Scribd
Upload
44 views19 pages

Understanding Active Directory Features

Active Directory (AD) is a Microsoft directory service that provides a centralized platform for managing user accounts, computers, and network resources, initially released in 1999. It features group policy management, domain services, and LDAP support, enhancing user management, security, and resource sharing across networks. AD is structured in a hierarchical manner with domains, trees, and forests, allowing for efficient administration and authentication of users and devices within a network.

Uploaded by

WONDYE DESTA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
44 views19 pages

Understanding Active Directory Features

Active Directory (AD) is a Microsoft directory service that provides a centralized platform for managing user accounts, computers, and network resources, initially released in 1999. It features group policy management, domain services, and LDAP support, enhancing user management, security, and resource sharing across networks. AD is structured in a hierarchical manner with domains, trees, and forests, allowing for efficient administration and authentication of users and devices within a network.

Uploaded by

WONDYE DESTA
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

ACTIVE DIRECTORY

• Microsoft Directory service

• Initially released in 1999

• Originally designed for Windows 2000 Server

• Enhanced with Windows Server 2008 and Windows server 2012


ACTIVE DIRECTORY
Active Directory is a Directory Service which Contains Information of All User Accounts
and Shared Recourses on a Network.
Active Directory (AD) is a database and set of services that connect users with the network
resources they need to get their work done.
A directory service (DS) is a software application- or a set of applications - that stores and
organizes information about a computer network's users and network resources.

• Active Directory is a Centralized Hierarchical Directory Database

• Allows network administrators to manage users' access to the resources

• Act as an abstraction layer between users and shared resources


What Is Active Directory?
Active Directory

Directory service functionality Centralized management

Organize
Manage Resources Single point of administration
Control
In simple terms AD offers key features and
components like group policy management,
domain services and Lightweight Directory Access
Protocol (LDAP) support.
 Group policy management allows
administrators to implement specific
configurations across multiple machines.
 Domain services provide a hierarchical
organizational structure that helps manage
interactions between users and devices in
distributed networks.
 LDAP or Lightweight Directory Access Protocol
(LDAP) is a protocol that helps users find data
about organizations, persons and more.
PURPOSE OF ACTIVE DIRECTORY

[Link] User Logon and Authentication Services

[Link] organize and manage:


User Accounts
Computers
Groups and
Network Resources

3 Enables authorized Users to easily locate:


Network Resources
FEATURES OF ACTIVE DIRECTORY

[Link] Integrated Security

[Link] Administration using Group Policy

[Link] to any Size Network

[Link]

NEW FEATURES IN ACTIVE DIRECTORY

Provide file shares.


 Authenticate users
Control access to services and shares
 Provide services, such as Email, Access to the internet,
Print services etc.
What are the benefits of Active Directory?

 Streamlined User Management


AD simplifies user account management by providing a
centralized platform to create, modify or delete users
across the entire network. This means that manual
administration of users on individual machines within your
network is a thing of the past.
 Enhanced Network Security

AD’s robust security features safeguard sensitive data


against cyber threats. Group policies and access controls
enforce strict password requirements and limit users’
access to specific files or applications based on their
specific roles within the company.
CONT,,
 Simplified Resource Sharing
Sharing resources like printers or files across a network is much
simpler with AD. Administrators can manage these resources centrally,
making them available to all users without additional software
installation.
 Better Group Policy Implementation

The Group Policy feature in AD enables admins to control how systems


operate and what users can do on those systems. From setting up
firewall rules to disabling USB ports on endpoints for enhanced
security--everything becomes easier with group policies in place.
 Faster Troubleshooting

When issues arise, having a centralized system like AD helps diagnose


problems faster by providing detailed logs about user activities and
system events.
How Directory Service Evolved
Earlier we had no DATABASE Standard
So ITU & ISO introduced X.500

Server
(Directory System Agent)

Backup Server

Directory Info Base


DOP DAP Directory Info Tree

Directory Organization
Client
Management Protocol
(Directory User Agent)
DAP Directory Access Protocol is based on OSI Layers

LDAP Lightweight Directory Access Protocol based on TCP/IP Layer

DAP was introduced in BANYAN VINES


It named the Database as STREET TALK

LDAP was first Introduced in NOVELL


Novell named it NDS ( Network Directory Services
How is Active Directory structured?
 AD has three main tiers: domains, trees and forests. A
domain is a group of related users, computers and other
AD objects, such as all the AD objects for your
company’s head office. Multiple domains can be
combined into a tree, and multiple trees can be grouped
into a forest.
 Keep in mind that a domain is a management boundary.
The objects for a given domain are stored in a single
database and can be managed together. A forest is a
security boundary. Objects in different forests are not
able to interact with each other unless the administrators
of each forest create a trust between them. For instance,
if you have multiple disjointed business units, you
probably want to create multiple forests.
Domains: Trees, Forests, Trusts, and Outs
Active Directory is made up of one or more domains. Creating the initial domain controller in a network also creates the domain—you cannot have a domain without at least one domain controller. Each domain in the directory is identified by a DNS domain n ame. You use the Active Directory Domains and Trusts tool to manage domains.

Domains: Trees, Forests

Active Directory is made up of one or more domains.

Creating the initial domain controller in a network also creates the


domain—you cannot have a domain without at least one domain
controller.

Each domain in the directory is identified by a DNS domain name.

You use the Active Directory Domains and Trusts tool to manage
domains.
TREE

• In the Windows 2003 operating system, a tree is a set of one or


more domains with contiguous names.
• If more than one domain exists, you can combine the multiple
domains into hierarchical tree structures.
• The first domain created is the root domain of the first tree.
• Additional domains in the same domain tree are child domains.
• A domain immediately above another domain in the same domain
tree is its parent.
TREE
FOREST

• Multiple domain trees within a single forest do not form a


contiguous namespace; that is, they have noncontiguous DNS
domain names.
• Although trees in a forest do not share a namespace, a forest
does have a single root domain, called the forest root domain.
• The forest root domain is, by definition, the first domain created
in the forest.
• The two forest-wide predefined groups—Enterprise
administrators and Schema administrators—reside in this domain.
FOREST

Forest

[Link] [Link]

Tree
Tree
[Link]
What Is Active Directory Domain Services?
 As the primary directory service in a Windows domain,
Active Directory Domain Services (AD DS) is responsible
for storing and managing information about users,
services and devices connected to the network in a
tiered structure. It’s basically the backbone of Active
Directory as it contains a centralized directory that lets
domains and users communicate.
 AD DS helps manage network operations by providing a
structured way to store data in a hierarchical
organization. This makes it easier for administrators to
manage user access rights and system configurations
across different domains within the same network. AD
DS also integrates security by authenticating login
functions and controlling access to directory resources. It
does this through:
CONT,,
 User authentication. AD DS authenticates users before
they can access resources on the network, ensuring only
authorized individuals have entry to specific parts of the
system.
 Data storage. It stores directory data, like usernames,
passwords and phone numbers, which help streamline
operations within an organization.
 Policies enforcement. With group policy objects (GPO),
administrators can enforce security policies across
multiple machines at once, saving time while maintaining
high levels of security.

You might also like