Active-Directory-Domain-Services.pptx
- 1. Active Directory Domain Services (AD DS)
- 2. Active Directory âą Active Directory (AD) is a directory service that runs on Microsoft Windows Server. The main function of Active Directory is to enable administrators to manage permissions and control access to network resources. In Active Directory, data is stored as objects, which include users, groups, applications, and devices, and these objects are categorized according to their name and attributes.
- 3. Active Directory Domain Services âą Active Directory Domain Services (AD DS) are a core component of Active Directory and provide the primary mechanism for authenticating users and determining which network resources they can access. AD DS also provides additional features such as Single Sign-On (SSO), security certificates, LDAP, and access rights management.
- 4. Schema âą A set of rules that defines the classes of objects and attributes that can be contained in the directory. â e.g. the fact that AD has user objects that include a user name and password is because the schema defines the user object class that, the two attributes, and the association between the object class and attributes.
- 5. Policy-based administration âą Provides a single point at which to configure settings that are then deployed to multiple systems. âą Such policies include; â Group policy â Audit policies â Fine-grained password policies
- 6. Replication Services âą Distribute directory data across a network â This includes both the data store itself as well as data required to implement policies and configuration, including logon scripts.
- 7. Global Catalog âą Enables you to query AD and locate objects in the data store. âą Contains information about every object in the directory. âą Can be used by programmatic interfaces such as Active Directory Services Interface (ADSI) and Lightweight Directory Access Protocol (LDAP).
- 8. Components/Objects of an AD Infrastructure âą Activity Directory data store âą Domain controller âą Domain âą Forest âą Tree âą Functional level âą Organizational unit (OU) âą Sites
- 9. Active Directory Data Store âą AD DS stores its identities in the directory â a data store on domain controllers âą The directory is a single file named Ntds.dit âą that is located in the %SystemRoot%Ntds folder on a domain controller âą The database is divided into several partitions, including the schema, configuration, global catalog, and the domain naming context.
- 10. Domain Controller (DC) âą The DCs are servers that perform the AD DC role. âą The DCs also run the Kerberos Key Distribution Center (KDC) service.
- 11. Domain âą Requires one or more DCs âą DCs replicate the domainâs partition of the data store so that any DC can authenticate any identity in the domain. âą Is a scope of administrative policies such as password complexity and account lockout policies.
- 12. Forest âą A collection of one or more AD domains. âą The first domain installed in a forest is called the forest root domain. âą A forest contains a single definition of network configuration and a single instance of the directory schema. âą A forest is a single instance of the directory â no data is replicated by AD outside the boundaries of the forest. âą A forest defies a security boundary.
- 13. Tree âą The DNS namespace of domains in a forest creates trees within the forest. âą If a domain is a subdomain of another domain, the two domains are considered a tree. âą The domains must constitute a contiguous portion of the DNS namespace. âą Trees are the result of the DNS names chosen for the domains in a forest.
- 14. Functional Level âą The functionality available in an AD domain or forest depends on its functional level. âą The three domain functional levels are: â Windows 2000 native â Windows Server 2003 â Windows Server 2008 âą The functional level determines the versions of Windows permitted on domain controllers.
- 15. Organization Units (OU) âą OUs provide a container for objects, and provide a scope with which to manage objects. âą OUs can have Group Policy Objects (GPOs) linked to them. âą GPOs can contain configuration settings that will then be applied automatically by users or computers in an OU.
- 16. Sites âą An AD site is an object that represents a portion of the enterprise within which network connectivity is good. âą A site creates a boundary of replication and service usage. âą DCs within a site replicate changes within seconds. âą Changes are replicated between sites on a controlled basis with the assumption that intersite connections are slow, expensive, or unreliable compared to the connections within a site. âą Clients will prefer to use distributed services provided by servers in their site or in the closest site.