Active Directory

Es una estructura utilizada en computadoras y servidores con SO Ms Windows

Para que se utiliza

Para almacenar informacion del usuario, red y dominio

The Active Directory data store (directory)

es la base de datos que contiene toda la información del directorio, como información sobre
usuarios, computadoras, grupos, otros objetos y los objetos a los que los usuarios pueden
acceder. También incluye otros componentes de red.

The Active Directory data store (directory) is stored on the server’s hard disk by means of the
Ntds.dit file.

The Ntds.dit file is placed in the Ntds folder in the systemroot.

Because domain controllers manage domains, each domain controller within the domain hosts
a write copy of the Active Directory directory.

Because of Active Directory replication, domain controllers in a domain remain synchronized

with one another. Active Directory replication occurs automatically. Only domain data,
configuration data, and schema data are replicated.

How Does an Active Directory Work?

An Active Directory acts as a special-purpose database for Windows computers. The system is
designed to manage large numbers of read and search operations as well as changes and
updates. The data stored in Active Directory is designed to be replicated, hierarchical, and
extensible.

Relevant information that is normally stored in AD includes user contact data, printer queue
information, and specific computer or network configuration data. The information stored in
AD is in Object and attribute format defined in the AD schema.

What are Active Directories Used to Do?

Active Directory is used by computer administrators to manage end user computer software
packages, files, and accounts on medium to large-sized organizations. Instead of visiting every
single computer client computer to upgrade new software or install Windows patches, the
task(s) can be accomplished through updated a single object located within an AD forest or
tree. Similarly, AD gives the network administrator the capability to grant or remove access at
the user level for one or many applications or file structures.

Active Directories are primarily used to organized large organizations or corporations

computer networks and data. They help save significant time and cost by eliminating the need
to visit each computer individually to perform routine maintenance and upgrades.

What are Active Directory Partitions?

Information stored in Active Directory is not all placed in the identical location. Active
Directory has three primary partitions or naming contexts. These include: schema, domain,
and configuration.

The domain partition consists of object types such as contacts, users, groups, computers, and
organizational units. This holds information about the domain such as users and resources in
the domain.

The configuration partition contains information on the Active Directory structure such as the
configuration of the domains, domain trees, and forests.

The schema partition stores information on object classes and attributes.

Active Directory Objects

Active Directory structures are grouped into two basic or broad categories: resources and
security principals. Resources are typically printer or networked hardware resources while
security principals relate to computer accounts or groups and are assigned unique security
identifiers (SIDs).

All information on users, groups, computers, servers, and security policies in Active Directory
are organized and categorized into different Active Directory objects. An Active Directory
object can be defined as a group of attributes that represent a resource in the network. Each
object has a unique name or unique identifier called a distinguished name. Objects can also
contain other objects. These objects are known as containers. In the Active Directory Users
and Computers console, the default object types created in a new domain in Active Directory
are:

Domain, Organizational Unit, User, Computer, Contact, Group, Shared Folder, and Shared
Printer

How Does Replication Work in Active Directory?

Active Directory makes use of a ‘pull’ system to receive changes from the server. The Microsoft
Knowledge Consistency Checker (KCC) makes a replication topology of site links that uses
defined sites to manage traffic. Intrasite replication occurs automatically once a change
notification is received. This action triggers peers to start replication cycles. Intersite
replication occurs less frequently under AD and do not use change notification by default, but
can be modified by the administrator to do so.