Windows Active Directory (Windows AD) is a centralized directory management service (or directory service) for architecture of large and medium network environment on a Microsoft Windows Server. From Windows 2000 Server products, Windows Server products start to have built-in Windows AD. Windows AD is configured to process network objects in an organization. Objects can be users, groups, computers, domain controllers, mails, configurations, organizational units, trees, etc. An object that is defined in an Active Directory (AD) schema can be stored in an AD database and accessed via an AD Service Interface. Many AD management tools use the AD Service Interface to retrieve and use AD data.
AD is also used as a data structure for connecting certain Microsoft server software to network domains. For example, Microsoft Exchange Server 2003-2007 all use AD to store personal mailbox data (by creating a new AD Schema), and list AD as a necessary condition for building an Exchange Server.
Windows AD's core function is to manage resources in a large network, including various user resources. However, Windows AD supports Windows platform, does not support other mainstream operating platforms (e.g., Linux platform), and applies only to office network having a small number of servers. In addition, configuration of user rights is complicated. Meanwhile, information of user rights managed by Windows AD is stored in business servers, so the stored information of the user rights needs to be handled individually without precise and centralized control. Further, it is difficult to control a situation in which one user account logs in all business servers within the system architecture. Thus, security of the business servers cannot be guaranteed.