Understanding the basics of Active Directory (AD)

One question that often comes up when looking at SharePoint is: what is an Active Directory?


According to the “Glossary for SharePoint 2010” published by Microsoft Office Dev Center an Active Directory is:

“A general-purpose network directory service. Active Directory also refers to the Windows implementation of a directory service. Active Directory stores information about a variety of objects in the network. Importantly, user accounts, computer accounts, groups, and all related credential information used by the Windows implementation of Kerberos are stored in Active Directory. Active Directory first became available as part of Windows 2000 and is available as part of Windows 2000 Server products, Windows Server 2003 products, and Windows Server 2008 products. Active Directory is not present in Windows NT 4.0 or in Windows XP. For more information, see [MS-SECO] section 2.5.2 and [MS-ADTS].”


I am still confused

In simpler terms an Active Directory is a directory, basically where information is stored. Usually you will find users account information, credentials, groups, printers and other peripherals, etc. The largest part of the Active Directory is a Domain and the smallest an Object. An object is any user, system, resource or service within AD; so an object can be a user, printer, workstation, etc. Active Directory can track these objects, even if they have the same or similar attributes (for more information, see Microsoft’s TechNet article on Active Directory). Objects are then grouped into Organizational Units (OU). Certain users can be given permission to administer Organizational Units. Here is a great example of how this works:

(Image from: California Institute of Technology, Information Management Systems & Services [http://www.imss.caltech.edu/node/412])

This is what an Active Directory looks like:

active directory
(Image from: Microsoft Dev Center [http://msdn.microsoft.com/en-us/library/windows/desktop/aa746492(v=vs.85).aspx])

Why is this important to know?

Many companies have web parts and add-ons that sync and in some way allow you to modify and take info from the Active Directory and send info back to the Active Directory. Other add-ons and web parts help you to assign permissions, change passwords and manage information from the Active Directory. Here are some web parts and add-on’s that will help you with your Active Directory management:



AD Administration
AD Information Sync
AD Self Service
Password Change & Reset Pack
Password Change & Expiration
Password Reset
AD Management Pack
Site User Directory



User Account Setup Web Part
Password Change Web Part
Password Reset Web Part
User Directory Web Part
User Profile Sync
Password Management Toolkit


Virto Software

Create & Clone AD User Web Part
Active Directory User Service
Password Change Web Part
Password Reset and Recovery Web Part
Password Expiration Web Part



Password Management Bundle
Password Change Web Part
Password Expiration Web Part
Password Reset Web Part



Active Directory Self Service
Password Change for Microsoft SharePoint


Please email me if you have any comments or questions: sadiq@boostsolutions.com.