Meet Active Directory

team lib

To do its job properly, a directory service must meet three primary requirements:

  • It must include a structure to organize and store directory data.

  • It must provide a means to query and manage directory data.

  • It must supply a method to locate directory data and the network and server resources that might correspond to such data. (For example, if the directory data includes a pointer to a file and a printer, the directory service must know where they reside and how to access them.)

Windows Server 2003's Active Directory fulfills all these requirements using various technologies. For more information about Active Directory, pick up a copy of Active Directory For Dummies by Marcia Loughry (published by Wiley Publishing, Inc.).

Organizing and storing data

The structure of Active Directory follows the formatting guidelines of the ISO X.500 protocol. (ISO stands for International Organization for Standardization.) Figure 11-1 shows the hierarchical structure of an X.500 directory. This is a common standard used in nearly all directory services, including not only Microsoft's Active Directory but also Novell Directory Services (NDS), Netscape products, and other implementations . X.500 has proven to be useful for this application because it organizes data in a hierarchy that breaks directory information into a variety of useful containers, such as countries , organizational units, subunits , and resources. The example in Figure 11-1 organizes the directory down to the user objects.

click to expand
Figure 11-1: The hierarchical structure of an X.500 directory.

The two X.500 standards commonly used today are the 1988 and 1993 X.500 standards. The 1993 version includes a number of advances over the older 1988 version. Happily, the 1993 version is the standard upon which Windows Server 2003 built Active Directory.

Managing data

A special-purpose protocol known as the Lightweight Directory Access Protocol (LDAP) provides the second ingredient for the Active Directory service. LDAP normally utilizes TCP port 389 as its main network transport connection. As the latter part of its name suggests, LDAP is designed specifically to retrieve and access directory data. (The Lightweight part of its name stems from the fact that it's a stripped-down version of an older, more cumbersome X.500 DAP.)

TECHNICAL STUFF 

The terminology used in this chapter may seem familiar to those of you who are acquainted with Microsoft Exchange Server's directory service. This is because the Active Directory service in Windows Server 2003 shares a common heritage (and common technology) with the Exchange Server directory service. In fact, an Exchange connector is supplied with Windows Server 2003 to link the two directory services and to replicate data between them. Not surprisingly, this software component is called the Active Directory Connector.

Tip 

Additional information on LDAP can be found at the RFC #1777 (Request For Comments) page at http://www.ietf.org/rfc/rfc1777.txt.

Locating data and resources

If Windows Server 2003 directory data is structured using the X.500 protocol and this data is accessed using LDAP, there still must be a way to locate directory data. Time for the missing third ingredient! How does Active Directory meet the third and final requirement for a working directory service? We're glad you asked. Active Directory relies on the well-known and widely used Internet standard called the Domain Name Service (DNS) as its locator service.

team lib


Windows Server 2003 for Dummies
Windows Server 2003 for Dummies
ISBN: 0764516337
EAN: 2147483647
Year: 2003
Pages: 195

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net