Active Directory System - Assignment Example

Active Directory 1. Data that is available in an Active Directory system is given to the one using it in a hierarchical manner that has similarities to the manner in which data is stored on a file system. Every entry of the data is known as an object. There are two types of objects that could be attached to a data system: containers and non-containers. These are also known as leaf nodes. There could be one or more than one containers that have their source in the branch container and these get divided in a hierarchical manner. Every container may consist of a leaf node or of other containers. The overall structure of the active directory would be stored in a hierarchical framework of objects. The idea would therefore be that the objects would fall into two broad categories: resources (e.g., printers) and security principals (user or computer accounts and groups). There are numerous security principals as part of the directory objects which would be assigned distinctive security identifiers (SIDs), that would be used in the long run for the control access and setting security. Each one of the components would be represent a single unit with no relevance of user, computer, printer, or group. The object in the scenario that would be of importance could range from any of the above and with any number of given set attributes that attached to the set up. Objects part of the system could be part of the other objects as well. The singular identity of an object is outlined with the help of a name and a given set of traits or attributes that distinguish an object from others. The given nature and characteristics of the object that the object may have intrinsic to itself is usually defined by a schema, that also plays a determining role in the decision on the kind of object that can be stored in Active Directory. 2. An index is a part of the system that would be used in the organization of data to ensure a fast retrieval or at least retrieving a quick answer. One method is the conduct of Server Performance Advisor’s AD test. In case the LDAP query takes a while then the best option is to find out whether indexing may help by getting some diagnostic data from the domain controller being queried against. This can be done by setting the registry values below and then retry the query. 3 1 a) A global catalog server would automatically have a domain controller (DC) that contains a naming context (NC) replica (one full, the rest partial) for each domain naming context in the forest. It has to be remembered here that every domain controller would be able to possess, read or write domain one naming context. This would therefore be like a partition address list to the server. A global catalog server would also be in possession of a read-only domain for the purpose of naming contexts in the context of that all other domains in the forest. Although the repadmin /add command defaults to a read/write connection, the connection type must match the type of the destination partition. Thus in cases where a replication link is added to a partition that is read-only in its nature, existing on a global catalog server there would need to be a specification entitled ‘read only’. . Each of the naming contexts represents a different aspect of the Active Directory data. The naming context would hold domain-specific data. In this case therefore the naming context would be dev.abc.net, while not new, this would be singular and individual in the sense that no other domain would have the same naming context. 2a). There is a distinction between the KCC (process running every fifteen minutes helping in the creation of a topology) and the process of replication itself. There is no way by which the KCC would be made to get involved in the supplementary work of actual data replication in any way or manner. Intrasite replications along the links created by the KCC used a notification process to announce that changes have occurred. When the Windows 2000 Active Directory had more than 200 sites with domain controllers the time taken by the KCC to drive up CPU usage to go up as much as 15 minutes. This would automatically slow the system down in a considerable manner. The idea in this context would be so ensure that there is an optimization of the replication to a set of targets in a master-subordinate environment, and the minimization of the impact that the process would have on the source. The problems in the context of the hospital server are simple. First and foremost there are a number of passes that are applicable on the source. The hospital currently has 25 domain controllers located in 9 departments around the hospital. the connections between the domain controllers are established using LAN. There are three departments that are using the older 10-Mbps hubs, while the other departments are using 10/100-Mbps switches. The utilization of network bandwidth between 8:00 a.m. and 6:00 p.m. averages 95 Per cent. This would therefore mean that a large part of the replications and the related link that start at the source stand in requisition of a pass over the replication set to acquire it. There is in short a long waiting list and the resources like the CPU time and I/O activity that are required in the number of passes would automatically be unavailable. This might not be found readily on the source database server, or might even cost too much. This would mean that the crux of the problem is that there be free memory space available of the system. The big duplication set, prepared with average numbers of replication links specific to the source and the overall overhead on the source database server could very well end up becoming unsustainable in case the quantity of data to be broadcasted to the targets is more than its stated capacity.. The solution to the problem would be simple. The idea will be to raise the overall amount of replication links to and fro between the road to the source and target so that there could be an addition to one or more intermediary targets between the original source and the end target databases. This can be demonstrated by the following figure: In more clear terms, this arrangement would overall mean that a cascade intermediary target/source (CITS) to the topology. The intermediaries work in their caopacity as data storage systems and overall take the replication task from the source thereby acting as a target for the first replication link. They thereby also act subsequentially as active sources for the movement of data so that the next replication link is fulfilled and this continues until the process reaches the cascade end targets (CETs). The basic idea therefore is to ensure that the design helps in ensuring that one chain of replication links between the source and every CET to transmit the data or its changes. 2 b) One of the best ways to ensure that files stored are preserved and not deleted is to ensure that there is a plan for the restoration of the Active Directory by configuring the organizational units (OUs); global groups; computer accounts; printers; and important user accounts (e.g., accounts that start services, boss's account), shared folders, and contacts so that no one can delete them. This can be done by using a number of methods in the process of configuration for AD objects as undeletable, depending on the delegation method that would be used. In this case for example, one could apply the Deny permissions to AD objects in the top-level OUs, thereby allowing inheritable permissions from the parent to propagate to lower-level objects. In order for the method to be used, one would have to open the Microsoft Management Console (MMC). Active Directory Users and Computers snap-in and select View, Advanced from the menu. Select the Security tab of the AD object that one would want to defend vis-à-vis accidental deletion, and click Advanced, and then one would have to select the Permissions tab, clicking on the word NAME so that permissions could be sorted by name following this by scrolling to the top of the list. Then the user would have to double-click the first user or group in the list that has the Delete Object permission for the object that the user wants to defend or Full Control of the object. 2c) Tools of Replication Trouble shooting: 1. Data Validation: the method is aimed at transactional and merger of replication that would allow the validation of data. 2. Tablediff utility: This is to be utilized in the comparison of data in two tables for non-convergence, and is mostly used in troubleshooting non-convergence in a replication topology. This utility can be used in conjunction with validation 3. System Monitor: This provides aid im ensuring a number of counters that are related to replication agents 4. SQL Server Profiler: SQL Server Profiler is a tool that could be used in the troubleshooting the replication performance. This can be captured and and data saved with respect to server events to a file or table to analyze later. 5. Error Reporting: this mechanism is enabled by default. In case there is a fatal error in the SQL Server Database Engine, in SQL Server Agent, or in Analysis Services, a report is automatically sent to Microsoft. References: Troubleshooting Replication, accessed January 5, 2010, Repadmin /Add Command Fails with Error 8445 on Global Catalog Server, accessed January 5, 2010, Master-Subordinate Cascading Replication, accessed January 5, 2010, Windows Server 2003: Active Directory Infrastructure. Microsoft Press. 2003. pp. 1–8 – 1–9 Richards J, Allen R, Lowe-Norris A R, 2006, Active Directory, O’Reilly Read More