Christopher Chapman | MCT

Content PM, Microsoft Learning, PDG Planning , Microsoft

Meet Christopher Chapman
Background
IT manager and implementer focused on deploying,
maintaining and optimizing networks of all sizes (from
SMB to Enterprise)
IT Consulting projects include Custom SharePoint for
Microsoft IT, Netware/Notes migration to AD/Exchange,
Transition to centralized management (250 clients)
Instructor and Director of Instruction
Contact
christopherjs @microsoft.com
@ChristopherMSL
Course Topics
Understanding Active Directory
01 | Introduction to Active Directory
02 | Active Directory Domain Services (DS)
03 | Active Directory Certificate Services (CS)
04 | Active Directory Federation Services (FS)
05 | Active Directory Rights Management Services (RMS)
06 | Active Directory Lightweight Directory Services (LDS)
Setting Expectations
Target Audience
IT Help Desk staff interested in moving into Network/Systems
Administration
Anyone interested in learning more about Active Directory
Suggested Prerequisites/Supporting Material
Microsoft Technology Associate:
Exam 98-349: Windows Operating System Fundamentals
Exam 98-365: Windows Server Administration Fundamentals
Exam 98-366: Networking Fundamentals
Exam 98-367: Security Fundamentals

Microsoft
Virtual
Academy
Introduction to Active Directory
Active Directory isnt what it used to be!
What is Active Directory?
Active Directory Roles
Module Overview
What is Active Directory?
A collection of services (Server
Roles and Features) used to
manage identity and access
for and to resources on a
network
What is Active Directory
Domain
Services
Internal
Accounts
Authorization
Authentication
Federation
Services
Network
Access for
External
Resources
Certificate
Services
Identity
Non-
Repudiation
Rights
Management
Services
Content
Security and
Control
Lightweight
Directory
Services
Application
Templates
Active Directory
Identity
Access
Centralized
Management
AD Domain Services (AD DS)
Users, Computers, Policies
AD Certificate Services (AD CS)
Service, Client, Server and User identification
AD Federation Services (AD FS)
Resource access across traditional boundaries
AD Rights Management Services (AD RMS)
Maintain security of data
AD Lightweight Directory Services (AD LDS)
Active Directory Roles
What is Active Directory
Domain Services?
A directory service is both
the directory information
source and the service that
makes the information
available and usable
A phone book
What is AD DS?
Windows
Server
Mgmt Profile
Network Info
Printers
Shares
Windows
User
Account
Information
Privileges
Profiles
Policies
Windows
Client
Mgmt Profile
Network Info
Policies
Email
Servers
Mailbox
Information
Address
Book
Applications
Server
Config
SSO
App-Specific
Directory
Info
Network
Devices
Config
QoS Policy
Security
Policy
Active Directory
Domain Services
Manageability
Security
Interoperability
Scalable, secure, and manageable infrastructure for user and
resource management
stores and manages information about network resources
provides support for directory-enabled applications such as
Microsoft Exchange Server
allows for centralized management
What does AD DS do?
AD CS is the Microsoft
implementation of Public Key
Infrastructure (PKI)
PKI is a set of hardware, software,
people, policies, and procedures
needed to create, manage,
distribute, use, store, and revoke
digital certificates
What is AD CS?
Revocation Request
Certificate
Revocation
List
CRL
Retrieval
5
x.509 Certificate Chain
Certificate
Retrieval
4
Certificate
Signing
Request
Enrollment
3
Certificate
Repository
Certification
Revocation
Repository
2
End-Entities
(users or
computers)
1
AD CS provides customizable services for issuing and managing
digital certificates
Certification Authorities
CA Web Enrollment
Online Responders
Network Device Enrollment Service (NDES)
Certificate Enrollment Web Service
Certificate Enrollment Policy Web Service
What does AD CS do?
A software
component
that facilitates
the cross-
organizational
access of
systems and
applications
What is AD FS?
Web
Server
Resource
Federation
Server
Account Partner
Organization
Resource Partner
Organization
Account
Federation
Server
AD DS
Federation Trust
The AD FS server role provides simplified, secured identity
federation and Web single sign-on (SSO) capabilities.
enables the creation of trust relationships between two organizations
provides access to applications between organizations
provides Single Sign-on (SSO) between two different directories for
Web-based applications

What does AD FS do?
Active Directory Rights
Management Services
(AD RMS) is an
information protection
technology that works
with applications to
safeguard digital
information
What is AD RMS?
RMS
Server
Information
Author
Recipient
Allows individuals and administrators to specify access
permissions to documents, workbooks, and presentations
prevent sensitive information from being printed, forwarded, or copied
by unauthorized people
access and usage restrictions are enforced no matter where the
information is located
What does AD RMS do?
AD LDS is a hierarchical
file-based directory store
AD LDS is both the
directory information
source and the service that
makes the information
available and usable
What is AD LDS?
Windows
User
Account
Information
Privileges
Profiles
Policies
Email
Servers
Mailbox
Information
Address
Book
Applications
Server
Config
SSO
App-Specific
Directory
Info
Network
Devices
Config
QoS Policy
Security
Policy
Active Directory LDS
Manageability
Security
Interoperability
Lightweight Directory Access Protocol (LDAP)
Directory service that provides flexible support for directory-enabled
applications, without the dependencies and domain-related restrictions
of AD DS
provide directory services for directory-enabled applications without
incurring the overhead of domains and forests
no requirement for a single schema throughout a forest
What does AD LDS do?
Thanks for Watching!
2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the
U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft
must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.