Microsoft Directory Services

By Harmandeep Saggu

Directory services provide a centralized method to store, manage, organize and access information. Microsoft (MS) offers Active Directory as its directory service, which is built upon established standards. Active Directory uses several standardized protocols like LDAP, Kerberos and DNS – LDAP protocol to store and access information, Kerberos to provide secure authentication services, and DNS to provide active directory naming and locating services. As Active Directory is built upon established standards, it is interoperable with other vendors' directory service solutions.

Over the past few years, Active Directory has been widely adopted to host an organization's directories and structures, and to store users, groups, shares, network objects, etc. Active Directory also acts as a central information store for various other solutions like MS Exchange, DFS and SCCM. Apart from this, Active Directory also provides security services using an open encryption standard called Public Key Infrastructure and a proprietary policy based solution called Group Policy Objects.

Microsoft Active Directory is designed to be extensible and scalable; it can potentially store millions of objects. It is based on multi-master replication model. This model allows several servers to act as peers and provide redundancy and high availability, while maintaining the same information using replication. Along with replication, the multi-master model facilitates Active Directory to scale-out geographically.

With scalability comes complexity. A successful and functional scalable solution requires a well-planned strategic design in accordance with an organization's requirements and in-place infrastructure. As Active Directory service forms a central store of information and authentication in an organization, it requires a flexible monitoring set-up. Along with monitoring, we require a cost-effective standby disaster recovery and backup solution to ensure minimal downtime during uncertain outages.

Active Directory is updated with every release of Windows Server. With the latest release of Windows Server, Active directory provides new nifty features like:

• Single-Sign-On (SSO) solution, which permits the usage of a single identity over a wide range of services across the enterprise
• Improved Federation services, along with claims, using multi-factor authorization mechanism, enhances authorization controls by adding a mandatory layer of security
• DNS security extensions support to provide validated referrals and answers to Windows clients​

Starting with Windows Server 2012, now, Microsoft also offers Active Directory on its public cloud service – Azure. This provides organizations a globally hosted and 24/7 available MS directory service using private tunnel over public network.

No doubt that a centralized directory database and access system is indeed necessary for every organization to store, manage and reflect its structure objects from a unified namespace. Windows Server 2012 R2 directory service expands the feature set of the domain and federation services. All these new and inherent features can help organizations leverage a secure, centralized, manageable and readily accessible directory service in a cost-effective package with substantial savings.​