Title: Microsoft Active DirectoryAD
1Microsoft Active Directory(AD)
- A presentation by
- Robert, Jasmine, Val and Scott
- IMT546
- December 11, 2004
2What are directory services?
- All Directory services use a hierarchical
structure that stores information about objects
on the network. What differentiates the various
implementations are the types of objects that
they track.
3What objects are tracked via Directory Services?
- Shared Resources
- Servers,
- Shared volumes,
- Printers
- Applications
- Administration of
- Users
- User/Group access
- Network resources
- Management of domains, applications, services,
security policies, and just about everything else
in your network.
4Directory Services Common Features
- Provide file shares
- Authenticate users
- Provide services, such as Email, Access to the
internet, Print services etc. - Control access to services and shares.
5Key Features of Active Directory
- AD as a namespace that is integrated with the
Internet's Domain Name System (DNS). - AD - A new directory service central to the
Windows 2000 Server operating system, runs only
on domain controllers. - Some directory services are integrated with
an operating system, and others are applications
such as e-mail directories. Operating system
directory services, such as AD, provide user,
computer, and shared resource management.
6Active Directory utilizes a distributed
architecture
- Active Directory, in addition to providing a
place to store data and services to make that
data available, also protects network objects
from unauthorized access and replicates
information about objects across the entire
network so that information about objects is not
lost if one domain controller fails.
7Terminology
- Site A site is a physical location, or LAN.
This is different from a web site, which is an
organizations internet presence. - Domain
- (1) A sub-network comprised of a group of clients
and servers under the control of one security
database. Dividing LANs into domains improves
performance and security. - (2) All resources under the control of a single
computer system.
8Sample Domain Structure
9Basic Network Identity Services
-
- Dynamic Host Configuration Protocol (DHCP)
- Domain Name System (DNS)
- Lightweight Directory Access Protocol (LDAP)
- Public Key Infrastructure (PKI)
- Remote Authentication Dial-In User Service
(RADIUS) - Microsoft's Active Directory
- Novell Directory Services (NDS)
10Identity Service Providers
- SERVICE SPECIFICS
- Most mid-sized to large enterprises today are
likely to run about a half dozen network identity
services to connect their business applications
and network infrastructure. - These services each have specific roles to play
in the network. But they often also interact with
one another, too. - Network identity services each perform specific
tasks and also frequently interact. Managing
interactions becomes challenging when multiple
internal organizations administer the various
services, which may be duplicated in numerous
locations throughout the network and use
different data stores.
11DNSDomain Name System
- DNS is a globally distributed database that
manages IP addresses on the internet. - DNS uses a hierarchy of domains on the internet.
- Top level domains use the familiar names like
.com, .edu, .gov. - The second level are registered to organizations
who have a presence on the web. - Active Directory is designed to exist within the
scope of the Global DNS Namespace.
12DNS Structure
13LDAP
- Lightweight Directory Access Protocol (LDAP) -- a
protocol used to access a directory service. - Lightweight Access Directory Protocol is the
primary access protocol for Active Directory.
14Active Directory's Global Catalog
- The global catalog is the mechanism that tracks
all of the objects managed across the network,
across all domains within the organization. - Elements of the catalog are replicated across all
of the domain controllers within all domains
across the org.
15Global Catalog -Service Discovery
- For Active Directory to function properly, DNS
servers must support Service Location (SRV)
resource records. - SRV resource records map the name of a service to
the name of a server offering that service.
Active Directory clients and domain controllers
use SRV resource records to determine the IP
addresses of domain controllers.
16Domain authority
- Active Directory replicates its administration
information across domain controllers throughout
the forest utilizing a multi-master approach. - Multi-master replication among peer domain
controllers is impractical for some types
changes, so only one domain controller, called
the operations master, accepts requests for such
changes.
17Authentication
- Each domain controller has information for the
entire forest to support authentication and
access control. - This provides the ability for local domain
controllers (the tree) to provide a quick local
lookup of authority. - Not just users but every object authenticating to
Active Directory must reference the global
catalog server, including every computer that
boots up
18An example of an Active Directory implementation
PING North America
- Benefits from using Active Directory
- Reduced one IT staff members workload by 40
percent, freeing 800 hours per year to work on
new projects - Significant cost savings due to server
consolidation and elimination of mainframe and
NetWare - Increased security and stability through
centralized desktop management - Active Directory also gives PING a single
repository for all types of information.
Source Microsoft
19Time Savings
- Before
- PCs that were still running Windows NT
Workstation or Windows 98, it would take as much
as 40 hours of effort to manually visit each
desktop and install the patch. - After
- Desktops that are running Windows XP
Professional, A group policy can be created that
will push a new security patch out to all of them
in less than 30 minutes.
20Repository of Information
- Before
- Spreadsheets had to be created and spreadsheets
maintained for user locations, office numbers,
phone numbers etc. - After
- All of the information is now managed in a single
place and is updated using a single interface.
21Increased Security
- Since Active Directory will provide a single
point of management for all systems. Desktops can
be locked down in a known, secure state and kept
current with software updates and security
patches with minimal time and effort.
22Open Source Implementation
23Mac OS X Server v10.3 Open Directory 2
- The latest version of Apples standards-based
directory and authentication services
architecture. - The Open Directory architecture makes it easy to
integrate Mac OS X client and server systems to
into your existing network infrastructure. Its
compatible with other standards-based LDAP
servers, and can even plug into environments that
use proprietary services such as Microsofts
Active Directory and Novells eDirectory.
24Open Directory Features
- Support for mixed-platform environments -
- Strong authentication options -Kerberos
- Reliability and scalability -
25References
- Mac Os X Open Directory http//www.apple.com/serv
er/macosx/open_directory.html - Microsoft Active Directory
- http//www.microsoft.com/technet/prodtechnol/windo
ws2000serv/technologies/activedirectory/deploy/pro
jplan/adarch.mspx - Ping http//www.microsoft.com/resources/casestudi
es/CaseStudy.asp?CaseStudyID15304 - General http//www.microsoft.com
- Gaining Control of Your network Identity
infrastructure http//www.bitpipe.com/detail/RES/
1082474885_246.html