tổng quan về activer directory

  • View
    499

  • Download
    0

Embed Size (px)

Transcript

  • 1.MUC LUC1Tng quan v activer directory ........................................................................ 41.1 Chc nng ca Active Directory ............................................................... 41.2 cu truc ca activer directory ................................................................... 41.2.1cu trc lun l .......................................................................................... 41.2.1.1 Objects. ...................................................................................................... 41.2.1.2 Organizational Units ............................................................................. 51.2.1.3 Domain. ...................................................................................................... 51.2.1.4 Domain Tree ............................................................................................. 61.2.1.5 Forest. ......................................................................................................... 71.2.2cu trc vt l .............................................................................................. 81.2.2.1 siter ............................................................................................................. 81.2.2.2 Domain controllers ................................................................................ 82C ch hot ng ca Active Directory ......................................................... 92.1 Directory service ............................................................................................ 92.2 Active directory schema .............................................................................. 92.3 Global catalog (GC) ..................................................................................... 102.4 Global catalog server ................................................................................. 102.5 Distinguished v relative distinguished name ................................. 112.6 C ch single sign-on ................................................................................. 113C ch qun l Active Directory..................................................................... 124Cng c qun l Active Directory .................................................................. 135Active directory Domain & Forest ................................................................. 135.1 Forest & Domain function level .............................................................. 135.2 To Relationships ........................................................................................ 146Organization Unit ( OU )................................................................................... 156.1 Tm hiu OU ................................................................................................... 156.2 y quyn qun l OU .................................................................................. 167Ti khon Users, Group, Computer .............................................................. 177.1 Gii thiu Ti khon .................................................................................... 177.2 Gii thiu ti khon ngi dng ............................................................ 17

2. 7.2.1 Ti khon ngi dng cc b .............................................................. 177.2.2 Ti khon ngi dng min ................................................................. 177.2.3 Yu cu v ti khon ngi dng ...................................................... 187.3Ti khon nhm ............................................................................................ 187.3.1 Nhm bo mt ........................................................................................... 187.3.2 Nhm phn phi ....................................................................................... 197.3.3 Ti khon ngi dng to sn............................................................. 197.3.4 Cc nhm to sn c bit ................................................................... 217.4To & qun l account ............................................................................... 228Chnh sch nhm ................................................................................................. 248.1Group Policy l g? ....................................................................................... 248.2Chc nng ca Group Policy .................................................................... 248.3qun ly GPO ................................................................................................... 259Site and Replication ........................................................................................... 269.1Gii thiu v active directory replication ........................................... 269.2To v cu hnh site .................................................................................... 279.3Qun l site topology ................................................................................. 2810B tr Domain contronller ............................................................................. 2810.1Global Catolog trong AD ........................................................................ 2810.2Customize Global Catalog Server ....................................................... 2910.3Phn b domain contronller trong AD ............................................. 2911Operation Master............................................................................................. 3011.1Gii thiu Operation Master Role....................................................... 3011.2Chuyn giao & chim ot Master Role........................................... 3411.3Di chuyn & chng phn mnh database ca AD ........................ 36 3. 1 Tng quan v activer directoryActive Directory l mt c s d liu ca cc ti nguyn trn mng (cn gil i tng) cng nh cc thng tin lin quan n cc i tng . ActiveDirectory cung cp mt mc ng dng mi cho mi trng x nghip.Dch v th mc trong mi domain c th lu tr hn mi triu i tng, phc v mi triu ngi dng trong mi domain.1.1 Chc nng ca Active Directory- lu gi mt danh sch tp trung cc tn ti khon ngi dng, mt khutng ng v cc ti khon my tnh.- Cung cp mt Server ng vai tr chng thc (authentication server)hoc Server qun l ng nhp (logon Server), Server ny cn gi l domaincontroller (my iu khin vng).- Duy tr mt bng hng dn hoc mt bng ch mc (index) gip cc mytnh trong mng c th d tm nhanh mt ti nguyn no trn cc mytnh khc trong vng.- Cho php chng ta to ra nhng ti khon ngi dng vi nhng mc quyn (rights) khc nhau nh: ton quyn trn h thng mng, ch c quynbackup d liu hay shutdown Server t xa- Cho php chng ta chia nh min ca mnh ra thnh cc min consubdomain) hay cc n v t chc OU (Organizational Unit). Sau chngta c th y quyn cho cc qun tr vin b phn qun l tng b phn nh.1.2 cu truc ca activer directory1.2.1cu trc lun l1.2.1.1Objects. Trc khi tm hiu khi nim Object, chng ta phi tm hiu trc hai khinim Object classes v Attributes. Object classes l mt bn thit k mu hay mt khun mu cho ccloi i tng m bn c th to ra trong Active Directory. C ba loiobject classes thng dng l: User, Computer, Printer. Attributes, n c nh ngha l tp cc gi tr ph hp v c kthp vi mt i tng c th. Nh vy Object l mt i tng duynht c nh ngha bi cc gi tr c gn cho cc thuc tnh caobject classes. Nh vy Object l mt i tng duy nht c nh ngha bi cc gi tr c gn cho cc thuc tnh ca object classes. V d hnh sau minh ha hai i tng l: my in ColorPrinter1 v ngi dng KimYoshida. 4. 1.2.1.2Organizational Units Organizational Unit hay OU l n v nh nht trong h thng AD, nc xem l mt vt cha cc i tng (Object) c dng sp xpcc i tng khc nhau phc v cho mc ch qun tr ca bn. OU cngc thit lp da trn subnet IP v c nh ngha l mt hoc nhiusubnet kt ni tt vi nhau. Vic s dng OU c hai cng dng chnh sau: Trao quyn kim sot mt tp hp cc ti khon ngi dng, my tnh hay cc thit b mng cho mt nhm ngi hay mt ph t qun tr vin no (sub-administrator), t gim bt cng tc qun tr cho ngi qun tr ton b h thng. Kim sot v kha bt mt s chc nng trn cc my trm ca ngi dng trong OU thng qua vic s dng cc i tng chnh sch nhm (GPO)1.2.1.3Domain.Domain l n v chc nng nng ct ca cu trc logic Active Directory. Nl phng tin qui nh mt tp hp nhng ngi dng, my tnh, tinguyn chia s c nhng qui tc bo mt ging nhau t gip cho vicqun l cc truy cp vo cc Server d dng hn. Domain p ng ba chcnng chnh sau: 5. ng vai tr nh mt khu vc qun tr (administrative boundary) cc i tng, l mt tp hp cc nh ngha qun tr cho cc i tng chia s nh: c chung mt c s d liu th mc, cc chnh sch bo mt, cc quan h y quyn vi cc domain khc. Gip chng ta qun l bo mt cc cc ti nguyn chia s. Cung cp cc Server d phng lm chc nng iu khin vng (domain controller), ng thi m bo cc thng tin trn cc Server ny c ng b vi nhau.1.2.1.4Domain TreeDomain Tree l cu trc bao gm nhiu domain c sp xp c cp bctheo cu trc hnh cy. Domain to ra u tin c gi l domain root vnm gc ca cy th mc.Tt c cc domain to ra sau s nm bn didomain root v c gi l domain con (child domain). Tn ca cc domaincon phi khc bit nhau. Khi mt domain root v t nht mt domain conc to ra th hnh thnh mt cy domain. 6. 1.2.1.5 Forest. Forest l mt thut ng c t ra nhm nh ngha mt m hnh t chc ca AD, mt forest gm nhiu domain trees c quan h vi nhau, cc domain trees trong forest l c lp vi nhau v t chc, Mt forest phi m bo tho cc c tnh sau: Ton b domain trong forest phi c mt schema chia s chung Cc domain trong forest phi c mt global catalog chia s chung Cc domain trong forest phi c mi quan h trust hai chiu vi nhau Cc tree trong mt forest phi c cu trc tn(domain name) khc nhau Cc domain trong forest hot ng c lp vi nhau, tuy nhin hot ng ca forest l hot ng ca ton b h thng t chc doanh nghip. 7. 1.2.2 cu trc vt l1.2.2.1 siterMt site bao gm mt hay nhiu mng con lin kt vi nhau. C th cuhnh vic truy xut v to bn sao cho Active Directory hiu qu nht v lpra mt lch cp nht khng nh hng n thng lng ca mng1.2.2.2 Domain controllers Domain Controller l mt my tnh hay server chuyn dng c setupWindows Server v lu tr bn sao ca Domain Directory (local domaindatabase). Mt domain c th c