Active Directory learning and concept finishing

First, in the LAN, how to manage the resources on the computer, need a management policy.

Microsoft offers two kinds: workgroup and domain. The difference is that the working Group is autonomous and the computers in the group exist as independent, reciprocal autonomous entities. Well, that's what Ethernet is designed for.

However, when we need an additional management model, actually as an organization, it is more likely that a public central control host is needed, which is the domain model. Domain model, a domain controller is provided that stores all account information within the domain, that is, an account database active Directory. This also leads to the separation of the concepts of resources, accounts, and machines.

　　

Second, in the domain management, the normal idea is that based on the domain name to locate the machine, then the first one is to establish a DNS record, or install a DNS server.

Then, when you create Active Directory, you start with the domain name ***.com, and let ***.com become the starting node for a domain, the term "New forest domain", because logically it will follow the LDAP method, the existing domain forest, then the domain, and finally the domain.

　　

Thirdly, once created, let's look at what data this Active Directory database can put:

　　

Table structure can not see, then look at the file structure:

Active Directory is a transactional database system that uses log files to support rollback syntax, ensuring that transactions are committed to the database. Files associated with Active Directory include the following: ntds.dit-database. edbxxxxx.log-the transaction log. edb.chk-the checkpoint file. Log files reserved by Res1.log and res2.log-. Ntds.dit will grow as the database fills up. However, the size of the log is fixed (TenMB). Any changes made to the database are appended to the current log file, and their disk images are kept up to date. Edb.log is the current log file. When a change is made to the database, the change is written to the Edb.log file. When the Edb.log file is filled with transactions, it is renamed to Edbxxxxx.log. (From00001start, and use hex to accumulate. Because Active Directory uses circular logging, these old log files are deleted in time after the old log files are written to the database. The Edb.log file can be found at any time, and there may be one or more Edbxxxxx.log files. Res1.log and Res2.log are placeholders-used to reserve on this drive (in this case) the last -MB of disk space. This is to provide enough space for the log file to shut down gracefully if all other disk space is already in use. Edb.chk files store Checkpoints of the database that identify the point at which the database engine needs to repeat the log, typically when recovering or initializing. For performance reasons, the log file should be located on a disk other than the disk on which the database resides, to reduce disk contention. When you make a backup, a new log file may be created. As mentioned earlier, you need to delete the log file (such as a regular old log file) because you want to cycle through the records. Several very useful AD maintenance tools: Ntdsutil.exe; Ldp.exe; Dcdiag.exe; Adsiedit.exe; Netdom.exe; Replmon.exe; Dssite.msc; repadmin.

Four, is in this domain system, how to carry out authentication, simple password and user obviously, too thin. The solution here is an electronic token.

Five, backup. The Backup tool for Windows is one, but you can choose to back up the content, which is to back up your Active Directory separately.

What is the performance difference between an LDAP server, such as an ad domain, and an ordinary database table content access account information? Well, it is said that when the amount of data reaches tens of thousands, it will be very impressive. But I'm using it here, considering that it exists as a standard protocol.

　　

Active Directory learning and concept finishing