لطفا منتظر باشید ...
Lesson 1: Understanding Active Directory Directory Services
Before you implement Active Directory directory services, you should understand the overall purpose of a directory service and the role that Active Directory directory services plays in a Windows 2000 network. In addition, you should know about the key features of Active Directory directory services, which have been designed to provide flexibility and ease of administration.
After this lesson, you will be able to
Explain the purpose and function of Active Directory directory services.
Estimated lesson time: 10 minutes
What Are Active Directory Directory Services?
Active Directory directory services make up the directory service included in
the Windows 2000 Server products. A directory service is a network service that identifies all resources on a network and makes them accessible to users and
applications.Active Directory directory services include the Directory, which stores information about network resources, as well as all the services that make the information available and useful. The resources stored in the Directory, such as user data, printers, servers, databases, groups, computers, and security policies, are known as objects.
Simplified Administration
Active Directory directory services organize resources hierarchically in domains. A domain is a logical grouping of servers and other network resources under a single domain name. The domain is the basic unit of replication and security in
a Windows 2000 network.Each domain includes one or more domain controllers. A domain controller
is a computer running Windows 2000 Server that stores a complete replica of
the domain directory. To simplify administration, all domain controllers in the
domain are peers. You can make changes to any domain controller, and the
updates are replicated to all other domain controllers in the domain.Active Directory directory services further simplify administration by providing a single point of administration for all objects on the network. Since Active
Directory directory services provide a single point of logon for all network
resources, an administrator can log on to one computer and administer objects
on any computer in the network.
Scalability
In Active Directory directory services, the Directory stores information by organizing itself into sections that permit storage for a huge number of objects. As a result, the Directory can expand as an organization grows, allowing you to scale from a small installation with a few hundred objects to a huge installation with millions of objects.NOTEYou can distribute Directory information across several computers in a
network.
Open Standards Support
Active Directory directory services integrate the Internet concept of a namespace with the Windows 2000 directory services. This allows you to unify and manage the multiple namespaces that now exist in the heterogeneous software and hardware environments of corporate networks. Active Directory directory services use DNS for its name system and can exchange information with any application or directory that uses Lightweight Directory Access Protocol (LDAP) or HTTP.IMPORTANTActive Directory directory services also share information with other directory services that support LDAP version 2 and version 3, such as Novell
Directory Services (NDS).
Domain Name System
Because Active Directory directory services use DNS as their domain naming and location service, Windows 2000 domain names are also DNS names.
Windows 2000 Server uses Dynamic DNS (DDNS), which enables clients with dynamically assigned addresses to register directly with a server running the DNS Service and update the DNS table dynamically. DDNS eliminates the need for other Internet naming services, such as Windows Internet Name Service (WINS), in a homogeneous environment.IMPORTANTFor Active Directory directory services and associated client software to function correctly, you must have installed and configured the DNS Service.
Support for LDAP and HTTP
Active Directory directory services further embrace Internet standards by directly supporting LDAP and HTTP. LDAP is an Internet standard for accessing directory services, which was developed as a simpler alternative to the Directory Access Protocol (DAP). For more information about LDAP, use your Web browser to search for RFC 1777 and retrieve the text of this Request for Comment document. Active Directory directory services support both LDAP version 2 and version 3. HTTP is the standard protocol for displaying pages on the World Wide Web. You can display every object in Active Directory directory services as an HTML page in a Web browser. Thus, users receive the benefit of the familiar Web browsing model when querying and viewing objects in Active Directory directory services.NOTEActive Directory directory services use LDAP to exchange information
between directories and applications.
Support for Standard Name Formats
Active Directory directory services support several common name formats. Consequently, users and applications can access Active Directory directory services by using the format with which they are most familiar. Table 9.1 describes some standard name formats supported by Active Directory directory services.Table 9.1 Active Directory Standard Name Formats
| Format | Description |
|---|---|
| RFC 822 | RFC 822 names are in the form somename@domain and are familiar to most users as Internet e-mail addresses. |
| HTTP URL | HTTP URLs are familiar to users with Web browsers and take the form http://domain/path-to-page. |
| UNC | Active Directory directory services support UNC used in Windows 2000 Server-based networks to refer to shared volumes, printers, and files. An example is \\microsoft.com\xl\budget.xls. |
| LDAP URL | An LDAP URL specifies the server on which the Active Directory directory services reside and the attributed name of the object. Active Directory directory services support a draft to RFC 1779 and use the attributes in the following example: LDAP://someserver.microsoft.com/CN=FirstnameLastname,OU=sys,OU=product,OU=division,DC=develCN represents CommonNameOU represents OrganizationalUnitNameDC represents DomainComponentName |
Lesson Summary
Active Directory directory services are the directory services included in the Microsoft Windows 2000 Server products. Active Directory directory services are not included in Windows 2000 Professional, but if your Windows 2000
Professional clients are in a Windows 2000 domain, the features and benefits provided by Active Directory directory services are also available on the clients.A directory service is a network service that identifies all resources on a network and makes them accessible to users and applications. Active Directory directory services include the Directory, which stores information about network resources, such as user data, printers, servers, databases, groups, computers, and security policies. The Directory can scale from a small installation with a few hundred objects to a huge installation with millions of objects.Active Directory directory services use DNS as their domain naming and location service. Therefore, Windows 2000 domain names are also DNS names.
Windows 2000 Server uses DDNS, so clients with dynamically assigned
addresses can register directly with a server running the DNS Service and
dynamically update the DNS table. In a homogeneous environment, DDNS eliminates the need for other Internet naming services, such as WINS.
