1. The Microsoft Management Console (MMC)
    • Customizable management framework for administration tools
    • Saved as a Management Saved Console (MSC / .msc)
  2. MMC Snap-ins
    • Management tools added to MMC
    • From Microsoft and third party vendors
  3. Administering Active Directory
    • Directory service database
    • Central point for storing, organizing, and managing network objects
    • Logon and authentication service for usersDelegation of administration
    • Schema defines attributes for objects
  4. Administering Active Directory
    • Uses DNS to locate and identify resources
    • IP name resolution
    • provides information on the location of network resources
  5. Administering Active Directory
    • Various types of objects
    • Container object
    • Leaf object
    • users, groups, printers, computers, etc
    • to view properties, right click on object
  6. Domains must
    • have a unique name
    • is organized in layers
    • is administered as a unit with common rules and procedures
  7. Domains provide the ability to
    • configure unique security settings
    • decentralize administration
    • control replication traffic
  8. Forest Root Domain
    • First active directory domain created in an organization
    • collection of trees that do not share a contiguous DNS naming structure
  9. Tree
    • Hierarchical collection of domains that share a contiguous DNS space
    • Whenever a child domain is created, a two-way trust relationship is automatically created between child and parent domains
    • Trees in a forest share a single Active Directory schema
  10. Organizational Units
    • Logical container used to organize objects within a single domain
    • easier to locate and manage Active Directory
    • granular application of group policies
    • granular delegation of administrate control
    • OUs are not security principals and cannot be used to define permissions on resources or assigned rights
  11. Groups
    • Security groups and (email) distribution groups
    • Security groups allow both assignment of both permissions and rights
    • built-in local security groups have pre-assigned rights
  12. Group Policy Object(s)
    • Enables centralized management of user and computer configuration settings
    • Configure desktop settings
    • Control security settings
    • Assign scripts
    • Software and resource management
  13. Group Policy Object MMC
  14. Resulting Set of Policy RSoP
  15. Group Policy container (GPC)
    Stores information about GPO and version number
  16. Group Policy Template (GPT)
    Contains data that makes up GPO
  17. Globally Unique ID
    128 bit number toed to GPO, GPC, and GPT
  18. Components
    • Group Policy container (GPC)
    • Group Policy Template (GPT)
    • Globally Unique ID
    • Can be applied to local computer, site, domain, or OU
    • Objects inherit GPOs but can be blocked
  19. Global Catalog
    • Index and partial replica of most frequently used objects and attributes
    • Replicated across domain global catalog servers
    • first domain controller automatically becomes a global catalog server
Card Set
Active directory