Understanding Active Directory
Understanding Active Directory
Active Directory (AD) is the directory service included with Windows 2000 Server. It stores information about objects on the network — users, computers, printers, groups, and organizational units — and makes this information available to administrators and applications.
Core Concepts
- Domain: The basic unit of organization in AD. A domain is a logical grouping of objects that share a common directory database and security policies. Example:
corp.flamenet.io. - Domain Controller (DC): A server that hosts a copy of the AD database and processes authentication requests. Every domain must have at least one DC.
- Organizational Unit (OU): A container within a domain used to organize objects. OUs can be nested and have Group Policy Objects (GPOs) applied to them.
- Forest: The top-level container in AD. A forest contains one or more domains that share a common schema and global catalog. The first domain created becomes the forest root.
- Tree: A hierarchy of domains that share a contiguous DNS namespace. For example,
corp.flamenet.ioanddev.corp.flamenet.ioform a tree.
LDAP
Active Directory is accessed using LDAP (Lightweight Directory Access Protocol) on TCP port 389 (or 636 for LDAPS). Every object in AD has a distinguished name (DN) that uniquely identifies it:
CN=John Smith,OU=Users,OU=Sales,DC=corp,DC=flamenet,DC=io
Global Catalog
The Global Catalog (GC) is a partial, read-only copy of all objects in the forest. It runs on TCP port 3268. The GC is used for cross-domain searches, universal group membership resolution, and user principal name (UPN) logon.
Replication
AD uses multi-master replication: changes made on any DC are replicated to all other DCs. Intrasite replication occurs within 15 seconds. Intersite replication follows site link schedules and can be compressed to save bandwidth.