Authenticate users
Provide services, such as Email, Access to the
Print services etc.
Control access to services and shares.
Active Directory is Microsofts version
of an LDAP based network directory
service.
Called: ADS,NTDS
Domain
Tree
Forest
OU
Domain
Domain
Domain OU OU
Tree
Domain Domain
Objects
old Friends
User
Group
Computer
New Elements
Distribution Lists
System Policies
Application defined custom
objects
Described in the Schema
Definition of all AD
Object-Types (Classes)
Attributes
Data-Types (Syntaxes)
NT 4 Compatible
Border for
- Replication Traffic
- System Policies
- Administration
BISKRA BATNA
Domain:
- A sub-network comprised of a group of
clients and servers under the control of one
security database. Dividing LANs into
domains improves performance and security.
- All resources under the control of a single
computer system.
Lightweight Directory Access
Protocol (LDAP) -- a protocol used
to access a directory service.
Repository of
Information
Increased Security
DNS Dependency
No Merge-Tree
No Partitioning (only a single
Domain per . Domain Controller)
Limited Tool-Support
Forest Global Schema
Schema-Modifications can not be
undone
Applications directly using and accessing
the Active . Directory
- e.g. Exchange 2000
- Many more expected!
Typically extend the Schema
May dramatically change usage pattern
for Active . Directory Resources
- Replication Traffic
(new Objects, Attributes)
- AD Queries (GCs!)