What is Active Directory?

What is Active Directory?

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It provides a centralized way to manage and organize network resources such as users, computers, printers, and more. Here are the core components and functionalities of Active Directory:

Key Components:

1. Domain Services (AD DS:
•User and Computer Accounts: AD DS manages user credentials and provides authentication and authorization for users and computers within a domain.
•Organizational Units (OUs): These are containers used to organize objects within a domain. They help in applying policies and delegating administrative tasks.
•Groups: AD DS allows you to group users and computers to simplify management and apply permissions.

2. Domain Controllers (DCs):
->These servers hold a copy of the AD DS database and are responsible for authenticating users and enforcing policies. They replicate changes to other DCs within the domain.

3. Global Catalog:
->A distributed data repository that contains information about every object in the AD forest. It helps with searching and locating objects across domains.

4. Schema:
->Defines the structure of the directory, including the types of objects that can be stored and the attributes they can have.

5. Trusts:
->These are relationships established between different domains or forests that allow users in one domain to access resources in another.

Key Functions:

1. Authentication:
->AD verifies user credentials when they log in to a network, ensuring they are who they claim to be.

2. Authorization:
->AD manages permissions and access controls, determining what resources a user can access and what actions they can perform.

3. Policy Enforcement:
->Through Group Policy Objects (GPOs), AD allows administrators to enforce security settings and configurations across all computers and users in the domain.

4. Centralized Management:
->Administrators can manage user accounts, group memberships, and policies from a central location.

5. Directory Services:
->AD provides a hierarchical database of network objects, which can be queried to find and manage resources.

Additional Services:

• Active Directory Lightweight Directory Services (AD LDS): Provides directory services for applications without the need for AD DS.
• Active Directory Federation Services (AD FS): Offers single sign-on (SSO) and identity federation across organizational boundaries.
• Active Directory Certificate Services (AD CS): Manages digital certificates and public key infrastructure (PKI).

Active Directory is a fundamental component for managing large networks and is widely used in enterprise environments to maintain security, streamline administration, and provide a structured approach to managing network resources.

How to Install Active Directory?

Before installation first change the hostname of the domain controller as it will make pinging it easier in a later step.

The exact location depends on your Windows version:

• Settings > System > About > Rename PC.
• Control Panel > System and Security > System > Change Setting.

On my side I’ve set the domain controller name to marvel. Choose any name you like.

Enable the Active Directory Domain Services.

To add an Active Directory server:

1. Open Server Manager.
2. Select “Add Roles and Features”.

In the server roles options, select “Active Directory Domain Services”. When prompted by the pop-up screen, click “Add Features” to proceed.

Similarly, add the “DNS Server” role by selecting it in the server roles options and clicking “Add Features” when prompted.

Next, click “Next” to proceed to the configuration page. Here, select “Install” to start the installation and initiate the download process.

Upon completion of the installation, the results page will display a feature installation notification. Click “Promote this server to a domain controller” to proceed. This action will redirect you to the Domain Controller Configuration page.

On the Domain Controller Configuration page, select “Add a new forest” and enter your desired root domain name (e.g., “marvel.local”). After entering the domain name, click “Next” to continue.

Next, set the Directory Services Restore Mode (DSRM) password, and then click “Next” to proceed.

In the “Additional Options” section, the NetBIOS domain name will be automatically displayed (e.g., “MARVEL0”). Click “Next” to continue.

In the “Paths” section, you can modify the default paths if needed. Once you have made any necessary changes, click “Next” to proceed.

In the “Prerequisites Check” section, click “Install” to begin the installation. Wait for the process to complete. Upon finishing, the system will automatically restart.

After logging into the system, open Server Manager, click on “Tools” on the right-hand side, and then select “Active Directory Users and Computers” from the dropdown menu.

In Active Directory Users and Computers, navigate to the “Users” container. Right-click on the “Administrator” account and select “Copy” from the context menu.

Enter the user details, including First Name, Last Name, and User Logon Name. Click “Next” to proceed.

Set the user password and then click “Next” to continue.

Next, go to Server Manager, click on “Tools”, and select “DNS”.

In the DNS Manager, expand the “Reverse Lookup Zones” folder. Right-click on it and select “New Zone” to create a new reverse lookup zone.

Enter the Network ID for the reverse lookup zone and then click “Next”.

In the “Reverse Lookup Zones” section, right-click and select “New Pointer (PTR)” to create a new PTR record.

Enter the IP address of the system and click “OK” to create the PTR record.

On the user system, change the DNS server settings to the domain’s IP address. Then, set the computer to be a member of the domain “MARVEL0”. Click “OK” to apply the changes.

Enter the credentials for the user account that you created earlier to complete the domain joining process.

Verify that the domain name is set to “marvel.local” to ensure that the system is correctly joined to the domain.

Creating and Linking a Group Policy Object (GPO) in Active Directory

To set policies, go to Server Manager, click on “Tools”, and then select “Group Policy Management”.

In the Group Policy Management screen, select “Group Policy Objects”. Right-click on it and choose “New”. Enter a name for the new Group Policy Object (GPO) and click “OK”.

Right-click on the newly created Group Policy Object and select “Edit” to configure the policy settings.

First, navigate to the policy you wish to apply. Double-click on it, select “Enabled”, and then click “Apply” followed by “OK”.

You can verify the state of the policy to ensure it is enabled by checking its status in the Group Policy Management Editor.

To link the policy to the user:

1. Navigate to the Organizational Unit (OU) where you want to apply the policy.
2. Right-click on the OU and select “Link an Existing GPO”.
3. Choose the newly created Group Policy Object (GPO) and click “OK”.

You can confirm that the policy has been successfully applied to the user by checking the “Linked Group Policy Objects” section in the Organizational Unit (OU) properties.

Upon switching to the user and opening Command Prompt, you will see a message indicating that “cmd is disabled by administrator”. Pressing any key will prompt for administrator credentials, confirming that the policy has been successfully applied.

Similarly create one more policy for prohibit TCP/IP.

As we click on properties to change the TCP/IP.

A pop-up window will appear, prompting you to enter administrative credentials to authorize the changes.

CONCLUSION:

Active Directory is essential for managing user accounts, resources, and security policies within a network. Effective setup is only the beginning; ongoing maintenance and security are critical for ensuring its reliability. Adhering to best practices — such as regular backups, applying the latest updates, and enforcing strong password policies — is crucial for maintaining and securing Active Directory.

In summary, with proper setup and diligent maintenance, Active Directory serves as a vital tool for creating a secure and efficient network environment.