Active Directory Components

The name for Microsoft directory service, similar to Novell’s NDS (Novell Directory Service). It is the Brian of the Windows Server Network. It’s a database that keeps track of a huge amount of stuff and gives us a centralized way to manage all our Networked machines, users, and resources.


  • A Database (NTDS.DIT) on a domain controller.
  • Based on X.500/LDAP.
  • Utilizes Kerberos.
  • Sync’s across peer DC’s (Replication).
  • Extensible
  • Interoperates with other domains/forests.

What is the basic requirement for Installing Active Directory?

- Server 2003,2008 or 2012 CD/ISO.
- NTFS file system (Partition)
- NIC Plugged into network.
- TCP/IP configured along with proper DNS if already available.
- Initiate DCPromo in Server 2003, 2008 but same is deprecated in Windows server 2012. you can use Server Manager to install or fire the binaries using Powershell.

Note: DCPromo launches the wizard that sets up Active Directory and promotes a Server to Domain Controller.


It expresses that every domain has exactly one parent, leading to its hierarchical structure.

And a bunch of Active Directory trees forms a forest.


A collection of computers and servers that are part of the same Centralized database.


Centralized User/Group authentication: The ability to log on one time and access resources throughout the domain.

Centralized Security: The ability to control the user/computer environment, from one computer across the whole network.

Searchable Database: Easily extending database which hosts resources including users, computers, shared folders, printers and more.

Very Scalable: Meant for both small and large organizations.

Required to reap all the benefits of Windows Server (2003, 2008 & 2012) and other Microsoft software products i.e., Microsoft Exchange which completely relies on Active Directory database.

Domain Controller:

A domain controller is a windows server machine that runs full-fledged Active Directory Domain services, you can have multiple domain controllers that all have copies of the same Active Directory database.

A domain controller usually has only two roles:

  • Active Directory Domain Services
  • DNS ( Domain Name System)


A windows server domain is a logical group of computers running version of the Microsoft windows operating system that share a central directory database. Machines are all named with a part of a domain name like “” (also called a “Suffix”) and are registered in the Active Directory Database so they can be managed.

Organization Units:

Keeping your objects Organized and are used to control what users and computers can and can’t do. It provides a place for User accounts, Computer accounts and groups to live.

It is used in place of creating multiple domains in an organization.

A container object that gives you more granular control over your environment.


  • Delegation of Authority (Permission)
  • Assigning Group Policy
  • Organization Control


They are Active Directory objects that allow you to provide and deny access to resources like Printers and Shared folders. Allows or denies access to network resources for users and computers.

Groups live in Organizational Units.

Group Scope Group Type
Domain Local Security
Global Distribution

A global group can be converted to local for permission and security granting purpose & vice-versa.

User Account:

An Active Directory Object that allows users to access network resources.

Computer Account:

And Active Directory object that allows AD to have security relationship within a computer and allows you to control what that computer does on the network.

Distinguished Name:

It’s the name of an object as it appears in the active directory database.



0 Responses to “Active Directory Components”

Post a Comment

Windows Admin Jobs in Pune