Active directory domain services
Active Directory Domain Services (AD DS) is a server role in Active Directory that allows
admins to manage and store information about resources from a network, as well as
application data, in a distributed database.
AD DS helps admins manage network elements -- both computing devices and users
-- and reorder them into a custom hierarchical structure. AD DS also integrates
security by authenticating logons and controlling access to directory resources.
How does AD DS work?
AD DS is the core component of Active Directory that enables users to authenticate
and access resources on the network. Active Directory organizes objects into a
hierarchy, which lets various Domain Services connect with them and users access
or manage them. The hierarchical structure includes the following:
Domains. A group of objects, such as users or groups of devices, that share the
same AD database makes up a domain.
Organizational units. Within a domain, organizational units are used to
organize objects within the domains.
Active Directory trees. Multiple domains grouped together in a logical
hierarchy make up an AD tree. The bonds between domains in a tree are known
as "trusts."
Active Directory forests. This AD functional level is made up of multiple trees
grouped together. Trees in an AD forest share trusts, just like domains in a tree
share trusts. Trusts enable constituent parts of a tree or forest to share things
like directory schemas and configuration specifications.
Domain Services
Domain Services stores centralized directory information and lets users and
domains communicate. When a user attempts to connect to a device or
resource on a network, this service provides login authentication, verifying
the user's login credentials and access permissions.
�What are the benefits of Active Directory Domain Services?
The four key benefits of AD DS include the following:
1. Hierarchical structure. This is the main benefit of AD DS, providing the organizational
structure for the information contained in Active Directory.
2. Flexibility. AD DS gives users flexibility in determining how data is organized on the network.
It simplifies administrative tasks by centralizing services like user and rights management and
provides some security. Users can access Active Directory from any computer on the network.
3. Single point of access. Domain Services creates a single point of access to network resources.
This lets IT teams collaborate more efficiently and limit the access points to sensitive resources.
4. Redundancy. AD DS has built in replication and redundancy If one domain controller fails,
another automatically takes over its responsibilities.
What are Active Directory Domain Services terms to know?
Some common AD DS related terms and concepts include the following:
Global catalog. The Global catalog holds all AD DS objects. Administrators can find
directory information -- such as a username -- across any domain.
LDAP. This protocol provides the language that servers and clients within the directory
use to communicate with each other.
Multi-master replication. A function that ensures all domain controllers on a network
are updated with any changes made to Active Directory.
Objects. These are the pieces of information that Active Directory organizes. There are
two types of objects: Container objects are organizational units, such as forests and
trees, that hold other objects inside of them. Leaf objects represent things like users,
computers and other devices on the network.
Query and index mechanism. This mechanism enables users to search the global
catalog for directory information.
� Schema. The schema is a set of rules a user establishes to define classes of objects and
attributes in the directory. These rules also dictate the characteristics of object
instances and naming formats.
Sites. The physical groupings of IP subnets. They enable the easy replication of
information among the domain controllers and the deployment of group policies.
Active Directory is a service from Microsoft which are being used to manage the
services run by the Windows Server, in order to provide permissions and access to
network resources. Active Directory is used by over 90% of the Fortune
Companies in order to manage the resources efficiently. Active Directory is just
like a phone book where we treat information as objects. In Active Directory we
have objects like Computers, Users, Printers, etc. Following are some of
the components of Active Directory –
Domain Controller –
Domain Controller is generally the Admin of the Active Directory that is used to set
up the whole directory. The role of Domain Controller is to provide Authentication
and Authorization to different services and users. Domain Controller also allows
administrative access to manage user account and network resources. In Active
Directory the Domain Controller has the topmost priority and has most
Authority/privileges. In other words, we can say that Domain Controller is the
Administrator of Active Directory.
Active Directory Data Store –
An Active Directory Data Store contains Database files and process that store and
manages directory information for users, services, and applications. The active
Directory Data Store contains “NTDS.DIT” file which the most critical file of the
whole AD. It is stored in the “%SystemRoot%\NTDS” folder on all domain
controllers. This NTDS.DIT file is only accessible only through DC Process and
Protocols.
Logical Active Directory Components –
The following are the components that an Active Directory Data Store contains
that defines rules to create an object in an AD environment.
Domain –
A Domain is used to group objects together and manage them. The domain
provides an Authentication and Authorization boundary that provides a way to
limit the scope of access to the resources of that domain. Consider abc.com as a
domain.
