Official (Closed) - Non Sensitive

NI

L
E
Windows Server 2022:
C
T Understanding Active
U
Directory
R
E
Networking Infrastructure
Diploma in CSF/IT
8 Year 2 (2023/24), Semester 3
Diploma in CSF / IT Last Update: 30/06/2023
NI Semester 3 Slide 1
 Official (Closed) - Non Sensitive

Objectives

At the end of this, you will understand the following:

 What is Active Directory?

 What is the purpose of Active Directory?
 Logical Structure of Active Directory
 Building Blocks of Active Directory
 What is a Domain Controller?

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 2
 Official (Closed) - Non Sensitive

What is Active Directory?

 Provides a directory services infrastructure that can help
organizations manage resources throughout the network.
 A network directory that contains objects and resources such
as users accounts, computer accounts, groups account,
printer, shares and contact information.
 Goal:
 To provide simplified and efficient system administration.
 Works with and requires DNS (Domain name service).
 Incorporated into most Windows Server operating system.

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 3
 Official (Closed) - Non Sensitive

What Is Active Directory?

 Active Directory is:

 The replacement for Domains in NT 3.x and 4.x
 The basis of all Windows Server security
 A store of directory/security information
 A service that provides:
 authorization and authentication
 queries and updates of the directory
 distribution of the directory across multiple servers
 partitioning of the directory
 replication of the directory

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 4
 Official (Closed) - Non Sensitive

AD DS: Identity and Access Management

CONTROL Keeping records

Auditing

Who Access Resources

V
e As Protection
r si
i gn
f ed
y

Access rights
Identity
Diploma in CSF / IT Last Update: 30/06/2023
NI Semester 3 Slide 5
 Official (Closed) - Non Sensitive

AD as a Database
 AD is a DBMS with many object-oriented features.
 Like any DBMS, AD:
 Maintains a physical data store ([Link]).
 Is built on a client-server model.
 Provides service-level interfaces that enables users and processes to
query and update data.
 Other concepts of object database apply to AD including:
 Objects and classes
 Schema
[Link]

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 6
 Official (Closed) - Non Sensitive

Objects and Object Classes

 An AD contains information about objects.

 Each object is an instance of an object class, e.g.,
 Computers
 Users
 Groups (of users or other groups)
 Shared files or directories
 Policies
 Each object class has a set of attributes (or properties)
 Many object classes are predefined, but new ones can be
defined and added to the directory.

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 7
 Official (Closed) - Non Sensitive

Containers

 Every object in the Active Directory is either a container

object or a leaf object.
 Leaf objects are “ordinary objects” - e.g.,
 users
 computers
 printers
 A container object contains other container objects
and/or a set of leaf objects

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 8
 Official (Closed) - Non Sensitive

Domains
 A domain:
 is a container object
 is an independent unit of security
 is a distinct database (which may be replicated)
 has its own administrator(s)
 has an Internet name (more on this later)
 has one or more domain controllers
 A domain controller is a server that:
 maintains a local AD copy, accepts update and query
transactions.
 provides authentication and authorization services
 shares information with other domain controllers
Diploma in CSF / IT Last Update: 30/06/2023
NI Semester 3 Slide 9
Logical Structure of Active Directory
Official (Closed) - Non Sensitive

 Based on a system of domains that can be arranged

in trees and forests.
 Domain is the building block of Active Directory.

Example of domain
name is [Link]

A domain consists of a least one domain controller,

and this machine will typically be the first on the
network.
Diploma in CSF / IT Last Update: 30/06/2023
NI Semester 3 Slide 10
 Official (Closed) - Non Sensitive

Understanding Domain Structure

 A tree is an arrangement of Active Directory domains that share a
contiguous namespace (e.g. [Link] and [Link]).
 A single tree is made up of a single domain or multiple domains.
 An example of a single tree with three domains:
 [Link]
 [Link]
 [Link]

 Name of child domains are consistent with the parent domain.

Considered a single namespace.
Diploma in CSF / IT Last Update: 30/06/2023
NI Semester 3 Slide 11
 Official (Closed) - Non Sensitive

Understanding Domain Structure

 A forest is the entire Active Directory structure for an
organization.
 Collection of Trees.
 Hierarchy of domains forming a contiguous or disjoint
namespace.
 An example of a disjoint namespace is [Link] and
[Link] (the namespace does not form a contiguous
hierarchy).

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 12
 Official (Closed) - Non Sensitive

Understanding Domain Structure

 Within a forest, there can be multiple trees.
 A single forest with 2 trees with 7 domains.

 NAM partnered with another company and the second company

wanted to maintain its own namespace. A new tree is created in
the same forest.
Diploma in CSF / IT Last Update: 30/06/2023
NI Semester 3 Slide 13
 Official (Closed) - Non Sensitive

Understanding Organizational Units

 Domains can be created & configured to reflect the business and
technical needs of an organization.
 This information can be structured into logical containers called OUs
(organization units)

OU are Active Directory objects that

serve as containers for other objects
e.g. user, computer.
Example: Create OUs named “Sales” and
“IT” within your organization's domain.
Place AD objects such as users,
computers and groups within OUs.

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 14
 Official (Closed) - Non Sensitive

Understanding Organizational Units

 Benefit :
 Allow administrators to easily organize and manage AD objects
 Main Uses of OUs:
 Delegation: Delegate a user in the OUs to perform certain tasks
(e.g. reset password).
 Group Policies: Can apply policies to group of users or
computers based upon the needs of business e.g. SALES

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 15
 Official (Closed) - Non Sensitive

Active Directory
 Object based central repository for all user accounts, group accounts, printer,
computer accounts, shared folders and etc…
 Active Directory is built on Objects, Properties and Values.
 An object represents a network resource.

 An object is any logical representation of a

physical entity.
 e.g. Frank, a user in the network, is
represented in Active Directory as a user
object named Frank Lee
 Frank Lee user object is made up of
multiple properties/fields e.g. Name, Type,
First Name.
 “Frank” entered in the First Name field is
considered as the value.
 The principle is applied to other objects like printer and computer objects.
Diploma in CSF / IT Last Update: 30/06/2023
NI Semester 3 Slide 16
 Official (Closed) - Non Sensitive

AD Domains and the Internet

 Each AD domain is an entity defined within:

 the active directory - AND -
 the Internet
 Each AD domain must have an Internet name because:
 Clients access AD servers and services via Internet standard
names (e.g. [Link])
 TCP/IP, the standard Internet protocol, is also the standard
Window Server protocol

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 17
 Official (Closed) - Non Sensitive

Active Directory - Technology & Standards

 Lightweight Directory Access Protocol (LDAP)

 LDAP is an Internet standard for directory access.
 X.500
 X.500 is an ISO standard for directory structure, content, and
access.
 Active Directory follows most of the standard for structure and
content but not for access.
 Domain Name System (DNS)
 DNS is an Internet standard for object naming.
 All Active Directory domains are DNS host names.
Diploma in CSF / IT Last Update: 30/06/2023
NI Semester 3 Slide 18
 Official (Closed) - Non Sensitive

Active Directory - Tool

 Administrator role is to set these AD values –

configuring these values through the Active
Directory Users and Computers tool.

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 19
 Official (Closed) - Non Sensitive

AD and Windows Servers

 Windows servers can have three different types of
relationships to AD:
 Stand-alone server – has no relationship to an AD domain, has
only local (machine) accounts and resources – secure, but not
scalable
 Member server – is a member of an AD domain but has no
local copies of the AD database and runs no AD services –
typically manages specific resources (e.g. a website or
database) in a multiple server environment.
 Domain controller – stores a local copy of the AD database,
synchronizes changes with other domain controllers, and
responds to AD service requests
Diploma in CSF / IT Last Update: 30/06/2023
NI Semester 3 Slide 20
 Official (Closed) - Non Sensitive

Domain Controllers

Active Directory can be

replicated across multiple
domain controllers
allowing for redundancy

 A Windows Server 2022 with Active Directory installed.

 Every domain must have at least one domain controller contained within it.
 Maintain a copy of the Active Directory database.
 Provide authentication/logon services to users as they log into Active Directory
domain.
 More than one domain controller for fault tolerance (backup)
 Changes (add/remove user objects) at one domain controller are replicated to all
domain controllers so that database is consistent.
Diploma in CSF / IT Last Update: 30/06/2023
NI Semester 3 Slide 21
 Official (Closed) - Non Sensitive

AD Replication (Dis)advantages

 Advantages of multiple domain controllers:

 Fault tolerance
 Improved performance in segmented or widely distributed
networks
 Inherently scalable
 Disadvantages of multiple domain controllers:
 Cost – e.g. hardware, MS client access license (CALs)
 Synchronization delays
 Synchronization bandwidth
Diploma in CSF / IT Last Update: 30/06/2023
NI Semester 3 Slide 22
 Official (Closed) - Non Sensitive

Summary
 Directory Service for Windows Server 2022 is called
Active Directory.
 Active Directory is based on domains, trees and
forests.

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 23
 Official (Closed) - Non Sensitive

Reading Reference
[Link]

Diploma in CSF / IT Last Update: 30/06/2023

NI Semester 3 Slide 24