>

Most Viewed Networking Devices:

  1. Small business firewalls
  2. Computer networking hardware
  3. High speed gigabit PCI adapter
  4. USB 3.0 PCI Card for Super Speed Data Transfer Rate
  5. Small Business Computer Network with Apple Mac Mini Server
  6. NSA 240 Sonicwall Small Business Network Security
  7. Cisco WRVS4400N Wireless Security Router
  8. Cisco RV 120W Wireless-N VPN Firewall and VLAN Router
  9. Cisco RV016 Multi WAN Router For Small Business
  10. Cisco RV220W Small Business Router
  11. Cisco RV082 Dual WAN VPN Router
  12. Edimax EnduraLINK ER-1088 Multi WAN Routers
  13. TL-R4299G Dual WAN Router for Internet Café
  14. New WNDR4500 N900 Vs Tew-692GR N900 Routers
  15. Netgear WNDR4000 and WNDR3800 Dual Band Routers
  16. Linksys E2500 Advanced Dual Band Router Vs E2000
  17. Linksys E-4200 Dual Band Gigabit Router

Most viewed Security Management:

  1. Information security management
  2. Firewalls Security Guidelines
  3. Business Continuity and Disaster Recovery Planning
  4. An Example of LAN Network Risk Assessment
  5. Information security policy guidelines
  6. Network Security Best Practices
  7. IT Security Risk Assessment

Most Viewed Networking Concepts:

  1. Local area network topology
  2. LAN Cable - standard deployment
  3. Easy way to calculate subnet mask
  4. VLAN tutorial
  5. WAN technologies
  6. Route summarization
  7. Understanding firewall with DMZ

 
«  
  »

Active Directory 2003


Active Directory 2003 is the directory services used to authenticate and authorize access to network resources whether they are in a local area network or global corporate network across the WAN network connections. Active Directory 2003 is a powerful technology with limitless capabilities.

Active directory 2003 is a directory service which stores all the information needed to use and manage system objects in a centralized location, simplifying the process of locating and managing these resources.

Directory services in Active Directory 2003 (DNS Servers comonly integrated with AD) provides a way to store, find, secure, and access information about an organization’s network resources such as:

  • User account information
  • Computer account information
  • Groups
  • Printers
  • Servers
  • Resources
  • A database that holds information about its users and other consumers (business partner)
  • Centralizes administration
  • Centralized / decentralized resource administration
  • Stores information in secure format

Various Active Directory 2003 components are used to build a directory structure that meets the needs of your organization. The definition of Active Directory 2003 can be divided by logical and physical components.

Definitions of active directory 2003 can be divided into two categories:

  1. Logical structure
  2. Physical structure

Logical structure of Active Directory 2003:

  • Objects, held in a schema database
  • OU (organizational Unit), enable users to break apart domain into administrative units
  • Domains, atomic unit of Active Directory 2003
  • Trees, any number of domains that are connected in namespace design within the same forest
  • Forests, the boundary within the directory services

Logical structure of Active directory 2003 can be illustrated in the following relationship of the Active Directory domains, OUs, trees, and forests.

Diagram of Active directory

Domains

The core unit of logical structure in Active Directory 2003 is the domain, which can store millions of objects. Objects stored in a domain such as printers, documents, e-mail addresses, database, users are those considered vital to the network. Directory is made up of one or more domains. A domain can span more than one physical location.

Domains in active directory 2003 share the following characteristics:

  • All network objects exist within a domain, and each domain stores information only about the objects that it contains.
  • A domain is a security boundary. Access to domain objects is governed by access control lists (ACLs), which contain the permissions associated with the objects.

The diagram of domain in active directory

OUs

An OU is a container used to organize objects within a domain into a logical administrative group. OUs provide a means for handling administrative tasks, such as the administration of users and resources, as they are the smallest scope to which you can delegate administrative authority. An OU can contain objects such as user accounts, groups, computers, printers, applications, file shares, and other OUs from the same domain.

Tree

A tree is a grouping or hierarchical arrangement of one or more Windows Server 2003 domains that you create by adding one or more child domains to an existing parent domain. Domains in a tree share a contiguous namespace and a hierarchical naming structure.

Forests

Forest diagram in active directory

A forest is a grouping or hierarchical arrangement of one or more separate, completely independent domain trees. As such, forests have the following characteristics:

  • All domains in a forest share a common schema.
  • All domains in a forest share a common global catalog.
  • All domains in a forest are linked by implicit two-way transitive trusts.
  • Trees in a forest have different naming structures, according to their domains.
  • Domains in a forest operate independently, but the forest enables communication across the entire organization.

Physical structure of Active Directory 2003

Physical structure in active directory 2003 contains the following objects:

  • Domain controllers, servers running the core services and housing the data stores Active Directory 2003. Because a domain can contain one or more domain controllers, each domain controller in a domain has a complete replica of the domain’s portion of the directory. A domain controller can service only one domain. A domain controller also authenticates user logon attempts and maintains the security policy for a domain.
  • Sites, replication boundary configured for authentication and localization of replication events. A site is a combination of one or more IP subnets connected by a highly reliable and fast link to localize as much network traffic as possible.
  • Directory Partitions, is also referred to as a naming context. Directory contains the following partitions:
    • Schema partition, defines the objects that can be created in the directory and the attributes those objects can have. This data is common to all domains in a forest and is replicated to all domain controllers in a forest.
    • Configuration partition, describe the logical structure of deployment, including data such as domain structure or replication topology.
    • Domain partition, describes all of the domain-specific objects in a domain and is not replicated to any other domains. However, the data is replicated to every DCs in that domain.
    • Application directory partition, stores dynamic application-specific data in active directory 2003. You can control the scope of replication (bandwidth efficiency) and placement replicas.

Physical structure active directory 2003 can be described with the following diagram

A Site within a domain

Global catalog in active directory 2003

Active Directory 2003 allows users and administrators to find objects such as files, printers, or users in their own domain. However, finding objects outside of the domain and across the enterprise requires a mechanism that allows the domains to act as one entity. A catalog service contains selected information about every object in all domains in the directory, which is useful in performing searches across an enterprise. The global catalog is the catalog service provided by Active Directory 2003.

  • A fast index for the entire forest regardless of which domain in the forest actually contains the data.
  • By default, the entire forest uses the first Domain Controller as the global catalog (GC) server.
  • If there is only one domain controller in a domain, the domain controller holds the global catalog server. If there are multiple domain controllers in the network, one domain controller is configured to hold the global catalog.
  • If a global catalog is not available when a user initiates a network logon process, the user is able to log on only to the local computer unless the site has been specifically configured to cache universal group membership lookups when processing user logon attempts
  • Global catalog and infrastructure master cannot be on the same system. They should be placed on the same site for quick communication between the same hosts.
  • It contains partial attribute subset for every object in the Active Directory 2003 forest
  • In windows 2000 environment, a query would require accessing the GC server for information. Windows 2003 has no GC logon capability; DCs will cache universal group membership locally.
  • Active directory 2003 allows intraforest-wide searches

Active directory 2003 is very powerful when domain and forest functional level are Windows 2003.

See also:

Share
March 25th, 2009 | Tags: , , | Category: Systems

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>