Active Directory (AD) is a database and set of services that connect users with the network resources they
need to get their work
done. The database (or directory) contains critical information about your environment, including what users and computers there
are and who's allowed to do what.
Active Directory stores data as objects. An object is a single element, such as a user, group, application or device such as a printer.
Objects are normally defined as either resources, such as printers or computers, or security principals, such as users or groups.
The main service in Active Directory is Domain Services (AD DS), which stores directory information and handles the interaction of
the user with the domain. AD DS verifies access when a user signs into a device or attempts to connect to a server over a network.
The server that hosts AD DS is the domain controller.
A domain is a group of objects, such as users or devices that share the same AD database. Domains have a domain name system.
A tree is one or more domains grouped together. The tree structure uses a contiguous namespace to gather the collection of
domains in a logical hierarchy.
A forest is a group of multiple trees. A forest consists of shared catalogues, directory schemas, application information and domain
configurations.
Organizational Units (OUs) organize users, groups and devices. Each domain can contain its own OU.
Workgroups are another unit of organization for Windows computers in networks. Workgroups allow these machines to share files,
internet access, printers and other resources over the network.
Group Policy is an easy way to configure computer and user settings on computers that are part of the domain. Group Policy allows
you to centralize the management of computers on your network without having to physically go to and configure each computer
individually.
The global catalog is a feature of Active Directory (AD) that allows a domain controller (DC) to provide information on any object in
the forest, regardless of whether the object is a member of its domain. Domain controllers with the global catalog feature enabled
are referred to as global catalog servers.
