Wednesday 11 January 2012

Microsoft’s Active Directory Security Feature

Active directory is directory service created by microsoft for domain model network in windows servers operating system.

Active Directory serves as a central location for network administration and security. It is responsible for authenticating and authorizing all users and computers within a network of Windows domain type, assigning and enforcing security policies for all computers in a network and installing or updating software on network computers.

This standard also uses LDAP like the X.500 standard, DNS and kerberos

In Active directory, security is enforced using trust inside the domain structure

One-way trust
One domain allows access to users on another domain, but the other domain does not allow access to users on the first domain.

Two-way trust
Two domains allow access to users on both domains.

Trusting domain
The domain that allows access to users from a trusted domain.

Trusted domain
The domain that is trusted; whose users have access to the trusting domain.

Transitive trust
A trust that can extend beyond two domains to other trusted domains in the forest.

Intransitive trust
A one way trust that does not extend beyond two domains.

Explicit trust
A trust that an admin creates. It is not transitive and is one way only.

Cross-link trust
An explicit trust between domains in different trees or in the same tree when a descendant/ancestor (child/parent) relationship does not exist between the two domains.

Shortcut
Joins two domains in different trees, transitive, one- or two-way

Forest
Applies to the entire forest. Transitive, one- or two-way

Realm
Can be transitive or nontransitive, one- or two-way

External
Connect to other forests or non-AD domains. Nontransitive, one- or two-way

No comments:

Post a Comment