What is Active Directory?
FAQs
-
What is the purpose of Active Directory?
The primary purpose of Active Directory is to provide a centralized platform to manage network resources, such as user accounts, computers, printers, and security policies. It facilitates authentication, authorization, and directory services to ensure efficient and secure access to network resources.
-
What are the key components of Active Directory?
The key components of Active Directory include:
-
- Domain Controllers (DCs): Servers that store and manage the directory data.
- Schema: The structure that defines the types of objects and the information about those objects stored in the directory.
- Global Catalog: A distributed data repository that contains a searchable, partial representation of every object in every domain in the forest.
- Organizational Units (OUs): Containers used to organize objects within a domain.
- Sites and Subnets: Represent the physical structure of a network and help manage replication traffic.
-
-
How does Active Directory handle authentication and authorization?
Active Directory uses protocols like Kerberos for authentication and LDAP for directory queries. When a user attempts to log in, AD verifies their credentials through Kerberos, providing a ticket-granting ticket (TGT) if successful. For authorization, AD checks the user’s permissions and group memberships to determine access rights to resources.
-
What is a domain in Active Directory?
A domain is a logical group of network objects (such as users, computers, and devices) that share the same AD database. Domains establish a boundary for security and administration within Active Directory.
-
What is the difference between a forest and a domain in Active Directory?
A domain is a single unit within Active Directory, whereas a forest is a collection of one or more domains that share a common schema, configuration, and global catalog. A forest represents the top-level container in an Active Directory structure, providing a unified view of all the objects and resources within the included domains.
-
What is Group Policy and how is it used in Active Directory?
Group Policy is a feature in Active Directory that allows administrators to create and enforce policies for users and computers within the domain. It can be used to configure security settings, software installation, desktop configurations, and more, ensuring consistent and controlled environments across the network.
-
What are Organizational Units (OUs) and how are they used?
Organizational Units (OUs) are containers within a domain that can hold users, groups, computers, and other OUs. They are used to organize and manage these objects efficiently, allowing administrators to apply policies and delegate administrative control based on the structure of the organization.
-
How does Active Directory replication work?
Active Directory replication ensures that directory data is consistent across all domain controllers in the network. Changes made on one domain controller are propagated to other domain controllers using a multi-master replication model. Replication can be scheduled and optimized to reduce network traffic and ensure data consistency.
-
What is the Global Catalog in Active Directory?
The Global Catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in the forest. It enables users and applications to quickly locate objects across multiple domains without the need to query each domain individually.
-
What are trust relationships in Active Directory?
Trust relationships allow different domains to share resources and authenticate users across domain boundaries. Trusts can be one-way or two-way and can be established within a single forest or across multiple forests, facilitating resource sharing and collaboration between different domains.