This article is a plain and simple explanation of Microsoft Active Directory. What it is, and how it works.
What is Active Directory?
After years of working with Windows Server I'll give you an understandable definition. AD is an organizational database of all the objects, and users in a Windows network. It centrally organizes all the resources in an organization for security and distribution. What the hell does that mean? I'll explain it. It's actually pretty simple, and makes sense. The next few sections will explain some of the features that make AD so attractive.
Think of AD as a "directory." Meaning, all services and actions performed must contact the directory for details and locations. AD is the heart of a Windows network.It provides the function of everything from holding namespace all the way to granular security. AD serves as a true "directory" of user accounts, aliases, object and server names. Permissions and access controls are easily defined and management of network resources is simplified. If you ever worked with Novell Directory Services (NDS) active directory will seem similar.
Global Catalog Server
A global catalog server is created by default when AD is deployed on a Windows server. It is used to process logons and answers other queries about the state and location of different objects in the forest. You can specify other servers in your organization to also act as global catalog servers. In organizations with 2 Windows Servers, I always specify the second server as a duplicate GC and domain controller. This ensures that users can still logon to the domain in the event that one of servers is down.
By default, when you install Windows Server, it will have the role of a "stand-alone server." In order to use AD, that role must be changed to a domain controller. The next question you might ask is, how is a domain controller different from a stand-alone server. The simple answer: many ways. A stand-alone server acts much like a regular [xp] box. A DC holds domain-wide directory data and manages user-domain interactions. They process logons, authentication and directory searches. By running a server as a DC with Active Directory, management is simplified, and you get a rich, full-featured set of tools to run your network.
Components of a Domain Controller
A domain controller holds all the user accounts, groups, and other organization units of the network. These are often referred to as "objects." Active directory creates and maintains a "Global Catalog." The GC is used as a reference to find different objects. It doesn't come into play too much in a small, single-domain network. However, it is important, as many things will take much longer without it. The best feature of AD is that it will synchronize with any other DC in it's domain. For example, you have two servers running AD on the network. If you add two user accounts on server1, those user accounts will automatically appear on server2 in a few minutes. It's called replication. Replication is what makes AD a night in shinning armor.
Personally, I had a situation where a two-server network was operational after one had crashed. However, the server that crashed was the GC, and the second server was not an additional GC. Users were still able to logon (using cached credentials), but navigating through different file shares and some other AD dependent tasks took nearly 4 times as long. This was because the AD was requesting objects from the GC. When it figured out the GC wasn't available, it simple used a "cached" copy of the information from the active directory. Needless to say everyone bitched about how slow the network was until I was able to fix it.
NOTE: this form DOES NOT e-mail this article, it sends feedback to the author.