20 January 2019
How to maintain your Active Directory
Active Directory (AD) is a Microsoft technology that’s something like a phone directory for your network; as Microsoft explains, “it stores information about organizations, sites, systems, users, shares, and just about any other network object that you can imagine”.
As your network evolves, AD accumulates lots of entries for different user and computer objects and old entries can become a problem if they’re forgotten and left in place instead of being deleted or disabled when no longer necessary.
Keep your AD fresh
‘Stale’ objects are user accounts and physical devices that are no longer part of the network. User objects have associated passwords, so the user can log their account into the network, while computer objects have access to other information in AD.
These objects should be removed as they could become attack vectors for bad actors to compromise your network’s security. Fortunately, there are many ways to manage this digital detritus.
Keep your AD clean
As both types of objects represent physical entities, clear communication between the HR team for user objects (regarding staff movements, hiring, and firing) and procurement or facilities teams for computer objects (regarding equipment movements, acquisitions, and disposals) will go a long way towards keeping your AD clean.
Automation can supplement this process-based approach. You can configure lockout policies to disable or delete user objects; configure new user objects with strong passwords rather than defaults like ‘password’ or ‘p4ssw0rd’; and keep your PC fleet upgraded to the latest version of Windows.
Better yet, you can use a script to detect stale objects. There are many tools you can use for this, and the Active Directory Administrative Centre in Windows Server 2008 R2 and 2012 includes a Global Search function that can locate stale user objects, so you can delete or disable them.
Take care of your AD and it’ll take care of you
Your AD is a vital network resource, so take care with it. Deleting legitimate objects can lead to significant productivity problems, so minimise the risk of this by adopting good protocols and processes.
The benefits? The security risks posed by stale objects will be reduced (or even eliminated) so you’ll be able to breathe just that little bit easier.