What is Active Directory? AD Services Overview

AD DS, LDS, FS: Keeping track of all the acronyms surrounding Windows Active Directory can be a challenge. Our overview of the most important AD services.

General Information

Active Directory is the directory service of Microsoft Server. It is used to manage company network objects, such as:

  • Users
  • Groups
  • Computers
  • Printers
  • Shared folders

Active Directory was first released with Windows Server 2000 and has since been continuously expanded and improved. Since version Windows Server 2008, Active Directory has always consisted of the following five services:

Active Directory Domain Services (AD DS)

Domain Services are the central components of any Windows domain network. Any domain devices and users are stored in the AD DS. At the same time, AD DS acts as an authentication service for users who are managed in Active Directory (i.e. it checks for valid login details when users log on to the network). AD DS is operated by special Windows servers, so-called domain controllers.

AD DS holds an important position in many companies because several other services depend on it, for instance: Group policies, Exchange Server, SharePoint Server and numerous third-party applications and services that implement an interface to AD DS (e.g. via LDAP).

Lightweight Directory Services (AD LDS)

As the name suggests, LDS is a light version of AD DS. LDS does not require you to build a domain structure and domain controllers. It is purely a directory service for storing information. This information can be accessed via an LDAP interface.

LDS is most commonly used for managing user and group information for third-party applications. This is particularly useful when multiple applications need to access the same user information, as this information only needs to be stored and administered once in LDS.

Federation Services (AD FS)

Federation Services are used for single sign-on (SSO) and allow users to use their logon information not only to log on to the local Windows domain, but also to log on to defined non-domain services (primarily web applications). With Office 365, AD FS has significantly gained importance as it has enabled single sign-on with Office 365 applications. To operate AD FS, an AD DS infrastructure is required.

Rights Management Service (AD RMS)

This service ensures that certain resources are protected from unauthorized access using cryptographic methods (encryption).

Certificate Services (AD CS)

Certificate services provide a public key infrastructure (PKI).

See also:

Active Directory security: Best practices for securing your AD

Differences between Active Directory and Azure AD

AGDLP: The Best Practice for Implementing Role-Based Access Control through nested groups.

About the Author: Helmut Semmelmayer

Helmut Semmelmayer currently heads channel sales at the software company tenfold software. He looks back on 10 years of involvement in the identity and access management market. Having worked on countless customer projects, he has extensive knowledge of the challenges that organizations face when it comes to protecting data from unauthorized access. His goal is to educate businesses and build awareness for current and future access-based attack patterns.