SlideShare a Scribd company logo

Win2KServer Active Directory

Download as PPT, PDF
Phil Ashman
Phil Ashman

Not sure where I picked up this presentation. It's a little outdated but still has some very valid concepts

Technology
1 of 78
Active Directory Presentation Windows 2000 Server
Breakdown… • What is Active Directory • Structure of Active Directory • Objects • Domains – Trees and Forests • Replication • Security • Kerberos • Trusts
Overview of Active Directory • Active Directory is a directory service, which means it both stores data about your network resources and provides methods of accessing and distributing that data. Directory service that stores data about users and groups, shared folders, and other network resources. • Active Directory lets you centrally manage your network. • Administrative tasks can be performed from a single location.
What Is Active Directory? • Active Directory is an essential and inseparable part of the Windows 2000 network architecture that improves on the domain architecture of the Windows NT 4.0 operating system to provide a directory service designed for distributed networking environments.
• Active Directory lets organizations efficiently share and manage information about network resources and users. • Active Directory acts as the central authority for network security, letting the operating system readily verify a user’s identity and control for his or her access to network resources. • It acts as an integration point for bringing systems together and consolidating management tasks.
How does Active Directory Work? • AD lets organizations store information in a hierarchical, object-oriented fashion, and provides multi-master replication to support distributed network environments.
Single Point of Administration • For all published resources, incl. Files, peripheral devices, host connections, databases, Web access, users, services… • It uses the Internet Domain Name Service (DNS) as its locator service. • No primary domain controller (PDC) or backup domain controller (BDC). Uses domain controllers (DCs). • Allows multiple domains to be connected into a tree structure.
What are the benefits of Active Directory • Simplifies management tasks. • Strengthens network security. • Makes use of existing systems through interoperability.
Simplifies Management • Single place to manage users, groups and network resources, as well as distribute software and manage desktop. – Eliminates redundant management tasks. – Reduces trips to the desktop. – Better maximizes IT resources. – Lowers total cost of ownership (TCO).
• Eliminates redundant management tasks. • Provides a single point of management for Windows user accounts, clients, servers, and applications. • Reduces trips to the desktop. • Automatically distributes software to users based on their role in the company, reducing or eliminating multiple trips that system administrators need to make for software installation and configuration. • Better maximizes IT resources. • Securely delegates administrative functions to all levels of an organization. • Lowers total cost of ownership (TCO). • Simplifies the management and use of file and print services by making network resources easier to find, configure, and use.
Simplifies Management Delegate Management Tasks to Office Admins Company Users Machines Devices Applications Color Printer Marketing Personnel in Building 6 Give ‘Personnel’ Members the Human Resources Application
Strengthens Security • Support for multiple authentication protocols such as Kerberos, X.509 certificates, and smart cards. • Flexible access control model – enables powerful and consistent security services for internal desktop users, remote dial-up users, and external commerce customers. • Improves password security and management. • Ensures desktop functionality. • Speeds e-business deployment. • Tightly controls security.
• Improves password security and management. • Providing single sign-on to network resources with integrated, high powered security services that are transparent to end users. • Ensures desktop functionality. • Locking-down desktop configurations and preventing access to specific client machine operations. Ex: software installations and registry editing. • Speeds e-business deployment. • Built-in support for secure Internet-standard protocols and authentication mechanisms. Ex: Kerberos, public key infrastructure (PKI), lightweight directory access protocol (LDAP). • Tightly controls security. • Setting access control privileges on directory objects and the individual data elements that make them up.
Extends Interoperability • Active Directory provides a set of standard interfaces for application integration and open synchronization mechanisms to ensure that Windows can interoperate with a wide variety of applications and devices.
It Does So By… • Taking advantage of existing investments and ensures flexibility. • Consolidating management of multiple application directories. Using open interfaces, connectors, and synchronization mechanisms. Incl. Novell’s NDS, LDAP, ERP, e-mail… • Allowing organizations to deploy directory-enabled networking. Assign quality of service and allocated network bandwidth to users based on their role in the company. • Allowing organizations to develop and deploy directory-enabled applications.
Interoperability Application: Exchange Policy: Give ‘Personnel’ Mailbox information Access to ‘Change Salary’ Menu options. Company Users Machines Devices Applications Finance Personnel Policy: Give ‘Finance’ more bandwidth at the end of the month.
Active Directory as a Service Provider • Used to locate all network services and information. • Fulfills a wide variety of naming, query, administrative and registration needs. Submit Exchange Mail DNS Mail Client Mail Microsoft.com Recipient referral Lookup Address Book http/shttp Server Admin/ browse Directory Service Replication SQL Server Register Service Credential Security management Query Dynamic Services
Directory Partitions • The data stored within AD is actually broken into three distinct areas called directory partitions. • Each partition records and stores a specific type of information. • The three directory partitions that exists: • Domain Partition • Schema Partition • Configuration Partition
• Domain Partition • Holds data regarding domain-specific objects, including users, groups, and computers. • Schema Partition • Contains data that defines which objects can be created within AD and specifies rules regarding these objects, such as mandatory properties. • Configuration Partition • Contains information about your AD structure, such as domain and DCs that exist.
The Structure of Active Directory • Active Directory is made up of two distinct structures: • The logical structure. • The physical structure. • Design of Active Directory implementation deals with the logical aspects. • Deciding where each component will be on your network deals with the physical aspects.
The Logical Structure • There are five logical components in Active Directory: • Domains • Organization Units (OUs) • Trees • Forests • Global Catalogs (GCs)
Domains • A domain is a security boundary. • Each domain has its own administrators that can be assigned full control over the domain. • Entity which has its own users and groups. • Users can be granted permissions in other domains. • Domains are used for replication purposes. • Can run in one of two modes: • Native (must be running to achieve full functionality) • Mixed
Organizational Units (OUs) • Organizational Units are container objects that are used to organize objects within the directory. • Commonly contain user and group objects. • They can also contain computers and other OUs. • Permissions can be assigned at the OU level both to grant container objects access to other network resources (or to deny them) and to assign specific users administrative privileges. • Administration of objects within an OU can be delegated. • Assign permissions to manage these objects to groups other than domain administrators.
Hierarchical Organization • Active Directory uses objects to represent network resources such as users, groups, machines, devices, and applications. • It uses containers to represent organizations, such as marketing department, or collections of related objects, such as printers. • It organizes information in a hierarchical structure made up of these objects and containers, similar to the way the Windows Operating system uses folders and files to organize information on a computer.
Containers and Objects Company Users Machines Devices Applications Marketing Personnel = Container = Object
Objects in Active Directory • Objects within AD include users, groups, computers, servers, domains, and sites. • Since data is stored as objects, users can search through the directory for objects they wish to access. • Objects also have attributes which a user can use in his/her search. • In order to understand how data is defined within AD, you must be aware of the Schema.
The Schema • The Schema is a definition of all the objects and their attributes. • Since there is a single schema for an entire Windows 2000 forest, you can achieve consistency no matter how large the enterprise. • Two types of definitions can be stored in the schema. 1. Object Classes 2. Attributes
Object Classes • Object classes define the types of objects that can be stored within Active Directory. • Each class consists of a class name and a set of attributes that are associated with the object.
Attributes • Attributes are stored separately within the schema • Allows for further consistency within the database, because a single definition for the “last name” attribute can be used over and over again.
Object-Oriented Storage Company Users Machines Devices Applications Marketing Personnel Name: Bob Jones = Container Email: bob@abc.com = Object Phone: 555-1234 SSN: 456-7
Object-Oriented Storage • In this case, the system administrator has allowed global access to the Bob Jones object, but has locked access of the Social Security Number attribute.
Schema Security • To prevent it from being modified without permissions, each object is secured using Discretionary Access Control Lists (DACLs). • These DACLs ensure that only authorized users are able to access schema.
A little more about Schema • The file schema.ini contains the default schema’s definition, as well as the initial structure for the file ntds.dir (stores directory data). • The %systemroot%ntds directory contains the file schema.ini. • The file is in plain ASCII format.
Trees • Domains are combined to produce a tree. • A hierarchical representation of the Windows 2000 network. • First domain installed is called the root domain and all subsequent domains are installed beneath this root domain. • All domains is a tree share a common schema and GC.
Domain Tree • A domain tree exists when one domain is the child of another domain. • Ex. Root.com – since domains are DNS names. • If the administrator renames a part of the tree, all of the parent’s children are also implicitly renamed. • Ex. ntfaq.com renamed to backoffice.com, the child domain sales.ntfaq.com would change to sales.backoffice.com
Domain Tree Diagram root.com child1.root.com child2.root.com These child domains continue to utilize the same contiguous name (root.com) while branching out with additional naming for organizational gran.child1.root.com purposes. Ex. child1.root.com
Domain Tree Advantages • All members of a tree have Kerberos transitive trusts with the domain’s parent and all the domain’s children. • Transitive trusts also let any user or group in a domain tree obtain access to any object in the tree. • You can use one network logon at any workstation in the domain tree.
Forests • A forest is a collection of trees. • Tree in a forest do not have to share a contiguous namespace. • Must share a common schema and GC. • Forests allows users in two different trees to access resources in a different namespace. • Useful when a company has multiple root DNS addresses.
Forest Diagram Transitive Kerberos Trust Joining the two trees makes a forest root.com ntfaq.com child1.root.com child2.root.com legal.ntfaq.com ads.ntfaq.com gran.child1.root.com banner.ads.ntfaq.com
Benefits of a Forest • All the trees have a common Global Catalog (GC) that contains specific information about every object in the forest. • All the trees contain a common schema. • Performing a search in a forest initiates a deep search of the entire tree in the domain you initiate the request from and uses GC entries for the rest of the forest.
Global Catalogs (GCs) • A GC server is also a DC (Domain Controller). • It contains data about all objects within a forest. • GC contains the permissions list for all the objects, therefore can also grant access. • Stored locally on a DC – reduces network traffic. • Benefit: • To make the logical structure of the Windows 2000 network invisible to the users. • Reduction of network traffic.
Purpose of Global Catalog • Designed for high performance. • Allows users to easily find an object regardless of where it is in the tree – searching using selected attributes. • Attributes contained in a abbreviated catalog. • Technique known as partial replication.
Global Catalog Structure Domain 1 Partial Replicas Domain 2 Full Replicas Domain n The global catalog structure provides access to full and partial replication.
Physical Structure • Used to manage network traffic on the network. • Element that makes up the physical structure: • Domain controllers (DCs)
Domain Controllers (DCs) • A domain controller (DC) is a server on a Windows 2000 network that stores a replica of the Active Directory database. • Its job is to manage access to this data via searches and also accept and make changes to the data. • Replicates changes to all other DCs in the domain. • Manage authentication of users. • Assigning a security token that contains a list of group memberships and permissions to each user.
Replication • Replication ensures that data recorded in one copy is disseminated to all other copies in the domain. • Windows 2000 uses multi-master replication. • Each DC is a master of its copy of AD. • The DC can accept changes and will then propagate them out to other DCs. • Replication – updating information from one DC to another.
The Replication Process • Replication occurs when an update is made to a copy of AD. • Changes such as new user, deletion of an object, or modification to a single property of an object. • AD performs two types of updates: • Originating update – occurs only the first time a change is made to an AD replica. • Replicated update – occurs as a result of this change.
Multi-master Replication • Individual change made in one copy of the directory are automatically replicated to all other appropriate copies of the directory. • Active Directory uses Update Sequence Numbers (USNs). • Anytime a users writes something into an object in the directory, it gets a USN, which is held per computer and incremented any time a change is made. • A change cannot occur without the USN being incremented, therefore changes cannot be lost.
Update Sequence Number (USN) • These are stored in memory, in a table called the up- to-dateness table. • This table has an entry for every DC in the domain, along with the USN number at the time of the last originating update for that DC. • Ex. Entry for server A, changes caused the USN to increment to “130”, entry would be “A-130”. • USNs can be used to prevent unnecessary data being sent across the network. • Replication in AD is pulled only; data is never pushed across the wire.
USN Table • Each DC keeps track of the highest USNs of the DCs it replicates with. • This procedure lets a DC calculate which changes must replicate on a replication cycle. • At the start of a replication cycle, each server checks its USN table and queries the DCs it replicates with for the DCs latest USNs.
USN Table for Server A Domain Domain Domain • Server A queries the DC’s for Controller Controller Controller their current USNs and gets B C D the following information. 54 23 53 • From this information, Server Domain Domain Domain A can calculate the changes it Controller Controller Controller need from each server as B C D follows. 58 23 64 Domain Domain Domain • Server A then queries each Controller Controller Controller DC for the necessary changes. B C D 55-58 None 54-64
Property Version Number • Multiple changes to an object’s property can occur. • Every property has a property version number, which helps detect collisions. • Property version numbers work like USNs. • Each time a property is modified, the property version number increases by one.
Collision • A collision occurs when the property number version numbers are the same for two or more property updates. • In this case, the timestamps helps resolve the conflict. • In the case where the property version numbers and the timestamps match, a binary buffer comparison occurs; the larger buffer size change takes precedence.
Object Security  Security Principal  Security ID (SID)  Security Descriptor  Discretionary Access Control List (DACL)  System Access Control List (SACL)  Access Control Entries (ACEs)  Access Tokens
Security Principal • This is an account to which permissions can be assigned-example, a user, a group, or a computer account. • Ex. • Bob, a member of the Accounting group on a computer with a domain computer account named System01, several security principals are involved that permissions could be applied toward-namely, the user “Bob”, the group “Accounting”, or the computer account “System01”
Security ID (SID) • Every security principal is issued a unique SID that is assigned once to an account and is never reused, even if the object is removed. A numeric value that is assigned automatically when an object is added to the directory. • The SID is a numeric value that is assigned automatically when an object is added to the directory.
Security Descriptor • Defines access control information for that object. • When a user attempts to access an object, the descriptor check its information against the user’s SID and then compares the SID against its access control list (ACL). • There are two types of ACLs: • DACLs • SACLs
Discretionary Access Control List (DACL) • List of access control entries (ACEs) that indicates security levels of Allow Access or Deny Access permissions. • Deny Access entries are placed first in the ACE. • The Deny will prove stronger than all the other options.
System Access Control List (SACL) • This is a list used for auditing object access based upon ACEs that indicates to the object when an account has accessed an object or has attempted to access an object.
Access Control Entries (ACEs) • ACEs are used by DACLs and SACLs. • When used with a DACL, the ACE determines the level of security access upon an object, through 4 types: • Access Denied • Access Allowed • Access Denied Object Specified • Access Allowed Object Specified • When used with a SACL, the ACE determines the level of security based upon: • System Audit • System Audit Object Specific
Access Tokens • When the user logs on, an access token is created and sent by the DC to the user’s machine. • This token is necessary for a user to access any network resource. • The access token is attached to that user and is needed to access any object, to run any application, and to use any system resources.
Access Permissions on AD Objects • The five standard permissions that can be applied to an object are: • Full Control • Write • Read • Create All Child Objects • Delete All Child Objects
• Full Control • Allows the user the ability to view objects and attributes, the owner of the object, and the AD permissions, along with the ability to change any of those settings. • Write • Enables the user to view objects and attributes, the owner of the object, and the AD permissions, also allows the user to change any of those settings. • Read • Enables the user to view objects and attributes, the owner of the object, and the AD permissions. • Create All Child Objects • Enables the user to create additional child objects to the OU (Organizational Unit). • Delete All Child Objects • Enables the user to delete existing objects from an OU.
The Flow of Permissions • The implementation of inheritance is utilized by Windows 2000. • Inheritance is automatic for child objects within parent containers; • Ex. If a parent object has permissions implemented upon it, the child objects beneath will automatically inherit the permissions from above.
The Flow of Inheritance Parent OU  When you create a child Parent object within a parent Permissions: container that holds certain Administrator: Full Control permissions, the child Users: Read object automatically Sales OU Research OU contains the permissions of its parent. Child Child Permissions: Permissions: Administrator: Full Control Administrator: Full Control Users: Read Users: Read
Kerberos v5 • Developed by a team at MIT • Named after the three-headed dog in Greek mythology that guarded the gates of Hades. • There are three sides to Kerberos authentication: • User • Server • Key Distribution Center (KDC)
Like its Greek Counterpart… • User • A client that has a need to access resources off a server. • Server • Offers a service, but only to those that can prove their identity. That proven identity doesn’t guarantee access to the service; it just proves that they even have a right to request a service. • Key Distribution Center (KDC) • An intermediary between the client and the server that provides a way of vouching that the client is really who it says it is.
Kerberos Trust The trust relationships that connect members of a tree or forest are two-way, transitive Kerberos trusts. Thus, all the domains in a tree implicitly trust all the other domains in the tree or forest. DC DC DC
• Kerberos is Windows 2000’s primary security protocol. • Verifies a user’s identity and a session’s integrity. • Each DC (Domain Controller) has Kerberos services on it and every Windows 2000 workstation has a Kerberos client.
A Kerberos Transaction 1. A user logs on to the domain by supplying a username, a password, and a domain choice. Kerberos steps in and checks the info. Against the DC’s KDC database to verify that it knows the user. 2. If the user is valid, the user is provided a ticket- granting ticket (TGT). This means the user is preauthorized to access other resources on the domain. • In future transactions, the client doesn’t have to re-authenticate; rather, it presents the TGT to the KDC. This speeds up the process.
1. If a client wants to access a server—for example, the internal mail server in order to obtain his/her email—he/she can now present that TGT to the KDC ticket-granting server (TGS). This server will give the client another ticket which although doesn’t grant permission to the mail server, rather, it authenticates the client to the mail server. 2. The email server checks to see if you have permission to read the mail. If so, the client will receive the mail.
The Four Steps of Kerberos KDC Print Server 3 4 2 1 KDC Client
Trusts • Trusts allow the domains to work with the user accounts from other domain in such a way that people in one domain can share resources with others. • The transitive concept enables smoother functionality. • Transitive means “by extension” • Under Win2000, the trust is automation between parents and children, and transitive between every other domain in the tree.
Transitive Trusts • Transitive trusts allow users in all connected domains to be validated as domain users. • Permissions are not transitive.
Two-way Transitive Trusts • If child domain a.corp.com trusts corp.com and corp.com trusts b.corp.com, then a.corp.com automatically trusts b.corp.com. corp.com a.corp.com b.corp.com
Few Points About Transitive Trusts  They are two-way agreements that are automatically created.  They exist between child domains and parents or the root domains of a forest.  The trusts are transitive because the trees and forests with connecting trusts make information available with no further trust configuration issues.  After trusts are established, permissions must be granted to an individual or group to allow them to access resources.
Summary of Features and Benefits • Support for open standards to facilitate cross- platform directory services, incl. DNS and standard protocols – LDAP. • Support for standard name formats to ensure ease of migration. • Fast lookup via the global catalog. • Multi-master replication. • Backward compatibility. • Interoperability with NetWare environments.
Installation of Active Directory • Installed using ‘dcpromo.exe’, which can be executed from the ‘Run’ dialog box. • ‘dcpromo.exe’ resides on the Windows 2000 partition. • ‘dcpromo.exe’ is an Active Directory installation wizard, which guides the user in a step by step installation. • Installation of Active Directory requires both a FAT and a NTFS partition.

Recommended

IRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET Journal
 
Who Will Win the Database Wars?
Who Will Win the Database Wars?Who Will Win the Database Wars?
Who Will Win the Database Wars?Christopher Foot
 
Cloud's Hidden Impact on IT Support Organizations
Cloud's Hidden Impact on IT Support OrganizationsCloud's Hidden Impact on IT Support Organizations
Cloud's Hidden Impact on IT Support OrganizationsChristopher Foot
 
354 ch1
354 ch1354 ch1
354 ch1Amanda Winona Batayola
 
Building a Hybrid Platform as a Service
Building a Hybrid Platform as a ServiceBuilding a Hybrid Platform as a Service
Building a Hybrid Platform as a ServiceWSO2
 
Documentum introduction
Documentum introductionDocumentum introduction
Documentum introductionotnawrup
 
EMC Documentum & Captiva
EMC Documentum & CaptivaEMC Documentum & Captiva
EMC Documentum & CaptivaITDogadjaji.com
 
Data in your SOA: From SQL to NoSQL and Beyond
Data in your SOA: From SQL to NoSQL and BeyondData in your SOA: From SQL to NoSQL and Beyond
Data in your SOA: From SQL to NoSQL and BeyondWSO2
 

Recommended

IRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET Journal
 
Who Will Win the Database Wars?
Who Will Win the Database Wars?Who Will Win the Database Wars?
Who Will Win the Database Wars?Christopher Foot
 
Cloud's Hidden Impact on IT Support Organizations
Cloud's Hidden Impact on IT Support OrganizationsCloud's Hidden Impact on IT Support Organizations
Cloud's Hidden Impact on IT Support OrganizationsChristopher Foot
 
354 ch1
354 ch1354 ch1
354 ch1Amanda Winona Batayola
 
Building a Hybrid Platform as a Service
Building a Hybrid Platform as a ServiceBuilding a Hybrid Platform as a Service
Building a Hybrid Platform as a ServiceWSO2
 
Documentum introduction
Documentum introductionDocumentum introduction
Documentum introductionotnawrup
 
EMC Documentum & Captiva
EMC Documentum & CaptivaEMC Documentum & Captiva
EMC Documentum & CaptivaITDogadjaji.com
 
Data in your SOA: From SQL to NoSQL and Beyond
Data in your SOA: From SQL to NoSQL and BeyondData in your SOA: From SQL to NoSQL and Beyond
Data in your SOA: From SQL to NoSQL and BeyondWSO2
 
zahidCvFinal(Updated Jan 17)-2
zahidCvFinal(Updated Jan 17)-2zahidCvFinal(Updated Jan 17)-2
zahidCvFinal(Updated Jan 17)-2Zahid Ayub
 
Relational
RelationalRelational
Relationaldieover
 
Migrating to office 365
Migrating to office 365Migrating to office 365
Migrating to office 365Alan Richards
 
A Crash Course in SQL Server Administration for Reluctant Database Administra...
A Crash Course in SQL Server Administration for Reluctant Database Administra...A Crash Course in SQL Server Administration for Reluctant Database Administra...
A Crash Course in SQL Server Administration for Reluctant Database Administra...Chad Petrovay
 
BanDADE
BanDADEBanDADE
BanDADEcerverojj
 
sdonellan2016
sdonellan2016sdonellan2016
sdonellan2016Steven Donellan
 
Choosing an IdM User Store technology
Choosing an IdM User Store technologyChoosing an IdM User Store technology
Choosing an IdM User Store technologyMichael J Geiser
 
Active Directory 2008 R2 Updates
Active Directory 2008 R2 UpdatesActive Directory 2008 R2 Updates
Active Directory 2008 R2 UpdatesAmit Gatenyo
 
Windows Server 2012 R2: Your Path to the Modern Business
Windows Server 2012 R2: Your Path to the Modern BusinessWindows Server 2012 R2: Your Path to the Modern Business
Windows Server 2012 R2: Your Path to the Modern BusinessUnited Technology Group (UTG)
 
Windows Server 2008 Active Directory Components
Windows Server 2008 Active Directory ComponentsWindows Server 2008 Active Directory Components
Windows Server 2008 Active Directory ComponentsTũi Wichets
 
Thinkfree Office Live Introduction Material En
Thinkfree Office Live Introduction Material EnThinkfree Office Live Introduction Material En
Thinkfree Office Live Introduction Material EnBenedict Ji
 
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...C/D/H Technology Consultants
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Michael Noel
 
GWAVACon - Migration into Office 365 Cloud
GWAVACon - Migration into Office 365 CloudGWAVACon - Migration into Office 365 Cloud
GWAVACon - Migration into Office 365 CloudGWAVA
 
Enterprise Manager DBaaS
Enterprise Manager DBaaSEnterprise Manager DBaaS
Enterprise Manager DBaaSomnidba
 
Sql server2008 r2_mds_datasheet
Sql server2008 r2_mds_datasheetSql server2008 r2_mds_datasheet
Sql server2008 r2_mds_datasheetKlaudiia Jacome
 
Rl net scaler-ha&dr_xendesktop_set2012
Rl net scaler-ha&dr_xendesktop_set2012Rl net scaler-ha&dr_xendesktop_set2012
Rl net scaler-ha&dr_xendesktop_set2012Rui Lopes
 
Best Practices for Securing Active Directory v2.0
Best Practices for Securing Active Directory v2.0Best Practices for Securing Active Directory v2.0
Best Practices for Securing Active Directory v2.0Danny Wong
 
Best practices When Migrating to Office 365
Best practices When Migrating to Office 365Best practices When Migrating to Office 365
Best practices When Migrating to Office 365Perficient, Inc.
 
Windows server 2003_r2
Windows server 2003_r2Windows server 2003_r2
Windows server 2003_r2tameemyousaf
 
Dns
DnsDns
Dnsdeshvikas
 
Active directory interview_questions
Active directory interview_questionsActive directory interview_questions
Active directory interview_questionssubhashmr
 

More Related Content

What's hot

zahidCvFinal(Updated Jan 17)-2
zahidCvFinal(Updated Jan 17)-2zahidCvFinal(Updated Jan 17)-2
zahidCvFinal(Updated Jan 17)-2Zahid Ayub
 
Relational
RelationalRelational
Relationaldieover
 
Migrating to office 365
Migrating to office 365Migrating to office 365
Migrating to office 365Alan Richards
 
A Crash Course in SQL Server Administration for Reluctant Database Administra...
A Crash Course in SQL Server Administration for Reluctant Database Administra...A Crash Course in SQL Server Administration for Reluctant Database Administra...
A Crash Course in SQL Server Administration for Reluctant Database Administra...Chad Petrovay
 
Choosing an IdM User Store technology
Choosing an IdM User Store technologyChoosing an IdM User Store technology
Choosing an IdM User Store technologyMichael J Geiser
 
Active Directory 2008 R2 Updates
Active Directory 2008 R2 UpdatesActive Directory 2008 R2 Updates
Active Directory 2008 R2 UpdatesAmit Gatenyo
 
Windows Server 2012 R2: Your Path to the Modern Business
Windows Server 2012 R2: Your Path to the Modern BusinessWindows Server 2012 R2: Your Path to the Modern Business
Windows Server 2012 R2: Your Path to the Modern BusinessUnited Technology Group (UTG)
 
Windows Server 2008 Active Directory Components
Windows Server 2008 Active Directory ComponentsWindows Server 2008 Active Directory Components
Windows Server 2008 Active Directory ComponentsTũi Wichets
 
Thinkfree Office Live Introduction Material En
Thinkfree Office Live Introduction Material EnThinkfree Office Live Introduction Material En
Thinkfree Office Live Introduction Material EnBenedict Ji
 
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...C/D/H Technology Consultants
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Michael Noel
 
GWAVACon - Migration into Office 365 Cloud
GWAVACon - Migration into Office 365 CloudGWAVACon - Migration into Office 365 Cloud
GWAVACon - Migration into Office 365 CloudGWAVA
 
Enterprise Manager DBaaS
Enterprise Manager DBaaSEnterprise Manager DBaaS
Enterprise Manager DBaaSomnidba
 
Sql server2008 r2_mds_datasheet
Sql server2008 r2_mds_datasheetSql server2008 r2_mds_datasheet
Sql server2008 r2_mds_datasheetKlaudiia Jacome
 
Rl net scaler-ha&dr_xendesktop_set2012
Rl net scaler-ha&dr_xendesktop_set2012Rl net scaler-ha&dr_xendesktop_set2012
Rl net scaler-ha&dr_xendesktop_set2012Rui Lopes
 
Best Practices for Securing Active Directory v2.0
Best Practices for Securing Active Directory v2.0Best Practices for Securing Active Directory v2.0
Best Practices for Securing Active Directory v2.0Danny Wong
 
Best practices When Migrating to Office 365
Best practices When Migrating to Office 365Best practices When Migrating to Office 365
Best practices When Migrating to Office 365Perficient, Inc.
 

What's hot (19)

zahidCvFinal(Updated Jan 17)-2
zahidCvFinal(Updated Jan 17)-2zahidCvFinal(Updated Jan 17)-2
zahidCvFinal(Updated Jan 17)-2
 
Relational
RelationalRelational
Relational
 
Migrating to office 365
Migrating to office 365Migrating to office 365
Migrating to office 365
 
A Crash Course in SQL Server Administration for Reluctant Database Administra...
A Crash Course in SQL Server Administration for Reluctant Database Administra...A Crash Course in SQL Server Administration for Reluctant Database Administra...
A Crash Course in SQL Server Administration for Reluctant Database Administra...
 
BanDADE
BanDADEBanDADE
BanDADE
 
sdonellan2016
sdonellan2016sdonellan2016
sdonellan2016
 
Choosing an IdM User Store technology
Choosing an IdM User Store technologyChoosing an IdM User Store technology
Choosing an IdM User Store technology
 
Active Directory 2008 R2 Updates
Active Directory 2008 R2 UpdatesActive Directory 2008 R2 Updates
Active Directory 2008 R2 Updates
 
Windows Server 2012 R2: Your Path to the Modern Business
Windows Server 2012 R2: Your Path to the Modern BusinessWindows Server 2012 R2: Your Path to the Modern Business
Windows Server 2012 R2: Your Path to the Modern Business
 
Windows Server 2008 Active Directory Components
Windows Server 2008 Active Directory ComponentsWindows Server 2008 Active Directory Components
Windows Server 2008 Active Directory Components
 
Thinkfree Office Live Introduction Material En
Thinkfree Office Live Introduction Material EnThinkfree Office Live Introduction Material En
Thinkfree Office Live Introduction Material En
 
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
Today's Unified Communications: To upgrade, coexist, or go 'all in' with the ...
 
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
 
GWAVACon - Migration into Office 365 Cloud
GWAVACon - Migration into Office 365 CloudGWAVACon - Migration into Office 365 Cloud
GWAVACon - Migration into Office 365 Cloud
 
Enterprise Manager DBaaS
Enterprise Manager DBaaSEnterprise Manager DBaaS
Enterprise Manager DBaaS
 
Sql server2008 r2_mds_datasheet
Sql server2008 r2_mds_datasheetSql server2008 r2_mds_datasheet
Sql server2008 r2_mds_datasheet
 
Rl net scaler-ha&dr_xendesktop_set2012
Rl net scaler-ha&dr_xendesktop_set2012Rl net scaler-ha&dr_xendesktop_set2012
Rl net scaler-ha&dr_xendesktop_set2012
 
Best Practices for Securing Active Directory v2.0
Best Practices for Securing Active Directory v2.0Best Practices for Securing Active Directory v2.0
Best Practices for Securing Active Directory v2.0
 
Best practices When Migrating to Office 365
Best practices When Migrating to Office 365Best practices When Migrating to Office 365
Best practices When Migrating to Office 365
 

Viewers also liked

Windows server 2003_r2
Windows server 2003_r2Windows server 2003_r2
Windows server 2003_r2tameemyousaf
 
Active directory interview_questions
Active directory interview_questionsActive directory interview_questions
Active directory interview_questionssubhashmr
 
Dhcp server in Windows Server 2003
Dhcp server in Windows Server 2003Dhcp server in Windows Server 2003
Dhcp server in Windows Server 2003Arief Fadilla
 
Windows Server 2012 Active Directory Domain and Trust (Forest Trust)
Windows Server 2012 Active Directory Domain and Trust (Forest Trust)Windows Server 2012 Active Directory Domain and Trust (Forest Trust)
Windows Server 2012 Active Directory Domain and Trust (Forest Trust)Serhad MAKBULOĞLU, MBA
 
Installation of Active Directory on Windows 2000 Server
Installation of Active Directory on Windows 2000 ServerInstallation of Active Directory on Windows 2000 Server
Installation of Active Directory on Windows 2000 Server► Supreme Mandal ◄
 
Windows Server 2003 --> Windows Server 2012 Active Directory Migration
Windows Server 2003 --> Windows Server 2012 Active Directory Migration Windows Server 2003 --> Windows Server 2012 Active Directory Migration
Windows Server 2003 --> Windows Server 2012 Active Directory Migration Serhad MAKBULOĞLU, MBA
 
Chapter10 Server Administration
Chapter10 Server AdministrationChapter10 Server Administration
Chapter10 Server AdministrationRaja Waseem Akhtar
 
Windows Server 2003 Administration
Windows Server 2003 AdministrationWindows Server 2003 Administration
Windows Server 2003 AdministrationLearnItFirst.com
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directorythoms1i
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
Windows Server 2008 Active Directory
Windows Server 2008 Active DirectoryWindows Server 2008 Active Directory
Windows Server 2008 Active Directoryanilinvns
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewAlexander Schek
 

Viewers also liked (16)

Windows server 2003_r2
Windows server 2003_r2Windows server 2003_r2
Windows server 2003_r2
 
Dns
DnsDns
Dns
 
Active directory interview_questions
Active directory interview_questionsActive directory interview_questions
Active directory interview_questions
 
Dhcp server in Windows Server 2003
Dhcp server in Windows Server 2003Dhcp server in Windows Server 2003
Dhcp server in Windows Server 2003
 
Windows Server 2012 Active Directory Domain and Trust (Forest Trust)
Windows Server 2012 Active Directory Domain and Trust (Forest Trust)Windows Server 2012 Active Directory Domain and Trust (Forest Trust)
Windows Server 2012 Active Directory Domain and Trust (Forest Trust)
 
Installation of Active Directory on Windows 2000 Server
Installation of Active Directory on Windows 2000 ServerInstallation of Active Directory on Windows 2000 Server
Installation of Active Directory on Windows 2000 Server
 
Windows Server 2003 --> Windows Server 2012 Active Directory Migration
Windows Server 2003 --> Windows Server 2012 Active Directory Migration Windows Server 2003 --> Windows Server 2012 Active Directory Migration
Windows Server 2003 --> Windows Server 2012 Active Directory Migration
 
Chapter10 Server Administration
Chapter10 Server AdministrationChapter10 Server Administration
Chapter10 Server Administration
 
Windows Server 2003 Administration
Windows Server 2003 AdministrationWindows Server 2003 Administration
Windows Server 2003 Administration
 
Dhcp
DhcpDhcp
Dhcp
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directory
 
Windows Server 2008 Active Directory
Windows Server 2008 Active DirectoryWindows Server 2008 Active Directory
Windows Server 2008 Active Directory
 
Windows Server 2008 R2 Overview
Windows Server 2008 R2 OverviewWindows Server 2008 R2 Overview
Windows Server 2008 R2 Overview
 
Active Directory
Active Directory Active Directory
Active Directory
 
Active Directory Training
Active Directory TrainingActive Directory Training
Active Directory Training
 

Similar to Win2KServer Active Directory

Active Directoryptx sunday.pptx
Active Directoryptx sunday.pptxActive Directoryptx sunday.pptx
Active Directoryptx sunday.pptxUtPearls
 
17 roles of window server 2008 r2
17 roles of window server 2008 r217 roles of window server 2008 r2
17 roles of window server 2008 r2IGZ Software house
 
Active-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxActive-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxJavedAjmal1
 
Active-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxActive-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxMeriemBalhaddad
 
Cloud for share point
Cloud for share pointCloud for share point
Cloud for share pointRick Taylor
 
Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptxsyedasadraza13
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersTobias Koprowski
 
Server its functions and types.pptx
Server its functions and types.pptxServer its functions and types.pptx
Server its functions and types.pptxDrIrfanulHaqAkhoon
 
02-Active Directory Domain Services.pptx
02-Active Directory Domain Services.pptx02-Active Directory Domain Services.pptx
02-Active Directory Domain Services.pptxAdiWidyanto2
 
Directory Services Nma Unit-1
Directory Services Nma Unit-1Directory Services Nma Unit-1
Directory Services Nma Unit-1GPAPassedStudents
 
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxAD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxSumTingWong8
 
Introduction to System and network administrations
Introduction to System and network administrationsIntroduction to System and network administrations
Introduction to System and network administrationsgirmayou1
 
Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People SPC Adriatics
 
Lecture 11 active directory
Lecture 11 active directoryLecture 11 active directory
Lecture 11 active directoryTanveer Malik
 
Active directory and application
Active directory and applicationActive directory and application
Active directory and applicationaminpathan11
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directoryrwgorrel
 

Similar to Win2KServer Active Directory (20)

Active directoryfinal
Active directoryfinalActive directoryfinal
Active directoryfinal
 
Active Directoryptx sunday.pptx
Active Directoryptx sunday.pptxActive Directoryptx sunday.pptx
Active Directoryptx sunday.pptx
 
17 roles of window server 2008 r2
17 roles of window server 2008 r217 roles of window server 2008 r2
17 roles of window server 2008 r2
 
Active-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxActive-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptx
 
Active-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptxActive-Directory-Domain-Services.pptx
Active-Directory-Domain-Services.pptx
 
Cloud for share point
Cloud for share pointCloud for share point
Cloud for share point
 
Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptx
 
KoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginnersKoprowskiT_session1_SDNEvent_WASDforBeginners
KoprowskiT_session1_SDNEvent_WASDforBeginners
 
04232015094601
0423201509460104232015094601
04232015094601
 
Server its functions and types.pptx
Server its functions and types.pptxServer its functions and types.pptx
Server its functions and types.pptx
 
Dell active roles
Dell active roles Dell active roles
Dell active roles
 
02-Active Directory Domain Services.pptx
02-Active Directory Domain Services.pptx02-Active Directory Domain Services.pptx
02-Active Directory Domain Services.pptx
 
Directory Services Nma Unit-1
Directory Services Nma Unit-1Directory Services Nma Unit-1
Directory Services Nma Unit-1
 
Null talk
Null talkNull talk
Null talk
 
AD Basic and Azure AD.pptx
AD Basic and Azure AD.pptxAD Basic and Azure AD.pptx
AD Basic and Azure AD.pptx
 
Introduction to System and network administrations
Introduction to System and network administrationsIntroduction to System and network administrations
Introduction to System and network administrations
 
Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People Demystifying SharePoint Infrastructure – for NON-IT People
Demystifying SharePoint Infrastructure – for NON-IT People
 
Lecture 11 active directory
Lecture 11 active directoryLecture 11 active directory
Lecture 11 active directory
 
Active directory and application
Active directory and applicationActive directory and application
Active directory and application
 
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise DirectoryCause 2013: A Flexible Approach to Creating an Enterprise Directory
Cause 2013: A Flexible Approach to Creating an Enterprise Directory
 

Recently uploaded

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Recently uploaded (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Win2KServer Active Directory

  • 1. Active Directory Presentation Windows 2000 Server
  • 2. Breakdown… • What is Active Directory • Structure of Active Directory • Objects • Domains – Trees and Forests • Replication • Security • Kerberos • Trusts
  • 3. Overview of Active Directory • Active Directory is a directory service, which means it both stores data about your network resources and provides methods of accessing and distributing that data. Directory service that stores data about users and groups, shared folders, and other network resources. • Active Directory lets you centrally manage your network. • Administrative tasks can be performed from a single location.
  • 4. What Is Active Directory? • Active Directory is an essential and inseparable part of the Windows 2000 network architecture that improves on the domain architecture of the Windows NT 4.0 operating system to provide a directory service designed for distributed networking environments.
  • 5. • Active Directory lets organizations efficiently share and manage information about network resources and users. • Active Directory acts as the central authority for network security, letting the operating system readily verify a user’s identity and control for his or her access to network resources. • It acts as an integration point for bringing systems together and consolidating management tasks.
  • 6. How does Active Directory Work? • AD lets organizations store information in a hierarchical, object-oriented fashion, and provides multi-master replication to support distributed network environments.
  • 7. Single Point of Administration • For all published resources, incl. Files, peripheral devices, host connections, databases, Web access, users, services… • It uses the Internet Domain Name Service (DNS) as its locator service. • No primary domain controller (PDC) or backup domain controller (BDC). Uses domain controllers (DCs). • Allows multiple domains to be connected into a tree structure.
  • 8. What are the benefits of Active Directory • Simplifies management tasks. • Strengthens network security. • Makes use of existing systems through interoperability.
  • 9. Simplifies Management • Single place to manage users, groups and network resources, as well as distribute software and manage desktop. – Eliminates redundant management tasks. – Reduces trips to the desktop. – Better maximizes IT resources. – Lowers total cost of ownership (TCO).
  • 10. • Eliminates redundant management tasks. • Provides a single point of management for Windows user accounts, clients, servers, and applications. • Reduces trips to the desktop. • Automatically distributes software to users based on their role in the company, reducing or eliminating multiple trips that system administrators need to make for software installation and configuration. • Better maximizes IT resources. • Securely delegates administrative functions to all levels of an organization. • Lowers total cost of ownership (TCO). • Simplifies the management and use of file and print services by making network resources easier to find, configure, and use.
  • 11. Simplifies Management Delegate Management Tasks to Office Admins Company Users Machines Devices Applications Color Printer Marketing Personnel in Building 6 Give ‘Personnel’ Members the Human Resources Application
  • 12. Strengthens Security • Support for multiple authentication protocols such as Kerberos, X.509 certificates, and smart cards. • Flexible access control model – enables powerful and consistent security services for internal desktop users, remote dial-up users, and external commerce customers. • Improves password security and management. • Ensures desktop functionality. • Speeds e-business deployment. • Tightly controls security.
  • 13. • Improves password security and management. • Providing single sign-on to network resources with integrated, high powered security services that are transparent to end users. • Ensures desktop functionality. • Locking-down desktop configurations and preventing access to specific client machine operations. Ex: software installations and registry editing. • Speeds e-business deployment. • Built-in support for secure Internet-standard protocols and authentication mechanisms. Ex: Kerberos, public key infrastructure (PKI), lightweight directory access protocol (LDAP). • Tightly controls security. • Setting access control privileges on directory objects and the individual data elements that make them up.
  • 14. Extends Interoperability • Active Directory provides a set of standard interfaces for application integration and open synchronization mechanisms to ensure that Windows can interoperate with a wide variety of applications and devices.
  • 15. It Does So By… • Taking advantage of existing investments and ensures flexibility. • Consolidating management of multiple application directories. Using open interfaces, connectors, and synchronization mechanisms. Incl. Novell’s NDS, LDAP, ERP, e-mail… • Allowing organizations to deploy directory-enabled networking. Assign quality of service and allocated network bandwidth to users based on their role in the company. • Allowing organizations to develop and deploy directory-enabled applications.
  • 16. Interoperability Application: Exchange Policy: Give ‘Personnel’ Mailbox information Access to ‘Change Salary’ Menu options. Company Users Machines Devices Applications Finance Personnel Policy: Give ‘Finance’ more bandwidth at the end of the month.
  • 17. Active Directory as a Service Provider • Used to locate all network services and information. • Fulfills a wide variety of naming, query, administrative and registration needs. Submit Exchange Mail DNS Mail Client Mail Microsoft.com Recipient referral Lookup Address Book http/shttp Server Admin/ browse Directory Service Replication SQL Server Register Service Credential Security management Query Dynamic Services
  • 18. Directory Partitions • The data stored within AD is actually broken into three distinct areas called directory partitions. • Each partition records and stores a specific type of information. • The three directory partitions that exists: • Domain Partition • Schema Partition • Configuration Partition
  • 19. • Domain Partition • Holds data regarding domain-specific objects, including users, groups, and computers. • Schema Partition • Contains data that defines which objects can be created within AD and specifies rules regarding these objects, such as mandatory properties. • Configuration Partition • Contains information about your AD structure, such as domain and DCs that exist.
  • 20. The Structure of Active Directory • Active Directory is made up of two distinct structures: • The logical structure. • The physical structure. • Design of Active Directory implementation deals with the logical aspects. • Deciding where each component will be on your network deals with the physical aspects.
  • 21. The Logical Structure • There are five logical components in Active Directory: • Domains • Organization Units (OUs) • Trees • Forests • Global Catalogs (GCs)
  • 22. Domains • A domain is a security boundary. • Each domain has its own administrators that can be assigned full control over the domain. • Entity which has its own users and groups. • Users can be granted permissions in other domains. • Domains are used for replication purposes. • Can run in one of two modes: • Native (must be running to achieve full functionality) • Mixed
  • 23. Organizational Units (OUs) • Organizational Units are container objects that are used to organize objects within the directory. • Commonly contain user and group objects. • They can also contain computers and other OUs. • Permissions can be assigned at the OU level both to grant container objects access to other network resources (or to deny them) and to assign specific users administrative privileges. • Administration of objects within an OU can be delegated. • Assign permissions to manage these objects to groups other than domain administrators.
  • 24. Hierarchical Organization • Active Directory uses objects to represent network resources such as users, groups, machines, devices, and applications. • It uses containers to represent organizations, such as marketing department, or collections of related objects, such as printers. • It organizes information in a hierarchical structure made up of these objects and containers, similar to the way the Windows Operating system uses folders and files to organize information on a computer.
  • 25. Containers and Objects Company Users Machines Devices Applications Marketing Personnel = Container = Object
  • 26. Objects in Active Directory • Objects within AD include users, groups, computers, servers, domains, and sites. • Since data is stored as objects, users can search through the directory for objects they wish to access. • Objects also have attributes which a user can use in his/her search. • In order to understand how data is defined within AD, you must be aware of the Schema.
  • 27. The Schema • The Schema is a definition of all the objects and their attributes. • Since there is a single schema for an entire Windows 2000 forest, you can achieve consistency no matter how large the enterprise. • Two types of definitions can be stored in the schema. 1. Object Classes 2. Attributes
  • 28. Object Classes • Object classes define the types of objects that can be stored within Active Directory. • Each class consists of a class name and a set of attributes that are associated with the object.
  • 29. Attributes • Attributes are stored separately within the schema • Allows for further consistency within the database, because a single definition for the “last name” attribute can be used over and over again.
  • 30. Object-Oriented Storage Company Users Machines Devices Applications Marketing Personnel Name: Bob Jones = Container Email: bob@abc.com = Object Phone: 555-1234 SSN: 456-7
  • 31. Object-Oriented Storage • In this case, the system administrator has allowed global access to the Bob Jones object, but has locked access of the Social Security Number attribute.
  • 32. Schema Security • To prevent it from being modified without permissions, each object is secured using Discretionary Access Control Lists (DACLs). • These DACLs ensure that only authorized users are able to access schema.
  • 33. A little more about Schema • The file schema.ini contains the default schema’s definition, as well as the initial structure for the file ntds.dir (stores directory data). • The %systemroot%ntds directory contains the file schema.ini. • The file is in plain ASCII format.
  • 34. Trees • Domains are combined to produce a tree. • A hierarchical representation of the Windows 2000 network. • First domain installed is called the root domain and all subsequent domains are installed beneath this root domain. • All domains is a tree share a common schema and GC.
  • 35. Domain Tree • A domain tree exists when one domain is the child of another domain. • Ex. Root.com – since domains are DNS names. • If the administrator renames a part of the tree, all of the parent’s children are also implicitly renamed. • Ex. ntfaq.com renamed to backoffice.com, the child domain sales.ntfaq.com would change to sales.backoffice.com
  • 36. Domain Tree Diagram root.com child1.root.com child2.root.com These child domains continue to utilize the same contiguous name (root.com) while branching out with additional naming for organizational gran.child1.root.com purposes. Ex. child1.root.com
  • 37. Domain Tree Advantages • All members of a tree have Kerberos transitive trusts with the domain’s parent and all the domain’s children. • Transitive trusts also let any user or group in a domain tree obtain access to any object in the tree. • You can use one network logon at any workstation in the domain tree.
  • 38. Forests • A forest is a collection of trees. • Tree in a forest do not have to share a contiguous namespace. • Must share a common schema and GC. • Forests allows users in two different trees to access resources in a different namespace. • Useful when a company has multiple root DNS addresses.
  • 39. Forest Diagram Transitive Kerberos Trust Joining the two trees makes a forest root.com ntfaq.com child1.root.com child2.root.com legal.ntfaq.com ads.ntfaq.com gran.child1.root.com banner.ads.ntfaq.com
  • 40. Benefits of a Forest • All the trees have a common Global Catalog (GC) that contains specific information about every object in the forest. • All the trees contain a common schema. • Performing a search in a forest initiates a deep search of the entire tree in the domain you initiate the request from and uses GC entries for the rest of the forest.
  • 41. Global Catalogs (GCs) • A GC server is also a DC (Domain Controller). • It contains data about all objects within a forest. • GC contains the permissions list for all the objects, therefore can also grant access. • Stored locally on a DC – reduces network traffic. • Benefit: • To make the logical structure of the Windows 2000 network invisible to the users. • Reduction of network traffic.
  • 42. Purpose of Global Catalog • Designed for high performance. • Allows users to easily find an object regardless of where it is in the tree – searching using selected attributes. • Attributes contained in a abbreviated catalog. • Technique known as partial replication.
  • 43. Global Catalog Structure Domain 1 Partial Replicas Domain 2 Full Replicas Domain n The global catalog structure provides access to full and partial replication.
  • 44. Physical Structure • Used to manage network traffic on the network. • Element that makes up the physical structure: • Domain controllers (DCs)
  • 45. Domain Controllers (DCs) • A domain controller (DC) is a server on a Windows 2000 network that stores a replica of the Active Directory database. • Its job is to manage access to this data via searches and also accept and make changes to the data. • Replicates changes to all other DCs in the domain. • Manage authentication of users. • Assigning a security token that contains a list of group memberships and permissions to each user.
  • 46. Replication • Replication ensures that data recorded in one copy is disseminated to all other copies in the domain. • Windows 2000 uses multi-master replication. • Each DC is a master of its copy of AD. • The DC can accept changes and will then propagate them out to other DCs. • Replication – updating information from one DC to another.
  • 47. The Replication Process • Replication occurs when an update is made to a copy of AD. • Changes such as new user, deletion of an object, or modification to a single property of an object. • AD performs two types of updates: • Originating update – occurs only the first time a change is made to an AD replica. • Replicated update – occurs as a result of this change.
  • 48. Multi-master Replication • Individual change made in one copy of the directory are automatically replicated to all other appropriate copies of the directory. • Active Directory uses Update Sequence Numbers (USNs). • Anytime a users writes something into an object in the directory, it gets a USN, which is held per computer and incremented any time a change is made. • A change cannot occur without the USN being incremented, therefore changes cannot be lost.
  • 49. Update Sequence Number (USN) • These are stored in memory, in a table called the up- to-dateness table. • This table has an entry for every DC in the domain, along with the USN number at the time of the last originating update for that DC. • Ex. Entry for server A, changes caused the USN to increment to “130”, entry would be “A-130”. • USNs can be used to prevent unnecessary data being sent across the network. • Replication in AD is pulled only; data is never pushed across the wire.
  • 50. USN Table • Each DC keeps track of the highest USNs of the DCs it replicates with. • This procedure lets a DC calculate which changes must replicate on a replication cycle. • At the start of a replication cycle, each server checks its USN table and queries the DCs it replicates with for the DCs latest USNs.
  • 51. USN Table for Server A Domain Domain Domain • Server A queries the DC’s for Controller Controller Controller their current USNs and gets B C D the following information. 54 23 53 • From this information, Server Domain Domain Domain A can calculate the changes it Controller Controller Controller need from each server as B C D follows. 58 23 64 Domain Domain Domain • Server A then queries each Controller Controller Controller DC for the necessary changes. B C D 55-58 None 54-64
  • 52. Property Version Number • Multiple changes to an object’s property can occur. • Every property has a property version number, which helps detect collisions. • Property version numbers work like USNs. • Each time a property is modified, the property version number increases by one.
  • 53. Collision • A collision occurs when the property number version numbers are the same for two or more property updates. • In this case, the timestamps helps resolve the conflict. • In the case where the property version numbers and the timestamps match, a binary buffer comparison occurs; the larger buffer size change takes precedence.
  • 54. Object Security  Security Principal  Security ID (SID)  Security Descriptor  Discretionary Access Control List (DACL)  System Access Control List (SACL)  Access Control Entries (ACEs)  Access Tokens
  • 55. Security Principal • This is an account to which permissions can be assigned-example, a user, a group, or a computer account. • Ex. • Bob, a member of the Accounting group on a computer with a domain computer account named System01, several security principals are involved that permissions could be applied toward-namely, the user “Bob”, the group “Accounting”, or the computer account “System01”
  • 56. Security ID (SID) • Every security principal is issued a unique SID that is assigned once to an account and is never reused, even if the object is removed. A numeric value that is assigned automatically when an object is added to the directory. • The SID is a numeric value that is assigned automatically when an object is added to the directory.
  • 57. Security Descriptor • Defines access control information for that object. • When a user attempts to access an object, the descriptor check its information against the user’s SID and then compares the SID against its access control list (ACL). • There are two types of ACLs: • DACLs • SACLs
  • 58. Discretionary Access Control List (DACL) • List of access control entries (ACEs) that indicates security levels of Allow Access or Deny Access permissions. • Deny Access entries are placed first in the ACE. • The Deny will prove stronger than all the other options.
  • 59. System Access Control List (SACL) • This is a list used for auditing object access based upon ACEs that indicates to the object when an account has accessed an object or has attempted to access an object.
  • 60. Access Control Entries (ACEs) • ACEs are used by DACLs and SACLs. • When used with a DACL, the ACE determines the level of security access upon an object, through 4 types: • Access Denied • Access Allowed • Access Denied Object Specified • Access Allowed Object Specified • When used with a SACL, the ACE determines the level of security based upon: • System Audit • System Audit Object Specific
  • 61. Access Tokens • When the user logs on, an access token is created and sent by the DC to the user’s machine. • This token is necessary for a user to access any network resource. • The access token is attached to that user and is needed to access any object, to run any application, and to use any system resources.
  • 62. Access Permissions on AD Objects • The five standard permissions that can be applied to an object are: • Full Control • Write • Read • Create All Child Objects • Delete All Child Objects
  • 63. • Full Control • Allows the user the ability to view objects and attributes, the owner of the object, and the AD permissions, along with the ability to change any of those settings. • Write • Enables the user to view objects and attributes, the owner of the object, and the AD permissions, also allows the user to change any of those settings. • Read • Enables the user to view objects and attributes, the owner of the object, and the AD permissions. • Create All Child Objects • Enables the user to create additional child objects to the OU (Organizational Unit). • Delete All Child Objects • Enables the user to delete existing objects from an OU.
  • 64. The Flow of Permissions • The implementation of inheritance is utilized by Windows 2000. • Inheritance is automatic for child objects within parent containers; • Ex. If a parent object has permissions implemented upon it, the child objects beneath will automatically inherit the permissions from above.
  • 65. The Flow of Inheritance Parent OU  When you create a child Parent object within a parent Permissions: container that holds certain Administrator: Full Control permissions, the child Users: Read object automatically Sales OU Research OU contains the permissions of its parent. Child Child Permissions: Permissions: Administrator: Full Control Administrator: Full Control Users: Read Users: Read
  • 66. Kerberos v5 • Developed by a team at MIT • Named after the three-headed dog in Greek mythology that guarded the gates of Hades. • There are three sides to Kerberos authentication: • User • Server • Key Distribution Center (KDC)
  • 67. Like its Greek Counterpart… • User • A client that has a need to access resources off a server. • Server • Offers a service, but only to those that can prove their identity. That proven identity doesn’t guarantee access to the service; it just proves that they even have a right to request a service. • Key Distribution Center (KDC) • An intermediary between the client and the server that provides a way of vouching that the client is really who it says it is.
  • 68. Kerberos Trust The trust relationships that connect members of a tree or forest are two-way, transitive Kerberos trusts. Thus, all the domains in a tree implicitly trust all the other domains in the tree or forest. DC DC DC
  • 69. • Kerberos is Windows 2000’s primary security protocol. • Verifies a user’s identity and a session’s integrity. • Each DC (Domain Controller) has Kerberos services on it and every Windows 2000 workstation has a Kerberos client.
  • 70. A Kerberos Transaction 1. A user logs on to the domain by supplying a username, a password, and a domain choice. Kerberos steps in and checks the info. Against the DC’s KDC database to verify that it knows the user. 2. If the user is valid, the user is provided a ticket- granting ticket (TGT). This means the user is preauthorized to access other resources on the domain. • In future transactions, the client doesn’t have to re-authenticate; rather, it presents the TGT to the KDC. This speeds up the process.
  • 71. 1. If a client wants to access a server—for example, the internal mail server in order to obtain his/her email—he/she can now present that TGT to the KDC ticket-granting server (TGS). This server will give the client another ticket which although doesn’t grant permission to the mail server, rather, it authenticates the client to the mail server. 2. The email server checks to see if you have permission to read the mail. If so, the client will receive the mail.
  • 72. The Four Steps of Kerberos KDC Print Server 3 4 2 1 KDC Client
  • 73. Trusts • Trusts allow the domains to work with the user accounts from other domain in such a way that people in one domain can share resources with others. • The transitive concept enables smoother functionality. • Transitive means “by extension” • Under Win2000, the trust is automation between parents and children, and transitive between every other domain in the tree.
  • 74. Transitive Trusts • Transitive trusts allow users in all connected domains to be validated as domain users. • Permissions are not transitive.
  • 75. Two-way Transitive Trusts • If child domain a.corp.com trusts corp.com and corp.com trusts b.corp.com, then a.corp.com automatically trusts b.corp.com. corp.com a.corp.com b.corp.com
  • 76. Few Points About Transitive Trusts  They are two-way agreements that are automatically created.  They exist between child domains and parents or the root domains of a forest.  The trusts are transitive because the trees and forests with connecting trusts make information available with no further trust configuration issues.  After trusts are established, permissions must be granted to an individual or group to allow them to access resources.
  • 77. Summary of Features and Benefits • Support for open standards to facilitate cross- platform directory services, incl. DNS and standard protocols – LDAP. • Support for standard name formats to ensure ease of migration. • Fast lookup via the global catalog. • Multi-master replication. • Backward compatibility. • Interoperability with NetWare environments.
  • 78. Installation of Active Directory • Installed using ‘dcpromo.exe’, which can be executed from the ‘Run’ dialog box. • ‘dcpromo.exe’ resides on the Windows 2000 partition. • ‘dcpromo.exe’ is an Active Directory installation wizard, which guides the user in a step by step installation. • Installation of Active Directory requires both a FAT and a NTFS partition.