Configuring Additional Active Directory Server Roles



Similar documents
Domain 1: Configuring Domain Name System (DNS) for Active Directory

Domain 1: Identifying Cause of and Resolving Desktop Application Issues Identifying and Resolving New Software Installation Issues

Authentication - Access Control Default Security Active Directory Trusted Authentication Guest User or Anonymous (un-authenticated) Logging Out

(VCP-310)

BaanERP. BaanERP Windows Client Installation Guide

E-Plex Enterprise Access Control System

InventoryControl. The Complete Inventory Tracking Solution for Small Businesses

Domain 1 Components of the Cisco Unified Communications Architecture

Engineering Data Management

Baan Service Master Data Management

Exchange Server 2010 Configuration (70-662) LearnSmart Exam Manual Copyright 2011 by PrepLogic, LLC. Product ID: Production Date: July 13, 2011

Domain 1: Designing a SQL Server Instance and a Database Solution

ODBC. Getting Started With Sage Timberline Office ODBC

Security Functions and Purposes of Network Devices and Technologies (SY0-301) Firewalls. Audiobooks

HP Asset Manager. Software version: Service Asset and Configuration Management

SQL Server 2008 Implementation and Maintenance (70-432) LearnSmart Exam Manual

Enhancing Oracle Business Intelligence with cubus EV How users of Oracle BI on Essbase cubes can benefit from cubus outperform EV Analytics (cubus EV)

client communication

Domain 1 - Describe Cisco VoIP Implementations

Unicenter TCPaccess FTP Server

Desktop Management. Desktop Management Tools

QUADRO tech. PST Flightdeck. Put your PST Migration on autopilot

ContactPro Desktop for Multi-Media Contact Center

Skytron Asset Manager

BEA elink Adapter for Kenan Arbor/BP. User Guide

Supply Chain Manager User s Manual

e-trader user guide Introduction

IT Support n n support@premierchoiceinternet.com. 30 Day FREE Trial. IT Support from 8p/user

Securing the Virtualized Data Center with Next-Generation Firewalls

Symantec AntiVirus for Network Attached Storage Integration Guide

Appendix B: Third-Party Tools

Managed Oracle Database Service

Document Control Solutions

Radio Dispatch Systems

CCH Accountants Starter Pack

QUADRO tech. FSA Migrator 2.6. File Server Migrations - Made Easy

The Drupal-Powered Enterprise

optimise your investment in Microsoft technology. Microsoft Consulting Services from CIBER

CCH Accounts Production

Making training work for your business

BaanERP 5.0c. EDI User Guide

RELEASE GUIDE. VirusScan Enterprise VERSION 7.0

3G Security VoIP Wi-Fi IP Telephony Routing/Switching Unified Communications. NetVanta. Business Networking Solutions

Introducing Rational Suite

Managed Services Catalogue (HE)

iprox sensors iprox inductive sensors iprox programming tools ProxView programming software iprox the world s most versatile proximity sensor

June 3, Voice over IP

FPO. A global telecom s strategy. for Canada

Advanced Protection for Web Services

Pre-Installation Network Planning Forms--S8700 Media Server

On-Premise CRM to Salesforce Migration - Benefits, Challenges and Best Practices

The suitability of XDS-I for national sharing in the NHS in England

Serial ATA PCI Host Adapter AEC-6290/6295

leasing Solutions We make your Business our Business

Full Lifecycle Project Cost Controls

CCH CRM Books Online Software Fee Protection Consultancy Advice Lines CPD Books Online Software Fee Protection Consultancy Advice Lines CPD

facing today s challenges As an accountancy practice, managing relationships with our clients has to be at the heart of everything we do.

OpenText RightFax Fax Server

Equalizer Installation and Administration Guide

Mobility. Manage Agility with Our Technology

! encor e networks TM

insight reporting solutions

Extending Your Management Reach to Remote Users

CCH Document Management

Biometrics for Patient Identification A US Case Study

CCH Practice Management

A Network Monitoring System with a Peer-to- Peer Architecture

HP Asset Manager SAM Best Practice package

Flood Emergency Response Plan

Supply Chain Management

User s Guide. OMEGAMON Alert Manager for HP OpenView NNM. Version 200 GC April 2002

Message Exchange in the Utility Market Using SAP for Utilities. Point of View by Marc Metz and Maarten Vriesema

Caché SQL Version F.12 Release Information

SYSTEM INFO. MDK - Multifunctional Digital Communications System. Efficient Solutions for Information and Safety

IT Management Options. Security Redefined. Flexible Offerings. Peace of Mind

Ethernet Option Board

Trustwave Leverages OEM Partnerships to Deepen SIEM Market Penetration

A guide to School Employees' Well-Being

Microsoft Virtualization. Master Microsoft Server, Desktop, Application, and Presentation Virtualization

Did you know that houses with CCTV are 90% less likely to be burgled? Yale now offer a range of Easy Fit CCTV systems

The Canadian Council of Professional Engineers

Verizon Wireless Broadband Network Connectivity and Data Transport Solutions. Verizon Wireless White Paper

PUBLIC RELATIONS PROJECT 2016

Creating And Designing A Successful Portfolio Item Model By Owner

Safety Requirements engineering and Proof of implementation

SANLAM DIRECT MARKETING DIVISION BELLVILLE, SOUTH AFRICA

Managing an Oracle ERP Upgrade with Best Practices in Organizational Change Management

Mobile Application Testing

Neolane Leads. Neolane v6.1

IntelliSOURCE Comverge s enterprise software platform provides the foundation for deploying integrated demand management programs.

Packages: Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y N Y Y N Y Y N Y Y N Y Y N Y Y N Y Y N Y Y N Y Y

RightFax Express. One solution. Multiple choices.

INTERNET AND SOCIAL MEDIA

BAAN IVc4. BAAN IV Installation Manual for Oracle7 and Oracle8 on Windows NT

Alliance and Technology unit. White Paper. A Comparative Analysis of Application Integration Tools on Microsoft Azure Platform

Digital Enterprise Unit. White Paper. Leveraging Best Practices and Recommendations for Optimal Performance Tuning of IBM Campaign

Baan Finance Accounts Payable

Windows Azure The Cloud Computing Platform

Mobile Client Architecture Web vs. Native vs. Hybrid Apps

INSTALLATION GUIDE. Desktop Firewall VERSION 7.5

Transcription:

Maual Upgradig your MCSE o Server 2003 to Server 2008 (70-649) 1-800-418-6789 Cofigurig Additioal Active Directory Server Roles Active Directory Lightweight Directory Services Backgroud ad Cofiguratio Active Directory Lightweight Directory Services (AD LDS) is a server role that provides cetralized directory access ad maagemet usig the Lightweight Directory Access Protocol, ( LDAP). It provides autheticatio, directory data storage ad allows query ad retrieval of iformatio by directory eabled applicatios, ad does ot require the heavy overhead of the Active Directory Domai Services (AD DS). I Widows Server 2008 operatig system, the AD LDS provides all the fuctioality that was provided by the Active Directory Applicatio Mode ( ADAM) i Widows Server 2003 ad XP Professioal. The AD LDS is optimized for speed of read access, ad provides a optimized eviromet for itegratig eterprise applicatios that require directory services, such as: lie of busiess systems, customer relatioship maagemet systems, global iformatio maagemet systems ad Huma Resources Maagemet applicatios. The ADLDS is primarily desiged for use by applicatios, as a cetral directory store for iformatio. Widows 2008 does ot require the deploymet of domais or domai cotrollers, as required by Active Directory Domai Services. The same fuctioality will be provided by AD LDS,ad ca be used as a totally separate ifrastructure for custom applicatio deploymet ad developmet. The followig ca be cofigured to ru the AD LDS server role: Member Servers Domai Cotrollers Stad-aloe Servers AD LDS retais may of the fuctios of AD DS, icludig: Applicatio directory partitios LDAP over SSL Support for the Active Directory API, or AD Services Iterfaces Multi-master replicatio AD LDS differs from AD DS i may ways, icludig the followig: AD LDS does ot support domais ad forests AD LDS does ot support Group Policy AD LDS does ot support Global Catalogs AD LDS does ot store security pricipals Widows caot autheticate users stored i AD LDS, or use AD LDS users i Access Cotrol Lists LearSmart Cloud Classroom: Video Traiig Mauals

Maual Upgradig your MCSE o Server 2003 to Server 2008 (70-649) 1-800-418-6789 There are may special cosideratios whe implemetig AD LDS: AD LDS is desiged to be a provide directory services for applicatios, ad the creatio, maagemet ad removal of directory objects will be doe through these applicatios. AD LDS does ot support domai cetric maagemet tools such as Active Directory Users ad Computers ad Active Directory Domais ad Trusts. AD LDS directories ca be maaged through the use of directory tools, such as: Ldp.exe - is a support utility that provides the ability to search directories for iformatio. ADSI Edit - Ca be used for creatig, deletig, viewig ad overall modificatio of objects withi the directory. Other schema ad directory maagemet utilities. There are several istaces where AD LDS is preferred over AD DS, ad it should be cosidered i the followig situatios: Whe support is required for specific applicatios that have a limited scope of users. Whe distributed applicatios support a broad geographic user base, ad data access is required i divers locatios. Whe legacy applicatios require LDAP support. Specific applicatios rely o LDAP, ad eed high speed, local directory access. For exteral facig applicatios that reside withi a perimeter etwork or DMZ. Applicatios that require extesive LDAP schema alteratios. Whe a custom developmet eviromet for directory applicatios is required. Before creatig a AD LDS istace, you eed to do a bit of plaig, ad preparatio: 1. Create a data drive o the server. You eed to place the directory stores o a drive that is separate from the operatig system. 2. You will eed to decide o a uique ame for the istace, ad this will idetify the istace, ad ame all of the required files. 3. Create a admiistrative group for the AD LDS, typically a domai group. 4. Desigate the applicatio partitio withi Active Directory with a Distiguished Name (DN). The partitio ca be created i ay oe of 3 ways: a. Whe you create the istace b. Whe you istall a applicatio that is boud to the istace c. Maually through a LDAP tool 5. Esure the appropriate TCP/IP ports ca be used through the service. Ad LDS uses the followig port umbers: a. 389 Stadard LDAP port b. 636 Secure LDAP LearSmart Cloud Classroom: Video Traiig Mauals

Maual Upgradig your MCSE o Server 2003 to Server 2008 (70-649) 1-800-418-6789 Note: These are the same ports used by AD DS. It is ot recommeded to have AD DS ad AD LDS o the same server. 6. Create/Desigate the AD LDS Service Accout. 7. Create/Add ay additioal LDIF files required for the istace. Note: LDIF files are imported durig the creatio of the istace, ad ca set sychroizatio guidelies, create customizatios ad provide itegratio (to ame a few). Below are some specific LDIF files ad their purpose: a. MS-IetOrgPerso.ldf Cotais the defiitio of the ietorgperso LDAP class. b. MS-User.ldf Cotais all user classes ad attributes. c. MS-ADLDS-DisplaySpecifiers.ldf this ldf is required for sap-i operatios ad is required if you pla to maage your istace with the Active Directory Sites ad Services Sap-i. d. MS-adamschemaw2k3.ldf required if you are goig to be sychroizig with Ad DS i Server 2003. e. MS-adamschemaw2k8.ldf - required if you are goig to be sychroizig with Ad DS i Server 2008. f. MS-AZMa.ldf supports the Widows Autheticatio Maager. Below are the steps required to create a ew LDS istace: 1. Click Start, go to Admiistrative Tools, ad the click o Active Directory Lightweight Directory Services Setup Wizard, ad click Next. 2. O the Setup Optios page, click o A uique istace, ad the click Next. 3. O the Istace Name page, provide a ame for the AD LDS istace. This ame will be used o the local computer to uiquely idetify the AD LDS istace, ad ame the files ad services associated with it. 4. O the Ports page, specify the commuicatios ports that the AD LDS istace uses to commuicate. AD LDS ca commuicate by usig both LDAP (389) ad Secure Sockets Layer (SSL) (636). 5. Withi the Applicatio Directory Partitio step, you ca create a applicatio directory partitio by clickig Yes, create a applicatio directory partitio. Or, you ca select No, do ot create a applicatio directory partitio. If you choose No, you must the create a applicatio directory partitio maually after the istallatio wizard. 6. O the File Locatios page, you ca chage the default istallatio directories for the AD LDS data ad recovery (log) files. By default, the AD LDS data ad recovery files are istalled i %ProgramFiles%\Microsoft ADAM\istaceame\data. 7. Withi the Service Accout Selectio page, you will select the service accout for AD LDS. The AD LDS service will ru uder this accout s security cotext. Like most etwork services, the Active Directory Lightweight Directory Services Setup Wizard defaults to the Network Service accout. LearSmart Cloud Classroom: Video Traiig Mauals

Maual Upgradig your MCSE o Server 2003 to Server 2008 (70-649) 1-800-418-6789 8. Select a user or group to become the default admiistrator for the AD LDS istace o the AD LDS Admiistrators page. This user/group will have full admiistrative cotrol of the AD LDS istace. By default, the Active Directory Lightweight Directory Services Setup Wizard specifies the curretly logged o user. 9. O the Importig LDIF Files page, you ca import schema LDAP Data Iterchage Format (LDIF) files, ad use them i the setup ad operatios of the istace. 10. The Ready to Istall allows you a opportuity to review your istallatio selectios. Click Next, ad the Active Directory Lightweight Directory Services Setup Wizard copies files ad sets up AD LDS o your computer. Click Fiish whe doe. Directory Rights Maagemet Service (AD RMS) Backgroud ad Cofiguratio The Active Directory Rights Maagemet Service provides a framework to create solutios to protect iformatio. It works had i had with AD RMS-eabled applicatios to protect sesitive iformatio by providig cosistet usage policies ad rights maagemet for several cotet types icludig office documets, web sites, itraet cotet ad email. Like may of the other ehacemets i Widows Server 2008, it provides developers ad applicatios the developmet hooks to add iformatio protectio fuctioality. The AD RMS protects ad maages iformatio through the followig elemets: Trusted Etities These etities ca be specified, ad iclude: applicatios, users, groups ad computers that are a trusted part of a AD RMS system. These etities are the grated rights to specific cotet. Usage coditios ad rights Oce trusted etities are established, they ca the be assiged rights ad coditios that specify how they ca iteract with specific rights protected cotet. Specific rights ca iclude save, forward, read, write, copy prit, etc. Alog with rights, certai coditios ca be specified that add a additioal dimesio to the cotrol. A example of a coditio would be a rights expiratio date. Ecryptio Ecryptio allows data to be locked through the use of a electroic key, ad provides aother level of validatio of the trusted etity. Decryptio of cotet by users with appropriate rights ca be accomplished through the user of a browser or applicatio that is AD RMS eabled. There are several ways to implemets AD RMS: Iteral use At its simplest, AD RMS is used to maage ad protect the rights o iteral documets. It ca provide a vehicle to protectig cotet from uauthorized employee access, protect cotet that is copied to USB hard drives ad eve prevet uauthorized email distributio. Iteral ad Exteral use While AD RMS ca be used just to protect iformatio ad cotet withi a orgaizatio, it ca also be used i sharig cotet with trusted parters ad third parties. Oce agai, oly privileges/rights authorized ca be used o specific cotet. LearSmart Cloud Classroom: Video Traiig Mauals

Maual Upgradig your MCSE o Server 2003 to Server 2008 (70-649) 1-800-418-6789 The AD RMS provides a hierarchy of maaged etities to provide persistece of policies across all maaged etities: AD RMS Deploymet this is the overall process by which ADRMS is deployed across a orgaizatio. AD RMS Web Services this provides a commuicatio medium for computers withi a AD RMS cluster. AD RMS Loggig Service this rus o each computer withi a cluster ruig AD RMS ad provides loggi iformatio from which reports ca be geerated. Server 2008 provides may ew features that were abset i previous versios of the Widows Rights Maagemet Services (RMS). The ew features were added to exted the use of the service beyod your orgaizatio ad ease the admiistrative overhead. The ew features provided by 2008, iclude: Microsoft Maagemet Cosole (MMC) admiistrative iterface earlier versios of RMS used a web iterface, which was difficult to maage. Istallatio The AD RMS is provided as a server role i 2008, providig simplified istallatio, ad maagemet. The server role automatically istalls all required services, icludig message queuig ad IIS. AD RMS server self-erollmet the erollmet process is ow all doe locally, removig the requiremet for havig to coect to MS Erollmet Services. Additioal admiistrative roles that allow for resposibility delegatio three ew roles: AD RMS Eterprise Admiistrators AD RMS Template Admiistrators AD RMS Auditors Active Directory Federatio Services (AD FS) itegratio AD FS allows orgaizatios to collaborate with exteral etities with their rights-protected cotet without the eed for AD RMS deploymet i both locatios. AD RMS server role A AD RMS system performs the followig processes, ad icludes cliet ad server pieces: Creatig rights templates ad rights-protected files Cetralized templates ca cotrol usage, ad provide a seamless ad efficiet way to stadardize the applicatio of privilege through policy. Licesig of rights-protected iformatio Provides a mechaism to issue certificates ad idetify trusted etities. Oce trusted, a user/group/service ca the publish rights protected cotet ad assig rights to protect that cotet. These rights are the pervasive, ad persist iterally ad exterally. Licesig for the decryptio of rights-protected cotet Liceses ca be issued to etities which are the iterpreted, ad applied to the cotet to provide adequate access. LearSmart Cloud Classroom: Video Traiig Mauals

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information