0% found this document useful (0 votes)
149 views24 pages

01-Introduction To Active Directory

Active Directory is Microsoft's directory service that provides centralized management of users, groups, computers and other network resources through a domain architecture. It uses a domain model with domain controllers that contain directory information and replicate this data across domains to provide authentication and authorization services to clients. Active Directories can be organized into hierarchical trees and multiple trees can be linked through transitive trusts to form forests for managing large and complex network environments.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
149 views24 pages

01-Introduction To Active Directory

Active Directory is Microsoft's directory service that provides centralized management of users, groups, computers and other network resources through a domain architecture. It uses a domain model with domain controllers that contain directory information and replicate this data across domains to provide authentication and authorization services to clients. Active Directories can be organized into hierarchical trees and multiple trees can be linked through transitive trusts to form forests for managing large and complex network environments.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 24

CEG 2400 Fall 2012

Directory Services
Active Directory

Tree

Domain Domain Domain


Directory Services
Active Directory
• Microsoft Directory service
• Initially released in 1999
• Originally designed for Windows 2000
Server
– Enhanced with Windows Server 2008
• Windows Server 2008 types
– Workgroup model
– Domain model
2
Workgroups
• Peer-to-peer network
• Decentralized management
– Each computer has own database
• User accounts, security privileges
– Significantly more administration effort
• Practical for small networks
– Few users
– Simple to design, implement

3
Directory Services
Active Directory – Domain Model
• Three main parts
– Domain
– Tree
– Forest

4
Domains
• Client/server network with a shared
database
• Domain - Group of users, servers, and
other resources
– Share centralized account and security
information in a database
• Active Directory
– Contains domain database with objects and
attributes and schema
– Makes it easier to organize and manage
5
resources and security
Active Directory - Domains
• Domain not confined by geographical
boundaries
• Domain controller servers
– Contains directory information about objects
in a domain
• Member servers
– Do not store directory information, can’t be
used to authenticate users
• Replication
– Process of copying directory data to multiple
domain controllers 6
Domains

Domain model on a Windows Server 2008 network

7
Active Directory
• Objects fall into two broad categories:
– resources (e.g., printers)
– security principals (user or computer accounts
and groups).
• Security principals are assigned unique security
identifiers (SIDs)
• This is where access rights are given
• Users must have unique names – flat database
OUs (Organizational Units)
• Hold multiple objects having similar
characteristics
– Can be nested
– Can contain other OUs or objects
• Provides simpler, more flexible
administration
– Apply policies to OU
– Do not function as containers
– Use users or groups for access permissions
9
Domains

Multiple domains in one organization

10
Domains
Trees and Forests
• Directory structure above domains
– Large organizations use multiple domains
• Domain tree
– Organizes multiple domains hierarchically
• Root domain
– Active Directory tree base
• Child domains
– Branch off from root domain
12
Trees and Forests

A tree with multiple domains and OUs

13
Trees and Forests
• Forest
– A collection of one or more domain trees
– Trees share common schema
• Domains within a forest can communicate
• Domains within same tree
– Share common Active Directory database

14
Two Tree - Forest
Trust Relationships
• Relationship between two domains
– One domain allows another domain to
authenticate its users
• Active Directory supports two trust
relationship types – allows users to
authenticate
– Two-way transitive trusts
– Explicit one-way trusts

16
Trust Relationships

Two-way trusts between domains in a tree

17
Trust Relationships

Explicit one-way trust between domains in different trees

18
Trust Relationships
Naming Conventions
• Active Directory naming conventions
(namespace)
– Collection of object names and associated
places in Windows Server 2003, Server 2008
network
– Based on LDAP naming conventions
– Follows the conventions of the internet
namespace
• Ex. dc=wright, dc=edu
• Ex. cn=server1,dc=wright,dc=edu
• Ex. cn=server2,ou=cse,dc=wright,dc=edu
20
Naming Conventions
• Windows Server 2008 network object
– Three different names
• DN (distinguished name): DC (domain component)
and CN (common name)
• RDN (relative distinguished name)
• UPN (user principal name)
• GUID (globally unique identifier)
– Each object has one
– 128-bit number
21
Naming Conventions
upn = [email protected]

DN:
cn=msmith,ou=legel,dc=trinketmakers,
dc=com

Distinguished name and relative distinguished name

22
Summary
• Domains
• Forests
• Trees
• AD Objects
• Trusts
• Naming Conventions
End of Active Directory

Directory
Services

Questions
Active
eDir LDAP Directory

You might also like