Sunday, 19 July 2015

Introduction to Server

1)Used for centralized approach to provide various services like User authentication,Web services,Mail services,etc.

2)For centralized approach we use,Domain names to logically define the boundary of an organization.
   For <-- Which is also known as FQDN(Fully Qualified Domain name) <--- This is my FQDN

where server1 is my Hostname and is my Domain name.

3)Domain names are the object reference which the client looksup for services.They cannot resolve this without the help of

DNS.The DNS has SRV records that enables different services to communicate via their port numbers.
   For eg:port number for ldap is 389,where ldap is lightweight directory services.And it also helps server and client to

resolve the domain name to their IP and viceversa.

   (Note:Kerberos <--- Port Number is 88.It encrypt the username and password )

   (Note:To Check SRV:Open Service Manager(SM) ---> Tools ----> DNS --->__.msdc .)

4)For example:-If a user tries to logon to a domain then firstly that computer has to be a part of that domain and should

be listed in the domain controllers active directory under"computers".
   Next it should be able to resolve the domain name hence always provide the domain controllers IP where DNS is enabled to

the clients network setings.
   Now that we have all the necessary pre-requisites we may logon as "cms\user1"
   where cms->domain name
   Now that the client has provided the computer into the domain.the domain KDC(key directory connection)service will

provide a TGT(Ticket granting Ticket) which is sort of a card used to verify access.
   Back to the user logon that is trying to logon with username "cms\user1" now this
   PC(i.ePC1) will use its TGT and Kerberos to authenticate the credentials and TGT will verify if this user has rights to

logon on this PC1.If it has then that TGT request is granted by the server to this client.

5)AD is the database containing all the objects like users,computers and other network resources.The information is present

in the default directory  "C:\Windows\NTDS" .
   Here,NTDS.DIT is the file that contains the AD which further includes the Schema partition.The Schema partition defines

the attributes of the objects that AD stores.
   This Schema can only be selected in the root forest domain. Since the Schema Master Role is only present there.
   The root forest domain has the two groups that have those rights i.e. Enterprise Admin's and Schema Admin's.
   Enterprise Admin's group members have the right to edit the domain naming context.While the Schema Admin's can edit the


6)All the domain controllers in a forest share the same schema.The AD database is replicated among all of them in a Domain

only except for RODC(Read Only Domain Controller).

No comments:

Post a Comment