This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
InÂ this workÂ I will focusÂ onÂ services,Â ActiveÂ Directory DomainÂ ServicesÂ (ADÂ DS) in WindowsÂ Server 2008,Â which includeÂ severalÂ enhancementsÂ andÂ newÂ features comparedÂ to Windows ServerÂ 2003.
WhatÂ isÂ Active Directory?Â
ActiveÂ Directory (AD)Â isÂ aÂ directory service,Â which makes it possibleÂ to manageÂ your domain. AD is a serviceÂ thatÂ significantlyÂ improves the dailyÂ work ofÂ network administration.Â
AD allows youÂ from one placeÂ -Â the serverÂ (calledÂ a Domain Controller) for configuration ofÂ computers,Â users,Â printers,Â deployment, and many others.
ActiveÂ Directory DomainÂ Services
New featuresÂ inÂ ActiveÂ Directory DomainÂ ServicesÂ Windows Server 2008:
Active Directory Domain Services - Read-Only Domain Controllers
Active Directory Domain Services - Restartable Active Directory Domain Services
Active Directory Domain Services - Fine-Grained Password Policies
OldÂ andÂ newÂ changesÂ made â€‹â€‹on theÂ objectsÂ attributes canÂ be recordedÂ asÂ log.
A new feature inÂ WindowsÂ ServerÂ 2008 ADÂ DSÂ is theÂ ability to defineÂ with Fine GrainedÂ Password PolicyÂ and Account lockout for differentÂ users on the same domain.
Fine-GrainedÂ PasswordÂ PoliciesÂ allowÂ theÂ following settings:
EnforceÂ passwordÂ historyÂ
MaximumÂ passwordÂ ageÂ
MinimumÂ passwordÂ ageÂ
MinimumÂ passwordÂ lengthÂ
PasswordsÂ mustÂ meetÂ complexityÂ RequirementsÂ
StoreÂ passwordsÂ usingÂ reversibleÂ encryption
AccountÂ lockoutÂ durationÂ
AccountÂ lockoutÂ thresholdÂ
ResetÂ accountÂ lockoutÂ afterÂ
Fine-GrainedÂ PasswordÂ PoliciesÂ can beÂ appliedÂ to objectsÂ "user"Â andÂ "globalÂ security groups. "Â It is notÂ possible for them toÂ applyÂ for theÂ units.
ToÂ useÂ the Fine-GrainedÂ PasswordÂ Policies,Â the domainÂ functionalÂ levelÂ must be set toÂ Windows Server 2008.
Read-Only Domain Controller
RODCÂ holdsÂ read-onlyÂ copy ofÂ Active Directory databaseÂ withÂ all objects andÂ attributes.
ActiveÂ DirectoryÂ Read-Only DomainÂ Controller (RODC)Â is aÂ newÂ type ofÂ domain controller in Windows Server 2008.Â
WithÂ an RODC, organizations canÂ easilyÂ deployÂ a domain controller forÂ locations whereÂ physicalÂ securityÂ cannot beÂ guaranteed.
PrincipalÂ purposeÂ isÂ to improveÂ safetyÂ RODCÂ in branchÂ offices.Â TheÂ branchÂ officeÂ is difficultÂ to ensure the safetyÂ requiredÂ forÂ the IT infrastructure,Â especially for domain controllersÂ that containÂ confidential data.
Domain ControllersÂ areÂ oftenÂ hiddenÂ in the office.Â IfÂ someoneÂ has physicalÂ access toÂ Domain Controller,Â itÂ will not beÂ hardÂ to manipulateÂ the systemÂ andÂ get to theÂ data.Â RODC solves theseÂ problems.
FundamentalÂ elements of theÂ RODCÂ is:
Read-Only DomainÂ Controller
AdministrativeÂ RoleÂ Separation
Restartable Active Directory Domain Services
InÂ WindowsÂ ServerÂ 2008Â ActiveÂ Directory DomainÂ ServicesÂ (ADÂ DS),Â you canÂ now stopÂ andÂ restart.Â ThisÂ meansÂ thatÂ you canÂ stopÂ ADÂ DSÂ when performingÂ manualÂ tasks, andÂ as in previousÂ versions of Windows ServerÂ requiredÂ you to restartÂ the system in DirectoryÂ ServicesÂ RestoreÂ ModeÂ (DSRM).Â ItÂ is aÂ greatÂ featureÂ for scriptingÂ and automatingÂ these tasks.
PossibleÂ states ofÂ ADÂ DS:
ADÂ DSÂ -Â started
ADÂ DSÂ -Â stoppedÂ
ADÂ DSÂ RestoreÂ ModeÂ (DSRM)
Database Mounting Tool
ADÂ DatabaseÂ MountingÂ ToolÂ allows youÂ to useÂ the Active DirectoryÂ snapshot,Â mount it inÂ read-only mode.
InÂ Active DirectoryÂ resourcesÂ areÂ organizedÂ inÂ a logicalÂ structureÂ -Â the structure reflects theÂ organizational modelÂ -Â using:Â
Organizational Units (OU),Â
Logical grouping ofÂ resources,Â it is easy toÂ searchÂ usingÂ theÂ name,Â not rememberingÂ their physicalÂ location.Â
The relationship of Active Directory domains, OUs, trees, and forests
DomainÂ isÂ oneÂ ofÂ the majorÂ units ofÂ the logical structureÂ in ActiveÂ Directory.Â Domain allows youÂ toÂ storeÂ objects.
ObjectsÂ storedÂ in theÂ domainÂ are thoseÂ thatÂ we considerÂ necessaryÂ in ourÂ network. ObjectsÂ areÂ itemsÂ that supportÂ functioning ofÂ the organization:Â
AllÂ facilitiesÂ areÂ within the domain,Â andÂ eachÂ domainÂ storesÂ informationÂ onlyÂ about the objectsÂ it contains.
ActiveÂ DirectoryÂ consists ofÂ oneÂ or moreÂ domains.Â DomainÂ canÂ be extendedÂ toÂ more thanÂ oneÂ physicalÂ location.
OrganizationÂ UnitÂ (OU)
OrganizationÂ UnitÂ is a componentÂ usedÂ toÂ organizeÂ the objectsÂ inÂ the domainÂ of logicalÂ administrativeÂ group.
OUÂ isÂ helpfulÂ in performingÂ everydayÂ administrativeÂ tasks,Â such asÂ administeringÂ user accounts.
OUÂ is theÂ smallestÂ area toÂ whichÂ we canÂ assignÂ the administrativeÂ authority.
OUÂ canÂ containÂ user accounts, groups, computer accounts,Â printers,Â applications, sharedÂ files,Â and other organizational unitsÂ within the sameÂ domain.
OUÂ hierarchy,Â which we'll useÂ theÂ domainÂ hierarchyÂ is independent ofÂ theÂ OUÂ in anotherÂ domainÂ -Â eachÂ domainÂ canÂ have itsÂ own independentÂ hierarchiesÂ OU.
Active DirectoryÂ AdministratorÂ is responsibleÂ for creatingÂ a hierarchy corresponding to theÂ need forÂ the company.
TreeÂ is called theÂ groupingÂ orÂ hierarchicalÂ arrangement ofÂ oneÂ or moreÂ domainsÂ that we getÂ by addingÂ oneÂ orÂ moreÂ sub-domainsÂ (ChildÂ Domain) toÂ an existingÂ parent domain.
DomainsÂ inÂ the hierarchicalÂ treeÂ structure areÂ divided intoÂ naming.
In accordanceÂ with theÂ standards ofÂ the DNSÂ DomainÂ nameÂ refers toÂ the child domain toÂ parent domainÂ name.Â
For example,Â forÂ the parent domainÂ piotr.comÂ child domains are:Â
In addition,Â a child domainÂ forÂ a domain:Â office.piotr.com can be:
ThroughÂ the use ofÂ treesÂ canÂ be safeÂ andÂ assignÂ the administration ofÂ individual organizational units andÂ individualÂ domainsÂ to differentÂ administrators.
The tree structureÂ can beÂ easilyÂ changedÂ toÂ meetÂ business needs.
The personÂ responsibleÂ for creating theÂ structureÂ meets theÂ company's foundationÂ is an administrator.
ForestÂ is aÂ group orÂ hierarchicalÂ arrangement ofÂ oneÂ or moreÂ completely independentÂ domainÂ trees.Â ForestÂ hasÂ theÂ following characteristics:
AllÂ domainsÂ in aÂ forestÂ share aÂ commonÂ schema
AllÂ domainsÂ in aÂ forestÂ share aÂ commonÂ globalÂ directory
TreesÂ in theÂ forestÂ have aÂ differentÂ naming structure,Â in accordanceÂ with the domain
The domains inÂ the forestÂ workÂ independently,Â but allowÂ the forestÂ inÂ the area ofÂ â€‹â€‹communicationÂ throughoutÂ the organization
AllÂ domainsÂ in theÂ forestÂ areÂ connected
Recommendations for the administration of Active Directory Windows Server 2008
The mainÂ requirementsÂ onÂ the server sideÂ andÂ client:
ServerÂ -Â runningÂ WindowsÂ ServerÂ 2008 / 2008Â R2,Â whichÂ will assume theÂ role domain controller
ClientÂ -Â WindowsÂ XPÂ /Â Vista /Â 7Â to the minimumÂ orÂ BusinessÂ Professional. Important:Â SystemsÂ inÂ the Home versionÂ does notÂ have the capabilityÂ to connect itÂ to a domain.Â Such systemsÂ can benefitÂ fromÂ shared filesÂ onÂ domain controllers orÂ member servers,Â butÂ you cannotÂ manage themÂ fromÂ DC.
Security for user accounts
EveryÂ userÂ whoÂ wantsÂ to useÂ computer resourcesÂ mustÂ firstÂ be authenticatedÂ in the domain.Â It receivesÂ from theÂ administratorÂ user nameÂ andÂ password,Â whichÂ will serve himÂ to log intoÂ the system.
The password shouldÂ beÂ strong and knownÂ onlyÂ by the user andÂ notÂ given to others, becauseÂ onlyÂ on this basis,Â it isÂ verifiedÂ andÂ given accessÂ toÂ onlyÂ thoseÂ resourcesÂ for which the user is entitled.
Using Kerberos for authentication. KerberosÂ isÂ the defaultÂ authentication protocolÂ when you logÂ intoÂ the ActiveÂ Directory DomainÂ ServicesÂ forÂ clientsÂ running Windows 2000 orÂ later.
ItÂ is basedÂ onÂ the assumptionÂ thatÂ trafficÂ betweenÂ the clientÂ andÂ the serverÂ isÂ sent over an insecure network.Â ThisÂ meansÂ thatÂ theÂ user'sÂ passwordÂ is neverÂ transmittedÂ in clear text, whichÂ isÂ readableÂ toÂ all types ofÂ networkÂ sniffers.
Is it worth toÂ implementÂ ActiveÂ Directory?
CertainlyÂ manyÂ noviceÂ administratorsÂ andÂ ITÂ professionalsÂ within their companiesÂ ask themselvesÂ this question.
MostÂ depends onÂ howÂ large andÂ complexÂ isÂ our environment.Â If itÂ isÂ only a few or severalÂ computers, youÂ mayÂ considerÂ whether theÂ cost ofÂ suchÂ implementationÂ will not beÂ tooÂ highÂ forÂ us.
However,Â when theÂ number ofÂ hostsÂ is countedÂ inÂ tens,Â then theÂ choiceÂ isÂ obvious.
In thisÂ wayÂ we areÂ able toÂ moreÂ effectivelyÂ manageÂ the settingsÂ of computers,Â users, groups, printers,Â sharedÂ foldersÂ and it'sÂ allÂ in one place.
We haveÂ theÂ assuranceÂ thatÂ each computer isÂ configuredÂ according to a specified schema.
Tasks of theÂ administrator inÂ case ofÂ preparation of the newÂ jobs areÂ kept to a minimum.Â Group PolicyÂ ObjectÂ isÂ responsibleÂ forÂ everything.
Benefits of usingÂ ActiveÂ DirectoryÂ canÂ be summarized as follows:
CentralizedÂ management ofÂ IT infrastructure
AutomaticÂ installationÂ andÂ updateÂ softwareÂ in the company
SingleÂ authenticationÂ - the userÂ at login,Â enterÂ only once aÂ userÂ nameÂ and password,Â thenÂ given accessÂ to allÂ data,Â whichÂ hasÂ permissions,Â withoutÂ having to enterÂ credentialsÂ each time, makingÂ it possible to increaseÂ employee productivity
ReducingÂ the cost ofÂ managingÂ accounts
ReducingÂ the number ofÂ reports ofÂ failuresÂ andÂ problems