0
Active Directory
Active Directory is a set of networking services made by Microsoft. Questions about using and configuring Active Directory belong here.
849 Questions
What is the Active Directory of Windows server?
ACTIVE DIRECTORY IS A CENTRALIZED DATABASE ...WHICH IS USED IN DOMAIN FOR ADMINISTRATIVE PURPOSES.. An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996 and first used with Windows 2000.
An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory. An active directory can be defined as a hierarchical structure and this structure is usually broken up into three main categories, the resources which might include hardware such as printers, services for end users such as web email servers and objects which are the main functions of the domain and network. It is interesting to note the framework for the objects. Remember that an object can be a piece of hardware such as a printer, end user or security settings set by the administrator. These objects can hold other objects within their file structure. All objects have an ID, usually an object name (folder name). In addition to these objects being able to hold other objects, every object has its own attributes which allows it to be characterized by the information which it contains. Most IT professionals call these setting or characterizations schemas. Depending on the type of schema created for a folder, will ultimately determine how these objects are used. For instance, some objects with certain schemas can not be deleted, they can only be deactivated. Others types of schemas with certain attributes can be deleted entirely. For instance, a user object can be deleted, but the administrator object can not be deleted. When understanding active directories, it is important to know the framework that objects can be viewed at. In fact, an active directory can be viewed at either one of three levels, these levels are called forests, trees or domains. The highest structure is called the forest because you can see all objects included within the active directory. Within the Forest structure are trees, these structures usually hold one or more domains, going further down the structure of an active directory are single domains. To put the forest, trees and domains into perspective, consider the following example. A large organization has many dozens of users and processes. The forest might be the entire network of end users and specific computers at a set location. Within this forest directory are now trees that hold information on specific objects such as domain controllers, program data, system, etc. Within these objects are even more objects which can then be controlled and categorized Active Directory in Windows Server 2003
The Active Directory is the one of the important part of Windows Server 2003 networking .First need to know and understand Active directory . How does it work? It makes information easy for the administrator and the users. You can use the Active Directory to design a organization's structure according to the requirement . If you are using the Active Directory then you can scale active directory from a single computer to a single network or to many networks. In active directory you can include every object server and domain in a network.
Logical Component
In the organization you set up in Windows Server 2003 and the organization you set up in Exchange Server 2003 are the same and the same is the case with Windows 2000 and Exchange 2000 as well. Now i am going to tell you it's advantage one user administrator manage all aspects of user configuration. These logical constructs which are described in the following subsections allow you to define and group resources so that they can be located and administered by the name rather than by physical location.
Objects
Object is the basic unit in the Active Directory. It is a apocarpous named set of features that represents something adjective such as a user , printer and the application. A user is also an object. In Exchange a user's features include its name and location , surrounded by other things.
Organization Unit
Organization Unit is a persona in which you can keep objects such as user accounts, groups, computer, printer . applications and other (OU). In organization unit you can assign specific permission to the user's. organization unit can also be used to create departmental limitation.
Domains
Domains is a group of computers and other resources that are part of a network and share a common directory database .Once a server has been installed , you can use the Active Directory Wizard to install Active Directory in order to install Active directory on the first server on the network , that server must have the access to a server running DNS (Domain Name Service). If you don't have install this service on your server then you will have to install this service during the Active Directory installation.. == == Active Directory in Windows Server 2003
The Active Directory is the one of the important part of Windows Server 2003 networking .First need to know and understand Active directory . How does it work? It makes information easy for the administrator and the users. You can use the Active Directory to design a organization's structure according to the requirement . If you are using the Active Directory then you can scale active directory from a single computer to a single network or to many networks. In active directory you can include every object server and domain in a network.
Logical Component
In the organization you set up in Windows Server 2003 and the organization you set up in Exchange Server 2003 are the same and the same is the case with Windows 2000 and Exchange 2000 as well. Now i am going to tell you it's advantage one user administrator manage all aspects of user configuration. These logical constructs which are described in the following subsections allow you to define and group resources so that they can be located and administered by the name rather than by physical location.
Objects
Object is the basic unit in the Active Directory. It is a apocarpous named set of features that represents something adjective such as a user , printer and the application. A user is also an object. In Exchange a user's features include its name and location , surrounded by other things.
Organization Unit
Organization Unit is a persona in which you can keep objects such as user accounts, groups, computer, printer . applications and other (OU). In organization unit you can assign specific permission to the user's. organization unit can also be used to create departmental limitation.
Domains
Domains is a group of computers and other resources that are part of a network and share a common directory database .Once a server has been installed , you can use the Active Directory Wizard to install Active Directory in order to install Active directory on the first server on the network , that server must have the access to a server running DNS (Domain Name Service). If you don't have install this service on your server then you will have to install this service during the Active Directory installation.. An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996 and first used with Windows 2000.
An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory. An active directory can be defined as a hierarchical structure and this structure is usually broken up into three main categories, the resources which might include hardware such as printers, services for end users such as web email servers and objects which are the main functions of the domain and network. It is interesting to note the framework for the objects. Remember that an object can be a piece of hardware such as a printer, end user or security settings set by the administrator. These objects can hold other objects within their file structure. All objects have an ID, usually an object name (folder name). In addition to these objects being able to hold other objects, every object has its own attributes which allows it to be characterized by the information which it contains. Most IT professionals call these setting or characterizations schemas. Depending on the type of schema created for a folder, will ultimately determine how these objects are used. For instance, some objects with certain schemas can not be deleted, they can only be deactivated. Others types of schemas with certain attributes can be deleted entirely. For instance, a user object can be deleted, but the administrator object can not be deleted. When understanding active directories, it is important to know the framework that objects can be viewed at. In fact, an active directory can be viewed at either one of three levels, these levels are called forests, trees or domains. The highest structure is called the forest because you can see all objects included within the active directory. Within the Forest structure are trees, these structures usually hold one or more domains, going further down the structure of an active directory are single domains. To put the forest, trees and domains into perspective, consider the following example. A large organization has many dozens of users and processes. The forest might be the entire network of end users and specific computers at a set location. Within this forest directory are now trees that hold information on specific objects such as domain controllers, program data, system, etc. Within these objects are even more objects which can then be controlled and categorized.
Microsoft Active Directory Domain Services are the foundation for distributed networks built on Windows 2000 Server, Windows Server 2003 and Microsoft Windows Server 2008 operating systems that use domain controllers.
What folders are related to active directory?
The Active Directory Database is Stored in %SYSTEM ROOT%\NDTS folder.
the active directory uses the sysvol folder as well
The file is called as ntds.dit. Along with this file there are other files also present in this folder. The files are created when you run dcpromo. The list of files and use of those files are listed below
1. ntds.dit : This is the main database file for active directory.
2. edb.log : When a transaction performed to ad database, like writing some data first the data will be stored to this file. And after that it will be sent to database. So the system performance will be depends on how this data from edb.log file will be written to ntds.dit
3. res1.log : Used as reserve space in the case when drive had low space. It is basically 10MB in size and creted when we run dcpromo.
4. res2.log : Same as res1.log. It is also 10MB in size and the purspose also same.
5. edb.chk : This file records the transactions committed to ad database. During shutdown, shutdown statement is written to this file. If it is not found when the system rebooted, the ad database tries to check with edb.log for the updated information.
Edb corruption or Edb active directory corruption is really serious. However you can get this repaired by using edb repair tool.
The Active Directory Database is Stored in %SYSTEM ROOT%\NDTS folder.
the active directory uses the sysvol folder as well
Active Directory in Windows Server 2003
The Active Directory is the one of the important part of Windows Server 2003 networking .First need to know and understand Active directory . How does it work? It makes information easy for the administrator and the users. You can use the Active Directory to design a organization's structure according to the requirement . If you are using the Active Directory then you can scale active directory from a single computer to a single network or to many networks. In active directory you can include every object server and domain in a network.
Logical Component
In the organization you set up in Windows Server 2003 and the organization you set up in Exchange Server 2003 are the same and the same is the case with Windows 2000 and Exchange 2000 as well. Now i am going to tell you it's advantage one user administrator manage all aspects of user configuration. These logical constructs which are described in the following subsections allow you to define and group resources so that they can be located and administered by the name rather than by physical location.
Objects
Object is the basic unit in the Active Directory. It is a apocarpous named set of features that represents something adjective such as a user , printer and the application. A user is also an object. In Exchange a user's features include its name and location , surrounded by other things.
Organization Unit
Organization Unit is a persona in which you can keep objects such as user accounts, groups, computer, printer . applications and other (OU). In organization unit you can assign specific permission to the user's. organization unit can also be used to create departmental limitation.
Domains
Domains is a group of computers and other resources that are part of a network and share a common directory database .Once a server has been installed , you can use the Active Directory Wizard to install Active Directory in order to install Active directory on the first server on the network , that server must have the access to a server running DNS (Domain Name Service). If you don't have install this service on your server then you will have to install this service during the Active Directory installation.. An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996 and first used with Windows 2000.
An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory. An active directory can be defined as a hierarchical structure and this structure is usually broken up into three main categories, the resources which might include hardware such as printers, services for end users such as web email servers and objects which are the main functions of the domain and network. It is interesting to note the framework for the objects. Remember that an object can be a piece of hardware such as a printer, end user or security settings set by the administrator. These objects can hold other objects within their file structure. All objects have an ID, usually an object name (folder name). In addition to these objects being able to hold other objects, every object has its own attributes which allows it to be characterized by the information which it contains. Most IT professionals call these setting or characterizations schemas. Depending on the type of schema created for a folder, will ultimately determine how these objects are used. For instance, some objects with certain schemas can not be deleted, they can only be deactivated. Others types of schemas with certain attributes can be deleted entirely. For instance, a user object can be deleted, but the administrator object can not be deleted. When understanding active directories, it is important to know the framework that objects can be viewed at. In fact, an active directory can be viewed at either one of three levels, these levels are called forests, trees or domains. The highest structure is called the forest because you can see all objects included within the active directory. Within the Forest structure are trees, these structures usually hold one or more domains, going further down the structure of an active directory are single domains. To put the forest, trees and domains into perspective, consider the following example. A large organization has many dozens of users and processes. The forest might be the entire network of end users and specific computers at a set location. Within this forest directory are now trees that hold information on specific objects such as domain controllers, program data, system, etc. Within these objects are even more objects which can then be controlled and categorized.
Do you have to install active directory in server 2008?
No, you do not. You only install Active Directory if the system is going to be a domain controller. If it is a member server or a standalone server Active Directory should not be installed.
repdiag
What is the difference between LDAP and Active Directory?
What i can make out is AD is a proprietary concept developed by Microsoft and LDAP is more open and more general protocol for managing directories in a client-server organization. AD features are limited in that it supports only windows based machine whereas LDAP supports multi platform computers to access directories in the server. Correct me if i am wrong. Sandeep Paudel sandeep_paudel{at}hotmail.com
Domain Users.
What is the single domain system?
A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.domain is security boundary for all the resources in the network like pc,printer etc.
so a single domain system is one which has only one domain in the forest
eg..
xyz.com
and no other domain in the forest except xyz.com.
What is failed to get archive directory listing?
The computer was not able to find the listing. This can happen when you click on a website but it is not working properly.
A metaphor compares two things without using the words "like" or "as". For example: Her hair was the dark night sky.
What happens if GC and infrastructure master are on same DC in active directory?
If you only have one domain in your forest, nothing will be wrong. If you do however have multiple domains in you forest, and you put your GC and infrastructure master on the same machine, things can go horribly wrong. This is because GC and Infrastructure Master use the same NTDS.dit file, changes will be changed by GC and Infrastructure Master checks the NTDS.dit and doesn't see any change, because GC already changed the NTDS.dit Only way you can run GC and infrastructure Master on the same machine in a multiple domain forest is to enable GC on all domain controllers... greets
schema Master
All databases have a schema which is a formal definition (set of rules) which govern the database structure and types of objects and attributes which can be contained in the database. The schema contains a list of all classes and attributes in the forest.
The schema keeps track of:
* Classes
* Class attributes
* Class relationships such as subclasses (Child classes that inherit attributes from the super class) and super classes (Parent classes).
* Object relationships such as what objects are contained by other objects or what objects contain other objects.
There is a class Schema object for each class in the Active Directory database. For each object attribute in the database, there is an attributeSchema object.
Schem Master is A FSMO role held by single DC in forest
Security groups in windows server?
Security groups
Used with care, security groups provide an efficient way to assign access to resources on your network. Using security groups, you can:
Assign user rights to security groups in Active Directory
User rights are assigned to security groups to determine what members of that group can do within the scope of a domain (or forest). User rights are automatically assigned to some security groups at the time Active Directory is installed to help administrators define a person's administrative role in the domain. For example, a user who is added to the Backup Operators group in Active Directory has the ability to backup and restore files and directories located on each domain controller in the domain.
This is possible because by default, the user rights Back up files and directories and Restore files and directories are automatically assigned to the Backup Operators group. Therefore, members of this group inherit the user rights assigned to that group. For more information about user rights, see User rights. For more information about the user rights assigned to security groups, see Default groups.
You can assign user rights to security groups, using Group Policy, to help delegate specific tasks. You should always use discretion when assigning delegated tasks because an untrained user assigned too many rights on a security group can potentially cause significant harm to your network. For more information, see Delegating administration. For more information about assigning user rights to groups, see Assign user rights to a group in Active Directory.
Assign permissions to security groups on resources
Permissions should not be confused with user rights. Permissions are assigned to the security group on the shared resource. Permissions determine who can access the resource and the level of access, such as Full Control. Some permissions set on domain objects are automatically assigned to allow various levels of access to default security groups such as the Account Operators group or the Domain Admins group. For more information about permissions, see Access control in Active Directory.
Security groups are listed in DACLs that define permissions on resources and objects. When assigning permissions for resources (file shares, printers, and so on), administrators should assign those permissions to a security group rather than to individual users. The permissions are assigned once to the group, instead of several times to each individual user. Each account added to a group receives the rights assigned to that group in Active Directory and the permissions defined for that group at the resource.
Like distribution groups, security groups can also be used as an e-mail entity. Sending an e-mail message to the group sends the message to all the members of the group.
How can you view and manage the PDC Emulator FSMO role holder?
The server which holds the PDC FSMO role it can be viewed by few methods
1. go to admin option->users and computers -> select domain->rt click fsmo roles gives three tabs of domain fsmo role holder.
2 for other roles go to admin option->use site -> forest level roles you can see in the properties of each fsmo role holder.
3. NTDS util will help you to see the roles.
What domain controllers become global catalog servers by default?
first domain controller in the forest root domain.
Domain controllers located in different sites will participate in intrasite replication?
Only one domain controller will be used per site to replicate to another site(process called as intersite replication) it could be a bridge head server(selected DC to do replication from the site)or DC selected by ISTG protocol if enabled. there would be lot of DCs in intrasite replication within a site.
yes all the DCs have full information about different partions except for application partion The dcs which have application partition activated can get additional updates for it.
Which servers can be joined to a forest domain windows 2003 interim?
Windows Server 2003, and Windows NT 4.0
What is the process of copying directory data to multiple domain controllers known as?
Replication
The data is available with all domain controller(DC) in case any DC fails other has same files with it.
What is the difference between AD container and an AD Organizational Unit?
This is a Windows term referring to an organizational structure. The term can be used to refer to the structure itself or the general environment under that structure.
A Windows OU is an organization unit (a directory container) for grouping similar accounts or machines. OUs are used to provide a means of delegating authority over a group of accounts or machines to a person (the local administrator). OUs do not require a domain controller or any other physical representation. They are simply a container in the domain database. OUs can contain other OUs to a level of 63 deep. OUs can be used to duplicate actual organizational structure. However, this isn't always recommended
container -- a special type of Active Directory object. A container is like other directory objects in that it has attributes and is part of the Active Directory namespace. However, unlike other objects, it does not usually represent something concrete. It is the container for a group of objects and other containers
Which group is used most often when designing an Active Directory infrastructure?
Windows 2008 server has two groups, security and distribution. Distribution is used for Email. So I would say Security makes sense.
Active Folder is an application that will ease the access to your favorite
folders by providing yiu access to files significantly quicker than usual.
Just add your most visited folders and files to its list,
and you will have them waiting for direct access
in context menu of Open/Save dialog.
If used from system tray, Active Folder will automatically open
Windows Explorer in desired folder or start an application
associated with chosen file.
Active Folder is a simple utility that can save you loads of time.
It is designed to solve the problem of quick and easy access to the
most important folders. Now you just need to add them once to
the Active Folder's list and afterwards have them ready for direct access.
Right-click on any folder or file within Explorer will
show you a context menu with Active Folder as a new option that leads
directly to the list of folders you have chosen before.
Besides, that list contains two more options: Add and Activate for adding
new folders to the list, and Settings for maintaining the list and changing
application's behaviour. If you wish, you can, in the same way,
use Active Folder within Open/Save dialogs!
Now the best part. Whatever we said about folders works for files too! So,
your quick access list can contain frequently used documents together with
desired folders, and why not, try adding some applications' executive files to
complete the list, and use Active Folder as a quick launch utility
for either folders, documents or applications. Active Folder does not have
to stay hidden under context menu.
Let it run in system tray and have it available all the time for the quickest
possible access to your folders and files. You are not limited with number
of folders or files that you can add to the list, but you can limit the number
of items that will be displayed in context menu. Put the most important
items on top of the list, and access the rest through More.. option that
will show up when necessary.
What if your preferred dns server is blank?
if the preferred dns server is blank then the system takes dns as the host server and try to resolve the entries from its own cache if it is able to do it then finew other wise it will show dns error on the IE page.
same thing happens with the resources if its in the cache it will resolve the FQDN to IP othere wise will give error
