active directory harikrishnan v g 18 march 2009. presentation titlepage 2 agenda ► introduction...
TRANSCRIPT
Active Directory
Harikrishnan V G 18 March 2009
Presentation titlePage 2
Agenda
► Introduction – Active Directory► Directory Service► Benefits of Active Directory► Terminology and Logical representation► OU, Domains, Tree, Forest► EY – AD infrastructure► The Global Catalog
Presentation titlePage 3
Active Directory
► Active Directory is a hierarchically structured administrative environment that enables all aspects of a network environment to be administered at the local, country practice, or Global level.
► The Active Directory technology manages all user, computer, printer, groups, users, domains, security policies, and any type of user-defined objects
► Its global structure enables users to seamlessly logon onto their home server from anywhere within the EY.NET infrastructure.
Presentation titlePage 4
Directory Services
► Active Directory is the Microsoft Windows implementation of a directory service
► The term directory service refers to two things
1.Directory
2.Service► Directory is where information about users and resources
are stored. ► Service or services that let you access and manipulate
those resources
Presentation titlePage 5
Directory Services Common Features:
► Provide file shares► Authenticate users► Provide services, such as Email, Access to the
internet, Print services etc.► Control access to services and shares.
Presentation titlePage 6
Active Directory Terminology
► Site: A site is a physical location, or LAN. This is different from a web site, which is an organization’s internet presence.
► Domain: ► All resources under the control of a single computer
system.► A sub-network comprised of a group of clients and
servers under the control of one security database.► Dividing LANs into domains improves performance and
security.
Presentation titlePage 7
What benefits does Active Directory provide?
► Active Directory provides a number of benefits to the firm, especially when implemented at the Global level. These benefits include
► Enabling users to log onto the network, without needing any special modifications to be made to their machine, access accounts, etc., anywhere within the firms network infrastructure
► Enabling network services to be more centralized, enabling easier and more efficient management, etc.
Presentation titlePage 8
Benefits of Active Directory (cotd.)
► The main purpose of Active Directory is to provide central authentication services for Windows based computers.
► Active Directory also allows administrators to assign policies, deploy software, and apply critical updates to an entire organization.
► Active Directory stores information and settings relating to an organization in a central, organized, accessible database.
Presentation titlePage 9
Logical representation of Active Directory
► Organizational Unit► Domain► Tree► Forest
Presentation titlePage 10
What are Organizational Units?
► Organizational Units are logical containers that can be defined within the Active Directory infrastructure.
► As a result it is possible to create as many containers as is required. In addition it is possible to create logical units within logical units.
► Thus enabling a hierarchical structure to be created that mirrors the organizational structure of the country practice.
Presentation titlePage 11
Presentation titlePage 12
Domains
► Active Directory uses domains and forests to represent the logical structure of the directory hierarchy
► Domains are used to manage the various populations of users, computers, and network resources in your enterprise
Presentation titlePage 13
Presentation titlePage 14
Trees
► A tree represents a contiguous name space in Active Directory and consist of a hierarchy of domains
Presentation titlePage 15
Active Directory Trees
EY.NET
NA.EY.NET
US.NA.EY.NET
Presentation titlePage 16
Presentation titlePage 17
Forest
► A forest is the set of all domains in an organization's network
► It consists of one or more trees, combined with two way transitive trusts.
Presentation titlePage 18
Active Directory Forest
Microsoft. COM
IN.Microsoft.COM
EY.COM
US.EY.COM
Presentation titlePage 19
Logical Structure of Active Directory
DomainDomain
Domain
Domain
Domain
DomainOU
OU OU
Domain TreeDomain Tree
DomainDomain
ForestForest
Organizational UnitOrganizational Unit
ObjectsObjects
Presentation titlePage 20
EY AD Infrastructure
Presentation titlePage 21
Active Directory Tier architecture
Presentation titlePage 22
EY AD Infrastructure
EY.NET
NA.EY.NET SA.EY.NET MEA.EY.NET EURW.EY.NET
ME
AE BH EG SY
EY ACTIVE DIRECTORY INFRASTRUCTURE
Presentation titlePage 23
How does one get Authenticated in AD
► Each domain controller has information for the entire forest to support authentication and access control.
► This provides the ability for local domain controllers (the “tree”) to provide a quick local lookup of authority.
Presentation titlePage 24
The concept of Global Catalog
► The global catalog is the mechanism that tracks all of the objects managed across the network, across all domains within the organization.
► Elements of the catalog are replicated across all of the domain controllers within all domains across the organization.
Presentation titlePage 25
Time Saving
Before
► PCs that were still running Windows NT Workstation or Windows 98, it would take as much as 40 hours of effort to manually visit each desktop and install the patch.
After► Desktops that are running Windows XP Professional, A
group policy can be created that will push a new security patch out to all of them in less than 30 minutes.
Presentation titlePage 26
User Account
Local user accounts (stored on local computer)Local user accounts (stored on local computer)
Domain user accounts (stored in Active Directory)Domain user accounts (stored in Active Directory)
Windows Server 2003 Domain
Presentation titlePage 27
Groups
Groups simplify administration by enabling you to assign permissions for resources
GroupGroup
Presentation titlePage 28
Demonstration: Creating Active Directory Objects
How to create:► Organizational Units► User Accounts ► Groups
Basic Commands:►Replmon►Repadmin /showrep►Dcdiag►Dcpromo
Presentation titlePage 29
Queries
Thank You