Professional Documents
Culture Documents
Introduction
Large corporations today face the
following problems
Finding a certain file.
Seeing everything from a single view
Replicate data
Windows NT server network
Offers directory services
Single network logon
Single point of administration and
replication
Traditional Directory
Tools for organizing, managing and
locating objects in a computing
system
Directory services are like a
telephone book
LANs and WANs grow larger and
more complex
Active directory unifies and brings
order to diverse server hierarchies,
Directory Service
Users and administrators do not know
exact names
The directory can run a query for an object
by one of its attributes
A directory service can
Enforce security defined by administrator
Replicate a directory
Partition a directory into multiple stores
PBS.Microsoft.Com Finance.SoftImage.Com
NTDev.PBS.Microsoft.Com
Active Directory Features
DNS Integration
Active Directory is tightly integrated
with Domain Name System.
Active Directory uses DNS as the
location Service
An Enterprise can connect Active
Directory Servers directly to the
Internet.
Support for LDAP
LDAP is Lightweight Directory
Access Protocol.
It was developed as a simpler
alternative to X.500 protocol
Active Directory supports both
LDAP version 2 and version 3.
Object Naming
Active Directory Schema defines
two useful properties
Object Globally Unique Identifier, a
128 bit number which is never
changed if object is moved or
renamed.
User principal Name which is shorter
than DN and easy to remember
Protocol Support
Supported protocols include:
LDAP
Remote procedure call
X.500
Supported API’s include
ADSI
LDAP API
MAPI
Global Catalog
GC enables users and applications
to find objects in an Active
Directory Domain tree if user
knows one or more attributes of
target object.
GC holds a replica of every object
in the Active Directory, but only
holds a small number of their
attributes.
Security
Object protection
All objects are protected by Access
Control Lists.
An ACL is store as a binary value
called a Security Descriptor.
Delegation
It allows a higher administrative
authority to grant rights for
containers and subtrees to individuals
and groups.
Trees and Forests
Windows 2000
domain tree is a
hierarchy of
Searching root.com,
results in deep search
root.com
domains, each
into child domains. consisting of a
sub.root.com
partition of Active
Directory.
Transitive
child.sub.root.com Bidirectional Trust
relationship is
automatically
established between
joined domain and
its parent.
Extending the Schema
New attributes can be added to the
Schema at any time , using name, OID,
definition of data, range limits.
New Objects can be added at any time
using name, oid, list of classes that can
be parents of object, class object is
derived from, and list of classes that
apply to the object.
Assuring Backward
Compatibility
Easy Migration from Windows NT
3.5 and 4.0
Active Directory is designed to
operate in mixed Environment.
The migration process from Down
level servers to active directory take
place one domain controller at a time.
Win 4.x domain with single primary domain
controller and two Backup Domain controllers.
Windows NT 4.0
Domain
PDC
BDC BDC
Domain Replica
Mixed Domain Global Catalog
DC/PDC
BDC
BDC
BDC
Pure Domain- Former BDC’s are now peers of the
original Windows 2000.
Domain Replica
Global Catalog
Pure Domain
DC - GC
DC
DC
Domain Replica
DC
Domain Replica
Domain Replica