Active Directory Introduction
Hello there , this is Maher islaieh .
Our first chapter in MCSA training sessions will be [ active directory domain services ADDS ], since AD DS is the first services should be installed in the local network to administer and manage ALL IT aspects
To obtain MCSA 2016 certificate as per Microsoft : you should pass 3 exams
- Exam 70-740/Course 20740 Installation, Storage, and Compute with Windows Server 2016
- Exam 70-741/Course 20741 : Networking with Windows Server 2016
- Exam 70-742/Course 20742 Identity with Windows Server 2016 : ADDS , ADDCS ,ADFS
In this chapter we will
- Get brief overview of ADDS
- Install ADDS & DNS services
- Join client computer to AD
- configure Kerberos Constrained Delegation (KCD);
- manage Service Principal Names (SPNs);
- delegation to assign IT employees some AD some administrative rights
- Maintain Active Directory
- Create and manage Group Policy Objects (GPOs)
- Install and configure certificate service AD CS
- Manage certificates to secure connection with many network services like exchange, share point etc.
- Active Directory Federation Services (AD FS)
- Create and Manage AD objects like :
- Users account
- Groups
- Organizational Unit OU ,
- Group Managed Service Accounts (gMSAs);
what is Active Directory
So … what is Active Directory [ Reffered to AD ] and what is Active Directory domain services [ reffered to ADDS ] ? and why do we need it ?
Ok … first let us to understand what does [ directory service ] Mean?
[directory service] or sometimes called [name service] is service installed over server to manage and control all resources in network , [like ; folders, files, printers, users, groups, devices ,etc.. ]
Each Operating system has its own of [directory service]
- For example : NOVELL has directory services product called Novell Directory Services (NDS) ]
- Also lniux servers with any distribution [redhat , suse , BSD erc.. ] use directory service called [ openLDAP ]
- Microsoft has [directory service] called [ Active Directory domain service ADDS ] which is implemented since windows server 2000, through 2003 , 208 , 2012 , 2016 until windows server 219 [the latest version of Microsoft windows server ]
ADDS is integrated with another service call domain name service [DNS] to provide name mapping [computer name to IP ] and [IP to name ]
Microsoft includes LDAP (Lightweight Directory Access Protocol) as part of Active Directory. LDAP is a software protocol for enabling anyone to locate resources in a network
Communication between Client computers and Active Directory server [ called domain controller ] is encrypted through protocol Kerberos [ the latest version is krb5-1.17 ]
Let’s have quick look at our Primary lab setup diagram for active Directory Pioneers.lab
Network Diagram [ Pioneers.lab ]
As you see above :
We have windows server 2016 in network subnet called [servers farm ]
Server name DC101 [DC stand for Domain Controller and 101 stand for last part in IP address ]
Server has the following Features installed :
- Domain name service DNS ,
- Active Directory Domain Service ADDS ,
This is primary server in network and currently the ONLY one ; but of course that [servers farm ] will have many many servers later to manage all IT aspects
Client computer and other resources [like printers , wireless AP ..etc. ] in another subnet called [LAN]
you may wounder why we have to divide network into 2 subnets [ LAN & servers Farm ] ?
actually … Even that we can allocate all client computers and servers in same subnet but this NOT recommended for security wise
Both client computers and servers will use firewall [ pfsense ] to access internet
Firewall [pfsense] will also control traffic between [LAN] and [Servers Farm ].
Active Directory Features
So what are the benefits of Active Directory ?
Active Directory as Directory Service provide us with many many feature , includind BUT NO limited to to
- manage computers and other devices on a network
- allows network administrators to create and manage domains, users, and objects within a network
- Centralized resources and security administration
- Single logon for access to global resources
- Simplified resource location
- Single Sign-On (SSO).
How Active Directory Work ?
When we first install a Windows computer, server or a workstation, there’s no domain involved at all. They are all standalone or workgroup computers. This is the environment in which we have separate usernames and passwords all over the place.
Active Directory helps to put all that together into a single organization. It starts off with a database known as the NTDS.DIT file (NT Directory Services . Directory Information Tree) that sits on one or more domain controllers
LDAP servers
- Active Directory Services : ADDS ,
- LDAP ,
- LDS ,
- ADFS ,
- RMS