Information Technology Reference
In-Depth Information
Windows Server 2008 Active Directory is the core component in a Windows
domain environment. The Active Directory Domain Services role provides a single point of user,
desktop, and server administration. To understand Active Directory and its role in a network,
you need to know what a directory service is and how it's used to manage resources and access
to resources on a network. Before administrators can use Active Directory to manage users,
desktops, and servers in a network, they need a good understanding of Active Directory's struc-
ture and underlying components and objects, which are covered in this chapter. You also learn
about installing Active Directory and using the powerful Group Policy tool to set consistent secu-
rity, user, and desktop standards throughout your organization.
A network
directory service
, as the name suggests, stores information about a computer network
and offers features for retrieving and managing that information. Essentially, it's a database com-
posed of records or objects describing users and available network resources, such as servers,
printers, and applications. Like a database for managing a company's inventory, a directory serv-
ice includes functions to search for, add, modify, and delete information. Unlike an inventory
database, a directory service can also manage how its stored resources can be used and by whom.
For example, a directory service can be used to specify who has the right to log on to a computer
or restrict what software can be installed on a computer.
A directory service is often thought of as an administrator's tool, but users can use it, too.
Users might need the directory service to locate network resources, such as printers or shared
folders, by performing a search. They can even use the directory service as a phone book of sorts
to look up information about other users, such as phone numbers, office locations, and e-mail
addresses.
Whether an organization consists of a single facility or has multiple locations, a directory
service provides a centralized management tool for users and resources in all locations. This
capability does add a certain amount of complexity, so making sure the directory service is struc-
tured and designed correctly before using it is critical.
Windows Active Directory became part of the Windows family of server OSs starting with
Windows 2000 Server. Before Windows 2000, Windows NT Server had a directory service that
was little more than a user manager; it included centralized logon and grouped users and com-
puters into logical security boundaries called domains. The Windows NT domain system was a
flat database of users and computers with no way to organize users or resources by department,
function, or location, no matter how many users you had. This single, unstructured list made
managing large numbers of users cumbersome.
Active Directory's hierarchical database enables administrators to organize users and net-
work resources to reflect the organization of the environment in which it is used. For example,
if a company identifies its users and resources primarily by department or location, Active
Directory can be configured to mirror that structure. You can structure Active Directory and
organize the objects representing users and resources in a way that makes the most sense. Active
Directory offers the following features, among others, that make it a highly flexible directory
service:
•
Hierarchical organization
—This structure makes management of network resources and
administration of security policies easier.
•
Centralized but distributed database
—All network data is centrally located, but it can be
distributed among many servers for fast, easy access to information from any location.
Automatic replication of information also provides load balancing and fault tolerance.
Active Directory replication
is the transfer of information among domain controllers to
make sure all domain controllers have consistent and up-to-date information.
•
Scalability
—Advanced indexing technology provides high-performance data access,
whether Active Directory consists of a few dozen or few million objects.
Search WWH ::
Custom Search