Active Directory (AD) is a core component of the Windows Server operating system. It is a directory service for managing and organizing resources in a Windows network environment.

With AD you have an overview of all your domains on the Windows server,  and from there you can manage users, groups, and computers of your domain.

For example, if a user in the office needs to reset a password you as administrator would use AD to do so, if you need to perform an unattended update or system configuration you would use AD to manage groups and users who need to be affected.

It is used mostly in enterprise environments to manage and secure network resources.


We will not provide a full tutorial on how to set up the whole environment since it would be too long. Our purpose here is to provide a short overview of AD.

Let us try some use cases of AD to show what it looks like. We have set VM Windows Server 2019 to serve our domain, and for the client, we are using VM Windows Enterprise Edition. You can see that this client is a member of the "homelab.local" domain.

To run Active Directory on your server machine, type it in the Start search bar and select Active Directory Users and Groups.

Here we have selected our "homelab.local" domain and entered in Users, where we have selected our user Luka Beslic from the client pc. Here as you can see we can manage a lot of properties of users like password reset or group membership, how and when users can connect, and what privileges one user has.

The user may have issues with logging in because he has forgotten his password so we as an administrator can simply open the Password reset form and solve his issue. Here we can request the user to set a new password on login or to keep the password, among other options.

If we change the password here user will need to use the new password at the next login and set a new password.


 

It is a convenient way to set users to groups and streamline access rights and authentication of any user in your network. Following many other options you can find in user Properties.

For instance, our user Luka is a member of the Sales group and that means instead of creating rules for Luka and every other person working in sales we can simply create a Sales group with all proper privileges and add users to that group, this unifies updates in just one hub. The same is if Luka is transferring to another department, we just would change his privileges by changing groups thus reducing work size and the possibility of creating some errors.