Login | Join Network
Lost Password

A password will be emailed to you.

Active Directory Basics (Video Link Included)

Active Directory is one of the most important organizational tools that exist in the field of technology. If you have never used Active Directory (AD), then it would be easiest to relate it to a database of users and computers that are all managed from one singular location. AD gives a network administrator the ability to control group and or unique user preferences and protocols alongside the infrastructure in which they are logged into. Listed below are some basic features of AD. Please also take a few minutes to watch the video that is linked in this blog if you would like to see AD in action.
My Video


AD Features
Active Directory provides directory services that are geared toward the enterprise. This means that Active Directory services must provide additional functionality and availability, such as the following:
• Scalability—Active Directory domains are logical security boundaries around a set of objects. A domain can contain a varying number of objects, ranging from the hundreds to the millions. Domains can be added and deleted as necessary.
• Extensibility—As previously mentioned, the Active Directory database uses a schema. The schema is the definition of all of the objects that can be created in Active Directory, along with their attributes. The schema can be modified, allowing for new objects or modified attributes on existing objects. In addition, new object classes can be added to the schema to support directory-enabled applications.
• Internet standards—Microsoft is starting to move away from proprietary protocols and methods. Microsoft would rather sponsor RFC drafts, which support the naming that adds desired functionality (which is good for all of us). Subsequently, name resolution and the directory access and security protocols are basic Internet standard protocols.
• Single-seat administration—Administrators can administer any portion of the directory from a single location in the organization (with the right permissions, of course).
• Fault tolerance—Each domain controller (DC) in the domain has a complete copy of that domain's directory, making Active Directory a multimaster directory. Each DC has a writable copy of the domain partition. If one DC fails, the other DCs are still capable of satisfying requests for Active Directory services.
• Security—The access control lists (ACLs) control who has permission to access directory data.
• Interoperability—Because Active Directory is based on an X.500 directory and uses Internet standard protocols, it is capable of interacting with other X.500-based directory services.
Naming and Name Resolution
Every object that represents information or resources in Active Directory must have a name that is unique to Active Directory. Additionally, Active Directory must support several of the common naming conventions that clients might use. The name is a X.500-style distinguished name (DN) that describes the object's location in the directory. The relative distinguished name (RDN) is the portion of the DN that makes the object unique. If you have two Ed Brovicks in your organization (heaven forbid), they will have unique DNs as long as they are in different OUs or have different RDNs. For example, there could be two Ed Brovicks in two different OUs because the OU made the DN unique. If two Ed Brovicks exist in the same OU, they would have to have different RDNs, such as CN=ebrovick and CN=ebrovick1, so that they are unique DNs.
The following list shows the organization of the Active Directory objects involved in name resolution.
• Name resolution—The process that translates the DN into an object or into information that the DN represents.
• Active Directory—A collection of objects. These objects and their definitions are as follows:
• Object classes—These are the types of objects that can be created in the directory. Object classes have attributes associated with them, which compose the object class. Users, for example, are a class of objects. First Name and Last Name are examples of attributes that are associated with the Users object class.
• Objects—These are the instances of the object classes that you create. When you create a user object, it is based on the object class.
• Attributes—These are the characteristics, or fields, that make up the object class. Each object’s attributes, as well as the values that each can contain, are defined in the object classes. Attributes can be either mandatory or optional. Again, when a user object is created, attributes on that object are populated. Examples of such attributes are First Name, Last Name, and Display Name.
• Schema—The schema contains all of the Active Directory object classes and attributes. The dictionary defines what is in the Active Directory database.
Objects in Active Directory are organized into containers. A container itself is a directory object that holds other objects. The types of containers that Active Directory uses to organize objects are as follows:
• Organizational units (OUs)—Items that contain objects for organizing those objects. Objects within an OU can be treated as a collection of objects when Group Policy objects are associated with an OU.
• Containers—Items differ from OUs in that, although they are built into Active Directory, they can't have Group Policy objects associated with them. The Users container is an example of a container.
• Domains—Containers that also define a security context. This means that Active Directory is written to treat all objects within a domain by the same rules.
• Trees—A collection of one or more domains that share a common namespace. Although all domains trust one another, the tree relationship is defined by the namespace that is necessary to support the domain structure. The root domain of abco.com can have two subdomains named backoffice.abco.com and office.abco.com. This relationship between the root domain and the two child domains forms a tree.
• Forest—A collection of one or more trees. Trees within the forest share the same Active Directory but are not required to share the same namespace. You can therefore have two organizations, such as wadeware.net and wadeco.net, which are contained in a single Active Directory, share the same configuration, GC, and schema partitions, but have different namespaces.
• Global Catalog (GC)—A central source for all directory objects. Not all the attributes from each object are stored in the GC, but there are just enough to make it useful for searching the entire Active Directory. This is because objects replicate among the other DCs within their domain only. Therefore, a user looking for an object in another domain will not be able to find that user's object from his or her DC. Therefore, the user would query the GC server and find the DN for the object. The user could then locate the object in Active Directory.
• Trust relationships—Logical links that combine two or more domains into one administrative unit. This allows permissions to be associated from one domain to another because one domain trusts that the other domain has authenticated its users and that these users are who they say they are.
• Namespace—The DNS type namespace that represents domains. Active Directory is dependent on DNS and the DNS namespace. This makes it important to design your domain topology in a DNS-friendly way, and to provide clients with reliable DNS services.

  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks
  • LinkedIn
  • PDF
  • RSS
  • email

More on Entrepreneur21.net:

WebVisible is a Software as a Service (SaaS) compa...
World Entrepreneurs Week
Visionary. Creative. Tenacious. An Entrepreneur! ...
Heidi Gallegos, Regional Chamber of Commerce - San Gabriel Valley.
Heidi Gallegos, the CEO of the Regional Chamber ...
Andrew Warner of Mixergy
When Andrew Warner grew up in New York City, he s...
Top 10 Online Marketing Trends
When your investments on marketing involve emergin...
Michael Ridley - O.C. Tech Law
O.C. Tech Law is the name of Mr. Ridley's firm t...

Leave a comment

Disclaimer: All pages within GenMembers network are expressions of the opinions of the site operator only, and no representation of factual accuracy is being made. The content is intended to create interest in various topics for our readers, who are in turn encouraged to conduct their own independent research. This site is not related to: Entrepreneur Media, Entrepreneur Magazine, Entrepreneur of the Year, Entrepreneur's Partner, Hispanic Entrepreneur, Entrepreneur.com, Entrepreneurs.com Entrepreneur's Only, The Entrepreneur's Source, Entrepreneur's Notebook or any of the many companies that use the word entrepreneur in there trade name. Please see our website Terms of Use for further information concerning your use of the site.