What is Active Directory?
Active Directory (or AD) is Microsoft’s proprietary service that allows IT admins to manage users on a network (local or Internet-based servers). It is the primary feature of most Windows Servers. AD stores information on the network and makes it available for administrators to easily find and use.
Plus, administrators can also create and regulate users, objects, and domains within the network. For instance, a network admin can create a group of a few users and allow them access to specific directories on the server. AD makes it easy to organize many users into logical groups and subgroups, providing varying access control permissions at each level.
AD is responsible for authenticating and authorizing all the computers and users in a Windows domain network. It stores data as objects in the form of groups, numbers, addresses, and applications. These objects are categorized based on their names and services.
How Does Active Directory Work?
Active Directory Domain Services (AD DS) is the core element of an AD which provides the basic mechanism for authenticating and authorizing users on the network. AD DS also determines the resources an authorized user can access.
If any change is made to one DS, such as an account deletion, it is automatically replicated to all other DCs. These DCs also offer added features including security certificates, access rights management, SSO (Single Sign-On), and LDAP (Lightweight Directory Access Protocol).
Devices such as desktop computers and laptops are part of an AD. However, they do not run AD DS since DS relies on established protocols such as Kerberos and DNS.
Structure of an Active Directory DS
The basic tiers of an AD DS consist of:
Domains: Includes a group of users and devices synced with the same AD database. Think of it as a branch on a tree having the same base structure as the tree.
Trees: A group of one or more domains in a logical hierarchy, all related to one another.
Forest: Considered as the highest possible level of an organization with an Active Directory containing groups of trees. The trees are related and said to “trust” each other.
Organizational Units: The administrators use organization units to organize users, groups, computers, and other organizational units.
See how GateKeeper integrates with Active Directory to make IT administration super easy.
Touchless, contactless, passwordless 2FA with continuous authentication. One key for all your passwords. Experience fully automated login and security. Instant 2FA, auto-OTP, password manager and worry-free workflow with proximity-based privileged access management for Windows 10, 8, 7, macOS, desktop applications, and websites.