RSA Encryption softwareSecure LoginDigital IDTerminal LogonLogon for CitrixGeneral issuesSmart cards  
 

News

19.01.12 We welcome the new SIM Manager 3.1 – a more user friendly version with an improved SIM card writing speed functionality
14.04.11 New Dekart SIM Manager is finally here! Now it can import contacts from Facebook and iPhone!

More…|Press Room

Active Directory – overview

What is Active Directory?

Active Directory lets organizations efficiently share and manage information about network resources and users. Active Directory is an essential and inseparable part of the Windows 2000 network architecture, an integrated set of directory services that improve the management, security, and interoperability of the Windows network operating system.

What Are the Benefits of Active Directory?

1. Simplified management. Active Directory stores this information centrally and works with IntelliMirror® management technologies to install assigned applications automatically and give users the ability to access their own desktops, their own documents regardless of the workstation they use in the network.

2. Enhanced security. Active Directory acts as the central authority for governing authentication of user identity and for managing different access rights for user groups or separate users. It supports a number of authentication mechanisms used to prove identity, including Kerberos, which provides strong authentication for client/server applications, thus securing connection in such open networks as Internet. Starting from Windows 2000 Microsoft adopts Kerberos as the default protocol for network authentication. After a client and server have used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.

How Kerberos works:

  • A client authenticates itself to the authentication server to get access to necessary information.
  • The user's password is utilized (while still on the user's workstation) to generate an encryption key. The key encrypts certain pieces of information that are exchanged with the Key Distribution Center. After a few exchanges, the Key Distribution Center returns information to the user that is usable only by software on the workstation that knows the temporary encryption key derived from the password. Now when users wish to contact a Kerberos-protected service, they first contact the Kerberos ticket-granting service and ask for a ticket to the service. A ticket is a chunk of information that proves the user's identity to the service; but it's encrypted in the services' long-term key so it's unintelligible to the user. Kerberos can make use of temporary keys wherever possible, to make it harder for hackers to break in. When a user and a service are interacting, they are doing so with a key that was specially generated just for this particular interaction and that expires within a relatively short period of time. The key lifetime is configurable, but it is usually good for hours, not days.

3. Centralized administration. Using Active Directory service, the administrator does not have to manually configure every single computer on the network, if for example there is the need of changing access right to a specific object or setup a new network printer. These modifications can be simultaneously applied to the whole network.

4. Flexible interface. The catalogues can be easily organized. The logical structure of Active Directory consists of forests, which represent the security boundary for Active Directory, and domains, which are used to manage the various populations of users, computers, and network resources in your enterprise. Within domains you can create organizational units to subdivide the various divisions of administration. You can, for example, create a catalogue of your company, create such subcategories as marketing, accountant, secretary department, and present it in a tree-like structure. Or you may create several trees representing several offices in different buildings or areas and easily assign and change links between them and their access privileges. The network printer can be easily connected to the accountants’ directory with a one click of the mouse (then the printer drivers will be automatically installed on their computers).

5. Integration with DNS. Active Directory uses DNS to implement an IP-based naming system so that Active Directory services and domain controllers are locatable over standard IP both on intranets and the Internet.

6. Scalability. Active Directory includes one or more domains, each with one or more domain controllers, enabling you to scale the directory to meet any network requirements.

7. Search simplicity. Flexible and global searching. Users and administrators can use desktop tools to search Active Directory. By default, searches are directed to the global catalog, which provides forest-wide search capabilities. Users can search the objects using different criteria such as usernames, computer names, email, documents names, settings etc.

<< What is Dekart Logon How to configure your operating system to work with Active Directory? >>
 
  HomeStorePress RoomRSS feedPrivacy NoticePartnersContactSitemap