What Does Active Directory’s Server Do?
Active Directory® (AD) is a directory service introduced by Microsoft® that runs on a Windows® server to manage user access to networked resources. The server role in Active Directory is run by Active Directory Domain Services (AD DS), and the server running AD DS is called a domain controller. The domain controller:
- Authenticates and authorizes all users and systems in a Windows-based network; and
- Assigns and enforces all security policies for Windows systems.
AD DS manages network elements, like systems and users, by organizing them into a structured hierarchy. The domain controller is then responsible for authorizing user authentication requests within the network. Domain controllers contain data that determine access to an established network, making it a primary target for cyberattackers looking to corrupt or steal confidential information.
Although the domain controller serves an important role, some IT admins question the sustainability of a Windows-centric identity authorization source in a growing mixed-platform IT landscape. Is an on-prem server — which doesn’t function for mixed-platform, cloud-based environments natively — still the right choice for modern organizations?
The modern workplace has shifted to the cloud, leaving legacy management solutions like the domain controller struggling to manage the disparate, non-Windows-based identities that have become commonplace in the average IT landscape.
For example, the widespread implementation of web applications like Salesforce® and Box™ means that end users can no longer leverage single sign-on (SSO) through AD for all resources. Twenty years ago, when the IT landscape consisted entirely of Windows applications and desktops, AD connected every user to just about every resource they required. Now, AD no longer grants that level of authorization, forcing admins to adopt additional tooling to manage authentication and authorization to a variety of IT resources.
Microsoft did introduce an Identity-as-a-Service (IDaaS) solution with Azure® Active Directory (AAD), but AAD made identity management complex, time consuming, and costly for IT admins by forcing them to keep on-prem AD and use AAD in conjunction. Additionally, if IT professionals wanted to leverage SSO for their users without (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Kayla Coco-Stotts. Read the original post at: https://jumpcloud.com/blog/active-directory-without-a-server/