February 20, 2020

Active Directory

Think of Active Directory (AD) as your main company directory. Set it up to include everyone’s contact information, configure it to actively reflect how your network is organized and you’ll have a complete company directory at your fingertips. Regular updates should be planned to ensure that your Active Directory remains accurate. One of the most compelling reasons to deploy Active Directory is to centralize user identity across your entire organization. Doing this will save everyone the time and frustration of having to look up a colleague’s extension number or email address. It’s all right there in Office 365, and accessible in your ExchangeTeams and SharePoint apps.

Azure Active Directory diagram

It will save the company money, too. Your Office 365 Active Directory can even be used to generate organization charts. You’ll save time. And properly set up and maintained, Active Directory can eliminate the need for a third-party directory application. That saves the cost and time spent entering all that information again. It also eliminates the need to learn to use yet another program.

Why Active Directory?

You may never have heard of Active Directory, or have only a passing familiarity with it, because all its functions run in the background. Properly implemented, you may only rarely need to touch the program itself. But it performs a range of services that are critical to protecting your systems and making sure your communications systems work smoothly and seamlessly.

Active Directory is the umbrella title for a broad range of directory-based, identity-related services. It is included as part of most Microsoft operating and cloud-based systems, including Office 365.

Active Directory is the place to manage your company’s passwords, including password resets, storage and policies such as the minimum length of passwords, how often they must be reset, identify included/excluded characters, and so on.

Active Directory is the backbone of your enterprise security. It can also be used to assign features to a specific security group. This adds a layer of simplicity to your help desk’s day-to-day operations as well as a level of security. Every member of each group can see the same things. Having this preconfigured setup saves everyone time; IT doesn’t have to custom configure access for each employee, and each new employee starts out in a group that’s set up with access to everything they should need. By nesting groups, you can take that to additional levels, adding access to programs each group needs. You can assign access to parts of every application that employees will need to perform tasks, in for example, the HR department. All members of the HR group would have access to the department’s shared drives, shared printers, and HR-specific modules within programs like Workday.

GPOs (Global Policy Objects) also live in your Active Directory. Azure AD Connect is used to whitelist web sites, set up screen savers, require a screen locks, set up browser emulations, define templates across Office 365 apps, map printers dynamically, and much more.

Azure AD Connect (formerly DirSync)

Azure AD Connect is a Microsoft tool for connecting on premises identity infrastructure to Microsoft Azure AD. A wizard deploys and configures pre-requisites and components required for the connection, including sync and sign on. Azure AD Connect includes functionality that was previously released as DirSync and more recently as AAD Sync.

If you have AD and Office 365, you should have your IT department turn Azure AD Connect on. You’ll get the most out of Office 365 by enabling DirSync.  Managing two separate accounts – on-prem AD and Office 365 – makes life more complicated. Combining them unifies changes and gives everyone just one password to access both, a process known as pass-through authentication.

An Active Directory audit can ensure that your email system is running smoothly, and that mailboxes are properly apportioned and utilized. It can also identify potential security issues, like former employees that still have access to things they shouldn’t. An Active Directory audit can also save money by correctly categorizing email accounts and eliminating unnecessary licenses. Do you need to reconfigure or set up Active Directory for your organization? Call us or email info@BostonO365.com.