Active Directory
Allows sys admins to update and mange objects, such as
os
application
users
data
on a large scale
Domain
e.g. corp.com
domain controller usually also host a DNS server
enterprise might have multiple domains, they can be organized in domain forests
objects are assigned to an domain
Organizational Units
containers used to store objects within the domain
Domain Controller
central machine in AD
there might be multiple DCs in an AD
stores all objects and their attributes
used for authentication
Primary Domain Controller (PDC)
holds the most updated information in a domain
has the PdcRoleOwner property
Domain administrators
most privileged objects in the domain
have complete controll over the domain
Enterprise Admins are granted full control over all domains of the enterprise
AD Powershell cmdlets
e.g. Get-ADUser
requrie RSAT
rarely present on clients -> Load PowerView
Domain name
CN=Stephanie,CN=Users,DC=corp,DC=com
CN=Common Name -> Stephanie part of Users
DC= Domain Component -> corp.com
Managed Service Accounts
accounts for Services, which are managed globally and require tighter integration with AD
Grouped Managed Service Accounts support multiple instances of the same Service (e.g. to increase availability)
Access Control Entries (ACE)
Each object has a set of permissions applied to it -> ACEs (“Firewall rules”)
They make up the Access Control List (ACL) for the object.
Zuletzt geändertvor einem Jahr