An Active Directory (AD) is a product developed by the Microsoft corporation consisting of several services that run on Windows Server to manage permissions and access to the networked resources. AD stores data as objects. An object could be a single element such as a user, group or application or a device such as a printer. It categorizes objects by name and attributes. For instance, the name of a user might include the name string, along with information associated with the user, such as passwords and Secure Shell (SSH) keys.
An Active Directory comprises several services namely the Lightweight Directory Services, Certificate Services, Federation Services and Rights Management Services each of which expands the product’s directory management capabilities of AD. Lightweight Directory Services (AD LDS) is a service platform that can run in multiple instances over one server and holds directory data in a data store using Lightweight Directory Access Protocol (LDAP) unlike AD DS. However, it shares similar functionalities such as the API and has the same codebase as AD DS. Certificate Services (AD CS) generates, manages and shares certificates that use encryption to enable a user to exchange information over the internet securely with a public key. Active Directory Federation Services (AD FS) is another service that authenticates user access to multiple applications over different networks using a single sign-on which requires the user to sign on only once rather than using multiple dedicated authentication keys for each service. Rights Management (AD RMS) controls information rights and management by encrypting content, such as email or Word documents over a server to limit access.
The main service of the Active Directory is a Domain Service abbreviated as AD DS, which handles the interaction of the user with the domain by storing their directory information. AD DS verifies access when a user signs in to a computer device or attempts to connect to a server over a network. It controls the access of the user to each resource. For instance, an administrator typically has a different level of access to data than an end-user. The server that hosts AD DS is termed as a domain controller. The major responsibility of the domain controller is to authenticate and authorize all users and computers in a Windows domain type network. It assigns and enforces security policies for all computers. When a user logs into a computer that is part of a Windows domain, the Domain Controller checks the submitted password and determines whether the user is a system administrator or a normal user. A domain is a group of objects, such as users or devices, that share the same Active Directory database.
The Active Directory Domain Services (AD DS) is a tiered layout consisting of domains, trees and forests to coordinate networked elements. Trees are one or more domains grouped together that uses a contiguous namespace to gather the collection of domains in a logical hierarchy where a secure connection, or trust, is shared between two domains. The first domain can implicitly trust the third domain without needing an explicit trust. A forest is a group of trees. It consists of shared catalogues, directory schemas, application information and domain configurations. The schema defines an object’s class and attributes in a forest whereas the global catalogue servers provide a listing of all the objects in a forest.
Info about Microsoft Exam