What Is Active Directory?

Active Directory is a Microsoft implementation of LDAP (Lightweight Directory Access Protocol) consisting of a centralized database containing information that will be used to authenticate users and locate resources. Aside from authentication, AD also deals with authorization. The other process AD is responsible for is accounting – documenting the authentication and authorization for each user. As keeping multiple copies of databases allowing singular access to objects is not feasible and it would leave the system prone to vulnerabilities, AD stores information hierarchically and allows for centralized computer management.

Authentication – who are you? (Username/password)

Authorization – What access/permissions do you have?

Accounting – Logging of your activity.

AD comprises of two object categories:

·         Resources - for example: Printer queue data

·         Security - for example: Differentiation between system administrator and a normal user

Generally the benefits of using Active Directory revolve around the centralized management feature, but network administrators can also write scripts for controlling group policy, automating administrative tasks (assigning software to machines on the domain, managing printers, setting permissions for network users etc.) or use AD as a phone book to retrieve contact details for the users on the system.

OU – Organizational Units are AD’s criteria boxes, which can be split down in subcategories, allowing the system administrator to allocate resources / grant access according to narrower ranges of sub-criteria. For example, OUs allow you to setup access for a new geographical location (e.g. Spain) in organization X. In the Spain OU, two more OUs will be created for Sales and Purchasing departments, in Sales two other OUs for Technical and Operations. For each of these OUs, the administrator will then create the users and authorize authentication and resource access. 

Requirements

ADDS run on Windows 2000 and any later editions, but client applications can be produced for and run on earlier versions like Windows NT 4.0 or Windows 95.