After the previous article has a basic understanding of Active Directory, I will come to the physical side of the Active Directory —— Active Directory structure. In the previous article, we talked about Active Directory, which includes two aspects: directory and directory related services. A directory is a physical container for storing various objects. It is no different from what we usually call. The basic objects of directory management are resources such as users, computers, files, and printers. Directory services are the services that make all the information and resources in the directory work, such as user and resource management, directory-based network services, and network-based application management. It is the key and essence of WIN2K Active Directory. The directory service is the core pillar of the WIN2K network operating system and the central management organization. Therefore, the introduction of directory services has brought revolutionary changes to the entire operating system. Not only the basic modules on the system platform, such as network security mechanisms and user management modules. The changes have taken place, and the way the upper application works and the development model have changed accordingly. Do you think it's easier to understand this "Active Directory”?
Simultaneous Active Directory is a distributed directory service because information can be spread across multiple different computers, ensuring fast access and fault tolerance for each computer user, regardless of where the user is accessed or where the information is located, Users provide a unified view that makes it easier for users to understand and master the use of the WIN2K system. Active Directory integrates key services of the WIN2K server, such as Domain Name Service (DNS), Message Queuing Service (MSMQ), and Transaction Service (MTS). In terms of applications, Active Directory integrates key applications such as email, network management, ERP, and more. To understand Active Directory, we must start with its logical structure and physical structure.
First, the logical structure of the Active Directory
“Logic”The two words believe that we usually see more, as we often say "logical thinking, logic analysis", etc. Maybe everyone said that the words "logic" are very abstract and difficult to understand. In fact, what we are talking about here is "logical structure", I think it is still very well understood, "logic" is generally equivalent to "physical", we know that "physical" means Really, then "logically" does not mean non-physical, non-physical things, it is an abstract thing, such as a kind of "relationship", a "space", scope ”etc. In the first article, we talked about the logical structure of Active Directory, which is very flexible. There are directory trees, domains, domain trees, domain forests, etc. These names are not real entities, but represent a relationship, a scope. For example, the directory tree is composed of directories in the same namespace, and the domain is composed of different directory trees. The same domain tree is composed of different domains, and the domain forest is composed of multiple domain trees. They are a complete tree-like, hierarchical view that we can see as a dynamic relationship. The logical structure is also directly related to the namespace discussed earlier. The logical structure provides great convenience for users and administrators to find and locate objects in a certain namespace. The logical units in the Active Directory mainly include:
1. Domain, domain tree, domain forest
The domain is the logical organization unit of the WIN2K network system, and is the object (such as computer, user, etc.). Containers, these objects have the same security requirements, replication process, and management, which should be fairly easy for network administrators to understand. All domain controllers in the WIN2K domain are equal (this is different from WINNT4.0, there is no primary or secondary), the domain is a security boundary, and the domain administrator can only manage the internals of the domain unless other The domain explicitly grants him administrative rights before he can access or manage other domains. Each domain has its own security policy and its security trust relationship with other domains. Here we are involved in the trust relationship and transfer relationship between different domains. Let's talk about the domain trust relationship in WIN2K.
A domain has a certain trust relationship with a domain. A domain trust relationship enables users in one domain to be authenticated by domain controllers in another domain in order for users in one domain to access another domain. H. There are only two domains in all domain trust relationships: the trust relationship domain and the trusted relationship domain. The trust relationship is that the domain A trusts the domain B. The user in the domain B can access the resources in the domain A after the domain controller in the domain A is authenticated. The relationship between the domain A and the domain B is the trust relationship. A trusted relationship is a relationship trusted by a domain. In the above example, domain B is trusted by domain A, and domain B and domain A are trusted relationships. The relationship between trust and trust can be one-way or two-way, that is, the relationship between domain A and domain B can be unilateral, or it can be a two-way trust relationship.
While passing the trust relationship in the domain is not bound by the two domains in the relationship, it is passed up through the parent domain to the next domain in the domain directory tree, that is, if domain A trusts domain B, then Domain A also trusts subdomain domain B1, domain B2…… under domain B. The transit trust relationship is always two-way: the two domains in the relationship trust each other (refers to between the parent domain and the child domain). By default, all WiIN2K trust relationships in a domain directory tree or forest (the forest can be thought of as multiple directory trees in the same domain) are passed. This greatly simplifies domain management by greatly reducing the number of delegate relationships that need to be managed.
After the launch of Windows XP, it was highly praised by everyone for its good compatibility. It pro
Although many people are playing CS, legend, miracle, the Three Kingdoms and many other large games,
Through the introduction of my previous articles, I think you have a general understanding of the co
In previous Windows file server resource sharing, when a client accidentally deleted or overwritten
Four kinds of Active Directory AD to install as well as configure the way to
Windows2000 Active Directory Logical Structure
Windows 2008 post-installation configuration tips
Manage Win XP/2003 pre-read files
In the windows 2003 server design asp code needs to pay attention to the local
Introduction to Windows 2000 Outlook Express Window
Win2k "secret weapon" permission diagnosis
Print Management Analysis for Windows Server 2008
Breaking through the limitations of the Win 2003 system
The observation method quickly eliminates four major faults of the scanner.
How to quickly improve the shutdown speed of windows7? Win7 shutdown speed improvement tips
Hide hard disk partitions to make computer data more secure
Win8 Angry Birds Star Wars Edition Updates
View Windows Self-Startup Information with Command Prompt
Windows7 Ultimate system can not open the router management page how to do
The Win7 window border becomes ugly and the interface is similar to Win2000/WinXP.
Master answering questions MSN8.5 can not be installed to solve
Windows Server 2008 initial login password modification skills