Active Directory (AD)

AD is Microsoft's directory and identify management service for Windows domain networks.

AD has different services:

• Active Directory Domain Services (AD DS) - The core service used to manage users and resources.
• Active Directory Lightweight Directory Services (AD LDS) - A low-overhead version of AD DS.
• Active Directory Certificate Services (AD CS) - For issuing and managing digital security certificates.
• Active Directory Federation Services (AD FS) - For sharing identity and access management information across organizations and enterprises.
• Active Directory Rights Management Services (AD RMS) - For information rights management.

Fundamental AD features and capabilities include:

• A schema that defines the classes of objects (User, Group, Contact, Computer, Shared Folder, Printer, and Organizational Unit) and attributes contained in the directory (For example, User Object attributes include information like the user’s name, address, and telephone number).
• A global catalog that contains detailed information about every object in the directory.
• A query and index mechanism that allows users, administrators, and applications to efficiently find directory information.
• A replication service that disseminates directory data across the network.

AD Structures

• A domain - Is a network of computers that all answer a single authority
• A tree - Is a collection of one or more domains with a neighboring namespace
• A forest - Is a collection of one or more trees that share a common schema, but aren't part of a neighboring namespace

Organizational units (OUs) - Objects within a domain that are grouped in order to simplify administration and policy management. OUs also make it easier to delegate control over resources to various administrators.

AD Benefits

• Security
• Extensibility
• Simplicity
• Resiliency

DHCP Overview

IPv4 address configuration used to be manual, in 1993 the automated process BOOTP didn't automatically define everything. Finally Dynamic Host Configuration Protocol, initially released in 1997, provides automatic address/ IP configuration for almost all devices.

Managing DHCP in the enterprise

• Limited Communication range
• Multiple servers needed for redundancy
• Scalability is always an issue
• DHCP relay, also known as IP helper, is needed

Configuring DHCP

Scope properties

• IP range
• Subnet mask
• Lease durations
• DNS server
• Default gateway
• VOIP servers

DHCP pools

A grouping of IP addresses and each subnet has its own scope. A scope is a single neighbouring pool of IP addresses.

• Dynamic assignment - DHCP server has a big pool of addresses to give out, and they are reclaimed after a lease period
• Automatic assignment - DHCP keeps a list of past assignments

DHCP address allocation

• Static assignment
• Table of MAC addresses

DHCP leases

• It is only temporary
• Assigned a lease time by the DHCP server
• Administratively configured
• It reboots your computer
• Confirms the lease
• Workstation can also manually release the IP address

DHCP renewal

• T1 timer - Check in with the lending DHCP seerver to renew the IP address (50% of the lease time)
• T2 timer - If the original DHCP server is down, try rebinding with any DHCP server (87.5% of the lease time)