Active Directory Tutorial

for Beginners
Table of contents

What Is Active Directory? 2

Benefits of Active Directory 2

What Does Active Directory Do? 3

Active Directory Structure 4

Active Directory Domain Controllers 5

How to Install Remote Server Administration Tools (RSAT) for AD Management 13

Active Directory Events to Monitor 15

About Netwrix 18
In this Active Directory for beginners tutorial, we will show you how to install, how to configure and how to use
Active Directory. You can also get this Active Directory eBook PDF by providing your email address and the AD
tutorial will be emailed to you.

What is Active Directory?

Let’s start this Active Directory tutorial by defining what exactly Active Directory is. Microsoft Active Directory (AD)
is a core component of the Server operating system. It is a directory (database) and set of services that enable
secure access to resources in a networked Windows environment. Other types of environments have different
directory services; for instance, OpenLDAP is used in various Unix/Linux environments.

Benefits of Active Directory

Active Directory offers a wide range of benefits for organizations of all sizes, so it is a fundamental component of
many IT infrastructures. Below are some of the key benefits of using Active Directory:

▪ Active Directory provides centralized authentication and authorization services that enable users to log in to
the network and access the resources that administrators have granted them access permissions for.

▪ Active Directory supports single sign-on (SSO), which allow users to access multiple resources across the
network without having to log in separately to each resource.

▪ AD includes Group Policy, which allows administrators to define and enforce security settings, configurations
and policies across multiple computers and users within the network.

▪ Active Directory serves as a central repository for managing network resources such as users, groups, com-
puters, printers and network devices.

▪ AD stores information about network objects such as users, groups, computers and printers in a structured
hierarchical database.

▪ Active Directory provides security features such as encryption, access controls and auditing to protect sensi-
tive information and ensure compliance with security standards.
 ▪ Active Directory is designed to scale with the growth of an organization, supporting thousands or even mil-
lions of users, computers, groups and other objects within a single directory.

▪ Active Directory seamlessly integrates with other Microsoft products and services, such as Microsoft Exchange
Server, SharePoint, Microsoft 365 (formerly Office 365) and Azure services, providing a unified identity and
access management solution across the Microsoft ecosystem.

What Does Active Directory Do?

Services that AD provides or supports include:

▪ Authentication — Active Directory provides authentication, which is the process of verifying that users are
who they claim to be. Active Directory supports single sign-on, allowing users to authenticate once and then
access multiple resources across the network.

▪ Authorization — Active Directory also manages authorization, which is the process of determining whether to
allow a user to access requested resources using criteria such as their roles and security group membership.

▪ Resource management — Active Directory serves as a central repository for managing network resources
such as computers, servers, printers and network devices. It allows administrators to organize these resourc-
es into logical groupings, making it easier to manage and allocate resources within the network.

▪ Group Policy — AD includes Group Policy, which enables administrators to define and enforce security
policies, settings and configurations across multiple computers and users within the network. This ensures
consistency in configurations and helps enforce security standards.

▪ Directory services — Active Directory stores information about network objects such as users, groups, com-
puters and printers in a structured hierarchical database called the directory. This directory service provides
a scalable and efficient way to organize and access information about network resources.

▪ LDAP — Active Directory supports the Lightweight Directory Access Protocol (LDAP), which provides a stand-
ard method for accessing and querying directory data. LDAP enables applications and services to interact with
the directory for authentication, information retrieval and other purposes.

▪ DNS — Active Directory integrates with the Domain Name System (DNS) to provide name resolution services
within the network. DNS enables users and computers to locate domain controllers and other network re-
sources using friendly names (such as host names) rather than IP addresses.
 ▪ Trust relationships — Active Directory supports trust relationships between domains to enable users and
resources in one domain to access resources in another domain. Trust relationships are automatically estab-
lished between all domains in a forest, which enables users to seamlessly access resources across domains.
Administrators can also establish external trusts to enable users in one Active Directory domain to access
resources in another domain in a different forest.

▪ Trusts can be one-way or two-way. With a one-way trust, users in one domain can access resources in anoth-
er domain, but the reverse is not true. In a two-way trust, users in both domains can access resources in the
other domain. For example, an external two-way trusts might be established between partner organizations
to facilitate collaboration. Both types of trusts can be transitive or non-transitive. A non-transitive trust is lim-
ited to the specific domains involved. A transitive trust allows access to resources in other trusted domains in
the same forest. For example, suppose there is a transitive trust between Domain A and Domain B. If Domain
B trusts Domain C, then Domain A also trusts Domain C.

▪ Replication — Active Directory uses multi-master replication to ensure that directory data is synchronized
across all domain controllers within the domain. Replication ensures data consistency and fault tolerance,
allowing users to access directory information even if some domain controllers are unavailable.

Active Directory Structure

Active Directory has a hierarchical structure with the following components:

▪ Forest — The forest is the top-level container in Active Directory and a security boundary. It contains one
or more domains, which all share a common schema, configurations and global catalog. The first domain
created in the forest is the forest root domain; domains added to the forest later are called child domains.
Organizations typically have a single forest, but they can have more.

▪ Tree — A tree is a hierarchical structure within an AD forest that consists of one or more domains arranged in
a contiguous namespace. The root domain of the tree is the first domain created within the tree. Subdomains
created under the root domain are called child domains, and additional child domains can be created under
these child domains, forming a hierarchical tree structure. Domains within the same tree share a contiguous
namespace and are connected by transitive trust relationships, allowing users and resources to access re-
sources across domains within the same tree.

▪ Domain — A domain is a group of users, computers and other objects that are stored in a single Active Di-
rectory database and can be managed together. Each domain has its own security policies, trust relationships
and domain controllers. For example, an organization might have a domain for each of its locations, which is
managed by the local IT team.
 ▪ Organizational unit (OU) — Organizational units are containers within a domain that are used to organize
and manage subsets of AD objects in that domain. For instance, the domain for a company’s San Francisco
branch might have OUs for each department there, such as Sales and Finance.

▪ AD object — Active Directory objects include user accounts, computer accounts, and security and distribution
groups. Each AD object has a set of attributes. For example, the attributes of a user account include its user-
name, password, contact information, roles and groups.

Active Directory Domain Controllers

Each domain has one or more domain controllers. DCs are the servers that store the Active Directory database
and provide directory services like authentication and authorization. All domain controllers run the Windows
Server operating system.

If a domain has multiple DCs, changes to the AD database on one DC are replicated to the others. This redundan-
cy provides fault tolerance in case a DC experiences problems.

How to Stand Up a Domain Controller

To create a domain controller, you need to perform two steps:

▪ Install the Active Directory Domain Services (AD DS) role to a Windows Server machine.
▪ Promote the server to domain controller.
Install the Active Directory Domain Services Role on a Windows Server
1. Log in to the Windows Server using an account with administrative privileges. Open Server Manager by either
clicking on the Server Manager icon in the taskbar or by searching for "Server Manager" in the Start menu.

2. In the top menu, click Manage and select Add Roles and Features.

3. In the Add Roles and Features Wizard, select Role-based or feature-based installation and click Next.
4. Ensure that the correct server is selected and click Next.

5. On the “Select server roles” page, click Active Directory Domain Services. In the pop-up window, click Add
Features.

6. On the “Select features” page, do not select any additional features. Click Next.
7. On the “Active Directory Domain Services” page, review
the information and click Next.

8. Review your installation selections and click Install.

9. Wait for the installation process to complete, which may

take a few minutes. Then click Close to exit the wizard.
Promote the Server to Domain Controller
1. When the installation is complete, a notification will appear in the Server Manager. In the notification click
Promote this server to a domain controller.

2. The Active Directory Domain Services Configuration

Wizard will open. First, specify whether you want to add
a domain controller to an existing domain, add a new
domain to an existing forest or add a new forest. For
this example, select Add a new forest, enter a name
for the root domain and click Next.

3. Select the functional levels for the forest and its root
domain, add capabilities like DNS, and set the Directory
Services Restore Mode (DSRM) password. Click Next to
continue.
4. If you selected the DNS option, the “DNS Options” page
may display a warning. Since we are creating a new
forest, we can safely ignore this warning. Click Next to
continue.

5. The wizard will search the network on the domain and

assign a NetBIOS domain name automatically. You can
change it if required. Click Next to continue.

6. On the “Paths” page, specify the location of the AD DS

database, log files and SYSVOL files. You can change the
default location provided. In large environments, it is
recommended to keep them on a separate drive so can
be used to restore Active Directory if the system drive
gets corrupted. Click Next to continue.
7. Review the summary of your selections and click Next.

8. The wizard will check that the computer meets the

prerequisites. Once you see a confirmation that the
computer has passed, click Install.

9. Once the installation completes, the server will

automatically restart. After the restart, the server will
be a domain controller with Active Directory Domain
Services installed.
10. To verify that the domain structure has been created, open Server Manager, click Tools, and click Active
Directory Users and Computers.

How to Install Remote Server Administration

Tools (RSAT) for AD Management
To manage Active Directory, you need to install administrative tools on a client machine. To install RSAT on Win-
dows 11, follow these steps:

1. Open Settings, click Apps in the left sidebar, and then

click Optional features.
2. Click View features.

3. Search for “RSAT” (or simply scroll down) and check the
box next to RSAT: Active Directory Domain Services
and Lightweight Directory Services Tools. Then click
Next.

4. Click the Install button to begin the installation process.

5. Wait for the installation to complete. This may take a few minutes. Once your computer has restarted, you can
verify that RSAT has been installed by searching for any of the RSAT tools, such as Active Directory Users and
Computers, from the Start menu.

Active Directory Events to Monitor

Active Directory provides logging feature for maintaining the security, integrity and performance of your directory
service. Monitoring these events using a tool like Windows Event Viewer helps you detect suspicious activity so you
can promptly troubleshoot issues and respond to security breaches. Below are some common events to look for.

User Account Management

▪ Account creation: Event ID 4720
▪ Account deletion: Event ID 4726
▪ Account enabled/disabled: Event IDs 4722, 4725
▪ Password changes/reset: Event IDs 4723, 4724, 4725
▪ Account lockouts: Event ID 4740

Group Management
▪ Group creation/deletion: Event IDs 4727, 4731
▪ Group membership changes: Event IDs 4728, 4729, 4732, 4733.

Active Directory Replication

▪ Replication success/failure: Event IDs 4928, 4929, 4932, 4933

Domain Controller Operations

▪ Domain controller/systems startup/shutdown: Event IDs 6005,6006,6008,1074
▪ Directory service access: Event IDs 2889, 2887
Authentication and Authorization
▪ Successful logons: Event IDs 4624,4648,4768
▪ Failed logons: Event IDs 4625
▪ Privileged access: Event IDs 4672

Directory Service Changes

▪ LDAP modifications: Event IDs 5136, 5137, 5138
▪ Schema changes: Event ID 5139
Netwrix Auditor for Active
Directory
Get complete visibility into what’s going on
in your Active Directory and Group Policy

Easily review the current state of your users and groups, including permissions
and membership

Keep tabs on all security and configuration changes in your Active Directory and
Group Policy with all the critical who, what, when and where details and before
and after values

Be notified about the most critical changes as they happen so you can respond
immediately

Quickly roll back unwanted changes without any downtime or having to restore
from backup

Simplify reporting with automated subscriptions and a range of export options

Download Free 20-Day Trial

About Netwrix
Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security
professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect,
respond to and recover from attacks, limiting their impact. More than 13,000 organizations worldwide rely on
Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors:
data, identity and infrastructure.

For more information about Netwrix, visit www.netwrix.com

Next Steps

Free trial — Set up Netwrix in your own test environment: netwrix.com/freetrial

In-Browser Demo — Take an interactive product demo in your browser: netwrix.com/browser_demo

Live Demo — Take a product tour with a Netwrix expert: netwrix.com/livedemo

Request Quote — Receive pricing information: netwrix.com/buy

CORPORATE HEADQUARTER: PHONES: OTHER LOCATIONS: SOCIAL:

6160 Warren Parkway, Suite 1-949-407-5125 Spain: +34 911 982608

100 Frisco, TX, US 75034 Toll-free (USA): 888-638-9749 Netherlands: +31 858 887 804
Sweden: +46 8 525 03487
Switzerland: +41 43 508 3472
5 New Street Square, London +44 (0) 203 588 3023 France: +33 9 75 18 11 19 netwrix.com/social
EC4A 3TW Germany: +49 711 899 89 187
Hong Kong: +852 5808 1306
Italy: +39 02 947 53539