Most computers running Windows XP Professional will be clients in a Windows 2000 domain. One of the benefits of joining a Windows 2000 domain is the Active Directory service. It is important to understand the overall purpose of a directory service and the role that Active Directory plays in a Windows 2000 network. In addition, you should know about the key features of Active Directory, which have been designed to provide flexibility and ease of administration.
Active Directory is the directory service included in the Windows 2000 Server products. A directory service is a network service that identifies all resources on a network and makes them accessible to users and applications.
Active Directory includes the directory or data store, which is a structured database that stores information about network resources, as well as all the services that make the information available and useful. The resources stored in the directory, such as user data, printers, servers, databases, groups, computers, and security policies, are known as objects.
Active Directory organizes resources hierarchically in domains, which are logical groupings of servers and other network resources under a single domain name. The domain is the basic unit of replication and security in a Windows 2000 network.
Each domain includes one or more domain controllers. A domain controller is a computer running one of the Windows 2000 Server products that stores a complete replica of the domain directory. To simplify administration, all domain controllers in the domain are peers. You can make changes to any domain controller, and the updates are replicated to all other domain controllers in the domain.
Active Directory further simplifies administration by providing a single point of administration for all objects on the network. Because Active Directory provides a single logon point for all network resources, an administrator can log on to one computer and administer objects on any computer in the network.
In Active Directory, the directory stores information by organizing itself into sections that permit storage for a very large number of objects. As a result, the directory can expand as an organization grows, allowing you to scale from a small installation with a few hundred objects to a very large installation with millions of objects.
You can distribute directory information across several computers in a network.
Active Directory integrates the Internet concept of a namespace with the Windows 2000 directory services. This allows you to unify and manage the multiple namespaces that now exist in the heterogeneous software and hardware environments of corporate networks. Active Directory uses DNS for its name system and can exchange information with any application or directory that uses Lightweight Directory Access Protocol (LDAP) or Hypertext Transfer Protocol (HTTP).
Active Directory also shares information with other directory services that support LDAP version 2 and version 3, such as Novell Directory Services.
Because Active Directory uses DNS as its domain naming and location service, Windows 2000 domain names are also DNS names. Windows 2000 Server uses Dynamic DNS (DDNS), which enables clients with dynamically assigned addresses to register directly with a server running the DNS Service and update the DNS table dynamically. DDNS eliminates the need for other Internet naming services, such as Windows Internet Naming Service (WINS), in a homogeneous environment.
For Active Directory and associated client software to function correctly, you must have installed and configured the DNS Service.
Active Directory further embraces Internet standards by directly supporting LDAP and HTTP. LDAP is an Internet standard for accessing directory services, developed as a simpler alternative to the Directory Access Protocol (DAP). For more information about LDAP, use your Web browser to search for "RFC 1777" and retrieve the text of this RFC. Active Directory supports both LDAP version 2 and version 3. HTTP is the standard protocol for displaying pages on the World Wide Web. You can display every object in Active Directory as a Hypertext Markup Language (HTML) page in a Web browser. Thus, users receive the benefit of the familiar Web browsing model when querying and viewing objects in Active Directory.
Active Directory uses LDAP to exchange information between directories and applications.
Active Directory supports several common name formats. Consequently, users and applications can access Active Directory by using the format with which they are most familiar. Table 5.3 describes some standard name formats supported by Active Directory.
Table 5.3 Standard Name Formats Supported by Active Directory
RFC 822 names are in the form somename@domain and are familiar to most users as Internet e-mail addresses.
HTTP Uniform Resource Locators (URLs) are familiar to users with Web browsers and take the form http://domain/path-to-page.
Active Directory supports the Universal Naming Convention (UNC) used in Windows 2000 Server-based networks to refer to shared volumes, printers, and files. An example is \\microsoft.com\xl\budget.xls.
An LDAP URL specifies the server on which the Active Directory service resides and the attributed name of the object. Active Directory supports a draft to RFC 1779 and uses the attributes in the following example: LDAP://someserver.microsoft.com/CN=FirstnameLastname,OU=sys, OU=product,OU=division,DC=devel where CN represents CommonName, OU represents OrganizationalUnitName, and DC represents DomainComponentName.
Here are some questions to help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. The answers are in Appendix A, "Questions and Answers."