One of the Active Directory series: Basic concepts

Directory services can centralize the organization, management, control of a variety of users, groups, computers, shared folders, printers and other resources. Using LDAP (port 389) Lightweight Directory Access Protocol, all account information, such as user and computer, is stored in a database in a domain environment, and the database location is%systemroot%\ntds\ntds.dit.

The logical structure of an AD (Active Directory) consists of the following components: domain/subdomain/tree/forest/ou, and so on. Mainly focus on the organization of network resources.

The physical structure of the ad consists of the following components: DC (Domain Controller)/site (site)/om (operations master). It mainly focuses on the configuration and optimization of network resources.

Here are a few important concepts:

1.DN: (distinguished Name)--used to indicate where an object is stored specifically in AD, similar to the absolute path of a file.

For example: Cn=user1,ou=sails, dc=blog,dc=com the user exists under the Sails OU of the blog.com domain, the user name is User1.

Cn=users (the default container users are also expressed in CN)

dsadd user cn=test,ou=sails,dc=blog,dc=com uses the DN to create examples of users.

2.UPN (username) Username @ domain name, that is, users can use when logging in, such as jack@net.com, you can also change the suffix.

Modify: After Domain.msc, in the root right click--Properties--Change the UPN suffix, and then select the suffix in the user Properties-account number. This UPN can be used by user logins. But you must make the appropriate changes in the user's properties (that is, enable this UPN suffix)

3.SID (security identifier) the user/group has a unique

Whoami/user The current user's SID

Whoami/all details of the current user (including the SID of the group that belongs to)

GetSID \\DC1 Test \\DC1 Test (install suptools)

PsGetSid \\DC1 Test Downloads kit.

4.AD Database directory partition: (AD database is a file, but it is in the form of a directory partition)

Schema schema Partitions---The object classes and attributes of forests, replicated at the forest level.

Configuration configuration partition-location of all DCs, site, replicated at forest level.

Domain domains partition--information such as various objects for each domain, replicated at the domain level.

Application Application partition-dns can be customized.

View the first three directories via Adsiedit.msc (pre-installed Support Tools)