For the best web experience, please use IE11+, Chrome, Firefox, or Safari

What is Active Directory?

Learn what AD is and how it works

Dive into Active Directory 02:25

Active Directory (AD) is a database and set of services that connect users with the network resources they need to get their work done.

The database (or directory) contains critical information about your environment, including what users and computers there are and who’s allowed to do what. For example, the database might list 100 user accounts with details like each person’s job title, phone number and password. It will also record their permissions.

The services control much of the activity that goes on in your IT environment. In particular, they make sure each person is who they claim to be (authentication), usually by checking the user ID and password they enter, and allow them to access only the data they’re allowed to use (authorization).

Read on to learn more about the benefits of Active Directory, how it works and what’s in an Active Directory database.

Benefits of Active Directory

Active Directory simplifies life for administrators and end users while enhancing security for organizations. Administrators enjoy centralized user and rights management, as well as centralized control over computer and user configurations through the AD Group Policy feature. Users can authenticate once and then seamlessly access any resources in the domain for which they’re authorized (single sign-on). Plus, files are stored in a central repository where they can be shared with other users to ease collaboration, and backed up properly by IT teams to ensure business continuity.

How does Active Directory work?

How does Active Directory work?

The main Active Directory service is Active Directory Domain Services (AD DS), which is part of the Windows Server operating system. The servers that run AD DS are called domain controllers (DCs). Organizations normally have multiple DCs, and each one has a copy of the directory for the entire domain. Changes made to the directory on one domain controller — such as password update or the deletion of a user account — are replicated to the other DCs so they all stay up to date. A Global Catalog server is a DC that stores a complete copy of all objects in the directory of its domain and a partial copy of all objects of all other domains in the forest; this enables users and applications to find objects in any domain of their forest. Desktops, laptops and other devices running Windows (rather than Windows Server) can be part of an Active Directory environment but they do not run AD DS. AD DS relies on several established protocols and standards, including LDAP (Lightweight Directory Access Protocol), Kerberos and DNS (Domain Name System).

It’s important to understand that Active Directory is only for on-premises Microsoft environments. Microsoft environments in the cloud use Azure Active Directory, which serves the same purposes as its on-prem namesake. AD and Azure AD are separate but can work together to some degree if your organization has both on-premises and cloud IT environments (a hybrid deployment).

How is Active Directory structured?

How is Active Directory structured?

AD has three main tiers: domains, trees and forests. A domain is a group of related users, computers and other AD objects, such as all the AD objects for your company’s head office. Multiple domains can be combined into a tree, and multiple trees can be grouped into a forest.

Keep in mind that a domain is a management boundary. The objects for a given domain are stored in a single database and can be managed together. A forest is a security boundary. Objects in different forests are not able to interact with each other unless the administrators of each forest create a trust between them. For instance, if you have multiple disjointed business units, you probably want to create multiple forests.

What’s in the Active Directory database?

What’s in the Active Directory database?

The Active Directory database (directory) contains information about the AD objects in the domain. Common types of AD objects include users, computers, applications, printers and shared folders. Some objects can contain other objects (which is why you’ll see AD described as “hierarchical”). In particular, organizations often simplify administration by organizing AD objects into organizational units (OUs) and streamline security by putting users into groups. These OUs and groups are themselves objects stored in the directory.

Objects have attributes. Some attributes are obvious and some are more behind the scenes. For example, a user object typically has attributes like the person’s name, password, department and email address, but also attributes most people never see, such as its unique Globally Unique Identifier (GUID), Security Identifier (SID), last logon time and group membership.

Databases are structured, which means there is a design that determines what types of data they store and how that data is organized. This design is called a schema. Active Directory is no exception: Its schema contains formal definitions of every object class that can be created in the Active Directory forest and every attribute that can exist in an Active Directory object. AD comes with a default schema, but administrators can modify it to suit business needs. The key thing to know is that it’s best to plan the schema carefully up front; because of the central role AD plays in authentication and authorizations, changing the schema of the AD database later can dramatically disrupt your business.

Where can I get help with my AD environment?

Where can I get help with my AD environment?

Quest is the go-to vendor for Active Directory solutions. We can help you manage, secure, migrate and report on your AD environment to drive your business forward. Here’s where you can learn more:

Resources

On-Demand Webcast: This is no April Fools' joke: What if your AD is wiped out completely?
On Demand Webcast
On-Demand Webcast: This is no April Fools' joke: What if your AD is wiped out completely?
On-Demand Webcast: This is no April Fools' joke: What if your AD is wiped out completely?
Active Directory turns 20 this year. It started as a tool for centralized domain management but has become so much more. Today, many tools and applications use AD for authentication. Add Active Directory Federation Services (ADFS) to the mix and AD is now an essential part of your network. For this
Watch Webcast
M&A IT Integration Checklist: Active Directory
Technical Brief
M&A IT Integration Checklist: Active Directory
M&A IT Integration Checklist: Active Directory
If your organization is involved in a merger and acquisition, the impending IT integration project might seem overwhelming. But it needn’t be. In fact, the project can be the perfect opportunity to clean up, consolidate and modernize your Microsoft IT infrastructure to meet the business requir
Read Technical Brief
Four Best Practices for Hybrid Active Directory Group Management
E-book
Four Best Practices for Hybrid Active Directory Group Management
Four Best Practices for Hybrid Active Directory Group Management
Tired of best practices guides that explain what to do and why to do it, but not how to actually get it done? This e-book is different. It lays out four of the most fundamental security best practices for any on-prem or hybrid Microsoft shop — and explains the top tools and techniques for impl
Read E-book
TEC TALK - Office 365 & Azure Active Directory Security | Quest
TEC TALK - Office 365 & Azure Active Directory Security | Quest

01:03:26

Video
TEC TALK - Office 365 & Azure Active Directory Security | Quest

Learn how to prioritize Office 365 & Azure AD security for your remote workforce in this TEC Talk presented by Microsoft Certified Master, Sean Metcalf.

Watch Video
Managing the economic and operational costs of Active Directory
E-book
Managing the economic and operational costs of Active Directory
Managing the economic and operational costs of Active Directory
Explore what it takes to be both economically and operationally efficient in Active Directory management, plus, learn how to avoid common headaches.
Read E-book
5 Quick Tips for an Efficient Active Directory Administration
On Demand Webcast
5 Quick Tips for an Efficient Active Directory Administration
5 Quick Tips for an Efficient Active Directory Administration
Microsoft’s Active Directory is critically important to the health of your network and must be properly maintained. Without the proper tools, however, maintaining your Active Directory efficiently will be overwhelming and difficult.Luckily, Active Administrator from Quest can help make you fas
Watch Webcast
Nine Best Practices to Reduce Active Directory Security Breaches and Insider Threats
E-book
Nine Best Practices to Reduce Active Directory Security Breaches and Insider Threats
Nine Best Practices to Reduce Active Directory Security Breaches and Insider Threats
This ebook explores the anatomy of an AD insider threat and details the best defense strategies against it.
Read E-book
Aprende a auditar tu entorno O365 y AD híbrido de la mano de Quest y Microsoft
Online Event
Aprende a auditar tu entorno O365 y AD híbrido de la mano de Quest y Microsoft
Aprende a auditar tu entorno O365 y AD híbrido de la mano de Quest y Microsoft

Una correcta auditoría de O365, incluyendo Teams, y del Directorio Activo Híbrido es esencial para la seguridad y el cumplimiento normativo. 

Toda organización necesita complementar los eventos generados por las auditorías nativas de Office 365 y Azure AD con los cambios que se producen sobre roles, grupos, aplicaciones, uso compartido y buzones.

La necesidad de utilizar demasiadas herramientas y de no disponer de una vista única y coherente de toda tu plataforma, provoca que tu organización corra el riesgo de que se produzcan brechas de seguridad, tiempos de inactividad y fallos de cumplimiento normativo.  

Por suerte, no tiene por qué ser así.

Apúntate a esta presentación online donde Juan Luis Escudero de Microsoft y César Moro de Quest, nos mostrarán:  

  • Los eventos de seguridad más críticos de su entorno híbrido que no puede pasar por alto
  • Las dificultades más comunes al generar informes de auditoría de forma nativa
  • Cómo con Change Auditor y On Demand Audit puedes superar las dificultades de auditoría y reducir el riesgo de amenazas internas desde un único panel de control.

Attend Event

Blogs

Quest Active Directory Security Assessments Reveal Top 4 Issues: #1 Service Accounts (Part 1 of 3)

Quest Active Directory Security Assessments Reveal Top 4 Issues: #1 Service Accounts (Part 1 of 3)

In Part 1 of our Quest Security Assessment series, we focus on the top vulnerabilities we have discovered in Active Directory: Service Accounts.

How to Continue Your AD Migration When Everyone is at Home

How to Continue Your AD Migration When Everyone is at Home

Some AD Migrations must continue, even in this health crisis. This post outlines how you can move your migration forward even with a remote workforce.

In the Fog of War, You Need Options…Not Just One but Many! Quest Has You Covered.

In the Fog of War, You Need Options…Not Just One but Many! Quest Has You Covered.

When it comes to disaster recovery, you need a solution that fits your situation. Find out how Recovery Manager for Active Directory delivers both power & flexibility.

Insider’s Guide to a Malware Event — In Case of Fire, Break Glass

Insider’s Guide to a Malware Event — In Case of Fire, Break Glass

Malware can spread at an alarming rate. To protect your organization from these attacks, having a comprehensive, flexible disaster recovery plan is essential. Learn more.

Be Very Afraid — When It Comes to AD Disaster Recovery, You Need Choices!

Be Very Afraid — When It Comes to AD Disaster Recovery, You Need Choices!

Learn about the true danger of malware attacks, why a solid disaster recovery plan is essential, and how to do AD recovery right the first time.

The Many Colors of AD Security – Microsoft Red Forest, Orange Forest, Greenfield or Blue?

The Many Colors of AD Security – Microsoft Red Forest, Orange Forest, Greenfield or Blue?

Discover the different models of Active Directory (AD) security, including the Red and Orange Forest models, Greenfield migrations, and Blue Team.

Get started now

Successfully manage AD – the heart of your IT environment.