active directory n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Active Directory PowerPoint Presentation
Download Presentation
Active Directory

Loading in 2 Seconds...

play fullscreen
1 / 19

Active Directory - PowerPoint PPT Presentation


  • 87 Views
  • Uploaded on

Active Directory. What is Active Directory?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Active Directory' - randy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
what is active directory
What is Active Directory?
  • Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as well as manages access to that information, Active Directory collects, organizes and manages access to information about network “objects” – such as computers, servers, printers, users, groups, etc.
  • For instance, one component is a Directory Service
    • Often likened to a phone book which one to look up numbers (from names) or services (yellow pages)
  • Active Directory is often just called AD
    • For example AD-DS is active

CSIT 320

standards
Standards
  • Active Directory is based upon some of the following standards (though not fully compliant with all of them)
    • DNS – AD needs DNS to work, follows its organization and naming conventions
    • X.500 – directory service protocol based on the OSI model (AD does not use the full X.500 standard)
    • LDAP (Lightweight Directory Access Protocol ) – part of the X.500 standard was Directory Access Protocol – LDAP is a scaled down, easier version of that
    • Kerberos – network authentication protocol – adds the security to AD

CSIT 320

hierarchical arrangement
Hierarchical Arrangement
  • Whereas a database has a “relational” structure, the objects in AD have a hierarchical, tree-like structure.
    • Thus there is a root
    • Every object other than the root has one and only one parent.
    • However, it can get complicated in that there are various levels (domains, organizational units, groups) as well as distinctions between logical separations and physical separations.

CSIT 320

domain
Domain
  • A domain is one of the main organizational units in Active Directory.
  • It collects resources and manages access to them for a set of users.
    • For instance users being logged in the same domain typically implies that those users will for the most part have access to the same resources and follow the same policies
    • In Active Directory diagrams , domains are represented by triangles.

CSIT 320

domain controller
Domain Controller
  • An AD domain must have at least one AD domain controller.
  • The domain controller manages the authentication of users granting them access to the domain and the resources it contains.
  • Best Practices suggests that there are at least two domain controllers in a domain so that access to the domain can still be granted if one controller is down.

CSIT 320

slide7
Tree
  • A tree is a set of domains that obey a DNS-type hierarchical naming structure. They belong to the same “namespace”.
    • A namespace provides a context in which a name has a well defined meaning.

lasalle.edu

luna.lasalle.edu

student.lasalle.edu

CSIT 320

forest
Forest
  • As the name suggests a forest is a collection of trees. Each tree has a its own namespace, but the different trees in the forest have different namespaces. However you may want them to be connected in some way – have some kind of trust relationship, some sharing of resources or just want to administer them as a unit.

lasalle.edu

lasalle.museum

CSIT 320

student.lasalle.edu

the first tree is the root
The first tree is the root
  • The trees in a forest still share a common root.
  • The first tree in the forest serves as the root.
  • It will have (at least initially) the global catalog – the collection of definitions, how the forests are organized, what the trust relationships are, names for all of the objects, etc.

CSIT 320

trust
Trust
  • If two domains have a trust relationship, it means that users from one domain can access resources from another domain.
    • That way an administrator does not have to give users accounts in both domains.
    • The domain with the resource is said to be “trusting” and the domain with the user is said to be “trusted”. Trust can be but doesn’t have to be a two-way street.

CSIT 320

organizational unit
Organizational Unit
  • Before we were moving up in the hierarchy from the original concept of a domain, an organizational unit on the other hand is lower in the hierarchy (farther from the root)
  • It is a container within a domain – resources like printers and file shares organized into smaller containers.
  • Example within the student.lasalle.edu domain, science students may be access to different shares and different printers from business students, etc.

CSIT 320

sites
Sites:
  • In a large company a logical container such as a domain might cover multiple physical locations.
  • This can cause a problem because a lot of information is passed between domain controllers.
  • So AD has the notion of a site to correspond to physical differences rather than logical differences
    • A site can have multiple domains
    • A domain may be spread over multiple sites

CSIT 320

some ad objects
Some AD Objects
  • User
  • Group
  • Computer
  • Printer
  • Distribution Lists
  • System Policies

CSIT 320

what is the schema
What is the Schema?
  • Just like in a database, Active Directory has a schema.
  • Definition of all AD objects,
    • For example , it will define a User, what attributes a User must have, what attributes a User might have, relationships between Users and Groups, etc.
  • ONE schema for a forest
  • Extensible
    • While a default set of definitions gets one started with AD, one can extend or create new objects

CSIT 320

what is a global catalog
What is a Global Catalog?
  • A distributed data repository containing a searchable, partial representation of every object in every domain in a forest.
  • Answers AD Search Queries
  • Must be present to successfully logon
  • Holds a copy of all Objects of the whole Forest…
  • ...but holds only a subset of the Attribute

CSIT 320

which role can a server have
Which Role can a Server have?
  • Member Server – server on a domain offering a non-active directory service
  • Domain Controller – as the name suggests its manages access to the resources within a domain
  • Global Catalog – while a domain controller stores the objects for the domain it “controls”, a global catalog server stores the objects from all domains in the forest.
    • A global catalog server is a domain controller, but a domain controller may not be a global catalog server

CSIT 320

multi master replication
Multi Master Replication
  • Updates can be applied to ANY Domain Controller
  • Will be Replicated to each other Domain Controls (inside that Domain) within 15 Minutes
  • Optimized Algorithm reduces Replication Traffic
  • Not time based (triggered on demand, only)!

CSIT 320

active directory security
Active Directory Security
  • Improved Authentication
  • Permissions applied via ACLs
    • To Objects as whole
    • To specific Attributes
  • Fine-Tuning of Access Permissions possible

CSIT 320

references
References
  • Windows Server 2008 R2 Unleashed, Rand Morimoto, Michael Noel, Omar Droubi, Ross Mistry and Chris Amaris, SAMS.
  • Active Directory for Dummies, Steve Clines and Marcia Loughry, Wiley.
  • http://www.tech-faq.com/active-directory-terminology-and-concepts.html

CSIT 320