Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Logical structure of active directory

2025-01-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/03 Report--

1. Domain-the concept of a general description of the Microsoft environment

High availability of   domains: create multiple DC

two。 Subdomain

Under what circumstances does   need to create subdomains? Generally in the branch office of "independent management"

Naming of the   subdomain:. Naming of the parent domain

The prerequisite for   to create a child domain: the parent domain must provide you with the permission of the enterprise administrator group!

  A: the server that wants to be controlled by the child domain needs to join the parent domain

  B: complete the domain wizard with the permissions of the "Enterprise Admins" group!

3. Does the branch establish backup domain control or subdomain?

  headquarters and branch offices deploy domain control scenarios

  scenario 01: two independent forests-two independent architectures-are very profitable.

  scenario 02: the branch office is the backup DC of the headquarters-most

  scenario 03: the branch office is a subdomain of the headquarters-a small number

The choice of backup domain control or subdomain depends on the following factors:

  A: whether branch offices need to be managed independently-very important

  is suitable for both administrative and information management, branch offices are managed independently.

If   needs independent management-subdomains are recommended; if unified management is needed, backup domain control is used.

  B: is there a dedicated domain management team in the branch office

  if the branch has only Helpdesk and no server operation and maintenance, it is recommended to create a backup domain control!

4. Is there data synchronization between the DC of the parent domain and the DC of the child domain?

  ADSIEDIT-ADSI editor-used to edit the underlying data of the active directory database

  active Directory database has four main storage partitions: schema directory partition, configuration partition, domain directory partition, and application directory partition.

  A: domain partition-stores all the objects in the current domain

  B: configuration partition-stores configuration information for the current forest

  C: architecture Partition-the architecture that stores the objects of the current forest

  D: application directory partition-an application directory partition is created by an application and stores data related to the   order of the application, such as a DNS server. Application partitions are copied to specific domain controllers in the forest, not all   domain controllers, and application directory partitions are generally not used

  is important: if two DC are in the same domain, all three partitions are synchronized with each other

  if two DC are in the same forest but not in the same domain, only the configuration partition and the architecture partition are synchronized

5. Domain tree

After the   new number field is created, you must make a configuration, otherwise the new tree field will not work.

  must configure DNS forwarding to the new tree domain on the root domain (the first domain in the forest)!

6. Lin

If you want to pass authentication between two   forests, you must establish trust manually.

Conditions for   to establish trust:

  A: DNS analysis that two forests can forward each other

  B: forest function level must be above Windows Server 2003

7. Global catalog server or global catalog server-GC for short

  Microsoft recommends by default: all DC are global catalog servers

When   searches for active Directory objects, it does the search not in one domain, but in all the domains in the forest-GC

  DC-contains all objects in the current domain

  GC-contains all the objects of the entire forest

  when searching, select "entire directory", that is, search on GC

How do I find GC? In DNS's SRV records. As shown below:

  GC-contains all the domain objects in the forest (assuming that there are 20 domains in the forest, each domain's database 10GB)

  so: GC's DB-200GB. So the speed of the search... as one can imagine

  SO, which is optimized by Microsoft: GC contains all the objects in the forest, but only some of the properties, mainly used properties!

For example, when a multinational company wants to search for how many Chinese there are in the enterprise. Because the country attribute is not included by default in GC

Need to add the attributes of the country to the GC, how to view the properties of the country?

Open ADDS to find the user who has filled in the country value, and deduce the corresponding attribute according to the value you filled in. As shown below: * *

So how to add the corresponding attributes to the GC search? Enter the following command in the run:

Then run, type mmc, add the snap-in Active Directory framework, click Properties, and find the property you just introduced in Properties.

Then right-click, select Properties, check to copy this property to the global catalog, and click OK. As shown below:

After a while, GC will be able to search by country

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report