Why Read This
For the past 10 years, Active Directory (AD) has remained the backbone of identity infrastructures. Organizations continue to struggle with consolidating AD domains across the enterprise and centralizing ownership for them. Business partners' information is usually stored separately from employee data, usually in a different AD domain. Those organizations that were able to address the security concerns of putting AD in the DMZ usually created a separate AD domain in the DMZ with trust relationships carefully managed. Although auditing and providing domain-specific and minimal privileges for system administrators remains problematic with AD (often requiring third-party tools), most companies do not see any near-term alternatives to using AD for managing Windows users, groups, and computers.