Free Essay

Benefits of Active Directory

In:

Submitted By TACDRC
Words 557
Pages 3
Unit 8
Assignment 2
Benefits of Active Directory

An Active Directory structure is a hierarchical arrangement of information about objects. The objects fall into two broad categories: resources (e.g., printers) and security principals (user or computer accounts and groups). Security principals are assigned unique security identifiers (SIDs). Each object represents a single entity—whether a user, a computer, a printer, or a group—and its attributes. Certain objects can contain other objects. An object is uniquely identified by its name and has a set of attributes—the characteristics and information that the object represents— defined by a schema, which also determines the kinds of objects that can be stored in Active Directory. The schema object lets administrators extend or modify the schema when necessary. However, because each schema object is integral to the definition of Active Directory objects, deactivating or changing these objects can fundamentally change or disrupt a deployment. Schema changes automatically propagate throughout the system. Once created, an object can only be deactivated—not deleted. Changing the schema usually requires planning. Sites are physical (rather than logical) groupings defined by one or more IP subnets. AD also holds the definitions of connections, distinguishing low-speed (e.g., WAN, VPN) from high-speed (e.g., LAN) links. Site definitions are independent of the domain and OU structure and are common across the forest. Sites are used to control network traffic generated by replication and also to refer clients to the nearest domain controllers (DCs). Microsoft Exchange Server 2007 uses the site topology for mail routing. Policies can also be defined at the site level. Physically, the Active Directory information is held on one or more peer domain controllers, replacing the NT PDC/BDC model. Each DC has a copy of the Active Directory. Servers joined to Active Directory that are not domain controllers are called Member Servers. The Active Directory database is organized in partitions, each holding specific object types and following a specific replication pattern. AD synchronizes changes using multi-master replication. Microsoft often refers to these partitions as 'naming contexts'. The 'Schema' partition contains the definition of object classes and attributes within the Forest. The 'Configuration' partition contains information on the physical structure and configuration of the forest (such as the site topology). Both replicate to all domain controllers in the Forest. The 'Domain' partition holds all objects created in that domain and replicates only to Domain Controllers within its domain. So, for example, a user created in Domain X would be listed only in Domain X's domain controllers. A subset of objects in the domain partition replicate to domain controllers that are configured as global catalogs. Global catalog (GC) servers provide a global listing of all objects in the Forest. Global Catalog servers replicate to themselves all objects from all domains and hence, provide a global listing of objects in the forest. However, to minimize replication traffic and keep the GC's database small, only selected attributes of each object are replicated. This is called the partial attribute set (PAS). The PAS can be modified by modifying the schema and marking attributes for replication to the GC. Earlier versions of Windows used NetBIOS to communicate. Active Directory is fully integrated with DNS and requires TCP/IP—DNS. To be fully functional, the DNS server must support SRV resource records, also known as se

Similar Documents

Premium Essay

Active Directory Benefits

...One of the benefits of moving an organization to an Active Directory environment is the use of trees and forests. Trees are groups of one or more domains who share resources. Each domain within the tree trusts the other domains in areas of security. A domain added to a tree becomes a child of that tree root domain. These trees can then become a part of a forest. A forest is a collection of numerous trees who share a common large-scale catalog, directory outline, logical structure, and directory arrangement. Forests permit organizations to group their divisions that may need to operate self-sufficiently and use different naming patterns, but still need to communicate with the entire organization through trustworthy sites and share some of the same resources. This allows the organization to reduce costs without added complication and have greater security. (1) Another benefit would be user management. Due to active directory’s forest design, users in one domain are known to the forest domain director. This provides for more flexibility and ease of access for users who must travel from one site to another. A user can travel from site 1 to site 2 and still be able to log in with their usual username and password and have access to all resources throughout the domain. (2) Another useful tool within active directory is group policy. Say you have an employee or group of employees who don’t necessarily follow your rules for computer use. They change their CPU’s desktop environment...

Words: 434 - Pages: 2

Premium Essay

Unit 8 Active Directory Benefits

...Active Directory Benefits The biggest difference between these two server operating systems and Windows NT is the addition of Active Directory. Although there is a bit of a learning curve associated with implementing an Active Directory environment, the benefits of doing so far outweigh the negatives. A better representation of the network Centralization sums up my primary reason for implementing Active Directory. The Active Directory structure makes it possible for you to achieve truly centralized management of users, regardless of how big your client’s network has become. If you've worked with Windows NT before, you know that in Windows NT a domain is a completely independent entity. While it's possible to create a trust relationship between domains that exist on a common network, the domains are never truly integrated with each other because there is no higher authority that manages the domains. Seeing through the forest The situation is different with Active Directory. Whereas the domain level was the highest level of abstraction in Windows NT, the highest level of abstraction in Windows 2000 and 2003 Server is the forest, which is basically a collection of domains. Microsoft chose to call this unit a forest because you can place domains into the forest, and you can place entire trees of domains into it. A domain tree consists of a parent, child, grandchildren, and great grandchildren domains. You can have as many layers of subdomains within a domain tree as is necessary...

Words: 1131 - Pages: 5

Free Essay

Active Directory Benfits for Smaller Enterprises

...[pic] Active Directory Benefits for Smaller Enterprises Microsoft Corporation Published: September 2004 Abstract Microsoft® Active Directory® (AD) has been available since early 2000, and while most organizations have completed their AD deployment and are realizing the many business benefits of having deployed Active Directory, there are still organizations that have either not completed their deployment or have yet to take advantage of some of the important features of Active Directory that yield the greatest business benefits. This whitepaper is designed to help small and medium-sized organizations understand the business advantages that can be realized quickly and easily through the use of Windows Server 2003 and Active Directory. This paper was written based on feedback from hundreds of business executives on the reasons they chose to migrate to Active Directory, and the ongoing benefits they have realized. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT...

Words: 7075 - Pages: 29

Free Essay

Nt1230

...Default Server: vnsc-bak.sys.gtei.net Address: 4.2.2.2 > set type=mx > bellcs.com Server: vnsc-bak.sys.gtei.net Address: 4.2.2.2 Non-authoritative answer: bellcs.com MX preference = 0, mail exchanger = bellcs.com bellcs.com nameserver = ns2.server766.net bellcs.com nameserver = ns.server766.net bellcs.com internet address = 66.78.26.7 "Setting up a Basic DNS Server for a Domain." Setting up a Basic DNS Server for a Domain. N.p., n.d. Web. 07 Aug. 2015. "Learn Exchange Server 2000: Setting Up DNS for Internet Access." RSS. N.p., n.d. Web. 07 Aug. 2015. Unit 8 Assignment 2 What benefits do you see in moving an organization to an Active Directory environment? Four Benefits of Moving an Organization to an Active Directory Environment: 1. Using an Active Directory environment gives a better representation of the network. The active Directory structure allows the possibility of a greatly centralized management of users no matter how large the client’s network has become. In Windows NT each domain is its own independent identity. Although it is possible to have...

Words: 689 - Pages: 3

Premium Essay

Active Directory

...Riordan Active Directory Migration Tyler Dresslar POS 421 September 3, 2012 R.Chung Riordan Active Directory Migration Introduction With regards to Riordan Manufacturing acquiring new severs with Active Directory Technology, the company must look at migrating to Windows Server 2008 R2 in order facilitate the streamlining of work for the Information Technology Department. Moving to Active Directory will save Riordan TIME and MONEY, the benefits of such a move and implementation will be explained in the following paragraphs. Microsoft Active Directory Domain Services are the foundation for distributed networks built on Windows 2000 Server, Windows Server 2003 and Microsoft Windows Server 2008 operating systems that use domain controllers. Active Directory Domain Services provide secure, structured, hierarchical data storage for objects in a network such as users, computers, printers, and services. Active Directory Domain Services provide support for locating and working with these objects. Windows 2000 Server and later operating systems provide a user interface for users and administrators to work with the objects and data in Active Directory Domain Services. Network administrators write scripts and applications that access Active Directory Domain Services to automate common administrative tasks, such as adding users and groups, managing printers, and setting permissions for network resources. Independent software vendors and end-user developers can use Active...

Words: 603 - Pages: 3

Free Essay

Pos421 Week 2 Paper

...Riordan Manufacturing Active Directory POS 421 Riordan Manufacturing Active Directory Riordan Manufacturing or “RM” is a company that operates throughout the world and has offices all throughout the North American continent as well as China. With such a broad base of operation, RM requires a means to make communication and operations streamline while still allowing individual plants the ability to tap into resources necessary to complete their job. Looking back at past operations, RM has run into many problems that limited their ability to communicate effectively between individual plants. By implementing a Microsoft Windows Server Active Directory, many of the problems that have been evident will no longer exist. Many of the mundane and cumbersome operations that often cause issues can be eliminated by changing these functions into less complex tasks as noted in an article about Active Directory, “A directory service presents the opportunity to consolidate the number of repositories in use and realize a number of benefits in doing so: reduced administrative overheads, enhanced operational efficiency and tighter control over the security of user information,” (Mohamed. 2005) RM’s corporate headquarters located in San Jose California will be the focal point of consolidation efforts. The departments and facilities will fall under the headquarters plant. In essence our goal is to create a tree utilizing various grouping to help streamline the flow of information between...

Words: 1267 - Pages: 6

Premium Essay

Unit Exercises

...Jason Wells NT 1230 Unit 8 Assignment 2 Active Directory Benefits Multimaster replication and sites One of the benefits of an Active Directory environment is the concept of sites and multimaster replication. In Windows NT, when you make a change to the SAM (Security Accounts Manager), the change is applied directly to the PDC (Primary Domain Controller) and is later replicated to each BDC (Backup Domain Controller). In an Active Directory multimaster replication environment, each domain controller contains a copy of Active Directory, not just the information for a single domain. Therefore, when a change is made to Active Directory, the change is applied to whatever domain controller is the closest, and is then replicated to the remaining domain controllers. This prevents a designated PDC (Primary Domain Controller) from being overburdened. A better representation of the network Centralization sums up a primary reason for implementing Active Directory. The Active Directory structure makes it possible for you to achieve truly centralized management of users, regardless of how big the client’s network has become. In Windows NT a domain is a completely independent entity, and while it's possible to create a trust relationship between domains that exist on a common network, the domains are never truly integrated with each other because there is no higher authority that manages the domains. With Active Directory, this is possible. Organizational Structure The domain level...

Words: 322 - Pages: 2

Premium Essay

Microsoft Active Directory Security

...“Microsoft Active Directory: How to effectively manage corporate network environments with cost savings” while adhering to the requirements for the final research paper for English 235: Technical Writing. Throughout my report I will show examples of per computer cost savings that can be achieved by using Microsoft Active Directory. These savings can be leveraged on any size corporate network to help make IT services more effective and enhance productivity. I will also explain how Active Directory makes IT management easier in regards to implementing large scale changes while securing the corporate network. The report will show different levels of Microsoft’s Infrastructure Optimization Model, along with options and cost savings. The report will further investigate how each optimization option can save money per PC each year by implementing one of these models. The audience of this report includes Chief Information Officers (CIO) and other leadership personnel from corporations large and small. The report will show how each company can independently profit from taking advantage from one or more of the strategies included. The report will explain the different strategies of the Infrastructure Optimization Model, how they can be implemented and the cost benefit for each. After reading through this report readers should have a greater understanding of how Active Directory secures a network and also how it can save on IT costs. Microsoft Active Directory English 101 ...

Words: 3558 - Pages: 15

Free Essay

Fred

...Monitoring the distributed Active Directory service and the services that it relies upon helps maintain consistent directory data and the needed level of service throughout the forest. You can monitor important indicators to discover and resolve minor problems before they develop into potentially lengthy service out Benefits for End-Users Monitoring Active Directory helps resolve issues in a timely manner, and users experience the following benefits: * Improved reliability of productivity applications that rely on back-end servers, such as e-mail. * Quicker logon time and more reliable resource usage. * Decreased help desk support issues Monitoring Active Directory also assures administrators that: * All necessary services that support Active Directory are running on each domain controller. * Data is consistent across all domain controllers and end-to-end replication completes in accordance with your service level agreements. * Lightweight Directory Access Protocol (LDAP) queries respond quickly. * Domain controllers do not experience high CPU usage. * The central monitoring console collects all events that can adversely affect Active Directory. Even if you are doing full backups, Windows Server Backup provides some great space efficiencies on the target disks. For instance, you might perform multiple full backups of the same volume. Since Windows Server Backup uses Volume Shadow Copy Service snapshots on the target disks where it stores...

Words: 269 - Pages: 2

Premium Essay

1. Relate How Windows Server 2008 R2 Active Directory and the Configuration of Access Controls Achieve C-I-a- for Departmental Lans, Departmental Folders, and Data.

...Active Directory provides many benefits to administrators including group management, organizational management, trust relationships, and node/application replication. Group management is made simple with Active Directory. There are two types of groups in Active Directory, distribution and security. Distribution groups are used solely for email purposes, and all members of a certain department or team are get grouped together. For example, the finance department of a company typically only communicates with other members of that same group. An Active Directory distribution group allows all members of the finance department to email without having to type every individual name in the email. Security groups are used to provide or deny access to users or devices to shares, files, or even other devices, these are called security permissions. Security permissions can be added to any distribution or security group, however email cannot be sent to a distribution group. Active Directory allows administrators to designate network users as owners or delegates of other security or distribution groups, to be updated as needed. Organizational management is made possible through the use of Organizational Units aka OU’s. Basically, OU’s allow users, computers, or devices on the same network to be grouped together to best fit the Companies needs. This makes searching for or accessing a device, user, or group far less complex than if all domain items were listed together. For example, the...

Words: 705 - Pages: 3

Free Essay

Pos 421

...Active Directory Implementation Plan Introduction Riordan Manufacturing the leading manufacturer of plastics has offices all throughout the North American continent as well as China, the company maintains an innovative and team oriented working environment by assuring that their employees and customers are well informed and properly supported, they will provide a climate focused on the long term viability of the company. Implementing a Microsoft Windows Server Active Directory, many of the problems that have been evident will no longer exist. Implementation Plan A well-designed Active Directory structure is critical to the successful deployment of a essential system, implementing an Active Directory environment, the benefits of doing so far outweigh the negatives. To get started there are three models to choose from when laying out an Active Directory structure: 1. Single forest, single domain 2. Single forest, multiple domain 3. Multiple forest, multiple domain Choosing the Right Model is an important step, some features to consider is simplicity, high security, high reliability and low cost of operation all of these were the primary objectives considered when choosing the right Active Directory structure. The structure that would meet these objectives is a "single domain" model. In this model, all information is organized within a single Windows Domain. Within that Domain, logical containers - called "Organizational Units" - will be created for each Department...

Words: 352 - Pages: 2

Free Essay

Nt1330 Unit 2 Exercise

...must have, but if your company has the money allocated for this project than go ahead. They might have growth in mind for the near future. If that is the case then the zone you would want the 5 employees in would be secondary if not possibly try setting up a VPN virtual private network to a server at the larger office. As far as the branch office with about 30 users I would definitely use a DNS server. You would put this branch in the primary zone. Another zone or setting that could be used is Active Directory Integrate Zone. The Active Directory Integrated zone stores its data in Active Directory and it does not need DNS zone files. It is in fact an authoritative primary zone and the data gets replicated to other domain controllers as part of Active Directory’s replication process, and a benefit of this type of zone is that it uses the security features of Active Directory. Active Directory will automatically replicate DNS information to other DNS servers that are installed on Active Directory Domain Controllers. I do hope that the information I provided was helpful, and if you have any further questions please feel free to contact me...

Words: 270 - Pages: 2

Free Essay

Active Directory

...Windows Server 2003 Active Directory Judith Che Strayer University of Maryland Author Note Judith Che, Strayer University of Maryland. Any questions regarding this article should be address to Judith Che. Strayer University Maryland, White Marsh, MD 21085. Company’s today relay on good networking in order for their business to grow and succeed. A system engineer requires the ability, knowledge, and skill to plan and manage today’s networking which faces an ever-increasing variety of applications. We need to be skilled and informed to manage a network running Windows Server 2003 Active Directory. Present day networking administrators have difficulties ensuring that network resources are available to users when access is needed and securing the network in such a way that available resources are accessible to the proper user with the proper permission. We will have to solve networking problems including troubleshooting, configuration, installation, administration, and managing element. Starting from choosing the best Windows Server 2003 Edition that will meet the company’s needs in terms of price, performance and features; work group woes, name resolution nightmares and DNS name conflicts to server security. These problems can be solved with proper planning, managing, and designing a day-to-day administration of an Active Directory domain within their Windows Server 2003 network environment. We predict that implementing a Windows Server 2003 Active Directory will beat and exceed...

Words: 5782 - Pages: 24

Free Essay

Research Paper

...3 Active Directory Federation Services is a highly secure, highly extensible, and Internet-scalable identity access solution that allows organizations to authenticate users from partner organizations. Using AD FS in Windows Server 2008, you can simply and very securely grant external users access to your organization’s domain resources. AD FS can also simplify integration between untrusted resources and domain resources within your own organization. Active Directory Lightweight Directory Service (AD LDS), formerly known as Active Directory Application Mode, can be used to provide directory services for directory-enabled applications. Instead of using your organization’s AD DS database to store the directory-enabled application data, AD LDS can be used to store the data. AD LDS can be used in conjunction with AD DS so that you can have a central location for security accounts (AD DS) and another location to support the application configuration and directory data (AD LDS). Using AD LDS, you can reduce the overhead associated with Active Directory replication, you do not have to extend the Active Directory schema to support the application, and you can partition the directory structure so that the AD LDS service is only deployed to the servers that need to support the directory-enabled application. Most organizations use certificates to prove the identity of users or computers, as well as to encrypt data during transmission across unsecured network connections. Active Directory...

Words: 791 - Pages: 4

Free Essay

Dns Senario

...where to place the Active- Directory Integrated DNS Servers and what type to use. One of the branch offices is very small and (5 users) and has a very slow network connectivity. Do I need a DNS Server and, if so, which type of zone should it hosts? The second branch office is much larger (about 30 users) and has better network connectivity. Does this office need a DNS Server and, if so what type of zone would you recommend? Response: Dear IT Admin; I really appreciate the opportunity to assist you in regards to implementing Active Directory & DNS Servers in your “Windows” environment. Let me start by saying that without DNS your network will more than likely not function because clients will not be able to resolve names to (IP) addresses, also DNS enables network devices such as printers and computers to communicate on the internet or locate one another within the organizations local network. Based on the given scenario, you have made an excellent choice of configuring the “Active Directory Integrated Zones” because Active Directory has the following benefits: Fault Tolerance – Redundant copy of DNS zone information can be stored on multiple servers. Security – DACL can be modified by specified user groups. Zones are Multimaster – zones can be updated in more than one location. Efficient Replication – Zone transfers are replaced by more efficient Active Directory replication. Maintain use of secondary zones – if needed. Note: Since Active Directory-Integrated Zones follow...

Words: 320 - Pages: 2