Welcome to Bright Mind - A fun place to learn and earn

FUNDAMENTALS OF ACTIVE DIRECTORY

In the world of Active Directory, clients and servers interact in the following manner:

If a client wants to access a service or a resource, it does so using the resource’s Active Directory name. To locate the resource, the client sends a standard DNS query to a dynamic DNS server by parsing the Active Directory name and sending the DNS part of the name as a query to the dynamic DNS server.
The dynamic DNS server provides the network address of the domain controller responsible for the name. This is similar to the way static DNS currently operates — it provides an IP address in response to a name query.
The client receives the domain controller’s address and uses it to make an LDAP query to the domain controller. The LDAP query finds the address of the system that has the resource or service that the client requires.
The domain controller responds with the requested information. The client accepts this information.
The client uses the protocols and standards that the resource or service requires and interacts with the server providing the resource.

Benefits of Using Active Directory in an Enterprise Environment
Active Directory is one of the main features that distinguishes 2000 Server from NT 4.0 and previous versions. This newest implementation of the directory services is a response to the often-stated, and possibly warranted, criticism that NT is not designed to be an enterprise-wide solution. In an enterprise environment, Active Directory provides the following benefits:

More fine-grained administration is possible. Instead of having many administrators with sweeping and widespread rights over all directories (as in User Manager for Domains), you may have administrators who have a great deal of authority over a particular directory or group of directories but few, if any, rights over other directories. Rights can be granted down to the attribute (object property) level.
By using the global catalog, you can query various attributes of objects. For example, a particular object — a user name — can be located by querying one of its attributes — say, last name.
Global groups and local groups have gone the way of the dodo bird (in a pure 2000 Server environment). Instead, you can create nested groups that can contain many levels of users with various individual rights and privileges.
You can create new object types. Standard object definitions include users, groups, computers, domains, organizational units, and security policies. Ten million objects per domain are allowed.
Trusts are, by default, transitive. If domain A trusts domain B and domain B trusts domain C, then domain A will trust domain C. However, as an administrator, you can deliberately not allow domain A to trust domain C or allow a one-way trust only.
Kerberos security is implemented for network authentication, which allows for greater security than the clear text or encrypted logons previously used.
Fault tolerance is greater. Each controller maintains a copy of the directory database and the replication topology is in a ring structure so that there are always two possible paths for replication.
Active Directory’s Class Store and Group Policy Editor (GPE) let users access and download applications to which they are entitled, regardless which machine they are sitting at. Active Directory’s Microsoft Installer (MSI) lets developers package applications for use with Active Directory.
A domain controller can be moved to another site or to another domain without having to reinstall 2000 Server.

Active Directory’s beauty is that it can scale up or down and functions equally well providing simple directory services or more complex levels of administration. Besides supporting LDAP, Active Directory supports HTTP.

The next section we will focus on the structure of Active Directory and how it differs from NT 4.0 Directory Services.