Directory service

• A directory service is a customizable information store that functions as a single point from which users can locate resources and services distributed throughout the networK
• A network service that identifies all resources on a network and makes them accessible to users and applications
• Directory Services provide centralized management for accounts used on network
• Accounts can be users and computers
• The directory is a database of all logical components that construct the network and being based on a logical construct, can be managed through remote configuration of attributes associated with those account objects
• Example: Microsoft Active Directory (an industry standard used widely in business and government)

Directory services are software systems that store, organize and provide access to directory information in order to unify network resources.

Active directory

• Active Directory (AD) is Microsoft’s proprietary directory service (included in Windows Server) developed by Microsoft for Windows domain networks
• Active Directory is designed for administrators to manage permissions and access to network resources
• Active Directory is Microsoft’s answer to directory services and it does a lot more than just locating resources
• Active Directory is a Microsoft technology used to manage computers and other devices on a network. It is a primary feature of Windows Server, an operating system that runs both local and Internet-based servers
• Active Directory stores information about objects on the network and makes this information easy for administrators and users to find and use

Courtesy: u-tools.com/WhatIsAd
Active Directory is a database that keeps track of all the user accounts and passwords in your organization. It allows you to store your user accounts and passwords in one protected location, improving your organization’s security.

Courtesy: www.intermedia.net/What is Active Directory
Think of Active Directory as the “contacts” app on your mobile device. The “contacts” app itself would be your Active Directory. Your individual contacts would be the “objects”, and the address, email and phone information for each contact would be the “values” in your Active Directory. The “objects” aren’t just limited to people and users. It can also contain “group objects”such as computers, printers and so forth.

Terminologies

• Object:
  • Active Directory stores data as objects. An object is a single element, such as a user, group, application or device, e.g., a printer.
  • Objects are normally defined as:
    • Resources: printers or computers
    • Security principals: users or groups.
• Active Directory Domain Services (AD DS)
  • Main component of AD
  • Stores directory information and handles the interaction of objects with the domain
  • Verifies access when a user signs into a device or attempts to connect to a server over a network
  • Controls which users have access to each resource
  • Enforces group policies
• Domain: A domain consists of everything that belongs to a corporate network
• Domain controller:
  • The server that hosts Active Directory Domain Services
  • A computer in the enterprise network with Windows Server OS

Services

Services provided by AD:

• Active Directory Domain Services: access management, group policies etc.
• Active Directory Federation Services: SSO
• Lightweight Directory Services: LDAP
• Certificate Services: generates, manages and shares certificates
• Rights Management Services: controls information rights and management
• Etc.

Overview diagram

Azure active directory

• A directory
• An identity and management solution
• An authentication and authorization solution
• Built into Azure

Azure Active Directory is an identity and management solution, so it provides the ability to assign identities, user objects and manage those identities as part of this directory listing using native Azure tools, they’re management tools. It’s an authentication solution, so it provides the ability to authenticate access to resources such as applications, for example. You can deploy applications and then manage who is allowed to authenticate to those applications. Who is allowed to access the authentication using the Active Directory authentication mechanisms?

If you have Office365 or Microsoft 365, you already have Active Directory

Azure AD Resources

• https://docs.microsoft.com/en-us/azure/active-directory/
• https://docs.microsoft.com/en-us/azure/active-directory/develop/
• https://docs.microsoft.com/en-us/learn/paths/manage-identity-and-access/