What is Active Directory Directory Service in details? ADDS

Article Index

Active Directory service provides a single point of network resource management, allowing you to add, remove, and relocate users and resources easily.

Active Directory is software created by Microsoft, based on Novell EDirectory and using modified versions of existing protocols and services that provides a variety of network services, including:

  1. Lightweight Directory Access Protocol LDAP is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2.

  2. Kerberos-based authentication

  3. DNS-based naming and other network information

  4. Central location for network administration and delegation of authority 

  5. Information security and single sign-on for user access to networked based resources

  6. The ability to scale up or down easily

  7. Central storage location for application data

  8. Synchronization of directory updates amongst several servers 

Active Directory also allows administrators to assign policies, deploy software, and apply critical updates to an organization. Active Directory stores information and settings in a central database.

Active Directory was previewed in 1999, released first with Windows 2000 Server edition, and revised to extend functionality and improve administration in Windows Server 2003. Additional improvements were made in Windows-Server 2003 R2. Active Directory was refined further in Windows Server 2008 and Windows Server 2008 R2 and was renamed Active Directory Domain Services.

Active Directory was called NTDS (NT Directory Service) in older Microsoft documents. This name can still be seen in some Active Directory binaries.

Active Directory Component

Various Active Directory components are used to build a directory structure. Active Directory completely separates the logical structure from the physical structure.

Active Directory components represent logical structures: - Domains, Organizational Units (OUs), Trees & Forests.

Active Directory components represent physical structures: - Sites (physical subnets) and Domain Controllers.

Logical Structures

In Active Directory, you organize resources in a logical structure—a structure that mirrors organizational models using domains, OUs, trees, and forests. Grouping resources logically allows you to easily find a resource by its name rather than by remembering its physical location. Because you group resources logically.


The core unit of logical structure in Active Directory is the domain, which can store millions of objects.

It is group of network components and it is logical collection of users and computers. It enables to organize object in a single logical object different polices can be apply on this object to set its behave it also provide security bounding and provides centralized management of network so it is domain.

Domain controller is a collection of users and computers where then domain controller provide a common security for each client. Trusting Domain –It contain the resource. Trusted Domain – It contain the user.

OU (Organizational Unit)

An OU is a container used to organize objects within a domain into a logical administrative group. OU is collection of active directory object that contain domain other OU’s users and computer account it is type of container which is used to organize the police can be applied on OU.