Department of Computer Science

Network and System Administration

1
Chapter two
Windows network concepts
2 The topics discussed in this section include

 Domain name system/server

 Dynamic host configuration protocol (DHCP)

 Workgroups

 Windows active directory

3
How computers communicate?

192.168.1.1 192.168.1.3 192.168.1.5

192.168.1.2 192.168.1.4
 How human communicate with computers?
4
192.168.1.1 192.168.1.3 192.168.1.5

Google.com
209.165.200.225

192.168.1.7
192.168.1.2 192.168.1.4
G
Mr. G opens browser and type http://www.google.com
1.How this is possible ?
2.How computer understand the human language ?
http://www.google.com
5
Solutions
 The Internet is a network of networks that interconnects devices to exchange
information.
 In order to “talk” to each other, all of these devices must have a unique
numerical address called an Internet Protocol address or IP Address. An
example of an IP address is 94.127.53.132
 When you visit a website from your browser, you are requesting the website
from your device’s IP address to the web server’s IP address.
 However, you don’t type in the ip address of the web server, rather the
domain name. for example www.google.com.
 In so doing, you have queried the DNS.
6 DNS
 The Domain Name System or DNS overcomes this problem of
remembering IP addresses by mapping domain names to IP addresses.

 While this sounds like a phone book, it is not a centralized database.

 The DNS is a distributed database across a hierarchy of networks of

servers and provide ways for devices and software (like browsers and
email) to query the DNS to get an IP address.
7 Cont..
 Domain names must be unique
 Domain names are used for naming websites and email addresses.

 DNS allows machines to be logically grouped by domain names.

 Comprised of three components


A “name space”
 Servers making that name space available
 Resolvers (clients) which query the servers about the name space
8 DNS infrastructure and Top-level domains
 The dns infrastructure is made up of computing and communicating entities that
are geographically distributed through out the world.
 The domain name space (the universe of all domain names) is organized in the
form of hierarchy.
 The topmost level in in the hirarchy is the root domain, which is represented as a
dot (“.”).
 The next level in the hirarchy is called toplevel domain (TLD).
 Each TLD is chaild domain of the root domain.
 In a domain name representation the symbol for the root domain is omitted.
 For example marketing.example.com
9 Cont..
 There is only one root domain and more than 250 TLDs, catagorized into the
following types.
 Generic Domains (gTLDs)-
 The generic domains define registered hosts according to their generic behavior.
 Each node in the tree defines a domain, which is an index to the domain name
space database.
10 Cont..
 Country-code TLDs (ccTLDs)-
 Domain assocaited with country and territories.
 There are more than 240 ccTLDs and represeted using 2 character.
 Second labels can be organizational, or they can be more specific, national
designations (uk, us, va, jp , de).
 Inverse Domain (for inverse address)
 The inverse domain is used to map an address to a name.
 for example, when a server has received a request from a client to do a task. This
type of query is called an inverse or pointer (PTR) query.
 To handle a pointer query, the inverse domain is added to the domain name space
with the first-level node called arpa
11 Cont..
 Each Top Level Domain (TLD) is managed by a specific organization called a
Registry Operator under contract with ICANN.

 The second top level domain is the part that you register which is used to provide
online systems such as websites and emails.

 Domains are sold by a large number of registrars and resellers who do so under
contract with registrars.
12 DNS Features
 Global Distribution:

 Data is maintained locally, but retrievable globally

 No single computer has all DNS data

 DNS lookups can be performed by any device

 Remote DNS data is locally cacheable to improve performance

13 DNS Features (cont.)
 Loose Coherency:

 The database is always internally consistent

 Each version of a subset of the database (a zone) has a serial number

 The serial number is incremented on each database change

 Changes to the master copy of the database are replicated according to

timing set by the zone administrator

 Cached data expires according to timeout set by zone administrator

14 DNS Features (cont.)
 Scalability:
 No limit to the size of the database
 One server has over 20,000,000 names

 No limit to the number of queries

 24,000 queries per second handled easily

 Queries distributed among masters, slaves, and caches

15 DNS Features (cont.)
 Reliability:
 Data is replicated
 Data from master is copied to multiple slaves
 Clients can query
 Master server
 Any of the copies at slave servers
 Clients will typically query local caches
 DNS use port 53
 UDP for the queries and responses
 TCP for the zone transfer
16 DNS Features (cont.)
 Dynamicity:

 Database can be updated dynamically

 Add/delete/modify of any record

 Modification of the master database triggers replication

 Only master can be dynamically updated

 Minimizes a single point of failure

17 Concept: DNS Names 1
 The namespace needs to be made hierarchical to be able to scale.

 The idea is to name objects based on

 location (within country, set of organizations, set of companies, etc)

 unit within that location (company within set of company, etc)

 object within unit (name of person in company)

 Concept: DNS Names 2
18
How names appear in the DNS
 Hosts and DNS domains are named based on their position in the domain
tree
 Fully Qualified Domain Name (FQDN) this show the hole domain levels
WWW.RIPE.NET.
 labels separated by dots Note the trailing dot
 Each label can be up to 63 characters long
 FQDN contains characters, numerals, and dash character (“-”) and are not
case-sensitive
 DNS provides a mapping from FQDNs to resources of several types
 Names are used as a key when fetching data in the DNS
19 Concept: DNS Names 3
 Domain names can be mapped to a tree.

ws1 ws2  Root and top-level domains are administered by

ftp
• an Internet central name registration authority
www www
disi
• (ICANN)
• sun
ripe isi tislabs  New branches at the ‘dots’ and No restriction to
• moon
• • the amount of branches.
google
net edu com  Below top-level domain, administration of name
•
space is delegated to organizations

 Each organization can delegate further

20 Concept: Domains
 Domains are “namespaces”
 Everything below .com is in the com domain.
 Everything below ripe.net is in the ripe.net domain and in the net
domain. •
com domain
net edu com •
• •
google
ripe.net domain
•
ripe isi sun tislabs
moon •
www disi
net domain ftp
• www
ws2 ws1
 Concept: Delegation and Zones
21

 Administrators can create subdomains to group hosts

 According to geography, organizational affiliation or any other
criterion

 An administrator of a domain can delegate responsibility for managing

a subdomain to someone else

 The parent domain retains links to the delegated subdomain

 The parent domain “remembers” who it delegated the subdomain to
22 Cont..
 A zone is a portion of the DNS namespace generally stored in a file (It could
consists of multiple nodes)
 Zones are “administrative spaces”
 Zone administrators are responsible for portion of a domain’s name space
 Authority is delegated from a parent and to a child
•
net zone
net edu com
net domain • • •
google
ripe.net zone ripe
• isi sun tislabs
moon •
www disi
disi.ripe.net zone www
•
ftp
ws2 ws1
23 Concept: Name Servers
 Name servers answer ‘DNS’ questions.
 There are several types of name servers
 Authoritative servers
 master (primary)
 slave (secondary)
(Caching) recursive servers
 also caching forwarders
Mixture of functionality
24 Concept: Authoritative name server
 The last server in DNS and stores the website’s IP address
 Give authoritative answers for one or more zones.
 The master server normally loads the data from a zone file
 A slave server replicates the data from the master via a zone transfer

slave

master
slave
25 Concept: Recursive server(Caching)
 Recursive servers do the actual lookups; they ask questions to the
DNS on behalf of the clients.

 Answers are obtained from authoritative servers but the answers

forwarded to the clients are marked as not authoritative

 Answers are stored for future reference in the cache

26 Concept: Resolvers
 Resolvers ask the questions to the DNS system on behalf of the
application.

 Client part of DNS

 Normally implemented in a system library (e.g, libc) in linux system

gethostbyname(char *name);

gethostbyaddr(char *addr, int len, type);

27 Example : Resolving process & Cache operation
Question:what happen when you type www.ripe.net on your browser ?

www.ripe.net A ? root-server
www.ripe.net A ? Ask net server @ X.gtld-servers.net (+ glue)

Resolver Caching
192.168.5.10
forwarder www.ripe.net A ?
gtld-server
(recursive)
Ask ripe server @ ns.ripe.net (+ glue)

Add to cache
www.ripe.net A ?

192.168.5.10

ripe-server
28 Operation (cont..)
 The DNS server queries the “root servers” for the information.
 The root zone only knows information about the zones they are responsible
for, which is the Top Level Domains (TLDs).
 There are 13 root servers which have copies distributed around the world.
 The root server will refer the DNS server to the “.net” TLD name servers .
The TLD Name servers knows information of all second level domains under
their zone.
29 Cont..
 The Top Level Domain Name servers will refer us to the DNS servers responsible for
“ripe.net”
 The DNS servers authoritative for ripe.net will give us the IP address for www.ripe.net”
and the web resource is displayed..

 Every time a DNS query is made, the root servers are the first servers to be contacted.
However, there is no need to contact the root servers every time a query is made since results
can be obtained from the DNS cache which stores information for recent previous queries.

 If the DNS server do not find the results in the cached copies it asks a series of servers
through a process called recursion until it reaches the authoritative name servers for that
domain.
30 Concept: Resource Records detail
 The database records of the distributed data base are called resource
records (RR)
 Resource records are stored in configuration files (zone files) at name
servers.
 Resource records consist of it’s name, it’s TTL, it’s class, it’s type and
it’s RDATA
 Everything behind the type identifier is called rdata

www.ripe.net. 3600 IN A 10.10.10.2

ttl rdata
Label type
class
31 Cont..
32 Resource Records Types

 SOA Start Of Authority

 NS Name Server
 A IPv4 name-to-address translation
 AAAA IPv6 name-to-address translation
 PTR Address-to-name translation
 MX Mail eXchanger
 CNAME Canonical NAME
 TXT Text
 …
33 DHCP(dynamic host configuration protocol)
 DHCP (Dynamic Host Configuration Protocol) is a network service that enables
clients to obtain network settings (IP Address, Subnet Mask, Default Gateway,
DNS Server, Hostname and Domain) automatically from a central server.

 The DHCP client sends a broadcast request to find the DHCP server and the DHCP
server in the subnet responds with an IP address (and other common network
parameters) from a pool of IP addresses.

 The IP address can be bound to the MAC address of the client

34 How does it work?
(1) IP scope (0)
DHCP discover
MAC address
DHCP
CLIENT DHCP offer
IP#, lease time
DHCP DHCP
(2) SERVER
DATABASE
DHCP request
IP#, MAC address
DHCP MAC address, IP#,
CLIENT DHCP ack
lease time
IP#, lease time

• Scope - a range of IP addresses

• IP lease - the IP# is assigned temporarily
• Reserved IP - servers are assigned fixed IP addresses
35 Workgroup
 Workgroup is Microsoft's term for peer-to-peer local area network.

 Computers running Microsoft operating systems in the

same workgroup may share files, printers, or Internet connection.

 logical groups of network devices

 each device is a standalone system, everyone is a peer

 They are on a single subnet.

 Workgroup are designed, for small LANs in homes, schools, and small
businesses.
36 Active directory domain service (AD DS)
 AD DS is a server services and foundation of windows network.

 Is a network directory service stores information about a computer

network and offers for retrieving and managing that information.

 The AD DS database is the central store of all the domain objects, such
as user accounts, computer accounts, and groups.

 AD DS provides a searchable hierarchical directory, and provides a

method for applying configuration and security settings for objects in
the enterprise.
37 Cont..
 It’s an administrative tool, but users make use of directory services to
find resources.

 Directory services provide a centralized management tool, but due to

complexity, requires careful planning prier to setup.

 AD DS domain controllers also host the service that authenticates user

and computer accounts when they sign in to the domain.
38 Active directory structure
 AD DS is composed of both logical and physical components.
 Understanding the various AD DS components is important to using Group
Policy successfully.
Logical components Physical components
• Partitions • Domain controllers
• Schema • Data stores
• Domains • Global catalog servers
• Domain trees • RODCs
• Forests
• Sites
• OUs
• Containers
39 Cont..

 An active directory site is simply a physical location in which

domain controllers communicate and replicate information regularly.
 Each domain controller contains a full replica of the objects that
make up the domain and is responsible for,

Storing a copy of the domain data and replicating changes to that

data to all other domain controllers in the domain.
40 Cont..
Providing data search and retrieval functions for users attempting
to locate objects in the directory.

Providing authentication and authorization services for users who

log on to the domain and attempt to access network resources.

 AD DS logical components are structures that you use to implement

an Active Directory design that is appropriate for an organization.
41 What Are AD DS Domains?
 An AD DS domain is a logical container used to manage user,
computer, group, and other objects.
 All domain controllers hold a copy of the domain database, which is
continually synchronized
 Any domain controller can authenticate any sign-in anywhere in the
domain
 AD DS requires one or more domain controllers
 The domain provides authorization Users
AD DS
 An administrative boundary for applying
policies to groups of objects.
Computers Groups
42 What Is a Domain Controller?
 Servers that host the AD DS database (Ntds.dit) and SYSVOL.

 A server with the AD DS server role installed that has specifically been
promoted to a domain controller.

 A domain controller (DC) is a server that responds to security authentication

requests within a Windows Server domain.

 Replicate updates to other domain controllers in the domain and forest

 Allow administrative access to manage user accounts and network

resources.
43 What Are Ous?
• The primary difference between OUs and
containers are the management
capabilities.

• Containers have limited management

capabilities. For instance, you cannot
apply a GPO directly to a container.
• containers are the default locations for
new objects.
• There is no a menu option for creating
new containers in Active Directory Users
and Computers, but can create new OUs
in AD DS at any time.
44 What are Trees ?
 A domain tree is a collection of one or more domains that share a
contiguous name space.
All domains in the tree:
 Share a contiguous namespace with the parent domain
 Can have additional child domains
 By default create a two-way transitive trust with other domains

contoso.com

emea.contoso.com na.contoso.com
45 What Is AD DS Forest?
• Forest is a collection of one or more active
Forest root
directory trees that that share a common
Tree root domain
directory schema and global catalog. domain

• All domains in all trees can communicate and adatum.com

share information.
• Can consists of a single trees, each with a
hierarchy of parent and child domains. fabrikam.com

• The first domain that is created in the forest is

called the forest root domain.
 The forest root domain contains a few objects that atl.adatum.com
do not exist in other domains in the forest.
Child domain
46 What Is the AD DS Schema?
 The AD DS schema is the component that defines all object classes
and attributes that AD DS uses to store data.
 It’s the blueprint for AD DS.
 The schema is replicated among all domain controllers in the forest.
In AD DS, the schema defines the following:
 Objects that store data in the directory
 Rules that define the structure of the objects
 The structure and content of the directory itself
47 Cont..
  AD DS uses objects as units of storage.

 An object is a grouping of information that describes a network

resource.
 Schema classes defines the type of objects that can be stored in active
directory
 Schema attributes defines what type of information is stored in each
object
 The information stored in each attribute is called the attribute vale
48 Cont..
49 What Is the Global Catalog?
 The global catalog is a partial, read-
only, searchable copy of all the
objects in the forest.

 Improves efficiency of object

searches by avoiding unnecessary
referrals to domain controllers.

 Required for users to log on to a

domain.
50 The AD DS Sign-in Process
 When users sign in to AD DS, their system looks in DNS for service resource
(SRV) records to locate the nearest suitable domain controller.
51 What is the AD DS Data Store?
 The AD DS data store contains the database files and processes that
store and manage directory information for users, services, and
applications
 Consists of the Ntds.dit file
  The Ntds.dit file on a particular domain controller contains all naming
contexts hosted by that domain controller, including the Configuration
and Schema naming contexts. 
 Is stored by default in the %SystemRoot%\NTDS folder on all domain
controllers
 Is accessible only through the domain controller processes and
protocols
52 What is AD DS Replication?
 AD DS replication copies all updates of the AD DS database to all
other domain controllers in a domain or forest.
AD DS replication:
 Ensures that all domain controllers have the same information
 Uses a multimaster replication model
 Can be managed by creating AD DS sites
Advantages of multi-master replication include:
 The elimination of single point of failure
 Faster replication as each domain controller can be involved with
replicating data.
53 What are Sites?
 An AD DS site is used to represent a network segment where all domain
controllers are connected by a fast and reliable network connection.
 For purposes of replication, AD DS logically organizes groups of servers into
sites,
Sites are:
 Associated with IP subnets
 Used to manage replication traffic
 Used to manage client logon traffic
 Used by site aware applications such as Distributed File Systems (DFS) or
Exchange Server
 Used to assign group policy objects to all users and computers in a company
location.
54

END of slide