active directory windows2003 server n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Active Directory Windows2003 Server PowerPoint Presentation
Download Presentation
Active Directory Windows2003 Server

Loading in 2 Seconds...

play fullscreen
1 / 93

Active Directory Windows2003 Server - PowerPoint PPT Presentation


  • 374 Views
  • Uploaded on

Active Directory Windows2003 Server. Agenda . What is Active Directory Building an Active Directory Using Active Directory Features Active Directory Objects Auditing Active Directory. Group Names. Charles Guzman Daniel Gebretensai Ervand Akopyan Hovik Gharadaghi. Active Directory.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Active Directory Windows2003 Server' - jethro


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
agenda
Agenda
  • What is Active Directory
  • Building an Active Directory
  • Using Active Directory Features
  • Active Directory Objects
  • Auditing Active Directory
group names
Group Names
  • Charles Guzman
  • Daniel Gebretensai
  • Ervand Akopyan
  • Hovik Gharadaghi
what is active directory
What is Active Directory
  • Efficient Directory Management service
  • Based on Standard Internet Protocols
  • Helps to Clearly Define a Network’s structure
requirements
Requirements
  • The computer must be Windows 2k, 2k3 Server, Advanced Server or Datacenter Server.
  • At least one volume on the computer must be formatted with NTFS.
  • DNS must be active on the network prior to AD installation or be installed during AD installation.
  • DNS must support SRV records and be dynamic.
  • The computer must have IP protocol installed and have a static IP address.
  • The Kerberos v5 authentication protocol must be installed.
  • Time and zone information must be correct.
why install dns
Why Install DNS?
  • Clients use DNS to locate Active Directory controllers.
  • Servers and client computers register their names and IP addresses with the DNS server.
active directory1
Active Directory
  • Domains – Group of computers
  • Domain Trees –Share contiguous Namespace
  • Domain Forests – Share common directory information
  • Organizational Units – Subgroup of Domains that mirror an organization
active directory2
Active Directory
  • Domains – Group of computers
  • Domain Trees –Share contiguous Namespace
  • Domain Forests – Share common directory information
  • Organizational Units – Subgroup of Domains that mirror an organization
requirements1
Requirements
  • Existing Domain
  • Member Server
what does active directory do for us
What does Active Directory do for us
  • Keep a central list of users and passwords
  • Provide a set of servers to act as “authentication servers” known as a Domain Controller
  • Maintain a searchable index of the things in the domain
  • Allow you to create users with different levers of powers
using active directory features
USING ACTIVE DIRECTORY FEATURES
  • Directory service back up reminders
  • Added replication security and fewer errors
  • Install from Media Improvement for Installing DNS servers
  • Support for running domain controllers in virtual machines
  • Extended storage of deleted objects
new ad features in windows 2003
New AD Features in Windows 2003
  • Multiple selection of user objects
  • Drag and Drop functionality
  • Efficient search capabilites
  • Saved Queries
new domain and forest wide ad features
New Domain and Forest Wide AD Features
  • Domain control rename tool
  • Different location option for user and computer accounts
  • Forest trusts
  • Replication enhancements
  • User access control to resources between domains and forests
group policy feature
Group Policy Feature
  • Defines the various components of the users desktop environment that an administrator must manage
  • Applies not only to user and client computers but also to member servers, domain controllers, and other 2003 server in scope of management
group policy cont d
Group Policy cont’d
  • Manage registry-based policy with Administrative Templates
  • Assign scripts. This includes scripts such as computer startup, shutdown, logon, and logoff
  • redirect folders, such as My Documents and My Pictures, from the Documents and Settings folder on the local computer to network locations
gp screenshots
GP Screenshots

Configuring a custom console

gp screenshots1
GP Screenshots

Adding a group policy object link

active directory objects
Active Directory Objects

ADDING AND REMOVING OBJECTS

active directory objects1
Active Directory Objects

Objects

An object is a distinct named set of attributes that represents a network resource. Typical objects are users, groups, computers and printers. Each object has a number of attributes. For example, the user object has attributes such as password, name, password length and e-mail address.

Objects are typically grouped into classes, such as groups (a number of user accounts), computers and printers. When objects are grouped together, they are placed into a container that holds the objects (its like a desk draw that holds a number of objects).

watching the network

Watching The Network

Auditing with Active Directory

situation

Situation

Something went wrong and the Boss asks:

“What kind of network activity have we had recently?

this helps in many ways
This helps in many ways
  • It allows you to target specific activities, instead of taking a wider sweep of all activity on a computer.
  • with a narrower scope of what you are auditing, will result in smaller logs which make reviewing the logged information more efficient.
  • Finally, reducing the auditing options to just what you need will reduce the load on the computer, allowing it to provide more resources to other activities.
what you can audit

What you can Audit ?

  • Audit account logon and logon events
  • Audit object access
  • Audit account management
  • Audit directory service access
  • Audit policy change
  • Audit system events
  • Audit process tracking
  • Audit privilege

Windows 2000 and every subsequent version of NT supports Audits

account logon and logon events

Account logon and Logon Events

It keeps track of who tried to log on to what server

This will audit each time a user is logging on or off from another computer in which the computer performing the auditing is used to validate the account.

Example

Windows XP logon to DC

audit object access

Audit Object Access

This security setting determines whether to audit the event of a user accessing an object

Example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified

audit account management

Audit Account Management

  • Any changes to user or group accounts get logged here
  • Examples:
    • Create a user
    • Create a group
    • Modify a group’s membership
    • Change a password
audit privilege use

Audit Privilege Use

Determines whether to audit each instance of a user exercising a user right

Too many outputs for every right exercised

Be prepared for larger logs files

Examples:

Logging on

Shutting down

Changing the system time

audit system events

Audit System Events

Determines whether to audit when a user restarts or shuts down the computer or an event has occurred that affects either the system security or the security log

Not many entries

Logs whenever machine is restarted/shut down

Example:

when you clear the security log or resize it

directory service access

Directory Service Access

This will audit each event that is related to a user accessing an Active Directory object which has been configured to track user access through the System Access Control List (SACL) of the object

audit process tracking

Audit Process Tracking

Mostly used by programmers

Tracks activity between program and the Operating systems

success or failure auditing
Success or Failure Auditing?
  • Each of these options provide two configuration settings:
    • Success and/or Failure.

These options are essential to help you track the required information that is generated from a user performing a task

tasks are typically related to one of the following
Tasks are typically related to one of the following
  • Permissions configured on the Access Control List of a resource
  • User Rights configured for a specific computer
  • Administrative privileges, typically granted through group membership
references
References
  • www.microsoft.com
  • www.windowsitpro.com
  • www.visualwin.com
  • http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/d2ff1315-1712-48e4-acdc-8cae1b593eb1.mspx
  • http://en.wikipedia.org/wiki/Active%5FDirectory
  • http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/domcntrl.mspx#EFAA