Designing Your Windows 2000 Active Directory

By Julian on August 27, 2006 10:13 AM |
The design and deployment of Windows 2000 Active Directory has several considerations. The Active Directory design phase should include the forest, tree, domain, trusts, organizational units, Domain Name System, site boundary definitions, global catalog, and schema architecture. This article provides critical information that should be considered prior to the design of the Active Directory and deployment of Windows 2000.


The directory service integrated into the Microsoft Windows 2000 Server and Windows 2000 Advanced Server operating systems offers many advantages over Windows NT Server 4.0. Directory Services provides access to information about people and resources on the network within one view and enables the user to search through the global catalog. Types of information found in a directory can include the following: names, locations, e-mail addresses, logins, passwords, computers, databases, printers, routers, servers, Distributed File System (DFS) volumes, and Group Policy Objects (GPOs).

The Active Directory

Everything is simply an object in the Active Directory. Information about these objects is stored in the directory information base (DIB). Entries in the DIB describe and provide links to users and physical objects. The Active Directory uses the Domain Name System (DNS) as its locator service, organizes objects within domains into a hierarchy of organizational units (OUs), and allows multiple domains to be connected into a tree structure. The namespace can contain millions of objects, a significant improvement over the Windows NT Server 4.0 size and replication limitations.

The Active Directory provides a single point for administering all published resources in the network; it even provides access to application programs. Figure 1 shows the Active Directory structure.

ad_structure.gif

Figure 1. Active Directory Structure

Active Directory Service Interface (ADSI) abstracts the capabilities of directory services from different network providers to present a single set of directory service interfaces for managing network resources. ADSI is a set of extensible, easy programming interfaces that can be used to write applications to access and manage the Active Directory and any Lightweight Directory Access Protocol (LDAP)-based directory, including NetWare� Directory Services (NDS).

The object set and its available attributes are called the schema. The schema, which is stored in the Active Directory, makes object classes different from each other. The Active Directory provides the ability to extend the directory schema and to create new properties, objects, and custom data structures in the directory for applications, using the directory as a data store. One type of object is a container, which can be used to organize other objects and can be nested within other containers.

Domains represent a logical partition within the Active Directory for both security and directory replication. Domains relate directly to the DNS namespace and are, in fact, addressable through DNS. All network objects exist within a domain, and each domain contains a full set of its objects within the Domain Naming Context.

In the Active Directory architecture, trees are hierarchical structures of linked domains that form a contiguous namespace and share a common schema, configuration, and global catalog.

Next: Designing Your Windows 2000 Active Directory - Part 2

Categories

70-216 , 70-217 , 70-219 , Tech

Tags

About this Entry

This page contains a single entry by Julian published on August 27, 2006 10:13 AM.

Troubleshoot WINS on Windows 2000 was the previous entry in this blog.

Designing Your Windows 2000 Active Directory - Part 2 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Powered by Movable Type 4.0

Search