|
To do its job properly, a directory service must meet three primary requirements:
It must include a structure to organize and store directory data.
It must provide a means to query and manage directory data.
It must supply a method to locate directory data and the network and server resources that might correspond to such data. (For example, if the directory data includes a pointer to a file and a printer, the directory service must know where they reside and how to access them.)
Windows Server 2003's Active Directory fulfills all these requirements using various technologies. For more information about Active Directory, pick up a copy of Active Directory For Dummies by Marcia Loughry (published by Wiley Publishing, Inc.).
The structure of Active Directory follows the formatting guidelines of the ISO X.500 protocol. (ISO stands for International Organization for Standardization.) Figure 11-1 shows the hierarchical structure of an X.500 directory. This is a common standard used in nearly all directory services, including not only Microsoft's Active Directory but also Novell Directory Services (NDS), Netscape products, and other implementations . X.500 has proven to be useful for this application because it organizes data in a hierarchy that breaks directory information into a variety of useful containers, such as countries , organizational units, subunits , and resources. The example in Figure 11-1 organizes the directory down to the user objects.
The two X.500 standards commonly used today are the 1988 and 1993 X.500 standards. The 1993 version includes a number of advances over the older 1988 version. Happily, the 1993 version is the standard upon which Windows Server 2003 built Active Directory.
A special-purpose protocol known as the Lightweight Directory Access Protocol (LDAP) provides the second ingredient for the Active Directory service. LDAP normally utilizes TCP port 389 as its main network transport connection. As the latter part of its name suggests, LDAP is designed specifically to retrieve and access directory data. (The Lightweight part of its name stems from the fact that it's a stripped-down version of an older, more cumbersome X.500 DAP.)
TECHNICAL STUFF | The terminology used in this chapter may seem familiar to those of you who are acquainted with Microsoft Exchange Server's directory service. This is because the Active Directory service in Windows Server 2003 shares a common heritage (and common technology) with the Exchange Server directory service. In fact, an Exchange connector is supplied with Windows Server 2003 to link the two directory services and to replicate data between them. Not surprisingly, this software component is called the Active Directory Connector. |
Tip | Additional information on LDAP can be found at the RFC #1777 (Request For Comments) page at http://www.ietf.org/rfc/rfc1777.txt. |
If Windows Server 2003 directory data is structured using the X.500 protocol and this data is accessed using LDAP, there still must be a way to locate directory data. Time for the missing third ingredient! How does Active Directory meet the third and final requirement for a working directory service? We're glad you asked. Active Directory relies on the well-known and widely used Internet standard called the Domain Name Service (DNS) as its locator service.
|