active directory lecture 3 – domain services primer
TRANSCRIPT
![Page 1: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/1.jpg)
Active Directory Lecture 3 – Domain Services Primer
![Page 2: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/2.jpg)
Learning Goals
• I will be able to install a functionally operable domain server for a Windows Active Directory Domain
• I will be able to organize a Windows Domain to maximize logical design and Security
• I will be able to distinguish between different types of Domain Objects
![Page 3: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/3.jpg)
What is AD
• A directory server – a common place for information about groups, people, workstations and security to reside
• One ring to rule them all – The borg collective – Once joined to the domain one trusts the domain and all the security settings that goes with it.
![Page 4: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/4.jpg)
![Page 5: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/5.jpg)
Why do we care?
• Single most effective tool for managing security in a distributed environment
• If setup correctly can control users, servers, workstations and audit everything
![Page 6: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/6.jpg)
Evolution of AD
• Windows NT 4
• Windows 2000 – Domain Services – DNS
• Windows 2003 – Internet Integration
• Windows 2008 – Federated Management and Sharing
• Windows 2012 – The clouds are coming!
![Page 7: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/7.jpg)
Standards
• Like the OSI model, AD is built on standards
• X.500
• LDAP Compatable
![Page 8: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/8.jpg)
Understanding Domains
• Single Domain
• One spot for a organization
• Container for user and company records
• Trees including domains and sub domains organize different parts of the company together
![Page 9: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/9.jpg)
Some Rules
• Domains are designed to be built around internet names – DNS is an important part of Active Directory
• Public namespace names should be avoided unless you actually own the domain name – otherwise name resolution problems will crop up
• DNS Management – Either create a new subdomain for AD (ad.company.com) and let AD run it. Or create a new DNS name and let AD run it.
![Page 10: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/10.jpg)
AD Authentication Modes
• NTLM – Legacy system which included hashes of passwords being sent over the network
• Kerberos – No sending of hashes over the network
• Because of it’s ability to send usernames and passwords quickly, in a central store and securely AD becomes the favorite of any single sign on container
![Page 11: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/11.jpg)
LDAP Naming Convention
Logical Flow
![Page 12: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/12.jpg)
Trusting Relationships
Explicit Trust - Works between domains to create trust between the two Partners – External Entities Different organizations within the same forest
![Page 13: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/13.jpg)
Shortcut Trusts
![Page 14: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/14.jpg)
OU’s
• Units for Organizing Users and Objects in the Domain
• Security
• Organization
• Can create OU’s inside OU’s
![Page 15: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/15.jpg)
Some More Rules
• OU’s should not follow a managerial or political structure of the organization.
• Organize for the user separation for top level departments
• Organize between different types of Objects (Computers, Servers and Users)
![Page 16: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/16.jpg)
Groups
• Groups are created to manage security on a specific level
• Used for assigning permissions or distributing information (exchange email groups)
• Enterprises will have a TON of these – unrealistic for IT to manage
• Managers organize via political levels
• IT manages for permissions
• Managed Groups vs Standard Groups
![Page 17: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/17.jpg)
![Page 18: Active Directory Lecture 3 – Domain Services Primer](https://reader035.vdocuments.net/reader035/viewer/2022081513/56649dc85503460f94abe77f/html5/thumbnails/18.jpg)
Domain Controllers
• Domain Controllers Control the Domain – When a domain is created a database is installed that contains all the information about objects in the domain
• This database is replaced to all domain controllers inside the domain
• Domain controllers should be placed in physical locations of the same domain
• Remember to follow WAN Segments
• When the database is changed on one domain controller the changes are replicated on the other DC’s
• For security you may wish to install a domain controller as a “read only” domain controller. This would allow associated applications to read information without being able to make changes