This essay provided by MiniTool group gives the correct answer to the question “in Active Directory, what does authorization”. It also offers a detailed explanation of the answer and other confusing options.

Do you know in Active Directory, what does authorization? Kerberos, RADIUS, LDAP, TACACS+, or SAML?

About Active Directory?

Active Directory (AD) is a directory service that maps the names of network resources to their respective network addresses. It is developed by Microsoft for Windows domain networks, which is a form of the computer network in which all user accounts, computers, printers, and other security principals are registered with a central database located on one or more clusters of central computers called domain controllers.

Active Directory is included in most Windows Server operating systems (OS) and serves as a set of processes and services. Originally, AD only manages the centralized domain. Yet, it has become an umbrella title for a large range of directory-based identity-related services.

A server running the Active Directory Domain Service (AD DS) is known as a domain controller. It authenticates and authorizes all users and computers in a Windows domain type network, assigning and enforcing security policies for all computers and installing or updating programs.

How to Add or Remove Computer to Domain Windows 10? [2 Cases]
How to Add or Remove Computer to Domain Windows 10? [2 Cases]

Do you know what a domain is? How to join a domain Windows 10? How to remove computer from domain Windows 10? This post shows you solutions.

Read More

The domain controller offers authentication & authorization mechanisms, allows management & storage of info, and establishes a framework to deploy other related services like lightweight directory services, rights management services (RMS), active directory federation services (AD FS), and certificate services.

Active Directory makes use of Domain Name System (DNS), Microsoft’s version of Kerberos, as well as version 2 and version 3 of Lightweight Directory Access Protocol (LDAP).

What Is Lightweight Directory Access Protocol?

Lightweight Directory Access Protocol (LDAP) is an open and vendor-neutral industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.

Lightweight Directory Access Protocol is specified in a series of Internet Engineering Task Force (IETF) Standard Track publications called Request for Comments (RFCs), using the description language ASN.1. LDAP is based on a simpler subset of the standards contained within the X.500 standard. So, it is also known as X.500-lite.

A common function of Lightweight Directory Access Protocol is to offer a central place to store usernames and passwords. This enables a lot of different services and programs to connect to the LDAP server to validate users.

Related Article: What Is Active Directory Users and Computers and How to Install

As Lightweight Directory Access Protocol has got momentum, vendors have offered it as an access protocol to other services. The implementation then recasts the data to mimic the LDAP/X. 500 model, but how closely this model is followed varies.

Similarly, data previously held in other types of data stores are sometimes moved to Lightweight Directory Access Protocol directories. Usually, LDAP is used by other services for authentication or authorization, what actions a given already-authenticated user can do on what service.

About other Options for the Question “In Active Directory, What Does Authorization”


Kerberos is a computer network authentication protocol that works based on tickets. It enables nodes to communicate over a non-secure network to prove their identity to one another in a secure manner.

Kerberos is designed mainly as a client-server model and it provides mutual authentication. Relying on Kerberos, both the server and the user verify each other’s identity.

2 Ways to Fix Node.DLL Is Missing Windows 10
2 Ways to Fix Node.DLL Is Missing Windows 10

If the node.dll file is missing, you may fail to start the program successfully. This post shows how to fix the error that node.dll is missing.

Read More

Remote Authentication Dial-In User Service

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA or Triple-A) management for users who connect and use a network service.

Terminal Access Controller Access-Control System

Terminal Access Controller Access-Control System (TACACS) is a family of related protocols handling remote authentication and related services for networked access control via a centralized server.

The original Terminal Access Controller Access-Control System protocol, dating back to 1984, was used to communicate with an authentication server, common in older UNIX networks. Later, 2 related protocols derived from TACACS, extended TACACS (XTACACS) and Terminal Access Controller Access-Control System Plus (TACACS+).

Terminal Access Controller Access-Control System Plus was developed by Cisco and released as an open standard beginning in 1993. Though derived from TACACS, TACACS+ is a separate protocol handling authentication, authorization, and accounting services. It has widely replaced its predecessors.

Security Assertion Markup Language

Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties, especially between a server and an identity provider. It is also an XML-based markup language, a set of XML-based protocol messages, a set of protocol message bindings, as well as a set of profiles.

Also read:

  • linkedin
  • reddit