What is Active Directory?

Before we dive into creating or configuring any services, we will look at some definitions and concepts to set a baseline and foundation of knowledge for you to build from. We will start this chapter by defining Active Directory (AD), which forms the basis of Windows Server identity, access management, and information protection services.

AD is part of Microsoft’s identity, access, and information protection solutions. It runs as an installed service as part of Windows Server and was introduced in Windows 2000.

As its name suggests, AD is a directory service and an identity provider (IDP) whose primary function is to manage access to domain resources through authentication and authorization. It is used to control, centrally organize, locate, and secure access to these resources on a network.

At a simple level, you can think of it as an identity store and digital address book for resources on a network. It comprises a list of identities and their access rights to resources in the directory.

AD is not a single function service or solution; it is a collective or umbrella term for a portfolio of directory-based and identity-driven services, including domain services, federation services, certificate services, and rights management services. It provides capabilities such as single sign-on (SSO).

From a technical perspective, it is an X.500 compatible directory service and can be accessed using the Lightweight Directory Access Protocol (LDAP). It is based on a hierarchical, multi-master distributed database model that comprises partitions and an extensible schema.

This section introduced AD as the Microsoft solution for the foundation of identity, access, and information protection for on-premises and hybrid environments. In the next section, we will understand and define Active Directory Domain Services (AD DS).