🗂️

Understanding Active Directory Domain Services

May 8, 2025

Notes on Active Directory Domain Services

Introduction

  • Speaker: Andy Malone, Microsoft MVP and Certified Trainer.
  • Topic Overview: Focus on Active Directory Domain Services (AD DS) from Windows Server.
  • Purpose: Understanding AD DS is vital for advancing in IT careers.
  • Duration: Aiming for a deep dive in 20-30 minutes.

Understanding Active Directory

What is Active Directory?

  • An identity platform that manages user access to resources.
  • Involves authentication methods: passwords, biometrics, etc.
  • Provides directory services, which is a database of objects (users, groups, computers).

Historical Context

  • First Microsoft directory service was Windows NT.
  • Active Directory was introduced with Windows 2000.

Structure of Active Directory

Logical Structure

  • Organizational Units (OUs): Used to organize users and resources based on functions or locations.
  • Objects: Includes user objects, group objects, and device objects with attributes (e.g., name, email).
  • The complete set of object types is referred to as the schema.

Physical Structure

  • Domain Controllers (DCs): Host copies of the Active Directory database.
  • Replication: Critical for disaster recovery and performance.
    • Intra-site Replication: Automatic replication within a site (high-speed connections).
    • Inter-site Replication: Replication between sites (may require scheduling).

Example Sites

  • Site A: London
  • Site B: New York

Active Directory in Windows Server

Installation of Active Directory Domain Services

  • Server Manager: Main portal for managing features.
  • Roles and features must be added after installation of Windows Server.
  • Tools Available: Active Directory Users and Computers is primary for managing AD.

Creating Users and Groups

  • Users can be created with unique usernames and attributes.
  • Groups: Simplify permission management across users.
    • Example: Creating an 'ops managers' group to manage permissions collectively.

Physical Aspects of Active Directory

Active Directory Database

  • Located in the C:\Windows\NTDS directory as ntds.dit.
  • Log Files: Track changes before they are committed to the database.
  • Multiple Domain Controllers: Provides redundancy and load balancing.

Active Directory Sites and Services

  • Manage replication settings and domain controllers.
  • Create new sites for geographical separation (e.g., Oslo).

Domains and Trusts

  • Manage relationships between different forests.
  • Trust relationships can be established for partnerships or collaborations.

Advanced Features

Recycle Bin in Active Directory

  • Deleted objects can be restored if the recycle bin feature is enabled.
  • Enable it via PowerShell or through Active Directory Admin Center.

Conclusion

  • Active Directory remains a fundamental tool in IT, especially as organizations transition to hybrid environments.
  • Understanding both logical and physical aspects is crucial for managing identities securely.

Additional Information

  • For more insights on Azure Active Directory, check out other videos from the speaker.

Call to Action

  • Encourage feedback and questions from viewers.
  • Remind to subscribe for more tutorials.

Full transcript