Active Directory
Essay by 24 • July 26, 2010 • 1,678 Words (7 Pages) • 2,131 Views
Active Directory
This essay covers how Domain Management has evolved from Window NT 4.0 to Active Directory. Also it provides an in-depth look at all of the advantages Active Directory has over Window NT 4.0. The benefits of using Active Directory are broken up into Categories including the improvements in scalability, organization, and replication. This essay also shows how users are managed in an Active Directory environment as opposed to local users.
Active Directory is a very useful tool created by Microsoft to make the server/client relationship easier to create and maintain throughout Windows based systems. Wikipedia describes Active Directory with the definition:
Active Directory is an implementation of Lightweight Directory Access Protocol (LDAP) directory services by Microsoft for use primarily in Windows environments. Its main purpose is to provide central authentication and authorization services for Windows based computers. Active Directory also allows administrators to assign policies, deploy software, and apply critical updates to an organization. Active Directory stores information and settings in a central database. Active Directory networks can vary from a small installation with a few hundred objects, to a large installation with millions of objects.
This is basically stating that Active Directory was designed to organize and manage a Domain network by providing a structure and giving the administrator the abilities to assign permission to help protect the network and also allowing the users to use special resources assigned to them by the administrator.
Before Active Directory there was Windows NT 4.0 which was in need of much improvement. It was limited to 40,000 objects and even before that limit was reached, objects became unmanageable due to the lack of organization. The registry was always cached so the larger domains required a lot of RAM usage. Also changes to the domain such as adding users and groups or changing attributes of those objects could only be done on the Primary Domain Controller and the replicated to the Backup Domain Controllers. This caused problems because if the Primary Domain Controller is down, there is no way to manage users and groups. The domain could not be extended to add newer object types such as routers and web servers and adding attributes such as cell phones and pagers was also impossible with this older technology. A big part of the organization problem with Windows NT 4.0 is that it has no hierarchy structure to help represent a company's division in departments. Administrative rights were all or nothing allowing the head of a department to manage just the users under them in the department is impossible which means only the network administrator could manage those users. Microsoft's solution to this problem was to build on and enhance its existing domain technology, thus Active Directory was born.
Active Directory is a big upgrade to Windows NT 4.0. Instead of storing information in the registry, the active directory database was actually stored in a database saving server resources and allowing up to 10million objects. Changes to users or groups are now able to be made on any domain controller which allows the network to function normally even if the primary domain controller is not responding for any reason. There are many new built in attributes for objects and developers can now define their own domain objects. Active Directory carried out organizational units allowing a company to represent it's hierarchy in the domain structure. Giving administrative rights over a specific group is now a possibility allowing administrators to delegate administrative responsibilities and permissions.
One can use active directory through the Microsoft management console. This is a graphical menu allowing you to add users, groups, assign users to groups, and set permissions for those users and groups. A user is created to allow someone to connect to the network and use the network's resources from any computer pointing to that domain. The administrator can assign individual permissions to each individual user. To assign common permission to a bunch of users without having to set the permissions individually, the administrator can assign users to a group. Groups are also a form of organization for example; the accounting department and the marketing department of a company would be assigned to two different groups to keep a form of organization. The administrator can also assign, change and recover the password for every user.
"An Active Directory structure is a hierarchical framework of objects. The objects fall into three broad categories: resources (e.g. printers), services (e.g. e-mail) and users (user accounts and groups). The Active Directory provides information on the objects, organizes the objects, controls access and sets securities" (wikipedia). Objects can be grouped together in a container called Organizational Units. Organizational units (OUs) where a new object type within 2000 Server's Active Directory. They are designed to reduce the number of domains in an organization. Ou's are often used to replace domains and sub domains on systems migrating to Active Directory. Under NT 4.0, different departments in an organization are often structured as separate domains, but using Active Directory, these domains can be restructured as OUs, there by flattening the domain structure. Organizational units simplify the domain structure and help organize the domain better.
The logical domain structure of Active Directory is best understood from bottom to top. As an organization becomes larger and more complex, bottom-level units can be joined to make higher-level units. For example, domains can be joined in a hierarchical way to make domain trees, and domain trees can be joined with trusts to make domain forests. The forest consists of all objects in the network. Inside the forest are one or more domain trees. Inside the domain trees are individual root domains and their child domains.
The picture shows a Domain Forest with two domain trees connected with a trust. Each domain tree has one root domain and two child domains. Both domain trees and their sublevels make up the domain forest.
The replication process has been refined in active directory as opposed to Windows NT 4.0. "Active Directory renders obsolete the notion of primary and backup domain controllers. With Active Directory, each controller has a copy of the directory and any controller can initiate and replicate changes. To avoid conflicts, each controller maintains a table of update
...
...