Month: September 2014

Security Token Service Integration using WS Protocols

sainath Active Directory, Microsoft Azure

Details:

There are three documents in this download associated with interoperability for the Works with Office 365 – Identity program. First is the paper that details the agreement for STSs to Interop with Azure Active Directory using the WS-Federation and WS-Trust protocols. The second is the paper which specifies the scenarios for STS testing that Microsoft use for qualification in the Works with Office 365 – Identity program. The third is the program guide for partners for the Works with Office 365 – Identity program. This enables use of a third party Identity Provider to be used for authentication by Office 365 and other Microsoft services that use Azure Active Directory.

Download Link:

http://www.microsoft.com/en-us/download/details.aspx?id=41185

Active Directory Partitions and Replicas In a Forest

sainath Active Directory ,

Active Directory Partitions and replicas form firm foundation for Active Directory Replication. For any enterprise Active Directory infrastructure, there will be 10’s to 100’s of Domain Controllers spanned across different sites supporting multiple Active Directory Domains in a Forest.

Below table lists Active Directory Partitions and its roles.

 

Serial Number Active Directory Partition Forest Wide Domain Wide What does it store Replication
1 Configuration Partition Yes. only one Configuration partition per Forest Store information about Sites, services , extended permissions etc.. Replicate across all Domain controllers in the Forest
2 Schema Partition Yes. only one Schema partition per Forest Schema definitions, classes , attribute definitons of all AD Objects Replicate across all Domain controllers in the Forest
3 Domain Partition Yes. One Per Domain Stores user objects, Computer objects , Organizational Units, Groups etc.. Replicated only to Domain controllers within Domain
4 Domain Partition (Global Catalog) Yes. One Per Domain Stores partial set of attributes from different directory partitions ( domains) Replicated across all Domain controllers in the Forest
5 Application Partition Yes. Any number of Application Partitions Stores application specific data Replicated across specific Domain Controllers in the Forest

 

 
With the information above, we will do a little math on a conceptual Organization which is spread across different sites and having two Active Directory Domains in a AD Forest.

Solution Architecture Diagram 

 

 

AD Forest

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Active Directory Replica Chart

Domain AD Sites Domain Controller Configuration Partition Schema Partition Domain Partition A  Domain Partition B
Domain A Primary Site Global Catalog PS Full Replica Full Replica Full Replica Partial Replica
Domain A Primary Site Domain Controller 1 PS Full Replica Full Replica Full Replica
Domain A Primary Site Domain Controller 2 PS Full Replica Full Replica Full Replica
Domain A Branch Site 1 Global Catalog BS1 Full Replica Full Replica Full Replica Partial Replica
Domain A Branch Site 1 Domain Contorller BS1 Full Replica Full Replica Full Replica
Domain A Branch Site 2 Global Catalog BS2 Full Replica Full Replica Full Replica Partial Replica
Domain A Branch Site 2 Domain Controller BS2 Full Replica Full Replica Full Replica
             
Domain B Primary Site Global Catalog PS Full Replica Full Replica Partial Replica Full Replica
Domain B Primary Site Domain Controller PS Full Replica Full Replica Full Replica
Domain B Branch Site 1 Global Catalog BS1 Full Replica Full Replica Partial Replica Full Replica
Domain B Branch Site 1 Domain Contorller BS1 Full Replica Full Replica Full Replica
Domain B Branch Site 2 Global Catalog BS1 Full Replica Full Replica Partial Replica Full Replica
Domain B Branch Site 2 Domain Contorller BS1 Full Replica Full Replica Full Replica