70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 4: Active Directory ArchitectureSlide 2
Objectives Describe the hidden database of Active Directory Describe the Active Directory mapping and how it can be expanded Describe the distinctive Active Directory segments and their capacitiesSlide 3
Active Directory Physical Database Storage Layers Provide the index benefit Include: Extensible Storage Engine (ESE) Database layer Directory Service Agent (DSA)Slide 4
Active Directory LayersSlide 5
Active Directory Physical Database Storage Extensible Storage Engine: Lowest level Directly in charge of controlling database All articles put away in nonhierarchical frame Rows in database table Database layer: Responsible for giving item situated various leveled see Directory Service Agent: Third layer Responsible for upholding rules Govern how protests in Active Directory are made and controlled Only adjoining layers speak with each otherSlide 6
Extensible Storage Engine Active Directory store: Transactional database Transaction Each expansion, change, or erasure Needed information is stacked from plate to memory.Slide 7
Extensible Storage Engine (proceeded with) Example: Viewing properties of a client account ESE loads information client account information shape plate to memory. Exchange Operation is logged to hard plate (First thing that happens) Modification exchange performs made to the in-memory duplicate of information Manipulating in-memory duplicate of information is speedier that going to circleSlide 8
Extensible Storage Engine (proceeded with) AD store can be numerous gigabytes in size. Putting away whole database in memory is not handy due to limited measure of memory accessible To tackle this issue, ESE utilizes a Least as of late utilized calculation to write to plate (Data that has not been gotten to or altered as of late is the first to be composed back to circle.) Move information that is no longer required Write changes back to hard drive When memory is running low System is at a time of low actionSlide 9
Extensible Storage Engine (proceeded) (if there should be an occurrence of driver crashers, UPS disappointment) Transactions: ESE composes all exchanges to log before they are made to in-memory duplicate Next time area controller begins, ESE can utilize exchanges recorded in log Reapply changes to duplicate of information put away on hard circle Called recuperating the database Done without client mediationSlide 10
Extensible Storage Engine (proceeded with) Checkpoints: Shorten recuperation times Reduce measure of hard drive space logs take up Completed exchanges composed back to circle Fact that exchanges were effectively composed is noted ESE just needs to reapply exchanges from purpose of last checkpoint Transactions can be erased from log Note: Shutdown of area controller makes a checkpoint in exchange log. At the point when server is begun ESE check log, if no checkpoint exhibit, a recuperation is performed.Slide 11
Active Directory File Structure Files required by ESE to keep up Active Directory Store respectability: NTDS.DIT EDB.LOG EDB XXXXX .LOG EDB.CHK RES1.LOG and RES2.LOG TEMP.EDBSlide 12
Active Directory FilesSlide 13
NTDS.DIT This is the principle AD database. NTDS remains for NT Directory Services . The DIT remains for Directory Information Tree . Stores all articles and their characteristics Located in %SYSTEMROOT%\ NTDS organizer on area controllers Made up of three tables: Schema table Data table Link tableSlide 14
EDB.LOG This is an exchange log. Any progressions made to objects in Active Directory are initially spared to an exchange log. Amid breaks in CPU movement, the database motor confers the exchanges into the fundamental Ntds.dit database. This guarantees the database can be recouped in case of a framework crash. Sections that have not been focused on Ntds.dit are kept in memory to enhance execution. Exchange log documents utilized by the ESE motor are constantly 10MB.Slide 15
EDBXXXXX.LOG Auxiliary exchange logs used to store changes if the principle Edb.log document gets full before it can be flushed to Ntds.dit. At the point when EDB.LOG is filled, it is renamed to EDBXXXXX.LOG The first Edb.log record is renamed to Edb00001.log, and EdbXXXXX.log is renamed to Edb.log document, and the procedure begins once again once more. Overabundance log documents are erased after they have been conferred. Like clockwork: Garbage-accumulation handle runs Deletes old EDB XXXXX .LOG You may see more than one Edbxxxxx.log record if a bustling space controller has many upgrades pending.Slide 16
EDB.CHK This is a Checkpoint document It is utilized by the exchange logging framework to stamp the time when upgrades are exchanged from the log records to Ntds.dit. Framework recuperating from disappointment As exchanges are conferred, the checkpoint pushes ahead in the EDB.CHK record. In the event that the framework ends anomalous, the pointer tells the framework how far along a given arrangement of submits had advanced before the end. .Slide 17
RES1.LOG and RES2.LOG These are save log records. In the event that area controller comes up short on free plate space, utilizes held space from documents Prevents overhauls from being lost because of lacking circle space The framework then puts a critical cautioning on the screen inciting you to make a move to free up circle space rapidly before Active Directory gets undermined. You ought to never let a volume containing Active Directory records get even near being full. Vital: Include extra free space to store Active Directory database as it developsSlide 18
TEMP.EDB Temporary storage room Hold expansive exchanges while they are in process Used amid support operationsSlide 19
LDAP When Microsoft chose to supplant the awkward Registry-based record administration framework in great NT with a genuine catalog benefit, as opposed to devise an exclusive index administration of their own, they received LDAP. Lightweight Directory Access Protocol Primary conventions for getting to data indexes. Fundamental to see how to utilize LDAP naming waysSlide 20
LDAP (proceeded) DN (Distinguished Name) Every question in Active Directory has exceptional name Describes precisely where the protest is situated in the protest chain of importance Made up of: Name of the protest All of parent questions above it in pecking orderSlide 21
LDAP (proceeded) RDN (Relative Distinguished Name) Identifies protest inside its holder Contains just name of question Acronyms for question names: DC (Domain Component) Part of an area name OU (Organizational Unit) Name of a hierarchical unit CN (Common Name) Name of most questionsSlide 22
LDAP (proceeded with) Name case: Lori Thompson situated in dev.supercorp.net area in Research authoritative unit DN: CN=Lori Thompson OU=Research DC=dev, DC=supercorp, DC=net RDN: CN=Lori ThompsonSlide 23
Active Directory Schema All accessible protests and qualities Sets out precisely: What sort of items are spoken to What properties or traits are required or discretionary What sorts of qualities are satisfactory Tool expected to alter the mapping is not accessible naturally (regsvr32 schmmgmt.dll)Slide 24
Activity 4-1: Registering Active Directory Schema Console Objective: Register the Active Directory Schema snap-in so you can see and adjust the composition Follow guidelines to enlist the supportSlide 25
Naming Every question class and characteristic in the pattern must have: Unique basic name LDAP show name Object Identifier (OID)Slide 26
Common Name Rules Start name with enrolled DNS name of organization Separate each level of DNS name with hyphens (- ) rather than periods Add another hyphen (- ) at end of organization\'s name Enter ebb and flow year Follow year with another hyphen (- )Slide 27
Common Name Rules (proceeded with) Choose item particular prefix Must be remarkable inside organization Identifies item or utilization of class or property Should start with capitalized letter with extra letters utilizing capitalization of your decision Follow item particular prefix with hyphen (- ) Enter name of class or trait isolated by hyphensSlide 28
LDAP Display Name Rules Start with regular name as of now made for class or property Make first character of item particular prefix lowercase Characters taking after first character might be capitalized or lowercaseSlide 29
LDAP Display Name Rules (proceeded with) Make each character in class or property some portion of name that is gone before by a hyphen (- ) capitalized Remove all hyphens (- ) after item particular prefixSlide 30
Example basic names and LDAP show namesSlide 31
OID space must be gotten independently Not some portion of enrolled DNS space name Two essential approaches to acquire an OID space: Through Microsoft International Standards Organization (ISO)Slide 32
Object Classes Definition of each kind of protest Like a layout from which articles are made Inheritance Class Types: Structural classes Abstract classes Auxiliary classes 88 classesSlide 33
Object Classes (proceeded with) Possible bosses Controls which sorts of items new protest can be instantiated or moved under Example: client protest can\'t be made (or moved) under a printer questionSlide 34
Activity 4-2: Creating a Structural Class Objective: Learn how to extend the Active Directory outline to incorporate extra classes Use Active Directory Schema to make another classSlide 35
Attributes Schema contains rundown of every single conceivable quality Class is doled out both compulsory and discretionary qualities Object is entirety of its traits Syntaxes Defines information sort property can storeSlide 36
Common SyntaxesSlide 37
Common Syntaxes (proceeded)Slide 38
Indexes Similar in idea to file toward the rear of book shop values (all together) for all protests that have a surrendered quality Speed inquiries Slow down production of articles and upgrading of properties Choose characteristics that have very extraordinary qualitiesSlide 39
Activity 4-4: Adding an Optional Attribute to a Class Obj
SeaPort Improved (SeaPort-e) Operations Methods. Reason.
Magnifying instruments and Accessories. Sitting at a magnifying instrument for delayed periods c ...
Gun, Longworth, Rayburn, and Ford House Office. Structures. Hart, Dirksen, and Russell Senate Of ...
Ritual of Christian Initiation of Adults: 1972. On Evangelization in the Modern World: 1976 ... ...
In consistence markets, costs range from $2 in TX to $55 in MA and ... Assessment occasions: Red ...
2007 Microsoft Office Add-in: Microsoft Save as PDF or XPS. http://www.microsoft.com/downloads/d ...
Session Objectives. Microsoft Superplatform as a Market LeaderBizTalk ResourcesConsider the whol ...
2. What is the part of an architect?What is programming architecture?Do I need to wind up a desi ...
Organizational Goal Setting & Planning. Chapter 7. Microsoft’s Windows Is everywhere… Re ...
Encoding with Windows Media. Daniel Orme-Doutre (dano) Consulting Engineer Microsoft Corpor ...
The Place Lab Location Enhanced Computing Project. Jeffrey Hightower, University of Washingt ...
2. ?????? . Microsoft Word2003???? ?????? ? ???? Microsoft PowerPoint2003???? ?????? ? ????Offic ...
References. Presenting WCF, David Chappell, www.davidchappell.com/IntroducingWCFv1.2.1.pdfUsing ...
. . . Affiliate Option Kit (ROK) Defined. . . Programming circulation technique intended for OEM ...
Presentation. Item OverviewProduct Support InformationSystem requirementsCreditsQuestions. Micro ...
What is an administration patch?. This presentation will look at the accompanying things and how ...
Designing Assessment of FPI. Give building information to bolster choices in regards to the shel ...
Plan. 9-10 a.m. Overview10-11 a.m.Registry Concepts11 a.m.- noonDirectory StructureNoon-1 p.m.Lunch