What is Active Directory and how does it work?

Active sầu Directory (AD) is Microsoft"s proprietary directory service. It runs on Windows Server & enables administrators to lớn manage permissions & access khổng lồ network resources.

Bạn đang xem: Active directory

Active sầu Directory stores data as objects. An object is a single element, such as a user, group, application or device such as a printer. Objects are normally defined as either resources, such as printers or computers, or security principals, such as users or groups.

Active sầu Directory categorizes directory objects by name and attributes. For example, the name of a user might include the name string, along with information associated with the user, such as passwords and Secure Shell keys.

Active sầu Directory"s services

The main service in Active sầu Directory is Domain Services (AD DS), which stores directory information và handles the interaction of the user with the tên miền. AD DS verifies access when a user signs into lớn a device or attempts to connect to lớn a hệ thống over a network. AD DS controls which users have access to each resource, as well as group policies. For example, an administrator typically has a different level of access to data than an over user.

Other Microsoft và Windows operating system (OS) products, such as Exchange Server & SharePoint Server, rely on AD DS khổng lồ provide resource access. The hệ thống that hosts AD DS is the domain name controller.

Active sầu Directory services

Several different services comprise Active Directory. The main service is Domain Services, but Active sầu Directory also includes Lightweight Directory Services (AD LDS), Lightweight Directory Access Protocol (LDAP), Certificate Services, or AD CS, Federation Services (AD FS) and Rights Management Services (AD RMS). Each of these other services expands the product"s directory management capabilities.

Lightweight Directory Services has the same codebase as AD DS, sharing similar functionalities, such as the application program interface. AD LDS, however, can run in multiple instances on one server & holds directory data in a data store using Lightweight Directory Access Protocol. Lightweight Directory Access Protocol is an application protocol used to lớn access & maintain directory services over a network. LDAPhường stores objects, such as usernames & passwords, in directory services, such as Active Directory, & shares that object data across the network. Rights Management Services control information rights và management. AD RMS encrypts nội dung, such as tin nhắn or Microsoft Word documents, on a hệ thống lớn limit access.

Major features in Active Directory Domain Services

Active sầu Directory Domain Services uses a tiered layout structure consisting of domains, trees và forests to coordinate networked elements.

Domains are the smallest of the main tiers, while forests are the largest. Different objects, such as users & devices, that nội dung the same database will be on the same tên miền. A tree is one or more domains grouped together with hierarchical trust relationships. A forest is a group of multiple trees. Forests provide security boundaries, while domains -- which nói qua a comtháng database -- can be managed for settings such as authentication và encryption.

A tree is one or more domains grouped together. The tree structure uses a contiguous namespace khổng lồ gather the collection of domains in a logical hierarchy. Trees can be viewed as trust relationships where a secure connection, or trust, is shared between two domains. Multiple domains can be trusted where one domain name can trust a second, & the second tên miền can trust a third. Because of the hierarchical nature of this thiết đặt, the first tên miền can implicitly trust the third domain name without needing explicit trust. Organizational Units (OUs) organize users, groups and devices. Each domain can contain its own OU. However, OUs cannot have separate namespaces, as each user or object in a domain must be unique. For example, a user account with the same username cannot be created. Containers are similar lớn OUs, but Group Policy Objects cannot be applied or linked khổng lồ container objects.

Trusting terminology

Active Directory relies on trusts to lớn moderate the access rights of resources between domains. There are several different types of trusts:

A one-way trust is when a first domain allows access privileges lớn users on a second domain name. However, the second tên miền does not allow access to lớn users on the first domain. A two-way trust is when there are two domains and each tên miền enables access khổng lồ users of the other tên miền. A trusted tên miền is a single domain name that enables user access lớn another domain, which is called the trusting domain. An intransitive trust is a one-way trust that is limited lớn two domains. An explicit trust is a one-way, nontransitive sầu trust that is created by a network admin. A cross-link trust is a type of explicit trust. Cross-links trusts take place between domains within 1) the same tree, with no child-parent relationship between the two domains, or 2) different trees. A forest trust applies lớn domains within the entire forest & can be one-way, two-way or transitive sầu. A shortcut joins two domains that belong to separate trees. Shortcuts can be one-way, two-way or transitive. A realm is a trust that is transitive, intransitive sầu, one-way or two-way.

History and development of Active sầu Directory

Microsoft offered a pđánh giá of Active sầu Directory in 1999 và released it a year later with Windows 2000 Server. Microsoft continued to develop new features with each successive sầu Windows Server release.

Windows Server 2003 included a notable update lớn add forests and the ability khổng lồ edit & change the position of domains within forests. Domains on Windows Server 2000 could not support newer AD updates running in Server 2003.

Xem thêm: Cách Đọc Từ Vựng Tiếng Anh, Cách Đọc Và Phát Âm Từ Vựng Tiếng Anh

Windows Server 2008 introduced AD FS. Additionally, Microsoft rebranded the directory for domain name management as AD DS, và AD became an umbrella term for the directory-based services it supported.

Windows Server năm 2016 updated AD DS to lớn improve sầu AD security và migrate AD environments lớn cloud or hybrid cloud environments. Security updates included the addition of PAM.

PAM monitored access lớn an object, the type of access granted and what actions the user took. PAM added bastion AD forests lớn provide an additional secure và isolated forest environment. Windows Server 2016 ended support for devices on Windows Server 2003.

In December năm 2016, Microsoft released Azure AD Connect khổng lồ join an on-premises Active Directory system with Azure Active Directory (Azure AD) khổng lồ enable SSO for Microsoft"s cloud services, such as Office 365. Azure AD Connect works with systems running Windows Server 2008, Windows Server 2012, Windows Server năm nhâm thìn and Windows Server 2019.

Domains vs. workgroups

The workgroup is Microsoft"s term for Windows machines connected over a peer-to-peer network. Workgroups are another unit of organization for Windows computers in networks. Workgroups allow these machines to giới thiệu files, internet access, printers và other resources over the network. Peer-to-peer networking removes the need for a VPS for authentication. There are several differences between domains và workgroups:

Domains, unlike workgroups, can host computers from different local networks. Domains can be used to host many more computers than workgroups. Domains can include thousands of computers, unlike workgroups, which typically have sầu an upper limit cthua kém khổng lồ đôi mươi. In domains, at least one server is a computer, which is used to control permissions and security features for every computer within the tên miền. In workgroups, there is no hệ thống & computers are all peers. Domain users typically require security identifiers such as logins & passwords, unlượt thích workgroups.

Main competitors to Active Directory

Other directory services on the market that provide similar functionality to AD include Red Hat Directory Server, Apache Directory và OpenLDAPhường.

Red Hat Directory Server manages user access khổng lồ multiple systems in Unix environments. Similar to lớn AD, Red Hat Directory Server includes user ID và certificate-based authentication lớn restrict access to data in the directory.

Apabít Directory is an open source project that runs on Java và operates on any LDAPhường server, including systems on Windows, macOS and Linux. Apache Directory includes a schema browser & an LDAP editor and browser. Apađậy Directory supports Eclipse plugins.

OpenLDAP is a Windows-based open source LDAP directory. OpenLDAP. enables users lớn browse, tìm kiếm & edit objects in an LDAPhường hệ thống. OpenLDAP features include copying, moving and deleting trees in the directory, as well as enabling schema browsing, password management và LDAPhường SSL (Secure Sockets Layer) tư vấn.

Read this overview khổng lồ learn about Active sầu Directory basics.

Learn what techniques can be used to lớn troubleshoot common issues in Active sầu Directory, & tips on replication troubleshooting.

Related TermsMicrosoft FIM (Microsoft Forefront Identity Manager)Microsoft Forefront Identity Manager (FIM) is a self-service identity management software suite. SeecompletedefinitionMicrosoft Identity Manager 2016Microsoft Identity Manager 2016 is a tool that allows organizations to lớn manage access, users, policies và credentials. MIM năm nhâm thìn ... SeecompletedefinitionMicrosoft Online Services Sign-In AssistantThe Microsoft Online Services Sign-In Assistant is a software application that provides comtháng sign-on capabilities for a suite ... Seecompletedefinition