Active directory turns 20 this year!
There is a lot of talk in the community about whether AD is outdated and whether other Cloud-based directory services will replace AD. Before we jump to any conclusion, lets first understand AD in its entirety.
Active Directory (AD) is a Microsoft’s Directory Service for Windows domain networks. Active Directory handles centralized domain management and directory-based identity-related services. It is a framework on which other services such as Certificate Services, Federated Services deployed.
How does Active Directory work?
Active Directory stores data as objects. An object is an element, which may be user, group, application, or device, such as a printer. Objects are general resources –such as printers or computers — or security principals — such as users or groups.
The server which runs Active Directory Domain Service(AD DS) is called a domain controller. Authenticating and authorizing all users and computers in a Windows domain type network is done by AD DS. When a user login into a computer then the active directory checks the submitted user and password and determines whether the user is a system administrator or user. It manages and stores information, provides authentication and authorization mechanisms, and makes a framework to deploy related services: Certificate Services, Active Directory Federation Services, Lightweight Directory Services, and Rights Management Services.
Active Directory Services :
Following are the services provided by Active Directory :
1. Domain Services – stores information of members such as users, devices, their access rights, and credentials. The server running this service is called a domain controller.
2. Lightweight Directory Services – it is an implementation of LDAP protocol
3. Directory Federation Services – It is a single-sign-on (SSO) service. It may be useful when a user is registered with several web services with the same credentials. So federation services enable us to use the same credentials for different networks.
4. Certificate Services – It creates and validates public key certificates for an organization. We can use these certificates to encrypt files, emails, and network traffic.
5. Rights Management – It provides development and management tools to help organizations to protect information.
AD objects :
The individual component of an organization is called Objects in Active Directory. Active Directory stores data as objects. Following is the list of AD Objects :
- Contact: A contact object is used to store the contact of vendors or suppliers, who are not in the employ of the organization. Only the name of the person and the contact details are stored.
- User: Member of the organization in the AD is denoted by a User. The user contains information about the first name, last name, email address, and associated groups.
- Printer: This object contains information about all the printers in the network
- Computer: This object contains information about all the computers in the network
- Shared folder: This allows users to access folders from other computers on the network that have been marked as shared. Only folders, and not individual files, can be shared. If you want to share an individual file then it should be placed inside a shared folder.
- Group: It is a collection of directory objects. It contains computers, users, other groups, and other AD objects. Group has 2 types
- Distribution groups – used with emails application to send emails to the collection of users.
- Security groups– used to assign access to resources on the network
E.g For your organization, if you want to give access to certain documents to only particular departments. Network administrators will create a group containing all members of the department and provide them to access file servers containing that document.
- Organizational units (OUs): OUs help in structuring your network resources in an easy to locate manner. In OU you can place users, printers, computers, groups, and other OUs.Each domain can create its own OUs.
- Builtin: Several user accounts and group accounts are automatically created when you install an active directory for the first time.
Benefits of Active Directory :
Here are some benefits of AD:
- Central Storage– Active Directory provides a centralized storage repository for users’ files. If you save your files on the central server then other users of the domain can access them.
- Better Backup– If a user’s machine is attacked by a cyberattack, all of the files on that machine may become inaccessible. However, if they were saved to a central storage location, it would be easily recovered from central storage.
- Cut Costs– Active Directory is easy to scale up or down.
- Improved Security– As the network administrator has control over the domain in AD, they can implement new security measures when necessary. This can include installing new antivirus software onto each machine, or making sensitive documents inaccessible so they don’t fall into the wrong hands.
Cloud-based Directory Services:
There have been many new entrants in this space with the likes of Okta, JumpCloud, and others that are providing alternatives to what was the market-leading directory service. Enterprises are more distributed than ever before and applications are being deployed in Cloud making it imperative to have a directory service that can be centrally administered and managed. Microsoft with its Federated AD service in Azure (ADFS) has provided an extension of AD in the cloud. Okta, a pure SaaS service provider, is another alternative for businesses looking at a cloud based SSO solution.
Neova has expertise in Active Directory, Azure ADFS, Okta, and JumpCloud and can help organizations integrate their application with one or multiple of these directory service providers.