❤️ プロジェクトを支援する
JA
EN English UK Українська PL Polski ES Español DE Deutsch FR Français PT Português TR Türkçe JA 日本語 KO 한국어 RU Русский

Access Control Security (Global)

High-quality technical overview of Access Control Security in the context of blockchain security.

🌐 用語 他の言語で:
English Deutsch Español Français 日本語 한국어 Polski Português Русский Türkçe Українська
翻訳待ちのコンテンツです。英語版を表示しています。

Key components of AD include: 1. Domains: A logical group of objects. 2. OUs (Organizational Units): Subdivisions for applying specific Group Policies. 3. GPO (Group Policy Objects): Templates for managing system configurations. 4. FSMO Roles: Flexible Single Master Operation roles that handle specific critical tasks like schema updates or RID allocation.

        graph LR
  Center["Access Control Security (Global)"]:::main
  Rel_access_control["access-control"]:::related -.-> Center
  click Rel_access_control "/terms/access-control"
  Rel_access_control_mechanisms["access-control-mechanisms"]:::related -.-> Center
  click Rel_access_control_mechanisms "/terms/access-control-mechanisms"
  Rel_access_control_bypass["access-control-bypass"]:::related -.-> Center
  click Rel_access_control_bypass "/terms/access-control-bypass"
  classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
  classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
  classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
  classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
  linkStyle default stroke:#4b5563,stroke-width:2px;
🕸️ Open in Universe

🧒 5歳でもわかるように説明

Think of [Active Directory](/ja/terms/active-directory) like a giant, interactive phonebook for a whole company. It doesn't just have names and numbers; it also knows which employees have the 'key' to which office doors, which printers they can use, and it lets them sign in once to access everything they're allowed to touch.

🤓 Expert Deep Dive

Under the hood, AD is implemented as an Extensible Storage Engine (ESE) database called NTDS.DIT located on Domain Controllers. It operates using a multi-master replication model, where changes on one DC are propagated to others. Advanced security relies on the KDC (Key Distribution Center) representing the Kerberos auth flow. A critical modern concern is the 'Privileged Identity' lifecycle—protecting administrative accounts from 'Pass-the-Hash' attacks and securing the 'Trust Relationships' between different domains in a forest.

📚 出典