Active Directory or AD for short is a directory service created by Microsoft, and can be found in almost all Windows Server Systems.
Active Directory is primarily used to store directory objects (like users and groups) and their attributes and relationships to one another. The objects are used to control access to different resources for example, an Active Directory might contain a group which grants (or restricts) certain members permissions to log into a server or to print from a specific printer.
Active Directory is typically used by Computer Administrators to manage end user computer software packages, files, and accounts for medium to large-sized organisations. Instead of visiting every single client computer to upgrade new software or install Windows patches, the task(s) can be accomplished by updating a single object located within an AD forest or tree. Similarly, AD gives the Network Administrator the capability to grant or remove access at user level for one or many applications or file structures.
Active Directory features include:
- Support for the X.500 standard for global directories.
- The capability for secure extension of network operations to the Web.
- A hierarchical organisation that provides a single point of access for system administration (management of user accounts, clients, servers, and applications, for example) to reduce redundancy and errors.
- An object-oriented storage organization, which allows easier access to information.
- Support for the Lightweight Directory Access Protocol (LDAP) to enable inter-directory operability.
- Designed to be both backward compatible and forward compatible.
Most Active Directory installations have a few different parts that all work together simultaneously:
- Database: stores the actual directory information.
- Kerberos helps manage user passwords and other security things.
- DNS Server: maps IP addresses to hostnames and vice versa.
- DHCP Server: grants dynamic IP addresses to hosts as they join the network.