Thursday, 3 September 2015

On 00:05 by martin adom in ,    No comments
Are you sleep deprived because of your Active Directory? If yes, then you can easily understand the reason behind it.

Active Directory is the heart of Windows network. It is the combined, distributed directory service that is included with Microsoft Windows Server. It is the largest and most perilous distributed system in your organization. It provides a single manageable point for network administration and security functions. It helps you to organize your company’s users and computers.

Your organization is your kingdom, and Active Directory holds the legendary keys to the kingdom. In order to secure your Kingdom, you must secure its keys first. A single loophole can make it vulnerable to threats.

One must always believe in the fact that there’s always a room for improvement, no matter what.

Here are ways through which you can effortlessly improve and optimize your Active Directory.

Let’s have a look at them : 

1)    Manage Memory

Managing memory is very important for Active Directory server. IT administrators should install domain controllers on servers that provide sufficient amount of memory. The basic idea is to provide sufficient memory to cache the entire AD database along with saving memory space to support AD database future development. With the availability of adequate memory space AD server is less reliant on disc access and therefore the system’s specious performance is immensely improved.

2)    Improvise Disk Performance

Disk access is needed to load the server’s memory with database. If the entire database won’t fit in memory then extra disk space will be needed for uncached parts of the database.  Our main motive is to optimize AD disk space, for this you must look for disk subsystem performance features such as command queuing along with paying extra attention to the way AD files are organized. You can calculate disk performance by observing the average disk queue length performance counter available on the disk volumes that contains AD database and logs.

Besides this, you can also measure the average disk-read queue length and the average disk-write queue length performance counters. Always remember that long queues mean deprived disk performance, so taking the folders to a different or better-performing disk might help in improving AD performance during disk writes.

 3)    Complete Automation

Automation is one of the best approach in improvising your Active Directory. The main idea should be to permit the programs on your server to do whatsoever is desirable without your interference at all. Your involvement should be there only if in case something went wrong.

4)    Document What You Have

Documenting your Active Directory isn’t an interesting work, but to know where you’re going you must know where you’re right now. The best way to document is to start from the high-level structures, Organizational Unit (OU) structure, top-level directory security, and existing trust relationships. The documentation that you are creating must include password and audit policies. Be sure you have a list of all modifications you’ve made to the Active Directory representation, preferably in the form of a Lightweight Directory Interchange Format (LDIF) file.

5)    Isolate Domain Controllers

Domain controllers (DCs) are the servers that run Windows Active Directory. It’s important to make sure that they are properly secured in both physical and logical manner. The first step towards isolating domain controllers is to ensure that they don’t host workloads other than Active Directory. A DC should be tangibly more secure.

Wrapping it up : Active Directory is a precarious service for enterprise network authentication, which can be improved with some modest performance monitoring and basic modifications to the server and storage access. On your security voyage you will surely feel the need for help. LepideAuditor Suite is there to help you in enhancing the security of Active Directory. It is a smart change auditing solution to clearly show who made what change to which content and when with rollback options.


Post a Comment