Microsoft Active Directory (AD) is a directory service that provides centralized authentication, authorization, and management of users, computers, and resources in a network environment. The fundamentals of Active Directory include:
- Domain: A domain is a logical grouping of objects, such as users, computers, and resources, that share a common security policy and trust relationship with other domains. It is the fundamental building block of Active Directory.
- Forest: A forest is a collection of one or more domains that share a common schema, global catalog, and trust relationship. A forest represents the boundaries of administrative authority in an Active Directory environment.
- Domain Controller: A domain controller is a server that runs Active Directory and is responsible for authenticating and authorizing users and computers, as well as storing and replicating directory data.
- Organizational Unit (OU): An organizational unit is a container object in Active Directory that can contain other objects such as users, groups, computers, and other OUs. It is used to simplify administrative tasks by grouping similar objects.
- Group Policy: Group Policy is a feature of Active Directory that allows administrators to manage user and computer settings from a central location. It enables administrators to enforce security policies, set desktop configurations, and manage software installations.
- Active Directory Users and Computers: Active Directory Users and Computers is a management console used to manage user and computer objects in Active Directory. It enables administrators to create, modify, and delete user and computer accounts, and manage group memberships.
- Kerberos Authentication: Kerberos is a network authentication protocol used by Active Directory to provide secure authentication between clients and domain controllers. It uses a ticket-based authentication system to validate users and computers.
- Lightweight Directory Access Protocol (LDAP): LDAP is a protocol used by Active Directory to provide a standard interface for accessing and managing directory information. It allows clients to search, add, modify, and delete objects in the directory.