Understanding Active Directory

  Active Directory, Windows

Lesson 1 of 6

https://mva.microsoft.com/en-us/training-courses/understanding-active-directory-8233?l=aErw3QJy_6904984382

Lesson 2 >

Main Menu

Introduction to Active Directory

Active directory is a portfolio of technologies used to manage Identity and access for, and to, resources on a network.

  • AD Domain Services (AD DS)
    • Users, Computers and P0licies
  • AD Certificate Services (AD CS)
    • Service, Client, Server and User Identification
    • Verification of Identification
  • AD Federation Services (AD FS)
    • Resource access across traditional boundaries
    • Allowing of resources in one organization to accessed by security principles in another organization without needed traditional trust mechanisms
  • AD Rights Management Services (AD RMS)
    • Maintain security of data
  • AD Lightweight Directory Services (AD LDS)
    • Copy of the structure of AD services

What is Active Directory Domain Services

    • A directory services is both the directory information source and the service that makes the information available and usable
      • Servers
        • Mgmt Profile
        • Network Info
        • Printers
        • Shares
      • Users
        • Account Information
        • Privileges
        • Profiles
        • Policies
      • Windows Clients
        • Mgmt Profiles
        • Network Info
        • Policies
      • Network Devices
        • Config
        • QoS Policy
        • Security Policy
      • Applications
        • Server Config
        • SSO (Single Sign On)
        • App-Specific Directory Info
      • Email Servers
        • Mailbox Information
        • Address Book
    • A Phone Book

What does AD DS do

  • Scalable, secure and manageable infrastructure for user and resource management
    • Stores and manages information about network resources
    • Provides support for directory enabled application such as Microsoft Exchange Server
    • Allows for centralized management
      • Delegation of that management

What is Active Directory Certificate Services

  • Microsoft’s implementation of Public Key Infrastructure (PKI)
    • PKI is a set of hardware, software, people, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates.

What does AD CS do?

  • AD CS provides customizable services for issuing and managing digital certificates
    • Certification Authorities
    • CA Web Enrollment
    • Online Responders
    • Network Device Enrollment Services (NDES)
    • Certificate Enrollment Web Service
    • Certificate Enrollment Policy Web Service
  • Bottom line: “It issues and manages certificates”

What is Active Directory Federation Services

  • A software component that facilitates the cross-organizational access of systems and applications
  • Allows an IT Administrator to either
    • Share my resources out to the world
    • Let my users access information in someone else’s organization

What does AD FS do

  • The AD FS server role provides simplified, secured identity federation and Web Single Sign On capabilities
    • Enabled the creation of trust relationships between two organizations
    • Provides access to applications between organizations
    • Provides Single Sign On between two different directories for Web-based applications
  • Bottom Line: “Log in once and done”

What is Active Directory Rights Management Services

  • Active Directory Rights Management Services (AD RMS) is an information protection technology that works with applications to safeguard digital information.
    • Author creates content (word doc, email, etc)
    • Author can protect that content using AD RMS aware applications (Word, Outlook) from allowing others to
      • Forward
      • Print
      • Share
      • Etc.
    • These protections follow that document anywhere.

What does AD RMS do

  • Allows individuals and administrators to specify access permissions to documents, workbooks, presentations, emails, etc.
    • Prevent sensitive information from being printed, forwarded or copied by unauthorized people
    • Access and usage restrictions are enforced no matter where the information is located.

What is Active Directory Lightweight Directory Services

  • AS LDS is a hierarchical file-based directory store
  • AD LDS is both the directory information source and the service that makes the information available and usable.
    • Similar to AD DS

What is AD LDS

  • Lightweight Directory Access Protocol (LDAP)
    • Directory service that provides flexible support for directory-enabled applications, without the dependencies and domain-related restrictions of AD DS
    • Provide directory services for directory-enabled applications without incurring the overhead of domains and forests
    • No requirement for a single schema throughout a forest.
  • Bottom line: “It’s an Information Store”

 

LEAVE A COMMENT