An in depth look at the development of Active Directory
Spread the love

Microsoft first offered a public preview of Active Directory in 1999 and released it about a year later with Windows 2000 Server. Microsoft continues to develop new features with each successive Windows Server release. Though they have scaled back remarkably with the release of what is Windows Server 2019. To date I have found a single addition to the schema with the extensions required for the introduction of a Windows Server 2019 domain controller. Having said that there is not a Server 2019 domain functional level. The new addition that I witnessed was in relation to PAM (privileged access management). The schema version will be Version 88. A little more on this further into the article.

Original testing of scalability as well as structural integrity of Active Directory was conducted by many large companies. This gave us the ability to view Active Directory as able to support companies as it had already been tested, supporting millions of object within the software. One of those companies was Compaq long before they were purchased by Hewlett Packard on May 3rd 2002.

It was not until Windows Server 2003 that a notable update to add forests and the ability to edit and change the position of domains within forests was introduced to Active Directory with a schema version of Version 30. Domains on Windows Server 2000 could not support newer AD updates running in Server 2003 which in turn caused a lot of frustration for companies that were for the first time introduced to a literal forklift upgrade of Active Directory.

Windows Server 2008 introduced AD FS. Most did not realize the benefits of this release because true in depth knowledge of Active Directory was still well beyond the grasp of most organizations. The introduction of Distributed File System Replication from the original File Replication Service was truly a game changer. This allowed much greater control over object replication. This change often resulted (with proper configuration) changing object replication times from literal hours to within 20-30 seconds for an entire Active Directory domain hierarchy. Additionally, Microsoft re-branded the directory for domain management as AD DS (active directory domain services), and AD became a blanket term for the directory-based services that it supports.

Windows Server 2016 preparation updated AD DS to improve AD security and migrate or integrate Active Directory environments with cloud or hybrid cloud environments. Azure AD Join is a great example of this feature. Windows Hello for Business was another addition utilizing key-based authentication approach that took authentication to a whole new level well beyond complex passwords. Security updates included the addition of privileged access management (PAM) configured through Microsoft Identity Manager (MIM) and utilizes a bastion Active Directory forest. The bastion forest has a special PAM trust with an existing forest. It provides a new Active Directory environment that is known to be free of any malicious activity, and isolation from an existing forest for the use of privileged accounts.

PAM monitors access to an object, the type of access granted and what actions the user took. PAM was developed to provide an additional secure and isolated forest environment. Windows Server 2016 ended support for devices on Windows Server 2003 entirely.

In December 2016, Microsoft released Azure AD Connect to join an on-premises Active Directory system with Azure Active Directory (Azure AD) to enable SSO for Microsoft’s cloud services, such as Office 365. Azure AD Connect works with systems running Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019. To monitor the effectivness of Azure AD Connect Microsoft also introduced Azure Active Directory (Azure AD) Connect Health. This addition provides robust monitoring of your on-premises identity infrastructure. It enables you to maintain a reliable connection to Office 365 and Microsoft Online Services. This reliability is achieved by providing monitoring capabilities for your key identity components. Also, it makes the key data points about these components easily accessible.

As the years have gone by we have reached a place in time where connectivity for our business is no longer a how, but a what to connect to. The the cloud is now providing far reaching capabilities well beyond what anyone could have imagined many years ago. The idea of business continuity and disaster recovery used to strike fear into center of any business entity, and rightfully so. With the proper services and configuration those days are far behind us. I look forward to watching what was once an idea code name Geneva, which we know as Active Directory continue to grow and flourish with the great minds of today, yesterday, and tomorrow.

Leave a Comment

Your email address will not be published. Required fields are marked *