Microsoft Active Directory for SysAdmins

Active Directory (AD)

Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. Starting with Windows Server 2008, however, Active Directory became an umbrella title for a broad range of directory-based identity-related services.

A server running Active Directory Domain Services (AD DS) is called a domain controller. It authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user. Also, it allows management and storage of information, provides authentication and authorization mechanisms, and establishes a framework to deploy other related services: Certificate Services, Federated Services, Lightweight Directory Services and Rights Management Services.1

Terms / Concepts

Authentication, in AD terms, is the act of proving that you are who you say you are. This happens once when you first log on in the morning. You come in, boot up your machine, type in your logon name and password, and then you can get to your data.2

Authorization is the act of granting users appropriate access to resources—such as file shares, databases, applications, and mailboxes—once they’ve authenticated themselves to Active Directory. The concept of authorization is simply one of proving you have permission to do something.Error: Empty footnote

The forest is the whole of your Active Directory. It can contain one or more domains arranged in trees (that’s why it’s called a forest). The forest is named after the first domain created in the forest (known as the root domain, which can’t be changed).Error: Empty footnote

A domain is a container for the objects you’ll work with—users, computers, groups, and so on.Error: Empty footnote

An organizational unit (OU) is a container within a domain that can be used to hold user, computer, group, and other OU objects.Error: Empty footnote

Domains are inflexible objects, and reorganizing the domains in a forest is a major undertaking. In contrast, reorganizing the OUs (and their contents) within a domain is a relatively straightforward matter.Error: Empty footnote


  • Understanding Active Directory - This course provides students an introduction to Active Directory server roles in Windows Server. The course is intended for entry level students who want to get familiar with the Active Directory server roles and their basic functionality.

1 Active Directory. (2017, June 26). In Wikipedia, The Free Encyclopedia. Retrieved 02:04, July 6, 2017, from https://en.wikipedia.org/w/index.php?title=Active_Directory&oldid=787584651
2 Siddaway, Richard. Learn Active Directory Management in a Month of Lunches. Shelter Island, NY: Manning Publications, 2014. Print.