[go: up one dir, main page]
Scribd
Upload
88 views8 pages

Configuring Domain Controllers: Overview of AD DS Overview of AD DS Domain Controllers

Domain controllers host the Active Directory database and allow users to authenticate and access resources within a domain. A domain controller may also host a global catalog that stores partial attribute sets for objects in other domains. Clients locate domain controllers through DNS lookups of SRV records, and authenticate first with their local domain controller, which can then grant access to resources. While AD DS uses multi-master replication, some operations like schema updates are single-master and these roles are called flexible single master operations.

Uploaded by

Ehab Nathan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
88 views8 pages

Configuring Domain Controllers: Overview of AD DS Overview of AD DS Domain Controllers

Domain controllers host the Active Directory database and allow users to authenticate and access resources within a domain. A domain controller may also host a global catalog that stores partial attribute sets for objects in other domains. Clients locate domain controllers through DNS lookups of SRV records, and authenticate first with their local domain controller, which can then grant access to resources. While AD DS uses multi-master replication, some operations like schema updates are single-master and these roles are called flexible single master operations.

Uploaded by

Ehab Nathan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Configuring domain controllers

Module Overview

• Overview of AD DS
• Overview of AD DS domain controllers

1
Overview of AD DS

• AD DS components
• What is an AD DS forest?
• What is an AD DS domain?
• What are OUs?
• Overview of AD DS administration tools
• Demonstration: Using the Active Directory
Administrative Center to administer and manage
AD DS

AD DS components

AD DS is composed of both logical and physical


components
Logical components Physical components
• Partitions • Domain controllers
• Schema • Data stores
• Domains • Global catalog
• Domain trees servers
• Forests • RODCs
• Sites
• OUs
• Containers

2
What is an AD DS forest?

Forest root
domain
Tree root
domain adatum.com

fabrikam.com

atl.adatum.com
Child domain

What is an AD DS domain?

• AD DS requires one or more domain controllers


• All domain controllers hold a copy of the domain
database, which is continually synchronized
• The domain is the context within which user accounts,
computer accounts, and groups are created
• The domain is a replication
boundary
• The domain is an administrative
center for configuring and Users
managing objects AD DS
• Any domain controller can
authenticate any sign-in
anywhere in the domain
Computers Groups
• The domain provides authorization

3
What are OUs?

•Use containers to group objects within a domain:


• You cannot apply GPOs to containers
• Containers are used for system objects and as the
default location for new objects
•Create OUs to:
• Configure objects by assigning GPOs to them
• Delegate administrative permissions

Overview of AD DS administration tools

You typically perform AD DS management by


using the following tools:
• Active Directory Administrative Center
• Active Directory Users and Computers
• Active Directory Sites and Services
• Active Directory Domains and Trusts
• Active Directory Schema snap-in

4
Demonstration: Using the Active Directory
Administrative Center to administer and manage AD DS

In this demonstration, you will see how to:


• Navigate within the Active Directory Administrative
Center
• Perform an administrative task within the Active Directory
Administrative Center
• Create objects
• View all object attributes

Overview of AD DS domain controllers

• What is a domain controller?


• What is a global catalog?
• Overview of domain controller SRV records
• AD DS sign-in process
• What are operations masters?

5
What is a domain controller?

Domain controllers:
• Are servers that host the AD DS database (Ntds.dit) and
SYSVOL
• Host the Kerberos authentication service and KDC
services to perform authentication
• Have best practices for:
• Availability:
• Use at least two domain controllers in a domain
• Security:
• Use an RODC or BitLocker

What is a global catalog?


The global catalog:
Schema
• Hosts a partial attribute set for
Configuration other domains in the forest
Schema • Supports queries for objects
Domain A throughout the forest
Configuration

Schema
Domain A
Configuration
Domain B
Domain B
Global catalog server Schema

Configuration

Domain B
AD DS

6
Overview of domain controller SRV records

• Clients find domain controllers through DNS


lookup
• Domain controllers dynamically register their
addresses with DNS
• The results of DNS queries for domain
controllers are returned in this order:
1. A list of domain controllers in the same site as the
client
2. A list of domain controllers in the next closest site, if
none are available in the same site
3. A random list of domain controllers in other sites,
if no domain controller is available in the next closest
site

AD DS sign-in process

1. The user account is authenticated


to the domain controller
2. The domain controller returns a
TGT back to client
3. The client uses the TGT to apply
Domain
for access to the workstation controller
4. The domain controller grants
access to the workstation
5. The client uses the TGT to apply
for access to the server
6. The domain controller returns
access to the server
Workstation Server

7
What are operations masters?

• In the multimaster replication model, some


operations must be single master operations
• Many terms are used for single master operations in
AD DS, including:
• Operations master (or operations master role)
• Single master role
• Flexible single master operations (FSMO)

The five FSMOs


Forest: Domain:
• Domain naming master • RID master
• Schema master • Infrastructure master
• PDC emulator master

Review and Takeaways

• Review Questions
• Common Issues and Troubleshooting Tips

You might also like