Download presentation
Presentation is loading. Please wait.
Published byBeverly Hamilton Modified over 9 years ago
1
Active Directory Travis Favors Ryan Manuel Robert Rayer
2
Active Directory Contains information of all objects in an organization’s network. Arranges Objects into logical, hierarchical groups. Provides permissions based on stored information. Authentication
3
Attributes Characteristics and Information that belong to an object Can be required or optional
4
Objects Entities of the network Composed of attributes Example Objects: User, Printer, Shared Folder
5
Object Classes Contains a list of associated attributes Blueprint for object creation
6
Schema Master List of all object classes Defines all objects and attributes available for an object Identifies the relationships between all objects
7
Schema User name department Printer name location Shared Folder name description Object Classes Attributes
8
Access Control Used to manage user access to shared resources Administered at object level by setting permissions Examples: Full control, write, read and no access Permissions are set to shared objects Shared objects are objects that is intended to be used over a network by more than one user Three elements define access control permissions
9
Security Descriptors Permissions are stored in security descriptors Security Descriptors contain two access control lists Discretionary Access Control List (DACL) System Access Control List (SACL)
10
User Authentication User’s Access Token Subject User SID Group SIDs List of Privileges Other Access Information Object’s Security Descriptor Object Object Owner SID Group SID ACE SACL ACE DACL Active Directory also authenticates and authorizes users, groups, and computers to access objects on the network The Local Security Authority (LSA) is responsible for all user authentication LSA generates two pieces of information after a user’s identity is confirmed
11
Object Inheritance OU Parent Object Child Object Objects inherit permissions from their parent container when they’re created Object inheritance can be turned off
12
Workgroups All Computers are peers. There is no host. User accounts aren’t shared. No more than 20 computers at once. Not protected by authentication All computers must be on the same local network/subnet.
13
Domains Servers as hosts/admins Easy to apply sweeping policy changes Users must provide authentication to access User accounts can access any computer on the domain Enforce consistency Borderline limitless capacity Distributed across multiple networks
14
Organizational Units Organize and segregate groups of a domain Smallest unit where group policy can be enforced Useful for representing the logical hierarchy of an organization Can be nested Reduces need for multiple domains to some degree Allows for granular delegation of administrative authority
15
Trees Domain trees are collections of domains with a hierarchal structure. Domains controlled by other domains are child domains, and the controlling domain is the parent domain.
16
Forests Complete instance of Active Directory Contains all Domain Trees, including their domains and organizational units The first, highest-level domain in a Forest is called the Forest Root Domain
17
Trust Relationships Extend security across multiple domains Allow access to data and storage locations on other domains “Transitive” trust relationships extend trust from the trusted domain to all of that domain’s trusted domains, whereas “Nontransitive” do not.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.