Your browser does not allow storing cookies. We recommend enabling them.

Active Directory

Active Directory is the user information directory in Windows. It consists of a database of user accounts (and various other information, such as DNS server and its configuration). The accounts are offered to computers in a domain via Lightweight Directory Access Protocol (LDAP). Active Directory also includes a Kerberos KDC, which creates Kerberos tickets for hosts in a domain for authenticating computers, users, and other entities. Furthermore, active directory contains synchronization mechanism that allow multiple servers to contain essentially the same information.

Users belong to an Active Directory Domain. The domain is often written before the user account name, separated by a slash. For example, in SSH\ylo, SSH is the domain name.

In a large organization, there are multiple domains. Domains are usually organized in a tree, and one domain may be configured to trust user accounts from another domain. Some organizations have dozens, or even a hundred domains.

The very largest organizations may contain multiple Active Directory trees, or forests.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now