Active Directory Introduction and Installation (1)

(1) Directory Service

The directory is a database that stores information about network resources, including the location and management of resources.

The directory service is a network service that manages all physical resources (such as computers, users, printers, files, applications, etc.) in the management network and provides naming, description, lookup, access, and protection. A consistent approach to these entity information that enables all users and applications on the network to access these resources.

(2) Active Directory

Active Directory is a fully implemented directory service for Windows 2000. It is also the basic structural model of the Windows 2000 network architecture and the core of the Windows 2000 network operating system. The pillar is also the central management agency.
Microsoft's Active Directory in Windows 2000 is a comprehensive directory service management solution, and an enterprise-level directory service with good scalability. Active Directory uses the standard protocol of the Internet, which is tightly integrated with the operating system. Active Directory not only manages basic network resources, such as computer objects, user accounts, printers, etc. It also takes into account the business needs of modern applications, providing a basic management object model for these applications, such as user account objects with office phones, Mobile phone, pager, address, boss, subordinate, email and other attributes. Almost all applications can directly utilize the directory service structure provided by the system, and Active Directory also has good scalability, allowing applications to customize the properties of objects in the directory or add new object types.

(3) Use of Active Directory

(4) Logical Structure of Active Directory

The logical structure of Active Directory is very flexible, it provides a complete tree for Active Directory. The hierarchical structure view, the logical structure has a direct relationship with the namespace we discussed earlier. The logical structure provides great convenience for users and administrators to find and locate objects. The logical units in the Active Directory include: domain, Organizational Unit (OU), domain tree, and domain forest.

1. Domain

Domain is the logical organization unit of the Windows network system and the logical organization unit of the Internet. In Windows 2000, the domain is a security boundary. A domain administrator can only manage the internals of a domain, and unless other domains explicitly grant him administrative rights, he can access or manage other domains. Each domain has its own security policy and its security trust relationship with other domains.

2, OU (Organizational Unit)

OU is a container object, we can organize objects in the domain into logical groups, so OU is purely a logical concept, it can help us simplify Management work. An OU can contain various objects, such as user accounts, user groups, computers, printers, and even other OUs. So we can use the OU to form a completely logical hierarchy of objects in the domain. For an enterprise, we can form all the users and devices into an OU hierarchy by department, or form a hierarchical structure by geographic location. You can also divide multiple OU hierarchies by function and permissions. Because the OU hierarchy is limited to the interior of the domain, the OU hierarchy in one domain is completely independent of the OU hierarchy in another domain.

3, Tree

When multiple domains are connected by trust relationship, all domains share a common schema, configuration, and global catalog to form a domain. tree. A domain tree consists of multiple domains that share the same table structure and configuration to form a contiguous namespace. The domains in the tree are connected by trust relationships. Active Directory contains one or more domain trees.

4, Forest

Domain forest refers to one or more domain trees that do not form a continuous namespace. All domain trees in a domain forest share the same table structure, configuration, and global catalog. All domain trees in the domain forest are established through Kerberos trust relationships, so each domain tree knows the Kerberos trust relationship, and different domain trees can cross-reference objects in other domain trees.

(5) Others

1, Domain Controller

A domain controller is a server running Windows 2000 Server version, which stores Active Directory information. s copy. Domain controllers manage changes to directory information and replicate these changes to other domain controllers in the same domain. The domain controller is also responsible for the user's login process, as well as other domain-related operations such as identity authentication, directory information lookup, and so on.
A domain can have multiple domain controllers. A smaller domain can only require two domain controllers, one for actual use and one for fault tolerance checking; a larger domain can use multiple domain controllers.
The domain structure of Windows 2000 is different from the domain structure of Windows NT 4. The domain controllers in Active Directory have no primary and secondary points. Active Directory uses a multi-master replication scheme. Each domain controller has one. A copy of the directory that was written. At some point, the directory information in different domain controllers may be different. Once all domain controllers in the Active Directory perform synchronization operations, the latest change information will be consistent.

2, Active Directory and DNS

Active Directory uses the Domain Name Service DNS as its location service, and also extends the standard DNS. The biggest advantage of using DNS in Active Directory is that we can make the Windows 2000 domain and the domain on the Internet unified, that is, the Windows domain name is also the DNS domain name.

3, Active Directory naming convention

(1) Distinguished name (DN)

Each object in the Active Directory will have a unique distinguished name DN. The DN consists of a domain name and an object name:
DC=com/DC=contoso/OU=Users/OU=Teacher/CN=James Smith Represents the user object James Smith in the Teacher cell in the Users organizational unit in the contoso.com domain in.

(2) User Principal Name : It consists of the user login name and domain name, such as [email protected]

4, domain running mode

(1) Mixed mode. The mixed mode domain can have either a Windows 2000 domain controller or a Windows NT 4 domain controller. This is a transitional model that allows us to incrementally upgrade existing systems. However, in mixed mode, some features in Active Directory do not work well.
(2) Quasi-mode. The standard mode of Active Directory requires that all domain controllers must be running Windows 2000. Only at this time, all the functions and features of Active Directory can be fully reflected.