Active Directory

-



Active Directory

The Active Directory or Microsoft active directory service is a feature of the Microsoft Windows server. This feature is a part of Microsoft since the launch of windows server 2000, and it's being evolved gradually to enhance AD service. Active Directory is based on Microsoft's jet database engine and uses LDAP (Light Weight Directory Access Protocol) directory protocol to query the database. Active Directory uses Kerberos as an authentication protocol, which is an upgrade of the NTLM protocol used by windows in its late versions. 

Active Directory is a very powerful feature of the Microsoft Windows server because it allows us to create and manage users, computers, printers, and groups within a domain. We can apply permissions and security over domain users, computers, and printers. It is divided into logical and physical components.

Active Directory database stored in a file called NTDS.dit (NT Directory Service, directory information tree), and this file remain save in the C:\windows\NTDS folder. Whenever you wanna replicate data onto other domain controllers within your network, you replicate or transfer this file to the other domain controller.

AD Authentication Types

Active Directory provides four ways of authentication over the network.

1). Pass-through Authentication
2). Secure Channel Authentication
3). NTLM Authentication
4). Kerberos Authentication

AD Components

Active Directory or AD is made up of three components

  • Groups
  • OUs or Organisational Units, and
  • Sites.      

Groups

Groups are a great option in active directory, indeed. Groups can hold multiple users and a group can be a member of another group as well. One of the good things about groups is that we can add permission or access to resources like files, printers, and shred drives to groups. It's a good practice to put users into groups rather than as a standalone user, because if company going to expend in future or any new hiring is going to take place, we can just easily create a user within that particular group and it will have all permission the group is already having, so they will inherit group permissions simply.
AD groups are further divided into three parts-

i)- Universal Groups
ii)- Global Groups
iii)- Domain Local Groups

These groups further could be of two types:

  • Security
  • Non-Security

Organizational Units

Organizational Units or OUs are somewhat different from groups. It also can hold users, groups, and even further OU within it, but we can not add permission or resource access to OU though. The great thing about OU is that we can link group policies to an existing Organisational Units. Another great thing about OU is that you can add delegates to an existing OU. So adding delegations to OU is an essential power of OU in active directory.

Sites

The site is the third component of the Active Directory. Sites are different from the two above. A site is a physical location of a branch office in an entirely different territory. We can add subnets and different subnets DC or Domain Controllers in sites in active directory so that we can manage them at a single place. 

Apart from permissions, we can add security to users to stop them by accessing particular software or service on their computers. We can block them to access internet, USB ports, and even updating OS by means of group policies.
There are two types of permissions in AD, resource access permission and NTFS permissions.

AD Permissions

In Active Directory there are two types of permissions, which are as the below.
  1. Resource Access Permissions
  2. NTFS permissions

AD Partition

There are four partitions in active directory, these partitions make admins manage Active Directory more efficiently.

I). Configuration Partition
ii). Schema Partition
iii). Domain Partitone 
iv). Application Partition

AD Restoration Types

If you delete an object in AD by mistake or you had deleted some objects that need to be recovered anytime later, it can be restored in the AD environment with the help of two AD restoration methods. 
  • Non-Authoritative
  • Authoritative 
Firstly, we perform a Non-Authoritative restore and then the Authoritative restore method.

AD Tools

There are various tools to manage Active Directory, these are-

- Active Directory Computers and Users
- ADSI Edit
- Active Directory Administrative Services
- Active Directory Federation Services

AD FSMO Roles


To leverage the power of AD or Active Directory, active directory is divided into five operation masters or FSMO (Flexible Single Master Operation) roles.

- Domain Naming Master
- Schema Master
- RID Master
- PDC Emulator
- Infrastructure Master

These roles are further categorized into two categories. These roles are domain-wide and forest-wide. Domain Naming and Schema Master are forest-wide because there is only one schema and domain naming system can exist forest-wide. 

The rest of them like RID, PDC, and infrastructure master is domain-wide. These can be more than one in a forest. 

Comments

Post a Comment

Popular posts from this blog

How do you host your website on free web hosting services or free web hosting sites?

-
What is web hosting? If you have a website, which is basically a collection of static or dynamic web pages and you want to make your site data public then you need a server which can store your pages in it, so that these pages can be invoked by users. You can also use your system as a server to host your site on your own computer. But you have some limitations when you host your site on your own computer as follow: 1. You need high speed internet to make your site available on the internet every time or 24x7. 2. If your site is dynamic and store some sort of user information then you need a proper backup for your site, which is costly. The alternate of the above process is to host your site on the paid or free web hosting companies . There is a list of paid and free hosting companies. Paid Service Web Hosting Companies 1. Hostgator.com 2. Bigrocks.com 3. Godaddy.com 4. Bluehost.com Free Service
Read more

Meaning of ping, Ip config, Trace-rt and netstat commands in Networking.

-
In the field of networking, sometimes some basic commands are very necessary to keep in mind because they help us to Know a lot of things like how to get the Ip address of a URL?, How to check that there is a connection established between client and server ?, How to trace the route of packets or get the IP address of the routers through your packet is coming ?, How to know your IP and MAC address ? and How to get the IP address of any system connected in a LAN (Local Area Network) ? So let me explain each of them one by one in this post. PING PING stands for Packet Internet Gopher and it is a utility software of windows operating system and often used to check the connection establishment between your PC and server e.g, it may your ISP's (Internet Service Provider) Server, if you are unable to use Internet while using broadband service you can ping your ISP server to get the connection. Basically it is used to estab
Read more

What is NFC?

-
Image
NFC(Nearest Field Communication) NFC stands for Nearest Field Communication, is a technology included in mobile phones mainly high end smart phones to communicate with the nearest device by means of just tapping your device with another one which is also NFC enabled in order to transmit your data from one device to another in a very fast and efficient way. NFC is more than that in some countries. It is about to replace your debit and credit cards with your mobile phone. Now your mobile phone is going to become more smarter than traditional smart phones. NFC is an advanced version of RFID which stands for Radio Frequency Identification. In future NFC enabled devices would be everywhere to provide you convenience so that you can handle your data transfer, toll tax transactions, shopping in the malls and also from your computer to handle your transaction in few seconds and in many cases without your intervention. This technique is mainly a part of "on the go" technology
Read more