301d8 read13 - carlosjorr/reading-notes GitHub Wiki

Active Directory

What exactly is “Active Directory” and are the key services it provides?

Active Directory is a directory service provided by Microsoft that is used to centrally manage and organize resources in a network environment. It acts as a database of information about users, computers, printers, and other network resources. Active Directory provides several key services that make it an essential component in a Windows-based network:

Authentication: Active Directory verifies the identity of users and ensures they have the necessary permissions to access network resources. It authenticates users through a username and password or other authentication methods.

Authorization: Active Directory controls access to resources by allowing administrators to assign permissions and define security policies. It ensures that only authorized users can access specific resources and perform certain actions.

Directory Services: Active Directory functions as a centralized directory that stores information about network resources. It organizes objects into a hierarchical structure, making it easier to search and locate specific objects like users, groups, or devices.

Single Sign-On: Active Directory enables users to access multiple network resources with a single set of credentials. Once users log in to their computers, they can seamlessly access various resources without the need for multiple logins.

What are the differences between a domain, forest, and tree in Active Directory?

Domain: A domain is a logical grouping of network objects, such as users, computers, and devices, that share a common security policy and database. It acts as a boundary for managing and administering network resources. Each domain has a unique name and can be managed independently within an Active Directory environment.

Forest: A forest is a collection of one or more domains that share a common schema, global catalog, and trust relationship. It forms the top-level structure in Active Directory and represents a complete instance of the directory service. A forest can span multiple physical locations and can contain multiple domains.

Tree: A tree in Active Directory is a hierarchical structure of domains within a forest. It consists of a root domain and one or more child domains. The root domain is the first domain created in a tree, and subsequent child domains are created beneath it. All domains in a tree share a common namespace and a two-way transitive trust relationship.

How can objects (e.g. users, devices) within a domain be grouped?

To group objects within a domain, Active Directory provides a feature called "Group" objects. Group objects allow administrators to logically organize users, computers, and other objects into manageable units. There are two types of groups in Active Directory:

Security Groups: These groups are used to manage access to resources by granting permissions. Users can be added to security groups, and the group's permissions are then inherited by its members.

Distribution Groups: These groups are used for sending email notifications to a specific set of users. Distribution groups are often used for creating mailing lists and sending messages to multiple recipients simultaneously.

Explain the benefits of Active Directory, as you would to a family member.

Active Directory helps us manage our computer network more easily and securely. It provides a central place where we can keep track of all the users, computers, and other things on our network. With Active Directory, we can control who can access what resources and set rules to keep our network safe. It also makes it easier for everyone to log in and access different things on the network without needing multiple usernames and passwords. Active Directory helps us organize our network into smaller groups called domains, which makes it easier to manage different parts of the network separately. Overall, it helps us keep our network running smoothly and ensures that everyone has access to what they need while keeping our data secure.