![What Will We Cover? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommandé
Contenu connexe
Tendances
En vedette
Similaire à Itproadd 01 60 minute version
Similaire à Itproadd 01 60 minute version (20)
Dernier
Dernier (20)
Itproadd 01 60 minute version
- 7. What Is a Directory Service? A service that helps track and locate objects on a network Active Directory Management Users Services Workstations Files
- 8. What Is Directory Service? (Notes) A service that helps track and locate objects on a network Active Directory Management Users Services Workstations Files
- 9. Active Directory Domains Boundary of Authentication Boundary of Policies Boundary of Replication CONTOSO.COM
- 10. Active Directory Domains (Notes) Boundary of Authentication Boundary of Policies Boundary of Replication CONTOSO.COM
- 11. Active Directory Trees CONTOSO.COM US.CONTOSO.COM OHIO.US.CONTOSO.COM Shared Schema Configuration Global Catalog
- 12. Transitive Trusts CONTOSO.COM US.CONTOSO.COM UK.CONTOSO.COM
- 13. Active Directory Forests US.CONTOSO.COM FABRIKAM.COM UK.FABRIKAM.COM CONTOSO.COM Schema Configuration Global Catalog
- 14. Demo Reviewing Domains and Trusts demonstration
- 17. Organizational Unit Applications Sales Department Marketing Department London New York Desktops Printers Hardware Devices
- 20. Domain Controllers Windows NT 4.0 Windows Server 2003 DC DC BDC BDC DC PDC
- 23. Sites and Domains CONTOSO.COM Site A Site B US.CONTOSO.COM
- 30. DNS Systems and Requirements BIND 8.1.2 Secure Update SRV Records* Windows NT Windows 2000 Windows Server 2003 AD Integration Dynamic Update* * Required for Active Directory
- 31. DNS Systems (Notes) BIND 8.1.2 Secure Update SRV Records* Windows NT Windows 2000 Windows Server 2003 AD Integration Dynamic Update* * Required for Active Directory
- 36. More Replication Scope Intersite (Compressed) Intrasite (Token Ring)
- 37. More Replication Scope (Notes) Intersite (Compressed) Intrasite (Token Ring)
- 40. Operations Master Roles Domain Roles Forest Roles PDC Emulator Schema Master Domain Master RID Master Infrastructure
- 41. Operations Master Roles (Notes) Domain Roles Forest Roles PDC Emulator Schema Master Domain Master RID Master Infrastructure
- 45. Find all these support options at www.microsoft.com/technet/support Microsoft offers a progressive series of support options starting with no-charge online support and developing through subscription, incident, and contract support. 1. No-Charge Online Support Knowledge Base Search a vast database of articles to pinpoint the information you need. Newsgroups Access over 20,000 active newsgroups on scores of topics. Product Support Centers Get answers to frequently asked questions, plus how-to articles and step-by-step instructions organized by product. DLL Help Database Search here to identify the software used to install a specific DLL version. Events and Errors Message Center Resolve event and error messages fast with explanations, recommendations, and links to support and resources. Support Webcasts Tune in to live technical presentations by Microsoft experts and take part in real-time Q&A. Chats Chat online with Microsoft specialists or search the transcript archives. User Group Program Access information and support for IT and other interest-specific user groups. TechNet Security Resource Center Get ahead of security risks with resources that keep you current, including security newsletters and the Microsoft notification service. 2. Subscription-Based Support TechNet Subscription Subscribe to TechNet for a personal library of articles, service packs, how-tos, resource kits, tools, utilities, and more. Your subscription includes monthly updates delivered on CD or DVD, so you always have the latest information, straight from the source. Upgrade to a TechNet Plus subscription and add all this: 1. Full-version evaluation software, including Microsoft Office System and Windows Server System™ products, without time restrictions. 2. Free support — two complimentary incidents, plus a discount on other support calls. 3. Unlimited, next-business-day access to reliable answers from the IT community and Microsoft Support Professionals through Managed Newsgroups (English only). 3. Assisted Incident Support E-mail Support Get online incident help via e-mail from a Microsoft Support Professional. Phone Support Get incident help over the phone from a Microsoft Support Professional. Phone Support Contract Save with a discounted 5-Pack Phone Support contract. Advisory Services Add remotely delivered consultation options from Microsoft Advisory Services for proactive support that goes far beyond routine product maintenance. 4. Contract-Based Support Premier Support Get the flexibility to match support options to your organization and enjoy direct access to Microsoft technical experts at any time, day or night. Premier Support delivers customized options for businesses with complex needs, including dedicated technical professionals to oversee your support, 24x7 problem resolution, and training and workshops that keep your IT staff up to date. Essential Support Essential Support offers prepackaged options specifically designed to meet the fundamental support requirements of any business, large or small. Includes account management, problem resolution, and information services.
Notes de l'éditeur
- Slide Title: Title Slide Keywords: Key Message: This is the session title Slide Builds: 0 Slide Script: Hello and welcome to this Microsoft TechNet session on Active Directory Fundamentals. My name is {insert name}. Slide Transition: Managing shared resources and network accounts are some of the most important and time-consuming tasks for IT personnel. Planning, deploying, and upgrading complex networks can easily become a real nightmare. In today’s session, we will see how the Active Directory system can simplify the management of network resources while offering enhanced network services. Slide Comment: Additional Information:
- Slide Title: What We Will Cover Keywords: Key Message: Topics covered in this presentation Slide Builds: 6 Slide Script: In this session, we’ll cover the fundamentals of the Active Directory system and look at the Active Directory management consoles. By the end of the session, you should have a better understanding of how Active Directory works and how it can improve the security, manageability, and availability of your network resources. [BUILD1]We’ll start with an overview of what a directory service is and the benefits Active Directory offers. [BUILD2]Next, we’ll look at the kinds of logical divisions used by Active Directory to make complex systems more manageable, like domains, trees, and forests. [BUILD3]We’ll also discuss the physical building blocks of the Active Directory system, like domain controllers and sites. [BUILD4]After looking at these fundamentals, we’ll cover the Domain Naming Service, or DNS, which plays a key part in Active Directory operations. [BUILD5]We’ll also look at how information is replicated in an Active Directory system so that everyone has the same view of the directory. [BUILD6]Finally, we’ll cover the concept of an Operations Master and how computers are organized for maximum efficiency in an Active Directory system.
- Slide Transition: As we go through today's session, you will hear various Microsoft acronyms and terminology. While we will explain all new terms related to today's session, there are some general terms from the industry or other versions of Microsoft products we may not spend time on. Slide Comment: Additional Information:
- Slide Title: Helpful Experience Keywords: Key Message: Helpful experience Slide Builds: 2 Slide Script: To get the most out of this session, we have listed the areas that it might be helpful to be familiar with, either prior to this session or to reference afterwards. [BUILD1] You should be familiar with the Windows user interface. [BUILD2] A basic understanding of network concepts is also helpful. Slide Transition: Over the course of this session, we’ll cover the following items. Slide Comment: Additional Information:
- Slide Title: Agenda: Logical Concepts of Active Directory Keywords: Key Message: Agenda Slide Builds: 5 Slide Script: [BUILD1]As previously mentioned, we’ll start by talking about what a directory service does and how Active Directory helps you organize your network. We’ll cover the terms that you hear most often when people talk about Active Directory service, and we’ll look at a real example of Active Directory configuration in Windows Server 2003. [BUILD2] Next, we’ll look at the physical building-blocks of an Active Directory system. Active Directory is quite flexible, so there are only a few essential concepts needed to understand how the system works. [BUILD3] After covering the logical and physical concepts behind Active Directory, we’ll examine the Directory Naming Service, or DNS. DNS is a core component of Active Directory. You may have heard of DNS before, but in this presentation we’ll cover what DNS does, the different varieties of DNS, and how you can migrate your current DNS system to work with the features of Active Directory. [BUILD4] We’ll look at site communication and how information is replicated so that everyone has the same view of the directory. [BUILD5] Finally, we’ll explore the concept of Operations Masters, which is how Active Directory organizes computers in a network system. By the end of this presentation you’ll be able to start planning an Active Directory implementation for your enterprise and see how Active Directory can enhance your network services while reducing management costs.
- Slide Transition: Usually, the first question that comes up when talking about Active Directory is: What is a directory service and why does it matter to me? Slide Comment: Additional Information:
- Slide Title: What Is a Directory Service? Keywords: Active Directory, directory service, overview Key Message: A directory service tracks and locates objects on a network. Slide Builds: 2 Slide Script: The simplest answer is that a directory service helps users track and locate objects. The core function of any directory service is that it lets you find information on a network and make your own data network-accessible. [BUILD1]But Active Directory does much more than allow users to find their information. In fact, the features of Active Directory make it a complete network-management system. [BUILD2]Active Directory allows you to group workstations together for easier administration. Using Active Directory, workstations can be updated, configured, and even repaired remotely. A single management interface that is accessible from anywhere on the network means more efficiency for you and less time spent bending over client workstations. Active Directory allows users to search for network services, like printers and faxes. Network services can also be managed and configured from a single Control Panel. In addition to helping you find and access your files, Active Directory offers several advanced file features that we’ll cover later in this session. These features can: Allow mobile users to access network files while offline. Improve data security by automatically backing up important files. Increase the availability of your files by keeping copies near where they’re needed most. Finally, Active Directory provides single sign-on security for users in your network. This means that users won’t have to remember multiple passwords for different applications. Instead, you can easily apply global security and configuration settings to Active Directory user accounts. Active Directory adds value to your network by increasing security, adding services, and reducing administration costs.
- Slide Transition: So now we’ll talk about domains, which are the core logical structures in Active Directory. Slide Comment: Additional Information: http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx
- Slide Title: Active Directory Domains Keywords: Active Directory, domains Key Message: Domains are the key logical units of Active Directory. Slide Builds: 4 Slide Script: Domains represent logical partitions within Active Directory for security and directory replication. Domains are unique names, like the domain names we’re all used to seeing on the Web. “Microsoft.com” is an example of a domain name, and so is “Contoso.com.” There is a one-to-one correspondence between Active Directory domains and DNS domains. [BUILD1] Domains function as containers for Active Directory objects. Active Directory objects include users, servers, workstations, and network devices, such as printers. Each domain stores information only about the objects it contains, and theoretically an Active Directory domain can contain up to 10 million objects. One million objects in an Active Directory domain is the supported limit. [BUILD2] Because all Active Directory users log on to a domain, domains are boundaries of authentication. Domain controllers are responsible for authenticating user and group passwords, and Active Directory provides single log-on security throughout the domain. Domain-wide authentication means fewer lost passwords and fewer problems with configuring permissions. [BUILD3] Domains are also policy boundaries. Security policies that are defined in one domain are not extended to other domains. This means that settings, such as administrative rights, do not cross from one domain to another. [BUILD4] Within a domain, information about objects is replicated between all domain controllers for additional security and redundancy. Important files within a domain may also be replicated to provide failover support without requiring expensive additional hardware. However, information is not replicated between domains. This means that domains are also boundaries for data replication. In short, domains define the borders of an Active Directory system. Domains provide seamless network services for users within the domain, and offer good security against systems outside of the domain.
- Slide Transition: Additionally, different domains can be grouped together to form trees. Slide Comment: Additional Information: http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx http://www.microsoft.com/WindowsServer2003/techinfo/overview/adsmallbiz.mspx
- Slide Title: Active Directory Trees Keywords: Active Directory, trees Key Message: Trees are groups of domains that share a contiguous namespace. Slide Builds: 2 Slide Script: A tree is a grouping of domains that forms a contiguous namespace. A contiguous namespace is a set of domain names in which each child adds one or more identifiers to the beginning of the parent DNS name. For example, if the parent domain was Contoso.com and the child domain was US.Contoso.com, these two would form a contiguous namespace. [BUILD1] You can keep adding identifiers to the beginning of a domain name to fit your organization’s structure or to expand Active Directory as your company grows. The name of an Active Directory tree is the name of the domain that is highest in the hierarchy. In this example, the name of the tree is Contoso.com, which is also referred to as the root of the domain tree. [BUILD2] Domains in an Active Directory tree share certain elements. They share a schema, which is the definition for all Active Directory objects. The schema also defines relationships between different kinds of objects. Domains in a tree also share configuration information about Active Directory as a whole and a Global Catalog, or GC. These objects are replicated between domain controllers in the tree. This ensures the consistency of your object definitions, settings, and Active Directory configuration across your enterprise. Slide Transition: Another important aspect of trees is trust relationships. Slide Comment: Additional Information: http://www.microsoft.com/WindowsServer2003/techinfo/overview/adsmallbiz.mspx
- Slide Title: Transitive Trusts Keywords: Active Directory, transitive, trusts Key Message: Domains within trees have transitive trust relationships. Slide Builds: 2 Slide Script: In an Active Directory tree, trust relationships link domains together so that they can be administered as a single logical unit. Every time a new domain is added to the tree, a transitive trust is formed. If domain “A” trusts domain “B,” then domain “A” trusts all the domains that “B” trusts. In this example, there is a trust relationship between Contoso.com and US.Contoso.com. [BUILD1] If another domain called UK.Contoso.com is added, a trust relationship is set up between the root of the domain, Contoso.com, and the new child domain. [BUILD2] Because trust relationships within a tree are transitive, US.Contoso.com will also trust UK.Contoso.com, so no additional configuration for each domain in the tree is needed. Slide Transition: So what do you get when you have more than one tree? Slide Comment: Additional Information: http://www.microsoft.com/WindowsServer2003/techinfo/overview/adsmallbiz.mspx http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/6f8a7c80-45fc-4916-80d9-16e6d46241f9.mspx
- Slide Title: Active Directory Forests Keywords: Active Directory, forests Key Message: A forest contains one or more trees and one or more namespaces. Slide Builds: 1 Slide Script: A forest is composed of one or more trees. Unlike a tree, a forest can contain several noncontiguous namespaces. In this example, the forest contains two trees, each of which has its own namespace: Contoso.com and Fabrikam.com. The forest takes the name of the first tree to be installed in that forest. In the same way that transitive trust relationships exist between domains in a tree, there are bidirectional trust relationships between top-level domains in a forest. [BUILD1] Just like trees, forests share a common schema, configuration, and Global Catalog. Forests provide a way of linking together branches of an enterprise or different enterprises that are collaborating in a joint venture. Slide Transition: So let’s look at a demonstration of how all this actually works. Slide Comment: Additional Information: http://www.microsoft.com/WindowsServer2003/techinfo/overview/adsmallbiz.mspx http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/6f8a7c80-45fc-4916-80d9-16e6d46241f9.mspx
- Slide Title: Demonstration: Reviewing Domains and Trusts Keywords: Key Message: demonstration Slide Builds: 0 Slide Script: In this demonstration, we will look at Active Directory Domains and Trusts, and review how trusts are formed within an Active Directory forest. Slide Transition: The next level of granular control offered by Active Directory is Organizational Units. Slide Comment: Additional Information:
- Slide Title: Organizational Units Keywords: Active Directory, Organizational Units Key Message: OUs organize objects within a domain, and are distinct administrative units. Slide Builds: 4 Slide Script: Domains, trees, and forests are powerful tools for organizing systems in your network. But sometimes administrators need even more flexible control over their network structure. Organizational Units, or OUs, are containers that you can use to group together other objects. OUs can be used to organize users, computers, groups, printers, applications, file shares, and even other OUs. This means that OUs can be customized for virtually any network or enterprise structure. [BUILD1] For example, each department of Contoso.com contains a group of users who use desktop workstations to access a specific group of printers, servers, and applications. By combining different types of objects, Organizational Units can be defined to contain all the resources used by each department. [BUILD2] Because OUs can have their own administrators, policies, and settings, customized OUs simplify enterprise-wide network management. Objects that should be managed by the same administrator can be grouped together, and authority to manage the specific OU is delegated to an appropriate user by the domain administrator. For example, the Finance department of Contoso.com has its own IT staff, so all directory objects belonging to the Finance department are grouped together and controlled by a Finance department administrator. Delegating administration of OUs can distribute IT demands more efficiently. [BUILD3] Group Policy allows you to define settings for each OU in your enterprise. Group Policy allows administrators to implement rules and default settings that are applied to all objects in an OU. By using Organizational Units, you can easily apply changes and updates to specific groups without affecting other systems in the domain. [BUILD4] Finally, by applying security configurations on a per-OU basis, you can improve the overall security of your enterprise. For example, Contoso.com hires independent contractors who need limited access to company data. By placing consultants in a single OU, you can easily define security configurations that allow contractors to use the systems they need while consistently limiting their ability to reach other parts of the network.
- Slide Transition: Now let’s take a closer look at how Organizational Units can be used. Slide Comment: Additional Information: http://www.microsoft.com/WindowsServer2003/techinfo/overview/adsmallbiz.mspx http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/6f8a7c80-45fc-4916-80d9-16e6d46241f9.mspx http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
- Slide Title: Organizational Unit Applications Keywords: Active Directory, Organizational Units Key Message: OUs support flexible organizational structures. Slide Builds: 4 Slide Script: OUs can be configured to meet your administrative needs and fit the unique structure of an enterprise. [BUILD1] OUs can be built for company departments. [BUILD2] Or for geographic locations. [BUILD3] Or by different types of devices. By using Organizational Units, you can make Active Directory objects even easier to locate and manage. [BUILD4] For even further flexibility, OUs can be nested inside each other. Slide Transition: Let’s look at a demonstration of Organizational Units in a real-world scenario. Slide Comment: Additional Information: http://www.microsoft.com/WindowsServer2003/techinfo/overview/adsmallbiz.mspx http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
- Slide Title: Demonstration: Using Organizational Units Keywords: Key Message: demonstration Slide Builds: 0 Slide Script: In this demonstration, we will look at Organizational Units in Active Directory, and how they can be used to simplify network navigation and administration. We will create and populate an Organizational Unit, and define a simple Group Policy for that OU. Slide Transition: Now that we’ve covered the core logical units of Active Directory, it’s time to move on to look at the physical building-blocks of an Active Directory system. Slide Comment: Additional Information:
- Slide Title: Agenda: Physical Concepts of Active Directory Keywords: Key Message: Agenda Slide Builds: 0 Slide Script: Everything we’ve talked about so far in this presentation has focused on logical concepts used by Active Directory. Next, we’ll go over the physical building-blocks of the Active Directory system. With this information, you’ll be able to start planning a physical structure for Active Directory that meets your organization’s needs and optimizes your existing network structure. Slide Transition: We’ll start by looking at domain controllers. Slide Comment: Additional Information:
- Slide Title: Domain Controllers Keywords: Active Directory, domain controller, replication Key Message: Domain controllers replicate directory information between each other. Slide Builds: 2 Slide Script: No matter what type of domain structure you run, there is at least one domain controller. A domain controller is a server that Active Directory system users log in to and that contains information about your directory structure. This information includes configuration settings, the directory schema, and the Global Catalog. To ensure continuous availability of directory services, an Active Directory system should contain at least two domain controllers. [BUILD1] In Windows NT, there are two types of domain controllers: primary domain controllers, or PDCs, and backup domain controllers, or BDCs. Since only the PDC holds a read/write copy of the directory, all changes to the directory need to be made on the PDC. The updated data is then replicated to the BDCs. [BUILD2] In a Windows 2000 Server or Windows Server 2003 Active Directory system, there’s not a separation between primary and backup domain controllers. Instead, all computers that participate in the authentication process are simply called “domain controllers,” or DCs. They all hold writable copies of the directory information, and they all replicate information between each other. This simplifies the Active Directory structure, eliminates single point-of-failure servers, and improves the flow of network traffic. Slide Transition: If domain controllers are the heart of an Active Directory installation, sites are the circulatory system. Slide Comment: Additional Information: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/c283b699-6124-4c3a-87ef-865443d7ea4b.mspx
- Slide Title: Active Directory Sites Keywords: Active Directory, sites Key Message: A site is a group of well-connected computers in an Active Directory system. Slide Builds: 4 Slide Script: An Active Directory site is a set of TCP/IP subnets that are considered to be “well-connected.” Well-connected generally means a group of computers that are linked through a high-bandwidth LAN, with at least 10 MB of throughput. When planning an Active Directory system, sites are used to optimize network traffic and maximize data availability. [BUILD1] In this example, a company has two offices in different locations. The computers in each office, which are connected together on a LAN through a router, are each considered an Active Directory site. The two Active Directory sites are linked together through a slower WAN connection. In an Active Directory system, sites have three main purposes. [BUILD2] First, sites are used to locate services, such as logon and DFS services. When a client requests a connection to a DC, sites are used to preferentially allow the client to connect to a DC within the same site. If no DC exists within the user’s site, Active Directory will search for a DC in the closest site on the network. The same is true when a client requests a connection with a network service, like a distributed file. By matching clients with resources inside the same site, Active Directory maximizes network performance. [BUILD3] Second, sites are used to control replication throughout an enterprise. Active Directory automatically creates more replication connections between domain controllers in the same site. This results in lower replication latency within a site and lower replication bandwidth costs between sites. [BUILD4] Finally, policy objects can be applied to sites as a group, making sites natural boundaries for defining security and configuration settings.
- Slide Transition: So how do sites and domains work together? Slide Comment: Additional Information: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/c283b699-6124-4c3a-87ef-865443d7ea4b.mspx
- Slide Title: Sites and Domains Keywords: Active Directory, sites, domains Key Message: Sites and domains can overlap. Slide Builds: 2 Slide Script: The answer is that sites and domains can be combined to work together however you want. Because sites are a physical construct, they can overlap with domains, which are logical constructs. A site can contain an entire domain, or only part of a domain, or even multiple domains. [BUILD1] In this example, our enterprise contains two sites: Site A and Site B. The Contoso.com domain contains one computer from Site A and all the computers from Site B. [BUILD2] Site A also contains computers that are part of the US.Contoso.com child domain. This is one of the main concepts to remember and one people get confused on: Domains are logical structures; sites are physical structures. Slide Transition: The last important physical building-block of an Active Directory system is the Global Catalog. Slide Comment: Additional Information: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/c283b699-6124-4c3a-87ef-865443d7ea4b.mspx
- Slide Title: Global Catalog Keywords: Active Directory, Global Catalog Key Message: The Global Catalog is a limited, forest-wide database of attributes. Slide Builds: 4 Slide Script: When talking about Active Directory systems, you will often hear the term Global Catalog, or GC. Knowing what a GC is and how it works is important to understanding Active Directory. [BUILD1] In basic terms, the Global Catalog is a database that contains a set of attributes of all the objects in the forest. This means that some attributes of every object in every domain database in the forest will be maintained in the Global Catalog. [BUILD2] For example, a domain database might contain dozens of attributes for each user, such as the user’s e-mail address, office location, manager, phone number, and so on. The Global Catalog might only contain a few of these attributes, such as the user’s e-mail address and phone number. The attributes for each type of object that are published to the Global Catalog can be configured to meet your organization’s needs. [BUILD3] The Global Catalog is used for fast forest-wide searches of enterprise objects. By publishing some attributes of each object to the Global Catalog, you can make it easy for anyone in your enterprise to quickly locate important resources. For example, by publishing the e-mail addresses of all users to the Global Catalog, you can create a searchable enterprise-wide employee directory. [BUILD4] Typically, an Active Directory system will contain one Global Catalog server, which is simply a domain controller that is also configured to hold the Global Catalog. Global Catalog servers are identified as such in DNS and can be located by clients using DNS. The Global Catalog server is also used during logon to determine universal group membership, since universal groups do not reside within any particular domain.
- Slide Transition: Let’s turn to a demonstration now to see these concepts in action. Slide Comment: Additional Information: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/techref/6F8A7C80-45FC-4916-80D9-16E6D46241F9.mspx
- Slide Title: Demonstration: Using Sites and Global Catalogs Keywords: Key Message: demonstration Slide Builds: 0 Slide Script: In this demonstration we’ll go over the process of actually defining a site within Active Directory so that you can see what the process looks like. We’ll also review the settings in the Global Catalog and see how attributes of objects within a domain are published to the Global Catalog. In the process, you’ll get a good sense of the physical setup process for an Active Directory system and how Active Directory can be integrated with your existing infrastructure. Slide Transition: So now we’ve looked at the essential logical and physical building blocks of Active Directory. Next, we’ll turn to one of the core services that makes directory services possible: DNS. Slide Comment: Additional Information:
- Slide Title: Agenda: DNS in 10 Minutes Keywords: Key Message: Slide Builds: 0 Slide Script: In the first two parts of this session, we covered the logical and physical concepts behind an Active Directory system. When planning an Active Directory implementation, you’ll need to consider both aspects of the system. Because Active Directory is a directory service, it needs a lookup system. That system is DNS. Slide Transition: First of all, what is DNS? Slide Comment: Additional Information:
- Slide Title: DNS Keywords: DNS, Domain Naming System, DNS overview Key Message: DNS is used to locate servers and services in Active Directory. Slide Builds: 3 Slide Script: DNS is how Active Directory finds services and resources. Most network services, including Active Directory, require DNS to function, and DNS is the key to understanding how traffic flows through a network. Because of this, it’s worth reviewing how the DNS request process works. [BUILD1] When an Active Directory client connects to a network service, for example, to log in to the directory or to perform a directory search, it sends a request to a DNS server. The request includes information about what service the client is looking for and the site where the client is located. [BUILD2] The DNS server sends back information about the locations of domain controllers in the Active Directory system, and SVR records which list the services that are available on each DC. The information returned by the DNS server is weighted based on the site location of the client, so that clients will always try to connect with the closest service. This information is then cached on the client computer to minimize the need for future DNS requests and reduce network traffic. [BUILD3] Finally, the client uses the information returned by the DNS server to connect with a nearby domain controller and the requested network service.
- Slide Transition: It’s important to note that not all DNS systems are created equal. Slide Comment: Additional Information: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/5af19b48-61b9-4acf-899d-18a9031a7d08.mspx http://www.microsoft.com/seminar/shared/asp/view.asp?url=/seminar/en/20040617TNT1-114/manifest.xml
- Slide Title: DNS Systems and Requirements Keywords: DNS, DNS features, Active Directory Key Message: Use the Microsoft DNS server for best Active Directory integration. Slide Builds: 1 Slide Script: To work with Active Directory, your network’s DNS system needs to support SRV records as well as the Dynamic Update Protocol. This is necessary so that systems in your directory can dynamically update their own DNS mappings and request information about services. Think of this in the same terms as how WINS has always worked: Clients dynamically update their own information in a WINS database. [BUILD1] Several common non-Microsoft DNS servers, including Bind 8.1.2 and later, are compatible with Active Directory. To get the most out of Active Directory, however, you’ll want to use Windows 2000 or later. Some of the features offered by the Microsoft DNS server that comes with Windows 2000 Server and Windows Server 2003 include: Integration with Active Directory. Both DNS and Active Directory have databases that are replicated between computers. With Active Directory integration of the DNS database, only a single replication topology needs to be managed, simplifying administration. We’ll cover replication in more detail during the next section of this presentation. Multimaster update. With standard DNS, changes to the DNS database may only be performed on the primary master. Secondary masters always get their copies of the DNS database from a primary master (or from another secondary master). With Active Directory integration, changes to the DNS database can be performed on any DNS server that manages that zone. Secure dynamic update. This improves DNS security by authenticating hosts that are dynamically registering their names.
- Slide Transition: Let’s take a look at the Microsoft DNS setup of a working Active Directory. Slide Comment: Additional Information: http://www.microsoft.com/downloads/details.aspx?FamilyID=788975b1-5849-4707-9817-8c9773c25c6c&DisplayLang=en http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/5af19b48-61b9-4acf-899d-18a9031a7d08.mspx
- Slide Title: Demonstration: Working with DNS Keywords: Key Message: demonstration Slide Builds: 0 Slide Script: In this demonstration, we’ll look at the Windows DNS management console and go over some of the common settings that are important to understanding how the DNS service stores information and locates resources on the network. Slide Transition: Next, one of the most powerful features of Active Directory is replication. Slide Comment: Additional Information:
- Slide Title: Agenda: Overview of Active Directory Replication Keywords: Key Message: Agenda Slide Builds: 0 Slide Script: After looking at DNS, we’ll now look at how information is replicated through an Active Directory system, guaranteeing your data and directory service availability. A good understanding of replication will help you plan and administer your Active Directory implementation more effectively. Slide Transition: We’ll start by talking about replication scope. Slide Comment: Additional Information:
- Slide Title: Replication Scope Keywords: Active Directory, replication, naming context Key Message: Replication scope is governed by naming context. Slide Builds: 3 Slide Script: By dividing up directory information and storing it where needed, Active Directory reduces the data that each domain controller holds and helps to decrease network traffic. At the same time, by replicating directory information to several DCs, Active Directory ensures that users always have a consistent view of the directory; it also provides failover support. Active Directory uses a sophisticated replication scheme based on several different concepts. The first of these is naming context. Naming context governs how widely information is replicated, and there are three predefined naming contexts. [BUILD1] The schema naming context contains objects that represent all the classes and attributes that Active Directory supports. Because the schema is a forest-wide definition, it is replicated to every domain controller in the forest. [BUILD2] The configuration naming context is also considered forest-wide and is replicated to all domain controllers. The configuration naming context contains all the information for the forest about domains, sites, and where domain controllers reside. [BUILD3] Finally, the domain naming context. This contains only domain-specific information, such as users, groups, OUs, and computers. Each domain has its own context that it replicates only to domain controllers within the domain.
- Slide Transition: In addition to naming context, Active Directory also uses the logical and physical location of domain controllers to efficiently manage replication. Slide Comment: Additional Information: http://www.microsoft.com/windowsserver2003/technologies/storage/dfs/tshootfrs.mspx
- Slide Title: More Replication Scope Keywords: Active Directory, replication, intersite, intrasite, sites Key Message: Replication topologies are automatically generated. Data replicated between sites is compressed. Slide Builds: 2 Slide Script: As discussed previously, each domain controller in an Active Directory system maintains and replicates a complete writeable copy of the domain database. This is a big change from NT 4, in which all changes to the domain database had to be made on the PDC. Now, any DC can make those changes, and the information will work its way around the domain. The Knowledge Consistency Checker, or KCC, automatically generates an optimized replication topology based on the definition of sites and site links. Here’s how it works: [BUILD1] Within a site, the KCC automatically generates a bidirectional ring topology for all domain controllers in the same domain. The KCC also ensures that there are no more than three hops from any domain controller in a site to any other domain controller in a site by adding additional replication partners where necessary. Intrasite replication is RPC-based and not compressed, so good network connectivity is assumed. [BUILD2] Between sites, the KCC automatically generates a spanning tree-replication topology. To make the most efficient use of your network, you can associate a cost factor with the link between each site and designate one or more DCs in a site to be a bridgehead server for that site. Bridgehead servers act as channels for all intersite replication traffic. Based on all this configuration, the KCC generates a minimum-cost topology for replication. Intersite replication can be scheduled and is also compressed significantly, up to 15 percent of the original data volume for RPC and 30 percent for SMTP, reducing expensive network traffic. By automatically generating an intelligent replication scheme that takes into account your existing network topology, Active Directory eliminates the need for complex manual configuration and reduces administration overhead.
- Slide Transition: Next, a look at Operations Masters. Slide Comment: Additional Information: http://www.microsoft.com/windowsserver2003/technologies/storage/dfs/tshootfrs.mspx
- Slide Title: Agenda: The role played by Operations Masters Keywords: Key Message: Agenda Slide Builds: 0 Slide Script: Operations Masters are how Active Directory manages certain essential directory functions. Once you’re familiar with how Operations Masters work, you will have a good grasp of the fundamentals of Active Directory. Slide Transition: We should start by defining what an Operations Master is. Slide Comment: Additional Information:
- Slide Title: Operations Masters Keywords: Operations Masters Key Message: Operations Masters perform a network function exclusively. Slide Builds: 3 Slide Script: We mentioned earlier that Active Directory is a multimaster directory service. All domain controllers can write to the database. However, there are times when the ability for anyone to write to the database is not ideal, and the best way to approach this situation is in a single-master mode. [BUILD1] This is handled in Active Directory with Operations Masters. Operations Masters are servers that are nominated to perform an Active Directory operation exclusively. There are five functions within Active Directory, and only one server can perform that function (we’ll cover those functions in a moment). These functions are collectively called Flexible Single Master Operations, or FSMOs for short. [BUILD2] As with naming contexts, some FSMOs are domain-wide and some are forest-wide. Operations Masters perform their exclusive function within a specific scope, either a domain or a forest. [BUILD3] The last point to make about Operations Masters is that by default, the first domain controller to be installed is the Operations Master for all FSMOs in the forest. You can manually assign Operations Masters roles to other domain controllers as you’re configuring your Active Directory system. Slide Transition: So what are the FSMOs ? Slide Comment: Additional Information: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/7fffd300-bbf1-4d9f-a46c-43252c364116.mspx
- Slide Title: Operations Master Roles Keywords: Operations Masters, roles, FSMO Key Message: Here are the list of FSMOs in Active Directory. Slide Builds: 2 Slide Script: [BUILD1] The first two roles we will talk about are forest-wide functions. The DC nominated as the schema master is the only computer in the forest allowed to make changes to the schema, such as adding classes or attributes. If you go from here to work with Exchange 2000 or 2003, you will know the schema master well because the first part of an Exchange install must be performed on the schema master to extend the schema. The other forest-wide FSMO role is the domain master. This DC is allowed to make changes to the namespace—in other words, adding or removing domains. [BUILD2] There are three domain-wide single-master roles. The first is the PDC emulator. This DC acts as the PDC for older NT clients. If, for example, you upgrade an NT 4 domain that has a number of BDCs, the PDC emulator is the connection between the BDCs and Active Directory. Changes such as password updates and account lockouts are replicated to these down-level clients. To a BDC, this DC looks and acts like a PDC. The Relative Identifier, or RID Master, generates pools of Security Identifiers, or SIDs. Whenever a security-enabled object is created in a domain, it needs a SID so it can be uniquely identified. Because there can be any number of domain controllers, a system of ensuring that only unique SIDs are allocated is needed. The RID Master creates a pool of unique identifiers and passes them out to each DC. The DCs then use this pool to assign SIDs to objects. When a DC starts to get low in its pool, it asks the RID Master for more. The final single-master function is the Infrastructure Master. This master is used to maintain references to objects in other domains. It is the Infrastructure Master’s responsibility to ensure references for objects across domains are maintained and always up-to-date.
- Slide Transition: So now that we’ve covered all this material, let’s summarize what we have learned. Slide Comment: Additional Information: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/7fffd300-bbf1-4d9f-a46c-43252c364116.mspx
- Slide Title: Summary Keywords: Key Message: Summary Slide Builds: 3 Slide Script: In this session, we’ve gone over the fundamental concepts of the Active Directory system and looked at the roles that Active Directory plays in a network environment. [BUILD1] We’ve seen how the flexible categories provided by Active Directory, like Organizational Units, can be used to arrange objects together into manageable, easy-to-find groups. OUs can be used to abstract the organizational structure of a company, improving overall security and making your network more maintainable by creating representations of departments, geographic regions, groups of workers, and so on. [BUILD2] We discussed the fact that like most directory services, Active Directory requires DNS in order to function. DNS allows resources to be quickly located on your network, and not all DNS systems are created equal: some contain additional features that add value to your network environment. For the best security and integration with Active Directory, you should upgrade your DNS system to the DNS package that ships with Windows Server 2003. [BUILD3] Finally, we saw how Active Directory replicates critical information between domain controllers and sites so that your directory is kept secure and consistent. By using smart replication schemes, such as automatically generated topologies and data compression, Active Directory minimizes bandwidth use while keeping the system failover-protected and up-to-date. Slide Transition: To get more information on the products and technologies we have covered today, we have some online resources available that can help. Slide Comment: Additional Information:
- Slide Title: More Information Keywords: Key Message: Slide Builds: 0 Slide Script: For the most comprehensive technical information on Microsoft products, visit the main TechNet Web site at www.microsoft.com/technet. Additionally, visit www.microsoft.com/technet/ADD-01 for more information on books, courses, certifications, and other community resources that relate directly to this particular session. Slide Transition: There are a number of other resources that are available from Microsoft. Slide Comment: Additional Information: www.microsoft.com/technet/add-01
- Slide Title: TechNet Subscription Keywords: TechNet, subscription, benefits Key Message: TechNet Plus has some new benefits. Slide Builds: 0 Slide Script: Many of you may be familiar with TechNet events and the TechNet Web site, but have you realized the benefits of being a TechNet Plus subscriber? A TechNet Plus subscription is the most convenient and reliable resource for IT professionals evaluating, managing, and supporting Microsoft technologies. With a TechNet Plus subscription, you can: Evaluate Microsoft software without time limits. This benefit allows you try products at your own pace and make informed decisions without worrying about the software expiring. TechNet Plus evaluation software includes the latest Microsoft operating systems, server applications, and Office products. With TechNet Plus, you can also save time resolving technical issues. TechNet Plus subscriptions include a range of support options, including the complete Microsoft Knowledge Base delivered each month on portable media, and two complimentary professional support incidents to address your technical roadblocks. TechNet Plus offers centralized access to current, authoritative technical guidance, software and support resources from Microsoft. IT professionals around the world rely on TechNet Plus to help them build their technical expertise and be successful implementing Microsoft solutions. For details, visit www.microsoft.com/technet/subscriptions Slide Transition: On the subject of TechNet and support, the new TechNet support pages outline all the support options open to you. Slide Comment: Additional Information: http://www.microsoft.com/technet/subscriptions http://www.microsoft.com/technet
- Slide Title: TechNet Troubleshooting and Support Keywords: community Key Message: Where to get more help Slide Builds: 0 Slide Script: The enhanced TechNet Troubleshooting and Support page outlines all the ways to get support assistance from Microsoft. From free online support options to subscription-based support, you’ll find all your Microsoft support resources in one location at www.microsoft.com/technet/support. Slide Transition: TechNet also provides a number of community resources. Slide Comment: Additional Information: www.microsoft.com/technet/support
- Slide Title: Community Help Keywords: community Key Message: Where to get more help Slide Builds: 0 Slide Script: There are a number of free community resources available on TechNet. You can attend a regular chat with members of the products groups or technology specialists from Microsoft, or you can attend a webcast where you can see sessions like the one you’ve just watched but presented live and with the ability to ask questions as you go. You can also read or post questions in the public newsgroups. The Newsgroup page lists the available groups and provides an interface from which you can read and post messages. TechNet Plus subscribers can use these groups to post questions that, through their subscription ID, will be answered by Microsoft within 24 hours. The main community site provides a comprehensive list of resources available—more than we can cover on this slide—plus the page has some dynamic features with continually updated content. The Events page provides dates and details where you can attend a TechNet event live. These events take place worldwide and provide the opportunity for you to talk to Microsoft specialists face-to-face. And finally, the TechNet Columns provide a variety of topics written by industry authors. Slide Transition: [Thank the audience for attending and sign off.] Slide Comment: Additional Information: HTTP://www.microsoft.com/technet/community/columns HTTP://www.microsoft.com/technet/community/events HTTP://www.microsoft.com/technet/community/chats HTTP://www.microsoft.com/technet/community/webcasts HTTP://www.microsoft.com/technet/community/newsgroups HTTP://www.microsoft.com/technet/community