Uploaded bypepoluan
PPT, PDF1,583 views

Active directory - an introduction

The document provides an overview of Active Directory including key elements such as domain controllers, the schema, security groups, SYSVOL, group policy objects, sites and subnets. It discusses features of Active Directory such as authentication, privileges, policies, auditing, replication, and trust relationships. It also describes important Active Directory elements in more detail including the roles of domain controllers, importance of the schema, best practices for assigning security groups and permissions, and functions of SYSVOL and group policy objects.

Embed presentation

Downloaded 38 times
Eng Ing Eng ! <Insert tada.wav here>
About The Speaker • Name: Pandu Poluan • Email: pandu@poluan.info • Experience: – Senior Instructor (of instructors) for Cisco, Microsoft, Certified Ethical Hackers – IT Manager of Infrastructure, PT Panin Sekuritas Tbk • 25 branches, 500 employees, 1 domain – Systems Administration Manager, PT Carrefour Indonesia • 85 branches, 10’000+ employees, 2 domains
Active Directory An Introduction
What is Active Directory? • Directory • Authentication – Database of Objects in – Into the network the Domain – Uses “Kerberos” • Users mechanism • Computers • • Privileges Printers • Scanners – For network resources • Shares – For admin tasks • Refrigerators • Active • Coffee Makers • Toilet
Why called “Active” • Not just auth • Policies • Grouping (Many-to- – Restrictions Many) – Forced settings – Based on Org Struct – “Push” installation – Based on Functional • Audit Team • Replication – Based on Ad Hoc – One way & Two way needs – Bandwidth-adapting • Delegation • ‘Trust’ Relationship – Of admin tasks – Of management tasks
Overview of AD Elements • Domain Controllers – Writable & RODC • Schema • Security Groups • SYSVOL • Group Policy Objects (GPO) • Sites & Subnets • ... (and many others, but let’s just focus on the above for this “Introduction”)
Domain Controllers • Where AD database(s) are kept • Replicate between themselves – Two way with writeable DCs, One-way to RODCs – Also replicate “SYSVOL” • MUST be secured at all costs!! – Physical security – Logical security  RODC – Hardening: • Allow only special ‘elevated’ accounts ‘administrator-level’ access to the DCs
The AD “Schema” • Definition of Objects in AD – Properties/Attributes – ‘Nature’ of Object • E.g., container, custom container, leaf object • AMAT SANGAT VITAL SEKALI BANGET !!! – *IMMEDIATELY* replicated to other DCs – Feel free to commit suicide if someone gained Schema-editing ability … and botched the schema
Security Groups • Used to manage privileges/permissions practically, systematically, and healthily – Managing privileges per user in a big enterprise is not good for your health • Microsoft-recommended Best Practice: A G U DL P Account Global Universal Domain Local Permissions
A-P • The Worst privilege-assignment strategy – Imagine having to give 1’000 users the same privileges … – … to 100 network shares • Only suitable for … nothing
A-G-P • NEVER assign permissions directly to accounts • At least, assign permissions to Global SGs • Then, gather user Accounts into Gs • Only suitable for small domains
A-G-DL-P • Good Enough™ for Most organizations • In principle: – Gather Accounts into Groups – Assign Permissions onto Domain Locals – Associate Groups into Domain Locals A G DL P
A-G-U-DL-P • Necessary for huge organizations – Allows assignment of privileges for other ‘trusted’ domains • Similar to A-G-DL-P, but – Create Universal SGs spanning multi domains – Put Global SGs in a domain inside a U – Then, associate Us in DLs U A G DL P A G DL P
SYSVOL • The mysterious, enigmatic area where important AD thingies are kept – Group Policy Objects – Startup/Shutdown/Logon/Logoff Scripts – Other small-sized SysAdmin supporting files • Employs mysterious “Junctions” – Must be hosted on NTFS – Please please please for the love of all things holy: Do not delete any directory in here if you don’t understand its structure • Automatically replicated to other DCs – (Except SYSVOL on RODCs – won’t replicate, but will be overwritten instead) – FRS on Windows Server 2003, DFSR on Windows Server 2008 – Please do not put anything too big in SYSVOL … • else, your NetAdmin is going to find you and hurt you…
Group Policy Objects • A method to apply: – Common restrictions – Common settings – Common applications • Attached to one (or more) “Organizational Units” • Two kinds of policies – Machine policies – set on boot-complete – User policies – set on login • Machine policies *may* get re-applied when user login • Can be selectively applied
Sites and Subnets • Active Directory enables the definition of “sites” – Basically, a grouping of subnets in the enterprise – Also, a collection of DCs in those subnets • Features enabled by “sites” – Definition of replication topology – Definition of replication connection “costs” – Custom scheduling of replication – Nearest-DC (for login, SYSVOL access, etc.)
Other Important Things You Should Know If You Are A Windows Systems Administrator • FSMO Roles • Time Synchronization • Deployment tools • Management tools • Diagnostic tools
Tararengkiyu !
Sesi Tanya dan (semoga di-) Jawab
Active directory - an introduction

More Related Content

PDF
DB12c: All You Need to Know About the Resource Manager
byMaris Elsins
 
PPTX
Citrix Synergy 2014 - Syn233 Building and operating a Dev Ops cloud: best pra...
byCitrix
 
PPTX
Storage for VDI
byHoward Marks
 
PPTX
Software defined storage real or bs-2014
byHoward Marks
 
PPTX
Building Storage for Clouds (ONUG Spring 2015)
byHoward Marks
 
PDF
Application Development with Apache Cassandra as a Service
byWSO2
 
PPT
Deep dive hadoop
byJakub Stransky
 
PDF
Hadoop operations
byMarc Cluet
 
DB12c: All You Need to Know About the Resource Manager
byMaris Elsins
 
Citrix Synergy 2014 - Syn233 Building and operating a Dev Ops cloud: best pra...
byCitrix
 
Storage for VDI
byHoward Marks
 
Software defined storage real or bs-2014
byHoward Marks
 
Building Storage for Clouds (ONUG Spring 2015)
byHoward Marks
 
Application Development with Apache Cassandra as a Service
byWSO2
 
Deep dive hadoop
byJakub Stransky
 
Hadoop operations
byMarc Cluet
 

What's hot

PDF
Scalability, Availability & Stability Patterns
byJonas Bonér
 
PDF
Database as a Service on the Oracle Database Appliance Platform
byMaris Elsins
 
PPTX
Multi-tenant, Multi-cluster and Multi-container Apache HBase Deployments
byDataWorks Summit
 
PDF
Azure Boot Camp 21.04.2018 SQL Server in Azure Iaas PaaS on-prem Lars Platzdasch
byLars Platzdasch
 
PDF
5 Postgres DBA Tips
byEDB
 
PPT
Life After Sharding: Monitoring and Management of a Complex Data Cloud
byOSCON Byrum
 
PDF
(ATS4-PLAT06) Considerations for sizing and deployment
byBIOVIA
 
PDF
MongoDB webiner01
byCreationline,inc.
 
PDF
KoprowskiT_SQLRelay2014#8_Birmingham_FromPlanToBackupToCloud
byTobias Koprowski
 
PDF
The Power of Postgres Plus Cloud Database
byEDB
 
PPTX
Extending your data to the cloud
byMicrosoft TechNet - Belgium and Luxembourg
 
PPTX
Reaching the Cloud: The Architecture
bySociety of Women Engineers
 
PPTX
PEARC17: Cloud-enabling a Collaborative Research Platform: The GABBs Story
byRajesh Kalyanam
 
PDF
KoprowskiT - SQLBITS X - 2am a disaster just began
byTobias Koprowski
 
PDF
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
byTobias Koprowski
 
PPTX
Docker y azure container service
byFernando Mejía
 
PPTX
Cloud Computing101 Azure, updated june 2017
byFernando Mejía
 
PPTX
LVOUG meetup #2 - Forcing SQL Execution Plan Instability
byMaris Elsins
 
PPTX
2015 deploying flash in the data center
byHoward Marks
 
PDF
Database-as-a-Service with Oracle Enterprise Manager Cloud Control 12c and Or...
byLeighton Nelson
 
Scalability, Availability & Stability Patterns
byJonas Bonér
 
Database as a Service on the Oracle Database Appliance Platform
byMaris Elsins
 
Multi-tenant, Multi-cluster and Multi-container Apache HBase Deployments
byDataWorks Summit
 
Azure Boot Camp 21.04.2018 SQL Server in Azure Iaas PaaS on-prem Lars Platzdasch
byLars Platzdasch
 
5 Postgres DBA Tips
byEDB
 
Life After Sharding: Monitoring and Management of a Complex Data Cloud
byOSCON Byrum
 
(ATS4-PLAT06) Considerations for sizing and deployment
byBIOVIA
 
MongoDB webiner01
byCreationline,inc.
 
KoprowskiT_SQLRelay2014#8_Birmingham_FromPlanToBackupToCloud
byTobias Koprowski
 
The Power of Postgres Plus Cloud Database
byEDB
 
Extending your data to the cloud
byMicrosoft TechNet - Belgium and Luxembourg
 
Reaching the Cloud: The Architecture
bySociety of Women Engineers
 
PEARC17: Cloud-enabling a Collaborative Research Platform: The GABBs Story
byRajesh Kalyanam
 
KoprowskiT - SQLBITS X - 2am a disaster just began
byTobias Koprowski
 
KoprowskiT_SQLRelay2014#1_Reading_FromPlanToBackupToCloud
byTobias Koprowski
 
Docker y azure container service
byFernando Mejía
 
Cloud Computing101 Azure, updated june 2017
byFernando Mejía
 
LVOUG meetup #2 - Forcing SQL Execution Plan Instability
byMaris Elsins
 
2015 deploying flash in the data center
byHoward Marks
 
Database-as-a-Service with Oracle Enterprise Manager Cloud Control 12c and Or...
byLeighton Nelson
 

Viewers also liked

PPTX
Microsoft Offical Course 20410C_02
bygameaxt
 
PPT
Active directory slides
byTimothy Moffatt
 
PPT
Active Directory
bySandeep Kapadane
 
PDF
MCSA 70-410 5 introduction to active directory and basic installation
byTarek Amer
 
PPT
Active directory and application
byaminpathan11
 
PPT
Active directory
byMuuluu
 
PPTX
Introduction to Active Directory
bythoms1i
 
PPT
1.2 active directory
byMuuluu
 
Microsoft Offical Course 20410C_02
bygameaxt
 
Active directory slides
byTimothy Moffatt
 
Active Directory
bySandeep Kapadane
 
MCSA 70-410 5 introduction to active directory and basic installation
byTarek Amer
 
Active directory and application
byaminpathan11
 
Active directory
byMuuluu
 
Introduction to Active Directory
bythoms1i
 
1.2 active directory
byMuuluu
 

Similar to Active directory - an introduction

PPT
A brief Introduction_of_Active_Directory
bynavneetyohaya
 
PPTX
BITIC-27 Proyecto 3 BITIC 3 2022 Andres Labera ADDS.pptx
byRodrigoOrtz4
 
PPTX
Active Directory for Auditors
byAndrew Clark
 
PPTX
Microsoft Offical Course 20410C_03
bygameaxt
 
PPTX
Microsoft Active Directory.pptx
bymasbulosoke
 
PPTX
Module 3- Managing Active Directory Domain Service Objects .pptx
byHassanAhmadAbubakar1
 
PDF
Installation et configuration DNS1-zones
byshayn3
 
PDF
Final domain control policy
byBhagyashriJadhav16
 
PPTX
Activedirecotryfundamentals
byShekhar Singh
 
PDF
6425 c 01
bytanvutha
 
PPT
Microsoft Active Directory
bythebigredhemi
 
PPTX
Active directory ds ws2008 r2
byMICTT Palma
 
PDF
Presentation gggffggggg.pdf
byMulunehBardadeYegeta
 
DOCX
Ctive directory interview question and answers
bysankar palla
 
PPT
Active directoryfinal
byRafał Kucharski
 
PPT
Win2KServer Active Directory
byPhil Ashman
 
PDF
Introduction to active_directory
byCouploa Couploa
 
PDF
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
byKhadijaTahir29
 
PPT
70 640 Lesson05 Ppt 041009
byCoffeyville Community College
 
PPTX
Ad ds ws2008 r2
byMICTT Palma
 
A brief Introduction_of_Active_Directory
bynavneetyohaya
 
BITIC-27 Proyecto 3 BITIC 3 2022 Andres Labera ADDS.pptx
byRodrigoOrtz4
 
Active Directory for Auditors
byAndrew Clark
 
Microsoft Offical Course 20410C_03
bygameaxt
 
Microsoft Active Directory.pptx
bymasbulosoke
 
Module 3- Managing Active Directory Domain Service Objects .pptx
byHassanAhmadAbubakar1
 
Installation et configuration DNS1-zones
byshayn3
 
Final domain control policy
byBhagyashriJadhav16
 
Activedirecotryfundamentals
byShekhar Singh
 
6425 c 01
bytanvutha
 
Microsoft Active Directory
bythebigredhemi
 
Active directory ds ws2008 r2
byMICTT Palma
 
Presentation gggffggggg.pdf
byMulunehBardadeYegeta
 
Ctive directory interview question and answers
bysankar palla
 
Active directoryfinal
byRafał Kucharski
 
Win2KServer Active Directory
byPhil Ashman
 
Introduction to active_directory
byCouploa Couploa
 
chapter01-introductiontowindowsserver2003-090505014519-phpapp02.pdf
byKhadijaTahir29
 
70 640 Lesson05 Ppt 041009
byCoffeyville Community College
 
Ad ds ws2008 r2
byMICTT Palma
 

Recently uploaded

PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
December Patch Tuesday
byIvanti
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
December Patch Tuesday
byIvanti
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 

Active directory - an introduction

  • 1.
    Eng Ing Eng! <Insert tada.wav here>
  • 2.
    About The Speaker •Name: Pandu Poluan • Email: pandu@poluan.info • Experience: – Senior Instructor (of instructors) for Cisco, Microsoft, Certified Ethical Hackers – IT Manager of Infrastructure, PT Panin Sekuritas Tbk • 25 branches, 500 employees, 1 domain – Systems Administration Manager, PT Carrefour Indonesia • 85 branches, 10’000+ employees, 2 domains
  • 3.
    Active Directory An Introduction
  • 4.
    What is ActiveDirectory? • Directory • Authentication – Database of Objects in – Into the network the Domain – Uses “Kerberos” • Users mechanism • Computers • • Privileges Printers • Scanners – For network resources • Shares – For admin tasks • Refrigerators • Active • Coffee Makers • Toilet
  • 5.
    Why called “Active” •Not just auth • Policies • Grouping (Many-to- – Restrictions Many) – Forced settings – Based on Org Struct – “Push” installation – Based on Functional • Audit Team • Replication – Based on Ad Hoc – One way & Two way needs – Bandwidth-adapting • Delegation • ‘Trust’ Relationship – Of admin tasks – Of management tasks
  • 6.
    Overview of ADElements • Domain Controllers – Writable & RODC • Schema • Security Groups • SYSVOL • Group Policy Objects (GPO) • Sites & Subnets • ... (and many others, but let’s just focus on the above for this “Introduction”)
  • 7.
    Domain Controllers • WhereAD database(s) are kept • Replicate between themselves – Two way with writeable DCs, One-way to RODCs – Also replicate “SYSVOL” • MUST be secured at all costs!! – Physical security – Logical security  RODC – Hardening: • Allow only special ‘elevated’ accounts ‘administrator-level’ access to the DCs
  • 8.
    The AD “Schema” •Definition of Objects in AD – Properties/Attributes – ‘Nature’ of Object • E.g., container, custom container, leaf object • AMAT SANGAT VITAL SEKALI BANGET !!! – *IMMEDIATELY* replicated to other DCs – Feel free to commit suicide if someone gained Schema-editing ability … and botched the schema
  • 9.
    Security Groups • Usedto manage privileges/permissions practically, systematically, and healthily – Managing privileges per user in a big enterprise is not good for your health • Microsoft-recommended Best Practice: A G U DL P Account Global Universal Domain Local Permissions
  • 10.
    A-P • The Worstprivilege-assignment strategy – Imagine having to give 1’000 users the same privileges … – … to 100 network shares • Only suitable for … nothing
  • 11.
    A-G-P • NEVER assignpermissions directly to accounts • At least, assign permissions to Global SGs • Then, gather user Accounts into Gs • Only suitable for small domains
  • 12.
    A-G-DL-P • Good Enough™for Most organizations • In principle: – Gather Accounts into Groups – Assign Permissions onto Domain Locals – Associate Groups into Domain Locals A G DL P
  • 13.
    A-G-U-DL-P • Necessary forhuge organizations – Allows assignment of privileges for other ‘trusted’ domains • Similar to A-G-DL-P, but – Create Universal SGs spanning multi domains – Put Global SGs in a domain inside a U – Then, associate Us in DLs U A G DL P A G DL P
  • 14.
    SYSVOL • The mysterious,enigmatic area where important AD thingies are kept – Group Policy Objects – Startup/Shutdown/Logon/Logoff Scripts – Other small-sized SysAdmin supporting files • Employs mysterious “Junctions” – Must be hosted on NTFS – Please please please for the love of all things holy: Do not delete any directory in here if you don’t understand its structure • Automatically replicated to other DCs – (Except SYSVOL on RODCs – won’t replicate, but will be overwritten instead) – FRS on Windows Server 2003, DFSR on Windows Server 2008 – Please do not put anything too big in SYSVOL … • else, your NetAdmin is going to find you and hurt you…
  • 15.
    Group Policy Objects •A method to apply: – Common restrictions – Common settings – Common applications • Attached to one (or more) “Organizational Units” • Two kinds of policies – Machine policies – set on boot-complete – User policies – set on login • Machine policies *may* get re-applied when user login • Can be selectively applied
  • 16.
    Sites and Subnets •Active Directory enables the definition of “sites” – Basically, a grouping of subnets in the enterprise – Also, a collection of DCs in those subnets • Features enabled by “sites” – Definition of replication topology – Definition of replication connection “costs” – Custom scheduling of replication – Nearest-DC (for login, SYSVOL access, etc.)
  • 17.
    Other Important ThingsYou Should Know If You Are A Windows Systems Administrator • FSMO Roles • Time Synchronization • Deployment tools • Management tools • Diagnostic tools
  • 18.
  • 19.