active directory travis favors ryan manuel robert rayer
TRANSCRIPT
![Page 1: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/1.jpg)
Active Directory
Travis FavorsRyan ManuelRobert Rayer
![Page 2: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/2.jpg)
Active Directory
Contains information of all objects in an organization’s network.
Arranges Objects into logical, hierarchical groups.
Provides permissions based on stored information.
Authentication
![Page 3: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/3.jpg)
Attributes
Characteristics and Information that belong to an object
Can be required or optional
![Page 4: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/4.jpg)
Objects
Entities of the network
Composed of attributes
Example Objects: User, Printer, Shared Folder
![Page 5: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/5.jpg)
Object Classes
Contains a list of associated attributes
Blueprint for object creation
![Page 6: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/6.jpg)
Schema
Master List of all object classes
Defines all objects and attributes available for an object
Identifies the relationships between all objects
![Page 7: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/7.jpg)
SchemaSchema
User
name
department
Printer
name
location
Shared Folder
name
description
Object ClassesAttributes
![Page 8: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/8.jpg)
Access Control
Used to manage user access to shared resources
Administered at object level by setting permissions
Examples: Full control, write, read and no access
Permissions are set to shared objects
Shared objects are objects that is intended to be used over a network by more than one user
Three elements define access control permissions
![Page 9: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/9.jpg)
Security Descriptors
Permissions are stored in security descriptors
Security Descriptors contain two access control lists
Discretionary Access Control List (DACL)
System Access Control List (SACL)
![Page 10: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/10.jpg)
User Authentication
User’s Access Token
Subject
User SID
Group SIDs
List of Privileges
Other Access Information
Object’s Security Descriptor
Object
Object Owner SID
Group SID
ACEACEACE
SACL
ACEACEACE
DACL
Active Directory also authenticates and authorizes users, groups, and computers to access objects on the network
The Local Security Authority (LSA) is responsible for all user authentication
LSA generates two pieces of information after a user’s identity is confirmed
![Page 11: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/11.jpg)
Object Inheritance
OU
OU
OU
Parent Object
Child Object
Child Object
Objects inherit permissions from their parent container when they’re created
Object inheritance can be turned off
![Page 12: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/12.jpg)
Workgroups
All Computers are peers. There is no host.
User accounts aren’t shared.
No more than 20 computers at once.
Not protected by authentication
All computers must be on the same local network/subnet.
![Page 13: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/13.jpg)
Domains
Servers as hosts/admins
Easy to apply sweeping policy changes
Users must provide authentication to access
User accounts can access any computer on the domain
Enforce consistency
Borderline limitless capacity
Distributed across multiple networks
![Page 14: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/14.jpg)
Organizational Units
Organize and segregate groups of a domain
Smallest unit where group policy can be enforced
Useful for representing the logical hierarchy of an organization
Can be nested
Reduces need for multiple domains to some degree
Allows for granular delegation of administrative authority
![Page 15: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/15.jpg)
Trees
Domain trees are collections of domains with a hierarchal structure.
Domains controlled by other domains are child domains, and the controlling domain is the parent domain.
![Page 16: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/16.jpg)
Forests
Complete instance of Active Directory
Contains all Domain Trees, including their domains and organizational units
The first, highest-level domain in a Forest is called the Forest Root Domain
![Page 17: Active Directory Travis Favors Ryan Manuel Robert Rayer](https://reader030.vdocument.in/reader030/viewer/2022032414/56649efa5503460f94c0bee2/html5/thumbnails/17.jpg)
Trust Relationships
Extend security across multiple domains
Allow access to data and storage locations on other domains
“Transitive” trust relationships extend trust from the trusted domain to all of that domain’s trusted domains, whereas “Nontransitive” do not.