From the course: Career Essentials in System Administration by Microsoft and LinkedIn
Active Directory
From the course: Career Essentials in System Administration by Microsoft and LinkedIn
Active Directory
- [Narrator] What is Active Directory? Active Directory is an extensible database that can expand and contract as objects are added or deleted. It includes the ability to securely store object information, and authenticate users when they want to access resources. After authentication of a user's credentials, it authorizes the user to access things like shared folders, applications, and others. The schema is a set of rules that defines the classes of objects and attributes contained in the directory. It also defines the constraints and limits on instances of these objects and the format of their names. It's a structure like a tall building that has many floors. You can't break the rules that would allow you more space or abilities than is allowed. The structure won't allow it. If you're assigned a single floor of the building, you can't leach out into another floor or go above or below the floor you're assigned. That helps keep the structure sound and secure. A global catalog contains information about every object in the Active Directory. We need at least one global catalog in every domain and forest or all the user accounts and every other object will disappear. This allows users and administrators to find directory information, regardless of which domain in the directory actually contains the data. If a sysadmin needs to find a user to reset the password, the global catalog is where the information is stored. Every domain controller can be a global catalog, if desired. Domain controllers contain query and index mechanisms so that objects in their properties can be published and found by network users or applications. If a user wants to find and add a printer, they can do so when it's published to Active Directory, they can then add that printer, if permissions allow. If another user wants to open a shared folder on a server, Active Directory will search the access control list of allowed users and groups to determine if they have the rights to use that data. A domain controller is a server that can authenticate and authorize users as needed. You would have multiple DCs for redundancy and load balancing. The replication service distributes directory data across a network. All domain controllers in a domain participate in replication and contain a complete copy of all directory information for their domain. Any change to directory data is replicated to all domain controllers in the domain. That way users can log into server resources as needed, with security and availability provided by the information contained in the domain controllers. Active Directory contains much information to perform many services for users. This is true of on-premises, as well as Azure active directory services in the cloud.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.