What is Active Directory?

Active Directory is the directory service for Windows Domain Networks. It is a collection of machines and servers connected inside of domains, that are a collective part of a bigger forest of domains, that make up the Active Directory network. Active Directory contains many functioning bits and pieces and is important to understand for those getting into I.T. In this post, I will cover a few components and become fimilar with the various pieces of Active Directory.

Many large companies use Active Directory because it allows for the control and monitoring of their user's computers through a single domain controller. It allows a single user to sign in to any computer on the active directory network and have access to his or her stored files and folders in the server, as well as the local storage on that machine. This allows for any user in the company to use any machine that the company owns, without having to set up multiple users on a machine.

Servers controlling Active Directory services are called Domain Controllers. A Domain Controller is often configured in a Windows Server environment and is in charge of setting up and managing AD’s core capabilities and features.

Under a Domain Controller, you can add user and computer accounts. User and computer accounts are based on the user, perhaps an employee, or a computer, such as a specific location. User and computer accounts are based off of the schema which is the types of data stored into the Domain Controller (schemas can be passwords, usernames, emails, office extensions, etc.). Each Domain Controller which consists of user and computer accounts is known as an entire domain.

It is good practice to add sets of accounts into Groups to better organize users that may require the same permissions without having to manually set the permissions for each user. These Groups are then organized into Organizational Units, which are used for administrative purposes.

For example, lets say you have x employees at y different locations. Each of these locations have a group and within these groups are sub-groups consisting of the employees in that department. Under each Organizational Unit, you can set a local administrative account so the administrator has direct control over their specific group. Now, one admin doesn't have to set, manage, and maintain every group as each Organizational Unit has a local administrator.

Active Directory has three main tiers: domains, trees, and forests. Domains are used to group and manage objects. They consist of related users, computers, and other AD objects. Trees are a heirarchy of domains in Active Directory Domain Services. In basic terms, multiple domains are grouped into trees, which are then grouped into a forest.

A domain is a management boundary. The objects for a given domain are stored in a single database and can be managed together. A forest is a security boundary. Objects in different forests are not able to interact with each other unless the administrators of each forest create a trust between them. For instance, if you have multiple disjointed business units, you probably want to create multiple forests.

Active Directory simplifies life for administrators and end users while enhancing security for organizations.