Active Directory

Active Directory (AD) is a directory service developed by Microsoft that functions as a centralised and standardised system for managing and organising information about network resources, such as computers, users, groups, printers, applications, and other devices. It is a crucial component in Windows-based networks and plays a core role in identity and access management.

What are the key elements within Active Directory?

Directory Database Storage

Active Directory stores information in a hierarchical, distributed database. This database includes objects such as users, groups, computers, and organisational units (OUs).

Domain Organisation

A domain is a logical grouping of network objects, such as computers and users, that share a common directory database. Active Directory supports the organisation of objects into domains for easier management.

Forest Authentication

A forest is a collection of one or more domains that share a common schema, configuration, and global catalog. Domains within a forest trust each other, allowing for seamless authentication and resource access.

Domain Controls and Authentication

Servers running the Active Directory Domain Services (AD DS) role are called domain controllers. They are responsible for authenticating users, enforcing security policies, and maintaining the directory database.

Organisational Unit (OU) Management

An OU is a container within a domain that allows administrators to organise and apply group policies to sets of users, groups, and computers. OUs provide a way to delegate administrative authority and apply policies selectively.

Secure Group Policies

Active Directory Group Policy allows administrators to define and enforce security settings and configurations for users and computers within a domain or OU. This helps in maintaining a consistent and secure network environment.

Global Catalog Search

The global catalog is a distributed data repository that contains a partial replica of all objects in the entire forest. It facilitates searches for objects across domains.

LDAP (Lightweight Directory Access Protocol)

Active Directory uses LDAP for communication between clients and servers. LDAP is an industry-standard protocol for accessing and maintaining directory services.

Active Directory is fundamental for managing user authentication, access control, and resource management in Windows environments. It simplifies administration tasks, enhances security, and provides a scalable and organised structure for network management.