Windows Server 2003 Active Directory And Network Infrastructure Windows Server 2003的活動目錄和網絡基礎設施

By: UCertify Team到： UCertify隊
Windows Server 2003 Active Directory is a centralized database that stores the collection of information about all the resources available on the Windows Server 2003 domain. Windows Server 2003的Active Directory是一個中央數據庫存儲的資料收集所有可利用的資源的Windows Server 2003域。 It is a hierarchical representation of all the objects and their attributes available on the network.這是一個層次代表所有的對象及其屬性可以在網絡上。 It enables administrators to manage the network resources, ie, computers, users, printers, shared folders, etc., in an easy way.它使管理員能夠管理網絡資源，即計算機，用戶，打印機，共享文件夾，等等，一個簡單的方法。 The logical structure represented by Active Directory consists of forests, trees, domains, organizational units, and individual objects.的邏輯結構所代表的Active Directory包括森林，林木，域，組織單位和個人的物體。 This structure is completely independent from the physical structure of the network, and allows administrators to manage domains according to the organizational needs without bothering about the physical network structure.這種結構是完全獨立於物理結構的網絡，並允許管理員管理域根據組織需要沒有打擾的物理網絡結構。

Following is the description of all logical components of the Active Directory structure:以下是說明所有邏輯組件的Active Directory結構：

Forest : A forest is the outermost boundary of an Active Directory structure. 森林：森林是最外層的邊界的一個Active Directory結構。 It is a group of multiple domain trees that share a common schema but do not form a contiguous namespace.這是一組多個域樹都有一個共同的架構，但不形成一個連續的命名空間。 It is created when the first Active Directory-based computer is installed on a network.這是時創建的第一個Active Directory中的計算機上安裝了一個網絡。 There is at least one forest on a network.至少有一個森林網絡上。 The first domain in a forest is called a root domain.第一個域森林中被稱為根域。 It controls the schema and domain naming for the entire forest.它控制的架構和域命名為整個森林。 It can be separately removed from the forest.它可以分別從森林。 Administrators can create multiple forests and then create trust relationships between specific domains in those forests, depending upon the organizational needs.管理員可以創建多個森林，然後建立信任關係的特定網域在這些森林，這取決於組織的需要。

Trees : A hierarchical structure of multiple domains organized in the Active Directory forest is referred to as a tree. 樹 ：一個層次結構的多個網域組織的Active Directory林被稱為樹。 It consists of a root domain and several child domains.它是一個根域和若干子域。 The first domain created in a tree becomes the root domain.第一個域創建的一棵大樹成為根網域。 Any domain added to the root domain becomes its child, and the root domain becomes its parent.任何域添加到根域成為它的孩子，根域成為其母公司。 The parent-child hierarchy continues until the terminal node is reached.親子等級持續到終端節點的共識。 All domains in a tree share a common schema, which is defined at the forest level.所有領域在樹上都有一個共同的架構，是指在森林的水平。 Depending upon the organizational needs, multiple domain trees can be included in a forest.取決於組織的需要，多個域樹可以包含在一個森林。

Domains : A domain is the basic organizational structure of a Windows Server 2003 networking model. 域：域是基本的組織結構，在Windows Server 2003的網絡模型。 It logically organizes the resources on a network and defines a security boundary in Active Directory.它在邏輯上組織上的資源網絡，並確定一個安全的邊界在Active Directory中。 The directory may contain more than one domain, and each domain follows its own security policy and trust relationships with other domains.目錄中可能包含多個域，每個域如下它自己的安全政策和信任關係的其他領域。 Almost all the organizations having a large network use domain type of networking model to enhance network security and enable administrators to efficiently manage the entire network.幾乎所有的組織有一個大的網絡使用域類型的網絡模式，以加強網絡安全和使管理員能夠有效地管理整個網絡。

Objects : Active Directory stores all network resources in the form of objects in a hierarchical structure of containers and subcontainers, thereby making them easily accessible and manageable. 對象 ： Active Directory中存儲所有網絡資源的形式，對象，層次結構的容器和子，從而使它們方便和易於管理。 Each object class consists of several attributes.每個對象類包括若干屬性。 Whenever a new object is created for a particular class, it automatically inherits all attributes from its member class.每當一個新的目標是創建一個特定階級，它會自動繼承所有屬性及其成員國類。 Although the Windows Server 2003 Active Directory defines its default set of objects, administrators can modify it according to the organizational needs.雖然在Windows Server 2003 Active Directory中定義的默認設置的物體，系統管理員可以修改它根據組織的需要。

Organizational Unit (OU) : It is the least abstract component of the Windows Server 2003 Active Directory. 組織單位（ OU ） ：這是最抽象的組成部分，在Windows Server 2003 Active Directory中。 It works as a container into which resources of a domain can be placed.它可以作為一個集裝箱到這些資源的一個域也可以放在。 Its logical structure is similar to an organization’s functional structure.其邏輯結構類似一個組織的功能結構。 It allows creating administrative boundaries in a domain by delegating separate administrative tasks to the administrators on the domain.它允許建立行政界限在下放域名單獨的行政任務，管理員的網域。 Administrators can create multiple Organizational Units in the network.管理員可以創建多個組織單位的網絡。 They can also create nesting of OUs, which means that other OUs can be created within an OU.他們還可以創建嵌套的人群，這意味著其他人群可以創建一個OU中。

In a large complex network, the Active Directory service provides a single point of management for the administrators by placing all the network resources at a single place.在一個大型複雜的網絡， Active Directory服務提供了一個單點管理的管理員把所有的網絡資源在一個地方。 It allows administrators to effectively delegate administrative tasks as well as facilitate fast searching of network resources.它使系統管理員能夠有效地下放的行政任務，並促進快速搜索的網絡資源。 It is easily scalable, ie, administrators can add a large number of resources to it without having additional administrative burden.這是很容易擴展，即管理員可以添加了大量的資源，它無需額外的行政負擔。 It is accomplished by partitioning the directory database, distributing it across other domains, and establishing trust relationships, thereby providing users with benefits of decentralization, and at the same time, maintaining the centralized administration.它是由分區的目錄數據庫，分發給在其他領域，並建立信任關係，從而為用戶提供好處，權力下放，並在同一時間，維護集中管理。

The physical network infrastructure of Active Directory is far too simple as compared to its logical structure.物理網絡基礎設施的Active Directory太簡單相比，它的邏輯結構。 The physical components are domain controllers and sites.身體組成部分是域控制器和地點。

Domain Controller : A Windows 2003 server on which Active Directory services are installed and run is called a domain controller. 域控制器 ：一個Windows 2003的服務器上Active Directory服務的安裝和運行被稱為域控制器。 A domain controller locally resolves queries for information about objects in its domain.網域控制站當地解決了查詢信息的物體在其網域。 A domain can have multiple domain controllers.網域可以有多個域控制器。 Each domain controller in a domain follows the multimaster model by having a complete replica of the domain’s directory partition.每個域控制器的域如下的多主機模式，有一個完整的副本域的目錄分區。 In this model, every domain controller holds a master copy of its directory partition.在此模型中，每個域控制器擁有主副本的目錄分區。 Administrators can use any of the domain controllers to modify the Active Directory database.管理員可以使用任何域控制器修改Active Directory數據庫。 The changes performed by the administrators are automatically replicated to other domain controllers in the domain.這些變化由管理員自動複製到其他域控制器的域。

However, there are some operations that do not follow the multimaster model.但是，也有一些行動，不遵循多主機模式。 Active Directory handles these operations and assigns them to a single domain controller to be accomplished. Active Directory的處理這些業務，並指派到他們一個單一的域控制器完成。 Such a domain controller is referred to as operations master.這樣一個域控制器是指行動的主人。 The operations master performs several roles, which can be forest-wide as well as domain-wide.操作主機執行多個角色，可林範圍以及域範圍。

Forest-wide roles: There are two types of forest-wide roles: 森林廣泛的作用：有兩種類型的森林廣泛的作用：

Schema Master and Domain Naming Master.架構主機和網域命名主機。 The Schema Master is responsible for maintaining the schema and distributing it to the entire forest.架構主機是負責維護的架構和分發它向整個森林。 The Domain Naming Master is responsible for maintaining the integrity of the forest by recording additions of domains to and deletions of domains from the forest.域命名主機負責維持完整的森林通過記錄增補的域名和刪除的網域從森林。 When new domains are to be added to a forest, the Domain Naming Master role is queried.當新的域名是被添加到一個森林，域命名主機角色的質疑。 In the absence of this role, new domains cannot be added.如果沒有這種作用，新的領域不能說。

Domain-wide roles: There are three types of domain-wide roles: RID Master, PDC Emulator, and Infrastructure Master. 域範圍的角色：有三種類型的域範圍的角色： RID主機， PDC模擬器，碩士和基礎設施。

RID Master: The RID Master is one of the operations master roles that exist in each domain in a forest. RID主機： RID主機是一個操作主機角色存在於每個網域在森林中。 It controls the sequence number for the domain controllers within a domain.它控制的序列號為內域控制器的域。 It provides a unique sequence of RIDs to each domain controller in a domain.它提供了一個獨特的序列肋給每個域控制器的域。 When a domain controller creates a new object, the object is assigned a unique security ID consisting of a combination of a domain SID and a RID.當一個域控制器創建一個新的對象，該對象指定一個唯一的安全ID組成的結合域的SID和鐵路。 The domain SID is a constant ID, whereas the RID is assigned to each object by the domain controller.該網域的SID是一個持續的編號，而鐵路是分配給每個對象的域控制器。 The domain controller receives the RIDs from the RID Master.域控制器收到肋從RID主機。 When the domain controller has used all the RIDs provided by the RID Master, it requests the RID Master to issue more RIDs for creating additional objects within the domain.當域控制器使用了所有的肋所提供的RID主機，它要求RID主機發出更多的肋創造更多的物體的網域。 When a domain controller exhausts its pool of RIDs, and the RID Master is unavailable, any new object in the domain cannot be created.當一個域控制器其廢氣池肋，以及RID主機無法使用，任何新的物件的網域無法建立。

PDC Emulator : The PDC emulator is one of the five operations master roles in Active Directory. PDC模擬器 ： PDC模擬器是一個五操作主機角色在Active Directory中。 It is used in a domain containing non-Active Directory computers.這是用在一個域含有非Active Directory電腦。 It processes the password changes from both users and computers, replicates those updates to backup domain controllers, and runs the Domain Master browser.它處理更改密碼由用戶和計算機，複製這些更新，備份域控制器，並運行域主瀏覽器。 When a domain user requests a domain controller for authentication, and the domain controller is unable to authenticate the user due to bad password, the request is forwarded to the PDC emulator.當域用戶請求域控制器進行身份驗證，和域控制器無法驗證用戶由於密碼錯誤，請求轉交給PDC模擬器。 The PDC emulator then verifies the password, and if it finds the updated entry for the requested password, it authenticates the request. PDC模擬器然後驗證密碼，如果發現更新的入境要求的密碼，它會驗證請求。

Infrastructure Master: The Infrastructure Master role is one of the Operations Master roles in Active Directory. 基礎設施碩士：基礎設施總的作用是一個操作主機角色在Active Directory中。 It functions at the domain level and exists in each domain in the forest.它的職能在域級別和存在於每個網域在森林中。 It maintains all inter-domain object references by updating references from the objects in its domain to the objects in other domains.它保持所有域間對象引用更新參考的對象在其域名的物體在其他領域。 It performs a very important role in a multiple domain environment.它具有一個非常重要的角色多域環境。 It compares its data with that of a Global Catalog, which always has up-to-date information about the objects of all domains.它比較，其數據與全局編錄，其中一向的最新信息，物體的所有領域。 When the Infrastructure Master finds data that is obsolete, it requests the global catalog for its updated version.當基礎設施碩士認定的數據是過時的，它要求全局編錄的最新版本。 If the updated data is available in the global catalog, the Infrastructure Master extracts and replicates the updated data to all the other domain controllers in the domain.如果更新的數據可在全球目錄，基礎設施總提取物和複製的最新數據，所有其他域控制器的域。

Domain controllers can also be assigned the role of a Global Catalog server.域控制器也可以分配的作用，全局編錄服務器。 A Global Catalog is a special Active Directory database that stores a full replica of the directory for its host domain and the partial replica of the directories of other domains in a forest.全球目錄是一個特殊的Active Directory數據庫存儲的完整複製品目錄的主機域名和部分副本目錄的其他領域在森林中。 It is created by default on the initial domain controller in the forest.這是默認情況下創建的初步域控制器在森林中。 It performs the following primary functions regarding logon capabilities and queries within Active Directory:它具有以下主要職能方面的能力和登錄查詢在Active Directory ：

It enables network logon by providing universal group membership information to a domain controller when a logon request is initiated.它使網絡登錄，提供通用組成員信息到域控制器時，登錄請求啟動。

It enables finding directory information about all the domains in an Active Directory forest.它能夠找到目錄信息的所有領域在Active Directory森林。

A Global Catalog is required to log on to a network within a multidomain environment.全局編錄需要登錄到網絡內multidomain環境。 By providing universal group membership information, it greatly improves the response time for queries.通過提供通用組成員的資料，大大提高了響應時間查詢。 In its absence, a user will be allowed to log on only to his local domain if his user account is external to the local domain.在缺席聆訊下，用戶將可以登錄不僅對他的地方，如果他的網域用戶帳戶是外部給地方的網域。

Site: A site is a group of domain controllers that exist on different IP subnets and are connected via a fast and reliable network connection.網站：一幅是一組域控制器上存在不同的IP子網和連接通過一個快速和可靠的網絡連接。 A network may contain multiple sites connected by a WAN link.網絡可能包含多個網站連接的廣域網鏈接。 Sites are used to control replication traffic, which may occur within a site or between sites.網站是用來控制複寫流量，這可能會發生在一個網站或網站之間。 Replication within a site is referred to as intrasite replication, and that between sites is referred to as intersite replication.複製一個網站是被稱為站內複製，而且網站之間的被稱為間複製。 Since all domain controllers within a site are generally connected by a fast LAN connection, the intrasite replication is always in uncompressed form.由於所有域控制器在一個網站一般都連接快速LAN連接，站內複製的始終是在壓縮形式。 Any changes made in the domain are quickly replicated to the other domain controllers.所做的任何更改在域正在迅速複製到其他域控制器。 Since sites are connected to each other via a WAN connection, the intersite replication always occurs in compressed form.由於網站連接到對方通過廣域網方面，間複製總是發生在壓縮形式。 Therefore, it is slower than the intrasite replication.因此，低於站內複製。

About the Author : 作者簡介 ：

uCertify was formed in 1996 with an aim to offer high quality educational training software and services in the field of information technology to its customers. uCertify成立於1996年，目的是提供高質量的教育培訓軟件和服務領域的信息技術，其客戶。 uCertify provides exam preparation solutions for the certification exams of Microsoft, CIW, CompTIA, Oracle, Sun and other leading IT vendors. uCertify考試準備提供解決方案的認證考試微軟， CIW的， CompTIA的，甲骨文， Sun和其他領先的IT廠商。 To know more about uCertify, please visit為了更多地了解uCertify ，請訪問 http://www.ucertify.com/
Read more articles by: UCertify Team閱讀更多文章： UCertify隊

Article Source: www.iSnare.com 文章來源： www.iSnare.com

Save $30 instantly on McAfee Total Protection and Internet Security! 保存30美元即時的McAfee Total Protection和互聯網安全！