Active Directory Service --ADS
• A central component of the Windows 2000 operating system;
• Understanding Active Directory is important to understanding the overall value of Windows 2000.
What’s Directory Service?
• Directory Service is an information store:
• store information about network-based entities, such as applications, files, printers, and people;
• provides a consistent way to name, describe, locate, access, manage, and secure information about these individual resources.
• Directory Services are a directory itself as well as the services it provides, such as security and replication.
Why Needs Directory Service?• A more powerful, transparent, and tightly
integrated directory service is driven by the explosive growth of networked computing
• A directory service is one of the most important components of an extended computer system because it:
• Simplifies management. Provides a single, consistent point of management. • Strengthens security. Provides users with a single sign-on to network resources; provides administrators with powerful and consistent tools to manage security services for all users. • Extends interoperability. Supplies standards-based access to all Active Directory features as well as synchronization support for popular directories.
What Is Active Directory?• An essential and inseparable part of the
Windows 2000 network architecture to provide a directory service designed for distributed networking environments • efficiently share and manage information about network resources and users. • Central authority for network security • An integration point for bringing systems together and consolidating management tasks. • Combined these capabilities, apply standardized rules to distributed applications and network resources, without requiring administrators to maintain a variety of specialized directories.
What Is Active Directory? (continued)
• Active Directory provides a single point of management for Windows-based or Non-Windows-based user accounts, clients, servers, and applications
Problems with Existing Directory Services• Existing directory services enable the specific
functionality required by their customers.• Due to Narrowly targeted and lack standards-
based interfaces, different directories cannot be managed centrally or interoperate easily.
• Many incompatible directory services Caused: • A users had to use multiple user accounts and passwords to log in to different systems, and must know the exact locations of information on the network. • Administrators must manage each directory within the network and must duplicate procedures when involves many different directories. • Application developers must write different logic for every directory.
Solutions to those problems
• In near term, have to halt this trend and minimize the total number of directories.
• Over longer term, the best solution is to standardize based on scalability, standards-based interoperability, and operating system integration.
• Active Directory is the first enterprise-class directory service that is scalable, built from the ground up using Internet-standard technologies, and fully integrated with the operating system.
• Active Directory is the ideal long-term foundation for corporate information-sharing and common management of network resources.
How Does Active Directory Work?• Hierarchical Organization
objects = network resources such as users, groups, machines, devices, and applications
containers= organizations, such as the marketing department, or collections of related objects, such as printers
It organizes information in a tree structure made up of these objects and containers, not only the entities themselves, but also manages the relationships among objects and containers together.
How Does Active Directory Work? Tree Structure of ADS
Company
DevicesMachinesUsers
Application
Sales Personnel = Container
= Object
How Does Active Directory Work?• Object-oriented Storage
• objects can be assigned attributes to describe specific characteristics about the object.
• Administrators assign access privileges for each attribute of the object, as well as for the entire object.
In this case, the system administrator has allowed global access to the Tom object, but has locked access of the Social Security Number attribute.
How Does Active Directory Work? Object-oriented Storage
DevicesMachinesUsers
Application
Sales Personnel
Company
Name: TomEmail: [email protected]: 555-1234SSN: 456-789-1011 (locked)
How Does Active Directory Work?• Multi-Master Replication
Company can create multiple directory replicas, and place them throughout the network. Changes made anywhere on the network are automatically replicated throughout the network.
How Does Active Directory Work? Multi-Master Replication
DC4
DC3
DC6
DC5
DC1
DC2
USA site Europe site
Add User: John
Change
Room# to 5/2110
What Are the Benefits of Active Directory?
• Totally integrated with Windows 2000 Server, Active Directory gives network administrators, developers, and users access to a directory service that: • Simplifies management tasks • Strengthens network security • Makes use of existing systems through interoperability