Microsoft Networking Important Concepts!

Active Directory

1.What Is Active Directory?
Active Directory is a Directory Service which contains Information of All User Accounts and Shared Resources on a Network.Active Directory is a Centralized Hierarchical Directory Database.

2.What Does Active Directory Do ?
�� Centralizes control of Network Resources
�� Centralizes & Decentralizes resource management
�� Stores objects securely in a logical structure
�� Optimizes Network traffic

3.PURPOSE OF ACTIVE DIRECTORY?
�� Provides User Logon and Authentication Services
using Kerberos
�� To organize and manage:
�� User Accounts
�� Computers
�� Groups
�� Network Resources
�� Enables authorized Users to easily locate Network
Resources

4.FEATURES OF ACTIVE DIRECTORY?
�� Fully Integrated Security
�� Easy Administration using Group Policy
�� Scalable to any Size Network
�� Flexible
NEW FEATURES IN ACTIVE DIRECTORY 2003
�� Rename Computer Name and Domain Names
�� Cross-Forest Trust Relationship
�� Site-To-Site Replication is Faster

5.DAP & LDAP?
�� DAP
Directory Access Protocol is based on OSI Layers It was first introduced in BANYAN VINES & Database was named as STREET TALK.
�� LDAP
Lightweight Directory Access Protocol based on TCP/IP Layer It was firstIntroduced in NOVELL & Database was named as NDS (Network Directory Services)

6.Structure of Active Directory?
Logical Structure:-�� Domain
�� TREE
�� Parent/Root
�� Child/Branch
�� Forest

Domain:-
�� Domain is a logical secure administrative boundary
�� Creating the initial domain controller in a network also
creates the domain��you cannot have a domain without
at least one domain controller.
�� Each domain in the directory is identified by a DNS
domain name.

TREE:-
�� Tree is a set of one or more domains with
contiguous names.
�� If more than one domain exists, you can combine the
multiple domains into hierarchical tree structures.
�� The first domain created is the root domain of the first
tree.
�� Other domains in the same domain tree are child
domains.
�� A domain immediately above another domain in the
same domain tree is its parent.

ABC.COM(PARENT)->MS.ABC.COM(CHILD)->MCP.MS.ABC.COM(GRAND CHILD)

FOREST:-
�� Multiple domain trees within a single forest
do not form a contiguous namespace
�� Although trees in a forest do not share a namespace, a
forest will have a single root domain, called the forest
root domain.
�� The forest root domain is the first domain created in the
forest.
�� These two forest-wide predefined groups reside in forest
root domain.
Enterprise Admins
Schema Admins

Physical Structure:-�� Domain Controllers
�� Sites

SITES:-
�� A set of well-connected IP subnets
�� Site can be generally used for Locating Services
(e.g. Logon), Replication, Group Policy Application
�� Sites are connected with Site Links
�� A site can span multiple domains
�� A domain can Span multiple sites

7.ACTIVE DIRECTORY PARTITIONS?
DOMAIN DIRECTORY PARTITION,
CONFIGURATION DIRECTORY PARTITION,
SCHEMA DIRECTORY PARTITION,
APPLICATION DIRECTORY PARTITION,
GLOBAL CATELOG PARTITION.

8.Roles of Active Directory?

Operation Master:-
�� Domain Naming Master
�� Schema Master
�� RID Master
�� PDC Emulator
�� Infrastructure Master
�� Global Catalog

Domain Naming Master:- �� Checks and Maintains the Uniqueness of the Domain
Names in the Whole Forest.
�� It is Responsible for Adding, Removing and Renaming
the domain names in the whole Forest.

Schema Master:- �� Schema is a Set of Rules which is used to define the
Structure of AD
�� Schema contains Definitions of all the Objects which are
stored in AD.
�� Classes
Class is a Template which is used to Create an Object
�� Attributes
Attributes are Properties of an Object

RID Master:- �� Allocates pool of Relative IDs (RIDs) to all Domain
controllers
�� It assigns ID��s to the Objects which are created in the
Domain

PDC Emulator:- �� Acts as a PDC for Windows NT 4.0 BDC��s in the domain
�� Processes all password updates for clients not running
Active Directory client software
�� Receives immediate updates from other domain
controllers when a user��s password is changed
�� It Synchronizes time between the Domain controllers.

Infrastructure Master:- �� Infrastructure Master Maintains and Updates the
Universal Group Membership information
�� It is Used for Inter-Domain Operations

Global Catalog:- �� The global catalog contains Complete information
of Host Domain & partial information of other domainsin a forest.
�� By searching against the GC, individual domains do not have to be queried in most cases- GC can resolve
�� Servers that hold a copy of the global catalog are called global catalog servers.

9.Trust Relationships?

�� Secure communication paths that allow objects in one domain to be authenticated and accepted in other domains
�� Some trusts are automatically created
�� Parent-child domains trust each other
�� Tree root domains trust forest root domain
�� Other trusts are manually created
�� Forest-to-Forest transitive trust relationships can be created-Windows Server 2003 forests only

What Are Trusts?
Categories:- Transitive trusts & Non transitive trusts
Directions:- One-way incoming trust , One-way outgoing trust & Two-way trust
Trust types:- Default, Shortcut,Trust types External, Forest and Realm

Trust Type In Detail:-

Trust Relationships in Windows Server 2003

�� Default
Two-way- transitive Kerberos trusts (Intraforest)
�� Shortcut
One or two-way transitive Kerberos trusts (Intraforest)
Reduce authentication requests
�� External
one way non-transitive NTLM trusts. Used to connect
to/from Windows NT or external 2000 domains
Manually created
�� Forest
One or two-way transitive Kerberos trusts. Only
between 2003 Forest Roots, Creates transitive domain
relationship
�� Realm
one or two-way �� non-transitive Kerberos trusts
Connect to/from UNIX Kerberos realms