2. FABRIKAM 2
A server running the Active Directory
Domain Service (AD DS) role is called a
domain controller. It authenticates and
authorizes all users and computers in a
Windows domain type network,
assigning and enforcing security policies
for all computers, and installing or
updating software.
ACTIVE DIRECTORY SERVICES
Active Directory Services consist
of multiple directory services.
The best known is Active
Directory Domain Services,
commonly abbreviated as AD DS
or simply AD.
3. FABRIKAM 3
HISTORY
Microsoft previewed Active Directory in 1999, released it
first with Windows 2000 Server edition, and revised it to
extend functionality and improve administration in
Windows Server 2003. Active Directory support was also
added to Windows 95, Windows 98 and Windows NT 4.0
via patch, with some features being unsupported.
Additional improvements came with subsequent versions
of Windows Server. In Windows Server 2008, additional
services were added to Active Directory, such as Active
Directory Federation Services. The part of the directory in
charge of management of domains, which was previously
a core part of the operating system, was renamed Active
Directory Domain Services (ADDS) and became a server
role like others. "Active Directory" became the umbrella
title of a broader range of directory-based services.
According to Byron Hynes, everything related to identity
was brought under Active Directory's banner.
4. FABRIKAM 4
Active Directory Services
Domain Services
Active Directory Domain Services (AD DS) is the
foundation stone of every Windows domain network. It
stores information about members of the domain,
including devices and users, verifies their credentials
and defines their access rights.
Lightweight Directory Services
Active Directory Lightweight Directory Services (AD
LDS), formerly known as Active Directory Application
Mode (ADAM), is an implementation of LDAP protocol
for AD DS. AD LDS runs as a service on Windows Server.
Certificate Services
Active Directory Certificate Services (AD CS) establishes an on-
premises public key infrastructure. It can create, validate and
revoke public key certificates for internal uses of an organization.
Federation Services
Active Directory Federation Services (AD FS) is a single sign-on
service. With an AD FS infrastructure in place, users may use
several web-based services (e.g. internet forum, blog, online
shopping, webmail) or network resources using only one set of
credentials stored at a central location, as opposed to having to be
granted a dedicated set of credentials for each service.
5. FABRIKAM 5
Logical structure
As a directory service, an
Active Directory instance
consists of a database and
corresponding executable
code responsible for
servicing requests and
maintaining the database.
6. FABRIKAM
FABRIKAM 6
Objects - Active Directory structures are arrangements of
information about objects. The objects fall into two
broad categories: resources (e.g., printers) and security
principals (user or computer accounts and groups).
Security principals are assigned unique security
identifiers (SIDs).
Forest, trees and domains - The Active Directory
framework that holds the objects can be viewed at a
number of levels. The forest, tree, and domain are the
logical divisions in an Active Directory network.
Organizational units - The objects held within a domain
can be grouped into organizational units (OUs). OUs can
provide hierarchy to a domain, ease its administration,
and can resemble the organization's structure in
managerial or geographical terms. OUs can contain other
OUs—domains are containers in this sense.
Shadow groups - Active Directory requires a separate step
for an administrator to assign an object in an OU as a
member of a group also within that OU. Relying on OU
location alone to determine access permissions is
unreliable, because the object may not have been assigned
to the group object for that OU.
Partitions - The Active Directory database is organized in
partitions, each holding specific object types and following
a specific replication pattern.
Logical Structure
7. FABRIKAM 7
Physical Structure
Physically, the Active
Directory information is
held on one or more peer
domain controllers,
replacing the NT PDC/BDC
model. Each DC has a
copy of the Active
Directory. Servers joined
to Active Directory that
are not domain
controllers are called
Member Servers.
8. FABRIKAM
FABRIKAM 8
Replication - Active Directory synchronizes changes
using multi-master replication.] Replication by default is
'pull' rather than 'push', meaning that replicas pull changes
from the server where the change was effected.
Implementation - In general, a network utilizing Active
Directory has more than one licensed Windows server
computer. Backup and restore of Active Directory is possible
for a network with a single domain controller, but Microsoft
recommends more than one domain controller to provide
automatic failover protection of the directory.
Database - The Active-Directory database, the directory
store, in Windows 2000 Server uses the JET Blue -
based Extensible Storage Engine (ESE98) and is limited to 16
terabytes and 2 billion objects (but only 1 billion security
principals) in each domain controller's database. Microsoft
has created NTDS databases with more than 2 billion
objects.
Trusting
To allow users in one domain to access resources in
another, Active Directory uses trusts.
Trusts inside a forest are automatically created when
domains are created. The forest sets the default
boundaries of trust, and implicit, transitive trust is
automatic for all domains within a forest.
Physical Structure
9. FABRIKAM
QUIZ
1. It authenticates and authorizes all users and computers in a Windows domain type network, assigning and
enforcing security policies for all computers, and installing or updating software.
2. It stores information about members of the domain, including devices and users, verifies their credentials
and defines their access rights.
3. It can create, validate and revoke public key certificates for internal uses of an organization.
4. With an AD FS infrastructure in place, users may use several web-based services (e.g. internet forum, blog,
online shopping, webmail) or network resources using only one set of credentials stored at a central
location, as opposed to having to be granted a dedicated set of credentials for each service.
5. As a directory service, an Active Directory instance consists of a database and corresponding executable
code responsible for servicing requests and maintaining the database.
6. The Active Directory information is held on one or more peer domain controllers, replacing the NT
PDC/BDC model.
7. The Active Directory framework that holds the objects can be viewed at a number of levels.
8. Active Directory requires a separate step for an administrator to assign an object in an OU as a member of
a group also within that OU.
9. In general, a network utilizing Active Directory has more than one licensed Windows server computer.
10.Its allow users in one domain to access resources in another, Active Directory.
10. FABRIKAM
ANSWERS:
1. ACTIVE DIRECTORY
2. DOMAIN SERVICES
3. CERTIFICATE SERVICES
4. FEDERATION SERVICES
5. LOGICAL STRUCTURE
6. PHYSICAL STRUCTURE
7. FOREST, TREES AND DOMAINS
8. SHADOW GROUPS
9. IMPLEMENTATION
10. TRUST