搜索
Microsoft®OfficialCourseModule2IntroductiontoActiveDirectoryDomainServicesModuleOverview•OverviewofADDS•OverviewofDomainControllers•InstallingaDomainControllerLesson1:OverviewofADDS•OverviewofADDS•WhatAreADDSDomains?•WhatAreOUs?•WhatIsanADDSForest?•WhatIstheADDSSchema?•WhatIsNewforWindowsServer2012ActiveDirectory?•WhatIsNewforWindowsServer2012R2ActiveDirectory?OverviewofADDSLogicalcomponentsPhysicalcomponents•Partitions•Schema•Domains•Domaintrees•Forests•Sites•OUs•Containers•Domaincontrollers•Datastores•Globalcatalogservers•RODCsADDSiscomposedofbothlogicalandphysicalcomponentsWhatAreADDSDomains?•Thedomainisareplicationboundary•Thedomainisanadministrativecenterforconfiguringandmanagingobjects•Anydomaincontrollercanauthenticateanysign-inanywhereinthedomain•ThedomainprovidesauthorizationADDSComputersUsersGroups•ADDSrequiresoneormoredomaincontrollers•Alldomaincontrollersholdacopyofthedomaindatabase,whichiscontinuallysynchronized•Thedomainisthecontextwithinwhichuseraccounts,computeraccounts,andgroupsarecreatedWhatAreOUs?•Containersthatcanbeusedtogroupobjectswithinadomain•CreateOUsto:•ConfigureobjectsbyassigningGPOs•DelegateadministrativepermissionsOUsarerepresentedbyafolderwithabookonitContainersarerepresentedbyablankfolderWhatIsanADDSForest?Treerootdomainfabrikam.comatl.adatum.comChilddomainadatum.comForestrootdomainWhatIstheADDSSchema?TheschemadefinestheobjectsthatcanbestoredinADDSWhatIsNewforWindowsServer2012ActiveDirectory?InWindowsServer2012AD,itiseasierto•Detecteventssuchasasnapshotrollback•Installandconfigureclonedvirtualmachines•Preparethesystembeforeinstallingorupgradingdomaincontrollers•UseWindowsPowerShellscriptstoautomatemultipleADDSinstallations•Controlwhocanaccessresources•RecoverobjectsfromtheActiveDirectoryRecycleBin•UseandmanagetheRIDpool•DeferindexcreationWhatIsNewforWindowsServer2012R2ActiveDirectory?Improvementsforusingconsumerdevicesintheenterprise:WorkplaceJoin•AllowsconsumerdevicestoparticipateinthedomainWebApplicationProxy•AllowsapplicationstobepublishedtotheInternetMulti-FactorAccessControl•AllowsclaimsusingdifferentfactorsMulti-FactorAuthentication•AllowsyoutospecifytheuseofmultiplefactorsforauthenticationMicrosoft®OfficialCourseThanks!如有疑问请与我联系:10804072Lesson2:OverviewofDomainControllers•WhatIsaDomainController?•WhatIstheGlobalCatalog?•TheADDSSign-inProcess•Demonstration:ViewingtheSRVRecordsinDNS•WhatAreOperationsMasters?WhatIsaDomainController?Domaincontrollers•ServersthathosttheADDSdatabase(Ntds.dit)andSYSVOL•KerberosauthenticationserviceandKDCservicesperformauthentication•Bestpractices:•Availability:Atleasttwodomaincontrollersinadomain•Security:RODCandBitLockerWhatIstheGlobalCatalog?Theglobalcatalog:HostsapartialattributesetforotherdomainsintheforestSupportsqueriesforobjectsthroughouttheforestADDSGlobalcatalogserverSchemaConfigurationDomainADomainBDomainBConfigurationSchemaDomainBConfigurationSchemaDomainAConfigurationSchemaTheADDSSign-inProcessDomaincontrollerServerWorkstationTheADDSsign-inprocess:1.Theuseraccountisauthenticatedtothedomaincontroller.2.ThedomaincontrollerreturnsaTGTbacktoclient.3.TheclientusesTGTtoapplyforaccesstotheworkstation.4.Thedomaincontrollergrantsaccesstotheworkstation.5.TheclientusesTGTtoapplyforaccesstotheserver.6.Thedomaincontrollerreturnsaccesstotheserver.Demonstration:ViewingtheSRVRecordsinDNSInthisdemonstration,youwillseehowtouseDNSManagertoviewSRVrecordsWhatAreOperationsMasters?Inthemulti-masterreplicationmodel,someoperationsmustbesinglemasterManytermsareusedforsinglemasteroperationsinADDS,including:•Operationsmaster(oroperationsmasterroles)•Singlemasterroles•Flexiblesinglemasteroperations(FSMOs)ThefiveFSMOsare:•Forest:•Domainnamingmaster•Schemamaster•Domain:•RIDmaster•Infrastructuremaster•PDCEmulatormasterMicrosoft®OfficialCourseThanks!如有疑问请与我联系:10804072Lesson3:InstallingaDomainController•InstallingaDomainControllerfromServerManager•InstallingaDomainControlleronaServerCoreInstallationofWindowsServer2012•UpgradingaDomainController•InstallingaDomainControllerbyUsingInstallfromMedia•WhatIsWindowsAzureActiveDirectory?•DeployingDomainControllersinWindowsAzureInstallingaDomainControllerfromServerManagerDeploymentConfigurationsectionoftheActiveDirectoryDomainServicesConfigurationWizardInstallingaDomainControlleronaServerCoreInstallationofWindowsServer2012InstallingADDSisatwo-stepprocessregardlessofwhichinstallationmethodyouuse•Method1,useServerManageronaWindows2012serverwithaGUIinterfacetoconnecttothesystem1.InstallthefilesbyinstallingtheActiveDirectoryDomainServicesrole2.InstallthedomaincontrollerrolebyrunningtheActiveDirectoryDomainServicesConfigurationWizard•Method2,UseWindowsPowerShelllocally,orremotelyusingWinRM1.InstallthefilesbyrunningthecommandInstall-WindowsFeatureAD-Domain-Services2.InstallthedomaincontrollerrolebyrunningthecommandInstall-ADDSDomainControllerUpgradingaDomainControllerOptionstoupgradeADDStoWindowsServer2012:•In-placeupgradefromWindowsServer2008toWindowsServer2012•Benefit:Exceptfortheprerequisitechecks,allthefilesandprogramsstayinpl