1-Active Directory System and Application.ppt
- 1. © N. Ganesan, Ph.D. , All rights reserved. Active Directory Nanda Ganesan, Ph.D.
- 2. References • Technical overview of Windows 2003 Active Directory • Introduction to Windows 2003 Active Directory in application mode • Windows 2003 Reviewer’s Guide
- 3. Agenda • What is Active Directory • Building an Active Directory • Using Active Directory Features • Active Directory Objects • Auditing Active Directory
- 4. Group Names • Contributions made by – Charles Guzman – Daniel Gebretensai – Ervand Akopyan – Hovik Gharadaghi
- 5. Introduction to Active Directory
- 6. Overview of Active Directory • Directory services of the Windows server system • Stores information about network object and makes the information available to administrators, users, and applications • Provides a single point of network management allowing people to add, remove, and relocate users and resources easily • Integrated with Internet’s hierarchical domain naming system
- 7. Active Directory Properties • Integration with DNS • Flexible querying • Information security • Simplified administration • Scalability
- 8. Object and Schema • Objects are the basic entities that constitute the Active Directory – Each object will have it own globally unique identifier (GUID) • Schema – Describes the object classes – Defines the attributes for the object classes
- 9. Structural Components • Objects based hierarchical structure with constructs – Domains – Trees – Forests – Trust relationships – Organizational Units – Sites
- 10. A Simple Active Directory Structure
- 11. Active Directory and DNS Integration
- 12. Parent and child domains in a domain tree. Double-headed arrows indicate two-way transitive trust relationships Tree
- 13. One forest with three domain trees. The three root domains are not contiguous with each other, but EuropeRoot.com and AsiaRoot.com are child domains of HQ-Root.com. Forests
- 14. Shortcut trusts between Domains B and D, and between Domains D and 2 Internal Trusts in a Forest
- 15. Trust Relationships • Transitive • Two-way • Shortcut trusts • External trusts
- 17. Intra-site replication with just one domain . Organizational Units
- 18. Intra-site replication with two domains and two global catalogs Trust Relationships
- 19. Directory Protocols • Based on standard directory protocols • Interoperate with other protocols • Example: LDAP – LDAP it is used to add, modify, delete and query information stored in AD – LDAP to AD is like SQL to Oracle – LDAP determines how a client can access the directory, operations within the directory and share directory data
- 20. Active Directory Security • Based on Kerberos • Supports multiple security configurations for cross platform interoperability – Clients: A domain controller will authenticate clients running RFC-1510 Kerberos. This will include other clients running other operating systems. – Unix clients and services: A Kerberos principal is mapped to a Windows 2000 user or computer account
- 21. Installation Of Active Directory
- 22. Requirements • The computer must be Windows 2k, 2k3 Server, Advanced Server or Datacenter Server. • At least one volume on the computer must be formatted with NTFS. • DNS must be active on the network prior to AD installation or be installed during AD installation. • DNS must support SRV records and be dynamic. • The computer must have IP protocol installed and have a static IP address. • The Kerberos v5 authentication protocol must be installed. • Time and zone information must be correct.
- 24. DCPROMO
- 34. Role of DNS •Clients use DNS to locate Active Directory controllers. •Servers and client computers register their names and IP addresses with the DNS server
- 55. Creating a Child Domain
- 56. Requirements • Existing Domain • Member Server
- 63. Managing Objects in Active Directory
- 64. Frequently Managed Objects • Users • Computers • Groups
- 65. Managing Users
- 75. A Client Joining a Domain
- 81. Managing Groups
- 82. Group Policy Feature • Defines the various components of the users desktop environment that an administrator must manage • Applies not only to user and client computers but also to member servers, domain controllers, and other 2003 server in scope of management
- 83. Group Policy cont’d • Manage registry-based policy with Administrative Templates • Assign scripts. This includes scripts such as computer startup, shutdown, logon, and logoff • redirect folders, such as My Documents and My Pictures, from the Documents and Settings folder on the local computer to network locations
- 84. Configuring a Custom Console
- 85. Adding a Group Policy Object
- 86. Auditing
- 87. Auditing • Audit related functional activities
- 88. Some Auditable Activities • Account logon and logon events • Object access • Account management • Directory service access • Policy change • System events • Process tracking • Privilege
- 89. Some Auditing Function • Logon/Logout • User access to resources – File, folder, registry key, printer etc. • Account management – Create users and groups, modify membership, change password etc. • Systems events – Service start/stop • Directory service access – User’ access to Active Directory objects
- 91. The list of auditing options
- 92. References • www.microsoft.com • www.windowsitpro.com • www.visualwin.com • http://www.microsoft.com/technet/prodtechnol/w indowsserver2003/library/DepKit/d2ff1315-1712-48 e4-acdc-8cae1b593eb1.mspx • http://en.wikipedia.org/wiki/Active%5FDirectory • http://www.microsoft.com/technet/prodtec hnol/windowsserver2003/technologies/dire ctory/activedirectory/stepbystep/domcntrl. mspx#EFAA
- 93. The End