active directory
play

Active Directory By: Kishor Datar 10/25/2007 What is a directory - PowerPoint PPT Presentation

Sep 28, 2022 •164 likes •438 views

Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory Collection of related objects Files, Printers, Fax servers etc. Directory Service Information needed to use and manage the objects. Source

  1. Active Directory By: Kishor Datar 10/25/2007

  2. What is a directory service? ● Directory – Collection of related objects – Files, Printers, Fax servers etc. ● Directory Service – Information needed to use and manage the objects. – Source and Mechanism – Active Directory is a directory service in Windows 2003 Server

  3. Need for a directory service ● Organize ● Simplify access ● Find objects based on characteristics ● Simple administration – Patches – Security policies – Installation

  4. Using Active Directory Image courtesy of Windows 2003 active directory infrastructure, Spealman et al

  5. Features ● Centralized data store ● Scalability ● Extensibility ● Manageability ● Integration with DNS ● Client configuration management ● Policy based administration ● Replication of information ● Secure authentication and authorization

  6. Features.. continued.. ● Secure integration ● Interoperability with other directory services ● Signed and encrypted LDAP traffic

  7. Active Directory Objects ● Data stored is organized into objects ● Named set of attributes ● Represent resource ● Container objects .. Figure 2 ● Schema – Define Objects, are objects themselves – Schema Objects = Class Objects + Attribute Objects – Extending schema, caution, test forest

  8. Objects and attributes Image courtesy of Windows 2003 active directory infrastructure, Spealman et al

  9. Components ● Logical structure – Domains – Organizational units – Trees – Forests ● Physical structure – Sites – Domain Controller

  10. Logical Structures Image courtesy of Windows 2003 active directory infrastructure, Spealman et al

  11. OUs Image courtesy of Windows 2003 active directory infrastructure, Spealman et al

  12. Domain Trees Image courtesy of Windows 2003 active directory infrastructure, Spealman et al

  13. Physical Structure ● Sites ● Domain Controller

  14. Sites ● Combination of one or more IP subnets connected by a “Fast Link” ● Typically has same boundaries as LANs ● Are not part of the namespace ● Computer Objects and Connection Objects

  15. Domain Controllers ● Windows Server 2003 ● Functions – Store complete copy of information, manages changes and replication – Multi-master replication: All DCs are peers – Practically – operations master is used – Detect collision due to modification of attribute, resolved by use of higher property version number – Locate objects, validate user logon attempts

  16. Catalog services – The global catalog ● Selected information about every object in all domains in a directory ● Full replica of all object attributes for its host domain, partial replica for every domain ● Functions: – Enables users to logon (Universal Group Membership) – Finding information – Provides Universal Group Membership info to DC

  17. Query Process Retrieve, Modify, Delete information Port 3268 of DC Standard Queries on 389 Image courtesy of Windows 2003 active directory infrastructure, Spealman et al

  18. What information is replicated ● Schema Partition (DC & GC) ● Configuration Partition (DC & GC) ● Domain Partition (DC) ● Application Directory Partition ● Ntds.dit file

  19. Intrasite Replication ● No more than 3 hops ● 2 Paths ● KCC ● Replication Partners ● Intersite Replication ( Site Links )

  20. Trust and Trust Relationship ● Kerberos, NTLM ● Method of Creation, Transitivity, Direction ● Shortcut,External,Forest,Realm Trust Tree root trust Parent Child Trust

  21. Change and Configuration Management and IntelliMirror ● User Data Management ● S/W installation and maintenance ● User settings management ● Computer settings management ● Remote installation services

  22. Group Policies ● Group Policies ● GPOs – How are the applied ● Local GPO ● GPOs linked to site ● GPOs linked to domains ● GPOs linked to OUs (Highest level OU first)

  23. DNS & Object Naming ● User friendly names ● Connect to local servers using same naming convention as Internet ● LDAP ● Distinguished Name (DN) - Unique – CN=Deepak, OU=Promotions, OU=Marketing, DC= umbc, DC=edu ● RDN ● GUIDs ● UPN

  24. Few Examples, ● To disable multiple computer accounts, – dsmod computer CN=MemberServer1, CN=Computers,DC=Microsoft,DC=Com -disbled yes ● To find all contacts in the current domain whose names start with "te" – dsquery contact domainroot -name te* ● To Create an Organizational Unit – dsadd ou "ou=guyds, dc=cp, dc=com"

  25. Review ● Basic Concepts ● Purpose of using AD ● Physical and logical structure ● Group policies ● Trust relationships ● Replication strategies ● Naming ● Examples

  26. Questions? ● ? ● ?

  27. References ● [1] Book: Microsoft Windows Server 2003 Active Directory infrastructure [Spealman et al] ● [2] http://www.microsoft.com/ ● [3] A Guide to Microsoft Active Directory (AD) Design [John Dias] ● [4] http://www.computerperformance.co.uk/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory

Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory

Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory Unlike the earlier Microsoft Windows NT 4.x Domain directory service which used proprietary DCE/RPC calls, Active Directory is based on standard

557 views • 27 slides
Restore von Active Directory mit einer von HP entwickelten Lsung (Recovering from Active

Restore von Active Directory mit einer von HP entwickelten Lsung (Recovering from Active

Restore von Active Directory mit einer von HP entwickelten Lsung (Recovering from Active Directory Disasters) Guido Grillenmeier Senior Consultant Technology Solutions Group Hewlett-Packard Agenda What is a Disaster? Authoritative

363 views • 19 slides
Active Directory as a powerful LDAP server: the unknown tips Alban Meunier SmartWave SA 45 min

Active Directory as a powerful LDAP server: the unknown tips Alban Meunier SmartWave SA 45 min

Active Directory as a powerful LDAP server: the unknown tips Alban Meunier SmartWave SA 45 min Introduction Active Directory context NT inheritance SAM (Security Account Manager, Samba V3) Active Directory (2000 2003)

429 views • 27 slides
Azure Active Directory Provider The Azure Provider can be used to congure infrastructure in

Azure Active Directory Provider The Azure Provider can be used to congure infrastructure in

Azure Active Directory Provider The Azure Provider can be used to congure infrastructure in Azure Active Directory (https://azure.microsoft.com/en- us/services/active-directory/) using the Azure Resource Manager API's. Documentation regarding

925 views • 46 slides
Windows.NET Windows.NET Beta 3 Beta 3 Active Directory New Features Directory New Features

Windows.NET Windows.NET Beta 3 Beta 3 Active Directory New Features Directory New Features

25. DECUS Symposium 16.04.2002 Windows.NET Beta 3 Windows.NET Windows.NET Beta 3 Beta 3 Active Directory New Features Directory New Features Active Active Directory New Features Wolfgang Werner Wolfgang Werner Compaq Compaq Decus Bonn

588 views • 31 slides
Active Directory Security: The Journey Sean Metcalf (@Pyrotek3) s e a n [@] TrimarcSecurity.com

Active Directory Security: The Journey Sean Metcalf (@Pyrotek3) s e a n [@] TrimarcSecurity.com

Active Directory Security: The Journey Sean Metcalf (@Pyrotek3) s e a n [@] TrimarcSecurity.com www.ADSecurity.org TrimarcSecurity.com ABOUT Founder Trimarc, a security company. Microsoft Certified Master (MCM) Directory Services

1.35k views • 100 slides
Xamarin and Azure AD Authenticating and Authorizing Your Mobile Apps Basic Active Directory

Xamarin and Azure AD Authenticating and Authorizing Your Mobile Apps Basic Active Directory

Xamarin and Azure AD Authenticating and Authorizing Your Mobile Apps Basic Active Directory Terms Domain: A directory of users, groups, roles, etc... User: An individual accounts Group: A collection of other users and groups Role: Something that

492 views • 22 slides
Creating Organizational Units, Accounts, and Groups Tom Brett Active Directory Users and Computers

Creating Organizational Units, Accounts, and Groups Tom Brett Active Directory Users and Computers

21/05/2013 Creating Organizational Units, Accounts, and Groups Tom Brett Active Directory Users and Computers (ADUC) Active Directory Users and Computers (ADUC) After installing AD DS, the next task is to create your Organizational Units,

535 views • 41 slides
How to impress your management when you are an Active Directory noob? Vincent LE TOUX 15:15

How to impress your management when you are an Active Directory noob? Vincent LE TOUX 15:15

How to impress your management when you are an Active Directory noob? Vincent LE TOUX 15:15 -> 16:00 #RomHack2019 28th of September 2019 in Rome Whoami Vincent LE TOUX https://www.pingcastle.com / @mysmartlogon Management (Architect,

584 views • 35 slides
Speeding up Samba by backing up Experiences in implementing and optimizing Active Directory

Speeding up Samba by backing up Experiences in implementing and optimizing Active Directory

Speeding up Samba by backing up Experiences in implementing and optimizing Active Directory features in Samba What has been done in the last year? Samba 4.9 Password and membership change auditing LMDB back-end (semi-experimental)

1.06k views • 49 slides
Integrating OpenStack with Active Directory (Because AD != LDAP) Craig Jellick

Integrating OpenStack with Active Directory (Because AD != LDAP) Craig Jellick

Integrating OpenStack with Active Directory (Because AD != LDAP) Craig Jellick Mike Dorman cjellick@godaddy.com mdorman@godaddy.com Go Daddy OpenStack Cloud Platform Group Agenda OpenStack at Go Daddy Keystone

875 views • 28 slides
Zoho Corporation Bootstrapped and profitable 2018 6,500 Employees 65% Fortune 500

Zoho Corporation Bootstrapped and profitable 2018 6,500 Employees 65% Fortune 500

Zoho Corporation Bootstrapped and profitable 2018 6,500 Employees 65% Fortune 500 35 million users 2001 2005 1996 190+ countries IT service Active Directory management management Help desk Active Directory

516 views • 26 slides
Directory Services A service that stores collections of bindings between names and attributes, and

Directory Services A service that stores collections of bindings between names and attributes, and

Directory Services A service that stores collections of bindings between names and attributes, and looks up entries that match attribute-based specifications (e.g., Microsoft's Active Directory Service, X.500 and LDAP) Case Study - X.500

515 views • 12 slides
Active Directory: Where Exploit Ends (kind of) Ar Aravind Prakash Security Analyst at Lucideus

Active Directory: Where Exploit Ends (kind of) Ar Aravind Prakash Security Analyst at Lucideus

Active Directory: Where Exploit Ends (kind of) Ar Aravind Prakash Security Analyst at Lucideus Works mostly in Infrastructure security. Passionate about offensive security. CRTE and CRTP certified. Member of DEF CON Trivandrum

457 views • 18 slides
Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander

Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander

Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander Bokovoy <ab@samba.org> May 21th, 2015 Samba Team / Red Hat 0 A crisis of identity (solved?) FreeIPA What is FreeIPA? Cross Forest Trusts

298 views • 29 slides
Stash Directory: A Scalable Directory for Many-Core

Stash Directory: A Scalable Directory for Many-Core

Stash Directory: A Scalable Directory for Many-Core Coherence Socrates Demetriades and Sangyeun Cho 20 th Interna+onal Symposium On High Performance

782 views • 31 slides
Registration Directory Service (RDS) 15 July 2013 Next Generation Registration Directory

Registration Directory Service (RDS) 15 July 2013 Next Generation Registration Directory

A Next Generation Registration Directory Service (RDS) 15 July 2013 Next Generation Registration Directory Service Session Agenda + Introduction + Discussion Questions and Community Input + Questions about Initial Report + Next Steps 2

460 views • 19 slides
Next Generation Next Generation gTLD Dir gTLD Directory Services ectory Services Pr

Next Generation Next Generation gTLD Dir gTLD Directory Services ectory Services Pr

Next Generation Next Generation gTLD Dir gTLD Directory Services ectory Services Pr Presentation by the esentation by the Expert W Expert Working Gr orking Group (EWG) oup (EWG) Next Generation gTLD Directory Services

569 views • 15 slides
ACRONIS BACKUP SETUP AND INSTALLATION Setting up and installing Acronis Backup and Acronis Backup

ACRONIS BACKUP SETUP AND INSTALLATION Setting up and installing Acronis Backup and Acronis Backup

ACRONIS BACKUP SETUP AND INSTALLATION Setting up and installing Acronis Backup and Acronis Backup Cloud Acronis Training and Certification Authorized Use Only 1 Module Outline 1. Onboarding Acronis Backup Cloud 2. Onboarding Acronis Backup

1.1k views • 54 slides
FY16 DTS Budget Presentation Dr. Rich Contartesi Assistant Superintendent for Technology Services

FY16 DTS Budget Presentation Dr. Rich Contartesi Assistant Superintendent for Technology Services

FY16 DTS Budget Presentation Dr. Rich Contartesi Assistant Superintendent for Technology Services Who is DTS? Technology Operations: Direction, process, and operational support Information Security: Protects data and ensures secure computing

257 views • 24 slides
Enabling Digital Aid Photo: Oxfam/ Simon Rawles EMERGENCY EMERGENCY TE TELECOMMU

Enabling Digital Aid Photo: Oxfam/ Simon Rawles EMERGENCY EMERGENCY TE TELECOMMU

Enabling Digital Aid Photo: Oxfam/ Simon Rawles EMERGENCY EMERGENCY TE TELECOMMU LECOMMUNICATI NICATIONS ONS CLUSTER CLUSTER ETC A global network of organizations that work together to provide shared communications services in

367 views • 18 slides
WHAT IS THE SERVICE DIRECTORY? USING THE DIRECTORY Simple format- search by Service Name (if

WHAT IS THE SERVICE DIRECTORY? USING THE DIRECTORY Simple format- search by Service Name (if

A one-stop shop , district and borough-wide register of local services , events and other assets Professional directory- the information on it is not made available to the wider public. Users can see at a glance what the service can do

294 views • 11 slides
Ohio Latino Affairs Advise. Connect. Build. About Us The Commission on Hispanic-Latino Affairs

Ohio Latino Affairs Advise. Connect. Build. About Us The Commission on Hispanic-Latino Affairs

Ohio Latino Affairs Advise. Connect. Build. About Us The Commission on Hispanic-Latino Affairs exists to act as a liaison between government and the community. This role means that the Commission helps the community bring issues, concerns

272 views • 16 slides
Computer Security: Computer Security: Principles and Practice Principles and Practice Chapter

Computer Security: Computer Security: Principles and Practice Principles and Practice Chapter

Computer Security: Computer Security: Principles and Practice Principles and Practice Chapter 22 Internet Authentication Internet Authentication Chapter 22 Applications Applications First Edition First Edition by William

344 views • 19 slides

More recommend