What is Active Directory?
What is Active Directory?
An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996 and first used with Windows 2000.
An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory.
An active directory can be defined as a hierarchical structure and this structure is usually broken up into three main categories, the resources which might include hardware such as printers, services for end users such as web email servers and objects which are the main functions of the domain and network.
It is interesting to note the framework for the objects. Remember that an object can be a piece of hardware such as a printer, end user or security settings set by the administrator. These objects can hold other objects within their file structure. All objects have an ID, usually an object name (folder name). In addition to these objects being able to hold other objects, every object has its own attributes which allows it to be characterized by the information which it contains. Most IT professionals call these setting or characterizations schemas.
Depending on the type of schema created for a folder, will ultimately determine how these objects are used. For instance, some objects with certain schemas can not be deleted, they can only be deactivated. Others types of schemas with certain attributes can be deleted entirely. For instance, a user object can be deleted, but the administrator object can not be deleted.
When understanding active directories, it is important to know the framework that objects can be viewed at. In fact, an active directory can be viewed at either one of three levels, these levels are called forests, trees or domains. The highest structure is called the forest because you can see all objects included within the active directory.
Within the Forest structure are trees, these structures usually hold one or more domains, going further down the structure of an active directory are single domains. To put the forest, trees and domains into perspective, consider the following example.
A large organization has many dozens of users and processes. The forest might be the entire network of end users and specific computers at a set location. Within this forest directory are now trees that hold information on specific objects such as domain controllers, program data, system, etc. Within these objects are even more objects which can then be controlled and categorized.
How are Active Directories used?
If you are a computer administrator for a large corporation or organization, you can easily update all end users computers with new software, patches, files, etc simply by updating one object in a forest or tree.
Because each object fits into a set schema and has specific attributes, a network administrator can easily clear a person on a set tree or instantly give access to some users for certain applications or deny access to certain users for others. The Microsoft servers use trust to determine whether or not access should be allowed. Two types of trust that Microsoft active directories incorporate are transitive trusts and one way non transitive trusts. A transitive trust is when there is a trust that goes further than two domains in a set tree, meaning two entities are able to access each others domains and trees.
A one way transitive trust is when a user is allowed accessed to another tree or domain, however, the other domain does not allow access to the other domains. This can be summed up as a network administrator and end user. The network administrator can access most trees in the forest including a specific end user’s domain. However the end user, while able to access his or her own domain, can not access other trees.
It is important to note that active directories are a great way to organize a large organization or corporation’s computers data and network. Without an active directory, most end users would have computers that would need to be updated individually and would not have access to a larger network where data can be processed and reports can be created. While active directories can be extremely technical and require lots of expertise to navigate, they are essential to storing information and data on networks.
How do I install Active Directory on my Windows Server 2003 server?
First make sure you read and understand Active Directory Installation Requirements. If you don’t comply with all the requirements of that article you will not be able to set up your AD (for example: you don’t have a NIC or you’re using a computer that’s not connected to a LAN).
Note: This article is only good for understanding how to install the FIRST DC in a NEW AD Domain, in a NEW TREE, in a NEW FOREST. Meaning – don’t do it for any other scenario, such as a new replica DC in an existing domain. In order to install a Windows Server 2003 DC in an EXISTING Windows 2000 Domain follow the Windows 2003 ADPrep tip.
Windows 2000 Note: If you plan to install a new Windows 2000 DC please read How to Install Active Directory on Windows 2000.
Windows Server 2003 Note: If you plan to install a new Windows Server 2003 DC in an existing AD forest please read the page BEFORE you go on, otherwise you’ll end up with the following error: