What is Active Directory? A brief overview…
Active Directory, commonly referred to as AD (not to be confused with Azure AD) was developed by Microsoft and first released as a centralized domain directory service with Windows 2000 Server Edition.
Since its original release, AD has gone through several updates, expanding its core functionality as a centralized domain directory service to encompassing multiple identity, authentication, and authorization services. Active Directory is the term used to describe these services collectively.
How does Active Directory work?
Describing a simple scenario, when a user attempts to access a domain resource – e.g. login to a laptop, access email, file server, printer etc., Active Directory will first authenticate the request by verifying their credentials against a member within its directory and then authorize the request whilst checking and ensuring the correct rights and privileges are issued before access is granted to the computer, alongside this, configured policy settings, applications, and network resources will also be deployed.
During the log-on process, several different Active Directory services will be utilized depending on what has been configured, these include domain, certificates, SSO (single sign-on), and rights management services, the most used service which also forms the basis for every Windows network, is Active Directory Domain Services (AD DS) and contains information about every member and device belonging to a domain.
Who uses Active Directory?
Active Directory could be considered a universal authentication solution – it has been estimated that it is being used by 90% of the Global Fortune 1000 companies and likely covers every company which runs a Windows-based network.
Within these companies which use AD, every employee who has user credentials to connect to a network or accesses email via an Exchange server will be using Active Directory services, although more than likely, they are using them unknowingly.
As Active Directory is a server-side service it will be the IT Managers role to ensure that the services have been configured correctly to ensure that the correct permissions, privileges, services, and network resources are assigned to each individual member of the domain.
What is Azure Active Directory?
Azure Active Directory is a cloud-based identity platform developed by Microsoft that provides SSO and MFA (multi-factor authentication) for cloud resources and Azure AD joined devices and enables access to thousands of external SaaS applications.
To ensure you get your terminology correct, Azure AD and AD are two separate services, when you hear Active Directory being mentioned, it is the on-prem version of AD that is being referred to, not the cloud-based Azure AD.
Active Directory and Cyber Attacks
Given the widespread adoption of AD throughout global enterprises and considering the information it both houses and authorizes access to, it would be no surprise to learn that it is under constant threat of cyber-attack.
Compromising AD is one of the most prevalent ways cyber-attackers gain unauthorized entry into a company’s network, they then move laterally throughout the network, elevating their access and privileges to steal, ransom, or take control of the company network.
As over 85% of hacking-related breaches are due to compromised credentials, auditing Active Directory user accounts is a critical step to reduce the risk of a successful attack to gain unauthorized access, often companies invest heavily in cybersecurity solutions, yet overlook the importance of ensuring the first line of defense is secure through good password hygiene and policy.
Auditing Active Directory Users, The Easy Way
Multiple admins, inactive admins, and user accounts with duplicate or compromised passwords are all potential areas vulnerable to attack, they can easily go unnoticed if Active Directory isn’t regularly audited.
Audits like this can be a time-consuming and cumbersome process, it involves writing PowerShell scripts, exporting data for analysis, and extracting data to act on as if IT managers don’t have enough on their plates already!
Here at Specops, to solve that exact problem, we developed a free tool Password Auditor that scans Active Directory for various security-related weaknesses, specifically poor password policies, all from a single location. The graphical interface provides insight, which helps organizations align passwords with current industry and compliance best practices.
Download your free copy of Specops Password Auditor today.
(Last updated on February 28, 2022)