| 00:00:03 |
00:00:04 |
OK, next we
have a domain, |
| 00:00:04 |
00:00:06 |
which is depicted by
the triangle here. |
| 00:00:06 |
00:00:08 |
And that's how you'll
see them referenced |
| 00:00:08 |
00:00:11 |
in many book and in Microsoft's
own documentation. |
| 00:00:12 |
00:00:16 |
Active directory uses domains to
reflect your company's organization. |
| 00:00:17 |
00:00:20 |
Domains form a security boundary
around the objects that they contain |
| 00:00:21 |
00:00:24 |
using access control lists, or
ACLs, and security policies |
| 00:00:24 |
00:00:28 |
to permit or deny access to
objects inside the domain. |
| 00:00:29 |
00:00:31 |
So to create a domain
we are going to need |
| 00:00:31 |
00:00:33 |
at least one
domain controller. |
| 00:00:34 |
00:00:35 |
Or two domain controllers
for redundancy |
| 00:00:36 |
00:00:38 |
in case one happens to
be offline for any reason. |
| 00:00:40 |
00:00:43 |
These domain controllers keep a
central list of user passwords |
| 00:00:43 |
00:00:47 |
and permissions that these users
have to objects in the domain. |
| 00:00:48 |
00:00:52 |
And the domain stores information only
about the objects that it contains. |
| 00:00:53 |
00:00:58 |
Now within our domains we can also
create organization unites, or OUs. |
| 00:00:59 |
00:01:03 |
OUs are just containers that are used to
organize objects into a logical group. |
| 00:01:04 |
00:01:08 |
Now an OU can contain objects like
user accounts, or groups, computers, |
| 00:01:08 |
00:01:12 |
printers, file shares, and OUs
can also contain other OUs. |
| 00:01:13 |
00:01:17 |
OUs provide the most
granular scope to which |
| 00:01:17 |
00:01:19 |
you can assign
administrative authority. |
| 00:01:19 |
00:01:23 |
And they also provide a means for
handling administrative tasks. |
| 00:01:24 |
00:01:27 |
So for example, here we've
created an OU called Corporate, |
| 00:01:27 |
00:01:30 |
where we can create and
store user accounts. |
| 00:01:31 |
00:01:33 |
Now in order to be able to
structure our organization |
| 00:01:33 |
00:01:38 |
we're able to create other OUs
underneath our parent Corporate OU. |
| 00:01:38 |
00:01:41 |
Such as the Accounting department,
Marketing, Sales, and so on. |
| 00:01:42 |
00:01:45 |
And we can build our OU structure
to mirror our Company structure. |
| 00:01:47 |
00:01:51 |
Administrators can also use OUs to
reflect the company organization. |
| 00:01:52 |
00:01:56 |
So using our existing hierarchy, all of our
users could be managed at the head office. |
| 00:01:57 |
00:02:01 |
But let's say we hire a new administrator
to manage the Sales department. |
| 00:02:01 |
00:02:04 |
We could then assign
the new administrator |
| 00:02:04 |
00:02:08 |
the ability to manage the
objects inside the Sales OU. |
| 00:02:08 |
00:02:12 |
This gives the new administrator
the ability to do their job |
| 00:02:12 |
00:02:17 |
without allowing them access to manage
objects inside the parent, Corporate OU. |
| 00:02:18 |
00:02:20 |
Now this sort of
structure is great |
| 00:02:20 |
00:02:22 |
because it grants us
a lot of flexibility. |
| 00:02:23 |
00:02:25 |
But let's say our new
administrator's role changes |
| 00:02:25 |
00:02:29 |
and he's now tasked with managing
the entire corporate network. |
| 00:02:30 |
00:02:33 |
So rather than assigning
permission to each OU individually, |
| 00:02:33 |
00:02:37 |
we can assign permission at
the parent OU or corporate |
| 00:02:37 |
00:02:40 |
and all of the child OUs of
Accounting and Management, |
| 00:02:40 |
00:02:44 |
Marketing and Sales, will inherit
the permissions of the parent. |
| 00:02:44 |
00:02:48 |
So using this structure, we can
assign permissions only once. |
| 00:02:50 |
00:02:53 |
The next active directory feature
we need to talk about are sites. |
| 00:02:54 |
00:02:59 |
Sites are simply a combination
of one or more IP Subnets |
| 00:02:59 |
00:03:01 |
that are connected by
a fast reliable link. |
| 00:03:02 |
00:03:06 |
Generally sites share the same boundaries
as your local area networks |
| 00:03:06 |
00:03:09 |
but they're not part of the
active directory name space. |
| 00:03:10 |
00:03:15 |
Active directory groups users and
computers into domains and OUs. |
| 00:03:16 |
00:03:19 |
But sites only contain computers
and connection objects |
| 00:03:19 |
00:03:22 |
that are used to configure
replication between sites. |
| 00:03:24 |
00:03:27 |
As we can see in the diagram,
sites can be isolated to a single |
| 00:03:27 |
00:03:30 |
site per domain.
And this will often be |
| 00:03:30 |
00:03:32 |
the case if your company
is a small company. |
| 00:03:32 |
00:03:36 |
Or everyone's situated at
the same physical location. |
| 00:03:37 |
00:03:41 |
Domains can also be broken
up into multiple sites. |
| 00:03:41 |
00:03:43 |
And this would be
a typical scenario |
| 00:03:43 |
00:03:46 |
when you have a company that's
spread across a geographic location |
| 00:03:47 |
00:03:50 |
such as a head office with a smaller
branch office in a separate location |
| 00:03:50 |
00:03:52 |
such as in a different state. |
