Scribd
Upload
234 views15 pages

01 Implementing Active Directory Domain Services 141119123917 Conversion Gate01 PDF

Uploaded by

jaishree jain
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
234 views15 pages

01 Implementing Active Directory Domain Services 141119123917 Conversion Gate01 PDF

Uploaded by

jaishree jain
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Active Directory Domain

Services (AD DS)


What are ADDS?
• Active Directory Domain Services (AD DS) provides the
functionality of an identity and access (IDA) solution for
enterprise networks.
• Store information about users, groups, computers, and
other identities.
• Authenticate an identity.
 The server will not grant the user access to the document
unless the server can verify the identity presented in the
access request as valid.
 Kerberos Authentication: a protocol called Kerberos is used to
authenticate identi-ties.

• Control access

• Provide an audit trail


Components of an Active Directory Infrastructure
 Active Directory data store

 Domain controllers

 Domain

 Forest

 Tree

 Functional level

 Organizational units

 Sites
Domain controllers (DC)

• DCs are servers that perform the AD DS role.

• The Kerberos Key Distribution Center (KDC) service, which


Performs authentication, and other Active Directory
services.
Forest

• A forest is a collection of one or more Active Directory


domains.
• The first domain installed in a forest is called the forest
root domain.
• The forest defines a security boundary.
Functional level
• The functional level is an AD DS setting that enables
advanced domain-wide or forest-wide AD DS features.
• Three domain functional levels:
 Windows 2000 native.
 Windows Server 2003
 Windows Server 2008.

• Two forest functional levels:


 Microsoft Window s Server 2003.
 Windows Server 2008.
Requirements for Installing AD DS

Server • A computer running Windows Server 2008


requirements to
install AD DS • Minimum disk space of 250 MB and a partition
formatted with NTFS file system

• TCP/IP must be configured, including DNS


client settings
Network
configuration • DNS Server that supports dynamic updates must
be available or will be configured on the domain
controller

• Local Administrator permissions to install the first


domain controller in a forest
Administrator • Domain Administrator permissions to install
permissions additional domain controllers in a domain
• Enterprise Administrator permissions to install
additional domains in a forest
AD DS Installation Process

1 Install the Active Directory Domain Services role


using the Server Manager

Run the Active Directory Domain Services


2 Installation Wizard

3 Choose the deployment configuration

4 Select the additional domain controller features

Select the location for the database, log files, and


5 SYSVOl folder

Configure the Directory Services Restore


6 Mode Administrator Password
Advanced Options for Installing AD DS

To access the advanced mode installation options,


choose the Advanced Mode option in the installation wizard or run
DCPromo /adv

Use the advanced mode options to:

• Create a new domain tree

• Use backup media as the source for AD DS information

• Select the source domain controller for the installation

• Modify the default domain NetBIOS name

• Define the Password Replication Policy for an RODC


Installing AD DS from Media

Use Ntdsutil.exe to create the installation media

Ntdsutil.exe can create the following types of installation media:

• Full (or writable) domain controller

• Full (or writable) domain controller without SYSVOL data

• Read-only domain controller without SYSVOL data

• Read-only domain controller


Installing AD DS on a Server Core Computer
• Installing Server Core
Configuring AD DS Domain
Controller Roles
• What Are Global Catalog Servers?

• Modifying the Global Catalog

• Demonstration: Configuring Global Catalog Servers

• What Are Operations Master Roles?

• Demonstration: Managing Operation Master Roles

• How Windows Time Service Works


What Are Global Catalog Servers?

Domain

Domain
Domain Domain

Domain Domain
Domain
Global Catalog
Query

Result

Global Catalog
Server
How Windows Time Service Works

Windows Time service (W32Time) PDC Emulator


provides network clock
synchronization for domain
controllers and client computers

In a Windows Server 2008 forest,


the PDC Emulator is used to
provide the authoritative time Domain controllers
for all other computers
Client
computers

Time synchronization is important because:

• Kerberos authentication includes a time stamp

• Replication between domain controllers is time stamped


steps

You might also like