Prior to Windows 2008, when people said “Active Directory” they meant the directory service provided for free with Windows Server 2000/2003. Windows Windows 2008, however, Microsoft has expanded on the concept of Active Directory so that it now has more than one meaning.
In this post, I thought I’d give a brief description of each of the core products that make up the Active Directory family. Seeing this list, you’ll understand that it’s no longer technically accurate to talk about ‘Active Directory’ (though those of us who have worked with AD since the beginning certainly continue to speak of it in these terms). Instead, using the new terminology below is the more appropriate way to refer to the various members of the Active Directory suite of products.
- Active Directory Domain Services (AD DS) – this is the classic version of Active Directory that is responsible for managing authentication (proving who you are), and authorization (deciding how much you can do) within your Microsoft domain. It stores user and computer objects (among many other types of objects) and manages communication, directory lookups, and security for the people and resources accessing your infrastructure
- Active Directory Lightweight Directory Services (AD LDS) – Previously known as ‘ADAM’, AD LDS is a lightweight version of Active Directory used in conjunction with directory-enabled applications. While it is not intended to handle authentication/authorization, it does serve as a place to store objects and directory data necessary to the functioning of these directory-enabled applications.
- Active Directory Certificate Services (AD CS) – This product was once known as Microsoft Public Key Infrastructure (PKI), and is designed to allow you to set up your own internal certificate authority, allowing you to issue and manage digital certificates for the objects within your infrastructure.
- Active Directory Rights Management Services (AD RMS) – While Windows Server has a native way to protect documents from being accessed by unauthorized persons, AD RMS takes it a step further by managing permissions over those documents. AD RMS allows you to define who has the rights to do many things with the documents in your environment, setting permissions for who can open, read, edit, etc. the documents being managed by AD RMS.
- Active Directory Federation Services (AD FS) – This service allows users from other domains to log into web-based applications even though those users are not from your own infrastructure, providing a Single-Sign On (SSO) experience for users accessing your web-based applications from other environment (both Windows and non-Windows).
Even though Active Directory has expanded and now includes 5 products rather than the single ‘Active Directory’ that debuted in Windows 2000, the central theme of AD is still identity management. Each of the products listed above has some functionality related to this area, so it made sense to consolidate each of these products under the heading “Active Directory”.
Knowing a bit about these different products that make up the Active Directory family is important as you work with Windows 2008. And now that you know them, you’ll be in a good position to respond to someone who talks about ‘Active Directory’ with the question “Which part of the Active Directory suite are you talking about?”
