Section 25.1. The Domain: Business Enterprise Ultimate

Previous page
Table of content
Next page

25.1. The Domain: Business ¢ Enterprise ¢ Ultimate

As you may remember from Chapter 24, nobody else on a workgroup network can access the files on your PC unless you've created an account for them on your machine. Whenever somebody new joins the department, you have to create another new account; when people leave, you have to delete or disable their accounts. If something goes wrong with your hard drive, you have to recreate all of the accounts.

25.1.1. What's Wrong with Workgroups

You must have an account on each shared PC, too. If you're lucky, you have the same name and password on each machinebut that isn't always the case. You might have to remember that you're pjenkins on the front-desk computer, but JenkinsP on the administrative machine.

Similarly, suppose there's a network printer on one of the computers in your workgroup. If you want to use it, you have to find out whose computer the printer is connected to, call him to ask if he'll create an account for you, and hope that he knows how to do it. You either have to tell him your user name and password, or find out what user name and password he's assigned to you. In that case, every time you want to use that printer, you might have to log on by typing that user name and password.

If you multiply all of this hassle by the number of PCs on your small network, it's easy to see how you might suddenly find yourself spending more time managing accounts and permissions than getting any work done.

25.1.2. The Domain Concept

The solution to all of these problems is the network domain. In a domain, you only have a single name and password, which gets you into every shared PC and printer on the network. Everyone's account information resides on a central computer called a domain controller a computer so important, it's usually locked away in a closet or a data-center room.

A domain controller keeps track of who is allowed to log on, who is logged on, and what each person is allowed to do on the network. When you log onto the domain with your PC, the domain controller verifies your credentials and permits (or denies) you access.

Most domain networks have at least two domain controllers with identical information, so if one computer dies, the other one can take over. (Some networks have many more than two.) This redundancy is a critical safety net, because without a happy, healthy domain controller, the entire network is dead.

Without budging from their chairs, network administrators can use a domain controller to create new accounts, manage existing ones, and assign permissions. The domain takes the equipment-management and security concerns of the network out of the hands of individuals and puts them into the hands of trained professionals. You may sometimes hear this kind of networking called client/server networking . Each workstation that is, each mere mortal PC like yoursrelies on a central server machine for its network access.

If you use Windows in a medium- to large- sized company, you probably use a domain every day. You may not even have been aware of it, but that's no big deal; knowing what's been going on right under your nose isn't especially important to your ability to get work done. After all, it's not your jobit's the network administrator's. But understanding the domain system can help you take better advantage of a domain's features.

25.1.3. Active Directory

As you know, Microsoft sells several versions of Windows Vista: Home Basic, Home Premium, Business, Enterprise, and Ultimate. One key difference is that computers running the two Home editions can't join a domain.

There are other versions of Windows, however: the specialized ones that run on those domain controller computers. To create a domain, at least one computer must be running either Windows .NET Server 2003 or Windows 2000 Server. These are far more expensive operating systems (the price depends on the number of machines that they serve) and they run only on high-octane PCs. They also require high-octane expertise to install and maintain.

One key offering of these specialized Windows versions is an elaborate application called Active Directory . It's a single, centralized database that stores every scrap of information about the hardware, software, and people on the network. (The older operating system called Windows NT Server can create domains, but it doesn't include Active Directory.)

After creating a domain by installing Active Directory on a server computer, network administrators can set about filling the directory (database) with information about the network's resources. Every computer, printer, and person is represented by an object in the database and attributes (properties) that describe it. For example, a user object's attributes specify that person's name, location, telephone number, email address, and other, more technical, elements.

Active Directory lets network administrators maintain an enormous hierarchy of computers. A multinational corporation with tens of thousands of employees in offices worldwide can all be part of one Active Directory domain, with servers distributed in hundreds of locations, all connected by wide-area networking links. (A group of domains is known as a tree . Huge networks might even have more than one tree; if so, they're calledyes, you guessed ita forest .)

The objects in an Active Directory domain are arranged in a hierarchy, something like the hierarchy of folders within folders on your hard drive. Some companies base their directory-tree designs on the organization of the company, using departments and divisions as the building blocks. Others use geographic locations as the basis for the design, or use a combination of both.

Unless you've decided to take up the rewarding career of network administration, you'll never have to install an Active Directory domain controller, design a directory tree, or create domain objects. However, you very well may encounter the Active Directory at your company. You can use it to search for the mailing address of somebody else on the network, for example, or locate a printer that can print on both sides of the page at once. Having some idea of the directory's structure can help in these cases.

25.1.4. Domain Security

Security is one of the primary reasons for Active Directory's existence. First off, all of the account names and passwords reside on a single machine (the domain controller), which can easily be locked away, protected, and backed up. The multiple domain controllers automatically replicate the changes to one another, so that each one has up-to-date information.

Active Directory is also a vital part of the network's other security mechanisms. When your computer is a member of a domain, the first thing you do is log on, just as in a workgroup. But when you log into a domain, Windows Vista transmits your name and password (in encrypted form) to the domain controller, which checks your credentials and grants or denies you access.



Previous page
Table of content
Next page
Windows Vista. The Missing Manual
Windows Vista: The Missing Manual
ISBN: 0596528272
EAN: 2147483647
Year: 2006
Pages: 284
Authors: David Pogue
BUY ON AMAZON
Metrics and Models in Software Quality Engineering (2nd Edition)
FileMaker Pro 8: The Missing Manual
C++ How to Program (5th Edition)
Introduction to 80x86 Assembly Language and Computer Architecture
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
What is Lean Six Sigma
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy