Active Directory

ACTIVE DIRECTORY OBJECTS: AN OVERVIEW The Active Directory is a database of all resources in a network. And just as all databases are made up of records, the Active Directory is also made up of records which are called Objects. An Object represents a specific networkresource. There are four different types of resources - they are indicated in the diagram given below, for your convenience:

Some of the most frequently used Active Directory objects are as given below:       

Domain - This is the Root Object, which contains all other objects in th domain. Organizational Unit - A container object that is used to create logical groupings of Computer objetcs, User objects and Group objects. User - This represents a network User and is used for identification and authentication data. Computer - Represents a Computer on the network and provides the machine account for the computer to logon to the domain. Group - This is a Container Object which represents a logical grouping of Users, Computers and/or other groups.Groups can contain objects from different OUs and domains. (This grouping is generally independent of the Active Directory tree structure. Shared Folders - These provides AD based network access to a shared folder on a Windows computer. Printers - Provide AD based network access to a shared printer on a Windows computer.

Every AD (Active Directory) object consists of Attributes. Attributes are just pieces of information about that object. Example: A User Object has attributes like the User's Account name, Password, Address, Phone number etc. Another example would be a Group Object - which may have attributes like the list of users who are members of that group etc. Attributes with administrative functions are ACLs (Access Control Lists) which specify who has permissions to access each object. The AD component which specifies what types of objects can be created by Administrators and what kind of attribute each object has is called the Schema. Active Directory Schema is extensible. An AD object which allows other objects to exist beneath it is called a Container Object. Eg.Domains, OUs etc.

An AD object that cannot contain another object is known as a Leaf Object. Eg. User objects, Computer objects etc.

Top

ACTIVE DIRECTORY STRUCTURE: Active Directory is used to store and organize objects in a network, such as Users, Computers, Devices and other objects in a secure and hierarchical structure, which is known as the Logical Structure. Forests and Domains form the basis of the Logical Structure. Forests are the security boundaries of the logical structure. They can be structured to provide data and service autonomy and isolation in an organization in ways that can both reflect the site and group identities and remove dependencies on the physical topology. Domains can be structured in a Forest to provide data and service autonomy. This does not provide Isolation, though. This separation of logical and physical structures improves manageability and reduces administrative costs - because the logical structure does not get affected by changes in physical structure. This means the logical structure can be used to compartmentalize data so that you can control access to it by controlling access to the various compartments. The Active Directory Structure and Storage Architecture has four parts. They are as follows: 1. Active Directory Forests, Domains and Organizational Units (OUs): In Active Directory, Forests, Domains and Organizational Units(OUs) form the very basis of theLogical structure. Forests form the Security boundary, whereas Domains provide a way to partition the Forest. OUs allow grouping of objects, such as Users, Computers etc in the domain, so that they can be managed as one unit and also to allow application of group policies. 2. Domain Name System(DNS) support for Active Directory: Active Directory uses DNS as a mechanism to locate the Domain Controllers and Domain Controllers also use DNS to locate each other. When any major operation is performed in Active Directory, like Authentication, Searching or Updating the computers use DNS to locatethe Domain controllers. For example, when a network user with an Active Directory user account logs on to an Active Directory domain, the user's computer uses DNS to locate a domain controller for the Active Directory domain to which the user wants to log on. In order to logon to a network that consists of an Active Directory, a client workstation on the network should first be able to locate the nearest Domain Controller on the network. This is necessary for the

initial authentication of the workstation/client as well as the user and also for the subsequent access to other resources that the user might need. Tag Cloud 

Active Directory



Windows server 2003



Organizational



Computer Supports



Post free classified ads

3. Active Directory Schema: The Active Directory schema contains definitions of all the objects that are used to store information in it. All objects in the Schema are classified as classSchema objects and attributeSchema objects. There is one Schema per forest. A copy of the schema is stored in every domain controller in the foreset so that all the Domaincontrollers have the definitions they need and also so that all the domain controllers in the forest use the same definitions. 4. Active Directory Data Store: The Active Directory Data store manages the storage and retrieval of data on each domain controller. This is made up of several components, which collectively provide directory services to the clients on the network. The AD Data Store consists of Four Interfaces & Three Service Components (as shown in the figure below) and theActive Directory Database itself. The data store consists of three layers of components. The first layer provides the interfacesthat clients need to access the directory. The second layer provides the services that perform the operations that are associated with reading data from and writing data to the directory database. The third layer is the database itself, which exists as a single file on the hard disk of each domain controller. Interfaces and Services of Active Directory Data Store:

HOW TO CONFIGURE AN ACTIVE DIRECTORY DOMAIN CONTROLLER?: Basic Requirements:   

Server Operating System (Windows Server 2003) Disk At least 1 Static IP Address Network - at least 1 Client

Remember, A Domain Controller is nothing but a Windows Server 2003 Computer which has Active Directoryinstalled in it. Click Start - Run - Type DCPROMO in the RUN Dialogue Box - and Select the Option: Domain Controller for a New Domain Leave the Default option (Domain in a New Forest) selected and click on Next. (You will now see the New Domain Name Page) In the Full DNS Name for New Domain box, type the Domain Name, like for example, technation.in and click Next(You should now be able to see the NetBIOS Domain Name Page.) In the Domain NetBIOS Name Box, type in the NetBIOS Name, example: technation. Then click Next again. In the Database and Log Folders page, click Next

Click Next in the Shared System Volume page (The DNS Servers specified in the computer's TCP/IP configuration will be verified now) Select the option "Install and Configure the DNS Server on this Computer" and continue Accept the default permissions option and click Next Type an appropriate Restore Mode password, confirm it again and click on Next to Continue Review the Options you have chosen and click Next to continue Active Directory and DNS Services will now be installed in the computer. Once the installation is done, the computer will restart - this time as a Domain Controller. You can now login as the Administrator. TO CONFIGURE AN ADDITIONAL DOMAIN CONTROLLER?:

1. 2.

First make a Client (Add a Client to the Domain) Go to Run - and type DCPROMO in the dialogue box - and select Additional Domain Controller for Existing Domain and Continue. (You will need your Administrator credentials to complete this.)

HOW TO MAKE A CLIENT (HOW TO ADD A CLIENT COMPUTER TO A DOMAIN?) : Follow this sequence: Right Click on My Computer and Select Properties - Select the Computer Name Tab - Click the Change Button next to "To rename this computer or Join a Domain..." - Provide the NetBIOS Name(Eg. TechNation) - Select More - Provide the Full Domain Name, eg. TechNation.in - Click OK - Type the Admin Username and Password when prompted to do so...your computer will now restart.