In the Windows NT domain model, domains had to be bound together through trust relationships simply because the SAM databases used in those domains could not be joined. What this meant was that where a domain trusted another Windows NT domain, the members of the domain could access network resources located in the other domain. …
A domain is a collection of computers and resources that share a common security database, in this case, the Active Directory database. Computers in the domain also have a common namespace. A namespace is the hierarchical grouping of service and object names that are stored in Active Directory and DNS. Active Directory and DNS namespaces …
Groups are containers that contain user and computer objects within them as members. When security permissions are set for a group in the Access Control List on a resource, all members of that group receive those permissions. Domain Groups enable centralized administration in a domain. All domain groups are created on a domain controller. In …
Backing up Active Directory is essential to maintaining an Active Directory database. Users can back up Active Directory with the Graphical User Interface (GUI) and command-line tools that the Windows Server 2003 family provides. Users should frequently backup the system state data on domain controllers so that they can restore the most current data. By …
Active Directory is a distributed multimaster replicated database. All domain controllers host a full replica of the domain information for its own domain. Domain controllers in Windows 2000 and Windows Server 2003 environments hold a read/write copy of the Active Directory database. In these environments, changes can be made to the Active Directory database on …
The initial Windows NT versions were designed as single master network environments. The primary domain controller (PDC) was responsible for managing the domain database’s master copy. The PDC was therefore responsible for replicating any changes to the backup domain controllers (BDCs). In these environments, any changes had to be performed on the PDC, which then …
Active Directory security is determined by the following components: * Security groups: A security group is a made up of a set of users, and is created to assign permissions to access resources, and to assign user rights to group members. Permissions control access to resources, while user rights define what actions users can perform. …
Through Group Policy, a wide variety of user and computer configuration settings can be applied to users and computers in Active Directory. If an Active Directory environment includes a hierarchy with many different organizational unit (OU) levels, when group policies are applied at these different levels within the hierarchy, it is almost certain that Group …
Understanding Active Directory Security Principal Accounts Active Directory consists of a considerable number of objects, and variety of objects, of which, security principal accounts are one. Security principal accounts are Active Directory objects that are assigned unique security identifiers (SIDs), and are therefore used in authentication and Active Directory security. A security principal account can …
Group Policy gives users administrative control over people and computers in the user’s network. By using Group Policy, users can define the state of someone’s work environment once, then rely on Windows Server 2003 to continually force the Group Policy settings applied across an entire organization or to specific groups of people and computers. Group …