Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Active Directory
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Active Directory Services== Active Directory Services consist of multiple directory services. The best known is Active Directory Domain Services, commonly [[abbreviation|abbreviated]] as AD DS or simply AD. ===Domain Services=== Active Directory Domain Services (AD DS) is the foundation of every [[Windows domain]] network. It stores information about domain members, including devices and users, [[Authentication|verifies their credentials]], and [[Authorization|defines their access rights]]. The server running this service is called a [[domain controller]]. A domain controller is contacted when a user logs into a device, accesses another device across the network, or runs a line-of-business [[Metro-style app]] [[Sideloading|sideloaded]] into a machine. Other Active Directory services (excluding [[#ADAM|LDS]], as described below) and most Microsoft server technologies rely on or use Domain Services; examples include [[Group Policy]], [[Encrypting File System]], [[BitLocker]], [[Domain Name Services]], [[Remote Desktop Services]], [[Exchange Server]], and [[SharePoint Server]]. The self-managed Active Directory DS must be distinct from managed [[Microsoft Azure Active Directory|Azure AD DS]], a cloud product.<ref>{{Cite web |title=Compare Active Directory-based services in Azure |url=https://docs.microsoft.com/en-us/azure/active-directory-domain-services/compare-identity-solutions |website=docs.microsoft.com|date=3 April 2023 }}</ref> ==={{anchor|ADAM}} Lightweight Directory Services=== Active Directory Lightweight Directory Services (AD LDS), previously called ''Active Directory Application Mode'' (ADAM),<ref name="Active Directory Lightweight Directory Services">{{cite web |title=AD LDS |url=http://msdn.microsoft.com/en-us/library/aa705886(VS.85).aspx |access-date=28 April 2009 |publisher=Microsoft}}</ref> implements the [[LDAP]] protocol for AD DS.<ref name="Active Directory Lightweight Directory Services versus AD DS">{{cite web |title=AD LDS versus AD DS | date=2 July 2012 |url=https://technet.microsoft.com/en-us/library/cc755080(v=ws.10).aspx |access-date=25 February 2013 |publisher=Microsoft}}</ref> It runs as a [[Windows service|service]] on [[Windows Server]] and offers the same functionality as AD DS, including an equal [[API]]. However, AD LDS does not require the creation of domains or domain controllers. It provides a Data Store for storing directory data and a [[Directory (database)|''Directory Service'']] with an LDAP Directory Service Interface. Unlike AD DS, multiple AD LDS instances can operate on the same server. ===Certificate Services=== Active Directory Certificate Services (AD CS) establishes an [[On-premises software|on-premises]] [[public key infrastructure]]. It can create, validate, revoke and perform other similar actions, [[public key certificate]]s for internal uses of an organization. These certificates can be used to encrypt files (when used with [[Encrypting File System]]), emails (per [[S/MIME]] standard), and network traffic (when used by [[virtual private network]]s, [[Transport Layer Security]] protocol or [[IPSec]] protocol). AD CS predates Windows Server 2008, but its name was simply Certificate Services.<ref>{{cite book|last1=Zacker|first1=Craig|editor1-last=Harding|editor1-first=Kathy|editor2-last=Jean|editor2-first=Trenary|editor3-last=Linda|editor3-first=Zacker|title=Planning and Maintaining a Microsoft Windows server 2003 Network Infrastructure|date=2003|publisher=Microsoft Press|location=Redmond, WA|isbn=0-7356-1893-3|pages=[https://archive.org/details/mcsaselfpacedtra00micr/page/11 11β16<!--This is a single page's number!-->]|chapter=11: Creating and Managing Digital Certificates|chapter-url-access=registration|chapter-url=https://archive.org/details/mcsaselfpacedtra00micr/page/11}}</ref> AD CS requires an AD DS infrastructure.<ref>{{cite web|title=Active Directory Certificate Services Overview|url=https://technet.microsoft.com/en-us/library/cc731564%28v=ws.10%29.aspx|website=[[Microsoft TechNet]]|publisher=[[Microsoft]]|access-date=24 November 2015}}</ref> ===Federation Services=== {{Main|Active Directory Federation Services}} Active Directory Federation Services (AD FS) is a [[single sign-on]] service. With an AD FS infrastructure in place, users may use several web-based services (e.g. [[internet forum]], [[blog]], [[online shopping]], [[webmail]]) or network resources using only one set of credentials stored at a central location, as opposed to having to be granted a dedicated set of credentials for each service. AD FS uses many popular open standards to pass token credentials such as [[SAML]], [[OAuth]] or [[OpenID Connect]].<ref>{{cite web|title=Overview of authentication in Power Apps portals|url=https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-portal-authentication|website=[[Microsoft Docs]]|publisher=[[Microsoft]]|access-date=30 January 2022}}</ref> AD FS supports encryption and signing of [[SAML]] assertions.<ref>{{cite web|title=How to Replace the SSL, Service Communications, Token-Signing, and Token-Decrypting Certificates|url=https://social.technet.microsoft.com/wiki/contents/articles/2554.ad-fs-how-to-replace-the-ssl-service-communications-token-signing-and-token-decrypting-certificates.aspx|website=[[Microsoft TechNet|TechNet]]|publisher=[[Microsoft]]|access-date=30 January 2022}}</ref> AD FS's purpose is an extension of that of AD DS: The latter enables users to authenticate with and use the devices that are part of the same network, using one set of credentials. The former enables them to use the same set of credentials in a different network. As the name suggests, AD FS works based on the concept of [[federated identity]]. AD FS requires an AD DS infrastructure, although its federation partner may not.<ref>{{cite web|title=Step 1: Preinstallation Tasks|url=https://technet.microsoft.com/en-us/library/cc771806%28v=ws.10%29.aspx|website=[[Microsoft TechNet|TechNet]]|publisher=[[Microsoft]]|access-date=21 October 2021}}</ref> ===Rights Management Services=== {{Main|Active Directory Rights Management Services}} '''Active Directory Rights Management Services''' ('''AD RMS'''), previously known as Rights Management Services or RMS before [[Windows Server 2008]], is server software that allows for [[information rights management]], included with [[Windows Server]]. It uses encryption and selective denial to restrict access to various documents, such as corporate [[e-mail]]s, [[Microsoft Word]] documents, and [[web page]]s. It also limits the operations authorized users can perform on them, such as viewing, editing, copying, saving, or printing. IT administrators can create pre-set templates for end users for convenience, but end users can still define who can access the content and what actions they can take.<ref>{{cite web |title=Test Lab Guide: Deploying an AD RMS Cluster |url=https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj134037(v=ws.11) |access-date=30 January 2022 |website=[[Microsoft Docs]] | date=31 August 2016 |publisher=[[Microsoft]]}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)