Microsoft Certifications / Microsoft Windows

Introduction to Active Directory

History of Active Directory

Active Directory was introduced to the world in the mid-1990s by Microsoft as a replacement for Windows NT-style user authentication. Windows NT included a flat and non-extensible domain model which did not scale well for large corporations. Active Directory, on the other hand, was created as a true directory service versus a flat user-management service that NT had. Though it was introduced in the 1990s, it did not become a part of the Operating System until Windows 2000 Server was released in 2000. Since then, Windows Server 2003 and Server 2008 have been introduced and Active Directory has gone under some expansion.

This tutorial is based on Windows Server 2003 as it is currently the most widely installed version of the Windows network Operating System (NOS), though in the future we will release versions for Windows Server 2008 and future Windows releases as it becomes necessary. Though this tutorial is not focused on Windows Server 2008, much of the basic knowledge and instruction relates to either OS.

LDAP

Active Directory is based loosely on LDAP – Lightweight Directory Access Protocol – an application protocol for querying and modifying directory services developed at the University of Michigan in the early 1990s. An LDAP directory tree is a hierarchical structure of organizations, domains, trees, groups, and individual units.

Example of an LDAP Tree

Active Directory is a Directory

Sometimes, it’s easy to get lost in all of the technology and functions that are provided with AD and forget that Active Directory is a directory. It is a directory in both the common use of the term like a white pages (you can add in a person’s first name, last name, phone number, address, email address, etc) and a directory of information for use by applications and services (such as Microsoft Exchange for email). AD is functionally a place to store information about people, things (computers, printers, etc), applications, domains, services, security access permissions, and more. Applications and services then use the directory to perform a function.

For example, Microsoft Windows uses Active Directory information to allow a user to login to their computer and provide access to the security rights assigned in Active Directory. Windows is accessing the directory and then providing rights based on what it finds. If a user account is disabled in Active Directory, the directory itself is just setting a flag which Windows uses to disallow a user from logging in.

We mentioned in the introduction that administrators use Active Directory to deploy software – this is an incomplete description. Administrators can set policies and information that a certain software application should be deployed to a certain user – AD itself does not deploy the software, but a Windows service reads the information from Active Directory and then installs the software.

Once you grasp the concept that Active Directory is a directory, you’re halfway to understanding why it is built the way it is!