Active Directory Domain Services (ADDS) Stores information about objects on the network and ADDS provides secure, structured, hierarchical data storage for objects and the admin can easy to manage all objects.
– Active Directory Domain Services (ADDS) uses domain controllers to give the network user access to permitted resources anywhere on the network through a single logon process.
– Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It stores information about members of the domain, including devices and users, verifies their credentials, and defines their access rights.
– Group Policy is the most used ADDS feature, it is used for configuring centralized policies that are used to manage most objects in ADDS.
– ADDS is composed of both logical and physical components, ADDS logical components are structures that you use to implement an Active directory design that is appropriate for an organization.
– Active Directory Domain Controller is a server that is running ADDS, Domain Controller stores a copy of the ADDS directory database and a Copy of the SYSVOL folder.
– The ADDS replication service synchronizes the changes that have been made to the ADDS database to all other domain controllers in the domain.
Active Directory Logical and Physical Components
ADDS Logical Components: Partitions, Schema, Domains, Domain Trees, Forests, Sites, OUS, Containers
ADDS Physical Components: Domain controllers, Data stores, Global Catalog servers, RODCs
ADDS domain is a logical container used to manage users, computers, groups, and other objects. All domain objects are stored in ADDS database and a copy of which is stored on each domain controller.
Organization unit and Container
An Organization unit is a group of objects within a domain, used to consolidate users, computers, groups, and other objects. The primary difference between OUs and containers is the management capabilities Containers have limited management capabilities and cannot apply GPO directly to the container.
A domain tree is the collection of one or more domains that share a common root name and contiguous Domain Name System namespace.
A forest is a collection of one or more domain trees that can share a common directory schema and global catalog. The first domain that is created in the forest is called the forest root domain. The forest root domain contains a few objects that do not exist in other domains in the forest.
The global catalog is a partial read only searchable copy of all objects in the forest. It speeds up searches for objects that might be stored on all domain controllers in the forest.
Active Directory schema contains formal definitions of every object class that can be created in an Active Directory forest and contains formal definitions of every attribute that can exist in an Active Directory object. It is sometimes referred to as blueprint for ADDS. Any changes that are made to the schema are replicated to every domain controller in the forest from the schema master holder.
The Active Directory database is organized in partitions, each holding specific object types and following a specific replication pattern.
Configuration Partition: This partition contains information on the physical structure and configuration of the forest (such as the site topology). Replicate all domains in the Forest.
Schema Partition: Partition contains the definition of object classes and attributes within the Forest. Replicate all domains in the Forest.
Domain Partition: Partition contains all objects created in that domain and replicates only within its domain.
Application Partition: Partition contains Information about the application.
ADDS information is stored within the directory database. ADDS database uses Microsoft jet database technology and stores the directory information in the Ntds.dit file and associated log files. those files are stored in the C:\Windows\NTDS folder by default.
An Active Directory site is a set of computers in one or more IP subnets connected using Local Area Network (LAN) technologies, or as a set of LANs connected by a high-speed backbone. Separate sites are connected by a link that is slower than LAN speed.
RODC (Read only domain controller)
Read only domain controller (RODC) is a server that contains read only a copy of an active directory database and responds to security authentication requests.
Security groups are Used to assign permissions to shared resources. Default security groups are created automatically when you create an Active Directory, these predefined groups are used to control access to shared resources.
Administrators: Members of the Administrators group have complete and unrestricted access to the computer, or if the computer is promoted to a domain controller, members have unrestricted access to the domain.
Schema Admins: Members of the Schema Admins group can modify the Active Directory schema. This group exists only in the root domain of an Active Directory forest of domains.
Domain Users: The Domain Users group includes all user accounts in a domain. When you create a user account in a domain, it is automatically added to this group.
Group Policy Creator Owners: This group is authorized to create, edit, or delete Group Policy Objects in the domain. By default, the only member of the group is the Administrator.
Remote Desktop Users: The Remote Desktop Users group on an RD Session Host server is used to grant users and groups permission to remotely connect to an RD Session Host server.
Backup Operators: Members of the Backup Operators group can back up and restore all files on a computer, regardless of the permissions that protect those files. Backup Operators also can log on to and shut down the computer.
Active Directory Objects
Objects in Active Directory (AD) are entities that represent resources that are present in the AD network.AD objects are characterized by a set of information. Each piece of information is called an AD object attribute.
Active Directory object attributes
Active Directory (AD) object attributes are pieces of information or data that define the properties of the objects, for example, a user object in Active Directory will have attributes such as their First Name, Second Name, Manager Name.
Active Directory SYSVOL
SYSVOL is simply a folder that resides on each and every domain controller within the domain. It contains the domain’s public files that need to be accessed by clients and kept synchronized between domain controllers. SYSVOL folder location is C:\Windows\SYSVOL, the location can be moved to another location during the promotion of a domain controller.