Active Directory Objects Notes PDF
Document Details
Uploaded by WellRoundedQuantum5312
Tags
Summary
These notes provide an overview of Active Directory objects, covering leaf objects (like users and computers), organizational units (OUs), domains, and trees. The document explains how these components are structured and relate to each other in a network.
Full Transcript
Active Directory Objects Active directory is made up of various types of objects. Objects are created from a “class” which defines the properties they have. The schema controls what classes can be created. An analogy is a car manufacturer. Ford decides which models of SUVs can be created by its com...
Active Directory Objects Active directory is made up of various types of objects. Objects are created from a “class” which defines the properties they have. The schema controls what classes can be created. An analogy is a car manufacturer. Ford decides which models of SUVs can be created by its company, this would be the schema. One of the cars that can be made is the Ford Explorer (class). On the assembly floor they create a Red Ford Explorer (Object). They could also produce a Green Ford Explorer (Object) from the same class. It would also have all the qualities of a Ford Explorer but it has different properties, Green vs. Red. The schema is a list of all objects which can be made (Users, Groups, OUs…). The class determines which properties each object can have (First Name, Last Name, Office…) and the object itself contains its properties (Rob, Brotherston, Room 215). We can add or remove properties from an object by “extending the schema”. We will do this later in the course. There are many types of Active Directory objects but most of them fall into one of two types, leaf objects or organizational objects. Leaf Objects User Accounts Domain users can logon to the domain at any member computer and be assigned permissions to any domain resource (folder, file, printer, etc…) Must have at least a 1st name and logon name assigned to the account. Group Accounts Used to simplify management Can group user accounts, computers, or other groups. Used to apply permissions to several objects at once. Objects must be specified as a member of the group. Computer Objects Computers must have an account to belong to a domain. Can be created before (prestaging) or when joining the domain. Organizational Objects Organizational Units (aka OUs) Used as containers to organize objects in AD. Like “folders” in the file system. Allows policy application to a group of similar objects. Can have sub-OUs OU Domain Basic policy and security objects. Require a domain controller. Act as a replication boundary. Represented by a triangle. Lan99.net Tree A single domain or group of domains which share a contiguous namespace with the parent domain. A continuous namespace means that they share the root domains name, in the diagram below all domains share the Lan99.net root. Can have child domains. All domains in a tree create 2-Way Transitive trusts with each other. This means that all domains trust each other, and a user can logon to or access resources in any of the domains in the tree. Lan99.net West.Lan99.net East.Lan99.net Forest A collection of trees. The Global Catalog (see Notes 1b) contains entries for all objects in the forest. Shares a common schema. Shares one enterprise administrator and schema administrator account. Contains trees with non-contiguous namespaces. You can create non-transitive forest-root trusts between two trees. In the example below, forest-root trusts have been created between the root domains in 3 non- contiguous trees. A user from Forest 1 could log in to Forest 2 but not 3 as the trust is non- transitive.
