Sunday, March 29, 2020

Windows Server: Active Directory Servce

Active Directory
Microsoft developed a directory service for a Microsoft Domain network and this directory service is referred to as Active Directory. It is included in most Windows Server Operating Systems as a set of processes and services.
A server running Active Directory Domain Services (AD DS) is called a domain controller. It authenticates and authorizes all users and computers in a Windows Domain type network. It assigns and enforces security policies for all computers and installing or updating software.
Active Directory uses Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Microsoft's version of Kerberos, and DNS.

Active Directory Services
There are 5 active directory services:
  1. Active Directory Certificate Services.
    Active Directory Certificate Services (AD CS) allows to create, distribute, and manage customized public key certificates. It is an Identity and Access Control security technology that provides customizable services for creating and managing public key certificates used in software security systems that employ public key technologies.
    It establishes an on-premises public key infrastructure. It can create, validate and revoke public key certificates for internal uses of an organization. These certificates can be used to encrypt files (when used with Encrypting File System), emails (per S/MIME standard), network traffic (when used by virtual private networks, Transport Layer Security protocol or IPSec protocol).
  2. Active Directory Domain Services.
    Active Directory Domain Services (AD DS) stores directory data and manages communication between users and domains, including user logon processes, authentication, and directory searches. An Active Directory domain controller is a server that is running AD DS.
    AD DS is important part of every Windows domain network. It stores information about members of the domain, including devices and users, verifies their credentials and defines their access rights. A domain controller is contacted when a user logs into a device, accesses another device across the network, or runs an app sideloaded into a device.

     
  3. Active Directory Federation Services.
    Active Directory Federation Services (AD FS) provides Web single-sign-on (SSO) technologies to authenticate a user to multiple Web applications over the life of a single online session.
    With an AD FS infrastructure in place, users may use several web-based services (e.g. internet forum, blog, online shopping, webmail) or network resources using only one set of credentials stored at a central location, as opposed to having to be granted a dedicated set of credentials for each service. AD FS's purpose is an extension of that of AD DS: The latter enables users to authenticate with and use the devices that are part of the same network, using one set of credentials. The former enables them use this same set in a different network.

     
  4. Active Directory Lightweight Directory Services.
    Active Directory Lightweight Directory Services (AD LDS), which is a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications, without the restrictions of Active Directory Domain Services (AD DS).
    AD LDS shares the code base with AD DS and provides the same functionality, including an identical API, but does not require the creation of domains or domain controllers. It provides a Data Store for storage of directory data and a Directory Service with an LDAP Directory Service Interface. Unlike AD DS, however, multiple AD LDS instances can run on the same server.

     
  5. Active Directory Rights Management Services.
    Active Directory Rights Management Services (AD RMS) protects your information and works with AD RMS-enabled applications to help safeguard digital information from unauthorized use. Content owners can define who can open, modify, print, forward, or take other actions with the information.
    It uses encryption and a form of selective functionality denial for limiting access to documents such as corporate e-mails, Microsoft Word documents, and web pages, and the operations authorized users can perform on them.

No comments:

Post a Comment