An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996 and first used with Windows 2000.

An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory.

An active directory can be defined as a hierarchical structure and this structure is usually broken up into three main categories, the resources that might include hardware such as printers, services for end users such as web email servers and objects, which are the main functions of the domain and network.

It is interesting to note the framework for the objects. Remember that an object can be a piece of hardware such as a printer, end user or security settings set by the administrator. These objects can hold other objects within their file structure. All objects have an ID, usually an object name (folder name). In addition to these objects being able to hold other objects, every object has its own attributes, which allows it to be characterized by the information, which it contains. Most IT professionals call these setting or characterizations schemas.

Depending on the type of schema created for a folder, will ultimately determine how these objects are used. For instance, some objects with certain schemas can not be deleted, they can only be deactivated. Others types of schemas with certain attributes can be deleted entirely. For instance, a user object can be deleted, but the administrator object can not be deleted.

When understanding active directories, it is important to know the framework that objects can be viewed at. In fact, an active directory can be viewed at either one of three levels, these levels are called forests, trees or domains. The highest structure is called the forest because you can see all objects included within the active directory.

Within the Forest structure are trees, these structures usually hold one or more domains, going further down the structure of an active directory are single domains. To put the forest, trees and domains into perspective, consider the following example.

A large organization has many dozens of users and processes. The forest might be the entire network of end users and specific computers at a set location. Within this forest directory are now trees that hold information on specific objects such as domain controllers, program data, system, etc. Within these objects are even more objects which can then be controlled and categorized

The Restartable Active Directory, that allows you to have the ntds.dit in offline mode WITHOUT rebooting the domain controller.

,

basically it must support dynamic updates and SRV records. So it's possible to run the DNS server also on non-Microsoft implementations of DNS like BIND.

But when you use Microsoft DNS (built in Windows Server operating systems), you don't need to care whether it supports Active Directory - it simply does.

The shield icon indicates that User Access Control is enabled for that button, requiring administrative access to change. This process is user also called 'process elevation', in reference to the need to 'elevate' user authority in order to complete the process.

Wireless Networking

Run as Administrator (page 129 in the TAKE NOTE* grey box on the left)

The default link name is Default first site

Because of the tombstone life which is set to only 60 days

Each RODC will have an analagous group that will prevent users passwords from being stored only on a single DC. Members of the purpose group are not eligible to have their passwords stored on any RODC in the domain

There are several differences between 2003 and 2008 servers. They look different and their tools are different.

For example Windows 2008 native IP-stack is ver6, which differs from Windows 2003.

Management tools are different in Win 2008; some are better.

Installation is easier, adding new roles to server is much easier. Many support both systems in their work and believe Windows 2008 is quite good and is an improvement to Windows 2003.

Windows 2008 needs more power from the system than Windows 2003, but most problems are caused by mixing different server platforms on DC. You can mix Windows 2000, 2003 and 2008 member servers, but not DCs. There is one exception: Don't consider SBS2008. You can't upgrade it to standard, SBS is for little environment. If you have to buy new CALs, they are much expensive than standards CALs. SBS2008 is also only 64bit and you have to load in compatibility mode in normal systems.

I would consider not to install 2k8 if you are supporting a network with NT legacy as 2k8 is not reverse compatible to NT.

Its is recommended just because in case of one fails other server can take over the roles and the network does not crash down.

TCP/IP is the standard default.

If you are on Windows XP, do the following:

1) Open any document folder.

2) Go to "Tools".

3) Go to "Folder Options".

4) Go to "View" tab.

5) Choose "Show hidden files, folders, and drives".

6) Uncheck "Hide protected operating system files (Recommended)".

7) Go to "C:\".

8) Find "ntldr" file.

9) Simply delete "ntldr" file.

10) Restart your computer and it will not start properly.

The sysVOL folder stores the server's copy of the domain's public files. The contents such as group policy, users etc of the sysvol folder are replicated to all domain controllers in the domain.

The sysvol folder must be located on an NTFS volume The article describes how to use the Burflags registry entry to rebuild each domain controller's copy of the system volume (SYSVOL) tree on all domain controllers in a common Active Directory directory service domain. The term SYSVOL refers to a set of files and folders that reside on the local hard disk of each domain controller in a domain and that are replicated by the File Replication service (FRS).

Network clients access the contents of the SYSVOL tree by using the following shared folders:

Excessive load on existing servers

Fault tolerance

To isolate a new application

1.-schema partition

2.-configuration partition

3.-domain partition

4.-application partition

objectGUID property

unique security identifiers (SIDs)

Each object represents a single entity-whether a user, a computer, a printer, or a group-and its attributes. Certain objects can contain other objects. An object is uniquely identified by its name and has a set of attributes-the characteristics and information that the object represents- defined by a schema, which also determines the kinds of objects that can be stored in Active Directory.

NTLM AND kerberos

Microsoft adopted Kerberos as the preferred authentication protocol for Windows 2000 and subsequent Active Directory domains.[5] Kerberos is typically used when a server belongs to a Windows Server domain, or if a trust relationship with a Windows Server Domain is established in some other way (such as Linux to Windows AD authentication).[citation needed]

NTLM is still used in the following situations:

* The client is authenticating to a server using an IP address.

* The client is authenticating to a server that belongs to a different Active Directory forest that has a legacy NTLM trust instead of a transitive inter-forest trust

* The client is authenticating to a server that doesn't belong to a domain.

* No Active Directory domain exists (commonly referred to as "workgroup" or "peer-to-peer").

* Where a firewall would otherwise restrict the ports required by Kerberos (of which there are quite a few)

In Windows Vista and above, neither LM nor NTLM are used by default[citation needed]. NTLM is still supported for inbound authentication, but for outbound authentication a newer version of NTLM, called NTLMv2, is sent by default instead. Prior versions of Windows (back as far as Windows NT 4.0 Service Pack 4) could be configured to behave this way, but it was not the default.

Installing Server 2008 in a virtual machine is really no different than installing in a physical box; you boot the install DVD in the virtual machine and follow the prompts the same way as booting from the DVD on a real, physical machine.

Domain Group Policy is an infrastructure inside of the Microsoft Windows operating systems (Windows Server 2000, 2003, and 2008, along with Vista) that allows the administrator to implement specific configurations for both computers and users. This infrastructure is what provides the centralized management and configuration for an Active Directory environment. Group Policy provides directory-based desktop-configuration management. With Group Policy, you can specify policy settings for registry-based policies, security, software installations, scripts, folder redirection, Remote Installation Services (RIS), and Internet Explorer maintenance.

Admins use Group Policy to define specific configurations for groups of users and computers by creating Group Policy settings. These settings are specified by the Group Policy Object Editor tool and contained in a Group Policy object (GPO), which is in turn linked to Active Directory containers, such as sites, domains, or OUs. Domain Group Policy is the configuration of groups and users within a domain. In this way, Group Policy settings are applied to the users and computers in those Active Directory containers. Admins can configure the users