What is Active Directory (AD)?

121

Active Directory is a directory service from Microsoft. With the help of the service, objects and resources in a Windows network can be managed centrally and access can be controlled. The structure of a company or an organization can be logically reproduced with an Active Directory. The different areas are delimited using domains.

The abbreviation for Active Directory is AD. It is a directory service from Microsoft that plays an important role in the administration of Windows networks. The objects and resources of a network can be saved and organized in a structured manner within a directory. They are defined by their attributes.

The Active Directory reproduces the structure of an organization including the devices and resources used. So-called domains logically separate the various areas from one another. The domains are structured hierarchically. Their hierarchy is independent of the underlying network infrastructure. Objects managed in an AD are, for example, computers, services, servers, storage, printers, users, groups or file shares. The AD administrator has the option to release or block network resources for users. Only the administrator has the right to change the objects, their attributes and the structure of the directory services. Many applications within a Windows network are dependent on Active Directory. A failure of the directory service can lead to considerable restrictions or even complete failure of the applications in the network. Replication mechanisms and redundancies ensure the availability of the directory service.

Important terms and components of an active directory

Important terms and components of an Active Directory are:

  • Objects
  • Schemes
  • Domains
  • Domain controller

An object is the smallest unit managed in the directory service, comparable to a single data record in a database. It describes resources or devices such as computers, services, servers, storage, printers, users, groups or file shares. Properties of an object are the attributes. The generally used object types, classes, attributes and syntax of the attributes can be defined via a schema as a kind of template for all directory entries.

The mapping of the structure of an organization takes place via domains. A domain is a logically separated network area with the same security guidelines and settings. Each domain is identified by a unique name based on the naming conventions of the Domain Name System (DNS). The subdomains start from a root domain. The full name includes subdomains and root domain. The name of a domain is, for example, Development.Firma-xy.de or Vertrieb.Firma-xy.de. The names of an Active Directory domain do not have to correspond to a registered Internet domain, but they can. Domain structures can be set up independently of the existing logical or physical structures of the organization. You are not at locations of a company linked to the topology of the network or the locations of the objects. The domains often represent individual organizational units such as departments of a company.

The domain controller performs important functions for each domain. It is a server that an administrator has made a domain controller. The domain controller makes the Active Directory available to users and devices and handles authentication the user and the assignment of roles. The information in the Active Directory is stored on the domain controller server. In order to log on to the directory service, search for objects or resources and address them, the domain controller must be contacted beforehand. The clients use the Domain Name System to find the domain controller responsible for them. After the domain controller has been found, communication is established using the Lightweight Directory Access Protocol (LDAP) to access the Active Directory. Redundancies and the replication of the domain controller’s data prevent important functions in the network from being no longer available if the server fails.

The advantages of an active directory

Typical advantages of an active directory are:

  • Central management of the objects and resources of a network including attributes, file shares and guidelines
  • high reliability through redundancy and replication mechanisms
  • Compatibility with other directory services and operating systems
  • flexible and easy to expand
  • Depiction of different organizational structures
  • high information security
  • is based on the Domain Name System