Active Directory (AD) was introduced by Microsoft with Windows Server 2000 to perform directory services on Windows server domains. It is used to centrally manage the users, data, and devices in a network. It stores objects in a hierarchical structure for quick access by users/administrators. By using this, we can locate the files and folders on the domain without knowing their actual location of them. In simple terms, it is more like a telephone directory, or in modern times, like a Contacts app on your phone. And like the Contacts app help us find contacts and their details, the same way an AD helps us find objects and their related values, where the contact is the object and a phone number or email id of the contact is the value of the object.
AD is a repository of all the user and computer configurations in a domain and hence makes the management of resources easy. Every AD contains an AD forest and the forest can have one or many domains. An organizational unit (OU) is the lowest level in the hierarchy of an active directory. A collection of domains is called trees, and many trees combine to become a forest. This logical separation of a network helps in streamlining the operations of an AD and makes an AD manageable and scaleable.
Every domain contains domain controllers, which are the servers that run AD Domain Services, and participate in the replication of the data so that all domain controllers in the domain contain the same directory information, and also makes sure that the data is not replicated to an unintended device/user. A global catalogue is a domain controller that stores a copy of all the data in a domain and partial data of all the other domains in the same forest. An AD uses Kerberos authentication to add security by offering single sign-on (SSO) functionality, and by this, a user can sign on once to access multiple resources and services without the need to re-enter the credentials every time.
The rules for creating objects, which are used to store values in an AD, are defined in the schema of the AD, which is a blueprint of an AD. There is only one schema for every forest, nonetheless, every domain controller contains a copy of the schema to maintain consistency in a forest. AD uses DNS (Domain Name System) to help resolve the locations based on their logical address and assigned names.
An AD can offer various services like security and accessibility from a different network, in addition to the directory and storage services.
Click here for CCNA Certification