1. ACTIVE DIRECTORY
Active directory is single point of reference, called directory
services, to all the objects in a network, including users,
groups, computer, printer, polices and permissions.
For a user or an administrator AD provides a single hierarchical
View from which to access and manage all of the network
resources.

2. • AD utilizes ip protocol and standards like
ssl(secure socket layer), transport layer
security (tls) authentication, LDAP (Light
weight directory protocol, DNS

3. ACTIVE DIRECTOR and DNS
• Active directory uses the DNS.
• Dns domains are organise into a hierarchical
structure.
• Different level of dns identify computer,
organisational domain, and top level domain.
• DNS also maps host name i.e.(Fully qualified
name to IP ADDRESS.
• Fqn for airforce name PC IN DOMAIN Defence
with top level domain def is
airforce.defence.def

4. Core Unit Of AD
• DOMAINS
• TREE
• FOREST
• Oraganisational unit (OU)

5. DOMAIN
• Is a logical structure of AD.
i.e Office at Aahmedabad is a physical Object,
Office at Gandhinagar is a physical object, But at
Gandhinagar or Aahmendabad office we are
making a logial gruouping of
Users,groups,printers,polices,Faxes and
computers.
You can dicide your office computer network into
logical parts called domain depends upon your
requirment.

6. Domain
• Domain is the boundary of replication
: Domains within the AD replicate the information
about objects between domains
Objects like
Users
Groups
Contacts
OU
Computer

7. Domain
• Doman is the boundary of authentication
: Boundary of users account
Group permission
Resource Access
• Domain is the boundary of administration

8. Domain
• Domain is the boundary of DNS Name space
Dns service recordes in AD is the way of locating services
Computers in a domain defence is entered into daomin as
a.defence.def
b.defence.def
Child domain are entered as
Gandhi.defence.def
**Child domain takes their name from parent Domain
Computer in child domins are entered as
a.gandhi.defence.def
b.gandhi.defence.def
All domains have both domain name , Fully qulIFIED domain name and
Netbios name for NT4 PDC and BDC

9. Tree
• Tree is hiaeracy of domain desined is a way to match the
DNS structure.
• Tree share transit trust relationship between domain
i.e Users can access their resources in a domain where
they loged in, They can also access resouces in other
domain within tree if proper rights given.
They Share
Schema
configuration and
global Catlog

10. SCHEMA
• Schema is defination of object in AD
Objects in AD are
Users
Groups
Contacts etc
These all objects are made from common object
defination schema
All domains within tree has to aggree with this
common schema.

11. Configuration
• Domains within tree share the
configuration between them i.e Information
about users, groups, resources etc
Each domain knows about other domain
and their objects.

12. Global Catlog
• Global catlog is the centar repositary it
contains the reference to all objects in
AD.

13. • Define a new tree with DCPROMO

14. FOREST
• When we create a single domain a forest is created
• Within forest we can create multiple child domains or
trees with continguous namespace
airforce.def
a.airforce.def
Gandhi.airforce.def
• Within forest we can create multiple trees with disjoined
namespace
airforce.def airforce.edu
a.airforce.def a.airforce.edu

15. Forest
• All domains within forest share transit trust
relationship
• All domain in forest share
Common Schema
Configuration
Global Catlog

16. Organisational Unit
• OU are containers within Domain
They contain objects of domain
You can create an Oraganisational unit to
organise users , computers or groups etc.
For example
You can create a OU for sales team to
manage sales team employe and their
computers

17. Organisational Unit
• Distint unit of administration
You can delegate the administrative rights for
administrating OU
In windows NT if you want to give administration
rights on some objects of domain to any
particular you have to make him domain
administrator but in windows 2003 you can
create OU delegare administrative rights on that
particular OU to concern autherity.

18. Organisational Unit
• OU are unique to domain.
i.e OU can be container for objects of
domain in which OU is created
1)OU can be created to Manage users and
computer
2)you can create group policy and apply on
3)Delegae administration using OU

19. Demostration
Logical Objects
Active directory domain,tree,and forest
Users,groups and OU
Create new tree in AD using DCPROMO

20. Active DIRECTORY
• When we promote Server DOMAIN
WE ACTUALLY install Active directory database.
Database file name is NTDS.dit
dit--(Directory information tree)
AD database is divided into four parts
Domain --Users,groups,computer
Schema --Object defination
Configuration –Configutaion of domins
Application --Aapplications like DNS
while in windows 2000 AD Database is divided into three parts
Domain --uSERS, groups , computers, DNS
Schema
Configuration

21. Replication Model
• IN windows nt Replication is done
between PDC to BDC
Known as Single master replication model
• In Wwindows 2003 all domain replicate
between each other
known as Multiple master replication

22. Site
• A site is a well connected IP Subnet
i.e if all subnets in a Network are connected
through well connected network like LAN
(10/100/1000 ETHERNET) than we can treate or
create it as single site
For example : If there is one office at ahmedabad
and one at Gandhinagar connected by modem
we can treate each as a different site
If we are having two offices at gandhinagar
connected by lease line of 10 mbps than we can
treate theis two offices as single site

23. Domain Vs Site
• Domain is logical concept
• Site is physical concept
• A site can contain multiple domain
• Now two site can have single domain
Because sites are connected through
expensive low speed network there is no
point is forwarding authentication process
over such a slow and expensive network.

24. site
• Site provides local logon services and
Distributed file system (DFS)
• REPLICATION: Replication between all
domins in a site and during off hours
between sites.
• Group Policy: Site level group policy

25. Site Requirment
• Member ship in enterprise admin group i.e. admin rights
on forest
• Unique IP Subnet range or ranges i.e. two different site
must be on different subnet or subntes
• Every site must have at least one domain controller
• Inter site transport : Sites are connected with each other
with low speed network they USE
IP OR SMTP protocl to replicate.
IP is more traffice Insentive and SMTP is 25 % less
traffice consumin than IP but is processor hungry

26. Global Catlog
• Prtial replica of all the object in forest :
Each site must have one global catlog ,it contains the
refference of all objects in a forest only reference not the
complete information of object . This refference will help
AD TO LOCATE THE object fast.
GC also known as cetral repository
• Configurable subset of Aattributes : You can select what
attributes to be send to GC as refference for an object.
• These attributes will help AD to locate objects fast forest
wide search.
• Required for logon univarsal group membership: Global
catlog is require for logon authentication that’s why each
site must have a GC.

27. GC
Gc is required if a site has more than 100
users
If there is relibel lease line connectivity
(Means good network connectivity
between two Physically saprate site than
we may not require GC AT BOTH SITE.
If there is no GC Dependent server like
exchange server we may avoid keeping
GC AT that particular site

28. Demostration
• Site and global catlog
• Creating a site , gc