🔑

Understanding Active Directory Domain Services

May 8, 2025

Active Directory Domain Services Overview

Introduction

  • Presenter: Andy Malone, Microsoft MVP and Certified Trainer.
  • Focus: Deep dive into Active Directory Domain Services (AD DS) in Windows Server.
  • Importance of AD DS for IT career advancement, despite the trend towards Azure Active Directory (AAD).

What is Active Directory?

  • Definition: Directory service that is essentially a database of objects (users, groups, computers).
  • Historical Context:
    • Originated in Windows 2000, following Windows NT.
    • Basis for user management and authentication in a network.

Logical and Physical Structure of AD DS

  • Logical Structure:

    • Organization of objects into Organizational Units (OUs), similar to folders in file storage.
    • Can be organized by location, department, function, etc.
    • Objects have attributes (e.g., first name, last name, email).
    • The complete set of object types is defined as the schema.

  • Physical Structure:

    • AD DS databases stored on Domain Controllers (DCs).
    • Replication:
      • Important for backup and disaster recovery.
      • Can be intra-site (within a site) or inter-site (between sites).
    • Use of multiple DCs for redundancy and load balancing.

Replication Types

  • Intra-site Replication:
    • Automatic replication within a site, assumes high-speed bandwidth.
  • Inter-site Replication:
    • Used for slower connections, can be scheduled.
    • Uses (historically) RPC or SMTP protocols (now generally IP due to faster connections).

AD DS Implementation in Windows Server

  • Installation:
    • Windows Server comes with no roles/features installed.
    • Active Directory Domain Services can be added via Server Manager.
  • Management Tools:
    • Active Directory Users and Computers: Primary tool for managing logical aspects.
    • Allows creation of users, groups, and OUs.

Creating Users and Groups

  • Example of creating a user named "Jean-Luc Picard":
    • Username format recommended: surname + initial.
  • Creating groups to simplify permissions management.
    • Groups allow permissions to be assigned collectively rather than individually.

Active Directory Database

  • Located in the C:\ drive under ntds folder, with ntds.dit being the main database file.
  • Log files are used for transactions before being committed to the database.
  • Importance of having multiple domain controllers to avoid single points of failure.

Tools for Physical Management

  • Active Directory Sites and Services:
    • Manage and configure DC locations and replication.
  • Active Directory Domains and Trusts:
    • Manage domain relationships and trusts between multiple domains.

Object Management Features

  • Visibility of hidden objects by enabling advanced features.
  • Recycle Bin:
    • Can recover deleted objects if enabled.

Conclusion

  • Importance of AD DS knowledge for cloud computing and hybrid environments.
  • Encouragement to subscribe for more content and engage with comments.

Presenter Closure

  • Thanks for watching, encouragement to like and subscribe.
  • Reminder to stay safe and see viewers next time.

Full transcript