What is Active Directory Structure? – User Account Types and Active Directory Security in the Corporate Network
Active Directory (Active Directory) is a structure in which the user accounts in the corporate network are defined and the necessary authorizations are matched with the relevant users. The Active Directory structure is essentially an LDAP database.
User accounts defined by the Active Directory structure can log on to the network independently of the computer. For example, a user account has been created for the John Doe user from a computer in the IT Department. John Doe can access network resources within the framework of his authorization by logging into his account from a work computer in the Marketing Department or from a computer in a different location on the network.
What is User Account?
The user account is the structure that allows users to log on to systems and access resources within the framework of their rights. User accounts according to the point where they are defined Local User account and Domain User is divided into 2.
- Local User: Local users can only access resources within the framework of the computer for which they are defined. For example, they cannot access resources on a different computer on the network. Local user accounts are kept in the SAM (Security Account Manager) database in the Windows operating system.
- Domain User: Domain user refers to the user created on the Active Directory structure. Domain users can log on to the corporate network independently of computers and access the resources on the network within their authorization. Domain users can join the network from a computer in the corporate network by specifying their user name and password to the Domain Controller.
Why Use Active Directory Structure?
The Active Directory structure, developed by Microsoft, is designed to make even the most complex corporate networks easy to manage. Thanks to the hierarchical structure created by the Active Directory service, even in a network of 10,000 users, you can easily manage your users and provide them with access to the necessary resources.
Active Directory Security
Within the scope of Local Network Penetration Testing services, the security of the Active Directory structure is also examined. In order to increase the security of the Active Directory structure, it is recommended to receive local network pentest service at regular intervals. However, there are some tightening techniques that institutions can apply:
- It should not remain at the default security settings, the best hardening techniques should be applied, and the Active Directory structure should be kept up-to-date.
- For users in Active Directory lowest powers should be given. Users should only be able to access the resources they need to enter.
- Active Directory structure should be constantly monitored and integrated with a security product if possible. Changes in this structure can be generated as an alarm to the relevant persons via e-mail.
- Strong passwords should be used for Active Directory users.