Active Directory

Active Directory

As your organization grows, it is difficult for users and administrators to locate resources distributed within the organization. To locate a file in the network, you must have knowledge of the name of the required file, the server name on which it is located, and its folder path. This might be not so cumbersome on a small network, but as the network expands, it becomes quite a challenging task. A solution for this is the implementation of a directory service. Imagine an electronic phone directory that lets you look for an employee name and obtain the relevant phone number, address, or other information without having to know or remember the details. A Directory service is a vessel that provides a hierarchical organizational structure and allows you to store objects for fast and easy access and operations to be performed on them. In addition to pinpointing resources, AD uses authentication facilities of the protocol named Kerberos, and Single Sign-On (SSO). SSO allows for a user to have only one set of credentials to grant them access across the entire collection of resources and services using the same given set of credentials. A ticket is issued to the user after Kerberos authenticates the credentials, and that ticket is used by the user to gain access to the resources and services. This makes management of users easier since it acts as a source for all the User and PC related data. AD uses LDAP as the access protocol and depends mainly on DNS as its locator service. The AD contains information about objects in the organization including users, computers, or printers. Several objects can be grouped into a parent object in a nested architecture. Active Directory mainly provides the following features:

  • Simplified user and network-resource management
    You can build ordered information structures that manage organizational credentials and further security settings,thus making it easier for your users to find resources like files and printers on the network.

  • Flexible, secure authentication and authorization
    Protection for data can be provided through the flexible and secure authentication and authorization services while minimizing obstacles to doing business over the Internet. Kerberos V5 protocol, Secure Sockets Layer (SSL) v3, and Transport Layer Security (TLS) (X.509 v3 certificates) are the authentication protocols supported by Active Directory, and they also support security groups that span domains efficiently.

  • Directory consolidation
    You have the ability to organize and streamline the management of users, computers, devices, and even applications, reducing and simplifying the effort by users to find information they require. You have the option of making use of sync support using Lightweight Directory Access Protocol (LDAP)-based interfaces, as well as the option of working with directory consolidation requirements that your applications need.
  • Directory-enabled applications and infrastructure
    With Active Directory it is much simpler for you to manage and configure applications and other network components that are directory-enabled.

  • Scalability without complexity
    In an instance where you have millions of objects per domain, Active Directory has the ability to scale up. Performance enhancements such as indexing technology and advanced replication technique are also available.

  • A powerful development environment
    Your development environment is strengthened with Active Directory Service Interfaces (ADSI) with an object-oriented interface for AD. Through ADSI, creating directory programs through high level tools such as MSVB, Java, C or Visual C++ is easy for programmers and administrators because they do not have to worry about the basic differences between the different namespaces.

  • Replication and trust monitoring
    Windows Management Instrumentation (WMI) classes are provided by AD to monitor whether Active Directory information is properly replicated by the domain controllers and the functionality of the trusts.

  • Message queuing & distribution lists
    Sending messages to distribution lists hosted in the AD is enabled through Message queuing (also known as MSMQ).