What are the components of Active Directory?
For the best web experience, please use IE11+, Chrome, Firefox, or Safari Show
Products ProductsBy Product CategorySolutions Solutions
About
Learn what AD is and how it works02:25Active Directory (AD) is a database and set of services that connect users with the network resources they need to get their work done. The database (or directory) contains critical information about your environment, including what users and computers there are and who’s allowed to do what. For example, the database might list 100 user accounts with details like each person’s job title, phone number and password. It will also record their permissions. The services control much of the activity that goes on in your IT environment. In particular, they make sure each person is who they claim to be (authentication), usually by checking the user ID and password they enter, and allow them to access only the data they’re allowed to use (authorization). Read on to learn more about the benefits of Active Directory, how it works and what’s in an Active Directory database. Benefits of Active DirectoryActive Directory simplifies life for administrators and end users while enhancing security for organizations. Administrators enjoy centralized user and rights management, as well as centralized control over computer and user configurations through the AD Group Policy feature. Users can authenticate once and then seamlessly access any resources in the domain for which they’re authorized (single sign-on). Plus, files are stored in a central repository where they can be shared with other users to ease collaboration, and backed up properly by IT teams to ensure business continuity. How does Active Directory work?The main Active Directory service is Active Directory Domain Services (AD DS), which is part of the Windows Server operating system. The servers that run AD DS are called domain controllers (DCs). Organizations normally have multiple DCs, and each one has a copy of the directory for the entire domain. Changes made to the directory on one domain controller — such as password update or the deletion of a user account — are replicated to the other DCs so they all stay up to date. A Global Catalog server is a DC that stores a complete copy of all objects in the directory of its domain and a partial copy of all objects of all other domains in the forest; this enables users and applications to find objects in any domain of their forest. Desktops, laptops and other devices running Windows (rather than Windows Server) can be part of an Active Directory environment but they do not run AD DS. AD DS relies on several established protocols and standards, including LDAP (Lightweight Directory Access Protocol), Kerberos and DNS (Domain Name System). It’s important to understand that Active Directory is only for on-premises Microsoft environments. Microsoft environments in the cloud use Azure Active Directory, which serves the same purposes as its on-prem namesake. AD and Azure AD are separate but can work together to some degree if your organization has both on-premises and cloud IT environments (a hybrid deployment). How is Active Directory structured?AD has three main tiers: domains, trees and forests. A domain is a group of related users, computers and other AD objects, such as all the AD objects for your company’s head office. Multiple domains can be combined into a tree, and multiple trees can be grouped into a forest. Keep in mind that a domain is a management boundary. The objects for a given domain are stored in a single database and can be managed together. A forest is a security boundary. Objects in different forests are not able to interact with each other unless the administrators of each forest create a trust between them. For instance, if you have multiple disjointed business units, you probably want to create multiple forests. What’s in the Active Directory database?The Active Directory database (directory) contains information about the AD objects in the domain. Common types of AD objects include users, computers, applications, printers and shared folders. Some objects can contain other objects (which is why you’ll see AD described as “hierarchical”). In particular, organizations often simplify administration by organizing AD objects into organizational units (OUs) and streamline security by putting users into groups. These OUs and groups are themselves objects stored in the directory. Objects have attributes. Some attributes are obvious and some are more behind the scenes. For example, a user object typically has attributes like the person’s name, password, department and email address, but also attributes most people never see, such as its unique Globally Unique Identifier (GUID), Security Identifier (SID), last logon time and group membership. Databases are structured, which means there is a design that determines what types of data they store and how that data is organized. This design is called a schema. Active Directory is no exception: Its schema contains formal definitions of every object class that can be created in the Active Directory forest and every attribute that can exist in an Active Directory object. AD comes with a default schema, but administrators can modify it to suit business needs. The key thing to know is that it’s best to plan the schema carefully up front; because of the central role AD plays in authentication and authorizations, changing the schema of the AD database later can dramatically disrupt your business. Where can I learn more about Active Directory?ResourcesBlogsGet started nowSuccessfully manage AD – the heart of your IT environment. What are the 4 types of Microsoft Active Directory?Below we'll explain their differences in order to help you decide what you need.. Active Directory (AD) ... . Azure Active Directory (AAD) ... . Hybrid Azure AD (Hybrid AAD) ... . Azure Active Directory Domain Services (AAD DS). What are the 3 main functions of Active Directory?The Top 3 major benefits of Active Directory Domain Services are: Centralized resources and security administration. Single logon for access to global resources. Simplified resource location.
What are the 5 roles of Active Directory?Currently in Windows there are five FSMO roles:. Schema master.. Domain naming master.. RID master.. PDC emulator.. Infrastructure master.. What are the 2 components are logical components in Active Directory?Physical components are Domain controller and site. Logical components are Domains, forests, trees etc. ADDS was introduced in windows server 2000 ADDS Physical components are Domain Controller and Sites ADDS Logical components are Forest, Tree, Domain Controller, OU and Global catalog.
|