Active Directory is a directory service from Microsoft. With the help of the service, objects and resources in a Windows network can be managed centrally and access can be controlled. The structure of a company or an organization can be reproduced logically with an Active Directory. The delimitation of the different areas is realized via domains.
Contents
What is Active Directory (AD)?
The abbreviation for Active Directory is AD. It is a directory service from Microsoft that plays an important role in the administration of Windows networks. Within a directory, the objects and resources of a network can be stored and organized in a structured way. They are defined by their attributes.
The Active Directory replicates the structure of an organization, including the devices and resources used. So-called domains logically delimit the different areas from each other. The domains are hierarchically structured. Their hierarchy is independent of the underlying network infrastructure.
Objects managed in an AD are, for example, computers, services, servers, storage, printers, users, groups or file shares. The AD administrator has the ability to share or lock network resources with users. Only the administrator has the right to modify the objects, their attributes, and the structure of the directory service.
Numerous applications within a Windows network depend on Active Directory. Failure of the directory service can lead to significant restrictions or even complete failure of the applications in the network. Replication mechanisms and redundancies ensure the availability of the directory service.
Important terms and components of an Active Directory
Important terms and components of an Active Directory are:
- Objects
- Schemas
- Domains
- Domain controllers
An object is the smallest unit managed in the directory service comparable to a single record in a database. It describes resources or devices such as computers, services, servers, storage, printers, users, groups, or file shares. The properties of an object are its attributes. The generally used object types, classes, attributes, and syntax of the attributes can be defined via a schema as a kind of template for all directory entries.
The illustration of the structure of an organization takes place over domains. A domain is a logically separated network area, each with the same security policies and settings. Each domain is identified by a unique name based on the naming conventions of the Domain Name System (DNS). Subordinate domains originate from a root domain.
The complete name includes subdomains and root domains. For example, the name of a domain is development.company-xy.com or sales.company-xy.com. Active Directory domain names do not have to correspond to a registered Internet domain, but they can. Domain structures can be set up independently of the organization’s existing logical or physical structures. They are not tied to the locations of an organization, the topology of the network, or the locations of objects. Often, domains represent individual organizational units such as departments of a company.
The domain controller performs important functions for each domain. It is a server that an administrator has appointed as the domain controller. The domain controller makes the Active Directory available to users and devices and handles user authentication and role assignment. Active Directory information is stored on the domain controller server.
In order to log on to the directory service, search for and access objects or resources, the domain controller must be contacted beforehand. Clients use the Domain Name System to locate the domain controller responsible for them. After the domain controller is located, communication is established using the Lightweight Directory Access Protocol (LDAP) to access Active Directory. Redundancy and replication of the domain controller’s data prevent important functions from being unavailable on the network in the event of a server failure.
The advantages of an Active Directory
Typical advantages of an Active Directory are:
- Central administration of objects and resources of a network including attributes, file shares and policies
- High reliability due to redundancy and replication mechanisms
- Compatibility with other directory services and operating systems
- Flexible and easy to expand
- Mapping of different organizational structures
- High information security
- Is based on the Domain Name System
Information Security Asia is the go-to website for the latest cybersecurity and tech news in various sectors. Our expert writers provide insights and analysis that you can trust, so you can stay ahead of the curve and protect your business. Whether you are a small business, an enterprise or even a government agency, we have the latest updates and advice for all aspects of cybersecurity.
