1

Active Directory Service in Windows 2000

Li Yang SID: 105164

November 2000

2

What is a Directory Service?

It is the central authority that manages the identities and brokers the relationships between the distributed resources, enabling them to work together.

3

The role of the Directory Service

A place to store information about network-based entities.

A consistent way to name, describe, locate, access, manage, and secure information about these individual resources.

4

Why Have a Directory Service?

local area networks (LANs) and wide area networks (WANs) grow larger and more complex.

networks are connected to the Internet. applications require more from the network

and are linked to other systems through corporate intranets.

5

What Is Active Directory? Active Directory is an essential and inseparable

part of the Windows 2000 network architecture that improves on the domain architecture of the Windows NT® 4.0 operating system to provide a directory service designed for distributed networking environments.

 

6

What Is Active Directory? Active Directory is the first enterprise-class

directory service that is scalable, built from the ground up using Internet-standard technologies, and fully integrated with the operating system.

7

The roles of the Active Directory

Share and manage information about network resources and users.

Bring systems together and consolidate management tasks.

The central authority for network security.

8

Why Have an Active Directory?

Because the directory services are targeted narrowly to the needs of the application or device and often lack standards-based interfaces.

For example:

9

Why Have an Active Directory?

For the end users: must use multiple user accounts and passwords to log in to different systems.

For the administrators: must understand how to manage each directory within the network.

For the application developers: must write different logic for every directory that their applications need to access.

10

Active directory Architecture

Hierarchical Organization Object-oriented Storage Multi-Master Replication

11

Hierarchical Organization

It uses objects to represent network resources.

It uses containers to represent organizations.

It organizes information in a tree structure made up of these objects and containers.

12

Hierarchical Organization

13

Object-oriented Storage

These objects can be assigned attributes.

Administrators can assign access privileges. 

14

Object-oriented Storage

15

 Multi-Master Replication

Organizations create multiple copies of the directory and place them throughout the network.

User can locate resources using the local directory service rather than by traversing the WAN.

16

Active Directory Features

Simplifies management Strengthens security Extends interoperability

17

Simplifies management

Administrators have a single point of management for user accounts, clients, servers, and applications

Administrators can delegate specific administrative privileges and tasks to individual users and groups to make better use of system administration resources.

Organizations can automatically distribute software to users based on their role.

18

 Strengthens security

It supports a number of authentication mechanisms used to prove identity upon logon to Windows 2000.

It supports a fully integrated public key infrastructure and Internet secure protocols to let organizations securely extend selected directory information beyond their firewall to extranet users and e-commerce customers.

19

 Extends interoperability

Expose all of the Windows 2000 directory features through standards-based interfaces.

It provides a development platform for directory-enabled applications.

20

Active Directory Benefits

Integration with DNS: It lets processes running on computers in TCP/IP networks identify and connect to one another.

Flexible querying: Users and Computers can quickly find an object on the network using object properties.

21

Active Directory Benefits

Extensibility: Administrators can add new classes of objects to the schema and can add new attributes to existing classes of objects.

Policy-based administration: All Group Policy settings are contained in Group Policy Objects (GPOs) applied to Active Directory sites, domains, or organizational units.

22

Conclusion

Active Directory services within Windows 2000 provide a focal point for managing and securing Windows user accounts, clients, servers, and applications.