Basic understanding of Active Directory:
Active Directory considered as a central database containing people’s information that will be used to authenticate them.
Let’s explain Active Directory in a simple way of examples before go deep down on explaining what Active Directory is because you probably seen there are Active Directory used by so many companies out there.
First, we should understand about authentication. Authentication is the process of verifying your identity before you are allowed to use a resource. Here’s a realistic example, when you use your passport/identity card to come into a foreign country. They will need to identify your personal’s information before allowed you to enter their country.
People always take granted for everything as taking authentication for granted these days because it happens so frequently and commonly that we don’t even think about it. However, authentication is needs to happen.
I believe you still confusing because there’s have already an authentication in your laptop/computer. So I will differentiate these two types of authentication method which are the Local Authentication and Central Authentication.
Local Authentication
Happens in real life scenario: You have bought a new laptop from a computer store. When you turn on your laptop, it will guide you through the process of entering your personal information such as creating your USERNAME and PASSWORD for first time only. Then these are the created credential you use to log in to your laptop.
Now, you have to buy another new laptop because your laptop is stolen and you never get it back. You do the same way after you bought the new laptop. When you turn on this new laptop, the username and the password you created to use on your previous laptop will not work on your new laptop and you should know it. This is because of LOCAL AUTHENTICATION. Your new laptop has an internal database where it stores usernames and passwords for users of that laptop only, therefore it doesn’t have the username and password of the laptop that was stolen previously.
Central Authentication
So, what if you have a system which stores a list of usernames, passwords and other information of yours, which is also known as a central database. We need a central database instead of every laptop/computer having their own internal database.
Let’s think of this scenario in a opposite way, you are a Head Officer in a company. You have 10,000 computer in your company and you need to use all the computers in your computer with your own Identity and password. So if you were to use local authentication to make this happen, this means every single laptop or computer that requires authentication to use has to have a local internal database containing your identity and password. This having a problem when you are using local authentication method:
- You must always make sure by maintaining all computer’s database synchronized and updated.
- In security concern, it is a security issue to have so many copies of your personal database around in your company.
Active Directory
Many IT administrators in most organizations use Active Directory to store employee information, it’s a method of keeping track of people and computers and providing a method for them to prove their identity in order to access restricted resources. In other realistic example: Employees that want to use company resources must authenticate to Active Directory before going any further.
So what if you have many users and computers in other branches means other physical location, a single Active Directory server might start to get too busy. So you will need more than one Active Directory servers. These Active Directory servers would always send info and get info to make sure they all have to up to date info, the same user and computer lists. This is to help user authentication access quicker: let’s say a user from site A will be directed to the server in site A faster than user authenticate to server in site B.
This is just basic explanation of Active Directory . There are more can be explain if you want to know more on technical theory of Active Directory.