⚜️Basic Edition⚜️ 

🏠 What is Active Directory? 

Active Directory is a system that centrally manages all users, computers, and permissions in an organization.

Think of Active Directory (AD) like a big address book + security guard for a company.

It helps a company:

• Know who its employees are

• Control who can access what

• Manage all computers and users in one central place

🎯 Imagine This Scenario…

You join a company.

On your first day, IT Team gives you:

• A username

• A password

You can now:

• Log in to The office computer

• Access your email

• Open shared folders

• Use printers, Wi-Fi, etc.

How is all this possible?

👉 Because Active Directory is running in the backend and it knows:

• Who you are

• What department you belong to

• What permissions you have

🔑 In Even Simpler Terms

✔ AD = A list of all users

(Employees, admins, etc.) 

✔ AD = A list of all computers

(Laptops, desktops, servers)

✔ AD = A list of all rules

(Who can access what)

✔ AD = The system that lets you log in

(Your username + password validation)

📚 A Very Easy Example

Without Active Directory:

Every computer keeps its own list of users → very messy
If password changes → you must update on each computer
If you join the company → IT must add you everywhere manually

With Active Directory:

One central place stores all users → very easy
Password changes update everywhere automatically
IT creates your username once, and you can log in anywhere

🏢 Think of AD Like a School

• Students = Users

• Classrooms = Computers

• Principal Office = Active Directory Server

• ID Card = Username + Password

• Permissions = Which floors/rooms you can enter

Everything is controlled centrally.

🔒 What Does AD Do Behind the Scenes?

1. Authentication
   → Checking if your username & password are correct
   
   

2. Authorization
   → Deciding what you are allowed to access
   
   

3. Centralized Management
   → IT can add/remove users, reset passwords, lock accounts
   
   

4. Group Policies (GPO)
   → Rules applied to all computers (wallpaper, security settings, etc.)

⚙️ Why Companies Use Active Directory?

• Easy user management

• Strong security

• Centralized control

• Saves time for IT

• Unified login experience for everyone

!! ⚜️Advanced Edition⚜️!!

🧩 What Is Active Directory (AD)?

Active Directory (AD) is Microsoft’s centralized directory service used to manage:

• Users

• Computers

• Servers

• Applications

• Security policies

• Authentication & authorization

It runs on Windows Server and is used in almost every medium/large organization.

Think of AD as the central brain that controls and secures the entire IT environment.

🧱 Core Concepts of Active Directory

To understand AD, you must first know its building blocks.

1️⃣ Domain

A domain is the basic unit in AD.

• Contains users, computers, groups, and policies

• Controlled by Domain Controllers (DCs)

• Has a unique DNS name (e.g., Company.local)

Think of it like a house where everything belongs to one family (company).

2️⃣ Organizational Units (OU)

OUs are folders inside a domain.

Used to organize:

• Users (HR, IT, Finance)

• Computers (Desktops, Laptops)

• Servers

• Groups

IT applies Group Policies (GPOs) to OUs.

3️⃣ Forest

A forest is the top-level security boundary in AD.

• Can contain one or many domains

• All domains trust each other

• Share common schema & configuration

Think of the forest as the entire company, and domains as departments.

4️⃣ Tree

A tree is a group of domains in a hierarchical structure.

Example:

rootdomain.com

 ├── child1.rootdomain.com

 └── child2.rootdomain.com

5️⃣ Objects

Everything stored in AD is an object.

Examples:

• Users

• Computers

• Printers

• Groups

• Servers

🏛️ Main Servers & Components in Active Directory

Now let’s dive into all the servers and roles related to AD.

💾 1. Domain Controller (DC)

A Domain Controller is the heart of Active Directory.

It:

• Stores the AD database (NTDS.dit)

• Authenticates users (login requests)

• Applies security policies

• Replicates AD data to other DCs

Every domain must have at least one DC, but most companies use multiple DCs for high availability.

📚 2. Global Catalog Server (GC)

A Global Catalog Server is a specialized Domain Controller.

It:

• Stores a partial replica of all domain objects

• Helps users search across the forest

• Helps in logon authentication

• Essential in multi-domain environments

Without GC, users might not be able to log in.

🧭 3. DNS Server

Active Directory cannot work without DNS.

AD uses DNS to:

• Locate Domain Controllers

• Log in users

• Join computers to domain

• Replicate data between sites

DNS is like the address book for the AD world.

🎫 4. Certificate Authority (AD CS)

Active Directory Certificate Services (AD CS) issues digital certificates for:

• HTTPS / SSL

• VPN authentication

• Wi-Fi authentication

• Smart cards

• Code signing

It enables a secure environment using encryption.

🛡️ 5. ADFS (Active Directory Federation Services)

Used for:

• Single Sign-On (SSO)

• Authentication with cloud apps

Common use:

• Logging into Office 365 (M365)

• Partner company authentication

ADFS allows users to log in without re-entering the password.

☁️ 6. Azure Active Directory (AAD)

AAD is cloud-based identity management.

It is not the same as on-prem AD but can integrate with it using Azure AD Connect.

Used for:

• Office 365 login

• Cloud apps

• MFA (Multifactor Authentication)

• Conditional Access

🔄 7. Azure AD Connect

Synchronizes:

✔ On-prem Active Directory
with
✔ Azure Active Directory

It keeps cloud identities updated.

🛰️ 8. Active Directory Sites & Services

Used for:

• Controlling AD replication

• Managing bandwidth

• Representing physical office locations

• Setting up site links and subnets

Example:

• Pune office

• Bangalore office

• US office

Each location becomes a Site.

🗂️ 9. FSMO Roles (Important Roles in AD)

There are 5 special roles in AD called FSMO roles. 

Forest-level Roles

1. Schema Master

2. Domain Naming Master

Domain-level Roles

3. RID Master

4. PDC Emulator

5. Infrastructure Master

These roles guarantee smooth AD functioning.

🔐 10. Group Policy (GPO)

GPO is one of the most powerful components of AD.

It controls:

• Security settings

• Software installation

• Desktop wallpaper

• Password policies

• USB restrictions

• Drive mapping

Applied to:

• Sites

• Domains

• OUs

📊 11. AD DS (Active Directory Domain Services)

This is the actual AD role installed on a server to make it a Domain Controller.

Provides:

• Authentication

• Authorization

• Directory service

☎️ 12. AD LDS (Lightweight Directory Services)

A lighter version of AD DS:

• Does not require a domain

• Used by applications

• Stores directories for non-Windows apps

📁 13. AD RMS (Rights Management Services)

Protects documents by:

• Preventing screenshots

• Blocking email forwarding

• Restricting copy/paste

Used mainly for information protection.

🌍 14. DHCP Server (AD Related but Optional)

While not part of AD, DHCP is often integrated to:

• Assign IP addresses

• Register DNS records for domain-joined PCs

DHCP + DNS + AD work together.