Download presentation
Presentation is loading. Please wait.
Published byJune Quinn Modified over 9 years ago
1
Microsoft Active Directory ITL
2
© 2005 Hans Kruse, Shawn Ostermann, Carl Bruggeman, Ohio University 2 Early Networking Schemes Windows LAN Manager, AppleTalk –Broadcast-based service discovery –Security attached to each object Unix NFS, lpr –TCP/IP based –workstation-level security
3
© 2005 Hans Kruse, Shawn Ostermann, Carl Bruggeman, Ohio University 3 NOS (Network Operating System) 3COM, Novell –User data stored on a central server –“Single sign-on” –Resources discovered by broadcast announcements –Client software for Windows, Apple, Unix
4
© 2005 Hans Kruse, Shawn Ostermann, Carl Bruggeman, Ohio University 4 Microsoft, Take one Windows NT domains –Single name space –40,000 object limit –WINS name resolution –NETBEUI and TCP/IP transport –Master-slave database replication –Domain-wide administrator role designation –Inter-domain trust relationships
5
© 2005 Hans Kruse, Shawn Ostermann, Carl Bruggeman, Ohio University 5 Microsoft, Take two Active Directory (Windows 2000, XP, 2003) –Core protocols: Dynamic DNS LDAP Kerberos Hierarchical name space (based on DNS) Multi-master peer database replication
6
© 2005 Hans Kruse, Shawn Ostermann, Carl Bruggeman, Ohio University 6 Dynamic DNS Client or DHCP server modify DNS when the client gets an IP address –In AD the client sends the update request –Standard requires DNSSEC AD uses internal ACLs instead Servers update DDNS based on the roles they acquire and the services they can provide
7
© 2005 Hans Kruse, Shawn Ostermann, Carl Bruggeman, Ohio University 7 LDAP Light-weight Directory Access Protocol –Based on the structure of ISO X.500 –Compatible with X.500 data schemas –Does not rely on ISO protocols Example of a DN (distinguised, aka unique, name in LDAP) –CN=Steve Kille, O=Isode Limited, C=GB
8
© 2005 Hans Kruse, Shawn Ostermann, Carl Bruggeman, Ohio University 8 Service Discovery in AD Based on DNS SRV records For Example, the general catalog server: –_gc._tcp.mycorp.com. 600 IN SRV 0 100 3268 moose.mycorp.com. LDAP Servers: –_ldap._tcp.mycorp.com. 600 IN SRV 0 100 389 moose.mycorp.com. There can be many SRV records for a service AD uses SRV records for –General Catalog servers –Kerberos –Domain Controllers
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.