EP026

Episode 26 – Let’s Get Active (Directory) shownotes

Music provided by: Denis Kreynin https://soundcloud.com/denis-kreynin

 

managing every computer individually is not scalable in a large scale.

Everyone using the same account means no accountability for who did what, and may violate regulations.

5 user accounts on 5 computer means up to 25 accounts. how are you going to keep your passwords in sync? password resets mean increased cost and lost productivity

Use active directory instead.

Active directory Users and Computers is where you control user accounts, reset passwords, etc

Group policy management is where you set policies, like for instance password complexity requirements, or settings to keep a computer secure.

Domain hierarchy is like folders in windows explorer or finder on apple OS, with OUs (for organizational unit).

Most people structure their hierarchy either by locations or by departments.

 

There are 3 types of objects in active directory that be placed into this organizational hierarchy: computers, users, and groups

– computers are objects that represent physical computers that are part of the domain. You can get and/or set a number of properties on a computer itself like see the last time it booted or disable a lost laptop until it’s found

– user objects are the logical user account that sign into the domain. Again, many different properties you can set and read (for example last time password changed, setting what time of day a user account can log into a computer, or what office location someone works in)

– group objects are the roles you want a user associated with; great for applying access controls to permit access

 

policies are the rules dictating user and computer experience, that can be set and are applied to OU hierarchy.

 

Single sign-on is a huge boost in security and a convenience win for users, so they only have to log into their computer once and then are automatically authenticated against things like web servers and network file shares. only works with members of the domain.

 

LDAP – Lightweight Directory Access Protocol

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.