LLMpediaThe first transparent, open encyclopedia generated by LLMs

Active Directory

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Skype Hop 4
Expansion Funnel Raw 54 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted54
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Active Directory
NameActive Directory
DeveloperMicrosoft
Released17 February 1999
Operating systemWindows Server
GenreDirectory service
LicenseProprietary software

Active Directory. It is a directory service developed by Microsoft for Windows domain networks, first released with Windows 2000 Server. The service authenticates and authorizes all users and computers in a Windows domain network, assigning and enforcing security policies for all computers and installing or updating software. As a core component of the Windows Server operating system, it provides a centralized, hierarchical framework for managing network resources and identities across an enterprise.

Overview

Active Directory serves as the central authority for network security within a Microsoft ecosystem, organizing objects like users, computers, and printers into a logical, hierarchical structure. It is built on established standards, primarily the Lightweight Directory Access Protocol (LDAP), and utilizes a Domain Name System (DNS) for locating services and objects. The service is integral to the operation of Windows domain networks, enabling single sign-on capabilities and centralized policy management through Group Policy. Its introduction marked a significant evolution from the earlier, less scalable NT domain model used in Windows NT.

Architecture

The fundamental architectural unit is the domain, a collection of objects that share a common directory database and security policies. Multiple domains can be grouped into a forest, which represents the outermost security boundary and a complete instance of the directory. Within a forest, domains are connected by trust relationships that allow for pass-through authentication. The physical topology is managed through the concept of sites, which are collections of IP subnets used to control replication traffic and optimize authentication requests. Data is stored in the NTDS.DIT database file and replicated between domain controllers using a multi-master replication model.

Key components

Core components include the Domain Services (AD DS), which stores directory data and handles user logon, authentication, and directory searches. The Certificate Services (AD CS) creates, manages, and distributes security certificates for uses like SSL and EFS. Federation Services (AD FS) provides single sign-on access to systems and applications across organizational boundaries. Lightweight Directory Services (AD LDS) offers a lightweight, standalone directory service for application-specific needs. Other roles include Rights Management Services (AD RMS) for information protection.

Security features

Security is enforced through authentication protocols like Kerberos, NTLM, and Digest access authentication, with Kerberos being the primary method. Access control is managed via security identifiers (SIDs) and discretionary access control lists (DACLs) on directory objects. Group Policy allows administrators to define security settings, software policies, and scripts that are applied to users and computers. The service supports Smart card authentication and integrates with PKI for enhanced security. Advanced security auditing capabilities track changes and access within the directory.

Management and administration

Primary administration is performed using the Microsoft Management Console-based Active Directory Users and Computers snap-in, alongside other tools like Active Directory Domains and Trusts and Active Directory Sites and Services. Windows PowerShell provides a powerful command-line interface for automation and scripting of management tasks through modules like Active Directory Module for Windows PowerShell. The Active Directory Administrative Center, introduced in Windows Server 2008 R2, offers an enhanced task-oriented management GUI. Third-party tools from vendors like Quest Software and SolarWinds also provide extended management and reporting capabilities.

Integration and interoperability

It integrates deeply with other Microsoft server products such as Microsoft Exchange Server, Microsoft SharePoint, and System Center Configuration Manager for unified identity management. For cross-platform environments, it can interoperate with other directory services like OpenLDAP and NetIQ eDirectory through LDAP synchronization. Azure Active Directory, part of Microsoft Azure, extends identity services to the cloud, enabling hybrid identity scenarios. Support for Security Assertion Markup Language (SAML) and OAuth protocols facilitates integration with modern web applications and non-Windows platforms.

Category:Directory services Category:Windows administration Category:Microsoft software