.: Windows Server 2003 Active Directory and Network Infrastructure

By:uCertify

Category:Home / Computers / Networks

It is a hierarchical representation of all the objects and their attributes available on the network. It enables administrators to manage the network resources, i.e., computers, users, printers, shared folders, etc., in an easy way. The logical structure represented by Active Directory consists of forests, trees, domains, organizational units, and individual objects. This structure is completely independent from the physical structure of the network, and allows administrators to manage domains according to the organizational needs without bothering about the physical network structure.



Following is the description of all logical components of the Active Directory structure:



Forest: A forest is the outermost boundary of an Active Directory structure. It is a group of multiple domain trees that share a common schema but do not form a contiguous namespace. It is created when the first Active Directory-based computer is installed on a network. There is at least one forest on a network. The first domain in a forest is called a root domain. It controls the schema and domain naming for the entire forest. It can be separately removed from the forest. Administrators can create multiple forests and then create trust relationships between specific domains in those forests, depending upon the organizational needs.



Trees: A hierarchical structure of multiple domains organized in the Active Directory forest is referred to as a tree. It consists of a root domain and several child domains. The first domain created in a tree becomes the root domain. Any domain added to the root domain becomes its child, and the root domain becomes its parent. The parent-child hierarchy continues until the terminal node is reached. All domains in a tree share a common schema, which is defined at the forest level. Depending upon the organizational needs, multiple domain trees can be included in a forest.



Domains: A domain is the basic organizational structure of a Windows Server 2003 networking model. It logically organizes the resources on a network and defines a security boundary in Active Directory. The directory may contain more than one domain, and each domain follows its own security policy and trust relationships with other domains. Almost all the organizations having a large network use domain type of networking model to enhance network security and enable administrators to efficiently manage the entire network.



Objects: Active Directory stores all network resources in the form of objects in a hierarchical structure of containers and subcontainers, thereby making them easily accessible and manageable. Each object class consists of several attributes. Whenever a new object is created for a particular class, it automatically inherits all attributes from its member class. Although the Windows Server 2003 Active Directory defines its default set of objects, administrators can modify it according to the organizational needs.



Organizational Unit (OU): It is the least abstract component of the Windows Server 2003 Active Directory. It works as a container into which resources of a domain can be placed. Its logical structure is similar to an organization's functional structure. It allows creating administrative boundaries in a domain by delegating separate administrative tasks to the administrators on the domain. Administrators can create multiple Organizational Units in the network. They can also create nesting of OUs, which means that other OUs can be created within an OU.

In a large complex network, the Active Directory service provides a single point of management for the administrators by placing all the network resources at a single place. It allows administrators to effectively delegate administrative tasks as well as facilitate fast searching of network resources. It is easily scalable, i.e., administrators can add a large number of resources to it without having additional administrative burden. It is accomplished by partitioning the directory database, distributing it across other domains, and establishing trust relationships, thereby providing users with benefits of decentralization, and at the same time, maintaining the centralized administration.



The physical network infrastructure of Active Directory is far too simple as compared to its logical structure. The physical components are domain controllers and sites.



Domain Controller: A Windows 2003 server on which Active Directory services are installed and run is called a domain controller. A domain controller locally resolves queries for information about objects in its domain. A domain can have multiple domain controllers. Each domain controller in a domain follows the multimaster model by having a complete replica of the domain's directory partition. In this model, every domain controller holds a master copy of its directory partition. Administrators can use any of the domain controllers to modify the Active Directory database. The changes performed by the administrators are automatically replicated to other domain controllers in the domain.



However, there are some operations that do not follow the multimaster model. Active Directory handles these operations and assigns them to a single domain controller to be accomplished. Such a domain controller is referred to as operations master. The operations master performs several roles, which can be forest-wide as well as domain-wide.



Forest-wide roles: There are two types of forest-wide roles:



Schema Master and Domain Naming Master. The Schema Master is responsible for maintaining the schema and distributing it to the entire forest. The Domain Naming Master is responsible for maintaining the integrity of the forest by recording additions of domains to and deletions of domains from the forest. When new domains are to be added to a forest, the Domain Naming Master role is queried. In the absence of this role, new domains cannot be added.



Domain-wide roles: There are three types of domain-wide roles: RID Master, PDC Emulator, and Infrastructure Master.



RID Master: The RID Master is one of the operations master roles that exist in each domain in a forest. It controls the sequence number for the domain controllers within a domain. It provides a unique sequence of RIDs to each domain controller in a domain. When a domain controller creates a new object, the object is assigned a unique security ID consisting of a combination of a domain SID and a RID. The domain SID is a constant ID, whereas the RID is assigned to each object by the domain controller. The domain controller receives the RIDs from the RID Master. When the domain controller has used all the RIDs provided by the RID Master, it requests the RID Master to issue more RIDs for creating additional objects within the domain. When a domain controller exhausts its pool of RIDs, and the RID Master is unavailable, any new object in the domain cannot be created.



PDC Emulator: The PDC emulator is one of the five operations master roles in Active Directory. It is used in a domain containing non-Active Directory computers. It processes the password changes from both users and computers, replicates those updates to backup domain controllers, and runs the Domain Master browser. When a domain user requests a domain controller for authentication, and the domain controller is unable to authenticate the user due to bad password, the request is forwarded to the PDC emulator. The PDC emulator then verifies the password, and if it finds the updated entry for the requested password, it authenticates the request.



Infrastructure Master: The Infrastructure Master role is one of the Operations Master roles in Active Directory. It functions at the domain level and exists in each domain in the forest. It maintains all inter-domain object references by updating references from the objects in its domain to the objects in other domains. It performs a very important role in a multiple domain environment. It compares its data with that of a Global Catalog, which always has up-to-date information about the objects of all domains. When the Infrastructure Master finds data that is obsolete, it requests the global catalog for its updated version. If the updated data is available in the global catalog, the Infrastructure Master extracts and replicates the updated data to all the other domain controllers in the domain.



Domain controllers can also be assigned the role of a Global Catalog server. A Global Catalog is a special Active Directory database that stores a full replica of the directory for its host domain and the partial replica of the directories of other domains in a forest. It is created by default on the initial domain controller in the forest. It performs the following primary functions regarding logon capabilities and queries within Active Directory:



It enables network logon by providing universal group membership information to a domain controller when a logon request is initiated.



It enables finding directory information about all the domains in an Active Directory forest.



A Global Catalog is required to log on to a network within a multidomain environment. By providing universal group membership information, it greatly improves the response time for queries. In its absence, a user will be allowed to log on only to his local domain if his user account is external to the local domain.



Site: A site is a group of domain controllers that exist on different IP subnets and are connected via a fast and reliable network connection. A network may contain multiple sites connected by a WAN link. Sites are used to control replication traffic, which may occur within a site or between sites. Replication within a site is referred to as intrasite replication, and that between sites is referred to as intersite replication. Since all domain controllers within a site are generally connected by a fast LAN connection, the intrasite replication is always in uncompressed form. Any changes made in the domain are quickly replicated to the other domain controllers. Since sites are connected to each other via a WAN connection, the intersite replication always occurs in compressed form. Therefore, it is slower than the intrasite replication.

Digg del.icio.us Blink Stumble Spurl Reddit Netscape Furl

Article keywords: Active Directory, Windows 2000, Winows 2003, Networking

Article Source: http://www.articles32.com

About the Author:

uCertify was formed in 1996 with an aim to offer high quality educational training software and services in the field of information technology to its customers. uCertify provides exam preparation solutions for the certification exams of Microsoft, CIW, CompTIA, Oracle, Sun and other leading IT vendors. To know more about uCertify, please visit www.ucertify.com/





.: New Networks Articles

1). How to Build a Cat 5 Cable
STEP 1 - Stripping Start by pulling out about 12 feet of bulk network cable to making the process a little easier. Carefully remove the outer jacket of the cable exposing about 1 1/4" of the twisted pairs. Be careful when stripping the jacket as to not nick or cut the internal wiring. After removing the outer case you will notice 8 wires twisted in pairs and a rip cord (white thread).

2). Network Security – The Real Vulnerabilities
Scenario: You work in a corporate environment in which you are, at least partially, responsible for network security. You have implemented a firewall, virus and spyware protection, and your computers are all up to date with patches and security fixes. You sit there and think about the lovely job you have done to make sure that you will not be hacked.

3). Small Business Networking: Suggesting Dedicated Servers to Clients
PC-based servers and LANs may be relatively mature technologies. However, small businesses need your firm’s expertise, more than ever. For these businesses, you'll need to select, configure, customize, secure and maintain the right small business networking tools for their unique needs. Real Small Business Networking Solutions Begin with Real Servers How.

4). Network Cabling: Available Options
As their IT consultant, your small business prospects and clients will need you to explain the different network cabling options available to them. Traditional Wired Ethernet (Category 5) Until very recently, Category 5 data cabling was the de facto standard for both enterprise and small business LANs. Today, you’ll find some enhancements available to Category 5 cabling, as well as booming interest in wireless Ethernet solutions.

5). Recognize And Understand Home Networking Components
If you have not decided already,you will soon want to network your two or more computers in your home. You want to be armed to the teach with knowledge of just what it takes to connect your computers to one another. You first should decide which network is best your you. If your computers are in the same room,the Wireless network should not be considered.

6). The Simplest Way to Get Online Passive Income
Based on my research, this seems to be the basic principle that website owners have been following to get passive income online: * Get many people to come to your website * Get them to click on your Adsense links Sounds simple enough. Get people into your website from Google search, then link out to an Adsense Ad. Search In – Adsense Out. Practically applying it to get sufficient commendable income, however, can be quite a challenge.

7). What is search engine gateway?
Navino launched its search engine gateway service recently. For most of the Internet surfers, search engine gateway is a pretty new concept compared with meta search engine or multi search engine. Put it in simple, it is a web service, which can let you search the best information from the best content providers in one website. When we try to find information everyday, most of us might go to Google.


.: Top Networks Articles

1). Computer Networking Fundamentals
Computer network is an integral part of our daily lives, with the most important reason being that of communication.

2). Router - Denial Of Service Attacks
Routers are not perfect. For that matter, nothing is. So if somebody wants to give a router more than it can handle there is a way to do this. We're going to take a look at what are called denial of service attacks. A router can only handle so much information coming into it at one time. Every machine has its limits and routers are no exceptions. Well, when the nasty trend of denial of service attacks started early this century, routers were unprepared for them.

3). Ethernet - explained
Do you use Ethernet? You might think that you don’t, but don’t be so sure. Ethernet is everywhere – if you use a networked computer, whether it’s at home or in your office, you’re using Ethernet. Ethernet is two things: a kind of cable for connecting computers together, and the method of communication that the computers use over the cables. Essentially, it is the glue that holds LANs (local area networks) together.

4). Building a Cat 5 Cable
This will show you step by step how to build an ethernet, Cat 5, or Cat 6 Cable.

5). Finding Your MAC Address On Wired And Wireless Network Cards
The Answer To The Media Access Control Question ---------------------------- Over the past few weeks I have received quite a few e-mails about Ethernet cards, both wired and wireless, and more specifically, about Media Access Control (MAC) addresses. I think the main reason I’ve received so many questions about Ethernet cards and MAC addresses is people trying to secure their home wireless networks and their desire to use MAC address filtering.

6). There’s no mystery in the IP address!
The Computer is a very complicated device we use for our every day comfort and the importance of some of its numerical aspects is sometimes neglected. For example: a different number is given to each computer when its user goes online or when it is part of a network. This number is the IP address and knowing about it is like knowing where you live… What’s my IP and what do its numbers stand for? IP stands for Internet Protocol and the address is formed from 4 numbers separated by periods.

7). Recognize And Understand Home Networking Components
If you have not decided already,you will soon want to network your two or more computers in your home. You want to be armed to the teach with knowledge of just what it takes to connect your computers to one another. You first should decide which network is best your you. If your computers are in the same room,the Wireless network should not be considered.

.: Main Menu


Home
Top Articles
Top Authors
Submit Articles
Bookmark
Contact Us

.: Article Categories

Accounting
Beauty
Business
Career
Cars and Trucks
Computers
  ·  Computer Certification
  ·  Data Recovery
  ·  Databases
  ·  E-Learning
  ·  Hardware
  ·  Information Technology
  ·  Intra-net
  ·  Networks
  ·  Operating Systems
  ·  Programming
  ·  Security
  ·  Software
Culture and Society
Ecology
Environment
Family
Finance
Fitness
Food and Drink
Free Tools and Resources
Health
Hobbies
Home
Humor
Inspirational/Motivational
Internet
Internet Marketing
Legal
Marketing
Music
Others
Personal Development
Pets and Animals
Politics
Psychology
Publishing
Recreation and Leisure
Relationships
Religion and Spirituality
Science
Speaking
Technology
Writing

Page loaded in 0.236 seconds.