Active Directory Configuration and Management

Active Directory (AD) enables network administrators to manage domains, users, and objects (other devices on a network) within a network.
Example: An administrator can create a group of users and grant them specific access privileges to certain directories on the server.
AD is a directory service developed by Microsoft for Windows domain networks.
It is included in most Windows Server operating systems as a set of processes and services.
It is a primary feature of Windows Server, an operating system that runs both local and Internet-based servers.
Its main function is to facilitate the authentication and authorization of users (members) and resources within an AD domain.

Authentication is the process that answers the question "Who are you?".
It is the process of verifying the identity of a user or device.
Authentication is performed by obtaining a valid username and password on an internet or intranet system.
Once a user is authenticated, the system confirms that you match the identity of whoever you claim to be.
Authentication does not confirm if you are authorized to access a resource.

Addresses the question "What Can You Do?"
Occurs after successful authentication.
Authorization is the process of verifying that a user is allowed to access a requested resource.
This process determines whether an authenticated user is permitted access to any part of an application, access to specific points of an application, or access only to specified datasets that the application provides.
You can only determine what someone is allowed to do if you recognize their identity.

Service: A process that runs in the background and does not interact with the desktop.
A service software performs automated tasks, responds to hardware events, or listens for data requests from other software.
Services are often loaded automatically at startup and run in the background without user interaction.
It does not interact with the desktop.

Application: A program that you interact with on the desktop.
- Examples: Internet Explorer, Microsoft Word, iTunes, and Skype.
Process: An instance of a particular executable (.exe program file) running.
- A given application may have several processes running simultaneously.
- Example: Google Chrome runs several processes at once, with each tab being a separate instance/process of the same executable.
- Complex applications may have multiple processes (e.g., Visual Studio).
- Most applications run from a single process (e.g., Microsoft Word).
Service: A process that runs in the background and does not interact with the desktop.
- In Windows, services almost always run as an instance of the svchost.exe process (Windows service host process).
- Exceptions exist (e.g., a touchpad driver).
- Applications may depend on certain services (e.g., printing requires the print spooler service).
- Installation packages (.msi installers) require the Windows Installer service.
- Antivirus programs often use a service to run even when the user is not logged in.
- Processes usually exit when an application is closed, but some programs may continue to run in the background (e.g., download and backup programs).

A domain is a logical group of network objects (computers, users, devices) that share the same Active Directory database.
Active Directory has forests and trees, which are ways of representing multiple domains.
Tree: A collection of one or more domains and domain trees in a contiguous namespace, linked in a transitive trust hierarchy.
Forest: At the top of the structure.
A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration.

For easy separation (e.g., early version of Active Directory, company structure, politics).
Can scale easily.

An SSL certificate, or secure certificate, is a file installed on a secure web server that identifies a website.
This digital certificate establishes the identity and authenticity of the company or merchant so that online shoppers can trust that the website is secure and reliable.
Sites are verified by a third party, such as Verisign or Thawte.
The verification company issues an SSL certificate (for a fee).
This digital certificate is installed on the web server and is viewable when a user enters a secure area of the website.
A secure page URL starts with "https."
To view the certificate, click the lock icon near one of the edges of your browser window.
Secure Sockets Layer (SSL) is a protocol developed by Netscape for providing a secure connection between two or more devices via the Internet.
SSL uses a cryptographic system that uses two keys to encrypt data:
- a public key known to everyone and
- a private or secret key known only to the recipient of the message.

Digital certificates verify a company's current status, so they do not last forever.
SSL certificates typically expire every one to three years.
If the certificate is not renewed in time, an alert box may appear.
This error is displayed because the web server has not renewed its SSL certificate.
It doesn't necessarily mean the site is fraudulent, but it indicates the site is less than professional.