Professional Documents
Culture Documents
Introduction of Active Directory
Introduction of Active Directory
Active Directory take care of this by using Kerberos Authentication and Single
Sign-On (SSO). SSO means ability of Kerberos to provide a user with one set of
credentials and grant them access across a range of resources and services with
that same set of credentials. Kerberos authenticates the credentials and issues
the user a ticket with which the user gains access to the resources and services
that support Kerberos.
AD uses LDAP as its access protocol. AD relies on DNS as its locator service,
enabling clients to locate domain controllers through DNS queries.
Active Directory provides several different services, which fall under the umbrella
of “Active Directory Domain Services, ” or AD DS. These services include:
1. Domain Services –
Stores centralized data and manages communication between users and
domains; includes login authentication and search functionality
2. Certificate Services –
It generates, manages and shares certificates. A certificate uses encryption
to enable a user to exchange information over the internet securely with a
public key.
Domain Controllers –
1. Container Objects –
These objects can contain other objects inside them, and we can make
collection from them. For Ex- Forest, Tree, Domains, Organisational Units.
2. Leaf Objects –
These objects can not contain other objects inside them. For Ex- users,
computers, printers, etc.
Schema –
A set of rules, the schema, that defines the classes of objects and attributes
contained in the directory, the constraints and limits on instances of these
objects, and the format of their names.
Global catalog –
A global catalog that contains information about every object in the
directory. This allows users and administrators to find directory information
regardless of which domain in the directory actually contains the data. For
more information about the global catalog, see The role of the global
catalog.
Sites –
Sites in AD DS represent the physical structure, or topology, of your
network. AD DS uses network topology information, which is stored in the
directory as site, subnet, and site link objects, to build
the most efficient replication topology.
The root directory (the starting place or the source of the tree), which
branches out to
Countries, each of which branches out to
Organizations, which branch out to
Organizational units (divisions, departments, and so forth), which branches
out to (includes an entry for)
Individuals (which includes people, files, and shared resources such as
printers)
An LDAP directory can be distributed among many servers. Each server can have
a replicated version of the total directory that is synchronized periodically. An
LDAP server is called a Directory System Agent (DSA). An LDAP server that
receives a request from a user takes responsibility for the request, passing it to
other DSAs as necessary, but ensuring a single coordinated response for the user.
Lightweight Directory Access Protocol is the protocol that Exchange Server uses to
communicate with Active Directory. To really understand what LDAP is and what it
does, it is important to understand the basic concept behind Active Directory as it
relates to Exchange.
Active Directory contains information regarding every user account on the entire
network (among other things). It treats each user account as an object. Each user
object also has multiple attributes. An example of an attribute is the user's first
name, last name, or e-mail address. All of this information exists within a huge,
cryptic database on a domain controller (Active Directory). The challenge is to
extract information in a usable format. This is LDAP's job.
Advantage of LDAP
LDAP relies on the TCP/IP stack rather than the OSI stack
Integrate with IP and enable IP clients to use LDAP to query directory
services.
LDAP can perform hyper-searches. Giving one directory the ability to defer
to another to provide requested data.