PlayUKlottery.com - win up to 42 million Pounds
Lesson 1: Introduction to Active Directory Directory Services

Cover
LOC Page
About This Book
Chapter and Appendix Overview
Getting Started
The Microsoft Certified Professional Program
Technical Support
Chapter 1 -- The Microsoft Windows 2000 Platform
Lesson 1: Overview of the Windows 2000 Platform
Lesson 2: Windows 2000 Professional
Lesson 3: Windows 2000 Server
Lesson 4: Windows 2000 Advanced Server and Windows 2000 Datacenter Server
Review
Chapter 2 -- Installing Windows 2000
Lesson 1: Preparing to Install
Lesson 2: Installing Windows 2000 from a CD-ROM
Lesson 3: Installing Windows 2000 over the Network
Lesson 4: Troubleshooting Windows 2000 Setup
Review
Chapter 3 -- Configuring the DNS Service
Lesson 1: Understanding DNS
Lesson 2: Resolving Names
Lesson 3: Installing the DNS Service
Lesson 4: Configuring the DNS Service
Lesson 5: Configuring a DNS Client
Lesson 6: Troubleshooting the DNS Service
Review
Chapter 4 -- Implementing Active Directory Directory Services
Lesson 1: Introduction to Active Directory Directory Services
Lesson 2: Active Directory Structure and Site Replication
Lesson 3: Active Directory Concepts
Lesson 4: Introduction to Planning
Lesson 5: Installing Active Directory Directory Services
Lesson 6: Configuring Active Directory Replication
Review
Chapter 5 -- Administering Active Directory Directory Services
Lesson 1: Creating Organizational Units
Lesson 2: Creating User and Computer Accounts
Lesson 3: Managing Groups
Lesson 4: Controlling Access to Active Directory Objects
Review
Chapter 6 -- Managing Desktop Environments with Group Policy
Lesson 1: Understanding Group Policy
Lesson 2: Applying Group Policy
Lesson 3: Configuring Group Policy
Review
Chapter 7 -- Managing Software by Using Group Policy
Lesson 1: Introducing the Software Installation and Maintenance Technology
Lesson 2: Deploying Software
Lesson 3: Upgrading Software
Lesson 4: Managing Software
Review
Chapter 8 -- Managing File Resources
Lesson 1: Sharing and Publishing File Resources
Lesson 2: Administering Shared Folders by Using Dfs
Lesson 3: Using NTFS Special Access Permissions
Lesson 4: Managing Disk Quotas on NTFS Volumes
Lesson 5: Increasing Security with EFS
Lesson 6: Using Disk Defragmenter
Review
Chapter 9 -- Configuring Remote Access
Lesson 1: Understanding the New Authentication Protocols in Windows 2000
Lesson 2: Configuring Inbound Connections
Lesson 3: Configuring Outbound Connections
Lesson 4: Examining Remote Access Policies
Lesson 5: Creating a Remote Access Policy
Review
Chapter 10 -- Supporting DHCP and WINS
Lesson 1: New DHCP Functionality
Lesson 2: New WINS Functionality
Review
Chapter 11 -- Managing Disks
Lesson 1: Introduction to Disk Management
Lesson 2: Common Disk Management Tasks
Review
Chapter 12 -- Implementing Disaster Protection
Lesson 1: Using Fault-Tolerant Volumes
Lesson 2: Using Advanced Startup Options
Lesson 3: Using the Recovery Console
Lesson 4: Using the Backup Utility
Lesson 5: Performing an Emergency Repair
Review
Chapter 13 -- Upgrading a Network to Windows 2000
Lesson 1: Planning a Network Upgrade
Lesson 2: Establishing the Root Domain
Lesson 3: Upgrading Domain Controllers and Member Servers
Lesson 4: Upgrading Client Operating Systems
Review
Chapter 14 -- Using Remote Installation Services
Lesson 1: Performing Remote Installations
Lesson 2: Creating Distribution Servers
Review
Appendix A -- Questions and Answers
Appendix B -- Creating Setup Disks
About This Electronic Book
About Microsoft Press


[Previous] [Next]

Lesson 1: Introduction to Active Directory Directory Services

Before you implement Active Directory directory services, it is important to understand the overall purpose of a directory service and the role that Active Directory directory services play in a Windows 2000 network. In addition, you should know about the key features of Active Directory directory services, which have been designed to provide flexibility and ease of administration.

After this lesson, you will be able to

  • Explain the purpose and function of Active Directory directory services.

Estimated lesson time: 15 minutes

Directory Service

Active Directory directory services provide a set of directory services that are included in Windows 2000 Server. A directory service is a network service that identifies all resources on a network and makes them accessible to users and applications.

Active Directory directory services includes the directory, which stores information about network resources, as well as all the services that make the information available and useful. The resources stored in the directory, such as user data, printers, servers, databases, groups, computers, and security policies, are known as objects.

Simplified Administration

Active Directory directory services organize resources hierarchically in domains. A domain is a logical grouping of servers and other network resources under a single domain name. The domain is the basic unit of replication and security in a Windows 2000-based network. Each domain includes one or more domain controllers. A domain controller is a computer running Windows 2000 Server that stores a complete replica of the domain directory.

To simplify administration, all domain controllers in the domain are peers. You can make changes to any domain controllers, and the updates are replicated to all other domain controllers in the domain. Active Directory directory services further simplify administration by providing a single point of administration for all objects on the network. Since Active Directory directory services provide a single point of logon for all network resources, an administrator can log on to one computer and administer objects on any computer in the network.

Scalability

In Active Directory directory services, the directory stores information by organizing the directory into sections that permit storage for a very large number of objects. As a result, the directory can expand as an organization grows, allowing you to scale from a small installation with a few hundred objects to a very large installation with millions of objects.

NOTE
You can distribute directory information across several computers in a network.

Open Standards Support

Active Directory directory services, like all directory services, are primarily a namespace. A namespace is any bounded area in which a name can be resolved. Name resolution is the process of translating a name into some object or information that the name represents.

Active Directory directory services integrate the Internet concept of a namespace with Windows 2000 directory services. This allows you to unify and manage the multiple namespaces that now exist in the heterogeneous software and hardware environments of corporate networks. Active Directory directory services use Domain Name System (DNS) for its name system and can exchange information with any application or directory that uses Lightweight Directory Access Protocol (LDAP) or Hypertext Transfer Protocol (HTTP).

NOTE
Active Directory directory services also share information with other directory services that support LDAP version 2 and version 3, such as Novell Directory Services (NDS).

Domain Name System

The Active Directory namespace is based on the DNS naming scheme, which allows for interoperability with Internet technologies. Following DNS standards, the domain name of a child domain is the relative name of that child domain appended with the name of the parent domain. The name of the child object in an object hierarchy always contains the name of the parent domain.

Because Active Directory directory services use DNS as its domain naming and location service, Windows 2000 domain names are also DNS names. Windows 2000 Server uses Dynamic DNS (DDNS), which enables clients with dynamically assigned addresses to register directly with a server running the DNS Service and update the DNS table dynamically. DDNS eliminates the need for other Internet naming services, such as Windows Internet Name Service (WINS), in a homogeneous environment.

NOTE
For Active Directory directory services and associated client software to function correctly, you must have installed and configured the DNS Service.

Support for LDAP and HTTP

Active Directory directory services further embrace Internet standards by directly supporting LDAP and HTTP. LDAP is an Internet standard for accessing directory services, which was developed as a simpler alternative to the Directory Access Protocol (DAP). For more information about LDAP, use your Web browser to search on the Internet for "RFC 1777" and retrieve the text of this Request for Comment. Active Directory directory services support both LDAP version 2 and version 3. HTTP is the standard protocol for displaying pages on the World Wide Web. You can display every object in Active Directory directory services as an HTML page in a Web browser. Thus, users receive the benefit of the familiar Web-browsing model when querying and viewing objects in Active Directory directory services.

NOTE
Active Directory directory services use LDAP to exchange information between directories and applications.

Support for Standard Name Formats

Active Directory directory services support several common name formats. Consequently, users and applications can access Active Directory directory services by using the format with which they are most familiar. Table 4.1 describes some standard name formats supported by Active Directory directory services.

Table 4.1 Standard Name Formats Supported by Active Directory Directory Services

Format Description
RFC 822 RFC 822 names are in the form somename@somedomain and are familiar to most users as Internet e-mail addresses.
HTTP URL HTTP Uniform Resource Locators (URLs) are familiar to users with Web browsers and take the form http://somedomain/path-to-page.
UNC Active Directory directory services supports the Universal Naming Convention (UNC) used in Windows 2000 Server-based networks to refer to shared volumes, printers, and files. An example is \\myco.com\xl\budget.xls.
LDAP URL An LDAP URL specifies the server on which the Active Directory directory services reside and the attributed name of the object. Active Directory directory services support a draft to RFC 1779 and use the attributes in the following example:
LDAP://someserver.myco.com/CN=jimsmith,OU=sys,
OU=product,OU=division,DC=devel
CN represents CommonName
OU represents OrganizationalUnitName
DC represents DomainComponentName

Lesson Summary

The three server editions of Windows 2000 provide directory services based on Active Directory technology. Active Directory directory services provide a set of directory services that are included in Windows 2000 Server. A directory service is a network service that identifies all resources on a network and makes them accessible to users and applications. Active Directory directory services include the directory, which stores information about network resources, such as user data, printers, servers, databases, groups, computers, and security policies. The directory can scale from a small installation with a few hundred objects to a very large installation with millions of objects.

Active Directory directory services use DNS as the domain naming and location service. Therefore, Windows 2000 domain names are also DNS names. Windows 2000 Server uses Dynamic DNS (DDNS), so clients with dynamically assigned addresses can register directly with a server running the DNS Service and update the DNS table dynamically. Finally, in a homogeneous environment DDNS eliminates the need for other Internet naming services, such as WINS.