Reprinted from the following blog https://blog.csdn.net/wenzhongxiang/article/details/79333469 content writing is very clear so reproduced for the next reading
Active Directory (AD) is a directory service is used by Microsoft to develop Windows domain networks. It is included in most Windows Server operating system as a set of processes and services. Initially, Active Directory domain is only responsible for centralized management. However, starting with Windows Server 2008, Active Directory-based identity became widely associated service catalog of titles. May now be used in system level: Windows Server 2003,2008,2008R2,2012,2012R2,2016.
Running Active Directory Domain Services (AD DS) server called a domain controller. It all users and computers in a Windows domain type network authentication and authorization; all assigned to the computer and implement security policies and install or update software. For example, when a user logs on to the computer belongs to a Windows domain, Active Directory checks the password submitted and determine the user is a system administrator or a normal user. In addition, it allows to manage and store information, provide authentication and authorization mechanisms, and to establish a framework for the deployment of other services: Certificate Services, a joint service, Lightweight Directory Services and Rights Management Services.
Information Active Directory stores information about objects in the network, enables administrators and users to easily find and use the information. Active Directory is stored as structured data base directory information organized hierarchically logic.
Security Directory integrated authentication and access control by logging on to the Active Directory object. Through a single network logon, administrators can manage directory data and organization throughout the network, and authorized network users can access resources anywhere on the network. Policy-based management can simplify the management of the most complex networks.
Simply use ActiveDirectory Domain Services (AD DS) server role, you can create user and resource management scalable, secure and manageable infrastructure and can support the application directory, such as Microsoft Exchange Server.
Structured as follows:
AD DS server role
AD DS provides a distributed database for information about network resources and applications to store and manage applications from a particular directory-enabled data. AD DS administrator can use the elements of the network (such as users, computers, and other devices) comprising a layered structure of organizations. Comprising a layered structure comprising an organizational unit (OU) Active Directory forest, forest and fields in each domain. Run AD DS server is called a domain controller.
The network elements organized into a hierarchical structure that contains the following benefits:
Forest as a security organizational boundaries, and is defined by the administrator of competence. By default, a forest contains domain called the forest root domain.
You can create other domains in the forest to provide partitioning of AD DS data, which enables organizations to replicate data only when needed. This makes it possible AD DS globally extended network with limited available bandwidth. Active Directory domain also supports a number of other core functions related to the management of the entire network including user identity, authentication, and trust relationships.
OU simplified licensing rights in order to manage a large number of objects. By authorized owner can own all rights or limited rights object transferred to other users or groups. Authorization is important because it helps to manage large numbers of objects distributed to many people trusted to perform administrative tasks.
AD DS features:
Security is integrated with AD DS through logon authentication and access control to the directory resources. Through a single network logon, administrators can manage directory data and organization throughout the network. Authorized network users can also use a single network logon to access resources anywhere in the network. Policy-based management can simplify the management of the most complex networks.
Other AD DS features include:
A set of rules, patterns, for the object classes and attribute definitions contained in the directory, the constraints and limitations of these object instances and their name format.
Global catalog contains information about each object in the directory. Regardless of which domain in the directory actually contains data, users and administrators can use the global catalog to find directory information.
Query and index mechanism, so that network users or applications can publish and find the objects and their attributes.
Distribute data over a network directory replication services. All writable domain controllers in a domain participate in replication and contain a complete copy of all directory information for their domain. Any changes to the directory data will be replicated to all domain controllers in the domain.
Operation master role (also known as flexible single master operation or FSMO). Holders of domain controller operations master roles are designated to perform specific tasks to ensure consistency and eliminate conflicting entries in the directory.
. ps WinSer2016 Active Directory series of related articles from today the official opening of the pen, as mentioned in the previous chapter two: Many readers may wonder whether there will be obsolete or duplicate other issues to share with other authors before, in view of such problems Brits want He said at the end of a technical direction every time always like to organize a number of technical articles or technical highlights according to their own understanding and practices to allow readers to see or learn or individual late again and so on. Thanks for the support!
---------------------
Author: wenzhongxiang
Source: CSDN
Original: https: //blog.csdn.net/wenzhongxiang/article/details/79333469
Disclaimer: This article as a blogger original article, reproduced, please attach Bowen link!