SlideShare ist ein Scribd-Unternehmen logo

Windows Network Concepts and Active Directory Domain Services

Als PPTX, PDF herunterladen
I
IgguuMuude

compiled by Husen Adem at Ambo University Woliso Campus school of Informatics and Technology department of Information

Technologie
1 von 55
Ambo University Woliso Campus Department of Information Technology Network and System Administration Chapter two Windows network concepts 1 By Husen Adem at Ambo University Woliso Campus department of Information Technology
The topics discussed in this section include  Domain Name Server  Workgroups  Active directory and LDAP  Domain controllers 2 By Husen Adem
How computers communicate ?3 192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5 By Husen Adem
TCP/IP was designed to be used by a trusted group of users 4 3 way handshake SYN = ISNC SYN = ISNS, ACK(ISNC) ACK(ISNS) data transfer client server ISN – Initial Sequence Number How computers communicate ? By Husen Adem
5 How computers communicate ? By Husen Adem
How human communicate with computers? 6 192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5 192.168.1.7 G Google.com 209.165.200.225 Mr. G opens browser and type http://www.google.com 1.How this possible ? 2.How computer understand http://www.google.com By Husen Adem
Purpose of naming  Addresses are used to locate objects  Names are easier to remember than numbers  We would like to get to the address or other objects using a name  DNS provides a mapping from names to resources of several types 7 By Husen Adem
DNS  DNS is a network service that enables clients to resolve names to IP address and vice-versa.  Allows machines to be logically grouped by domain names.  Comprised of three components  A “name space”  Servers making that name space available  Resolvers (clients) which query the servers about the name space 8 By Husen Adem
DNS Features Global Distribution:  Data is maintained locally, but retrievable globally No single computer has all DNS data  DNS lookups can be performed by any device  Remote DNS data is locally catchable to improve performance 9 By Husen Adem
DNS Features Loose Coherency:  The database is always internally consistent Each version of a subset of the database (a zone) has a serial number The serial number is incremented on each database change  Changes to the master copy of the database are replicated according to timing set by the zone administrator  Cached data expires according to timeout set by zone administrator 10 By Husen Adem
DNS Features Scalability:  No limit to the size of the database One server has over 20,000,000 names  No limit to the number of queries 24,000 queries per second handled easily  Queries distributed among masters, slaves, and caches 11 By Husen Adem
DNS Features  Reliability:  Data is replicated Data from master is copied to multiple slaves  Clients can query Master server Any of the copies at slave servers  Clients will typically query local caches  DNS use port 53 UDP for the queries and responses TCP for the zone transfer 12 By Husen Adem
DNS Features Dynamicity:  Database can be updated dynamically Add/delete/modify of any record  Modification of the master database triggers replication Only master can be dynamically updated Creates a single point of failure 13 By Husen Adem
DNS Operation  A DNS is a distributed database of name and IP address.  The database is made up of Zone file.  When a host computer requests for a file “name resolution” the DNS server consults it’s zone file for IP address  If DNS has the file in its database reply the ip address  If DNS does not has record for that request it consult to upper domain server or root server  After getting the resolution/file from the root server will return the result to the client  Then the client will get response back and get access 14 By Husen Adem
Concept: DNS Names 1  The namespace needs to be made hierarchical to be able to scale.  The idea is to name objects based on location (within country, set of organizations, set of companies, etc) unit within that location (company within set of company, etc) object within unit (name of person in company) 15 By Husen Adem
Concept: DNS Names 2 How names appear in the DNS  Fully Qualified Domain Name (FQDN) this show the hole domain levels WWW.RIPE.NET.  labels separated by dots  DNS provides a mapping from FQDNs to resources of several types  Names are used as a key when fetching data in the DNS 16 By Husen Adem
Concept: Resource Records 17 The DNS maps names into data using Resource Records. www.ripe.net. … A 10.10.10.2 Address Resource Resource Record By Husen Adem
Concept: DNS Names 3  Domain names can be mapped to a tree.  New branches at the ‘dots’  No restriction to the amount of branches. net com ripe www www edu isi tislabs • disi ws1 ws2 • • • • • • ftp sun google moon 18 By Husen Adem
Concept: Domains  Domains are “namespaces”  Everything below .com is in the com domain.  Everything below ripe.net is in the ripe.net domain and in the net domain. net domain com domain ripe.net domain net com ripe www www edu isi tislabs • disi ws1ws2 • • • • • • ftp sun moon google 19 By Husen Adem
Delegation  Administrators can create subdomains to group hosts According to geography, organizational affiliation or any other criterion  An administrator of a domain can delegate responsibility for managing a subdomain to someone else  The parent domain retains links to the delegated subdomain The parent domain “remembers” who it delegated the subdomain to 20 By Husen Adem
net domain Concept: Zones and Delegations Zones are “administrative spaces” Zone administrators are responsible for portion of a domain’s name space Authority is delegated from a parent and to a child ripe.net zone net zone disi.ripe.net zone net com ripe www www edu isi tislabs • disi ws1ws2 • • • • • • ftp sun moon google 21 By Husen Adem
Concept: Name Servers  Name servers answer ‘DNS’ questions.  There are several types of name servers  Authoritative servers master (primary) slave (secondary) (Caching) recursive servers also caching forwarders Mixture of functionality 22 By Husen Adem
Concept: Authoritative name server The last server in DNS and stores the website’s IP address Give authoritative answers for one or more zones. The master server normally loads the data from a zone file A slave server normally replicates the data from the master via a zone transfer master slave slave 23 By Husen Adem
Concept: Recursive server(Caching) Recursive servers do the actual lookups; they ask questions to the DNS on behalf of the clients. Answers are obtained from authoritative servers but the answers forwarded to the clients are marked as not authoritative Answers are stored for future reference in the cache 24 By Husen Adem
Concept: Resolvers  Resolvers ask the questions to the DNS system on behalf of the application.  Client part of DNS  Makes requests to DNS server  Normally implemented in a system library (e.g, libc) gethostbyname(char *name); gethostbyaddr(char *addr, int len, type); 25 By Husen Adem
Concept: Resolving process & Cache Resolver Question: www.ripe.net A www.ripe.net A ? Caching forwarder (recursive) root-serverwww.ripe.net A ? Ask net server @ X.gtld-servers.net (+ glue) gtld-server www.ripe.net A ? Ask ripe server @ ns.ripe.net (+ glue) ripe-server www.ripe.net A ? 192.168.5.10 192.168.5.10 Add to cache 26 By Husen Adem
Resource records consist of it’s name, it’s TTL, it’s class, it’s type and it’s RDATA TTL is a timing parameter IN class is widest used There are multiple types of RR records Everything behind the type identifier is called rdata Concept: Resource Records detail Label ttl class type rdata www.ripe.net. 3600 IN A 10.10.10.2 27 By Husen Adem
Resource Records  Resource Record Types SOA Start Of Authority NS Name Server A IPv4 name-to-address translation AAAA IPv6 name-to-address translation PTR Address-to-name translation MX Mail eXchanger CNAME Canonical NAME TXT Text … 28 By Husen Adem
What is Workgroup ?  Workgroup is Microsoft's term for peer-to-peer local area network.  Computers running Microsoft operating systems in the same workgroup may share files, printers, or Internet connection.  logical groups of network devices  each device is a standalone system, everyone is a peer  They are on a single subnet. 29 By Husen Adem
Active directory domain service Why Deploy AD DS?  AD DS is a server services and foundation of windows network.  A network directory service stores information about a computer network and offers for retrieving and managing that information.  It’s an administrative tool, but users make use of directory services to find resources.  Directory services provide a centralized management tool, but due to complexity, requires careful planning prier to setup. 30 By Husen Adem
Active directory structure  AD DS is composed of both logical and physical components 31 Logical components Physical components • Partitions • Schema • Domains • Domain trees • Forests • Sites • OUs • Containers • Domain controllers • Data stores • Global catalog servers • RODCs By Husen Adem
Active directory physical structure  An active directory site is simply a physical location in which domain controllers communicate and replicate information regularly  Each domain controller contains a full replica of the objects that make up the domain and is responsible for Storing a copy of the domain data and replicating changes to that data to all other domain controllers in the domain Providing data search and retrieval functions for users attempting to locate objects in the directory. Providing authentication and authorization services for users who log on to the domain and attempt to access network resources 32 By Husen Adem
What Are AD DS Domains?  An AD DS domain is a logical container used to manage user, computer, group, and other objects.  All domain controllers hold a copy of the domain database, which is continually synchronized  The domain is an administrative center for configuring and managing objects Any domain controller can authenticate any sign-in anywhere in the domain AD DS requires one or more domain controllers The domain provides authorization An administrative boundary for applying policies to groups of objects 33 AD DS Computers Users Groups By Husen Adem
What Is a Domain Controller? Domain controllers is:-  Servers that host the AD DS database (Ntds.dit) and SYSVOL A server with the AD DS server role installed that has specifically been promoted to a domain controller  Provide authentication and authorization services  Replicate updates to other domain controllers in the domain and forest  Allow administrative access to manage user accounts and network resources  Kerberos authentication service and key distribution center (KDC) services perform authentication 34 By Husen Adem
What Are OUs? 35 • Containers that can be used to group objects within a domain • There are two reason to Create OUs: • Configure objects by assigning GPOs • Delegate administrative permissions OUs are represented by a folder with a book on it Containers are represented by a blank folder The primary difference between OUs and containers are the management capabilities.By Husen Adem
What are Trees ?  A domain tree is a collection of one or more domains that share a contiguous name space. All domains in the tree:  Share a contiguous namespace with the parent domain  Can have additional child domains  By default create a two-way transitive trust with other domains 36 contoso.com na.contoso.comemea.contoso.com By Husen Adem
What Is AD DS Forest? 37 Tree root domain fabrikam.com atl.adatum.com Child domain adatum.com Forest root domain • Forest is a collection of one or more active directory trees that that share a common directory schema and global catalog. • All domains in all trees can communicate and share information • Can consists of a single trees, each with a hierarchy of parent and child domains The forest root domain contains a few objects that do not exist in other domains in the forest. By Husen Adem
What Is the AD DS Schema? 38  The AD DS schema is the component that defines all object classes and attributes that AD DS uses to store data.  It’s the blueprint for AD DS.  The schema is replicated among all domain controllers in the forest.  An object is a grouping of information that describes a network resource AD DS uses objects as units of storage.  Schema classes defines the type of objects that can be stored in active directory  Schema attributes defines what type of information is stored in each object  The information stored in each attribute is called the attribute valeBy Husen Adem
Cont.. 39 By Husen Adem
What Is the Global Catalog? 40 • The global catalog is a partial, read-only, searchable copy of all the objects in the forest. • Contains a copy of all AD DS objects in a forest that includes only some of the attributes for each object in the forest • Improves efficiency of object searches by avoiding unnecessary referrals to domain controllers • Required for users to log on to a domain AD DS Global catalog server Schema Configuration Domain A Domain B Domain B Configuration Schema Domain B Configuration Schema Domain A Configuration Schema By Husen Adem
The AD DS Sign-in Process 41 Domain controller ServerWorkstation The AD DS sign-in process: 1. The user account is authenticated to the domain controller. 2. The domain controller returns a TGT back to client. 3. The client uses TGT to apply for access to the workstation. 4. The domain controller grants access to the workstation. 5. The client uses TGT to apply for access to the server. 6. The domain controller returns access to the server. When users sign in to AD DS, their system looks in DNS for service resource (SRV) records to locate the nearest suitable domain controller. By Husen Adem
What is the AD DS Data Store?  The AD DS data store contains the database files and processes that store and manage directory information for users, services, and applications  Consists of the Ntds.dit file  The Ntds.dit file on a particular domain controller contains all naming contexts hosted by that domain controller, including the Configuration and Schema naming contexts.  Is stored by default in the %SystemRoot%NTDS folder on all domain controllers  Is accessible only through the domain controller processes and protocols 42 By Husen Adem
What is AD DS Replication?  AD DS replication copies all updates of the AD DS database to all other domain controllers in a domain or forest. AD DS replication:  Ensures that all domain controllers have the same information  Uses a multimaster replication model  Can be managed by creating AD DS sites  The AD DS replication topology is created automatically as new domain controllers are added to the domain Advantages of multi-master replication include:  The elimination of single point of failure  Faster replication as each domain controller can be involved with replicating data 43 By Husen Adem
What are Sites?  An AD DS site is used to represent a network segment where all domain controllers are connected by a fast and reliable network connection.  For purposes of replication, AD DS logically organizes groups of servers into sites, by default one site is created in AD DS. Sites are:  Associated with IP subnets  Used to manage replication traffic  Used to manage client logon traffic  Used by site aware applications such as Distributed File Systems (DFS) or Exchange Server  Used to assign group policy objects to all users and computers in a company location 44 By Husen Adem
LDAP(Lightweight Directory Access Protocol)  It’s an application protocol used over an ip network to manage and access the distributed directory information service.  The primary purpose to store and retrieve data from a hierarchical directory structure. 45 • LDAP is a flexible solution for defining any type of entity and its qualities. By Husen Adem
cont.. 46 It’s similar to a telephone directory that contains a list of subscribers with their contact number and address By Husen Adem
Cont..  A client needs to connect to the server known as the Directory system Agent, which is set by default to use TCP port 389.  After the connection is established, the client and the server exchange packets of data. Basic encoding rules are used to transfer information between the server and the client. 47 By Husen Adem
Structure of LDAP 48 The structure of LDAP is seems relatively complex, it’s is fairly simple to understand. By Husen Adem
Cont..49 The server is capable of holding a sub-tree and its’s children, beginning from a particular entry. By Husen Adem
Operations on LDAP There are a plethora of operations that can be performed on the lightweight Directory Access protocol.  Add – this is used to insert a new entry into the server directory-to-server database.  If the name entered by a user already exists, the server fails to add a duplicate entry and inserted shows an “” entry AlreadyExists” message.  Bind – on connection with the LDAP server, the default authentication state of the session is anonymous.  There are basically two types of LDAP authentication methods- the simple authentication method and the SASL Simple Authentication and Security Layer. 50 By Husen Adem
Cont..  Delete – As the name suggests, this operation is used to delete an entry from the directory.  Modify – this operation is used by LDAP clients to make a request for making changes to the already existing database. The change to be made must be one of the following operations  Add(including a new vale).  Delete(deleting an already existing value)  Replace (overwriting an existing value with a new one).  Unbind – this is the inverse of the bind operation. Unbind aborts any existing operations and terminates the connection, leaving no response in the end. 51 By Husen Adem
What is x.500 ?  X.500 Directory Service is a standard way to develop an electronic directory of people in an organization  Can be part of a global directory available to anyone in the world with Internet access.  It’s purpose is to centralize an organization's contacts so that anyone within (and sometimes without) the organization who has Internet access can look up other people in the same organization by name or department.  Several large institutions and multinational corporations have implemented X.500. 52 By Husen Adem
x.500 Distinguished Names  Attribute=vale pairs  Most specific attribute is listed first  This may be similar to the way you already think CN=WIDGETWEB, OU=Marketing, O=Widget, L=London, ST=London, C=GB, DC=widget, DC=com 53 Attribute Field Usage CN Common name Identifies the person or object OU Organizational unit A unit or department within the organization O Organization The name of the organization L Locality Usually a city or area ST State A state , province, or country within a country C country The country's 2-character ISO code (such as C=US or C=GB) DC Domain component Components of objects domainBy Husen Adem
x.500 directory information tree Hierarchical structure  Builds a tree Container objects  Country, organization, organizational units Leaf objects  Users, computers, printers, files 54 By Husen Adem
END of slide 55 By Husen Adem

Empfohlen

System and network administration network services
System and network administration network servicesSystem and network administration network services
System and network administration network servicesUc Man
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System AdministrationDuressa Teshome
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)Shashidhara Vyakaranal
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name SystemABDUL GAFOOR K V
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNSThousandEyes
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name SystemChinmay Joshi
 
System Administration: Introduction to system administration
System Administration: Introduction to system administrationSystem Administration: Introduction to system administration
System Administration: Introduction to system administrationKhang-Ling Loh
 

Empfohlen

System and network administration network services
System and network administration network servicesSystem and network administration network services
System and network administration network servicesUc Man
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System AdministrationDuressa Teshome
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)Shashidhara Vyakaranal
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name SystemABDUL GAFOOR K V
 
Microsoft Active Directory
Microsoft Active DirectoryMicrosoft Active Directory
Microsoft Active Directorythebigredhemi
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNSThousandEyes
 
Presentation on Domain Name System
Presentation on Domain Name SystemPresentation on Domain Name System
Presentation on Domain Name SystemChinmay Joshi
 
System Administration: Introduction to system administration
System Administration: Introduction to system administrationSystem Administration: Introduction to system administration
System Administration: Introduction to system administrationKhang-Ling Loh
 
Network and System Administration
Network and System AdministrationNetwork and System Administration
Network and System AdministrationIgguuMuude
 
Storage Management in Linux OS.ppt
Storage Management in Linux OS.pptStorage Management in Linux OS.ppt
Storage Management in Linux OS.pptRakesh Kadu
 
DHCP & DNS
DHCP & DNSDHCP & DNS
DHCP & DNSNetProtocol Xpert
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configurationUttamAgarwal9
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNSAkshay Tiwari
 
Domain name system
Domain name systemDomain name system
Domain name systemSiddique Ibrahim
 
Users and groups in Linux
Users and groups in LinuxUsers and groups in Linux
Users and groups in LinuxKnoldus Inc.
 
Systems Administration
Systems AdministrationSystems Administration
Systems AdministrationMark John Lado, MIT
 
IT system and network administrator
IT system and network administratorIT system and network administrator
IT system and network administratorMuhammad Nasir ( MCSA/ MCTS / MCITP)
 
System Administration DCU
System Administration DCUSystem Administration DCU
System Administration DCUKhalid Rehan
 
What is active directory
What is active directoryWhat is active directory
What is active directoryAdeel Khurram
 
Dns
DnsDns
DnsSanoj Kumar
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services202066
 
Active directory
Active directory Active directory
Active directory deshvikas
 
Linux operating system - Overview
Linux operating system - OverviewLinux operating system - Overview
Linux operating system - OverviewAshita Agrawal
 
Cloud computing stack
Cloud computing stackCloud computing stack
Cloud computing stackPedro Alexander Romero Tortosa
 
slide on DNS
slide on DNSslide on DNS
slide on DNSwebhostingguy
 
User administration concepts and mechanisms
User administration concepts and mechanismsUser administration concepts and mechanisms
User administration concepts and mechanismsDuressa Teshome
 
Active Directory
Active Directory Active Directory
Active Directory Sandeep Kapadane
 
IP tables and Filtering
IP tables and FilteringIP tables and Filtering
IP tables and FilteringAisha Talat
 
Introduction
IntroductionIntroduction
Introductionhajafaarukh
 
What is active directory
What is active directoryWhat is active directory
What is active directoryrajasekar1712
 

Weitere ähnliche Inhalte

Was ist angesagt?

Network and System Administration
Network and System AdministrationNetwork and System Administration
Network and System AdministrationIgguuMuude
 
Storage Management in Linux OS.ppt
Storage Management in Linux OS.pptStorage Management in Linux OS.ppt
Storage Management in Linux OS.pptRakesh Kadu
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configurationUttamAgarwal9
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNSAkshay Tiwari
 
Users and groups in Linux
Users and groups in LinuxUsers and groups in Linux
Users and groups in LinuxKnoldus Inc.
 
System Administration DCU
System Administration DCUSystem Administration DCU
System Administration DCUKhalid Rehan
 
What is active directory
What is active directoryWhat is active directory
What is active directoryAdeel Khurram
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services202066
 
Active directory
Active directory Active directory
Active directory deshvikas
 
Linux operating system - Overview
Linux operating system - OverviewLinux operating system - Overview
Linux operating system - OverviewAshita Agrawal
 
User administration concepts and mechanisms
User administration concepts and mechanismsUser administration concepts and mechanisms
User administration concepts and mechanismsDuressa Teshome
 
IP tables and Filtering
IP tables and FilteringIP tables and Filtering
IP tables and FilteringAisha Talat
 

Was ist angesagt? (20)

Network and System Administration
Network and System AdministrationNetwork and System Administration
Network and System Administration
 
Storage Management in Linux OS.ppt
Storage Management in Linux OS.pptStorage Management in Linux OS.ppt
Storage Management in Linux OS.ppt
 
DHCP & DNS
DHCP & DNSDHCP & DNS
DHCP & DNS
 
Dhcp server configuration
Dhcp server configurationDhcp server configuration
Dhcp server configuration
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNS
 
Domain name system
Domain name systemDomain name system
Domain name system
 
Users and groups in Linux
Users and groups in LinuxUsers and groups in Linux
Users and groups in Linux
 
Systems Administration
Systems AdministrationSystems Administration
Systems Administration
 
IT system and network administrator
IT system and network administratorIT system and network administrator
IT system and network administrator
 
System Administration DCU
System Administration DCUSystem Administration DCU
System Administration DCU
 
What is active directory
What is active directoryWhat is active directory
What is active directory
 
Dns
DnsDns
Dns
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services
 
Active directory
Active directory Active directory
Active directory
 
Linux operating system - Overview
Linux operating system - OverviewLinux operating system - Overview
Linux operating system - Overview
 
Cloud computing stack
Cloud computing stackCloud computing stack
Cloud computing stack
 
slide on DNS
slide on DNSslide on DNS
slide on DNS
 
User administration concepts and mechanisms
User administration concepts and mechanismsUser administration concepts and mechanisms
User administration concepts and mechanisms
 
Active Directory
Active Directory Active Directory
Active Directory
 
IP tables and Filtering
IP tables and FilteringIP tables and Filtering
IP tables and Filtering
 

Ähnlich wie Windows Network Concepts and Active Directory Domain Services

What is active directory
What is active directoryWhat is active directory
What is active directoryrajasekar1712
 
Windows Network concepts
Windows Network conceptsWindows Network concepts
Windows Network conceptsDuressa Teshome
 
CSE dns ppt.pptx
CSE dns ppt.pptxCSE dns ppt.pptx
CSE dns ppt.pptxPandajangal
 
Server interview[1]
Server interview[1]Server interview[1]
Server interview[1]sourav nanda
 
Introduction.ppt
Introduction.pptIntroduction.ppt
Introduction.pptM0reGun31
 
Introduction.ppt
Introduction.pptIntroduction.ppt
Introduction.pptElieNGOMSEU
 
Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011Serious_SamSoul
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Servervipulvaid
 
Dns introduction
Dns introduction Dns introduction
Dns introduction sunil kumar
 

Ähnlich wie Windows Network Concepts and Active Directory Domain Services (20)

Introduction
IntroductionIntroduction
Introduction
 
What is active directory
What is active directoryWhat is active directory
What is active directory
 
Application Layer.pptx
Application Layer.pptxApplication Layer.pptx
Application Layer.pptx
 
Windows Network concepts
Windows Network conceptsWindows Network concepts
Windows Network concepts
 
Common Network Services
Common Network ServicesCommon Network Services
Common Network Services
 
Dns
DnsDns
Dns
 
CSE dns ppt.pptx
CSE dns ppt.pptxCSE dns ppt.pptx
CSE dns ppt.pptx
 
Domain Name System ppt
Domain Name System pptDomain Name System ppt
Domain Name System ppt
 
Server interview[1]
Server interview[1]Server interview[1]
Server interview[1]
 
DNS.pptx
DNS.pptxDNS.pptx
DNS.pptx
 
25 DNS
25 DNS25 DNS
25 DNS
 
Introduction.ppt
Introduction.pptIntroduction.ppt
Introduction.ppt
 
Introduction.ppt
Introduction.pptIntroduction.ppt
Introduction.ppt
 
Final domain control policy
Final domain control policy Final domain control policy
Final domain control policy
 
Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011Lecture 4 -_internet_infrastructure_2_updated_2011
Lecture 4 -_internet_infrastructure_2_updated_2011
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Server
 
Dns introduction
Dns introduction Dns introduction
Dns introduction
 
6425 b 10
6425 b 106425 b 10
6425 b 10
 
Dns
DnsDns
Dns
 
Dns
Dns Dns
Dns
 

Kürzlich hochgeladen

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Windows Network Concepts and Active Directory Domain Services

  • 1. Ambo University Woliso Campus Department of Information Technology Network and System Administration Chapter two Windows network concepts 1 By Husen Adem at Ambo University Woliso Campus department of Information Technology
  • 2. The topics discussed in this section include  Domain Name Server  Workgroups  Active directory and LDAP  Domain controllers 2 By Husen Adem
  • 3. How computers communicate ?3 192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5 By Husen Adem
  • 4. TCP/IP was designed to be used by a trusted group of users 4 3 way handshake SYN = ISNC SYN = ISNS, ACK(ISNC) ACK(ISNS) data transfer client server ISN – Initial Sequence Number How computers communicate ? By Husen Adem
  • 5. 5 How computers communicate ? By Husen Adem
  • 6. How human communicate with computers? 6 192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5 192.168.1.7 G Google.com 209.165.200.225 Mr. G opens browser and type http://www.google.com 1.How this possible ? 2.How computer understand http://www.google.com By Husen Adem
  • 7. Purpose of naming  Addresses are used to locate objects  Names are easier to remember than numbers  We would like to get to the address or other objects using a name  DNS provides a mapping from names to resources of several types 7 By Husen Adem
  • 8. DNS  DNS is a network service that enables clients to resolve names to IP address and vice-versa.  Allows machines to be logically grouped by domain names.  Comprised of three components  A “name space”  Servers making that name space available  Resolvers (clients) which query the servers about the name space 8 By Husen Adem
  • 9. DNS Features Global Distribution:  Data is maintained locally, but retrievable globally No single computer has all DNS data  DNS lookups can be performed by any device  Remote DNS data is locally catchable to improve performance 9 By Husen Adem
  • 10. DNS Features Loose Coherency:  The database is always internally consistent Each version of a subset of the database (a zone) has a serial number The serial number is incremented on each database change  Changes to the master copy of the database are replicated according to timing set by the zone administrator  Cached data expires according to timeout set by zone administrator 10 By Husen Adem
  • 11. DNS Features Scalability:  No limit to the size of the database One server has over 20,000,000 names  No limit to the number of queries 24,000 queries per second handled easily  Queries distributed among masters, slaves, and caches 11 By Husen Adem
  • 12. DNS Features  Reliability:  Data is replicated Data from master is copied to multiple slaves  Clients can query Master server Any of the copies at slave servers  Clients will typically query local caches  DNS use port 53 UDP for the queries and responses TCP for the zone transfer 12 By Husen Adem
  • 13. DNS Features Dynamicity:  Database can be updated dynamically Add/delete/modify of any record  Modification of the master database triggers replication Only master can be dynamically updated Creates a single point of failure 13 By Husen Adem
  • 14. DNS Operation  A DNS is a distributed database of name and IP address.  The database is made up of Zone file.  When a host computer requests for a file “name resolution” the DNS server consults it’s zone file for IP address  If DNS has the file in its database reply the ip address  If DNS does not has record for that request it consult to upper domain server or root server  After getting the resolution/file from the root server will return the result to the client  Then the client will get response back and get access 14 By Husen Adem
  • 15. Concept: DNS Names 1  The namespace needs to be made hierarchical to be able to scale.  The idea is to name objects based on location (within country, set of organizations, set of companies, etc) unit within that location (company within set of company, etc) object within unit (name of person in company) 15 By Husen Adem
  • 16. Concept: DNS Names 2 How names appear in the DNS  Fully Qualified Domain Name (FQDN) this show the hole domain levels WWW.RIPE.NET.  labels separated by dots  DNS provides a mapping from FQDNs to resources of several types  Names are used as a key when fetching data in the DNS 16 By Husen Adem
  • 17. Concept: Resource Records 17 The DNS maps names into data using Resource Records. www.ripe.net. … A 10.10.10.2 Address Resource Resource Record By Husen Adem
  • 18. Concept: DNS Names 3  Domain names can be mapped to a tree.  New branches at the ‘dots’  No restriction to the amount of branches. net com ripe www www edu isi tislabs • disi ws1 ws2 • • • • • • ftp sun google moon 18 By Husen Adem
  • 19. Concept: Domains  Domains are “namespaces”  Everything below .com is in the com domain.  Everything below ripe.net is in the ripe.net domain and in the net domain. net domain com domain ripe.net domain net com ripe www www edu isi tislabs • disi ws1ws2 • • • • • • ftp sun moon google 19 By Husen Adem
  • 20. Delegation  Administrators can create subdomains to group hosts According to geography, organizational affiliation or any other criterion  An administrator of a domain can delegate responsibility for managing a subdomain to someone else  The parent domain retains links to the delegated subdomain The parent domain “remembers” who it delegated the subdomain to 20 By Husen Adem
  • 21. net domain Concept: Zones and Delegations Zones are “administrative spaces” Zone administrators are responsible for portion of a domain’s name space Authority is delegated from a parent and to a child ripe.net zone net zone disi.ripe.net zone net com ripe www www edu isi tislabs • disi ws1ws2 • • • • • • ftp sun moon google 21 By Husen Adem
  • 22. Concept: Name Servers  Name servers answer ‘DNS’ questions.  There are several types of name servers  Authoritative servers master (primary) slave (secondary) (Caching) recursive servers also caching forwarders Mixture of functionality 22 By Husen Adem
  • 23. Concept: Authoritative name server The last server in DNS and stores the website’s IP address Give authoritative answers for one or more zones. The master server normally loads the data from a zone file A slave server normally replicates the data from the master via a zone transfer master slave slave 23 By Husen Adem
  • 24. Concept: Recursive server(Caching) Recursive servers do the actual lookups; they ask questions to the DNS on behalf of the clients. Answers are obtained from authoritative servers but the answers forwarded to the clients are marked as not authoritative Answers are stored for future reference in the cache 24 By Husen Adem
  • 25. Concept: Resolvers  Resolvers ask the questions to the DNS system on behalf of the application.  Client part of DNS  Makes requests to DNS server  Normally implemented in a system library (e.g, libc) gethostbyname(char *name); gethostbyaddr(char *addr, int len, type); 25 By Husen Adem
  • 26. Concept: Resolving process & Cache Resolver Question: www.ripe.net A www.ripe.net A ? Caching forwarder (recursive) root-serverwww.ripe.net A ? Ask net server @ X.gtld-servers.net (+ glue) gtld-server www.ripe.net A ? Ask ripe server @ ns.ripe.net (+ glue) ripe-server www.ripe.net A ? 192.168.5.10 192.168.5.10 Add to cache 26 By Husen Adem
  • 27. Resource records consist of it’s name, it’s TTL, it’s class, it’s type and it’s RDATA TTL is a timing parameter IN class is widest used There are multiple types of RR records Everything behind the type identifier is called rdata Concept: Resource Records detail Label ttl class type rdata www.ripe.net. 3600 IN A 10.10.10.2 27 By Husen Adem
  • 28. Resource Records  Resource Record Types SOA Start Of Authority NS Name Server A IPv4 name-to-address translation AAAA IPv6 name-to-address translation PTR Address-to-name translation MX Mail eXchanger CNAME Canonical NAME TXT Text … 28 By Husen Adem
  • 29. What is Workgroup ?  Workgroup is Microsoft's term for peer-to-peer local area network.  Computers running Microsoft operating systems in the same workgroup may share files, printers, or Internet connection.  logical groups of network devices  each device is a standalone system, everyone is a peer  They are on a single subnet. 29 By Husen Adem
  • 30. Active directory domain service Why Deploy AD DS?  AD DS is a server services and foundation of windows network.  A network directory service stores information about a computer network and offers for retrieving and managing that information.  It’s an administrative tool, but users make use of directory services to find resources.  Directory services provide a centralized management tool, but due to complexity, requires careful planning prier to setup. 30 By Husen Adem
  • 31. Active directory structure  AD DS is composed of both logical and physical components 31 Logical components Physical components • Partitions • Schema • Domains • Domain trees • Forests • Sites • OUs • Containers • Domain controllers • Data stores • Global catalog servers • RODCs By Husen Adem
  • 32. Active directory physical structure  An active directory site is simply a physical location in which domain controllers communicate and replicate information regularly  Each domain controller contains a full replica of the objects that make up the domain and is responsible for Storing a copy of the domain data and replicating changes to that data to all other domain controllers in the domain Providing data search and retrieval functions for users attempting to locate objects in the directory. Providing authentication and authorization services for users who log on to the domain and attempt to access network resources 32 By Husen Adem
  • 33. What Are AD DS Domains?  An AD DS domain is a logical container used to manage user, computer, group, and other objects.  All domain controllers hold a copy of the domain database, which is continually synchronized  The domain is an administrative center for configuring and managing objects Any domain controller can authenticate any sign-in anywhere in the domain AD DS requires one or more domain controllers The domain provides authorization An administrative boundary for applying policies to groups of objects 33 AD DS Computers Users Groups By Husen Adem
  • 34. What Is a Domain Controller? Domain controllers is:-  Servers that host the AD DS database (Ntds.dit) and SYSVOL A server with the AD DS server role installed that has specifically been promoted to a domain controller  Provide authentication and authorization services  Replicate updates to other domain controllers in the domain and forest  Allow administrative access to manage user accounts and network resources  Kerberos authentication service and key distribution center (KDC) services perform authentication 34 By Husen Adem
  • 35. What Are OUs? 35 • Containers that can be used to group objects within a domain • There are two reason to Create OUs: • Configure objects by assigning GPOs • Delegate administrative permissions OUs are represented by a folder with a book on it Containers are represented by a blank folder The primary difference between OUs and containers are the management capabilities.By Husen Adem
  • 36. What are Trees ?  A domain tree is a collection of one or more domains that share a contiguous name space. All domains in the tree:  Share a contiguous namespace with the parent domain  Can have additional child domains  By default create a two-way transitive trust with other domains 36 contoso.com na.contoso.comemea.contoso.com By Husen Adem
  • 37. What Is AD DS Forest? 37 Tree root domain fabrikam.com atl.adatum.com Child domain adatum.com Forest root domain • Forest is a collection of one or more active directory trees that that share a common directory schema and global catalog. • All domains in all trees can communicate and share information • Can consists of a single trees, each with a hierarchy of parent and child domains The forest root domain contains a few objects that do not exist in other domains in the forest. By Husen Adem
  • 38. What Is the AD DS Schema? 38  The AD DS schema is the component that defines all object classes and attributes that AD DS uses to store data.  It’s the blueprint for AD DS.  The schema is replicated among all domain controllers in the forest.  An object is a grouping of information that describes a network resource AD DS uses objects as units of storage.  Schema classes defines the type of objects that can be stored in active directory  Schema attributes defines what type of information is stored in each object  The information stored in each attribute is called the attribute valeBy Husen Adem
  • 40. What Is the Global Catalog? 40 • The global catalog is a partial, read-only, searchable copy of all the objects in the forest. • Contains a copy of all AD DS objects in a forest that includes only some of the attributes for each object in the forest • Improves efficiency of object searches by avoiding unnecessary referrals to domain controllers • Required for users to log on to a domain AD DS Global catalog server Schema Configuration Domain A Domain B Domain B Configuration Schema Domain B Configuration Schema Domain A Configuration Schema By Husen Adem
  • 41. The AD DS Sign-in Process 41 Domain controller ServerWorkstation The AD DS sign-in process: 1. The user account is authenticated to the domain controller. 2. The domain controller returns a TGT back to client. 3. The client uses TGT to apply for access to the workstation. 4. The domain controller grants access to the workstation. 5. The client uses TGT to apply for access to the server. 6. The domain controller returns access to the server. When users sign in to AD DS, their system looks in DNS for service resource (SRV) records to locate the nearest suitable domain controller. By Husen Adem
  • 42. What is the AD DS Data Store?  The AD DS data store contains the database files and processes that store and manage directory information for users, services, and applications  Consists of the Ntds.dit file  The Ntds.dit file on a particular domain controller contains all naming contexts hosted by that domain controller, including the Configuration and Schema naming contexts.  Is stored by default in the %SystemRoot%NTDS folder on all domain controllers  Is accessible only through the domain controller processes and protocols 42 By Husen Adem
  • 43. What is AD DS Replication?  AD DS replication copies all updates of the AD DS database to all other domain controllers in a domain or forest. AD DS replication:  Ensures that all domain controllers have the same information  Uses a multimaster replication model  Can be managed by creating AD DS sites  The AD DS replication topology is created automatically as new domain controllers are added to the domain Advantages of multi-master replication include:  The elimination of single point of failure  Faster replication as each domain controller can be involved with replicating data 43 By Husen Adem
  • 44. What are Sites?  An AD DS site is used to represent a network segment where all domain controllers are connected by a fast and reliable network connection.  For purposes of replication, AD DS logically organizes groups of servers into sites, by default one site is created in AD DS. Sites are:  Associated with IP subnets  Used to manage replication traffic  Used to manage client logon traffic  Used by site aware applications such as Distributed File Systems (DFS) or Exchange Server  Used to assign group policy objects to all users and computers in a company location 44 By Husen Adem
  • 45. LDAP(Lightweight Directory Access Protocol)  It’s an application protocol used over an ip network to manage and access the distributed directory information service.  The primary purpose to store and retrieve data from a hierarchical directory structure. 45 • LDAP is a flexible solution for defining any type of entity and its qualities. By Husen Adem
  • 46. cont.. 46 It’s similar to a telephone directory that contains a list of subscribers with their contact number and address By Husen Adem
  • 47. Cont..  A client needs to connect to the server known as the Directory system Agent, which is set by default to use TCP port 389.  After the connection is established, the client and the server exchange packets of data. Basic encoding rules are used to transfer information between the server and the client. 47 By Husen Adem
  • 48. Structure of LDAP 48 The structure of LDAP is seems relatively complex, it’s is fairly simple to understand. By Husen Adem
  • 49. Cont..49 The server is capable of holding a sub-tree and its’s children, beginning from a particular entry. By Husen Adem
  • 50. Operations on LDAP There are a plethora of operations that can be performed on the lightweight Directory Access protocol.  Add – this is used to insert a new entry into the server directory-to-server database.  If the name entered by a user already exists, the server fails to add a duplicate entry and inserted shows an “” entry AlreadyExists” message.  Bind – on connection with the LDAP server, the default authentication state of the session is anonymous.  There are basically two types of LDAP authentication methods- the simple authentication method and the SASL Simple Authentication and Security Layer. 50 By Husen Adem
  • 51. Cont..  Delete – As the name suggests, this operation is used to delete an entry from the directory.  Modify – this operation is used by LDAP clients to make a request for making changes to the already existing database. The change to be made must be one of the following operations  Add(including a new vale).  Delete(deleting an already existing value)  Replace (overwriting an existing value with a new one).  Unbind – this is the inverse of the bind operation. Unbind aborts any existing operations and terminates the connection, leaving no response in the end. 51 By Husen Adem
  • 52. What is x.500 ?  X.500 Directory Service is a standard way to develop an electronic directory of people in an organization  Can be part of a global directory available to anyone in the world with Internet access.  It’s purpose is to centralize an organization's contacts so that anyone within (and sometimes without) the organization who has Internet access can look up other people in the same organization by name or department.  Several large institutions and multinational corporations have implemented X.500. 52 By Husen Adem
  • 53. x.500 Distinguished Names  Attribute=vale pairs  Most specific attribute is listed first  This may be similar to the way you already think CN=WIDGETWEB, OU=Marketing, O=Widget, L=London, ST=London, C=GB, DC=widget, DC=com 53 Attribute Field Usage CN Common name Identifies the person or object OU Organizational unit A unit or department within the organization O Organization The name of the organization L Locality Usually a city or area ST State A state , province, or country within a country C country The country's 2-character ISO code (such as C=US or C=GB) DC Domain component Components of objects domainBy Husen Adem
  • 54. x.500 directory information tree Hierarchical structure  Builds a tree Container objects  Country, organization, organizational units Leaf objects  Users, computers, printers, files 54 By Husen Adem
  • 55. END of slide 55 By Husen Adem

Hinweis der Redaktion

  1. 18
  2. 19
  3. 21
  4. 26