Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Directory Fundamentals

Published byDoreen Quinn Modified over 5 years ago

Similar presentations

Presentation on theme: "Active Directory Fundamentals"— Presentation transcript:

1 Active Directory Fundamentals
Presented by Ram Pratap Singh

2 How Objects Are Stored and Identified
In data store A similar fashion as file system containers Non-containers object Each entry called data store

3 Uniquely Identifying Objects
locatable and identifiable universally unique identifier (UUID) GUID creation API function

4 Building Blocks Domains and Domain Trees Forests Organizational Units
The Global Catalog Flexible Single Master Operator (FSMO) Roles Time Synchronization in Active Directory Domain and Forest Functional Levels Groups

5 Domains Group of network objects
Logical group that share the same AD database share the same space The permissions

6 Domain Trees A collation of one or more domain
A transitive trust hierarchy A security mechanism to authenticate and authorize access

7 Forest A forest is a collection of one or domain tree
Forest root domain Never remove the forest root domain Share a common global catalog Transitive trusts

8 Organizational Units Having covered the large-scale (domains, trees, and forests) view of AD OUs are often used almost exclusively for building object hierarchies within a domain OUs to create and delete accounts, change passwords

9 The Global Catalog The GC can be accessed via LDAP over port 3268
The Global Catalog is read-only and cannot be updated directly The Global Catalog are members of the partial attribute set(PAS

10 Flexible Single Master Operator (FSMO) Roles
There are five roles, three exist for every domain, and two apply to the entire forest. Schema master (forest-wide) Domain naming master (forest-wide) PDC emulator (domain-wide) RID master (domain-wide) Infrastructure master (domain-wide)

11 Schema master (forest-wide)
That is allowed to make updates to the schema No other server can process changes to the schema The first DC to promote in a forest

12 Domain naming master (forest-wide)
Controls changes to the forest-wide namespace Adds and removes domains Rename or move domains within a forest Authorize the creation of application partitions

13 PDC Emulator (domain-wide)
The PDC has important legacy functions Acts as the PDC for down-level clients Maintain the latest password Primary time source for the domain

14 RID master (domain-wide)
A relative identifier (RID) master exists per domain RID base on security identifier (SID) Security permissions Security verification Generating and maintaining a pool of unique values

15 Infrastructure master (domain-wide)
Maintain references to objects The infrastructure master is work as phantoms Similar as global catalog Responsible for updating an object’s SID and distinguished name

16 Time Synchronization in Active Directory
Domain controllers and domain members having synchronized clocks Clocks to verify the authenticity of Kerberos packets The w32time service implements time synchronization PDC emulator synchronizes its clock with a reliable outside time source

17 Configuring W32Time on the PDC Emulator
configure the PDC emulator, you will need to identify one or more authoritative external time sources. For this example we will use the NTP Pool Project’s ( NTP servers: w32tm /config /update /manualpeerlist:"0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org" /syncfromflags:manual /reliable:YES w32tm /resync /rediscover /nowait

18 Forest and Domain Functional Levels

19 Windows 2000 Native Features
Forest functional level- All of the default AD DS features are available. Domain functional level- All of the default AD DS features and the following directory features are available including:- Universal groups for both distribution and security groups. Group nesting Group conversion, which allows conversion between security and distribution groups Security identifier (SID) history

20 Windows 2000 Native Features
Supported Domain Controller Operating System: Windows Server 2008 R2 Windows Server 2008 Windows Server 2003 Windows 2000

21 Windows Server 2003 Features
Forest functional level features- All of the default AD DS features, and the following features, are available: Forest trust Domain rename Linked-value replication The ability to deploy a read-only domain controller (RODC) Improved Knowledge Consistency Checker (KCC) algorithms and scalability Dynamic Object in a domain directory partition Create instances of new group types to support role-based authorization

22 Windows Server 2003 Features
Domain functional level features- All the default AD DS features, all the features that are available at the Windows 2000 native domain functional level. The domain management tool, Netdom.exe Logon time stamp updates Last Logon Time stamp The ability to set the userPassword attribute on (inetOrgPerson) The ability to redirect Users and Computers containers Constrained delegation Selective authentication Supported Domain Controller Operating System: Windows Server 2012, 2012 R2 Windows Server 2008, 2008 R2 Windows Server 2003

23 Windows 2008 Features Forest functional level features-
All of the features that are available at the Windows Server 2003 forest functional level, but no additional features are available. Domain functional level features- All of the features that are available at the Windows Server 2003 forest functional level, but no additional features are available. Distributed File System (DFS) Domain-based DFS Advanced Encryption Standard (AES 128 and AES 256) support for the Kerberos protocol. Last Interactive Logon Information Fine-grained password policies Personal Virtual Desktops

24 Windows 2008 Features Supported Domain Controller Operating System:
Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows 2008 Windows 2008 R2

25 Windows 2008 R2 Features Forest functional level features-
All of the features that are available at the Windows Server 2003 forest functional level, plus the following features: Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. Domain functional level features- All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus the following features: Authentication mechanism assurance Automatic SPN management

26 Windows 2008 R2 Features Supported Domain Controller Operating System:
Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows 2008 R2

27 Windows 2012 Features Forest functional level features-
All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features. Domain functional level features- All default Active Directory features, all features from the Windows Server 2008R2 domain functional level, plus the following features: The KDC support for claims, compound authentication, and Kerberos armoring KDC administrative template policy has two settings (Always provide claims and Fail unarmored authentication requests) that require Windows Server 2012 domain functional level.

28 Windows 2012 Features Supported Domain Controller Operating System:
Windows Server 2016 Windows Server 2012 R2 Windows Server 2012

29 Windows 2012 R2 Features Forest functional level features-
All of the features that are available at the Windows Server 2012 forest functional level, but no additional features. Domain functional level features- All default Active Directory features, all features from the Windows Server 2012 domain functional level, plus the following features: DC-side protections for Protected Users Authenticate with NTLM authentication Use DES or RC4 cipher suites in Kerberos pre-authentication Be delegated with unconstrained or constrained delegation Renew user tickets (TGTs) beyond the initial 4 hour lifetime Authentication Policies Authentication Policy Silos

30 Windows 2012 R2 Features Supported Domain Controller Operating System:
Windows Server 2016 Windows Server 2012 R2

31 Windows 2016 Features Forest functional level features-
All of the features that are available at the Windows Server 2012R2 forest functional level, and the following features, are available: Privileged access management (PAM) using Microsoft Identity Manager (MIM) Domain functional level features- All default Active Directory features, all features from the Windows Server 2012R2 domain functional level, plus the following features: DCs can support rolling a public key only user's NTLM secrets. DCs can support allowing network NTLM when a user is restricted to specific domain-joined devices. Kerberos clients successfully authenticating with the PKInit Freshness Extension will get the fresh public key identity SID.

32 Windows 2016 Features Supported Domain Controller Operating System:
Windows Server 2016

33 Groups Groups are two types
Groups are used to collet user account, computer accounts and other groups in to manageable unite Groups are two types Distribution (mail) Group Security (permission) Group

34 Active Directory supports group scopes
There are three scopes Domain local Domain global Domain universal

35 Infrastructure master (domain-wide)
Maintain references to objects The infrastructure master is work as phantoms Similar as global catalog Responsible for updating an object’s SID and distinguished name

Download ppt "Active Directory Fundamentals"

Similar presentations

Active Directory and Group Policy Blackhat Amsterdam Raymond Forbes.

Active Directory and Group Policy Blackhat Amsterdam Raymond Forbes.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Introduction to Active Directory

Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
CS603 Active Directory February 1, 2001.

CS603 Active Directory February 1, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory

Understanding Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Vikram Thakur Introduction to Active Directory Structure.

Vikram Thakur Introduction to Active Directory Structure.
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS

ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Module 1: Installing Active Directory Domain Services

Module 1: Installing Active Directory Domain Services
Module 1: Installing Active Directory Domain Services

Module 1: Installing Active Directory Domain Services

Similar presentations

Ads by Google