Shulou(Shulou.com)06/03 Report--

Windows_learn 001 Domain (AD)

Content overview

Logical structure of active directory

Domain

Container Container and organizational Unit

Global catalog GC (global cataloge)

The physical structure of the active directory

Directory partition

Active Directory Management plug-ins and tools

Preparation before creating an AD DS domain

How to create a Windows 2008 domain

Install active Directory process

Personal learning perception

Logical structure of active directory

Domain

Organizational unit

Domain Catalog Tree and Forest

Global catalogue

Domain

Safety boundary

The function of the security boundary is to ensure that the manager of the domain can only have the necessary administrative authority in that domain, unless the manager gets other domains.

Explicit authorization of

Copy unit

In a domain, the computer that is the domain controller contains a copy of the active directory. In a particular domain, all domain controls can

Get the change information of the active directory and copy the change information to other domain controllers in the domain.

Container Container and organizational Unit

Using OU, you can organize objects into a logical structure that best suits your organization's needs.

Administrative control can be delegated to objects in the OU. To delegate administrative control, you must specify the objects contained in the OU and OU

Permissions are assigned to one or more users and groups.

Directory trees and forests

Two-way transferable trust, trust relationship can be established between trees, resources can be shared between trees, etc.

Global catalog GC (global cataloge)

Partial properties of all objects (index)

Functions of the Global Catalog

Find information anywhere in the forest, no matter where the data is

Determine the membership of the user's common group when the user logs in to the network

When a user logs in to the network using the login group master, the global catalog server is used to determine the domain in which the user is located

The physical structure of the active directory

Domain Controller (Domain Controllers) physical device

Participate in replication of the active directory

Single host replication mode

Multi-host replication mode

Site Sites

Optimize replication traffic

Enables users to log in to the domain controller using a reliable, high-speed connection

Directory partition

Schema directory partition

It stores the definition data of all objects and attributes in the whole forest, as well as the rules of how to create new objects and attributes.

Configure directory partition

Stores the structure of the entire AD DS (Active Directory Domain Server)

Domain directory partition

Objects related to the domain are stored

Application directory partition

Is created by an application that stores data related to the application

Active Directory Management plug-ins and tools

Management plug-in

Active Directory users and computers

Active Directory domain and trust relationship

Active Directory sites and services

Active Directory architecture

The method of managing Windows2008 network

Using active Directory to implement centralized Management

Centralized management of access resources and rights management for domain users

Manage user environment

Manage the permissions of domain users, limiting their scope and accessible domain resources

Delegate administrative control

Assign permissions to a user to manage specific user groups or users in the domain

New features of Windows 2008 domain controller

Read-only domain controller (RODC)

Restartable active Directory Domain Service (ADDS)

How to delete a domain

Enter dcpromo in the start run

Preparation before creating an AD DS domain

The computer is running Windows 2008 standerd Server

Windows 2008 Enterprise Server, or Windows 2008 Datacenter Server

Disk 200MB is required for active directory partitions, and 50MB is required for log files.

Format partitions or volumes with NTFS, which is required for (SYSVOL) folders

Configure DNS and TCP/IP

If you create a domain on an existing network, you must have the appropriate permissions

How to create a Windows 2008 domain

Add ADDS role

Run dcpromo

Install active Directory process

Enable kerberos v5.0 authentication protocol

Set local security policy: use the default domain controller security template

Configure local security

Create a directory partition

Create active directory database files and log files

Create the root domain of the forest

Create a shared system volume folder

Shared sysvol folder

Network login shared folder

Configure domain controller membership at the appropriate site

Install DC using application files

This file is the configuration file that was exported when the first DC was installed, that is, when you need to install another DC, modify this configuration file

The automatic installation of DC can be realized without the need for human-computer interactive installation of DC. Simplify the installation process.

Default structure of the active directory (Active Directory Users and computers)

Builtin (windows 2008 default security group)

Computers (location of the default computer account)

Domain Controllers (default domain controller computer account)

ForeignSecurityPrincipals (security identifier of an external trust domain)

LostAndFound (where orphaned objects are saved)

System (save system settings)

Users (default location for user and group accounts)

Verify the installation of the active Directory (Verifying the Active Directory Installation)

Verify SRV resource records (queried in DNS)

Verify that the SYSVOL has been successfully created and shared normally

Verify that the active directory database and log files have been created successfully

Check the log file to see if there are any errors during installation

Upgrade the functional level of forests and domains

Upgrade the functional level of forest

Active Directory domain and trust relationship

Upgrade the functional level of the domain (note that the forest must be promoted before the domain can be promoted)

Active Directory users and computers

Add secondary DC and RODC

Method 1

Run the dcpromo upgrade on the secondary DC

Method 2

Make installation media on a writable DC

You can also use an answer file to run dcpromo / adv on a secondary DC for unattended installation

Personal learning perception

I'm sorry, everyone, but due to the need of the job now, I need to learn the knowledge of Windows server for a while, so the work is complete.

When hold lived, I continued to study Linux. Personally, I felt that the open source of Linux was really very powerful, . After learning from me,

I feel that I am personally "open source" , you know

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.