Saturday, 28 July 2012

Active Directory

What is Active Directory ?

Active Directory  is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems.

Active Directory provides a central location for network administration and security.
Server computers that run Active Directory are called domain controllers.
An AD domain controller authenticates and authorizes all users and computers in a Windows domain type network assigning and enforcing security policies for all computers and installing or updating software. For example, when a user login into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a have authorization  or not.

Active Directory makes use of  Lightweight Directory Access Protocol,Kerberos and Domain Name System to manage environment.


    An Active Directory structure is a hierarchical arrangement of information about objects(ex:users,computers,etc..). The objects fall into two broad categories: resources (e.g., printers) and security principals (user or computer accounts and groups). Security principals are assigned unique security identifiers (SIDs).

Each object represents a single entity—whether a user, a computer, a printer, or a group—and its attributes. Certain objects can contain other objects. An object is uniquely identified by its name and has a set of attributes—the characteristics and information that the object represents— defined by a database schema, which also determines the kinds of objects that can be stored in Active Directory.

The following diagram illustrates the relationship of the Active Directory domains, OUs, trees, and forests.

The core unit of logical structure in Active Directory  is the domain, which can store millions of objects. Objects stored in a domain such as computers, printers, documents, database, users are those considered vital to the network. Directory is made up of one or more domains. A domain can span more than one physical location.
An OU is a container used to organize objects within a domain into a logical administrative group. OUs provide a means for handling administrative tasks, such as the administration of users and resources, as they are the smallest scope to which you can delegate administrative authority. An OU can contain objects such as user accounts, groups, computers, printers, applications, file shares, and other OUs from the same domain.
A tree is a grouping or hierarchical arrangement of one or more Windows Server domains that you create by adding one or more child domains to an existing parent domain. Domains in a tree share a contiguous namespace and a hierarchical naming structure.
A forest is a grouping or hierarchical arrangement of one or more separate, completely independent domain trees. As such, forests have the following characteristics:
All domains in a forest share a common schema.
All domains in a forest share a common global catalog.
All domains in a forest are linked by implicit two-way transitive trusts.
Trees in a forest have different naming structures, according to their domains.
Domains in a forest operate independently, but the forest enables communication across the entire organization


1 comment: