Active Directory -
It is a centralized database system which contains people / user's information which can be used to authenticate them.Active directory not only contains people information but it can have computer's and other resources' information in it which can be used to authenticate users/services using these. Most IT administrators use Active directory to maintain order in the organization. In other words it is used to implement the AAA protocol i.e. Authorization , Authentication and Accounting
Authorization - As the name suggested it is the process of verifying if the person is legitimate to access the resource.
Authentication - It is the process to verify the identity of the person.
Accounting - It is the process of documenting that the authorized & authenticated person has accessed the resource.
Core components of Active Directory -
Domain controller - Every active directory has at-least one domain controller . A domain controller takes care of managing the Active Directory, authentication , authorization and accounting of the users in Active Directory including its database hosting . Most Active Directory structure implement using Windows 2003 server but now there is a clean shift of focus towards Windows 2008 server
Fig below shows the organization of data in Active Directory
Fig(a) Organization of data in Active Directory (pic credits :- check here)
Object :- Everything that the Active Directory manages is called as objects. An object may be a user, a system , a service or a resource that may be tracked by the Active Directory
Forests :- Forests are at the top of the hierarchy. It contains all the attributes and their syntax.
Domain Component :- These are the collections of computers/resources linked through policies , users or any other attribute in the Active Directory.It creates a copy of every server based activity.
Organizational Units (OU) :- OU are combination of various domains.It is used for grouping domains that may be tightly coupled with each other. By using OU a network adminstrator can configure different users based on different user policies.
Domain Component(DC) :- A DC can be used to classify different types of users based on role. For ex people with manager role may belong to DC as manager , whereas, people with employee role may belong to employee-DC.
Common Name (CN):- A common name may contain values such as first name,last name etc.
Distinguished Name (DN) :- A distinguished name may contain values such as user Id .
Apart from these commonly used components there are other supported components such as password and other components
Accessing an object in Active Directory
For accessing an object in Active Directory you need to use the fully qualified namespace of the object
Typically an object namespace may be like -
CN=Sandesh,CN=Mutha,DN=smutha,DC=blogger,DC=com,OU=Technology
Links to refer
