Active Directories

Outline
 Active Directory Domain Services
 Active Directory Structure
 DomainTrees
 Forests
 Trust Relationships
Active Directory Domain Services
 Active Directory (AD) is Microsoft's proprietary directory
service.
 It runs on Windows Server and allows administrators to
manage permissions and access to network resources.
 It is a distributed, hierarchical database structure that
shares infrastructure information for locating, securing,
managing, and organizing computer and network
resources including files, users, groups, peripherals and
network devices.
 Active Directory stores data as objects.
 An object is a single element, such as a user, group,
application or device, such as a printer
Active Directory Domain Services
 The main service in Active Directory is Domain Services
(AD DS), which stores directory information and handles
the interaction of the user with the domain.
 AD DS verifies access when a user signs into a device or
attempts to connect to a server over a network.
 AD DS controls which users have access to each
resource
 It provides authentication and authorization functions, as
well as providing a framework for other such services.
 The server that hosts ADDS is Domain Controller
Other Active Directory Services
 Active Directory lightweight directory services
 This light version of Domain Services offer basic directory
service functionality, without the use of domain controllers,
forests or domains. Typically used in small, single office network
environments.
 Active Directory certificate services
 Certificate Services offers digital certification services and
supports public key infrastructure, or PKI
 Active Directory federation services
 Provides a web-based, single sign-on authentication and
authorization service primarily for use across organizations
 Active Directory rights management services
 This is a rights management services that breaks down
authorization beyond an access granted or access denied
model and limits what a user can do with particular files or
documents
Active Directory Structure
Active Directory Domains and Forests
 A domain is the logical container that sits directly
below the forest container.
 A domain houses other containers and objects
below it.
 The forest is the highest level of the organization
hierarchy.
 A forest is a security boundary within an
organization.
 Forest information is stored on all domain
controllers, in all domains, within the forest.
Active Directory Domains
 Domains are structured into trees and forests.
 A domain tree is a collection of related domains.
 A domain forest is a collection of related domain trees.
 Once your infrastructure grows beyond a single domain,
trust relationships come into play.
 A trust relationship allows one domain to trust objects in
another for authentication and for access to resources
 For example, if domain A trusts domain B, a user from
domain B can access resources in domain A if granted
the necessary access permissions in domain A
Active Directory Domains and Forests
Forest Illustration
Domains and Trust Relationships
Domain Controller
 Domain controllers are Windows Servers enabled with
Domain Controller role.
 Domain Controllers contain the Active Directory
database and perform Active Directory related
functions, including authentication and authorization.
 Each domain controller stores a copy of the Active
Directory database containing information about all
objects within the same domain.
 In addition, each domain controller stores the schema
for the entire forest, as well as all information about
the forest.
 A domain controller will not store a copy of any
schema or forest information from a different forest
even if they are on the same network.
Active Directory Domains
 Several components work together in a domain. A
domain includes the following components:
 Schema
 Global catalog
 Replication service
 Operations master roles
 Schema - defines objects that are used in a domain.
 These can be both physical and logical objects.
 For example, a physical computer is represented by
a computer account object, while a subnet is
represented by a subnet object.
AD Domains
 Objects have many attributes.
 Object attributes define the properties, limits, and
format of the objects.
 Attributes can be multi-valued, strings, integers,
Boolean (true or false), or many other types.
 Global catalog server stores information about every
object within a domain.
 Administrators and users query a global catalog
server to find information about objects.
 For example, if an administrator needs to look up
information about a user account, including address,
phone number, and office location, he would query
the global catalog server to retrieve the information.
References
 AD Domains –
https://www.paessler.com/it-explained/active-directory
https://blog.netwrix.com/2017/01/31/active-directory-
domain/
 Domains and Trust Relationships –
https://www.techrepublic.com/blog/the-enterprise-clo
ud/an-overview-of-the-active-directory-domains-and-t
rusts-console/
 AD Forests –
https://www.varonis.com/blog/active-directory-forest/
 AD Replication Concepts –

https://docs.microsoft.com/en-us/windows-server/iden
tity/ad-ds/get-started/replication/active-directory-