0% found this document useful (0 votes)
25 views15 pages

ITOM - Active Directories

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
25 views15 pages

ITOM - Active Directories

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

Active Directories

Outline
 Active Directory Domain Services
 Active Directory Structure
 DomainTrees
 Forests
 Trust Relationships
Active Directory Domain Services
 Active Directory (AD) is Microsoft's proprietary directory
service.
 It runs on Windows Server and allows administrators to
manage permissions and access to network resources.
 It is a distributed, hierarchical database structure that
shares infrastructure information for locating, securing,
managing, and organizing computer and network
resources including files, users, groups, peripherals and
network devices.
 Active Directory stores data as objects.
 An object is a single element, such as a user, group,
application or device, such as a printer
Active Directory Domain Services
 The main service in Active Directory is Domain Services
(AD DS), which stores directory information and handles
the interaction of the user with the domain.
 AD DS verifies access when a user signs into a device or
attempts to connect to a server over a network.
 AD DS controls which users have access to each
resource
 It provides authentication and authorization functions, as
well as providing a framework for other such services.
 The server that hosts ADDS is Domain Controller
Other Active Directory Services
 Active Directory lightweight directory services
 This light version of Domain Services offer basic directory
service functionality, without the use of domain controllers,
forests or domains. Typically used in small, single office network
environments.
 Active Directory certificate services
 Certificate Services offers digital certification services and
supports public key infrastructure, or PKI
 Active Directory federation services
 Provides a web-based, single sign-on authentication and
authorization service primarily for use across organizations
 Active Directory rights management services
 This is a rights management services that breaks down
authorization beyond an access granted or access denied
model and limits what a user can do with particular files or
documents
Active Directory Structure
Active Directory Domains and Forests
 A domain is the logical container that sits directly
below the forest container.
 A domain houses other containers and objects
below it.
 The forest is the highest level of the organization
hierarchy.
 A forest is a security boundary within an
organization.
 Forest information is stored on all domain
controllers, in all domains, within the forest.
Active Directory Domains
 Domains are structured into trees and forests.
 A domain tree is a collection of related domains.
 A domain forest is a collection of related domain trees.
 Once your infrastructure grows beyond a single domain,
trust relationships come into play.
 A trust relationship allows one domain to trust objects in
another for authentication and for access to resources
 For example, if domain A trusts domain B, a user from
domain B can access resources in domain A if granted
the necessary access permissions in domain A
Active Directory Domains and Forests
Forest Illustration
Domains and Trust Relationships
Domain Controller
 Domain controllers are Windows Servers enabled with
Domain Controller role.
 Domain Controllers contain the Active Directory
database and perform Active Directory related
functions, including authentication and authorization.
 Each domain controller stores a copy of the Active
Directory database containing information about all
objects within the same domain.
 In addition, each domain controller stores the schema
for the entire forest, as well as all information about
the forest.
 A domain controller will not store a copy of any
schema or forest information from a different forest
even if they are on the same network.
Active Directory Domains
 Several components work together in a domain. A
domain includes the following components:
 Schema
 Global catalog
 Replication service
 Operations master roles
 Schema - defines objects that are used in a domain.
 These can be both physical and logical objects.
 For example, a physical computer is represented by
a computer account object, while a subnet is
represented by a subnet object.
AD Domains
 Objects have many attributes.
 Object attributes define the properties, limits, and
format of the objects.
 Attributes can be multi-valued, strings, integers,
Boolean (true or false), or many other types.
 Global catalog server stores information about every
object within a domain.
 Administrators and users query a global catalog
server to find information about objects.
 For example, if an administrator needs to look up
information about a user account, including address,
phone number, and office location, he would query
the global catalog server to retrieve the information.
References
 AD Domains –
https://www.paessler.com/it-explained/active-directory
https://blog.netwrix.com/2017/01/31/active-directory-
domain/
 Domains and Trust Relationships –
https://www.techrepublic.com/blog/the-enterprise-clo
ud/an-overview-of-the-active-directory-domains-and-t
rusts-console/
 AD Forests –
https://www.varonis.com/blog/active-directory-forest/
 AD Replication Concepts –

https://docs.microsoft.com/en-us/windows-server/iden
tity/ad-ds/get-started/replication/active-directory-

You might also like