Microsoft Windows Active Directory 2003 Notes
Security groups:
global group - use to put members in it. Global group is put into a domain local group. ex. sales group. contains members that are in the same domain as the global group.
domain local group - named for resource it provides. ex. printer users. put global group in this group. the resource has to be local to domain. Good practice: name dl groups for permission being applied, ex. DL_folder_ReadOnly
universal group - named for its function. resource or members do not have to be in domain, can be from forest.
*** AGGUDLP
NT Domain models:
Single domain - 1 domain (1 pdc, 1 or more bdcs), users and resources
single master - more than 1 domain. 1 master(users), 1 or more resource domains. no users only resources. resource domains are trusted by the master domain. users in master domain can use resources that are in the resource domain.
Multiple Master - more than 2 master domain and more than one resource domain.
each master domain trust each other. resource domains trust the master domains.
Complete Trust - every domain contains users and resources. every domain trusts ever other domain. 4 domains requires 12 = n*(n-1) trusts.
Windows 2000-03:
03 can rename domains and controllers if correct functional level.
03 can stub zones and conditional forwarding
stub zone - has soa, name server record and ip(glue host record or pointer to other server)
- can be ad integrated
caching only server - installing dns with no zones. create forward lookups for other server. caches info that has been returned by the forward lookup.
conditional forwarding - way of pointing dns in a particular direction based on the address we are trying to resolve
- like using conditional ifs.
Microsoft recommends one GC per site.
Roles:
1 per forest = Schema Admin, Domain Naming master
1 per domain = RID, PDC Emulator, Infrastructure master(- never be a GC server)
Domain Naming Master should be a GC server
MISC Stuff:
When using SMTP for replication, domain controllers must be in different domains and sites.
RFC 1542 = DHCP broadcast compliance
0 Comments:
Post a Comment
<< Home