Presentation is loading. Please wait.

Presentation is loading. Please wait.

Review on Active Directory. Aim Enable users to find network resources easily Central and easy administration of users and resources in a domain Improve.

Published byPosy Wilkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Review on Active Directory. Aim Enable users to find network resources easily Central and easy administration of users and resources in a domain Improve."— Presentation transcript:

1 Review on Active Directory

2 Aim Enable users to find network resources easily Central and easy administration of users and resources in a domain Improve security by controlling access on resources and restrictions placed on user and computer configuration

3 Structure Hierarchical structure Forest Tree

4 Necessary components Domain controller(s) as central repository of the domain and provides access control DNS server for locating resources Other computers: servers and workstations added to domain by domain administrator

5 Protocols used Kerberos for network authentication Lightweight Directory Access Protocol (LDAP) to provide directory service (to get information about objects)

6 Information obtained from LDAP

7

8 Entry in AD dn: cn=John Doe,dc=example,dc=com cn: John Doe givenName: John sn: Doe telephoneNumber: +1 888 555 6789 telephoneNumber: +1 888 555 1234 mail: john@example.com manager: cn=Barbara Doe,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top

9 Search information in AD

10

11

12

13

14 Group Policy Rules to define settings of either users and computers Hundreds of settings can be defined Each setting has 3 possible states: –Not configured –Disabled –Enabled

15 Group Policy Apply to

16 Property of Group Policy Policy setting inherited by child containers A container can have multiple policies being applied Which policy setting comes into effect depends on it precedence of the policy

17 Group Policy Management Tool Download from Microsoft for easy management of group policy

18 Log on Procedure Authentication –User at log on –Computer at machine start Issue of Access Token –AD gathers all group policy applied to the user and computer and returns a list of SID to user’s computer –The LSA uses the SIDs to form an access token

19 Content of Access Token To show identity and privilege Name SID of user Groups SID of groups user belongs Logon SID (valid for a certain duration)

20 Request for use of network resources Authenticate the user’s request by comparing the Access Token to the Security Descriptor of an object

21 Content of Security Descriptor SID of owner SID of group (seldom used in Windows) DACL –SID, Rights –Deny on top System ACL

22 Update of Access Token Every 30 minutes or as set in the group policy

23 Samples of Group Policy A package called Common Scenario provided by Microsoft –Lightly managed –Mobile –Multi-user –App station –Task station –Kiosk

Download ppt "Review on Active Directory. Aim Enable users to find network resources easily Central and easy administration of users and resources in a domain Improve."

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
LDAP Lightweight Directory Access Protocol LDAP.

LDAP Lightweight Directory Access Protocol LDAP.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Virtual Directories: Attack Models and Prevention June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory.

Virtual Directories: Attack Models and Prevention June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Administering Active Directory

Administering Active Directory
Windows Server 2003. WHAT IS ACTIVE DIRECTORY? FUNDAMENTALS OF THE ACTIVE DIRECTORY – Benefits of Using the Active Directory in an Enterprise Environment.

Windows Server WHAT IS ACTIVE DIRECTORY? FUNDAMENTALS OF THE ACTIVE DIRECTORY – Benefits of Using the Active Directory in an Enterprise Environment.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Understanding Active Directory

Understanding Active Directory
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.

1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
Overview of Active Directory Domain Services Lesson 1.

Overview of Active Directory Domain Services Lesson 1.
Overview of Active Directory Domain Services Lesson 1.

Overview of Active Directory Domain Services Lesson 1.

Similar presentations

Ads by Google