Christopher Chapman | MCTContent PM, Microsoft Learning, PDG Planning , Microsoft
Understanding Active Directory
Meet Christopher Chapman
• Background– IT manager and implementer focused on
deploying, maintaining and optimizing networks of all sizes (from SMB to Enterprise)
– IT Consulting projects include Custom SharePoint for Microsoft IT, Netware/Notes migration to AD/Exchange, Transition to centralized management (250 clients)
– Instructor and Director of Instruction
• Contact– [email protected]–@ChristopherMSL
Course Topics
Understanding Active Directory
01 | Introduction to Active Directory
02 | Active Directory Domain Services (DS)
03 | Active Directory Certificate Services (CS)
04 | Active Directory Federation Services (FS)
05 | Active Directory Rights Management Services (RMS)
06 | Active Directory Lightweight Directory Services (LDS)
Setting Expectations
• Target Audience– IT Help Desk staff interested in moving into
Network/Systems Administration– Anyone interested in learning more about Active Directory
• Suggested Prerequisites/Supporting Material–Microsoft Technology Associate:• Exam 98-349: Windows Operating System Fundamentals• Exam 98-365: Windows Server Administration Fundamentals• Exam 98-366: Networking Fundamentals• Exam 98-367: Security Fundamentals
Click to edit Master subtitle style
Microsoft Virtual AcademyIntroduction to Active
Directory
• Active Directory isn’t what it used to be!
• What is Active Directory?
• Active Directory Roles
Module Overview
• What is Active Directory?– A collection of services
(Server Roles and Features) used to manage identity and access for and to resources on a network
What is Active Directory
Domain Services
• Internal Accounts
• Authorization
• Authentication
Federation Services• Network
Access for External Resources
Certificate Services• Identity• Non-
Repudiation
Rights Management Services• Content
Security and Control
Lightweight Directory Services• Application
Templates
Active Directory
• Identity• Access• Centralized
Management
• AD Domain Services (AD DS)– Users, Computers, Policies
• AD Certificate Services (AD CS)– Service, Client, Server and User identification
• AD Federation Services (AD FS)– Resource access across traditional boundaries
• AD Rights Management Services (AD RMS)–Maintain security of data
• AD Lightweight Directory Services (AD LDS)
Active Directory Roles
• What is Active Directory Domain Services?– A directory service is
both the directory information source and the service that makes the information available and usable
– A phone book…
What is AD DS?Windows Server
• Mgmt Profile• Network Info• Printers• Shares
Windows User
• Account Information
• Privileges• Profiles• Policies
Windows Client• Mgmt Profile• Network Info• Policies
Email Servers
• Mailbox Information
• Address Book
Applications• Server
Config• SSO• App-
Specific Directory Info
Network Devices
• Config• QoS Policy• Security
Policy
Active Directory Domain Services• Manageability• Security• Interoperability
• Scalable, secure, and manageable infrastructure for user and resource management– stores and manages information about network resources– provides support for directory-enabled applications such as
Microsoft® Exchange Server– allows for centralized management
What does AD DS do?
• AD CS is the Microsoft implementation of Public Key Infrastructure (PKI)
• PKI is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
What is AD CS?
Revocation Request
Certificate Revocatio
n List
CRL Retrieval
5
x.509 Certificate Chain
Certificate Retrieval
4
Certificate Signing Request Enrollment
3
Certificate Repositor
y
Certification
Revocation
Repository
2
End-Entities (users or
computers)1
• AD CS provides customizable services for issuing and managing digital certificates– Certification Authorities– CA Web Enrollment– Online Responders– Network Device Enrollment Service (NDES)– Certificate Enrollment Web Service– Certificate Enrollment Policy Web Service
What does AD CS do?
• A software component that facilitates the cross-organizational access of systems and applications
What is AD FS?
Web Server
Resource Federation Server
Account Partner Organization
Resource Partner Organization
Account Federation Server
AD DS
Federation Trust
• The AD FS server role provides simplified, secured identity federation and Web single sign-on (SSO) capabilities. – enables the creation of trust relationships between two
organizations– provides access to applications between organizations– provides Single Sign-on (SSO) between two different
directories for Web-based applications
What does AD FS do?
• Active Directory Rights Management Services (AD RMS) is an information protection technology that works with applications to safeguard digital information
What is AD RMS?
RMS Server
Information Author
Recipient
• Allows individuals and administrators to specify access permissions to documents, workbooks, and presentations– prevent sensitive information from being printed,
forwarded, or copied by unauthorized people– access and usage restrictions are enforced no matter
where the information is located
What does AD RMS do?
• AD LDS is a hierarchical file-based directory store
• AD LDS is both the directory information source and the service that makes the information available and usable
What is AD LDS?Windows User
• Account Information
• Privileges• Profiles• Policies
Email Servers
• Mailbox Information
• Address Book
Applications• Server
Config• SSO• App-
Specific Directory Info
Network Devices
• Config• QoS Policy• Security
Policy
Active Directory LDS• Manageability• Security• Interoperability
• Lightweight Directory Access Protocol (LDAP) – Directory service that provides flexible support for
directory-enabled applications, without the dependencies and domain-related restrictions of AD DS
– provide directory services for directory-enabled applications without incurring the overhead of domains and forests
– no requirement for a single schema throughout a forest
What does AD LDS do?
Thanks for Watching!
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.