Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Active Directory Microsoft Active Directory AD What are directory services

VIEWS: 63 PAGES: 17

Networking like OSI Model, TCP IP, Active Directory, etc.

More Info
									Microsoft Active Directory(AD)
What are directory services?
All Directory services use a hierarchical
structure that stores information about
objects on the network. What differentiates
the various implementations are the types of
objects that they track.
      What objects are tracked via
         Directory Services?
• Shared Resources:     • Administration of:
  –   Servers,             –   Users
  –   Shared volumes,      –   User/Group access
  –   Printers;            –   Network resources
  –   Applications         –   Management of
                               domains, applications,
                               services, security
                               policies, and just about
                               everything else in your
                               network.
    Directory Services Common
             Features:
• Provide file shares
• Authenticate users
• Provide services, such as Email, Access to
  the internet, Print services etc.
• Control access to services and shares.
 Key Features of Active Directory
• AD as a namespace that is integrated with the
  Internet's Domain Name System (DNS).
• AD - A new directory service central to the
  Windows 2000 Server operating system, runs only
  on domain controllers.
  Some directory services are integrated with an
  operating system, and others are applications such
  as e-mail directories. Operating system directory
  services, such as AD, provide user, computer, and
  shared resource management.
      Active Directory utilizes a
       distributed architecture

• Active Directory, in addition to providing a
  place to store data and services to make that
  data available, also protects network objects
  from unauthorized access and replicates
  information about objects across the entire
  network so that information about objects is
  not lost if one domain controller fails.
                  Terminology
• Site: A site is a physical location, or LAN. This is
  different from a web site, which is an
  organization’s internet presence.
• Domain:
   – (1) A sub-network comprised of a group of clients and
     servers under the control of one security database.
     Dividing LANs into domains improves performance
     and security.
   – (2) All resources under the control of a single computer
     system.
Sample Domain Structure
Basic Network Identity Services




–   Dynamic Host Configuration Protocol (DHCP)
–   Domain Name System (DNS)
–   Lightweight Directory Access Protocol (LDAP)
–   Public Key Infrastructure (PKI)
–   Remote Authentication Dial-In User Service (RADIUS)
–   Microsoft's Active Directory
–   Novell Directory Services (NDS)
         Identity Service Providers
SERVICE SPECIFICS

• Most mid-sized to large enterprises today are likely to run
  about a half dozen network identity services to connect their
  business applications and network infrastructure.

• These services each have specific roles to play in the network.
  But they often also interact with one another, too.

• Network identity services each perform specific tasks and also
  frequently interact. Managing interactions becomes
  challenging when multiple internal organizations administer
  the various services, which may be duplicated in numerous
  locations throughout the network and use different data stores.
                  DNS
           Domain Name System
• DNS is a globally distributed database that
  manages IP addresses on the internet.
• DNS uses a hierarchy of domains on the internet.
   – Top level domains use the familiar names
     like .com, .edu, .gov.
   – The second level are registered to organizations who
     have a presence on the web.
   Active Directory is designed to exist within the scope of
     the Global DNS Namespace.
DNS Structure
                  LDAP
• Lightweight Directory Access Protocol
  (LDAP) -- a protocol used to access a
  directory service.
• Lightweight Access Directory Protocol is
  the primary access protocol for Active
  Directory.
     Active Directory's Global
             Catalog
• The global catalog is the mechanism that
  tracks all of the objects managed across the
  network, across all domains within the
  organization.
• Elements of the catalog are replicated
  across all of the domain controllers within
  all domains across the org.
 Global Catalog -Service Discovery
• For Active Directory to function properly, DNS
  servers must support Service Location (SRV)
  resource records.
• SRV resource records map the name of a service
  to the name of a server offering that service.
  Active Directory clients and domain controllers
  use SRV resource records to determine the IP
  addresses of domain controllers.
            Domain authority
• Active Directory replicates its administration
  information across domain controllers throughout
  the “forest” utilizing a “multi-master” approach.
• Multi-master replication among peer domain
  controllers is impractical for some types changes,
  so only one domain controller, called the
  operations master, accepts requests for such
  changes.
               Authentication

• Each domain controller has information for the
  entire forest to support authentication and access
  control.
• This provides the ability for local domain
  controllers (the “tree”) to provide a quick local
  lookup of authority.
• Not just users but every object authenticating to
  Active Directory must reference the global catalog
  server, including every computer that boots up

								
To top