The Experts below are selected from a list of 27 Experts worldwide ranked by ideXlab platform
Susan Snedaker - One of the best experts on this subject based on the ideXlab platform.
-
Ensuring Active Directory Availability
The Best Damn Windows Server 2003 Book Period, 2004Co-Authors: Susan SnedakerAbstract:The chapter explains how to maintain high availability of Active Directory services. It illustrates the Active Directory Database, and explains the importance of system state data to Active Directory availability. It also discusses fault tolerance plans as well as Active Directory performance issues. The Active Directory service is based on a transactional Database system. The term “transactional” refers to the transaction logs that enable a system have robust recovery and data tracking in the event of unscheduled hardware outages, data corruption, and other problems that can arise in a complex network operating system environment. The Extensible Storage Engine (ESE) lies at the heart of the Active Directory Database system. Changes to the Active Directory Database on a domain controller (DC) occur through two primary means: an administrator creates, deletes, or updates objects in the Database, and replication information, which contains new objects, deletion requests, or changes to existing objects, is received from other DCs. When changes to the Database occur, the ESE captures each change as a single unit known as a transaction. A transaction contains the changed data and a set of metadata. The chapter also explains how to troubleshoot Active Directory availability problems.
-
Ensuring Active Directory Availability
The Best Damn Windows Server 2003 Book Period, 2004Co-Authors: Susan SnedakerAbstract:The chapter explains how to maintain high availability of Active Directory services. It illustrates the Active Directory Database, and explains the importance of system state data to Active Directory availability. It also discusses fault tolerance plans as well as Active Directory performance issues. The Active Directory service is based on a transactional Database system. The term “transactional” refers to the transaction logs that enable a system have robust recovery and data tracking in the event of unscheduled hardware outages, data corruption, and other problems that can arise in a complex network operating system environment. The Extensible Storage Engine (ESE) lies at the heart of the Active Directory Database system. Changes to the Active Directory Database on a domain controller (DC) occur through two primary means: an administrator creates, deletes, or updates objects in the Database, and replication information, which contains new objects, deletion requests, or changes to existing objects, is received from other DCs. When changes to the Database occur, the ESE captures each change as a single unit known as a transaction. A transaction contains the changed data and a set of metadata. The chapter also explains how to troubleshoot Active Directory availability problems.
-
Working with Domain Controllers
The Best Damn Windows Server 2003 Book Period, 2004Co-Authors: Susan SnedakerAbstract:The chapter discusses domain controllers (DCs). Implementing and managing DCs is an important part of the network administrator's job because DCs play such a vital role in the operation of the network. A domain is a logical entity containing potentially millions of objects, while a DC is simply a computer running Windows Server 2003 with a copy of the Active Directory Database. This server takes on a management role in granting or denying access to resources throughout the entire domain, not just those located on the physical machine. To provide acceptable connectivity performance, it is imperative that all users have adequate access to a DC close to their physical locations. A server that contains a copy of the Active Directory Database is a DC. A DC has domain responsibilities and those can interfere with other tasks. Because the Active Directory is the most important part of the domain, the DC will delay print job or file access until it is finished with its DC duties.
Robert R. King - One of the best experts on this subject based on the ideXlab platform.
-
Mastering Active Directory for Windows Server 2003
2003Co-Authors: Robert R. KingAbstract:From the Publisher: Master the Technology That Enables You to Master Network Management Active Directory represents an enormous advance in network administration. It provides a vast set of powerful tools and technologies for managing a network within a native Windows environment. Mastering Active Directory for Windows Server 2003 is the resource you need to take full advantage of all it has to offer. You get a sound introduction to network Directory services, then detailed, practical instruction in the work of implementing Active Directory and using all of its tools. This edition has been completely updated to address features new to Active Directory for Windows Server 2003. Coverage includes: Understanding the concept of a network Directory service Understanding benefits specific to Microsoft's Active Directory Analyzing business needs Designing your Active Directory environment Developing and executing a roll-out plan Securing the Active Directory Database Installing and configuring DNS under AD Creating users, groups, and objects Implementing group policies Modifying the Active Directory schema Controlling Active Directory sites Managing replication Performing backups and recoveries Migrating from both Windows NT and Novell environments Integrating Active Directory and Novell Directory Services About the Author Robert R. King-CNE, MCNE, CNI, MSCE, MCT, CCNA, and CCDA-is author or co-author of numerous Sybex books, including several MCSE Study Guides. A guest speaker at Comdex Atlanta and Comdex Las Vegas, Bob is Senior Systems Engineer for Cardinal Glass Industries and a long-time consultant and technical instructor.
-
Mastering Active Directory for Windows Server 2003
2003Co-Authors: Robert R. KingAbstract:From the Publisher: Master the Technology That Enables You to Master Network Management Active Directory represents an enormous advance in network administration. It provides a vast set of powerful tools and technologies for managing a network within a native Windows environment. Mastering Active Directory for Windows Server 2003 is the resource you need to take full advantage of all it has to offer. You get a sound introduction to network Directory services, then detailed, practical instruction in the work of implementing Active Directory and using all of its tools. This edition has been completely updated to address features new to Active Directory for Windows Server 2003. Coverage includes: Understanding the concept of a network Directory service Understanding benefits specific to Microsoft's Active Directory Analyzing business needs Designing your Active Directory environment Developing and executing a roll-out plan Securing the Active Directory Database Installing and configuring DNS under AD Creating users, groups, and objects Implementing group policies Modifying the Active Directory schema Controlling Active Directory sites Managing replication Performing backups and recoveries Migrating from both Windows NT and Novell environments Integrating Active Directory and Novell Directory Services About the Author Robert R. King-CNE, MCNE, CNI, MSCE, MCT, CCNA, and CCDA-is author or co-author of numerous Sybex books, including several MCSE Study Guides. A guest speaker at Comdex Atlanta and Comdex Las Vegas, Bob is Senior Systems Engineer for Cardinal Glass Industries and a long-time consultant and technical instructor.
Vitaly Osipov - One of the best experts on this subject based on the ideXlab platform.
-
Securing Active Directory
Special Ops, 2003Co-Authors: Vitaly OsipovAbstract:Publisher Summary Directory contains information about various types of objects. They are organized hierarchically into bigger logical units—containers, domains, and forests of domains. From a physical point of view, the Active Directory Database includes a set of files, which can be backed up and restored. Directory is tightly integrated with Domain Name Service (DNS). DNS is required on the network for Active Directory to be installed and to function. Active Directories publish their addresses using SVR RRs, where the name of the Active Directory service is mapped to the address of the domain controller (DC) offering the service. Lightweight Directory Access Protocol (LDAP) interfaces into Active Directory provide a good point for network reconnaissance. It is possible to obtain service locations and DC addresses by listing DNS zones or querying for specific names. LDAP (especially when domain runs in a mixed mode) also provides more information about a domain than is generally desirable from the security point of view. There are many cases when features, which are secure when used standalone, when combined produce a vulnerable configuration. Some examples are DHCP servers, which can do a lot of damage to the network if their placing is not well thought out. Replication of Active Directory can also produce a lot of network traffic when incorrectly planned. It also makes configuration errors reproduce throughout whole domain or a forest, sometimes leading to denial of service-type of attacks.
Perera M.s.p. - One of the best experts on this subject based on the ideXlab platform.
-
Web based system for Microsoft Active Directory reporting and event correlation using data mining
2008Co-Authors: Perera M.s.p.Abstract:A Dissertation submitted to the Department of Computer Science and Engineering for the MSc in Computer Science ; Partly readable CD-ROM available in Technical Services DivisionAbstract Microsoft Active Directory is very popular in large and medium scale organizations as a system for centralized management of users, desktops, servers, printers and mail boxes etc. This provides a centralized console for managing and viewing the objects very easily. The Active Directory data repository could be used to generate many management reports that would be useful for taking future management decisions and analyzing the health of the organization's security. Many events are generated as a result of user activities and status changes of the objects. These events are reflected on the Active directories and event logs. The correlation and outlier analysis of the events is important to filter out thousands of non critical events and be pro-Active on important critical events./ This thesis discusses generating management reports, by querying the Active Directory Database and providing real time alerts to system administrators on critical events, with the use of data mining techniques such as event correlation and outlier analysis./ The scope of the event analysis is limited to data generated in the Microsoft Active Directory. Keywords: Microsoft Active Directory, MS AD, Event Correlation, AD Reports, Outlier Analysis, Event Log Clustering
Dufva Otto - One of the best experts on this subject based on the ideXlab platform.
-
Verkkolaitteiden etähallinnan todentaminen
Kymenlaakson ammattikorkeakoulu, 2014Co-Authors: Dufva OttoAbstract:Tämän opinnäytetyön tavoitteena oli luoda Kyamkin ICT-LABin tietoverkkoon aktiivilaitteiden hallintayhteyksiä valvova keskitetty käyttäjien todentamisratkaisu. Sillä oli tarkoitus parantaa verkkolaitteiden tietoturvaa merkittävästi. Tietoverkkoihin kohdistuvien uhkien lisääntyminen on tehnyt verkkojen ja tietojen turvaamisesta entistä haastavampaa. Verkkoturvallisuuden ylläpitämien vaatii verkon ylläpitäjiltä yhä enemmän huomiota kaikilla verkon osa-alueilla. Kymenlaakson am-mattikorkeakouluun tuleva kyberturvallisuuslaboratorio asettaa uusia vaatimuksia myös koko muun verkon tietoturvalle. Kyamkin Tietotekniikan tuotantoverkossa verkkolaitteiden hallintayhteyksiin liittyvä käyttäjien kirjautumisen valvonta toteutettiin ottamalla käyttöön RADIUS-todentaminen. Palvelimena toimii Microsoftin Network Policy Server, joka on Win-dows Server 2008 R2 -palvelinkoneessa. Käyttäjätietokantana toimii samassa koneessa pyörivä Active Directory -tietokanta, johon luotiin uusi käyttäjäryhmä. Vain siihen kuuluvien henkilöiden on sallittua muodostaa hallintayhteys verkon laitteisiin. Tähän ryhmään voidaan helposti tarpeen tullen lisätä tai poistaa käyttäjiä. Opinnäytetyön tuloksena tuotantoverkon tietoturva parani huomattavasti, koska aktiivilaitteiden hallintayhteyksien muodostamista voidaan nyt rajata ja tapahtuneet kirjautumiset tallentuvat tietokantaan. IPv4-osoitteilla todennus saatiin toimimaan luotetta-vasti, mutta IPv6-verkon osalta toteutus jäi tekemättä.The goal of this study was to create a centralized user authentication for the management access of the network devices in KyUAS ICT-LAB’s network devices. This was to increase the security of network devices significantly. The growth of threats against networks has made securing of networks and information more demanding. Maintaining network security requires more attention from the network administrator in all sections of the network. The upcoming cyber security laboratory in Kymenlaakso UAS sets new security requirements for the rest of the network. RADIUS-authentication was implemented into the network devices of Kymenlaakso UAS Information Technology department’s production network to control management access. The server is Microsoft Network Policy Server that runs on a Windows Server 2008 R2 server. The user Database is the Active Directory Database that runs on the same machine. A new user group was created into the existing Database. Only members of this group are granted management access to the network devices. User can be easily added and removed to this group if needed. As a result, the production network’s security was improved greatly by limiting management access to the devices and logins are recorded in the Database. The authentication was implemented reliably by using IPv4-addresses, but implementation to the IPv6 section of the network was not made