Active Directory Nanda Ganesan, Ph.D.
References • Technical overview of Windows 2003 Active Directory • Introduction to Windows 2003 Active Directory in application mode • Windows 2003 Reviewer’s Guide
Agenda • What is Active Directory • Building an Active Directory • Using Active Directory Features • Active Directory Objects • Auditing Active Directory
Group Names • Contributions made by • Charles Guzman • Daniel Gebretensai • Ervand Akopyan • Hovik Gharadaghi
Overview of Active Directory • Directory services of the Windows server system • Stores information about network object and makes the information available to administrators, users, and applications • Provides a single point of network management allowing people to add, remove, and relocate users and resources easily • Integrated with Internet’s hierarchical domain naming system
Active Directory Properties • Integration with DNS • Flexible querying • Information security • Simplified administration • Scalability
Object and Schema • Objects are the basic entities that constitute the Active Directory • Each object will have it own globally unique identifier (GUID) • Schema • Describes the object classes • Defines the attributes for the object classes
Structural Components • Objects based hierarchical structure with constructs • Domains • Trees • Forests • Trust relationships • Organizational Units • Sites
Tree Parent and child domains in a domain tree. Double-headed arrows indicate two-way transitive trust relationships
Forests One forest with three domain trees. The three root domains are not contiguous with each other, but EuropeRoot.com and AsiaRoot.com are child domains of HQ-Root.com.
Internal Trusts in a Forest Shortcut trusts between Domains B and D, and between Domains D and 2
Trust Relationships • Transitive • Two-way • Shortcut trusts • External trusts
Organizational Units Intra-site replication with just one domain .
Trust Relationships Intra-site replication with two domains and two global catalogs
Directory Protocols • Based on standard directory protocols • Interoperate with other protocols • Example: LDAP • LDAP it is used to add, modify, delete and query information stored in AD • LDAP to AD is like SQL to Oracle • LDAP determines how a client can access the directory, operations within the directory and share directory data
Active Directory Security • Based on Kerberos • Supports multiple security configurations for cross platform interoperability • Clients: A domain controller will authenticate clients running RFC-1510 Kerberos. This will include other clients running other operating systems. • Unix clients and services: A Kerberos principal is mapped to a Windows 2000 user or computer account
Requirements • The computer must be Windows 2k, 2k3 Server, Advanced Server or Datacenter Server. • At least one volume on the computer must be formatted with NTFS. • DNS must be active on the network prior to AD installation or be installed during AD installation. • DNS must support SRV records and be dynamic. • The computer must have IP protocol installed and have a static IP address. • The Kerberos v5 authentication protocol must be installed. • Time and zone information must be correct.
Role of DNS • Clients use DNS to locate Active Directory controllers. • Servers and client computers register their names and IP addresses with the DNS server