![]() ![]() Through delegation, owners can transfer full or limited authority over objects to other users or OUs simplify the delegation of authority to facilitate the management of large numbers of objects.User identity, authentication, and trust relationships. An AD DS domain also supports a number of other core functions that are related to administration, including network-wide This makes it possible for AD DS to scale globally over a network that has limited available bandwidth. Additional domains can be created in the forest to provide partitioning of AD DS data, which enables organizations to replicateĭata only where it is needed.By default, a forest contains a single domain, which is known as the forest root domain. The forest acts as a security boundary for an organization and defines the scope of authority for administrators.Organizing network elements into a hierarchical containment structure provides the following benefits: A server that is running AD DS is called a In the forest, and organizational units (OUs) in each domain. The hierarchical containment structure includes the AD DS forest, domains Administrators can use AD DS to organize elements of a network, such as users, computers,Īnd other devices, into a hierarchical containment structure. However, it also benefits users because the user principal name will stay the same even if administrators move or rename the underlying user account.ĪD DS provides a distributed database that stores and manages information about network resources and application-specific data from directory-enabled applications. Obviously, this helps the users by saving them the trouble of typing their distinguished In other words, user principal names will replace the user names used in older Windows networks. An administrator could create a user principal name within the domain to allow simpler access to my user account and hold a place for my e-mail address, like will rely on their user principal name to log onto their computers. In Figure 11-9, Tony Northrup is a user of ![]() People have grown accustomed to e-mail addresses, so AD DS provides these addresses as a shortcut to the full object name. User Principal Nameĭistinguished names are great for computers but too cumbersome for people to remember. The context must be known already for the relative distinguished name to be an effective identifier. Previous example is CN=Tony Northrup, identifying the user name but not the context in which it resides. To simplify distinguished names, relative distinguished names can also be used. The DC stands for Domain Component, which identifies a DNS domain.ĭistinguished names describe the location of an object in a tree. For example, COM, Microsoft, and MSPress are each preceded by Each container is separated by a slash and an identifier. The distinguished name I gave starts to make some sense-it identifies each container from the very top down to my specific object. Consider the following figure, which shows how I fit into a sample AD DS My distinguished name is /O=Internet/DC=COM/DC=Microsoft/ DC=MSPress/CN=Users/CN=Tony Northrup. It is very important to understand the structure ofĭistinguished names, as you will be referring to them often in the course of your job. ![]() LDAP version 2 and version 3 are used in AD DS. It defines how clients and servers exchange information about a directory. The Lightweight Directory Access Protocol ( LDAP) is a product of the Lightweight Directory Access Protocol (LDAP)ĪD DS reflects Microsoft's trend toward relying on standard protocols. Not all objects are as similar toĮach other as those stored in the phone book, so AD DS includes the ability to record different types of information about different objects. AD DS will store information about organizations, sites, computers, users, shares, and just about any other network object that you can imagine. Phone books typically record names, addresses, and phone numbers.ĪD DS is similar to a phone book in several ways, and it is far more flexible. A phone book is a type of directory that stores information about people, businesses, and government organizations. ![]() For more information about planning, deploying, and operating the AD DS server role, see Active Directory Domain Services ( ).Ī directory, in the most generic sense, is a comprehensive listing of objects. In the following sections, learn more about AD DS, features in AD DS, and software and hardware considerations. By using the Active Directory® Domain Services (AD DS) server role, you can create a scalable, secure, and manageable infrastructure for user and resource management, and you can provide support for directory-enabled applications, such as Microsoft® Exchange Server. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |