5.1 Overview

Active Directory is a directory service (DS) that defines the data structure and services that provide the means to store, manage, and retrieve the identities and relationships of users, groups, and computers in a Windows network. Active Directory stores this information in a domain, which is a collection of computers and their associated security groups that is managed as a single entity.

Active Directory stores security information, such as passwords and privileges for domain users and groups. This information is replicated across the domain by servers running Active Directory called domain controllers (DCs). Details about the components necessary for creating a DC and how the components are invoked by clients of the domain services are described in the Active Directory Protocols Overview [MS-ADOD].

Active Directory operates in two distinct modes: Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS), both of which are described in [MS-ADOD].