What Is Active Directory?

Written by Coursera Staff • Updated on

Learn about Active Directory and how it’s used in organizations to group objects, grant permissions, and manage networks and information.

[Featured image] Two coworkers sit on a wooden bench and collaborate using Active Directory on a laptop.

Active Directory (AD) is a live directory run on a Microsoft Windows server that stores account login data and information administrators need to manage permissions and access to network resources.  It holds important information about user accounts within an organization, including personal details such as job titles, phone numbers, and passwords, as well as various permissions. 

In AD, the data is structured and stored as objects, keeping it easy to find. Objects include user accounts, user passwords, groups, applications, devices (such as printers and computers), and file shares.

Active Directory structure

Active Directory has three main hierarchical tiers: domains, trees, and forests.

Domains: A domain is a collection of objects on the same Active Directory and might consist of users, devices, and groups. These represent branches of the trees. 

Trees: A tree is a group of domains organized hierarchically. Parent domains link to child domains, all of which stem from a single root domain.

Forests: Multiple trees combine to make a forest, which is the highest level within the Active Directory. The trees within a forest form a security boundary and can trust each other to share information within the AD.

Members of staff granted different permissions is an example of the AD structure. They may have different domains but are grouped together according to their same permissions as trees. This results in many domains and trees but only one single forest (the organization). 

What are Active Directory groups?

Active Directory allows managers to collect user accounts into groups, which helps them to apply the same action to everyone in that group without needing to interact with each user individually. Distribution groups are for email distribution, and security groups are for assigning access permission.

Benefits of an Active Directory connection

Active Directory has many benefits that can help organizations ensure the accessibility and security of their information.

Create and delete accounts. With a new employee, you only set up one account with Active Directory rather than an account for each computer, printer, app, and shared file. The same is true of deleting accounts for employees who leave the organization.

Set permissions. You set permissions for whole groups of domains at the same time rather than having to do this for each individual user.

Reset passwords. You can easily reset a password using Active Directory, with the new password updating across the whole network automatically.

Access a hierarchy. Active Directory is a simple way for you to order your organization's hierarchy, determining who has access to what and how objects can be accessed.

All in one place. Active Directory creates a single point to manage information and resources, with a search function to find objects quickly. Having one place to access a structured network is highly efficient.

[Video thumbnail] How to become a IT Professional

Next steps in Active Directory management on Coursera

If you’re ready to start a career in IT support or you want to understand more about computer networking and databases, you may benefit from earning a Professional Certificate in IT. The Google IT Support Professional Certificate on Coursera teaches in-demand skills to help you get job ready in the field in about six months or less.

Updated on
Written by:

Editorial Team

Coursera’s editorial team is comprised of highly experienced professional editors, writers, and fact...

This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.