Learning Center
Plans & pricing Sign in
Sign Out

Active Directory Microsoft Active Directory AD What are directory services


Networking like OSI Model, TCP IP, Active Directory, etc.

More Info
									Microsoft Active Directory(AD)
What are directory services?
All Directory services use a hierarchical
structure that stores information about
objects on the network. What differentiates
the various implementations are the types of
objects that they track.
      What objects are tracked via
         Directory Services?
• Shared Resources:     • Administration of:
  –   Servers,             –   Users
  –   Shared volumes,      –   User/Group access
  –   Printers;            –   Network resources
  –   Applications         –   Management of
                               domains, applications,
                               services, security
                               policies, and just about
                               everything else in your
    Directory Services Common
• Provide file shares
• Authenticate users
• Provide services, such as Email, Access to
  the internet, Print services etc.
• Control access to services and shares.
 Key Features of Active Directory
• AD as a namespace that is integrated with the
  Internet's Domain Name System (DNS).
• AD - A new directory service central to the
  Windows 2000 Server operating system, runs only
  on domain controllers.
  Some directory services are integrated with an
  operating system, and others are applications such
  as e-mail directories. Operating system directory
  services, such as AD, provide user, computer, and
  shared resource management.
      Active Directory utilizes a
       distributed architecture

• Active Directory, in addition to providing a
  place to store data and services to make that
  data available, also protects network objects
  from unauthorized access and replicates
  information about objects across the entire
  network so that information about objects is
  not lost if one domain controller fails.
• Site: A site is a physical location, or LAN. This is
  different from a web site, which is an
  organization’s internet presence.
• Domain:
   – (1) A sub-network comprised of a group of clients and
     servers under the control of one security database.
     Dividing LANs into domains improves performance
     and security.
   – (2) All resources under the control of a single computer
Sample Domain Structure
Basic Network Identity Services

–   Dynamic Host Configuration Protocol (DHCP)
–   Domain Name System (DNS)
–   Lightweight Directory Access Protocol (LDAP)
–   Public Key Infrastructure (PKI)
–   Remote Authentication Dial-In User Service (RADIUS)
–   Microsoft's Active Directory
–   Novell Directory Services (NDS)
         Identity Service Providers

• Most mid-sized to large enterprises today are likely to run
  about a half dozen network identity services to connect their
  business applications and network infrastructure.

• These services each have specific roles to play in the network.
  But they often also interact with one another, too.

• Network identity services each perform specific tasks and also
  frequently interact. Managing interactions becomes
  challenging when multiple internal organizations administer
  the various services, which may be duplicated in numerous
  locations throughout the network and use different data stores.
           Domain Name System
• DNS is a globally distributed database that
  manages IP addresses on the internet.
• DNS uses a hierarchy of domains on the internet.
   – Top level domains use the familiar names
     like .com, .edu, .gov.
   – The second level are registered to organizations who
     have a presence on the web.
   Active Directory is designed to exist within the scope of
     the Global DNS Namespace.
DNS Structure
• Lightweight Directory Access Protocol
  (LDAP) -- a protocol used to access a
  directory service.
• Lightweight Access Directory Protocol is
  the primary access protocol for Active
     Active Directory's Global
• The global catalog is the mechanism that
  tracks all of the objects managed across the
  network, across all domains within the
• Elements of the catalog are replicated
  across all of the domain controllers within
  all domains across the org.
 Global Catalog -Service Discovery
• For Active Directory to function properly, DNS
  servers must support Service Location (SRV)
  resource records.
• SRV resource records map the name of a service
  to the name of a server offering that service.
  Active Directory clients and domain controllers
  use SRV resource records to determine the IP
  addresses of domain controllers.
            Domain authority
• Active Directory replicates its administration
  information across domain controllers throughout
  the “forest” utilizing a “multi-master” approach.
• Multi-master replication among peer domain
  controllers is impractical for some types changes,
  so only one domain controller, called the
  operations master, accepts requests for such

• Each domain controller has information for the
  entire forest to support authentication and access
• This provides the ability for local domain
  controllers (the “tree”) to provide a quick local
  lookup of authority.
• Not just users but every object authenticating to
  Active Directory must reference the global catalog
  server, including every computer that boots up

To top