Active Directory/AD:
For authentication and authorization on window platform, Microsoft itself provide a directory service that known as Active Directory. It is a centralized repository for user credentials.
It is a directory service, dispersed in structure, used for securing, updating, managing and organizing computers based on window’s OS at very large scale. It divide whole window base infrastructure to groups, users and network devices. AD saves data as objects; these objects are individual such as group, device or services.
Example: An organization have 100 employee and these 100 employees associated with different user groups. Therefore, by using AD we can implement policy to different group and in sort span of time and we can successfully implement policy for 100 employees. We do not need to set it up for every computer of the organization, instead just set it on the AD and it will be applied to every computer of the organization.
Note: Mostly it implemented on large scale so it pose large attack surface also.
Benefits
i. To implement any policy on groups basis becomes very easy; from the centralized managed AD sever.
ii. Easier to administer and more secure and no need to maintain user accounts on each resource.
