Scribd
Upload
19 views2 pages

Active Directory Overview and Functions

Active Directory (AD) is Microsoft's directory service for managing authentication, authorization, and resources in Windows domain networks. It includes core functions like user verification and centralized management, with components such as domains, domain controllers, and organizational units. AD also supports various services and has distinct differences from Azure Active Directory, particularly in deployment and protocol usage.

Uploaded by

joshiprat44
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views2 pages

Active Directory Overview and Functions

Active Directory (AD) is Microsoft's directory service for managing authentication, authorization, and resources in Windows domain networks. It includes core functions like user verification and centralized management, with components such as domains, domain controllers, and organizational units. AD also supports various services and has distinct differences from Azure Active Directory, particularly in deployment and protocol usage.

Uploaded by

joshiprat44
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Active Directory (AD) – Comprehensive Overview

Active Directory (AD) is Microsoft’s directory service for Windows domain networks. It
provides centralized authentication, authorization, and management of networked
resources such as users, computers, and devices. Administrators use AD to structure
organizations logically, enforce security, and manage identities efficiently.

Core Functions
1. Authentication – Verifies users’ identities during login.
2. Authorization – Determines what actions users can perform.
3. Centralized Management – Manages all users and devices from a single console.
4. Policy Enforcement – Uses Group Policy Objects (GPOs) to enforce security and
configuration rules.

Key Components
1. Domain – Logical grouping of resources under a common security and administrative
boundary.
2. Domain Controller (DC) – Server that stores AD data, authenticates users, and enforces
policies.
3. Tree – Hierarchical structure of domains sharing a contiguous namespace.
4. Forest – The top-level AD container containing multiple trees and trust relationships.
5. Organizational Units (OUs) – Containers used to organize users, computers, and
groups.
6. Groups – Collections of users for simplified permissions management.
7. Global Catalog (GC) – Partial, searchable index of all objects in the forest.
8. Schema – Blueprint defining object types and attributes.
9. Group Policy Objects (GPOs) – Configuration rules for users and computers.
10. Trust Relationships – Define how domains/forests share authentication and access.

Authentication in AD
Active Directory primarily uses Kerberos for authentication. When a user logs in, AD
validates their credentials and issues a Kerberos ticket. This ticket allows access to
network resources without needing to re-enter credentials repeatedly.

AD Services
- AD DS (Domain Services) – Core directory service for user/computer management.
- AD LDS (Lightweight Directory Services) – A simplified directory without domain
functionality.
- AD CS (Certificate Services) – Issues and manages digital certificates.
- AD FS (Federation Services) – Enables Single Sign-On (SSO) across systems.
- AD RMS (Rights Management Services) – Protects digital content and enforces usage
rights.
Active Directory vs Azure AD
| Feature | Active Directory | Azure Active Directory |
|----------|------------------|-------------------------|
| Deployment | On-premises | Cloud-based |
| Protocol | LDAP, Kerberos | OAuth, SAML, OpenID Connect |
| Devices | Windows domain-joined | Cross-platform, internet-connected |
| Use Case | Internal network management | Cloud identity and app access |

Use Cases
- Managing employee accounts and passwords
- Enforcing company-wide security policies
- Controlling access to shared resources
- Centralizing login for Windows devices
- Delegating administrative rights securely

You might also like