Active Directory Domain Services
- It is a server role , you can create a scalable secure and manageable infrastructure for user and resource management and this ADDS can provide support for directory enabled application like, Microsoft Exchange Server.
- It stores directory data.
- Manages communication between user and domains
- Manages user logon processes, authentication, and directory searches. server running ADDS is called domain controller.
Structure of ADDS :
The hierarchical structure of ADDS includes,
-Active Directory Forest
- Domains in the Forest
- Organizational units in each domain
Physical components -
Data storage, Domain Controller, Global Catalog server, Read-only Domain Controller.
Local Components -
Forest, Domain, Domain Tree, Sites and Schema, OU(Organizational unit), Groups and Users, Directory Partitions.
ADDS Forest -
- It has highest level in active directory.
- It is the logical security boundary for an enterprise.
- It shares the single database and a single global address list
- It contains one or more domain container objects like directory structure , global catalog and directory schema etc.
- A forest contains multiple domain trees. The first domain in the forest is called as Forest Root Domain.
ADDA Domains -
- It is a container object to store, locate and manage Active Directory objects like users, groups, computers and printers etc.
- A domain is a administrative boundary for active directory objects.
- A single domain can span up to multiple physical locations or sites.
- A domain is managed by a physical machine known as Domain Controller.
Domain Trees -
- It is a collection of domains grouped together in a hierarchical structure.
- Domain tree support parent child concept
Domain Controllers -
- DC uses Kerberos KDC(Key Distribution Center) service to perform authentication.
- It is a physical server , it hosts active directory database - NTDS(Network Technology Directory Service. Directory Domain Tree) and SYSVOL it is replicated between domain controllers.
- To ensure that DC services are redundant ,you must plan at least two DC.
Global catalog -
- A global Catalog is the set of all objects in an ADDS forest.
- A global catalog server is a domain controller that stores the full copy of all objects in directory for its host domain.
- Also it stores the partial read only copies of all objects for all other domains in the same forest.
- Global catalog servers responds to the global object queries throughout the domain.
- A global catalog servers find objects, supplies UPN, supplies user.
ADDS Schema -
- The adds schema is a blueprint for ADDS. It defines attributes and object classes .
- The schema defines the rules and syntax of the database and provides the blueprint for any objects that can be created in the ADDS database.
- The schema defines the objects that reside in the ADDS database and defines the mandatory and optional attributes as well as the syntax and the relationships between the objects and the attributes.
- Schema can be accessed by using MMC(Microsoft Management Console).
Organizational Unit -
- OU is the container within a Microsoft active directory domain, it can hold users, groups, and computers.
- OU is the smallest unit to which an administrator can assign group policy settings or account permissions.
- An organizational unit can have multiple OUs within it, but all attributes within the containing OU must be unique. active directory organizational units cannot contain objects from other domains.
- OU is also used to delegate administrative permissions to junior administrators.
Comments
Post a Comment