Active Directory Basics

Active Directory (AD) is Microsoft's directory service used in corporate networks to manage users, computers, groups, and permissions from a central location (a "domain").

Key Concepts

• Domain: a group of users/computers managed together (e.g., company.local)
• Domain Controller (DC): server that holds AD and handles logins
• User Account: an individual employee's login identity
• Organizational Unit (OU): a "folder" for organizing users/computers (e.g., by department)
• Group: a collection of users sharing the same permissions (e.g., "Finance Team")
• Group Policy (GPO): rules applied to users/computers (e.g., password policies, software restrictions)

Common IT Support Tasks in AD

• Resetting user passwords
• Unlocking locked accounts
• Adding/removing users from groups (e.g., granting access to a shared drive)
• Checking if a computer is joined to the domain

Why IT Support Needs This

Most "I can't log in" or "I don't have access to X" tickets are resolved in Active Directory Users and Computers (ADUC) - checking account status, group membership, or whether the account is locked/expired.

Common Interview Talking Point

"For access issues, I'd check the user's account in Active Directory - verifying it's not locked or expired, and confirming they're in the correct security group for the resource they need."