Вы находитесь на странице: 1из 6

What is Active Directory?

• AD is a directory service provided by Microsoft. A directory service is


a hierarchical arrangement of objects which are structured in a way
that makes access easy. However, functioning as a locator service is
not AD’s exclusive purpose. It also helps organizations have a central
administration over all the activities carried out in their networks.

• Organizations primarily use AD to perform authentication and


authorization. It is a central database that is contacted before a user
is granted access to a resource or a service. Once the authenticity of
the user is verified, AD helps in determining if the user is authorized
to use that particular resource or service.

Sensitivity: Internal & Restricted


What is LDAP ?
• AD is based on the Lightweight Directory Access Protocol (LDAP). This
protocol provides a common language for clients and servers to speak
to one another.
• Port Number : 636

Sensitivity: Internal & Restricted


Global Catalog (GC) Server ?
• The global catalog is a distributed data repository that contains a
searchable, partial representation of every object in every domain in
a multidomain Active Directory Domain Services (AD DS) forest. The
global catalog is stored on domain controllers that have been
designated as global catalog servers and is distributed through
multimaster replication. Searches that are directed to the global
catalog are faster because they do not involve referrals to different
domain controllers.

Sensitivity: Internal & Restricted


FSMO Roles : Flexible Single Master Operations

• Schema Master – one per forest


• Domain Naming Master – one per forest
• Relative ID (RID) Master – one per domain
• Primary Domain Controller (PDC) Emulator – one per domain
• Infrastructure Master – one per domain

Sensitivity: Internal & Restricted


FSMO Roles: What do They do?
• Schema Master: The Schema Master role manages the read-write copy of your Active Directory schema. The AD Schema defines
all the attributes – things like employee ID, phone number, email address, and login name – that you can apply to an object in your
AD database.

• Domain Naming Master: The Domain Naming Master makes sure that you don’t create a second domain in the same forest with
the same name as another. It is the master of your domain names. Creating new domains isn’t something that happens often, so
of all the roles, this one is most likely to live on the same DC with another role.

• RID Master: The Relative ID Master assigns blocks of Security Identifiers (SID) to different DCs they can use for newly created
objects. Each object in AD has an SID, and the last few digits of the SID are the Relative portion. In order to keep multiple objects
from having the same SID, the RID Master grants each DC the privilege of assigning certain SIDs.

• PDC Emulator: The DC with the Primary Domain Controller Emulator role is the authoritative DC in the domain. The PDC Emulator
responds to authentication requests, changes passwords, and manages Group Policy Objects. And the PDC Emulator tells everyone
else what time it is! It’s good to be the PDC.

• Infrastructure Master: The Infrastructure Master role translates Globally Unique Identifiers (GUID), SIDs, and Distinguished Names
(DN) between domains. The infrastructure master is one of the five Flexible Single Master Operations (FSMO) roles assigned to one
or more domain controllers (DCs) in an Active Directory forest. In a forest that contains more than one domain, it is the job of
the infrastructure master to keep cross-domain references up to date

Note : FSMO gives you confidence that your domain will be able to perform the primary function of authenticating users and
permissions without interruption (with standard caveats, like the network staying up).

Sensitivity: Internal & Restricted


Active Directory Domain Services :
• Domain Services –
• Stores centralized data and manages communication between users and domains; includes login
authentication and search functionality

• Certificate Services –
• It generates, manages and shares certificates. A certificate uses encryption to enable a user to exchange
information over the internet securely with a public key.

• Lightweight Directory Services –


• Supports directory-enabled applications using the open (LDAP) protocol.

• Directory Federation Services –


• This role is necessary if you need to authenticate applications or services outside your network.
• Provides single-sign-on (SSO) to authenticate a user in multiple web applications in a single session.

• Rights Management Services–


• It controls information rights and management. AD RMS encrypts content, such as email or Word
documents, folder on a server to limit access.

Sensitivity: Internal & Restricted

Вам также может понравиться