Microsoft Active Directory
Active Directory is a directory services system, similar in nature to Novell's eDirectory, which allows network objects such as users and groups to be placed into logical areas of a database. This database can then be distributed among various serversall of which participate in the Active Directory structure. Because all the network object information is placed in a single database, albeit a distributed one, it can be used by any network application or subsystem, eliminating the need for duplicate information to be held on each server of the network. In the case of Microsoft server operating systems, Windows 2000 was the first network operating system to take this approach. Previous to this, user accounts on Windows servers were stored on each server, and special relationships called trusts had to be set up in order to allow users on one server to access resources in another. In Active Directory, trusts still exist, though their role is somewhat different.
Windows servers on a network can either be domain controllers or member servers. Domain controllers are servers that have Active Directory installed and hold a copy of the Active Directory database. The term domain is used to describe a logical section of the Active Directory database. Domain controllers store user account information, so they can provide network authentication. An Active Directory domain can have several domain controllers, with each one having a read/write copy of the Active Directory database. In fact, for fault-tolerant reasons, this is a good strategy to employ.
Member servers are not involved in the authentication of network users and do not take part in the Active Directory replication process. Member servers are commonly employed as file and print servers, or with additional software, as database servers, Web servers, firewalls, or servers for other important network services such as DHCP and DNS.