Fotolia

Q
Get started Bring yourself up to speed with our introductory content.

Understand Active Directory basics for enterprise success

You can't get the most out of a tool unless you understand its features. This tip explains the basics of Active Directory and how it controls access and maintains order.

Consistency and clarity are necessary when managing a company's resources. Administrators need to know the Active Directory basics to see how the different services in this Microsoft tool work together for centralized management.

Active Directory is a combination of several services that run on Windows Server. Administrators new to IT should work to understand the Active Directory basics and how major enterprise applications, such as Exchange Server, depend on this directory service.

Active Directory Domain Services is the foundation

At the heart of Active Directory is Active Directory Domain Services (AD DS). When administrators discuss AD, they usually mean AD DS, which maintains a database of information for devices, resources, users and groups within the domain. AD DS defines user rights and verifies user credentials on the network.

AD DS defines user rights and verifies user credentials on the network.

AD DS runs on a server or server cluster called the domain controller. Each time a user logs in, accesses a network resource or runs an application, the AD domain controller authenticates the request. Corruption in the AD database or the failure of the domain controller server can devastate an enterprise, so administrators often set up AD DS on a server cluster for automatic replication and synchronization for resiliency and added performance.

Other services that rely on AD DS

Active Directory includes several other services that require AD DS as a foundation. For example, smaller organizations can use Active Directory Lightweight Directory Services, which functions almost identically to AD DS but does not need domains or separate domain controllers.

Active Directory Certificate Services creates, validates and revokes public key certificates used to encrypt files, emails, virtual private network traffic and Transport Layer Security/IPsec network traffic.

Active Directory Federation Services provides a single sign-on service to give users access to resources or services -- typically outside of the enterprise -- using one set of credentials.

Finally, Active Directory Rights Management Services controls encryption and access control for email, documents and web content.

Active Directory basics: Objects and OUs

The basic component in Active Directory is an object. Each object, such as resources -- computers or printers -- or individuals or groups, has an array of attributes based on an established schema. Admins cannot delete objects, only deactivate them.

IT can gather objects within a domain into organizational units (OUs) that make structural sense, such as by geographic location or business division, for resource management. Administrators can then apply group policies and administrative tasks at the OU level.

Active Directory also works across a series of levels. The domain is the lowest level and generally includes objects organized into a single database.

Trees are collections of one or more domains connected by a trust relationship. The forest is the highest level, which collects trees into a global structure and represents the ultimate boundary for accessibility in Active Directory. Objects are typically not accessible outside of the AD forest.

This was last published in August 2018

Dig Deeper on Microsoft identity and access management

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What are some pointers new administrators should know about organizing objects?
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchEnterpriseDesktop

SearchVirtualDesktop

Close