You use a directory service to uniquely identify users and resources on a network. Active Directory in Microsoft Windows 2000 is a significant enhancement over the directory services provided in previous versions of Windows. Active Directory provides a single point of network management, allowing you to add, remove, and relocate users and resources easily. This Tutorial introduces you to Active Directory.
ACTIVE DIRECTORY OVERVIEW
In this section you learned that an object is a distinct named set of attributes that represents a network resource in Active Directory. Objects' attributes describe the characteristics of a specific resource in the directory. In Active Directory, you can organize objects in classes, which are logical definitions of objects. You also learned that the Active Directory schema contains a formal definition of the contents and structure of Active Directory, including all attributes and object classes.
Active Directory offers you a method for designing a directory structure to meet the needs of your organization's business structure and operations. Active Directory completely separates the logical structure of the domain hierarchy from the physical structure.
In Active Directory, grouping resources logically enables you to find a resource by its name rather than by its physical location. The core unit of logical structure in Active Directory is the domain, which stores information only about the objects that it contains. An OU is a container used to organize objects within a domain into logical administrative groups. A tree is a grouping or hierarchical arrangement of one or more Windows 2000 domains that share a contiguous namespace. A forest is a grouping or hierarchical arrangement of one or more trees that form a disjointed namespace.
The physical structure of Active Directory is based on sites and domain controllers. A site is a combination of one or more IP subnets connected by a high-speed link. A domain controller is a computer running Windows 2000 Server that stores a replica of the domain directory.
UNDERSTANDING ACTIVE DIRECTORY CONCEPTS
In this section you will learn about several new concepts introduced with Active Directory, including the global catalog, replication, trust relationships, DNS namespaces, and naming conventions.
The global catalog is a service and a physical storage location that contains a replica of selected attributes for every object in Active Directory. You can use the global catalog to locate objects anywhere in the network without replication of all domain information between domain controllers.
Active Directory includes replication to ensure that changes to a domain controller are reflected in all domain controllers within a domain. Within a site, Active Directory automatically generates a ring topology for replication among domain controllers in the same domain. Between sites, you must customize how Active Directory replicates information using site links to specify how your sites are connected.
A trust relationship is a link between two domains in which the trusting domain honors the logon authentication of the trusted domain. Active Directory supports two forms of trust relationships: implicit two-way transitive trusts and explicit one-way nontransitive trusts.
In this lesson you will learn that Active Directory uses DNS as its domain naming and location service; therefore, Windows 2000 domain names are also DNS names. Windows 2000 Server uses DDNS, so clients with dynamically assigned addresses can register directly with a server running the DNS service and dynamically update the DNS table. There are contiguous namespaces and disjointed namespaces. Finally, you will learn about the naming conventions employed by Active Directory: DNs, RDNs, GUIDs, and UPNs.