▷ Active directory what it is and what it is for [best explanation]
Table of contents:
- What is Active Directory
- How Active Directory works
- What happens if the equipment where I work breaks?
- Important concepts in Active Directory
- Active Directory domain
- Trust
- Object
- Organizational unit
- Tree
- Forest
- Requirements to create an Active Directory
- Conclusion on Active Directory
The use of LAN networks and the use of Active Directory by companies is a common practice today. In a world interconnected through the use of the internet, more and more companies, public centers and even home users create LAN networks where they interconnect their computer equipment for better access.
But don't think that on a LAN you can only share files and printers, you can do many more. An example of this is the Active Directory of the Microsoft company.
Index of contents
A very important resource in companies focused on working through computer terminals is the use of users and permits. As you can understand, in a work environment where there are more than 300 computers interconnected through a LAN divided into subnets, the configuration of the operating systems in terms of users, access premises and mail trays cannot be done by the methods traditional to go one by one by the teams.
For this, what we really need is a computer or server that is dedicated to these functions of creating users and assigning permissions. It is precisely here where Active Directory comes into play. So let's see what this software or tool is about.
What is Active Directory
Active Directory or also called AD or Active Directory, is a tool belonging to the Microsoft company that provides directory services normally in a LAN network.
What this active directory is capable of doing is providing a service located on one or more servers capable of creating objects such as users, teams or groups to manage the credencies during the login of the computers that connect to a network. But it is not only useful for this, since we can also administer the policies of absolutely the entire network in which this server is located. This implies, for example, the management of user access permissions, personalized mail trays, etc.
It is fundamentally oriented to professional use, in work environments with significant computer resources where it is necessary to manage a large number of computers in terms of updates or program installation or the creation of centralized files to be able to access resources remotely from the stations. of work.
As you will understand, it is the ideal way to centralize many of the typical components of a LAN network without having to go team by team and preventing users from doing what they want on a network.
How Active Directory works
The network protocols that Active Directory uses are mainly LDAP, DHCP, KERBEROS and DNS. Basically we will have a kind of database in which information is stored in real time about the authentication credentials of the users of a network. This allows all computers to be synchronized under one central element. Let's see for example what Active Directory does when a user of this database registers on a computer:
In the Active Directory server we will have a user (object) made up of the typical attributes that denote their presence, such as the "Name" field, the "Last name", "Email" field, etc.
But it is also that this user will belong to a certain group, which has certain privileges such as access to network printers that are stored with a field "Name", "Manufacturer", etc.
The client computer is in communication with this server, so the user, when the computer starts, will find a lock screen as if it were any system. When you enter your username and password, it will not be physically on the computer, but will be located on this server.
The client will request the credentials from the Active Directory server for verification, and if they exist, it will send the information regarding the user to the client computer.
At this time, the user will log on in an apparently normal way on their computer. you will have your typical personal files stored on your hard drive. But depending on the group you belong to, you will also have access to network resources such as the printer.
What happens if the equipment where I work breaks?
Well, much less than what would happen if the user were on the computer. With Active Directory , the only thing we would have to do is go to another computer connected to the network and authenticate ourselves in a normal and current way with our user. We will have the same configuration that we had on the other computer. Obviously we will not have the files that we had on the physical hard drive of the other computer, but at least we can work completely normally.
Important concepts in Active Directory
There are different concepts that we must have very clear in Active Directory, in addition to those that we have already seen.
Active Directory domain
If we talk about Active Directory we are also talking about a domain, since it is practically the same concept. Although expressed in general terms.
A domain in Active Directory is a set of computers connected to a network which have a server computer to manage user accounts and credentials on the network. So far everything is the same, what happens is that in a network we can not only have one domain, but several of them. These domains do not necessarily have to be in contact with each other, it is more if for example a domain (A) have access to two other domains (B and C), this does not imply that C has access to B.
Then it will be clear if we say that Active Directory is also a domain controller, since we can create different domains and manage the permissions and interaction in each of them. This relationship between domains is called a trust or trust relationship.
Trust
Trust is the relationship between two domains, two trees, or two forests. There are different types:
- Transitive trust: are the automatic trusts that exist between AD domains. They exist both on one side and on the other A <-> B Direct access trust: it is an explicit trust that is defined for two domains, so that we can access each other directly.
Object
An object is the generic name that we use to refer to any component within a directory. Objects are divided into three different types:
- Users: these are the access credences to workstations. Resources: will be the elements that each user can access according to their permissions. They can be shared folders, printers, etc. Services: these are the functionalities that each user can access, for example, email.
Organizational unit
An organizational unit in Active Directory is a container of objects such as printers, users, groups, etc., organized by subsets, thus establishing a hierarchy.
With the organizational units we can see at a glance the hierarchy of our domain and be able to easily assign permissions according to the objects contained.
Tree
A tree is a set of domains, which depend on a common root and are organized in a certain hierarchy, also called a common DNS.
Thanks to this structure we will better identify some domains from each other, for example, if we had the domain ProfReview.web and Review.ProfReview.web we could know perfectly well that both belong to the same domain tree. But if instead we had ProfReview.web and Ayuda.Linux.web, we would know that they do not belong to the same tree.
Through a tree, we can divide an Active Directory into parts for better resource management. A user belonging to a domain will also be recognized by domains belonging to the main domain.
Forest
If we go up one step in the hierarchy, we find a forest. In a forest we find all the existing domains contained in it. Each domain within a forest will have certain transitive or intransitive trust relationships that are automatically built. But that we can manage to our liking.
In a forest there will be different domain trees with, of course, different names. A forest always has at least one root domain within it, so when we install our first domain we are also creating the root of a tree and on top of that the root of a forest.
Requirements to create an Active Directory
As you will understand active directory is a tool oriented to servers and companies, so Windows 10, for example, does not have this functionality. So in order to do this we must have the following things:
- Windows server: we are going to need a version of the operating system oriented to Microsoft servers. We will be able to use the versions of Windows server 2000, 2003, 2008 and 2016. TCP / IP protocol installed and with a fixed IP address configured on our server equipment. Having a DNS server installed on the server, this is normally already available. Having a system of files compatible with Windows, in this case NTFS
Conclusion on Active Directory
As we can see, Active Directory is a very important tool for the centralization of resources in a work environment based on computer equipment. Thanks to it, we will not have the need to perform individualized maintenance on workstations, since everything will be manageable from one central server or several. In addition, the structure is very intuitive to facilitate the allocation of permissions and resources.
On the other hand, we must bear in mind that Active Directory is a domain system with a paid license belonging to Microsoft. There are free applications that also offer this type of functionality, such as Open LDAP, Mandriva Directory Server or even Samba. And this is why companies are increasingly opting for these solutions to avoid having to pay for software licenses.
We also recommend:
What do you think about Active Directory? If you have any questions or suggestions or corrections, you should only write to us in the comments.
▷ What is bios and what is it for 【the best explanation】
Everything you need to know about your PC's BIOS ✅ its features and functions. There is the traditional BIOS and the new UEFI :)
▷ How to connect computer to active directory and access with user
If you already have your domain controller installed in Windows Server, ✅ we will now teach you how to connect a computer to Active Directory
▷ What is my public and private ip on windows and linux [best explanation]?
We tell you the differences between a Public IP and a Private IP, how to find it on Windows, Android, MacOSX and Linux ✅