For the best web experience, please use IE11+, Chrome, Firefox, or Safari
Resources
- All Resources
- Learning Hub
Blogs
- IT Industry Insights
- Quest Solution Blogs
- Data Protection
- Data Management
- Microsoft Platform Management
- Performance Monitoring
- Unified Endpoint Management
- IT Ninja
- Toad World Blog
- Forums
- United States (English)
- Brazil (Português)
- China (中文)
- France (Français)
- Germany (Deutsch)
- Japan (日本語)
- Mexico (Español)
- Account Settings
Free TrialsRequest Pricing
Learn what AD is and how it works
02:25
Active Directory (AD) is a database and set of services that connect userswith the network resources they need to get their work done.
The database (or directory) contains critical information about yourenvironment, including what users and computers there are and who’sallowed to do what. For example, the database might list 100 user accountswith details like each person’s job title, phone number and password. Itwill also record their permissions.
The services control much of the activity that goes on in your ITenvironment. In particular, they make sure each person is who they claim to be(authentication), usually by checking the user ID and password they enter, andallow them to access only the data they’re allowed to use(authorization).
Read on to learn more about the benefits of Active Directory, how it worksand what’s in an Active Directory database.
Learn More
Benefits of Active Directory
Active Directory simplifies life for administrators and end users whileenhancing security for organizations. Administrators enjoy centralized userand rights management, as well as centralized control over computer and user configurations through the AD Group Policy feature. Users can authenticateonce and then seamlessly access any resources in the domain for whichthey’re authorized (single sign-on). Plus, files are stored in a centralrepository where they can be shared with other users to ease collaboration,and backed up properly by IT teams to ensure business continuity.
How does Active Directory work?
The main Active Directory service is Active Directory Domain Services (AD DS), which is part of the Windows Server operating system. The servers thatrun AD DS are called domain controllers (DCs). Organizations normally havemultiple DCs, and each one has a copy of the directory for the entire domain.Changes made to the directory on one domain controller — such aspassword update or the deletion of a user account — are replicated tothe other DCs so they all stay up to date. A Global Catalog server is a DCthat stores a complete copy of all objects in the directory of its domain anda partial copy of all objects of all other domains in the forest; this enablesusers and applications to find objects in any domain of their forest.Desktops, laptops and other devices running Windows (rather than WindowsServer) can be part of an Active Directory environment but they do not run ADDS. AD DS relies on several established protocols and standards, includingLDAP (Lightweight Directory Access Protocol), Kerberos and DNS (Domain NameSystem).
It’s important to understand that Active Directory is only foron-premises Microsoft environments. Microsoft environments in the cloud useAzure Active Directory, which serves the same purposes as its on-premnamesake. AD and Azure AD are separate but can work together to some degree ifyour organization has both on-premises and cloud IT environments (a hybriddeployment).
How is Active Directory structured?
AD has three main tiers: domains, trees and forests. A domain is a group ofrelated users, computers and other AD objects, such as all the AD objects foryour company’s head office. Multiple domains can be combined into atree, and multiple trees can be grouped into a forest.
Keep in mind that a domain is a management boundary. The objects for a given domain are stored in a single database and can be managed together. A forest is a security boundary. Objects in different forests are not able to interact with each other unless the administrators of each forest create a trust between them. For instance, if you have multiple disjointed business units, you probably want to create multiple forests.
What’s in the Active Directory database?
The Active Directory database (directory) contains information about the AD objects in the domain. Common types of AD objects include users, computers, applications, printers and shared folders. Some objects can contain other objects (which is why you’ll see AD described as “hierarchical”). In particular, organizations often simplify administration by organizing AD objects into organizational units (OUs) and streamline security by putting users into groups. These OUs and groups are themselves objects stored in the directory.
Objects have attributes. Some attributes are obvious and some are more behind the scenes. For example, a user object typically has attributes like the person’s name, password, department and email address, but also attributes most people never see, such as its unique Globally Unique Identifier (GUID), Security Identifier (SID), last logon time and group membership.
Databases are structured, which means there is a design that determines what types of data they store and how that data is organized. This design is called a schema. Active Directory is no exception: Its schema contains formal definitions of every object class that can be created in the Active Directory forest and every attribute that can exist in an Active Directory object. AD comes with a default schema, but administrators can modify it to suit business needs. The key thing to know is that it’s best to plan the schema carefully up front; because of the central role AD plays in authentication and authorizations, changing the schema of the AD database later can dramatically disrupt your business.
Where can I learn more about Active Directory?
Active Directory is central to the success of any modern business. Check out these additional helpful pages to learn best practices for the most critical areas of Active Directory:
- ActiveDirectory management
- ActiveDirectory security
- ActiveDirectory migration
- ActiveDirectory reporting
Learn More
Resources
Be Prepared for Ransomware Attacks with Active Directory Disaster Recovery Planning
White Paper
Reduce your organization’s risk with an effective Active Directory recovery strategy.
Read White Paper
Colonial Pipeline Ransomware and MITRE ATT&CK Tactic TA0040
On Demand Webcast
Ransomware attacks are exploiting Active Directory. This security-expert-led webcast explores a 3-prong defense against them.
Watch Webcast
M&A IT Integration Checklist: Active Directory
Technical Brief
If your organization is involved in a merger and acquisition, the impending IT integration project might seem overwhelming.
Read Technical Brief
Nine Best Practices to Improve Active Directory Security and Cyber Resilience
E-book
This ebook explores the anatomy of an AD insider threat and details the best defense strategies against it.
Read E-book
Five Ways to Secure Your Group Policy
E-book
Discover how to dramatically improve security by ensuring proper GPO governance.
Read E-book
Protect Your Active Directory from Ransomware using the NIST Cybersecurity Framework
On Demand Webcast
Learn guidance on how to identify, protect, detect, respond to, and recover from ransomware cyberattacks.
Watch Webcast
CGG consolidates Active Directory for a move to the cloud
Case Study
CGG consolidated its Active Directory domains to enhance security and facilitate a move to the cloud with Quest Migrator Pro for Active Directory. CGG realized robust synchronization between the domains with a transition was transparent to end-users
Read Case Study
Three Key Ways to Improve Group Policy Management and Governance
Technical Brief
Learn how to dramatically improve security while streamlining Group Policy administration with GPOADmin.
Read Technical Brief
Blogs
The anatomy of Active Directory attacks
Learn the most common Active Directory attacks, how they unfold and what steps organizations can take to mitigate their risk.
Jason Morano 26 Sep 2022
8 ways to secure your Active Directory environment
Secure your Active Directory against potential risks with these 8 best practices and ensure robust security measures for your system.
Bryan Patton 27 Jun 2022
Active Directory forest: What it is and best practices for managing it
Active Directory forest is a critical — but often underappreciated — element of the IT infrastructure. Learn what it is and how to manage it.
Fouad Hamdi 03 Jun 2022
Active Directory disaster recovery: Creating an airtight strategy
Businesses cannot operate without Active Directory up and running. Learn why and how to develop a comprehensive Active Directory disaster recovery strategy.
Brian Hymer 20 Apr 2022
5 Active Directory migration best practices
Active Directory delivers key authentication services so it’s critical for migrations to go smoothly. Learn 5 Active Directory migration best practices.
Becky Cross 16 Feb 2022
Active Directory security groups: What they are and how they improve security
Active Directory security groups play a critical role in controlling access to your vital systems and data. Learn how they work.
Matthew Vinton 22 Feb 2022
Get started now
Successfully manage AD – the heart of your IT environment.
Learn More