What Is Active Directory and How Does It Work on Windows [MiniTool Wiki]
What is Active Directory
First, what is Active Directory? Active Directory (AD) is a directory service for use in a Windows Server environment, which is developed by Microsoft. Active Directory is Microsoft's own directory service for Windows domain networks.
It is a distributed hierarchical database structure that shares infrastructure information. What is Active Directory used for? It is used to find, protect, manage, and organize computer and network resources, including files, users, groups, peripheral devices, and network devices. It provides authentication and authorization functions and provides a framework for other such services.
Active Directory Domain Services
The following are 4 main Active Directory Domain Services.
Active Directory Lightweight Directory Services
Active Directory Lightweight Directory Services eliminates some complexity and advanced features and provides only basic directory service functions without the use of domain controllers, forests, or domains. It is usually used in a small, single office network environment.
Active Directory Certificate Services
The digital certificate services are provided by Active Directory Certificate Services and public key infrastructure or PKI are supported by it. It can be used to store, verify, create and revoke public key credentials used for encryption instead of generating keys externally or locally.
Active Directory Federation Services
Active Directory Federation Services provides web-based single, sign-on authentication and authorization services primarily used throughout the organization. Therefore, the contractor may log into his network and be authorized to access his access rights on the client network.
Active Directory Rights Management Services
Active Directory Rights Management Services can decompose authorization into models that exceed granted or denied access rights, and restrict users' operations on specific files or documents. Rights and restrictions are attached to the document, not the user. These permissions are usually used to prevent printing, copying or taking screenshots of documents.
How Does Active Directory Work
How does Active Directory work? Active Directory Domain Services uses a hierarchical layout of domains, trees, and forests to coordinate network elements. A domain is a group of objects that share the same AD database, such as users or devices. Domain has a Domain Name System (DNS) structure.
A tree is one or more domains grouped together. The tree structure uses a contiguous namespace to collect a collection of domains in a logical hierarchy. You can think of a tree as a trust relationship where a secure connection or trust is shared between two domains.
You can trust multiple domains, one domain can trust the second domain, the second domain can trust the third domain. Due to the hierarchical nature of this setting, the first domain can implicitly trust the third domain without explicit trust.
A forest is a group of trees. The forest consists of a shared directory, directory structure, application information, and domain configuration. This pattern defines the class and properties of objects in the forest. In addition, the global catalog server provides a list of all objects in the forest.
Users, groups, and devices are organized by Organizational Units (OUs). Each domain has its own OU. However, the OU cannot have a separate namespace because each user or object in the domain must be unique.
How to Use Active Directory
How to use Active Directory? If you want to learn about it, continue to read this post. Network administrators use Active Directory to simplify network maintenance in large organizations. The network administrator does not need to perform the update manually but can update an object in a single process.
Network administrators also use Active Directory to allow or deny end-users access to specific applications through trees in the network. Besides, they are used to maintain the organization and maintenance of large networks without having to perform each task through a single process.
In conclusion, this post has introduced some information about Active Directory. You can know what know Active Directory is and how does it work. Besides, you can learn some other services of Active Directory Domain Services.