active directory
play

Active Directory By: Kishor Datar 10/25/2007 What is a directory - PowerPoint PPT Presentation

Sep 28, 2022 •164 likes •438 views

Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory Collection of related objects Files, Printers, Fax servers etc. Directory Service Information needed to use and manage the objects. Source

  1. Active Directory By: Kishor Datar 10/25/2007

  2. What is a directory service? ● Directory – Collection of related objects – Files, Printers, Fax servers etc. ● Directory Service – Information needed to use and manage the objects. – Source and Mechanism – Active Directory is a directory service in Windows 2003 Server

  3. Need for a directory service ● Organize ● Simplify access ● Find objects based on characteristics ● Simple administration – Patches – Security policies – Installation

  4. Using Active Directory Image courtesy of Windows 2003 active directory infrastructure, Spealman et al

  5. Features ● Centralized data store ● Scalability ● Extensibility ● Manageability ● Integration with DNS ● Client configuration management ● Policy based administration ● Replication of information ● Secure authentication and authorization

  6. Features.. continued.. ● Secure integration ● Interoperability with other directory services ● Signed and encrypted LDAP traffic

  7. Active Directory Objects ● Data stored is organized into objects ● Named set of attributes ● Represent resource ● Container objects .. Figure 2 ● Schema – Define Objects, are objects themselves – Schema Objects = Class Objects + Attribute Objects – Extending schema, caution, test forest

  8. Objects and attributes Image courtesy of Windows 2003 active directory infrastructure, Spealman et al

  9. Components ● Logical structure – Domains – Organizational units – Trees – Forests ● Physical structure – Sites – Domain Controller

  10. Logical Structures Image courtesy of Windows 2003 active directory infrastructure, Spealman et al

  11. OUs Image courtesy of Windows 2003 active directory infrastructure, Spealman et al

  12. Domain Trees Image courtesy of Windows 2003 active directory infrastructure, Spealman et al

  13. Physical Structure ● Sites ● Domain Controller

  14. Sites ● Combination of one or more IP subnets connected by a “Fast Link” ● Typically has same boundaries as LANs ● Are not part of the namespace ● Computer Objects and Connection Objects

  15. Domain Controllers ● Windows Server 2003 ● Functions – Store complete copy of information, manages changes and replication – Multi-master replication: All DCs are peers – Practically – operations master is used – Detect collision due to modification of attribute, resolved by use of higher property version number – Locate objects, validate user logon attempts

  16. Catalog services – The global catalog ● Selected information about every object in all domains in a directory ● Full replica of all object attributes for its host domain, partial replica for every domain ● Functions: – Enables users to logon (Universal Group Membership) – Finding information – Provides Universal Group Membership info to DC

  17. Query Process Retrieve, Modify, Delete information Port 3268 of DC Standard Queries on 389 Image courtesy of Windows 2003 active directory infrastructure, Spealman et al

  18. What information is replicated ● Schema Partition (DC & GC) ● Configuration Partition (DC & GC) ● Domain Partition (DC) ● Application Directory Partition ● Ntds.dit file

  19. Intrasite Replication ● No more than 3 hops ● 2 Paths ● KCC ● Replication Partners ● Intersite Replication ( Site Links )

  20. Trust and Trust Relationship ● Kerberos, NTLM ● Method of Creation, Transitivity, Direction ● Shortcut,External,Forest,Realm Trust Tree root trust Parent Child Trust

  21. Change and Configuration Management and IntelliMirror ● User Data Management ● S/W installation and maintenance ● User settings management ● Computer settings management ● Remote installation services

  22. Group Policies ● Group Policies ● GPOs – How are the applied ● Local GPO ● GPOs linked to site ● GPOs linked to domains ● GPOs linked to OUs (Highest level OU first)

  23. DNS & Object Naming ● User friendly names ● Connect to local servers using same naming convention as Internet ● LDAP ● Distinguished Name (DN) - Unique – CN=Deepak, OU=Promotions, OU=Marketing, DC= umbc, DC=edu ● RDN ● GUIDs ● UPN

  24. Few Examples, ● To disable multiple computer accounts, – dsmod computer CN=MemberServer1, CN=Computers,DC=Microsoft,DC=Com -disbled yes ● To find all contacts in the current domain whose names start with "te" – dsquery contact domainroot -name te* ● To Create an Organizational Unit – dsadd ou "ou=guyds, dc=cp, dc=com"

  25. Review ● Basic Concepts ● Purpose of using AD ● Physical and logical structure ● Group policies ● Trust relationships ● Replication strategies ● Naming ● Examples

  26. Questions? ● ? ● ?

  27. References ● [1] Book: Microsoft Windows Server 2003 Active Directory infrastructure [Spealman et al] ● [2] http://www.microsoft.com/ ● [3] A Guide to Microsoft Active Directory (AD) Design [John Dias] ● [4] http://www.computerperformance.co.uk/

Recommend

Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory

Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory

Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory Unlike the earlier Microsoft Windows NT 4.x Domain directory service which used proprietary DCE/RPC calls, Active Directory is based on standard

557 views • 27 slides
Restore von Active Directory mit einer von HP entwickelten Lsung (Recovering from Active

Restore von Active Directory mit einer von HP entwickelten Lsung (Recovering from Active

Restore von Active Directory mit einer von HP entwickelten Lsung (Recovering from Active Directory Disasters) Guido Grillenmeier Senior Consultant Technology Solutions Group Hewlett-Packard Agenda What is a Disaster? Authoritative

363 views • 19 slides
Active Directory as a powerful LDAP server: the unknown tips Alban Meunier SmartWave SA 45 min

Active Directory as a powerful LDAP server: the unknown tips Alban Meunier SmartWave SA 45 min

Active Directory as a powerful LDAP server: the unknown tips Alban Meunier SmartWave SA 45 min Introduction Active Directory context NT inheritance SAM (Security Account Manager, Samba V3) Active Directory (2000 2003)

429 views • 27 slides
Azure Active Directory Provider The Azure Provider can be used to congure infrastructure in

Azure Active Directory Provider The Azure Provider can be used to congure infrastructure in

Azure Active Directory Provider The Azure Provider can be used to congure infrastructure in Azure Active Directory (https://azure.microsoft.com/en- us/services/active-directory/) using the Azure Resource Manager API's. Documentation regarding

925 views • 46 slides
Windows.NET Windows.NET Beta 3 Beta 3 Active Directory New Features Directory New Features

Windows.NET Windows.NET Beta 3 Beta 3 Active Directory New Features Directory New Features

25. DECUS Symposium 16.04.2002 Windows.NET Beta 3 Windows.NET Windows.NET Beta 3 Beta 3 Active Directory New Features Directory New Features Active Active Directory New Features Wolfgang Werner Wolfgang Werner Compaq Compaq Decus Bonn

588 views • 31 slides
Active Directory Security: The Journey Sean Metcalf (@Pyrotek3) s e a n [@] TrimarcSecurity.com

Active Directory Security: The Journey Sean Metcalf (@Pyrotek3) s e a n [@] TrimarcSecurity.com

Active Directory Security: The Journey Sean Metcalf (@Pyrotek3) s e a n [@] TrimarcSecurity.com www.ADSecurity.org TrimarcSecurity.com ABOUT Founder Trimarc, a security company. Microsoft Certified Master (MCM) Directory Services

1.35k views • 100 slides
Xamarin and Azure AD Authenticating and Authorizing Your Mobile Apps Basic Active Directory

Xamarin and Azure AD Authenticating and Authorizing Your Mobile Apps Basic Active Directory

Xamarin and Azure AD Authenticating and Authorizing Your Mobile Apps Basic Active Directory Terms Domain: A directory of users, groups, roles, etc... User: An individual accounts Group: A collection of other users and groups Role: Something that

492 views • 22 slides
Creating Organizational Units, Accounts, and Groups Tom Brett Active Directory Users and Computers

Creating Organizational Units, Accounts, and Groups Tom Brett Active Directory Users and Computers

21/05/2013 Creating Organizational Units, Accounts, and Groups Tom Brett Active Directory Users and Computers (ADUC) Active Directory Users and Computers (ADUC) After installing AD DS, the next task is to create your Organizational Units,

535 views • 41 slides
How to impress your management when you are an Active Directory noob? Vincent LE TOUX 15:15

How to impress your management when you are an Active Directory noob? Vincent LE TOUX 15:15

How to impress your management when you are an Active Directory noob? Vincent LE TOUX 15:15 -> 16:00 #RomHack2019 28th of September 2019 in Rome Whoami Vincent LE TOUX https://www.pingcastle.com / @mysmartlogon Management (Architect,

584 views • 35 slides
Speeding up Samba by backing up Experiences in implementing and optimizing Active Directory

Speeding up Samba by backing up Experiences in implementing and optimizing Active Directory

Speeding up Samba by backing up Experiences in implementing and optimizing Active Directory features in Samba What has been done in the last year? Samba 4.9 Password and membership change auditing LMDB back-end (semi-experimental)

1.06k views • 49 slides
Integrating OpenStack with Active Directory (Because AD != LDAP) Craig Jellick

Integrating OpenStack with Active Directory (Because AD != LDAP) Craig Jellick

Integrating OpenStack with Active Directory (Because AD != LDAP) Craig Jellick Mike Dorman cjellick@godaddy.com mdorman@godaddy.com Go Daddy OpenStack Cloud Platform Group Agenda OpenStack at Go Daddy Keystone

875 views • 28 slides
Zoho Corporation Bootstrapped and profitable 2018 6,500 Employees 65% Fortune 500

Zoho Corporation Bootstrapped and profitable 2018 6,500 Employees 65% Fortune 500

Zoho Corporation Bootstrapped and profitable 2018 6,500 Employees 65% Fortune 500 35 million users 2001 2005 1996 190+ countries IT service Active Directory management management Help desk Active Directory

516 views • 26 slides
Directory Services A service that stores collections of bindings between names and attributes, and

Directory Services A service that stores collections of bindings between names and attributes, and

Directory Services A service that stores collections of bindings between names and attributes, and looks up entries that match attribute-based specifications (e.g., Microsoft's Active Directory Service, X.500 and LDAP) Case Study - X.500

515 views • 12 slides
Active Directory: Where Exploit Ends (kind of) Ar Aravind Prakash Security Analyst at Lucideus

Active Directory: Where Exploit Ends (kind of) Ar Aravind Prakash Security Analyst at Lucideus

Active Directory: Where Exploit Ends (kind of) Ar Aravind Prakash Security Analyst at Lucideus Works mostly in Infrastructure security. Passionate about offensive security. CRTE and CRTP certified. Member of DEF CON Trivandrum

457 views • 18 slides
Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander

Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander

Handling POSIX attributes for trusted Active Directory users and groups in FreeIPA Alexander Bokovoy <ab@samba.org> May 21th, 2015 Samba Team / Red Hat 0 A crisis of identity (solved?) FreeIPA What is FreeIPA? Cross Forest Trusts

298 views • 29 slides
Stash Directory: A Scalable Directory for Many-Core

Stash Directory: A Scalable Directory for Many-Core

Stash Directory: A Scalable Directory for Many-Core Coherence Socrates Demetriades and Sangyeun Cho 20 th Interna+onal Symposium On High Performance

782 views • 31 slides
Modernizing Active Directory Manage Business Transformation Initiatives in a rapidly evolving

Modernizing Active Directory Manage Business Transformation Initiatives in a rapidly evolving

Modernizing Active Directory Manage Business Transformation Initiatives in a rapidly evolving business environment Digital Business Transformation IT is now a part of the All industries are New business business, not just undergoing a

394 views • 20 slides
Trusted Domain Support as Active Directory Domain Controller Stefan Metzmacher

Trusted Domain Support as Active Directory Domain Controller Stefan Metzmacher

Trusted Domain Support as Active Directory Domain Controller Stefan Metzmacher <metze@samba.org> Samba Team / SerNet 2018-06-07 https://samba.org/~metze/presentations/2018/SambaXP/ Talks at SambaXP/SDC 2017 Last year I gave talks

388 views • 27 slides
all at once with Azure Active Directory Etan Basseri Senior Program Manager Identity Engineering

all at once with Azure Active Directory Etan Basseri Senior Program Manager Identity Engineering

Identity, Security and Collaboration, all at once with Azure Active Directory Etan Basseri Senior Program Manager Identity Engineering Microsoft 365 Enterprise Office 365 Windows 10 Enterprise Mobility Enterprise Enterprise + Security

503 views • 7 slides
Directories and directory implementation Introduction to directory implementation and the art of

Directories and directory implementation Introduction to directory implementation and the art of

Directories and directory implementation Introduction to directory implementation and the art of attributes Miroslav Milinovic, University Computing Centre, University of Zagreb Jasmina Hodzic, Center for Information Technology Services,

1.65k views • 20 slides
Statewide Provider Directory Project Overview Mar 2017 1 Provider Directory Highlights

Statewide Provider Directory Project Overview Mar 2017 1 Provider Directory Highlights

Statewide Provider Directory Project Overview Mar 2017 1 Provider Directory Highlights Directory of accurate, trusted provider data available to vetted healthcare entities (Not consumer-facing) Authoritative data sources that feed the

529 views • 11 slides
WHAT IS THE SERVICE DIRECTORY? USING THE DIRECTORY Simple format- search by Service Name (if

WHAT IS THE SERVICE DIRECTORY? USING THE DIRECTORY Simple format- search by Service Name (if

A one-stop shop , district and borough-wide register of local services , events and other assets Professional directory- the information on it is not made available to the wider public. Users can see at a glance what the service can do

294 views • 11 slides
Directory 11 Regional Reliability Reference Directory # 11 Disturbance Monitoring Equipment

Directory 11 Regional Reliability Reference Directory # 11 Disturbance Monitoring Equipment

Directory 11 Regional Reliability Reference Directory # 11 Disturbance Monitoring Equipment Criteria Presented to: Joint Meeting NPCC TFSP& WECC RWG September 2018 Tony Napikoski Principal Engineer United Illuminatiing/Avangrid

130 views • 9 slides
LDAP (Lightweight Directory Access Protocol) wangth Computer Center, CS, NCTU What is Directory

LDAP (Lightweight Directory Access Protocol) wangth Computer Center, CS, NCTU What is Directory

LDAP (Lightweight Directory Access Protocol) wangth Computer Center, CS, NCTU What is Directory Service? What is Directory Service ( ) Highly optimized for reads Implements a distributed model for storing information

554 views • 39 slides

More recommend