What is Active Directory Domain Services (AD DS)?
Active Directory Domain Services (AD DS) is a scalable, secure, and manageable infrastructure for user and resource management. AD DS is a Windows Server role that's installed and hosted on a server known as a domain controller. AD DS uses Lightweight Directory Access Protocol (LDAP) to access, search, and change the directory service. LDAP is a based on the X.500 standard and TCP/IP.
AD DS provides a centralized system for managing users, computers, and other resources on the network. AD DS features a centralized directory, single sign-on access, integrated security, scalability, and a common management interface.
What is a domain controller?
A domain controller hosts the AD DS role
A domain controller is a server that has the AD DS role installed and has been promoted to a domain controller. By default, it's configured to store a copy of the AD DS directory database. All domain controllers, except Read Only Domain Controllers (RODCs), store a read/write copy of the AD DS database.
Replication keeps the domain controllers in sync
Domain controllers use a multi-master replication process; for most operations, data can be changed on any domain controller, except on RODCs. The AD DS replication service then synchronizes the changes that are made to the AD DS database to other domain controllers in the domain.
You should always have at least two domain controllers
As a best practice, an AD DS domain should have at least two domain controllers. This makes the AD DS database more available, and spreads the authentication load during peak sign-in times.
No comments:
Post a Comment