Entenda Microsoft Active Directory | Baseado no curso oficial Microsoft | AD DS

Active Directory Overview! What do we have about Active Directory, the service directory that stores information about all resources on a network. What are these features?

On a network we can have apps, we can have computers, we can have users, printers, groups, files, all of this, it stores information within something that we will call the Global Catalog. This information they are inside the directory service that at Microsoft it's called Active directory and we commonly call it AD. It's him contains objects that represent different types of network resources, for example, this user object is a set of attributes that you can define for each user object.

Now, regarding the Active Directory structure, we have the main structure that the domain, right, and what is the domain? It is the basic organization and security unit of Active Directory. And the design that Microsoft, right, and we commonly use to represent the domain is this triangle.

Every time you see this triangle there means it's a domain. In this domain, objects are kept, what is object? Those we've already talked about right now: users, computers, printers, folders, applications, etc.

they are all stored in a domain. What can we do with these stores? We can leave it pure and simply organized within the domain or we can reorganize it in a way that we locate geographically, by sectors, by function, functional level, we will organize it in the way that we see it as the most important.

So, organizational units, or OR, are logical containers that allow us to organize these objects within a domain. So instead of having the objects simply dropped here within my domain I can create organizational units and within each organizational unit I can place one or more objects that I want to organize, and in these organizations I can create, copy, the hierarchy, for example, of a company. I can, for example, put it here, accounting, right, the accounting sector, the legal sector, the sales sector and then in the sales sector I put all sales users, all machines that belong to the sale, all the printers for sale, all.

. . anyway, I organize everything in sales.

Legal alike, accounting alike. Now how interesting, by making this organization I can also assign administrative responsibilities. In the domain, I have the administrator, who is the master guy, right, the root guy, the guy who has permission, full rights within my domain, regardless if i'm in a organizational unit or in another organizational unit , I have full entitlement.

However, making a separation, organization through OUs I can assign, delegate, administrative responsibility, we will also do this here, to some user or group. Then look how interesting, I can say that the accounting sector has a boss and this boss he will be, he will have responsibility within the OU. So he can manage the resources of the network that are inside the OU, manage the printer, groups, users and other things that have there, ok.

This is very interesting and also avoids more work for administrators. We delegate functions that, for example, can be changing a user's password. We realize that we initially have a domain, a triangle, we can put objects to organize within the domain, we separate them into OUs, mass, but if I want each domain if I have an administrator I can then have a domain tree, look how interesting.

So I have a company, a company A, for example, the company I don't know, Microsoft, Microsoft. com is the parent company, but below Microsoft there is the Windows sales department, Windows. Microsoft.

com ok, it only takes care of Windows, so within this affection there it is possible to have an administrator and within the domain, right, this child domain here, son of this father here, so what is it that has domains below on top I have the parent domain down here has an administrator, this administrator can organize resources and objects from my domain, this child domain into OUs, and also delegate administrative responsibilities within that domain, look how interesting. So we will now have the parent domain, several child domains if we want, thus forming domain trees. And the interesting thing is that the domain father has, for example, the name company.

intranet here, in the child domain I have to inherit this company. intranet name , so I'll have it here, for example in this case simoes. empresa.

intranet on the right side here I have another one from my son called lauro. company. intranet, they are now child domains of this parent domain.

So domain tree are formed by multiple domains, there are several domains, and the first one created is called the parent domain. With multiple domains, multiple domains, we can create our domain trees, in which we have the parent who is first created and the rest are called child domains. Now look how interesting when I do this tree creation, the parent domain it goes trust the child domain, because the child domain was created from the parent domain, it even gets his last name, which we saw there on the last slide, so parent domain company.

intranet, the child domain on the left here in this case is simoes. company. intranet, received the name company.

intranet as well, so there is a trusting relationship between they and this trusting relationship makes it possible to make resources available, as long as they are allowed this feature, of course, from one domain to other domains, just look how interesting. So we have the parent domain here, suddenly there's a printer up here, in this parent domain, and here in the child domain this user doesn't want to print to that printer that print on this one, this print can be done , as long as you have permission to do so. There is already an establishment of an access for this printer, there is a relationship of trust, which in this case being a tree is already a transitive trust relationship, it transits, passes from parent to child, from child to the other child, it is transitive, and we call this trust relationship, in addition to being a transitive trust relationship, it is bidirectional, why bidirectional?

because the father trusts the son and the son trusts the father. So just like the son, in this example I gave, this guy can print on this printer, this one up here can print on some printer down here, since of course always have to have permission. So it's called a trust relationship , which is done transitively, in other words, it allows inheritance to transit between domains, that is, if this parent trusts this child and this parent trusts the other child then, this child on the left trusts the child on the right so I can a user from here on the left which is my child's child to print to a printer that is in the right child domain, no problem and vice versa, because it has a two-way transitive trust relationship.

When I actually have the need to have distinct names here I have the same names, right, I inherit this company. intranet, company. intranet, simoes.

empresa. intranet and on this side I have lauro. empresa.

intranet, when I can't have it, when I have one another company, company A joins company B, becomes part of a group, a group AB, so i had a domain called domain A i had another domain called domain B that can having trees, it can be a domain tree there, both in A and in B, but this A here, right, . net and this B. algo, they are now part of the same, the same group, and they need to talk, right, the resources need to be exchanged, right, because they are now the same group So I can create a forest there now.

And what is a forest? Is you take multiples domains, whether they are tree or not, right, I can only have one domain without a tree, in this case the example here I have that company_A. intranet, so the child here will be something point company_A.

intranet, and on this side, what are the children ? Something pont company_B. local.

Now notice that the name is different, the name is different so they don't have a tree relationship between them but this tree on the right needs to talk to a tree on the left so, I build, establish, a relationship of trust within a forest. So a forest of domains, it will share a global catalog, that the place where you have information from the objects, of the network resources, he will have to share since he will have to have trust between the domains, it has a trust relationship and has a common scheme, where we can now have the permission of that domain user , right, something company_A. intranet, printing on this other domain here, which is anything dot company_B.

local, okay, as long as I have permissions, I have to assign permissions, ok, but the trust relationship allows the passage of information that is there.