Essential Active Directory Overview and Management Self ...

1 | January 2013 | Level 2 Essential Active Directory Overview and Management Self-paced Technical Training Student Guide and Lab Exercises Essential Active Directory Skills for Polycom Solutions ( Overview and Management ) Page 2 of 86 Disclaimer 2013 Polycom, Inc. All rights reserved. Polycom, Inc. 4750 Willow Road Pleasanton, CA 94588-2708 USA No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Polycom, Inc. Under the law, reproducing includes translating into another language or format. As between the parties, Polycom, Inc., retains title to and ownership of all proprietary rights with respect to the software contained within its products. The software is protected by United States copyright laws and international treaty provision. Therefore, you must treat the software like any other copyrighted material ( , a book or sound recording).

2 Every effort has been made to ensure that the information in this manual is accurate. Polycom, Inc., is not responsible for printing or clerical errors. Information in this document is subject to change without notice. Essential Active Directory Skills for Polycom Solutions ( Overview and Management ) Page 3 of 86 Course Objectives .. 5 Topics Included .. 6 What is Active Directory ? .. 7 How does Active Directory work? .. 9 The Active Directory Hierarchy ..12 Active Directory Overview ..14 Why is this important for Polycom Solutions? ..15 Workgroup Model ..16 Workgroup Model ..16 Lab 1: Disadvantage of the Workgroup Model ..18 Exercise : Navigating the Training Exercise : Disadvantages of the Workgroup model ..21 domain Model ..23 domain Model ..23 domain Controllers ..25 Multi-Master and Replication ..25 Computer Accounts ..27 Joining a domain ..28 Overview of Active Directory Administration ..29 Active Directory Administration Tools.

3 29 Active Directory Users and Computers ( ) ..29 domain Name System (DNS) ..30 Overview ..30 Service Location (SRV) Resource Records ..30 Integrating the DNS with Active Directory domain Services (AD DS) Domains ..33 Lab 2: domain Model ..34 Exercise : Advantages of the domain model ..36 Active Directory Logical Architecture ..47 Domains ..48 Overview ..48 Architecture ..49 Forests ..51 Overview ..51 Polycom Solutions ..52 Other AD Administrative Applications ..53 Essential Active Directory Skills for Polycom Solutions ( Overview and Management ) Page 4 of 86 Organisational Units and Containers ..55 Overview ..55 Organizational Units ..56 Delegate Administrative Rights for OU ..56 Active Directory Users, Computers and Groups ..57 AD Users ..57 Default AD Groups ..58 AD Computer Accounts ..59 Active Directory Groups ..61 Group type ..62 Group scope ..62 Lab 3: Configure and Verify the Active Directory Objects.

4 63 Exercise : Using the AD Users and Computer application ..64 Exercise : Add a Computer to a domain using a Pre-Staged Computer Active Directory Physical Architecture ..72 Database File ..72 Interfaces ..72 Lightweight Directory Access Protocol (LDAP) ..74 Ports Used by AD ..74 LDAP Distinguished Names (DNs) ..75 ..77 Lab 4: Browse the LDAP Directory for a domain ..78 Exercise : Use the Utility to Browse the Directory for the domain ..79 Course Summary ..85 What's Next ..86 Essential Active Directory Skills for Polycom Solutions ( Overview and Management ) Page 5 of 86 Course Objectives Polycom, Inc. All rights Objectives Students will be able to present and discuss Microsoft Active Directory concepts, functions and features Students will discover how Active Directory impacts upon Polycomsolution architecture, deployment, maintenance and troubleshootingEssential Active Directory Skills for Polycom Solutions ( Overview and Management ) Page 6 of 86 Topics Included Polycom, Inc.

5 All rights Included Active Directory Overview Workgroup and domain Models domain Controllers domain Name Service (DNS) Active Directory Logical Architecture Domains Forests Organizational Units and Containers Active Directory Users, Computers and Groups Active Directory Physical Architecture Lightweight Directory Access Protocol (LDAP) Essential Active Directory Skills for Polycom Solutions ( Overview and Management ) Page 7 of 86 What is Active Directory ? Active Directory is a Directory Service. The full name for the generally adopted implementation of Active Directory is Active Directory domain Services, abbreviated to AD DS. This provides a central location containing information about users, computers, printers and other objects located on a network. Each type of object will require different information in the Directory . For users it should provide information such as first name, last name and email address.

6 An example of the information that can be held by Active Directory for user objects is shown below. Polycom, Inc. All rights is Active Directory ? Essential Active Directory Skills for Polycom Solutions ( Overview and Management ) Page 8 of 86 Active Directory stores this information in a secure database which users and applications can search. As an example, email applications that provide a Global Address List may use Active Directory as the source of this information. Someone wishing to search Active Directory can use simple tools to locate the object required. The type of object selected will determine the information that can be entered for the search criteria. Note: Active Directory also provides other service such as: Active Directory Certificate Services which is used to create, distribute, and manage digital certificates. Active Directory Federation Services which provides Web single-sign-on (SSO) to authenticate a user to multiple Web applications.

7 Active Directory Lightweight Directory Services which is a Lightweight Directory Access Protocol (LDAP) Directory service that supports Directory -enabled applications. Active Directory Rights Management Services that protects digital information from unauthorized use. These additional Active Directory services are outside the scope of this course. Note: Active Directory Certificate Services is covered in detail in the Essential Communication Security Skills training. Essential Active Directory Skills for Polycom Solutions ( Overview and Management ) Page 9 of 86 How does Active Directory work? The most visible aspect of Active Directory (AD) for users is when they login to a computer that is part of an AD environment. By providing a user name and password that is defined in AD the user can be recognized by other objects within the same AD environment. As an example, when a user requests access to folder located on the network their identity can be checked against the list of those who have permissions to the resource.

8 Assuming that the user has the necessary permissions they can open the folder without providing any further proof of identity. Polycom, Inc. All rights does Active Directory work?User provides user name and password to authenticate with Active DirectoryOnce authenticated the user s permissions will determine their access to network resourcesActive Directory DomainNetwork ResourceEssential Active Directory Skills for Polycom Solutions ( Overview and Management ) Page 10 of 86 Question #1 Write a list of terms which you have heard of that relate to Microsoft Windows Active Directory . Note: These may include components of an Active Directory environment as well as the services it provides. Polycom, Inc. All rights #1 What terms have you heard about that relate to Microsoft Windows Active Directory ? Essential Active Directory Skills for Polycom Solutions ( Overview and Management ) Page 11 of 86 Answer #1 This course will cover many of the Active Directory terms with which you may be familiar including: domain Controllers Domains Forests Trees Organisational Units and Containers Active Directory Users, Computers and Groups Lightweight Directory Access Protocol (LDAP) Polycom, Inc.

9 All rights #1 What terms have you heard about that relate to Microsoft Windows Active Directory ? Essential Active Directory Skills for Polycom Solutions ( Overview and Management ) Page 12 of 86 The Active Directory Hierarchy This section introduces the main components of an Active Directory hierarchy. Each of these will be covered in detail either in this course in Essential Active Directory Skills for Polycom Solutions (Design). Active Directory domain When a user logs in to Active Directory (AD) they will see the name of their domain shown on the login dialogue. A domain is logical grouping of objects for administrative purposes. Objects within a domain include: User accounts which are required for users to log on and access network resources Computer accounts which are required for a computer to participate in the domain and become part of the security infrastructure. A computer requires a domain computer account in order that a user can login with a domain account Polycom, Inc.

10 All rights Active Directory HierarchyActive Directory DomainComputer AccountUser AccountOrganizational Unitsin a CatalogDomains in a ForestEssential Active Directory Skills for Polycom Solutions ( Overview and Management ) Page 13 of 86 Groups are used to organize users and computers and make it easier to assign permissions to resources. Servers known as domain Controllers are used to hold the database of objects and their properties for the domain . Organizational Units An Active Directory domain can contain many thousands of objects so organizational units (OUs) can be used to group and organize objects within a domain . OUs can contain: Users Groups Computers Other OUs for example an OU Named Sales could have sub-OUs of US Sales, EMEA Sales and APAC Sales As well as organizing objects OUs can also be used to delegate administrative responsibilities for the objects they contain.