Active Directory (AD) is a Microsoft-developed technology that consists of a set of processes for managing domains centrally, managing access privileges to networked resources, and managing other directory-related identity-based services.
While AD consists of multiple directory services, the one that performs the core activities is Active Directory Domain Services (usually abbreviated as AD DS). Essentially, AD DS keeps information about the resources in the domain, authenticates their permissions, and determines their access rights.
In this article, we’ll give an overview about the AD Domain Services.
Advantages of AD DS
The Active Directory Domain Services offer a wide range of advantages to the management of computing resources.
Here are some of them:
- A directory is often implemented by building structures that store data based on the logical and hierarchical organization of information. The data stored in the directory usually has all the information about the various Active Directory objects, such as network printers, servers, shared volumes, and individual computer accounts. Consequently, this allows for data to be organized based on the users’ needs and preferences.
- AD DS provides multi-master replication and multi-master authentication capabilities. This allows an administrator to manage the entire directory from any location on the network.
- AD DS comes with built-in redundancy capabilities. As such, if the performance of one Domain Controller (DC) fails, another DC takes over the load.
- AD DS uses policy-based administration to make the work of system administrators easy, especially in a complex network infrastructure. Every access to network resources occurs through AD DS, which ensures the access rights are managed centrally.
Common terminologies and concepts in AD DS
Let’s define some terminologies and concepts that are commonly used in Active Directory Domain Services.
- Schema: It is a set of rules used to define objects and attributes within the directory. Schemas also define the limits on instances and how they are represented in the directory. A schema is preferably stored in its own partition within the directory and replicated among all existing domains in the forest.
- Global Catalog: It contains all the information about every object defined in the directory, enabling both users and administrators to locate directory information easily—even if the data is on a different domain.
- Query and Index Mechanism: Query indexing enables users and applications to locate objects and their properties within the directory. This feature comes in handy when looking for specific information in the directory structure.
- Replication Service: This dedicated service distributes data all over the network; it’s what ensures that every DC contains the same Schema and Global Catalog. All changes made in the Active Directory Domain Services are usually replicated to every DC in the domain. The DCs usually track any changes made and only implement the updates that have taken place since the last replication. The update tracker has two roles: first, it changes what has not been received or need to be replicated at the destination; second, it resolves conflicts arising from simultaneous changes to an object.
- Lightweight Directory Access Protocol (LDAP): It’s the protocol responsible for providing a common language for interaction between clients and servers across platforms.
Role of Domain Controllers with AD DS
The servers running the Active Directory Domain Services are called Domain Controllers (DC). Every DC responds to requests for authentication and stores the AD Domain Services data.
Furthermore, the DCs host other essential services, which are complementary to the functions of the AD Domain Services.
Here are some of them:
- NetLogon: A service that incessantly runs in the background to authenticate users and other services available in a domain.
- Kerberos Key Distribution Center (KDC): A service that validates the Kerberos tickets that the Active Directory Domain Services utilize for authentication.
- Intersite Messaging (IsmServ): A service that enables Domain Controllers to interact with one another for replication and site-routing purposes.
Every Active Directory should have at least a single DC. The Domain Controllers serve as containers for the domains. Furthermore, every domain is a component of an Active Directory forest, which consists of at least a single domain that is categorized in organizational units.
It’s the Active Directory Domain Services that manage trusts amongst various domains, allowing users to be granted access rights and communication privileges. So, while AD DS is the basis for domain management, DC is the computer that is used to access the Active Directory.
An Active Directory network infrastructure provides a centralized storage and management of objects. It allows the system administrator, through group policies, to manage the access and availability of shared network resources securely.
An Active Directory Domain Service acts as a foundation for identifying users and also provides a central basis for authenticating and authorizing all the server roles in a typical Windows Server Operating System.
Some of the distinct features found in the latest Active Directory configurations include system auditing, password and account lockout policies, read-only domain controllers, ability to restart domain services, and an Active Directory Database Mounting Tool.