Christopher Chapman | MCT

Content PM, Microsoft Learning, PDG Planning , Microsoft

Meet Christopher Chapman

• Background
– IT manager and implementer focused on deploying,
maintaining and optimizing networks of all sizes (from
SMB to Enterprise)
– IT Consulting projects include Custom SharePoint for
Microsoft IT, Netware/Notes migration to AD/Exchange,
Transition to centralized management (250 clients)
– Instructor and Director of Instruction
• Contact
– christopherjs@microsoft.com
– @ChristopherMSL
Course Topics

Understanding Active Directory

01 | Introduction to Active Directory
02 | Active Directory Domain Services (DS)
03 | Active Directory Certificate Services (CS)
04 | Active Directory Federation Services (FS)
05 | Active Directory Rights Management Services (RMS)
06 | Active Directory Lightweight Directory Services (LDS)
Setting Expectations

• Target Audience
– IT Help Desk staff interested in moving into Network/Systems
Administration
– Anyone interested in learning more about Active Directory
• Suggested Prerequisites/Supporting Material
– Microsoft Technology Associate:
• Exam 98-349: Windows Operating System Fundamentals
• Exam 98-365: Windows Server Administration Fundamentals
• Exam 98-366: Networking Fundamentals
• Exam 98-367: Security Fundamentals
 Microsoft
Virtual
Academy

Introduction to Active Directory

Module Overview

• Active Directory isn’t what it used to be!

• What is Active Directory?
• Active Directory Roles
What is Active Directory
Domain
• What is Active Directory? Services
• Internal
– A collection of services (Server Federation
•
Accounts
Authorization
Certificate
Services
Roles and Features) used to
Services
• Authentication • Identity
• Network
manage identity and access Access for
External
• Non-
Repudiation

for and to resources on a Resources

network Active Directory

• Identity
• Access
Rights • Centralized Lightweight
Management Management Directory
Services Services
• Content • Application
Security and Templates
Control
Active Directory Roles

• AD Domain Services (AD DS)

– Users, Computers, Policies
• AD Certificate Services (AD CS)
– Service, Client, Server and User identification
• AD Federation Services (AD FS)
– Resource access across traditional boundaries
• AD Rights Management Services (AD RMS)
– Maintain security of data
• AD Lightweight Directory Services (AD LDS)
What is AD DS?
Windows
Server
• What is Active Directory •
•
Mgmt Profile
Network Info
Windows Windows
Domain Services? User •
•
Printers
Shares
Client
• Mgmt Profile
• Account
– A directory service is both Information • Network Info
• Policies
• Privileges
the directory information • Profiles
Active Directory
• Policies
source and the service that Domain Services
Manageability
makes the information
•
• Security
Interoperability
available and usable Email • Network
Servers Devices

– A phone book… • Mailbox Applications • Config

Information • Server • QoS Policy
• Address Config • Security
Book • SSO Policy
• App-Specific
Directory
Info
What does AD DS do?

• Scalable, secure, and manageable infrastructure for user and

resource management
– stores and manages information about network resources
– provides support for directory-enabled applications such as
Microsoft® Exchange Server
– allows for centralized management
What is AD CS?

• AD CS is the Microsoft 2
Certificate
Signing

implementation of Public Key Request

3
Enrollment

Infrastructure (PKI) Certificate

Repository
x.509 Certificate Chain

• PKI is a set of hardware, software,

End-Entities
(users or
Certificate computers)

people, policies, and procedures Retrieval 4 1

Certification
Revocation

needed to create, manage,

Repository
CRL
Retrieval Certificate

distribute, use, store, and revoke Revocation

List

digital certificates 5

Revocation Request
What does AD CS do?

• AD CS provides customizable services for issuing and managing

digital certificates
– Certification Authorities
– CA Web Enrollment
– Online Responders
– Network Device Enrollment Service (NDES)
– Certificate Enrollment Web Service
– Certificate Enrollment Policy Web Service
What is AD FS?

• A software AD DS
component
that facilitates Web
Server

the cross- Federation Trust

organizational
access of Account
Federation
Resource
Federation
systems and Server Server

applications Account Partner Resource Partner

Organization Organization
What does AD FS do?

• The AD FS server role provides simplified, secured identity

federation and Web single sign-on (SSO) capabilities.
– enables the creation of trust relationships between two organizations
– provides access to applications between organizations
– provides Single Sign-on (SSO) between two different directories for
Web-based applications
What is AD RMS?

• Active Directory Rights

Management Services
(AD RMS) is an RMS
Server

information protection
technology that works
with applications to
safeguard digital
information
Information Recipient
Author
What does AD RMS do?

• Allows individuals and administrators to specify access

permissions to documents, workbooks, and presentations
– prevent sensitive information from being printed, forwarded, or copied
by unauthorized people
– access and usage restrictions are enforced no matter where the
information is located
What is AD LDS?
Windows Network
Devices
• AD LDS is a hierarchical
User
• Account
• Config
file-based directory store
Information
• QoS Policy
• Privileges
• Security
• Profiles
Policy
Policies
• AD LDS is both the
•

directory information Active Directory LDS

source and the service that •

•
Manageability
Security
makes the information Email
• Interoperability
Applications

available and usable Servers • Server

Config
• Mailbox • SSO
Information • App-Specific
• Address Directory
Book Info
What does AD LDS do?

• Lightweight Directory Access Protocol (LDAP)

– Directory service that provides flexible support for directory-enabled
applications, without the dependencies and domain-related restrictions
of AD DS
– provide directory services for directory-enabled applications without
incurring the overhead of domains and forests
– no requirement for a single schema throughout a forest
Thanks for Watching!
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the
U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft
must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.