Active Directory 1

Active Directory
Active Directory is a technology created by Microsoft that provides a
variety of network services, including:
• Lightweight Directory Access Protocol LDAP is the industry
standard directory access protocol, making Active Directory widely
accessible to management and query applications. Active Directory
supports LDAPv3 and LDAPv2.
• Kerberos-based authentication
• DNS-based naming and other network information (Guts of DNS,
Typically Active Directory is managed using the
Stable DNS is needed for AD to work properly)
graphical Microsoft Management Console.
• Central location for network administration and delegation of
authority [1]
• Information security and single sign-on for user access to networked based resources [1]
• The ability to scale up or down easily [1]
• Central storage location for application data [1]
• Synchronization of directory updates amongst several servers [1]
Using the same database, for use primarily in Windows environments, Active Directory also allows administrators to
assign policies, deploy software, and apply critical updates to an organization. Active Directory stores information
and settings in a central database. Active Directory networks can vary from a small installation with a few
computers, users and printers to tens of thousands of users, many different domains and large server farms spanning
many geographical locations.
Active Directory was previewed in 1999, released first with Windows 2000 Server edition, and revised to extend
functionality and improve administration in Windows Server 2003. Additional improvements were made in
Windows Server 2003 R2. Active Directory was refined further in Windows Server 2008 and Windows Server 2008
R2 and was renamed Active Directory Domain Services.
Active Directory was called NTDS (NT Directory Service) in older Microsoft documents. This name can still be
seen in some Active Directory binaries.

Structure

Objects
Everything that Active Directory tracks is considered an object. An object is any user, system, computer, resource, or
service tracked within Active Directory. The generic term object is used because Active Directory is capable of
tracking a variety of items, and many objects can share common attributes.
An Active Directory structure is a hierarchical framework of objects. The objects fall into two broad categories:
resources (e.g., printers) and security principals (user or computer accounts and groups). Security principals are
Active Directory objects that are assigned unique security identifiers (SIDs) used to control access and set security.
Each object represents a single entity — whether a user, a computer, a printer, or a group — and its attributes.
Certain objects can also be containers of other objects. An object is uniquely identified by its name and has a set of
attributes — the characteristics and information that the object can contain — defined by a schema, which also
determines the kind of objects that can be stored in Active Directory.
Each attribute object can be used in several different schema class objects. The schema object exists to allow the
schema to be extended or modified when necessary. However, because each schema object is integral to the
Active Directory 2

definition of Active Directory objects, deactivating or changing these objects can have serious consequences because
it will fundamentally change the structure of Active Directory itself. A schema object, when altered, will
automatically propagate through Active Directory and once it is created it can only be deactivated — not deleted.
Changing the schema usually requires a fair amount of planning.[2]

Sites
A Site object in Active Directory represents a geographic location in that hosts networks. Sites contain objects called
subnets.[3] Sites can be used to assign Group Policy Objects, facilitate the discovery of resources, manage active
directory replication, and manage network link traffic. Sites can be linked to other Sites. Site-linked objects may be
assigned a cost value that represents the speed, reliability, availability, or other real property of a physical resource.
Site Links may also be assigned a schedule.

Forests, trees, and domains

All objects inside a common directory database is known as domain. Each domain stores information only about the
objects that belong to that domain. A tree consists of a single domain or multiple domains in a contiguous
namespace. A forest is a collection of Trees and represents the outermost boundary within which users, computers,
groups, and other objects exist. The forest is the security boundary for Active Directory.

Forest-WidgetsCorp Domain-Dallas

Tree-Eastern OU-Marketing

Domain-Boston Donn

Domain-NewYork Mark

Domain-Philly Steve

Tree-Southern OU-Sales

Domain-Atlanta Bill

Domain-Dallas Ralph

Example of the geographical organizing of zones of interest within trees and domains.

The Active Directory framework that holds the objects can be viewed at a number of levels. At the top of the
structure is the forest. A forest is a collection of multiple trees that share a common global catalog, directory schema,
logical structure, and directory configuration. The forest, tree, and domain are the logical parts in an Active
Directory network.
The Active Directory forest contains one or more transitive, trust-linked trees. A tree is a collection of one or more
domains and domain trees in a contiguous namespace, again linked in a transitive trust hierarchy. Domains are
identified by their DNS name structure, the namespace.

Flat-filed, simulated hierarchy

The objects held within a domain can be grouped into containers called Organizational Units (OUs).[4] OUs give a
domain a hierarchy, ease its administration, and can give a resemblance of the structure of the organization in
organizational or geographical terms. OUs can contain OUs – indeed, domains are containers in this sense – and can
hold multiple nested OUs. Microsoft recommends as few domains as possible in Active Directory and a reliance on
OUs to produce structure and improve the implementation of policies and administration. The OU is the common
level at which to apply group policies, which are Active Directory objects themselves called Group Policy Objects
(GPOs), although policies can also be applied to domains or sites (see below). The OU is the level at which
administrative powers are commonly delegated, but granular delegation can be performed on individual objects or
Active Directory 3

attributes as well.
However, Organizational Units are just an abstraction for the administrator, and do not function as true containers;
the underlying domain operates as if objects were all created in a simple flat-file structure, without any OUs. It is not
possible for example to create two user accounts with an identical username (sAMAccountName) in two separate
OUs, such as "fred.staff-ou.domain" and "fred.student-ou.domain". This is so because sAMAccountName, a user
object attribute, is constrained to be unique across the entire domain. However, note that you can have two different
"Freds" within AD, each with his own different account name (sAMAccountName) - for e.g. Fred Smith (fsmith),
and Fred A. Smith (fasmith). Note that they are both Fred Smiths, albeit one with a middle initial, they have different
account names (sAMAccountName) - fmsith, and fasmith.
By contrast, there are other vendor directories such as Novell eDirectory that allow certain naming attribute
duplication across separate OUs. Each user logs in by specifying the context of their account, which is similar to the
current working directory of a file system. Context normally operates in relative form: if the login prompt context is
"staff-ou.accounts-ou.organization", people with accounts in that specific OU need only type their username "fred".
But if the login prompt context were set to be one level higher, at "accounts-ou.organization", people would need to
specify the OU within that context: "fred.staff-ou". Context can also be specified in absolute form similar to an
absolute directory path by using a leading period: ".fred.staff-ou.accounts-ou.organization", which disregards the
current login prompt context.
Novell additionally provides login prompt functionality known as contextless login[5] to permit searching the
directory structure via LDAP for all possible matching or similar usernames, making the Novell login process
operate similar to Microsoft's flat-file structure that searches the entire domain for accounts regardless of the
account's location in the OUs. The concept of account context in the directory does not apply to Active Directory,
since object name duplication within a single domain is not permitted to occur in the first place.
Because duplicate usernames cannot exist within separate OUs of a single active directory domain, unique account
name generation poses a significant challenge for organizations with hundreds to thousands of users that are part of a
generalized mass that can not be easily subdivided into separate domains, such as students in a public school system
or university that must be able to login on any computer across the district buildings or campus network.
As the number of users in a domain increases, simple username creation methods such as "first initial, middle initial,
last name" will fail due to having so many common names like Smith or Johnson in the collective mass that result in
having duplications, such as two JASmith, which requires randomly adding a number to the end (JASmith1) to
further differentiate it for one of the two people. At some point of increasingly many users and name duplications,
the network IT staff may give up on attempts at making usernames personally memorable, and the username simply
becomes a serial number 5 to 10 digits long to provide sufficient naming uniqueness within a single domain.

Structural divisions to improve performance

Active Directory also supports the creation of Sites, which are physical, rather than logical, groupings defined by one
or more IP subnets.[6] Sites distinguish between locations connected by low-speed (e.g., WAN, VPN) and high-speed
(e.g., LAN) connections. Sites are independent of the domain and OU structure and are common across the entire
forest. Sites are used to control network traffic generated by replication and also to refer clients to the nearest domain
controllers. Exchange 2007 also uses the site topology for mail routing. Policies can also be applied at the site level.
The actual division of an organization's information infrastructure into a hierarchy of one or more domains and
top-level OUs is a key decision. Common models are by business unit, by geographical location, by IT Service, or by
object type. These models are also often used in combination. OUs should be structured primarily to facilitate
administrative delegation, and secondarily, to facilitate group policy application. Although OUs form an
administrative boundary, the only true security boundary is the forest itself[7] and an administrator of any domain in
the forest must be trusted across all domains in the forest.
Active Directory 4

Physically the Active Directory information is held on one or more equal peer domain controllers (DCs), replacing
the NT PDC/BDC model. Each DC has a copy of the Active Directory; changes on one computer being
synchronized (converged) between all the DC computers by multi-master replication. Servers joined to Active
Directory that are not domain controllers are called Member Servers.[8]
The Active Directory database is split into different stores or partitions.[9] Microsoft often refers to these partitions
as 'naming contexts'.[10] The 'Schema' partition contains the definition of object classes and attributes within the
Forest. The 'Configuration' partition contains information on the physical structure and configuration of the forest
(such as the site topology). The 'Domain' partition holds all objects created in that domain. The first two partitions
replicate to all domain controllers in the Forest. The Domain partition replicates only to Domain Controllers within
its domain. A subset of objects in the domain partition is also replicated to domain controllers that are configured as
global catalogs.
Unlike earlier versions of Windows which used NetBIOS to communicate, Active Directory is fully integrated with
DNS and TCP/IP—indeed DNS is required. To be fully functional, the DNS server must support SRV resource
records or service records.
Active Directory replication is 'pull' rather than 'push'.[11] The Knowledge Consistency Checker (KCC) creates a
replication topology of site links using the defined sites to manage traffic. Intrasite replication is frequent and
automatic as a result of change notification, which triggers peers to begin a pull replication cycle. Intersite
replication intervals are less frequent and do not use change notification by default, although this is configurable and
can be made identical to intrasite replication. A different 'cost' can be given to each link (e.g., DS3, T1, ISDN etc.)
and the site link topology will be altered accordingly by the KCC. Replication between domain controllers may
occur transitively through several site links on same-protocol site link bridges, if the cost is low, although KCC
automatically costs a direct site-to-site link lower than transitive connections. Site-to-site replication can be
configured to occur between a bridgehead server in each site, which then replicates the changes to other DCs within
the site.
In a multi-domain forest the Active Directory database becomes partitioned. That is, each domain maintains a list of
only those objects that belong in that domain. So, for example, a user created in Domain A would be listed only in
Domain A's domain controllers. Global catalog (GC) servers are used to provide a global listing of all objects in the
Forest.[12] The Global catalog is held on domain controllers configured as global catalog servers. Global Catalog
servers replicate to themselves all objects from all domains and hence, provide a global listing of objects in the
forest. However, in order to minimize replication traffic and to keep the GC's database small, only selected attributes
of each object are replicated. This is called the partial attribute set (PAS). The PAS can be modified by modifying
the schema and marking attributes for replication to the GC.
Replication of Active Directory uses Remote Procedure Calls (RPC over IP [RPC/IP]). Between Sites you can also
choose to use SMTP for replication, but only for changes in the Schema, Configuration, or Partial Attribute Set
(Global Catalog) NCs. SMTP cannot be used for replicating the default Domain partition.[13]
The Active Directory database, the directory store, in Windows 2000 Server uses the JET Blue-based Extensible
Storage Engine (ESE98), limited to 16 terabytes and 1 billion objects in each domain controller's database. Microsoft
has created NTDS databases with more than 2 billion objects. (NT4's Security Account Manager could support no
more than 40,000 objects). Called NTDS.DIT, it has two main tables: the data table and the link table. In Windows
Server 2003 a third main table was added for security descriptor single instancing.[14]
The features of Active Directory may be accessed programmatically via the COM interfaces provided by Active
Directory Service Interfaces.[15]
Active Directory is a necessary component for many Windows services in an organization such as Exchange,
Security.
Active Directory 5

FSMO Roles
Flexible Single Master Operations (FSMO, sometimes pronounced "fizz-mo") roles are also known as operations
master roles. Although the AD domain controllers operate in a multi-master model, i.e. updates can occur in multiple
places at once, there are several roles that are necessarily single instance:

Role Name Scope Description

Schema Master 1 per forest Controls and handles updates/modifications to the Active Directory schema.

Domain 1 per forest Controls the addition and removal of domains from the forest if present in root domain
Naming Master

PDC Emulator 1 per domain Provides backwards compatibility for NT4 clients for PDC operations (like password changes). The PDCs
also run domain specific processes such as the Security Descriptor Propagator (SDPROP), and is the master
time server within the domain. It also handles external trusts, the DFS consistency check, holds the most
current passwords and manages all GPOs as default server.

RID Master 1 per domain Allocates pools of unique identifier to domain controllers for use when creating objects

Infrastructure 1 per Synchronizes cross-domain group membership changes. The infrastructure master cannot run on a global
Master domain/partition catalog server (GCS)(unless all DCs are also GCs, or environment consists of a single domain)

Trust
To allow users in one domain to access resources in another, Active Directory uses trusts.[16] Trusts inside a forest
are automatically created when domains are created. The forest sets the default boundaries of trust, not the domain,
and implicit, transitive trust is automatic for all domains within a forest. As well as two-way transitive trust, AD
trusts can be a shortcut (joins two domains in different trees, transitive, one- or two-way), forest (transitive, one- or
two-way), realm (transitive or nontransitive, one- or two-way), or external (nontransitive, one- or two-way) in order
to connect to other forests or non-AD domains.[17]

Trusts in Windows 2000 (native mode)

• One-way trust – One domain allows access to users on another domain, but the other domain does not allow
access to users on the first domain.
• Two-way trust – Two domains allows access to users on both domains.
• Trusting domain – The domain that allows access to users from a trusted domain.
• Trusted domain – The domain that is trusted; whose users have access to the trusting domain.
• Transitive trust – A trust that can extend beyond two domains to other trusted domains in the tree.
• Intransitive trust – A one way trust that does not extend beyond two domains.
• Explicit trust – A trust that an admin creates. It is not transitive and is one way only.
• Cross-link trust – An explicit trust between domains in different trees or in the same tree when a
descendant/ancestor (child/parent) relationship does not exist between the two domains.
Windows 2000 Server – supports the following types of trusts:
• Two-way transitive trusts.
• One-way intransitive trusts.
Additional trusts can be created by administrators. These trusts can be:
• Shortcut
Windows Server 2003 offers a new trust type – the forest root trust. This type of trust can be used to connect
Windows Server 2003 forests if they are operating at the 2003 forest functional level. Authentication across this type
of trust is Kerberos based (as opposed to NTLM). Forest trusts are also transitive for all the domains in the forests
that are trusted. Forest trusts, however, are not transitive.
Active Directory 6

ADAM/AD LDS
Active Directory Application Mode (ADAM) is a light-weight implementation of Active Directory. ADAM is
capable of running as a service, on computers running Microsoft Windows Server 2003 or Windows XP
Professional. ADAM shares the code base with Active Directory and provides the same functionality as Active
Directory, including an identical API, but does not require the creation of domains or domain controllers.
Like Active Directory, ADAM provides a Data Store, which is a hierarchical datastore for storage of directory data,
a Directory Service with an LDAP Directory Service Interface. Unlike Active Directory, however, multiple ADAM
instances can be run on the same server, with each instance having its own and required by applications making use
of the ADAM directory service.
In Windows Server 2008, ADAM has been renamed AD LDS (Lightweight Directory Services).[18]

Integrating Unix into Active Directory

Varying levels of interoperability with Active Directory can be achieved on most Unix-like operating systems
through standards compliant LDAP clients, but these systems usually lack the automatic interpretation of many
attributes associated with Windows components, such as Group Policy and support for one-way trusts.
There are also third-party vendors who offer Active Directory integration for Unix platforms (including UNIX,
Linux, Mac OS X, and a number of Java- and UNIX-based applications). Some of these vendors include Centrify
(DirectControl), Computer Associates (UNAB), CyberSafe Limited (TrustBroker), Likewise Software (Open or
Enterprise), Quest Software (Authentication Services) and Thursby Software Systems (ADmitMac). The open source
Samba software provides a way to interface with Active Directory and join the AD domain to provide authentication
and authorization: version 4 (in alpha as of October 2009) can act as a peer Active Directory domain controller.[19] .
Microsoft is also in this market with their free Microsoft Windows Services for UNIX product.
The schema additions shipped with Windows Server 2003 R2 include attributes that map closely enough to RFC
2307 to be generally usable. The reference implementation of RFC 2307, nss_ldap and pam_ldap provided by
PADL.com, contains support for using these attributes directly, provided they have been populated. The default
Active Directory schema for group membership complies with the proposed extension, RFC 2307bis [20]. Windows
Server 2003 R2 includes a Microsoft Management Console snap-in that creates and edits the attributes.
An alternate option is to use another directory service such as 389 Directory Server (formerly Fedora Directory
Server) or Sun Microsystems Sun Java System Directory Server, which can perform a two-way synchronization with
Active Directory and thus provide a "deflected" integration with Active Directory as Unix and Linux clients will
authenticate to FDS and Windows Clients will authenticate to Active Directory. Another option is to use OpenLDAP
with its translucent overlay, which can extend entries in any remote LDAP server with additional attributes stored in
a local database. Clients pointed at the local database will see entries containing both the remote and local attributes,
while the remote database remains completely untouched.

See also
• FreeIPA
• Active Directory Explorer
• Directory Services Restore Mode
• Flexible single master operation
• List of LDAP software
• AGDLP (implementing role based access controls using nested groups)
Active Directory 7

External links
• Microsoft's Active Directory Page [21]
• Microsoft Technet: White paper: Active Directory Architecture [22] (Single technical document that gives an
overview about Active Directory.)
• Microsoft Technet: Detailed description of Active Directory on Windows Server 2003 [23]
• Microsoft MSDN Library: [MS-ADTS]: Active Directory Technical Specification [24] (part of the Microsoft Open
Specification Promise)
• Active Directory Application Mode (ADAM) [25]
• Active Directory Basics [26]

References
[1] http:/ / technet. microsoft. com/ en-us/ library/ cc780036(WS. 10). aspx#w2k3tr_ad_over_qbjd
[2] Windows Server 2003: Active Directory Infrastructure. Microsoft Press. 2003. pp. 1–8 – 1–9. ISBN 0-7356-1438-5.
[3] "Managing Sites" (http:/ / technet. microsoft. com/ en-us/ library/ bb727051. aspx). Microsoft Corporation-0-. . "An Active Directory site
object represents a collection of Internet Protocol (IP) subnets, usually constituting a physical Local Area Network (LAN)."
[4] "Organizational Units" (http:/ / technet. microsoft. com/ en-us/ library/ cc978003. aspx). Microsoft Corporation. 2010. . "An organizational
unit in Active Directory is analogous to a directory in the file system"
[5] Novell: Taking Things Out of Context: Using LDAP Contextless Login in Your Network, 01 Sep 2003 (http:/ / support. novell. com/
techcenter/ articles/ ana20030901. html)
[6] "Sites overview" (http:/ / technet. microsoft. com/ en-us/ library/ cc782048(WS. 10). aspx). Microsoft Corporation. 2005-01-21. . "A site is a
set of well-connected subnets."
[7] "Specifying Security and Administrative Boundaries" (http:/ / technet. microsoft. com/ en-us/ library/ cc755979(WS. 10). aspx). Microsoft
Corporation. 2005-01-23. . "However, service administrators have abilities that cross domain boundaries. For this reason, the forest is the
ultimate security boundary, not the domain."
[8] "Planning for domain controllers and member servers" (http:/ / technet. microsoft. com/ en-us/ library/ cc737059(WS. 10). aspx). Microsoft
Corporation. 2005-01-21. . "[...] member servers, [...] belong to a domain but do not contain a copy of the Active Directory data."
[9] "Directory data store" (http:/ / technet. microsoft. com/ en-us/ library/ cc736627(WS. 10). aspx). Microsoft Corporation. 2005-01-21. .
"Active Directory uses four distinct directory partition types to store [...] data. Directory partitions contain domain, configuration, schema, and
application data."
[10] Andreas Luther. "Active Directory Replication Traffic" (http:/ / technet. microsoft. com/ en-us/ library/ bb742457. aspx). Microsoft
Corporation. . Retrieved 2010-05-26. "The Active Directory is made up of one or more naming contexts or partitions."
[11] "What Is the Active Directory Replication Model?" (http:/ / technet. microsoft. com/ en-us/ library/ cc737314(WS. 10). aspx). Microsoft
Corporation. 2003-03-28. . "Domain controllers request (pull) changes rather than send (push) changes that might not be needed."
[12] "What Is the Global Catalog?" (http:/ / technet. microsoft. com/ en-us/ library/ cc728188(WS. 10). aspx). Microsoft Corporation.
2009-12-10. . "[...] a domain controller can locate only the objects in its domain. [...] The global catalog provides the ability to locate objects
from any domain [...]"
[13] "What Is Active Directory Replication Topology?" (http:/ / technet. microsoft. com/ en-us/ library/ cc775549(WS. 10). aspx). Microsoft
Corporation. 2003-03-28. . "SMTP can be used to transport nondomain replication [...]"
[14] Large AD database? Probably not this large... (http:/ / blogs. technet. com/ efleis/ archive/ 2006/ 06/ 08/ 434255. aspx)
[15] Active Directory Service Interfaces (http:/ / msdn. microsoft. com/ en-us/ library/ aa772170(VS. 85). aspx), Microsoft
[16] "Domain and Forest Trusts Technical Reference" (http:/ / technet. microsoft. com/ en-us/ library/ cc738955(WS. 10). aspx). Microsoft
Corporation. 2003-03-28. . "Trusts enable [...] authentication and [...] sharing resources across domains or forests"
[17] "How Domain and Forest Trusts Work" (http:/ / technet. microsoft. com/ en-us/ library/ cc773178(WS. 10). aspx). Microsoft Corporation.
2006-06-03. . Retrieved 2010-06-01. Defines several kinds of trusts. (automatic, shortcut, forest, realm, external)
[18] "AD LDS" (http:/ / msdn. microsoft. com/ en-us/ library/ aa705886(VS. 85). aspx). Microsoft. . Retrieved 2009-04-28.
[19] ""The great DRS success!"" (http:/ / people. samba. org/ people/ 2009/ 10/ 05#drs-success). SambaPeople. SAMBA Project. 2009-10-05. .
Retrieved 2009-11-02.
[20] http:/ / www. padl. com/ ~lukeh/ rfc2307bis. txt
[21] http:/ / www. microsoft. com/ windowsserver2008/ en/ us/ active-directory. aspx
[22] http:/ / technet. microsoft. com/ en-us/ library/ bb727030. aspx
[23] http:/ / technet. microsoft. com/ en-us/ library/ cc782657(WS. 10). aspx
[24] http:/ / msdn. microsoft. com/ en-us/ library/ cc223122. aspx
[25] http:/ / technet2. microsoft. com/ windowsserver/ en/ library/ 6a4ae393-17e9-425d-b619-969dab507a6d1033. mspx?mfr=true
[26] http:/ / etutorials. org/ Server+ Administration/ Active+ directory/
Article Sources and Contributors 8

Article Sources and Contributors

Active Directory  Source: http://en.wikipedia.org/w/index.php?oldid=378280275  Contributors: 2mcm, 7, AThing, Acdx, Achilees09, Adrian, Alereon, AlistairMcMillan, Alok.vij, Alro,
Amniarix, Anaxial, Andre Engels, Anteaus, Arjun01, Art LaPella, Av99, Avidmosh, Badgernet, Bairamkhan, Banano818, Barrylb, Bishtmech, Bobprime, Bookgrrl, Bookofjude, Borgx,
BrianWren, Canadian-Bacon, Canderson7, CanisRufus, Capricorn42, Cbustapeck, Chasingsol, Chopeen, Chuunen Baka, Chzwhl, Chzz, Conversion script, Coremayo, DMahalko, DRE, Dan East,
Defkkon, Defufna, DerHexer, Dhana82, Difu Wu, Disavian, Dlrohrer2003, Dogcow, DougsTech, Dpv, Dqd, DragonHawk, Drmies, Dysprosia, E. Ripley, E. Sn0 =31337=, EEMIV, EagleOne,
Eagleridge, Edupedro, Edward, Emendation, EnamelWildcat, Extra999, Falcon8765, Favonian, Ff1959, Finlay McWalter, Frap, Frencheigh, Gaff, GandalfDaGraay, Gary King, Gdarin, Gladmax,
Gohiking, Gökhan, Hephaestos, Here, Highlandsun, Huffers, Igoldste, Imamusic, Init, JEETENDRAKAPSE, James086, Jared Preston, Jay, Jeronim, Jesse Viviano, JesseGarrett, Jlundell, Joelster,
John Vandenberg, JohnWhitlock, Jonathonblocker, Julesd, Justinm99, Jwreigh, Jxan3000, KD5TVI, Kasperd, KathrynLybarger, Kevin B12, Kingpin13, Kitamozihr, Kl4m, Kozuch, Kramsallad,
Kungming2, Kycook, Kyle1278, Lankiveil, Ligulem, Lilac Soul, Limbo socrates, Luís Felipe Braga, Magnus.de, MarkWahl, MarsRover, Matlou, MaverickSolutions, Merlion444, Michael Hardy,
Michael McDonnell, Michaelsoft, MidgleyDJ, Mikemaccana, Millerj90, Mkdw, Moondyne, Moskvax, Mr little irish, Mrichards0, Muhgcee, Mullachv, Natalie Erin, Nikhilgulhane, Niklarin,
Njan, Noahspurrier, Nullie, Omicronpersei8, Opes, Orfen, PaulGarner, Paulprout, Peter bertok, Pgan002, Phatom87, Philip Trueman, Pill, Pinkadelica, Plugwash, Poccil, PoliticalJunkie, Prolog,
Psy guy, Public Menace, PuerExMachina, QTCaptain, Qvestchun, Qwirty, Rcsheets, Rdeluca, Redvers, Reedy, Requestion, RexNL, Rich Farmbrough, Ricky81682, Rillian, Rjwilmsi, Rlian,
Robinvasan, Roblu, Rosiehausler, Rupert Clayton, Rusty Russell, RxS, Ryan Norton, RyanG, SJP, Sahil 11186, Sam Hocevar, SamBBaran, Saruman7, SaulPerdomo, Scot72, Script1, Senator
Palpatine, Sendahmed, Shadowjams, Shane grimm, Sherly255, Sidonuke, Sietse Snel, Sillygates, Singhsro, SixSix, Soifranc, Soumyasch, SpaceFlight89, Spearhead, Spidern, SpuriousQ, Srice13,
StopBob, Sujay.shinde, Superm401, Suprax, Susfele, Susieber, Sveno, Syp, Ta bu shi da yu, Tactical, Tawker, TehRabbitt, Tellyaddict, Terence, TestPilot, Tfl, The Thing That Should Not Be,
Thedarxide, Thenoblenew, ThreeBlindMice, Tide rolls, Tim.alsop, Tobias Bergemann, Tom k&e, TomRawlinson, Totty3478, Tpk5010, Tristan Horn, Twimoki, Tyler.szabo, UltraViolet-64,
Uncle G, Unknown entity, Vegaswikian, Vladislav Artukov, W00tfest99, Warren, Whisky drinker, Wiki alf, Wikijeff, Windofkeltia, Wk muriithi, Wrs1864, Xenophonf, Xpclient, Yggdrasil42,
Ykhwong, Yooden, Zachlipton, Zaxxon, Zophar1, 804 anonymous edits

Image Sources, Licenses and Contributors

Image:ActiveDirectoryMMC.png  Source: http://en.wikipedia.org/w/index.php?title=File:ActiveDirectoryMMC.png  License: unknown  Contributors: Explicit, Fastily, Koman90, Kozuch,
Kubek15, Peter bertok, Thumperward, TinaSDCE, Warren, 12 anonymous edits
File:A help portal.gif  Source: http://en.wikipedia.org/w/index.php?title=File:A_help_portal.gif  License: unknown  Contributors: Zureks
File:Icons-mini-page tree.gif  Source: http://en.wikipedia.org/w/index.php?title=File:Icons-mini-page_tree.gif  License: unknown  Contributors: Avatar, Bayo, Rocket000
File:Icons-mini-page url.gif  Source: http://en.wikipedia.org/w/index.php?title=File:Icons-mini-page_url.gif  License: unknown  Contributors: Avatar
File:Icons-mini-folder.gif  Source: http://en.wikipedia.org/w/index.php?title=File:Icons-mini-folder.gif  License: unknown  Contributors: Avatar
File:Icons-mini-icon user.gif  Source: http://en.wikipedia.org/w/index.php?title=File:Icons-mini-icon_user.gif  License: unknown  Contributors: Avatar, Rocket000

License
Creative Commons Attribution-Share Alike 3.0 Unported
http:/ / creativecommons. org/ licenses/ by-sa/ 3. 0/