This tutorial is a series of tutorials on Understanding/ Mastering Active Directory. Implementation can be on Windows server 2012, 2008 and 2003 Active Directory roles. First, we’ll start by defining what active directory is, then get deeper and deeper.Active Directory is a directory service developed by Microsoft for Windows Operating Systems domain networks. The Active Directory Domain Services (AD DS) provides a centralized authentication service for Microsoft network environments. The main function of Active Directory in a simple network is to authorize all users and computers in a windows domain network through Domain Controller. Active Directory provides the main repository for information related to computers, users in the domain and other network services and resources.
Benefits of Active Directory Services
1) Management is simplified and made easier through centralized access to administrative tools to the Active Directory database of network resources.
2) It provides a single point of Access to network resources: With Active Directory, there is a single point of management of resources. It uses a single sign-on to allow access to network resources located on any server within the domain. The user is only identified and authenticated only once, after this, the user then signs on once to access network resources within his/her authorization limits and privileges made by the administrator.
3) Fault Tolerance and Redundancy
Fault tolerance: When a system can respond gracefully to both software and hardware failures.
In an Active Directory environment, when one or more Active Directory service domain controllers experience a failure, Active Directory offers redundancy by providing authentication services without any adverse effects noticed by the users. This is made possible by the fact that all domain controllers in Active Directory share a common database file called ntds.dit. All domain controllers maintain consistent information on this file through replication and active directory database is duplicated on all domain controllers.
4)Simplified resource Location:
Users in a domain can search for published resources on the network, e.g, files and printers. A user will just search Active Directory database for desired services using name description given to file folders, printers and other network services provided in the active directory.
5) Ability to access and modify AD DS from multiple administration points.
6) Provides hierarchical organizational structure
7) Simplified security Administration
Directory service is what allows you to define, access and manage network resources. The active directory provides automated directory services as the network grows in size and complexity.
There are two roles that provide directory services. These are
- Active Directory Domain Service ( AD DS )
- Active Directory Lightweight Directory Services ( AD LDS )
Common Terminologies used:
Domain Controller ( DC) – This is a server running a version of Windows server Domain services and has Active Directory Domain Services installed.
It is a server that stores Active Directory database and authenticates users during login sessions. It also stores, modify and maintains AD database information on a file called ntds.dit
Replication: This is the process of keeping each domain controller synchronized with the changes that have been made elsewhere on the network i.e on another domain controller. There are two types of replication
a) Inbound replication: Here, domain controller receives updates to the Active Directory database from other domain controllers on the network.
b) Outbound replication: Domain controller sending updates to other domain controllers.
Consider this example. If a user on a Domain controller 10 changes his password, the ntds.dit database is updated in this DC. For other Domain Controllers to get this update, Domain Controller 10 must replicate this change to other Domain Controllers. This will ensure that the date on all AD database is consistent.
Read-Only Domain Controller ( RODC) – This is a domain controller that contains a copy of ntds.dit file that cannot be modified. RODC does not replicate its changes to other Domain Controllers within Active Directory.
Container Object and Leaf Object. Each component in an Active Directory is wither container or leaf object. The container object can house objects while leaf container cannot contain other objects.
Container Objects available are:
a) Forest: This is the largest container object within Active Directory which defines the fundamental security boundary within Active Directory.
b) Schema naming context ( Schema Partition) – Contains rules and definitions used for creating and modifying object classes and attributes in Active Directory.
c) Configuration Partition: Contains information regarding the physical of the network and data that must be replicated throughout the forest. Information in the configuration NC is shared by domains in a single forest.
c) Domain Tree: Logical grouping of network resources and devices that contain one or more domains configured in a parent-child relationship.