Enhancing security through Active Directory

AD and the Data Protection Act

It is possible to fill AD with a substantial amount of information regarding the people who work in your organisation. Part of the Data Protection Act states that organisations holding data on any living individual such as HR records are required to adopt appropriate 'organisational and technical measures' to ensure the security of the information

If there were an unauthorised disclosure of information, this would indicate insufficient measures to protect the data and therefore a breach of the Data Protection Act.

However, AD makes extensive use of the same permission based security that is used to protect objects in the Windows 2000 and 2003 operating systems. By judicious use of this security system you can prevent unwanted users from browsing the AD structure.

In addition this ensures that support staff can only access the OU containers containing the servers, workstations, users and groups they are responsible for and reduces the risk of internal attacks on data and accidental damage from 'friendly fire' such as hitting the delete key by mistake.


In summary, AD is Microsoft's most powerful enterprise tool. AD can dramatically reduce the total cost of ownership of your enterprise and toughen security in the areas of authentication and access to network resources without sacrificing manageability and ease of use.

Click here if you would like to receive more information from Microsoft on Active Directory

(please note, to fulfil your request, upon clicking here your details will be passed to Microsoft)

Ben Chai is author of Migrating from Windows NT to Windows 2000 and has worked on several AD projects in the financial sector. He can be emailed via Ben@chai.co.uk