My TechnoBlogs

For those who can create wonders with Technology……

Archive for the ‘Active Directory’ Category

Active Directory Replication

Posted by Ravi shankar on February 24, 2009

In Active Directory, replication ensures that any changes made to a domain controller within a domain are replicated to all the other domain controllers in the domain. Active Directory utilizes multimaster replication to replicate changes in the Active Directory data store to the domain controllers. With multimaster replication, domains are considered peers to one another. With Windows Server 2003, the Knowledge Consistency Checker (KCC) is used to create a replication topology of the forest, to ensure that the changes are replicated efficiently to the domain controllers. A replication topology reflects the physical connections utilized by domain controllers to replicate the Active Directory directory to domain controllers in a site, or in different sites. Intra-site replication occurs when the Active Directory directory is replicated within a site. When replication occurs between sites, it is known inter-site replication. Since the bandwidth between sites are typically slow, information on site link objects is utilized to identify the most favourable link that should be used for moving replication data between sites in Active Directory.

Posted in Active Directory | Tagged: | Leave a Comment »

Active Directory Trust Relationships

Posted by Ravi shankar on February 14, 2009

In Active Directory, when two domains trust each other or a trust relationship exists between the domains, the users and computers in one domain can access resources residing in the other domain. The trust relationships supported in Windows Server 2003 are summarized below:

Parent/Child trust:

A parent/child trust relationship exists between two domains in Active Directory that have a common contiguous DNS namespace, and who belong to the identical forest. This trust relationship is established when a child domain is created in a domain tree.

Tree Root trust:

A tree root trust relationship can be configured between root domains in the same forest. The root domains do not have a common DNS namespace. This trust relationship is established when a new tree root domain is added to a forest.

Shortcut trust:

This trust relationship can be configured between two domains in different domain trees but within the same forest. Shortcut trust is typically utilized to improve user logon times.

External trust:

External trust relationships are created between an Active Directory domain and a Windows NT4 domain.

Realm trust:

A realm trust relationship exists between an Active Directory domain and a non-Windows Kerberos realm.

Forest trust:

Forest trust can be created between two Active Directory forests.

Posted in Active Directory | Tagged: | Leave a Comment »

Active Directory Replication

Posted by Ravi shankar on February 14, 2009

In Active Directory, replication ensures that any changes made to a domain controller within a domain are replicated to all the other domain controllers in the domain. Active Directory utilizes multimaster replication to replicate changes in the Active Directory data store to the domain controllers. With multimaster replication, domains are considered peers to one another.

With Windows Server 2003, the Knowledge Consistency Checker (KCC) is used to create a replication topology of the forest, to ensure that the changes are replicated efficiently to the domain controllers. A replication topology reflects the physical connections utilized by domain controllers to replicate the Active Directory directory to domain controllers in a site, or in different sites. Intra-site replication occurs when the Active Directory directory is replicated within a site. When replication occurs between sites, it is known inter-site replication. Since the bandwidth between sites are typically slow, information on site link objects is utilized to identify the most favourable link that should be used for moving replication data between sites in Active Directory.

Posted in Active Directory | Tagged: | Leave a Comment »

Active Directory Object Naming Schemes

Posted by Ravi shankar on February 14, 2009

Each object in the Active Directory data store must have a unique name. Active Directory supports a number of object naming schemes for naming objects:

Distinguished name (DN):

Each object has a DN. The DN uniquely identifies a particular object and uniquely identify where the object is stored. The components that make up the DN of an object are:
CN – common name
OU – organizational unit
DC – domain component
A canonical name is merely a different manner of depicting the object’s DN in a method that is simpler to interpret.

Relative distinguished name (RDN):

The RDN identifies a particular object within a parent container or OU.

Globally unique identifier (GUID):

A GUID is a unique hexadecimal number that is assigned to an object at the time that the object is created. The GUID of an object never changes.

User principal name (UPN):

The UPN is made up of the user account name of the user, and a domain name that identifies the domain that contains the user account.

Posted in Active Directory | Tagged: | Leave a Comment »

Active Directory Components

Posted by Ravi shankar on February 14, 2009

Domain , organizational Unit(OU), Domain tree and Forests are considered logical structure. Sites and domain controller are considered physical structures.

Domain:

They are the main logical structure in Active Directory because they contain Active Directory. Network objects  such as user, printer, shared resources, and more are all stored in domains. Domain are security boundaries. Access to the object in the domain is controlled by access control list (ACLs). Domain functional level can be used to enable additional Active Directory features.

Organizational Unit (OU):

An OU is a container that enables you to organize objects such as user, computer and even other OUs in the domain to form a logical administrative group. An OU is the smallest Active Directory component to which you can delegate administrative authority.

Domain Trees:

When you group domain into a hierarchical structure by adding  the child domain to a parent domain, it is the formation of domain tree. Domain are regarded as beign a part the same domain tree when they have a contiguous naming structure. A two-way transitive trust relationship is automatically created between the parent and child domain a child domain is created.

Forests:

A forest is a grouping of multiple domain tree into a hierarchical structure. Domain Trees in a forest have a common schema, configuration , and global catalog. Domain within the forest are linked with two-way transitive trust. Through the forest functional level, additional forest wide Active Directory features.

Sites:

In Active Directory, sites are formed through of multipile subnets. Sites are typically defined as location in which network access is hhighly reliable, fast and not expensive.

Domain Controllers (DCs):

A domain controller is a server that stores a write copy of Active Directory. They maintain the Active Directory data store. Certain master roles can be assigned to domain controllers within a domain and forest. Domain controllers that are assigned special master roles are called Operations Masters. These domain controllers host a master copy of particular data in Active Directory. They also copy data to the remainder of the domain controllers. There are five different types of master roles that can be defined for domain controllers. Two types of master roles, forest wide master roles, are assigned to one domain controller in a forest. The other three master roles, domain wide master roles, are applied to a domain controller in every domain.

-The Schema Master is a forestwide master role applied to a domain controller that manages all changes in the Active Directory schema.

-The Domain Naming Master is a forestwide master role applied to a domain controller that manages changes to the forest, such as adding and removing a domain. The domain controller serving this role also manages changes to the domain namespace.

-The Relative ID (RID) Master is a domainwide master role applied to a domain controller that creates unique ID numbers for domain controllers and manages the allocation of these numbers.

-The PDC Emulator is a domainwide master role applied to a domain controller that operates like a Windows NT primary domain controller. This role is typically necessary when there are computers in your environment running pre-Windows 2000 and XP operating systems.

The Infrastructure Master is a domainwide master role applied to a domain controller that manages changes made to group memberships.

Posted in Active Directory | Leave a Comment »

Active Directory

Posted by Ravi shankar on February 14, 2009

Directory is a hierarchical structure that stores information about object on the network. Active Directory is a directory services that provides the method for storing directory data and making this data available to network user and administrator.Acitve Directory is Microsoft Network Operating System (NOS) directory.

The information like user, group, computer , printer application services can be added to central repository. The AD can also be managed programatically based on

Active Directory Service Interface (ADSI)
ActiveX Data Object (ADO)
Windows Management Instrumentation (WMI)

AD was released in 1997 and came to existance after MS first NOS enviornment was available in 1990 with the release if WindowsNT 3.0

Some AD concepts:
Domain is a group of resources based on administration and security boundaries (40000 objects limit).

Domain Controller serves providing NOS to the end user

X.500 is a directory service standard provided by ITU and ISO. It was complicated and based on the OSI layer. For TCP/IP model the university of Michigan developed LDAP (Lightweight Directory Access Protocol). LDAP has many features of X.500.

The versions of LDAP released were:
LDAPv1-1993, LDAPv2-1995 and LDAPv3-1997

Active Directory is based on Extensible Storage Engine (ESE) database used by Exchange Server. It has maximum database storage of 16 TB

Posted in Active Directory | Tagged: | Leave a Comment »