How to Setup Active Directory on AWS Cloud FREE | AWS Cloud Virtual Machine Setup | AD Setup | Pentesthint

3 min readJan 25, 2022

Terms

The table lists Active Directory terminology.

Server — A computer that performs certain roles in a domain

Domain controller — A server that stores a directory and serves user requests for the directory. In addition to storing data, a domain controller can act as one of the FSMO roles

Domain — The minimum structural unit of an Active Directory organization (may consist of users, computers, printers, other shared resources

Domain tree — A hierarchical system of domains that has a single root (root domain

Domain forest — A set of domain trees in various forms of trust

What is AD?

System administrators use Windows Server’s Active Directory technology to store and organize objects on a network into a hierarchical, secure logical structure, such as users, computers, or other physical resources.

The forest and domain form the basis of the logical structure. Domains can be structured in a forest to provide data and service independence (but not isolation) and replication optimization. Separating the logical and physical structures improves system manageability and reduces administrative overhead because the logical structure is not affected by changes to the physical device. The logical structure allows you to control access to data, i.e. you can use a logical structure to control access to different blocks of data.

The data stored in Active Directory can come from many different sources. With many different data sources and many different types of data, Active Directory must use some standardized storage mechanism to maintain the integrity of stored information.

In Active Directory, objects use directories to store information, all objects are defined in a schema. Object definitions contain information, such as the data type and syntax, that the catalog uses to ensure storage validity. No data can be stored in the catalog until it is defined in the schema. The default schema contains all object definitions and descriptions that are necessary for Active Directory to function correctly.

When you access a directory through a logical structure consisting of elements such as domains and forests, the directory itself is implemented through a physical structure consisting of a database that is stored on all domain controllers in the forest.

The Active Directory store handles all database access. The data store consists of services and physical files that manage access rights, read and write data processes within a database on the hard drive of each controller.

Structure and architecture of the Active Directory storage

The structure and architecture of the Active Directory store consists of four parts:

Domains and Forests

Forests, domains, and organizational units (OUs) make up the basic elements of the logical structure of Active Directory. The forest defines a single directory and represents a security boundary. Forests contain domains.

DNS

DNS provides name resolution in a hierarchical architecture that Active Directory can use.

Schema

The schema contains the object definitions that are used to create the objects stored in the directory.

Data Store

The data store is part of the directory that manages the storage and retrieval of data on each domain controller.