Technology / Active Directory Outline

Active Directory Outline

This essay Active Directory Outline is available for you on! Search Term Papers, College Essay Examples and Free Essays on - full papers database.

Autor:  anton  05 October 2010
Tags:  Active,  Directory,  Outline
Words: 2835   |   Pages: 12
Views: 551


Active Directory is the flagship component of Windows 2000 Server and Advanced Server

• From logon to application installation

• Definition of Directory

• Directories have been around since the 60’s

• Current examples are:

• Domain Name System (DNS)

• Windows Internet Name Service (WINS)

• Novell Directory Services (NDS)

• A database used to store and organize data

What is a Directory Service?

• A stored collection of information about defined objects that are related to each other in some way

• Telephone directory – stores names of entities and telephone numbers

• In a modern computing environment many objects need to be located and used:

• Servers

• Printers

• Fax Servers

• Databases

• Admins and users must be able to locate and use these objects

• A directory service stores all the information needed to use and mange these objects centrally

• Provides the means of storing the information AND the services making this information available to users

• It is the main switchboard and central authority of your network operating system that;

o Manages the identities

o Controls the relationships (access) between resources

• Because of this it must be tightly coupled with the OS’s management and security mechanisms to be effective.

• Allows the definition and maintenance of the network infrastructure

• Allowing system admin

• Control the user experience

Why Have a Directory Service?

• A simplified and centralized means of organizing and administering access to resources of a network

• NT4 Domains, flat and very limited

• Users only need to know attributes of an object to find something (provided they were added!)

• Is an administrative and end user tool

• Other Functions

• Enforce security

• Distributes a Directory across many computers in the Network

• Replicate information to make it available and resist failure

• Partitioning allows multiple stores across a network for larger amounts of data and allow for more space

Simplified Administration

• Resources organized hierarchically in Domains

• A Domain has one or more linked Domain Controllers

• A change made to one DC is made to all DC’s in the Domain

• A single point of admin for all objects in the network


• Directory can be broken into sections to allow for a large number of objects

• Can easily be expanded (or contracted)

Open Standards Support

• Uses DNS for it’s name system

• Integrate the internet concept of a name space

• Allows you to unify and manage multiple name spaces that (if they) already exist

• Can exchange information with any app or directory that uses LDAP or HTTP


• W2K (Active Directory) are DNS names

• Dynamic DNS allows auto update of DNS table

Support for LDAP and HTTP


• Version of the X.500 directory access protocol

• AD supports LDAP 2 and 3

• HTTP support can display every object in a web browser

Support Standard Name Formats

• RFC 822

• Someone@Domain

• HTTP Uniform Resource Locator (URL)

• http://domain/path-to-page

• Universal Naming Convention (UNC)

• domainfoldernamefile.doc


• LDAP://, OU=admin, OU=Division, DC=services

Directories must address four business principles:

• Cost

o Business decisions are based on return on investment and expected result at a given cost

o Perceived value must outweigh the actual costs

• Security

o “Money is Power” has changed to “Information is Power”

o Information includes competitive and proprietary data

o This information must be secure

• Reliability

o Uptime is the key word in business networks

o If the information is not available…it is of no value

• Performance

o Good network design can produce results

o Bad design impacts the ability to perform

Before Directories

• Network operating systems (NOS) were server based

• Account management done on a server-by-server basis

• Each server maintained its own list of user accounts

• Accounts database

• Each server also maintained a list of user permissions

• Access Control List (ACL)

• Server-based networking does not scale!

Windows NT solution

• Small groups of servers share one list of users

• Central accounts database

• Single point of management for administration

• Domain-based networking but still does not scale

In a Domain

• All user information is stored in a single place and managed with a single set of tools

• Users can access the network via a single account

Network Directory Environment

• Holds ALL user and resource information across the entire network

• Users ARE resources

Network directories

• are databases that hold network information including:

o User account info (logon names, passwords, restrictions)

o User personal info (phone numbers, addresses, employee ID numbers)

o Peripheral configuration info (printers, modems, faxes)

o Applications configurations (Desktop preferences, default directories)

o Security information

o Network infrastructure configuration (routers, proxies, Internet access settings)

o Information stored in a centrally controlled, standards-based database

o Becomes the central control point for many different network processes.

User Logon

• Client software will request authentication from the directory

• Directory service will identify if the account name is valid

• Check for a password

• Validate the submitted password

• Check for any restrictions on the account

• Determine if the logon request should be granted

Resource access

• Directory queried each time user tries to access a network access

• Directory authenticates the request

• Determines if user has appropriate permissions

• Returns resource’s physical address to the client

Personal preferences

• Upon logon; Desktop settings, default printer, home directory location, application icons are downloaded to whatever computer the user logs on from

• All settings are centrally located

• Can be centrally controlled

Network Directories – Active Directory

• Contains information used to access, manage or configure a network

• Records are called objects

• Definition of how those records are formed and what properties are available is stored in the schema

• Extensible because the schema can be modified

• Is a hierarchical not relational database

• Objects are contained in multiple classes

Central Database of Network Resources

• Object classes have properties pertaining to their function

• All information about all network resources in a single database has advantages

• Administrators have a single interface

• Reduced learning curve for new personnel

• Reduced redundant management

• Extensible as new object classes can be created

• Classes can be modified by developers

For Administrators

• Only one user account per user

• Simpler hardware setup – configuration can be copied to multiple pieces of hardware

• Database can be replicated for redundancy

For Users

• Single sign-on

• Application self-management/restoration

• Modeled after the company business structure

Active Directory components

• Security subsystem

• Applications running in user mode do not have direct access to the operating system or hardware

• Each request for resources must be passed through various components to determine whether the request is valid

• Access control lists protect objects in the AD structure

• Security infrastructure has four functions

• To store security policies and account information

• To implement and enforce security models

• To manage authentication requests to AD objects

• To store and manage trust information

• Directory Service Module

• Multiple components that work together to control access to the actual database itself

• Agents layer

• Directory System Agent layer

• Database layer

Active Directory Structure

• How the information is stored in the database

• Built on X.500 recommendations

• X.500 is not a standard but a recommendation for organizing directories

• X.500 originally developed along the OSI model

• The goal of the specification was to provide a mechanism that would give products from different vendors the capability to access and share information

• What is defined is a common method of organizing, naming and accessing information

• Recommendation includes defining the hierarchical structure; referred to as the directory tree

X.500 hierarchical Structure

• Two main goals for structure design

• Object identification – ensures each object has some sort of unique identified

• Object organization – allows the data to be broken into subsets for administrative proposes

X.500 Tree

• Structure defines different types of container objects, like leaves on a tree

• Country – “C” object

• Highest container object in the schema

• Organization – “O” object

• Can only exist off the root of the tree or below a country

• Location – “L” object

• Grouping object that can exist at any level of the tree except directly below the root

• Organizational unit – “OU” object

• Grouping object that can exist under O’s or OU’s

Building Active Directory Trees

• Objects used to build a tree

• Functional objects

• Concepts

• Active directory provides a method for designing a directory structure

• Show you the objects to be found in Active Directory and the functions of it’s components:

o Building Blocks

o Objects

o Schema

o Components

o Functionality

o Replication

o Global Catalog

o Trust Relationships



• An object is a distinct names set of attributes that represents a network resource

o Typical Object Classes

•User accounts




•Organizational Units

• NOTE: Some objects are containers which can contain other objects.


• Is a list of definitions that defines objects that can be stored in Active Directory

• There are two types of definitions

• Attributes

• Classes (objects)

• Attributes

o Are defined only once

o Can be used in multiple classes

• Classes (Objects) 0 also referred to as object classes

o Describe the possible AD objects that can be created

o Is a collection of attributes

• Example:

• The user class is composed of many attributes, Firstname Lastname, home directory, email addresses, etc.

• You can extend the schema by adding more classes and attributes for each class


• AD uses components to build a directory structure that fits your organization

• The logical structures of your organization are represented by the following components:


•Organizational Units (OU’s)



• The physical structure is represented by

• Sites (Physical Subnets)

• Domain Controllers

Logical Structures

• In AD you organize resources in a logical structure that mirrors the logical structure of the organization

• Grouping logically enables you to:

• Find a resource by it’s name rather than a physical location

• The physical network is (should be) completely transparent to users


• Core unit of logical structure in AD

• Can store millions of objects

• Objects stored in a Domain are those which are interesting to the network

• All network objects exist within a Domain

• Each Domain stores info only about objects it contains

• Domains can span more than one physical location

• Is a security boundary

• Access control lists (ACL’s) control access to Domain objects

• Objects protected this way include:

• Files

• Folders

• Shares

• Printers

Organizational Units

• Is a container used to organize objects within a Domain

• OU’s can contain:

• User accounts

• Groups

• Computers

• Printers

• Applications

• File Shares

• Other OU’s

• All objects must be from the same Domain

• Each OU hierarchy within a Domain is totally independent of any other Domain structure

• OU’s can provide a means of handling admin tasks, they are the smallest scope to which you can delegate admin authority

• Reflect the structure within the Domain

• Delegate Admin Control

• Easier to move users between OU’s rather than Domain

• Group objects to locate similar resources and simplify admin and locating objects

• Restrict visibility of network resources

• Guidelines

• Shallow trees perform better

• OU’s should represent structures which are not subject to change


• A hierarchical arrangement of one or more Domains

• Domains in a tree share:

•A contiguous name space

•Hierarchical naming structure

• Share the following characteristics

• Domain name of the child Domain is the relative name of that child Domain appended with the name of the parent Domain

• All Domains share a common schema

• All Domains share a global catalog


• Have the following characteristics

• Share a common schema

• Tress have a different naming structure (according to their Domain)

• All Domains in a forest share a global catalog

• Domains in a forest operate independently, but a forest enable communication across the organizations structure

• Implicit two way transitive trust exists between Domains and Domain trees

Distributed, Replicated Directory Database

• AD is broken into pieces called partitions

• Partitions are placed on servers close to the users that use them

• Fault tolerance is provided by replicating those partitions to multiple servers

The Business Case

• Active Directory allows users and administrators to see their network as a logical set of resources

• Design of the infrastructure relates to the physical network

• Two sets of standards or models are considered:

• Geographic model – determined by the number of physical locations and the connectivity between them

• Three levels of models; regional, national & international

• Business model – refers to the business relationship between sites and services

• Determine the relationship between location and its relationship to the company

Focusing on the Business Model

• Analysis of more than just bandwidth

• Political relationships

• Uses for the network ( just email or real time database access)

• Similarities and differences between the sites – physical makeup and management philosophy

• Corporate offices vs. branch offices vs. subsidiary offices

Analyzing the Business Environment

• Departmental model – traditional method of managing a business

• Project-Based model – “new age” management – company is broken into small groups or teams which contain all the resources they need to support a project

• Product/Service-Based model – groups are organized to support specific products or services

• Cost Center model – hybrid of the above – groups are divided across cost centers

Analyze the Existing and Planned Organizational Structures

• Management model

• Company Organization

• Vendor, partner and customer relationships

• Acquisition plans

• Analyze Factors that Influence Company Strategies

• Identify:

• The company priorities

• The projected growth and growth strategy

• The relevant laws and regulations

• The company’s tolerance for risk

• The total cost of operations

Analyzing the IT Environment

• Type of Administration – central or de-centralized

• Funding model

• Outsourcing

• Decision-making process

• Change-management process

Evaluate the company’s existing and planned technical environment

• Analyze performance requirements

• Analyze data and system access patterns

• Analyze network roles and responsibilities

• Analyze security considerations

Analyze the impact of AD on the existing and planned technical environment

• Assess existing systems and applications

• Identify existing and planned upgrades and rollouts

• Analyze technical support structure

• Analyze existing and planned network and systems management

Active Directory Naming Strategies

• Establish the scope of the Active Directory

• Design the namespace

• Plan DNS strategy

Design the placement of DNS servers

• Considerations include:

• Performance

• Fault tolerance

• Functionality

• Manageability

• Plan for interoperability with the existing DNS

Planning a Domain and OU Structure

• Design an AD forest and domain structure

• Design a forest and schema structure

• Design a domain structure

• Analyze a optimize trust relationships

• Design and plan the structure of organizational units (OU)

• Considerations include:

• Administration control

• Existing resource domains

• Administrative policy

• Geographic and company structure

• Develop an OU delegation plan

• Plan Group Policy object management

• Plan policy management for client computers


• Access to all resources is managed through a single database

• Point of initial logon to using a printer is controlled by the AD directory

• All resources include identified permissions

• Network can be viewed as a single system rather than a series of connected resources

• Network based verses server or domain based management

• Active Directory as a Service

• The Active Directory service uses the Active Directory database to provide functionality

• Without the service the database could not be accessed


Active Directory in Windows 2000

Windows Server 2003 Active Directory

Get Better Grades Today

Join and get instant access to over 60,000+ Papers and Essays

Please enter your username and password
Forgot your password?