Scribd Logo
Upload

Welcome to Scribd!

  • Windows Server 2016

    Uploaded by

    Sirbu Oana
    99 views3 pages
    - Active Directory Domain Services (AD DS) is a directory service that includes a database (NTDS.dit), domain controllers, and a schema to define attributes. - A forest is the top-level container and consists of one or more domains. Domains contain organizational units (OUs) and containers to organize objects. - AD DS includes tools for domain controller deployment and administration, global catalog queries, Kerberos authentication, and Group Policy management. Advanced configurations involve multiple domains, forests, trusts, and sites.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    - Active Directory Domain Services (AD DS) is a directory service that includes a database (NTDS.dit), domain controllers, and a schema to define attributes. - A forest is the top-level container and consists of one or more domains. Domains contain organizational units (OUs) and containers to organize objects. - AD DS includes tools for domain controller deployment and administration, global catalog queries, Kerberos authentication, and Group Policy management. Advanced configurations involve multiple domains, forests, trusts, and sites.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    99 views3 pages

    Windows Server 2016

    Uploaded by

    Sirbu Oana
    - Active Directory Domain Services (AD DS) is a directory service that includes a database (NTDS.dit), domain controllers, and a schema to define attributes. - A forest is the top-level container and consists of one or more domains. Domains contain organizational units (OUs) and containers to organize objects. - AD DS includes tools for domain controller deployment and administration, global catalog queries, Kerberos authentication, and Group Policy management. Advanced configurations involve multiple domains, forests, trusts, and sites.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    AD DS

    - Database – la AD se numeste NTDS.dit


    - Domain controlere
    - schema = set de attribute
    - forest = 1-ul container
    - domenii
    - OU
    - containere

    PAM = privilege acces mngmt

    - Logical /physical components

    Schema

    - structura arborelui / forest


    - domain name master

    Forest

    - tree + domenii simple


    - entreprise admin – are drepturi pe domenii

    Domeniu

    - domain admin
    - RID master - creaza un pool de sid-uri
    - Infrastructure master – face manage la obiectele over-domain /din afara domeniului
    - PDC emulator master – tine timpul la nivel de domeniu

    OU

    Containere

    - nu putem face gpo-uri + delegari de permisiuni

    Azure AD

    AD DS administration tools

    - domain controller
    - database/ntds.dit + sysvol (contine templaturi de gpo + scripts)
    - servicii Kerberos + KDC
    - read-only DC /bitlocker

    - global catalog
    - tine o parte di atribute la nivel de forest + pt.search

    SRV

    AD DS sign-in process
    - AS + TGS (ticket granting service) + database
    - TGT

    - operations masters /FSMO


    - forest : domani naming master + schema master
    - domain: …

    Deploying a domain controller

    - AD domain service config


    - Powershell
    - Upgrade
    - Clone

    LAB Deploying and admin AD DS

    Managing objects

    - Creating user accounts


    - Templates
    - Groups – distribution + security; membership; default
    - Secure channel
    - Offline domain

    Planning OUs

    3. Advanced AD DS deployements

    - limite de domeniu / forest

    - multiple domains / forests

    Deploying a DC in Azure IaaS

    MIM (Microsoft Identity Manager)

    Domain/ forest functional levels

    - Forest root / child / tree domain


    - Upgrade / migrate
    o SID history
    - DNS
    o AD integrated
    o Conditional forwarders + stub zones
    o Globalname zone
    - UPN - suffixes / global catalog / federated auth scenarios
    AD DS trusts

    - Parent-child / external / tree-root – tranzitiv / non-tranzitiv

    AD DS sites

    - Default site links

    Implementing Group Policy

    - Scope
    - WMI filtering
    - item targeting
    - inheritance
    - enforced
    - slow link
    - RSoP
    - GPO Wizard
    - Administrative templates – admx
    - Security templates
    - Folder redirection
    - Software distribution
    - Preferences

    Securing AD DS

    - Securing DCs
    - service accounts
    - password policies
    - kerberos policies
    - protecting groups

    Monitoring AD DS

    - perfmon
    - ntdsutil – intervenim la baza de date AD – offline
    o clean DC metadata
    o reset DSRM

    AD backup + restore

    - non-autoritativa /normala + autoritativa full server + alternate location

    You might also like