According to the “Glossary for SharePoint 2010” published by Microsoft Office Dev Center an Active Directory is:

“A general-purpose network directory service. Active Directory also refers to the Windows implementation of a directory service. Active Directory stores information about a variety of objects in the network. Importantly, user accounts, computer accounts, groups, and all related credential information used by the Windows implementation of Kerberos are stored in Active Directory. Active Directory first became available as part of Windows 2000 and is available as part of Windows 2000 Server products, Windows Server 2003 products, and Windows Server 2008 products. Active Directory is not present in Windows NT 4.0 or in Windows XP. For more information, see [MS-SECO] section 2.5.2 and [MS-ADTS].”

I am still confused

In simpler terms an Active Directory is a directory, basically where information is stored. Usually you will find users account information, credentials, groups, printers and other peripherals, etc. The largest part of the Active Directory is a Domain and the smallest an Object. An object is any user, system, resource or service within AD; so an object can be a user, printer, workstation, etc. Active Directory can track these objects, even if they have the same or similar attributes (for more information, see Microsoft’s TechNet article on Active Directory). Objects are then grouped into Organizational Units (OU). Certain users can be given permission to administer Organizational Units. Here is a great example of how this works:

(Image from: California Institute of Technology, Information Management Systems & Services [http://www.imss.caltech.edu/node/412]) 

This is what an Active Directory looks like:

(Image from: Microsoft Dev Center [http://msdn.microsoft.com/en-us/library/windows/desktop/aa746492(v=vs.85).aspx])

Why is this important to know?

Many companies have web parts and add-ons that sync and in some way allow you to modify and take info from the Active Directory and send info back to the Active Directory. Other add-ons and web parts help you to assign permissions, change passwords and manage information from the Active Directory. Here are some web parts and add-on’s that will help you with your Active Directory management:

What is Active Directory?

Active Directory (AD), introduced in 1999 as part of Windows Server 2000, is a directory service based on Lightweight Directory Access Protocol (LDAP). AD is responsible for authenticating and authorizing all users and computers in a windows domain network.

• People
  • Names
  • Numbers
  • Address
• Services
  • Category
  • Names
  • Numbers
  • Address
  • Advertisement

The Types of Active Directories

There are technically 7 different types of Active Directory. Each of them are deployed in different way, places and for different purposes.

Identity is Your Control Plane

What is Local Active Directory (AD)

Purpose

• Centralized administration for servers, workstations, users, and applications
• Services (e.g. Exchange) can leverage for email services configuration

Deployment

• Windows Server OS
• Active Directory Domain Controllers

Limitations

• Requires direct network connection
• Reliance on customer managed networking: DNS, VPN, and Servers (Physical and Virtual)

What is Azure Active Directory (AAD)

Purpose

• Centralized administration for cloud services
• Services (e.g. Exchange) can leverage for email services configuration
• Hybrid scenarios supported via Azure AD Connect connecting to local Active Directory
  • Use your corporate credentials/passwords

Deployment

• Cloud Service

Limitations

• Lack of IT protection without AAD P1 and P2 licensing
• Device bases security requires EM+S licensing for Intune

What is Azure AD Connect Cloud Provisioning?

(Two versions, enterprise and standard, $60 vs $300, difference is number of objects)

(Make table from slide)

What is Azure Active Directory Domain Services (AADDS)

Purpose

• Local Active Directory (Fully compatible with Windows Server Active Directory)
• Lift and Shift scenarios for Windows servers
  • Use your corporate credentials/passwords
  • NTLM and Kerberos authentication
• Co-mingle local Active Directory users and Azure Active Directory users

Deployment

• Cloud Service (Two domain controllers are available by IP only)
• Highly available domain
• Auto-remediation
• Automatic backups

Limitations

• Organizational Units are flat and not brought over from local AD/AAD
• Not recommended for workstations
• Administrators are NOT Domain Admins (it’s also a good thing)

Synced Tenants

What is Azure AD Application Proxy

Purpose

• Publish on-premises web apps externally in a simplified way without a DMZ
• Support single sign-on (SSO) across devices, resources, and apps in the cloud and on-premises
• Support multi-factor authentication for apps in the cloud and on-premises

Deployment

• Requires Azure AD basic or premium (P1 or P2) subscription
• Support Authentication: Integrated Windows Authentication (IWA), Header-based, forms, password-based SAML

Limitations

• Connector must be installed on Windows Server 2102 R2 or higher, Windows 8.1 or higher
• The on-premises firewall must be enabled for outbound traffic from the connector

Up Next? Getting Rid of Your Local Active Directory

As more and more organizations move more and more of their operations to the cloud, Local Active Directories are becoming redundant, and sometimes challenging pieces of infrastructure.  Last year, Agile IT took the leap, and removed our own Local Active Directory, and since then, have helped dozens of companies do the same. Conrad will be discussing the dangers, challenges and benefits to removing your own local active directory in an upcoming Tech Talk.