Week 9 Active Directory Domains and Trusts, Schema PDF

Summary

This document provides an overview of Active Directory, domains, trusts, and schema. It covers concepts like domain details, tree structures, forests, and different types of trusts. The document also describes how to create and edit trusts and functionality levels.

Full Transcript

Week 9: Active Directory Domains and Trusts, Schema
---------------------------------------------------

This week...
------------

- Introduction to Domains and Trusts

- Introduction to Trust Relationships

- Forest Functionality Levels

- The Schema

A quick recap...
----------------

Domain in Detail
----------------

Tree
----


Forest
------

### How Forests and Trees grow

The initial forest/tree
-----------------------

### Domains, Trees, Forests and **Trusts**

YourLastname.com

Trust

Example.com

Email.example.com

Important: Forest Names
-----------------------

Important: Forest Names (con't)
-------------------------------

What about multiple forests?
----------------------------

Multiple Forests
----------------

- Autonomy (via segregating everything including the schema)

- Segregation (limiting access to anyone outside of the forest)

Multiple Forest Example
---------------------------------------------

Classifying Trusts
------------------

- Characteristics:

- Transitive

- Non-Transitive

- Direction

- One-way

- Two-way

Brief list of Trust Types
-------------------------

- Parent-Child

- Tree-Root

- Forest Trusts

- Shortcut Trusts

- External Trusts (not discussed)

Breaking down Trusts
====================

Transitivity
------------

- A transitive trust can be used to extend trust relationships with
other domains.

- A non-transitive trust can be used to deny trust relationships with
other domains.

- A transitive trust is a trust that is extended to each object that
the is trusted

- In contrast, a non-transitive trust extends only to one object (a
1:1 mapping)

Direction
---------

- A two-way trust has both objects trust each other and allow sharing
of objects bidirectionally.

- A one-directional trust has trust flow one way, for example, a
domain may simply trust another for authentication, but not allow
access to any resources.

Parent-Child trust
------------------


Forest Trust Illustrated
------------------------

+-----------------------+-----------------------+-----------------------+
| Yourlastname.local | | Yourfirstname.local |
| | | |
| Parent-child trust | | |
| Parent-child trust | | |
+-----------------------+-----------------------+-----------------------+
| | | |
+-----------------------+-----------------------+-----------------------+

Shortcut trusts
---------------


Functionality Levels
====================

What are Functionality Levels?
------------------------------

- Server 2000

- Server 2003

- Server 2008

- Server 2008R2

- Server 2012

- Server 2012R2

- Server 2016

- There have been no new forest or domain functional levels added
since Windows Server 2016. Later operating system versions can and
should be used for domain controllers, however they use Windows
Server 2016 as the most recent functional levels.


Schema
======

The Schema
----------

What is the Schema Used For?
----------------------------

Editing the Schema
------------------

When the Schema is updated
--------------------------

Instructor-Led Demonstration
----------------------------

#### Exploring Multi-Domain Design

- In this demonstration, we will complete the following:

- Create a separate tree domain called Tree.local in an existing
forest

- Create a child domain called child.tree.local

Instructor-Led Demonstration 2
------------------------------

#### Exploring Domains and Trusts

- In this demonstration, we will complete the following:

- Create another domain in a separate forest

- Configure DNS to allow both forest domains to communicate with
each other

- Create a two-way trust between both forests