2. OUTLINE
INTRODUCTION
HISTORICAL BACKGROUND
ARCHITECTURE OF AD DS
PROTOCOL
AUTHENTICATION
AUTHORIZATION
COMPONENTS OVERVIEW
TRUSTS
BENEFITS OF AD DS
LIMITATIONS OF AD DS
CONCLUSION
3. INTRODUCTION
Active Directory Domain Service (AD DS) is a server role in
Window Server Operating System that allows administrators to
centrally manage and store information about resources of a
network, as well as application data in a distributed database.
It is an outstanding versatile and secured technology for most
modern networking client-server environment
4. HISTORICAL BACKGROUND
Mid 1990s, Active Directory was introduced by Microsoft
Active Directory replaced Windows NT-style user
authentication
Active Directory did not become a part of Windows
Operating System until the release of Windows 2000 in
2000
Active Directory improved as Windows Server 2003 and
Windows Server 2008 was released
5. ARCHITECTURE OF AD DS
Figure 1: Showing the Architecture of AD DS (Microsoft, 2015)
6. PROTOCOL
Lightweight Directory Access Protocol (LDAP)
X.500 Standard
Based on TCP/IP
A method for accessing, searching, and modifying a
directory Service
A client-server model
7. What is Authentication?
• Network authentication:
grants access to network
resources
• Interactive logon: grants
access to the local
computer
Authentication is the process of verifying a user’s identity
on a network.
Authentication includes two components
8. What is Authorization?
Security principals are
issued security identifiers
(SIDs) when the account is
created
User accounts are issued
security tokens during
authentication that include
the user’s SID and all related
group SIDs
Shared resources on a
network include access
control lists (ACL) that
define who can access the
resource
The security token is
compared against the
Discretionary Access Control
List (DACL) on the resource
and access is granted or
denied
Authorization is a process of verifying that an
authenticated user has permission to perform an action
9. COMPONENTS OVERVIEW
Physical Components
Data Store
Domain Controllers
Global Catalog Server
Replication
Logical Components
Partitions
Schema
Domains
Domain trees
Forests
Sites
Organizational Units
(OUs)
10. ...COMPONENTS OF AD DS
Domain tree Forest
Figure2 : Showing a domain tree and a forest (Microsoft, 2015)
11. TRUSTS
Trusts provide a mechanism for users to gain access to
resources in another domain
Types of Trust Description Diagram
Directional The trust direction flows
from trusting domain to
the trusted domain
Transitive The trust relationship is
extended beyond a two-
domain trust to include
other trusted domains
Access
TRUST
Trust &
Access
•All domains in a forest trust all other domains in the forest
•Trusts can extend outside the forest
Table 1: Showing different types of trust
12. BENEFITS OF AD DS
Centralized Directory
Single Sign on Access
Scalability
Common Management Interface
Centralized Network Management
13. LIMITATIONS OF AD DS
High maintenance costs
Active Directory is OS dependent
Cost of the infrastructure can be high
It is prone to being hacked
14. CONCLUSION
Some firms today use workgroup network which
makes it difficult to centralize network
management. As a result of this, Active Directory
Domain Service comes handy which includes
storage of directory data and management of
communication between users and domains,
including user authentication and directory
searches.