Domain Controller –
Domain the term means a group of PCs or Server that falls under a single or same network. Domain controller this term is used to control the users access on networks, it manages the authentication of the user. It is always a good practice to use a secondary domain controller because if one domain controller goes down the other one stands up and this prevents the down time.
Domain controller uses the active directory to access the user database.
Using Domain controller one can connect with a different server or computer on same domain or on different domain.
In windows Active Directory an object can be users, computer, server, file, folder, or an end user.
Before taking a deep dive on domain controller one must know what a “Forest” is and what a “Tree” is.
Tree – This can be either be a single domain or multiple domains grouped to share resources globally under same namespace. The term namespace means a name that specifies a particular entity.
Examples. A.example.logical, B.example.logical here example.logical is the namespace.
When we add a domain to a tree this domain is the parent domain and when we add another domain to a tree this falls under the child domain category.
Forest- A group of trees is known as Forest. This means a forest can have multiple tress that has different domains in them. It’s a best practice for an organization to have a single forest because an additional forest for an IT department is a budget constraint and that also means an additional application server is needed.
All the trees under a forest shares a global catalog and AD schema.
Similarly, all domains under a forest trust each other.
Global catalog is the collection of attributes of all the objects present in the forest.
An example of attributes is Username, Department Name, Organizational unit etc
What is Organizational unit?
It is a type of container in AD that contains all objects. All objects are stored as files under folders.
In other words, it can also be said as logical structuring of AD objects. It helps to set up the GPO. (Group policy object)
Group policy object it is a tool in Windows which is used to set up policy or rules for the objects in a domain.
We can right click a domain and create a GPO link and apply the rules or policies to the objects that comes under that domain.
Example of GPOs are password policies, enable audit, turn off forced restart etc
GPO is a strongly used by Cyber Security professionals to safeguard their IT environment.
Active Directory
It consists of user database, access control to data and security policies.
The main service of active directory is domain service known as ADDS.
ADDS can be split into Directory service, Authentication service and Authorization service.
Services that are included in ADDS are Domain Service, Certificate service, Lightweight directory service, Federation service and Rights Management
Along with this we will be looking into DNS, DHCP, Kerberos, Zones, Records, DMZ, RAS, SMB, LDAP, FTP, MDATP, Event Viewer, Active Directory replication, Firewall and Firewall rules, NAT, VLAN, IIS, VPN, Hyper-V etc
(to be continued)
Top comments (0)