Join Lisa Bock for an in-depth discussion in this video Diving into Active Directory: Structure, part of IT Security Foundations: Operating System Security.
- A directory service allows information to be stored, classified, and retrieved. Microsoft's directory is called "Active Directory." Active Directory is a database of objects that stores, organizes, and enables access to other objects. Active directory provides essential network services such as DNS and Kerberos-based authentication. The structure of Active Directory resembles a pyramid, in that, at the top of the structure is called "the forest." A tree is formed by a collection of domains and sub-domains.
The domain is the core of a Windows network. The domain created at the top of the directory is called "the root." Any domain beneath that, are referred to as "child domains." A domain controller is a server that stores a copy of all the information on the objects within the domain. Domain controllers are essential, as they manage requests for changes to the database. The information is replicated on all other domain controllers in the domain.
When a server joins the domain, by default, it's called a "standalone member server." To promote a member server to a domain controller, the active directory installation wizard, DCPROMO.EXE, is used. Once a server becomes a domain controller, multi-master replication is used. Meaning, all domain controllers work together in a peer relationship to update information. Organizational units are used within a domain to group similar objects, such as users, groups, or computers.
They are used to minimize the number of domains. Sites within Active Directory are based on IP subnets. Authentication can be achieved by using Kerberos. Kerberos is preferred, as it provides security and authentication. But authentication also can be achieved by using new technology land management, authentication for non-domain members. And trusts. Trusts are very important in the directory. When a new domain is added, trust relationships are automatically configured.
Trusts are commutative two-way trusts. If Domain A trusts Domain B, then the reverse is automatically true. Trusts are automatically transitive if Domain A trusts Domain C, and Domain B trusts Domain C, then, they automatically trust one another.
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Creating strong passwords
- Understanding biometric security
- Adjusting permission behavior
- Enabling auditing
- OS hardening
- Using the Microsoft Baseline Security Analyzer
- Protecting email