301 Reading 13 - marsecguy/reading-notes-cyberops GitHub Wiki

Active Directory

  1. What exactly is “Active Directory” and are the key services it provides?

    • Active Directory is a service by Microsoft that handles many of the organizational tasks of handling the IT aspects of managing people, groups, and IT devices; more specifically, how people interface with IT devices. It enables authentication of individuals and their organization into groups. It then allows rules to be established for each group regarding authentication, access and accountability (AAA).

  2. What are the differences between a domain, forest, and tree in Active Directory?

    • A domain encompases interconnected network(s) and people that are part of the same Active Directory database. They are typically identified by their organization, most often with the internet extension (company.com or charity.org, etc.)
    • A forest is a group that shares the Active Directory, but doesn't share a domain name. A possible example of this could be subsidiary companies. Disney owns other companies like Hulu and ESPN. All Disney employees may be in the Disney Active Directory, but the ones who work for Hulu would be identified by the hulu.com, while ESPN employees might have espn.com.
    • A tree is a group within the domain that subdivides the domain in some fashion, often by function or department (sales, accounting, operations, etc.). Their "forest name" is appended to the main domain name; for example: sales.company.com or ops.company.com.

  3. How can objects (e.g. users, devices) within a domain be grouped?

    • The real answer is they can be grouped any way the organization wishes. If management wants a group of people with a Z in their name, that can be set up. Most commonly, though, people are grouped by things like role, function and geography.

  4. Explain the benefits of Active Directory, as you would to a family member.

    • Active Directory centralizes and simplifies the tasks of managing people by facilitating grouping them and assigning IT policies and authorizations based on the group(s) each individual belongs to.

Source:CyberArk