Active Directory Classroom Series – 23/Oct/2020

GID, SID and Distinguished Names

  • For every AD object a globally unique identifier (GID) is generated and will be saved in objectGUID attribute.
  • For every object at a domain level a unique Security identifier (SID) will be generated and will be saved in objectSID attribute. When the user moves to different domain , GID will be same but a new SID will be allocated
  • Distinguished name are very similar to the way postal address works. In AD distinguished names are used to uniquely identify an object & to do that it relies on the following names
    • organizationName (O) or organizationUnitNmae (OU): This name represents the organization
    • domainComponent(DC): This is the naming attribute for the domain and the DNS. IF the dns domain name is avengers.com, then we will have the following domain components
      • DC=avengers,DC=com
    • commonName (CN): This refers to object & containers in the directory
  • Following is example of the child domain

Active Directory Server Roles

  • There are five main Active Directory Server Roles
  • Installation of these service can be done by a Powershell Cmdlet
Install-WindowsFeature AD-DomainServices

Active Directory Domain Services (AD DS)

  • This service can manage an organization’s resources such as users, computers,printers etc
  • AD Forest is an identity infrastructure security boundary. Forest can multiple domain controllers.
  • OU will be used to arrange objects in Active Directory

Active Directory Federation Services (AD FS)

  • This service allows us to share identities b/w trusted identity infrastructures using a Claim based authentication
  • Major Usecases:
    • Estabilish trust relationship across identities
    • Single Sign On (SSO)

Active Directory Lightweight Directory Services (AD LDS)

  • Some applications requires a directory-enable environment to operate & it might not require fully-blown AD. In these kind of cases AD LDS helps us to enable data storage & retrieval for directory-enable applications.

Active Directory Rights Managment Services (AD RMS)

  • AD RMS helps enterprises to protect sensitive data from unauthorized access

Active Directory Certificate Services (AD CS)

  • This role helps enterprises to build public key infrastructure (PKI) in an easy & cost effective way.

Adding a Computer to Active Directory Domain

  • Steps:
    • Create one windows server in AWS Cloud
    • Configure DNS
    • Join the windows server to ad-domain
  • Outcomes:
    • How to add systems to domain controller
    • How systems authenticate using domain controller
  • Active Directory Authentication Process

Next Steps

  • Understanding User & Group Management
  • Understanding Group Policies
  • Understanding Operations Master Roles

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Customized Social Media Icons from Acurax Digital Marketing Agency

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Exit mobile version
%%footer%%