Scribd
Upload
50 views33 pages

Understanding Active Directory Basics

Active Directory is a centralized directory service that manages user accounts, computers, groups, and network resources within a network. It utilizes a hierarchical database structure and requires DNS for operation, providing authentication and organizational capabilities. Key components include domains, trees, forests, and trust relationships, which facilitate user access and resource management across various network locations.

Uploaded by

Nick
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
50 views33 pages

Understanding Active Directory Basics

Active Directory is a centralized directory service that manages user accounts, computers, groups, and network resources within a network. It utilizes a hierarchical database structure and requires DNS for operation, providing authentication and organizational capabilities. Key components include domains, trees, forests, and trust relationships, which facilitate user access and resource management across various network locations.

Uploaded by

Nick
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Active Directory

ACTIVE DIRECTORY
A directory service (DS) is a software application- or a set of applications
- that stores and organizes information about a computer network's
users and network resources.

Active Directory is a Directory Service which Contains Information of All


User Accounts and Shared Recourses on a Network.

• Active Directory is a Centralized Hierarchical Directory Database

• Allows network administrators to manage users' access to the


resources

• Act as an abstraction layer between users and shared resources


What Is Active Directory?
Active
Active Directory
Directory

Directory service functionality Centralized management

Organize
Manage Resources Single point of administration
Control
Active Directory

• What is Active Directory?


– LDAP Directory Service
– Works with and requires DNS
– Centrally Managed
– Extensible
– Interoperable
PURPOSE OF ACTIVE DIRECTORY

[Link] User Logon and Authentication Services

[Link] organize and manage:


User Accounts
Computers
Groups and
Network Resources

3 Enables authorized Users to easily locate:


Network Resources
Active Directory
• Building blocks of Active Directory
– Objects
• Users
• Machines
– Sites
– Domains
– Trees
– Forests
– Trusts
• Transitive
• Non-Transitive
What is a domain?
• A domain is a collection of computer, user
and group objects defined by an
administrator
• These domain defined objects share
common characteristics, security policies
and relationships with other domains in the
corporate network
Trees and forests
• Trees: A domain tree exists when one domain is the child
of another domain. A domain tree must have a contiguos
namespace example [Link], [Link]
• Forests: A forest is a collection of trees that dont
necessary share a contiguos namespace, example
[Link], [Link]
• A forest is a collection of one or more active directory
domains
Cont..
•The first domain created is the root
domain of the first tree.
• Additional domains in the same
domain tree are child domains.
• A domain immediately above another
domain in the same domain tree is its
parent
TREE
Joining a Domain
• If Active Directory has been properly
configured, clients and other servers
should be able to join the domain.
Sites
• They represent a physical network
locations in Active Directory
• Sites are created to match the physical
network structure of an organization
• Sites are used for managing
organizations that have branches
spread across different
geographical locations but fall
under the same domain.
• Specifically, a site is a grouping of
related subnets
Sites [Link]

WAN Link

India USA
TRUST RELATIONSHIPS
• Where there is not trust between domains, no access
between domains is possible
• Trust relationships are managed via the Active Directory
Domains And Trusts Console. It lets you perform these
basic tasks: Raise domain functional level. Raise forest
functional level.
Types of trusts
• Transitive trusts: Transitive trusts are trusts that can extend beyond
the two domains that the trust connects. When a domain has a
transitive trust with another domain, it can also trust and
communicate between other domains that the trusted domain has
established trust with.
• Non-transitive trusts: Non-transitive trusts do not extend beyond the
two domains that the trust connects. So, when a domain trusts
another domain, it cannot communicate with the other domains that
the trusted domain has communications with.
• A transitive trust is a trust that is extended not only to a child object,
but also to each object that the child trusts. (In contrast, a non-
transitive trust extends only to one object.)
What is a domain controller?
• DCs are servers that perform the AD DS role
• A domain controller is a server that responds to security
authentication(logging, checking permissions etc) within
a domain
• Smaller companies will likely only have one domain
controller whereas larger organisations will have multiple
domain controllers.
• This allows user login requests and resources to be
distributed across multiple servers and provides fault
tolerance in the event one domain controller is down
• a single domain controller can manage multiple domain
trees or forests
Folder objects
• Active Directory stores data as objects. An
object is a single element, such as a user,
group, application or device such as a
printer. Objects are normally defined as
either resources, such as printers or
computers, or security principals, such as
users or groups.
Examples of AD objects
• Shared folder
• Group
• Organisational unit
• Domain
• Computer
• Builtin
• Foreign security principals
Organisation unit

• Provides a way of classifying objects


located in directories
• It’s a container within an AD which can
hold users, groups and computers.
• OUs group resources that have similar
permissions, access levels and
functions such as:
• The finance OU contains users who
need to access resources on the
Finance1 server
Users, groups and windows
permissions
• A user account is an identity created for a person in a computer or
computing system. A user account allows you to sign in to your
computer. Users must have an account/password created for them
before they can login and access network resources
• user accounts represent each user that has access to logon to a
network.
Types of accounts

You might also like