Understanding Directory Services

In a typical Windows NT computing environment, a user can log on to the network with a username, let's say Mperez, and a password. Assuming that permissions are correctly granted, Mperez can click Network Neighborhood or open a mapped drive and browse for needed files.

All this works very well until the scope of the network changes. The company adds e-mail, and Mperez gains another identity (maryperez@scribes.com). The additional services and databases and administrative tools—each one identifying Mary Perez slightly differently—need to be accessible by the same user. When you consider that this is just one of hundreds or even thousands of users, it isn't hard to see how errors can arise that can be very difficult to solve. As the number of objects in a network grows, directory services—a centralized place for storing administrative data that is used to manage the entire computer system—becomes essential.

Directory services differs from a directory in that it consists of both the directory information source and the services that make the information available to users. Being both a management tool and an end user tool, directory services needs to address these needs:

  • Access to all of the servers, applications, and resources through a single logon. (User access is granted or blocked using permissions.)
  • Multimaster replication. All information is distributed throughout the system and replicated on multiple servers.
  • "White pages" searches based on attributes—for example, by filename or file type.
  • "Yellow pages" searches based on classification—for example, all the printers on the third floor or all the servers in the Hartford office.
  • The ability to remove dependency on physical locations for purposes of administration. That is, it should be possible to delegate administration of the directory, either partially or completely.

Although Microsoft has occasionally used the term "directory services" in connection with Windows NT (as in the Directory Service Manager for NetWare), Windows NT does not provide a true, hierarchical directory service. In Windows NT, the directory functions are divided among a host of services based on domains. The Domain Name System (DNS) Server provides the translation of names into IP numbers and is integrated with Dynamic Host Configuration Protocol (DHCP) servers used to dynamically allocate TCP/IP addresses. The Windows Internet Name Service (WINS) is used for NetBIOS name resolution and is required on Windows NT networks for file sharing and some applications. Security is implemented through access control lists (ACLs), the Security Accounts Manager (SAM) database, and other services.

In Microsoft Windows 2000 Server, Active Directory replaces the Windows NT collection of directory functions with an integrated implementation that includes DNS, DHCP, Lightweight Directory Access Protocol (LDAP), and Kerberos. (You'll learn more about these later in this chapter.)

Real World Directory Services and X.500

X.500 is a standard for directory services established by the International Telecommunications Union (ITU). The same standard is also published by the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC). The X.500 standard defines the information model used in directory services. In this model, all information in a directory is stored in entries, each of which belongs to at least one object class. The actual information in an entry is determined by attributes that are contained in that entry.

The original 1988 X.500 standard focused heavily on the protocols to be implemented. Directory Access Protocol (DAP) specifies how user applications access the directory information. Directory Service Protocol (DSP) is used to propagate user directory requests between directory servers when the local directory server cannot satisfy the request.

No extant directory service completely implements the X.500 standard, but all are modeled on the basic specifications of X.500, as is Active Directory. An excellent introduction to directories and X.500 can be found at http://www.nlc-bnc.ca/9/1/p1-244-e.html.



Microsoft Windows 2000 Server Administrator's Companion
Microsoft Windows 2000 Server Administrators Companion
ISBN: 0735617856
EAN: 2147483647
Year: 2003
Pages: 320

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net