Professional Documents
Culture Documents
Disclaimer
Road2Master
Ashwin Venugopal
www.Road2Master.ms
Agenda
Active Directory
Active Directory is Microsofts answer to directory services
and it does a lot more than just locating resources.
Active Directory take care of this by using Kerberos
Authentication and Single Sign-On (SSO). SSO means
ability of Kerberos to provide a user with one set of
credentials and grant them access across a range of
resources and services with that same set of credentials.
Kerberos authenticates the credentials and issues the user a
ticket with which the user gains access to the resources and
services that support Kerberos.
Advantage of LDAP
LDAP relies on the TCP/IP stack rather than the OSI stack
Integrate with IP and enable IP clients to use LDAP to query
directory services.
LDAP can perform hyper-searches. Giving one directory the
ability to defer to another to provide requested data.
LDAPs API is C-based
Like X.500, LDAP uses an inverted-tree hierarchical structure
LDAP supports Kerberos authentication, Simple Authentication
Security Layer (SASL), and Secure Sockets Layer (SSL)
Simple Authentication and Security Layer (SASL) is a
framework for authentication and data security in Internet
protocols.
Naming Conventions
AD contains information about objects in your
enterprise.
These objects can be computers, users,
printers etc.
AD is a container with nested containers
holding other containers or objects.
And we name these container and objects so
that its easy to query or search.
AD supports several Naming Conventions.
cn=Ashwin,ou=Trainer,dc=Road2Master,dc=ms
And if you query for the
LDAP://R2MAD01.road2master.ms/cn=Ashwin,ou=T
rainer,dc=Road2Master,dc=ms
Requirement of DNS
DNS Server must support
Service resource (SRV) records
Dynamic update protocol specified by RFC 2136
AD relies on DNS as its primary locator service, although its not the only
mechanism for locating domain controllers (DCs).
Domain Controller is the server which has Active Directory Installed.
When a Domain Controller starts, it registers both its DNS name and
NetBIOS name. More on NetBIOS name later.
It add LDAP-specific SRV records in DNS to enable LDAP clients to locate
DCs through LDAP queries.
It also add Kerberos authentication protocol-specific SRV records to enable
clients to locate servers running the Kerberos Key Distribution Center (KDC)
service.
Also each DC also adds an A record that enables clients that dont support
SRV records to locate the DC through a simple host record lookup. You can
disable this if required.
Schema Partition
Configuration Partition
Domain Partition
Application Partition
Active
Directory Schema
END OF PART 1
Thank you for your time
Questions?
Ashwin Venugopal
www.Road2Master.ms
Disclaimer