Active Directory PDF

Summary

This document provides a detailed explanation of Active Directory, a crucial Microsoft service for managing network resources. It covers the fundamental concepts of Active Directory, including its role as the central authority for user authentication and its structure. The document further elaborates on the different components of Active Directory, such as domains, organizational units, and their functionalities in implementing security policies.

Full Transcript

# Administration des Réseaux -Sous Windows-

## Chapitre 2: Active Directory

### Introduction

* Active Directory is a fundamental infrastructure service provided by Microsoft. It plays a crucial role in managing and controlling networks.
* A Domain Controller (DC) is the central hub for all network communication. It serves as a repository for user credentials, computer accounts, security policies, and files. It is essential for the smooth functioning of a network.
* Active Directory is more than just a directory service; it is a central authority for network authentication and resource distribution.

### Qu’est-ce que l’Active Directory?

* Active Directory is a directory service developed by Microsoft for network management.
* It stores and manages information about network resources, including user accounts, computer information, and group policies.
* It acts as the central authority for user authentication and authorization in a Windows environment.

### Qu’est-ce qu’un contrôleur de domaine ?

* Active Directory, like any other software, is hosted on a server. This server is called a Domain Controller (DC).
* A DC runs the Active Directory Domain Services (AD DS).
* AD DS manages directory data, authentication, and data replication across multiple DCs.

### What does a Domain Controller do?

* When you log in to a domain using a domain controller, it authenticates your user credentials, verifies if you are who you claim to be. Then it generates a security token allowing you to access network resources.
* This authentication token is shared with other applications running on your computer, allowing seamless access to other services like email and file sharing.

### Les intérêts de l’Active Directory?

The presence of Active Directory in modern enterprises highlights its benefits:

* **Centralized Administration**: Provides a unified platform for managing user accounts, computers, applications, and security policies.
* **Unified Authentication**: Streamlines user logins and access controls across the network.
* **Resource Management**: Allows administrators to inventory and manage network resources such as printers, files, and applications.
* **Security Policy Enforcement**: Implements consistent security policies across the network.

### Les intérêts de l’Active Directory?

The information stored within Active Directory can be broadly categorized into three types:

* **Resources:** Devices like workstations, printers, scanners, and network shares.
* **Users:** Individual accounts and groups representing users with specific access rights and roles.
* **Services or Applications:** Examples include email services, authorization servers, and others.

### Fonctionnalités d’Active Directory

Active Directory provides the following functionalities:

* **Hierarchical Organization:** Facilitates managing network resources and security policies due to its tree-like structure.
* **Centralized and Distributed Database:** Network data is centralized for consistent access but can be replicated across multiple DCs for redundancy and performance. This replication ensures that all DCs maintain consistent information.
* **Scalability:** Active Directory's advanced indexing system enables efficient access to data even in very large networks.
* **Security:** Fine-grained access controls allow administrators to manage users and groups with specific rights and restrictions.
* **Flexibility:** Administrators can customize pre-defined objects (like users and groups) and add new ones to fit specific needs.
* **Policy-Based Administration**: Allows for the creation and implementation of group policies that define how users and devices behave on the network. This ensures consistency and simplifies network management.

### Structure d’Active Directory

Active Directory is built upon the following standards:

* **X.500:** This standard defines the structure and organization of directory services, laying the groundwork for Active Directory's hierarchical structure.
* **LDAP (Lightweight Directory Access Protocol):** Based on X.500, it simplified the directory access protocol, using TCP/IP. This made it more efficient and allowed for easy integration with other operating systems (such as Linux).

### Structure d’Active Directory

The Active Directory schema consists of two primary components:

* **Physical Structure:** Consists of sites, which are physical locations where DCs communicate with each other. A site generally represents an area connected by a LAN. An organization can even have multiple sites connected through WANs in different geographical locations.
* **Logical Structure:** Provides a model for organizing network resources, reflecting the structure of the organization itself. It comprises four key components:

* **Organizational Units (OUs):** Used to group objects (users, computers) within a domain, providing a way to manage them efficiently.
* **Domains:** A collection of objects that share a common database and security policies. A domain is the fundamental unit of Active Directory.
* **Trees:** A collection of domains that share a common naming convention. This structure helps to organize domains hierarchically.
* **Forests:** The highest level of organization, comprising one or more trees. A Forest allows different parts of an organization to share some information and resources.

### Structure d’Active Directory

* **OU (Organizational Unit):**
* The major purpose of OUs is the organizational grouping of user accounts, computers, and other objects.
* It is more than just a container, as it allows administrators to effectively manage objects, delegate control over groups, and apply security policies.
* **Workgroup:**
* A workgroup is a group of computers that are not part of a domain.
* Each computer manages its own users.
* It is simple to set up but less secure. It has limited centralized management capabilities as each machine maintains its own set of users.
* **Domain:**
* A collection of resources that all share a single database and security policies.
* Each computer in a domain can access resources and users within the same domain.

### Structure d’Active Directory

* **Tree:** A collection of domains with a hierarchical structure, all part of a common naming convention.
* **Forest:** The highest level of organization, containing one or more trees.
* Provides separate administration but allows for interconnected resource sharing across trees.

### Les différents groupes de l’annuaire

Groups allow administrators to control user access and streamline network management through predefined set of permissions.

* **Domain Local Groups:** These groups are restricted to the members of the domain where they are defined.
* **Global Groups:** Permit access to members of multiple domains through trust relationships.
* **Universal Groups:** Broadest scope, applying to all domains within the forest.

### Installation du rôle: Services AD DS

To install Active Directory Domain Services on your server:

* **Assign a Static IP Address**: A static IP address is required for the server.
* **Install AD DS Role**: You can install it through the Server Manager or the PowerShell module.
* **Configure Active Directory:** Begin the configuration process using the wizard that will guide you through the installation steps.

### Options for Installation

* The installation process offers several options, including:
* **Adding a DC to an Existing Domain**: This option is selected if you are adding a new server to an already existing network.
* **Adding a New Domain to an Existing Forest**: This option is used for when you want create a new domain within a forest.
* **Creating a New Forest**: Used when you are setting up a new Active Directory infrastructure entirely.
* **Level of Functionality**: You can determine the functional levels of the forest and the domain you are deploying. The level dictates the features available and impacts compatibility with older servers.
* **Roles of the DC**: During installation, you can choose to configure your DC as:
* **DNS Server:** You can enable DNS services on your DC, essential for name resolution within the network.
* **Global Catalog Server**: If you are deploying a first DC in your forest, it will automatically be a Global Catalog Server. This role is not required for other DCs within your forest.
* **Read Only Domain Controller (RODC):** This option is not available for the first domain controller, as it can only exist as a standard DC, not as a RODC.
* **DSRM (Directory Services Restore Mode) Password**: This password is stored in your Active Directory and is crucial in case of a system failure, allowing you to repair and recover the directory data.
* **Delegation of DNS Zones**: If a DNS server is already present, you can set up delegation so Windows can configure the DNS records required for the new domain.
* **NetBIOS Domain Name**: This name is used for backward compatibility with older systems that might not support DNS.
* **Paths for Data and Logs:** This step defines the location where you want to store Active Directory data (the database), log files, and the SYSVOL folder.

### Paths for Data and Logs

* **SYSVOL Directory**: A shared folder containing files that are synchronized between DCs. This is often used to store files that need to be shared across the network, such as group policies.

### Conclusion

Active Directory remains a cornerstone technology for managing network resources and users in a Windows environment.

Its structured approach, features, and tools empower administrators to control access, enforce security policies, and manage resources more efficiently.