Active Directory

Active Directory is a centralized and standardized system that automates network management of user data, security, and distributed resources, and enables interoperation with other directories. It is an implementation of LDAP directory services which is designed especially for distributed networking environments.

Its main purpose is to provide central authentication and authorization services for Windows based computers. Additionally it allows administrators to assign policies, maintain software, maintain user and group rights assignments, and apply critical updates to an organization.

Active Directory structure is a hierarchical framework of objects. These objects fall into three main categories

  • Resources
  • Services
  • Users

The Active Directory provides information on the objects, organizes objects, controls access and sets security. In the Active Directory, an object is uniquely identified by its name and object has a set of attributes (characteristics and information that the object can contain) defined by a schema, which also limit the kind of objects that can be stored in the directory.

The framework that holds the objects is viewed at a number of levels. The top level of the structure is “Forest“. Forest is the collection of every object, its attributes, and rules in the directory. The forest holds one or more transitive, trust linked “Trees”. A tree holds one or more “Domains” and domain trees, again linked in a transitive trust hierarchy. Domains are identified by their DNS name structure, the namespace.

Features of Active Directory

  • Support for the X.500 global directory standard
  • Provide the capability for secure extension of network operations to the Web
  • A hierarchical organization that provides a single point of access for system administration to reduce redundancy and errors
  • Provide single logon capability
  • An object oriented storage organization, which allows easier access to information
  • Support for LDAP (Lightweight Directory Access Protocol) to enable inter-directory operability
  • Designed to be both backward and forward compatible