It’s important to understand that most businesses will store information on computer systems as they act as a modern day filing cabinet. The filing system they use to organise the data is often referred to as a Directory and the objects in it are managed by a Directory Service and this also controls who has access to the resources, when they can access them and what devices can be used in the process. Privileged Users such as Administrators tend to manage the directory services or at least it would be deemed to be best practise to have a separation between the users that access the data and those that manage them.
Types of Directories used in business systems
Most enterprises have some type of directory that contains information pertaining to the company’s network resources and users. Most directories follow a hierarchical database format, based on the X.500 standard, and a type of protocol, as in Lightweight Directory Access Protocol (LDAP), that allows subjects and applications to interact with the directory.
Applications can request information about a particular user by making an LDAP request to the directory, and users can request information about a specific resource by using a similar request.
Popular Directory Services
The objects within the directory are managed by a directory service. The directory service allows an administrator to configure and manage how identification, authentication, authorisation, and access control take place within the network and on individual systems. The objects within the directory are labeled and identified with namespaces.
The dominant operating system used in businesses today, tends to be Microsoft and the their directory service is called Active Directory (AD).
A directory service manages the entries and data in the directory and also enforces the configured security policy by carrying out access control and identity management functions. For example, if you were to log in to a Microsoft Domain Controller (DC), the Directory Service (AD) will determine what resources you can and cannot access on the network.