What is 'Active Directory ( AD )'?
What is 'Active Directory ( AD )'?

Definition of an AD (Active Directory)

Active Directory is essentially a giant database. To get the detailed knowledge of Active Directory first consider the organization without Active Directory.

In this organization which doesn’t have Active Directory, every computer in the organization has its small database of usernames and passwords. Microsoft named this kind of setup ‘A Work Group.’

 

What is ‘Work Group’?

A Work Group is primarily for every user for themselves & there is no central control on any number of Users.  When a user tries to reach the data from another computer on the network, then-current username and password of that user are sent to that computer.

To allow that user to have access that another machine is just a matter of creating a username and password on that particular machine.

It creates two problems. First, it doesn’t scale well.  When you have a small network with only a few machines, then you can keep this under control without too much effort.

Now imagine if your organization grew to 10 users or devices. Every time a new user needs access and old user needs to be removed. You would need to visit each of the computers that are affected by that change.

Now imagine if an organization have 100 or 200 machines. You can see that now this becomes unmanageable. The next problem occurs when a user changes their password. When this occurs, and they attempt to access another computer on the network the passwords will be different.

Because of this, the user will be prompted for a username and password when trying to access another machine. The user can then use their old password to access the computer, or the password needs to be updated on the remote computer to reflect the password change.

The problem occurs because there is no way to keep all the usernames and passwords in sync with each other. To do this, you could use a centralized username and password system like Active Directory.

 

Active Directory

Active Directory keeps a centralized store of usernames & passwords. Active Directory notes any changes to usernames & passwords, and all workstations on the network have access to this information.

What is Cache Computing?

When looking into using AD( Active Directory), the first thing you should ask yourself is to do you need Active Directory?

Installing Systems like Active Directory does cost money and also mean you need to install dedicated servers to store the active directory database. If somebody has a small home or small business network, Active Directory would be overkill for your needs.

If you are using windows Ten or windows seven network at your small business or home, you may want to consider using HomeGroup rather than installing products like Active Directory.

 

What is ‘HomeGroup’?

HomeGroup allows machines to access each other resources on the network using one password. HomeGroup is suitable for small business users or home users who don’t require extensive systems like Active Directory to share some files or printers.

 

Active Directory work diagram
Active Directory work diagram Copyright@ FirstAttribute

So Now you understand why you need Active Directory, What exactly is Active Directory?

In Organizations, Active Directory provides centralized control over the network but still flexible enough that it can be distributed across the world. Active Directory can be used to store usernames and passwords, but it can also be used to store resources like printer information and share info can be stored in Active Directory.

It can be used to store information for services like E-Mail. If you want to install Exchange on your network, then you probably need to know that Exchange is very heavily integrated into Active Directory.

It can be used to store information for services like E-Mail. If you want to install Exchange on your network, then you probably need to know that Exchange is very heavily integrated into Active Directory.

In fact, Exchange Server can’t be installed in the organization without Active Directory. Lastly Active Directory stores group policy settings. Groups policy allows you to make centralized changes to

Groups policy allows you to make centralized changes to machines on your network quickly and easily. In Active Directory everything is an object regardless of whether it’s a user account, group policy or a printer.

Active Directory is essential for a database that holds objects. For users and computers to be put into a logical management structure, Microsoft allows you to create a domain.

Get-mailbox : The term 'get-mailbox' is not recognized as the name of a cmdlet

 

What is a Domain?

The logical group of machines that share the same Active Directory database is a Domain. All computers in a domain also share the same namespace. For Ex – if you had Online Marketing Hits Dot Com as your domain namespace, then any machine or computer in that domain will share that namespace like pc1.onlinemarketing dot com. Usually, a domain will mirror the company organization.

If OnlineMarketingHits a small organization In Los Angles, a separate domain could be created for this company to keep administration distinct from the parent company.

The Los Angles company could be called  la.onlinemarketinghits dot com. Now if Online Marketing Hits purchased another company called food stopper dot com, this company domain could be linked to the existing domains.

Each of the companies has their active directory database, and all have their settings. From an administrative point of view, they are separate domains with their database.

If you were to make a change to group policy in one domain, it would not affect the other domains. But you can share resources and user accounts between domains even though they are separate domains.

What is a Domain Controller (DC)?

Now when you know about Active Directory and Domains is, Next we need to need to talk about Domain Controller.

Domain Controller runs Active Directory. As soon as this role is added to a windows server, it becomes a domain controller. If it’s sound confusing then put it this way, a domain controller holds a copy of the Active Directory Database.

A DC or Domain Controller will replicate any changes made it to the local copy of the active directory database to other Domain Controllers. That how Active Directory keeps its database up to date when there are copies of the same database all around the world.

Each domain controller replicates its changes through the network to the other domain controllers, and those domain controllers replicated their changes back.

Lastly – Domain Controllers primary job is to authenticate users. As soon as the user got the authentication and allowed access to the network, a domain controller also determines what the user can & can not have access.

Written By - Yashdeep Sahni