Active Directory Authorization

In Windows an active directory has information about all of the objects in the network. It both stores information and provides a means for access to the information. The objects are arranged in a hierarchical structure. The objects include domains, users, groups, computers, shared folders, printers, and sites. The highest level of the hierarchy is a forest which consists of all objects that are accessible in a single security boundary - it can contain one or more domains. In addition to specific attributes each individual object will also have a global unique identifier (GUID) which is 128 bits, and a Security ID - a SID.

To get a list of all of the program GUIDs go into command prompt and type 'wmic product get' - this will lay bare part of the structure of your system's active directory.

When authorization for access to the active directory is set, permissions can be specific to the object or domain level. Each active directory user will have a unique identity in a domain and a unique SID. There are often active directory groups with common permissions, restrictions and authorizations. To get the SID for a specific user, in command prompt type in:

wmic useraccount where name='John' get sid

Active Directory is a preferred means of account authorization because it has the advantage of providing for different permissions at different levels of a hierarchy.