Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Active Directory December 10th, 2008 1-3pm Daniels 407.

Published byLester Daniel Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to Active Directory December 10th, 2008 1-3pm Daniels 407."— Presentation transcript:

1 Introduction to Active Directory December 10th, 2008 1-3pm Daniels 407

2 What we are going to cover... The basics of Active Directory What AD is What AD isn't Tools Management Concepts Additional Services Q & A

3 Active Directory is... A directory service that provides the ability for centralized: Authentication Authorization Management Active Directory is based on LDAP. LDAP is an industry standard method to access information from a remote database. LDAP does not define what sorts of info are stored or how it should be stored, only how to access it. Any type of data can be stored in a properly constructed LDAP service. In fact, Active Directory Application Mode is just a stand-alone LDAP server. Active directory stores copies of it's data on several Domain Controllers (DC's). If one fails, services are still available.

4 Tools Remote Server Administration Toolkit (RSAT) includes: Active Directory Users and Computers (ADUC) Group Policy Management Console (GPMC) Group Policy Editor DFS Management Console Print Managment Console Domain-wide Administration: Active Directory Sites and Services Active Directory Domains and Trusts

5 AD Objects Organizational Units Users Computers Groups Links (publishing): Shares Print Shares

6 What AD isn't A 100% solution A desktop environment Microsoft only The same as Novell 100% Automatable A true identity management system Perfect

7 Authentication Native: Kerberos (Version 5) NTLMv2 LDAP Smart Cards/Certificates Extendable to include: Biometrics Client machines authenticate as well, not just user accounts Supports dual factor authentication Mac, Linux clients can auth against AD

8 Trusts Trusts don't imply any sort of authorization or rights assignment. If Domain "A" trusts Domain "B" all it implies is that accounts from "B" can be used in "A" No rights assignments of any kind are made automatically. This makes it possible to access resources in multiple domains using a single account. Trusts: Intra-Forest Inter-Forest Cross Realm

9 Authorization Delegation Wizard Types of Permissions: Directory o GPO's o Manage Groups Machine o Local/Remote Login o User vs. Admin o Group Policy allows setting any local permission Groups are key to any good permissions model *AD supports Nested Groups*

10 Management Concepts Domain Structure o OU structure o User/Computer Locations o Grouping Strategy Group Policy o Linking o Filtering  Groups  WMI Filters o Starter GPO's o Copying GPO's o Group Policy Modelling

11 Policies vs. Preferences Policies: o Policies usually cannot be changed by end user o Configuring IE o Deploying Software o Configuring Desktop Experience Preferences: o End user override optional per setting o Pushing Files/Reg Keys/Shortcuts o Item-Level Targeting Both have User and Computer Settings Loopback - Process User settings using Computer location

12 Group Policy Examples Remote Assistance - Policy Remote Administration - Policy Configure Wireless - Policy Configure Firewall - Policy Deploy Printers - Policy or GPP Deploy Startup/Shutdown/Logon/Logoff Scripts - Policy or GPP Deploy Software (.msi's) - Policy Deploy Scheduled Tasks - GPP Mapped Drives - GPP Power Settings - GPP

13 Windows Server Update Services (WSUS) Unified Patch Management for MS Products - FREE Apply patches based on grouping o Server side groups o *Client Side Targeting via Group Policy* Types of Patches: o Service Packs/Security Patches/Bugfixes o Drivers o Defender definitions o Office Patches/Service Packs o Add-ons: Windows Media, Silverlight, GPP, etc. o Server Products: SQL, IIS Ability to back out patches per group of machines (not always supported by the patches)

14 Distributed File System (DFS) DFS is a Network File System Core CAL Required Roots (Namespaces) o Delegation Folders o Create Arbitrary structure Targets o Where the files are Multi-Master Replication

15 Windows Distribution Services (WDS) Replaces Remote Installation Services (RIS) Core CAL Required Imaging for XP/Vista/2K3 Server/2K8 Server Uses PXE for medialess install Uses WinPE (think Vista on a CD) as install environment Can have a library of drivers GUI tools for setting up: o Post-install scripts o Joining a domain

16 Additional Services Core CAL Required (NCSU has a Site License!): Certificate Services - PKI File Services (Clustering, iSCSI) Print Services IIS / Webdav Sharepoint Services 3.0 Additional stuff we don't use: DNS/DHCP Additional CAL Required: Terminal Services

17 Questions?

Download ppt "Introduction to Active Directory December 10th, 2008 1-3pm Daniels 407."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.

COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.
NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.

NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.
WIN.MIT.EDU  Where are we today  Related services  Current enhancements  Some future enhancements  SharePoint  Panel Discussion.

WIN.MIT.EDU  Where are we today  Related services  Current enhancements  Some future enhancements  SharePoint  Panel Discussion.
Understanding Group Policy on Windows Server 2003.

Understanding Group Policy on Windows Server 2003.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

Similar presentations

Ads by Google