How Active Directory Works?

By -

 

Active Directory (AD) plays a crucial role in authentication and authorization in Windows-based networks. Here's how it works for authentication and authorization, along with an example and use case:

Authentication:

Authentication is the process of verifying the identity of a user or system attempting to access network resources. Active Directory uses various authentication protocols, with the most common being the Kerberos protocol.

Example:

Let's say a user named "John" wants to log in to his computer within the Example Corp network. Here's how Active Directory authentication works:

  1. User Credentials: John enters his username and password at the Windows login screen.

  2. Authentication Request: The computer sends an authentication request to a domain controller in the "example.com" domain, where Active Directory is hosted.

  3. Verification: The domain controller checks John's credentials against the user accounts stored in its database. If the username and password match, the user is considered authenticated.

  4. Kerberos Authentication: Active Directory uses the Kerberos authentication protocol to securely validate John's identity. This involves creating and exchanging tickets between the client (John's computer) and the domain controller.

  5. Access Granted: Once John's identity is verified, he is granted access to his computer, along with the resources and permissions associated with his user account.

Use Case:

Imagine a corporate network where employees need access to various resources like shared files, printers, and email. Active Directory authentication is crucial for ensuring that only authorized users can access these resources.

Use Case Scenario:

  1. File Share Access: The company has a file server where sensitive documents are stored. Access to these documents is restricted to specific departments. Active Directory is used to manage user accounts and group memberships.

    • Authorization: Active Directory groups are created for each department (e.g., "Sales," "Marketing"). Users are added to the appropriate groups based on their roles.
    • Resource Access: Access control lists (ACLs) on the file server's shared folders are configured to allow only members of the respective groups to access department-specific files.

  2. Printers: There are network printers throughout the office. Different departments need access to specific printers.

    • Authorization: Active Directory groups are created for printer access (e.g., "Finance_Printers," "HR_Printers").
    • Resource Access: Printers are shared on the network and configured to allow access only to members of the corresponding Active Directory groups.

  3. Email Access: The company uses Microsoft Exchange for email. Employees' email accounts are integrated with Active Directory.

    • Authentication: When employees access their email, Active Directory verifies their credentials to ensure only authorized users can access their email accounts.
    • Authorization: Mailbox permissions and distribution groups in Active Directory are used to control who can send emails to specific groups or access shared mailboxes.
    •  
    • ========================================================
    • Notes :

    • Authentication:Purpose: Authentication is the process of verifying the identity of a user, system, or entity attempting to access a particular resource or system. It answers the question, "Who are you?"

      Example: When you log in to your computer using your username and password, the system verifies that the provided credentials match those stored in its database. If they match, you are authenticated, and access to your user account is granted. 

      Authorization:Purpose: Authorization is the process of determining what actions or resources a properly authenticated entity is allowed to access or perform within a system. It answers the question, "What are you allowed to do?"

      Example: After successfully logging in to your computer (authentication), you are granted specific permissions based on your user account's role or group membership (authorization). For example, as an authorized user, you may have permission to read and write files in certain folders but not others 


    •  

       


    •  

Comments

Post a Comment

Popular posts from this blog

CCNA Router and Catalyst Switch IOS Command Reference

By -
CCNA Router and Catalyst Switch IOS Command Reference By Jamison Schmidt This reference guide provides router and switch commands to help you prepare for Cisco's CCNA certification exam. This guide covers IOS version 11 and higher. We will try to get VLSM and Supernetting commands added for the new 640-801 CCNA exam. Reference Quick Links Router Commands Show Commands Catalyst Commands Router Commands Terminal Controls: ·   Config# terminal editing - allows for enhanced editing commands ·   Config# terminal monitor - shows output on telnet session ·   Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks Host Name: ·   Config# hostname ROUTER_NAME Banner: ·   Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message Descriptions: ·   Config# description THIS IS THE SOUTH ROUTER - can be entered ...
Read more

Network Technologies

By -
Image
Common Networking Protocols TCP - TCP breaks data into manageable packets and tracks information such as source and destination of packets. It is able to reroute packets and is responsible for guaranteed delivery of the data. IP - This is a connectionless protocol, which means that a session is not created before sending data. IP is responsible for addressing and routing of packets between computers. It does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as TCP. UDP - A connectionless, datagram service that provides an unreliable, best-effort delivery. ICMP - Internet Control Message Protocol enables systems on a TCP/IP network to share status and error information such as with the use of PING and TRACERT utilities. SMTP - Used to reliably send and receive mail over the Internet. FTP - ...
Read more

About myself

By -
With a track record of delivering innovative IT solutions and optimizing technology infrastructure, Prashant Shrivastava is the driving force behind the organization's digital transformation journey from 2007. Expertise in ERP Implementation: Prashant Shrivastava brings a wealth of experience in Enterprise Resource Planning (ERP) implementation, having successfully overseen multiple projects. ERP systems are vital for streamlining business processes, enhancing data visibility, and improving decision-making. He possesses a deep understanding of ERP modules, such as finance, human resources, supply chain, and customer relationship management, ensuring seamless integration across all departments. Infrastructure Administration and System Administration: As a Head of IT, Prashant Shrivastava has a strong foundation in both Infrastructure and System Administration. This expertise includes managing servers, networks, databases, and ensuring the overall stability and security of the IT env...
Read more