Overview of Active Directory® Domain Services

With so many changes in the IT landscape, it is sometimes difficult to have a finger on the pulse of the various identity management solutions available. As admins explore their options, many IT organizations are seeking an overview of
Active Directory® Domain Services (AD DS) to see whether the legacy Microsoft® platform is still right for them. Does the Microsoft domain approach fit the future of identity and access management (IAM)? We will explore this question together.

Domain Beginnings

EoL Windows Server 2000Historically, leveraging Active Directory Domain Services made a great deal of sense. The office of yore was filled with bulky desktops in cramped cubicles, and all of them were based in the Windows® OS. Using Active Directory as the sole source of truth, IT admins created a domain where their users could freely access their resources.

Thanks to AD DS, end users could log in to their Windows machine and subsequently be connected to virtually any Windows-based resource—server, application, network—that they had rights to. Of course, in an all-Windows, on-prem workplace, it was fairly simple to connect resource access together under one directory. For a time, IT admins had a straightforward IAM approach.

The Domain and the Cloud

Challenges started to emerge once new IT resources hit the market. Innovations such as cloud infrastructure, web applications, cloud file servers (and on-prem NAS appliances), and much more changed the face of IT. Non-Windows systems (macOS® and Linux®) also started to gain popularity in the workplace, putting a strain on AD DS. The traditional approach to connecting users to their IT resources, now including these new non-Windows and cloud-based ones, started to break down.

The concept of the domain was morphing and changing. The “domain” effectively now included remote resources that weren’t controlled by IT. The result was that IT organizations started to have separate user access control in multiple places. The idea of having one central authoritative identity provider was no longer valid. Essentially, the domain, as it was once known, was no more.

Separation Anxiety

Most organizations, however, didn’t want to let go of (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/overview-ad-ds/

Zach DeMeyer

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 244 posts and counting.See all posts by zach-demeyer