Learn Microsoft Active Directory (ADDS) in 30mins
Summary
TLDRThis educational video delves into the fundamentals of Active Directory Domain Services, a crucial skill for IT professionals. The host, a Microsoft MVP and certified trainer, offers an in-depth look at the logical and physical aspects of Active Directory, exploring its structure, replication, and database management. The session includes practical demonstrations on creating users, groups, and organizational units, as well as discussing the evolution from on-premises to cloud-based identity platforms like Azure Active Directory. Aimed at beginners, the video provides a comprehensive yet accessible introduction to this foundational technology.
Takeaways
- 😀 Active Directory Domain Services is a foundational skill for IT professionals looking to advance their careers, despite the rise of Azure Active Directory.
- 🔒 Active Directory acts as an identity platform, managing access to resources within an organization based on user credentials and permissions.
- 📚 It originated with Windows 2000 and has evolved over time, serving as a database of objects such as users, groups, and computers.
- 🌐 The logical structure of Active Directory involves organizing objects into Organizational Units (OUs), which can be arranged by location, department, or function.
- 💾 The physical aspect of Active Directory includes the replication of its database across multiple domain controllers for redundancy and performance.
- 🔄 Replication can occur within a site (intra-site) automatically or between sites (inter-site) which may require scheduling and can use different protocols.
- 🔑 Active Directory uses a schema to define the complete set of object types and their attributes, such as first name, last name, and email address.
- 👤 The process of creating user accounts involves assigning a username and password, with options for password policies and account activation settings.
- 👥 Groups in Active Directory are used to manage permissions for multiple users collectively, simplifying the administration of access to resources.
- 🗃️ The 'ntds.dit' file is the physical database of Active Directory, storing user information and other directory objects.
- 🔧 Tools like Active Directory Users and Computers, Sites and Services, and Domains and Trusts are used to manage and configure the directory environment.
Q & A
What is the main focus of the session presented in the script?
-The main focus of the session is to provide a deep dive into Active Directory Domain Services from Windows Server, explaining how it works and its importance, especially for advancing an IT career.
Who is the presenter of the session?
-The presenter is Andy Malone, a Microsoft MVP and a Microsoft Certified Trainer.
Why is it suggested to use a combination of a surname and an initial for usernames in Active Directory?
-Using a combination of a surname and an initial for usernames helps to avoid conflicts in large organizations where there might be multiple users with the same first name.
What is the purpose of creating Organizational Units (OUs) in Active Directory?
-The purpose of creating OUs is to organize users, computers, and other objects within Active Directory based on factors such as location, department, or function, making management more efficient.
What is the difference between intra-site and inter-site replication in Active Directory?
-Intra-site replication occurs automatically between domain controllers within the same site, assuming high-speed bandwidth. Inter-site replication is used between sites, often with slower links, and can be scheduled to manage replication traffic.
What is the 'ntds.dit' file in the context of Active Directory?
-The 'ntds.dit' file is the physical database file of Active Directory, which stores the directory data.
How can multiple domain controllers be managed in Active Directory to avoid a single point of failure?
-Multiple domain controllers can be set up and organized into sites using tools like Active Directory Sites and Services, which allows for replication and load balancing.
What is the Recycle Bin feature in Active Directory and why is it important?
-The Recycle Bin feature in Active Directory allows for the recovery of accidentally deleted objects. It's important because it provides a safety net to restore users or other objects without data loss.
What is Azure Active Directory and how does it differ from Windows Server Active Directory?
-Azure Active Directory is Microsoft's cloud-based identity and access management service. It differs from Windows Server Active Directory in that the database is stored and managed in Azure, eliminating the need for on-premises domain controllers.
What are some of the attributes that can be set for a user object in Active Directory?
-Some of the attributes that can be set for a user object in Active Directory include first name, last name, email address, and login hours.
How can permissions be more efficiently managed in Active Directory?
-Permissions can be more efficiently managed by assigning them to groups rather than individual users, as groups can contain multiple users and simplify the administration of access rights.
Outlines
😀 Introduction to Active Directory Domain Services
In this introductory segment, the presenter, Andy Malone, a Microsoft MVP and certified trainer, sets the stage for a deep dive into Active Directory Domain Services (AD DS), explaining its importance for IT professionals. He contrasts AD DS with Azure Active Directory, acknowledges the prevalence of cloud technologies, and emphasizes the enduring relevance of on-premises directory services. The session promises a comprehensive overview of AD DS, including its logical structure, physical replication, and foundational role in identity management.
🔍 Exploring Active Directory's Identity Platform and Database
This paragraph delves into the concept of Active Directory as an identity platform, using an analogy of accessing a building to explain the authentication process. It traces the history of directory services from Windows NT to Windows 2000, highlighting AD DS as a database of objects like users, groups, and computers. The explanation covers the logical and physical perspectives of AD DS, including the replication of the directory database across servers to ensure high availability and data integrity.
👥 Organizational Units and Active Directory Schema
The presenter discusses the organization of objects within Active Directory, focusing on Organizational Units (OUs) as a way to categorize users, computers, and groups by location, department, or function. He introduces the concept of the Active Directory schema, which defines the types of objects and their attributes. The paragraph also touches on the physical aspects of AD DS, such as the replication methods between domain controllers for disaster recovery and performance optimization.
🌐 Active Directory Replication and Multi-Site Management
This section explains the replication process in Active Directory, distinguishing between intra-site and inter-site replication based on the speed of network connections and the location of domain controllers. The presenter uses a scenario with two sites in London and New York to illustrate how replication can be managed for performance and disaster recovery. The explanation includes the use of different protocols like RPC or SMTP for replication, depending on the site's network capabilities.
🛠️ Setting Up Active Directory Domain Services
The presenter provides a step-by-step guide on installing and configuring Active Directory Domain Services on a Windows Server. He discusses accessing the Server Manager to add roles and features, such as DNS and AD DS, and explains the process of selecting a server for installation. The paragraph also covers the use of various tools for managing AD DS, including the Active Directory Users and Computers tool for managing the logical structure of the directory.
👤 Creating Users and Groups in Active Directory
This paragraph demonstrates the process of creating user accounts and groups within Active Directory. The presenter explains the importance of using a structured naming convention for usernames and the benefits of organizing users into groups for easier permission management. He also discusses the attributes of user objects, such as first name, last name, and email address, and the options available for managing user permissions and account settings.
🔧 Physical Aspects of Active Directory and Database Management
The focus shifts to the physical implementation of Active Directory, describing it as a database stored in the ntds.dit file on the domain controller's C drive. The presenter explains the process of transaction logging and how changes are written to the database. He also discusses the importance of having multiple domain controllers to avoid single points of failure and the replication process between them.
🔄 Active Directory Replication Settings and Site Management
This section explores the configuration of replication settings in Active Directory, including the creation of sites and site links to manage replication between domain controllers. The presenter discusses the use of IP and SMTP as replication protocols and the scheduling options for inter-site replication. He also explains how to organize domain controllers into sites to control replication and improve performance.
🗂️ Domains, Trusts, and the Recycle Bin Feature
The presenter discusses the management of domains and trusts in Active Directory, including the creation of child domains and trust relationships between forests. He also introduces the Recycle Bin feature in Active Directory, which allows for the recovery of accidentally deleted objects. The explanation includes how to enable this feature and the benefits it provides for maintaining directory integrity.
📚 Conclusion and Final Thoughts on Active Directory
In the concluding paragraph, the presenter wraps up the session by emphasizing the enduring importance of Active Directory, especially in the context of cloud computing and hybrid environments. He encourages viewers to subscribe for more tutorials, invites feedback, and thanks them for watching. The presenter also provides recommendations for further learning, including other videos on his channel that cover Azure Active Directory and related topics.
Mindmap
Keywords
💡Active Directory
💡Azure Active Directory
💡Domain Services
💡Microsoft MVP
💡Organizational Units (OUs)
💡Replication
💡Domain Controllers
💡User Principal Name (UPN)
💡Schema
💡Recycle Bin
💡Hybrid Cloud
Highlights
Introduction to Active Directory Domain Services and its importance for IT career advancement.
Explanation of Active Directory as an identity platform using an analogy of accessing a building with credentials.
Historical background of Active Directory, tracing back to Windows 2000 and the evolution from Windows NT.
Description of Active Directory as a database of objects including users, groups, and computers.
Overview of the logical and physical perspectives of Active Directory, including structure and replication.
Demonstration of creating organizational units (OUs) for organizing users by location or department.
Process of creating user accounts in Active Directory with examples and best practices for usernames.
Explanation of user object attributes in Active Directory, such as first name, last name, and email address.
Discussion on the physical aspects of Active Directory, focusing on the ntds.dit file as the database.
Importance of multiple domain controllers to avoid single points of failure in Active Directory.
Technical details on intra-site and inter-site replication for Active Directory database synchronization.
Introduction to Azure Active Directory as Microsoft's identity as a service platform in the cloud.
Comparison between on-premises Active Directory and Azure Active Directory in terms of database management.
Use of PowerShell and Active Directory Administrative Center for enabling features like the Recycle Bin.
Highlighting the Recycle Bin feature in Active Directory for recovering deleted objects.
Final thoughts on the enduring relevance of Active Directory for cloud computing and hybrid environments.
Transcripts
[Music] Right now with the cloud everybody wants
to know azure active directory but taking a trip back can be really useful
so what i'm going to do in this session is take a look at active directory
domain services from windows server how does it work what does it do and can i
do a deep dive in 30 minutes let's find out
[Music]
Greetings my fellow YouTubers welcome back to the channel i really appreciate
you stopping by Andy Malone Microsoft MVP as well as a Microsoft certified Trainer
In this episode i'm going to take a look at active directory domain
services and i know what you're thinking you're thinking andy that's old stuff
we should be learning azure active directory i know i've done plenty of
videos of that on this channel but active directory domain services is such
an important skill especially if you want to move your it career forward so
in this session what i thought i'd do is just take 20 to 30 minutes and really go
deep on exactly what you need to know about active directory so we're going to
talk about the logical approach to it so the structure of it
we'll talk about the physical aspects of it for example replication how it works
how it's structured and really it's going to be a busy session so as they
say buckle up and get ready to learn now if you've not subscribed to the session
please go ahead click on that subscribe button ring that bell and you won't miss
out on the good stuff in the future and as always i love your comments your
questions and your feedback so just get them down below there and i'll do my
best for you all right so i think without any more jibber jabber i think
it's about time we get into some demos let's go
so let's see if we can do active directory for beginners in 30 minutes
so who am i just a quick reminder i'm a
microsoft certified trainer as well as a microsoft mvp
now um
when we talk about active directory of course it's an identity
platform and an identity platform obviously involves
i walking up to a desk in a building so this is our analogy so you're getting
into the computer system so we walk up to the desk we present our credentials
or our username and our method of authentication so
whether that be a password whether it be some kind of card entry
biometrics once you get added once you get admitted
uh you're in the door now once in the building of course you
can then be further scrutinized and given permissions to certain resources
depending on the role that you play in the organization
or the permissions that you have so when we talk about a directory
service um active directory actually goes back
to about windows 2000 back in the early days that's quite a few years ago now
before that though the first kind of microsoft directory service was actually
a product called windows nt so in 2000 we had windows 2000 and
really active directory really took form then so what is a directory service well
in essence it's a database it's a database of objects so users groups
computers and so on now to be honest it's
advanced over the years and this is windows server active
directory and the two ways to look at it you can
look at it from a logical perspective so the structure how you've laid it out
and also a physical precipice perspective as well
so from the physical perspective we look at it from the actual
database so how do we back up the database how do we replicate the
database to another server because of course if you just have it installed on
one server then potentially if something went wrong with that server you would
lose all your users and everything so again we don't want that you want to
replicate that so in essence what we have is active
directory domain services this is the directory services of windows server
both 2016 2019 and now 2022 as well if you for example were using windows
explorer and you can see that this does actually look a little bit like that
so organizing your users we don't put them in folders we actually arrange them
into something called organizational units and you can organize
organizational units by location by department
function and so on so i can create my users computers
groups and i can organize them in there now of course i said that active
directory is a database and databases have objects so a user object a group
object and a device object and objects have attributes so a user's
first name last name email address and so on
the complete set of object types in active directory we refer to it as the
schema okay
and you can as i said organize your users into these organizational units
and i'm going to be doing some demos in a moment
okay so that's the first thing that we have then all right
now from the physical side
of active directory and again i'm going to give you a nice demo of this in a
moment in this example we have obviously dc1
and dc1 contains a master copy of our account directory
so obviously you don't just want to store active directory database on dc1
so you want to replicate that now you can replicate it
for a number of reasons you can replicate it for disaster recovery
reasons and you can also replicate it for performance reasons or
load balancing so as i said in this example we have two
sites we've got site a let's say london and we've got site b in new york
so inside a i've got three servers that have installed active directory on and
these are replicating copies of the database and we refer to these machines
as dc's or domain controllers and within a site you can see that we
have something called intra site replication
now intra site replication basically means that these replicate automatically
for example we don't you don't need to schedule these so it assumes that you
have a very high speed bandwidth however if you have remote sights and
you don't have a high speed bandwidth then we can use
something called inter-site replication now in the slide here it talks about rpc
or smtp connections remote procedure calls now this doesn't
exist anymore and because obviously since this slide was written we'd now
have the delights of broadband and super fast
connections which make things easier but the principle just remember the
principle if it's within a site it's called intra site and if it's between
sites it's called intersight replication now again with windows server active
directory um you can have
a number of companies so you can see here that we've got a
company called akaim.com and depending on the size of your
companies you might want to create different or what we call child domains
and a child domain might be for a very large corporation and let's say you've
got offices all around the world and you want to have
an it team dedicated to that particular domain
but also you might want to mask um for example for security reasons you might
not for example want the sales team to have access to the engineering
components and so on so moving right up to date um one of the
reasons why i wanted to show you this presentation was obviously we're all
learning about this this is microsoft's azure active directory and this is
microsoft's identity as a service platform
so rather than having the database on your domain controllers installed on
premises what we now have is we have the databases stored in azure and azure
microsoft maintain all the databases they structure it they manage it for us
so you don't need to worry about all of that
um we don't have ou's as such but the thing about
azure is it's a little bit like again file explorer so think about the c drive
on your computer as being azure active directory
well in this case you can see that you have your own tenant or folder so all
your users all your management features are managed within your own individual
tenant and again you can create users groups devices and so on and like before
these devices also give you access to multiple resources and again they have
attributes first names last names and email addresses and so on
and the nice thing about azure is you can have multiple customers so you
can have multiple accounts different tenants and you can share resources
between those tenants now this particular session i'm going to
focus on active directory if you want to see my sessions on azure
then please have a look i've already recorded some of these on my youtube
channel
so to understand active directory we start here in our windows server now
this particular machine has got active directory already pre-installed so what
i'm going to do is i'm going to click up here and i'm going to go into server
manager and server manager is our main portal that manages kind of all our
features and functionality now just to let you know that when you
if you purchase windows server or you download it
it actually comes in with no roles or no features installed on it
so one of the first things that you're going to do is you're going to go ahead
and obviously install the features and functionality that you want and to do
that essentially we go up here and to tools to manage all the features that
are currently installed but also if you go into manage this is where you can add
roles and features now adding roles are the major functions
of the computer so things like active directory domain services your domain
name services and various other features like that and you can see it's asking me
which server do i want to go ahead and install add-on so you can set this up on
a server if you have a pool of servers so
mult you can have manage multiple servers here or you can install it on a
particular virtual hard disk for the purpose of this demo i'm just going to
click on next here and you can see here at the moment we've
got dns and we've got active directory domain services installed now how did i
install that i'm going to leave that for another video because obviously not
enough time here but i'll certainly go through that in in a future session
so here you can see that i've got all the different roles that you can install
on the windows server now i'll be honest with you windows hasn't
really changed that much in a number of years so if you're familiar with it from
the likes of windows server 2012 then coming to this in windows server 2019 or
2022 i'll be honest it's not going to be hugely different for you
if you click on next it now asks you if you want to install features and the
features are they're important features but they're not as big as the roles so
once you select those features click on install and off it goes and it will
install the role so to manage the role as i mentioned we
can go up here into tools and really you've got a number of tools
that you can manage you see once active directory is installed you've now got a
number of dedicated active directory tools and the first of those the most
primary tool i would say is probably active directory users and computers
and this is where we manage the logical aspects of active directory logical
aspects i mean the oh just general design of how it looks
now you can see here if you're familiar with windows file manager for example or
file explorer as it's now known you'll see that it looks somewhat similar so up
here at the top we've got our domain name and my domain name here is called
adatum.com and
adatum.com you can see contains a number of built-in
groups and features here
now the yellow folders here we actually call these
organizational units and you can pretty much guess what that means
so if i didn't use organizational units i
could just have a big default folder called users
and you could put basically everything in there and it's not very organized so
probably one of the thing things that you probably want to do is you probably
want to create organizational units based on location
or based on department needs or things like that
so for example here i'm going to create a new organizational unit just by either
right clicking on the right hand mouse menu here or there's also buttons here
on the toolbar that will do the same thing
so i'm going to go up i'm going to create new and i'm going to create a new
organizational unit and in here just pull that over slightly i'm going to
call this operations okay so i'm going to call this operations now
you can see here protect the container from accidental deletion and it's
actually switched on so if you want that on or off you can go ahead and switch
that so i've now created an ou
and the next thing i'll probably want to do is create some users in here so i'm
going to create a new user account in here
so i can create a new user and this user i'm going to call this i'm
a bit of a trekkie as anybody knows so i'm going to call this guy sean luke and
i'm going to call him jean-luc picard so i'm going to give him a username of
picard j now just a tip about usernames you
wouldn't call the user robert or karen or something like that because you could
have a company that's got many users called john or karen or bob so it's a
good idea to use the surname followed by an initial and you can see that this is
giving this user a logon name now you'll notice that there's two types of logon
name here um so picard.j at
company.com and a datum slash
picard.j so this is kind of uh this is typically windows like a
windows type login but if you're moving to the cloud for example into microsoft
365 you'll be familiar with this type of login format this is called um a
upn a user principal name type login so i'm going to click next
and of course i'm going to put in a password for captain picard here so i'm
going to just put that password in here and again you can see the user can
change their password at next log on user can not change their password the
password never expires you might use these um if it's for example a service
account or something like that and of course if you're ready if you're not
ready for jean-luc to join the organization yet you can actually go
ahead and disable the account so i've created the account off it goes
and it now creates jean-luc's account now so that's the first thing
so creating a user account really really easy like i said creating new
and user and the rest is pretty self-explanatory as well
now another type of thing that you might want to create is a group
so a group of course allows you to manage multiple users hey you know what
i'm going to do i'm actually going to create another user just so that
jean-luc's got some company so this time i'm going to create a user called james
kirk and of course james cook will have a
username of corp j and i'll click next and again i'm going
to put in a password for the user and i'm going to say that the user can
change their own password at their next login and i'm going to finish and you
can see i've now got a couple of users in here now
um again i'm going to now go into new and
this time instead of creating a user i'm going to go in i'm going to create
a group okay now we've got
a number of different types of groups in windows server
i'm going to call this my managers group i'm going to call this in fact you know
just to differentiate it i'm just going to call it ops managers okay
so this is my ops managers and is it a domain local or is it a global to be
honest in this case i've only got one domain so it's not really a problem if i
had multiple domains you would you could create global groups
and you could create domain local groups that are specific to a local domain but
as i say in this case it really doesn't matter because i've only got one domain
that i'm working with okay so i'm going to click on here and
what i can now do with these users um i can now of course add these users
to a group and i'm just going to call this
ops and as i start to type i can click on check name and you can see it says
yes this name exists already and i'm going to click ok
and i've now added those users to a group now
why would i do that because it's easier to assign permissions to resources to
groups rather than individual users okay
so again my whistle stop tour of active directory i'm now going to go into the
properties of my user and let's have a look at some of the
resources in here that we can see so first of all
you'll notice that we have a number of tabs
active directory of course is a database and a database has
objects so jean-luc is an object in my database he's a user in my database we
can also have groups we can have devices and so on
so you can see that every object has attributes so our first name last name
email address and so on okay so i can go in and and fill that in if i want to and
there's a couple of tabs here that you can do that
um member of shows me if the user is a member of some groups
um dial in i can take a trip back to the 1990s if i want to
but i'm not going to bother with that this time
um and again here um if you wanted the uh you can do an uh an environment thing
so when the user logs in start this program and so on which is it might be
quite useful um again if you click onto the sessions
you can set timeouts for the user sessions here
again depending on you might work in a call center or something like that that
might be quite useful all right
um remote control enable remote control so if you're using uh remote control or
remote desktop um and it's switched on here you'll be able to go in and help
the user if they're having problems all right other useful things here the most
useful one is probably the account tab so the account tab here you can do
things like i can click on to log on hours
and you might say okay from midnight to 6 a.m i don't want the user to log on
because that's when you might do backups for example
uh and i could then say okay from eight let's say to midnight again
i don't want to the user to log in now you would do this for every user
possibly okay and you can you can um this is quite useful to do that
okay um other things here again
log on to so again do you want the user to log on to all computers or only these
computers so again quite useful we've got some password options here so
things like user cannot change the password never expires and this is a
useful one by the way if you uh bring in for example contractors so if you're
bringing in contractors you can expire their user account after a certain
amount of time again very very useful
um again the other thing that we've got here is the profile so user profiles
here so if you've got a shared folder i think i did a session on this recently
actually so go ahead and check out that okay so that's creating a user
and creating a group so as i've mentioned this is pretty much the
logical aspects of active directory
for the next part we want to take a look at the physical side of active directory
now just to understand what i mentioned i said that active directory is actually
a database and you can see the database by going into the windows folder on your
domain controller's c drive if you scroll down
you'll see a folder here called ntds nt directory services
so if i click into here this is the golden ticket ntds.dit
this is your active directory database and the other things that we've got here
are essentially log files and check files
so in essence what happens is like every most databases
when a user is performing transactions in active
directory users are logging on logging off you're doing maintenance
those operations are taking place in memory
once they've been in memory they then get written to a log file
and then after the log file reaches a certain size so for example
what i don't know five gigs let's say those transactions are then written to
active directory or to the database so that's that's what it is so active
directory is a physical database to understand now
of course the problems with that are obvious if i
install one active directory domain controller
then that's a single point of failure so one of the great things about active
directory is that you can have multiple domain controllers now in my demo here
i've only got one domain controller in my environment but um let me show you
what you would do so i'm going to go up into tools here
and for this with there are a couple of tools for the
physical side so the first one is active directory sites and services
now in our little organization here you can see that if i go into sites here
and we have got a default first site okay so this is my default first site
name i can double click this and in here you can see that it says ntds
settings again i can double click that and we can have a look at it so at the
moment my domain controller is dc1 and it's actually in my default first
site okay and we can see that you've got various
options for caching group membership for example which will obviously improve
things like performance and so on um so that's the first thing that's
where the
domain controller goes now you'll remember from the slide at the beginning
of this presentation that i talked about intra site replication and intra site
replication so basically if i had multiple domain
controllers within this site and you can see it says servers and at the moment
i've only got dc1 so if there were other servers in here it would replicate
copies of the active directory database and if i double click this you can see
this is the actual settings for that individual domain controller okay and as
i said at the moment there's nothing here because to be honest there's only
one domain controller all right now if i just click into the ntds
settings and if i go into properties on that
setting you can see that
one thing that you'll notice about active directory is that active
directory like azure active directory objects are sometimes represented by
what we call a grid a globally unique id which is this big long hexadecimal
number now it shows me the connection detail so
um within a site of course it uses interest site so in other words um any
if you've got multiple domain controllers um they're constantly
updating each other and to be honest you can't control
the uh when and how it actually
replicates because it's interest site now if you have multiple sites within
your organization so depending on the size of your company you may want to
create another site so i can come down here and if i just click into sites here
for example and i can come down i can say hey i want
to go and create a new site and i'll call this oslo okay so i'll
call it my oslo site all right
and it's saying do you want to use this site link i'll say yes that's fine
now if you don't have this site link at the moment you you can create
different links now remember that active directory was written for a different
time um so back in the 1990s we didn't have
the scalability and we didn't have the network speeds that we do now but
fortunately now we do so i'm just going to go ahead i'm going
to click on to that and you can see it's now created this oslo site
and i've got cert and it's got a little folder for servers so again what i could
do is if i've got multiple servers here i could easily move those servers
into this site so i've got multi i've got two sites by the way you can
rename that default site if you want to call it something else as well
okay so that's the first thing from a physical perspective so as i said it's a
physical database and you can control
the replication by organizing your
domain controllers into sites where they're located
and here you can see that this is now inter site
so that being the case one of the things you might want to
control is how the
how the replication between the domain controllers actually works and to be
honest we've got two choices you can use ip which is super fast
because the chances are you're using broadband or you can use an older
protocol for example smtp which is actually an email protocol
and that can be scheduled so for example if you happen to have a very slow link
you could potentially schedule that all right
now i mentioned that that's so that's the basics as i said of
um inter-site
and interest site okay so that's the first thing there now the other tool
that i just wanted to show you was active directory domains and trusts
now in this example we only have one domain that we're dealing with here and
if i just click into here you can see that this is to do with your domains or
your uh forests now when we talk about a
forest is if i installed active directory
another cop install of active directory it could
say do you want to join this forest or do you want to create what we call a
branch so for example you might create a child domain so us.adatum.com
india dot and so on so we can create those here
all right now um if i go into properties um you
can see that if i have you this is where you can actually
create relationships between other forests so if you were working with
business partners for example or you were let's say a group of companies you
could establish trust relationships between
those organizations and i'm going to cover this in a future session all right
now one really important aspect of active
directory ladies and gentlemen is if i go back into
users and computers you'll see that in users and computers
here i've got a series of organizational units and here's the one i created
earlier now if i click into view
and go into let's say advanced features you'll now notice that i can see an
awful lot more and i'm now actually seeing
hidden objects and one of those hidden objects is lost
and found now if you delete something
in active directory
obviously it goes to a recycle bin well actually it doesn't because you need to
actually switch this feature on and you can either switch the feature on
via powershell or you can go into tools and if you go
into the active directory admin center here and i've mentioned this previously
on one of my videos for um deploying azure ad connect
so in essence what we do is i click into my local domain here
and again this is just the admin center is just another viewing
tool and i can manage the various nodes and the various features but the key
thing here is we have this enable recycle bin here and you can go in and
you can switch that on and the idea of this is if you accidentally now delete
any objects they will go to that recycle bin and you
can restore your users okay
so there we go just a little look at the logical aspect of active directory
we created some users we created a group and we looked at the physical side of
active directory so there you have it active directory
windows server to be honest it's a product that's not really changed in
many years but again like i said at the beginning it's so important at the
moment especially if you're learning cloud computing especially if you're
going to be learning a hybrid especially the security aspects of it well hey look
i really appreciate you stopping by if you've enjoyed the video give me a big
thumbs up it really does help my channel and of course if you've not subscribed
go ahead click on that subscribe button ring the bell and you won't miss out on
future tutorials and as always i love comments your questions and any feedback
about this or any of my other videos all right so that's it for this week you
stay safe and i'll see you next time around take care
hey thanks so much for dropping by today here's a couple of videos that you may
enjoy and while you're here go ahead click on the subscribe button and you
won't miss out
[Music]
関連動画をさらに表示
AZ-140 ep02 | Configure Active Directory | Azure AD DNS
Complete Guide to SentinelOne EDR (Endpoint Detection and Response): Exploring the Console in Part 1
40 IT Tech Support Interview Question And Answers, Sys Admin + Light Networking
Windows Server 2012 r2 Tutorial Tagalog!
Azure DevOps Workload Identity Federation with Azure Overview. NO MORE SECRETS!
Upgrading SharePoint apps from Azure Access Control service to Azure Active Directory
5.0 / 5 (0 votes)