Active Directory

Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. A server running Active Directory Domain Services (AD DS) is called a domain controller. It authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user. Also, it allows management and storage of information at admin level and provides authentication and authorization mechanisms and a framework to deploy other related services (AD Certificate Services, AD Federated Services, etc.).

Active Directory is an integral part of the Windows 2000 architecture. Like other directory services, such as Novell Directory Services (NDS), Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. Active Directory is designed especially for distributed networking environments.

Active Directory provides a common interface for organizing and maintaining information related to resources connected to a variety of network directories. The directories may be systems-based (like Windows OS), application-specific or network resources, like printers. Active Directory serves as a single data store for quick data access to all users and controls access to users based on the directory's security policy.

Active Directory features include:

• Support for the X.500 standard for global directories

• The capability for secure extension of network operations to the Web

• A hierarchical organization that provides a single point of access for system administration (management of user accounts, clients, servers, and applications, for example) to reduce redundancy and errors

• An object-oriented storage organization, which allows easier access to information

• Support for the Lightweight Directory Access Protocol (LDAP) to enable inter-directory operability

• Designed to be both backward compatible and forward compatible.

Active Directory (AD)

     Active Directory provides the following network services:

• Lightweight Directory Access Protocol (LDAP) - An open standard used to access other directory services

• Security service using the principles of Secure Sockets Layer (SSL) and Kerberos-based authentication

• Hierarchical and internal storage of organizational data in a centralized location for faster access and better network administration

• Data availability in multiple servers with concurrent updates to provide better scalability

Active Directory is internally structured with a hierarchical framework. Each node in the tree-like structure is referred to as an object and associated with a network resource, such as a user or service. Like the database topic schema concept, the Active Directory schema is used to specify attribute and type for a defined Active Directory object, which facilitates searching for connected network resources based on assigned attributes. For example, if a user needs to use a printer with color printing capability, the object attribute may be set with a suitable keyword, so that it is easier to search the entire network and identify the object's location based on that keyword.

A domain consists of objects stored in a specific security boundary and interconnected in a tree-like structure. A single domain may have multiple servers - each of which is capable of storing multiple objects. In this case, organizational data is stored in multiple locations, so a domain may have multiple sites for a single domain. Each site may have multiple domain controllers for backup and scalability reasons. Multiple domains may be connected to form a Domain Tree, which shares a common schema, configuration and global catalog (used for searching across domains). A Forest is formed by a set of multiple and trusted domain trees and forms the uppermost layer of the Active Directory.

Novell's directory service - an Active Directory alternative - contains all server data within the directory itself, unlike Active Directory.

References:

https://en.wikipedia.org/wiki/Active_Directory

https://www.techopedia.com/definition/25/active-directory

http://serverfault.com/questions/402580/what-is-active-directory-domain-services-and-how-does-it-work