Scribd
Upload
91 views

Active Directory Domain Controller

Active Directory is a directory service and centralized administration system used in Windows domains. It allows for single sign-on authentication so users only need one set of credentials to access multiple resources. A domain controller manages Active Directory and authenticates users. Key aspects include organizing users and computers into domains, organizational units, trees and forests for easier management. Group policies centrally manage configurations for users and computers.

Uploaded by

Vim Sam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
91 views

Active Directory Domain Controller

Active Directory is a directory service and centralized administration system used in Windows domains. It allows for single sign-on authentication so users only need one set of credentials to access multiple resources. A domain controller manages Active Directory and authenticates users. Key aspects include organizing users and computers into domains, organizational units, trees and forests for easier management. Group policies centrally manage configurations for users and computers.

Uploaded by

Vim Sam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 33

ACTIVE DIRECTORY

DOMAIN SERVICE
AND
DOMAIN CONTROLLER
RAJENDRA PAUDYAL
WHAT IS ACTIVE DIRECTORY?

• Active Directory is a directory service. The term directory service refers to two things — a directory where
information about users and resources is stored and a service or services that let you access and manipulate
those resources.
• A directory service is a container that provides a hierarchical structure and allows to store objects for quick and
easy access and manipulation. A directory service is like an electronic phone directory that lets you search for
Name and retrieve the phone number, address, or other information without knowing where that person lives

• Active Directory is a way to manage all elements of your network, including computers, groups, users,
domains, security policies, and any type of user-defined objects.
• It melds several NT services and tools that have functioned separately so far — User Manager for Domains,
Server Manager, Domain Name Server — and provides additional functions beyond these services and tools
ACTIVE DIRECTORY

• Active Directory is built around Domain Name System (DNS) and lightweight directory access
protocol (LDAP) —
• DNS because it is the standard on the Internet and is familiar, LDAP because most vendors support it.
• Active Directory clients use DNS and LDAP to locate and access any type of resource on the network.
Because these are platform-independent protocols, Unix, Macintosh, and other clients can access
resources in the same fashion as Windows clients.
• The two most important goals of Active Directory are
• Users are able to access resources throughout the domain using a single logon.
• Administrators are able to centrally manage both users and resources
ACTIVE DIRECTORY

• Active Directory is Microsoft’s answer to directory services and it does a lot more
than just locating resources.
• Active Directory take care of this by using Kerberos Authentication and Single Sign-On (SSO).
• SSO means ability of Kerberos to provide a user with one set of credentials and grant them access
across a range of resources and services with that same set of credentials.
• Kerberos authenticates the credentials and issues the user a ticket with which the user gains access
to the resources and services that support Kerberos.
• Active Directory also makes user management more easier as it acts as a single repository for all of
this user and computer related information
AD TERMINOLOGY

What’s a domain?
• A Windows domain is a group of computers which share a common account database. These
computers each have an associated account object which is contained by the domain container.
Because computers belonging to the domain share a common account database, file sharing
across these computers is simple. Basic rights to computers in a domain can be controlled via a
group policy object associated with the domain directory object.
• Starting with Windows 2000, Windows domains must have a corresponding DNS domain
associated with it. A Windows domain requires at least one domain controller where the common
account database is held.
AD TERMINOLOGY

What is OU (organization unit) ?


• This is a Windows term referring to an organizational structure.
• A Windows OU is an organization unit (a directory container) for grouping similar accounts or
machines. OUs are used to provide a means of delegating authority over a group of accounts or
machines to a person (the local administrator).
What’s a tree?
• A Windows tree is a group of one or more trusted Windows domains with contiguous DNS domains.
“Trusted” means that an authenticated account from one domain isn’t rejected by another domain.
TREE CONTINUE…….

• “Contiguous DNS domains” means that they all have the same root DNS name. For
example, the domains it.dept.washington.edu and dept.washington.edu are contiguous,
whereas fred.com and win.washington.edu are not contiguous.
• Trees have no physical representation like a domain controller, but require at least one
domain to exist. Trees are used to group Windows domains which need to share files,
policy, and resources.
AD TERMINOLOGY

What’s a forest?
• A Windows forest is a group of 1 or more trusted Windows trees. The trees do not need to have contiguous DNS names.
• A single tree can also be called a forest. A forest may be comprised of one or more trees. A forest may be comprised of
one or more domains.

What is a schema?
• The schema defines what attributes, objects, classes, and rules are available in the Active Directory. The schema is
shared by AD forest-wide and is replicated between all domains, so a schema modification in one domain affects the
schema in all other domains. Only special administrators known as Schema Administrators have the right to make
modifications.
AD TERMINOLOGY

What’s a global catalog server?


• The global catalog server’s function is to process directory searches for the entire forest.
Therefore, the GC has a subset of the searchable attributes for all objects in the AD,
regardless of the object’s parent domain.
• Among the things in the GC are entries for all the accounts and machines, with a subset
of the attributes for each object. A global catalog server must be a domain controller.
AD TERMINOLOGY

What is the top-level domain or the forest root domain?


• The top-level domain or forest root domain is the first domain installed in a forest.
What is group policy or a GPO?
• Group policy is a Windows term for common configuration settings.
• An administrator can create a group policy which applies to users or computers. This group policy can set certain computer
settings such as who can login to the computer or user settings such whether the user can run control panel applets.
• Group policy is similar to what was called policy in NT4, but there is a vastly improved performance together with a greater
number of common configuration settings.
• GPO, or group policy object, is a set of settings applied to a site, domain or OU container. The GPO then is applied to every
machine or user object under that container. One can configure a GPO with ACLs to restrict the computers or users to
which it is applied.
AD TERMINOLOGY

What is the group policy loopback feature?


• Group Policy is applied to a user or computer, based upon where the user or computer
object is located in the Active Directory. The computer’s GPOs are applied at computer
startup. The user’s GPOs are applied at login. However, in some cases, users may need
policy applied to them, based upon the location of the computer object, not the location of
the user object. The Group Policy loopback feature gives the administrator the ability to
apply Group Policy, based upon the computer that the user is logging onto. The computer’s
GPOs are still retrieved at computer startup, but the user portion of these GPOs isn’t applied
until a user logins in.
AD TERMINOLOGY

What is an ACL or access-control list?


• A list of security protections that applies to an object. An object can be a file, process,
event, directory entry or anything else having a security descriptor. An entry in an access-
control list (ACL) is an access-control entry (ACE).
What is an ACE or access-control entry?
• An entry in an access-control list (ACL). An ACE contains a set of access rights and a
security identifier (SID) that identifies a trustee for whom the rights are allowed, denied,
or audited.
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC

• Now that the installation of DC role is finished, you have to configure it for you server.
• Step 10 − Click “Server Manager” → Open the Notifications Pane by selecting the
Notifications icon from the top of the Server Manager. From the notification regarding
configuring AD DS (Active Directory Domain Services), click Promote this server to a
domain controller.
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC
STEPS TO CREATE AD DS WITH DC

• The installation is now complete


Thank you

You might also like