Active Directory

Active Directory LogoActive Directory, or AD for short, is a product developed by Microsoft to manage users, computers and other devices on a network. It is provided as part of the Microsoft Windows Server operating system.

AD consists of a number of processes and services that are used to managed items on a network. All items on a network are classed as an object, whether that be a user, group, computer, printer or some other device. Objects can be defined as either resources, such as computers or printers, or security principals, which includes users and groups.

One of the services included with AD is Domain Services, or AD DS. A domain consists of a group of computers and other devices, which can be accessed and administered with a common set of rules, allowing devices within the domain to see and communicate with one another. Microsoft products such as Exchange Server and SharePoint Server rely on this to provide access to resources.

Another service that is incorporated in to AD is Lightweight Directory Services (AD LDS). This shares some of the functionality of AD DS, but can run in multiple instances on a single server. AD LDS holds directory data in a data store using Lightweight Directory Access Protocol (LDAP).

Other services provided by AD include Certification Services (AD CS), Federation Services (AD FS) and Rights Management Services (RMS). AD CS provides a means to generate, manage and share certificates, which utilise encryption to enable a user to exchange information over the internet securely with a public key. AD FS facilitates single sign-on, allowing a user to be authenticated across multiple applications, whilst only logging in once. Finally, AD RMS controls information rights and management, by encrypting content, such as email and Excel documents, to limit access on a server.

Useful Links