Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is used to manage and store information about network resources and application-specific data from a centralized location. Here are some key features and components of Active Directory:
Domain Services: AD DS (Active Directory Domain Services) is the core service that allows administrators to manage and store information about resources in the network, such as users, computers, and other devices. It also facilitates authentication and authorization mechanisms to ensure that only authorized users and devices can access resources.
LDAP Protocol: Active Directory uses the Lightweight Directory Access Protocol (LDAP) to query and modify directory services. LDAP is an open, vendor-neutral protocol for accessing and maintaining distributed directory information services.
Schema: The schema in Active Directory defines the objects and their attributes that the directory service uses to store data. It is a set of rules that determines the structure of the directory and what types of information it can contain.
Replication: AD ensures data availability and consistency across different servers by replicating directory data between multiple domain controllers. This replication helps in distributing the load and improving fault tolerance.
Group Policy: Active Directory allows administrators to use Group Policy to manage and configure operating systems, applications, and user settings in a Windows environment. Group policies can be applied to users and computers within the domain.
Organizational Units (OUs): OUs are containers within a domain that can hold users, groups, computers, and other OUs. They provide a way to organize and manage a large number of objects in a domain efficiently.
Domains, Trees, and Forests: A domain is a logical group of network objects that share the same Active Directory database. A tree is a collection of one or more domains that share a contiguous namespace. A forest is a collection of one or more trees that share a common global catalog, directory schema, and logical structure.
Trust Relationships: Trusts allow different domains to share resources and authenticate users across domain boundaries. Trust relationships can be one-way or two-way and can be established within a single forest or across multiple forests.
Active Directory is widely used in enterprise environments for its scalability, security features, and centralized management capabilities.
The primary purpose of Active Directory is to provide a centralized platform to manage network resources, such as user accounts, computers, printers, and security policies. It facilitates authentication, authorization, and directory services to ensure efficient and secure access to network resources.
What are the key components of Active Directory?
The key components of Active Directory include:
Domain Controllers (DCs): Servers that store and manage the directory data.
Schema: The structure that defines the types of objects and the information about those objects stored in the directory.
Global Catalog: A distributed data repository that contains a searchable, partial representation of every object in every domain in the forest.
Organizational Units (OUs): Containers used to organize objects within a domain.
Sites and Subnets: Represent the physical structure of a network and help manage replication traffic.
How does Active Directory handle authentication and authorization?
Active Directory uses protocols like Kerberos for authentication and LDAP for directory queries. When a user attempts to log in, AD verifies their credentials through Kerberos, providing a ticket-granting ticket (TGT) if successful. For authorization, AD checks the user’s permissions and group memberships to determine access rights to resources.
What is a domain in Active Directory?
A domain is a logical group of network objects (such as users, computers, and devices) that share the same AD database. Domains establish a boundary for security and administration within Active Directory.
What is the difference between a forest and a domain in Active Directory?
A domain is a single unit within Active Directory, whereas a forest is a collection of one or more domains that share a common schema, configuration, and global catalog. A forest represents the top-level container in an Active Directory structure, providing a unified view of all the objects and resources within the included domains.
What is Group Policy and how is it used in Active Directory?
Group Policy is a feature in Active Directory that allows administrators to create and enforce policies for users and computers within the domain. It can be used to configure security settings, software installation, desktop configurations, and more, ensuring consistent and controlled environments across the network.
What are Organizational Units (OUs) and how are they used?
Organizational Units (OUs) are containers within a domain that can hold users, groups, computers, and other OUs. They are used to organize and manage these objects efficiently, allowing administrators to apply policies and delegate administrative control based on the structure of the organization.
How does Active Directory replication work?
Active Directory replication ensures that directory data is consistent across all domain controllers in the network. Changes made on one domain controller are propagated to other domain controllers using a multi-master replication model. Replication can be scheduled and optimized to reduce network traffic and ensure data consistency.
What is the Global Catalog in Active Directory?
The Global Catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in the forest. It enables users and applications to quickly locate objects across multiple domains without the need to query each domain individually.
What are trust relationships in Active Directory?
Trust relationships allow different domains to share resources and authenticate users across domain boundaries. Trusts can be one-way or two-way and can be established within a single forest or across multiple forests, facilitating resource sharing and collaboration between different domains.