Directory Services: LDAP and Active Directory
Understand how LDAP directories and Active Directory organize users, groups, and computers, and how Group Policy enforces security settings at scale.
What Are Directory Services?
A directory service is a centralized repository that stores and organizes information about network resources — users, groups, computers, printers, and policies. Rather than maintaining separate user databases on every system, organizations use a directory service as the single source of truth for identity information. All authentication requests are validated against the directory, and access policies are enforced consistently across the enterprise.
LDAP: Lightweight Directory Access Protocol
LDAP (Lightweight Directory Access Protocol) is the industry-standard protocol for querying and modifying directory services. LDAP organizes entries in a hierarchical tree called the Directory Information Tree (DIT), with entries identified by a Distinguished Name (DN). LDAP runs on port 389 (cleartext) and port 636 (LDAPS — LDAP over TLS). LDAP is the protocol; the directory itself is a separate product.
# LDAP Distinguished Name structure
cn=John Smith,ou=Engineers,dc=corp,dc=example,dc=com
# cn = Common Name (user's name)
# ou = Organizational Unit
# dc = Domain Component
# LDAP search query example
ldapsearch -H ldap://dc.corp.example.com \
-b 'dc=corp,dc=example,dc=com' \
'(sAMAccountName=jsmith)' mail memberOfAll lessons in this course
- Directory Services: LDAP and Active Directory
- Privileged Access Management (PAM)
- Identity Governance and Provisioning
- Just-in-Time Access and Conditional Access Policies