Scribd
Upload
12 views16 pages

Active Directory

Active Directory (AD) is a centralized repository in Windows servers that manages network objects, providing authentication, authorization, and accounting services. It has a hierarchical structure consisting of forests, trees, domains, organizational units, and sites, which facilitate resource management and trust relationships across domains. AD also includes various services such as AD DS, AD FS, AD LDS, AD CS, and AD RMS, each serving specific functions related to identity management and security.

Uploaded by

fityanul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
12 views16 pages

Active Directory

Active Directory (AD) is a centralized repository in Windows servers that manages network objects, providing authentication, authorization, and accounting services. It has a hierarchical structure consisting of forests, trees, domains, organizational units, and sites, which facilitate resource management and trust relationships across domains. AD also includes various services such as AD DS, AD FS, AD LDS, AD CS, and AD RMS, each serving specific functions related to identity management and security.

Uploaded by

fityanul
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

Active Directory

Active Directory Overview

AD is centralized repository in Windows servers that:


Stores information about the network objects (Users, Groups, Computers,
Printers, Server, and so on).
Each object will have its own Globally Unique Identifier (GUID)
Provides a single point of network management allowing people to add,
remove, and relocate users and resources easily.
Authenticates the networks users; and authorises them to access the
resources.

10/03/2025 2
Active Directory Overview

Why AD is important?
Authentication : is the process of verifying your identity before you are
allowed to use a resource.
 Local Authentication vs. Central Authentication
Authorization: is the process of verifying whether the authenticated person is
AUTHORIZED to use the resource.
Accounting: is the process of documenting the authenticated and authorized
person has accessed the resource.
Active Directory is the server role that is responsible of
authenticating, authorizing, and accounting network users.

10/03/2025 3
Active Directory Overview

10/03/2025 4
Active Directory Overview
Active Directory Components

The framework that holds the objects is viewed at a number of levels


(Hierarchal structure).
Forests: the top level of the structure; contains the collection of every
object, its attributes and rules.
 holds one or more transitive, trust-linked Trees.
Trees: holds one or more Domain and domain trees, again linked in a
transitive trust hierarchy.
Domains: Domains are identified by their DNS name structure, the
namespace. A domain has a single DNS name.

6
Active Directory Components

Organizational Units: The objects held within a domain can be grouped into
different Organizational Units (OUs).
 OUs give a domain a hierarchy, ease its administration.
Sites: AD supports creation of physical sites distinguished by locations.
 Sites can be defined by one or more IP subnets.
 Sites are independent of the domain and OU structure and are common across the
entire forest.
 Sites are used to control network traffic generated by replication and also to refer clients
to the nearest domain controllers.

7
Active Directory Components

Trust relationships: AD uses trust relations to allow users in one


domain to access resources in another domain.
Trusts inside a forest are automatically created when
domains are created. The forest sets the default
boundaries of trust, not the domain, and implicit,
transitive trust is automatic for all domains within a
forest.

8
Active Directory Trust Relationships

Tree-root trust: exists between two root domains


within the same forest. (transitive and two way).
Parent-child trust: is implicitly established when
new child domains are added to a domain tree.
(two-way, transitive).
Shortcut trust: created explicitly by the admin and
is either a one way transitive trust or two way
transitive trust.
Realm trust create a trust relationship with non-
Windows Kerberos version 5 realm.
External trust: explicit trust relation between
10/03/2025 domains that are located in different forests. 9
Active Directory Services

AD DS AD LDS AD FS AD CS AD RMS

Provides Provides Provides Provides PKI Provides


directory- an LDAP federation certificate solution to
based accessible services issuance, secure how
authenticati directory supporting managemen users utilize
on/ service single sign- t, and content (i.e.
authorizatio that on to web revocation Office
n services supports applications services documents)
in support identity
of Microsoft- manageme
based nt
networked scenarios
services
and
Active Directory Services

Active Directory Certificate Services (AD CS) is an Identity and


Access Control security technology that provides customizable
services for creating and managing public key certificates used in
software security systems that employ public key technologies.
Active Directory Domain Services (AD DS) stores directory data and
manages communication between users and domains, including user
logon processes, authentication, and directory searches.
An Active Directory domain controller is a server that is running AD DS.

10/03/2025 11
Active Directory Services

Active Directory Federation Services (AD FS) provides Web single-


sign-on (SSO) technologies to authenticate a user to multiple Web
applications over the life of a single online session.
Active Directory Lightweight Directory Services (AD LDS) is a
Lightweight Directory Access Protocol (LDAP) directory service that
provides flexible support for directory-enabled applications, without
the restrictions of Active Directory Domain Services (AD DS).

10/03/2025 12
Active Directory Services

Active Directory Rights Management Services (AD RMS) is an


information protection technology that works with AD RMS-enabled
applications to help safeguard digital information from
unauthorized use. Content owners can define who can open, modify,
print, forward, or take other actions with the information.

10/03/2025 13
AD DS installation and Configuration
AD DS installation and Configuration
Thank
10/03/2025
you 16

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy