Microsoft Active Directory

Active Directory is one of the most frequently used corporate network services. Active Directory offers many other features in addition to the basic authentication and licensing services, which is no surprise to its popularity.

The primary Active Directory service is Active Directory Domain Services (AD DS), which is included with the Windows Server operating system. Active Directory Domain Services (AD DS) manages communication between users and domains by storing directory data and managing user logon processes, authentication, and directory searches. An Active Directory domain controller is a server that runs AD DS.

Active Directory Domain Services and Active Directory Federation services are added in the Windows Server 2016 to some major new features (AD FS). Many of the features in Windows Server 2016 are designed to focus more on public, private and hybrid cloud applications. The new Active Directory Domain Services (AD DS) features enhance organizations’ ability to secure Active Directory environments and to help them move into cloud deployments and hybrid deployments, where some cloud-based applications and services are hosting, and others are hosted on-site.

Among these improvements are:

· Privileged access management

· Extending cloud capabilities to Windows 10 devices through Azure Active Directory Join

· Connecting domain-joined devices to Azure AD for Windows 10 experiences

· Enable Microsoft Passport for Work in your organization

· Deprecation of File Replication Service (FRS) and Windows Server 2003 functional levels

The Active Directory simplifies life and enhances security for organizations for administrators and end-users. The AD Group policy feature allows managers to manage centrally control the user and rights as well as to centralize the computer and user configuration. Users can authenticate any resources in the domain they are authorized to use seamlessly (single sign-on). In addition, files are saved in a central repository to facilitate cooperation with other users and properly backed up by IT teams to ensure business continuity.

AD is divided into three main levels: domains, trees and forests. A domain is a group of related users, computers, and other AD objects, for example, all AD items in your company's headquarters. A tree can combine multiple domains and group multiple trees into a forest. Please remember that a domain is a boundary for management. The objects in each domain are stored and managed jointly in a single database. The security frontier is a forest. Objects in various forests cannot interact with each other unless the forest managers create trust. For example, you will probably want to create multiple forests if you have multiple business units.

The database of the Active Directory contains information on domain AD objects. Users, computers, apps, printers and shared folders are common types of AD objects. There may be some items with other items (which is why you will see “hierarchical” described AD). Organizations often simplify the administration of AD objects into organizational units (OUs) and improve security through grouping. These OUs are objects in the directory themselves.

Attributes are characteristics of objects. Some attributes are obvious, while others are more subtle. A user object, for example, typically contains attributes such as the person’s name, password, department, and email address, but it also contains attributes that most people never see, such as its unique Globally Unique Identifier (GUID), Security Identifier (SID), last login time, and group membership.

Databases are structured, which means that they have a design that dictates what types of data they store and how that data is organized. This is referred to as a schema. Active Directory is no exception: its schema includes formal definitions of every object class that can be created in the Active Directory Forest, as well as every attribute that can exist in an Active Directory object. Although AD comes with a default schema, administrators can modify it to meet business requirements. The important thing to remember is that it is best to plan the schema carefully ahead of time; because AD plays such an important role in authentication and authorization, changing the schema of the AD database later can severely disrupt your business.

Thank You!




I am Yasith , an undergraduate reading for the Bachelor of Science Degree in Computer Systems and Network Engineering.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Making the most of HackCon

Get 3 bureau credit reports on a single platform

The Deadly Diamond Of Death In Java 9’s Module System

Error Handling with Actix

Dockerize Your Python Command-Line Program

An Overview of the REST Principles

You should give Linux a chance

What Is Extreme Programming?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Yasith Piyumantha

Yasith Piyumantha

I am Yasith , an undergraduate reading for the Bachelor of Science Degree in Computer Systems and Network Engineering.

More from Medium

Mitigate Log4Shell, the Log4J Flaw

Creating JKS or PFX files from cert and private key.

How To Enable Hardware Accelerated Video Decode In Chromium Based Browsers On GNU/Linux

Avoiding common mistakes in your Ansible Playbooks