Friday, November 12, 2004
Part 2: Benefits of Active Directory
So far we've pointed out that Active Directory is a complex networking technology that requires planning in intimate detail in order to work properly when implemented. So why bother? What benefit does AD bring that would make it worth the trouble? The answer, of course, is that "it depends." However, even in a small and simple network, the benefits can outweigh the costs of design and implementation.
ScalabilityOne of the most apparent advantages to using Active Directory over using either NT4 Domains or a Workgroup model is that Active Directory can accommodate size. In a workgroup environment, a user account with password has to exist on each computer with shared resources. If you have three servers and ten users, that means creating thirty user accounts total, and each user would have to remember or synchronize three passwords each. AD also overcomes the limitations and work-arounds for large enterprises using NT4 domains. Active Directory domains can contain many more groups and users, rendering the Account domains, and Resource domains from NT4 obsolete.
Organization - MacroActive Directory is tied tightly to the DNS structure, and follows the DNS hierarchy for domains. In this way a large company can organize its domains similar to the business structure. If a business has operations in several different regions of the world, it can organize the domain along those lines: europe.domain.com, australia.domain.com, asia.domain.com, etc. Active Directory introduces the concept of the "forest" of domain trees, which share certain things in common, but remain separate domains for administrative purposes.
Organization - MicroActive Directory is created hierarchically, allowing for better organization and ease of use at the resource level, too. No longer are all of the users and groups organized in a single list, as in User Manager for NT4 Domains. Sub-containers, called Organizational Units (OUs) can be created, so that, for instance, all of the user, groups, printers, etc., for a single geographic location can be placed together, making them easier to find and administer.
Centralized Management/ControlWith a single set of management tools, the entire Directory can be managed from a single location. AD also allows for much more granular delegation of rights, so that certain administrative tasks can be delegated, while still retaining a secure environment.
Single Sign-onActive Directory brings us that much closer to the administrator's dream of single sign-on for users. This means only one login name to remember, one password to remember and change, and so on. As more applications become AD-enabled, this dream becomes a reality. Imagine, for instance, when an accountant leaves the company, disabling a single AD account, rather than disabling the NT domain account, the AP/AR software account, the Payroll software account, etc.
Ultimately, you and/or your company will have to evaluate the risks versus the rewards of implementing Active Directory in your computing environment, but in most cases, I believe it will be a step forward.
ScalabilityOne of the most apparent advantages to using Active Directory over using either NT4 Domains or a Workgroup model is that Active Directory can accommodate size. In a workgroup environment, a user account with password has to exist on each computer with shared resources. If you have three servers and ten users, that means creating thirty user accounts total, and each user would have to remember or synchronize three passwords each. AD also overcomes the limitations and work-arounds for large enterprises using NT4 domains. Active Directory domains can contain many more groups and users, rendering the Account domains, and Resource domains from NT4 obsolete.
Organization - MacroActive Directory is tied tightly to the DNS structure, and follows the DNS hierarchy for domains. In this way a large company can organize its domains similar to the business structure. If a business has operations in several different regions of the world, it can organize the domain along those lines: europe.domain.com, australia.domain.com, asia.domain.com, etc. Active Directory introduces the concept of the "forest" of domain trees, which share certain things in common, but remain separate domains for administrative purposes.
Organization - MicroActive Directory is created hierarchically, allowing for better organization and ease of use at the resource level, too. No longer are all of the users and groups organized in a single list, as in User Manager for NT4 Domains. Sub-containers, called Organizational Units (OUs) can be created, so that, for instance, all of the user, groups, printers, etc., for a single geographic location can be placed together, making them easier to find and administer.
Centralized Management/ControlWith a single set of management tools, the entire Directory can be managed from a single location. AD also allows for much more granular delegation of rights, so that certain administrative tasks can be delegated, while still retaining a secure environment.
Single Sign-onActive Directory brings us that much closer to the administrator's dream of single sign-on for users. This means only one login name to remember, one password to remember and change, and so on. As more applications become AD-enabled, this dream becomes a reality. Imagine, for instance, when an accountant leaves the company, disabling a single AD account, rather than disabling the NT domain account, the AP/AR software account, the Payroll software account, etc.
Ultimately, you and/or your company will have to evaluate the risks versus the rewards of implementing Active Directory in your computing environment, but in most cases, I believe it will be a step forward.
# posted by e247net : 1:11 AM
