For authentication and authorization on window platform, Microsoft itself provide a directory service that known as Active Directory. It is a centralized repository for user credentials.
It is a directory service, dispersed in structure, used for securing, updating, managing and organizing computers based on window’s OS at very large scale. It divide whole window base infrastructure to groups, users and network devices. AD saves data as objects; these objects are individual such as group, device or services.
Example: An organization have 100 employee and these 100 employees associated with different user groups. Therefore, by using AD we can implement policy to different group and in sort span of time and we can successfully implement policy for 100 employees. We do not need to set it up for every computer of the organization, instead just set it on the AD and it will be applied to every computer of the organization.
Note: Mostly it implemented on large scale so it pose large attack surface also.
i. To implement any policy on groups basis becomes very easy; from the centralized managed AD sever.
ii. Easier to administer and more secure and no need to maintain user accounts on each resource.
iii. Gives facility of SSO (Single sign on) means to get access of all integrated windows services. So no need to enter credentials multiple times for different services.
iv. Easy to push any configuration settings like registry, software upgrade or any installation.
v. It provide distributed administrations as different group admin can implement different policies.
vi. It provides scalability by using organizational units.
i. It requires skilled professionals to setup whole environment. Therefore, it might be costly.
ii. It not so effective in cloud environment.
Components of Active Directory
i. Domain Service/DS: It is a framework for domain management and it will communicate between users and domain because it contain…