Introducing Active Directory

Active Directory is the heart of Microsoft Windows Server 2003. Just about every administrative task you'll perform will affect Active Directory in some way. Active Directory technology is based on standard Internet protocols and has a design that helps you clearly define your network's structure.

Active Directory and DNS

Active Directory uses the Domain Name System (DNS). DNS is a standard Internet service that organizes groups of computers into domains. Unlike Windows NT 4 domains, which have a flat structure, DNS domains are organized into a hierarchical structure. The DNS domain hierarchy is defined on an Internet-wide basis, and the different levels within the hierarchy identify computers, organizational domains, and top-level domains. DNS is also used to map host names , such as zeta.microsoft.com, to numeric Transmission Control Protocol/Internet Protocol (TCP/IP) addresses, such as 192.168.19.2. Through DNS, an Active Directory domain hierarchy can also be defined on an Internet-wide basis, or the domain hierarchy can be separate and private.

When you refer to computer resources in this type of domain, you use the fully qualified host name, such as zeta.microsoft.com. Here, zeta represents the name of an individual computer, microsoft represents the organizational domain, and com is the top-level domain. Top-level domains are at the root of the DNS hierarchy and are therefore also called root domains . These domains are organized geographically , by using two-letter country codes, such as CA for Canada; by organization type, such as com for commercial organizations; and by function, such as mil for U.S. military installations.

Normal domains, such as microsoft.com, are also referred to as parent domains . They have this name because they're the parents of an organizational structure. Parent domains can be divided into subdomains, which can be used for different offices, divisions, or geographic locations. For example, the fully qualified host name for a computer at Microsoft's Seattle office could be designated as jacob.seattle.microsoft.com. Here, jacob is the computer name, seattle is the subdomain, and microsoft.com is the parent domain. Another term for a subdomain is a child domain .

As you can see, DNS is an integral part of Active Directory technology ”so much so, in fact, that you must configure DNS on the network before you can install Active Directory. Working with DNS is covered in Chapter 20 , "Optimizing DNS." Once you configure DNS, you can install Active Directory by running the Active Directory Installation Wizard (click Start, click Run, type dcpromo in the Open field, and then click OK). If there isn't an existing domain, the wizard helps you create a domain and configure Active Directory in a new domain. The wizard can also help you add child domains to existing domain structures.

Getting Started with Active Directory

Active Directory provides both logical and physical structures for network components . Logical structures are

• Organizational units

  A subgroup of domains that often mirrors the organization's business or functional structure

• Domains

  A group of computers that share a common directory database

• Domain trees

  One or more domains that share a contiguous namespace

• Domain forests

  One or more domain trees that share common directory information

Physical structures are

• Subnets

  A network group with a specific IP address range and network mask.

• Sites

  One or more subnets; they're used to configure directory access and replication.