG PARTITION.
8.Roles of Active Directory?
Operation Master:-
�� Domain Naming Master
�� Schema Master
�� RID Master
�� PDC Emulator
�� Infrastructure Master
�� Global Catalog
Domain Naming Master:- �� Checks and Maintains the Uniqueness of the Domain
Names in the Whole Forest.
�� It is Responsible for Adding, Removing and Renaming
the domain names in the whole Forest.
Schema Master:- �� Schema is a Set of Rules which is used to define the
Structure of AD
�� Schema contains Definitions of all the Objects which are
stored in AD.
�� Classes
Class is a Template which is used to Create an Object
�� Attributes
Attributes are Properties of an Object
RID Master:- �� Allocates pool of Relative IDs (RIDs) to all Domain
controllers
�� It assigns ID��s to the Objects which are created in the
Domain
PDC Emulator:- �� Acts as a PDC for Windows NT 4.0 BDC��s in the domain
�� Processes all password updates for clients not running
Active Directory client software
�� Receives immediate updates from other domain
controllers when a user��s password is changed
�� It Synchronizes time between the Domain controllers.
Infrastructure Master:- �� Infrastructure Master Maintains and Updates the
Universal Group Membership information
�� It is Used for Inter-Domain Operations
Global Catalog:- �� The global catalog contains Complete information
of Host Domain & partial information of other domainsin a forest.
�� By searching against the GC, individual domains do not have to be queried in most cases- GC can resolve
�� Servers that hold a copy of the global catalog are called global catalog servers.
9.Trust Relationships?
�� Secure communication paths that allow objects in one domain to be authenticated and accepted in other domains
�� Some trusts are automatically created
�� Parent-child domains trust each other
�� Tree root domains trust forest root domain
�� Other trusts are manually created
�� Forest-to-Forest transitive trust relationships can be created-Windows Server 2003 forests only
What Are Trusts?
Categories:- Transitive trusts & Non transitive trusts
Directions:- One-way incoming trust , One-way outgoing trust & Two-way trust
Trust types:- Default, Shortcut,Trust types External, Forest and Realm
Trust Type In Detail:-
Trust Relationships in Windows Server 2003
�� Default
Two-way- transitive Kerberos trusts (Intraforest)
�� Shortcut
One or two-way transitive Kerberos trusts (Intraforest)
Reduce authentication requests
�� External
one way non-transitive NTLM trusts. Used to connect
to/from Windows NT or external 2000 domains
Manually created
�� Forest
One or two-way transitive Kerberos trusts. Only
between 2003 Forest Roots, Creates transitive domain
relationship
�� Realm
one or two-way �� non-transitive Kerberos trusts
Connect to/from UNIX Kerberos realms
Subscribe to:
Comments (Atom)
