Active Directory (AD) is Directory service developed by Microsoft Corporation for their windows server series operating system (OS). Active Directory was introduced in Windows 2000 Server and revised with additional features in Windows Server 2008. AD has information about all the objects – users, groups, computers, application and other resources like shared data, printers, in an organizational networks.
This service provide centralized management in windows domain networks. Active Directory serves as a single data store for quick data access to all users and controls access for users based on the directory’s security policy. Its a service to arrange, store information, provides access and permissions based on those information. Active directory information is used to authenticate and authorize all objects in a network
Active directory domain means its a logical group of objects. We can create unlimited number of objects in a domain and not need be in a same physical location.A domain consists of objects stored in a specific security boundary and interconnected in a tree-like structure. A single domain may have multiple servers – each of which is capable of storing multiple objects. In this case, organizational data is stored in multiple locations, so a domain may have multiple sites for a single domain.
The main service in Active Directory is Domain Services (ADDS) which stores directory information and handles the interaction of the user with the domain. ADDS controls which users have access to each resource. Active Directory Domain Services uses a tiered layout consisting of domains, trees and forests to coordinate networked elements.
A Domain Controller is responsible for all the authentication, authorization, addition, modification, deletion inside a domain. if an user has access to domain, he can log on anywhere and any computer in that domain. The permissions, polices and rights can be set for all the objects at the domain level or at the individual level as well.