Active Directory is the backbone of all enterprise Windows environments. It stores information on the users and computers that are part of the domain that is setup. It is in charge of managing these objects and providing authentication and authorization when a user tries to sign into a domain computer. Active Directory also stores information for email distribution lists as well as security groups that can be used to assign access to various resources in the environment.

Active Directory can be abbreviated as AD and the management application on a Windows computer with the RSAT tools is named ADUC for Active Directory Users and Computers.


How does Active Directory work?

Active Directory Domain Services is a collection of software that you can install when you setup a Windows Server. We cover what a Windows Server is in our What is Windows Server and how Windows Server roles work in more detail. For Active Directory you must have a server that has the domain controller role which will give it Active Directory Domain Services.

As part of the setup for AD DS you configure a handful of options one of them being the domain name for your network. This domain name is what will be used to manage your users, computers, and other Windows management services through Active Directory. Once you have your domain setup you can now use that to add devices to your domain, making them domain joined. When a Windows computer is joined to a domain you can now login with credentials from the domain which are stored in AD.

For each computer that is joined to your domain there will be an accompanying AD computer object that can be managed and things like Group Policy can be sent to that device to dictate all of the settings and configurations for it. The most common setting to push once a computer is joined to a domain is to block the ability to login to the computer with local credentials. What this means is that the only way you would be able to login to the computer is by utilizing a user account that exists in Active Directory. If that account is disabled, locked out, or deleted you won’t be able to login to that computer again. This is one of the main ways companies ensure only people with approved access can login to computers that are part of their domain.

Here is an example of what Active Directory looks like with a computer and user object showing. You can setup the directory structure to be as organized as you need by utilizing what are called Organizational Units. These can be thought of as folder that house the various objects within AD. Organizing office locations or departments into OUs is very important when you start implementing different permissions, Group Policy, and other access.

We will cover more in depth uses of Active Directory in our other articles as well as some examples of managing various objects. Active Directory is a super important topic to understand. No matter what role you have, you will need to interact with or at least know how Active Directory permissions and security groups work whether that is getting yourself access to resources or implementing them for an application you manage.