The Active Directory or AD is a Microsoft product that stores computer names, user names, passwords, and other information in a central database so that security access information does not need to be duplicated on every machine. Accounts on Active Directory can only be created for Berkeley Lab employees and affiliates.
- The AD verifies that people are who they say they are when they attempt to connect to the network or resources on the network (using a complex password that is associated with the user account)
- The AD checks to ensure users are allowed to do what they are attempting to do, such as deleting a file, before allowing them to do it. (used by groups who have added file servers to AD)
- The AD ensures computers meet the minimum security requirements for computers on the Berkeley Lab network automatically
- The AD ensures computers remain up-to-date on security patches
In addition, some groups at the Lab have extended their use of AD to control access to other resources (print servers and file servers).
The AD can be used to control access to resources on the network. This includes computers, printers, devices, folders, files, and other items on the network. AD also provides tools to help desktop computers stay protected from unknown users and to remain up-to-date on security patches.