1 / 26

ACTIVE DIRECTORY

ACTIVE DIRECTORY. An Overview. By Karan Oberoi. What are directory services?. A directory service ( DS ) is a software application- or a set of applications - that stores and organizes information about a computer network's users and network resources.

fleur-mcconnell
Download Presentation

ACTIVE DIRECTORY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ACTIVE DIRECTORY An Overview.. By Karan Oberoi

  2. What are directory services? • A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer network's users and network resources. • Allows network administrators to manage users' access to the resources • Act as an abstraction layer between users and shared resources

  3. Directory Services Common Features: • Provide file shares. • Authenticate users • Provide services, such as Email, Access to the internet, Print services etc. • Control access to services and shares.

  4. Active Directory Active Directory is Microsoft’s version of an LDAP based network directory service. What does it do? • Active Directory allows administrators to define, arrange and manage objects, such as user data, printers and servers, so they are available to users and applications throughout the organization.

  5. Active Directory • Microsoft’s directory service which is included in the Windows 2000 and Windows Server 2003 operating system versions. • Is an implementation of LDAP directory services. • Called: ADS,NTDS • Goals and Benefits • Open Standards • High Scalability • Simplified Administration

  6. Domain Domain Domain Domain Domain Active Directory Structure • Hierarchical • Base objectDomain Tree Forest OU Domain OU OU Tree Objects

  7. Objects in Active Directory • „old Friends “ • User • Group • Computer • New Elements • Distribution Lists • System Policies • Application defined custom objects • Described in the Schema

  8. What is the Schema? • Definition of all AD • Object-Types (Classes) • Attributes • Data-Types (Syntaxes) • Can be compared to a Database Schema • ONE consistent Schema inside a single Forest • Extensible

  9. Domain • AD Base Element (Building Block) • NT 4 Compatible • Physically Implemented on Domain Controllers (DC) • Border for - Replication Traffic • - System Policies • - Administration Firma.de

  10. Organizational Unit (OU)? LA New York Admin Sales Admin Sales • Implements a Structure inside a Domain • Can be nested as needed • Can not be assigned any rights • Typically used for Administrative Reasons • e.g. System Policies

  11. adiscon.com What is a Tree? • Hierarchical Domain Structure inside a single Namespace • - adiscon.com • - la.adiscon.com • - ny.adiscon.com • Transitive Trusts created automatically • Sub-Domain must be added to Root-Domain – otherwise there will be no tree Tree ny.adiscon.com la.adiscon.com

  12. What is a Forest? • Combination of Trees • Disjunct Namespaces - adiscon.de - adiscon.com • Transitive Trusts created automatically • There is one single tree-root! • Sub-Tree must be added to Root-Tree, otherwise no Forest will be created

  13. Terminology • Site: A site is a physical location, or LAN. This is different from a web site, which is an organization’s internet presence. • Domain: • A sub-network comprised of a group of clients and servers under the control of one security database. Dividing LANs into domains improves performance and security. • - All resources under the control of a single computer system.

  14. LDAP • Lightweight Directory Access Protocol (LDAP) -- a protocol used to access a directory service. • Lightweight Access Directory Protocol is the primary access protocol for Active Directory.

  15. Active Directory's Global Catalog • The global catalog is the mechanism that tracks all of the objects managed across the network, across all domains within the organization. • Elements of the catalog are replicated across all of the domain controllers within all domains across the org.

  16. Global Catalog -Service Discovery • For Active Directory to function properly, DNS servers must support Service Location (SRV) resource records. • SRV resource records map the name of a service to the name of a server offering that service. Active Directory clients and domain controllers use SRV resource records to determine the IP addresses of domain controllers.

  17. Domain authority • Active Directory replicates its administration information across domain controllers throughout the “forest” utilizing a “multi-master” approach. • Multi-master replication among peer domain controllers is impractical for some types changes, so only one domain controller, called the operations master, accepts requests for such changes.

  18. Authentication • Each domain controller has information for the entire forest to support authentication and access control. • This provides the ability for local domain controllers (the “tree”) to provide a quick local lookup of authority. • Not just users but every object authenticating to Active Directory must reference the global catalog server, including every computer that boots up

  19. What is a Domain-Controller? • Stores a physical Copy of the Active Directory Database - Currently a single Domain per DC supported! • - ESE95 Database (MS Exchange) • Logon Services • - Kerberos - LAN Manager Authentication • Its always recommended to have at least 2 Domain Controllers!

  20. Multi Master Replication • Updates can be applied to ANY Domain Controller • Will be Replicated to each other Domain Controls (inside that Domain) within 15 Minutes • Optimized Algorithm reduces Replication Traffic • Not time based (triggered on demand, only)!

  21. Intra-Sites Replication • All Domain Databases involved • Changes are transmitted compressed • via IP (RPC) or SMTP • -SMTP not within a single domain! • Time Replication occurs can be configured • Volume of Replication Traffic can not be restricted! • Have an Eye on GCs!

  22. Active Directory Security • Improved Authentication • Permissions applied via ACLs • - To Objects as whole • - To specific Attributes • Fine-Tuning of Access Permissions possible • Tool-Support to visualize Security Settings . currently weak (try Visio!)

  23. Benefits of Active Directory • Time Savings • Repository of Information • Increased Security

  24. Active Directory Problem Spots • DNS Dependency • No „Merge-Tree“ • No Partitioning (only a single Domain per . Domain Controller) • Limited Tool-Support • Forest Global Schema • Schema-Modifications can not be undone

  25. What are Directory-Enabled Applications? • Applications directly using and accessing the Active . Directory • - e.g. Exchange 2000 • - Many more expected! • Typically extend the Schema • May dramatically change usage pattern for Active . Directory Resources • - Replication Traffic (new Objects, Attributes) • - AD Queries (GCs!)

  26. Thank You

More Related