Directory+services

=__Directory Services__= Directory services are a collection of tools that provide management solutions and administration for networks. The tools include; Active Directory, account managment, account authentication etc. They make the task of network administration much more centralised and removes the need to configure each computer individually.
 * Account management
 * Authentication management
 * Active directory (Domain controller)

Account Management
Account management services provide centralised management of user accounts and allow administrators to create, delete and configure user accounts that are managed by that server. By using account management services network administrators can allow users to log on to any PC managed by the account management server without having to configure their profile on that computer. The service also manages user access credentials which control their access rights and enable or disable software and hardware features. Additionally account managment services can be used in conjunction with other directory services to enable users to access and use other network services. **Administrators can also use account management technology to create and control user groups which control user access rights as a group rather than individually. this feature is useful in situations like if a new piece of financial software is installed and all the accountants need to be given access permissions, without groups administartors would have to locate all the accountants user names and change the access permissions per account but with groups, all the administrators need to do is locate the accountant user group and change the permissions. Administrators can also set password standard requirements based on the user group, for example an administrator would need to have a much stronger password than a normal employee. This technology makes it much faster to manage many user profiles with largly varying access rights and helps minimise the number of errors when adjusting access priveleges. This reduction in the number of errors made when making changes makes the system more secure by sealing off many methods of unauthorised access.**

Authentication Management
Authentication managment services creates and maintains logs of all user access and records all network authentication activity including failed authentication attempts. The service also manages SIDs (Security IDentifiers) which prevent duplication of certain secure network authentication items. **This technology is also involved in general internet usage for things like HTTPS (Hyper Text Transfer Protocol Secure) which encrypts webpages before sending them to the user to prevent the data from being intercepted and viewed by an attacker. It also covers digital certificates which make use of complex encryption to create a method of reliably and securely identifying the origin of the file or webpage that the certificate is embedded in. digital certificates are commonly used in authenticating the source and validity of webpages and files which allow financial transactions to be carried out over the internet because both the provider and the user can authenticate their identity. Authentication technology is used anywhere that a user is required to provide a method of authentication (usually a password) before they are allowed access to the device or service and this allows users to quickly access resources the have the rights to by using standardised methods of authentication.**

Active Directory
Active directory servers are what control the entire directory services collection of services and servers. Active dirertory servers maintain a database of network profiles, computers, printers and any other network devices. They also provide a hierarchical method of administration as any changes made to an active directory database will be propagated to other databases on the same level. **The active directory domain hierarchy requires a domain controller to be assigned to manage all active directory servers below it and will be where an administrator makes changes to the domain and any devices within it. Domain controllers always preside over a domain and are often part of a larger domain which is controlled by another domain controller which itself is often part of an even bigger domain and so on. The changes made using a domain controller will be propagated down the hierarchy but not up, this is because the domain controlls all the servers below it but is controlled by the servers above it so the only way to make a change to all active directory servers within an organisation is to go to the top level domain controller and make the changes there. This method of configuration propagation provides a good method of identifying and containing an intrusion or system security breach because the attacker will only gain control of the server and any servers below it.**