The Active Directory database is logically separated into directory partitions: Schema partition Configuration partition Domain partition Application partition Each partition is a unit of replication and each partition has its own replication topology. Replication occurs between directory partition replicas. Minimum two directory partitions are common among all domain controllers in the same forest: the schema and configuration partitions. Additionally, all domain controllers that are in the same domain share a common domain partition. Schema Partition Only one schema partition exists per forest. The schema partition is stored on all domain Read More
Creating and Managing Domain Controllers
Understanding the Different Server Roles The server roles that exist in a networking environment are standalone servers, member servers and domain controllers. A standalone server is a computer that is not member of a domain, and can be a computer running Windows NT 4, Windows 2000 or Windows Server 2003. A test server is a good example of a standalone server. Standalone servers do not use Active Directory for authentication and access control because they are not included in the Active Directory domain. These servers use the local Security Accounts Read More
Active Directory Groups
Groups are containers that contain user and computer objects within them as members. When security permissions are set for a group in the Access Control List on a resource, all members of that group receive those permissions. Domain Groups enable centralized administration in a domain. All domain groups are created on a domain controller. In a domain, Active Directory provides support for different types of groups and group scopes. The group type determines the type of task managed with the group. The group scope determines whether the group can have Read More
Understanding and Managing Operations Master Roles
Understanding the Operations Master Roles Active Directory operates in a multi-master replication manner. What this means is that each domain controller in the domain holds a readable, writable replica of the Active Directory data store. In multi-master replication, any domain controller is able to change objects within Active Directory. Multi-master replication is ideal for the majority of information located in Active Directory. However, certain Active Directory functions or operations are not managed in a multi-master manner because they cannot be shared without causing some data uniformity issues. These functions are Read More
Deploying Software through Group Policy
When Active Directory was launched in Windows 2000, one of its key design features was to ease the process of deploying software within an organization. To this end, Microsoft included the ability to deploy and distribute software with Group Policy. IntelliMirror technologies include Group Policy software installation to simplify the management necessary for large quantities of users and computers. The Software Installation and Maintenance component of the IntelliMirror technologies can be used to publish applications over the network. Publishing is the terminology used to make applications available for installation from Read More
Troubleshooting Active Directory Availability
As an Administrator, ensuring the availability and reliability of the Windows Server Active Directory directory service is extremely important if you are running Active Directory within your environment. Performance problems and poor availability leads to users being unable to perform their tasks or duties within the organization. For instance, when a DNS server fails, it is transparent that Active Directory would be negatively affected. In order for a domain controller to replicate with other domain controllers within a domain, the domain controller has to be able to resolve host names Read More
Understanding Forests and Domains
An Overview of Forests and Domains A domain is a collection of computers and resources that share a common security database, in this case, the Active Directory database. Computers in the domain also have a common namespace. A namespace is the hierarchical grouping of service and object names that are stored in Active Directory and DNS. Active Directory and DNS namespaces have to be the same. This is a Microsoft requirement. A domain can also be considered a security boundary because you can create and manage related resources within a Read More
Active Directory Terminology and Concepts
The Active Directory data store (directory) is the database that holds all directory information such as information on users, computer, groups, other objects, and the objects that users can access. It also includes other network components. The Active Directory data store is stored on the server’s hard disk by means of the Ntds.dit file. The file has to be stored on a drive that is formatted with the NTFS file system. The Ntds.dit file is placed in the Ntds folder in the systemroot. When changes are made to the directory, Read More
Understanding Trust Relationships
In the Windows NT domain model, domains had to be bound together through trust relationships simply because the SAM databases used in those domains could not be joined. What this meant was that where a domain trusted another Windows NT domain, the members of the domain could access network resources located in the other domain. Defining trust relationships between domains eliminates the need for an Administrator to configure user accounts in multiple domains. In a trust relationship, the two domains are referred to as the trusting domain and the trusted Read More
Managing Active Directory Performance
An Overview on Performance Monitoring and Management Performance monitoring is the process of accurately and consistently measuring performance, so that you can identify any potential bottlenecks which may be impairing the way in which Active Directory performs within your environment. A bottleneck can take place on any Windows subsystem or network component, and occurs when one resource prevents a different resource from operating optimally. Incorrectly configured settings or the insufficient distribution of resources between network components can result in bottlenecks occurring. Monitoring performance can be considered the initial step in Read More
Share on: