Active Directory

Fundamentals
What we will cover:
 Domains, Trees, Forests
 Domain Controllers, Sites
 The Domain Naming Service (DNS)
 Replication
 Operations Masters
 Lots of demos….
Prerequisite Knowledge
 Understanding of what a directory service
is

Level 200+
Agenda
 Active Directory Logical Concepts
 Active Directory Physical Concepts
 DNS
 Replication
 Operations Masters
Active Directory Logical
Concepts
Domains
 Boundary of Security
 Authentication
 Security Policies
 Boundary of Replication
 Domain NC Replication
 Boundary of DNS Namespace
 Boundary of Administration KAPOHO.NET
Active Directory Logical Concepts
Trees
 Hierarchy of Domains forming a
contiguous namespace
 Transitive Trust Relationships
 All Domains in a Tree share:
 Schema
KAPOHO.NET
 Configuration
 Global Catalog

HAWAII.KAPOHO.NET EUROPE.KAPOHO.NET

MAUI.HAWAII.KAPOHO.NET
Active Directory Logical Concepts

Forests
 Hierarchy of Domains forming a
contiguous or disjoint namespace
 Transitive Trust Relationships
 All Domains in a Forest share:
 Schema
 Configuration
 Global Catalog
PSP.CO.UK KAPOHO.NET

HAWAII.KAPOHO.NET
Active Directory Logical Concepts
Organizational Units
 Containers within Domains
 Distinct Units of Administration
 Unique to Domains
Agenda
 Active Directory Logical Concepts
 Active Directory Physical Concepts
 DNS
 Replication
 Operations Masters
Active Directory Physical
Concepts
Domain Controllers
Primary Domain Controller (PDC) Domain Controllers (DCs)

Backup Domain Controllers (BDCs)

Active Directory Physical
Concepts
Sites
 What is a Site?
 A set of well-connected IP subnets
 Site Usage
 Locating Services (e.g. Logon, DFS)
 Replication
 Group Policy Application
 Sites are connected with Site Links
 Connects two or more sites
Active Directory Physical
Concepts DC = Domain Controller
Site Topology GC = Global Catalog

DC
GC
Site A
Company.com Site C

DC DC

Site B GC DC

america.company.com europe.company.com
Active Directory Physical
Concepts
Global Catalog
 Partial Replica of all Objects
in the Forest
 Configurable subset of Attributes
 Fast Forest-wide searches
 Required at Logon for Universal
Group Membership
Agenda
 Active Directory Logical Concepts
 Active Directory Physical Concepts
 DNS
 Replication
 Operations Masters
DNS
DNS Requirements
 SRV Records to locate services (req’d)
 DDNS for Dynamic Update (desired)
 Windows 2000 and up, DNS also
provides:
 Incremental Zone Transfers
 Integration with Active Directory
 Single replication topology
 Multi-master replication
 Secure Dynamic updates
DNS
DNS Implementations
 No existing DNS infrastructure
 Deploy Microsoft DNS
 Check existing DNS meets
requirements
 Existing DNS not adequate:
 Choice 1: Update Server
 Choice 2: Migrate to Microsoft DNS
 Choice 3: Delegate a subdomain to
Microsoft DNS
Agenda
 Active Directory Logical Concepts
 Active Directory Physical Concepts
 DNS
 Replication
 Operations Masters
Replication
Replication Details
 Naming Contexts (NCs)that are
replicated
 Schema Naming Context
 Configuration Naming Context
 Domain Naming Context
 Multi-master Replication
 Intra-site Bi-directional Ring
Topology
 Inter-site Spanning Tree Topology
 Synchronous RPC over TCP/IP
 Asynchronous SMTP
Replication
Naming Contexts
 Schema
 Definitions of object classes and
attributes
 Replicated to all DCs in the forest
 Configuration
 AD Structure (domains, sites, and
where the DCs are)
 Replicated to all DCs in the forest
 Domain
 Domain specific objects (users,
groups, computers, and OUs)
Replication
Replication Topologies
 Intra-site Replication: AD replication
between DCs within a Site
 Inter-site Replication: AD replication
between Sites
Replication
Intra-site Replication
 RPC replication within a Site
 No compression
 Assumes good network connections
 Uses notification process
 5 minutes -2k
 Less – 2k3
 KCC generates a bi-directional Ring
with extra edges
Tip: Always let KCC generate the intra-site
replication topology when possible
Replication
Inter-Site Replication
 Replication between Sites
 DS-RPC (RPC over IP) or
SMTP Transports
 SMTP can be used only between
 GCs across Sites
 DCs of different domains and in
different sites
 Compression
 10%-20% of original size
 Scheduled
Replication
Site-links, Bridges and
Bridgehead Servers
 Site-links link two or more sites
 Costs and schedules can be specified
 Transitive (can be disabled)
 Site-link Bridges
 Bridge two or more site-links
 Bridgehead servers
 KCC generates a minimum cost
spanning tree
Tip: Always let KCC generate the replication topology
Agenda
 Active Directory Logical Concepts
 Active Directory Physical Concepts
 DNS
 Replication
 Operations Masters
Operations Masters
Schema and Domain
 Schema
 Performs updates to schema
 Sends updates to all DCs
 One per forest
 Default is the first DC installed
 Domain
 Performs add/remove of domains and
cross-references to external DS
 One per forest
 Default is the first DC installed
Operations Masters
PDC, RID and Infrastructure
 Primary Domain Controller (PDC)
 Acts as a PDC for requests from NT clients
 One per domain
 Relative Identifier (RID)
 Generates pools of security identifiers to be
distributed to DCs in the domain
 One per domain
 Infrastructure
 Updates SIDs on objects across domains
 One per domain
 Not required in a single-domain forest
Summary
 There are Logical and Physical concepts
in Active Directory
 DNS
 Plenty of Information
For More Information…
 Main TechNet Web site at
www.microsoft.com/technet
 Additional resources to support this Session page
can be found at

www.microsoft.com/technet/tnt1-98
MS Press
Inside information for IT Professionals

To find the latest IT Professional related titles visit

www.microsoft.com/learning/it/books
Third Party Publications
Supplementary Publications for IT Pros

These books can be found and purchased at all good book

stores and on-line retailers
Microsoft Learning
Training Resources for IT Professionals
 Planning,
Implementing, and Maintaining a Microsoft
Windows Server 2003 Active Directory Infrastructure
 Course Number: 2279
 Availability: Now
 Detailed Syllabus: www.microsoft.com/learning

To locate a training provider, please access

www.microsoft.com/learning
Microsoft Certified Technical Education Centers
are Microsoft’s premier partners for training services
Assess your Readiness
Microsoft Skills Assessment
What is Microsoft Skills Assessment?
 Self-study learning tool to evaluate readiness for product and
technology solutions, instead of job-roles (certification)
 Windows Server 2003, Exchange Server 2003, Windows Storage
Server 2003, Visual Studio .NET, Office 2003
 Free, online, unproctored, and available to anyone
 Answers, “Am I ready?”
 Determines skills gaps, provides learning plans with Microsoft
Official Curriculum courses, plus more Microsoft learning
content suggestions such as TechNet resources
 Post your High Score to see how you stack up

visit http://www.microsoft.com/assessment
Become a Microsoft Certified
Systems Administrator
(MCSA)
 What is the MCSA certification?
For IT professionals who manage and maintain
 For IT professionals who manage and maintain
networks and systems based on the Microsoft
Windows Server operating system
 How do I become an MCSA on Microsoft
Windows 2003?
 Pass 3 core exams
 Pass 1 elective exam or 2 CompTIA certifications
 Where do I get more information?
 For more information about certification
requirements, exams, and training,
visit www.microsoft.com/mcsa
Become A Microsoft Certified
Systems Engineer (MCSE)
 What is the MCSE certification?
 Premier certification for IT professionals who analyze the
business requirements and design, plan, and implement the
infrastructure for business solutions based on the Microsoft
Windows Server System integrated server software.
 How do I become an MCSE on Microsoft Windows 2003?
 Pass 6 core exams
 Pass 1 elective exams from a comprehensive list
 Where do I get more information?
 For more information about certification requirements,
exams, and training options,
visit www.microsoft.com/mcse
Demonstrate Your Security or
Messaging Specialization
 What are MCSA/MCSE specializations?
 MCSA and MCSE specializations allow IT professionals to
highlight specific expertise or technical focus within their job
role.
 What specializations are available?
 MCSA: Security  MCSA: Messaging
 MCSE: Security  MCSE: Messaging
 Where do I get more information?
 For more information about MCSA and MCSE specialization
requirements, exams, and training options, visit
www.microsoft.com/mcsa or www.microsoft.com/mcse
What is TechNet?
 Put the right answers at your fingertips
 TechNet is the comprehensive collection of resources to help IT
implementers plan, deploy, and manage Microsoft products
successfully

 Monthly updates delivered on DVD or CD

TechNet  The definitive resource to help you evaluate, deploy and maintain Microsoft
Subscription
products

 Accessible at www.microsoft.com/technet
TechNet Web Site  Online resources and community
 Subscriber-only Online Services

 Bi-weekly e-newsletter
TechNet Flash  Security updates, new resources, and special offers

TechNet Events  Briefings on the latest Microsoft products and technologies

and Web Casts  Hands-on, “how to” information

 User Groups
TechNet Communities  Managed Newsgroups
Where Can I Get TechNet?
 Visit TechNet Online at
www.microsoft.com/technet
 Register for the TechNet Flash
www.microsoft.com/technet/subscriptions/flash.asp
 Join the TechNet Online forum at
www.microsoft.com/technet/itcommunity
 Become a TechNet Subscriber at
www.microsoft.com/technet/buynow/subscribe
 Attend More TechNet Events or view on-line
www.microsoft.com/technet/tcevents/itevents