Microsoft Active DirectoryAD - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Microsoft Active DirectoryAD

Description:

... may be duplicated in numerous locations throughout the network and use different ... The latest version of Apple's standards-based directory and authentication ... – PowerPoint PPT presentation

Number of Views:24
Avg rating:3.0/5.0
Slides: 26
Provided by: sas1165
Category:

less

Transcript and Presenter's Notes

Title: Microsoft Active DirectoryAD


1
Microsoft Active Directory(AD)
  • A presentation by
  • Robert, Jasmine, Val and Scott
  • IMT546
  • December 11, 2004

2
What are directory services?
  • All Directory services use a hierarchical
    structure that stores information about objects
    on the network. What differentiates the various
    implementations are the types of objects that
    they track.

3
What objects are tracked via Directory Services?
  • Shared Resources
  • Servers,
  • Shared volumes,
  • Printers
  • Applications
  • Administration of
  • Users
  • User/Group access
  • Network resources
  • Management of domains, applications, services,
    security policies, and just about everything else
    in your network.

4
Directory Services Common Features
  • Provide file shares
  • Authenticate users
  • Provide services, such as Email, Access to the
    internet, Print services etc.
  • Control access to services and shares.

5
Key Features of Active Directory
  • AD as a namespace that is integrated with the
    Internet's Domain Name System (DNS).
  • AD - A new directory service central to the
    Windows 2000 Server operating system, runs only
    on domain controllers.
  • Some directory services are integrated with
    an operating system, and others are applications
    such as e-mail directories. Operating system
    directory services, such as AD, provide user,
    computer, and shared resource management.

6
Active Directory utilizes a distributed
architecture
  • Active Directory, in addition to providing a
    place to store data and services to make that
    data available, also protects network objects
    from unauthorized access and replicates
    information about objects across the entire
    network so that information about objects is not
    lost if one domain controller fails.

7
Terminology
  • Site A site is a physical location, or LAN.
    This is different from a web site, which is an
    organizations internet presence.
  • Domain
  • (1) A sub-network comprised of a group of clients
    and servers under the control of one security
    database. Dividing LANs into domains improves
    performance and security.
  • (2) All resources under the control of a single
    computer system.

8
Sample Domain Structure
9
Basic Network Identity Services
  • Dynamic Host Configuration Protocol (DHCP)
  • Domain Name System (DNS)
  • Lightweight Directory Access Protocol (LDAP)
  • Public Key Infrastructure (PKI)
  • Remote Authentication Dial-In User Service
    (RADIUS)
  • Microsoft's Active Directory
  • Novell Directory Services (NDS)

10
Identity Service Providers
  • SERVICE SPECIFICS
  • Most mid-sized to large enterprises today are
    likely to run about a half dozen network identity
    services to connect their business applications
    and network infrastructure.
  • These services each have specific roles to play
    in the network. But they often also interact with
    one another, too.
  • Network identity services each perform specific
    tasks and also frequently interact. Managing
    interactions becomes challenging when multiple
    internal organizations administer the various
    services, which may be duplicated in numerous
    locations throughout the network and use
    different data stores.

11
DNSDomain Name System
  • DNS is a globally distributed database that
    manages IP addresses on the internet.
  • DNS uses a hierarchy of domains on the internet.
  • Top level domains use the familiar names like
    .com, .edu, .gov.
  • The second level are registered to organizations
    who have a presence on the web.
  • Active Directory is designed to exist within the
    scope of the Global DNS Namespace.

12
DNS Structure
13
LDAP
  • Lightweight Directory Access Protocol (LDAP) -- a
    protocol used to access a directory service.
  • Lightweight Access Directory Protocol is the
    primary access protocol for Active Directory.

14
Active Directory's Global Catalog
  • The global catalog is the mechanism that tracks
    all of the objects managed across the network,
    across all domains within the organization.
  • Elements of the catalog are replicated across all
    of the domain controllers within all domains
    across the org.

15
Global Catalog -Service Discovery
  • For Active Directory to function properly, DNS
    servers must support Service Location (SRV)
    resource records.
  • SRV resource records map the name of a service to
    the name of a server offering that service.
    Active Directory clients and domain controllers
    use SRV resource records to determine the IP
    addresses of domain controllers.

16
Domain authority
  • Active Directory replicates its administration
    information across domain controllers throughout
    the forest utilizing a multi-master approach.
  • Multi-master replication among peer domain
    controllers is impractical for some types
    changes, so only one domain controller, called
    the operations master, accepts requests for such
    changes.

17
Authentication
  • Each domain controller has information for the
    entire forest to support authentication and
    access control.
  • This provides the ability for local domain
    controllers (the tree) to provide a quick local
    lookup of authority.
  • Not just users but every object authenticating to
    Active Directory must reference the global
    catalog server, including every computer that
    boots up

18
An example of an Active Directory implementation
PING North America
  • Benefits from using Active Directory
  • Reduced one IT staff members workload by 40
    percent, freeing 800 hours per year to work on
    new projects
  • Significant cost savings due to server
    consolidation and elimination of mainframe and
    NetWare
  • Increased security and stability through
    centralized desktop management
  • Active Directory also gives PING a single
    repository for all types of information.

Source Microsoft
19
Time Savings
  • Before
  • PCs that were still running Windows NT
    Workstation or Windows 98, it would take as much
    as 40 hours of effort to manually visit each
    desktop and install the patch.
  • After
  • Desktops that are running Windows XP
    Professional, A group policy can be created that
    will push a new security patch out to all of them
    in less than 30 minutes.

20
Repository of Information
  • Before
  • Spreadsheets had to be created and spreadsheets
    maintained for user locations, office numbers,
    phone numbers etc.
  • After
  • All of the information is now managed in a single
    place and is updated using a single interface.

21
Increased Security
  • Since Active Directory will provide a single
    point of management for all systems. Desktops can
    be locked down in a known, secure state and kept
    current with software updates and security
    patches with minimal time and effort.

22
Open Source Implementation
23
Mac OS X Server v10.3 Open Directory 2
  • The latest version of Apples standards-based
    directory and authentication services
    architecture.
  • The Open Directory architecture makes it easy to
    integrate Mac OS X client and server systems to
    into your existing network infrastructure. Its
    compatible with other standards-based LDAP
    servers, and can even plug into environments that
    use proprietary services such as Microsofts
    Active Directory and Novells eDirectory.

24
Open Directory Features
  • Support for mixed-platform environments -
  • Strong authentication options -Kerberos
  • Reliability and scalability -

25
References
  • Mac Os X Open Directory http//www.apple.com/serv
    er/macosx/open_directory.html
  • Microsoft Active Directory
  • http//www.microsoft.com/technet/prodtechnol/windo
    ws2000serv/technologies/activedirectory/deploy/pro
    jplan/adarch.mspx
  • Ping http//www.microsoft.com/resources/casestudi
    es/CaseStudy.asp?CaseStudyID15304
  • General http//www.microsoft.com
  • Gaining Control of Your network Identity
    infrastructure http//www.bitpipe.com/detail/RES/
    1082474885_246.html
Write a Comment
User Comments (0)
About PowerShow.com