Scribd Upload a Document

Search boo

Search Documents

Explore

Documents

Books - Fiction Books - Non-fiction Health & Medicine Brochures/Catalogs Government Docs How-To Guides/Manuals Magazines/Newspapers Recipes/Menus School Work + all categories Featured Recent

People

Authors Students Researchers Publishers Government & Nonprofits Businesses Musicians Artists & Designers Teachers + all categories Most Followed Popular Sign Up | Log In

inShare0

Embed Doc Copy Link Readcast

Collections 9 CommentsGo Back

Download

ACTIVE DIRECTORY DNS FSMO GROUP POLICYWhat Is Active Directory?

Active Directory consists of a series of components that constitute both its logicalstructure and its physical structure. It provides a way for

organizations to centrallymanage and store their user objects, computer objects, group membership, anddefine security boundaries in a

logical database structure. Purpose of Active Directory Active Directory stores information about users, computers, and

network resourcesand makes the resources accessible to users and applications. It provides aconsistent way to

name, describe, locate, access, manage, and secure informationabout these resources Functions of Active Directory

Active Directory provides the following functions:

Centralizes control of network resources

By centralizing control of resources such as servers, shared files, and printers,only authorized users can access

resources in Active Directory.

Centralizes and decentralizes resource management Administrators have Centralized

Administration with the ability to delegateadministra tion of subsets of the network to a limited number of individuals givingthem greater

granularity in resource management.

Store objects securely in a logical structure Active Directory stores all of the

resources as objects in a secure, hierarchicallogical structure.

Optimizes network traffic The physical structure of Active

Directory enables you to use network bandwidthmore efficiently. For example, it ensures that, when users log on to the network,the

authentication authority that is nearest to the user, authenticates themreducing the amount of network traffic.

Sites within Active Directory Sites are defined as groups of wellconnected computers. When you establish sites, domaincontrollers

within a single site communicate frequently. This communication minimizes thelatency within the site; that is, the time required for a

change that is made on one domaincontroller to be replicated to other domain controllers. You create sites to optimize the use

of bandwidth between domain controllers that are in different locations

Operations Master Roles

When a change is made to a domain, the change is replicated across all of thedomain controllers in the domain. Some changes, such as

those made to the schema,are replicated across all of the domains in the forest. This replication is called

multimaster replication .During multimaster replication, a replication conflict can occur if originating

updatesare performed concurrently on the same object attribute on two domain controllers. Toavoid

replication conflicts, Active Directory uses single master replication , whichdesignates one domain controller as the

only domain controller on which certaindirectory changes can be made. This way, changes cannot occur at different

places inthe network at the same time. Active Directory uses single master replication for important changes, such as

the addition of a new domain or a change to the forest-wide schema.Operation s that use singlemaster replication are arranged

together in specific roles ina forest or domain. These roles are called operations master roles . For eachoperations

master role, only the domain controller that holds that role can make theassociated directory changes. The domain

controller that is responsible for a particular role is called an operations master for that role. Active Directory stores

informationabout which domain controller holds a specific role. Forest-wide Roles Forest-wide roles are unique to a

forest, forest-wide roles are:

Schema master Controls all updates to the schema. The schema contains the master list of

objectclasses and attributes that are used to create all Active Directory objects, such asusers, computers, and printers.

Domain naming master Controls the addition or removal of domains in the forest. When you add a newdomain to the forest, only

the domain controller that holds the domain namingmaster role can add the new domain.There is only one schema master and one

domain naming master in the entire forest. Domain-wide Roles Domain-wide roles are unique to each domain in a

forest, the domainwide roles are:

Primary domain controller emulator (PDC) Acts as a Windows NT PDC to support

any backup domain controllers (BDCs)running Microsoft Windows NT within a mixedmode domain. This type

of domain has domain controllers that run Windows NT 4.0. The PDC emulator is thefirst domain controller that you create in a new domain.
2

Relative identifier master (RID) When a new object is created, the domain controller creates a new

securityprincipal that represents the object and assigns the object a unique securityidentifier (SID). This SID consists of a domain SID,

which is the same for allsecurity principals created in the domain, and a RID, which is unique for eachsecurity principal created

in the domain. The RID master allocates blocks of RIDsto each domain controller in the domain. The domain controller then assigns aRID

to objects that are created from its allocated block of RIDs.

Infrastructure master when objects are moved from one

domain to another, the infrastructure master updates object references in its domain that point to the object in the other domain. The

object reference contains the objects globally unique identifier (GUID), distinguished name, and a SID. Active Directory

periodically updates thedistinguished name and the SID on the object reference to reflect changes madeto the actual object,

such as moves within and between domains and the deletionof the object. The global catalog contains:

The attributes that are most frequently used in queries, such as a users firstname, last name, and logon name.

The information that is necessary to determine the location of any object in thedirectory.

The access permissions for

each object and attribute that is stored in the globalcatalog. If you search for an object that you do not have the appropriatepermis

sions to view, the object will not appear in the search results. Accesspermissions ensure that users can find only objects to which

they have beenassigned access.A global catalog server is a domain controller that, in addition to its full, writabledomain

directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest. Taking a user

object as an example, it wouldby default have many different attributes such as first name, last name, phonenumber, and

many more. The GC will by default only store the most common of thoseattributes that would be used in search operations (such as a users

first and lastnames, or login name, for example). The partial attributes that it has for that objectwould be enough to allow a

search for that object to be able to locate the full replica of the object in active directory. This allows searches done against a

local GC, andreduces network traffic over the WAN in an attempt to locate objects somewhere elsein the

network.Domain Controllers always contain the full attribute list for objects belonging to their domain. If the Domain Controller is also a

GC, it will also contain a partial replica of objects from all other domains in the forest.Active Directory uses DNS as the name

resolution service to identify domains anddomain host computers during processes such as logging on to the network.
3

ypes of Zones
of 48

Leave a Comment
ebb99ec3a5eaa4 json

You must be logged in to leave a comment. Submit Characters: 400

Upender Kumar Its goods for learn reply1 day ago

Aniruddha Mohanty Really Fantastic and usefull.. reply03 / 22 / 2012

Mandar Jadhav Nice Doc Microsoft Internals reply02 / 21 / 2012

Shafeek Ahamed how to download reply07 / 06 / 2011

Hemanth Kumar Awesome document ..Nice Collection . Thanks a lot !!! reply02 / 23 / 2011 shashi0905 Really good one reply04 / 26 / 2010 sarathiuma Thanks Bro reply03 / 30 / 2010 ganesank123 It is very usefull for me. Thanks and Regards, K.Ganesan +919941606691 reply04 / 21 / 2009 Show More
ebb99ec3a5eaa4 json

You must be logged in to leave a comment. Submit Characters: ...

Interview Based Question AD DNS FSMO GPO

Flag document for inapproriate content Uploaded by Sujit.S Follow Download

Embed Doc Copy Link Add To Collection Comments Readcast Share

Share on Scribd: Readcast

Search TIP Press Ctrl-FF to quickly search anywhere in the document. Search Search History: Searching... Result 00 of 00 00 results for result for p. More from This User Related Documents

More From This User

48 p. Interview Based Question AD DNS FSMO GPO Interview_based_question_AD_DNS_FSMO_GPO

37 p. 070-271-s Troubleshooting windows xp

182 p. 70-296-s Troubleshooting desktop application Next

Send me the Scribd Newsletter, and occasional account related communications. Upload a Document
Search boo

Search Documents

Follow Us! scribd.com/scribd twitter.com/scribd facebook.com/scribd About Press Blog Partners Scribd 101 Web Stuff Support FAQ Developers / API Jobs Terms

Copyright Privacy

Copyright 2012 Scribd Inc. Language: English