Tuesday, December 30, 2014

Active Directory

AD allows SSO using Kerberos.

  • Database NTDS.DIT on a DC
  • based on x.500 /LDAP
  • uses kerberos (ticket granting system)
  • consistent sync across peer DCs
  • extensible
  • interoperates with other domain/forests

AD structure

  • Domain 
  • Tree
  • Forest 
    • - totality of your AD infrastructure (single or multiple namespace domains)
  • Trust
    • manual trusts does not create transit trust.
  • Federation
    • `automatically creates a transit trust to all children

AD objects (most common)

  • User
  • group
  • computer
  • OU
    • place user, group, computer in OU to organize 
  • Sites, site links
    • control replication across slow links and allow AD convergence

No comments:

Post a Comment