active directory and application

By Amin Pathan (MTech-CSE Pursuing, BE-IT)

Technical overview of Windows 2003 Active Directory

Introduction to Windows 2003 Active Directory in application mode

Windows 2003 Reviewer’s Guide

What is Active Directory Building an Active Directory Using Active Directory Features Active Directory Objects Auditing Active Directory

Directory services of the Windows server system

Stores information about network object and makes the information available to administrators, users, and applications

Provides a single point of network management allowing people to add, remove, and relocate users and resources easily

Integrated with Internet’s hierarchical domain naming system

Integration with DNS Flexible querying Information security Simplified administration Scalability

Objects are the basic entities that constitute the Active Directory◦ Each object will have it own globally unique

identifier (GUID) Schema

◦ Describes the object classes◦ Defines the attributes for the object classes

Objects based hierarchical structure with constructs◦ Domains◦ Trees◦ Forests◦ Trust relationships◦ Organizational Units◦ Sites

Parent and child domains in a domain tree. Double-headed arrows indicate two-way transitive trust relationships

One forest with three domain trees. The three root domains are not contiguous with each other, but

EuropeRoot.com and AsiaRoot.com are child domains of HQ-Root.com.

Shortcut trusts between Domains B and D, and between Domains D and 2

Transitive Two-way Shortcut trusts External trusts

Intra-site replication with just one domain .

Intra-site replication with two domains and two global catalogs

Based on standard directory protocols Interoperate with other protocols Example: LDAP

(Lightweight Directory Access Protocol)◦ LDAP it is used to add, modify, delete and query

information stored in AD◦ LDAP to AD is like SQL to Oracle◦ LDAP determines how a client can access the

directory, operations within the directory and share directory data

Based on Kerberos Supports multiple security configurations

for cross platform interoperability ◦ Clients: A domain controller will authenticate

clients running RFC-1510 Kerberos. This will include other clients running other operating systems.

◦ Unix clients and services: A Kerberos principal is mapped to a Windows 2000 user or computer account

Installation Of Active Directory

The computer must be Windows 2k, 2k3 Server, Advanced Server or Datacenter Server.

At least one volume on the computer must be formatted with NTFS.

DNS must be active on the network prior to AD installation or be installed during AD installation.

DNS must support SRV records and be dynamic. The computer must have IP protocol installed and

have a static IP address. The Kerberos v5 authentication protocol must be

installed. Time and zone information must be correct.

DCPROMO

•Clients use DNS to locate Active Directory controllers.

•Servers and client computers register their names and IP addresses with the DNS server

Existing Domain Member Server

Users Computers Groups

Defines the various components of the users desktop environment that an administrator must manage

Applies not only to user and client computers but also to member servers, domain controllers, and other 2003 server in scope of management

Manage registry-based policy with Administrative Templates

Assign scripts. This includes scripts such as computer startup, shutdown, logon, and logoff

redirect folders, such as My Documents and My Pictures, from the Documents and Settings folder on the local computer to network locations

Audit related functional activities

Account logon and logon events Object access Account management Directory service access Policy change System events Process tracking Privilege

Logon/Logout User access to resources

◦ File, folder, registry key, printer etc. Account management

◦ Create users and groups, modify membership, change password etc.

Systems events◦ Service start/stop

Directory service access◦ User’ access to Active Directory objects

www.microsoft.com www.windowsitpro.com www.visualwin.com http://www.microsoft.com/technet/prodtechnol/wi

ndowsserver2003/library/DepKit/d2ff1315-1712-48e4-acdc-8cae1b593eb1.mspx

http://en.wikipedia.org/wiki/Active%5FDirectory http://www.microsoft.com/technet/prodtec

hnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/domcntrl.mspx#EFAA