Why do we use Active Directory?

Answer 1

We use Active directory to maintain resources (printer, users, computers) centrally.

please find feature of AD for more clarity.

Security-Having only one domain means better security through a single security policy and a single set of administrators. If you have multiple domains and forests, each has its own administrator. One weak but trusted domain exposes all the other forests and domains. With only a single domain, it's also far easier to enforce an organization-wide security policy

Single platform - a single directory service or Global Catalog (GC) means a single platform for all other directory-ware services, including monitoring and messaging.

Faster deployment-starts in an organization with just a single domain and shared account database solutions need only be deployed once, which means company-wide deployments are much faster than if the organization has multiple and separate domains.

Single management infrastructure-Having a single management infrastructure means there is just one infrastructure for all other directory services tasks, such as software deployment, inventory, and object managment sharing and delegation (such as for user accounts).

Single Group Policy container (GPC)-With a single GPC, management polices need to be defined only once, and can be used throughout the entire enterprise without the need to manually export and import Group Policy Objects (GPOs).

.

Backup and recovery-Having only a single domain means better resiliency because every location has a full domain backup.

Less hardware-In an organization with multiple domains, every location needs two domain controllers (DCs). With a single domain, each location needs only a single DC because if the local DC fails, the locations can use hub DCs. Reduced hardware also means fewer licenses, less management software, and less overhead for server management. There's also no need to back up remote DCs because the remote DCs just hold the same information as the central DCs-assuming the DCs only perform directory services

Answer 2

http://en.wikipedia.org/wiki/Active_Directory

Security-Having only one domain means better security through a single security policy and a single set of administrators. If you have multiple domains and forests, each has its own administrator. One weak but trusted domain exposes all the other forests and domains. With only a single domain, it's also far easier to enforce an organization-wide security policy

Single platform - a single directory service or Global Catalog (GC) means a single platform for all other directory-ware services, including monitoring and messaging.

Faster deployment-starts in an organization with just a single domain and shared account database solutions need only be deployed once, which means company-wide deployments are much faster than if the organization has multiple and separate domains.

Single management infrastructure-Having a single management infrastructure means there is just one infrastructure for all other directory services tasks, such as software deployment, inventory, and object managment sharing and delegation (such as for user accounts).

Single Group Policy container (GPC)-With a single GPC, management polices need to be defined only once, and can be used throughout the entire enterprise without the need to manually export and import Group Policy Objects (GPOs).

.

Backup and recovery-Having only a single domain means better resiliency because every location has a full domain backup.

Less hardware-In an organization with multiple domains, every location needs two domain controllers (DCs). With a single domain, each location needs only a single DC because if the local DC fails, the locations can use hub DCs. Reduced hardware also means fewer licenses, less management software, and less overhead for server management. There's also no need to back up remote DCs because the remote DCs just hold the same information as the central DCs-assuming the DCs only perform directory services.

TO use AD in the system proper infrastructure should be there

An active directory is a directory structure used on Microsoft Windows based computers and servers to store information and data about networks and domains. It is primarily used for online information and was originally created in 1996. It was first used with Windows 2000.

An active directory (sometimes referred to as an AD) does a variety of functions including the ability to provide information on objects, helps organize these objects for easy retrieval and access, allows access by end users and administrators and allows the administrator to set security up for the directory.

An active directory can be defined as a hierarchical structure and this structure is usually broken up into three main categories, the resources which might include hardware such as printers, services for end users such as web email servers and objects which are the main functions of the domain and network.

Understanding Active DirectoriesIt is interesting to note the framework for the objects. Remember that an object can be a piece of hardware such as a printer, end user or security settings set by the administrator. These objects can hold other objects within their file structure. All objects have an ID, usually an object name (folder name). In addition to these objects being able to hold other objects, every object has its own attributes which allows it to be characterized by the information it contains. Most IT professionals call these settings or characterizations schemas.

The type of schema created for a folder will ultimately determine how these objects are used. For instance, some objects with certain schemas cannot be deleted, they can only be deactivated. Others types of schemas with certain attributes can be deleted entirely. For instance, a user object can be deleted, but the administrator object cannot be deleted.

When understanding active directories, it is important to know the framework that objects can be viewed at. In fact, an active directory can be viewed at either one of three levels, these levels are called forests, trees or domains. The highest structure is called the forest because you can see all objects included within the active directory.

Within the Forest structure are trees, these structures usually hold one or more domains. Going further down the structure of an active directory are single domains. To put the forest, trees and domains into perspective, consider the following example.

A large organization has many dozens of users and processes. The forest might be the entire network of end users and specific computers at a set location. Within this forest directory are now trees that hold information on specific objects such as domain controllers, program data and system, among others. Within these objects are even more objects which can then be controlled and categorized.

How are Active Directories used?If you are a computer administrator for a large corporation or organization, you can easily update all end users computers with new software, patches and files simply by updating one object in a forest or tree.

Because each object fits into a set schema and has specific attributes, a network administrator can easily clear a person on a set tree or instantly give or deny access to select users for certain applications. The Microsoft servers use trust to determine whether or not access should be allowed. Two types of trusts that Microsoft active directories incorporate are transitive trusts and one way non transitive trusts. A transitive trust is when there is a trust that goes further than two domains in a set tree, meaning two entities are able to access each other's domains and trees.

A one way transitive trust is when a user is allowed access to another tree or domain; however, the other domain does not allow access to the further domains. This can be summed up as a network administrator and end user. The network administrator can access most trees in the forest including a specific end user's domain. However, the end user, while able to access his or her own domain, cannot access other trees.

It is important to note that active directories are a great way to organize a large organization or corporation's computers' data and network. Without an active directory, most end users would have computers that would need to be updated individually and would not have access to a larger network where data can be processed and reports can be created. While active directories can be technical to a good extent and require considerable expertise to navigate, they are essential to storing information and data on networks.