What is Active Directory in networking?
|
Active Directory (AD) is a proprietary directory service developed by Microsoft® to manage the authentication and authorization of users and machines on a Windows domain network. Active Directory was first released in 2000 and runs on Windows Server. Since 2000, it has become the umbrella brand for a broad
assortment of directory-based identity services from Microsoft. The main component of Active Directory is Active Directory Domain Services (AD DS), which verifies access when a user logs in to a system or tries to connect to one over the network, as well as assigns and enforces security policies. A server running Active Directory Domain Services is a Domain Controller. Other Active Directory services include Lightweight Directory Services (AD LDS), Federation Services (AD FS), Rights Management
Services (AD RMS), and Certificate Services (AD CS). In December 2016, Microsoft released Azure AD Connect to join an on-premises Active Directory system with Azure Active Directory (Azure AD) to enable single sign-on (SSO) for Microsoft’s cloud services, such as Microsoft Office 365. Data is stored in Active Directory as objects and organized by name and attributes. A group of objects that share the same Active Directory database is called a domain. One or more domains with a common
schema and configuration constitute what is known as a tree. The top tier of Active Directory’s logical structure is a forest, which is made up of a group of trees. A forest constitutes Active Directory’s security boundary. For attackers, Active Directory is the keeper of the crown jewels. When threat actors compromise a network, they typically try to elevate their privileges so they can move to more critical systems, access sensitive data, and gain a broader foothold in the environment to
maintain persistence. As a result, attacking Active Directory and obtaining administrator-level access is one of the attackers’ chief goals. This is typically done by using tools such as BloodHound, which is an open-source application used for analyzing the security of Active Directory domains and revealing the potential for escalating access entitlements. Once the cyber-attackers have uncovered hidden or complex attack paths that can potentially compromise the security of the network, they then
use tools such as Mimikatz to steal the necessary credentials. The targeting of Active Directory by attackers makes Privileged Access Management (PAM) a vital part of enterprise security. PAM tools fall into three categories: privileged account and session
management (PASM), privilege elevation and delegation management (PEDM), and secrets management software. Ideally, these capabilities should be fully integrated into an underlying platform to avoid the silos that come from point solutions. With Privileged Access Management, organizations can use session monitoring, granular access controls, and password vaulting to provide
an extra layer of protection for privileged accounts. These protections should be part of a layered approach to security that also involves continuous monitoring of Active Directory for suspicious activity. Other directory services on the market that provide similar functionality to Active Directory, and attract the same attention of cyber adversaries, include IBM Red Hat Directory Server, Apache Directory, and OpenLDAP. Intermedia newsIf you work in IT management, chances are that you are well-versed in using Active Directory, a database service developed by Microsoft for Windows network domains. But even if you aren’t an IT administrator, it’s still worth learning what Active Directory is and what it does because it plays such a fundamental role in keeping a company’s network secure. Read on to find out everything you need to know about Active Directory, including how you can streamline the management of your directory if your company uses Intermedia products. What Is Active Directory?Active Directory, also referred to as AD, is a live directory that stores account login data and information on other resources within the network. As a directory service, it uses a hierarchical structure to organize information. Unlike a basic database, which is simply a storage tool, AD is dynamic – it lets IT administrators search and manage the resources on the database so they can constantly ensure the network hierarchy is organized properly. What Information Is Stored on Active Directory?Active Directory stores information as “objects.” In the world of AD, objects are any resources within the network, such as:
There are two types of objects in Active Directory.
So, you know that objects are the network resources – but what about the detailed info for each object? Details or attributes for each object are known as “values.” Each object will have a set of values that define what the object is. For a user account, the values will include things like department, employee ID, and contact information. An easy way to visualize what the objects and values are is to compare Active Directory to the “contacts” app on your mobile device. On your phone’s “contacts” app, your individual contacts are like the objects on AD. And the contact information for each contact – phone number, email address, and notes – are like the values on Active Directory. What Does Active Directory Do?AD serves as a centralized security management solution that houses all network resources. The purpose of Active Directory is to enable organizations to keep their network secure and organized without having to use up excessive IT resources. For example, with AD, network administrators don’t have to manually update every change to the hierarchy or objects on every computer on the network. They simply do it once in Active Directory. It’s also necessary for managing security authentication because only authorized users (stored in AD as objects) can log on to network computers. Here are some of the benefits of using AD:
How Many Businesses Use Active Directory?Tens of thousands of companies use Microsoft Active Directory, including about 90 percent of Fortune 1000 companies. In recent years, some users have switched to Microsoft Azure Active Directory, which is a cloud-based identity and access management solution that works much in the same way as the original AD. The difference between Azure Active Directory (AAD) and Active Directory is that some of the functions that are manual on AD are automatic on AAD. For example, if you already have AD, Azure AD will sync existing identities to the cloud. Also, in Azure AD, administrators can use a query to include users in a group instead of assigning membership manually every time. How Intermedia Users Can Experience Even More Ease with Active DirectoryNetwork management becomes even more efficient when you use Intermedia applications. That’s because Intermedia comes with a useful account management tool called UserPilot. UserPilot syncs values – such as your users’ job title, department, phone number, and password – with your Intermedia services. As a result, your users can access their work computer and Intermedia applications using one login. This easy and secure sign-on can happen when employees are working from wherever – from home, from the office, or while traveling – as long as they’re logging on using a device that’s in your Active Directory. UserPilot also lets administrators automatically add new users to Active Directory, simplifying the setup process for each new hire. Additionally, they can update user properties with all the information gathered from AD. To learn more about using UserPilot with Active Directory, visit our Knowledge Base article on getting started with UserPilot. You can also contact our expert team for help if you have any questions! What is the main purpose of Active Directory?Active Directory (AD) is Microsoft's proprietary directory service. It runs on Windows Server and enables administrators to manage permissions and access to network resources. Active Directory stores data as objects. An object is a single element, such as a user, group, application or device such as a printer.
What is an example of Active Directory?An example of an Active Directory domain name would be “ad-internal.company.com,” where “ad-internal” is the name you are using for your internal AD domain, and “company.com” is the name of your external resources.
What are the 5 roles of Active Directory?Domain Naming Master – one per forest. Relative ID (RID) Master – one per domain. Primary Domain Controller (PDC) Emulator – one per domain. Infrastructure Master – one per domain.
What are 3 main advantages of Active Directory?The Top 3 major benefits of Active Directory Domain Services are: Centralized resources and security administration. Single logon for access to global resources. Simplified resource location.
|
