Active Directory (AD) is a database system that enables system administrators to manage the permissions of individual users and devices on a network, making it easier for users to access data from anywhere within that network, and easier for administrators to create and apply group policies.
This is a lot to absorb in one go, so to help us understand what AD is, let’s consider this situation: Aaron’s small tea bomb company is growing quickly. From a 10-person team, they’re now about to hire their hundredth employee: Zendaya.
Back when there were just a handful of them, they used Google Drive for sharing files with one another. They also let staff use their own laptops, smartphones, and thumb drives since that put less pressure on the company’s budget.
However, now that there’s a hundred of them, Aaron is growing worried that his secret tea bomb recipes may fall into competitors’ hands. When he was onboarding Zendaya for her role as Production Supervisor, he realized that:
- He had no system for controlling who has access to which file or folder. To illustrate, he needed Zendaya to have access to files that everyone else can view (such as company policy documents). However, at the same time, he wanted her and her Manufacturing team to have exclusive access to the Manufacturing folder — the folder that contains his proprietary recipes.
- He had no way of knowing what his staff was accessing, and no means for making sure that it’s just his staff who had access to company information.
- He had no visibility on which devices employees were using, nor any assurance that these devices were free of malware and had up-to-date security patches and reliable anti-malware software. Zendaya’s laptop and smartphone were up-to-date during onboarding, but he had no ability to apply user or group policies for her devices and those of the other employees.
Thankfully, Zendaya had previous experience in another company that used AD and convinced Aaron to talk about his identification/authentication needs with a managed IT services provider.
Active Directory is Microsoft's authentication engine
The primary benefit of AD for small businesses in Toronto is that it provides the most efficient way for administrators to add and remove users as well as centrally manage access/permissions to files, folders, resources, and devices.
A company that uses AD will have all of its machines connected to one another within the same domain. This domain allows the following things to be centralized:
- File access – From a centralized location, admins can apply rules as to what files, folders, and groups a user can access.
- Device and user registry – Every device that logs in to your network must be registered in a global catalog. This catalog holds each device’s IP address and computer name, as well as each user’s account name and password.
- Network monitoring – AD is a single point from which a server called a domain controller can keep track of everything that goes on in the domain. Be it information transfers, file usage, or any other activity in your network, you can conveniently watch over them all from just one place.
- Permissions management – The global catalog also allows a domain controller to apply users’ network permissions as determined by the network administrator. It is also important to note that the global catalog is in a single, protected location, which is good for maintaining your organization’s cybersecurity.
- Software updates – When Microsoft updates software, it first checks AD for the rules and permissions of the user and/or device to apply the updates appropriately.
- Security – Administrators can set the password standards for the organization. That is, they can enforce rules for password strength, length, and expiration, among others.
AD allows users to log in to any network device and easily access Microsoft accounts as well as files and folders they’re permitted to access
When Zendaya uses her credentials to log in to any network-registered computer, AD pulls up all of her personal settings. This means that no matter which computer she uses, she will feel like she’s using the machine she normally uses.
Additionally, when she logs in, AD generates a token containing her permission information. This means that she won’t have to enter her credentials to access her Outlook account; the token will do this for her when she opens Outlook. She can also open files and folders — both those she created and those shared by others — as long as she has the permissions to access these.
Use case: HR forms
As previously mentioned, AD allows system admins to set and restrict different permissions for different files, folders, and workgroups. To illustrate, the HR department provides all sorts of forms for making a formal request or lodging a complaint. These forms may be accessed by anyone in the company, but most only have permissions to view and print these. That is, they cannot revise the forms’ contents or delete any file — only HR staff who have been granted the necessary permissions may perform these actions.
Furthermore, only HR staff may access staff members’ individual HR files — not even viewing access is permitted to non-HR personnel.
Even small companies can greatly benefit from the efficiencies that Active Directory provides. To take advantage of AD in your own business, turn to XBASE’s Exponentially Better™ Managed Services. Drop us a line today to learn how.