An Introduction to

Introduction
 Large corporations today face the
following problems
 Finding a certain file.
 Seeing everything from a single view
 Replicate data
 Windows NT server network
 Offers directory services
 Single network logon
 Single point of administration and
replication
 Traditional Directory
 Tools for organizing, managing and
locating objects in a computing
system
 Directory services are like a
telephone book
 LANs and WANs grow larger and
more complex
 Active directory unifies and brings
order to diverse server hierarchies,
 Directory Service
 Users and administrators do not know
exact names
 The directory can run a query for an object
by one of its attributes
 A directory service can
 Enforce security defined by administrator
 Replicate a directory
 Partition a directory into multiple stores

 A management and an end user tool

 Active Directory
 Included with Windows 2000 server
 Works well in any size installation
 Single server with few hundred objects
 Thousands of server with millions of objects
Important Concepts
 Scope
 Can include every
single object, every
user
server and every
domain
Attributes for User Object:
 Namespace
Name: Joe
Surname: Smith
 Any bounded area in
Email: js@user.com which a given name
can be resolved
 Object
 A distinct, named set
of attributes that
represents something
concrete, such as a
user, a printer or an
Important Concepts
 Container
 An object which has
attributes and is part
of active directory
 Tree
 A hierarchy of objects
and containers
 Endpoints on trees
are objects
 Nodes represent
containers
 Shows how objects
are connected
Important Concepts
 Domains
 A single security
Established
boundary of a
Trust network
Domain A Domain B  Domain trees
 A tree comprised
of several domains
Implicit
Trust Domain C
sharing a common
schema,
configuration and
forming a
contiguous
namespace
 Important Concepts
 Forest
 A set of one or more trees that do not form a contiguous
namespace
 All trees in a forest share a common schema, configuration
and global catalog
 A forest does not need a distinct name
 Sites
 Location in a network that contains Active Directory
servers Microsoft.Com
SoftImage.Com

PBS.Microsoft.Com Finance.SoftImage.Com

NTDev.PBS.Microsoft.Com
Active Directory Features
 DNS Integration
 Active Directory is tightly integrated
with Domain Name System.
 Active Directory uses DNS as the
location Service
 An Enterprise can connect Active
Directory Servers directly to the
Internet.
Support for LDAP
 LDAP is Lightweight Directory
Access Protocol.
 It was developed as a simpler
alternative to X.500 protocol
 Active Directory supports both
LDAP version 2 and version 3.
Object Naming
 Active Directory Schema defines
two useful properties
 Object Globally Unique Identifier, a
128 bit number which is never
changed if object is moved or
renamed.
 User principal Name which is shorter
than DN and easy to remember
Protocol Support
 Supported protocols include:
 LDAP
 Remote procedure call
 X.500
 Supported API’s include
 ADSI
 LDAP API
 MAPI
Global Catalog
 GC enables users and applications
to find objects in an Active
Directory Domain tree if user
knows one or more attributes of
target object.
 GC holds a replica of every object
in the Active Directory, but only
holds a small number of their
attributes.
Security
 Object protection
 All objects are protected by Access
Control Lists.
 An ACL is store as a binary value
called a Security Descriptor.
 Delegation
 It allows a higher administrative
authority to grant rights for
containers and subtrees to individuals
and groups.
Trees and Forests
 Windows 2000
domain tree is a
hierarchy of
Searching root.com,
results in deep search
root.com
domains, each
into child domains. consisting of a
sub.root.com
partition of Active
Directory.
 Transitive
child.sub.root.com Bidirectional Trust
relationship is
automatically
established between
joined domain and
its parent.
Extending the Schema
 New attributes can be added to the
Schema at any time , using name, OID,
definition of data, range limits.
 New Objects can be added at any time
using name, oid, list of classes that can
be parents of object, class object is
derived from, and list of classes that
apply to the object.
Assuring Backward
Compatibility
 Easy Migration from Windows NT
3.5 and 4.0
 Active Directory is designed to
operate in mixed Environment.
 The migration process from Down
level servers to active directory take
place one domain controller at a time.
Win 4.x domain with single primary domain
controller and two Backup Domain controllers.

Windows NT 4.0
Domain

PDC

BDC BDC
 Domain Replica
Mixed Domain Global Catalog

DC/PDC

BDC

BDC

BDC
Pure Domain- Former BDC’s are now peers of the
original Windows 2000.

Domain Replica
Global Catalog

Pure Domain

DC - GC

DC

DC
Domain Replica

DC
Domain Replica

Domain Replica