Introduction to Microsoft ad super Foundation

Microsoft Active Directory（AD） It can be said to be the most famous local directory service or identity source in the world （IdP）. It was developed in 20 century 90 In the late S and 21 The beginning of the century witnessed the modernization of identity management . But no matter IT How the environment develops , Administrators and enterprises are right AD Always have a lot of questions , Even misunderstandings , Even in the AD It has not been completely eliminated after wide application .

This issue is about Microsoft AD The basics of the Q & a series , The article will try to use the simplest and intuitive explanation to answer about AD All kinds of problems , This issue mainly includes Microsoft AD Basic concepts of 、 Protocol used 、 Target customers, etc .

1. What is? Active Directory？

AD Is a directory service or identity provider （IdP）, On 1999 First launched in AD, and Windows 2000 Server Release with version .AD It is mainly to help administrators connect users to Windows Of IT resources , At the same time, management and protection are based on Windows Business systems and Applications .AD Responsible for storing relevant network objects （ Such as user 、 Group 、 System 、 The Internet 、 application 、 Digital assets, etc ） And their interrelationships .

Administrators can use AD Create users and authorize them to access Windows terminal 、 Servers and Applications . in addition ,AD It can also be used to control system groups 、 Enforce security settings and software updates . Access and control are implemented based on the concept of domain . So called domain , In fact, it is a concept of inclusion and exclusion , Traditionally, it is used to distinguish physical locations . There used to be a lot of IT Resources are hosted locally , Become a domain （ Intranet ） Part of . Intranet users can access the local resources they need . Users outside the intranet need VPN , Pretend that the user is on the intranet , To access . When IT When resources and personnel are in the same physical environment , This access control method can achieve good results . by comparison ,AD Identity and access management （IAM） And further expand the scope of application , It usually also involves single sign on （SSO） Or mobile device management （MDM） And other auxiliary solutions .

2. Active Directory Which protocol to use ？

Active Directory Mainly used DNS/DHCP Network protocol and Lightweight Directory Access Protocol （LDAP）, And Microsoft proprietary for authentication Kerberos edition . Many people ask why AD There are so few native supported protocols , No, SAML and RADIUS These commonly used protocols . Although I don't know what Microsoft thinks , But multi protocol is indeed the future direction of identity and access management . And let AD Support SAML、RADIUS Such agreement , You can use Microsoft add-on solutions or third-party solutions .

3. Why? Active Directory It is called active directory ？

For now AD The most appropriate explanation for the origin of the name is AD It will actively update the information stored in the directory . for example , When an administrator adds or removes users from the organization ,Active Directory The user's changes will be automatically copied to all directory servers . This change happens regularly , In order to synchronize the latest information . In today's IT In the system ,AD This initiative to update information has become commonplace . however , Before directory services were computerized , The concept of automatic directory update is still of some innovative significance . After all AD There is no Wikipedia in the era of launch , People still rely on encyclopedias to check things .

4. Which enterprises are using Active Directory？

Generally speaking , The enterprise deployed AD after , Employees use it every day without knowing it AD The function of , Including the login of the working machine 、 Access to applications 、 Printer and file sharing . but AD The main users of are actually administrators , They need to be practical 、 Management and configuration AD. Specifically, it may include IT department 、IT The security department 、 Development, operation and maintenance and IT The engineering team .

Almost all enterprises and organizations in the world will use AD Directory services including , In addition to improving productivity , It can also control the impact on enterprises IT Access to resources . Access control is a major focus of modern enterprise operations .

5. Why? Active Directory Very important ？

As early as 21 At the beginning of the century ,Active Directory It has been one of the gears driving the business world . Almost all enterprises, large and small, have deployed AD. Such a basic tool runs in the background in obscurity , So that you use it every day AD Of users are not even aware of its existence , I don't know it's a secure access terminal 、 application 、 The great hero of the network and documents . In short , The main responsibility of directory service is to connect users to the corresponding IT resources , and AD Connect users to Windows Resources have been served for nearly 20 year .