Unit II

Windows Network Concepts

Content
Workgroups
Server Domain
Domain Controllers
LDAP & Windows Active Directory ®

1
Workgroups

The Microsoft term for a peer to peer

network is workgroup.
Most of the modern operating system
such as Windows 10 and latest version
of Windows build with peer to peer
network capabilities.

2
 Domain Name System
(DNS)
Domain Name System (DNS) is a naming system based on a distributed
database used in Transmission Control Protocol/Internet Protocol (TCP/IP)
networks to translate computer names to Internet Protocol (IP) addresses.
It is the widely used default naming system for IP-based networks.
DNS makes it easy to locate computers and other resources on these networks.
DNS is most commonly associated with the Internet.
DNS private networks use DNS extensively to resolve computer names and to
locate computers within their local networks and the Internet.

3
Domain Name System
(DNS)
DNS provides the following benefits:
◦ DNS names are user-friendly, which means that they are easier to remember
than IP addresses.
◦ DNS names remain more constant than IP addresses. An IP address for a
server can change, but the server name remains the same.

4
Server Domain

Addresses are used to locate objects

Names are easier to remember than numbers
You would like to get to the address or other objects using a name.
DNS provides a mapping from names to resources of several types

5
Domain
Namespace
The domain namespace is the naming scheme that provides the
hierarchical structure for the DNS database.
Each node, referred to as a domain, represents a partition of the DNS
database.

6
 Domain
Namespace...
Domains are “namespaces”
Everything below .com is in the com domain.
Everything below ripe.net is in the ripe.net domain and in the net domain.

•
com domain
net edu com •
• •
google
ripe.net domain
•
ripe isi sun tislabs
moon •
www disi
net domain ftp
• www
ws2 ws1

slideset 1 -7
DNS Concept: Domain
Namespace...
For example, in Figure 2.1, the domain name sales.microsoft.com
identifies the sales domain as a sub domain of the microsoft.com
domain and Microsoft as a sub domain of the com domain.

8
Figure 5.1
9
 DNS Concept: Domain
Namespace...
The hierarchical structure of the domain namespace consists of
a root domain,
top-level domains,
second-level domains, and
host names.

10
DNS Concept: Domain
Namespace...
The term domain, in the context of
DNS, is not related to the term as used
in the Windows 2000 directory services.
A Windows 2000 domain is a grouping
of computers and devices that are
administered as a unit.

11
 DNS Concept:
The namespace needs to be made hierarchical to be able to scale.
The idea is to name objects based on
◦ location (within country, set of organizations, set of companies, etc)
◦ unit within that location (company within set of company, etc)
◦ object within unit (name of person in company)

12
DNS Concept: Domain
Namespace..
Addresses are used to locate objects
Names are easier to remember than numbers
You would like to get to the address or other objects using a name
easily.

13
 Root Domain
The root domain is at the top of the hierarchy and is represented as a
period (.).
The Internet root domain is managed by several organizations, including
Network Solutions, Inc.

14
Top-Level Domains
Top-level domains are two- or three-character name codes.
Top-level domains are grouped by organization type or geographic
location.
Top-level domains can contain second-level domains and host names.

15
Second-Level
Domains
Organizations such as Network Solutions, Inc., assign and register
second-level domains to individuals and organizations for the Internet.
A second-level name has two name parts:
A top-level name and a unique second-level name.

16
 Host Names

Host names refer to specific computers on

the Internet or a private network.
For example, in Figure 5.1, Computer1 is a
host name.
A host name is the leftmost portion of a
fully qualified domain name (FQDN),

17
Fully Qualified Domain Name
(FQDN)
FQDN describes the exact position of a host within the domain
hierarchy.
Fully Qualified Domain Name (FQDN)
Example WWW.RIPE.NET.
labels separated by dots
DNS provides a mapping from FQDNs to resources of several types

18
 Fully Qualified Domain Name
(FQDN)
Names are used as a key when fetching data in the DNS

In Figure5.1,Computer1.sales.microsoft.com.
(including the end period, which represents the root domain)
is an FQDN.
DNS uses a host's FQDN to resolve a name to an IP
address.
The host name does not have to be the same as the
computer name. By default, TCP/IP setup uses the
computer name for the host name

19
DNS Concept:
DNS provides a mapping from names to resources of several types
The DNS maps names into data using Resource Records.

Resource Record
www.ripe.net. … A 10.10.10.2

Address Resource

20
 Domain Naming Guidelines
(reading assignment)

When you create a domain namespace, consider the following domain

guidelines and standard naming conventions:
Limit the number of domain levels. Typically, DNS host entries
should be three or four levels down the DNS hierarchy and no
more than five levels down the hierarchy. The numbers of levels
increase the administrative tasks.
Use unique names. Each sub domain must have a unique name
within its parent domain to ensure that the name is unique
throughout the DNS namespace.

21
 Domain Naming Guidelines
(reading assignment)
Use simple names. Simple and precise domain names
are easier for users to remember and they enable
users to search intuitively and locate Web sites or
other computers on the Internet or an intranet.
Avoid lengthy domain names. Domain names can be
up to 63 characters, including periods. The total length
of an FQDN cannot exceed 255 characters. Case-
sensitive naming is not supported.

22
 WHAT IS ACTIVE DIRECTORY?

•ACTIVE DIRECTORY IS A DIRECTORY SERVICE.

THE TERM DIRECTORY SERVICE REFERS TO TWO
THINGS — 1. A DIRECTORY WHERE
INFORMATION ABOUT USERS AND RESOURCES IS
STORED AND
2. A SERVICE OR SERVICES THAT LET YOU
ACCESS AND MANIPULATE THOSE RESOURCES.
Active Directory is a way to manage all elements of your network,

including computers, groups, users, domains, security policies, and any

type of user-defined objects.

24
Active Directory is built around Domain Name
System (DNS) and lightweight directory access
protocol (LDAP)

DNS because it is the standard on the Internet and is

familiar,

LDAP because most vendors support it.

25
Directory clients use DNS and LDAP to locate and
access any type of resource on the network. Because
these are platform-independent protocols, Unix,
Macintosh, and other clients can access resources in
the same fashion as Windows clients.

26
 Goal of Active directory
•The two most important are :
1.Users should be able to access resources throughout the domain using
a single logon.
2.Administrators should be able to centrally manage both users and
resources.

27
 FUNDAMENTALS OF ACTIVE
DIRECTORY
1. If a client wants to access a service or a resource, it does so using the

resource’s Active Directory name. To locate the resource, the client

sends a standard DNS query to a dynamic DNS server by parsing the

Active Directory name and sending the DNS part of the name as a

query to the dynamic DNS server.

2. The dynamic DNS server provides the network address of the domain
controller responsible for the name. This is similar to the way static
DNS currently operates — it provides an IP address in response to a
name query.
3. THE CLIENT RECEIVES THE DOMAIN
CONTROLLER’S ADDRESS AND USES IT TO MAKE
AN LDAP QUERY TO THE DOMAIN CONTROLLER.
THE LDAP QUERY FINDS THE ADDRESS OF THE
SYSTEM THAT HAS THE RESOURCE OR SERVICE
THAT THE CLIENT REQUIRES.
4. THE DOMAIN CONTROLLER RESPONDS WITH THE
REQUESTED INFORMATION. THE CLIENT ACCEPTS
THIS INFORMATION.
5. THE CLIENT USES THE PROTOCOLS AND
STANDARDS THAT THE RESOURCE OR SERVICE
REQUIRES AND INTERACTS WITH THE SERVER
PROVIDING THE RESOURCE.
 Active Directory in an
Enterprise Environment
You can create new object types.
Standard object definitions include users, groups, computers, domains,
organizational units, and security policies.
Ten million objects per domain are allowed.

Trusts are, by default, transitive. If domain A trusts

domain B and domain B trusts domain C, then
domain A will trust domain C.

30
•Active Directory’s Class Store and Group Policy Editor (GPE) let users
access and download applications to which they are entitled, regardless
which machine they are sitting at. Active Directory’s Microsoft Installer
(MSI) lets developers package applications for use with Active Directory.

•A domain controller can be moved to another site or to another domain

without having to reinstall 2000 Server.
Logical Domain
Structure of Active
Directory
•Active Directory is best understood from bottom to top.
•As an organization becomes larger and more complex, bottom-level
units can be joined to make higher-level units.
•For example, domains can be joined in a hierarchical way to make
domain trees, and domain trees can be joined with trusts to make
domain forests.
•We look at the hierarchy of units (from bottom to top) in the following
sections.
 Simple Objects

•Simple objects include computers, groups, users, security policies, and user-
defined objects.
•Objects have attributes, some of which are mandatory and some of which are
optional.
•To view objects in 2000 Server Active Directory, click Start and select
Programs, Administrative Tools, Directory Management.
•Then select Advanced on the View menu to bring up a window shown on next
slide:
•In example note that seven objects are under the domain object,
acernt5dom, and eight objects are under the highlighted object Builtin.
•To find the properties and attributes of any object, simply highlight and
right-click the object and select Properties.
•The properties of Builtin are shown in next slide: