Why do we need domains? Active Directory Series

Reproduced http://yuelei.blog.51cto.com/202879/113185

Why domain? Domain is a headache for many of them who have just begun to study Microsoft technology. The importance of the domain is beyond doubt. Microsoft's heavyweight service products basically require domain support. Many companies' requirements for recruiting engineers also clearly require that the candidates be familiar with or proficient in Active Directory. However, domains are complicated for beginners. There are many technical terms, such as Active Directory, site, Group Policy, copy topology, operate host roles, and Global Catalog .... Many beginners are easy to fall into these technical details and lack a global grasp. Starting from today, we will launch a series of Active Directory blog posts, hoping to help the majority of users who are learning ad. The first question we are talking about today is why the domain management model is required? As we all know, Microsoft Management computers can use two models: domain and Working Group. By default, computers are affiliated to working groups after installing the operating system. We can see from many books the characteristics of the Working Group, such as the scattered management of the Working Group, suitable for small networks and so on. At this time, we need to consider a question: why is the Working Group not suitable for large networks? Is it difficult to manage each computer separately? Next we will discuss this issue through an example. Assume that the Working Group now has two computers, one being the server Florence and the other being the client Perth. As we all know, the function of a server is nothing more than providing and allocating resources. The resources provided by the server can be shared folders, printers, email boxes, databases, and so on. Currently, the server Florence provides a simple shared folder as a service resource. Our task is to grant the access permission of this shared folder to employee Zhang Jianguo of the company. Note, this folder is accessible only by Zhang Jianguo! Then we need to consider how to implement this task. Generally, the Administrator's idea is to create a user account for the user Zhang Jianguo on the server, if the visitor can answer the username and password of the account, we acknowledge that the visitor is Zhang Jianguo. Based on this simple management idea, we will perform specific implementation operations on the server. First, as shown in, we created a user account for Zhang Jianguo on the server. Then assign permissions in the shared folder, as shown in. We only grant the read permission of the shared folder to user Zhang Jianguo. Okay. Then, Zhang Jianguo prepares to access the shared folder on the server on the client Perth. Zhang Jianguo prepares to access resources \ Florence \ personnel files, and the server sends an identity verification request to the visitor, as shown in, Zhang Jianguo entered his username and password. As shown in, Zhang Jianguo successfully passed identity authentication and accessed the target resource. After reading this instance, many friends may think that in working group mode, this problem is well solved. We did not successfully achieve the expected goal! That's right. In this small network, the workgroup model does not reveal any problems. But we need to extend the problem! Now, if the company is not a server, but 500 servers, which is roughly the size of a medium-sized company, then we are in trouble. If all the 500 servers have resources to be allocated to Zhang Jianguo, what are the consequences? Because the working group is characterized by decentralized management, it means that each server has to create a user account for Zhang Jianguo! Zhang Jianguo, a user, must remember his username and password on each server. The server administrator cannot go anywhere, and every user account is re-created 500 times! What if there are 1000 people in the company? It is hard to imagine the consequences of managing network resources. The root cause of all these problems is the scattered management of working groups! Now everyone understands why the Working Group is not suitable for working in a large network environment. The casual management method of the working group is contrary to the efficiency required by large networks. Since the Working Group is not suitable for the management requirements of large networks, we need to review other management models. The domain model is designed to meet the management needs of large networks. A domain is a set of computers that share user accounts, computer accounts, and security policies. From the basic definition of the domain, we can see that the sharing of user accounts and other resources is taken into account in the design of the domain model. In this way, if a computer in the domain creates a user account for employees of the Company, other computers can share accounts. In this way, we can solve the problem of repeated Account creation just now. The computer that stores the user account in the domain is the domain controller, user account, computer account, and security policy.
Directory database. The above simple example shows only the tip of the iceberg about the powerful functions of the domain. In fact, the functions of the domain are far more than that. In the next blog, we will introduce the deployment and management of domains. We hope that you will learn more about domains and learn more about domains, be able to master Active Directory, an essential knowledge point for Microsoft engineers.