Thursday, September 24, 2009

Define Active Directory and its Functionalities?

With the ever increasing amount of data moving across large networks, it behooves the network systems administrator to oversee the proper function of these elements, not to mention implement the correct security measures. One helpful tool is the Active Directory.

Developed in 1996 by Microsoft, the Active Directory is the primary method by which Windows operating systems amasses information about domains, and also monitors them. In recent years the function has been increased to allow it to facilitate and view online data flows.

The Structure of the Active Directory

Because it was devised to make accessible all the pertinent objects in the network, the directory was structured in an easy to understand hierarchical structure. There are multiple viewing levels: forests, trees and domains/objects.

The forest is where every tree and domain can be viewed; dropping to the tree level, you will see that it contains one or more domains. Domains or objects have no deeper level.

There are three main categories:
  • Resources : It cover hardware devices like printers and scanners.

  • Servers : It is primary components of both the network and the domain.

  • Objects : It is also primary components of both the network and the domain.

The Active Directory is especially useful for managing objects. An object can be defined as any element that can contain another object. Every object has its own properties or schemas, which can be accessed and modified.

How the Active Directory Works

What makes Active Directory so important for a systems administrator is that it makes the updating and upgrading process a virtual one step process. For example, you need to install a new security application. If there are several computers in the network, the procedure would be tedious, but Active Directory, via its forest structure, makes this easy; you just update one object and it applies to all.

The structure is also flexible enough to allow for making changes to specific objects. Because each has its own schema, then the administrator can assign a particular task to a user and use certain software without giving access to everyone.
Posted by Active Directory at 10:21 PM 0 comments
Labels: , , , , ,

Sunday, August 16, 2009

Active Directory Installation

Active Directory Installation is not a tough and nasty task, rather than it is very easy. It will not take too much time also.You can install it without facing too much problems. Only you have to follow the given steps;

  1. Login to the box either locally via console, or through RDP

  2. Go to Start -> Run and type in "dcpromo"

  3. For most cases you will select "Domain Controller for a new domain"

  4. For most cases you will select "Domain in a new forest"

  5. Enter in the FQDN (fully qualified domain name) that you want to use. For example, if your domain was to be called Domain.Com, you would enter Domain.Com. You can also use non existant name spaces such as Domain.Local, or Domain.abc

    6. Afterwards it will also allow to set the NETBIOS name. This is almost always the same name you entered above, only with out the .com (.local, .abc, etc).
  6. The next two screens will be where to place file repositories and service folders. You can accept the defaults.

  7. Some users may now get presented with a DNS screen asking you to configure DNS, or to do it later. Select the middle option (Install and configure for me). This will most likely NOT set up dns properly.

  8. Select the permission type you would like. There are two options. If you will only be using Windows 2003 Server and Windows XP or newer, then select the Second option. otherwise, you would need to use the first option.

  9. Pick a "Directory Services Restore" password. Hopefully you will never have to use this as its quite messy for the inexperienced. In either case, Remember this password.

  10. At this point in the installation you are presented with a basic "Sumary" page listing the options you have selected. Make sure these are set properly before continuing. once you select "Next", active directory will begin to install, and once it does you will not be able to stop, and you will have to first uninstall in order to go back and fix any problems or misconfiguration later.

  11. Active Directory will take a while, it could be a couple minutes, or as much as half an hour. Once it is done you will have to reboot.

If you are still unable to install the Active Directory, then we are here to help you.
Just login at : http://www.iyogibusiness.com/active-directory.html
Posted by Active Directory at 11:08 PM 0 comments
Labels: , , , ,

Thursday, July 2, 2009

How to add new objects to Active Directory from command line

H:\>dsadd /?
Description: This tool's commands add specific types of objects to the
directory. The dsadd commands:

dsadd computer - adds a computer to the directory.
dsadd contact - adds a contact to the directory.
dsadd group - adds a group to the directory.
dsadd ou - adds an organizational unit to the directory.
dsadd user - adds a user to the directory.
dsadd quota - adds a quota specification to a directory partition.

For help on a specific command, type "dsadd /?" where
is one of the supported object types shown above.
For example, dsadd ou /?.
Remarks:
Commas that are not used as separators in distinguished names must be
escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
Backslashes used in distinguished names must be escaped with a backslash
(for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").

Source: infotechguyz
Posted by Active Directory at 1:11 AM 0 comments
Labels: ,

Wednesday, June 24, 2009

How To Create an Active Directory Server in Windows Server 2003

After you have installed Windows Server 2003 on a stand-alone server, run the Active Directory Wizard to create the new Active Directory forest or domain, and then convert the Windows Server 2003 computer into the first domain controller in the forest. To convert a Windows Server 2003 computer into the first domain controller in the forest, follow these steps:

1. Insert the Windows Server 2003 CD-ROM into your computer's CD-ROM or DVD-ROM drive.
2. Click Start, click Run, and then type dcpromo.
3. Click OK to start the Active Directory Installation Wizard, and then click Next.
4. Click Domain controller for a new domain, and then click Next.
5. Click Domain in a new forest, and then click Next.
6. Specify the full DNS name for the new domain. Note that because this procedure is for a laboratory environment and you are not integrating this environment into your existing DNS infrastructure, you can use something generic, such as mycompany.local, for this setting. Click Next.
7. Accept the default domain NetBIOS name (this is "mycompany" if you used the suggestion in step 6). Click Next.
8. Set the database and log file location to the default setting of the c:\winnt\ntds folder, and then click Next.
9. Set the Sysvol folder location to the default setting of the c:\winnt\sysvol folder, and then click Next.
10. Click Install and configure the DNS server on this computer, and then click Next.
11. Click Permissions compatible only with Windows 2000 or Windows Server 2003 servers or operating systems, and then click Next.
12. Because this is a laboratory environment, leave the password for the Directory Services Restore Mode Administrator blank. Note that in a full production environment, this password is set by using a secure password format. Click Next.
13. Review and confirm the options that you selected, and then click Next.
14. The installation of Active Directory proceeds. Note that this operation may take several minutes.
15. When you are prompted, restart the computer. After the computer restarts, confirm that the Domain Name System (DNS) service location records for the new domain controller have been created. To confirm that the DNS service location records have been created, follow these steps:

1. Click Start, point to Administrative Tools, and then click DNS to start the DNS Administrator Console.
2. Expand the server name, expand Forward Lookup Zones, and then expand the domain.
3. Verify that the _msdcs, _sites, _tcp, and _udp folders are present. These folders and the service location records they contain are critical to Active Directory and Windows Server 2003 operations.

Source
Posted by Active Directory at 11:33 PM 0 comments
Labels: , ,

Wednesday, June 17, 2009

How do I undelete an object from the Active Directory Recycle Bin?

Source: Windowsitpro

Once you've enabled the recycle bin, you can undelete objects that were deleted after the recycle bin was enabled within the deleted object lifetime. You view the objects that are in the deleted and recycled states using the steps outlined in the previous FAQ.

To restore an object in the deleted state (isDeleted TRUE), simply pass the deleted object to the Restore-ADObject cmdlet. The easiest way to pass the object is to use the Get-ADObject cmdlet and pass the -IncludeDeletedObjects switch.

For example, if I know the displayName of an object is Dick Grayson, I would use the command below. PS C:\Users\savadmin> Get-ADObject -Filter {displayName -eq "Dick Grayson"} -IncludeDeletedObjects | Restore-ADObject

As you can see below, I actually use the Get-ADObject first just to view the object. I can see its Deleted attribute is True. I then pass the object to Restore-ADObject to undelete it. After that I viewed the object, and the Deleted attribute was blank, showing that it has been restored. In this example,e the object name was AFRBEnabled (After Recycle Bin Enabled).
Posted by Active Directory at 10:43 PM 0 comments
Labels: ,

Wednesday, June 10, 2009

Active Directory Vulnerabilities In Microsoft Windows

These vulnerabilities need to be taken seriously, due to the factor that if they are exploited, a DoS attack may take place.

The two vulnerabilities located in Microsoft Windows are:

  1. A Memory leak error which exists in the Active Directory LDAP service. It could be exploited in order to hang an affected system. This may occur via specially tampered with LDAP or LDAPS requests, which need to consist of exact OID filters.
  2. An error that exists within the Active Directory LDAP service. If this is exploited, the chances are that it may trigger the invalid memory and attackers could then execute arbitrary code. This execution of arbitrary code takes place via specially tampered with LDAP or LDAPS requests.

A malicious character with the correct computer skills will be able to take complete and utter control of an infiltrated system. He will also be able to view, change, modify, create or delete whatever he wishes.

These vulnerabilities were reported in implementations of Active Directory on the Microsoft Windows 2000 Server, Windows Server 2003 as well as the Active Directory Application Mode (ADAM), when it is installed on Windows XP Professional as well as Windows Server 2003.

The affected operating systems
Microsoft Windows XP Professional
Microsoft Windows Storage Server 2003
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows 2000 Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server

The impact of these vulnerabilities may include unauthorized system access as well as DoS attacks. All Windows users will be pleased to know that these vulnerabilities only affect Microsoft Windows 2000 Server systems. This vulnerability has been rated as moderately critical. The solution to this problem is for all users to apply the relevant updates immediately with the use of update management software or the Microsoft Update service.

Source: http://www.pc1news.com/news/0717/active-directory-vulnerabilities-in-microsoft-windows.html#msg
Posted by Active Directory at 9:34 PM 0 comments
Labels: , , , ,

Thursday, June 4, 2009

How to Manage Object Properties In Active Directory

Instructions:
  • Step 1 :Open the Active Directory Users And Computers tool.
  • Step 2: Expand the name of the domain, and select the RD container. Right-click the John Q for example, an admin user account, and select Properties.
  • Step 3: Here, you will see the various Properties tabs for the User account. Make some configuration changes based on the personal preferences. Clock OK to continue.
  • Step 4: Select the HR Organizational Unit for example. Right-click the All Users group, and click Properties. In the All Users Properties dialog box, you will be able to modify the membership of the group.
  • Click the Members tab, and then click Add. Add Monica D. President as an example and John Q. Admin User Accounts to the Group. Click OK to save the settings and then OK to accept the group modifications.
  • Step 5: Select the Sales Organizational Unit,. Right-click the Workstation1 Computer object. Notice that you can choose to disable the account or reset it( to allow another computer to join the domain under the same name). From the right-click menu, choose Properties. You'll see the properties for the Computer object.
    Examine the various options and make changes based on your properties on your personal preference. After you have examined the available options, click the OK button.
  • Step 6: Select the Corporate Organizational Unit. Right-click the Monica D. President User account, and choose Reset Password. You will be prompted to eneter a new password and then asked to confirm it. Note that you can also force the user to change this password upon the next logon.
  • Step 7: Close the Active Directory Users And Computers tool and this lesson is complete.
Source: Ehow
Posted by Active Directory at 9:49 PM 1 comments
Labels: , ,
Subscribe to: Posts (Atom)