VIEWS: 63 PAGES: 17 CATEGORY: Technology POSTED ON: 12/18/2010
Networking like OSI Model, TCP IP, Active Directory, etc.
Microsoft Active Directory(AD) What are directory services? All Directory services use a hierarchical structure that stores information about objects on the network. What differentiates the various implementations are the types of objects that they track. What objects are tracked via Directory Services? • Shared Resources: • Administration of: – Servers, – Users – Shared volumes, – User/Group access – Printers; – Network resources – Applications – Management of domains, applications, services, security policies, and just about everything else in your network. Directory Services Common Features: • Provide file shares • Authenticate users • Provide services, such as Email, Access to the internet, Print services etc. • Control access to services and shares. Key Features of Active Directory • AD as a namespace that is integrated with the Internet's Domain Name System (DNS). • AD - A new directory service central to the Windows 2000 Server operating system, runs only on domain controllers. Some directory services are integrated with an operating system, and others are applications such as e-mail directories. Operating system directory services, such as AD, provide user, computer, and shared resource management. Active Directory utilizes a distributed architecture • Active Directory, in addition to providing a place to store data and services to make that data available, also protects network objects from unauthorized access and replicates information about objects across the entire network so that information about objects is not lost if one domain controller fails. Terminology • Site: A site is a physical location, or LAN. This is different from a web site, which is an organization’s internet presence. • Domain: – (1) A sub-network comprised of a group of clients and servers under the control of one security database. Dividing LANs into domains improves performance and security. – (2) All resources under the control of a single computer system. Sample Domain Structure Basic Network Identity Services – Dynamic Host Configuration Protocol (DHCP) – Domain Name System (DNS) – Lightweight Directory Access Protocol (LDAP) – Public Key Infrastructure (PKI) – Remote Authentication Dial-In User Service (RADIUS) – Microsoft's Active Directory – Novell Directory Services (NDS) Identity Service Providers SERVICE SPECIFICS • Most mid-sized to large enterprises today are likely to run about a half dozen network identity services to connect their business applications and network infrastructure. • These services each have specific roles to play in the network. But they often also interact with one another, too. • Network identity services each perform specific tasks and also frequently interact. Managing interactions becomes challenging when multiple internal organizations administer the various services, which may be duplicated in numerous locations throughout the network and use different data stores. DNS Domain Name System • DNS is a globally distributed database that manages IP addresses on the internet. • DNS uses a hierarchy of domains on the internet. – Top level domains use the familiar names like .com, .edu, .gov. – The second level are registered to organizations who have a presence on the web. Active Directory is designed to exist within the scope of the Global DNS Namespace. DNS Structure LDAP • Lightweight Directory Access Protocol (LDAP) -- a protocol used to access a directory service. • Lightweight Access Directory Protocol is the primary access protocol for Active Directory. Active Directory's Global Catalog • The global catalog is the mechanism that tracks all of the objects managed across the network, across all domains within the organization. • Elements of the catalog are replicated across all of the domain controllers within all domains across the org. Global Catalog -Service Discovery • For Active Directory to function properly, DNS servers must support Service Location (SRV) resource records. • SRV resource records map the name of a service to the name of a server offering that service. Active Directory clients and domain controllers use SRV resource records to determine the IP addresses of domain controllers. Domain authority • Active Directory replicates its administration information across domain controllers throughout the “forest” utilizing a “multi-master” approach. • Multi-master replication among peer domain controllers is impractical for some types changes, so only one domain controller, called the operations master, accepts requests for such changes. Authentication • Each domain controller has information for the entire forest to support authentication and access control. • This provides the ability for local domain controllers (the “tree”) to provide a quick local lookup of authority. • Not just users but every object authenticating to Active Directory must reference the global catalog server, including every computer that boots up
Pages to are hidden for
"Active Directory Microsoft Active Directory AD What are directory services"Please download to view full document