Active Directory Domain Services (AD DS)

  • Article

Active Directory Domain Services (AD DS) is a service that makes it possible for users to log on to any computer on the network, while retaining access to their documents and settings. As an administrator, you can access and manage directory information such as user accounts, passwords, and phone numbers throughout your network. By using AD DS Group Policy settings, you can greatly simplify administrative tasks.

AD DS implements security measures such as logon authentication and access control for all users and devices in the directory.

Active Directory Domain Services domains

In AD DS, a domain identifies a particular group of servers and computers. Windows EBS supports a single AD DS domain, which can span multiple physical locations or sites and can contain millions of objects.

Naming your domain

In most cases, during installation you are joining your Windows EBS servers to an existing domain. When you join an existing domain, Windows EBS is installed into the root domain of your existing forest. It is not possible to rename an existing domain during Windows EBS installation.

In some cases, it may be more advisable to create a new domain rather than join an existing environment. In these cases, you are adding the domain controller, creating an Active Directory domain, forest, and site, and installing AD DS. The Windows EBS domain controller stores directory data and manages user and domain interactions, including user logon processes, authentication, and directory searches.

When you add an AD DS domain in Windows EBS, choose the name carefully—it cannot be changed after installation. You should pick a unique name that identifies the network and can be used as part of a fully qualified domain name.

Domain administrator account and password

You need a domain administrator account to perform administrator-level management tasks on the network. If you already have AD DS running on your network, use an existing account that has enterprise administrator privileges. If you do not currently have AD DS running on your network, the Installation Wizard uses the default Domain Administrator account, and you need to provide a password.

Your password choices should follow the Windows Server 2008 recommendations for creating a strong password. The password should be at least eight characters long, and it should contain characters from at least three of the following categories:

  • Uppercase letters
  • Lowercase letters
  • Numbers
  • Special characters

For more information about password security in Windows EBS, see the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=108910).