01-Introduction To Active Directory
01-Introduction To Active Directory
Directory Services
Active Directory
Tree
3
Directory Services
Active Directory – Domain Model
• Three main parts
– Domain
– Tree
– Forest
4
Domains
• Client/server network with a shared
database
• Domain - Group of users, servers, and
other resources
– Share centralized account and security
information in a database
• Active Directory
– Contains domain database with objects and
attributes and schema
– Makes it easier to organize and manage
5
resources and security
Active Directory - Domains
• Domain not confined by geographical
boundaries
• Domain controller servers
– Contains directory information about objects
in a domain
• Member servers
– Do not store directory information, can’t be
used to authenticate users
• Replication
– Process of copying directory data to multiple
domain controllers 6
Domains
7
Active Directory
• Objects fall into two broad categories:
– resources (e.g., printers)
– security principals (user or computer accounts
and groups).
• Security principals are assigned unique security
identifiers (SIDs)
• This is where access rights are given
• Users must have unique names – flat database
OUs (Organizational Units)
• Hold multiple objects having similar
characteristics
– Can be nested
– Can contain other OUs or objects
• Provides simpler, more flexible
administration
– Apply policies to OU
– Do not function as containers
– Use users or groups for access permissions
9
Domains
10
Domains
Trees and Forests
• Directory structure above domains
– Large organizations use multiple domains
• Domain tree
– Organizes multiple domains hierarchically
• Root domain
– Active Directory tree base
• Child domains
– Branch off from root domain
12
Trees and Forests
13
Trees and Forests
• Forest
– A collection of one or more domain trees
– Trees share common schema
• Domains within a forest can communicate
• Domains within same tree
– Share common Active Directory database
14
Two Tree - Forest
Trust Relationships
• Relationship between two domains
– One domain allows another domain to
authenticate its users
• Active Directory supports two trust
relationship types – allows users to
authenticate
– Two-way transitive trusts
– Explicit one-way trusts
16
Trust Relationships
17
Trust Relationships
18
Trust Relationships
Naming Conventions
• Active Directory naming conventions
(namespace)
– Collection of object names and associated
places in Windows Server 2003, Server 2008
network
– Based on LDAP naming conventions
– Follows the conventions of the internet
namespace
• Ex. dc=wright, dc=edu
• Ex. cn=server1,dc=wright,dc=edu
• Ex. cn=server2,ou=cse,dc=wright,dc=edu
20
Naming Conventions
• Windows Server 2008 network object
– Three different names
• DN (distinguished name): DC (domain component)
and CN (common name)
• RDN (relative distinguished name)
• UPN (user principal name)
• GUID (globally unique identifier)
– Each object has one
– 128-bit number
21
Naming Conventions
upn = [email protected]
DN:
cn=msmith,ou=legel,dc=trinketmakers,
dc=com
22
Summary
• Domains
• Forests
• Trees
• AD Objects
• Trusts
• Naming Conventions
End of Active Directory
Directory
Services
Questions
Active
eDir LDAP Directory