• No results found

Active Directory. Learning Objective. Active Directory

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Active Directory. Learning Objective. Active Directory"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

1

Active Directory

(November 19, 2015)

© Abdou Illia, Fall 2015

2

Learning Objective

Use Active Directory concepts

Namespace

DNS

Global Catalog

Schema

Class

Tree

Forest

Organizational Units

3

Active Directory

Win 2000 Pro Workstation

Printer

Win NT Server Win 2000 Server User

Group

Security Policies

 A Central Database on a Domain Controllerfor storing network

resources and security policies +

 Tools for managing network resources (find, add, remove, etc.)

Ad is used for:

Resource lookup (Searching for specific resources)

User authentication (login) AD =

(2)

4

Active Directory structure

 Individual resources are called objects

 Objects belong to classes

 Each Class has its own attributesdefined in the Schema

User account Computer Printer Domain

Object classes

• Object name

• Object’s Globally Unique Identifier (GUID) • Required attributes

• Optional attributes • Syntax • Parent relationship

• Username • User’s full name

• Password • Account description • Remote access OK

Default classes

Domain Shared folder User Account Computer Group Printer Shared Drive …… Schem a Examples: Examples: Schema = Database design. Elements used in the definition of each object

contained in the Active Directory

5

Replication

In a Windows 2003

network, you can

create multiple domain

controllers (DCs)

Each DC stores a copy

of the Active Directory

Each DC replicates

changes in its copy of

Active Directory to

other DCs.

Replications

6

Global catalog (GC)

During AD installation, W2003 Server creates a

Global Catalog on the 1

st

DC

The Global Catalog stores:

Information about all objects in the initial DC

Partial information about objects in other domains

(attributes needed for search).

An index and partial replica of objects and

(3)

7

Global Catalog (GC)

Common attributes stored in the GC: users’

first and last names, logon names, email

address

GC is primarily for:

Enabling users to find AD information from anywhere in the forest

Providing authentication services when a user from another domain

logs on with a User Principal Name (eg. [email protected])

Responding to directory lookup from application programs like

Microsoft Exchange.

When a Global Catalog server is not available, the user can only logon to the local computer.

8

Namespace and DNS

Domain Name Service (DNS): Service that

performs name resolutions, i.e. conversions

between IP addresses and domain names

Name resolutions take place in a logical

area of the network called Namespace

A Namespace includes (1) the Active

Directory, which contains named objects

and (2) one or more DNS servers

9

Types of namespaces

Contiguous namespace:

A namespace in which

every child object contains

the name of its parent

object

abc.com div1.abc.com div2.abc.com dept1.div1.abc.com dept1.div2.abc.com Contiguous Namespace 

Disjointed namespace:

A

namespace in which the

child object name does

not resemble the name of

its parent object

university.edu

ethicsresearch.com technology.com

bio.ethicsresearch.com cell.technology.com

(4)

10

Active directory and DNS

AD cooperates with DNS during logon process

10.1.10.16 Domain Controller 10.1.10.25 Workstation DNS Server 10.1.0.1 1 2 I need Domain Controller IP address IP address is 10.1.10.16

Log on request for userID = john; pswd = ab10; protocol = LDAP

Authentication = Yes; userID = john; pswd = ab10; protocol = LDAP 3

4

fname lname userID OU domain Lizza Frulla Liz Sales contoso.com John Doe John Mktg contoso.com : : : : : : : : : :

Workstation sends a DNS request for getting a DC IP address DNS server sends requested IP address

Workstation sends a log on request to DC by user’s credentials DC sends back authentication response to workstation

11

Active directory and DNS

 AD cooperates with DNS in locating network resources and services

10.1.10.16 Domain Controller 10.1.10.25 Workstation DNS Server 10.1.0.1 1 2 I need Domain Controller IP address IP address is 10.1.10.16

Lookup request for firstname = john; lastname = Doe; protocol = LDAP

CN = John Doe, OU = Mktg, DC = contoso, DC = com 3

4

fname lname userID OU domain Lizza Frulla Liz Sales contoso.com John Doe John Mktg contoso.com : : : : : : : : : :

Workstation sends a DNS request for getting a DC IP address DNS server sends requested IP address

Workstation sends the DC a request for locating a user account DC sends back user’s Unique Distinguish Name

12

Tree

A tree contains one or more domains and has the

following characteristics:

1) Domains are represented in a contiguous namespace

2) Two-way trust relationships between domains (each domain

can access other domain resources)

3) Member domains use the same Schema and Global Catalog

tracksport.com

east.tracksport.com

west.tracksport.com

south.tracksport.com

(5)

13

Forest

Usually, a forest consists in more than one tree

and has the following characteristics:

1) The trees use a disjoined namespace

2) All trees use the same Schema and Global Catalog

atlanta. radiators.com

radiators.com

florence.

radiators.com engine.combeijing. engine.com

mexicocity. engine.com chicago.

radiators.com engine.comvalencia. detroit. partplus.com partplus.com toronto. partplus.com Trust relationship between root domains of each tree

14

Site

A TCP/IP concept used to reflect the physical design of

the network. It has the following characteristics:

1) Represents one or more IP subnets at the same location

2) High speed connection in the same site

3) Low speed connection between sites

Microsoft.com

Single domain with single site

Site 1

Site 2

Site 3 Microsoft.com

Single domain with multiple sites

Low

speed

connections

15

Organizational Unit (OU)

Grouping of related objects, such as user accounts,

computers and printers for easier management.

OUs reflect functional structure of organization

Objects are grouped in an OU to be administered using the

same group policy.

Active Directory Manufacturing Division OU Active Directory Distribution Division OU Similar to having subfolders in a folder

(6)

16

Summary Questions

1) In AD, a __________ stores information about all the objects in the initial DC and partial information about objects in other domains

a) Forest

b) Global Catalog

c) Namespace

d) Schema

e) Site

2) Which of the following is a 128-bit number (that cannot change) assigned to an object?

a) User Principal Name

b) Universal Name

c) Globally Unique Identifier

3) When combining domains in a tree, you have named the parent domain univesity.comwhile the two child domains added to this parent are named

computerscience.univesity.comand hystory.university.com. Which of

the following options have you selected for naming the domains? a) Disjointed

b) Contiguous

c) User Principal Name

d) Globally Unique Identifier

17

Summary Questions

4) In Active Directory, a _____________ represents the design of the AD database. It contains the definition of objects’ attributes.

a) Class

b) Global Catalog

c) Namespace d) Schema

5) Which of the following statements is/are true regarding a site? a) High speed connections are used in the site, whereas low speed

connections are used between sites

b) A site represents one or more subnets at the same physical location.

c) All of the above 6) Trees in a forest use:

a) Different Global catalogs

b) Same schema

c) Always use the same naming structure

7) A(n) __________ is a grouping of related objects, usually, based on the functional structure of the organization

a) Site

b) Organizational Unit

References

Download now ( PDF - 6 Page - 211.06 KB )

Related documents

Technet Active Directory Schema

Risky and the microsoft technet directory schema definition for this website, active directory installation dc meta data that the schema updates and the exchange

8.0. Forest Edition. Deployment Guide

restore of Active Directory The account used to access the target domain controllers must • Have the Write permission on the folder %AllUsersProfile%\Application

Human Body Modification Anime

Awake one body of human modification anime is a fandom comics community save up a need to have room in some look as the bodies. Host of human body scarification is a graphic

11/16/2011. Education JOBS/Finance 152 Update. Education JOBS, Special Education, Etc. MASBO Fall Conference November 18, 2011.

• The final calculation of Education JOBS funds is anticipated to be completed by the end of February, 2012, when all general education revenue and state special education aids are

ADMT v3 Migration Guide

Restructuring Windows NT 4.0 domains involves migrating user, group, and computer objects from a Windows NT 4.0 account or resource source domain into an Active Directory

Centrify Server Suite Express

• Agents enable UNIX and Linux computers to join an Active Directory domain and automatically generate user and group profiles for all Active Directory users and groups..

MSRPC NULL sessions. Exploitation and protection. Jean-Baptiste Marchand

Active Directory uses the Pre-Windows 2000 Compatible Access local group to grant or revoke anonymous access to Active Directory objects On Windows 2000 Active Directory

Active Directory - User, group, and computer account management in active directory on a domain controller. - User and group access and permissions.

- Configure and manage backup jobs for Windows and Vmware servers including monitoring backup job statuses.. - Deploy and update remote backup agents on