Consistency and clarity are necessary when managing a company's resources. Administrators need to know the Active...
Directory basics to see how the different services in this Microsoft tool work together for centralized management.
Active Directory is a combination of several services that run on Windows Server. Administrators new to IT should work to understand the Active Directory basics and how major enterprise applications, such as Exchange Server, depend on this directory service.
Active Directory Domain Services is the foundation
At the heart of Active Directory is Active Directory Domain Services (AD DS). When administrators discuss AD, they usually mean AD DS, which maintains a database of information for devices, resources, users and groups within the domain. AD DS defines user rights and verifies user credentials on the network.
AD DS runs on a server or server cluster called the domain controller. Each time a user logs in, accesses a network resource or runs an application, the AD domain controller authenticates the request. Corruption in the AD database or the failure of the domain controller server can devastate an enterprise, so administrators often set up AD DS on a server cluster for automatic replication and synchronization for resiliency and added performance.
Other services that rely on AD DS
Active Directory includes several other services that require AD DS as a foundation. For example, smaller organizations can use Active Directory Lightweight Directory Services, which functions almost identically to AD DS but does not need domains or separate domain controllers.
Active Directory Certificate Services creates, validates and revokes public key certificates used to encrypt files, emails, virtual private network traffic and Transport Layer Security/IPsec network traffic.
Active Directory Federation Services provides a single sign-on service to give users access to resources or services -- typically outside of the enterprise -- using one set of credentials.
Finally, Active Directory Rights Management Services controls encryption and access control for email, documents and web content.
Active Directory basics: Objects and OUs
The basic component in Active Directory is an object. Each object, such as resources -- computers or printers -- or individuals or groups, has an array of attributes based on an established schema. Admins cannot delete objects, only deactivate them.
IT can gather objects within a domain into organizational units (OUs) that make structural sense, such as by geographic location or business division, for resource management. Administrators can then apply group policies and administrative tasks at the OU level.
Active Directory also works across a series of levels. The domain is the lowest level and generally includes objects organized into a single database.
Trees are collections of one or more domains connected by a trust relationship. The forest is the highest level, which collects trees into a global structure and represents the ultimate boundary for accessibility in Active Directory. Objects are typically not accessible outside of the AD forest.
Dig Deeper on Microsoft identity and access management
Related Q&A from Stephen J. Bigelow
ALM and SDLC both cover much of the same ground, such as development, testing and deployment. Where these lifecycle concepts differ is the scope of ... Continue Reading
Eliciting performance requirements from business end users necessitates a clearly defined scope and the right set of questions. Expert Mary Gorman ... Continue Reading
Requirements fall into three categories: business, user and software. See examples of each one, as well as what constitutes functional and ... Continue Reading