微软活动目录介绍
合集下载
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
微软活动目录介绍
Introduction to Active Directory® Domain Services
Module Overview
Overview of AD DS Overview of AD DS Logical Components Overview of AD DS Physical Components
AD DS Logical Components
9Leabharlann What is the AD DS Schema?
The AD DS Schema:
• Defines every type of object that can be stored in AD DS • Enforces rules regarding object creation and configuration
2
Lesson 1: Overview of AD DS
Why Deploy AD DS? What is Authentication? What is Authorization? Using AD DS to Centralize Network
Management Overview of AD DS Components
3
Why Deploy AD DS?
AD DS provides a centralized system for managing users, computers, and other resources on a network
AD DS features include:
• Centralized directory • Single sign-on access • Integrated security • Scalability • Common management interface
8
Lesson 2: Overview of AD DS Logical Components
What is the AD DS Schema? What is a Domain? What are AD DS Trusts? What is a Domain Tree? What is a Forest? What is an OU? What are AD DS Objects? Demonstration: Tools for Managing the
Security principals are issued security identifiers (SIDs) when the account is created
User accounts are issued security tokens during authentication that include the user’s SID and all related group SIDs
6
Using AD DS to Centralize Network Management
AD DS centralizes network management by providing:
• Single location and set of tools for managing user and group accounts
• Network authentication – grants access to network resources
5
What is Authorization?
Authorization is a process of verifying that an authenticated user has permission to perform an action
• Data store • Domain controllers • Global catalog server • Read-Only Domain
Controller (RODC)
Logical Components • Partitions • Schema • Domains • Domain trees • Forests • Sites • Organizational units (OUs)
• Group policies to manage user desktops and security settings
7
Overview of AD DS Components
AD DS is composed of both physical and logical components
Physical Components
4
What is Authentication?
Authentication is the process of verifying a user’s identity on a network
Authentication includes two components:
• Interactive logon – grants access to the local computer
• Single location for assigning access to shared network resources
• Directory service for AD DS enabled applications
• Options for configuring security policies that apply to all users and computers
Shared resources on a network include access control lists (ACL) that define who can access the resource
The security token is compared against the DACL on the resource and access is granted or denied
Introduction to Active Directory® Domain Services
Module Overview
Overview of AD DS Overview of AD DS Logical Components Overview of AD DS Physical Components
AD DS Logical Components
9Leabharlann What is the AD DS Schema?
The AD DS Schema:
• Defines every type of object that can be stored in AD DS • Enforces rules regarding object creation and configuration
2
Lesson 1: Overview of AD DS
Why Deploy AD DS? What is Authentication? What is Authorization? Using AD DS to Centralize Network
Management Overview of AD DS Components
3
Why Deploy AD DS?
AD DS provides a centralized system for managing users, computers, and other resources on a network
AD DS features include:
• Centralized directory • Single sign-on access • Integrated security • Scalability • Common management interface
8
Lesson 2: Overview of AD DS Logical Components
What is the AD DS Schema? What is a Domain? What are AD DS Trusts? What is a Domain Tree? What is a Forest? What is an OU? What are AD DS Objects? Demonstration: Tools for Managing the
Security principals are issued security identifiers (SIDs) when the account is created
User accounts are issued security tokens during authentication that include the user’s SID and all related group SIDs
6
Using AD DS to Centralize Network Management
AD DS centralizes network management by providing:
• Single location and set of tools for managing user and group accounts
• Network authentication – grants access to network resources
5
What is Authorization?
Authorization is a process of verifying that an authenticated user has permission to perform an action
• Data store • Domain controllers • Global catalog server • Read-Only Domain
Controller (RODC)
Logical Components • Partitions • Schema • Domains • Domain trees • Forests • Sites • Organizational units (OUs)
• Group policies to manage user desktops and security settings
7
Overview of AD DS Components
AD DS is composed of both physical and logical components
Physical Components
4
What is Authentication?
Authentication is the process of verifying a user’s identity on a network
Authentication includes two components:
• Interactive logon – grants access to the local computer
• Single location for assigning access to shared network resources
• Directory service for AD DS enabled applications
• Options for configuring security policies that apply to all users and computers
Shared resources on a network include access control lists (ACL) that define who can access the resource
The security token is compared against the DACL on the resource and access is granted or denied