Microsoft Windows Domains Structure and Services Chatziioannidis Christos Computer & Informatics...
12
Microsoft Windows Domains Structure and Services Chatziioannidis Christos Computer & Informatics Engineer Computer & Networking Services Computer Technology Institute 26-05-2006
-
Upload
martina-harrell -
Category
Documents
-
view
214 -
download
0
Transcript of Microsoft Windows Domains Structure and Services Chatziioannidis Christos Computer & Informatics...
Microsoft Windows DomainsStructure and Services
Chatziioannidis ChristosComputer & Informatics Engineer
Computer & Networking Services
Computer Technology Institute
26-05-2006
MS Domain
• DNS zone
• Active Directory
• Intergraded Services
• Trusts
• Security
MS Domain
• DNS zone
• Computers
• Users
• Services– Mail
– Web
– File Sharing
– Document management
– Certificate Authentication
– Media Services
Active Directory Objects
MS Domains - Trustsm
ydom
ain.
com
yourdomain.com
One way Trust
yourdomain.com accepts accounts from mydomain.com
mydomain.com accepts accounts from yourdomain.com
Two ways Trust
MS Domains - Trusts
subB.sub2.mydomain.com
mydomain.com
sub1.mydomain.com sub2.mydomain.com
subA.sub2.mydomain.com
Ad
min
istration
sub1. yourdomain.com
yourdomain.com
sub2. yourdomain.com
Trust
MS Domain - Administration
subA.sub2.mydomain.comsubB.sub2.mydomain.com
mydomain.com
sub1.mydomain.com sub2.mydomain.com
Ad
min
ist rat ion
Administrators Group
Administrators Group
Site
1S
ite 2
Site
3
Site
4
Conditions 1. IP Address2. Availability
MS Domain – DNS (Services)
• Forward DNS
• Reverse DNS
• DDNS
• AD subzones
NAME IPPc01.mydomain.com 10.10.234.14
IP NAME 10.10.234.14 Pc01.mydomain.com
Automatic Register DNS &
Optional PTR record
Subzones used for AD Services AuthenticationMSNSitesLDAP
MS Domain - DHCP
• Supplies:– IP – Subnet – Gateway– DNS Servers– Wins Options, etc
• Control Pools (Exclude, Reserve)
• Control Security – MAC Addresses
Warning
A DHCP Server in AD must
be first Authenticated
MS Domain - Security
• Authentication
• AuthorizationKerberos KDC Technology
KDC Authentication
Ticket ExchangeDC Server Client
AD Intergraded Service
Applications Server Authenticated
using Ticket
MS Domain - Logon
1. DHCP
2. AD Authentication
3. DDNS
Access to Services through SINGLE Logon
Access through LDAP
MS Domain – ActiveDirectory
• Organizational Units (OUs)
• Objects– User– Computer– Printer– Share Folder– Contact– Group– Service Information (Exchange, Communication Server, etc)
Policies
AppliedControl
MS Domain - Services
Auditing
Communications Server
RRASRouting & Remote
Access Server
DBsSQL, MSDE
WEB, FTP (IIS)
SNMP
DNS
Media Services
File & Printing Sharing
NFS
Terminal Services
WSUS
