Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning , Microsoft Meet Christopher Chapman • Background – IT manager and implementer focused on deploying, maintaining and optimizing networks of all sizes (from SMB to Enterprise) – IT Consulting projects include Custom SharePoint for Microsoft IT, Netware/Notes migration to AD/Exchange, Transition to centralized management (250 clients) – Instructor and Director of Instruction • Contact – christopherjs@microsoft.com – @ChristopherMSL Course Topics Understanding Active Directory 01 | Introduction to Active Directory 02 | Active Directory Domain Services (DS) 03 | Active Directory Certificate Services (CS) 04 | Active Directory Federation Services (FS) 05 | Active Directory Rights Management Services (RMS) 06 | Active Directory Lightweight Directory Services (LDS) Setting Expectations • Target Audience – IT Help Desk staff interested in moving into Network/Systems Administration – Anyone interested in learning more about Active Directory • Suggested Prerequisites/Supporting Material – Microsoft Technology Associate: • • • • Exam 98-349: Windows Operating System Fundamentals Exam 98-365: Windows Server Administration Fundamentals Exam 98-366: Networking Fundamentals Exam 98-367: Security Fundamentals Microsoft Virtual Academy Introduction to Active Directory Module Overview • Active Directory isn’t what it used to be! • What is Active Directory? • Active Directory Roles What is Active Directory Domain Services • What is Active Directory? – A collection of services (Server Roles and Features) used to manage identity and access for and to resources on a network • Federation Services • • • Network Access for External Resources Internal Accounts Authorization Authentication Certificate Services • Identity • NonRepudiation Active Directory Rights Management Services • Content Security and Control • • • Identity Access Centralized Management Lightweight Directory Services • Application Templates Active Directory Roles • AD Domain Services (AD DS) – Users, Computers, Policies • AD Certificate Services (AD CS) – Service, Client, Server and User identification • AD Federation Services (AD FS) – Resource access across traditional boundaries • AD Rights Management Services (AD RMS) – Maintain security of data • AD Lightweight Directory Services (AD LDS) What is AD DS? Windows Server • What is Active Directory Domain Services? – A directory service is both the directory information source and the service that makes the information available and usable – A phone book… • • • • Windows User • • • • Account Information Privileges Profiles Policies Email Servers • • Mailbox Information Address Book Mgmt Profile Network Info Printers Shares Windows Client • Mgmt Profile • Network Info • Policies Active Directory Domain Services • • • Manageability Security Interoperability Applications • Server Config • SSO • App-Specific Directory Info Network Devices • • • Config QoS Policy Security Policy What does AD DS do? • Scalable, secure, and manageable infrastructure for user and resource management – stores and manages information about network resources – provides support for directory-enabled applications such as Microsoft® Exchange Server – allows for centralized management What is AD CS? • AD CS is the Microsoft implementation of Public Key Infrastructure (PKI) • PKI is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates Certificate Signing Request 2 Enrollment 3 Certificate Repository Certification Revocation Repository x.509 Certificate Chain Certificate Retrieval CRL Retrieval 4 Certificate Revocation List 5 Revocation Request 1 End-Entities (users or computers) What does AD CS do? • AD CS provides customizable services for issuing and managing digital certificates – Certification Authorities – CA Web Enrollment – Online Responders – Network Device Enrollment Service (NDES) – Certificate Enrollment Web Service – Certificate Enrollment Policy Web Service What is AD FS? • A software component that facilitates the crossorganizational access of systems and applications AD DS Web Server Federation Trust Account Federation Server Account Partner Organization Resource Federation Server Resource Partner Organization What does AD FS do? • The AD FS server role provides simplified, secured identity federation and Web single sign-on (SSO) capabilities. – enables the creation of trust relationships between two organizations – provides access to applications between organizations – provides Single Sign-on (SSO) between two different directories for Web-based applications What is AD RMS? • Active Directory Rights Management Services (AD RMS) is an information protection technology that works with applications to safeguard digital information Information Author RMS Server Recipient What does AD RMS do? • Allows individuals and administrators to specify access permissions to documents, workbooks, and presentations – prevent sensitive information from being printed, forwarded, or copied by unauthorized people – access and usage restrictions are enforced no matter where the information is located What is AD LDS? • AD LDS is a hierarchical file-based directory store • AD LDS is both the directory information source and the service that makes the information available and usable Network Devices Windows User • • • • Account Information Privileges Profiles Policies • • • Config QoS Policy Security Policy Active Directory LDS • • • Email Servers • • Mailbox Information Address Book Manageability Security Interoperability Applications • Server Config • SSO • App-Specific Directory Info What does AD LDS do? • Lightweight Directory Access Protocol (LDAP) – Directory service that provides flexible support for directory-enabled applications, without the dependencies and domain-related restrictions of AD DS – provide directory services for directory-enabled applications without incurring the overhead of domains and forests – no requirement for a single schema throughout a forest Thanks for Watching! ©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
