Integration with Active Directory

Reliable Database Engine

The Active Directory directory service has the same database technology as the Exchange Server messaging infrastructure, so the database engine's reliability is high. This reliability ensures that the directory will always be available to your applications.

Multimaster and Replication Capabilities

Active Directory is a multimaster, replicated directory. An administrator can make changes to it on any Active Directory server in the organization, and the changes are replicated to the other directory servers by the Active Directory server on which the changes were made.

Directory replication in the Active Directory system is not limited to server-to-server replication. With the help of Exchange Server, Active Directory also supports server-to-client directory replication. By using a feature called the Offline Address Book, Outlook can replicate certain Active Directory information or a subset of it to a user's local machine. This allows a user of your application to address items to other users and to look up detailed directory information even when the user is working off line.

Customizable Attributes and White Pages

Active Directory exposes a number of attributes in the directory that you can customize and replicate. For example, you can customize Active Directory with a field named Cost Center and set up a supplies requisition program that dynamically queries the directory for users who are ordering supplies. Depending on the information in the Cost Center field, the application will have the accounting system use that cost center so the cost of supplies is deducted from that cost center. Figure 2-9 shows where you can customize Active Directory.

Figure 2-9: Customizing attributes in the directory

Active Directory has some additional built-in features, such as the ability to store all types of information about an organization, including users' office locations, phone numbers , department names , and titles ”and even a user's manager and direct reports . Active Directory provides an ideal "white pages" directory.

For workflow applications, a central, hierarchical directory of this kind is crucial. Workflow applications must be able to route items based on an organization's staff structure, which is dynamic. If names of individuals are hardcoded in an application, staffing changes will require the application to be rewritten. With Active Directory, you can query and dynamically generate employee information.

Extensibility and Security

Active Directory is not limited to storing information for only one organization. Through the use of contacts (formerly called custom recipients), Active Directory can also hold address and organizational information for users from other organizations. Active Directory exposes the same functionality to these directory objects as it does to its standard directory objects. Figure 2-10 shows an example of a contact in Active Directory.

Figure 2-10: A custom contact in Active Directory

Internet and Industry Standards Support

Active Directory supports Internet standards such as Lightweight Directory Access Protocol (LDAP) 3.0. LDAP is an adapted subset of the X.500 standard that specifies a common protocol for directory access over TCP/IP. The key benefit of LDAP support in Active Directory is that any LDAP-compliant client or application can query Active Directory. LDAP 3.0 as implemented in Active Directory enables you to chain directories together through referrals , which tell Active Directory where to look for information that a user is querying for if it is not in the directory itself. For an application, referrals are crucial because one directory might not contain all the necessary information about users and services. The information might be in many different directories, which might be hosted on servers in different locations or even in different organizations.

Active Directory supports Active Directory Services Interface (ADSI), an API that enables you to modify many different directories using standard protocols. The directories that ADSI supports are Active Directory in Microsoft Windows 2000 and Windows Server 2003, the Windows NT 4.0 domain-based directory, any LDAP-compliant directory, Novell NetWare's NDS Directory, and Novell NetWare Bindery. The ADSI interface abstracts the low-level functions of these directories and exposes a number of objects you can use to write applications. Because ADSI provides COM and .NET interfaces that give every directory element a common set of properties, the application can use the same API to connect to directory elements in several directory services.

Figure 2-11 shows a diagram of ADSI and some of the directory services it can access. ADSI is an important technology because it ties together all of these disparate directories with a common programming model and because it is Microsoft's strategic directory programming interface. Chapter 13 shows how to program Active Directory using ADSI.

Figure 2-11: ADSI, which allows you to talk to many different directories, including Active Directory, using the same interfaces