Skip to main content

What is Active Directory?

Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. Starting with Windows Server 2008, however, Active Directory became an umbrella title for a broad range of directory-based identity-related services.
A server running Active Directory Domain Services (AD DS) is called a domain controller. It authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user. Also, it allows management and storage of information at admin level and provides authentication and authorization mechanisms and a framework to deploy other related services (AD Certificate Services, AD Federated Services, etc.).
Active Directory uses Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Microsoft's version of Kerberos, and DNS.

Active Directory Services

Active Directory Services consist of multiple directory services. The best known is Active Directory Domain Services, commonly abbreviated as AD DS or simply AD.

Domain Services

Active Directory Domain Services (AD DS) is the cornerstone of every Windows domain network. It stores information about members of the domain, including devices and users, verifies their credentials and defines their access rights. The server (or the cluster of servers) running this service is called a domain controller. A domain controller is contacted when a user logs into a device, accesses another device across the network, or runs a line-of-business Metro-style app sideloaded into a device.
Other Active Directory services (excluding LDS, as described below) as well as most of Microsoft server technologies rely on or use Domain Services; examples include Group Policy, Encrypting File System, BitLocker, Domain Name Services, Remote Desktop Services, Exchange Server and SharePoint Server.

Lightweight Directory Services

Active Directory Lightweight Directory Services (AD LDS), formerly known as Active Directory Application Mode (ADAM),is a light-weight implementation of AD DS. AD LDS runs as a service on Windows Server. AD LDS shares the code base with AD DS and provides the same functionality, including an identical API, but does not require the creation of domains or domain controllers. It provides a Data Store for storage of directory data and a Directory Service with an LDAP Directory Service Interface. Unlike AD DS, however, multiple AD LDS instances can run on the same server.

Certificate Services

Active Directory Certificate Services (AD CS) establishes an on-premises public key infrastructure. It can create, validate and revoke public key certificates for internal uses of an organization. These certificates can be used to encrypt files (when used with Encrypting File System), emails (per S/MIME standard), network traffic (when used by virtual private networks, Transport Layer Security protocol or IPSec protocol).
AD CS predates Windows Server 2008, but its name was simply Certificate Services.
AD CS requires an AD DS infrastructure.

Federation Services

Main article: Active Directory Federation Services
Active Directory Federation Services (AD FS) is a single sign-on service. With an AD FS infrastructure in place, users may use several web-based services (e.g. internet forum, blog, online shopping, webmail) or network resources using only one set of credentials stored at a central location, as opposed to having to be granted a dedicated set of credentials for each service. AD FS's purpose is an extension of that of AD DS: The latter enables users to authenticate with and use the devices that are part of the same network, using one set of credentials. The former enables them use this same set in a different network.
As the name suggests, AD FS works based on the concept of federated identity.
AD FS requires an AD DS infrastructure, although its federation partner may not.


External Links  


References

https://en.wikipedia.org/w/index.php?title=Active_Directory&gettingStartedReturn=true



Labels:

Comments

Post a Comment

Popular posts from this blog

How to configure LDAPS, LDAP over SSL, using CA Certificate Service on Domain Controller in Windows Server 2016

This post is to provide an instruction on how to set up LDAPS (LDAP over SSL) on Domain Controller using single-tier CA hierachy. Reasons for Enabling LDAPS By default, LDAP communications between client and server applications are not encrypted. This means that it would be possible to use a network monitoring device or software and view the communications traveling between LDAP client and server computers. This is especially problematic when an LDAP simple bind is used because credentials (username and password) is passed over the network unencrypted. This could quickly lead to the compromise of credentials.  Reasons for enabling Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) / Transport Layer Security (TLS) also known as LDAPS include: Some applications authenticate with Active Directory Domain Services (AD DS) through simple BIND. As simple BIND exposes the users’ credentials in clear text, use of Kerberos is preferred. If simp...
Post a Comment
Read more

[Tableau] How to install Tableau Server on Centos 7 / Redhat

Step 1: Install Tableau Server package and start Tableau Services Manager 1. Log on as a user with sudo access to the computer where you want to install Tableau Server. 2. Downalod installer from below Tableau download page. https://www.tableau.com/products/server/download/linux // use WINSCP or any preferred utility to move Tableau Server installation file to Centos. 3. Use the package manager to install the Tableau Server package. sudo yum update sudo yum install tableau-server-<version>.x86_64.rpm -- Non-default location—To install to a non-default location, you must use rpm -i. You will also need to install all dependent packages. See the note below. Run the following command: sudo rpm -i --prefix /preferred/install/path tableau-server.rpm Refer to https://onlinehelp.tableau.com/current/server-linux/en-us/setup.htm -- 4. Navigate to the scripts directory: cd /opt/tableau/tableau_server/packages/scripts.'version'/ 5. Ru...
Post a Comment
Read more

[AD LDAP] How to install LDAP in AD in Windows Server 2019 in VirtualBox

Post a Comment
Read more