Skip to main content

What is Active Directory?

What is Active Directory?


Active Directory (AD) is a Microsoft technology used to manage computers and other devices on a network. It is a primary feature of Windows Server, an operating system that runs both local and Internet-based servers. Active Directory allows network administrators to create and manage domains, users, and objects within a network. For example, admin can create a group of users and give them specific access privileges to certain directories on the server. As a network grows, Active Directory provides a way to organize a large number of users into logical groups and subgroups, while providing access control at each level.

The Active Directory structure includes three main tiers: 1) domains, 2) trees, and 3) forests. Several objects (users or devices) that all use the same database may be grouped in to a single domain. Multiple domains can be combined into a single group called a tree. Multiple trees may be grouped into a collection called a forest. Each one of these levels can be assigned specific access rights and communication privileges.

Active Directory provides the following network services:

Lightweight Directory Access Protocol (LDAP) – An open standard used to access other directory services

Hierarchical and internal storage of organizational data in a centralized location for faster access and better network administration
Security service using the principles of Secure Sockets Layer (SSL) and Kerosene-based authentication.
Domain consists of objects stored in a specific security boundary and interconnected in a tree-like structure. A single domain may have multiple servers – each of which is capable of storing multiple objects. In this case, organizational data is stored in multiple locations, so a domain may have multiple sites for a single domain. Each site may have multiple domain controllers for backup reasons. Multiple domains may be connected to form a Domain Tree, which shares a common schema, configuration and global catalog (used for searching across domains). A Forest is formed by a set of multiple and trusted domain trees and forms the uppermost layer of the Active Directory.
Active Directory is internally structured with a hierarchical framework. Each node in the tree-like structure is referred to as an object and associated with a network resource, such as a user or service. Like the database topic schema concept, the Active Directory schema is used to specify attribute and type for a defined Active Directory object, which facilitates searching for connected network resources based on assigned attributes. For example, if a user needs to use a printer with color printing capability, the object attribute may be set with a suitable keyword, so that it is easier to search the entire network and identify the object's location based on that keyword

History

Active Directory, like many information-technology efforts, originated out of a democratization of design using Request for Comments or RFCs. The Internet Engineering Task Force (IETF), which oversees the RFC process, has accepted numerous RFCs initiated by widespread participants. Active Directory incorporates decades of communication technologies into the overarching Active Directory concept then makes improvements upon them. For example, LDAP underpins Active Directory. Also X.500 directories and the Organizational Unit preceded the Active Directory concept that makes use of those methods. The LDAP concept began to emerge even before the founding of Microsoft in April 1975, with RFCs as early as 1971. RFCs contributing to LDAP include RFC 1823 (on the LDAP API, August 1995), RFC 2307, RFC 3062, and RFC 4533.
Microsoft previewed Active Directory in 1999, released it first with Windows 2000 Server edition, and revised it to extend functionality and improve administration in Windows Server 2003. Additional improvements came with subsequent versions of Windows Server. In Windows Server 2008, additional services were added to Active Directory, such as Active Directory Federation Services. The part of the directory in charge of management of domains, which was previously a core part of the operating system, was renamed Active Directory Domain Services (ADDS) and became a server role like others. "Active Directory" became the umbrella title of a broader range of directory-based services. According to Bryon Hynes, everything related to identity was brought under Active Directory's banner.

Active Directory Services

Active Directory Services consist of multiple directory services.

Federation

Active Directory Federation Services (AD FS) is a single sign-on service. With an AD FS infrastructure in place, users may use several web-based services or network resources using only one set of credentials stored at a central location, as opposed to having to be granted a dedicated set of credentials for each service.

Rights Management

Active Directory Rights Management Services  is a server software for information rights management shipped with Windows Server. It uses encryption and a form of selective functionality denial for limiting access to documents such as corporate e-mails, Microsoft Word documents, and web pages, and the operations authorized users can perform on them.

Certificate 

Active Directory Certificate Services (AD CS) establishes an on-premises public key infrastructure. It can create, validate and revoke public key certificates for internal uses of an organization. These certificates can be used to encrypt files (when used with Encrypting File System), emails (per S/MIME standard), and network traffic.

Lightweight Directory

Active Directory Lightweight Directory Services, formerly known as Active Directory, Application Mode is a light-weight implementation of active directory lightweight directory.

Domain 

Active Directory Domain Services is the cornerstone of every Windows domain network. It stores information about members of the domain, including devices and users, verifies their credentials and defines their access rights. The server running this service is called a domain controller. A domain controller is contacted when a user logs into a device, accesses another device across the network.
What is Active Directory?

Physical structure

Sites are physical (rather than logical) groupings defined by one or more IP subnets. AD also holds the definitions of connections, distinguishing low-speed (e.g., WAN, VPN) from high-speed (e.g., LAN) links. Site definitions are independent of the domain and OU structure and are common across the forest. Sites are used to control network traffic generated by replication and also to refer clients to the nearest domain controllers (DCs). Microsoft Exchange Server 2007 uses the site topology for mail routing. Policies can also be defined at the site level.
Physically, the Active Directory information is held on one or more peer domain controllers, replacing the NT PDC/BDC model. Each DC has a copy of the Active Directory. Servers joined to Active Directory that are not domain controllers are called Member Servers. A subset of objects in the domain partition replicate to domain controllers that are configured as global catalogs. Global catalog (GC) servers provide a global listing of all objects in the Forest. Global Catalog servers replicate to themselves all objects from all domains and hence, provide a global listing of objects in the forest. However, to minimize replication traffic and keep the GC's database small, only selected attributes of each object are replicated. This is called the partial attribute set (PAS). The PAS can be modified by modifying the schema and marking attributes for replication to the GC. Earlier versions of Windows used NetBIOS to communicate. Active Directory is fully integrated with DNS and requires TCP/IP—DNS. To be fully functional, the DNS server must support SRV resource records, also known as service records.
Labels:
Location: Aurangabad, Maharashtra, India

Comments

Post a Comment

Popular posts from this blog

Difference between bandwidth and latency

Difference between bandwidth and latency Difference between bandwidth and latency is something that confuses a lot of people, but if you are an IT person it would be useful to know the difference between the two because sooner or later you will face a network problem related to it. Part of the confusion has been created by Internet providers by always recommending increase of bandwidth to Internet speed related problem, but as we will see, an Internet connection speed is not always dictated by bandwidth. This part is very important. What is difference between bandwidth and latency? I will give you an analogy to make it easier to understand it if you are still confused. Imagine a highway with 4 lanes where the speed limit is 70 mph. Now on the Internet, bandwidth is the highway, and latency is the 70 mph speed limit. Now if you want to increase the amount of cars that travels through the highway you can add more lanes, but because the highway has too many curves, and
Post a Comment
Read more

10 things that android phones can do, apple iPhone can`t do

10 things that android phones can do, apple iPhone can`t do Android and iOS both operating systems offer a lot of features (most of them commonly found in both), there are always a few that are exclusively available on that OS. Here are 10 such features available on Android, but missing from iPhones' operating system. Instant app: test apps before downloading This feature allows users to test the apps before they decide to download. Compatible with all Android devices operating on Jelly Bean or higher, this feature is still missing for iPhones. Set DATA Limit alerts  In the settings option of your Android smartphone, users have the choice to set data limit with a mode called the Data Saving Mode. This allows users to limit the background data consumption in case there is a dearth of available data. And you cannot set limit in iPhone.  Records phone apps  Thanks to the customized UIs of the various Android smartphones, the option to record a call is prese
Post a Comment
Read more

What is DNS?

What is DNS? The Domain Name System (aka DNS) is used to resolve human-readable hostnames like www.notesshow.blogspot.in into machine-readable IP addresses like 204.13.248.115. DNS also provides other information about domain names, such as mail services. But why is DNS important? How does it work? What else should you know? History of the DNS When the Internet was still in its infancy when you wanted to visit a website you had to know the IP address of that site. That’s because computers are and were only able to communicate using numbers. It’s long, hard to remember, and we (humans, I presume) are not robots. We needed a way to translate computer-readable information into human-readable. And it had to be fast, lightweight. DNS In the early 1980’s, Paul Mockapetris came up with a system that automatically mapped IP addresses to domain names. And the DNS was born. This same system still serves as the backbone of the modern Internet, today. And yet, only a small subs
Post a Comment
Read more