Active Directory is a package designed by Microsoft to manage an organizational network, this package is using different tools to organize and manage the corporate network. Basically before we get into specifics, the Active Directory is creating a managerial environment, where all of the network clients (end users) are connected to it, and anyone who connects to it is registered and monitored by the Active Directory system. That enables it, to manage the end users, what they are allowed to do, what they can’t, which resources will be available to whom. It creates groups and give those groups policies (group of rules) which binds that group into those rules, and every end user that is defined within this group is bind by it rules, and accordingly can or can’t do things within the network.

The Active Directory, has been built inside the windows servers (server 2003, 2008) and the Active Directory is it’s source of organization. Anyone who connects to the server is actually connected to the Active Directory, and through that can use the network resources, as defined in the Active Directory rules.

So how does it work ?
The tools that Active Directory uses, are the LDAP (lightweight directory access protocol) which is basically a library service. There is the authentication protocol based on Kerberos (authentication protocol for client/server services that enables connection and communication using secret encrypted codes over the internet), then there is the DNS (domain name system, which translate names like website addresses into IP addresses) and finally the group enforcement, making sure the group rules are working properly.

The Active Directory has a Physical aspect which includes a database that is residing on DC (DomainControllers), those DCs can do various operations and purposes, or the same operation for redundancy and loading performance and separations, where each change in domain is replicated using a replication mechanism, to the other domains and of course updating the whole organization accordingly. The Logical aspect of it is hierarchical concepts, like a pyramid, the higher structure is a forest, which is containing trees which resemble a collection of DCs. The forest is actually any object on the network, anything connected to it, and the rules apply using that hierarchy.

Each object on the network is an “Entity” and each entity has its own definitions which divides into 3 types: resources, services & users. Every object has it’s unique GUID (ID), which identifies against the library (the LDAP) and that is how it gets identified.

This is the basic operation of the Active Directory. It’s use and functionality is to centralize manage all of the computerized resources in the organization. The policy can be implemented using a management tool called GPO (group policy) which can manage the policies given to different groups in the organization’s network.

This whole concept enable the network administrator to obtain control over the whole network from one computer (DC) and  to define what type of desktop will a user have, which directories he can access, what tools he can use etc…

We always want to be in control and some of us have information at home that we might want to be able to access remotely. Accessing the home computer remotely means that you connecting to the internet and want to be able to access your home computer and perform certain operations. Those types of operations have some effect on which tool to use since some of the tools enable a certain type of access and some take control of your own computer, so you could see the same screen of your home computer as if you are standing in front of your computer.

There are certain security measures that need to be understood. When we open access from the outside to our computer we actually open a door for someone (hacker) to access our computer, or to be able to do so. If the door would be closed and shut with a brick of the wall, then it is closed. But if we decide to make an opening, an external person can reach that opening, and might, of course, use it to do some harm, see our materials (in case they are confident – it might be risky) or spy on our actions, and maybe if we do not pay attention to see some important information like when we log-in to our bank account from home or place a credit card number on an online website to purchase something. If your computer is breached all of those actions and more can happen to your home computer.

The remote access tools are being divided to online programs, software programs. The online programs are programs which are using internet technology to enable the remote connection like the LogMeIn, GoToMyPC, TEAMVIEWER, WEBEX PCNOW, some of the support people use WEBEX technique to gain access to your computer, seeing your screen, with your permission of course (you initiate the session) and you can see everything the support person does on your computer. The software programs are tools that open access and enable the end-user (remote person) to take control of your home computer. Some of these programs are TightVNC, RealVNC, Symantec PCAnywhere, LAPLINK and there is a built-in application in Windows XP, called remote desktop (you can run it by typing on the start–>run MSTSC).

Some programs might require you to set a permanent IP (called Static IP), which means that you will need to ask your ISP for a permanent IP to your computer. The ISP will give you an IP, and you will need to configure your home computer’s firewall NAT (network address translation) which means you will have an internal IP translated to the IP the ISP gave you. The only IP a remote person (or anyone outside of your home) will be the ISP IP, which protects your internal IP (no one will know what your internal IP is they will only know the external IP that you set on your home computer firewall. That IP directs to your computer, and so there is a way to access it, with the correct tools, and of course only by knowing the access password.