Active Directory (AD) is Microsoft’s implementation of directory services. It is based on various standards, but the most important standards are LDAP and X.500 ( a schema based on X.500).
In addition to compliance with LDAP, AD has a few additional features and compatibility such as the close integration of the directory services to Windows domains and Domain Name Service (DNS). The alliance of directory services to Windows domains is the main point to directory scalability. AD security, authentication, and access control are also provided by the combination of the domains to the directory. While this approach works well, the integration of AD to Windows domains forces the choice of Active Directory services when selecting the Windows 2000 operating system.
Security Feature
AD security is not a single setting; it is a compilation of settings that has a few phases and can become very complicated.
The default AD security settings does the basic control of objects, such as user accounts, group accounts, and computer accounts. In small companies, this default configuration might be enough. However, larger companies’ built-in security will be outgrown quickly and additional security settings and design is needed. In order to ensure a secure and stable IT infrastructure, regardless of the size of the company, a firm grasp of AD security settings is required.
During the design phase of AD, the security of AD objects should be considered and documented. The objects that need to be considered for security include:
- Domain controllers
- Servers
- User accounts
- Group accounts
- Client computers
- GPOs
- OUs
The security design for AD must be fulfilled properly in order for it to be effective. Failure to follow the assigned design documents will result the AD to be vulnerable to attacks from both within and outside of the LAN. In addition, AD security is very difficult to audit and track if was not set up with precaution.
Another key aspect of AD security is management. The management phase is important as at this stage that ongoing AD security must be properly maintained. Whether it is giving users the ability to add members to groups or locking down computers that are located in the reception area, the management of the security for AD must be procedural and consistent.
Hi! I think your post on Active Directory is well organised and really help me to understand. Besides explaining AD you also mentioned the security features which most of our classmates did not bring out.
ReplyDelete