1. 07/11/2008 1

2.  Introduction to Active Directory
 Active Directory Logical Structure
 Active Directory Physical Structure
07/11/2008 2

3.  What Is Active Directory?
 Active Directory Objects
 Active Directory Schema
 Lightweight Directory Access Protocol (LDAP)
07/11/2008 3

4. Directory Service
Directory Service Centralized Management
Centralized Management
Functionality
Functionality
 Organize
 Organize  Single point of administration
 Single point of administration
 Manage
 Manage Resources
Resources  Full user access to directory
 Full user access to directory
 Control
 Control resources by a single logon
resources by a single logon
07/11/2008 4

5.  A directory service stores all the information
needed to use and manage these objects in a
centralized location, simplifying the process of
locating and managing these resources.

6.  What Is a Directory Service?
 What Is a Schema?
 What Is the Global Catalog?
07/11/2008 6

7. A structured repository of information about people and
resources in an organization
Domain
OU1 KimYoshida
Computers
Attributes Values
Computer1
Name Kim Yoshida
Users
User1 Building 117
OU2 Floor 1
Users
User2
Printers
Printer1
A repository is a collection of resources that can be
accessed to retrieve information. Repositories often consist
of several databases tied together by a common search
07/11/2008 7
engine.

8. defines all the objects and attributes that the directory service uses
to store data
Examples of object Examples of
class attributes
accountExpires
User distinguishedName
directReports
dNSHostName
operatingSystem
Computer firstName
lastName
Printer

9.  The global catalog is the central repository of
information about objects in a tree or forest. By
default, a global catalog is created automatically on
the initial domain controller in the first domain in the
forest. A domain controller that holds a copy of the
global catalog is called a global catalog server.
 It stores only attributes about each objects ,such as
objects location
Read Only
Global Catalog

10. ◦ Provide a way to design and administer the
hierarchical structure, logical structure of the
network Include
 Domains and organizational units
 Trees and forests

11. Domain Tree
Domain
Domain Domain Domain
OU
Objects
Domain Domain
OU OU
Domain
Organizational Unit
Forest

12.  Logical collection of users and computers.
 Several benefits of domain
 Enable you to organize objects within a
single dept. or location.
 Act as a security boundaries.
 Domain Objects are fully replicated to the
domain controller’s within a domain, not to
other domains .

13. Tree Root Domain
 Contiguous linking of one or more
AD domains that shares a common
namespace or in a Parent-Child Parent
Parent
Relationship. Parent Domain
 Two-way transitive trust contoso.msft
automatically created
 Tree Root Domain :- first domain in
a tree or parent domain Child Domain
Child
Child
sales.contoso.msft
New
Domain

14.  Combination of One or More Trees
 A forest is a disjointed namespace
 www.microsoft.com
 www.msn.com
 Transitive Trusts created automatically

15. Forest Root Domain
 The Forest Root Domain Is
the First Domain Created
in a Forest
Domain
Forest Tree
Tree Root Domain
OU
Domain
Domain OU
Domain OU
Tree
Domain Domain
Objects

16.  An organizational unit (OU) is a subdivision within an Active
Directory into which you can place users, groups, computers,
and other organizational units. You can create organizational
units to mirror your organization's structure.
 Implements a Structure inside a Domain
 Can be nested as needed
 Can not be assigned any rights
 Typically used for Administrative Reasons OU
◦ e.g. System Policies OU
Domain OU
Objects

17.  Benefits of using OUs
◦ Easier to locate and manage the Active Directory objects
◦ Define more advanced features by applying Group Policy to
an OU
◦ Delegate administrative control over OUs

18.  Not related to logical Structure
 Modeled via „Sites“
 A site is well connected via fast Network Links
 One Site can home multiple Domains
 One Domain can spread across many Sites
 Domain Database is stored on Domain Controllers

19.  Sites
 Domain controllers
 WAN links
Site
WAN Link
Domain Controllers
Site
A site is one or more IP subnets connected
by a fast and reliable link.

20.  Domain Controller is a server on a Microsoft Windows
Network that is responsible for allowing host access to
Windows domain resources. The domain controllers in
your network are the centerpiece of your Active
directory service. It stores user account information,
authenticates users and enforces security policy for a
Windows domain

21. Lightweight Directory Access Protocol (LDAP)
Contoso.msft
Finance
Sales
Relative distinguished name Suzan Fine
CN=Suzan Fine,OU=Sales,OU=Finance,DC=contoso,DC=msft
07/11/2008 21