Lesson How Active Directory Works

What Are Distinguished and Relative Distinguished Names Multimedia How Active Directory Enables a Single Sign-On This lesson introduces the function of Active Directory as a directory service. Understanding how Active Directory works will help you manage resources and troubleshoot problems with accessing resources. After completing this lesson, you will be able to Describe the function of Active Directory as a directory service. Define the purpose of the Active Directory schema and how it is...

Automatic Generation of Replication Topology

What is Knowledge Consistency Checker How are additional connection objects created When you add domain controllers to a site, Active Directory uses the Knowledge Consistency Checker (KCC) to establish a replication path between domain controllers. The KCC is a built-in process that runs on each domain controller and generates the replication topology for all directory partitions that are contained on that domain controller. The KCC runs at specified intervals every 15 minutes by default and...

Delegation of WMi Filters

To create a WMI filter, use these permissions To create a WMI filter, use these permissions To delegate a WMI filter, assign these permissions To delegate a WMI filter, assign these permissions Delegate the ability to create WMI filters Delegate permissions on a WMI filter You can delegate the ability to create WMI filters in a domain and assign permissions on them. You create WMI filters in the WMI Filters container in Group Policy Management. When you create a new WMI filter, Active Directory...

Types of Trusts

Trusts are the mechanism that ensures that a user who is authenticated in his own domain can access resources in any trusted domain. In Windows Server 2003, there are two types of trusts transitive trusts and nontransitive trusts. A transitive trust is one in which the trust relationship that is extended to one domain is automatically extended to all other domains that trust that domain. For example, domain D directly trusts domain E, which directly trusts domain F. Because both trusts are...

What Are Trusted Domain Objects

Represent each trust relationship in a particular domain Store information such as transitivity and trust type When you set up trusts between domains within the same forest, across forests, or with an external realm, information about these trusts is stored in Active Directory so that the information can be retrieved when required. Each trust relationship in a domain is represented by an object known as the trusted domain object (TDO). The TDO stores information about the trust, such as the...

Your instructor will demonstrate how to

Examine the output of Active Directory Sizer ***************************** illegal FOR NON-TRAINER USE ****************************** Introduction You use Active Directory Sizer to determine the placement of domain Procedure To use Active Directory Sizer, perform the following steps Important Active Directory Sizer is not installed by default. You can download and install it from ASsizer 1.0 NT5 EN-US setup.exe. In this classroom, you can install Active Directory Sizer by running london setup...

Multimedia The Active Directory Data Modification Process

Active Directory Keypoints

To start The Active Directory Data Modification Process presentation, open the Web page on the Student Materials compact disc, click Multimedia, and then click the title of the presentation. Do not open this presentation unless the instructor tells you to. At the end of this presentation, you will be able to Describe the data modification process. Describe how the data modification process affects database performance, database fragmentation, and data integrity. The key points of Active...

How to Move the Active Directory Database and Log Files

Active Directory Database

Your instructor will demonstrate how to move the Active Directory database and log file by using the Ntdsutil command-line tool in Directory Services Restore Mode Why use Ntdsutil to move the database If disk space is low on the partition that stores the database, log files, or both, you must move the database and log files to a new location. You use the Ntdsutil command-line tool in Directory Services Restore Mode to move the database from one location to another location on a disk. If the...

Guidelines for Planning an Organizational Unit Structure

Organizational Unit Structure

Business Accounting function- Research based Sales Location for higher organizational units or domains Structure of the organization for lower organizational units or domains illegal for non trainer use Introduction The design of organizational units is based on the IT administrative model of an Guidelines Use the following guidelines to help you plan the organizational unit structure of an organization. The structure can be based on the Geographic location. If the administrative model is...

Common Replication Problems

Replication does not finish or occur Sites not connected by site links No bridgehead server in the site Inefficient site topology and schedule Client computers receive a slow response No domain controller online in client site Not enough domain controllers Replication greatly increases network traffic Insufficient bandwidth Incorrect site topology The KCC cannot complete the topology When you encounter replication problems in Active Directory, your first step is to identify the symptoms and...

Delegation of Group Policy for a Site Domain or Organizational Unit

Read and Write permissions to the gPLinks and gPOptions attributes Generate Resultant Set of Policy Planning permission Generate Resultant Set of Policy Logging permission Delegate permissions for Group Policy Modeling Delegation of Group Policy for site, domain, and organizational unit includes delegating the ability to link GPOs, and delegate permissions for Group Policy Modeling and Group Policy Results. Group Policy Management uses a single permission named Link GPOs to manage the gPLink...

The Active Directory Database and Log Files

Is the Active Directory database file Stores all Active Directory objects on the domain controller Use the default location sysfemrooANTDS folder Uses the default transaction log file Edb.log Is a checkpoint file Tracks data not yet written to Active Directory database file Are the reserved transaction log files ILLEGAL FOR NON TRAINER USE ILLEGAL FOR NON TRAINER USE Introduction The Active Directory database engine, ESE, stores all of the Active Directory objects. The ESE uses transactions and...

What Is a Bridgehead Server

Bridgehead server required per partition The bridgehead server is a domain controller that you designate to send and receive replicated data at each site. The bridgehead server from the originating site collects all of the replication changes and then sends them to the receiving site's bridgehead server, which replicates the changes to all domain controllers in the site. You must designate a bridgehead server for each partition in the site. For example, a domain controller can be the bridgehead...

Performance Counters to Monitor

Use performance counters to evaluate overall domain controller health Core Active Directory functions and services When you perform basic monitoring, you also use performance counters to monitor overall domain controller health. Basic monitoring includes the following types of performance counters. Performance counters to monitor the quantity of replicated data Performance counters to monitor core Active Directory functions and services Performance counters to monitor key security volumes...

How to Resolve Replication Problems

Sites are not connected by site links Add or remove domain controllers from the preferred bridgehead server list Inefficient site topology and schedule Modify the site topology and schedule No domain controller online in the site Install additional domain controllers Modify the site topology Ensure site links match WAN links Enable KCC logging Run Repadmin kcc illegal for non-trainer use Introduction After you identify the root cause of a problem, the final step is to fix the problem or, if...

What Is the Intersite Topology Generator

Intersite topology generator defines the replication between sites on a network Intersite topology generator defines the replication between sites on a network The intersite topology generator is an Active Directory process that defines the replication between sites on a network. A single domain controller in each site is automatically designated to be the intersite topology generator. Because this action is performed by the intersite topology generator, you are not required to take any action...

Guidelines for Determining the Requirements for Bridgehead Servers

Jse preferred bridgehead servers to exclude specific domain controllers from being bridgehead servers Create a list of preferred bridgehead servers based on which server you want the intersite topology generator to use Create multiple bridgehead servers for multiple directory partitions illegal for non-trainer use Introduction You may choose to use the bridgehead server that the intersite topology generator automatically designates from the available domain controllers or a smaller preferred...

Why Specify a Domain Controller for Managing GPOs

Choose a domain controller to avoid replication conflicts Current domain controller perth2279.nwtraders2.msft The domain controller with the Operations Master token for the PDC emulator C Any available domain controller C Any available domain controller running Windows Server 2003 or later C This domain controller Why select a specific domain controller Group Policy Management uses the primary domain controller PDC emulator in each domain as the default domain controller. To avoid replication...