This document outlines Active Directory Domain Services (AD DS), including its introduction as a centralized directory service for Windows networks, architecture using LDAP protocol, components like domains and forests, and authentication and authorization processes. It also discusses benefits like single sign-on access and centralized management, limitations such as costs, and concludes that AD DS enables centralized network management compared to workgroup networks.

1. NOVEMBER, 2016

2. OUTLINE
 INTRODUCTION
 HISTORICAL BACKGROUND
 ARCHITECTURE OF AD DS
 PROTOCOL
 AUTHENTICATION
 AUTHORIZATION
 COMPONENTS OVERVIEW
 TRUSTS
 BENEFITS OF AD DS
 LIMITATIONS OF AD DS
 CONCLUSION

3. INTRODUCTION
Active Directory Domain Service (AD DS) is a server role in
Window Server Operating System that allows administrators to
centrally manage and store information about resources of a
network, as well as application data in a distributed database.
It is an outstanding versatile and secured technology for most
modern networking client-server environment

4. HISTORICAL BACKGROUND
 Mid 1990s, Active Directory was introduced by Microsoft
 Active Directory replaced Windows NT-style user
authentication
 Active Directory did not become a part of Windows
Operating System until the release of Windows 2000 in
2000
 Active Directory improved as Windows Server 2003 and
Windows Server 2008 was released

5. ARCHITECTURE OF AD DS
Figure 1: Showing the Architecture of AD DS (Microsoft, 2015)

6. PROTOCOL
 Lightweight Directory Access Protocol (LDAP)
 X.500 Standard
 Based on TCP/IP
 A method for accessing, searching, and modifying a
directory Service
 A client-server model

7. What is Authentication?
• Network authentication:
grants access to network
resources
• Interactive logon: grants
access to the local
computer
Authentication is the process of verifying a user’s identity
on a network.
Authentication includes two components

8. What is Authorization?
Security principals are
issued security identifiers
(SIDs) when the account is
created
User accounts are issued
security tokens during
authentication that include
the user’s SID and all related
group SIDs
Shared resources on a
network include access
control lists (ACL) that
define who can access the
resource
The security token is
compared against the
Discretionary Access Control
List (DACL) on the resource
and access is granted or
denied
Authorization is a process of verifying that an
authenticated user has permission to perform an action

9. COMPONENTS OVERVIEW
Physical Components
 Data Store
 Domain Controllers
 Global Catalog Server
 Replication
Logical Components
 Partitions
 Schema
 Domains
 Domain trees
 Forests
 Sites
 Organizational Units
(OUs)

10. ...COMPONENTS OF AD DS
Domain tree Forest
Figure2 : Showing a domain tree and a forest (Microsoft, 2015)

11. TRUSTS
Trusts provide a mechanism for users to gain access to
resources in another domain
Types of Trust Description Diagram
Directional The trust direction flows
from trusting domain to
the trusted domain
Transitive The trust relationship is
extended beyond a two-
domain trust to include
other trusted domains
Access
TRUST
Trust &
Access
•All domains in a forest trust all other domains in the forest
•Trusts can extend outside the forest
Table 1: Showing different types of trust

12. BENEFITS OF AD DS
 Centralized Directory
 Single Sign on Access
 Scalability
 Common Management Interface
 Centralized Network Management

13. LIMITATIONS OF AD DS
 High maintenance costs
 Active Directory is OS dependent
 Cost of the infrastructure can be high
 It is prone to being hacked

14. CONCLUSION
Some firms today use workgroup network which
makes it difficult to centralize network
management. As a result of this, Active Directory
Domain Service comes handy which includes
storage of directory data and management of
communication between users and domains,
including user authentication and directory
searches.

15. THANKS
FOR
LISTENING