Active Directory in Google Cloud Platform
AD DS is a hierarchical structure that stores information about objects on the network. In this directory service, you are provided with the methods for storing directory data and making this data available to network users as well as administrators.
Active Directory, popularly called AD, is a directory service that Microsoft developed for the Windows domain networks. It was included in most of the Windows Server operating systems as a set of processes and services.
It was only in charge of centralized domain management. Starting with Windows Server 2008, AD became an umbrella title for a broad range of directory-based identity-related services.
AD is also called a domain controller. It authenticates and authorizes for all users and computers in a Windows domain type network - assigning and enforcing security policies for all computers and installing or updating software.
Microsoft previewed Active Directory in 1999, released first with Windows 2000 Server edition and revised it to extend functionality as well as improve administration in Windows Server 2003. Also, additional improvements came with subsequent versions of Windows Server. In Window Server 2008, additional services were added to Active Directory, such as Active Directory Federation Services.
Why Active Directory?
Active Directory helps to organize company’s users, computer and more. IT admin uses AD to organize company’s complete hierarchy from which computers are part of which network, to what your profile picture looks like or which users have access to the storage room.
Active Directory is quite popular and 95% of the Fortune 1000 uses it. It’s likely your company uses it as well.
The domain is controlled by the global catalog, which keeps track of all of the devices that are registered on the network. This global catalog stores the IP addresses, computer names, and users, so that the global administrator can oversee everything that happens on the domain.
Windows Server support list in AD DS
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Advanced Features of Active Directory Domain Services
Easily programmable - Active Directory server can be programmatically accessed and administered using the Active Directory Service Interfaces API, Lightweight Directory Access Protocol API, or the System.Directory Services namespace.
Directory-enabled system services - Client application can be easily deployed to distributed desktops by creating a Windows Installer package and using the application deployment feature available in the Windows operating systems.
Key application integration - Key distributed application such as Exchange, are integrated with Active Directory Domain Services. Companies can reduce this number of directory services to be managed.
Active Directory Services
(1) Domain Services
AD DS is the cornerstone of every Windows domain network. It stores the information about members of the domain, including devices and users, verifies their credentials as well as defines their access rights. The server running this service is called a domain controller.
(2) Lightweight Directory Services
Active Directory LDS, formerly known as Active Directory Application Mode (ADAM), is a light-weight implementation of AD DS. It runs as a service on Windows Server. It shares the code base with AD DS and provides the same functionality, including an identical API, but does not require the creation of domains or domain controllers.
(3) Certificate Services
Active Directory CS (AD CS) establishes an on-premises public key infrastructure. It can validate, create and revoke public key certificates for internal uses of an organization. These certificates can be used to encrypt file (when used with Encrypting File System), emails (per S/MIME standard), and network traffic (when used by virtual private networks, Transport Layer Security protocol or IPSec protocol).
(4) Federation Services
Active Directory Federation Services (AD FS) is single sign-on service. With an AD FS infrastructure in place, users may use several web-based services or network resources using only one set of credentials stored at a central location, as opposed to having to be granted a dedicated set of credential for each service.
(5) Rights Management Services
Active Directory Rights Management Services (AD RMS, known as Rights Management Services) is a server software for information rights management shipped with Windows Server. It uses encryption and form of selective functionality denial for limiting access to documents such as corporate emails, Microsoft Word documents, web pages, and the operations authorized users can perform on them.
Microsoft Active Directory Management Tools
Active Directory Users and Computers,
Active Directory Domains and Trusts,
Active Directory Sites and Services,
Local Users and Groups,
Active Directory Schema snap-ins for Microsoft Management Console.