Skip to main content

What is Active Directory

Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Active Directory is a database that keeps track of all the user accounts and passwords in your organization. It allows you to store your user accounts and passwords in one protected location, improving your organization's security. Active Directory is subdivided into one or more domains

By simple meaning, Active Directory is a centralize repository of Objects. Everything like User, Group, Service, Resources etc, is an object for Active Directory. Active Directory is simply a collection of all these resources.

When we put all these object together under a logical grouping or boundary including network resources to construct Active Directory is know as Domain.


A single/ multiple Domains in contiguous namespace together construct a Tree and  single/ multiple Trees with a transitive trust hierarchy together construct a Forest

True...! What if we have only one Active Directory Domain? Where is this Tree or Forest?

Yes, We do have Forest and Tree into the picture. 

Forest and Tree both is a logical boundary which expands according to it's objects. 

For example we have a domain "parent.com". Now this is a Tree with single domain. We build a new domain into our existing domain, it will use parent domain's name space. It will look like "child.parent.com". now this Tree expends automatically and looks in proper shape. It will grow as we will add new child domains like "child01.parent.com, child02.parent.com" so on. 

Now we are adding a new domain "newparent.com" with it's child domains "child01.newparent.com", "child02.newparent.com", which is sharing same Schema and Linked with a Transitive Trust. We can say this is a new tree in our Forest. Basically Forest is the outer most boundary of Active Directory and it grow automatically with growth of Trees and Domain.


As per Microsoft, A Domain  is defined as a logical group of network objects (Computer, Users, Devices) that share the same Active Directory database. A Tree is a collection of one or more Domains and Domain Trees in a contiguous namespace, linked in a transitive trust hierarchy. At the top of the structure is the forest.


Home

Next                               

Comments

Post a Comment

Popular posts from this blog

PKI Lab Setup

Resource Forest Active Directory Domain Service – DC01 Root Certificate Authority (Offline) – RCA01 Issuing Certificate Authority – ICA01 Client Server – WS01 Account Forest ADC01 AWS01 ------------------------------------------------------------------------------------------------------------------------------------------------------ Step 1 – Installing the Domain Controller Step 2 – Installing the Root Certificate Authority Ø   Install the AD CS Role on the server (RCA01) Ø   Configure the AD CS Role ü   Click – Configure Active Directory Certificate Service on the Destination Server ü   Click Next – If you have logged in with Administration Account or Choose the Account which will be responsible for CA ü   Select Role Service to configure – For my case I am selecting only Certification Authority ü   Select Standalone CA – As this will be offline CA on a work group machine ü   Select Root CA – As this will be the Root CA Server ü   Create a new private key – Mandato
Post a Comment
Read more

Active Directory Replication

Active Directory Replication: is the process by which a change made to an Active Directory objects on one domain controller is propagate to another domain controller. Type of change can be addition, modification, container change or deletion of an object. When a change occurs, domain controller notify to other domain controller which is called Change Notification . Then replication partners generates Change Request . Then the source domain controller send the Update to replication partners.  The delay between the time a change occurs and the time it is propagated to all domain controllers in the site is known as  Replication Latency . 15 Sec for first direct replication partner (Configurable) 3 sec for rest replication partner (Configurable) Security updates like Password lock do not wait for 15 sec and replicates immediately and known as Urgent Replication . Changes can take place on any DC. It may possible that same change take place on multiple DC at same time and this can cause
Post a Comment
Read more