Presentation is loading. Please wait.

Presentation is loading. Please wait.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

Published byDouglas Bradley Modified over 9 years ago

Similar presentations

Presentation on theme: "© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D."— Presentation transcript:

1 © N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

2 Objective Outline the step-by-step installation and configuration of Active Directory

3 References www.microsoft.com www.windowsitpro.com www.visualwin.com http://www.microsoft.com/technet/prodtechnol/w indowsserver2003/library/DepKit/d2ff1315-1712- 48e4-acdc-8cae1b593eb1.mspxhttp://www.microsoft.com/technet/prodtechnol/w indowsserver2003/library/DepKit/d2ff1315-1712- 48e4-acdc-8cae1b593eb1.mspx http://en.wikipedia.org/wiki/Active%5FDirectory http://www.microsoft.com/technet/prodtech nol/windowsserver2003/technologies/director y/activedirectory/stepbystep/domcntrl.mspx #EFAAhttp://www.microsoft.com/technet/prodtech nol/windowsserver2003/technologies/director y/activedirectory/stepbystep/domcntrl.mspx #EFAA

4 Active Directory A directory service for the efficient management of users, resources and privileges that is based on standard protocols

5 Active Directory An efficient directory management service for users, resources and privileges that is based on standard Internet protocols

6 Active Directory Structure Domains Domain Trees Domain Forests

7 Active Directory Objects An object is a distinct named set of attributes that represents a network resource. Typical objects are users, groups, computers and printers. Each object has a number of attributes. For example, the user object has attributes such as password, name, password length and e-mail address.

8 Active Directory Groups Objects are typically grouped into classes, such as groups (a number of user accounts), computers and printers. When objects are grouped together, they are placed into a container that holds the objects (its like a desk draw that holds a number of objects).

9 AD Purpose Keep a central list of users and passwords Provide a set of servers to act as “authentication servers” known as a Domain Controller Maintain a searchable index of the things in the domain Allow you to create users with different levers of powers

10 Some AD Uses Multiple selection of user objects Drag and Drop functionality Efficient search capabilities Saved Queries

11 Requirements The computer must be Windows 2k, 2k3 Server, Advanced Server or Datacenter Server. At least one volume on the computer must be formatted with NTFS. DNS must be active on the network prior to AD installation or be installed during AD installation. DNS must support SRV records and be dynamic. The computer must have IP protocol installed and have a static IP address. The Kerberos v5 authentication protocol must be installed. Time and zone information must be correct

12 Installation Initiation From start menu run DCPROMO

13

14

15

16

17

18

19

20

21

22

23

24 Installing an DNS DNS is required for AD to function –Client use DNS to locate ad controllers –Servers and client computers register their names and IP addresses with DNS for IP resolution

25

26

27

28

29

30

31

32

33

34

35 Accessing AD Tools From start menu choose administrative tools and then AD tools

36

37

38 Creating a Child Domain Requirements –Existing domain –Member server

39

40

41

42

43

44

45 Active Directory Correction Locate and ensure that the domain controller is present to create a child domain

46 Group Policy Defines the various components of the users desktop environment that an administrator must manage Applies not only to user and client computers but also to member servers, domain controllers, and other 2003 server in scope of management

47 Groups Policy Continued Manage registry-based policy with Administrative Templates Assign scripts. This includes scripts such as computer startup, shutdown, logon, and logoff redirect folders, such as My Documents and My Pictures, from the Documents and Settings folder on the local computer to network locations

48 Active Directory Users and Computers AD users and computers AD users and computers are different from local users and computers

49 AD Users and Computers

50

51

52

53

54

55

56

57

58

59 Joining a Domain Computers may have to join a domain to be able to access the resources

60

61

62

63

64

65

66 Auditing Active Directory There are numerous options to configure auditing of usage It allows you to target specific activities, instead of taking a wider sweep of all activity on a computer. with a narrower scope of what you are auditing, will result in smaller logs which make reviewing the logged information more efficient. Finally, reducing the auditing options to just what you need will reduce the load on the computer, allowing it to provide more resources to other activities.

67 Auditable Features Account logon and logon events Object access Account management Directory service access Policy change System events Process tracking Privilege

68 Auditing Logon and Logon Events It keeps track of who tried to log on to what server This will audit each time a user is logging on or off from another computer in which the computer performing the auditing is used to validate the account. Example Windows XP logon to DC

69 Auditing Object Access This security setting determines whether to audit the event of a user accessing an object Example, a file, folder, registry key, printer, and so forth--that has its own system access control list (SACL) specified

70 Auditing Account Management Any changes to user or group accounts get logged here Examples: – Create a user – Create a group – Modify a group’s membership – Change a password

71 Auditing Privilege Use Determines whether to audit each instance of a user exercising a user right Too many outputs for every right exercised Be prepared for larger logs files Examples: – Logging on – Shutting down – Changing the system time

72 Auditing System Events Determines whether to audit when a user restarts or shuts down the computer or an event has occurred that affects either the system security or the security log Not many entries Logs whenever machine is restarted/shut down –Example: When you clear the security log or resize it

73 Auditing Directory Service Access This will audit each event that is related to a user accessing an Active Directory object which has been configured to track user access through the System Access Control List (SACL) of the object

74 Auditing Process Tracking Mostly used by programmers Tracks activity between program and the Operating systems

75

76

77 THE END

Download ppt "© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D."

Similar presentations

UNIVERSITY OF EDUCATION BY H.M.ISHTIAQ RAFIQUE. Domain Name Structure.

UNIVERSITY OF EDUCATION BY H.M.ISHTIAQ RAFIQUE. Domain Name Structure.
Windows Server 2003 AD 安裝設定與管理維護 林寶森

Windows Server 2003 AD 安裝設定與管理維護 林寶森
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
1 Chapter 1 Introduction to Windows Server 2003. 2 Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.

1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Domain Name Server © N. Ganesan, Ph.D.. Reference.

Domain Name Server © N. Ganesan, Ph.D.. Reference.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Understanding Active Directory

Understanding Active Directory
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

Similar presentations

Ads by Google