In the early days of personal computing, PCs were all stand-alone machines that had difficulty talking with one another. While it is still possible to run a similar setup, nowadays called a workgroup, there is another option availble: The directory service.
In short, a directory service stores information regarding objects on your network. These objects can be computers, users, groups, etc.
Active Directory (AD) is a directory service that was developed specifically for Microsoft Windows domains and comes packaged with most versions of Windows Server. If you’ve worked with a Windows network, you’ve likely interacted with AD at some point.
In this article, we’ll go over some basics of AD and talk about how it can make life easier (when it comes to managing your Windows network, anyhow).
What is AD used for?
First off we’re AD has many different tasks that are defined by roles. Primarily, though, AD is used as a directory for objects (it is a directory service, after all). These objects help control access rights, authentication, tasks, policies, etc.
Also, while not strictly more secure than using a workgroup, AD does provide some ease in security management. For example, security rights can be controlled from a central location by a single admin. This prevents a jumble of security rights spread across different machines on the network.
In addition, AD provides the infrastructure necessary to utilize other Microsoft tools such as Group Policy and Exchange.
Getting started with Active Directory
Unless you’re setting up a new domain, AD is likely already installed. Still, AD and its various components can be installed within Server Manager at Start > Administrative Tools > Server Manager.
You’ll find the various AD components under the Roles list and can add individual components by clicking Add Roles. Don’t worry I will explain the role with a little depth in just a bit.
Once AD is installed, it can be accessed from Start > Administrative Tools. Depending on what you’ll be doing, you may be working with one of many AD roles listed below.
Understanding AD Roles
Active Directory consists of several roles that work together to provide full directory services for your Windows network.
- Active Directory Domain Services is the core of AD. It provides the hierarchy structure for network objects such as computers, users, groups, etc.
- Active Directory Users and Computers allows for creating, editing, and viewing of users and computers within AD. This is where many folks spend most of their time working with AD.
- Active Directory Federation Services allows for securing sharing of information, specifically identification-related information, between trusted entities. It enables features like Single Sign-On (SSO).
- Active Directory Lightweight Directory Services acts like an independent version of AD. It is most often used to provide a directory service for testing and development.
- Active Directory Rights Management Services is AD’s information rights management (IRM) component. It uses encryption and functionality denial techniques to limit document access.
- Active Directory Certificate Services allows for a public key infrastructure as well as the creation of digital certificates and signatures.
Active Directory is a helpful tool when managing a Windows environment. It provides different roles to handle a myriad of tasks and allows for easier management of user rights, file permissions, and other security-related tasks compared to a simple workgroup. In addition, it allows the addition of other Microsoft tools like Group Policy and Exchange.