1. PAGE NO. 539 TO 546
The basics of Active Directory
Active Directory is Microsoft's trademarked directory service, an integral part of the
Windows architecture. Like other directory services, such as Novell Directory Services
(NDS), Active Directory is a centralized and standardized system that automates network
management of user data, security and distributed resources and enables interoperation
with other directories. Active Directory is designed especially for distributed networking
environments. Active Directory has a centralized administration mechanism over the
entire network. It also provides for redundancy and fault tolerance when two or more d
omain controllers are deployed within a domain.
4
Active Directory was new to Windows 2000 Server and further enhanced for Windows
Server 2003, making it an even more important part of the operating system. Windows
Server 2003 Active Directory provides a single reference, called a directory service, to all
the objects in a network, including users, groups, computers, printers, policies and
permissions.
For a user or an administrator, Active Directory provides a single hierarchical view from
which to access and manage all of the network's resources.
Why implement Active Directory?
There are many reasons to implement Active Directory. First and foremost, Microsoft
Active Directory is generally considered to be a significant improvement over Windows
NT Server 4.0 domains or even standalone server networks. Active Directory has a
centralized administration mechanism over the entire network. It also provides for
redundancy and fault tolerance when two or more domain controllers are deployed within
a domain.
Active Directory automatically manages the communications between domain controllers
to ensure the network remains viable. Users can access all resources on the network for
which they are authorized through a single sign-on. All resources in the network are
protected by a robust security mechanism that verifies the identity of users and the
authorizations of resources on each access.
Even with Active Directory's improved security and control over the network, most of its
features are invisible to end users; therefore, migrating users to an Active Directory
network will require little re-training. Active Directory offers a means of easily
promoting and demoting domain controllers and member servers. Systems can be
managed and secured via Group Policies. It is a flexible hierarchical organizational

2. model that allows for easy management and detailed specific delegation of administrative
responsibilities. Perhaps most importantly, however, is that Active Directory is capable of
managing millions of objects within a single domain.
Active Directory and LDAP
Microsoft includes LDAP (Lightweight Directory Access Protocol) as part of Active
Directory. LDAP is a software protocol for enabling anyone to locate organizations,
individuals and other resources such as files and devices in a network, whether on the
public Internet or on a corporate intranet.
In a network, a directory tells you where in the network something is located. On TCP/IP
networks (including the Internet), the domain name system (DNS) is the directory system
used to relate the domain name to a specific network address (a unique location on the
network). However, you may not know the domain name. LDAP allows you to search for
individuals without knowing where they're located (although additional information will
help with the search).
An LDAP directory is organized in a simple "tree" hierarchy consisting of the following
levels: An LDAP directory can be distributed among many servers. Each server can have
a replicated version of the total directory that is synchronized periodically.
It is important for every administrator to have an understanding of what LDAP is when
searching for information in Active Directory and to be able to create LDAP queries is
especially useful when looking for information stored in your Active Directory database.
For this reason, many admins go to great lengths to master the LDAP search filter.