First off what is windows active directory?
Windows Active Directory is a directory service developed by Microsoft for Windows domain networks.
A domain network is where lots of computers, users, and resources are managed by a centralized directory service.
Imagine you have a bunch of computers all over the place, these computers need access to certain files and resources.
Some computers require access to certain files and resources while others don’t.
These computers also need to be monitored and kept up to date for security reasons.
Well, that’s simple enough to do when you have two or three computers, but what happens if you have 100, 1000, 10’000?
That’s where Active Directory comes in.
Active Directory helps an organization/business maintain, monitor and manage all the devices and the users that use those devices.
It’s the domain where all devices connected to it can be easily managed and monitored.
That’s cool and all, but how does it do this?
Active directory has multiple ways to help manage and maintain it’s users and devices that are connected to its domain.
Here’s how it does that:
User Management
User management in active directory is exactly how it sounds.
It allows for the management of users and their devices, to allow certain users to access certain resources, while others not.
Each user gets their own user account and credentials to log into their account on their computer that’s connected to the active directory or otherwise known as domain controller.
Group Management
Group management is similar to user management but a little bit more awesome in my opinion.
Group management in Windows Active Directory takes those users that were created and groups them together for easier management.
In an organization/business you may have an HR department, sales team, and an accounting department.
Instead of giving permissions to every single user that’s on the domain controller and trying to figure out which user belongs to which department so you don’t give them the wrong permissions.
You create a group, set the permissions, resource sharing, etc., for that group, then add the users that are meant to be in that group.
This gives the administrator of the AD the ability to manage, edit, and change the groups/departments permissions, access control, resource sharing, and a lot more, with relative ease.
Users in that group will gain whatever the AD administrator set rather than the admin having to edit each user individually.
You of course can still edit each user’s account on its own within their departments.
You might have a manager in the accounting department that gets access to certain files that the others don’t, for example.
This just helps with managing and monitoring, especially if you have a large organization with 100s or 1000s of employees.
Security and Access Control:
Going a bit more in depth now we have Security and Access Control.
How can having an Active directory make your organization/business more secure and what is access control?
Let’s start with security
It helps give authorization for certain privileges within the organization to the right users. This stops the wrong people from gaining access to resources they shouldn’t be able to have access to.
Let’s say you have 10 employees in the accounting department.
5 Employees are brand new just hired, and the other 5 are seniors and have been there for years.
The senior accountants in your organization would have certain privileges and authorization that the newbies don’t.
They have earned the organizations trust and have been given access to certain accounts.
Active directory helps management and give these privileges to authorized users.
It’s like having a lock on certain doors, and only those who have the authority to go through that door can access what’s in it.
So, what’s Access Control?
Access control is exactly how it sounds.
It helps a company/organization make sure users can access the resources they have the authority to view for their roles and responsibilities within the organization.
It’s like having a child lock(Access Control) on a sweets/candy cupboard(Resource) for children.
Only the people who have the authority to go into that cupboard can have the candy.
And to some extent, access control can give users certain permissions so they can access the candy/sweets cupboard but can only take certain things from that cupboard.
This is called Granular Control.
We’ll dive deeper into access control in another post as there is a ton of great things that it can do.
Why would someone not want to use Active Directory then?
It comes down to whether you need it in your organization. Active directory is a very powerful tool when used right.
Some organizations don’t need an Active Directory. It all depends on what are their goals and criteria are.
Here are some examples on why a company would choose to not to use AD in their environment:
Small and simple environments
For a business that is small with not a lot of employees and devices, the cost and overhead to setup and maintain a Windows Active Directory might not be the best options.
In this setting maybe alternatives or workgroups may be a better option.
Non-Windows Environments
Some organizations use Linux, Macs, or a mixture of a bunch of devices in their main environment.
In this case, Windows AD wouldn’t be the best suited.
Money
To set up a Windows Active Directory, it’ll involves having to get licences for windows server.
Depending on the size for the organization and what their needs are, some may go for a cost-free, open-source alternative like OpenLDAP.
Cloud-based Active Directory
With the push for cloud-based everything nowadays, a company may want to go with a cloud-based active directory like Azure active directory or AWS Directory Service.
Again, it all depends on what’s the organizations criteria and needs are.
Limited Flexibility for Remote Work
With remote work becoming more appealing everyday, sometimes users are not always connected to the local network of the company/organization.
Setting up and maintaining a secure and accessible Active Directory infrastructure for remote users may pose challenges which some companies would prefer to avoid.
Conclusion
Windows Active Directory (AD) is like a super-organized manager for a network, helping an organization manage, monitor, and control all its devices and users.
User and Group Management: AD lets you manage users individually and group them based on roles. Group management is awesome for efficient resource sharing and permissions, especially in large organizations.
Security and Access Control: AD ensures the right users have the right access. It’s like having locks on doors; only authorized people can access certain resources. Access control is like a child lock on a candy cupboard, ensuring only authorized people get the treats.
Why Not Use AD at Home: For small or simple environments, the complexity and cost of AD might be unnecessary. Non-Windows environments, cost considerations, and the rise of cloud-based solutions can also influence the decision. Additionally, in a remote work scenario, setting up AD for remote users may pose challenges.
In essence, AD is a powerful tool for organized network management, but its necessity depends on the organization’s size, structure, and specific needs.
In a future post, we’ll go over how to set up active directory.
Until then, I hope you enjoyed this post, thank you so much for reading.
