What is Active Directory? How does it work?

Active Directory is a service developed by Microsoft for Windows domain networks. It enables administrators to manage permissions and access the network resources. Active Directory stores data as objects. An object is a single element, such as a user, group, application, or device such as a printer.

Active Directory

AD is a collection of users, computers, and groups that are part of the same centralized system. The main service in Active Directory is Domain Services (AD DS), which stores directory information and handles the interaction of the user domain. ADDS is also responsible for Authentication and Authorization. ADDS uses Kerberos.

Active Directory Database

AD databases are stored on a single NTDS.dit file located in C:\Windows\NTDS

Components of Active Directory

Logical Components

  • Domain
  • Tree
  • Forest
  • OU
  • Container
  • Global Catalogue

Physical Components

  • Domain Controler
  • Sites
  • Networking Devices

Active Directory services

Active Directory has multiple services, but the main one is domain service. Apart from that it has AD LDS, Certificate Services, LDAP, AD RMS and more.

Active Directory Services

Domain Services: Active Directory Domain Services stores data and manages communications between the users and the DC.

Certificate Service: It is used to manage certificate-related activities like digital certificates, signatures, and public key cryptography to secure communication and authentication, so the user can exchange information over the internet securely.

Active Directory Federation Services: ADFS authenticates user access to multiple applications across different domains, networks and organizations using Single Sign On (SSO). SSO is an authentication method that enables users to securely authenticate with multiple resources like applications and websites by using just one set of credentials.

Rights Management: It manages the information rights and data access policies. It decides if the user can access a folder or send an email.

Features in Active Directory

  • Domain: It is a group of objects such as users and devices that share the same AD database.
  • Tree: It is a combination of one or more than one domain. A tree can be viewed as a trust relationship, where a secure connection or trust is shared between two domains. It’s a part of the forest and shares the namespace. 
  • Forest: A forest is a collection of trees that share a common global catalogue, directory schema, logical structure, and directory configuration. The forest represents the security boundary within which users, computers, groups, and other objects are accessible.
  • Schema defines an object’s class and attributes in the forest.
  • Organizational Unit: OU is a container that holds other Active Directory objects like users, computers, printers, shared folders, and even other organizational Units. OU is unique in every domain.
  • Container: Containers are similar to OU, but group policies are not applied or linked to the container object.
  • Global catalogues: The global catalogues server is a domain controller that stores a complete copy of AD object attributes and a partial copy of all object attributes of all other domains.

Leave a Comment