Feb 25, 2021
Dummy Active Directory Infrastructure Setup for Police Association.
A dummy setup
Mentioned are the Requirements that are required to be settled up by the business end.
Since this is a dummy setup model, configuring the mentioned services will still be out of scope for the blog, explanation of setting up the services can be a part of next blog, in continuation.
Requirements further include:
Regular Monitoring of
IP Allotment, Vlans, VPN, Encryptions and Security protocols, Database and Server Instance managements.
We will have an ADDS (Active Directory Domain Server) which will create a root domain ‘KPA.COM’(Karnataka Police Association).
whose members include :
KPAdmin (Administrator) , members of this group will be authorized with root domain server rights and previlege to configure the Domain Controllers.
Each OU will have respective users and groups who will be delegated respective rights.
Considering example as Sagar be an inspector , his Identity will be defined as KPA\Sagar , which is an identity given inspector rights.
Now let us get familiar with the domain topology:
The Child Domains will have groups and users will be web app handlers who will take care of their respective domains.
eg: Rohit is a user who is in development department of the application,
then his user id will be something like rohit@dev.kpa.com, where Rohit is his identity name @ domain name.
Similar with Production and Quality, eg: Omkar@prod.kpa.com or Neeraj@qa.kpa.com, each given their domain access rights respectively.
To manage the outlook manager, Exchange server will proved mail-id to users, delegating them and to settle a communication (Internal mail-based) among users.
Exchange Servers will have users/groups as ExManagers.(Exchange Managers). These Exchange Managers will be an OU in the root AD Domain.
And The exchange server will provide a mail id to each of the members, and based on the respectorals of the position of each member, their access rights can be defined in exchange directory as policies.
To Mange IIS Server (Internet website hosting), we will have an another OU as IISManagers, Suppose there has to be an internal web page that has to be accessed and posted internally by the domain users, that web page hosting, naming will be handled by IIS manager users.
For every web app or site or page to be hosted a co-ordination with the DNS team will be required for DNS and reverse DNS resolutions.
To Manage DHCP Servers and DNS Servers we have another OU as NetManager.
These Servers will be handled by the networking department, where the score of IP and time out will be selected by team and DHCP will distribute it.
So with DNS a forward lookup and reverse lookup zone will be defined. These NetManager OU Users will also be responsible for failover or network backup and IPAM(Internet Protocol Address Management and Secondary DNS)
All this is a part of Infrastructure setup of Domain Controllers.
Now that every setting from infrastructure are already handled.
Now with the web app or SAP app, user need to log in with the assigned credentials:
Login Id → KPA\Radhika
Mail Id → radhika.ias@kpa.com
Once he logs in the application , he is authenticated and now he can see the data, can update accessible fields and can access detailed records.
Instead of simple signing in , we can use SSO (Single Sign On) using AD , LDAP and Kerberos, but this will be just an add on to the already complete set up of infrastructure.
