Beruflich Dokumente
Kultur Dokumente
www.supinfo.com
Copyright © SUPINFO. All rights reserved
Introducing Active Directory® Domain Services
Course objectives
By completing this course, you will:
Overview of Active Directory,
Identity, and Access
Active Directory Components
and Concepts
Install Active Directory Domain
Services
Introducing Active Directory® Domain Services
Overview of Active
Directory, Identity, and
Access
Overview of Active Directory, Identity, and Access
Preview
Information Protection in a Nutshell
Identity and Access
Authentication and Authorization
Authentication
Access Tokens
Security Descriptors, ACLs, and ACEs
Authorization
Stand-Alone (Workgroup) Authentication
Active Directory Domains: Trusted Identity Store
Active Directory, Identity, and Access
Active Directory and IDA services
Overview of Active Directory, Identity, and Access
Information Protection
One focus :
Authentication
Access Tokens
Security Descriptor
SACL : owner, audit
DACL or ―ACL‖ : NTFS permission
ACE : Trustee (by SID) + Access Mask
Overview of Active Directory, Identity, and Access
Authorization
System finds first ACE in the ACL that allows or denies the requested
access level for any SID in the user’s token
Overview of Active Directory, Identity, and Access
Demonstration
The trainer will create a new user, give permission to him on a
local folder then delete this account.
Stop-and-think part 1
Active Directory
Components and Concepts
Overview of Active Directory, Identity, and Access
Preview
Active Directory as a Database
Demonstration: Active Directory Schema
Organizational Units
Policy-Based Management
Active Directory Data Store
Domain Controllers
Domain
Replication Global Catalog
Sites Functional Levels
Forest DNS and Application Partitions
Tree Trust Relationships
Overview of Active Directory, Identity, and Access
Demonstration
The trainer will show you how the Schema acts as a blueprint
for Active Directory by exploring some Attributes and Object
classes.
Overview of Active Directory, Identity, and Access
Organizational Units
Containers
Users
Computers
Organizational Units
Containers that also support the management and configuration
of objects by using Group Policy
Create OUs to:
Delegate administrative permissions
Apply Group Policy
Overview of Active Directory, Identity, and Access
Policy-Based Management
%systemroot%\NTDS\ntds.dit
Logical partitions Schema
Configuration
Global catalog (Partial Attribute Set)
Domain
DNS (application partitions)
SYSVOL
DNS
%systemroot%\SYSVOL
Logon scripts
Policies PAS
Overview of Active Directory, Identity, and Access
Domain Controllers
Best practices
Availability: At least two in a domain
Security: Server Core and RODCs
Overview of Active Directory, Identity, and Access
Domain
Replication
Multimaster replication
Objects and attributes in the database
Contents of SYSVOL are replicated
Sites
Service localization
Log on to a DC in your site
Overview of Active Directory, Identity, and Access
Forest
Tree
supinfo.lan
supinfo-projects.lan
nantes.supinfo.lan
Overview of Active Directory, Identity, and Access
Global Catalog
Functional Levels
Directory
Complete reliance on DNS to Domain
an application partition
Overview of Active Directory, Identity, and Access
Trust Relationships
Stop-and-think part 2
Exercice 1 & 2
Lab quizz
• What can you do with the Initial Configuration Tasks
console?
• What must you do before starting dcpromo wizard?
• Which tool is used to raise the domain functional level?
External references