What is Active Directory?
| technology | networking - Jon Welling

What is Active Directory?

Are you new to Windows Administration? Are you starting your career as an IT admin? In that case, you need to learn Active Directory right now. Active Directory is an essential component of IT resource management. Today, we hope to convince you of that. Let's get right to discussing what Active Directory is and how it works. 

What is Active Directory?

People typically relate Active Directory to a phone book. While that makes a good comparison for DNS, it's not accurate for Active Directory. Active Directory is more like a complicated Rolodex. Let's explain.

Active Directory is like a Rolodex

A Rolodex is so much more than a phone book, though. A Rolodex is like a modern-day contacts app on your phone. You can make your contacts app as complicated or simple as you want. At a minimum, a contact on your phone typically has a phone number attached to it. But each contact can also contain other information like email addresses, home addresses, work addresses, titles, work positions, private notes, etc. Contacts apps can filter and sort contacts by this information, too.

Active Directory is similar to that. Each Active Directory entry holds information about individuals, though Active Directory also holds info about groups and objects, too. We'll discuss that more in a bit. 

Active Directory has more functions that a Rolodex or a Contacts app can't do. For instance, Active Directory also includes permissions. That's an essential part of managing IT resources for an organization. 

An Overview of Active Directory

Active Directory is responsible for many things on a Windows network, including how you control resources and permissions for users. In this video, James Conrad explains what Active Directory is and how it helps IT admins manage permissions and control access to network resources. 

How does Active Directory work?

Part of controlling IT resources is stating who has access to what resources. For example, someone in the marketing department doesn't need access to financial data. A frontline employee doesn't need access to engineering data. 

Remember above when I stated that Active Directory entries could record which department they belong to? This is conceptually very important.

Let's say Billy works in marketing. Billy doesn't need access to financial data, though. Because Billy is marked as working in marketing in Active Directory, he shouldn't have access to the financial department's data. 

But how does this work? Active Directory can be configured in a variety of ways. You can also add objects and groups to Active Directory, too. 

What is an Active Directory tree?

Picture Active Directory as a tree. Each branch on that tree inherits the characteristics of the branch it’s attached to. In this case, the “marketing group” is one branch, and 'Billy' is another branch. Billy could also be a leaf, but let's keep things simple. 

The marketing group, or branch, can be configured to only access specific network shares for the marketing department. If you want to get fancy, you can also say that only the marketing department can use Photoshop. Once you attach Billy to the marketing group, Billy now has access to the marketing network shares and the Photoshop application. Because Billy isn't attached to the financial group, he won't have access to QuickBooks.

Of course, the specifics of creating and organizing those groups tend to be much more complicated. Also, planning Active Directory takes far longer than actually implementing it. 

What Information Does Active Directory Hold?

So, how does Active Directory work? Active Directory lives and dies by the information it holds. In this way, Active Directory is very much a data store. Active Directory holds information about people, groups, and objects.

What is a user in Active Directory?

A people, or person, is easy to define. They are anyone that needs access to the organization’s IT resources. A person could be the CEO, Billy from marketing, Jan from IT, or Bob that works on the factory floor. People don't need to be employees, though. They can also include Julie – the rep from HP that your business works with. A person might also be Jenny, the contractor the company hires to write its blog articles. 

People are lots of things. Groups get more complicated, though. Technically, a group is nothing more than a logical container that various people might fall under. A group could be something as simple as group A, group B, etc. 

Conceptually, we tend to organize groups as business entities. That makes organizing groups far easier. So we might have groups called marketing, finance, freelancers, vendors, or executives. When you treat a group as an entity, it's much easier to identify and define what that group needs. For example, the marketing group requires access to Photoshop, but they have no business messing with QuickBooks.

An object is a catch-all for anything else, though again, we conceptualize objects as physical things. These could be printers, specific access-controlled doors, you name it.

Organizing objects is mostly for convenience. Using our example above, when Billy prints something, his thing should print to a printer near him in the marketing department. His print job should print out on a printer down the hallway in finance. That's just nuts! I mean, we're all for exercise, but that's taking it a bit far. 

Technically, all three of these logical groupings (people, groups, and objects) can all hold very similar information. However, that's not to say that IT admins use every field in every logical component. 

How are groups and users related in Active Directory?

It makes no sense to treat a person like an object. People should have information attached to them like their name, phone number, profession, boss, and whether they like cookies (who doesn't?). A person should also know which group they belong to.

Continuing with our example, Billy belongs to the marketing department. So, Billy should be part of the marketing group. The marketing group defines what that group does and what it has access to. So, by putting Billy in the marketing group, he can access Photoshop and use the printers next to him.

Objects are defined by what they are. So, a printer is a printer. That printer has XYZ capabilities, and it's located down hallway three to the left. That object is then typically attached to the group. In this case, a printer in marketing is plopped in the marketing group.

So, when we put Billy in the marketing group, Billy gets access to Photoshop and the printers in the marketing department. 

This all sounds like a lot of work, however. Why would someone spend the time maintaining people, groups, and objects in Active Directory? It's because Active Directory makes life easy.

How will Active Directory help me?

Have you ever configured and deployed a new computer to an end-user? That process may take a while in a properly configured business environment, but it's stupid simple. It's not hard to boot a new laptop into a PXE environment, hit next a few times, let Windows Deployment do its magic, sign in to that computer as Billy, and let Active Directory finish configuring settings, installing Photoshop, linking network shares, and installing printers automatically. This process can easily take 4+ hours per laptop if you do this by hand.

Start Learning Active Directory 

CBT Nuggets has a variety of online Active Directory training that you can start right now. 

You might have heard that Active Directory is a thing of the past and that everyone wants in on the cloud. That couldn't be further from the truth. AD is an essential piece of Azure, AWS, and other cloud service providers. If you want to study for the future, we also have plenty of online Azure Active Directory classes, too. 

But wait, how can you use Active Directory online for local people? This is the whole point of a hybrid infrastructure, and people have spent a lot of time figuring this out. Thankfully, you don't need to reinvent the wheel. All you need to do is learn how to implement a hybrid infrastructure based on the trials and tribulations of others. Isn't it nice to skip the painful parts of learning?

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2022 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522
We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE