Active Directory Setup and Migration Services
Expandable and scalable Active Directory allows you to effectively manage network resources. Active Directory is a hierarchically organized data store for network objects, providing convenient tools for finding and using this data. The computer on which Active Directory is running is called the domain controller. With Active Directory, almost all administrative tasks are connected. Active Directory technology is based on standard Internet protocols and helps to clearly define the structure of the network.
In the Active Directory uses the domain name system.
Domain Name System, (DNS) is a standard Internet service that organizes groups of computers into domains. DNS domains have a hierarchical structure that forms the basis of the Internet.
Active Directory Components
Active Directory combines the physical and logical structure for network components. Active Directory logical structures help organize directory objects and manage network accounts and shared resources. The logical structure includes the following elements:
– an organizational unit ( an organizational unit ) – subgroup of computers, as a rule, reflects the structure of the company;
– domain ( domain ) – a group of computers that share a common catalog database;
– tree of domains ( domain tree ) – one or more domains that share a contiguous namespace;
– Domain timber ( domain forest ) – one or more trees that share directory information.
Physical elements help to plan the real structure of the network. On the basis of physical structures, network connections and physical boundaries of network resources are formed. The physical structure includes the following elements:
– subnet ( subnet ) – a network group with a specified area of IP addresses and a network mask;
– site ( site ) – one or more subnets. The site is used to configure access to the directory and for replication.
Organizational units (OPS) are subgroups in domains that often reflect the functional structure of an organization. OPs are a kind of logical containers in which accounts, shared resources and other OUs are located.
An Active Directory domain is a group of computers that share a common catalog database. Active Directory domain names must be unique. Domain functions are limited and regulated by the mode of its functioning.
Forests and trees
Each Active Directory domain has a DNS- name of the Microsoft type.com . Domains sharing a directory data form a timber ( forest ). Forest domain names in the DNS naming hierarchy are non-contiguous (Discontinuous ) or adjacent ( contiguous ).
Sites and subnets
A site is a group of computers in one or more IP subnets used to plan the physical structure of the network. The site is planned regardless of the logical structure of the domain. Active Directory allows you to create multiple sites in one domain or one site spanning multiple domains.
Working with Active Directory Domains
On a Windows Server 2003 network, Active Directory is configured at the same time as DNS. However, the domains of Active Directory and DNS domains have different purposes. Active Directory domains help you manage accounts, resources, and security.
Directory data is made available to users and computers via data warehouse ( data stores ) and global catalogs ( global catalogs ). Although most Active Directory functionality affects the data store, global directories (GGs) are equally important because they are used to log in and search for information. If the GC is unavailable, ordinary users will not be able to enter the domain. The only way to get around this condition is to locally cache membership in universal groups.
The store contains information about the most important Active Directory directory service objects – accounts, shared resources, OPs, and group policies. Sometimes the data warehouse simply called directory ( directory ). On the domain controller, the directory is stored in the NTDS.DIT file, the location of which is determined when Active Directory is installed (this must be an NTFS drive). Some catalog data can be stored separately from the main storage, for example, group policies, scripts, and other information written in the SYSVOL system resource.
If local caching of membership in universal groups is not performed, the network is entered on the basis of membership information in the universal group provided by the CC.
It also provides a directory search for all forest domains. The controller, which serves as a GC server, stores a complete replica of all objects in the directory of its domain and a partial replica of the objects of the other forest domains.
Replication in Active Directory
The catalog stores information of three types: domain data, schema data, and configuration data. Domain data is replicated to all domain controllers. All domain controllers are equal, i.e. all changes from any domain controller will be replicated to all other domain controllers. The schema and configuration data are replicated to all domains of the tree or forest. In addition, all the objects of the individual domain and some of the properties of the forest objects are replicated to the GK. This means that the domain controller stores and replicates the schema for the tree or forest, configuration information for all domains in the tree or forest, and all directory objects and properties for its own domain.
Active Directory and LDAP
The Lightweight Directory Access Protocol (LDAP) is a standard protocol for Internet connections in TCP / IP networks. LDAP is designed specifically for accessing directory services with minimal overhead. LDAP also defines the operations used to query and change directory information.
Operations master roles
The operations master solves tasks that are inconvenient to perform in a replication model with multiple hosts. There are five operations master roles that can be assigned to one or more domain controllers. Some roles should be unique at the forest level, for others, the domain level is sufficient.
Administering Active Directory
using the service the Active Directory creates computer accounts held their connection to the domain, made control of computers, domain controllers, and organizational units (OU).
Active Directory Command-Line Tools
To manage Active Directory objects, there are command line tools that allow you to perform a wide range of administrative tasks.