Active Directory Tutorial Pdf
- Active Directory Tutorial For Beginners
- Azure Active Directory Tutorial Pdf
- Azure Active Directory Tutorial Pdf
- What is Directory Service?
- Active Directory
- History of Directory Service
- Advantage of LDAP
- Back to Active Directory
- Naming conventions
- Requirement of DNS
- AD objects
- AD Database
- Schema
- Domain, Tree and Forest
Learn Active Directory with these step by step tutorials and training videos. These Active Directory tutorials contain real world examples with options for all skill levels, learn group policy, manage domain controllers, windows server administration and more. Domain Controller a domain controller is the server where AD is installed. Sometimes the term Active Directory and Domain Controller is used interchangeably. Forest A forest is the highest level of the logical structure hierarchy. An Active Directory forest represents a single self-contained directory. Understanding Active Directory - PART 1.pdf. A PowerShell Approach Understanding Active Directory for Beginners Major changes with Exchange Server 2013 Office 365. This guide is provided to TSAG Members as an introduction to the administration of the Active Directory service and the Active Directory Users and Computers snap-in. This snap-in allows you to add, move, delete, and alter the properties for objects such as users.
- A directory service is a container that provides a hierarchical structure and allows to store objects for quick and easy access and manipulation. A directory service is like an electronic phone directory that lets you search for Name and retrieve the phone number, address, or other information without knowing where that person lives.
- Before directory services, If you needed a file, you needed to know the name of the file, the name of the server on which it is stored and its folder path. Now this works well on small network, but as the network grows it becomes challenging.
- Directory service is the means by which users and administrators can locate resources regardless of where those resources are located.
- Also earlier typical user could have more than one user account or password, and as the network grows and the number of username and password also increases, like one for File Server, one for email server, etc.
- Active Directory is Microsoft’s answer to directory services and it does a lot more than just locating resources.
- Active Directory take care of this by using Kerberos Authentication and Single Sign-On (SSO). SSO means ability of Kerberos to provide a user with one set of credentials and grant them access across a range of resources and services with that same set of credentials. Kerberos authenticates the credentials and issues the user a ticket with which the user gains access to the resources and services that support Kerberos.
- Active Directory also makes user management more easier as it acts as a single repository for all of this user and computer related information.
- Earlier to today’s directory services is X.500 specification that emerged from the International Telecommunications Union (ITU), formerly the CCITT (Comité Consultatif International Téléphonique et Télégraphique).
- X.500 sits at the Application layer in the OSI model. X.500 contain several component databases that work together as a single entity.
- The primary database is the Directory Information Base (DIB), which stores information about the objects. Major limitation was its lack of integration with Internet Protocol (IP).
- Protocol it used was Directory Access Protocol, or DAP. DAP offered more functionality than that is required for implementing directory services, so a scaled down version called Lightweight Directory Access Protocol (LDAP) was made. Later it was considered as a standard by Internet Engineering Task Force (IETF).
- LDAP relies on the TCP/IP stack rather than the OSI stack
- Integrate with IP and enable IP clients to use LDAP to query directory services.
- LDAP can perform hyper-searches. Giving one directory the ability to defer to another to provide requested data.
- LDAP’s API is C-based
- Like X.500, LDAP uses an inverted-tree hierarchical structure
- LDAP supports Kerberos authentication, Simple Authentication Security Layer (SASL), and Secure Sockets Layer (SSL)
- Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols.
- AD is Microsoft’s answer to directory services and it does a lot more than just locating resources.
- AD uses LDAP as its access protocol.
- AD relies on DNS as its locator service, enabling clients to locate domain controllers through DNS queries.
- Lets Understand Active Directory in more detail.
- AD contains information about objects in your enterprise.
- These objects can be computers, users, printers etc.
- AD is a container with nested containers holding other containers or objects.
- And we name these container and objects so that its easy to query or search.
- User Principal Names, or UPN
- LDAP names also known as Distinguished Name
- This one you’ll probably find most familiar, is as per RFC 822 specification.
- This has the same format as your email address: Like ashwin@road2master.ms
- They take the form user@domain
- If you have a user named User01 under Active Directory domain Domain01.local, the UPN will be User01@Domain01.Local
- We will discuss more about AD domain later.
- In AD you can create custom UPNs too, which means you can also add User01@Domain01.com or User01@xyz.com as UPN for above mentioned object.
- More on these later.
- Typically it has this format
cn=common name
ou=organizational unit
dc=domain
for eg. cn=Ashwin,ou=Trainer,dc=Road2Master,dc=ms
- And query should look like this for the
LDAP://R2MAD01.road2master.ms/cn=Ashwin,ou=Trainer,dc=Road2Master,dc=ms
R2MAD01.road2master.ms is the FQDN of the Domain Controller.
- DNS Server must support
- Service resource (SRV) records
- Dynamic update protocol specified by RFC 2136
- AD relies on DNS as its primary locator service, although its not the only mechanism for locating domain controllers (DCs).
- Domain Controller is the server which has Active Directory Installed.
- When a Domain Controller starts,
- It registers both its DNS name and NetBIOS name. More on NetBIOS name later.
- It add LDAP-specific SRV records in DNS to enable LDAP clients to locate DCs through LDAP queries.
- It also add Kerberos authentication protocol-specific SRV records to enable clients to locate servers running the Kerberos Key Distribution Center (KDC) service.
- Also each DC also adds an A record that enables clients that don’t support SRV records to locate the DC through a simple host record lookup. You can disable this if required.
- Objects in AD can be either containers for other objects or they can be leaf objects, which do not serve as containers.
- Objects in AD have attributes, and these attributes not only define the object but also store data. This defines the character of that Object.
- Some attributes and optional and some are mandatory.
- Optional : Phone Number
- Mandatory: Username
- When an Object is created AD assigns a GUID, which is a 128-bit number and no two objects in AD have the same GUID.
- And If an object is moved from AD, it doesn't delete its GUID.
- Objects in AD are protected by Access Control Lists (ACLs).
- More on Security later.
- The ESE comprises of tables that define the structure of the directory.
- The Database Layer has three partition that define the contents of AD with an optional 4th table or partition.
- This stores Active Directory Schema.
- Active Directory Schema defines what are the types of objects that can be created in the directory
- How are those objects relate to one another, and what are the mandatory and optional attributes of each object.
- And how can one create such objects.
- This contains configuration of AD.
- This partition stores the objects.
- This is an optional 4th partition that an administrator can create.
Active Directory Tutorial For Beginners
- More about Active Database in the upcomming parts.
- Active Directory Schema defines what are the types of objects that can be created in the directory
- How are those objects relate to one another, and what are the mandatory and optional attributes of each object.
- And how can one create such objects.
- Schema requires to updates whenever you need to create a new type of object or add anything that requires new attribute.
- Objects that are made on AD are grouped into domains.
- The objects for a single domain are stored in a single database (which can be replicated).
- A tree is a collection of one or more domains
- A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration.
[Video]
Whether you’re new to Active Directory (AD) or just need a refresher, it’ll help you enhance your information technology (IT) environment if you understand how Active Directory has expanded in the Windows 2008 Server, the tasks of the domain controllers, necessary steps to design the logical side of Active Directory, the standard resource records used in the Domain Name Service (DNS), and the hardware required to run the Windows 2008 Server.
Active Directory Components in Windows Server 2008
The range of Active Directory (AD) has expanded in Windows Server 2008 and has become an essential part of many information technology (IT) environments. Active Directory has become an umbrella for a multitude of technologies surpassing what AD was in Windows Server 2000 and 2003. Check out the new uses for Active Directory:
Active Directory Domain Services: An X.500-based directory service that provides integrated authentication and authorization services for a Windows computing environment.
Active Directory Lightweight Directory Services: A stripped down version of Active Directory Domain Services that focuses on providing just the directory services functionality.
Active Directory Federation Services: A Web Services–based technology for providing Web single sign-on authentication services between different organizations.
Active Directory Certificate Services: Provides digital certification enrollment and revocation services in the support of a public key infrastructure (PKI).
Active Directory Rights Management Services: Provides a solution for managing how users can use documents that they’re authorized to access.
Roles of the Active Directory Domain Controllers
Active Directory uses a multiple-master model, and usually, domain controllers (DCs) are equal with each other in reading and writing directory information. However, certain roles cannot be distributed across all the DCs, meaning that changes can’t take place on more than one domain controller at a time. Some domain controllers, therefore, do assume a single-master operations role — known as operations masters in Active Directory.
The five categories of operations master roles are:
Schema master (one per forest): Maintains the master copy of the schema.
PDC emulator (one per domain): Emulates a primary domain controller for backward compatibility with Windows NT.
Products certified by the Federal Communications Commission and Industry Canada will be distributed in the United States and Canada. Please visit the ASUS USA and ASUS Canada websites for information about locally available products. All specifications are subject to change without notice. Please check with your supplier for exact offers. AMD X370 ATX Gaming motherboard with Aura Sync RGB LEDs, M.2, USB3.1 front-panel connector and type - A/C. Asus p5k se drivers windows 7 32bit. Products certified by the Federal Communications Commission and Industry Canada will be distributed in the United States and Canada. Please visit the ASUS USA and ASUS Canada websites for information about locally available products. All specifications are subject to change without notice. This motherboard supports the latest Intel 45nm CPU which introduces new micro-architecture features for greater performance at a given frequency, up to 50% larger L2 caches, and expanded power management capabilities for new levels of energy efficiency. Update the ASUS P5K SE/EPU Motherboard Drivers For Windows 7 with ease. Easy Driver Pro makes getting the Official ASUS P5K SE/EPU Motherboard Drivers For Windows 7 a snap. Easy Driver Pro will scan your computer for missing, corrupt, and outdated Drivers. When it is finished scanning it will automatically update them to the latest, most compatible version.
Domain naming master (one per forest): Tracks object names throughout a forest to ensure that they’re unique. Also tracks cross-references to objects in other directories.
Infrastructure master (one per domain): Tracks object references among domains and maintains a list of deleted child objects.
Relative identifier (RID) master (one per domain): Tracks the assignment of SIDs (security identifiers) throughout the domain.
Usually, the first domain controller that you create in the first domain assumes the operations master roles. You can assign these roles to other domain controllers in the domain or forest, but only one domain controller at a time can hold each operation’s master role.
Active Directory Logical Design Checklist
Active Directory is part of a storage structure you design that provides organization of objects — like users, computers, groups, and an assortment of other objects — in your IT environment. Before you can implement Active Directory, you have to do some planning. Be sure to complete the following steps before creating domains and organizational units (OUs):
Using the DNS namespace, identify and name the root domain.
Command line instructions can be found in Knowledge Base article. .To start the download, click the Download button and then do one of the following, or select another language from Change Language and then click Change. Install powerpoint 2010 for free. Click Save to copy the download to your computer for installation at a later timeIT professional resourcesIT professional working in managed environments can find complete resources for deploying Office updates in an organization on the. Click Run to start the installation immediately.
Determine whether a tree or a forest is appropriate for your organization.
Determine whether you need additional domains.
Consult your requirements and environment to decide which domain model is best for your needs and to decide whether you need additional child domains.
Analyze business models and processes to determine which OU model is best for your needs.
Determine who will administer each OU and the administrative rights they’ll need.
Delegate the administrative privileges that the OU administrators need.
Diagram the logical Active Directory structure.
Common Types of Domain Name Service Resource Records
A resource record is the basic data component in the Domain Name Service (DNS). DNS resource records define not only names and IP addresses but domains, servers, zone, and services as well. This list shows you the most common types of resource records:
Type | Purpose |
---|---|
A | Address resource records match an IP address to a host name. |
CNAME | Canonical name resource records associate a nickname to a host name. |
MX | Mail exchange resource records identify mail servers for the specified domain. |
NS | Name server resource records identify servers (other than the SOA server) that contain zone information files. |
PTR | Pointer resource records match a host name to a given IP address. This is the opposite of an Address record, which matches an IP address to the supplied host name. |
SOA | Start of authority resource records specify which server contains the zone file for a domain. |
SRV | Service resource records identify servers that provide special services to the domain. |
Azure Active Directory Tutorial Pdf
Hardware Requirements for Windows Server 2008
Before you arrange and use Active Directory, you need to install the operating system Windows Server 2008. Start by making certain the hardware you plan to use as domain controllers is able to run the operating system. This list shows you the minimum and recommended hardware levels for Windows Server 2008:
Azure Active Directory Tutorial Pdf
Component | Requirement |
---|---|
Processor | 1 GHz (x86 CPU) or 1.4 GHz (x64 CPU) |
Memory | 512MB required; 2GB or higher recommended. |
Hard Disk | 10 GB required. 40 GB or more recommended. |
Video | Super VGA or higher video card and monitor. |
Hardware | Must be on the Windows 2008 Hardware Compatibility List. |