1 / 18

Active Directory

Active Directory . Lecture 3 – Domain Services Primer . Learning Goals. I will be able to install a functionally operable domain server for a Windows Active Directory Domain I will be able to organize a Windows Domain to maximize logical design and Security

jens
Download Presentation

Active Directory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Active Directory Lecture 3 – Domain Services Primer

  2. Learning Goals I will be able to install a functionally operable domain server for a Windows Active Directory Domain I will be able to organize a Windows Domain to maximize logical design and Security I will be able to distinguish between different types of Domain Objects

  3. What is AD A directory server – a common place for information about groups, people, workstations and security to reside One ring to rule them all – The borg collective – Once joined to the domain one trusts the domain and all the security settings that goes with it.

  4. Why do we care? Single most effective tool for managing security in a distributed environment If setup correctly can control users, servers, workstations and audit everything

  5. Evolution of AD Windows NT 4 Windows 2000 – Domain Services – DNS Windows 2003 – Internet Integration Windows 2008 – Federated Management and Sharing Windows 2012 – The clouds are coming!

  6. Standards Like the OSI model, AD is built on standards X.500 LDAP Compatable

  7. Understanding Domains • Trees including domains and sub domains organize different parts of the company together Single Domain One spot for a organization Container for user and company records

  8. Some Rules Domains are designed to be built around internet names – DNS is an important part of Active Directory Public namespace names should be avoided unless you actually own the domain name – otherwise name resolution problems will crop up DNS Management – Either create a new subdomain for AD (ad.company.com) and let AD run it. Or create a new DNS name and let AD run it.

  9. AD Authentication Modes NTLM – Legacy system which included hashes of passwords being sent over the network Kerberos – No sending of hashes over the network Because of it’s ability to send usernames and passwords quickly, in a central store and securely AD becomes the favorite of any single sign on container

  10. Logical Flow LDAP Naming Convention

  11. Trusting Relationships Explicit Trust - Works between domains to create trust between the two Partners – External Entities Different organizations within the same forest

  12. Shortcut Trusts

  13. OU’s Units for Organizing Users and Objects in the Domain Security Organization Can create OU’s inside OU’s

  14. Some More Rules OU’s should not follow a managerial or political structure of the organization. Organize for the user separation for top level departments Organize between different types of Objects (Computers, Servers and Users)

  15. Groups Groups are created to manage security on a specific level Used for assigning permissions or distributing information (exchange email groups) Enterprises will have a TON of these – unrealistic for IT to manage Managers organize via political levels IT manages for permissions Managed Groups vs Standard Groups

  16. Domain Controllers Domain Controllers Control the Domain – When a domain is created a database is installed that contains all the information about objects in the domain This database is replaced to all domain controllers inside the domain Domain controllers should be placed in physical locations of the same domain Remember to follow WAN Segments When the database is changed on one domain controller the changes are replicated on the other DC’s For security you may wish to install a domain controller as a “read only” domain controller. This would allow associated applications to read information without being able to make changes

More Related