Scribd Logo
Upload

Welcome to Scribd!

  • Active Directory3

    Uploaded by

    egroegscu
    23 views28 pages
    Active Directory

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Active Directory

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    23 views28 pages

    Active Directory3

    Uploaded by

    egroegscu
    Active Directory

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 28

    ACTIVE DIRECTORY

    Terry Lewis
    tlewis@go-eol.com
    Emergent OnLine, Inc.
    703-709-9210 ext 209
    07/24/16

    Microsoft Active Directory Foundations


    Microsoft Exchange 4.0, 5.0, 5.5
    Active Directory OLE Preview Oct 97
    Microsoft Active Directory Rapid
    Deployment Partner (RDP)
    Windows NT 5.0 Beta 1
    Windows NT 5.0 Beta 2
    Windows 2000 Beta 3
    Windows 2000 RC1/2/3/Gold
    07/24/16

    Agenda

    What is Active Directory?


    Management
    Security
    Interoperability
    Additional resources

    07/24/16

    So What IS Active Directory?


    Directory Service
    Functionality

    Store
    Organize
    Manage
    Control

    07/24/16

    Database of
    Network
    Resources

    Active Directory Installation

    Windows 2000 Server or later


    Run Dcpromo to start Active Directory
    Installation wizard
    DNS name resolution
    SRV record

    07/24/16

    Demo

    Active Directory Installation Wizard

    Show the Active Directory


    Installation wizard

    07/24/16

    Manageability

    Centralized Management
    Group Policy
    Global Catalog
    IntelliMirror Desktop Management
    Automated Software Distribution

    07/24/16

    Manageability

    Active Directory Service Interfaces (ADSI)


    Backward Compatibility
    Delegated Administration
    Multi-Master Replication

    07/24/16

    Security

    Kerberos Authentication
    Smart Card Support
    Transitive Domain Trusts
    PKI X.509 Infrastructure
    LDAP over SSL
    Required Authentication Mechanism
    Attribute Level Security
    Domain Spanning Security groups
    LDAP ACL Support
    07/24/16

    Interoperability

    DirSync Support
    Active Directory Connector
    Open APIs
    Native LDAP
    DNS Naming
    Open Change History
    DEA Platform
    DEN Platform
    Extensible Schema
    07/24/16

    10

    Demo

    Centralized Management

    Browse Active Directory


    Create objects

    07/24/16

    11

    Active Directory Schema


    Objects
    Class Examples

    Active Directory Schema Is:

    Computers

    Users

    Printers
    07/24/16

    Defines Objects that can be


    added to the database
    Protected by DACLs

    Attribute
    Examples
    Attributes of Users
    Might Contain:
    accountExpires
    department
    distinguishedName
    middleName

    List of Attributes
    accountExpires
    department
    distinguishedName
    directReports
    dNSHostName
    operatingSystem
    repsFrom
    repsTo
    middleName

    12

    Demo

    Active Directory Schema

    Browse Active Directory schema


    Extensibility for DEA

    07/24/16

    13

    Logical Structure

    Organizational units
    Domains
    Trees and forests
    Global Catalog

    07/24/16

    14

    Organizational Units
    Network Administrative Model

    Sales

    Organizational Structure

    Vancouver

    Users

    Sales

    Computers

    Repair

    Group objects into a logical hierarchy that best suits


    the needs of your organization
    Delegate administrative control over the objects within
    an OU by assigning specific permissions to users and
    groups
    07/24/16

    15

    Demo
    Organizational Units

    Create organizational units


    Show delegation of administration
    Administrative Tools and Taskpad views

    07/24/16

    16

    Domains
    r1
    Use 2
    r
    Use

    Replication

    r1
    Use 2
    r
    Use

    Windows 2000
    Domain

    Contain organizational units


    Unit of replication
    Security boundary

    07/24/16

    17

    What Is a Tree?
    Tree Root Domain

    Parent
    Parent

    Parent Domain

    Emergent.com
    Contiguous Namespace
    sales.emergent.com
    Child Domain

    Child
    Child

    sales.emergent.com
    New
    Domain

    07/24/16

    18

    What Is a Forest?

    A Forest Is One or More Trees


    Trees in a Forest Do Not Share a
    Contiguous Namespace

    Forest

    contoso.msft
    contoso.msft

    Tree

    nwtraders.msft
    nwtraders.msft

    Tree
    marketing.
    marketing.
    nwtraders.msft
    nwtraders.msft
    07/24/16

    sales.
    sales.
    nwtraders.msft
    nwtraders.msft

    sales.

    sales.
    All of The Domains in
    a
    contoso.msft
    contoso.msft
    Forest Share a Common
    Configuration, Schema, and
    Global Catalog
    19

    Active Directory Partitions


    Directory Partitions

    Schema

    Forest

    Configuration
    Domain

    Emergent.com

    07/24/16

    Contains definitions and rules for


    creating and manipulating all objects
    and attributes
    Contains information about Active
    Directory structure
    Holds information about all domainspecific objects created in Active
    Directory

    20

    Global Catalog

    A DC designated as a GC has
    knowledge of its own domain
    information (which is complete)

    Plus it has partial information from all of


    the other domains in the tree
    07/24/16

    21

    Demo

    Global Catalog

    Create a Global Catalog server


    Set Global Catalog attributes

    07/24/16

    22

    Demo
    Manageability

    Edit Default Domain Group Policy


    Demo IntelliMirror Desktop Management
    Demo Automated Software Distribution
    Show Resultant Summary of Group Policy

    07/24/16

    23

    Active Directory Replication


    Multi-master Replication (of
    changed attributes) with
    Loose Convergence

    Domain
    Controller B

    Replication
    Domain
    Controller A
    Domain
    Controller C
    07/24/16

    24

    When Replication Occurs

    Default replication latency (change notification) = 5 minutes


    Scheduled replication = one hour
    Urgent replication = immediate
    change notification
    Change notification

    Replicated update
    Domain
    controller B

    Originating update

    Replication

    Domain
    controller A
    Change notification

    Replicated update

    Domain controller C
    07/24/16

    25

    How Kerberos V5 Works


    Kerberos Authentication

    Forest Root
    Domain

    KDC

    Emergent.com
    Emergent.com

    KDC
    Go-eol.com
    Go-eol.com

    KDC

    2
    4

    KDC

    Server

    1
    Client

    Session
    Ticket

    marketing.emergent.com

    Sales.go-eol.com
    07/24/16

    26

    DEMO
    Security

    Smart Card Support


    PKI X.509
    Required Authentication
    Universal groups

    07/24/16

    27

    Additional Resources
    2154A: Implementing And Administering Microsoft
    Windows 2000 Directory Services
    Emergent Consultant and Integration Services

    07/24/16

    28

    You might also like