Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Features in AD DS

    Enviado por

    Rdsharukh Daroor
    18 visualizações9 páginas
    active directory

    Título original

    ADDS

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    active directory

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    18 visualizações9 páginas

    Features in AD DS

    Enviado por

    Rdsharukh Daroor
    active directory

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 9

    1.

    a: describe the features of ADDS:


    ANS:
    Features in AD DS

    1.Security is integrated with AD DS through logon authentication and access control to


    2. resources in the directory. With a single network logon, administrators can manage
    3.directory data and organization throughout their network
    4.Authorized network users can also use a single network logon to access resources anywhere in the network
    5.Policy-based administration eases the management of even the most complex network.

    Additional AD DS features include the following:


    A set of rules, the schema, that defines the classes of objects and attributes that are

    contained in the directory, the constraints and limits on instances of these objects, and the
    format of their names.
    A global catalog that contains information about every object in the directory. Users and
    administrators can use the global catalog to find directory information, regardless of which
    domain in the directory actually contains the data.
    A query and index mechanism, so that objects and their properties can be published and
    found by network users or applications.
    A replication service that distributes directory data across a network. All writable domain
    controllers in a domain participate in replication and contain a complete copy of all
    directory information for their domain. Any change to directory data is replicated to all

    domain controllers in the domain.


    Operations master roles (also known as flexible single master operations or FSMO). Domain
    controllers that hold operations master roles are designated to perform specific tasks to
    ensure consistency and eliminate conflicting entries in the directory.

    1.b: explain active directory attributes and objects with diagram


    ANS:

    Active Directory Objects


    Active Directory objects represent the physical entities that make up a network. An object
    is an instance of storage of a class.
    A class is defined in the Active Directory schema as a specific set of mandatory and

    optional attributes that is, an attribute can be present in an object in Active Directory
    only when that attribute is permitted by the object's class.
    Classes also contain rules that determine which classes of objects can be superior to
    (parents of) a particular object of the class. Each attribute is also defined in the directory
    schema. The attribute definitions determine the syntax for the values the attribute can
    have.
    When you create an object in Active Directory, you provide values for the attributes of the
    object in its particular class, and you do so according to the rules of the directory schema

    Applications that create or modify objects in Active Directory use the directory schema to determine what
    attributes the object must and might have, and what those attributes can look like in terms of data
    structures and syntax constraints. For this reason, the directory schema is maintained forest-wide so that
    all objects created in the directory conform to the same rules.

    Objects are either container objects or leaf objects. A container object stores other objects, and, as such, it
    occupies a specific level in a subtree hierarchy. An object class is a container if at least one other class
    specifies it as a possible superior; thus, any object class defined in the schema can become a container. A
    leaf object does not store other objects, and, as such, it occupies the endpoint of a subtree.

    Global Catalog Attributes


    In its role as a domain controller, a Global Catalog server stores one domain directory
    partition that has writable objects with a full complement of writable attributes. The
    objects in all other domain directory partitions in the forest are stored on a Global
    Catalog server as read-only objects with a partial set of attributes. An attribute is
    marked as being replicated to the Global Catalog as part of its schema definition. In the
    Active Directory Schema console in MMC, you can use the Replicate this attribute to
    the Global Catalog check box to designate an attributeSchema object as a member of
    the attribute set that is replicated to the Global Catalog servers. If this check box is
    selected, the value in the attribute isMemberOfPartialAttributeSet on the
    attributeSchema object is set to TRUE, and the attribute is replicated to the Global
    Catalog as part of normal Active Directory replication. The replication topology for the
    Global Catalog is generated automatically by the Knowledge Consistency Checker (also
    known as the "KCC"), a built-in process that implements a replication topology that is
    guaranteed to deliver the contents of every directory partition to every Global Catalog
    server. The attributes replicated into the Global Catalog include a base set defined by
    Microsoft. Administrators can use the Active Directory Schema console to specify
    additional attributes to meet the needs of their installation.

    2.a: define the following


    1.global catalog:
    The first domain controller in a forest is automatically designated as a Global Catalog. Thereafter, a domain
    controller can be designated as a Global Catalog in the NTDS Settings Properties dialog box in Active Directory Sites and
    Services. The NTDS Settings object is a child of the server object, which is a child of the site object in the Sites container.
    When you select the Global Catalog Server check box, the domain controller is added to the Global Catalog replication
    topology and populated by means of the normal replication process. When you change an attribute that is flagged as
    belonging in the Global Catalog in any domain, it is replicated to all Global Catalog servers.
    2.directory:
    A directory, in the most generic sense, is a comprehensive listing of objects.
    What is a Directory Service?
    The directory service is a database with multiple data partitions, as well as the processes to maintain, manage, and
    secure the database
    Essentially a Network Directory Service :
    Provides information about the user objects, computers and services in the network.
    Stores this information in a secure database and provides tools to manage and search the directory.
    Allows to manage the user accounts and resources, apply policies consistently as needed by an organization.

    3.Microsoft directory services:


    Active Directory is Microsofts implementation of a Directory Service.

    Active Directory

    Domain Services (AD DS) defines the data structure and services that provide organization,

    management, and security of accounts and resources in a Microsoft network.


    AD DS is similar to a phone book in several ways, and it is far more flexible.
    AD DS will store information about organizations, sites, computers, users, shares, and just about any

    other network object that you can imagine.


    Not all objects are as similar to each other as those stored in the phone book, so AD DS includes the
    ability to record different types of information about different objects.

    Domain controllers host and replicate the directory service database inside the forest
    The directory service also provides services for managing and authenticating resources in the forest.

    2.b
    Active Directory Structure and Storage Technologies

    Administrators use Active Directory to store and organize objects on a network (such as users, computers, devices,
    and so on) into a secure hierarchical containment structure that is known as the logical structure. Although the
    logical structure of Active Directory is a hierarchical organization of all users, computers, and other physical
    resources, the forest and domain form the basis of the logical structure.

    Forests, which are the security boundaries of the logical structure, can be structured to provide data and service
    autonomy and isolation in an organization in ways that can both reflect site and group identities and remove
    dependencies on the physical topology.

    Domains can be structured in a forest to provide data and service autonomy (but not isolation) and to optimize
    replication with a given region. This separation of logical and physical structures improves manageability and
    reduces administrative costs because the logical structure is not affected by changes in the physical structure.

    The logical structure also makes it possible to control access to data. This means that you can use the logical

    structure to compartmentalize data so that you can control access to it by controlling access to the various
    compartments.

    Active Directory Structure and Storage Architecture

    Você também pode gostar