September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.

Slides:



Advertisements
Similar presentations
COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.
Advertisements

Chapter Five Users, Groups, Profiles, and Policies.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Active Directory: Final Solution to Enterprise System Integration
Chapter 6 Introducing Active Directory
Chapter 8 Chapter 8: Managing Accounts and Client Connectivity.
Chapter 4 Chapter 4: Planning the Active Directory and Security.
Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Administering Active Directory
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server 2008
Overview of Active Directory Domain Services Lesson 1.
Overview of Active Directory Domain Services Lesson 1.
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Windows Server 2008 Chapter 4 Last Update
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.
Hands-On Microsoft Windows Server 2008
Working with domains and Active Directory
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Designing Active Directory for Security
Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Module 7 Active Directory and Account Management.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Active Directory Harikrishnan V G 18 March Presentation titlePage 2 Agenda ► Introduction – Active Directory ► Directory Service ► Benefits of Active.
 Identify Active Directory functions and Benefits.  Identify the major components that make up an Active Directory structure.  Identify how DNS relates.
By Rashid Khan Lesson 6-Building a Directory Service.
Hands-On Microsoft Windows Server 2008 Chapter 4-Part 1 Introduction to Active Directory and Account Manager.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Active Directory Infrastructure Microsoft Windows 2003 Active Directory Infrastructure MCSE Exam
OVERVIEW OF ACTIVE DIRECTORY
Introduction to Active Directory
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
Logical and Physical Network Design 1. Active Directory Objects Objects Represent Network Resources (Users,Groups,Computers,Printers) Attributes Store.
Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Active Directory.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Windows 2003 Architecture, Active Directory & DNS Lecture # 3 Hassan Shuja 02/14/2006.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Planning an Active Directory Deployment Lesson 1.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Managing User and Service Accounts
Configuring Windows Firewall with Advanced Security
Active Directory Fundamentals
Active Directory Administration
(ITI310) SESSIONS 6-7-8: Active Directory.
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Greta Mameniskyte IV course 3rd group
Windows Active Directory Environment
Presentation transcript:

September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard

September 18, 2002 Objectives What is Active Directory How is it Used Security Features

September 18, 2002 –To create a single, enterprise wide view of every network element regardless of location. –Provide single point management of the entire network, together with the ability to delegate to individual administrators management of particular parts of the network. –Enable administrators and users to easily and quickly find a particular network element such as a file or printer, by specifying a set of properties for the element sought. The Roll of Active Directory

September 18, 2002 –Directory – Source of information about objects. –Objects – Abstractions of categories of network elements, such as files and users. –Containers – Establish Active Directory hierarchy. Hold groups of similar objects. –Organizational Units (OU) – Named containers of users and other objects. –Attributes – Properties of objects, such as name, address, etc. –Global Catalog (GC) – Hierarchical database containing entries in enterprise domains. Needed Definitions

September 18, 2002 –Ad uses DNS naming for its domains. –Ad is dependent on DNS to act as a locator service. –DNS servers for an AD must be compatible with AD or AD will not function. –Four areas to document for an AD and DNS namespace design: Forrest Plan, Domain and DNS strategy, Organizational Units (Ous), Site Topology. AD’s Integration with DNS

September 18, 2002 –Due to nature of forests most enterprises’ forest will be small. –Forest are collections of multiple domain trees within AD. –Trees within Forest not only have a trust relation, but also common configuration. –The structure within a forest is transparent to users. Forest Plan

September 18, 2002 –Domains are the top-level division within a forest. –Domains should be both a logical and a physical division. –There is significantly more traffic within a Domain than between Domains. –New Domains should only be added as traffic overwhelms the available bandwidth. –A Domain is an administrative division, offering a boundary for security policies. Domains

September 18, 2002 –All objects within a Domain are granted identical security policies: –Password Policy –Account Lockout Policy –Kerberos Ticket Policies –A user can only be authenticated within the local Domain. A user cannot be authenticated to another Domain even within the same forest Domains (cont)

September 18, 2002 –The first domain to be established in a forest is the Root Domain. –Two way to establish Root –As a standard Domain that contains user accounts and published resources –As an empty Domain that has no purpose other than to publish the schema and make it available to all other domains in the forest –The first option in a system with only one domain has an advantage –The second has the advantage in larger systems as it can not become obsolete Root Domain

September 18, 2002 –OUs are the container objects that sit within domains that are designed to be flexible –An administrator can create, delete, or reorganize them at any time –Two items will impact the OU design: Group Policy, Administration –In both the OU is the boundary –Different administrators can be granted access to different OU, without concern of conflicts of administrative control –OU hierarchy can reflect organizational charts or other tree structure Organization Units (OUs)

September 18, 2002 –Site topology is a representation of the physical network –Sites, as well as their AD names, should represent the physical network, and have a domain controller within each –A site should consist of networks that are connected by fast and reliable links (LANs or high-speed WANs) –Unlike domains, sites are easily added, moved, changed, or deleted. –Use of sites is one of the methods that make AD scalable as a network grows Site Topology

September 18, 2002 –Rights can only be assigned to security principles –Security principles consist of user accounts, computer accounts, and security groups –Security groups are either Domain Local groups or Global groups –OUs are not security principles. Rights cannot be assigned to an OU with users and groups inheriting those rights. –Global groups may be created within an OU, thus effectively giving the OU rights Understanding Security

September 18, 2002 –Security for AD is configured in many places, but domainwide policies are configured in the Domain Security Policy console –Several containers within DSP console –Account Policy - File System –Local Policy - Public Key Polices –Event Log - IP Security Policies –Restricted Groups - Registry –System Services Domain Security Console

September 18, 2002 –Password Policy 1.Enforce password History 2.Maximum password age 3.Minimum password age 4.Minimum password length 5.Degree of complexity requirement 6.Store password using reversible encryption 7.User must logon to change password Account Policies

September 18, 2002 –Account Lockout Policy –Account Lockout Duration –Account Lockout Threshold (How many login attempts) –Reset Account Lockout Counter (Number of minutes before the threshold is reset to 0) Account Policy

September 18, 2002 –Kerberos Policy 1.Enforce user logon restrictions 2.Maximum lifetime for service ticket 3.Maximum lifetime for user ticket 4.Maximum lifetime for user ticket renewal 5.Maximum tolerance for computer clock synchronization Account Policy

September 18, 2002 –Audit policy 1.Logins 2.Access to objects 3.Access to system events 4.Policy changes –Event log 1.Settings manage the system, application, and security logs 2.Manages access to logs Local Policies

September 18, 2002 –Registry settings can secure individual registry keys from being edited by a user –An administrator can add, edit, or delete registry keys and then secure them –File System policy can configure security for files and folders. This is a more granular control over files and folders than share-level security as in NT 4.0. This offers a single point of security administration for the local domain controller Registry and File System

September 18, 2002 –Public key policies let you add automatic certificate request and manage the certificate authority behavior. –IP Security policies will manage IP Security(IPSEC) if installed Public Key and IPSec Policies

September 18, 2002 –Active Directory is a directory service available on Windows 2000 servers –AD allows for easier management and access to network facilities –Security of the network is a very important part of AD –Security is much more finely grained in AD than was available in previous MS servers –Still as with all MS closed source applications there are vulnerabilities that can be exploited Questions? Conclusion

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.