If you think about all the data and files you have stored across your network, it would be nearly impossible to recall the exact name and location of every file. A directory service solves this problem by creating a container that provides a hierarchical structure. It allows you to store objects that can quickly be located and easily accessed. Whenever you search, you’re using a directory service.
It also plays a key role in managing your IT infrastructure. As network resources have grown more complex, a directory service records data on users, devices, applications, groups, and devices within the hierarchical structure. The structure allows it to find details about things connected to the network from a single location.
Active Directory (AD) is a Microsoft® software solution to directory services. It locates resources and can handle millions of objects in a single domain, but it can also do a lot more. It’s a critical part of the company’s Identity and Access Management (IAM) system.
Active Directory uses Kerberos Authentication and Single Sign-On (SSO). SSO lets Kerberos Authentication use one set of credentials. These credentials are granted access permission across resources, networks, and services. These authentications allow Active Director to act as a repository for all of the user’s information.
Active Directory’s Certificate Services (AD CS) lets IT admins build a public key infrastructure (PKI) to provide distribution and verification of digital certificates and digital signatures. A PKI lets users and systems exchange data securely by linking identities with public-key certificates. PKI both allows for the encryption of the data and contains information to identify the certificate holder and link them with the data. In short, the PKI lets networks verify identities.
AD CS also lets your organization distribute certificates at a nearly unlimited scale - whether you have a small organization or a large company with thousands of employees and computers
Active Directory provides a number of benefits to make managing your network easier.
Active Directory is typically monitored through Microsoft’s System Center Operations Manager (SCOM), although there are third-party applications that can be used as well. AD monitoring software access Microsoft libraries and collects performance counters to monitor the health and performance of the service directory.
When abnormal behavior, such as a drop in performance or unauthorized access, is detected, AD monitoring can flag the behavior and trigger alarms. This can be especially important in detecting breaches where hackers try to escalate privileges. When malicious activity is identified quickly, it can often be stopped before it causes significant damage.
Monitoring active event logs can reveal such malicious activity. In one exhaustive study of breaches, researchers at Verizon found that 84% of the victims had evidence of breach attempts in their event logs weeks before the breach was uncovered.
Here are the most common ways AD monitors your network to let you know when there might be a problem:
You can also run AD user audit to determine individual performance and behavior, such as login monitoring or remote desktop services sessions.
Get our latest blog posts delivered in a weekly email.