Save or Share this Report

For Security & Risk Professionals

Active Directory Q&A: Demand Rises

Directory Consolidation Saves On Administrative Costs, Eases Provisioning

August 11, 2009

Primary author headshot


  • By Andras Cser
  • with Robert Whiteley III,
  • Margaret Ryan

Why Read This Report

For the past 10 years, Active Directory (AD) has remained the backbone of identity infrastructures. Organizations continue to struggle with consolidating AD domains across the enterprise and centralizing ownership for them. Business partners' information is usually stored separately from employee data, usually in a different AD domain. Those organizations that were able to address the security concerns of putting AD in the DMZ usually created a separate AD domain in the DMZ with trust relationships carefully managed. Although auditing and providing domain-specific and minimal privileges for system administrators remains problematic with AD (often requiring third-party tools), most companies do not see any near-term alternatives to using AD for managing Windows users, groups, and computers.

Get Access

Already a Client?

Log in to read this document.

Become a Forrester Client

Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.

Purchase Report

This report is available for individual purchase ($499 USD).


Table of Contents

  • 1. Who owns AD and lightweight directory access protocol (LDAP) in the organization?
  • 2. How do you handle mergers and acquisitions (M&A) with AD and LDAP?
  • 3. How do you store business-to-business (B2B) users' information in AD?
  • 4. How do you put AD in the DMZ?
  • 5. How do you enforce password policies in AD?
  • 6. How do you track changes in AD?
  • 7. How do you manage sensitive access to AD?
  • 8. What are the typical models for AD topology design?
  • 9. What are some of the alternatives to AD?
  • 10. What are some of the issues around AD and LDAP infrastructure?

Recommended Research