Skip to main content

Active Directory Components

Active Directory is a central repository of Objects. We can define objects in two groups:
Container Objects (Which can contain some object) & Leaf Object (Can’t contain and other object)

Some of the common container objects are below:

--> Domain: Logical grouping of network resources including Users, Groups, Devices, Services and all objects that constructs AD.

--> Tree: Logical grouping of network resources and devices and contain one or more domain. It should be configured in a parent-child relationship and should be use a common namespace.

--> Forest: Largest container object within Active Directory and it's a fundamental security boundary. It contains one or more tree. A user can access resources across an entire Active Directory forest using a single logon/password combination.

--> Organization Unit (OU): An OU in a container that represents a logical grouping of resources that have similar security or administrative guidelines. It is also used for Delegation and Applying Security Policy.

Some of the common Leaf objects are below:

--> User: A user is an object, that is a security principal in the Active Directory. A user can log on to the network with these credentials and access permissions can be granted to users.

--> Contact: A contact object is an account that does not have any security permissions. You cannot log on to the network as a contact. Contacts are typically used to represent external users for the purpose of e-mail.

--> Service: An operating system object to perform a specific task or function. For example DHCP.EXE makes a server capable of providing IP to other devices in the network.

Active Directory Schemaone of the most important component of the Active Directory that define "The Object and The Attribute". In other word we can say "Active Directory Schema is a combination of Object Classes and Object Attributes. In other words we can say "An Object Class defines the set of mandatory and optional attributes it can have".

Let's take an example of creating a new user, it will be the type/object class of user which defines, that the attributes like CN, samAccountName, ObjectCategory, ObjectClass are mandatory and attribute like accountExpire, Title, e-mail etc are optional for an user object.



Home

Comments

Post a Comment

Popular posts from this blog

PKI Lab Setup

Resource Forest Active Directory Domain Service – DC01 Root Certificate Authority (Offline) – RCA01 Issuing Certificate Authority – ICA01 Client Server – WS01 Account Forest ADC01 AWS01 ------------------------------------------------------------------------------------------------------------------------------------------------------ Step 1 – Installing the Domain Controller Step 2 – Installing the Root Certificate Authority Ø   Install the AD CS Role on the server (RCA01) Ø   Configure the AD CS Role ü   Click – Configure Active Directory Certificate Service on the Destination Server ü   Click Next – If you have logged in with Administration Account or Choose the Account which will be responsible for CA ü   Select Role Service to configure – For my case I am selecting only Certification Authority ü   Select Standalone CA – As this will be offline CA on a work group machine ü   Select Root CA – As this will be the Root CA Server ü   Create a new private key – Mandato
Post a Comment
Read more

Active Directory Replication

Active Directory Replication: is the process by which a change made to an Active Directory objects on one domain controller is propagate to another domain controller. Type of change can be addition, modification, container change or deletion of an object. When a change occurs, domain controller notify to other domain controller which is called Change Notification . Then replication partners generates Change Request . Then the source domain controller send the Update to replication partners.  The delay between the time a change occurs and the time it is propagated to all domain controllers in the site is known as  Replication Latency . 15 Sec for first direct replication partner (Configurable) 3 sec for rest replication partner (Configurable) Security updates like Password lock do not wait for 15 sec and replicates immediately and known as Urgent Replication . Changes can take place on any DC. It may possible that same change take place on multiple DC at same time and this can cause
Post a Comment
Read more

What is Active Directory

Active Directory (AD)   is a  directory  service that Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Active Directory is a database that keeps track of all the user accounts and passwords in your organization. It allows you to store your user accounts and passwords in one protected location, improving your organization's security. Active Directory is subdivided into one or more domains By simple meaning,  Active Directory   is a centralize repository of  O bjects . Everything like User, Group, Service, Resources etc, is an object for Active Directory.  Active Directory  is simply a collection of all these resources. When we put all these object together under a logical grouping or boundary including network resources to construct  Active Directory  is know as  Domain . A single/ multiple  Domains  in contiguous namespace together construct a  Tree   and  single/ multiple  Trees  with a t
Post a Comment
Read more