Active Directory is a centralized database for all of your security principles. What is a security principle? A security principle can be anything from a user account, group, group policy, file share, to objects like printers. It is the single place to administer every user account in your organization. Active Directory is a building block for programs and operating systems to authenticate against for Single Sign On purposes.
What do you Gain From Active Directory
A Single Point of Administration for all Users and Groups
If you don’t currently use Active Directory, each computer maintains its own SAM database, this database is on each computer and is not shared across the network. The SAM database is insecure as well as very difficult to administer for Windows Networking.
Active Directory replaces the SAM Database, and creates its own Directory Service where all user accounts are kept. The SAM Database still exists on each machine, but becomes irrelevant when dealing with machine logons and authentications. When a user logs on to their machine, the Active Directory server authenticates them, and then permits or denies their logon to that machine. Once it authenticates them, it also sets appropriate permissions for their account on the computer they are at.
Group Policies for User and Computer Security and Configuration
Group policies are the way in which Active Directory makes bulk changes to the user environment at either the User or Computer level.
Group policies are basically a nice interface to change registry keys on a machine. Group policies are the best and most simple way to standardize a configuration across all machines in an organization.
Active Directory can replace the requirement to manually install software on every machine. Active Directory can use Group Policy to automatically push out new software and upgrade packages, to all machines in your organization. It is a simple process that reduces administration time drastically.
Integration with Exchange
Are you thinking about getting Microsoft Exchange server? It relies entirely on Active Directory as a back-end for all users and for security.
If you are a small business with just 2 or 3 employees, or a large enterprise, Active Directory will save you hours of headaches caused by administrating multiple users across multiple machines.