Active Directory Domain Services 1 Examples for Directory
- Slides: 35
Active Directory Domain Services 1 ﻧﻈﻢ ﺗﺸﻐﻴﻞ
Examples for Directory Service LOGO Network Information Service (NIS). Active Directory. 7
Windows server 2008 AD LOGO v. Windows server 2008 AD includes five technologies: § § § AD Domain Services AD Lightweight Directory Services AD Certificate Services AD Rights Management Services AD Federation Services 8
Domain Controller LOGO Domain Controller: Active ﺧﺎﺩﻡ ﻳﺤﻤﻞ ﻧﺴﺨﺔ ﻣﻦ Directory ﻭﺣﺪﺓ ﺗﺤﻜﻢ ﺑﺎﻟﻤﺠﺎﻝ 11
Active Directory Terms LOGO v. What Are Domains? v. What Are Trees? v. What Are Forests? v. What Are Organizational Units? v. What Are Trust Relationships? 12
LOGO Active Directory Terms Domain Tree Domain Domain Trust Domain OU Objects OU OU Domain Organizational Unit Forest 13
LOGO Organizational Units Domain OU 1 Users OU 1 User 1 OU 2 User 2 OU 2 Computers Computer 1 User 2 Printer 2 Computer 1 Printers Printer 1 ﺍﻟﻮﺣﺪﺍﺕ ﺍﻟﺘﻨﻈﻴﻤﻴﺔ 14
Organizational Units LOGO v. Objects § Users § Computers v. Organizational Units § Containers that can be used to group objects within a domain 15
SID, ACL LOGO 20
SID, ACL LOGO 21
LOGO SID, ACL SID Privileges 008201013 Read 008201014 write 008201015 Modify Access Control List ACL Security Identifier SID Group Privileges ﺍﻣﺘﻴﺎﺯﺍﺕ ﻫﻮ ﺭﻗﻢ ﺿﺨﻢ ﺑﺎﻟﺘﺎﻟﻲ ﻣﻀﻤﻮﻥ ﺃﻨﻪ ﺳﻴﻜﻮﻥ ﻓﺮﻳﺪﺍ SID. v § Ex: S-1 -5 -12 -7623811015 -3361044348 -030300820 -1013 22
ACL LOGO 23
Authentication and Authorization A user presents credentials that are authenticated by using the information stored with the user’s identity The system creates a security token that represents the user with the user’s SID and all related group SIDs A resources is secured with an ACL: Permissions that pair a SID with a level of access The user’s security token is compared with the ACL of the resource to authorize a requested level of access LOGO 24
Authentication LOGO Authentication is the process that verifies a user’s identity Credentials: At least two components required • User name • Secret, for example, password Two types of authentication • Local (interactive) Logon– authentication for logon to the local computer • Remote (network) Logon– authentication for access to resources on another computer 25
Access Tokens LOGO User’s Access Token User SID Member Group SIDs Privileges (“user rights”) Other access information 26
ACLs and ACEs LOGO Security Descriptor SACL DACL or “ACL” ACE Trustee (SID) Access Mask 27
LOGO Authorization is the process that determines whether to grant or deny a user a requested level of access to a resource Three components required for authorization • Resource User’s Access Token User SID Group SID • Access Request System finds first ACE in the ACL that allows or denies the requested access level for any SID in the user’s token • Security Token Security Descriptor SACL DACL or “ACL” List of user rights ACE Trustee (SID) Access Mask Other access information ACE Trustee (SID) Access Mask 28
Workgroup Authentication v v LOGO The identity store is a database on the Windows system No shared identity store Multiple user accounts Management of passwords is challenging 29
Client/server Authentication LOGO v Centralized identity store trusted by all domain members v Centralized authentication service v Hosted by a server performing the role of an AD DS domain controller 30
MMC Custom MMC LOGO
ﻣﺨﺼﺺ MMC ﻛﻴﻔﻴﺔ ﺇﻧﺸﺎﺀ LOGO To create an custom MMC type MMC in the Run dialog box. From the File Menu choose Add/Remove Snap-in… 33
Snap-ins LOGO v. Active Directory Administration Tools: § § Active Directory Users and Computers Active Directory Sites and Services Active Directory Domains and Trusts Active Directory Schema 34
- Samba ad dc
- Welcome u
- Detect golden ticket
- Privileged access workstation
- Active directory design document
- Active directory introduction
- Exchange best practices analyzer
- Active directory alapok
- Active directory two way trust
- Ad disaster recovery planning scenario
- Active directory replication troubleshooting
- Lab 5: manage active directory accounts (module 4)
- Active directory logo
- Advantages and disadvantages of active directory
- Active directory fundamentals
- Active directory dynamic access control
- Nagios active directory monitoring
- Soisk windows 10
- Active directory site topology
- Microsoft virtual academy active directory
- Introduction to active directory
- Active directory consolidation best practices
- Acm
- Ado net active directory
- Administering active directory
- Gestione utenti active directory
- Active directory cleanup
- Vittorio bertocci
- Active directory grundlagen
- Unc active directory
- Controladores de domínio do active directory
- Active directory alapok
- Active directory fundamentals
- Vds virtual directory services
- Alex karasulu
- Domain co domain and range of a relation