Beruflich Dokumente
Kultur Dokumente
Date: 3/18/2020
MLA Citations:
Kindle, Bill. “Domain Controllers vs. Active Directory: Explained.” Adam the Automator, Adam
the Automator, 1 Jan. 2020, adamtheautomator.com/domain-controller-vs-active-
directory/.
Analysis:
One of the main roles of an Information Security Officer is to audit policies and make
sure that different users have different permissions. For instance, a regular guest account should
not be able to have administrative privileges; otherwise, security breaches could arise. Thus, in
order to control this system, Information Security Officers often use Domain Controllers and
Active Directories. However, even though I knew why these tools are used in Cybersecurity
before researching this article, I didn't quite understand what the difference was between a
Domain Controller and an Active Directory. But after going through this article and the
“nightclub analogy”, this makes a lot more sense to me now.
First off, the author of this article used an analogy about a nightclub in order to explain
these concepts. For example, he stated that since only certain people can attend the nightclub,
there must be a bouncer. In the world of security, this can be equated to the Domain Controller as
it uses a “list” in order to only allow authorized members. This article also stated that there are
several Domain Controllers to serve as backup in case of an emergency situation. When I read
this part of the article, I was able to make a connection to what I had learned previously when
preparing for my BPA Network Design Team competition. When creating the network diagram,
we had to place primary and secondary components for each of the network hardware to serve as
backup, or in Networking terms, increase redundancy. Thus, reading about this showed me how
closely related Cybersecurity and Networking are.
Coming back to the analogy, the article stated that if the bouncer of the nightclub equates
to the Domain Controller, then the nightclub itself can be equated to the Active Directory. More
specifically, the Active Directory Server equates to the nightclub’s owner (since it determines
who is authorized/unauthorized) and the Active Directory Service equates to the “little black
book” that contains the regulations for who can enter/who cannot. Overall, this entire nightclub
analogy helped me understand how the Domain Controller and Active Directory interact with
each other in order to block unauthorized users from the system.
Learning about this difference helped me make some more connections from the BPA
Computer Security competition that I participated in last week. For instance, during the finals
round, I had to complete several hands-on exercises on a Windows 10 virtual machine. Some of
these exercises were about making changes to the group policies, account lockout policies, and
password policies, and after reading this article, I understand that these services/policies are all
part of the Windows 10 Active Directory. This makes sense because these policies dictate what
each user is authorized to do on the system and it defines what everyone must follow. To put it
simply, reading about this helped me make some deeper connections with the things that I have
learned over the past few months from my mentor, own research, and BPA.
This article includes additional terms that are important to know, including “identity”,
“security principal”, “security identifier”, and “account”. Even though I had heard of these terms
before, I would not have been able to properly define them before reading this section of the
article. For instance, I knew that a security identifier is used to authorize users on a system, but I
did not know that a key was involved in this process. I also did not know that a security principal
is used to authenticate users and handle their permissions.
However, after reading this article, I still have some questions. If the group policies are
part of the Active Directory on Windows 10, what is part of the Domain Controller? Are there
any particular policies that are a part of the Domain Controller or are policies only related to the
Active Directory? Furthermore, I am curious to find out whether my mentor deals with the
Active Directory on a frequent basis to reduce the possibility of security breaches.
In summary, reading this article helped me get a clear picture about the differences
between the Active Directory and Domain Controller, which is essential for any Information
Security Officer to understand. I was also able to make several connections to what I had learned
over the past few months, which was very motivating. Overall, I hope to continue solidifying
fundamental Cybersecurity concepts by conducting further individual research and asking my
mentor any questions or doubts that I may have.
I hope this will relate the equivalent scenarios and differences between Active Directory and
domain controller functionality better than simply regurgitating documentation.
If you're looking for Active Directory explained, you've come to
the right place.
Domain Controllers
A bouncer named Ox is standing guard at the door of the
nightclub dubbed Club BOFH. Ox's job is to check names
against a list before letting someone in line get into the club.
Every hopeful club-goer in line wants to get in, but they have to
be on the 'A' list.
Not on the list? They don't get in. If they try, they get ejected!
The bouncer is providing a critical service to the nightclub
owner, who, when not running a club, writes these types of blog
posts explaining IT topics. Okay, so the bouncer equates to the
Domain Controller since he stops random people from entering
the nightclub.
Once Ox authenticates the club goer, they detach the velvet rope
and allow the club-goer (a user or computer) to pass. This is the
only way to gain access to domain resources (drinks, music, and
dancing within the night club). So basically, the Domain
Controller primarily deals with the authentication of users
Active Directory
Club BOFH is unique. There's only one location. The night
club's owner, Roscoe, has a black book that contains all club-
goers who are authorized to enter and have paid their
membership fees.
Ox's closest friend, Hanz (who helps out daily), has a copy of
this black book and occasionally compares their list to what Ox
has. Any entry in Ox's book that is not included in Hanz's book
is added or removed. When an employee joins a company, will
their name be added to the company system’s active directory?
Sometimes Ox has left the book at home. This isn't a problem as
Ox can still look at what Hanz has recorded and shared.
Conclusion
The differences between what Active Directory does and what a
domain controller does isn't a difficult subject once you can
visualize the process. It's easiest to remember that domain
controllers authenticate your authority, and Active Directory
handles your identity and security access. This is a good way to
put it simply, especially with the previously mentioned
nightclub analogy.