For every AD object a globally unique identifier (GID) is generated and will be saved in objectGUID attribute.
For every object at a domain level a unique Security identifier (SID) will be generated and will be saved in objectSID attribute. When the user moves to different domain , GID will be same but a new SID will be allocated
Distinguished name are very similar to the way postal address works. In AD distinguished names are used to uniquely identify an object & to do that it relies on the following names
organizationName (O) or organizationUnitNmae (OU): This name represents the organization
domainComponent(DC): This is the naming attribute for the domain and the DNS. IF the dns domain name is avengers.com, then we will have the following domain components
commonName (CN): This refers to object & containers in the directory
Following is example of the child domain
Active Directory Server Roles
There are five main Active Directory Server Roles
Installation of these service can be done by a Powershell Cmdlet
Active Directory Domain Services (AD DS)
This service can manage an organization’s resources such as users, computers,printers etc
AD Forest is an identity infrastructure security boundary. Forest can multiple domain controllers.
OU will be used to arrange objects in Active Directory
Active Directory Federation Services (AD FS)
This service allows us to share identities b/w trusted identity infrastructures using a Claim based authentication
Estabilish trust relationship across identities
Single Sign On (SSO)
Active Directory Lightweight Directory Services (AD LDS)
Some applications requires a directory-enable environment to operate & it might not require fully-blown AD. In these kind of cases AD LDS helps us to enable data storage & retrieval for directory-enable applications.
Active Directory Rights Managment Services (AD RMS)
AD RMS helps enterprises to protect sensitive data from unauthorized access
Active Directory Certificate Services (AD CS)
This role helps enterprises to build public key infrastructure (PKI) in an easy & cost effective way.