Theory - 94 :- Concept of Active Directory. ADS Overview, ADS Database, Active Directory Namespace, Logical & Physical Elements of AD.
Concept of Active Directory
1. Introduction
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is used for managing computers and other devices on a network, providing authentication, authorization, and directory services. Understanding the components and structure of Active Directory is essential for effective network management and security.
2. Active Directory Overview (ADS)
2.1 Definition
Active Directory is a centralized database and service that stores information about network resources, including users, computers, groups, and services. It provides a framework for managing and securing these resources in a Windows environment.
2.2 Key Functions of Active Directory
- Authentication: Verifies the identity of users and devices attempting to access network resources.
- Authorization: Determines the permissions and access rights of authenticated users and devices.
- Directory Services: Provides a structured way to store and retrieve information about network resources.
- Group Policy Management: Allows administrators to define and enforce policies for users and computers.
3. Active Directory Database
3.1 Structure of the AD Database
- The Active Directory database is stored in a file called
NTDS.dit, located in theC:\Windows\NTDSdirectory on domain controllers. - The database uses a hierarchical structure to store objects, which can include users, computers, groups, organizational units (OUs), and more.
3.2 Object Types
- Users: Individual accounts for people who access the network.
- Groups: Collections of user accounts that can be managed as a single entity.
- Computers: Accounts for devices that are part of the network.
- Organizational Units (OUs): Containers used to organize users, groups, and computers for easier management.
3.3 Attributes
- Each object in Active Directory has attributes that define its properties. For example, a user object may have attributes such as username, password, email address, and phone number.
4. Active Directory Namespace
4.1 Definition
The Active Directory namespace is the logical structure that defines how objects are organized and accessed within the directory. It provides a way to uniquely identify objects in the directory.
4.2 Naming Conventions
- Distinguished Name (DN): A unique identifier for an object in Active Directory, which includes the object's name and its location in the directory hierarchy (e.g.,
CN=John Doe,OU=Sales,DC=example,DC=com). - Common Name (CN): The name of the object (e.g., a user or group).
- Organizational Unit (OU): A container that holds objects and helps organize them logically.
- Domain Component (DC): Represents the domain name in the directory (e.g.,
DC=example,DC=com).
5. Logical and Physical Elements of Active Directory
5.1 Logical Elements
- Domains: The basic unit of Active Directory that contains objects and defines a security boundary. Each domain has its own security policies and trust relationships.
- Trees: A collection of one or more domains that share a contiguous namespace (e.g.,
example.comand its subdomains). - Forests: A collection of one or more trees that share a common schema and global catalog. Forests allow for resource sharing and trust relationships between different trees.
5.2 Physical Elements
- Domain Controllers (DCs): Servers that host the Active Directory database and provide authentication and directory services. Multiple DCs can be deployed for redundancy and load balancing.
- Sites: Physical locations in a network that represent a group of IP subnets. Sites are used to manage replication traffic and optimize authentication requests based on network topology.
- Replication: The process of copying changes made to the Active Directory database from one domain controller to another. This ensures that all DCs have up-to-date information.
Comments
Post a Comment
If you have any doubts, please let me know