DOCSLIB.ORG

MS-ADSO]: Active Directory System Overview

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
MS-ADSO]: Active Directory System Overview [MS-ADSO]: Active Directory System Overview Intellectual Property Rights Notice for Open Specifications Documentation . Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft Open Specification Promise or the Community Promise. If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting [email protected]. Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights. For a list of Microsoft trademarks, visit www.microsoft.com/trademarks. Fictitious Names. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted in this documentation are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred. Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise. Tools. The Open Specifications do not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them. Certain Open Specifications are intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it. 1 / 235 [MS-ADSO] — v20140124 Active Directory System Overview Copyright © 2014 Microsoft Corporation. Release: Thursday, February 13, 2014 This document provides an overview of the Active Directory System Overview Protocol Family. It is intended for use in conjunction with the Microsoft Protocol Technical Documents, publicly available standard specifications, network programming art, and Microsoft Windows distributed systems concepts. It assumes that the reader is either familiar with the aforementioned material or has immediate access to it. A Protocol Family System Document does not require the use of Microsoft programming tools or programming environments in order to implement the Protocols in the System. Developers who have access to Microsoft programming tools and environments are free to take advantage of them. Abstract The Active Directory System provides the foundation for authentication services in a domain environment. Additionally, it is used as a component by other systems such as Group Policy and Print Services. Active Directory is a directory service that provides for the centralized storage of identity and account information, as well as storage for other forms of data such as group policies and printer location information. A directory service contains one or more servers, known as directory servers, in which directory objects can be created, queried for, modified, and deleted. Each directory object is a collection of attributes, each of which contains one or more values. One common directory object is the user object, which represents an account and stores information such as the user name and password. This document describes the relationships of the system of protocols that make up the client-server behavior of the Active Directory System. It describes the intended client-server functionality of the Active Directory System and how the protocols in this system interact. In the context of the Active Directory System, "clients" can include both Microsoft Windows client and server operating systems, other Microsoft software, and third-party software and operating systems. This document does not describe server-to-server functionality, such as replication protocols. Nor does it describe the impact on clients of being "joined" to a domain or of domain-related interactions between the member computers and the AD DS domain controller, such as Kerberos support or certificate autoenrollment. These topics are discussed in separate documents. This document does not restate the processing rules and other details that are specific to each protocol in the system. These details are described in the protocol specifications for each of the protocols and data structures that make up the Active Directory System. Revision Summary Revision Revision Date History Class Comments 07/02/2009 0.1 Major First Release. 08/14/2009 1.0 Major Updated and revised the technical content. 09/25/2009 2.0 Major Updated and revised the technical content. 11/06/2009 3.0 Major Updated and revised the technical content. 12/18/2009 3.0.1 Editorial Revised and edited the technical content. 01/29/2010 4.0 Major Updated and revised the technical content. 03/12/2010 5.0 Major Updated and revised the technical content. 2 / 235 [MS-ADSO] — v20140124 Active Directory System Overview Copyright © 2014 Microsoft Corporation. Release: Thursday, February 13, 2014 Revision Revision Date History Class Comments 04/23/2010 6.0 Major Updated and revised the technical content. 06/04/2010 6.0.1 Editorial Revised and edited the technical content. 07/16/2010 7.0 Major Significantly changed the technical content. 08/27/2010 8.0 Major Significantly changed the technical content. 10/08/2010 9.0 Major Significantly changed the technical content. 11/19/2010 10.0 Major Significantly changed the technical content. 01/07/2011 11.0 Major Significantly changed the technical content. 02/11/2011 12.0 Major Significantly changed the technical content. 03/25/2011 13.0 Major Significantly changed the technical content. 05/06/2011 14.0 Major Significantly changed the technical content. 06/17/2011 14.1 Minor Clarified the meaning of the technical content. 09/23/2011 14.1 No change No changes to the meaning, language, or formatting of the technical content. 12/16/2011 14.1 No change No changes to the meaning, language, or formatting of the technical content. 03/30/2012 14.1 No change No changes to the meaning, language, or formatting of the technical content. 07/12/2012 14.1 No change No changes to the meaning, language, or formatting of the technical content. 10/25/2012 14.2 Minor Clarified the meaning of the technical content. 01/31/2013 14.2 No change No changes to the meaning, language, or formatting of the technical content. 08/08/2013 15.0 Major Significantly changed the technical content. 11/14/2013 15.0 No change No changes to the meaning, language, or formatting of the technical content. 02/13/2014 15.0 No change No changes to the meaning, language, or formatting of the technical content. 3 / 235 [MS-ADSO] — v20140124 Active Directory System Overview Copyright © 2014 Microsoft Corporation. Release: Thursday, February 13, 2014 Contents 1 Introduction ............................................................................................................. 9 1.1 Glossary ............................................................................................................... 9 1.2 References .......................................................................................................... 12 1.2.1 Normative References ..................................................................................... 12 1.2.2 Informative References ................................................................................... 15 2 Overview ................................................................................................................ 16 2.1 System Summary ................................................................................................ 16 2.2 List of Member Protocols ....................................................................................... 17 2.3 Relevant Standards .............................................................................................. 18 3 Foundation ............................................................................................................. 19 3.1 Background Knowledge and System-Specific Concepts ............................................. 19 3.1.1 Active Directory
Load more

Recommended publications
  • National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme
    National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Common Criteria Evaluation and Validation Scheme Validation Report Nexor MMHS Security Report Number: CCEVS-VR-05-0095 Dated: 14 March 2005 National Institute of Standards and Technology National Security Agency Information Technology Laboratory Information Assurance Directorate 100 Bureau Drive 9800 Savage Road STE 6740 Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6740 Nexor MMHS Security Validation Report ACKNOWLEDGEMENTS Validation Team Dr. Jerome Myers The Aerospace Corporation Columbia, Maryland Common Criteria Testing Laboratory Science Applications International Corporation Common Criteria Testing Laboratory 7125 Columbia Gateway Drive, Suite 300 Columbia, Maryland 21046 2 Nexor MMHS Security Validation Report Table of Contents 1 EXECUTIVE SUMMARY____________________________________________ 4 2 Identification ______________________________________________________ 5 3 Security Policy _____________________________________________________ 7 3.1 Communications Policy _______________________________________________ 7 3.2 User Data Protection Policy ____________________________________________ 7 3.3 Identification and Authentication Policy _________________________________ 8 3.4 Management Policy___________________________________________________ 8 4 Assumptions and Clarification of Scope_________________________________ 9 4.1 Usage Assumptions ___________________________________________________ 9 4.2 Clarification of Scope _________________________________________________
    [Show full text]
  • Windows 2000 Kerberos Authentication
    Operating System Windows 2000 Kerberos Authentication White Paper Abstract The next generation of the Microsoft® Windows® operating system will adopt Kerberos as the default protocol for network authentication. An emerging standard, Kerberos provides a foundation for interoperability while enhancing the security of enterprise-wide network authentication. Windows 2000 implements Kerberos version 5 with extensions for public key authentication. The Kerberos client is implemented as a security provider through the Security Support Provider Interface. Initial authentication is integrated with the Winlogon single sign-on architecture. The Kerberos Key Distribution Center (KDC) is integrated with other Windows 2000 security services running on the domain controller and uses the domain’s Active Directory as its security account database. This white paper examines components of the protocol and provides detail on its implementation. © 1999 Microsoft Corporation. All rights reserved. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. Microsoft, Active Desktop, BackOffice, the BackOffice logo,
    [Show full text]
  • IBM Tivoli Monitoring: Active Directory Agent: User™S Guide
    ® Tivoli Monitoring: Active Directory Agent Version 6.2.0 User’s Guide SC32-9444-01 ® Tivoli Monitoring: Active Directory Agent Version 6.2.0 User’s Guide SC32-9444-01 Note Before using this information and the product it supports, read the information in “Notices” on page 121. This edition applies to version 6.2 of IBM Tivoli Monitoring: Active Directory Agent (product number 5724-C71) and to all subsequent releases and modifications until otherwise indicated in new editions. © Copyright International Business Machines Corporation 2005, 2007. All rights reserved. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. © Copyright International Business Machines Corporation 2007. All rights reserved. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Tables . .v Chapter 5. Attributes reference . .21 About attributes . .21 Chapter 1. Overview of the Monitoring More information about attributes . .21 Attribute groups and attributes for the Monitoring Agent for Active Directory . .1 Agent for Active Directory . .21 IBM Tivoli Monitoring overview . .1 Address Book attributes . .22 Features of the Monitoring Agent for Active DHCP attributes . .23 Directory . .1 Directory Services attributes . .24 New in this release . .2 DNS_ADIntegrated attributes . .26 Monitoring Agent for Active Directory components .3 DNS attributes . .27 User interface options . .3 Domain Controller Availability attributes . .29 Domain Controller Performance attributes . .31 Chapter 2. Requirements for the Exchange Directory Services attributes . .32 monitoring agent . .5 File Replication Service attributes . .33 Running as a non-Administrator user . .7 Group Policy Object attributes . .34 Ping variables .
    [Show full text]
  • Active Directory Replication Model Works - Directory Services: Windows
    How the Active Directory Replication Model Works - Directory Services: Windows ... Pagina 1 di 25 How the Active Directory Replication Model Works In this section Active Directory Replication Model Architecture Active Directory Replication Model Physical Structure Active Directory Data Updates Domain Controller Notification of Changes Identifying and Locating Replication Partners Urgent Replication Network Ports Used by Active Directory Replication Related Information Active Directory data takes the form of objects that have properties, or attributes. Each object is an instance of an object class, and object classes and their respective attributes are defined in the Active Directory schema. The values of the attributes define the object, and a change to a value of an attribute must be transferred from the domain controller on which it occurs to every other domain controller that stores a replica of that object. Thus, Active Directory replicates directory data updates at the attribute level. In addition, updates from the same directory partition are replicated as a unit to the corresponding replica on the destination domain controller over the same connection to optimize network usage. The information in this section applies to organizations that are designing, deploying, or operating an Active Directory infrastructure that satisfies the following requirements: A Domain Name System (DNS) infrastructure is in place that manages the name resolution for domain controllers in the forest. Active Directory-integrated DNS is assumed, wherein DNS zone data is stored in Active Directory and is replicated to all domain controllers that are DNS servers. All Active Directory sites have local area network (LAN) connectivity. IP connectivity is available between all datacenter locations and branch sites.
    [Show full text]
  • Microsoft's Active Directory
    Table of Contents Chapter 1 Introduction to Active Directory Chapter 2 Active Directory Architecture Chapter 3 Users Groups and Computer Accounts Chapter 4 Organizational Units Chapter 5 Creating and Managing Group Policies (GPOs) Chapter 6 Domains, Forests, and Trusts Chapter 7 Sites and Replication TAB Insert Tab # 1 Here Introduction to Active Directory 2 MS Operational Infrastructure Systems ISA Server Management Server 2003 MS Windows Server 2003 w/ Active Directory w/ Active Directory Microsoft Application Center 2000 Microsoft SQL Server 2000 Microsoft Operations Manager 2000 *Diagram created by the Microsoft corporation and has been modified and used for awareness purposes only.. **Use of this diagram does not imply an affiliation with the Microsoft corporation. The Microsoft Server System contains several operational infrastructure technologies. Among these system servers are Windows Server 2003, ISA server, MOM Server, SQL 2000, MAC Server, and SMS Server. All of these servers utilize the Active Directory service hosted from the Windows 2000 Server. Windows Server NT 4.0 – The Windows NT server family was the predecessor to Microsoft’s modern server platform, and served as a functional contributor to several other consumer level Microsoft products. The original NT servers were used at corporate levels but lacked enterprise scalability and flexible administrative controls. Windows NT 4.0 included several versions to address these issues. Eventually the NT family was phased out by Server 2000; however, there still exists businesses using legacy systems still use Windows NT. Support of the NT family ended on January 1, 2005. Windows Server 2000 – A primary operating system and functional platform for all Microsoft server products that succeeds Microsoft Server NT 4.0.
    [Show full text]
  • Brno University of Technology Active
    BRNO UNIVERSITY OF TECHNOLOGY VYSOKÉ UČENÍ TECHNICKÉ V BRNĚ FACULTY OF INFORMATION TECHNOLOGY DEPARTMENT OF INTELLIGENT SYSTEMS FAKULTA INFORMAČNÍCH TECHNOLOGIÍ ÚSTAV INTELIGENTNÍCH SYSTÉMŮ ACTIVE DIRECTORY MANAGEMENT DASHBOARD NÁSTROJ PRO SPRÁVU ACTIVE DIRECTORY MASTER’S THESIS DIPLOMOVÁ PRÁCE AUTHOR Bc. SAMUEL RADIMÁK AUTOR PRÁCE SUPERVISOR Ing. TOMÁŠ FIEDOR VEDOUCÍ PRÁCE BRNO 2016 Abstract This thesis is focused on the main concepts of Active Directory and the creation of an application allowing basic management tasks. It introduces the logical as well as physi- cal components and provides an overview of existing servers that are using the services of Active Directory. The functionality of existing management applications is discussed and desired properties of management applications are discovered. On these grounds, a new application concept is introduced and the benefits of the new application over the exist- ing ones is shown. According to the concept, a new application is developed supporting the management of users and groups and implementing additional features such as profile photo editing and a definition of customized object creation process. This application is also tested on different levels and possibilities of future improvements are given. Abstrakt Jedným z kľúčových faktorov v oblasti informačných technológií sú ľudia. Ľudia v zamest- naní často používajú rôzne zdroje, ktoré im daná firma ponúka, pričom tieto zdroje je možné nájsť v rôznych tvaroch a veľkostiach – počítače, tlačiarne, telefóny, e-maily, softvér atď. Avšak každá správna firma potrebuje korektne nastaviť politiku správy daných zdro- jov. Adresárové služby sú dlhodobo známym konceptom a dnes sú už široko používaným štandardom firiem po celom svete, kde pomáhajú v efektívnom riadení a zoskupovaní dos- tupných zdrojov firmy.
    [Show full text]
  • OES 2 SP3: Domain Services for Windows Administration Guide 8 Activities After Dsfw Installation Or Provisioning 145 8.1 Verifying the Installation
    www.novell.com/documentation Domain Services for Windows Administration Guide Open Enterprise Server 2.0 SP3 May 06, 2013 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re‐export or import deliverables. You agree not to export or re‐export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to www.novell.com/info/ exports/ for more information on exporting Novell software.
    [Show full text]
  • Purging Certificate Authority Backups
    Quest® Active Administrator® 8.5 User Guide © 2020 Quest Software Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Quest Software Inc. The information in this document is provided in connection with Quest Software products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest Software products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST SOFTWARE ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST SOFTWARE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest Software makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice.
    [Show full text]
  • Implementing and Administering Microsoft® Windows® 2000 Directory Services Class Pack
    Microsoft® Implementing and Administering Microsoft® Windows® 2000 Directory Services Class Pack Material No: 2154BCP This order contains the following components: X0388916 EULA X0874932 Workbook X0874942 CD-Student X0548964 CD - Product X0548965 CD - Product X0896268 eLearning CD 90 11 11411111 Microsoft e Training & Certification Implementing and Administering Microsoft® Windows® 2000 Directory Services Workbook Course Number: 2154B Part Number X08-74932 Released: 03/2002 Microsoft® Implementing and Administering Microsoft® Windows® 2000 Directory Services iii Contents Introduction Course Materials 2 Prerequisites 4 Course Outline 5 Microsoft Official Curriculum 9 Microsoft Certified Professional Program 10 Facilities 12 Module 1: Introduction to Active Directory in Windows 2000 Overview 1 Multimedia: Concepts of Active Directory in Windows 2000 2 Introduction to Active Directory 3 Active Directory Logical Structure 9 Active Directory Physical Structure 15 Methods for Administering a Windows 2000 Network 19 Review 24 Module 2: Implementing DNS to Support Active Directory Overview 1 Introduction to the Role of DNS in Active Directory 2 DNS and Active Directory 3 DNS Name Resolution in Active Directory 7 Active Directory Integrated Zones 16 Installing and Configuring DNS to Support Active Directory 17 Lab A: Installing and Configuring DNS to Support Active Directory 22 Best Practices 30 Review 31 Module 3: Creating a Windows 2000 Domain Overview 1 Introduction to Creating a Windows 2000 Domain 2 Installing Active
    [Show full text]
  • Page 1 of 19 Chapter 3
    Chapter 3 - Name Resolution in Active Directory Page 1 of 19 Windows 2000 Server Chapter 3 - Name Resolution in Active Directory Finding information in Active Directory™, the Microsoft® Windows® 2000 directory service, involves first locating an Active Directory server (domain controller) for logging on to a domain and then finding the information that you need in Active Directory. Both processes use name resolution. When you are locating a domain controller, the Domain Name System (DNS) resolves (by DNS name resolution) a domain name or computer name to an Internet Protocol (IP) address. During the search for information in Active Directory, Windows 2000 resolves (by Lightweight Directory Access Protocol [LDAP] name resolution) a distinguished name to a domain controller that holds the entry for that name. In This Chapter Locating Active Directory Servers Finding Information in Active Directory Related Information in the Resource Kit l For more information about DNS, Transmission Control Protocol/Internet Protocol (TCP/IP) networks, subnets, and subnet masks, see the Microsoft® Windows® 2000 Server Resource Kit TCP/IP Core Networking Guide. l For information about planning and deploying of domains and domain controllers, see the Microsoft® Windows® 2000 Server Resource Kit Deployment Planning Guide. Locating Active Directory Servers When an application requests access to Active Directory, an Active Directory server (domain controller) is located by a mechanism called the domain controller locator (Locator). Locator is an algorithm that runs in the context of the Net Logon service. Locator can find domain controllers by using DNS names (for IP/DNS-compatible computers) or by using Network Basic Input/Output System (NetBIOS) names (for computers that are running Microsoft® Windows® version 3.x, Microsoft® Windows® for Workgroups, Microsoft® Windows NT® version 3.5 or later, Microsoft® Windows® 95, Microsoft® Windows® 98, or for computers on a network where IP transport is not available).
    [Show full text]
  • [MS-SRPL]: Directory Replication Service (DRS) Protocol Extensions for SMTP
    [MS-SRPL]: Directory Replication Service (DRS) Protocol Extensions for SMTP Intellectual Property Rights Notice for Open Specifications Documentation . Technical Documentation. Microsoft publishes Open Specifications documentation (“this documentation”) for protocols, file formats, data portability, computer languages, and standards support. Additionally, overview documents cover inter-protocol relationships and interactions. Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you can make copies of it in order to develop implementations of the technologies that are described in this documentation and can distribute portions of it in your implementations that use these technologies or in your documentation as necessary to properly document the implementation. You can also distribute in your implementation, with or without modification, any schemas, IDLs, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications documentation. No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. Patents. Microsoft has patents that might cover your implementations of the technologies described in the Open Specifications documentation. Neither this notice nor Microsoft's delivery of this documentation grants any licenses under those patents or any other Microsoft patents. However, a given Open Specifications document might be covered by the Microsoft Open Specifications Promise or the Microsoft Community Promise. If you would prefer a written license, or if the technologies described in this documentation are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting [email protected].
    [Show full text]
  • Oes 2018 Sp2)
    Open Enterprise Server 2018 SP2 Domain Services for Windows Administration Guide May 2020 Legal Notices For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.microfocus.com/about/legal/. Copyright © 2020 Micro Focus Software, Inc. All Rights Reserved. Contents About This Guide 11 1 Overview of DSfW 13 1.1 Features and Benefits . 13 1.2 Architectural Overview . 15 1.3 Basic Directory Services Concepts . 16 1.3.1 Domains, Trees, and Forests. .16 1.3.2 Naming . 16 1.3.3 Security Model . 17 1.3.4 Groups . 17 1.4 Key Differences Between the DSfW LDAP Server and the eDirectory Server. 17 2 What’s New or Changed in Domain Services for Windows 19 2.1 What’s New or Changed in Domain Services for Windows (OES 2018 SP2) . 19 2.2 What’s New or Changed in Domain Services for Windows (OES 2018 SP1) . 19 2.3 What’s New or Changed in Domain Services for Windows (Update 10 - OES 2018) . 20 2.4 What’s New or Changed in Domain Services for Windows (OES 2018) . 20 3 Use-Cases 21 3.1 Authenticating to Applications That Require Active Directory-Style Authentication . 21 3.1.1 Users Located in the DSfW Forest and Accessing Applications Hosted in the Active Directory Forest . 21 3.1.2 Users and Applications Hosted in the DSfW Forest . 22 3.2 Working With Windows Systems Without Client for Open Enterprise Server . 22 3.3 Leveraging an Existing eDirectory Setup .
    [Show full text]