ニンテンドーDSコンソールコンソールDS
Download
Report
Transcript ニンテンドーDSコンソールコンソールDS
• Active Directory
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory
'Active Directory' ('AD') is a directory
service implemented by Microsoft for
Windows domain networks. It is included
in most Windows Server Operating
Systems.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory
An AD domain controller
authentication|authenticates and
authorization|authorizes all users and
computers in a Windows domain type
network—assigning and enforcing security
policies for all computers and installing or
updating software. For example, when a user
login|logs into a computer that is part of a
Windows domain, Active Directory checks the
submitted password and determines whether
the user is a system administrator or normal
user.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory
Active Directory makes use of
Lightweight Directory Access Protocol
(LDAP) versions 2 and 3, Microsoft's
version of Kerberos
(protocol)|Kerberos, and Domain
Name System|DNS.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - History
1
Active Directory, like many informationtechnology efforts, originated out of a
democratization of design using Request
for Comments or RFCs. The Internet
Engineering Task Force (IETF), which
oversees the RFC process, has accepted
numerous RFCs initiated by widespread
participants. Active Directory incorporates
decades of communication technologies
into the overarching Active Directory
concept then makes improvements upon
them.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - History
For example, LDAP, a long-standing
directory technology, underpins Active
Directory. Also X.500 directories and the
Organizational Unit preceded the Active
Directory concept that makes use of
those methods. The Active Directory
concept began to emerge even before the
founding of Microsoft in April 1975, with
RFCs as early as 1971. RFCs contributing
to Active Directory include RFC 1823 (on
the LDAP API, August 1995),
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - History
1
With the release of the last, Microsoft
renamed the domain controller role as
Active Directory Domain Services (AD
DS)
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Objects
An Active Directory structure is an
arrangement of information about Object
(computing)|objects. The objects fall into
two broad categories: resources (e.g.,
printers) and security principals (user or
computer accounts and groups). Security
principals are assigned unique security
identifiers (SIDs).
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Objects
1
Each object represents a single entity—
whether a user, a computer, a printer, or a
group—and its attributes. Certain objects
can contain other objects. An object is
uniquely identified by its name and has a
set of attributes—the characteristics and
information that the object represents—
defined by a database schema|schema,
which also determines the kinds of objects
that can be stored in Active Directory.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Objects
1
The schema object lets administrators extend
or modify the schema when necessary.
However, because each schema object is
integral to the definition of Active Directory
objects, deactivating or changing these
objects can fundamentally change or disrupt
a deployment. Schema changes
automatically propagate throughout the
system. Once created, an object can only be
deactivated—not deleted. Changing the
schema usually requires planning.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Site
A 'Site' object in Active Directory
represents a geographic location that
hosts networks. An Active Directory
site object represents a collection of
Internet Protocol (IP) subnets, usually
constituting a physical Local Area
Network (LAN).
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Forests, trees, and domains
1
The Active Directory framework that
holds the objects can be viewed at a
number of levels. The forest, tree, and
domain are the logical divisions in an
Active Directory network.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Forests, trees, and domains
1
A domain is defined as a logical group
of network objects (computers, users,
devices) that share the same active
directory database.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Trusting
1
To allow users in one domain to access resources in
another, Active Directory uses trusts.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Unix integration
1
Varying levels of interoperability with
Active Directory can be achieved on
most Unix-like Operating Systems
through standards-compliant LDAP
clients, but these systems usually do
not interpret many attributes
associated with Windows components,
such as Group Policy and support for
one-way trusts.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Unix integration
1
Third parties offer Active Directory
integration for Unix platforms
(including UNIX, Linux, Mac OS X,
and a number of Java and UNIX-based
applications), including:
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Unix integration
* Fox Technologies and the product
FoxT ServerControl (software)
implements AD Bridging capabilities
that allows UNIX/Linux systems to join
Active Directory and enables the use of
the Kerberos (protocol) for
authentication of users
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Unix integration
1
* Centrify DirectControl (Centrify) – Active
Directory-compatible centralized
authentication and access control
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Unix integration
1
* Centrify Express (Centrify) – A suite
of free software|free Active Directorycompliant services for centralized
authentication, monitoring, filesharing and remote access
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Unix integration
1
* PowerBroker Identity Services, formerly
Likewise (BeyondTrust, formerly Likewise
Software) – Allows a non-Windows client
to join Active Directory
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory - Unix integration
1
Administration (querying, modifying, and
monitoring) of Active Directory can be
achieved via many scripting languages,
including PowerShell, VBScript,
JScript/JavaScript, Perl, Python, and
Ruby. Using free AD administration tools
can help to simplify AD management
tasks.
https://store.theartofservice.com/the-active-directory-toolkit.html
Windows Server 2008 - Active Directory roles
1
Identity Integration Feature Pack is included as
Active Directory Metadirectory Services
https://store.theartofservice.com/the-active-directory-toolkit.html
Windows Server 2008 - Active Directory improvements
1
The RODC holds a non-writeable copy
of Active Directory, and redirects all
write attempts to a Full Domain
Controller
https://store.theartofservice.com/the-active-directory-toolkit.html
Windows Server 2008 - Active Directory improvements
* Restartable Active Directory allows
ADDS to be stopped and restarted from
the Management Console or the
command-line without rebooting the
domain controller. This reduces downtime
for offline operations and reduces overall
DC servicing requirements with Server
Core. ADDS is implemented as a Domain
Controller Service in Windows Server
2008.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Multi-master replication - Active Directory
1
Some Active Directory needs are however better
served by Flexible single master operation.
https://store.theartofservice.com/the-active-directory-toolkit.html
Hitachi Content Platform - Active Directory support (version 5.0+)
HCP can be configured to support
Windows Active Directory (AD) for
user authentication at the system,
tenant, and namespace levels. This
means that users with AD user
accounts can access the HCP System
Management Console, Tenant
Management Console, Search
Console, and namespace content,
provided they have the applicable
permissions in HCP.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Windows Server domain - Active Directory
Active Directory makes it easier for
administrators to manage and deploy
network changes and policies (see Group
Policy) to all of the machines connected to
the domain.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Roaming user profile - Active Directory
1
In Windows 2000 and later versions, this is
set using the Active Directory Users and
Computers snap-in
https://store.theartofservice.com/the-active-directory-toolkit.html
Roaming user profile - Active Directory
Enabling roaming profiles for a
workstation running Windows NT 4.0,
Windows 2000, Windows XP
Professional, Windows Vista Business
or Ultimate is done by specifying a
location on the server where the users'
profiles are located; this is done under
User Manager for Domains in
Windows NT 4.0 Server and Active
Directory Users and Computers in
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Windows Server 2000 - Active Directory
1
Active Directory can organise and link
groups of domains into a contiguous
domain name space to form trees
https://store.theartofservice.com/the-active-directory-toolkit.html
Windows Server 2000 - Active Directory
As part of an organization's migration,
Windows NT clients continued to function
until all clients were upgraded to Windows
2000 Professional, at which point the
Active Directory domain could be switched
to native mode and maximum functionality
achieved.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Windows Server 2000 - Active Directory
1
Active Directory requires a DNS server
that supports SRV resource records, or
that an organization's existing DNS
infrastructure be upgraded to support
this. There should be one or more
domain controllers to hold the Active
Directory database and provide Active
Directory directory services.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - History
1
For example, Lightweight Directory Access
Protocol (LDAP), a long-standing directory
technology, underpins Active Directory. Also
X.500 directories and the Organizational Unit
preceded the Active Directory concept that
makes use of those methods. The LDAP
concept began to emerge even before the
founding of Microsoft in April 1975, with RFCs
as early as 1971. RFCs contributing to LDAP
include RFC 1823 (on the LDAP API, August
1995),
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Organizational units
1
The OU is the recommended level at
which to apply group policies, which
are Active Directory objects formally
named Group Policy Objects (GPOs),
although policies can also be applied
to domains or sites (see below)
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Shadow groups
1
In Microsoft's Active Directory, OUs do not
confer access permissions, and objects
placed within OUs are not automatically
assigned access privileges based on their
containing OU. This is a design limitation
specific to Active Directory. Other
competing directories such as Novell
Novell eDirectory|NDS are able to assign
access privileges through object
placement within an OU.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Shadow groups
1
Active Directory requires a separate step
for an administrator to assign an object in
an OU as a member of a group also within
that OU. Relying on OU location alone to
determine access permissions is
unreliable, because the object may not
have been assigned to the group object for
that OU.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Shadow groups
A common workaround for an Active
Directory administrator is to write a custom
PowerShell or Visual Basic script to
automatically create and maintain a user
group for each OU in their directory
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Physical matters
Physically, the Active Directory
information is held on one or more
peer domain controllers, replacing
the Windows NT|NT Primary Domain
Controller|PDC/Backup Domain
Controller|BDC model. Each DC has a
copy of the Active Directory. Servers
joined to Active Directory that are not
domain controllers are called
Member Servers.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Physical matters
The Active Directory database is
organized in partitions, each holding
specific object types and following a
specific replication pattern
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Physical matters
Earlier versions of Windows used
NetBIOS to communicate. Active
Directory is fully integrated with DNS
and requires TCPIP|TCP/IP—DNS. To
be fully functional, the DNS server
must support SRV record|SRV
resource records, also known as
service records.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Physical implementation
In general, a network utilizing Active
Directory will have more than one licensed
Windows server computer. Although
backup and restore of Active Directory is
possible for a network with a single
domain controller, Microsoft recommends
more than one domain controller to
provide automatic failover protection of the
directory. Domain controllers are also
ideally single-purpose for directory
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Physical implementation
1
A business intending to implement Active
Directory is therefore recommended to
purchase a number of Windows server
licenses, to provide for at least two
separate domain controllers, and
optionally, additional domain controllers for
performance or redundancy, a separate
file server, an separate Exchange server, a
separate SQL Server, and so forth to
support the various server roles.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Replication
1
Active Directory replication by default
is 'pull' rather than 'push', meaning
that replicas pull changes from the
server where the change was effected.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Replication
1
Replication for Active Directory zones
is automatically configured when DNS
is activated in the domain based by
site.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Replication
Replication of Active Directory uses
Remote Procedure Calls (RPC) over IP
(RPC/IP). Between Sites SMTP can be
used for replication, but only for changes
in the Schema, Configuration, or Partial
Attribute Set (Global Catalog) NCs. SMTP
cannot be used for replicating the default
Domain partition.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Database
1
'The Active Directory' database, the
directory store, in Windows 2000
Server uses the Microsoft JET
Blue|JET Blue-based Extensible
Storage Engine (ESE98) and is limited
to 16 terabytes and 2 billion objects
(but only 1 billion security principals)
in each domain controller's database.
Microsoft has created NTDS databases
with more than 2 billion objects.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Database
Programs may access the features of
Active Directory via the Component Object
Model|COM interfaces provided by Active
Directory Service Interfaces.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Application Mode - Database
[http://msdn.microsoft.com/enus/library/aa772170%28VS.85%29.asp
x Active Directory Service Interfaces],
Microsoft
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Directory System Agent - Active Directory
1
In Microsoft's Active Directory the DSA
is a collection of Server
(computing)|servers and daemon
(computer software)|daemon process
(computing)|processes that run on
Windows 2000 Server systems that
provide various means for clients to
access the Active Directory data store.
https://store.theartofservice.com/the-active-directory-toolkit.html
Directory System Agent - Active Directory
1
Clients connect to an Active Directory DSA
using various communications protocols:
https://store.theartofservice.com/the-active-directory-toolkit.html
Directory System Agent - Active Directory
1
*A proprietary RPC interface mdash;
used by Active Directory DSAs to
communicate with one another and
replication (computer
science)|replicate data amongst
themselves
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Explorer
1
'Active Directory Explorer' is a viewer and
editor for Active Directory databases, from
Microsoft. It can be used to navigate
around and modify AD entries, view
schema for objects as well as perform
searches. It can also save AD snapshots
for offline browsing.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Explorer
'ADSI Edit' is included by default on
Microsoft Windows Server 2008 (and
Microsoft Windows Server 2008 R2)
Standard and above. This has many
similar features to the SysInternals Active
Directory Explorer and is a low-level editor
for Active Directory.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Univention Corporate Server - Active Directory-compatible services
With the component Active Directorycompatible Domain Controller based on
Samba 4, UCS can be used as an Active
Directory domain controller for Windows
systems including file, printer and network
services.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Univention Corporate Server - Active Directory-compatible services
Active Directory Connection avoids double,
demanding, complex and error-prone administration.
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Univention Corporate Server - Active Directory-compatible services
1
If the aim is to replace Microsoft domain
controllers completely by UCS which also
includes the parallel switching-off of all
Active Directory domain controllers, the
UCS-component Active Directory Takeover
allows the migration of objects from a
native Active Directory domain controller to
a UCS Samba/AD domain controller.
https://store.theartofservice.com/the-active-directory-toolkit.html
Organizational Unit - Sun Enterprise Directory Server and Active Directory
1
In Sun Java System Directory Server
and Microsoft Active Directory (AD),
an organizational unit (OU) can
contain any other unit, including other
OUs, users, groups, and computers.
OUs in separate Domains may have
identical names but are independent
of each other.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Rights Management Services
'Windows Rights Management
Services' (also called 'Rights
Management Services', 'Active
Directory Rights Management
Services' or 'RMS') is a form of
Information Rights Management used
on Microsoft Windows that uses
encryption and a form of selective
functionality denial for limiting
access to documents such as
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Rights Management Services
1
In Windows Server 2008, Windows Rights
Management Services has been renamed
to 'Active Directory Rights Management
Services', reflecting a higher level of
integration with Active Directory
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Federation Services
1
'Active Directory Federation Services' (AD
FS) is a software component developed by
Microsoft that can be installed on Windows
Server operating systems to provide users
with single sign-on access to systems and
applications located across organizational
boundaries. It uses a claims-based access
control authorization model to maintain
application security and implement
federated identity.
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Federation Services
A federation server on one side (the
Accounts side) authenticates the user
through the standard means in Active
Directory Domain Services and then
issues a token containing a series of
claims about the user, including its identity
1
https://store.theartofservice.com/the-active-directory-toolkit.html
Active Directory Federation Services
1
AD FS integrates with Active Directory
Domain Services, using it as an identity
provider. AD FS can interact with other
WS-* and SAML 2.0 compliant federation
services as federation partners.
https://store.theartofservice.com/the-active-directory-toolkit.html
For More Information, Visit:
• https://store.theartofservice.co
m/the-active-directorytoolkit.html
The Art of Service
https://store.theartofservice.com