Active Directory (AD) is a directory service introduced in 2000 for Windows server environment. AD is a distributed, hierarchical database framework that shares information relating to an infrastructure for locating, managing, securing and organising of computers and other network resources such as files, users, peripherals, groups and network devices.
AD is the Window’s own directory service utilised in Windows domain networks. Basically, AD provides authentication and authorisation functions and acts as a framework for other such services. AD itself is a Lightweight Directory Access Protocol (LDAP) database which also consists of other network objects.
Since the first release of AD, Microsoft has added additional features under the AD banner. Such as:
- Active Directory Lightweight Directory Services
This is the light version of AD which is suitable for small businesses or organisations that have a single office network environment. AD lightweight directory services removes the complex and advanced functions to offer just the basic of functionality where there is no need of domain controllers, forests or domains.
- Active Directory Certificate Services (AD-CS)
AD certificate services offers digital certificates and supports Public Key Infrastructure (PKI). This service is used in AD domain networks to create, validate, store and even revoke public key credentials for encryption.
- Active Directory Federation Services (AD-FS)
AD FS provides a web based, single sign on authentication and authorisation services for domain objects that are located in different organisations.
- Active Directory Rights Management Services (AD-RMS)
AD RMS service is used as a rights management service that provides authorisation beyond an access granted or access denied model and has the capability of providing different limitations to what users can do with particular files or documents.
Active Directory structure
AD consists of four main logical and two main physical structures:
- Organisational Units (OUs)
- Domain Controllers
AD contains location information of network objects stored in the database, however Active Directory requires Domain Name Systems (DNS) in order to locate the domain controllers. Domain Controllers perform the key functions such as authentication and authorisation within the AD environment.
Every domain within the AD has a DNS domain name and every domain joined computer has a DNS name within that same domain.
AD uses multiple domain controllers to perform domain wide functions and availability of these domain controllers is crucial. Multiple domain controllers can be used for load balancing and fault tolerance purposes hence these domain controllers should have a complete copy of its own AD database. Ensuring that each domain controller has a copy of its own AD database is achieved through replication. Replication is limited by domain meaning different domain controllers on different domains cannot replicate on each other, even within the same forest.
For More info Click here