Download Win2003 Active Directory

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts

Outlook.com wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Unix security wikipedia , lookup

Transcript 
Microsoft
Windows Server 2003
Active Directory
CS526 Semester Project
Spring 2006
Patricia C. Marquez
5/8/2006
pmarquez/Active Directory
1
Introduction
 Active Directory is the Windows Server 2003
directory service.
 Directory services enable the management of
network resource information.
 Active Directory uses the Lightweight Directory
Access Protocol (LDAP).
 LDAP defines the directory access methods and
employs the X.500 directory standard.
5/8/2006
pmarquez/Active Directory
2
Goals
Develop an application to programmatically query
and modify the directory data using Active Directory
Service Interfaces (ADSI).
– Install Windows Server 2003
– Configure the server as a domain controller
– Configure the server as a DNS server
– Install Active Directory
– Create a Directory Information Tree
– Configure a Windows XP client to access the directory via
a directory-enabled application.
5/8/2006
pmarquez/Active Directory
3
Overview of Directory Services
A directory service is a type of service used to manage
network resource information such as users, printers, files,
applications, and even other services.
The information is stored in a special type of database. The
data repository is referred to as a directory because of its
hierarchical structure.
The X.500 Standard defines the architecture and features of a
directory service. This includes the data model, namespace,
functional model, and authentication methods.
Directory data is accessed using the client/server model.
Directory services are ideal for large distributed environments.
Distributed applications can be directory-enabled to access
directory data using associated APIs.
5/8/2006
pmarquez/Active Directory
4
Lightweight Directory Access Protocol
An open industry standard for directory access.
Defines a standard method for querying and updating
information in a directory including the transport and
format of messages.
Less resource-intensive than DAP because:
– It runs directly over TCP/IP instead of requiring the entire OSI
protocol stack to operate.
– It uses a simplified version of the X.500 directory data model.
LDAP provides APIs for C and Java.
5/8/2006
pmarquez/Active Directory
5
Active Directory Highlights
The Microsoft Windows Server directory service
Its primary protocol is LDAP
The data model is derived from the X.500 data model
Resources are represented as objects. The database
can hold a billion objects
Provides access control and authentication
Supports intersite and intrasite replication
Provides its own API:
– Active Directory Service Interfaces (ADSI)
5/8/2006
pmarquez/Active Directory
6
Physical Architecture
CLIENTS
Applications
Replication
Outlook Clients
Windows NT 4
INTERFACES
LDAP
REPL
MAPI
SAM
Windows Server 2003 Security Subsystem
Extensible Storage Engine
Active Directory Data Store
Primary data file
5/8/2006
Working Files
pmarquez/Active Directory
Transactions Logs
7
Windows Server 2003 Security Subsystem
AUTHENTICATION MECHANISMS
NTLM
KDC
Kerberos
SSL
Authentication Provider
LOGON / ACCESS CONTROL MECHANISMS
NETLOGON
LSA Server
Security Accounts Manager
DIRECTORY SERVICE
Directory Service Module
5/8/2006
pmarquez/Active Directory
8
Logical Architecture
Building blocks include:
– Forests
– Domains
– Organizational Units
– Groups
– Objects: users, computers, printers, et cetera
– Trust relationships
– Sites
– Replication
5/8/2006
pmarquez/Active Directory
9
Forest with Domain Trees and Trust Relationship
A forest is a logical grouping of domain trees
A domain tree is a logical grouping of domains
5/8/2006
pmarquez/Active Directory
10
Domain with Organizational Unit Tree
5/8/2006
pmarquez/Active Directory
11
Future Research
Solutions to Active Directory limitations:
– No easy way to rearrange the structure of existing
forests
– No easy way to merge one forest with another to form
a single forest
– No easy way to split domains off a forest to form a
new forest
Research using Directory Services Markup Language
(DSML) to access my directory.
5/8/2006
pmarquez/Active Directory
12
Key References
Kouti, Sakari, and Mika Seitsonen. Inside Active
Directory – A System Administrator’s Guide. AddisonWesley, 2002
Stanek, William R. Microsoft Windows Server 2003
Inside Out. Microsoft Press, 2004
Tuttle, Steven, Ami Ehlenberger, Ramakrishna Gorthi,
Jay Leiserson, Richard Macbeth, Nathan Owen, Sunil
Ranahandola, Michael Storrs, and Chunhui Yang.
Understanding LDAP – Design and Implementation.
IBM Redbooks, 2004
5/8/2006
pmarquez/Active Directory
13
Questions
5/8/2006
pmarquez/Active Directory
14
Related documents
FoxFiles: Getting Started What is FoxFiles?
FoxFiles: Getting Started What is FoxFiles?
Regulatory statistics and information
Regulatory statistics and information
Operating Systems (OS)
Operating Systems (OS)
Chapter 11: File System Interface
Chapter 11: File System Interface
Components of an operating system
Components of an operating system
OPERATING SYSTEM FUNCTIONS
OPERATING SYSTEM FUNCTIONS
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
Indiana University – University Information Systems
Indiana University – University Information Systems
Database Account/Privileges Request Form
Database Account/Privileges Request Form
Operating Systems
Operating Systems
Module 7 Active Directory and Account Management
Module 7 Active Directory and Account Management