Smart Brain Training Solutions - Active Directory Fast Start: A Quick Start Guide for Active Directory

Active Directory

Fast Start

Smart Brain Training Solutions

Copyright 2014 Smart Brain Training Solutions

All rights reserved.

Thank you for purchasing Active Directory Fast Start ! We hope youll look for other Fast Start guides from Smart Brain Training Solutions.

Table of Contents

Active Directory is an extensible directory service that enables centralized management of network resources. It allows you to easily add, remove, or relocate accounts for users, groups, and computers as well as other types of resources. Nearly every administrative task you perform affects Active Directory in some way. Active Directory is based on standard Internet protocols and has a design that helps you clearly identify the physical and logical components of your networks structure.

Active Directory provides the necessary infrastructure for designing a directory that meets the needs of your organization. A directory is a stored collection of information about various types of resources. In a distributed computing environment such as a Windows network, users must be able to locate and use distributed resources, and administrators must be able to manage how distributed resources are used. This is why a directory service is necessary.

A directory service stores all the information needed to use and manage distributed resources in a centralized location. The service makes it possible for resources to work together. It is responsible for authorizing access, managing identities, and controlling the relationships between the resources. Because a directory service provides these fundamental functions, it must be tightly integrated with the security and management features of the network operating system.

A directory service provides the means to define and maintain the network infrastructure, perform system administration, and control the user experience. Although users and administrators might not know the exact resources they need, they should know some basic characteristics of the resources they want to use. If so, they can use the directory service to obtain a list of resources that match the known characteristics. As illustrated in Figure 1, they can use the directory service to query the directory and locate resources that have specific characteristics. For example, users can search the directory to find a color printer in a particular location or to find a color printer that supports duplex functionality.

Figure 1 Working with directory services.

Because a directory service is a tool for both administrators and standard users, administrators can also use the directory to locate resources. For example, an administrator could locate file servers running Windows Server 2012 R2. As an organization grows and its network grows with it, there are more and more resources to manage, and the directory service becomes increasingly important.

Active Directory is the directory service included with Windows Server. Active Directory includes the directory that stores information about your distributed resources as well as the services that make the information useful and available. All current versions of Windows Server support Active Directory.

Windows domains that use Active Directory are called Active Directory domains . In an Active Directory domain, your data resides in a single, distributed data repository that requires less administration to maintain while also allowing easy access from any location on the network. Using the physical and logical structures provided by Active Directory, you can scale the directory to meet your business and network requirements whether you have hundreds, thousands, or millions of resources.

Active Directory is designed to interoperate with other directory services and to accept requests from many different clients using a variety of interfaces, as shown in Figure 2. The primary protocol Active Directory uses is Lightweight Directory Access Protocol (LDAP) version 3, an industry-standard protocol for directory services. When working with other Windows servers, Active Directory supports replication through the REPL interface. When working with legacy messaging clients, Active Directory supports Messaging Application Programming Interface (MAPI). Active Directory also supports the Security Accounts Manager (SAM) interface.

Figure 2 Active Directory can interoperate with clients and other directory services.

Active Directory authentication and authorization services use Kerberos version 5 and other industry-standard protocols to provide protection for data by default while maximizing flexibility. For example, by default Active Directory signs and encrypts all communications that use LDAP. Signing LDAP communications ensures data comes from a known source and has not been modified.

Active Directory is integrated with Windows Server security. As with files and folders, you can control access to distributed resources in the directory by using a granular set of permissions. You also can control access to the properties of distributed resources. Additionally, Active Directory provides security groups for administration at various levels throughout the enterprise.

In Active Directory, group policies are used to define permitted actions and settings for users and computers. Policy-based management simplifies many administration tasks. Group policies can be applied in many different ways. One way is to use security templates to configure the initial security of a computer.

Active Directory uses the Domain Name System (DNS). DNS is a standard Internet service that organizes groups into a hierarchical structure. Although implemented for different reasons, Active Directory and DNS have the same hierarchical structure. The DNS hierarchy is defined on an Internet-wide basis for public networks and an enterprise-wide basis for private networks. The various levels within the DNS hierarchy identify individual computers and the relationship between computers. The relationship between computers is expressed by using domains. Computers that are part of the same DNS domain are closely related. Domains used within organizations are organizational domains . Domains at the root of the DNS hierarchy are top-level, or root, domains.

Active Directory clients use DNS to locate resources. DNS translates easily readable host names to numeric Internet Protocol (IP) addresses. Each computer in a domain has a fully qualified domain name (FQDN), such as server34.microsoft.com. Here, server34 represents the name of an individual computer, microsoft represents the organizational domain, and com is the top-level domain.

Top-level domains (TLDs) are at the base of the DNS hierarchy. TLDs are organized geographically by using two-letter country codes, such as CA for Canada; by organization type, using codes such as com for commercial organizations; and by function, using codes such as mil for U.S. military installations.

Like top-level domains, DNS domains within an organization can be structured in many ways. Normal domains, such as microsoft.com, are also referred to as parent domains. They have this name because theyre the parents of an organizational structure. You can divide parent domains into subdomains, which you can then use for different offices, divisions, or geographic locations. For example, the FQDN for a computer at City Power & Lights Denver office could be designated as workstation11.denver.imaginedlands.com. Here, workstation11 is the computer name, denver is the subdomain, and imaginedlands.com is the parent domain. Another term for a subdomain is child domain.