Windows Active Directory is a directory service that was created by Microsoft in 1999. Released in 2000 with the Windows 2000 Server edition, Active Directory has since been revised on several occasions and now offers optimized functionality, administration and security. Active Directory simplifies both the organization of business information and the implementation of security access policies.
How does Active Directory work?
Active Directory enhances the organization, administration and security of a business network by hierarchically arranging and centralizing all of the business’s objects. Objects in this context fall into two categories: resources and security principals. Resources refer to business equipment (printers, servers, computers, et cetera) whereas security principals refer to user and group accounts. As security principals must possess and adhere to access parameters, they are therefore assigned unique security identifiers or SIDS for an additional layer of data protection. Each object represents a single resource or security principal and all of its associated attributes that are defined by a schema. Although schemas may be modified, extended or limited whenever the need arises, an object once created may never be deleted only deactivated.
Active Directory simplifies network administration by categorizing objects into three levels of hierarchy: domain, tree and forest. Here is an example. First an object is placed into an appropriate domain: let us say that the object “user account John Smith” at ABC Corp. is grouped into the domain name “Boston Branch.” A domain is then placed into an appropriate tree: “Boston Branch” is grouped into the tree “Eastern Region.” Trees are then placed into the appropriate forest: “Eastern Region” is grouped into the forest “ABC Corp.” The forest – the top of the hierarchy – represents the boundary of access for all objects.
Objects within domains may be further organized using Organizational Units or OUs. User John Smith for example may be placed into the OU entitled “Marketing” which would be a group account within the fictitious ABC Corp. OUs simplify the administration of a domain – grouping domain objects together by managerial and geographic relevancies - thus further enhancing holistic network management. In fact Microsoft recommends utilizing OUs for structure and the implementation of policies (as opposed to domains, trees or forests). Microsoft specifically recommends OUs as the appropriate level for the implementation of group policies (which are themselves objects, called Group Policy Objects), but keep in mind that objects placed within OUs do not obtain the relevant access privileges until they are placed within the actual group contained within the OU.
Active Directory is mainly used to set up, maintain, monitor and modify policies. By hierarchically organizing all business computers, servers, users and groups within a network, Active Directory makes it easier to administer the appropriate settings for every object and domain. Group policies further simplify the process as they quickly apply settings and security access parameters to all of the objects within a particular OU. And if a user in a particular domain requires information from another domain, no problem: Active Directory utilizes trusts as a means of sharing business resources. Trusts are automatically implemented whenever domains are created. For additional security, Active Directory allows administrators to decide between one-way and two-way trust. In the former, one domain may be accessed by users of another domain but the other domain does not allow reciprocal access. In the latter, two-way access is allowed. One-way trusts should be utilized in situations where one domain is privy to more sensitive information that the other should not have access to under any circumstances.
What are the benefits of Active Directory?
Active Directory has several benefits for a business network:
· Optimized organization of business objects
· Hierarchical organization for further clarity
· Centralization of business objects in an administrative console
· Optimized network administration
· Optimized network security through the easy implementation of policies
· Quick implementation of group policies
· Easy scalability
· Time saved from optimized administration frees up business resources
· Microsoft Exchange Server extends Active Directory by creating objects unique to Exchange as well as adding Exchange attributes to existing objects
· Active Directory trusts allow users in one domain to access resources in another
Want to learn more?
Please feel free to contact Bryley Systems with any questions or concerns you may have regarding Windows Active Directory and we will promptly schedule you for a free consultation. Call 978.562.6077 or email Sales@Bryley.com today.
References
Microsoft Corporation
www.Micorosft.com
Subscribe
Business Technology Solutions Since 1987