Active Directory 101

Today I want to talk about Active Directory (AD).

AD is probably one of the better products the Microsoft has released into the wild. It is by no means a new invention, all that Microsoft has done is to string different technologies together using silly string and bubblegum.

Now you may ask why you would use AD. In a workplace AD gives you a couple of nice features, like centralised password database and access controls (Authentication and Authorisation) for all your workstations and servers. You also have the option to deploy Group Policies to the Windows computers associated with the AD. Group Policies allows you to push software and configuration changes to these Windows computers.

Now the next question on your lips is probably why use AD when you can just use LDAP (Lightweight Directory Access Protocol). That would be a very good question. In simple terms AD gives you additional features, chief among them is that AD simplifies making LDAP changes. AD is also natively supported on Windows, but I think the real winner feature of AD above LDAP is the fact that AD provides you with a Highly Available system out of the box when you deploy 2 or more AD Domain Controllers.

At its core is a LDAP directory used to store all the data. This data includes usernames, passwords, groups and memberships, DNS entries and much much more.

No AD blog entry will be complete if I didn’t mention the kind chaps at Samba. What they have gone is to reverse engineer the entire Microsoft SMB protocol and build a SMB server called Samba.

After a few long years in development they released Samba4 in December 2012. Some of the advancements made is full AD support. This means that you are finally able to deploy an open source alternative to Microsoft AD.

In my next few articles I will go through a step-by-step tour on setting up your own AD Domain Controller.