ACTIVE DIRCTORY
What is active directory?
- Directory service is developed by Microsoft to manage windows domain networks.
- Store information related to objects, such as computer, user,printers etc.
- Its like a phone book to windows.
- Authenticate using users Kerberos ticket.
- Non-windows devices, such as Linux machines, firewalls, etc.
- Can also authenticate to Active Directory via RADIUS or LDAP.
Why is active directory?
- Active Directory is the most commonly used identity management service in the world.
- 95% of fortune 1000 companies implement the service in their networks.
- Can be exploited without ever attacking patch able exploits.
Benefits of Active Directory
Active Directory simplifies life for administrators and end users while enhancing security for organizations. Administrators enjoy centralized user and rights management, as well as centralized control over computer and user configurations through the AD Group Policy feature. Users can authenticate once and then seamlessly access any resources in the domain for which they’re authorized (single sign-on). Plus, files are stored in a central repository where they can be shared with other users to ease collaboration, and backed up properly by IT teams to ensure business continuity.
How does Active Directory work?

The main Active Directory service is Active Directory Domain Services (AD DS), which is part of the Windows Server operating system. The servers that run AD DS are called domain controllers (DCs). Organizations normally have multiple DCs, and each one has a copy of the directory for the entire domain. Changes made to the directory on one domain controller — such as password update or the deletion of a user account — are replicated to the other DCs so they all stay up to date. A Global Catalog server is a DC that stores a complete copy of all objects in the directory of its domain and a partial copy of all objects of all other domains in the forest; this enables users and applications to find objects in any domain of their forest. Desktops, laptops and other devices running Windows (rather than Windows Server) can be part of an Active Directory environment but they do not run AD DS. AD DS relies on several established protocols and standards, including LDAP (Lightweight Directory Access Protocol), Kerberos and DNS (Domain Name System).
It’s important to understand that Active Directory is only for on-premises Microsoft environments. Microsoft environments in the cloud use Azure Active Directory, which serves the same purposes as its on-prem namesake. AD and Azure AD are separate but can work together to some degree if your organization has both on-premises and cloud IT environments (a hybrid deployment).
How is Active Directory structured?

Keep in mind that a domain is a management boundary. The objects for a given domain are stored in a single database and can be managed together. A forest is a security boundary. Objects in different forests are not able to interact with each other unless the administrators of each forest create a trust between them. For instance, if you have multiple disjointed business units, you probably want to create multiple forests.
What’s in the Active Directory database?

Comments
Post a Comment