Lesson 3 - Active Directory Domain Controller Services

Directory

A hierarchical structure that stores information about objects on the network.

Directory service

Provides the methods for storing directory data and making this data available to network users and administrators.

Active Directory (AD)

Microsoft's technology used in the Windows Server space to secure, manage, and easily locate device and network resources.

Schema

A set of rules that defines the classes of objects and attributes contained in the directory, their constraints, and their naming format.

Global catalog

Contains information about every object in the directory, allowing users to find information regardless of which domain contains the data.

Query and index mechanism

Allows objects and their properties to be published and quickly found by network users or applications.

Replication service

Distributes directory data across a network to all domain controllers in a domain to ensure consistency.

Centralized Management

The use of a single location by administrators to manage user identities, access control, and network resources.

Authentication

The process of verifying a user's identity, confirming they are who they say they are.

Authorization

The process of confirming a user's permissions to access a specific network resource based on security policies.

Information Lookup

Enables users and applications to quickly find resources like email addresses, printers, or security groups.

Hierarchy & Structure

The organization of data using structures that mirror an organization's layout, such as Organizational Units (OUs).

LDAP (Lightweight Directory Access Protocol)

The standard protocol used to read from and write to directory services.

Microsoft Entra ID

Cloud-based identity management, formerly known as Azure AD.

LDAP Directories

Open-source directory systems, such as OpenLDAP.

AWS (Amazon Web Service) Directory Service

Manages directories in the cloud or connects to on-premises Active Directory.

Active Directory Domain Services (AD DS)

A core function in Microsoft's Active Directory used to build a centralized, scalable Windows network.

Benefits of Directory Services

• Improved Security: Centrally manages user permissions to restrict access to sensitive data.

• Efficiency: Simplifies management of users and resources compared to individual machine configurations.

• Scalability: Designed to handle large volumes of search operations, making them suitable for massive corporate networks.

Container Objects

Main objects that consist of other objects within them, such as Domains, Forests, Trees, and Organizational Units.

Domain

A collection of objects sharing the same security database.

Forest

The top-level structure that can contain multiple domains.

Organizational Unit (OU)

Used to group users, computers, and other resources for easier management.

Tree

A collection of one or more domains in a hierarchical structure.

Leaf Objects

Objects that do not comprise other objects inside them, such as computers, printers, or users.

Sites

The representation of Windows' network topology.

Lightweight Directory Services

Services that provide support for directory-enabled applications using the LDAP protocol.

Rights Management

Restricts access to personal information and encrypts confidential data.

Directory Federation Services (DFS)

Offers Single-Sign-On (SSO) functionality for safe authentication across multiple web applications.

Certificate Services

Lets you create, share, and manage security certificates for data encryption.

NetLogon

Authenticates the login credentials of users in the domain network.

KDS (Kerberos Key Distribution Services)

Service used to issue, authenticate, and carry out the encryption of Kerberos tickets.

IsmServ (Intersite Messaging)

Assists the exchange of data between PCs in a Windows networked environment.

W32time service

Utilizes NTP (Network Time Protocol) for syncing date and time for all PCs within a networked domain.