Active directory domain services overview


Active Directory (AD) is a database and set of services that connect userswith the network resources they need lớn get their work done.

Bạn đang xem: Active directory domain services overview

The database (or directory) contains critical information about yourenvironment, including what users and computers there are & who’sallowed to vì chưng what. For example, the database might list 100 user accountswith details lượt thích each person’s job title, phone number và password. Itwill also record their permissions.

The services control much of the activity that goes on in your ITenvironment. In particular, they make sure each person is who they claim to lớn be(authentication), usually by checking the user ID and password they enter, andallow them khổng lồ access only the data they’re allowed to lớn use(authorization).

Read on khổng lồ learn more about the benefits of Active Directory, how it worksand what’s in an Active Directory database.

Active Directory simplifies life for administrators & end users whileenhancing security for organizations. Administrators enjoy centralized userand rights management, as well as centralized control over computer và user configurations through the AD Group Policy feature. Users can authenticateonce và then seamlessly access any resources in the domain for whichthey’re authorized (single sign-on). Plus, files are stored in a centralrepository where they can be shared with other users lớn ease collaboration,and backed up properly by IT teams lớn ensure business continuity.


The main Active Directory service is Active Directory domain name Services (AD DS), which is part of the Windows vps operating system. The servers thatrun AD DS are called domain controllers (DCs). Organizations normally havemultiple DCs, and each one has a copy of the directory for the entire domain.Changes made to lớn the directory on one domain controller — such aspassword update or the deletion of a user trương mục — are replicated tothe other DCs so they all stay up khổng lồ date. A Global Catalog vps is a DCthat stores a complete copy of all objects in the directory of its domain anda partial copy of all objects of all other domains in the forest; this enablesusers and applications lớn find objects in any domain of their forest.Desktops, laptops & other devices running Windows (rather than WindowsServer) can be part of an Active Directory environment but they vày not run ADDS. AD DS relies on several established protocols và standards, includingLDAP (Lightweight Directory Access Protocol), Kerberos and DNS (Domain NameSystem).

It’s important lớn understand that Active Directory is only foron-premises Microsoft environments. Microsoft environments in the cloud useAzure Active Directory, which serves the same purposes as its on-premnamesake. AD and Azure AD are separate but can work together to lớn some degree ifyour organization has both on-premises và cloud IT environments (a hybriddeployment).


AD has three main tiers: domains, trees and forests. A domain name is a group ofrelated users, computers và other AD objects, such as all the AD objects foryour company’s head office. Multiple domains can be combined into atree, & multiple trees can be grouped into a forest.

Keep in mind that a tên miền is a management boundary. The objects for a given domain name are stored in a single database và can be managed together. A forest is a security boundary. Objects in different forests are not able to interact with each other unless the administrators of each forest create a trust between them. For instance, if you have multiple disjointed business units, you probably want lớn create multiple forests.


The Active Directory database (directory) contains information about the AD objects in the domain. Common types of AD objects include users, computers, applications, printers và shared folders. Some objects can contain other objects (which is why you’ll see AD described as “hierarchical”). In particular, organizations often simplify administration by organizing AD objects into organizational units (OUs) và streamline security by putting users into groups. These OUs and groups are themselves objects stored in the directory.

Xem thêm: Cách Tải Bluestack 5 Trên Windows 7, 8, 10, Download Bluestacks

Objects have attributes. Some attributes are obvious & some are more behind the scenes. For example, a user object typically has attributes lượt thích the person’s name, password, department and thư điện tử address, but also attributes most people never see, such as its chất lượng Globally chất lượng Identifier (GUID), Security Identifier (SID), last logon time and group membership.

Databases are structured, which means there is a kiến thiết that determines what types of data they store và how that data is organized. This design is called a schema. Active Directory is no exception: Its schema contains formal definitions of every object class that can be created in the Active Directory forest and every attribute that can exist in an Active Directory object. AD comes with a mặc định schema, but administrators can modify it to lớn suit business needs. The key thing khổng lồ know is that it’s best to plan the schema carefully up front; because of the central role AD plays in authentication & authorizations, changing the schema of the AD database later can dramatically disrupt your business.


Active Directory is central khổng lồ the success of any modern business. Kiểm tra out these additional helpful pages to lớn learn best practices for the most critical areas of Active Directory:

Learn More


Gartner Report: Protect, Detect and Recover From Ransomware trắng Paper

Gartner Report: Protect, Detect and Recover From Ransomware Software helps you protect AD backups from malware and minimize the impact of ransomware attacks with the latest release of Recovery Manager for Active Directory Disaster Recovery Edition và the new Secure Storage capability. Read trắng Paper
On-Demand Webcast: Best Practices to lớn Avoid Common Active Directory Migration Mistakes On Demand Webcast
On-Demand Webcast: Best Practices to lớn Avoid Common Active Directory Migration Mistakes Mergers, acquisitions, & divestitures are common business activities that can have a huge impact on your Microsoft 365 tenant. These events come with complicated legal maneuvers and rigid timelines. Watch Webcast
Be Prepared for Ransomware Attacks with Active Directory Disaster Recovery Planning Reduce your organization’s risk with an effective Active Directory recovery strategy. Read trắng Paper
Colonial Pipeline Ransomware và MITRE ATT&CK Tactic TA0040 Ransomware attacks are exploiting Active Directory. This security-expert-led webcast explores a 3-prong defense against them. Watch Webcast
M&A IT Integration Checklist: Active Directory If your organization is involved in a merger and acquisition, the impending IT integration project might seem overwhelming. But it needn’t be. In fact, the project can be the perfect opportunity khổng lồ clean up, consolidate và modernize your Microsoft IT infrastructure lớn meet the business requir Read Technical Brief
Nine Best Practices to lớn Improve Active Directory Security và Cyber Resilience This ebook explores the anatomy of an AD insider threat và details the best defense strategies against it. Read E-book
Five Ways lớn Secure Your Group Policy Discover how khổng lồ dramatically improve security by ensuring proper GPO governance. Read E-book
Protect Your Active Directory from Ransomware using the NIST Cybersecurity Framework On Demand Webcast
Protect Your Active Directory from Ransomware using the NIST Cybersecurity Framework Learn guidance on how lớn identify, protect, detect, respond to, & recover from ransomware cyberattacks. Watch Webcast
What is multifactor authentication (MFA) and what are the benefits of using it?

What exactly is multifactor authentication (MFA)? Learn what it is, the different technologies available to lớn implement it, & the pros & cons of each.

Strengthening Active Directory security: 3 best practices for implementing a Zero Trust mã sản phẩm

Learn how to lớn implement a Zero Trust mã sản phẩm in on-premises or hybrid Active Directory environments to dramatically strengthen Active Directory security.

What is Active Directory domain name Services và how vì chưng I protect tên miền controllers?

What is Active Directory domain Services? Is it different from Active Directory? We explain it all and share best practices khổng lồ protect domain name controllers.

Golden ticket attacks: How they work — & how lớn defend against them

Golden Ticket attacks have a playful name but are a serious threat to Active Directory environments. Learn how they work & how to defend against them.

Zero trust: What it is, why you need it, & how to get started

Everyone’s talking about Zero Trust security. Learn what it is, the benefits and downsides, & steps your organization can take to lớn get started.

10 Microsoft service tài khoản best practices

Microsoft service accounts are a critical part of your Windows ecosystem. Learn what they are và 10 best practices for managing them efficiently.