Microsoft Active Directory

1
Microsoft Active Directory

• ITL

2
Early Networking Schemes

• Windows LAN Manager, AppleTalk
• Broadcast-based service discovery
• Security attached to each object
• Unix NFS, lpr
• TCP/IP based
• workstation-level security

3
NOS(Network Operating System)

• 3COM, Novell
• User data stored on a central server
• Single sign-on
• Resources discovered by broadcast announcements
• Client software for Windows, Apple, Unix

4
Microsoft, Take one

• Windows NT domains
• Single name space
• 40,000 object limit
• WINS name resolution
• NETBEUI and TCP/IP transport
• Master-slave database replication
• Domain-wide administrator role designation
• Inter-domain trust relationships

5
Microsoft, Take two

• Active Directory (Windows 2000, XP, 2003)
• Core protocols
• Dynamic DNS
• LDAP
• Kerberos
• Hierarchical name space (based on DNS)
• Multi-master peer database replication

6
Dynamic DNS

• Client or DHCP server modify DNS when the client
  gets an IP address
• In AD the client sends the update request
• Standard requires DNSSEC
• AD uses internal ACLs instead
• Servers update DDNS based on the roles they
  acquire and the services they can provide

7
LDAP

• Light-weight Directory Access Protocol
• Based on the structure of ISO X.500
• Compatible with X.500 data schemas
• Does not rely on ISO protocols
• Example of a DN (distinguised, aka unique, name
  in LDAP)
• CNSteve Kille, OIsode Limited, CGB

8
Service Discovery in AD

• Based on DNS SRV records
• For Example, the general catalog server
• _gc._tcp.mycorp.com. 600 IN SRV 0 100 3268
  moose.mycorp.com.
• LDAP Servers
• _ldap._tcp.mycorp.com. 600 IN SRV 0 100 389
  moose.mycorp.com.
• There can be many SRV records for a service
• AD uses SRV records for
• General Catalog servers
• Kerberos
• Domain Controllers