How To Set Up Active Directory Between Two Sites With 2 Domain Controllers

A domain controller is a server that responds to authentication requests and verifies users on computer networks. Domains are a hierarchical way of organizing users and computers that work together on the same network. The domain controller keeps all of that data organized and secured.

The domain controller (DC) is the box that holds the keys to the kingdom- Active Directory (AD). While attackers accept all sorts of tricks to gain elevated access on networks, including attacking the DC itself, you can not just protect your DCs from attackers but really use DCs to notice cyberattacks in progress.

Get the Gratuitous Pen Testing Active Directory Environments EBook

What is The Main Function of a Domain Controller?

domain controller use

The primary responsibleness of the DC is to authenticate and validate user admission on the network. When users log into their domain, the DC checks their username, countersign, and other credentials to either allow or deny access for that user.

Microsoft Active Directory or Microsoft AzureAD are the near mutual examples, while Samba is the Linux based equivalent DC.

Why is a Domain Controller Important?

Domain controllers contain the data that determines and validates access to your network, including whatever group policies and all computer names. Everything an aggressor could perchance demand to cause massive damage to your data and network is on the DC, which makes a DC a chief target during a cyberattack.

Domain Controller vs. Agile Directory

ACTIVE DIRECTORY : DOMAIN CONTROLLER :: car : engine

Active Directory is a type of domain, and a domain controller is an important server on that domain. Kind of like how there are many types of cars, and every automobile needs an engine to operate. Every domain has a domain controller, but not every domain is Active Directory.

Do I Need a Domain Controller?

In general, yes. Any business concern – no affair the size – that saves customer information on their network needs a domain controller to amend security of their network. In that location could exist exceptions: some businesses, for example, only apply cloud based CRM and payment solutions. In those cases, the cloud service secures and protects customer data.

The key question you need to ask is "where does my customer data live and who can access it?"

The reply determines if you lot demand a domain – and DC – to secure your data.

domain controller benefits and limitations

Benefits of Domain Controller

Centralized user direction
Enables resources sharing for files and printers
Federated configuration for back-up (FSMO)
Tin exist distributed and replicated across large networks
Encryption of user information
Can be hardened and locked-down for improved security

Limitations of Domain Controller

Target for cyberattack
Potential to be hacked
Users and Bone must be maintained to be stable, secure and up-to-date
Network is dependent on DC uptime
Hardware/software requirements

How to Set Up a Domain Controller + Best Practices

best practices for setting up a domain controller

Configure a stand-solitary server for your domain controller.
- If y'all are using Azure AD as your domain controller yous tin ignore this stride.
- If not, your DC should act exclusively equally a DC.
Limit both concrete and remote access to your DC as much as possible.
- Consider local disk encryption (BitLocker)
- Employ GPOs to provide admission to the SysAdmins in charge of administering Active Directory, and let no other users to log in, either on the console or via Concluding Services.
Standardize your DC configuration for reuse

Setting upwardly a secure and stable DC doesn't not mean you are secure forever. Attackers will yet try to hack into your DC to escalate privileges or enable lateral movement throughout your network. Varonis monitors AD for out-of-policy GPO changes, Kerberos attacks, privilege escalations, and more than.

Want to see how it works? Become a personalized ane:1 demo to how Varonis protects DCs and Agile Directory from cyberattacks.

Jeff Petters

Jeff has been working on computers since his Dad brought home an IBM PC 8086 with dual deejay drives. Researching and writing about data security is his dream chore.