Active Directory Classroom Series – 23/Oct/2020

GID, SID and Distinguished Names

  • For every AD object a globally unique identifier (GID) is generated and will be saved in objectGUID attribute.
  • For every object at a domain level a unique Security identifier (SID) will be generated and will be saved in objectSID attribute. When the user moves to different domain , GID will be same but a new SID will be allocated Preview
  • Distinguished name are very similar to the way postal address works. In AD distinguished names are used to uniquely identify an object & to do that it relies on the following names
    • organizationName (O) or organizationUnitNmae (OU): This name represents the organization
    • domainComponent(DC): This is the naming attribute for the domain and the DNS. IF the dns domain name is, then we will have the following domain components
      • DC=avengers,DC=com
    • commonName (CN): This refers to object & containers in the directory
  • Following is example of the child domain Preview

Active Directory Server Roles

  • There are five main Active Directory Server Roles Preview
  • Installation of these service can be done by a Powershell Cmdlet
Install-WindowsFeature AD-DomainServices

Active Directory Domain Services (AD DS)

  • This service can manage an organization’s resources such as users, computers,printers etc
  • AD Forest is an identity infrastructure security boundary. Forest can multiple domain controllers.
  • OU will be used to arrange objects in Active Directory

Active Directory Federation Services (AD FS)

  • This service allows us to share identities b/w trusted identity infrastructures using a Claim based authentication
  • Major Usecases:
    • Estabilish trust relationship across identities
    • Single Sign On (SSO)

Active Directory Lightweight Directory Services (AD LDS)

  • Some applications requires a directory-enable environment to operate & it might not require fully-blown AD. In these kind of cases AD LDS helps us to enable data storage & retrieval for directory-enable applications.

Active Directory Rights Managment Services (AD RMS)

  • AD RMS helps enterprises to protect sensitive data from unauthorized access

Active Directory Certificate Services (AD CS)

  • This role helps enterprises to build public key infrastructure (PKI) in an easy & cost effective way.

Adding a Computer to Active Directory Domain

  • Steps:
    • Create one windows server in AWS Cloud
    • Configure DNS
    • Join the windows server to ad-domain
  • Outcomes:
    • How to add systems to domain controller
    • How systems authenticate using domain controller
  • Active Directory Authentication Process Preview

Next Steps

  • Understanding User & Group Management
  • Understanding Group Policies
  • Understanding Operations Master Roles

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin