Active directory

Active directory

Active Directory is a centralized and standardized system that automates management of company IT resources. Active Directory manages user data, user accounts, security, applications, servers, and other distributed resources. Active directory also enables interoperation with other directories.

Active Directory is a hierarchical organization that provides a single point of access for system administration. In other words, the Active Directory directory service provides a single-logon capability and a central repository for information for the corporate IT infrastructure. This is very beneficial because it reduces redundancy and errors.

Active Directory directory service provides the means to manage the identities and relationships that make up network environments.

Where is Active Directory being used?

Even though smaller companies can benefit from implementing Active Directory, large corporations with hundreds of servers and thousands of users and computers benefit from Active Directory the most. Active directory is designed especially for distributed networking environments.

Imagine a corporation that is global. A company with offices in the US, Europe, and Asia. Such a company is operating 24 hours a day. When offices in the US close, offices in Asia open. In the old days before directory services was as sophisticated as today, for example data would need to be replicated across multiple servers in multiple geographical zones so that users could share it. These days, users in US, Europe and Asia can access resources across the world with just one user ID and password.

What are the benefits of Active Directory?

It is probably starting to be clear that the biggest advantage of Active Directory is the


Thanks to directory services in general (or Active Directory when talking about Microsoft), setting up users accounts for new employees takes only a minimum of time. User account creation can be automated off of data feeds.

Thanks to directory services, users can log to any computer in the company that they have permissions to. Users can be given permissions to all computers in the whole company with only a few clicks from one central location.


By creating a link between user accounts, mailbox accounts, and applications, Active Directory simplifies the task of adding, modifying, and deleting user accounts.

When an employee for example changes his or her name, a single change in Active Directory can change the user information for all applications and services.

When a user changes his or her password in Active Directory, the change will be propagated immediately to all Active Directory resources. The user does not need to change his or her password manually for all eligible resources and applications. This also means that users do not have to remember different passwords for different applications.


Active Directory supports user groups. Users can e-mail groups of users by simply addressing their emails to a distribution-list-like group object. Administrators can allow security access to resources based on the group name, and users can look-up members of a group by expanding the group information.

These are just a few examples of how Active Directory simplifies many administrative tasks and processes that in the past involved disparate applications, servers, and services.


Active Directory enhances security of the infrastructure because the administration of users, computers, and resources is centralized. The IT administrator can audit or review permissions, logins, accounts, etc. in one application that he or she has readily available. Auditing can be done on user-by-user basis or for whole groups via reports. Because users need only one userid and one password to access resources, the risk arising from the management of too many password databases is also decreased.


Windows Server 2003 and Active Directory have built-in technologies that provide redundancy in the network for parts where it is crucial. Active Directory is being constantly replicated on fail-over servers. Upgrading Active Directory can also happen while the network is up. Active Directory allows so called nonstop networking.

Is Active Directory object oriented?

Yes, modern versions of directory services treat its components as objects. For example, user account is an object with many properties, such as location, name, network ID, and others.

Is Active Directory backward compatible?

Yes, Microsoft designed Active Directory having in mind that directory services implementation in large corporations is usually done in steps. For example one division (branch, domain) is upgraded at a time. While the upgrade process of the whole system is taking place, all participants in the system still need to use Active Directory services. This would not be possible if Active Directory was not both backward compatible and forward compatible.

What is the difference between Active Directory and NDS?

Active Directory is a directory service that is trademarked by Microsoft's and came out with Windows 2000.

Other networking infrastructure available in the market is from company called Novell. Novell Directory Services (NDS) is a directory service similar to the one of Windows but from another company.

Many people often ask which one is better. Active Directory from Microsoft or NDS from Novell? It depends, both have advantages and disadvantages.

What is the history of Active Directory?

In general, directory services became available in some form and shape in Windows NT 4.0. This was however far from what Active Directory is today.

Active Directory is a brand name for directory services that was introduced with the release of Microsoft Windows 2000 Server. Active Directory was later improved very much in Microsoft Windows Server 2003. Microsoft Windows Server 2008 includes many improvements as well.

Directory services in Windows NT versus Active Directory today

What does Active Directory look like today? Well managed IT infrastructures need only a single user ID and password today. Many of us work in environments where we log into our computer in the morning just once and all resources are available to us automatically. Once we log into our computer in the morning when we come to work, we no longer need to enter our username and password for email, database server, intranet, network folders, network printers, and so on.

Once a user logs in to Windows their Active Directory credential is the key that will automatically unlock all of the applications or services that he or she has been enabled for, including 3rd party applications that utilize Windows integrated authentication.

Networks did not always work this way.

Active Directory as we know it today includes many applications and services that previously required a separate directory and userid/password. For example, in Windows NT 4.0, one directory was required for the domain itself, another separate directory for needed for Exchange mailboxes and another one for distribution lists. Additional directory was needed for remote access, databases, and other applications. Using various network resources often required remembering many accounts and passwords.

Active Directory and group policies?

Active Directory goes hand in hand with group policies. You can find more about group policies here: Group policy (Windows).

How do I install Active Directory?

This is a good website that provides step by step screens:


Discuss this article or this topic in our discussion forum:
(The table bellow shows a list of 8 most recent topics posted in our discussion forum. Visit our discussion forum to see more. It is possible the links below are not related to this page, but you can be certain you will find related posts in the discussion forum. You can post one yourself too.)
Email this article to a friend:
2 + 6 - 3 = 
How can I link to this web page?

It is easy, just include the code provided below into your HTML code.

<a href="" title=" Active directory" target="_blank">Active directory</a>