How do you design an ad server
Active Directory and Domain - simply explained
An IT administrator often speaks of in connection with permissions and resource allocation Active Directory or one domain. With today's article we would like to shed some light on the subject and explain which functionalities Active Directory or a domain have and how they can support security and the allocation of rights.
Explained using a simple example
To simplify the explanation, let's start with an example.
100 employees work in a company. All employees must be able to log on to all 100 company computers, but are only allowed to use the resources (printers, folders, databases) to which they have access according to the written authorization concept.
In order not to have to set up 100 user accounts on all 100 computers (a total of 10,000 accounts) and to create different rights individually and manually, all information centrally in a directory service (Active Directory). This not only makes the administrator's work easier when creating user accounts, but also when managing them, since, for example, when an employee changes their password, this only has to be entered centrally in the Active Directory and does not have to be changed on all 100 computers.
The administrator must also assign different authorizations, as not everyone is allowed to access the personal printer or the customer database, for example. So that the admin does not have to set this individually and manually for each of the 100 employees, he sets up different groups (domains) that contain different authorizations and assigns the individual employees to the corresponding domain. For example, he sets up the personnel group (domain) with certain rights and assigns all employees from the personnel department to this group. These can now automatically access the employee database or the personal printer, for example, but not all other employees.
In most cases, however, it is advisable to create just one domain with different organizational units that contain different guidelines.
What is an Active Directory?
Active Directory is a central directory service from Microsoft. Active Directory is like a phone book in the company intranet, as it saves detailed information (for the user, e.g. name, e-mail address) in a central database. With the help of the Active Directory, a central administration and control of a network is possible.
Active Directory offers another advantage for the administrator because it allows all objects centrally (This means users but also computers, printers, file folders, etc.), which simplifies the administration of all objects in a network.
Active Directory offers an advantage for employees because they can access all resources (printers, folders, software, databases) assigned to them from different computers within the company network with a single central login (Windows login).
Active Directory therefore supports the structuring of the network and technically reproduces the organization with all rights and authorizations.
What is a domain?
A domain on the other hand represents one independentsecurity area that can be managed centrally.
The Active Directory includes at least one domain. Each domain has its own security area with guidelines and relationships that then determine which employee can log in with which password and which objects they can access. In each domain, only information about the objects contained in the respective domain (users, folders, hardware components such as printers, etc.) is saved.
The information is not stored locally on the respective computers but centrally on a server (so-called domain controller).
The individual domain can be further structured with the help of organizational units, which then also contain different guidelines. This is more common in practice, as creating and managing multiple domains means more administrative effort.
Security with Active Directory or domains
On the one hand, Active Directory or domains can support security by coordinating permissions and rights. On the other hand, however, it must also be noted that these functionalities themselves are also exposed to a number of technical and non-technical threats.
For this purpose, the Federal Office for Information Security (BSI) has listed the individual threats and enumerated measures to ensure safe use.
About the author
Data protection and IT (security) serve to protect privacy and corporate values. Maintaining these interests and working in two diverse and interesting areas at the same time is my passion. more →
As experts in data protection, IT security and IT forensics, we advise companies across Germany. Find out more about our range of services here:
IT security advice
- What was your most embarrassing situation
- How can you delete Chats in Discord
- What does the development of a country mean
- Use real guns in movies
- How will Trump not be charged
- What are the basics of love sex
- Stephen King is a mediocre writer
- How is the average walking speed calculated
- Can WhatsApp become more racist
- Is Toyota better than Honda
- Zombies think they are alive
- Can you sharpen a knife with stones?
- Is Donald Trump really a nationalist?
- Is nicotine gum alone harmful to health
- Is Stephen Amell really dead in Arrow?
- When will Rajinikanth enter politics
- Why do the Chinese like red
- How much do forex partners earn
- What are the top e-learning portals
- How much is fifty pence
- Hate what when questions
- How can children learn with animated games
- What is underground mining
- Why did God make life a secret?
- What is a masonic ring finger
- How many liters are in a kiloliter
- Which is better Godaddy or WordPress
- What makes you cry uncontrollably?
- How do you start asking questions
- How can I overcome self-doubt
- How do I get to fractal analytics
- How do Methodists differ from other denominations?
- Is white rice good for health?
- Asians worship white people