NSSA-221 Lecture 3: Active Directory

30 views8 pages
System Administration
INSTRUCTOR: GARRETT A
Lesson Three - Active Directory
NOS to AD
Network Operating System
A “NOS” is a networked environment in which various types of resources such as
user, group, and computer accounts are stored in a central repository that is
controlled by administrators and accessible to end users
A typical networked environment will include one or more servers that provide
authentication, authorization, and account management
Clients or end users are granted access to those servers
Microsoft first introduced NOS with Windows NT 3.0, circa 1990
Active Directory (AD) was released in beta, circa 1997
Windows NT introduced the concept of a “domain”
Grouping resources into administrative and security boundaries
Flat structures limit
Provided NOS service to end-users
NOS delegation was all-or-nothing
LDAP and AD
Directory Service - a repository of network, application, or NOS information that is
useful to multiple applications and/or users
LDAP and X.500 defined the standard for how a directory service is implemented and
accessed.
X.500 (Directory Access Protocol, DAP)
Developed by the ITU and ISO defining structure, security, and functionality for
directory services.
Unlock document

This preview shows pages 1-3 of the document.
Unlock all 8 pages and 3 million more documents.

Already have an account? Log in
Difficult to implement at a client level
LDAP (Lightweight Directory Access Protocol)
The University of Michigan started work on “lightweight” X.500
IEFT Standards History
1993 LDAP - RFC 1487 LDAP
1995 LDAPv2 - RFC 1777 LDAP
1997 LDAPv3 - RFC 2251 LDAP (v3)
What’s it Good For?
It makes management much easier
It’s highly scalable
It makes searching network resources much easier
Active Directory forms an infrastructure backbone that many applications and platforms
can utilize.
It centralizes administration
The AD Namespace can be aligned with DNS
Creates a logical structure to match your business environment, using a geographical or
administrative model
Domain Components
An X.500-based heretical structure of containers and objects
Resources
Security principals
A DNS domain name as a unique identifier
A single domain controller (DC) that is authoritative for the domain
A security service (Kerberos) to authenticate and authorize users via trusts
Policies to restrict users access within the domain
Uniquely Identifying Objects
Each object must be uniquely locateable and identifiale
Unlock document

This preview shows pages 1-3 of the document.
Unlock all 8 pages and 3 million more documents.

Already have an account? Log in
GUID - Globally Unique Identifier
UUID - Universally Unique Identifier
SID - Security Identifier
LDAP defines a means of referring to any object in the directory using distinguished
names
or relative distinguished names
Distinguished Name (DN) - dc=rit, dc=edu
Relative Distinguished Names (RDN) - cn=student
RDNs must be unique within the container in which they exist
Object Classes
All RDNs use a prefix to indicate the class of the object that is being referred to
RFC 2253, “Lightweight Directory Access Protocol (v3), defines the attribute types
RFC 2253 defines a “key” and “attribute” relationship
CN* = Common name
DC = Domain component
ST = State of province name
UID = User ID
Examples:
uid=student, ou=ist, dc=rit, dc=edu
cn=Jimmy Mullet, ou=salon, dc=super, dc=cut
Security Principles
Security principals include the following:
Any entity that can be authenticated by the system, such as a user account, a
computer account, or a thread or process that runs in the security context of a
user or computer account.
Security groups of these accounts.
Every security principal is automatically assigned a security identifier (SID) when it is
created
Unlock document

This preview shows pages 1-3 of the document.
Unlock all 8 pages and 3 million more documents.

Already have an account? Log in

Get OneClass Notes+

Unlimited access to class notes and textbook notes.

YearlyBest Value
75% OFF
$8 USD/m
Monthly
$30 USD/m
You will be charged $96 USD upfront and auto renewed at the end of each cycle. You may cancel anytime under Payment Settings. For more information, see our Terms and Privacy.
Payments are encrypted using 256-bit SSL. Powered by Stripe.