Skip to main content

Active Directory Essentials

Active Directory is Microsoft's proprietary directory service protocol for Windows 2000, 2003 and 2008 servers. Active Directory provides a database which can be queried to find hosts, servers, services and resources within one or more administrative domains that are part of a forest. Windows Active Directory is an X.400-based directory service which stores information about 'objects' within a 'domain'. User accounts, computers, servers and services are all objects within Active Directory. These base objects can also be collected into 'containers'. Active Directory allows objects, such as computers and users, to be grouped into Organizational Units. Organizational Units are 'containers' within Active Directory and can have access controls and security polices allowing a single policy to be applied to a group of objects in an easy manner. Objects are part of Containers, and Containers are part of a Domain. Domains are part of an Active Directory hierarchy or 'tree'.
Users > Organizational Units > Domains > Trees
Active Directory system was designed to 'integrate' with LDAP and Internet DNS. Each Active Directory 'tree' for a computer network forms a domain. The domains can be set up to communicate with each other via Microsoft's patented 'trust' relationships. Thus, an Active Directory tree in one network can communicate on a 'trusted' (not) basis with an Active Directory 'tree' from another network to form a 'forest'..
[ As if Microsoft hadn't confused things enough already with 'domains'... --InetDaemon ]

Active Directory Domain Controllers

Only Active Directory Domain Controllers provide Active Directory services. Active directory information is stored in the DNS server zone files using a special SVR record and a special naming convention used for services running on a particular host. This convention uses underscores. Underscores used in a DNS domain name are illegal (not part of the DNS specification) but Microsoft uses them anyway in the service and domain portions of the fully qualified name of a computer.
Active Directory can be configured three ways:
  • OFF (Not running or integrated at all)
  • Mixed Mode (Backwards compatible with Windows NT domains, and very limited Active Directory functionality)
  • 'Native' Mode (Full Active Directory NO WINDOWS NT SERVERS PERMITTED!)
The first Windows domain created becomes the root of the first 'domain tree', and as the first tree, it becomes the 'parent' of all other domains/trees. The 'root domain' or 'parent tree' cannot be moved, deleted or changed. Therefore, in transitioning to Windows 2000, you must create the ROOT domain (parent DNS domain if that makes sense) first.
By default, when you configure a child domain to communicate with the parent, they default to a 'two-way transitive trust' relationship (Parent <-> Child1). This means that each domain fully trusts the other. When a third domain is added (Child2), it automatically trusts both domains (Parent and Child1), even though it is connected to only one of them (Child2<->Parent). Through the parent domain, Child2 has access to Child1. .
Forests are created when two root domains are configured to share a 'global catalog'.

Active Directory Essentials

The Active Directory database is stored in a single flat file named ntds.dit on Windows 2000 and Windows 2003 Active Directory servers. The file ntds.dit is a Microsoft Jet database file. The Extensible Storage Engine (ESE) is used to access and manage the contents of the ntds.dit file. The ntds.dit file is stored in the following folder:
%SystemRoot%\ntds
Note that %SystemRoot% is a Windows environment variable which contains the path to the Windows system root directory (usually C:\windows).

Active Directory Objects

Every object in the Active Directory database points to its one and only parent, therefore the total store of all objects in the database may be thought of as a hierarchy.
  • Forest
    • Domains (a tree of domains)
      • Security Principals
        • Users
        • Groups
        • Computers
          • Workstations
          • Servers
          • Domain Controllers
      • Containers
      • Organizational Units
    • Group Policy Objects
      • Rights / Permissions
      • WMI Filters
    • Sites
  • System Access Control Lists
  • Discretionary Access Control List

Active Directory Tools

Microsoft installs several tools for managing Active Directory when a Windows server is promoted to a domain controller during installation or after using the dcpromo MS-DOS command.
  1. Active Directory Users and Computers (dsa.msc)
  2. Active Directory Domains and Trusts (domain.msc)
  3. Active Directory Sites and Services (sites.msc)
  4. Active Directory Schema Snap-in (added as a 'snap-in' to a generic instance of the mmc)
  5. Group Policy Management Console (gpmc.msc)
NOTE: The Microsoft Management Console (MMC) is a generic window-control used for managing Windows services and controls. The MMC supports snap-ins allowing an administrator to pull together multiple controls into a single window.

Active Directory Users and Computers

This tool is used to manage the Directory Objects within the domain, to create, add and modify computers and users and to remove them from the domain.

Active Directory Domains and Trusts

The parent-child relationships, replication and level of trust between domains is managed with this tool.

Active Directory Sites and Services

This tool allows a Domain Administrator to create 'sites' and to force replication between sites.

Active Directory Schema

This tool is used to manage Active Directory database schema and base object types.

Group Policy Management console

From this console, a Windows Active Directory Administrator can link security policies to objects, organizational units, sites and domains within an Active Directory Forest.
Labels:

Comments

Post a Comment

Popular posts from this blog

How To Setup a USB Flash Drive to Install Windows 7

If you have an ISO image of Windows 7, using Microsoft’s free utility is a quick and easy option to get the image on your USB flash drive. It requires XP SP2 or higher and if you’re using an XP machine you’ll need .NET Framework 2.0, and Microsoft Image Mastering API V2…both of which can be downloaded from the link below. It seemed to work best if I formatted the flash drive as NTFS before using the download tool. But that could be because of the flash drive I used…your mileage may vary.   It’s a pretty straight forward process, first browse to the location of your Windows 7 ISO file and click Next. Select USB device…this also helps you burn the ISO to DVD as well if you need that option. Choose your flash drive and click Begin copying. Now just wait for the process to complete. The drive will be formatted and files copied to the flash drive. When the process is finished you will be able to see the files on the flash drive as you would if you opened the installat...
1 comment
Read more

Configuring the Linksys WRT54GS Router for wifi

Basic ADSL Router setup The full GUI can be accessed at http://ui.linksys.com/WRT54G/v1-v4/4.20.7/index.htm location  The router will work out of the box, but has none of the security functions enabled as standard. It should be connected by Cat5 or 5e ethernet cable between a modem and the computer network as its job is to manage traffic and protect the network with its built-in firewall. Configuring the WRT54GS is quite straightforward thanks to its user-friendly web interface. To access it enter; http://192.168.1.1 into your web browser. You will be prompted to enter a username and password. Enter admin for both, you will be changing this later. Router Name This image above is of the first web interface showing the basic configuration settings. Nothing needs to be changed here for most home user setups, but I suggest changing the Router Name to something meaningful and changing the Time Zone. If you have made any changes, click Save at t...
1 comment
Read more

Tiny 11 - A Lightweight Windows 11 that can run on 2GB RAM and requires less harddisk space.

  In terms of Windows 11, its   system requirements   are high since this system requires at least 4GB RAM, 64GB storage space, enabled TPM & Secure Boot, a high CPU (1 GHz or faster with 2 or more cores on a compatible 64-bit processor), etc. compared to any old Windows operating systems. If you have an old or lower-end PC, Windows 11 is not a good option to install since many issues like random crashes, blue screen errors, etc. could appear on the unsupported hardware. Overview of Tiny11 If you want to run Windows 11 on your old computer with low RAM and disk space, Tiny11 appears in public. It is a project from NTDev and Tiny11 is a Windows 11 tiny edition. This edition is based on Windows 11 Pro 22H2 and includes everything you need for a comfortable computing experience since this tool doesn’t have the bloat and clutter of a standard Windows installation. Tiny11 Requirements In terms of Tiny11 requirements, a scant 8GB of storage and just 2GB of RAM are requ...
Post a Comment
Read more