Active Directory For Dummies
Book image
Explore Book Buy On Amazon

Here is one definition for a directory service:

A directory service is a customizable information store that functions as a single point from which users can locate resources and services distributed throughout the network. This customizable information store also gives administrators a single point for managing its objects and their attributes. Although this information store appears as a single point to the users of the network, it is actually most often stored in a distributed form.

A genuine directory service is much more than a database technology that stores users and groups. This is a really important point — one that you should keep in mind as you review for the test.

The database that forms a directory service is not designed for transactional data. (For this reason, many people prefer to use the phrase "information store" in their definitions of a directory service.) The data stored in your directory service should be fairly stable and should change only as frequently as the objects in your network. For example, the data that forms a directory service changes much less frequently than a sales database. Data that changes very frequently would be stored in another type of database on the network. (Of course, Microsoft would suggest Access or SQL Server for storing your transactional data.)

What all good directory services should offer

Microsoft claimed to have a directory service in previous Windows NT versions, but it fell quite short of most industry standards. To be considered a genuine enterprise directory service, a system should meet the following criteria:

  • If necessary, the information store can be distributed among many different physical locations. However, for the purposes of searches and administration, it appears as a single database.
  • The information store can accommodate new types of objects, as necessary, to meet the network's changing needs.
  • Users and administrators can easily search for information from various locations throughout the network.
  • The system has no dependency upon physical location.
  • The information store is accessible from many different operating systems. Typically, this is possible thanks to nonproprietary communication standards utilized in the system.

Does Windows 2000 meet these criteria with Active Directory Services? You bet it does!

Many Windows 2000 Servers host Active Directory Services. You create these machines by installing the information store services and promoting the computer to the role of domain controller. These domain controllers exist, strategically placed by you, the network administrator, across the enterprise network. Even though they are distributed, network users access Active Directory as if it resides on a single server. In fact, network users are shielded completely from the actual complexities of the system — and they like it that way!

Active Directory Services rely on a "blueprint" that defines the types of objects stored in the information store. The official term for this "blueprint" in Active Directory is the schema. The great news for you as an administrator is that this schema is extensible — a fancy way of saying that you (or other authorized personnel) can add objects and their attributes to the schema to define additional components in your network. In fact, just about any information you want to store in Active Directory can be accommodated. For example, you may want to include Employee ID Number information for each user account in your Active Directory information store. Although the schema already has dozens of attributes for users, no such attribute exists, but it is one you should add! Just remember that you do not store transactional information here — leave that to a full-fledged database system.

Active Directory offers robust search capabilities for users of the network. You can search for any object stored in the directory, using any of the object's attributes in the search criteria. Following the previous example, you could search for all users in the network whose Employee ID Numbers are greater than a certain value. This is all so simple and flexible thanks to a special service in ADS called the global catalog. This special subset of the information store resides on select domain controllers called global catalog servers. These servers store the portion of the full information store that are most likely to be used in searches. They are very efficient at fulfilling the requests of network users (including administrators). Global catalog servers locate resources quickly and efficiently, regardless of their actual location in the network.

Thanks to a complex and robust system for replication of information store information throughout the distributed system, no reliance on physical location exists within Active Directory Services. In Windows 2000, you actually define the physical topology of your network in the directory service, so domain controllers can notify themselves effectively and efficiently of changes to the information.

Microsoft made sure to adhere to nonproprietary technologies in the design of Active Directory. This design makes integration with many other computer systems possible and even encouraged. ADS coexists well with Novell networks, UNIX networks, and many others.

Other directory services

Active Directory is not the only directory service in town. Novell has Novell Directory Services (NDS), or Edirectory, as Novell likes to call it these days. Banyan has StreetTalk, and we are bound to see more from Sun Microsystems, Netscape, and others.

The key to the success of these competing directory services will depend on support for LDAP (Lightweight Directory Access Protocol). LDAP specifies a standard, vendor-independent syntax for querying a directory service. Microsoft's ADS provides robust support for LDAP.

About This Article

This article is from the book:

About the book authors:

Steve Clines, MCSE, MCT, has worked as an IT architect and engineer at EDS for over 18 years. He has worked on deployments of more than 100,000 seats for both Active Directory and Microsoft Exchange Server. Clines is the author of MCSE Designing a Windows 2000 Directory Services Infrastructure For Dummies, which is a study guide for the 70-219 MCP exam. Marcia Loughry, MCSE and MCP+I, is a senior infrastructure specialist with a large IT firm in Dallas. She is president of the Plano, Texas BackOffice User Group and a member of Women in Technology International. Loughry received her MCSE in NT 3.51 in 1997 and completed requirements for the NT 4.0 track in 1998. She has extensive experience working with Windows NT 3.51 and 4.0 in enterprises of all sizes. She is assigned to some of her firm's largest customers in designing NT solutions and integrating UNIX and NetWare environments with NT.

This article can be found in the category: