Chapter 1 Before you begin

Chapter 1 Before you begin


The Above Picture logo is copyright & owned by Microsoft. It is for knowledge purpose only.

  Chapter 1 Before you begin

Below are some facts that you should know that AD is a Big Subject.

  •  AD is the critical function for the continued health of a windows environment
  • AD tasks can be achieved both using both Graphical User Interface (GUI) or Power Shell (PS)
  • Groups are better to Manage Permission on AD Levels
  • AD provides Centralized Services.
  • AD Exists from approx. last 14 years (Windows 2000)
  • Active Directory is part of the class of products known as Directory Services. Other products in this category include Novell’s eDirectory and Red Hat’s Directory Server. Some applications, such as Lotus (now IBM) Domino, have their own built-in Directory Service.
  • Two important factor of AD (Authentication & Authorization) Authentication Happens First
  • Ways of Authentication: – Smart Card, Tokens, Biometrics, Username & Password are the identity of the users.
  • Multi factor Authentication & Passwords.
  1. Something you know à Login ID & Password
  2. Something you have à Smart Card or Soft Token
  3. Something you are à Finger Print & Biometrics
  • Active Directory Uses Kerberos (Port 88) Protocol for Authentication.
  • Time Sync is very important because Time Stamp is used while Authentication.
  • Authorization: – In other terms Permissions. Granting access to user on appropriate resources like (File Share, Database, Servers, Printers, Mailboxes Etc)
  • Authentication Token which is created while login that contains your Membership Details
  • If remote access is attempted then token is created on that (Remote) local machine.
  • Authentication & Authorization are combined into Identity Management.
  • Forest :- Forest is a whole of your AD which contains one or more domains arranged in trees)

       *Forest is named after when first domain is created known as Root Domain, which           can’t be changed*

  • All Domain in Forest share common configuration Container like (AD Sites & Services such as Exchange | AD partitions) & a common schema.
  • Domains are linked by Transitive Trusts, they are created automatically when domains are created. For Example A trusts B, B Trusts C, & A Trusts C.
  • Forest is the secondary boundary for AD.
  1. Objects permissions can’t be granted outside forest.
  2. Objects outside forest can’t be granted permissions inside.
  • Domain objects work with (Users, Computers, Groups & So on)
  • Domain is an Administrative Boundary. Domain Admins does not have permissions to other domains.
  • Domains are also a Security Administration Boundary, Permissions applied within the domains can’t affect object outside the domain.
  • Domains is also a Policy Application Boundary. {Best Practice is a limit the application of group policy to a single Domain} Applying policies across domain will slow down the processing & will make administrator work harder.
  • A domain is a FQDN (Fully Qualified Domain Name) is a Unique Identifier. It can be arranged in a hierarchy (Tress) with parent & child relationships.
  • Parent domain doesn’t automatically gets administrator rights in any other child domains.
  • Organizational Unit (OU) :-
  1. Can be used to control delegation of Administrator privileges to control Users, Groups, & Computer in certain OU.
  2. Control the Application using Group Policy.
  • Things which contains under Default OU.
  1. Built IN, Which stores a number of Default Groups.
  2. Users, which stores other default groups. Also default location for the creation of new users if specific OU not defined.
  3. Computers, which is empty when domain is created. But it is the default location for the creation of computer accounts when a new machine is joined in the domain.

*****Major Difference between Container & OU that Group Policy cannot be applied on container & child OU’s can’t be created with a container*****

 If you still require more details please visit below official url from MS.