What is Windows Active Directory

An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996 and first used with Windows 2000.
An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory.
An active directory can be defined as a hierarchical structure and this structure is usually broken up into three main categories, the resources which might include hardware such as printers, services for end users such as web email servers and objects which are the main functions of the domain and network.
It is interesting to note the framework for the objects. Remember that an object can be a piece of hardware such as a printer, end user or security settings set by the administrator. These objects can hold other objects within their file structure. All objects have an ID, usually an object name (folder name). In addition to these objects being able to hold other objects, every object has its own attributes which allows it to be characterized by the information which it contains. Most IT professionals call these setting or characterizations schemas.
Depending on the type of schema created for a folder, will ultimately determine how these objects are used. For instance, some objects with certain schemas can not be deleted, they can only be deactivated. Others types of schemas with certain attributes can be deleted entirely. For instance, a user object can be deleted, but the administrator object can not be deleted.
When understanding active directories, it is important to know the framework that objects can be viewed at. In fact, an active directory can be viewed at either one of three levels, these levels are called forests, trees or domains. The highest structure is called the forest because you can see all objects included within the active directory.
Within the Forest structure are trees, these structures usually hold one or more domains, going further down the structure of an active directory are single domains. To put the forest, trees and domains into perspective, consider the following example.
A large organization has many dozens of users and processes. The forest might be the entire network of end users and specific computers at a set location. Within this forest directory are now trees that hold information on specific objects such as domain controllers, program data, system, etc. Within these objects are even more objects which can then be controlled and categorized.
How are Active Directories used?
If you are a computer administrator for a large corporation or organization, you can easily update all end users computers with new software, patches, files, etc simply by updating one object in a forest or tree.
Because each object fits into a set schema and has specific attributes, a network administrator can easily clear a person on a set tree or instantly give access to some users for certain applications or deny access to certain users for others. The Microsoft servers use trust to determine whether or not access should be allowed. Two types of trust that Microsoft active directories incorporate are transitive trusts and one way non transitive trusts. A transitive trust is when there is a trust that goes further than two domains in a set tree, meaning two entities are able to access each others domains and trees.
A one way transitive trust is when a user is allowed accessed to another tree or domain, however, the other domain does not allow access to the other domains. This can be summed up as a network administrator and end user. The network administrator can access most trees in the forest including a specific end user's domain. However the end user, while able to access his or her own domain, can not access other trees.
It is important to note that active directories are a great way to organize a large organization or corporation's computers data and network. Without an active directory, most end users would have computers that would need to be updated individually and would not have access to a larger network where data can be processed and reports can be created. While active directories can be extremely technical and require lots of expertise to navigate, they are essential to storing information and data on networks.


Prime VIP
to add

Active Directory (AD) is a technology created by Microsoft that provides a variety of network services, including:

  • LDAP-like directory services
  • Kerberos-based authentication
  • DNS-based naming and other network information

Using the same database, for use primarily in Windows environments, Active Directory also allows administrators to assign policies, deploy software, and apply critical updates to an organization. Active Directory stores information and settings in a central database. Active Directory networks can vary from a small installation with a few hundred objects, to a large installation with millions of objects.

Active Directory was previewed in 1999, released first with Windows 2000 Server edition, and revised to extend functionality and improve administration in Windows Server 2003. Additional improvements were made in Windows Server 2003 R2.

Active Directory was called NTDS (NT Directory Service) in older Microsoft documents. This name can still be seen in some AD binaries.