Active Directory and DNS - PowerPoint PPT Presentation

About This Presentation
Title:

Active Directory and DNS

Description:

Forward Lookup Zone. This contains host name to IP address resolution. Reverse Lookup Zone. This contains IP address to host name resolution. DNS Servers ... – PowerPoint PPT presentation

Number of Views:2870
Avg rating:3.0/5.0
Slides: 19
Provided by: danti
Category:

less

Transcript and Presenter's Notes

Title: Active Directory and DNS


1
Active Directory and DNS
  • Lecture 2
  • Hassan Shuja
  • 09/14/2004

2
Active Directory (AD)
  • Active Directory Definitions/Features
  • Active Directory has two parts
  • A database with information about users and
    resources
  • A service that manages the database and enables
    users of computers on the network to access the
    database
  • Active Directory Features/Advantages
  • Security - Logon process and controlling access
    to objects
  • Administration Hierarchical structure
  • Search capabilities Search AD for an object
  • Scalable Allows multiple domains, fits for any
    size network
  • Flexibility Grows with your company, allows for
    additions

3
Active Directory
  • Structure
  • Objects and Classes
  • An object is the smallest component that you can
    have in AD
  • A class is a template of all attributes of an
    object when it is created
  • Schema
  • Schema governs the structure of the directory
  • Allows administrators to modify and add new
    object classes, objects and attributes as needed,
    making the schema extensible
  • Active Directory Schema is the name of the
    snap-in in MMC and can only be changed by Schema
    Admins
  • Global Catalog
  • A master searchable index that contains
    information about every object in a forest
  • Created by default on first DC in a domain
  • Contains a full copy of all objects in its own
    domain and a partial replica of all objects in
    all other domains in the forest
  • Serves as a central point for user authentication

4
Active Directory
  • AD Organization
  • Smallest component in AD is an object
  • Objects have attributes and are defined by
    classes
  • Objects have permissions ACL that contains
    information about who has access to it and what
    they can do with it
  • Controlling access to object is different than
    having access to the objects resources
  • Organizational Units (Container objects)
  • Substructure of domains and are arranged
    hierarchically
  • Used to organize related objects in AD, can also
    contain other OUs
  • Helps simplify administration

5
Active Directory
  • Object IDs
  • Globally Unique Identifier (GUID) A 32 hex
    number assigned to an object at the time of
    creation and object is stored with it. This
    ensures uniqueness and avoids duplication
  • Security ID (SID) A unique security ID created
    by the Security subsystem that is assigned to
    user, groups, and computers to grant or deny an
    object access to other objects

6
Domain Controller (DC)
  • DC Setup
  • All Domain Controllers are equal
  • A change on one DC will be replicated to all
    other DCs
  • Five Scenarios where a DC can have an additional
    role
  • Relative ID Master
  • Schema Master
  • Infrastructure Master
  • Domain Naming Master
  • PDC Emulator

7
Domains
  • AD Organization
  • Tree
  • Grouping of one or more domains that must have a
    single root domain
  • Parent child child relationships
  • Defined by a common and contiguous name space
  • A hierarchy of domains sharing a common schema,
    security trust relationship, and a Global Catalog

8
Domains
  • AD Organization
  • Forest
  • A group of one or more Domain Trees linked
    together by a trust
  • Two different root domains
  • All Trees share a common schema and global
    catalog
  • Do not have contiguous DNS domain names

9
Trusts
  • NT Domains
  • Each domain had its own accounts
  • Need accounts in every domain that you need
    resources or need administrator to setup a trust
    between domains
  • Trust were setup explicitly as one-way or two-way
    trusts
  • These trusts are intransitive

10
Trusts
  • Trusts
  • A logical connection that allows users from one
    domain to access resources in another domain
  • Can be one way or two ways
  • Trusting domain and Trusted domain

11
Trusts
  • Intransitive Trusts
  • Domain C trusts Domain B and Domain B trusts
    Domain A
  • (B has access to resources in C and A has access
    to resources in B)
  • Domain C does not trust Domain A
  • Intransitive trusts are possible in Windows NT

12
Trusts
  • Transitive Trusts
  • A trust between two domains in the same
    Tree/Forest that can extend beyond two domains to
    other trusted domains within the same Tree/Forest
  • Always a 2 way trust
  • By default all Windows 2000 trusts within
    Tree/Forest are transitive
  • Domain A and C trust each other

13
Trusts
  • Explicit Trusts
  • A trust that is setup by an administrator
  • Connect domains directly to shorten the path
    between them
  • It can be either transitive or intransitive
  • Used to manage trusts between Windows 2000 and NT
    domains

14
Domain Name System (DNS)
  • DNS
  • DNS Structure
  • Based on a hierarchical naming structure
    (inverted tree)
  • A single root domain, underneath there are
    second-level domains
  • Every computer in a DNS domain is uniquely
    identified by a Fully Qualified Domain Name
    (FQDN)
  • Dynamic DNS is supported in W2K

15
Domain Name System
  • Zone Files and DNS Servers
  • Forward Lookup Zone
  • This contains host name to IP address resolution
  • Reverse Lookup Zone
  • This contains IP address to host name resolution
  • DNS Servers
  • Primary Maintains the master copy of the zone
    files
  • Secondary Keeps a back-up copy of the zone
    files
  • AD-integrated DNS entries kept in AD data store
    instead of zone files
  • Scavenge Files
  • Finds and deletes records in a zone if they have
    been stale for a certain amount of time

16
Active Directory Domain Name System
  • AD DNS
  • Active Directory and DNS use the same
    hierarchical structure
  • Typically use the same FQDN
  • DNS records can be stored in Active Directory
  • Clients use DNS to locate Domain Controllers on
    the network

17
Domain Name System
  • Name Space
  • Active Directory is based on the concept of
    namespace, that is a name is used to resolve the
    location of an object
  • Active Directory names correspond to DNS domain
    names
  • Each name gives the location of the object in
    Active Directory

18
Domain Name System
  • Name Convention
  • Relative Distinguished Name (RDN) A name that
    is assigned to the object by the administrator
    when it is created, a unique name
  • Example hshuja1
  • Distinguished Name (DN) Defines the RDN and
    also location within Active Directory, such as OU
    that user belongs to
  • Example hshuja1_at_research.umbc.edu
  • User Principal Name (UPN) A more easier
    naming convention. Combines RDN with domain
    name, no OU is referenced
  • Example hshuja1_at_umbc.edu
Write a Comment
User Comments (0)
About PowerShow.com