Scribd
Upload
186 views

Active Directory and Domain Controller

This document discusses domains, domain controllers, and Active Directory. It provides the following key points: 1. A domain allows users to access computer resources with a single username and password. A domain controller manages authentication and authorization for the domain. 2. Active Directory is a Microsoft service that stores user accounts and passwords in a centralized, protected location. It improves security, enables centralized management, and supports features like single sign-on. 3. Implementing Active Directory provides benefits like improved infrastructure management, centralized administration, access controls, and more. It addresses disadvantages of a non-domain setup like lack of user mobility and remote management capabilities.

Uploaded by

Prashanth Hegde
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
186 views

Active Directory and Domain Controller

This document discusses domains, domain controllers, and Active Directory. It provides the following key points: 1. A domain allows users to access computer resources with a single username and password. A domain controller manages authentication and authorization for the domain. 2. Active Directory is a Microsoft service that stores user accounts and passwords in a centralized, protected location. It improves security, enables centralized management, and supports features like single sign-on. 3. Implementing Active Directory provides benefits like improved infrastructure management, centralized administration, access controls, and more. It addresses disadvantages of a non-domain setup like lack of user mobility and remote management capabilities.

Uploaded by

Prashanth Hegde
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Active Directory and Domain Controller

Domain:

A domain is a concept introduced in Windows NT whereby a user may be granted access to


a number of computer resources with the use of a single username and password combination.
Domain is a boundary, which all customised rules and principles are applies within.

Domain Controller:

The machine that running Windows server version of NT4 or better, where domain controller
features (name Services) are been installed. Domain controller is the main server (controller) for
the whole domain; this machine can be configured in 3 ways are

1. Active Directory (PDC)


2. Backup Domain Controller
3. Stand Alone Server

Active Directory (AD):

A service provided by Microsoft for domain network. Active Directory is a database that
keeps track of all the user accounts and passwords in your organization. It stores user accounts and
passwords in one protected location, improving your organization's security. It allow administrators
to manage these features to use it effectively to improve the stability and accuracy of IT
infrastructure. Also enables various features like remote administration, management and
automatic backup and restoration etc.

Benefits of Having an Active Directory:

 Improve the stability and accuracy of IT infrastructure.


 Centralized Management. Ease of 
 Single Username and Password can be used domain wide.
 We can create various user groups based on departments or location.
 Name based users (i.e. based on requirement, for particular user we may set different level
of authentication clearance). 
 Access control- We can restrict the access of users to particular resources such as shared
space (ex: If a shared folder had information that only specific people had clearance to view
the content, by ADDS we achieve these kind of requirements)
 We may extend the access control to applications such as which user needs the particular
applications and others don’t. (Such as many people do not need applications like MS-paint,
Photoshop etc, hence it would increase the productivity, only those people required to use
that applications has access by logging in using their credentials.)
 Deny access to our network/machine to those persons who are been resigned, fired or no
longer with our organization.
 We can change the login credentials immediately, in case of compromised situations. ex-
admin credentials.(Note: on current setup we need to physically go to every workstation and
change password manually)
 Automatically assign network printers for selected groups and department.
 Set windows firewall setting for whole company from one controller. We can customize
these firewall settings department wise also, based on their requirements.
 Roaming profile - user data kept on the server that follows the user regardless of the
computer he/she login.
 Documents and Desktop folder redirection - keeping user data on the server. Files from the
desktop and documents folders can be kept on the server and connected to the user's
session automatically when he or she logs in to computer.
 VPN - access from outside the company to file resources granted under the domain user
name
 Remote installation of softwares using remote administration feature.
 Automatic system update and backup and restorations for windows.
 We can use AD authentications to login other features like SQL Server, CRM application, file
systems etc.
 We can track the activities such as attempts made of unauthorised access.
 Block USB mass storages (prevent any malicious content into company network and provide
data integrity, only trusted users can access it).
 Rule based network access: restrict the workstations to use company network resources by
predefined (predesigned) rules. (ex: computers without latest anti-virus updates should not
be able to connect)

Disadvantages of Current Set-up:

 Current set-up: All systems are individual systems that are part of a business network, not
having centralized control.
 There is no such setup to manage or audit the infrastructure over companywide or location
wise.
 If any changes need to be made, then technicians need to visit each machines manually.
 Tracking and controlling of user action by remote is impossible.
 The automation is not possible.
 Less secured, because whenever administrative privilege granted for user machine, there is
good chance of spreading viruses.
 Lack of user mobility (The document at one work station is not available for others until it
was shared, even though there is a fair chance of system crashing then all data will be
offline)
 No possibility of tracing and blocking of the users who may misuse the data (data theft).
 Obtaining details of users, such as email address etc are difficult.
Review:

The implementation of Active Directory has many advantages compared to the use of
the workgroup. Thanks to the AD domain, the company can gain more stability and security towards
manage its IT environment, adjust the operational requirements, plan and make changes to a much
greater pace.

Remarks:

* Microsoft suggested workgroup size is max 20-25 workstations. So AD implementation is essential


for the network of this size.

* Microsoft strongly recommends single DC for whole organization is not a best practice. So a
backup server is necessarily employed for Data center.

* File server is very much required.

Proposed Setup:

Multi domain Architecture

NAS
Active Directory
Domain Services
BDC
&
Domain Controller
(PDC/DNS)

Child Domain Child Domain Child Domain Child Domain


controller 1 controller 2 controller 2 controller N
(CDC) and (CDC) and (CDC) and (CDC) and
....….
Fileserver 1 Fileserver 2 Fileserver 2 Fileserver N
location1 location2 location3 location N

General Requirements:
 OS – Windows server 2012 R2
 Dell Power edge series server
 Intel Xeon E processor 3.5 GHz
 32 GB Physical Memory
 Raid 5

You might also like