What is Active Directory?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello everyone in this short video I am going to be discussing about the basics of Active Directory services so the agenda for this session is going to be I will start off with the basic topic which is what is an Active Directory service and you have something called objects with in Active Directory I'm going to be talking a bit about Active Directory objects and also the advantages of using Active Directory why should you use Active Directory and they're all can it be used let's get started so Active Directory is a technology that has information about all the objects in the sense users computers resources like printers shared files folders in an organization Smith 1 to make things more simple you can even think of Active Directory something similar to a telephone directory so this technology basically is used to arrange and store information and then provide access permissions based on those information that is already stored the core concept of Active Directory is to bring every stay everything together when I say everything I'm referring to the objects in your Active Directory infrastructure to mention a few users computers contacts and few other objects there are two main functionalities of an Active Directory service the first functionality is to authenticate and the second functionality is to authorize a security principle or announce it within an Active Directory infrastructure so if the user has to access a specific resource within an organization there are two steps the first step is to validate a user's identity that's of the authentication part and after the validation is a success the user is allowed to access certain stuff within the organization the user is restricted access to certain other stuff within an Active Directory infrastructure so all that is part of authorization so the definition of an object can be object is a physical entity of a network and it can be described by a subset of attributes and I'm going to share with you some of the common attributes some of the common objects that you would see in Active Directory you have forest you have domain organizational unit and then you have a user object group contact computer shared folder printer site and subnet for instance if you have a user account John in Active Directory the user object John is defined by a certain set of attributes all these objects together all these attributes together forms the definition for the object in Active Directory and there's a special type of object in Active Directory called the container object as the name indicates this object can contain other objects within itself so container object can have users printers computer objects and few other objects as well and there are another type of objects in Active Directory which are called as the leaf objects so the leaf object unlike the container object cannot contain anything within themselves so these are pretty much like a standalone objects and then you have security principle objects objects that can authenticate and authorize so you have all these types of objects so basically the security principle object has two main parts the first part of a security principal object is going to be the GUI D and the second part is going to be s ID so geo ID is going to be a 128-bit globally unique identifier and the F ID is going to be the security identifier for each secure principal object so for example a user object within Active Directory is a security principal object because a user object has these two paths GUI D and si D let's talk about some of the classifications in Active Directory the top-level classification is what we call as the Active Directory forest so it is the highest level of security boundary you can also call an Active Directory forest as a complete Active Directory instance an Active Directory forest contains other domains within itself it has information about users computers printers and other network resources so talking about information and data exchange because can only happen between objects inside a forest if you'd like to communicate or if you'd like to access resources belonging into a different forest you need to have something called Active Directory trusts so I'll be talking about trusts in the later part of the video a forest can contain one or more domains or a combination of domains our domain trees trees are going to be another type of classifications so basically we have three stages of classification I would say the first level of a topmost level is going to be the forest and then you have domain trees and then you have domains so the schema or the design of an Active Directory infrastructure is going to be consistent throughout the forest since forest is going to be the highest level of boundary to overcome the issue of consistency the schema is going to be common throughout an Active Directory forest and that is applicable to the domain trees and also the domains within that forest let's have a look at another classification which is domain a domain is going to be a logical grouping of objects within Active Directory and we have already discussed some of the primary objects like users computers groups shared folders and contacts and this is also the administrative boundary for objects and the number one advantage of going with an Active Directory domain is you can have unlimited number of objects so this can be deployed in an organization that has 50 employees or 500,000 employees and also the objects may not be in the same physical location you can have a site in California another site in London and another site in India and another one in Australia and all these sites can be can still be the part of the same domain so that's another advantage of having an Active Directory service when you have a domain you need something that could control the domain and that is called as domain controller so a domain controller is the domains supreme authority and this is responsible for authenticating objects and also authorization so any actions any modifications or deletions that you perform within your organization will be passed or through an object called as domain controller will be passed through an entity callers domain controller when it comes to Active Directory say for instance that the user has access to a domain the user can log on from any computer in that domain if you have 50 thousand computers in that in your office you can log into your Active Directory infrastructure from any of those computers because the domain controller will be taking care of the authentication and the authorization part the permissions polities and rights can all be set for objects at the domain level are even at the individual object level this is another classification as I said the base level will be the domain and then you have a combination of domains which we can call as domain trees and when you have a combination of domain trees we call it a forest so the relationship of a domain tree can be a parent-child relationship or a nested domain relationship say for instance ABC com is going to be the parent domain X dot ABC com will be the child domain of ABC com and when you talk about establishing communication between those two domains that's when you have something called trusts and there are various levels of trusts so you have transitive non-transitive one-way and two-way trusts between domains by default all the domains in a forest are connected by transitive trusts and all domains in the domain tree share a contiguous namespace to summarize a domain is going to be a hierarchical structure of containers and other objects so it has a unique domain name this can also be seen as a security mechanism to perform two basic functions authentication and authorization to domains resources and policies that show how functionality is allowed are restricted for users and computers in the domain can all be defined when you have an Active Directory domain in place next let's have a look at something called organizational units with an active directory organization units are terms that can only appear inside a domain again this is going to be used for denoting a specific department this can be used to denote a specific geographical location if an organization is split across poor countries so it can be used to denote a location team function or any other boundary logical boundary that you'd like to create all use our unique inside a domain so if you have a know you named HR within your Active Directory infrastructure there cannot be another or you with the same name so these are similar to container objects right so they have other objects within them they can contain other objects within them like users groups contacts computers printers shared folders etc and all use can have other or use within them and those two o use can have a parent-child relationship so any permission that is applicable for the parent will also be inherited by the child by default you can explicitly denied the permissions deny the inheritance if that is required as well you have something called group policy settings that allow or restrict a user's activity within an Active Directory infrastructure now all those settings can be set at the aulia level to make things much more uniform and if you'd like to delegate certain administrative actions to other users in your Active Directory infrastructure you can do it through I know you say for instance if you want your helpless technician to be resetting password for the users belonging to the users or you you can delegate the administrative control to a specific user so the user will be able to reset password for users belonging to this specific organ and now let's have a look at the objects in Active Directory infrastructure in detail and first we will be having a look at the user object so we use our object in Active Directory is a member or part of the infrastructure part of the organization and a user object will have a unique identity in the domain and since Active Directory follows authentication and authorization based on the authorization the user object will be allowed to access certain resources within the domain or all the resources in the domain and that's what we mean by authorization based access so if you are a user you will be able to access a certain resource within your Active Directory infrastructure if you are an administrator you will be able to access almost all the resources within your Active Directory infrastructure so all that is based on authorization and every user object has a unique security identifier and is also secured by a password and the second type of object that we are going to be discussing is the computer objects in Active Directory so the computer objects can be individual computers workstations servers which are part of a network similar to the user object each computer has a unique computer account and that computer account allows each computer to be authenticated and authorized for access to domain and domain resources so a server could be a domain controller or global catalog server or a member server and then another type of object is going to be the contact objects within Active Directory so this object is going to be a bit different from the other two objects that we just saw so any individual who is not part of the organization but related to the organization is going to be named as a contact with a naturally for example you have vendors who would like to be part of your organization but at the same time a do not need access to resources within your organization in such cases you create something called as contact objects within Active Directory a contact cannot log on or access the domain or network and this cannot be assigned permissions or authorization or any type of restrictions so users and contacts are two different objects within Active Directory I want you to get that point straight and then we have something called groups these are going to be very crucial so groups can contain users computers and few other objects within them so we call them the members of the group instead of assigning permissions on individual users permission management becomes much more easier when you assign permission to a group and you simply add the users to that specific group there are two types of groups broad classifications the first is going to be securing groups which is used for assigning permissions and the second one is going to be male groups and we have something called scope in Active Directory and there are three basic classifications when it comes to groups course you have the domain local group so to give access to resources in the same domain as the group users can be from different domains so that's the basic function of atom in the local group right so then you have something called as global group so this is basically used to give access to resources that are in different domains to use us from a specific domain and then you have the universal group so these types of group you are used to give access to resources located in different domains to a group of users from different domains alright so these are the three basic types of group scopes that we have when enacted directly now the whole idea of these groups is to grant access to resources and the level of access and the reach depends on the type of scope that you define to that group so why should we even use Active Directory what are the advantages so mention some of the advantages right here so the first one is it is highly secure as it said the first step is authentication the other next step is authorization now that we have these two stages we can call it a multi-layered system that's going to allow users the access to resources with a neo network and another important factor that is we are talking about centralized administration so instead of managing objects manually we can manage them from centralized locations and scalability so this technology can be deployed in an organization with hundred employees or organizations that spread across the globe with hundred thousand employees and deploying this technology is going to be easy and efficient and at the same time locating an object within an Active Directory infrastructure is going to be very easy using the search mechanism that this technology provides centralized storage this is something that we have discussed already and this Active Directory technology is no longer standalone technology so this serves as a platform for other services like your office 365 SharePoint Skype for business exchange online and all of this stuff and when you have Active Directory there is a concept call this profiles within Active Directory so you have two types of profiles individual profiles and mandatory profiles so users can have the same environmental settings material of which computer or location they log on from so you have hundred thousand computers in your network and every time you log into a specific computer you get the same wallpaper you get the same settings you are allowed to access the same resources all those are mapped to something called your user profile and then you have something called mandatory profiles so this mandatory profile is basically going to decide what you can or cannot access after you have logged into your Active Directory infrastructure so individual profiles and mandatory profiles and then now that you have users performing actions within Active Directory you need to have a track of all the actions that they're performing so an an action can result in two types of events an accident or a threat if it's an accident you need to take measures to prevent it next time if it's a threat you need to avoid it from happening the next time or you need to be notified immediately for these two reasons you need to actually audit the changes that take place in your Active Directory infrastructure so after directory is also a platform for security auditing so this basically records the events in the security logs of the even fewer and then you get to know what's going on in your organization so their clinic to throat reviews any organization that has a network set up organizations which require 24/7 uptime any organization where the number of users computers or resources will keep changing any organization where data security is vital and any organization that is spread across the globe for all these categories Active Directory would be the best fit so some of the sectors that take advantage of Active Directory the garment sector corporates schools research organizations hospitals non-government organizations and a lot more so the advantages of using Active Directory secure easy to deploy effective scalable flexible in terms of mergers and acquisitions efficient so this technology is going to be a cost effective management system to control all the objects and other resources in an organization or a network so if you'd like to know more about managing and Active Directory infrastructure managing the objects within an Active Directory infrastructure the site that you need to watch out for is WWJD managed applause comm or you can simply shoot out an email to support at 89 Jeff lost comm thank you [Music]

Info

Channel: ManageEngine ADSolutions

Views: 201,031

Rating: undefined out of 5

Keywords: Active Directory, AD Management, ManageEngine, ADManager Plus, software, management, Reports, technology, AD Reporting, system, security

Id: i9I5poSokow

Channel Id: undefined

Length: 23min 36sec (1416 seconds)

Published: Mon Sep 04 2017