Introduction to Server
1)Used for centralized approach to provide various services like User authentication,Web services,Mail services,etc.
2)For centralized approach we use,Domain names to logically define the boundary of an organization.
For eg:cms.com <-- Which is also known as FQDN(Fully Qualified Domain name).eg:server1.cms.com <--- This is my FQDN
where server1 is my Hostname and cms.com is my Domain name.
3)Domain names are the object reference which the client looksup for services.They cannot resolve this without the help of
DNS.The DNS has SRV records that enables different services to communicate via their port numbers.
For eg:port number for ldap is 389,where ldap is lightweight directory services.And it also helps server and client to
resolve the domain name to their IP and viceversa.
(Note:Kerberos <--- Port Number is 88.It encrypt the username and password )
(Note:To Check SRV:Open Service Manager(SM) ---> Tools ----> DNS --->__.msdc .)
4)For example:-If a user tries to logon to a domain then firstly that computer has to be a part of that domain and should
be listed in the domain controllers active directory under"computers".
Next it should be able to resolve the domain name hence always provide the domain controllers IP where DNS is enabled to
the clients network setings.
Now that we have all the necessary pre-requisites we may logon as "cms\user1"
where cms->domain name
user1->user
Now that the client has provided the computer into the domain.the domain KDC(key directory connection)service will
provide a TGT(Ticket granting Ticket) which is sort of a card used to verify access.
Back to the user logon that is trying to logon with username "cms\user1" now this
PC(i.ePC1) will use its TGT and Kerberos to authenticate the credentials and TGT will verify if this user has rights to
logon on this PC1.If it has then that TGT request is granted by the server to this client.
5)AD is the database containing all the objects like users,computers and other network resources.The information is present
in the default directory "C:\Windows\NTDS" .
Here,NTDS.DIT is the file that contains the AD which further includes the Schema partition.The Schema partition defines
the attributes of the objects that AD stores.
This Schema can only be selected in the root forest domain. Since the Schema Master Role is only present there.
The root forest domain has the two groups that have those rights i.e. Enterprise Admin's and Schema Admin's.
Enterprise Admin's group members have the right to edit the domain naming context.While the Schema Admin's can edit the
Schema.
6)All the domain controllers in a forest share the same schema.The AD database is replicated among all of them in a Domain
only except for RODC(Read Only Domain Controller).
1)Used for centralized approach to provide various services like User authentication,Web services,Mail services,etc.
2)For centralized approach we use,Domain names to logically define the boundary of an organization.
For eg:cms.com <-- Which is also known as FQDN(Fully Qualified Domain name).eg:server1.cms.com <--- This is my FQDN
where server1 is my Hostname and cms.com is my Domain name.
3)Domain names are the object reference which the client looksup for services.They cannot resolve this without the help of
DNS.The DNS has SRV records that enables different services to communicate via their port numbers.
For eg:port number for ldap is 389,where ldap is lightweight directory services.And it also helps server and client to
resolve the domain name to their IP and viceversa.
(Note:Kerberos <--- Port Number is 88.It encrypt the username and password )
(Note:To Check SRV:Open Service Manager(SM) ---> Tools ----> DNS --->__.msdc .)
4)For example:-If a user tries to logon to a domain then firstly that computer has to be a part of that domain and should
be listed in the domain controllers active directory under"computers".
Next it should be able to resolve the domain name hence always provide the domain controllers IP where DNS is enabled to
the clients network setings.
Now that we have all the necessary pre-requisites we may logon as "cms\user1"
where cms->domain name
user1->user
Now that the client has provided the computer into the domain.the domain KDC(key directory connection)service will
provide a TGT(Ticket granting Ticket) which is sort of a card used to verify access.
Back to the user logon that is trying to logon with username "cms\user1" now this
PC(i.ePC1) will use its TGT and Kerberos to authenticate the credentials and TGT will verify if this user has rights to
logon on this PC1.If it has then that TGT request is granted by the server to this client.
5)AD is the database containing all the objects like users,computers and other network resources.The information is present
in the default directory "C:\Windows\NTDS" .
Here,NTDS.DIT is the file that contains the AD which further includes the Schema partition.The Schema partition defines
the attributes of the objects that AD stores.
This Schema can only be selected in the root forest domain. Since the Schema Master Role is only present there.
The root forest domain has the two groups that have those rights i.e. Enterprise Admin's and Schema Admin's.
Enterprise Admin's group members have the right to edit the domain naming context.While the Schema Admin's can edit the
Schema.
6)All the domain controllers in a forest share the same schema.The AD database is replicated among all of them in a Domain
only except for RODC(Read Only Domain Controller).
No comments:
Post a Comment