Windows Time (W32time): Kerberos requires all computer times to be in sync.NetLogon: Netlogon is the authentication communication service.Kerberos Key Distribution Center (KDC): The kdc verifies and encrypts kerberos tickets that AD DS uses for authentication.DCs host other services that are complementary to AD DS as well. DCs respond to authentication requests and store AD DS data. Role of Domain Controllers with Active Directory Domain Servicesĭomain Controllers (DC) are the servers in your network that host AD DS. For example, Rights Management determines if you can access a folder or send an email.
Rights Management: Controls information rights and data access policies.Directory Federation Services: Provides SSO authentication for multiple applications in the same session, so users don’t have to keep providing the same credentials.Lightweight Directory Services: Supports LDAP for cross platform domain services, like any Linux computers in your network.Certificate Services: Allows your DC to serve digital certificates, signatures, and public key cryptography.This is the primary functionality of AD DS. Domain Services: Stores data and manages communications between the users and the DC.Here are the services that AD DS provides as the core functionality required by a centralized user management system. What Services are Provided in Active Directory Domain Services? Lightweight Directory Access Protocol: LDAP is a protocol that allows AD to communicate with other LDAP enabled directory services across platforms.Sites: Sites are representations of the network topology, so AD DS knows what objects go together to optimize replication and indexing.Replication Service: The replication service makes sure that every DC on the network has the same Global Catalog and Schema.A good example would be when you start typing a name in your mail client, and the mail client shows you possible matches. Query and Index Mechanism: This system allows users to find each other in AD.If you need to find the name of a user, that name is stored in the Global Catalog. Global Catalog: The container of all objects in AD DS.Schema: The set of user configured rules that govern objects and attributes in AD DS.In order to understand AD DS, there are some key terms to define.
All access to network resources goes through AD DS, which keeps network access rights management centralizedĪctive Directory Domain Services Terms to Know.AD DS provides built in replication and redundancy: if one Domain Controller (DC) fails, another DC picks up the load.You can manage AD DS from any computer on the network, if necessary.You can customize how your data is organized to meet your companies needs.There are several benefits to using AD DS for your basic network user and computer management. Benefits of Active Directory Domain Services
Understanding AD DS is a top priority for Incident Response (IR) and cybersecurity practitioners because all cyberattacks will affect AD, and you need to know what to look for and how to respond to attacks when they happen. “This really opened my eyes to AD security in a way defensive work never did.”