What is active directory?
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers.
What is the role of the Active Directory?
Active Directory serves as a central location for network administration and security. It is responsible for authenticating and authorizing all users and computers within a network of Windows domain type, assigning and enforcing security policies for all computers in a network and installing or updating software on network computers.
For example, when a user logs into a computer that is part of a Windows domain, it is Active Directory that verifies his or her password and specifies whether he or she is a system administrator or normal user.
- A Site object in Active Directory represents a geographic location that hosts networks.
- The Active Directory framework that holds the objects can be viewed at a number of levels. The forest, tree, and domain are the logical divisions in an Active Directory network.
- Within a deployment, objects are grouped into domains. The objects for a single domain are stored in a single database (which can be replicated). Domains are identified by their DNS name structure, the namespace.
- A tree is a collection of one or more domains and domain trees in a contiguous namespace, linked in a transitive trust hierarchy.
- At the top of the structure is the forest. A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration. The forest represents the security boundary within which users, computers, groups, and other objects are accessible.
- The objects held within a domain can be grouped into Organizational Units (OUs)
- Active Directory Domain Services
Active Directory Domain Services (AD DS), formerly known as Active Directory Domain Services, is the central location for configuration information, authentication requests, and information about all of the objects that are stored within your forest. Using Active Directory, you can efficiently manage users, computers, groups, printers, applications, and other directory-enabled objects from one secure, centralized location.
Changes made to Active Directory objects can be recorded so that you know what was changed, as well as the previous and current values for the changed attributes.
Fine-Grained Passwords : Password policies can be configured for distinct groups within the domain. No longer does every account have to use the same password policy within the domain.
Read-Only Domain Controller: A domain controller with a read-only version of the Active Directory database can be deployed in environments where the security of the domain controller cannot be guaranteed, such as branch offices where the physical security of the domain controller is in question, or domain controllers that host additional roles, requiring other users to log on and maintain the server. The use of Read-Only Domain Controllers (RODCs) prevents changes made at branch locations from potentially polluting or corrupting your AD forest via replication. RODCs also eliminate the need to use a staging site for branch office domain controllers, or to send installation media and a domain administrator to the branch location.
Restartable: Active Directory Domain Services. Active Directory Domain Services can be stopped and maintained. Rebooting the domain controller and restarting it in Directory Services Restore Mode is not required for most maintenance functions. Other services on the domain controller can continue functioning while the directory service is offline.
Database Mounting Tool: A snapshot of the Active Directory database can be mounted using this tool. This allows a domain administrator to view the objects within the snapshot to determine the restore requirements when necessary.
- Active Directory Rights Management Services
- Active Directory Federation Services
- Active Directory Certificate Services
- Active Directory Lightweight Directory Services
Replication
Active Directory replication is 'pull' rather than 'push', meaning that replicas pull changes from the server where the change was effected. The Knowledge Consistency Checker (KCC) creates a replication topology of site links using the definedsites to manage traffic. Intrasite replication is frequent and automatic as a result of change notification, which triggers peers to begin a pull replication cycle. Intersite replication intervals are typically less frequent and do not use change notification by default, although this is configurable and can be made identical to intrasite replication.
Active Directory replication is 'pull' rather than 'push', meaning that replicas pull changes from the server where the change was effected. The Knowledge Consistency Checker (KCC) creates a replication topology of site links using the definedsites to manage traffic. Intrasite replication is frequent and automatic as a result of change notification, which triggers peers to begin a pull replication cycle. Intersite replication intervals are typically less frequent and do not use change notification by default, although this is configurable and can be made identical to intrasite replication.
No comments:
Post a Comment