Chapter 2. Introducing Active Directory

All major network operating system (NOS) manufacturers include some form of a directory that stores information about network resources, such as users, groups, computers, printers, and so forth. One of the distinguishing factors for choosing a NOS in large enterprises is the directory. An enterprise directory must scale itself to support hundreds of thousands and even millions of objects, and it must be available for rapid and secure access across a distributed network environment, using a variety of different network transmission mediums and speeds.

There are a number of solid directory products on the market today. Netscape provides a directory called the Netscape Directory Server; Novell's is called Novell Directory Services (NDS) ; Banyan's is called StreetTalk; and Meta vendors, such as Entevio and Isocore, offer meta-directories that are designed to manage multiple directories using common directory protocols, such as Lightweight Directory Access Protocol (LDAP) .

When Microsoft set out to build arguably one of the most comprehensive and complete operating systems available—Windows 2000—developing a solid directory was central to their design specifications. Active Directory is fundamental to Windows 2000. Like all directories, Active Directory provides a directory of objects (users, groups, computers, printers, and so on) and object attributes (email addresses, telephone numbers, locations, and so on) that enable users on a network to access information and resources easily. Because Active Directory stores all this information in a data store that is fast, efficient, and replicated throughout a distributed enterprise, the management and support of the enterprise can be tailored to suit any organization's specific business needs; users can easily access information assets from anywhere, at anytime.

The benefits of a directory are now clear. Just a few years ago, directory manufacturers, such as Novell, had to work hard to articulate the value, importance, and benefits of a directory. Today, directories are core components of large enterprises and are now beginning to be exploited for their benefits and potential. Like Windows 2000, Active Directory is built on standards, and it delivers a number of distinct benefits. Active Directory uses LDAP as the core directory protocol, RPC and SMTP for directory replication, domain name system (DNS) for name resolution, and Kerberos and a X.509 public key infrastructure (PKI) for authentication and encryption.

Active Directory is like the nervous system for Windows 2000. It functions as the security enabler for the network, the resource locator for users, and the policy implementer for businesses. Active Directory benefits an organization by

• Storing critical information about computer networks, users, and groups in a single data store

• Providing consistent and accurate information about the network and its resources

• Extending interoperability to application vendors so that they can leverage and utilize the directory

• Eliminating the duplication of data and data entry

• Reducing the time required to develop applications and to administer and support the network

• Improving an organization's ability to secure access to network resources and information assets

• Enabling organizations to automate business processes for e-business

• Providing for enhanced customer service to both users and customers

• Providing redundancy through a multi-master directory, which replicates changes throughout the enterprise

• Enabling flexibility for directory-enabled applications by allowing the directory schema to be modified for specific packaged or custom applications

• Providing a scalable directory solution through decentralized directory services, which supports replication

Active Directory simplifies management, strengthens security, improves productivity, leverages existing investments, enhances availability, and can lower overall support costs. In addition, Active Directory has been built using lessons learned form other, older directories.

Finally, an important aspect of Active Directory has to do with directory consolidation. All of Microsoft's BackOffice and core application services, such as Exchange, SQL Server, System Management Servers (SMS), Dynamic Host Configuration Protocol (DHCP), and DNS, use, or rely on Active Directory for interoperability and administration. When you plan and design Active Directory for your organization, you define much of your enterprise-computing environment's structure. The structures that you define determine the level of availability and fault-tolerance, usage characteristics for clients and servers, methods that users use to view and access information in the directory, and capability of your directory to scale and evolve as your organization changes; they determine how to effectively manage the directory's contents.

Throughout this book, we introduce and discuss the major components of Active Directory. We explore several design considerations and present information that can help you make correct decisions when designing Active Directory to meet your specific needs. However, before we continue with this book, it is important to discuss some fundamentals of Active Directory.

In this chapter, we introduce the core components of Active Directory, explain how each component relates to each other, and explain how each component can affect your Active Directory design.