Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Published bySamuel Woods Modified over 8 years ago

Similar presentations

Presentation on theme: "Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer."— Presentation transcript:

1 Active Directory

2 Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer the computing facilities easily and centrally such as Granting access to a computer Give permission to use a printer Read and write files to a certain folder And to ensure the security of the system

3 Active Directory: What is it? Active Directory (AD) is an implementation of LDAP directory services by Microsoft for use primarily in Windows environments. Its main purpose is to provide central authentication and authorization services for Windows based computers. Active Directory also allows administrators to assign policies, deploy software, and apply critical updates to an entire organization.

4 What is it Active Directory stores information and settings relating to an organization in a central, organized, accessible database. Active Directory networks can vary from a small installation with a few hundred objects, to a large installation with millions of objects.

5 What is it An Active Directory (AD) structure is a hierarchical framework of objects. The objects fall into three broad categories: resources (e.g. computers), services (e.g. e- mail) and users (user accounts and groups). The AD provides information on the objects, organizes the objects, controls access and sets security.

6 AD Structure Domain based Hierarchical tree structure Network resources are objects Containers for grouping Objects have attributes, allow security to build

7 Elements of AD Domain Organization Unit Group User

8 Elements of AD Site Computer Print Queue Contact

9 Elements of AD PolicyLicense Site

10 AD as centre of network

11 Domain Each AD must has at least one Domain Controller which is the central management of the system. The other computers, computing resources including people (users) are joined to the AD by the administrator The Domain Naming System as used in Internet is used to name the resources in the AD.

12 LDAP The Lightweight Directory Access Protocol, or LDAP is used to add, modify and delete information stored in Active Directory as well as to query and retrieve data over TCP/IP. LDAP is used as a source of information for authorization.

13 Directory Service

14 Directory Services Telecommunication companies introduced the concept of directory services to information technology and computer networking, as their understanding of directory requirements was well-developed after some 70 years of producing and managing telephone directories.

15 Directory Services The X500, protocol for directory services was created in the 1960s. X.500 directory services were traditionally accessed via the X.500 Directory Access Protocol (DAP), which required the Open Systems Interconnection (OSI) protocol stack. The LDAP is a light weight alternative that uses the TCP/IP stack.

16 Application of Directory Service Part of Network OS Stores and organizes information about a computer network's users and network resources Acts as a central/common authority that can securely authenticate the system resources that manage the directory data

17 Example MS Active Directory Sun Java System Directory Server IBM Tivoli Directory Server

18 Domain Name System Domain Name/ IP Address resolution system, used chiefly in Internet A distribution systems contains a no. of root domain servers and each domain has its own domain server The domain name follows a certain structure, the namespace

19 AD and DNS DNS domains are for finding resources. AD domains are for organizing resources. Work together in AD

20 AD and DNS work together

21 Structure in AD Forest Tree Domain Organization Unit (OU) Group

22 Domain Tree

23 AD Forest When different namespace is required Must share common schema and Global Catalog Server

24 Organizational Unit Contains the following units for easy management Users Computers Groups Printers Applications Security Policies File shares

25 Group Policy Group policy is a feature of Microsoft Windows NT family of operating systems that provides centralized management and configuration of computers and remote users in an Active Directory environment to restrict certain actions that may pose potential security risks. It can also be applied to offline computers and roaming users

26 Group Policy Group Policies are rules to define user or computer settings for an entire group of users or computers at one time. The settings that you configure are stored in a Group Policy Object (GPO), which is then associated with Active Directory containers such as sites, domains, or organizational units.

27 Group Policy Many different aspects of the network, desktop, and software configuration environments can be managed through Group Policies. registry settings for both users and computers file system permissions, Internet Explorer settings, registry permissions, software distribution, etc.

28 Group Policy Group Policies are analyzed and applied at startup for computers and during logon for users. The client machine refreshes most of the Group Policy settings periodically.

29 Group Policy Multiple group policies can be created and distributed. User and computers accounts can have more than one policy applicable to them based upon the site, domain, or OU they are in, security groups, or any combination.

30 Group Policy Processing Order LSDOU Local Computer Policy Site Domain OU Organization Unit (Sub-OU) The policy processed last will take precedence (win)

31 Logon procedure in AD Client makes a RPC and passes its configuration (domain membership, IP) to Netlogin service Netlogin makes query to DNS server Query changed to a form of LDAP DNS Server returns a list of domain controller to client Client sends request to individual controller

32 Logon procedure in AD Domain controllers respond by sending Netlogin of client operational status Client establishes LDAP session with domain controller at its site Login and authentication follows

33 Authentication procedure Authentication request to domain controller Domain controller verifies credential Domain controller sends user ’ s System Identifier (SID) to client computer as a token Resource compares SID with its ACL when a user requests use of the resource

34 Use of Access token

35 Authentication Protocol Windows NT: NT Lan Manager (NTLM) Aged protocol Relatively easy to crack Windows 2000/2003: Kerberos

36 AD at work

37

38

39

40 Active Directory Security Industry-standard secure protocols Kerberos (Authentication) LDAP over SSL (Authorization) X.509 (Cert-based Authentication) Smart cards Public Key Infrastructure (PKI) Domain trusts Security groups and permissions

41 Kerberos for authentication

42 Advantages of using Kerberos Central authentication with service tickets for resources No need to authenticate with the resources one by one Saving of bandwidth Session key encrypted with timestamp, save from eavesdropping and replay attack

43 AD and Certificates A Certificate Authority can be installed within the AD to provide additional security such as using L2TP for remote VPN services Enrollment to certificate can be easily done through a web browser

Download ppt "Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer."

Similar presentations

COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.

COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Introduction to Active Directory

Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
CS603 Active Directory February 1, 2001.

CS603 Active Directory February 1, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.

Hands-On Microsoft Windows Server 2003 Administration Chapter 1 Windows Server 2003 Network Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.

1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008

Similar presentations

Ads by Google