What is Active Directory Domain Services (AD DS)

What is AD DS ?

AD DS ( Active Directory Domain Services ) It is a server role, you can create a scalable, Secure, and manageable infrastructure for user and resource  management, and ADDS can provide supports for directory-enabled application.

Features of AD DS

• Server running AD DS is called as domain controller.

• It stores directory data ( called as directory stores ).

• By using AD DS, we can implement centralize control on all the available resource Like user, computer, data access inside the company.

• It manages the communication between user and domain..

• It manages user logon process, authentication directory searches.

Structure of AD DS Forest

• It contain one or more domain container objects like directory structure, Global catalog and directory Schema etc.

• It has highest level in the active directory.

• It is the local security boundary for an enterprise.

• A forest contains multiple domain trees. The first domain in the forest is called as forest root domain.

• By default, a user or administrator of one forest can not access another forest.

• This slide illustrates different relationship of a child domain or another tree in the same forest. 

• In the slide we have a Forest Root Domain "reliance.com"( it is a master root server ), Also there new Child Domain "jio.reliance.com" ( Basically this is the domain or office located in New Delhi, so the name come to the "jio" )

• Within the forest Domain reliance.com, we also have our sister concern company name "JIO", so in the scenario we can create a additional tree root domain named as "jio.com" 

• There is no administrative difference between two domain ( reliance.com and jio.com) apart from their names

   Most Point of AD DS Domain

• A domain is the administrative boundary for Active Directory objects.

• It is a container objects to strore, located and manage active directory object like user, group, computer and printers etc.

• A single domain can span up to multiple locations or sites.

• A domain is manage by a physical machine knows as domain controller.

• AD DS requires one or more physical domain controllers.

• All domain controller hold a copy of the domain database, this domain database is continuously syschronized.

• A domain manage by a domain controller is use to provide authentication  services or authorization for objects stored in its database.

Domain Controllers (DC)

Domain controller server that store the active directory database and authenticates user with the network during logon.

Stores database information in file called NTDS.DIT ( Network Technology Directory Services . Directory Information Tree ) And SYSVOL ( it is a replicated between domain controller )

• DC use Kerberos KDC ( key Distribution Center ) services to perform authentication.

• For security of DC, you can implement DC on Server core, for remote office without administrator a RODC (Read Only Domain controller ) with BitLocker must be deployed.

• To ensure that DC services are redundant, you must plan at least two DC ( a main DC and a Backup Domain Controller-BDC ).

What is Global Catalog.

• A Global catalog is the set of all object in an AD DS Forest 

• A Global catalog server is a domain controller that stores the full copy of all object in directory for its host domain.

• Also it store partial read-only copies of all object for all other domain in the same forest.

• Global catalog server responds to the global object queries throughout the domain.

• Storing the most commonly searched attributes of all domain object in the global catalog make searched more efficient for user without affecting network performance, thus preventing unnecessary referrals to domain controller.