Professional Documents
Culture Documents
Slides Preference
Slides Preference
• Overview of AD DS
• AD DS Physical Components
• AD DS Logical Components
Part 1: Overview of AD DS
• Protocol
• What is Authentication?
• What is Authorization?
• Why Deploy AD DS?
• Centralized Network Management
• Requirements for Installing AD DS
• Overview of AD DS and DNS
• Overview of AD DS Components
Protocol
Security
Security principals
principals are
are issued
issued User
User accounts
accounts are
are issued
issued security
security
security
security identifiers
identifiers (SIDs)
(SIDs) when
when the
the tokens
tokens during
during authentication
authentication that
that
account
account isis created
created include
include the
the user’s
user’s SID
SID and
and all
all
related
related group
group SIDs
SIDs
Shared
Shared resources
resources on
on aa network
network The
The security
security token
token isis compared
compared
include
include access
access control
control lists
lists (ACL)
(ACL) against
against the
the Discretionary
Discretionary Access
Access
that
that define
define who
who can
can access
access thethe Control
Control List
List (DACL)
(DACL) on on the
the
resource
resource resource
resource and
and access
access isis granted
granted or
or
denied
denied
Why Deploy AD DS?
AD
AD DS
DS provides
provides aa centralized
centralized system
system for
for managing
managing users,
users, computers,
computers, and
and other
other
resources
resources on
on aa network
network
AD DS features include:
• Centralized directory
• Integrated security
• Scalability
• Options for configuring security policies that apply to all users and computers
DNS Domain
Name
DNS
AD
AD DS
DS domain
domain controller
controller records
records DNS
DNS zones
zones can
can be
be stored
stored inin AD
AD
must
must be
be registered
registered in
in DNS
DNS to to DS
DS as
as Active
Active Directory
Directory integrated
integrated
enable
enable other
other domain
domain controllers
controllers zones
zones
and
and client
client computers
computers to to locate
locate
the
the domain
domain controllers
controllers
DNS
Zone
Component Overview
AD
AD DS
DS isis composed
composed of
of both
both physical
physical and
and logical
logical components
components
• Sites
• Domain Controllers
• Global Catalog Servers
• Data Store
• Replication
• Sites
Domain Controllers
A
A domain
domain controller
controller isis aa server
server with
with the
the AD
AD DS
DS server
server role
role installed
installed that
that has
has
specifically
specifically been
been promoted
promoted to to aa domain
domain controller
controller
Domain controllers:
• Host a copy of the AD DS directory store
AD DS replication:
• Ensures that all domain controllers have the same information
Sites are:
• Associated with IP subnets
• Used to assign group policy objects to all users and computers in a company
location
Lesson 3: Overview of AD DS Logical Components
• AD DS Schema
• The Basics
• Trusts
• AD DS Objects
• Demo: Installation and Management
What is the AD DS Schema?
The AD DS Schema:
• Defines every type of object that can be stored in the directory
• Enforces rules regarding object creation and configuration
• User
What objects can be created in the
Class Object
directory • Computer
Contoso.com
Domains:
• An administrative boundary for applying policies to groups of objects
A
A domain
domain tree
tree isis aa hierarchy
hierarchy of
of domains
domains in
in AD
AD DS
DS
emea.contoso.com na.contoso.com
Forests:
• Share a common schema
• Apply policies
Trusts
Trusts
Trusts provide
provide aa mechanism
mechanism for
for users
users to
to gain
gain access
access to
to resources
resources in
in another
another domain
domain
Shared folders • Enables users to search for shared folders based on properties
DEMO: Installation and Management
• Review Questions
• Summary of AD DS
Thanks for Watching!
Any Questions?