Scribd
Upload
40 views88 pages

Active Directory and Application

The document provides an overview of Active Directory, detailing its purpose as a directory service for Windows server systems that manages network objects. It covers key components such as objects, schemas, trust relationships, and integration with DNS, as well as installation requirements and management of users, computers, and groups. Additionally, it discusses security protocols, auditing functionalities, and the Group Policy feature for managing user environments.

Uploaded by

WONDYE DESTA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
40 views88 pages

Active Directory and Application

The document provides an overview of Active Directory, detailing its purpose as a directory service for Windows server systems that manages network objects. It covers key components such as objects, schemas, trust relationships, and integration with DNS, as well as installation requirements and management of users, computers, and groups. Additionally, it discusses security protocols, auditing functionalities, and the Group Policy feature for managing user environments.

Uploaded by

WONDYE DESTA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 88

Agenda

• What is Active Directory


• Building an Active Directory
• Using Active Directory Features
• Active Directory Objects
• Auditing Active Directory
Introduction to Active
Directory
Overview of Active
Directory
• Directory services of the Windows
server system
• Stores information about network object
and makes the information available to
administrators, users, and applications
• Provides a single point of network
management allowing people to add,
remove, and relocate users and
resources easily
• Integrated with Internet’s hierarchical
domain naming system
Active Directory Properties

• Integration with DNS


• Flexible querying
• Information security
• Simplified administration
• Scalability
Object and Schema

• Objects are the basic entities that


constitute the Active Directory
– Each object will have it own globally
unique identifier (GUID)
• Schema
– Describes the object classes
– Defines the attributes for the object
classes
Structural Components
• Objects based hierarchical
structure with constructs
– Domains
– Trees
– Forests
– Trust relationships
– Organizational Units
– Sites
A Simple Active Directory
Structure
Active Directory and DNS
Integration
Tree

Parent and child domains in a domain tree. Double-headed arrows


indicate two-way transitive trust relationships
Forests

One forest with three domain trees. The three


root domains are not contiguous with each
other, but EuropeRoot.com and AsiaRoot.com
are child domains of HQ-Root.com.
Internal Trusts in a Forest

Shortcut trusts between Domains B and D, and between


Domains D and 2
Trust Relationships

• Transitive
• Two-way
• Shortcut trusts
• External trusts
Trust Relationships
Organizational Units

Intra-site replication with just one


Trust Relationships

Intra-site replication with two domains and two


global catalogs
Directory Protocols
• Based on standard directory protocols
• Interoperate with other protocols
• Example: LDAP
– LDAP it is used to add, modify, delete and
query information stored in AD
– LDAP to AD is like SQL to Oracle
– LDAP determines how a client can access
the directory, operations within the
directory and share directory data
Active Directory Security
• Based on Kerberos
• Supports multiple security
configurations for cross platform
interoperability
– Clients: A domain controller will
authenticate clients running RFC-1510
Kerberos. This will include other clients
running other operating systems.
– Unix clients and services: A Kerberos
principal is mapped to a Windows 2000 user
or computer account
Installation Of Active
Directory
Requirements
• The computer must be Windows 2k, 2k3 Server,
Advanced Server or Datacenter Server.
• At least one volume on the computer must be
formatted with NTFS.
• DNS must be active on the network prior to AD
installation or be installed during AD
installation.
• DNS must support SRV records and be dynamic.
• The computer must have IP protocol installed
and have a static IP address.
• The Kerberos v5 authentication protocol must
be installed.
• Time and zone information must be correct.
DCPROMO
Role of DNS

• Clients use DNS to locate Active


Directory controllers.
• Servers and client computers
register their names and IP
addresses with the DNS server
Managing Active Directory
Creating a Child Domain
Requirements

• Existing Domain
• Member Server
Managing Objects in Active
Directory
Frequently Managed
Objects

• Users
• Computers
• Groups
Managing Users
Managing Computers
A Client Joining a Domain
Managing Groups
Group Policy Feature
• Defines the various components of
the users desktop environment
that an administrator must manage
• Applies not only to user and client
computers but also to member
servers, domain controllers, and
other 2003 server in scope of
management
Group Policy cont’d
• Manage registry-based policy with
Administrative Templates
• Assign scripts. This includes scripts
such as computer startup, shutdown,
logon, and logoff
• redirect folders, such as My Documents
and My Pictures, from the Documents
and Settings folder on the local
computer to network locations
Configuring a Custom
Console
Adding a Group Policy
Object
Auditing

• Audit related functional activities


Some Auditable Activities
• Account logon and logon events
• Object access
• Account management
• Directory service access
• Policy change
• System events
• Process tracking
• Privilege
Some Auditing Function
• Logon/Logout
• User access to resources
– File, folder, registry key, printer etc.
• Account management
– Create users and groups, modify
membership, change password etc.
• Systems events
– Service start/stop
• Directory service access
– User’ access to Active Directory objects
The list of auditing options
The End

You might also like