Security

Understand Active Directory basics for enterprise success



Q

Get started
Bring yourself up to speed with our introductory content.

You can’t get the most out of a tool unless you understand its features. This tip explains the basics of Active Directory and how it controls access and maintains order.


Consistency and clarity are necessary when managing a company’s resources. Administrators need to know the Active…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

Directory basics to see how the different services in this Microsoft tool work together for centralized management.

Active Directory is a combination of several services that run on Windows Server. Administrators new to IT should work to understand the Active Directory basics and how major enterprise applications, such as Exchange Server, depend on this directory service.

Active Directory Domain Services is the foundation

At the heart of Active Directory is Active Directory Domain Services (AD DS). When administrators discuss AD, they usually mean AD DS, which maintains a database of information for devices, resources, users and groups within the domain. AD DS defines user rights and verifies user credentials on the network.

AD DS defines user rights and verifies user credentials on the network.

AD DS runs on a server or server cluster called the domain controller. Each time a user logs in, accesses a network resource or runs an application, the AD domain controller authenticates the request. Corruption in the AD database or the failure of the domain controller server can devastate an enterprise, so administrators often set up AD DS on a server cluster for automatic replication and synchronization for resiliency and added performance.

Other services that rely on AD DS

Active Directory includes several other services that require AD DS as a foundation. For example, smaller organizations can use Active Directory Lightweight Directory Services, which functions almost identically to AD DS but does not need domains or separate domain controllers.

Active Directory Certificate Services creates, validates and revokes public key certificates used to encrypt files, emails, virtual private network traffic and Transport Layer Security/IPsec network traffic.

Active Directory Federation Services provides a single sign-on service to give users access to resources or services — typically outside of the enterprise — using one set of credentials.

Finally, Active Directory Rights Management Services controls encryption and access control for email, documents and web content.

Active Directory basics: Objects and OUs

The basic component in Active Directory is an object. Each object, such as resources — computers or printers — or individuals or groups, has an array of attributes based on an established schema. Admins cannot delete objects, only deactivate them.

IT can gather objects within a domain into organizational units (OUs) that make structural sense, such as by geographic location or business division, for resource management. Administrators can then apply group policies and administrative tasks at the OU level.

Active Directory also works across a series of levels. The domain is the lowest level and generally includes objects organized into a single database.

Trees are collections of one or more domains connected by a trust relationship. The forest is the highest level, which collects trees into a global structure and represents the ultimate boundary for accessibility in Active Directory. Objects are typically not accessible outside of the AD forest.


Dig Deeper on Microsoft identity and access management


Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever’s puzzling you.






Source link

Tags

About the author

GG

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *

Do NOT follow this link or you will be banned from the site!