2. Technical overview of Windows 2003 Active
Directory
Introduction to Windows 2003 Active Directory in
application mode
Windows 2003 Reviewer’s Guide
3. What is Active Directory
Building an Active Directory
Using Active Directory Features
Active Directory Objects
Auditing Active Directory
4.
5. Directory services of the Windows server system
Stores information about network object and
makes the information available to
administrators, users, and applications
Provides a single point of network management
allowing people to add, remove, and relocate
users and resources easily
Integrated with Internet’s hierarchical domain
naming system
6. Integration with DNS
Flexible querying
Information security
Simplified administration
Scalability
7.
Objects are the basic entities that constitute the
Active Directory
◦ Each object will have it own globally unique identifier
(GUID)
Schema
◦ Describes the object classes
◦ Defines the attributes for the object classes
8.
Objects based hierarchical structure with
constructs
◦
◦
◦
◦
◦
◦
Domains
Trees
Forests
Trust relationships
Organizational Units
Sites
9.
10.
11. Parent and child domains in a domain tree. Double-headed arrows indicate
two-way transitive trust relationships
12. One forest with three domain trees. The three root
domains are not contiguous with each other, but
EuropeRoot.com and AsiaRoot.com are child domains of
HQ-Root.com.
18. Based on standard directory protocols
Interoperate with other protocols
Example: LDAP
(Lightweight
Directory Access Protocol)
◦ LDAP it is used to add, modify, delete and query
information stored in AD
◦ LDAP to AD is like SQL to Oracle
◦ LDAP determines how a client can access the directory,
operations within the directory and share directory data
19. Based on Kerberos
Supports multiple security configurations for
cross platform interoperability
◦ Clients: A domain controller will authenticate clients
running RFC-1510 Kerberos. This will include other
clients running other operating systems.
◦ Unix clients and services: A Kerberos principal is
mapped to a Windows 2000 user or computer account
21.
The computer must be Windows 2k, 2k3 Server,
Advanced Server or Datacenter Server.
At least one volume on the computer must be formatted
with NTFS.
DNS must be active on the network prior to AD
installation or be installed during AD installation.
DNS must support SRV records and be dynamic.
The computer must have IP protocol installed and have
a static IP address.
The Kerberos v5 authentication protocol must be
installed.
Time and zone information must be correct.
81. Defines the various components of the users
desktop environment that an administrator must
manage
Applies not only to user and client computers but
also to member servers, domain controllers, and
other 2003 server in scope of management
82. Manage registry-based policy with Administrative
Templates
Assign scripts. This includes scripts such as
computer startup, shutdown, logon, and logoff
redirect folders, such as My Documents and My
Pictures, from the Documents and Settings folder
on the local computer to network locations
87.
Account logon and logon events
Object access
Account management
Directory service access
Policy change
System events
Process tracking
Privilege
88. Logon/Logout
User access to resources
◦ File, folder, registry key, printer etc.
Account management
◦ Create users and groups, modify membership, change
password etc.
Systems events
◦ Service start/stop
Directory service access
◦ User’ access to Active Directory objects