Windows_learn 001 Domain (AD)

Windows_learn 001 Domain (AD)

Content Overview

The logical structure of the Active Directory

Domain

Container Container and organizational unit

Global Catalog GC (Globals Cataloge)

Physical structure of the Active Directory

directory partition

Active Directory Management plug-ins and tools

Before you create an AD DS domain

How to create a Windows 2008 domain

Installing the Active Directory process

Personal learning sentiment

The logical structure of the Active Directory

Domain

Organizational unit

Domain directory tree and forest

Global Catalog

Domain

Security boundaries

The role of the security boundary is to ensure that the manager of the domain has only the necessary administrative rights within the domain, unless the manager obtains the other domain

The explicit authorization

Copy Unit

In a domain, a computer that is a domain controller contains a copy of the Active Directory. In a particular domain, all domain controls can

To get the change information for the Active Directory and copy the change information to the other domain controllers in the domain.

Container Container and organizational unit

OUs can be used to organize objects into a logical structure that best fits your organization's needs.

Administrative control can be delegated to objects in the OU. To delegate administrative control, the OU and OU must contain the specific

Permissions refer to one or several users and groups.

Directory Tree and Forest

Two-way transitive trust, the tree and the tree can establish a trust relationship between the resource sharing and so on

Global Catalog GC (Globals Cataloge)

Partial properties of all Objects (index)

Features of the global catalog

Find information anywhere in the forest, regardless of the location of the data

Determine the membership of a user's universal group when a user logs on to the network

When a user logs on to the network using the logon group master, the global catalog server is used to determine the domain of the user

Physical structure of the Active Directory

Domain controller (Controllers) physical device

Participate in the replication of Active Directory

Single master replication mode

Multi-master replication mode

Site Sites

Optimize Replication traffic

Enables users to log on to a domain controller using a reliable, high-speed connection

directory partition

Schema directory partition

It stores definition data for all objects and properties throughout the forest, and also stores rules for how to create new objects and properties.

Configuring directory partitions

A structure that stores the entire ad DS (Active Directory Domain Server)

Domain directory partition

Stores objects related to this domain

Application directory partition

is created by an application that stores data about the application

Active Directory Management plug-ins and tools

Manage Plugins

Active Directory Users and Computers

Active Directory Domains and trust relationships

Active Directory Sites and Services

Active Directory Schema

Ways to manage Windows2008 networks

Use Active Directory to implement centralized management

Centralized management of access resources and rights management for domain users

Manage User Environments

Manage permissions for domain users, restrict their scope and access to domain resources

Delegating administrative control

Assign permissions to a user to manage specific user groups or users in the domain

New features for Windows 2008 domain controllers

Read-only domain controller (RODC)

Restartable Active Directory domain service (ADDS)

How domains are deleted

Enter Dcpromo in the start operation

Before you create an AD DS domain

The computer is running Windows Standerd Server

Windows Microsoft Enterprise Server, or Windows Datacenter server

The Active Directory partition requires disk 200MB, and the log file requires 50MB

Format the partition or volume with NTFS, which is required for the (SYSVOL) folder

Configure DNS and TCP/IP

If you create a domain on a network that already exists, you must have the appropriate permissions

How to create a Windows 2008 domain

Add adds role

Run Dcpromo

Installing the Active Directory process

Enable the Kerberos v5.0 authentication protocol

Set Local Security Policy: Use the default Domain controller security template

Configure Local Security

Create a directory partition

Creating Active Directory database files and log files

Create the root domain of the forest

Create a shared System volume folder

Shared Sysvol folder

Network Logon shared folder

To configure the membership of a domain controller at the appropriate site

To install a DC using an application file

This file is the profile that was exported when the first DC was installed, that is, when additional DCs are required to be installed, modify this configuration file

You can automate the installation of DCs without the need for a human-machine interactive installation of DCs. simplifies the installation process.

Default structure for Active Directory (active directories Users and Computers)

Builtin (default security group for Windows 2008)

Computers (the location of the default computer account)

Domains Controllers (Default domain controller computer account)

ForeignSecurityPrincipals (security identifier of the domain that has the trust relationship externally)

LostAndFound (where orphaned objects are saved)

System (Save Systems Settings)

Users (default location for user and group accounts)

Verifying the Active Directory installation (verifying the installation)

Verifying SRV resource records (DNS queries)

Verify that SYSVOL has been successfully created and shared properly

Verify that the Active Directory database and log files were successfully created

Check the log file to see if an error occurred during installation

Raise the functional level of forests and domains

Raise Forest functional Level

Active Directory Domains and trust relationships

Raise the domain functional level (note to raise the forest before you can raise the domain)

Active Directory Users and Computers

Adding a secondary DC to an RODC

Method 1

Running the DCPROMO upgrade on a secondary DC

Method 2

Making the installation media on a writable DC

Running DCPROMO/ADV on a secondary DC can also use an answer file for unattended installation

Personal learning sentiment

Everyone sorry hehe, because now work needs, so need to temporarily learn the knowledge of Windows Server, and so work completely

Hold the time, continue to carry out the study of Linux, the personal feeling that the open source of Linux is very powerful, haha. After I finished my study,

It feels like I'm "open source". Haha, you know

This article is from the "Winthcloud" blog, make sure to keep this source http://winthcloud.blog.51cto.com/2180779/1910904

Windows_learn 001 Domain (AD)