Active Directory (AD) is a Microsoft technology used to manage computers and other devices on a network. It is a primary feature of Windows Server, an operating system that runs both local and Internet-based servers.
Active Directory allows network administrators to create and manage domains, users, and objects within a network. For example, an admin can create a group of users and give them specific access privileges to certain directories on the server. As a network grows, Active Directory provides a way to organize a large number of users into logical groups and subgroups, while providing access control at each level.
The Active Directory structure includes three main tiers: 1) domains, 2) trees, and 3) forests. Several objects (users or devices) that all use the same database may be grouped into a single domain. Multiple domains can be combined into a single group called a tree. Multiple trees may be grouped into a collection called a forest. Each one of these levels can be assigned specific access rights and communication privileges.
Active Directory provides several different services, which fall under the umbrella of "Active Directory Domain Services," or AD DS. These services include:
- Domain Services – stores centralized data and manages communication between users and domains; includes login authentication and search functionality
- Certificate Services – creates, distributes, and manages secure certificates
- Lightweight Directory Services – supports directory-enabled applications using the open (LDAP) protocol
- Directory Federation Services – provides single-sign-on (SSO) to authenticate a user in multiple web applications in a single session
- Rights Management – protects copyrighted information by preventing unauthorized use and distribution of digital content
AD DS is included with Windows Server (including Windows Server 10) and is designed to manage client systems. While systems running the regular version of Windows do not have the administrative features of AD DS, they do support Active Directory. This means any Windows computer can connect to a Windows workgroup, provided the user has the correct login credentials.