The Active Directory directory service ensures that administrators can manage user authentication and access control easily and efficiently . See Chapter 3 , "Active Directory," for more information about security and Active Directory.
Active Directory provides protected storage of user account and group information by using access control on objects and user credentials. Because Active Directory stores not only user credentials but also access-control information, users who log on to the network obtain both authentication and authorization to access system resources. For example, when a user logs on to the network, the security system authenticates the user with information stored in Active Directory. Then, when the user attempts to access a service on the network, the system checks the properties defined in the discretionary access control list (DACL) for that service.
Because Active Directory allows administrators to create group accounts, administrators can manage system security more efficiently than ever before. For example, by adjusting a file's properties, an administrator can permit all users in a group to read that file. In this way, access to objects in Active Directory is based on group membership.
Top |