1
Chapter 1
REVIEWING
MICROSOFT ACTIVE
DIRECTORY
CONCEPTS
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
OVERVIEW
 Describe the function of directory services on a
Microsoft Windows Server 2003 network.
 Differentiate between the physical and logical
components of the Active Directory directory
service.
 Understand the elements involved in planning an
Active Directory implementation.
 Determine the appropriate placement of global
catalog servers.
 Determine where universal group membership
caching should be implemented.
2
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
3
UNDERSTANDING THE ROLE OF DIRECTORY
SERVICES
 Forms core of network
 Stores information about computers,
applications, services, and users
 Builds upon the version of Active Directory
in Windows 2000 Server, but the two cannot
coexist
in the same forest
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
UNDERSTANDING THE LOGICAL COMPONENTS
OF ACTIVE DIRECTORY
 Domains
 Trees
 Forests
 Organizational units
4
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
DOMAINS
 Primary mechanism of grouping users,
computers, and services together
 Provide an administrative boundary within
Active Directory
 Can comprise one or more physical
locations
5
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
TREES
6
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
FORESTS
7
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
ORGANIZATIONAL UNITS
8
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
9
DOMAIN AND FOREST FUNCTIONAL LEVELS
 Provide a way to enable certain features of
Active Directory on a per-domain or forestwide basis
 Can be raised, provided all domain
controllers in the domain or forest support
the higher level
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
DOMAIN FUNCTIONAL LEVELS
 Windows 2000 Mixed (default)
 Windows 2000 Native
 Windows Server 2003 Interim
 Windows Server 2003
10
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
FOREST FUNCTIONAL LEVELS
 Windows 2000 (default)
 Windows Server 2003 Interim
 Windows Server 2003
11
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
UNDERSTANDING THE PHYSICAL
COMPONENTS OF ACTIVE DIRECTORY
 Sites
 Domain controllers
12
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
SITES
 Collections of one or more well-connected
IP subnets
 Allow authentication and replication traffic
to be managed
13
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
14
DOMAIN CONTROLLERS
 Physical storage locations for Active
Directory databases
 Can be any systems running Windows 2000
Server or Window Server 2003
 Use multimaster replication
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
INSTALLING ACTIVE DIRECTORY
 Using the Active Directory Installation
Wizard
 Using an answer file to perform an
unattended installation
 Using the network or backup media
 Using the Configure Your Server Wizard
15
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
INSTALLING ACTIVE DIRECTORY BY USING
THE ACTIVE DIRECTORY INSTALLATION
WIZARD
16
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
17
INSTALLING ACTIVE DIRECTORY BY USING AN
ANSWER FILE
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
18
INSTALLING ACTIVE DIRECTORY BY USING
THE NETWORK OR BACKUP MEDIA
 Allows a member server to become a
domain controller by the restore of Active
Directory data
 Useful in scenarios in which large amounts
of replication traffic cannot be
accommodated
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
INSTALLING ACTIVE DIRECTORY BY USING
THE CONFIGURE YOUR SERVER WIZARD
19
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
20
DEPLOYING GLOBAL CATALOG SERVERS
 The global catalog stores information about
all Active Directory objects from all domains
in
a single forest.
 Windows Server 2003 creates one global
catalog server automatically when Active
Directory is installed.
 At least one additional global catalog server
should be configured for fault tolerance.
 Placement of global catalog servers requires
careful planning.
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
CONFIGURING GLOBAL CATALOG SERVERS
21
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
UNDERSTANDING UNIVERSAL GROUP
MEMBERSHIP CACHING
 Helps to reduce the number of universal
group membership queries that must be
forwarded across a WAN link
 Provides flexibility for the placement of
global catalog servers
 Implemented on a site-by-site basis
22
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
IMPLEMENTING UNIVERSAL GROUP
MEMBERSHIP CACHING
 Disabled by default
 Once enabled, applies to the entire site
 Configured by using Active Directory Sites
and Services
23
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
24
SUMMARY
 Logical components of Active Directory include




domains, trees, forests, and organizational units.
A domain is a security and administrative
boundary. Users on a Windows Server 2003
network authenticate at the domain level.
A tree is a group of one or more domains that
share transitive trust relationships.
A forest is a group of one or more trees that share
a single root domain, a schema, and a global
catalog.
In Windows Server 2003, domains operate at one
of four different functional levels.
Chapter 1: REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS
SUMMARY (CONTINUED)
 Windows Server 2003 introduces the three forest




functional levels.
Physical components of Active Directory include
sites and domain controllers.
Domain controllers host a copy of the Active
Directory database and can be used to
authenticate logons.
The deployment of global catalog servers
throughout an Active Directory site infrastructure
requires careful planning.
Windows Server 2003 introduces a new feature
known as universal group membership caching.
25