Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

Active Directory

Active Directory is the user information directory in Windows. It consists of a database of user accounts (and various other information, such as DNS server and its configuration). The accounts are offered to computers in a domain via Lightweight Directory Access Protocol (LDAP). Active Directory also includes a Kerberos KDC, which creates Kerberos tickets for hosts in a domain for authenticating computers, users, and other entities. Furthermore, active directory contains synchronization mechanism that allow multiple servers to contain essentially the same information.

Users belong to an Active Directory Domain. The domain is often written before the user account name, separated by a slash. For example, in SSH\ylo, SSH is the domain name.

In a large organization, there are multiple domains. Domains are usually organized in a tree, and one domain may be configured to trust user accounts from another domain. Some organizations have dozens, or even a hundred domains.

The very largest organizations may contain multiple Active Directory trees, or forests.