Active Directory

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Can somone explain this to me in a simple form and also how can I go about learning about it? I just rang for an IT Analyst job and they want someone who is very good at Active Directory. I have no idea what it is. thanks guys..

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

It's the directory service used in Microsoft networking from Server 2000 onwards.

In this case a Directory service means both a list of users, printers, data and other "services" and also the means to organise, display and manage such information using both logical and physical network topologies.

As far as learning it goies there is no single magic book or course but the books for the MCSA would be a good start.

HTH

 

The only way to learn Active Directory is to use it. This goes back to my assertion that every tech...to the best of their abilities and resources...should maintain a home lab where they can constantly be playing with the technologies they want to learn, including Active Directory.

The list of books available on this subject is endless. Here is a quick list available from Amazon:

Active Directory Books

Also, this link to Microsoft will give you a good intro to AD services:

Active Directory for Windows 2000

as well as this link:

Active Directory for Windows Server 2003

Here are some web definitions for AD:

Active Directory definitions

Finally (and I really shouldn't do this) to give you an idea of the scope of Active Directory...only a part of the book I just finished writing addressed AD Services. After all, my book is supposed to be generalist. I'm posting a portion of my working Table of Contents. I hope I haven't overloaded you but Active Directory services is a very specialized knowledge base.

Active Directory Operations (approx 90 pgs)
1. Active Directory Domains and Trusts
• Create a Forest Trust
• Create a Shortcut Trust
• Validate a Trust
• Change Authentication Scope of a Trust
2. Functional Levels
• Raise Domain Functional Levels
• Raise Forest Functional Levels
3. Flexible Operations Masters
• Designate a Global Catalog Server
• Register and Install a Schema Snap-In
• Create a Schema Attribute
• Create a Schema Class
• Deactivate a Schema Object
• Transfer a Domain Naming Master
• Transfer a PDC Emulator
• Use the ntdsutil command-line tool to determine FSMO roles
• Transfer a Infrastructure Master using ntdsutil
4. Active Directory Sites and Services
• Create a New Site
• Add a Domain Controller to a Site
• Choose a Licensing Server for a Site
• Assign a Subnet to a Site
• Configure Site Links
• Configure a Site Link Bridge
• Designate a Preferred Bridgehead Server
• Configure Intersite Replication
5. Active Directory Users and Computers
• Create a User
• Create a Group and Add a User
• Add a Group to Another Group
• Create an Organizational Unit and Add a Group
• Delegate Control of an Organizational Unit
6. Active Directory Command Line Tools
• Using DSADD.exe
• Using DSGET.exe
• Using DSQUERY.exe
• Using DSMOD.exe

 

blimey I didnt know it involved that much...well looks like the job wont be mine but hey its a learning curve at the end of the day. they did say they will put my CV on file and if anything comes up (not that it ever does) then they will let me know...but thanks guys..will have a look at the list of books soon Trip...cheers mate...

so just let me get this right...Active Directory can only be used Servers and not the likes of XP Pro and XP Home...what about Win 2K Pro? It would be helpful to know...and how else can I practice if I dont have the money to get the likes of Win Server 2003?

 

Well, trip pretty much covered it
its a behemoth, but pretty easy once you get the hang of it (i remember when i was first learning it, lol, LDAP Query WHAT?)

good luck noel

 

Only Windows 2000 Server or Windows Server 2003 can be promoted to a Domain Controller and run Active Directory Services. To make it really work, you'd need a minimum of two Domain Controllers and a couple of client computers (2000 Pro or XP Pro...not home) to get the experience. I priced a full version of Windows 2000 Server and unless you've got a fair chunk of change burning a hole in your pocket, it is not a viable option. I'll post the link to amazon.co.uk in case you think you can swing it:

Amazon.co.uk

You can get an evaluation copy of Windows Server 2003 at:

Microsoft.com

It will function for 180 days before going toes up and it's free.

If you are going to an educational institution, you might be able to buy server at an educational discount but you are still looking at hundreds of pounds. I'm afraid your only other option isn't legal and CertForums can't endorce it.

 

a volume liscence copy cost my mate about 70 quid with no CALS
dont think you can get educational copies, ie, students dont get a cheaper copy, no need for it really

the trial is fine, in vmware you format often enough for it to not be a problem

if you havnt practiced enough with one lab in 6 months, time you started again from the beginning anyway

microsoft trials almost all of its software and this is a GREAT part about the site, for those with the bandwidth

the vmware machines i build come with as many MS trials as i can find on them for folks to use

 

Not so in the US, Ryan. As a student, I could by all kinds of software including OS software at an educational discount. I just couldn't use it for a commercial purpose. As for the purpose, it helps the ol' starving student's check book.

 

trip
we have educational copies of tons of stuff, Adobe products, macromedia, Microsoft
but the microsoft stuff never included a server OS, as its hardly a requirement for a student, you could get XP Pro/Home, Office, Frontpage, that kind of stuff
and adobe did Photoshop etc, for cheap

thats all i mean
we do actually have educational liscences, but never for a server OS so far

 

Having been learning windows based programming over the last eight months or so, alongside doing the Windows 2K3 MCSE, I can see strong parallels between Active Directory and the .Net Framework used in programming. You have various classes of objects in both, and all have associated attributes.

In networking, you need to extend the AD schema in order to accommodate difference server based services, such as Exchange Server - and of course you can define your own classes and objects in .Net.

Active Directory needs to be big of course so that it can scale itself from the simple single domain, single forest networks, up to globally distributed systems which might have countless user, computer and other objects. Intial planning of how you are going to set up AD is of course the key to success. Do it right or wrong from the start will be the make or break of your network.

 

Just to add a little.

Active Directory came after Novel's Directory Services (NDS) it has much in common with NDS.

Active Directory uses Group Policy to roll out configuration settings to client machines. So if your client is part of a Windows 2000 or Server 2003 domain, the administrator or designated person, can have control of the users client machines. There are numerous settings which can be set using Group Policy.

Since Windows 2000 there has always been local group policies, recently the XP firewall is configured through local Group Policy. You might find out that after a windows update that the option to turn it off is greyed out. The control has been taken away from the user and given to the administrator who should understand Group Policy.

These local policies are overridden by policies that are set higher up in the hierarchy. The order of control goes Local > Site > Domain > OU OU etc

So for example, you could have a site where users are prevented from seeing Control Panel for example but within the same domain another site could allow their users to see control panel. Or you could set a domain wide policy so that no user can see Control Panel.

Group policy is only a small part of Active Directory but once Active Directory has been deployed and the sites and replication strategies have been implemented, it will be Group Policy that provides the fun for admins