Active Directory by EBS - leader in Network Support and IT Services Houston

EBS IT Solutions | Back to Knowledge Base | Home

Active Directory – What is it and What Can it Do for My Network?

OVERVIEW: Active Directory – have you ever heard of it? It is a directory services tool in the Windows Server operating system. Well that doesn’t help explain it much, does it? Active Directory (AD), even for IT technicians, was for a long time a lot of buzz and not much real use. Yet AD is a powerful tool with some very useful functions. The full power of AD really applies to larger organizations – from 200 users on up, yet Active Directory offers some very useful features for small organizations as well.

WHAT IT DOES: AD keeps track of people, computers and printers on the network. It keeps data, referred to as attributes for those “objects”. You can structure your network and the objects in various ways – as domains, sites, and forests with organization units in domains. Now most small business don’t have anything like a forest of domains, each domain with many computers, but the structure capability is there and certainly AD supports small networks as well.

Microsoft likes to say AD allows centralization and decentralization of network administration – the best of both worlds. You can administer a network across many sites from AD and/or you can delegate many levels of administrative control at the domain or organization unit level.

Some of the other features of AD useful for small businesses group policies relate to security and automated software distribution. Features that are more relevant to larger organization include AD replication and trusts across network structures. Of course, there are also a lot of technical functions built-in that make the network more secure and functional such as integrated DNS zones, a strong authentication system, etc.

WHAT TO TAKE ADVANTAGE OF:
Administrative Delegation – how many people know your server administrative user name and password? Just one internal IT person perhaps – plus the owner, plus two other internal folks who needed it, plus an IT contractor, plus two other folks at the IT support firm – plus?

And if any one of those folks leaves their employment or gives the password to others is everything on your network totally open? Active Directory provides several ways to keep your information secure and a key one is establish a way to closely guard the main administrative credentials and delegate appropriate administrative rights to others as needed – even an alternate IT technician at the site, or the backup IT support person internally. Very granular powers and access can be granted such as a backup operator, server operator and detailed control rights. The user’s credentials for these users can be changed periodically and very quickly revoked if the person leaves or changes job function. .

Security Group Policies – do you want to improve security – insure passwords are complex and get changed frequently, or perhaps prevent users from installing unapproved software?

With AD you can easily setup security policies that enforce password complexity, that require the password be changed and that you cannot reuse an old password, prevent uses from installing software, modify what appears on the desktop, etc. with AD group polices. There are dozens of conditions that can be set and sent out by organization unit, by site or firm wide.

Software Distribution – using software distribution policies in AD you can automatically install new software on all of your computers – without going to each machine as well as software and operating system updates. The installs can be done when the machine starts or when the users open the software. They can optional or mandatory.

AD is not perhaps the magic wand the original hype seemed to offer, but it does some useful stuff that should be utilized as needed on your network. Give us a call at EBS if you have questions about using AD effectively on your network.

HELP: For help with Active Directory or Security Issues, give us a call or email EBS and we will be glad to be of assistance: 713.522.3480

INTERESTING BITS
Free Microsoft Training

Tame the chaos of your Inbox: Learn about five features in Microsoft® Office Outlook® 2003 that will help you find and use the messages you've decided to keep there.

Learn how to use mail merge in Microsoft Office Word to produce envelopes and labels for mass mailings.

SECURITY WATCH

Administering the Administrators

In many organizations there are multiple network administrators that either do not need or should not have access to network resources that are not meant to be under their control. This limitation is good practice to help protect data and...

Phishing Sites Increase Significantly in December 2005

The Anti-Phishing Working Group (APWG) published its Phishing Activity Trends Report for December 2005. According to data gathered by the group, over 7,197 new phishing sites were created in December 2005 and the group recorded 15,244 unique...

For professional, cost effective help with your computer and network issues - Windows, Linux, Exchange, VPN, security, email, backup and website marketing , for all of your systems needs; please give us a call.

3311 Richmond Ave. Suite 317
Houston TX 77098
Toll Free: 800.524.9095
Tel: 713.522.3480
Fax: 713.524.0871
contactus@ebsit.com
www.ebsit.com