Open In App

Introduction of Active Directory Domain Services

Improve
Improve
Like Article
Like
Save
Share
Report

A directory is a hierarchical structure that stores information about objects on the network. A directory, in the most generic sense, is a comprehensive listing of objects. A phone book is a type of directory that stores information about people, businesses, and government organizations. Phone books typically record names, addresses, and phone numbers. Active Directory (AD) is a Microsoft technology used to manage computers and other devices on a network. It is a primary feature of Windows Server, an operating system that runs both local and Internet-based servers. 

Benefits of Active Directory –

  • Hierarchical organizational structure.
  • Multimaster Authentication & Multimaster replication (the ability to access and modify AD DS from multiple points of administration)
  • A single point of access to network resources.
  • Ability to create trust relationships with external networks running previous versions of Active Directory and even Unix.
  • It provides a centralized location for managing user and computer accounts, which can save time and increase efficiency for IT administrators. This also allows for consistent application of security policies and permissions.
  • It provides a range of security features, including password policies, group policies, and access controls, which can help to protect the network from unauthorized access and malicious activity.
  • Designed to support large networks with many users and devices, and can easily scale to meet the needs of growing organizations. This includes the ability to add additional domain controllers and servers as needed.
  • Makes it easy to share resources such as files and printers across the network, and to manage access to these resources through permissions and security settings.
  • Comprehensive auditing and reporting capabilities, which can help organizations to track changes and activity on the network, and to identify potential security issues.

Directory Service – A directory service is a hierarchical arrangement of objects which are structured in a way that makes access easy. However, functioning as a locator service is not AD’s exclusive purpose. It also helps organizations have a central administration over all the activities carried out in their networks. Essentially a Network Directory Service:

  • Provides information about the user objects, computers and services in the network.
  • Stores this information in a secure database and provides tools to manage and search the directory.
  • Allows to manage the user accounts and resources, apply policies consistently as needed by an organization.

Active Directory provides several different services, which fall under the umbrella of “Active Directory Domain Services, ” or AD DS. These services include:

  1. Domain Services – Stores centralized data and manages communication between users and domains; includes login authentication and search functionality
  2. Certificate Services – It generates, manages and shares certificates. A certificate uses encryption to enable a user to exchange information over the internet securely with a public key.
  3. Lightweight Directory Services – Supports directory-enabled applications using the open (LDAP) protocol.
  4. Directory Federation Services – Provides single-sign-on (SSO) to authenticate a user in multiple web applications in a single session.
  5. Rights Management – It controls information rights and management. AD RMS encrypts content, such as email or Word documents, on a server to limit access.

Domain Controllers – A server that is running AD DS is called a domain controller.Domain controllers host and replicate the directory service database inside the forest. The directory service also provides services for managing and authenticating resources in the forest.These servers host essential services in AD DS, including the following: – Kerberos Key Distribution Center (kdc) – NetLogon (Netlogon) – Windows Time (W32time) – Intersite Messaging (IsmServ) Active Directory Objects:

  1. Container Objects – These objects can contain other objects inside them, and we can make collection from them. For Ex- Forest, Tree, Domains, Organisational Units.
  2. Leaf Objects – These objects can not contain other objects inside them. For Ex- users, computers, printers, etc. Common Terminologies and Active Directory Concepts:
    • Schema – A set of rules, the schema, that defines the classes of objects and attributes contained in the directory, the constraints and limits on instances of these objects, and the format of their names.
    • Global catalog – A global catalog that contains information about every object in the directory. This allows users and administrators to find directory information regardless of which domain in the directory actually contains the data. For more information about the global catalog, see The role of the global catalog.
    • Forest Root Domain – The first domain that is installed in an Active Directory Forest is referred to as the root domain.
    • Sites – Sites in AD DS represent the physical structure, or topology, of your network. AD DS uses network topology information, which is stored in the directory as site, subnet, and site link objects, to build the most efficient replication topology.
    • Lightweight Directory Access Protocol – AD is based on the Lightweight Directory Access Protocol (LDAP). This protocol provides a common language for clients and servers to speak to one another.
    • Domain Controller – A domain controller (DC) is a server that contains a writable copy of the Active Directory database and is responsible for authenticating users and computers, as well as enforcing security policies.
    • Organizational Unit – An organizational unit (OU) is a container object in Active Directory that can hold other objects, such as users, groups, and computers. OUs are used to help organize objects within a domain and can be used to apply group policies to specific sets of objects.
    • Group Policy – Group Policy is a feature in Active Directory that allows administrators to define and enforce policies on groups of computers or users. These policies can include security settings, software deployment, and other system configurations.
    • Trust Relationship – A trust relationship is an association between two domains that enables users in one domain to access resources in the other domain. Trust relationships can be one-way or two-way, and can be transitive or non-transitive.
    • Replication – Replication is the process by which changes made to the Active Directory database on one domain controller are synchronized with the database on other domain controllers. Replication ensures that all domain controllers have the same information and helps to maintain consistency across the directory.
    • Kerberos – Kerberos is a network authentication protocol used by Active Directory to provide secure authentication for users and computers. Kerberos uses encryption to prevent unauthorized access to network resources and is integrated with Active Directory to provide a seamless authentication experience for users.
    • Group – A group is a collection of user accounts or computer accounts that can be used to assign permissions or apply policies to multiple objects at once. Groups can be used to simplify administration and improve security by reducing the number of individual permissions or policies that need to be assigned to each object.

Advantages:

Centralized management: AD DS provides centralized management of users, computers, and other network resources, which makes it easier to manage and secure large-scale networks.

Scalability: AD DS can support large-scale networks with tens of thousands of users and devices, making it suitable for enterprise-level organizations.

Group policy management: AD DS provides group policy management, which allows administrators to manage and configure settings for groups of users and computers.

Authentication and authorization: AD DS provides authentication and authorization services, which allows administrators to control access to network resources based on user roles and permissions.

Single sign-on: AD DS supports single sign-on (SSO), which allows users to log in once and access multiple network resources without having to provide credentials multiple times.

Disadvantages:

Complexity: AD DS can be complex to set up and manage, requiring specialized knowledge and expertise.

Cost: AD DS requires licensing fees and may require additional hardware resources, which can increase the cost of network infrastructure.

Vulnerability: AD DS can be vulnerable to security threats, such as password attacks and denial-of-service (DoS) attacks, which can compromise network security.

Compatibility: AD DS is designed for Windows networks and may not be compatible with other operating systems or network environments.

Maintenance: AD DS requires regular maintenance, including software updates and security patches, to ensure optimal performance and security.



Last Updated : 04 May, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads