Configure and Manage

Active Directory
Configure and Manage Active Directory
 Configure Active Directory
 Managing Active Directory
 Active Directory (AD) allows network administrators to create and manage domains, users,
and objects (other devices on a network) within a network.
 For example, an admin can create a group of users and give them specific access privileges to certain
directories on the server.
 AD is a directory service developed by Microsoft for Windows domain networks.
 It is included in most Windows Server operating systems as a set of processes and services.
 It is a primary feature of Windows Server, an operating system that runs both local and
Internet-based servers.
 Its primary function is to facilitate authentication and authorization of users (members) and
resources within an AD domain.
 What is authentication?
 In simple words, Authentication is the process that addresses the question
"Who are you?".
 Authentication is done by obtaining a valid username and password on an
internet or intranet system.
 Once a user is authenticated, the system confirms that you match the identity
of whoever you claim to be.
 However, authentication doesn't confirm whether you are authorized to access
the resource that you might be trying to access; that is done by Authorization.

ttps://www.c-sharpcorner.com/UploadFile/84c85b/understanding-windows-authentication-in-detail/
 Authorization addresses the question "What Can You Do?"
 It happens after successful authentication.
 Authorization is the process of verifying that a user is allowed to access a requested
resource.
 This process determines whether an authenticated user is permitted access to any
part of an application, access to specific points of an application, or access only to
specified datasets that the application provides.
 After all, how can you determine whether someone is allowed to do something if you
don't recognize that person's identity.

ttps://www.c-sharpcorner.com/UploadFile/84c85b/understanding-windows-authentication-in-detail/
 Process and services
 What are the differences?
 A service is a process that runs in the background and does not interact with the desktop.
 With computer software, a service is software that performs automated tasks, responds to
hardware events, or listens for data requests from other software.
 In a user's operating system, these services are often loaded automatically at startup, and run
in the background, without user interaction. It does not interact with the desktop.

//superuser.com/questions/209654/whats-the-difference-between-an-application-process-and-services
ext=A%20process%20is%20an%20instance,have%20several%20processes%20running%
ultaneously.&text=A%20service%20is%20a%20process,not%20interact%20with%20the%20desktop.
What's the difference between an Application, a Process, and a
Service?

 An application is a program that you interact with on the desktop. This is what you
spend almost all of your time using on the computer.
Example: Internet Explorer, Microsoft Word, iTunes, and skype.
 A process is an instance of a particular executable (.exe program file) running.
 A given application may have several processes running simultaneously.
 For example, some modern browsers such as google chrome run several processes at once, with
each tab actually being a separate instance/process of the same executable.
 In some cases, complicated applications may have multiple processes; for example, Visual Studio
runs a separate process when it compiles code from when it displays the IDE.
 However, most often, a given application is running from a single process; for example, no matter
how many Microsoft word windows you have open, only a single instance of winword.exe is
running.
 A service is a process that runs in the background and does not interact with the
desktop. In Windows, services almost always run as an instance of the svchost.exe
process, the windows service host process; however there are sometimes exceptions to
this.
 A touchpad driver, for example, will usually have a process that runs when a user logs in
and handles the special features of the touchpad, but isn’t a service and doesn’t show any
windows to the user.
 Sometimes an application may depend on a certain service.
 Printing from any program requires that the print spooler service be active. Installation packages
(.msi installers) require that the windows installer service be running.
 Antivirus programs usually employ a service so they can continue running even when the user is
not logged in.
 Many antivirus applications run a process silently in the background which only displays an
application to the user when action is required.
 Processes usually exit when an application is closed, however, this is not always the case.
Some programs, particularly download and backup programs, may continue to run in the
background without displaying any windows.
 A domain is defined as a logical group of network objects
(computers, users, devices) that share the same Active
Directory database.
 Active Directory has forests and trees which are ways of
representing multiple domains.
 A tree is a collection of one or more domains and domain trees in a
contiguous namespace and is linked in a transitive trust hierarchy.
 At the top of the structure is the forest.
 A forest is a collection of trees that share a common global
catalog, directory schema, logical structure,
and directory configuration.

Ref: 4- MCITP 70-640: Active Directory forest and trees (8 minutes)

https://www.youtube.com/watch?v=Whh3kPS0FdA&list=PL1l78n6W8zypXtkh3uWIXbPssc4IGbfb5&index=4
 Why have many domains?
 For easy separation such as early
version of active directory,
company structure, politics
 Can scale easily.
Ref: 4- MCITP 70-640: Active Directory forest and trees (8 minutes)
https://www.youtube.com/watch?v=Whh3kPS0FdA&list=PL1l78n6W8zypXtkh3uWIXbPssc4IGbfb5&index=4
 In a forest consisting of more than one domain, do we need to have
several ADs?
 Do we need to have one AD for each domain?
 Can domains in the same forest gain information and access to each
other?
 Can domains in different forests share resources with each other? If
yes, how?
 To be an AD, need to be DC?
 Introduction To Active Directory
 https://www.youtube.com/watch?v=OTpbQkW3kj4
 MCITP 70-640: Active Directory Under The Hood
 https://www.youtube.com/watch?v=hoodfyq30NA&list=PL1l78n6W8zypXtk
h3uWIXbPssc4IGbfb5&index=3
 What is Active Directory?
 https://www.youtube.com/watch?v=i9I5poSokow
 What is Active Directory?
 https://www.youtube.com/watch?v=qkN4bvqWqvo
 Active Directory Domain Services For Beginners - Windows Server 2019
 https://www.youtube.com/watch?v=7uLhJ236VD8
 Windows Server 2019 - Forest & Domain Functional Levels Q&A
 https://www.youtube.com/watch?v=EkjHLkXlzdI&list=RDCMUCxf9VicLnyvZhGplp1S
MWVA&index=4
 What is Active Directory?(2017)
 https://www.youtube.com/watch?v=i9I5poSokow
Active Directory’s services
 Active Directory provides several different services, which fall under the umbrella of
"Active Directory Domain Services," or AD DS.
 These services include:
 Domain Services – stores centralized data and manages communication between users
and domains; includes login authentication and search functionality
 Certificate Services – creates, distributes, and manages secure certificates.
 Lightweight Directory Services – supports directory-enabled applications using the open
(LDAP) protocol.
 Directory Federation Services – provides single-sign-on (SSO) to authenticate a user in
multiple web applications in a single session.
 Rights Management – protects copyrighted information by preventing unauthorized use
and distribution of digital content.

Ref:
https://techterms.com/denition/active_directory
 Certificate Services
 An SSL certificate, or secure certificate, is a file installed on a secure Web server that
identifies a website.
 This digital certificate establishes the identity and authenticity of the company or
merchant so that online shoppers can trust that the website is secure and reliable.
 In order to verify that these sites are legitimate (they are who they say they are), the
companies and their websites are verified by a third party, such as Verisign or Thawte.
 Once the verification company establishes the legitimacy of an organization and the
associated website, they will issue an SSL certificate (for the small fee of a few hundred
dollars).
 This digital certificate is installed on the Web server and will be viewable when a user
enters a secure area of the website.
 You can tell you are visiting a secure page when the URL starts with "https." To view the
certificate, click the lock icon near one of the edges of your browser window.

Secure Sockets Layer (SSL) is a protocol developed by Netscape for

providing a secure connection between two or more devices via the
Internet. SSL uses a cryptographic system that uses two keys to encrypt
data a public key known to everyone and a private or secret key known
only to the recipient of the message.
Ref: https://techterms.com/denition/certicate
 Because digital certificates verify a company's current status, they do not last forever.
 SSL certificates typically expire every one to three years.
 If the certificate is not renewed in time, you may see an alert box pop up that says
"This website's certificate has expired.“
 This error has nothing to do with you or your computer but is displayed because the
Web server you connected to has not renewed its SSL certificate.
 While this does not necessarily mean the site is fraudulent, it does show that the site
is less than professional.

Ref: https://techterms.com/denition/certicate
The End