By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

Slides:



Advertisements
Similar presentations
Microsoft Active Directory
Advertisements

Windows Server 2003 AD 安裝設定與管理維護 林寶森
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.
Chapter 4 Chapter 4: Planning the Active Directory and Security.
Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
CS603 Active Directory February 1, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 1: Introduction to Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server 2008
Vikram Thakur Introduction to Active Directory Structure.
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Introduction to Active Directory Services Completely integrated with Microsoft Windows 2000 Server Integrates the Internet concept of namespace with the.
Overview of Active Directory Domain Services Lesson 1.
Overview of Active Directory Domain Services Lesson 1.
Nassau Community College
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.
Directory services Unit objectives
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Windows Server 2008 Chapter 4 Last Update
Working with domains and Active Directory
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 4 IT278 Network Administration Course Name – IT278 Network Administration Instructor.
Windows 2000 Operating System -- Active Directory Service COSC 516 Yuan YAO 08/29/2000.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 5: Active Directory Logical Design.
SERVER I SLIDE: 6. SERVER I Topics: Objective 4.3: Deploy and configure the DNS service Objective 5.1: Install domain controllers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
DFS & Active Directory Joshua Hedges |Brandon Maxfield | Robert Rivera | Will Zilch.
Module 7 Active Directory and Account Management.
Active Directory Harikrishnan V G 18 March Presentation titlePage 2 Agenda ► Introduction – Active Directory ► Directory Service ► Benefits of Active.
1 Windows 2008 Configuring Server Roles and Services.
 Identify Active Directory functions and Benefits.  Identify the major components that make up an Active Directory structure.  Identify how DNS relates.
Page 1 Active Directory and DNS Lecture 2 Hassan Shuja 09/14/2004.
Hands-On Microsoft Windows Server 2008 Chapter 4-Part 1 Introduction to Active Directory and Account Manager.
OVERVIEW OF ACTIVE DIRECTORY
Introduction to Active Directory
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
Module 1: Introduction to Active Directory
Logical and Physical Network Design 1. Active Directory Objects Objects Represent Network Resources (Users,Groups,Computers,Printers) Attributes Store.
Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Active Directory.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
1 Introduction to Active Directory Directory Services Uniquely identify users and resources on a network Provide a single point of network management.
MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition (70-294) Chapter 1: Overview of the Active.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Planning an Active Directory Deployment Lesson 1.
Overview of Active Directory Domain Services Lesson 1.
Active Directories: Purpose and Structure Chrystom Ciganko IFMG352 Final Presentation.
Overview of Active Directory Domain Services
Overview of Active Directory Domain Services
(ITI310) SESSIONS 6-7-8: Active Directory.
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Active Directory Stored collection of information about objects
Unit 3 NT1330 Client-Server Networking II Date: 1/6/2016
Chapter 4: Planning the Active Directory and Security
Microsoft Active Directory
ACTIVE DIRECTORY An Overview.. By Karan Oberoi.
Introduction to Active Directory Directory Services
Presentation transcript:

By Karan Oberoi

 A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer network's users and network resources.  Allows network administrators to manage users' access to the resources  Act as an abstraction layer between users and shared resources

 Provide file shares.  Authenticate users  Provide services, such as , Access to the internet, Print services etc.  Control access to services and shares.

Active Directory is Microsoft’s version of an LDAP based network directory service. »Active Directory allows administrators to define, arrange and manage objects, such as user data, printers and servers, so they are available to users and applications throughout the organization.

 Microsoft’s directory service which is included in the Windows 2000 and Windows Server 2003 operating system versions.  Is an implementation of LDAP directory services.  Called: ADS,NTDS  Goals and Benefits  Open Standards  High Scalability  Simplified Administration

Hierarchical Hierarchical Base object Domain Base object Domain OU Domain OU Objects Domain Tree Domain Tree Forest

 „old Friends “  User  Group  Computer  New Elements  Distribution Lists  System Policies  Application defined custom objects  Described in the Schema

Definition of all AD Definition of all AD Object-Types (Classes) Object-Types (Classes) Attributes Attributes Data-Types (Syntaxes) Data-Types (Syntaxes) Can be compared to a Database Schema Can be compared to a Database Schema ONE consistent Schema inside a single Forest ONE consistent Schema inside a single Forest Extensible Extensible

Firma.de  AD Base Element (Building Block)  NT 4 Compatible  Physically Implemented on Domain Controllers (DC)  Border for - Replication Traffic - Replication Traffic - System Policies - System Policies - Administration - Administration

LA Admin New York SalesAdminSales  Implements a Structure inside a Domain  Can be nested as needed  Can not be assigned any rights  Typically used for Administrative Reasons e.g. System Policies

 Hierarchical Domain Structure inside a single Namespace - adiscon.com - adiscon.com - la.adiscon.com - la.adiscon.com - ny.adiscon.com - ny.adiscon.com  Transitive Trusts created automatically  Sub-Domain must be added to Root-Domain – otherwise there will be no tree la.adiscon.com adiscon.com ny.adiscon.com Tree

 Combination of Trees  Disjunct Namespaces - adiscon.de - adiscon.com  Transitive Trusts created automatically  There is one single tree-root!  Sub-Tree must be added to Root-Tree, otherwise no Forest will be created

 Site: A site is a physical location, or LAN. This is different from a web site, which is an organization’s internet presence.  Domain : - A sub-network comprised of a group of clients and servers under the control of one security database. Dividing LANs into domains improves performance and security. - All resources under the control of a single computer system.

 Lightweight Directory Access Protocol (LDAP) -- a protocol used to access a directory service.  Lightweight Access Directory Protocol is the primary access protocol for Active Directory.

 The global catalog is the mechanism that tracks all of the objects managed across the network, across all domains within the organization.  Elements of the catalog are replicated across all of the domain controllers within all domains across the org.

 For Active Directory to function properly, DNS servers must support Service Location (SRV) resource records.  SRV resource records map the name of a service to the name of a server offering that service. Active Directory clients and domain controllers use SRV resource records to determine the IP addresses of domain controllers.

 Active Directory replicates its administration information across domain controllers throughout the “forest” utilizing a “multi-master” approach.  Multi-master replication among peer domain controllers is impractical for some types changes, so only one domain controller, called the operations master, accepts requests for such changes.

 Each domain controller has information for the entire forest to support authentication and access control.  This provides the ability for local domain controllers (the “tree”) to provide a quick local lookup of authority.  Not just users but every object authenticating to Active Directory must reference the global catalog server, including every computer that boots up

 Stores a physical Copy of the Active Directory Database - Currently a single Domain per DC supported! - Currently a single Domain per DC supported! - ESE95 Database (MS Exchange) - ESE95 Database (MS Exchange)  Logon Services - Kerberos - Kerberos - LAN Manager Authentication - LAN Manager Authentication  Its always recommended to have at least 2 Domain Controllers!

 Updates can be applied to ANY Domain Controller  Will be Replicated to each other Domain Controls (inside that Domain) within 15 Minutes  Optimized Algorithm reduces Replication Traffic  Not time based (triggered on demand, only)!

 All Domain Databases involved  Changes are transmitted compressed  via IP (RPC) or SMTP -SMTP not within a single domain! -SMTP not within a single domain!  Time Replication occurs can be configured  Volume of Replication Traffic can not be restricted!  Have an Eye on GCs!

 Improved Authentication  Permissions applied via ACLs - To Objects as whole - To Objects as whole - To specific Attributes - To specific Attributes  Fine-Tuning of Access Permissions possible  Tool-Support to visualize Security Settings. currently weak (try Visio!)

 Time Savings  Repository of Information  Increased Security

 DNS Dependency  No „Merge-Tree“  No Partitioning (only a single Domain per. Domain Controller)  Limited Tool-Support  Forest Global Schema  Schema-Modifications can not be undone

 Applications directly using and accessing the Active. Directory - e.g. Exchange e.g. Exchange Many more expected! - Many more expected!  Typically extend the Schema  May dramatically change usage pattern for Active. Directory Resources - Replication Traffic (new Objects, Attributes) - Replication Traffic (new Objects, Attributes) - AD Queries (GCs!) - AD Queries (GCs!)