Active Directory is a Microsoft implementation of LDAP (Lightweight Directory Access
Protocol) consisting of a centralized database containing information
that will be used to authenticate users and locate resources. Aside from authentication,
AD also deals with authorization. The other process AD is
responsible for is accounting – documenting the authentication
and authorization for each user. As keeping multiple copies of databases
allowing singular access to objects is not feasible and it would leave the
system prone to vulnerabilities, AD stores information hierarchically and
allows for centralized computer management.
Authentication – who are you?
(Username/password)
Authorization – What
access/permissions do you have?
Accounting – Logging of your
activity.
AD comprises of two
object categories:
· Resources - for example:
Printer queue data
· Security - for example:
Differentiation between system administrator and a normal user
Generally the benefits of using Active Directory revolve
around the centralized management feature, but network administrators can also
write scripts for controlling group policy, automating administrative tasks
(assigning software to machines on the domain, managing printers, setting
permissions for network users etc.) or use AD as a phone book to retrieve
contact details for the users on the system.
OU – Organizational Units are AD’s criteria
boxes, which can be split down in subcategories, allowing the system
administrator to allocate resources / grant access according to narrower ranges
of sub-criteria. For example, OUs allow you
to setup access for a new geographical location (e.g. Spain) in organization X. In
the Spain OU, two more OUs will be created
for Sales and Purchasing departments, in Sales two
other OUs for Technical and Operations. For each of these OUs, the
administrator will then create the users and authorize authentication and
resource access.
Requirements
ADDS run on Windows 2000 and any later editions, but client applications can be produced
for and run on earlier versions like Windows NT 4.0 or Windows 95.
No comments:
Post a Comment
Did you find our blog useful? Let us know! We would love to hear your thoughts, opinions and comments regarding any of our blog posts.