Windows Server 2016-active Directory Domain Services overview

Source: Internet
Author: User

Active Directory(AD) is a directory service that Microsoft uses to develop a Windows domain network. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active directory is responsible only for centralized domain management. However, starting with Windows Server 2008, Active directory becomes the title of a broad directory-based identity-related service. System levels that may currently be used: Windows Server 2003, 2008, 2008R2, 2012, 2012R2, 2016.

A server that is running Active Directory Domain Services (AD DS) is called a domain controller. It authenticates and authorizes all users and computers in the Windows domain type network, assigns and enforces security policies for all computers, and installs or updates software. For example, when a user logs on to a computer that belongs toa Windows domain, A ctive Directory examines the submitted password and determines whether the user is a system administrator or a regular user. In addition, it allows management and storage of information, provides authentication and authorization mechanisms, and establishes a framework to deploy other related services: Certificate Services, Federated Services, Lightweight Directory services, and Rights Management services.

Active Directory stores information about objects in your network and makes it easy for administrators and users to find and use this information. Active directory uses structured data storage as the basis for logical hierarchical organization of directory information.

Security integrates with Active Directory through login validation and access control of objects in the directory. With a single network login, administrators can manage directory data and organization across the network, and authorized network users can access resources anywhere on the network. Policy-based management simplifies the management of the most complex networks.

Simply put, using the ActiveDirectory Domain Services (AD DS) server role, you can create a scalable, secure, and manageable infrastructure for user and resource management, and can be used for directory-enabled applications such as Microsoft Exchange Server.

The structure is as follows:

AD DS Server role

AD DS provides a distributed database for storing and managing information about network resources and application-specific data from directory-enabled applications. An administrator can use AD DS to organize elements of a network, such as users, computers, and other devices, into a hierarchical containment structure. The hierarchical inclusion structure includes Active Directory forests, domains in the forest, and organizational units (OUs) in each domain. The server running AD DS is called a domain controller.

The following benefits can be derived from the organization of network elements in the composition layer containment structure:

    • The forest acts as the security boundary for the organization and defines the scope of permissions for the administrator. By default, the forest contains a domain called the forest root domain.

    • Additional domains can be created in the forest to provide partitioning of AD DS data, which enables organizations to replicate data only when needed. This allows AD DS to scale globally through a network with limited bandwidth available. Active Directory domains also support many other core management-related features, including network-wide user identities, authentication, and trust relationships.

    • OUs simplify authorization of permissions to manage a large number of objects. With authorization, an owner can transfer full or limited permissions on an object to another user or group. Authorization is important because it helps to distribute the management of a large number of objects to many trusted people to perform administrative tasks.

AD DS Features:

Security integrates with AD DS through login authentication and access control of resources in the directory. With a single network login, administrators can manage directory data and organizations across the network. Authorized network users can also use a single network logon to access resources at any location on the network. Policy-based management simplifies the management of the most complex networks.

Other AD DS features include:

    • A set of rules, patterns, that define the categories of objects and attributes contained in a catalog, constraints and restrictions on these object instances, and their name formats.

    • The global catalog contains information about each object in the directory. Users and administrators can use the global catalog to find directory information, regardless of which domain in the directory actually contains data.

    • Query and indexing mechanisms so that network users or applications can publish and find objects and their properties.

    • A replication service that distributes directory data over a network. All writable domain controllers in the domain participate in replication and contain a complete copy of all directory information for their domain. Any changes to the directory data will be replicated to all domain controllers in the domain.

    • Operations master roles (also known as flexible single-master operations or FSMO). The domain controller that holds the operations master role is assigned to perform specific tasks to ensure consistency and eliminate conflicting entries in the directory.


PS. About WinSer2016 Active Directory series related articles from today's formal writing, as mentioned in the previous two chapters: There may be many readers wondering whether there will be outdated or share duplicates before other authors, In view of such problems, Xiao Wen just want to say in each end of a technical direction always like to follow their own understanding and practice of sorting out some technical articles or technical aspects, to facilitate the reader or individual later to see or re-study. Thanks for your support!


Windows Server 2016-active Directory Domain Services overview

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.