Microsoft’s Active Directory Security Feature

What is Microsoft's Active Directory?

It is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Active Directory serves as a central location for network administration and security. It is meant for authenticating and authorizing all users and computers within a network of Windows. It is also responsible to assign and enforce security policies for all computers in a network and installing or updating software on network computers. The Microsoft Active Directory uses Lightweight Directory Access Protocol (LDAP).

This active directory is designed to handle a large number of read

and search operations, and a significantly smaller number of changes and updates. Microsoft's Active Directory is hierarchical, replicated and extensible. As it is replicated, users would not want to store dynamic data. There are three partitions; domain, schema and configuration. The domain partition contains users, groups, contacts and many other object types. The schema partition contains classes and attributes definitions. Whereas, the configuration partition contains configuration data for services, partitions and sites.

Microsoft's Active Directory Security Features

• Centralized data store - All data in the Active Directory are represented in a single, distributed data store. This allows users to have an easy access to the information from any location. This also requires less administration, less duplication and improves the availability and organization of data.
• Integration with the Domain Name System (DNS) - Active Directory uses DNS, an Internet standard service that translates easily readable host names to numeric Internet Protocol (IP) addresses. Active Directory clients uses DNS to locate domain controllers.
• Policy-based administration - In Active Directory, policies are used to define the permitted actions and settings for users and computers across a given site, domain, or an organizational unit.

• Replication of information - Active Directory provides multi master replication technology to ensure information availability, fault tolerance, load balancing and other performance benefits.
• Flexible, secure authentication and authorization - It provides protection for data while minimizing barriers to doing business over the Internet. Active Directory supports multiple authentication protocols, such as the Kerberos version 5 protocol and Secure Sockets Layer (SSL). Active Directory also provides security groups that span domains.
• Security Integration - Active Directory is integrated with Windows Server 2003 security. Access Control (ACL) can be defined for each object in the directory and on each property of each object. Security policies can be applied locally, or to a specified site, domain or an organizational unit.
• Signed and encrypted LDAP traffic - By default, Active Directory tools in Windows Server 2003 sign and encrypt all LDAP traffic. Signing LDAP traffic guarantees that the packaged data comes from an unknown source and that it has not been tampered with.