To manage the array of resources in an enterprise data center, administrators must understand the Active Directory...
basics to give users access to resources on the network.
Active Directory (AD) is the Windows Server service that organizes and secures all of the organization's resources, including users, printers and file shares. Active Directory gives administrators the tool necessary to ensure each user or group has the appropriate permissions to use certain resources.
This tip on Active Directory basics explains how this directory service maintains order within the enterprise.
Understand the Active Directory basics
Active Directory Domain Services (AD DS) operates as the core service and directory database in a Windows environment. Admins must maintain the database and the server -- or server cluster -- that makes up the domain controller to keep the management service healthy.
Active Directory basics include Active Directory Federation Services for single sign-on functionality, certificate services for public encryption keys, and rights management services for encryption and access control for certain content.
Active Directory defines the structure for the organization with objects and organizational units (OUs). Administrators can group objects, such as computers or individuals, together in OUs based on certain criteria, such as location or business function. Admins can also apply permissions and tasks based on the level of the OU.
AD DS and Azure AD manage on premises and the cloud
Administrators have two Active Directory options to choose from -- on-premises Active Directory, which runs on Windows Server, or the Azure Active Directory, which operates in Microsoft's cloud. They can also use a combination of both. The Azure AD identity management service has a similar name, but it has a few differences from on-premises Active Directory.
Windows Server AD uses domain name systems and the Lightweight Directory Access Protocol to work with directories both on premises and on the internet, and it uses Kerberos for authentication. Azure AD uses the Security Assertion Markup Language and Open Authorization. Azure AD does not use OUs, domains or Group Policy Objects for organization. Beyond these structural differences, Azure AD has fewer features.
Administrators can use a combination of Azure AD and on-premises Active Directory to alleviate some latency issues when, for example, managing authentication requests for a cloud app.
How to prepare for a domain controller deployment
Administrators who understand Active Directory basics can take the next step and deploy a domain controller for the organization's authorization and authentication needs.
After installing a physical server or virtual machine that is sized to the company's specifications, admins can set up AD DS using the Add Roles and Features wizard. Next, they must promote the server to a domain controller, add a new forest and set the database paths. A prerequisite check will report any errors or confirm if the installation is ready. Then administrators can populate the directory with users. Add new user names, details and assign users to groups.