Presentation is loading. Please wait.

Presentation is loading. Please wait.

Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:

Published byColleen Barnett Modified over 8 years ago

Similar presentations

Presentation on theme: "Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:"— Presentation transcript:

1 Directory Services CS5493/7493

2 Directory Services Directory services represent a technological breakthrough by integrating into a single management tool: –Authentication –Access control –Accounting

3 Directory Services A directory service organizes data into objects. The directory holds the objects. The directory service provides the tools for accessing and modifying the objects.

4 Directory Service Objects These objects consist of a name and a group of attributes associated with the name. The object name is formally known as the object’s “Distinguished Name” An object can be a service, hardware, or user.

5 Directory Service Examples A phonebook – entries in the phonebook are indexed by name. The name has a phone number and address associated with the name. DNS – maps human readable names of network resources to their respective (binary) numeric network address.

6 Software Engineered D.S. A software engineered directory service stores, organizes, and provides access to electronic information in a directory. DNS was the first Internet directory service.

7 X.500 A standard model for general-purpose directory services was developed in the late 1980’s. The X.500 standard emerged from this effort in 1988. A series of supplementary editions and refinements to X.500 followed.

8 X.500 Refinements Shadowing (copying) directory information Access controls Additional administrative capabilities Contexts – define actions for an object according to the context of the objects use. Additional security features

9 X.500 Concept There is a single directory information tree (DIT) The DIT is a hierarchical organization of objects distributed across one or more servers. Provides the protocol for querying and updating objects in the DIT.

10 X.500 Legacy The general framework of X.500 has been adopted in more popular (widely adapted) directory services like: –LDAP, lightweight directory access protocol. OpenLDAP is available for Linux. –MicroSoft Active Directory

11 LDAP Defines a simple protocol that will manage directory objects: –Search and retrieve –Add –Modify –Delete –Rename LDAP uses a client-server model.

12 LDAP Model LDAP uses a client-server model. The LDAP protocol uses TCP/IP

13 LDAP Protocol The LDAP client establishes a connection to an LDAP server. The LDAP protocol usually uses port 389. The client must authenticate itself to the server by supplying a distinguished name and password. The LDAP server can restrict access to directory objects by managing permissions (access control)

14 MS Active Directory A collection of services for managing resources in a computer network (LAN, MAN, CAN, or WAN).

15 The AD Collection of Services AD Lightweight Directory Service AD Federation Service AD Certificate Service AD Rights Management Service AD Domain Service

16 AD Lightweight Directory Service A lightweight version of AD based on LDAP.

17 AD Federation Service A single sign-on service allowing a user to access services in different network environments using AD-FS. The different network environments can be different companies running AD-FS.

18 AD Certificate Service Issues public key certificates used for such things as authentication with smart cards; or encrypting data transmitted over a network. This service can renew or revoke certificates.

19 AD Rights Management Service Goes beyond access control. AD-RMS manages (controls) what users can do with data once they have accessed the data. –Can prevent files from being copied (this includes disabling cut and paste. –Prevent saving or forwarding e-mail messages.

20 AD Domain Services The traditional features of AD from previous versions.

21 Active Directory Summary A hierarchical framework of data objects. AD objects are categorized as –Resources: computers, printers, etc. –Services like e-mail –Users and groups of users –Any real component and its attributes

22 Active Directory Summary A logical structure = grouping objects together based on criteria other than physical location. A physical structure = grouping objects together based on a physical topology (all the users, equipment, and services located in a particular office building).

23 Active Directory Summary Acts as the central point for managing object security Individual user policies can be defined Group policies can be defined Auditing features: –Monitoring object usage –Create reports on object usage –Notify personnel of object usage

24 Active Directory Summary Objects are organized into containers called Organizational Units (OU). Organizational Units belong to a domain. A domain is an administrative boundary. All the objects in a domain operate with the same security policy.

Download ppt "Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:"

Similar presentations

Communication and Networking Services Networking Services.

Communication and Networking Services Networking Services.
Network+ Guide to Networks, Fourth Edition

Network+ Guide to Networks, Fourth Edition
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Understanding Active Directory

Understanding Active Directory
Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.

Directory Services BICS 565. What is a Directory Service (DS)? A service that allows users to lookup information about entities in an organization Entities.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
1 Chapter 1 Introduction to Windows Server 2003. 2 Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.

1 Chapter 1 Introduction to Windows Server Two main goals for Net Admin Make network resources available to users Files, folders, printers, etc.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.

Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.
Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.

Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Network+ Guide to Networks, Fourth Edition Chapter 8 Network Operating Systems and Windows Server 2003-Based Networking.

Network+ Guide to Networks, Fourth Edition Chapter 8 Network Operating Systems and Windows Server 2003-Based Networking.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

Similar presentations

Ads by Google