So, although all the computers are standalone at first, when we decide we want the benefits of AD, we can install Active Directory Domain Services on a server. Directory Information Tree) that sits on one or more domain controllers. It starts off with a database known as the NTDS.DIT file (NT Directory Services. This is the environment in which we have separate usernames and passwords all over the place.Īctive Directory helps to put all that together into a single organization. They are all standalone or workgroup computers. When we first install a Windows computer, server or a workstation, there’s no domain involved at all. It can also provide central storage for individuals and departments, backup and restoration services for central storage. For example, this will enable our users to use resources on any site, with only one username and password.īesides SSO, Active Directory can also provide mechanisms for centralized policy based management, which can improve workstation security and manageability. With that we can enable a two-way trust relationship between two entities, for example, between two business sites. With Active Directory, we can also use trust relationships or a federation, which is great in multi-domain environments. For database, if we are using Microsoft SQL, we don’t have to logon separately for that. We just use our SSO from our original log on to our domain controller (DC).
Also, if we want to access files or shared printers, we don’t have to have a separate account for that. For example, if we have a Microsoft Exchange integrated into our Active Directory, then we don’t have to sign on again to get our email. This means that once we log on to out domain controller, our user account gets something called Kerberos ticket, whicht can be used to gain access to other servers without having a separate username and password. Let’s say that we add a Windows Server 2012 Domain Controller to our environment. Those are all common in any business environment. This may get very complicated, especially when we have more users.Īctive Directory can simplify all that. We may also have an email server, again with yet another, separate username and password. We may also have a file server with sepparate username and password. Maybe we also have a database server which we have to access as well, which has a totally separate and independent username and password, that we have to memorize.
Let’s say that we have our regular computer that we log on to and we have to memorize our username and password for that computer. Active Directory can really simplify our life, compared to other network systems.