The role of a directory service is to store information about a computer network and offers features for retrieving and managing that information. Whether an organization consists of a single facility or has multiple locations, a directory service provides a centralized management tool for users and resources in all location.
Windows Active Directory is a directory service based on standards for defining, storing, and accessing directory service objects. Its hierarchical database enables administrators to organize users and network resources to reflect the organization of the environment in which it used:
- Hierarchical organization
- Centralized/distributed database
- Policy-base administration
Working with user accounts is one of the most important Active Directory administrative tasks. User accounts are the main link between real people and network resources, and are referred to as “domain user accounts.” User accounts have two main functions in Active Directory:
- Provide a method for user authentication to the network
- Provide detailed information about a user
The overview of the Active Directory Structure contains a physical and logical structure. The physical structure consists of sites and servers configuration as a domain control. An Active Directory site as nothing more than a physical location in which domain controllers communicate and replicate information regularly. Whereas, the logical structure of Active Directory makes it possible to the pattern the directory service’s looks and feel after the organization in which it runs. The Organizing components of Active Directory are composed of domains, forests, trees, and organization units.
A Group Policy Object (GPO) is a list of settings administrators use to configure user and Computer operating environments remotely. Group policies can specify security settings, deploy software, and configure a user’s desktop, among many other computer and network settings. They can be configured to affect an entire domain, a site, and, most commonly, users or computers in an OU. The GPO scope defines which objects a GPO affects. When Active Directory is installed, two GPOs are created and linked to two containers a default domain policy and default domain controllers policy.
These default policies don’t define any user-specific policies, they are designed to provide default security settings for all computers in the domain. You can view, create, and manage GPOs by using the Group Policy Management console (GPMC). Each GPO has two main nodes a computer and user configuration.