Active Directory (AD) is the Microsoft method of using LDAP for the management of user data, security, resources, and interoperability with other directories. One of the highly effective methods for querying data repositories, modifying user permissions and granting access to protected resources is to utilize an LDAP server, which uses the Lightweight Directory Access Protocol (LDAP). This TCP/IP protocol is based on a client-server model and is used in Apache Directory Server, Apple Open Directory, Fedora Directory Server, IBM Tivoli Directory Server, and Microsoft Active Directory (AD) amongst others.
The structure of AD consists of servers that run AD called domain controllers (DC), which authenticate and authorize users. One or more DCs are required to create a domain, which share a directory database and a trust relationship with other domain and security policies.
A “tree” is a collection of one or more domains that permit resource sharing, and may contain a single domain or multiple domains in a contiguous namespace. A “forest” consists of one or more trees, with the first domain being the “root”. The forest will share transitive trusts, a global catalog, and a schema with the domains in the forest. We may further delineate our entity's structure by the use of organizational units (OU)s and place users, groups, computers, and other OUs into managerial or geographical constructs.