Active Directory is the most popular directory service with over 90% of Fortune 1000 companies using it. Typical services available from a network operating system directory service such as Active Directory (running on Windows) are outlined below along with more information on Active Directory itself…
What is Active Directory?
Active Directory is a directory service that was developed by Microsoft for use in Windows domain networks and is included when purchasing most Windows Server operating systems. It was originally only in charge of domain management however since Windows Server 2008, it became a more general solution for many directory based, identity related services.
A ‘domain controller’ is the name given to a server running Active Directory Domain Services. It handles the authentication and authorization of users and computers in a domain network, assigning and enforcing security policies for any computer connected to the network and installing or updating software.
What is a Directory Service?
A directory is a container for information about objects such as people, places and things. It provides users with a logical view of these objects in a form that makes the information searchable, usable and reusable. A directory service provides a way for making information available to users. It displays a list of network resources and gives users a way to connect or contact them. It also provides users with a way to control and view the network objects as well as giving information about how they relate to each other.
There can be lot of resources and equipment on a network such as databases, applications, printers, servers, users etc… and users must be able to recognise and locate these objects even if the name of the object isn’t known. Network administrators must also be able to perform network maintenance and being able to see the network and all of it’s components in a structured, logical fashion is important. A directory service should make all of this possible.
Active Directory Domain Services (AD DS)
Active Directory Domain Services (AD DS) stores information on members, devices and users of a domain as well as verifying their information and defining access rights. A server running this service is known as a domain controller. When a user tries to log in to a computer or access other devices on the network, they generally must specify a domain to connect to (or sometimes this is done automatically for them).
Active Directory Lightweight Directory Services (AD LDS)
This is a lightweight version of active directory domain services and is known as Active Directory Lightweight Directory Services (AD LDS). This runs as a service on any Windows Server. AD LDS works the same as AD DS except it doesn’t require the set up of domains or domain controllers.For this reason, it’s ideal for applications that require directory services but don’t require the entire infrastructure and complex features of Active Directory.
Active Directory Certificate Services (AD CS)
The provision of Active Directory Certificate Services (AD CS) works on the public key infrastructure where it can create, validate and revoke public key certs that are used internally within a business. The certificates created can be used in order to encrypt files, emails, network traffic.
Active Directory Federation Services (AD FS)
Active Directory Federation Services (AD FS) provide the ability for users to connect to several web-based services with single sign-on access (meaning just one username / password to access multiple applications). Services such as internet forums, blogs, shopping and mail or networked resources can be accessed with just one username and password (credentials). AD DS enables users to authenticate when connecting to devices on the same network with one set of credentials, whereas AD FS enables them on different networks.
Active Directory Rights Management Services (AD RMS)
AD RMS is used for creating permissions for documents such as e-mails, word files and web pages. It limits access to documents and determines editing permissions on documents. It uses encryption technology and a selective functionality denial. When a user creates a file it is then encrypted before it is sent. Only the specified receiver should be able to decrypt the file. The printing, copying, editing, forwarding and deletion of files are all operations that can be allowed or disallowed.