DOCSLIB.ORG

Microsoft's Active Directory

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Microsoft's Active Directory Table of Contents Chapter 1 Introduction to Active Directory Chapter 2 Active Directory Architecture Chapter 3 Users Groups and Computer Accounts Chapter 4 Organizational Units Chapter 5 Creating and Managing Group Policies (GPOs) Chapter 6 Domains, Forests, and Trusts Chapter 7 Sites and Replication TAB Insert Tab # 1 Here Introduction to Active Directory 2 MS Operational Infrastructure Systems ISA Server Management Server 2003 MS Windows Server 2003 w/ Active Directory w/ Active Directory Microsoft Application Center 2000 Microsoft SQL Server 2000 Microsoft Operations Manager 2000 *Diagram created by the Microsoft corporation and has been modified and used for awareness purposes only.. **Use of this diagram does not imply an affiliation with the Microsoft corporation. The Microsoft Server System contains several operational infrastructure technologies. Among these system servers are Windows Server 2003, ISA server, MOM Server, SQL 2000, MAC Server, and SMS Server. All of these servers utilize the Active Directory service hosted from the Windows 2000 Server. Windows Server NT 4.0 – The Windows NT server family was the predecessor to Microsoft’s modern server platform, and served as a functional contributor to several other consumer level Microsoft products. The original NT servers were used at corporate levels but lacked enterprise scalability and flexible administrative controls. Windows NT 4.0 included several versions to address these issues. Eventually the NT family was phased out by Server 2000; however, there still exists businesses using legacy systems still use Windows NT. Support of the NT family ended on January 1, 2005. Windows Server 2000 – A primary operating system and functional platform for all Microsoft server products that succeeds Microsoft Server NT 4.0. Server 2000 is backwards compatible with most Server NT 4.0 components and was designed to be fully scalable with Enterprise infrastructures. 3 Windows Server 2003 – A primary operating system and functional platform for all Microsoft server products. Server 2003 succeeds Server 2000 is backwards compatible with Server 2000 and many NT server components. Windows Server 2008 – The most recent primary operating system and functional platform for all Microsoft server products. Server 2008 is backwards compatible with Server 2003. Internet Security Application (ISA) Server - ISA Server is an application-layer firewall, virtual private network, and Web cache server delivering Microsoft class security with simplified management. Microsoft Operations Manager (MOM) Server - MOM Server is an event and performance management tool for Windows Server System. Microsoft Application Center (MAC) Server – MAC Server is Microsoft's deployment and management tool for high-availability Web applications. MAC makes managing groups of servers as simple as managing a single computer. SMS Server – SMS provides a solution for software updates and configuration changes from non-Microsoft vendors. Software Update Services (SUS) Server – SUS is designed to deploy multiple updates to client operating systems and/or software at designated intervals. Active Directory Services (AD) Sever – Hosted on the Microsoft Windows 2000, 2003, and 2008 Servers, Active Directory is the organizational foundation to the Microsoft Systems Server infrastructures ability to locate and manage enterprise objects. 4 The Active Directory Concept A domain is a security boundary. The Microsoft Server Systems employs several key services that are depended upon by the other servers within the enterprise operational infrastructure. Active Directory, LDAP, DNS, and SQL are commonly used services that are required by other services within the system. To properly use the Microsoft Windows 2003 Server operating system with maximum effectiveness, you must first understand what the Active Directory service is. Store- Active Directory is the Windows 2000 Server directory service. It hierarchically stores information about network objects and makes this information available to administrators, users, and applications. Structure- In AD, the network and its objects are organized by object containers: domains, trees, forests, trust relationships, organizational units, and sites. Each of these object containers are issued varied levels of administrative control. Inter-communicate- Active Directory is based on standard directory access protocols. It can operate in conjunction with other directory services that use these same open protocols. 5 Microsoft’s Active Directory • DNS Namespace • Domain Controller • Dynamic Object Directory Microsoft’s Active Directory can be condensed into three very high level concepts: 1. A namespace declaration that is integrated with the Internet's Domain Name System (DNS). 2. Software that makes a server into a domain controller. 3. A mid-point service that enables other directory dependant applications to function properly. 6 Open Standards •LDAP – Low-Level API to Active Directory • X.500 – Active Directory Structure – Not fully standard-compliant •DNS – Resource Location – Extensions (e.g. “Dynamic DNS”) • Kerberos – Authentication 7 Kerberos - AD Security • Legacy Internet-Standard • Commonly used with Unix • Secure Encrypted Authentication • Authentication Standard for Server 2000 and 2003 • Microsoft Kerberos is not fully compatible to other Kerberos Implementations 8 What is the Schema • Definition of… – Object-Types (Classes) – Attributes – Data-Types (Syntaxes) • Extensible objects • Similar to a Database’s Schema • ONE consistent Schema inside a single Forest 9 Objects and Object Classes (1) 1st time New object, Object Instantiate New object type Class Instantiate Object 2nd time New object, Same object type InstantiateInstantiate Object Active Directory uses classes to create objects that represent unique constructs. To create an object, Active Directory references a set list of predefined classes. A class is an attributes list that defines the qualities of an object type. Some object types are user accounts, user groups, computer accounts, computer groups, printer accounts, printer groups, organizational units, group policies, forest, trees, and domains. A class is said to be extensible when its original attributes list is modified with additional parameters. All objects of the same type share or “inherit” from the same class. A class can be thought of as a standard requirement list that each object in a specific type must adhere to. Each object created from a class is inherently different from other objects created from any other class because no two classes have the exact same attributes list. This solves the problem that Active Directory might have in identifying the difference between two object types such as a user account and a user group, but it does not uniquely identify one user account versus all other user accounts that may exist. 10 To facilitate this, all objects must provide a set of uniquely identifying parameters at the time an object is instantiated from a class. The parameters provided are pieces of data assigned to each required attribute within the object. When all of the required attributes have been provided with data that as a whole uniquely identifies the object as a matchless entry the object may be created. Not all attributes associated with an object are required attributes. Only required attributes are used to determine if an entry is truly unique. Account Types: • User • Computer • Printer • Group Policy (Not an actual account object. GPOs are object dependant upon Organizational Units.) 11 Objects and Object Classes (2) ObjectsObjects AccountsAccounts GroupsGroups GPOGPO Active Directory uses classes to create objects that represent unique constructs. To create an object, Active Directory references a set list of predefined classes. A class is an attributes list that defines the qualities of an object type. Some object types are user accounts, user groups, computer accounts, computer groups, printer accounts, printer groups, organizational units, group policies, forest, trees, and domains. A class is said to be extensible when its original attributes list is modified with additional parameters. All objects of the same type share or “inherit” from the same class. A class can be thought of as a standard requirements list that each object in a specific type must adhere to. Each object created from a class is inherently different from other objects created from any other class because no two classes have the exact same attributes list. This solves the problem that Active Directory might have in identifying the difference between two object types such as a user account and a user group, but it does not uniquely identify one user account versus all other user accounts that may exist. 12 To facilitate this, all objects must provide a set of uniquely identifying parameters at the time an object is instantiated from a class. The parameters provided are pieces of data assigned to each required attribute within the object. When all of the required attributes have been provided with data that as a whole uniquely identifies the object as a matchless entry the object may be created. Not all attributes associated with an object are required attributes. Only required attributes are used to determine if an entry is truly unique. Account Types: • User • Computer • Printer • Group Policy (Not an actual account object. GPOs are object dependant upon Organizational Units.) 13 Active Directory Objects User Group Contact Shared Folder Computer Shared printer Organizational
Load more

Recommended publications
  • The Microsoft Compound Document File Format"
    OpenOffice.org's Documentation of the Microsoft Compound Document File Format Author Daniel Rentz ✉ mailto:[email protected] http://sc.openoffice.org License Public Documentation License Contributors Other sources Hyperlinks to Wikipedia ( http://www.wikipedia.org) for various extended information Mailing list ✉ mailto:[email protected] Subscription ✉ mailto:[email protected] Download PDF http://sc.openoffice.org/compdocfileformat.pdf XML http://sc.openoffice.org/compdocfileformat.odt Project started 2004-Aug-30 Last change 2007-Aug-07 Revision 1.5 Contents 1 Introduction ......................................................................................................... 3 1.1 License Notices 3 1.2 Abstract 3 1.3 Used Terms, Symbols, and Formatting 4 2 Storages and Streams ........................................................................................... 5 3 Sectors and Sector Chains ................................................................................... 6 3.1 Sectors and Sector Identifiers 6 3.2 Sector Chains and SecID Chains 7 4 Compound Document Header ............................................................................. 8 4.1 Compound Document Header Contents 8 4.2 Byte Order 9 4.3 Sector File Offsets 9 5 Sector Allocation ............................................................................................... 10 5.1 Master Sector Allocation Table 10 5.2 Sector Allocation Table 11 6 Short-Streams ...................................................................................................
    [Show full text]
  • Mac OS X Server Administrator's Guide
    034-9285.S4AdminPDF 6/27/02 2:07 PM Page 1 Mac OS X Server Administrator’s Guide K Apple Computer, Inc. © 2002 Apple Computer, Inc. All rights reserved. Under the copyright laws, this publication may not be copied, in whole or in part, without the written consent of Apple. The Apple logo is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AppleScript, AppleShare, AppleTalk, ColorSync, FireWire, Keychain, Mac, Macintosh, Power Macintosh, QuickTime, Sherlock, and WebObjects are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. AirPort, Extensions Manager, Finder, iMac, and Power Mac are trademarks of Apple Computer, Inc. Adobe and PostScript are trademarks of Adobe Systems Incorporated. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Netscape Navigator is a trademark of Netscape Communications Corporation. RealAudio is a trademark of Progressive Networks, Inc. © 1995–2001 The Apache Group. All rights reserved. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. 062-9285/7-26-02 LL9285.Book Page 3 Tuesday, June 25, 2002 3:59 PM Contents Preface How to Use This Guide 39 What’s Included
    [Show full text]
  • Filesystem Hierarchy Standard
    Filesystem Hierarchy Standard LSB Workgroup, The Linux Foundation Filesystem Hierarchy Standard LSB Workgroup, The Linux Foundation Version 3.0 Publication date March 19, 2015 Copyright © 2015 The Linux Foundation Copyright © 1994-2004 Daniel Quinlan Copyright © 2001-2004 Paul 'Rusty' Russell Copyright © 2003-2004 Christopher Yeoh Abstract This standard consists of a set of requirements and guidelines for file and directory placement under UNIX-like operating systems. The guidelines are intended to support interoperability of applications, system administration tools, development tools, and scripts as well as greater uniformity of documentation for these systems. All trademarks and copyrights are owned by their owners, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. Permission is granted to make and distribute verbatim copies of this standard provided the copyright and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this standard under the conditions for verbatim copying, provided also that the title page is labeled as modified including a reference to the original standard, provided that information on retrieving the original standard is included, and provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this standard into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the copyright holder. Dedication This release is dedicated to the memory of Christopher Yeoh, a long-time friend and colleague, and one of the original editors of the FHS.
    [Show full text]
  • What Is UNIX? the Directory Structure Basic Commands Find
    What is UNIX? UNIX is an operating system like Windows on our computers. By operating system, we mean the suite of programs which make the computer work. It is a stable, multi-user, multi-tasking system for servers, desktops and laptops. The Directory Structure All the files are grouped together in the directory structure. The file-system is arranged in a hierarchical structure, like an inverted tree. The top of the hierarchy is traditionally called root (written as a slash / ) Basic commands When you first login, your current working directory is your home directory. In UNIX (.) means the current directory and (..) means the parent of the current directory. find command The find command is used to locate files on a Unix or Linux system. find will search any set of directories you specify for files that match the supplied search criteria. The syntax looks like this: find where-to-look criteria what-to-do All arguments to find are optional, and there are defaults for all parts. where-to-look defaults to . (that is, the current working directory), criteria defaults to none (that is, select all files), and what-to-do (known as the find action) defaults to ‑print (that is, display the names of found files to standard output). Examples: find . –name *.txt (finds all the files ending with txt in current directory and subdirectories) find . -mtime 1 (find all the files modified exact 1 day) find . -mtime -1 (find all the files modified less than 1 day) find . -mtime +1 (find all the files modified more than 1 day) find .
    [Show full text]
  • Lecture 17: Files and Directories
    11/1/16 CS 422/522 Design & Implementation of Operating Systems Lecture 17: Files and Directories Zhong Shao Dept. of Computer Science Yale University Acknowledgement: some slides are taken from previous versions of the CS422/522 lectures taught by Prof. Bryan Ford and Dr. David Wolinsky, and also from the official set of slides accompanying the OSPP textbook by Anderson and Dahlin. The big picture ◆ Lectures before the fall break: – Management of CPU & concurrency – Management of main memory & virtual memory ◆ Current topics --- “Management of I/O devices” – Last week: I/O devices & device drivers – Last week: storage devices – This week: file systems * File system structure * Naming and directories * Efficiency and performance * Reliability and protection 1 11/1/16 This lecture ◆ Implementing file system abstraction Physical Reality File System Abstraction block oriented byte oriented physical sector #’s named files no protection users protected from each other data might be corrupted robust to machine failures if machine crashes File system components ◆ Disk management User – Arrange collection of disk blocks into files File File ◆ Naming Naming access – User gives file name, not track or sector number, to locate data Disk management ◆ Security / protection – Keep information secure Disk drivers ◆ Reliability/durability – When system crashes, lose stuff in memory, but want files to be durable 2 11/1/16 User vs. system view of a file ◆ User’s view – Durable data structures ◆ System’s view (system call interface) – Collection of bytes (Unix) ◆ System’s view (inside OS): – Collection of blocks – A block is a logical transfer unit, while a sector is the physical transfer unit.
    [Show full text]
  • File Systems
    File Systems Profs. Bracy and Van Renesse based on slides by Prof. Sirer Storing Information • Applications could store information in the process address space • Why is this a bad idea? – Size is limited to size of virtual address space – The data is lost when the application terminates • Even when computer doesn’t crash! – Multiple process might want to access the same data File Systems • 3 criteria for long-term information storage: 1. Able to store very large amount of information 2. Information must survive the processes using it 3. Provide concurrent access to multiple processes • Solution: – Store information on disks in units called files – Files are persistent, only owner can delete it – Files are managed by the OS File Systems: How the OS manages files! File Naming • Motivation: Files abstract information stored on disk – You do not need to remember block, sector, … – We have human readable names • How does it work? – Process creates a file, and gives it a name • Other processes can access the file by that name – Naming conventions are OS dependent • Usually names as long as 255 characters is allowed • Windows names not case sensitive, UNIX family is File Extensions • Name divided into 2 parts: Name+Extension • On UNIX, extensions are not enforced by OS – Some applications might insist upon them • Think: .c, .h, .o, .s, etc. for C compiler • Windows attaches meaning to extensions – Tries to associate applications to file extensions File Access • Sequential access – read all bytes/records from the beginning – particularly convenient for magnetic tape • Random access – bytes/records read in any order – essential for database systems File Attributes • File-specific info maintained by the OS – File size, modification date, creation time, etc.
    [Show full text]
  • National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme
    National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Common Criteria Evaluation and Validation Scheme Validation Report Nexor MMHS Security Report Number: CCEVS-VR-05-0095 Dated: 14 March 2005 National Institute of Standards and Technology National Security Agency Information Technology Laboratory Information Assurance Directorate 100 Bureau Drive 9800 Savage Road STE 6740 Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6740 Nexor MMHS Security Validation Report ACKNOWLEDGEMENTS Validation Team Dr. Jerome Myers The Aerospace Corporation Columbia, Maryland Common Criteria Testing Laboratory Science Applications International Corporation Common Criteria Testing Laboratory 7125 Columbia Gateway Drive, Suite 300 Columbia, Maryland 21046 2 Nexor MMHS Security Validation Report Table of Contents 1 EXECUTIVE SUMMARY____________________________________________ 4 2 Identification ______________________________________________________ 5 3 Security Policy _____________________________________________________ 7 3.1 Communications Policy _______________________________________________ 7 3.2 User Data Protection Policy ____________________________________________ 7 3.3 Identification and Authentication Policy _________________________________ 8 3.4 Management Policy___________________________________________________ 8 4 Assumptions and Clarification of Scope_________________________________ 9 4.1 Usage Assumptions ___________________________________________________ 9 4.2 Clarification of Scope _________________________________________________
    [Show full text]
  • File Systems
    “runall” 2002/9/24 page 305 CHAPTER 10 File Systems 10.1 BASIC FUNCTIONS OF FILE MANAGEMENT 10.2 HIERARCHICAL MODEL OF A FILE SYSTEM 10.3 THE USER’S VIEW OF FILES 10.4 FILE DIRECTORIES 10.5 BASIC FILE SYSTEM 10.6 DEVICE ORGANIZATION METHODS 10.7 PRINCIPLES OF DISTRIBUTED FILE SYSTEMS 10.8 IMPLEMENTING DISTRIBUTED FILE SYSTEM Given that main memory is volatile, i.e., does not retain information when power is turned off, and is also limited in size, any computer system must be equipped with secondary memory on which the user and the system may keep information for indefinite periods of time. By far the most popular secondary memory devices are disks for random access purposes and magnetic tapes for sequential, archival storage. Since these devices are very complex to interact with, and, in multiuser systems are shared among different users, operating systems (OS) provide extensive services for managing data on secondary memory. These data are organized into files, which are collections of data elements grouped together for the purposes of access control, retrieval, and modification. A file system is the part of the operating system that is responsible for managing files and the resources on which these reside. Without a file system, efficient computing would essentially be impossible. This chapter discusses the organization of file systems and the tasks performed by the different components. The first part is concerned with general user and implementation aspects of file management emphasizing centralized systems; the last sections consider extensions and methods for distributed systems. 10.1 BASIC FUNCTIONS OF FILE MANAGEMENT The file system, in collaboration with the I/O system, has the following three basic functions: 1.
    [Show full text]
  • A Directory Structure for TEX Files TUG Working Group on a TEX Directory Structure (TWG-TDS) Version 1.1 June 23, 2004
    A Directory Structure for TEX Files TUG Working Group on a TEX Directory Structure (TWG-TDS) version 1.1 June 23, 2004 Copyright c 1994, 1995, 1996, 1997, 1998, 1999, 2003, 2004 TEX Users Group. Permission to use, copy, and distribute this document without modification for any purpose and without fee is hereby granted, provided that this notice appears in all copies. It is provided “as is” without expressed or implied warranty. Permission is granted to copy and distribute modified versions of this document under the condi- tions for verbatim copying, provided that the modifications are clearly marked and the document is not represented as the official one. This document is available on any CTAN host (see Appendix D). Please send questions or suggestions by email to [email protected]. We welcome all comments. This is version 1.1. Contents 1 Introduction 2 1.1 History . 2 1.2 The role of the TDS ................................... 2 1.3 Conventions . 3 2 General 3 2.1 Subdirectory searching . 3 2.2 Rooting the tree . 4 2.3 Local additions . 4 2.4 Duplicate filenames . 5 3 Top-level directories 5 3.1 Macros . 6 3.2 Fonts............................................ 8 3.3 Non-font METAFONT files................................ 10 3.4 METAPOST ........................................ 10 3.5 BIBTEX .......................................... 11 3.6 Scripts . 11 3.7 Documentation . 12 4 Summary 13 4.1 Documentation tree summary . 14 A Unspecified pieces 15 A.1 Portable filenames . 15 B Implementation issues 16 B.1 Adoption of the TDS ................................... 16 B.2 More on subdirectory searching . 17 B.3 Example implementation-specific trees .
    [Show full text]
  • Answers to Even-Numbered Exercises
    4 Answers to Even-numbered Exercises 1. 2. List the commands you can use to perform these operations: a. Make your home directory the working directory b. Identify the working directory a. cd; b. pwd 3. 4. The df utility displays all mounted filesystems along with information about each. Use the df utility with the –h (human-readable) option to answer the following questions. $ df -h Filesystem Size Used Avail Capacity Mounted on /dev/disk2s10 20G 2.6G 17G 13% / devfs 114K 114K 0B 100% /dev fdesc 1.0K 1.0K 0B 100% /dev <volfs> 512K 512K 0B 100% /.vol /dev/disk0s9 77G 37G 39G 49% /Volumes/Scratch /dev/disk1s9 25G 16G 9.5G 63% /Volumes/Sys /dev/disk2s12 94G 43M 94G 0% /Volumes/New /dev/disk1s10 86G 71G 15G 83% /Volumes/Home automount -nsl [223] 0B 0B 0B 100% /Network automount -fstab [232] 0B 0B 0B 100% /automount/Servers automount -static [232] 0B 0B 0B 100% /automount/static a. How many filesystems are mounted on your Mac OS X system? b. Which filesystem stores your home directory? c. Assuming that your answer to exercise 4a is two or more, attempt to create a hard link to a file on another filesystem. What error message do you get? What happens when you attempt to create a symbolic link to the file instead? 1 2 Answers to Even-numbered Exercises Following are sample answers to these questions. Your answers will be different because your filesystem is different. a. five; b. /dev/disk2s10; c. ln: xxx: Cross-device link. No problem creating a cross-device symbolic link.
    [Show full text]
  • Apple File System Reference
    Apple File System Reference Developer Contents About Apple File System 7 General-Purpose Types 9 paddr_t .................................................. 9 prange_t ................................................. 9 uuid_t ................................................... 9 Objects 10 obj_phys_t ................................................ 10 Supporting Data Types ........................................... 11 Object Identifier Constants ......................................... 12 Object Type Masks ............................................. 13 Object Types ................................................ 14 Object Type Flags .............................................. 20 EFI Jumpstart 22 Booting from an Apple File System Partition ................................. 22 nx_efi_jumpstart_t ........................................... 24 Partition UUIDs ............................................... 25 Container 26 Mounting an Apple File System Partition ................................... 26 nx_superblock_t ............................................. 27 Container Flags ............................................... 36 Optional Container Feature Flags ...................................... 37 Read-Only Compatible Container Feature Flags ............................... 38 Incompatible Container Feature Flags .................................... 38 Block and Container Sizes .......................................... 39 nx_counter_id_t ............................................. 39 checkpoint_mapping_t ........................................
    [Show full text]
  • Unix Command Line; Editors Tools for Reproducible Research
    Unix command line; editors Tools for Reproducible Research Karl Broman Biostatistics & Medical Informatics, UW–Madison kbroman.org github.com/kbroman @kwbroman Course web: kbroman.org/Tools4RR My goal in this lecture is to convince you that (a) command-line-based tools are the things to focus on, (b) you need to choose a powerful, universal text editor (you’ll use it a lot), (c) you want to be comfortable and skilled with each. For your work to be reproducible, it needs to be code-based; don’t touch that mouse! Windows vs. Mac OSX vs. Linux Remote vs. Not 2 The Windows operating system is not very programmer-friendly. Mac OSX isn’t either, but under the hood, it’s just unix. Don’t touch the mouse! Open a terminal window and start typing. I do most of my work directly on my desktop or laptop. You might prefer to work remotely on a server, instead. But I can’t stand having any lag in looking at graphics. If you use Windows... Consider Git Bash (or Cygwin) (and perhaps Mintty or ComEmu) 3 Cygwin is an effort to get Unix command-line tools in Windows. Git Bash combines git (for version control) and bash (the unix shell); it’s simpler to deal with than Cygwin. Mintty and ConEmu are terminal emulators. If you use a Mac... Consider Homebrew and iTerm2 Also the XCode command line tools 4 Homebrew is a packaging system; iTerm2 is a Terminal replacement. The XCode command line tools are a must for most unixy things on a Mac.
    [Show full text]