An active directory is the directory structure that Microsoft Windows uses to store information and data about networks and domains. It was created in 1996 and its used mostly for online data. It is sometimes referred to as AD.
Its function is to provide information about objects, help organize them so that they can be accessed easily, and the administrator to set up security for the directory.
It is a hierarchical structure and that can be divided into three categories: Resources, this category includes hardware like printers and services like web email for end users; the other categories are Servers and Objects, which are the main functions of the domain and network.
Lets look for a moment at the framework for the objects. Objects can hold other objects within their file structure, they all have an ID( an object name -folder name-). Each object has its own attributes so that it can be characterized by the information it contains.
Most IT pros call these characterizations “schemas”.
How these objects are used depends on the type of “schema” created for it. As an example: some objects with certain schemas can be deactivated but not be deleted, while others schemas with certain attributes can indeed be deleted.
To understand active directories, one should know how these objects can be viewed. An active directory can be viewed in three levels, that go by the name of forests, trees or domains. The highest structure is called the forest because you can see all objects (i.e. trees and domains) that exist within the active directory.
Trees are structures that usually hold one or more domains, and at the lowest level are the single domains. To explain this better, lets use this example: A large organization has a large number of users and processes. The forest would be be the entire network of end users and specific computers at a given location. Within this “forest” directory are the “trees” that hold in turn the domains and information on specific objects, program data,etc and within these objects are even more objects which need to be controlled and categorized.
The use of Active Directories
If you are an IT Administrator for a large organization, Active Directories let you update, if necessary, ALL of the organization´s computers with new software, patches, and the like simply by updating one object in a forest or tree.
Since each object fits into a set “schema” and has specific attributes, a person can be given access to certain applications and others can be denied access to other applications or areas of the network in an easy way.
Microsoft servers use trust to determine whether or not access should be allowed.
Microsoft active directories incorporate two types of trust: transitive trusts and one way non transitive trusts.
A transitive trust is when there is a trust that goes further than two domains in a set tree, meaning two users are able to access each others domains and trees.
A one way transitive trust is when a user is allowed accessed to another tree or domain, but that domain does not allow access to other domains. For example, the Network Administrator can access most trees in the forest but the end user, while able to access his or her own domain, can not access other trees.
Active Directories are a great way to organize a large organization’s data and network. Without this technology, most computers that would need to be updated individually, and would not have access to a larger network where data is processed and reports created. These Directories can be extremely technical and require an expert to navigate them but they are essential for modern networks.