Lesson 4:Understanding Active Directory

Most computers running Windows XP Professional will be clients in a Windows 2000 domain. One of the benefits of joining a Windows 2000 domain is the Active Directory service. It is important to understand the overall purpose of a directory service and the role that Active Directory plays in a Windows 2000 network. In addition, you should know about the key features of Active Directory, which have been designed to provide flexibility and ease of administration.


After this lesson, you will be able to

  • Explain the purpose and function of Active Directory

Estimated lesson time: 15 minutes


What Is Active Directory?

Active Directory is the directory service included in the Windows 2000 Server products. A directory service is a network service that identifies all resources on a network and makes them accessible to users and applications.

Active Directory includes the directory or data store, which is a structured database that stores information about network resources, as well as all the services that make the information available and useful. The resources stored in the directory, such as user data, printers, servers, databases, groups, computers, and security policies, are known as objects.

Simplified Administration

Active Directory organizes resources hierarchically in domains, which are logical groupings of servers and other network resources under a single domain name. The domain is the basic unit of replication and security in a Windows 2000 network.

Each domain includes one or more domain controllers. A domain controller is a computer running one of the Windows 2000 Server products that stores a complete replica of the domain directory. To simplify administration, all domain controllers in the domain are peers. You can make changes to any domain controller, and the updates are replicated to all other domain controllers in the domain.

Active Directory further simplifies administration by providing a single point of administration for all objects on the network. Because Active Directory provides a single logon point for all network resources, an administrator can log on to one computer and administer objects on any computer in the network.

Scalability

In Active Directory, the directory stores information by organizing itself into sections that permit storage for a very large number of objects. As a result, the directory can expand as an organization grows, allowing you to scale from a small installation with a few hundred objects to a very large installation with millions of objects.

You can distribute directory information across several computers in a network.

Open Standards Support

Active Directory integrates the Internet concept of a namespace with the Windows 2000 directory services. This allows you to unify and manage the multiple namespaces that now exist in the heterogeneous software and hardware environments of corporate networks. Active Directory uses DNS for its name system and can exchange information with any application or directory that uses Lightweight Directory Access Protocol (LDAP) or Hypertext Transfer Protocol (HTTP).

Active Directory also shares information with other directory services that support LDAP version 2 and version 3, such as Novell Directory Services.

Domain Name System (DNS)

Because Active Directory uses DNS as its domain naming and location service, Windows 2000 domain names are also DNS names. Windows 2000 Server uses Dynamic DNS (DDNS), which enables clients with dynamically assigned addresses to register directly with a server running the DNS Service and update the DNS table dynamically. DDNS eliminates the need for other Internet naming services, such as Windows Internet Naming Service (WINS), in a homogeneous environment.

For Active Directory and associated client software to function correctly, you must have installed and configured the DNS Service.

Support for LDAP and HTTP

Active Directory further embraces Internet standards by directly supporting LDAP and HTTP. LDAP is an Internet standard for accessing directory services, developed as a simpler alternative to the Directory Access Protocol (DAP). For more information about LDAP, use your Web browser to search for "RFC 1777" and retrieve the text of this RFC. Active Directory supports both LDAP version 2 and version 3. HTTP is the standard protocol for displaying pages on the World Wide Web. You can display every object in Active Directory as a Hypertext Markup Language (HTML) page in a Web browser. Thus, users receive the benefit of the familiar Web browsing model when querying and viewing objects in Active Directory.

Active Directory uses LDAP to exchange information between directories and applications.

Support for Standard Name Formats

Active Directory supports several common name formats. Consequently, users and applications can access Active Directory by using the format with which they are most familiar. Table 5.3 describes some standard name formats supported by Active Directory.

Table 5.3 Standard Name Formats Supported by Active Directory

Format Description

RFC 822

RFC 822 names are in the form somename@domain and are familiar to most users as Internet e-mail addresses.

HTTP URL

HTTP Uniform Resource Locators (URLs) are familiar to users with Web browsers and take the form http://domain/path-to-page.

UNC

Active Directory supports the Universal Naming Convention (UNC) used in Windows 2000 Server-based networks to refer to shared volumes, printers, and files. An example is \\microsoft.com\xl\budget.xls.

LDAP URL

An LDAP URL specifies the server on which the Active Directory service resides and the attributed name of the object. Active Directory supports a draft to RFC 1779 and uses the attributes in the following example: LDAP://someserver.microsoft.com/CN=FirstnameLastname,OU=sys, OU=product,OU=division,DC=devel where CN represents CommonName, OU represents OrganizationalUnitName, and DC represents DomainComponentName.

Lesson Review

Here are some questions to help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. The answers are in Appendix A, "Questions and Answers."

  1. ___________________ is the directory service included in the Windows 2000 Server products.
  2. What is a directory service?
  3. What are two ways that Active Directory simplifies administration?
  4. Active Directory uses ________________ as its domain naming and location service.

Lesson Summary

  • Active Directory is the directory service included in the Windows 2000 Server products.
  • Active Directory is not included in Windows XP Professional, but if your Windows XP Professional clients are in a Windows 2000 domain, the features and benefits provided by Active Directory are also available on the clients.
  • Active Directory includes the directory or data store, which stores information about network resources. The directory can scale from a small installation with a few hundred objects to a very large installation with millions of objects.
  • Active Directory uses DNS as its domain naming and location service, so Windows 2000 domain names are also DNS names.
  • Windows 2000 Server uses Dynamic DNS (DDNS), so clients with dynamically assigned addresses can register directly with a server running the DNS Service and dynamically update the DNS table.


MCSE Microsoft Windows XP Professional
70-270: MCSE Guide to Microsoft Windows XP Professional (MCSE/MCSA Guides)
ISBN: 0619120312
EAN: 2147483647
Year: 2002
Pages: 128

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net