Shulou(Shulou.com)05/31 Report--

Active Directory directory service refers to what, I believe that many inexperienced people do not know what to do, so this article summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Active Directory provides a centralized method to organize, manage and control access to network resources. It is a directory service for Windows Standard Server, Windows Enterprise Server and Windows Datacenter Server.

1.Active Directory naming convention:

Distinguished Name: DC=com,DC=contoso,CN=Users,CN=James Smith indicates that the user object James Smith is in the contoso.com domain

Relative Distinguished Name: part of Distinguished Name

User Principal Name: consists of user login name and domain name, such as JamesS@contoso.com

GUID: every object in Active Directory has a * GUID

The logical structure of 2.Active Directory:

Domain: security boundaries, each domain has its own security policy Active Directory replication units are Mixed Mode and Native Mode (domain controllers are Win2000)

B Organizational Units: a container for storing objects, such as user accounts, groups, computers, etc., that can hold objects and other OU can create OU according to geographical or logical needs

Tree: share contiguous namespaces that administrators can manage in any domain in the tree

Forest: a group of trees form a forest, but do not share a contiguous namespace Trust

Relationship: supports one-way, non-transitive, and two-way, transitive trust relationships two-way trust is the default in Win2000

The physical structure of 3.Active Directory:

Site: one or more IP subnets with high-speed connections form a topology that allows Site Site to configure directory access and replication to create Site to optimize replication traffic and allow users better access to domain controllers

Domain Controller: Active Directory uses a multi-master replication model, there is no primary domain controller, and domain controllers replicate directory data to each other

Global Catalog: contains a subset of object attributes in Active Directory, and the most frequently accessed attributes are stored in Global Catalog

4.Active Directory replication components:

Knowledge Consistency Checker (KCC): Active Directory automatically configures replication connections between domain controllers through KCC KCC is a built-in process for domain controllers that creates connections to maintain the integrity of the replication topology

Server Object: when you create a domain controller, a Server Object is automatically created, which is different from the Computer Object of the domain controller, although both point to the same computer. Server Object is mainly used for domain controller replication and site management. Server Object is a child of Site Object. The Site Object should contain the subnet where the domain controller is located.

NTDS Setting Object: a container containing Connection Object objects

Connection Object: an one-way connection replicated between two Server Object can be created automatically by KCC or manually by an administrator

5. Replicate within one site:

When the object of the domain controller changes, a Change notification process is generated and a message is sent to the replication partner after 5 minutes by default. And replication traffic is uncompressed. Replication uses the protocol RPC over IP (remote procedure call)-provides high-speed, consistent connectivity.

6. Replicate between multiple sites:

Configure through schedule, interval and so on. For example, schedule decides when to start replication, while interval decides how long the interval domain controller checks to see if changes occur. Moreover, replication traffic is compressed, with a compression ratio of about 10% 15%. The protocol for replication is RPC over IP or SMTP, but SMTP can only be used for replication between domain controllers in different domains, and in most cases, RPC over IP.

7. Connect multiple Sites:

Additional objects are required-Site links and Site link bridges

Site Links--- represents an object connected between two Site. DefaultIPSiteLink is created by default. You can specify some Value for Site link:

Cost--- reflects the bandwidth of the connection. Values range from 1 to 32767. The higher the value, the fuller the connection speed, which is 100 by default. In addition, the choice of Cost should be guaranteed to be proportional.

The interval between Interval--- replication.

Schedule--- defines when it can be copied, by default, for any period of time.

Site Link Bridges--- represents a set of Site Links that uses the same replication protocol. By default, all Site Links with the same replication protocol belong to a Site Link Bridge and do not need to be manually configured in a fully routed network.

After reading the above, have you mastered what the directory service of Active Directory refers to? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.